Teldat bintec RT1202
Contents
1. Currently Installed Software Boss V 9 1 Rev 1 IPSec from 2012 03 23 00 00 00 System Logic 1 0 ADSL Logic E 74 2 53 Software and Configuration Options Action Update system sofware ow Source Location Current Software from Teldat Server v The device will now connect to the Teldat GmbH download server and check whether an updated version of the system software is available If so your device will be updated auto matically When installation of the new software is complete you will be invited to restart the device N Caution Once you have clicked on GO the update cannot be cancelled interrupted If an error occurs during the update do not re start the device and contact support bintec Rxxx2 RTxxx2 Chapter 8 Access and configuration This chapter describes all the access and configuration options 8 1 Access Options The various access options are presented below Select the procedure to suit your needs There are various ways you can access your device to configure it e Via your LAN e Via the serial interface e Via an ISDN connection 8 1 1 Access via LAN Access via one of the Ethernet interfaces of your device allows you to to open the GUI in a web browser for configuration purposes and to access your device via Telnet or SSH N Caution If you carry out the initial configuration with the GUI this can result in inconsistencies or malfunctions as soon as you carry o2. view 20 per page Filter in None v equa v Go A Active 2 415 GHz Denied Clients Location Slave AP Name VSS MAC Address VSS Clients changeover softharel Page 1 Apply Fig 71 Wireless LAN Controller gt Monitoring Load Balancing The Wireless LAN Controller gt Monitoring Load Balancing menu displays an overview of the Load Balancing For each VSS you can see such information as the number of cli ents connected the number of clients that are affected by the 2 4 5 GHz changeover and the number of rejected clients bintec Rxxx2 RTxxx2 Teldat GmbH 13 Wireless LAN Controller 13 4 4 Neighbor APs Active Clients Wireless Networks VSS Client Management Neighbor APs Rogue APs Roque Clients View 20 per page Filter inf None wv equal v Go SSID MAC Address Signal dBm Channel Security Last seen Strongest signal received by Total detections Page 1 Actions New Neighborscan START Fig 72 Wireless LAN Controller gt Monitoring gt Neighbor APs In the Wireless LAN Controller gt Monitoring gt Neighbor APs menu the adjacent AP s found during the scan are displayed Rogue APs i e APs which are not managed by the WLAN controller but are using an SSID managed by the WLAN controller are highlighted in red Note Check the rogue APs shown carefully as an attacker could attempt to spy on data in your network using a rogue AP Although each AP is found more than once it is only displaye
3. Channel Bundling OSPF Mode Passive O Active O inactive Proxy ARP Mode O Inactive O up or Dormant Up only DNS Negotiation F Enabled C OK C_ Cancel Fig 119 WAN gt Internet Dialup gt ISDN gt New The menu WAN gt Internet Dialup gt ISDN gt New consists of the following fields Fields in the Basic Parameters menu ntec Rxxx2 RTxxx2 Teldat GmbH 17 WAN Field Description Description Enter a name for uniquely identifying the connection partner The first character in this field must not be a number No special characters or umlauts must be used Connection Type Select which layer 1 protocol your device should use This setting applies for outgoing connections to the connection partner and only for incoming connections from the connection partner if they could be identified on the basis of the calling party number Possible values e ISDN 64 kbps For 64 kbps ISDN data connections e ISDN 56 kbps For 56 kbps ISDN data connections User Name Enter your device code local PPP user name Remote User for Dial Enter the code of the remote terminal remote PPP user name in only Password Enter the password Always on Select whether the interface should always be activated The function is enabled with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Only if Alway
4. e 514 External Reporting a 515 Syslog iii a a A a a 515 Syslog Servers 2 e 515 IPSACCOUNTING a o a Raa ae oP Ge ie ab 518 Interfaces so en te Kae ord Ao ge EA El ee Mae Baa Pes 518 OPTIONS oo gt ect E Sn he He es RO peak SER a ae ele EG a tee 518 Alert Servicess 92585 a ne ied Gy ok eM Seen 2 ip Woke Gy aaa A 520 AlertiRecipiont 5 d 5e 80 e aa ae ee eee Be a a ea ae a 520 Alert Settings u e a Sage ded ey ae a tg EE ae oat ae 523 NAAA bes ie ghee cae et AY His Geese A A teats Goat 525 SNMP Trap Options 2 2 eo 525 SNMP Trap Hosts aoa ios a uos a doa eee ee y ai 526 Activity Monitor e ocn le a a 527 OPtiOns puan E A ls Mp a We 528 Monitoring 2 ea 2 00 0 eee ee eee 530 Internal POG sar A esse Si tae ee Be ae Seen Bota SB 530 System Messages 2 aooo a a a 530 IPSEC m iiaa Pt atts ld ts td ot aaia Benet oh ek dak 531 IPSec Tunnels at aaa as a 531 IPSEC StAtiStiCS gt biu a et te fa Pad ene Oe padit ghee eae Bed 533 ISDN Modem 2 1 a 534 Current CalllSi i tage BAe ede et A e o kia a ot 534 Call HISTORY lt 4 42 3 ets a abe SF AOE AS Ae gs et es 535 Interfaces ay i a Gee i lt a E a los 536 Statistits A BO A A ee a 536 24 5 Bridges s aede A E ee A ee ee A ee 539 24 5 1 DESKS ep oper ay a a Petey tae ee etna AS Me ch tae sad ee Ger ae E 539 24 6 HotSpot Gateway eh ae ee eh i a we 539 24 6 1 HotSpot Gateway 2 2 ee ee 539 24 7 QOS t
5. Enabled m n Interface Add Advanced Settings 3 5 Seconds OK Cancel Fig 191 Local Services gt ISDN Theft Protection gt Options The menu Local Services gt ISDN Theft Protection gt Options consists of the following fields Fields in the Basic Parameters menu Field Description ISDN Theft Protection Service Dialling Number Incoming Number Outgoing Number Monitored Interfaces Enable or disable the ISDN theft protection function The function is enabled with Enabled The function is disabled by default Only if ISDN Theft Protection Service is enabled Enter the subscriber number that the gateway dials to call itself Only if ISDN Theft Protection Service is enabled Enter the subscriber number to be compared with the current calling party number Only if ISDN Theft Protection Service is enabled Enter the subscriber number to be set as calling party number Only if ISDN Theft Protection Service is enabled Teldat GmbH 21 Local Services Field Description Use Add to add a new interface Select from the available interfaces those to which the ISDN theft protection function is to be applied Fields in the Advanced Settings menu Field Description Number of Dialling Re Enter the number of dial attempts that the gateway is to make to tries call itself by ISDN after a reboot Possible values are 1 to 255 The default value is 3 Timeout Enter the time i
6. The function is enabled by default Local IP Address Only for IP Address Mode Static Assign an IP address from your LAN to the PPT interface which is to be used as your device s internal source address Route Entries Only if IP Address Mode Static Define other routing entries for this PPTP partner Add new entries with Add e Remote IP Address IP address of the destination host or network e Netmask Netmask for Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route range of values 0 15 The default value is 7 The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed The de fault value is 60 Maximum Number of Enter the number of unsuccessful attempts to setup a connec Dialup Retries tion before the interface is blocked Possible values are 0 to 100 Teldat GmbH 17 WAN Field Description The default value is 5 Authentication Select the authentication protocol for this Internet connection Select the authentication specified by your provider Possible values e PAP default value Only run PAP PPP Password Authentic ation Protocol the password is transferred unencrypted e CHAP Only run CHAP PP
7. The function is enabled with Enabled The function is enabled by default 18 VPN Teldat GmbH 18 1 4 XAUTH Profiles In the XAUTH Profiles menu a list of all XAUTH profiles is displayed Extended Authentication for IPSec XAuth is an additional authentication method for IPSec tunnel users The gateway can take on two different roles when using XAuth as it can act as a server or as a client e As a server the gateway requires a proof of authorisation e Asa client the gateway provides proof of authorisation In server mode multiple users can obtain authentication via XAuth e g users of Apple iPhones Authorisation is verified either on the basis of a list or via a Radius Server If using a one time password OTP the password check can be carried out by a token server e g SecOVID from Kobil which is installed behind the Radius Server If a company s headquarters is connected to several branches via IPSec several peers can be configured A specific user can then use the IPSec tunnel over various peers depending on the assign ment of various profiles This is useful for example if an employee works alternately in dif ferent branches if each peer represents a branch and if the employee wishes to have on site access to the tunnel XAuth is carried out once IPSec IKE Phase 1 has been completed successfully and be fore IKE Phase 2 begins If XAuth is used together with IKE Config Mode the transactions for XAuth are
8. o 152 Wireless LAN Controller 154 Wizard 20 ho 4 dan Fete is Sa AR Ge A t 154 Basic Settings node and cite de desc Seah co Ged 155 Radio Profilon s 2 Sige ie Bee Rigel Ge he ee eB ae ete 156 Wireless Network 2 2 we o 0 156 Start automatic installation 2 a a 0 158 Controller Configuration 2 a a 160 General aitan ee ete et Se pied ya hed OD eos Arh BiG ees 160 Slave AP configuration 2 2 a 162 bintec Rxxx2 RTxxx2 13 3 1 Slave Access Points 2 eee o 163 13 3 2 Radio Profiles 2 ee 167 13 3 3 Wireless Networks VSS 0 0 174 13 4 Monitorings 20 a da E E a a 181 13 4 1 Active Cents rn a BREA SO an SE eth a EA 181 13 4 2 Wireless Networks VSS 2 2 ee 182 13 4 3 Load Balancing s s saci e i a p o e 182 13 4 4 NeighborAPs A a AA A on a 183 13 4 5 Rogue APS a fe teas Peto eek E A OR i 184 13 4 6 Rogue Clients 2 6 be ee i 185 13 5 Maintenance 2 2 1 1 a Ae e Me p ae ae aa Ee a A a A aa 186 13 5 1 Firmware Maintenance a a a 186 Chapter 14 NEtWOrKINO oe elas plate ware A 189 14 1 FROUTSS in pte ce te eh ah ot ahh fete rade a an a n cee aaa 189 14 1 1 IP YA ROUTES is ae tte dee aladas RASS a fee Sale oot Lhe bate Se teh TIA tele Sah ot 189 14 1 2 IPv4 Routinig Table je cia ae By ee i ee ee eS 195 14 1 3
9. If there are not enough licences available the message The maximum number of slave access points that can be supported has been exceeded Please check your li cences If this message is displayed then you should obtain additional licences if ap propriate During the installation of the WLAN and the allocation of frequencies on the messages dis played you will see how far the installation has progressed The display is continuously up dated Provided that non overlapping wireless channels are located for all access points the con figuration that is set in the Wizard is transferred to the access points When the installation is complete you will see a list of the Managed access points 13 Wireless LAN Controller Teldat GmbH Under Configure the Alert Service for WLAN surveillance click Start to monitor your managed APs You are taken to the External Reporting gt Alert Service gt Alert Recipient menu with the default setting Event Managed AP offline You can specify that you wish to be notified by e mail if the Managed AP offline event occurs Click under New Neighborscan on Start to rescan adjacent AP s You will receive a warn ing that the wireless modules of the access points must also be disabled for a certain peri od of time When you start the process with OK a progress bar is displayed The located AP display is updated every ten seconds 13 2 Controller Configuration In this menu you make the basic settings f
10. O Octets received S Serial number for accounting message A By default the following format instructions are entered in the Log Format field INET sdsttatcti r tf gt 31 5R 3F3p303P30 s 23 3 Alert Service It was previously possible to send syslog messages from the router to any syslog host De pending on the configuration e mail alerts are sent to the administrator as soon as relevant syslog messages appear 23 3 1 Alert Recipient A list of Syslog messages is displayed in the Alert Recipient menu 23 3 1 1 New Select the New to create additional alert recipients Alert Recipient Alert Settings Add Edit Alert Recipient Alert Service E mail Recipient RSE Message Compression MEnabled Subject _o oe Event Matching String Syslog contains string v Wildcards alowed Severity Emergency v Subsystem Monitored Subsystems IA L Add Message Timeout eo Number of Messages fi OK Cancel Fig 208 External Reporting gt Alert Service gt Alert Recipient gt New The menu External Reporting gt Alert Service gt Alert Recipient gt New consists of the fol lowing fields Fields in the Add Edit Alert Recipient menu Field Description Alert Service Displays the alert service Select the alert service only for RS120wu RS230au and RS230bu bintec Rxxx2 RTxxx2 Teldat GmbH 23 External Reporting Field Description Possible values e E mail e SMS Recipient E
11. PIM Mode Indicates the mode to be used for PIM Your device uses PIM in sparse mode The entry cannot be changed Use as Stub interface Determine whether or not the interface is used for PIM data packets This parameter allows you to use an interface for IG MP for example whilst preventing fake PIM messages If this function is deactivated default value the PIM data pack ets for this interface are blocked If the function is active the interface for the PIM data packets bintec Rxxx2 RTxxx2 16 Multicast Teldat GmbH Field Description are released Designated Router Pri ority Define the value of the designated router priority entered in the Designated Router Priority option The higher the value the greater the probability that the corres ponding router will be used as the designated router The default value is 1 The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Hello Interval Define the interval in seconds at which PIM Hello messages are sent over this interface The value 0 means that no PIM Hello messages are sent on this interface Possible values 0 to 18000 seconds The default value is 30 Triggered Hello Inter val Define the maximum waiting time until a PIM Hello message is sent after a system boot or after a reboot of a neighbour The value 0 means that PIM Hello messages are always sent straight a
12. Possible values e Auto Interface Speed default value The metric is automatically set on the basis of the interface speed e Fixed Enter a specific value in Metric direct routes Metric direct routes Enter the base metric value The basis of the metric actually used for a route is a base metric value which is obtained from the bandwidth of the interface BMV 100 000 000 bandwidth in bps For Metric Determination Auto Interface Speed the automatically calculated value is displayed here and cannot be modified The basic metric value for bandwidths gt 100 000 000 bps is al ways 1 So the basic metric value of Gigabit interfaces and 100 Mbit interfaces is identical To change this you need to specify a fixed value in Metric Determination Authentication Type Select the type of authentication used if OSPF packets are sent over this OSPF interface or incoming packets checked Defines how the key in the Authentication Key field is used The default value is none In Clear Text the key is sentas a text string in each packet In MD5 the key is used to create a 15 Routing Protocols Teldat GmbH Field Description hash which is sent with each packet Authentication Key Enter a text string to be used in combination with the defined Authentication Type Export indirect static If this value is set to No default only direct routes i e routes routes to networks reached directly over this interface are pr
13. The available values are 0 to 255 the default value is 30 The 18 VPN Teldat GmbH Field Description value 0 means that no L2TP HELLO messages are sent Minimum Time Enter the minimum time in seconds that your device waits be between Retries fore resending a L2TP control packet for which it received no re sponse The wait time is dynamically extended until it reaches the Max imum Time between Retries The available values are 1 to 255 the default value is 1 Maximum Time Enter the maximum time in seconds that your device waits be between Retries fore resending a L2TP control packet for which it received no re sponse The available values are 8 to 255 the default value is 16 Maximum Retries Enter the maximum number of times your device is to try to re send the L2TP control packet for which is received no response The available values are 8 to 255 the default value is 5 Data Packets Se Select whether your device is to use sequence numbers for quence Numbers data packets sent through a tunnel on the basis of this profile The function is not currently used The function is enabled with Enabled The function is disabled by default 18 2 2 Users A list of all configured interface L2TP partners is displayed in the VPN gt L2TP gt Users menu 18 2 2 1 New Choose the New button to set up new L2TP partners Basic Parameters Description Connection Type User Name Password Always on Connection I
14. V 35 V 36 V 42bis V 90 Vanity VDSL VID VJHC VLAN VolP VPN vss WAN WAN interface WAN partner phones ITU T recommendation for balanced dual current interface lines up to 10 mbps CCITT and ITU T recommendation that defines the interface between a PC or terminal as Data Terminal Equipment DTE and a modem as Data Circuit terminating Equipment DCE ITU T recommendation for unbalanced dual current interface line ITU T recommendation for data transmission at 48kbps in the range from 60 to 108kHz Modem for V 35 Data compression procedure ITU standard for 56 kbps analogue modems In contrast to older V 34 modems data is sent in digital form to the client when the V 90 standard is used and does not need to be first converted from digital to analogue on one side of the modem provider as was the case with V 34 and earlier modems This makes higher transmission rates possible A maximum speed of 56 kbps can be achieved only under optimum conditions Letter dialling Very high bit rate digital subscriber line also called VADSL or BD SL VLAN ID Van Jacobson Header Compression Virtual LAN Voice over IP Virtual Private Network Virtual Service Set Wide Area Network WAN interface Remote station that is reached over a WAN e g ISDN bintec Rxxx2 RTxxx2 Glossary Web server Webmail WEP Western plug WINIPCFG WLAN WMM WPA WPA Enterprise WPA PSK WWW
15. VDSL2 interface RJ45 socket Standards amp Guidelines R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states SAFERNET TM Security Technology Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPOA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP En cryption VPN with PPTP or IPSec Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPOA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP En cryption VPN with PPTP or IPSec Software supplied Dime Manager on DVD Dime Manager on DVD Documentation included Quick Install Guide and safety no tices Quick Install Guide and safety no tices Teldat GmbH 5 Technical data Property bintec RT3002 bintec RT3502 bintec Dime Manager User s Guide on DVD Installation poster bintec Dime Manager User s Guide on DVD Installation poster Online documentation User s Guide Workshops Release Notes if required General product features bintec R4402 bintec RT4202 User s Guide Workshops Release Notes if required Property bintec R4402 bintec RT4202 Dimensions and weights Equipment dimensions without cable B x H x D 19 housing 482 6 mm x 220 mm x 45 mm 19 housing 482 6 mm x 220 mm x 45 mm Weight approx 2 0 kg approx 2 0 k
16. When the function is enabled the login form displays on the left hand side When the function is disabled only the website with information advertising and or links to freely accessible websites is dis played The function is enabled by default Pop Up window for status indication Specify whether the device uses pop up windows to display the status The function is enabled by default Default Idle Timeout Enable or disable the Default Idle Timeout If a hotspot user does not trigger any data traffic for a configurable length of time they are logged out of the hotspot The function is enabled by default The default value is 600 seconds 21 11 2 Options In the Local Services gt HotSpot Gateway gt Options menu general settings are per formed for the hotspot HotSpot Gateway Options Basic Parameters Host for multiple locations OK Cancel Fig 196 Local Services gt HotSpot Gateway gt Options The Local Services gt HotSpot Gateway gt Optionsmenu consists of the following fields 21 Local Services Teldat GmbH Fields in the Basic Parameters menu Field Description Host for multiple loca If several locations branches are set up on the Hotspot server tions enter the value of the NAS identifier RADIUS server parameter that has been registered for this location on the Hotspot server 21 12 BRRP In the BRRPmenu you can configure the redundancy of your gateway Note You require a
17. X 21 X 21bis X 25 X 31 Teldat GmbH Server that provides documents in HTML format for access over the Internet WWW T Online service with which e mails can be sent and received world wide on the Internet by means of a browser Wired Equivalent Privacy also known as RJ 45 plug Plug used for ISDN terminals with eight contacts Developed by the US telephone company Western Bell Western plugs for analogue telephones have four or six contacts A graphical tool on Windows 95 98 and Millennium that uses Win32 API to view and configure the IP address configuration of com puters A group of computers wirelessly connected to each other wireless LAN Wireless multimedia Wi Fi protected access Concentrates primarily on the needs of companies and offers secure encryption and authentication Uses 802 1x and the Extensible Au thentication Protocol EAP and thus offers an effective means of user authentication Intended for private users or small businesses that do not run a central authentication server PSK stands for Pre Shared Key and means that AP and client use a fixed character string 8 to 63 char acters known to all subscribers as the basis for key calculation for wireless traffic World Wide Web The X 21 recommendation defines the physical interface between two network components in packet switched data networks e g Da tex P The X 21bis recommendation defines the DTE DCE interface to V series s
18. e Client The media gateway is operated as DDI client It is assigned a DDI e Server The media gateway is operated as a DDI server so that DDI clients can connect e gw trunk The media gateway is operated as DDI client but used as a trunk This setting is used to connect a software based IP PBX from Swyx Registrar Only for Trunk Mode Off Client and gw trunkEnter the IP address or domain name FQDN of the SIP registrar The maximum number of characters is 40 Entries with spaces are not allowed SIP Endpoint IP Ad Only for Trunk Mode Server and Registration deactivated dress Enter the IP address or domain name FQDN of the SIP proxy server Outbound Proxy Only for Trunk Mode Off Client or gw trunk Enter the name or IP address of the SIP outbound proxy server Teldat GmbH 20 VoIP Field Description A maximum of 32 characters can be entered Here you must make an entry only if for all SIP sessions the communication is not to be direct but via a further proxy In SIP client mode Enter a name or IP address only if this is ex plicitly specified by the provider Realm Enter a new domain name or a new IP address for the SIP proxy server If you do not make an entry the entry in the Registrar field is used In SIP client mode Enter a name or IP address only if this is ex plicitly specified by the provider Protocol Select the protocol to be used for data transport Possible values UDP defau
19. 467 AUX 119 295 AUX Port Status 120 Back Route Verify 335 Back Route Verify 197 Back up of configuration on SD card 71 Backup Designated Router 541 Bandwidth 168 Based on Ethernet Interface 146 Beacon Period 171 Bearer Service 135 Black White List 457 Blacklisted 457 Block after connection failure for 275 280 285 291 298 368 375 Block Time 104 347 BOSS 510 BOSS Version 71 Bridges 539 BRRP 496 Bundle Type 133 Burst size 223 Burst Mode 170 Bytes 532 c CA Certificate 111 CA Certificates 347 CA Name 467 Index Cache 438 Cache Hitrate 439 Cache Hits 439 Cache Size 431 Call Number 294 301 412 Call History 535 Call Routing 415 Call Translation 421 Call Number 126 Callback 377 Callback Mode 291 298 Called Address 416 419 Called Line 419 Called Address Translation 418 Calling Address 416 Calling Line 416 419 Calling Address Translation 419 CAPI Server 458 CAPI Server TCP Port 460 CAPWAP Encryption 164 Category 455 Certificate Request 110 Certificate List 107 Certificate Servers 118 Certificate is CA Certificate 108 Certificate Request Description 111 467 Certificate Revocation List CRL Checking 108 Certificates 106 Channel 165 535 Channel Bundling 293 Channel Plan 171 Channel Selection 130 Charge 535 536 Class ID 217 223 Classmap 217 CLID Translation 419 Client Type 308 Client Band select 178 Clock Mode 130 Clo
20. Adaptive Wire Mode 4 wire v Additional Wire Pairs V Pair 7 8 L Pair 3 6 l Pair 1 2 Minimum 384 kbps Line Speed Interval Maximum 11392 kbps OK Cancel Fig 56 Physical Interfaces SHDSL gt SHDSL Configuration gt g Fields in the SHDSL Parameters menu Field Description ATM Interface Displays the name of the ATM interface Device Mode Define the role within the connection Possible values e CPE Customer Premises Equipment default value Mode for the user page of the SHDSL connection e CO Central Office Mode for the provider page of the SHDSL connection Note CPE on the one hand and CO on the other hand must al ways be set for each SHDSL connection All the pairs of wires should also be set to the same mode no mixed mode is pos sible SHDSL Type Define which Annex of ITU T Recommendation G 991 2 is used for the connection Possible values e Annex A For applications in North America provider dependent Teldat GmbH 11 Physical Interfaces Field Description e Annex B default value For applications in Europe provider dependent for example Clock Rate Define whether the clock rate should be negotiated Possible values e Fixed The clock rate is predefined e Adaptive default value The clock rate is negotiated de pending on the line quality Note that a fixed value must be set to use the IMA mode see Wire Mode on at least one side CO or CPE Wire Mode Define the
21. During the Diffie Hellman key calculation modular exponentiation at 1024 bits is used to create the encryption material e 5 1536 Bit During the Diffie Hellman key calculation modular exponentiation at 1536 bits is used to create the en cryption material Lifetime Define how the lifetime is defined that will expire before phase 2 SAs need to be renewed The new SAs are negotiated shortly before expiry of the current SAs As for RFC 2407 the default value is eight hours which means the key must be renewed once eight hours have elapsed The following options are available for defining the Lifetime e Input in Seconds Enter the lifetime for phase 2 key in seconds The value can be a whole number from 0 to 2147483647 The default value is 7200 e Input in kBytes Enter the lifetime for phase 2 keys as amount of data processed in Kbytes The value can be a whole num ber from 0 to 2147483647 The default value is 0 Rekey after Specify the percentage in the course of the lifetime at which the phase 2 keys are to be regenerated The percentage entered is applied to both the lifetime in seconds and the lifetime in Kbytes The default value is 80 The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Teldat GmbH 18 VPN Field Description IP Compression Select whether compression is to be activated before data en cryption If data is compressed effectively this can result
22. High Priority Class Enable or disable the high priority class If the high priority class is active the data packets are associated with the class with the highest priority and priority O is set automatically The function is enabled with Enabled The function is disabled by default Class ID Only for High Priority Class not active Choose a number which assigns the data packets to a class ZS Note The class ID is a label to assign data packets to specific classes The class ID defines the priority Possible values are whole numbers between 1 and 254 Set DSCP TOS value Layer 3 Here you can set or change the DSCP TOS value of the IP data packets based on the class Class ID that has been defined Possible values e Preserve default value The DSCP TOS value of the IP data packets remains unchanged e DSCP Binary Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in binary format Teldat GmbH 14 Networking Field Description e DSCP Decimal Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in decimal format e DSCP Hexadecimal Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in hexadecimal format e TOS Binary Value The TOS value is specified in binary format e g 00111111 e TOS Decimal Value T
23. IP Address Range 160 IP Address Netmask 146 242 IP Address Netmask 538 IP Address Owner 496 IP Assignment Pool 289 297 330 IP Assignment Pool IPCP 366 374 IP Pool Name 303 356 380 446 447 IP Pool Configuration 445 IP Pools 302 356 379 IP MAC Binding 450 IPSec 324 531 IPSec Phase 2 534 IPSec Tunnels 533 IPSec Statistics 533 IPSec Tunnels 531 IPSec Phase 2 SAs 532 IPSec Debug Level 357 IPSec over TCP 358 IPSec Peers 325 IPv4 Routes 189 IPv4 Routing Table 195 ISDN 286 ISDN Configuration 125 ISDN Configuration Type 126 ISDN Line Framing 130 ISDN Login 89 Index ISDN Mode 424 ISDN Port 135 ISDN Ports 125 ISDN Switch Type 126 130 ISDN Theft Protection Service 486 ISDN Theft Protection 485 ISDN Trunks 423 ISDN Usage External 71 ISDN Usage Internal 71 ISDN Modem 534 J Join Prune Interval 264 Join Prune State 550 551 551 Join Prune Hold Time 264 K Keepalive Period 268 Key Size 467 Key Value 381 L L2TP 360 LAN 145 Language for login window 492 Last configuration stored 71 Last Member Query Interval 257 Lastseen 185 Layer 4 Protocol 193 LCP Alive Check 275 280 285 298 318 321 368 375 LDAP URL Path 118 Lease Time 448 Leased Line 315 LED Mode 73 Level 516 530 Licence Key 83 Licence Status 454 Licence Key 454 Licence Serial Number 83 License valid until 454 Lifetime 342 350 Line 418 Teldat GmbH Line Speed 12
24. Negative Cache Select whether the negative dynamic cache is to be activated i e whether queried names for which a DNS server has sent a negative response are stored as negative entries in the cache The function is activated by selecting Enabled The function is enabled by default Cache Size Enter the maximum total number of static and dynamic entries Once this value is reached the dynamic entry not requested for the longest period of time is deleted when a new entry is added Cache Size is reduced by the user dynamic entries are deleted if necessary Statistical entries are not deleted Cache Size cannot be set to lower than the current number of static entries Possible values 0 1000 The default value is 100 Maximum TTL for Pos Enter the value to which the TTL is to be set for a positive dy itive Cache Entries namic DNS entry in the cache if its TTL is 0 or its TTL exceeds the value for Maximum TTL for Positive Cache Entries The default value is 86400 Maximum TTL for Neg Enter the value set to which the TTL is to be set in the case of a ative Cache Entries negative dynamic entry in the cache The default value is 86400 Fallback interface to Select the interface to which a connection is set up for name get DNS server server negotiation if other name resolution attempts were not successful The default value is Automatic i e a one time connection is set up to the first suitable connection partner configur
25. Note If a tunnel is to be set up to a peer the interface over which the tunnel is to be imple mented is activated first by the IPSec Daemon If IPSec with DynDNS is configured on the local device the own IP address is propagated first and then the ISDN call is sent to the remote device This ensures that the remote device can actually reach the local device if it initiates the tunnel setup Transfer of IP Address over ISDN Transferring the IP address of a device over ISDN in the D channel and or B channel opens up new possibilities for the configuration of IPSec VPNs This enables restrictions that occur in IPSec configuration with dynamic IP addresses to be avoided Note To use the IP address transfer over ISDN function you must obtain a free of charge extra licence You can obtain the licence data for extra licences via the online licensing pages in the support section at www teldat de Please follow the online licensing instructions Before System Software Release 7 1 4 IPSec ISDN callback only supported tunnel setup if the current IP address of the initiator could be determined by indirect means e g via DynDNS However DynDNS has serious disadvantages such as the latency until the IP address is actually updated in the database This can mean that the IP address propagated 18 VPN Teldat GmbH via DynDNS is not correct This problem is avoided by transferring the IP address over ISDN This type of transfer of dynamic
26. O standard Multilink Selectone Y eesssso DEnabled 300 Seconds Ostatic Get IP Address MEnabled MEnabled Advanced Settings 50 Seconds MEnabled DEnabled Enabled E automatic 4 oK Cancel Fig 116 WAN gt Internet Dialup gt PPPoE gt New The menu WAN gt Internet Dialup gt PPPoE gt New consists of the following fields Fields in the Basic Parameters menu Field Description Description PPPoE Mode Enter a name to uniquely identify the PPPoE partner The first character in this field must not be a number No special charac ters or umlauts must be used Select whether you want to use a standard Internet connection over PPPoE Standard or your Internet access is to be set bintec Rxxx2 RTxxx2 Teldat GmbH 17 WAN Field Description up over several interfaces Multilink If you choose Mul tilink you can connect several DSL connections from a pro vider over PPP as a static bundle in order to obtain more band width Each of these DSL connections should use a separate Ethernet connection for this At the moment many providers are still in the process of preparing the PPPoE Multilink function For PPPoE Multilink we recommend using your device s Ether net switch in Split Port mode and to use a separate Ethernet in terface e g en1 1 en1 2 for each PPPoE connection If you also want to use an external modem for PPPoE Multilink yo
27. dress of the desired range Please note If you click on Next a warning appears which informs you that continuing will overwrite the wireless LAN controller configuration By clicking on OK you signal that you agree with this and wish to continue with the configuration 13 1 2 Radio Profile Select which frequency band your WLAN controller shall use Ifthe 2 4 GHz Radio Profile is set then the 2 4 GHz frequency band is used Ifthe 5 GHz Radio Profile is set then the 5 GHz frequency band is used If the corresponding device contains two wireless modules you can Use two independent radio profiles This assigns 2 4 GHz Radio Profile to module 1 and 5 GHz Radio Profile to module 2 The function is activated by selecting Enabled The function is disabled by default 13 1 3 Wireless Network All of the configured wireless networks VSS are displayed in the list At least one wireless network VSS is set up This entry cannot be deleted Click on eo to edit an existing entry You can also delete entries using the a icon With Add you can create new entries You can create up to eight wireless networks VSS for a wireless module Note If you wish to use the default wireless network that is set up you must at least change the Preshared Key parameters Otherwise you will be prompted 13 1 3 1 Change or add wireless networks Click on pjto edit an existing entry With Add you can create new entries The following parameter
28. firmation also contains parameters called RADIUS attributes which your device uses as WAN connection parameters If the RADIUS server is used for accounting your device sends an accounting message at the start of the connection and a message at the end of the connection These start and end messages also contain statistical information about the connection IP address user name throughput costs Teldat GmbH 10 System Management RADIUS packets The following types of packets are sent between the RADIUS server and your device client Packet types Field Value ACCESS_REQUEST Client gt Server If an access request is received by your device a request is sent to the RADIUS server if no corresponding connection part ner has been found on your device ACCESS_ACCEPT Server gt Client If the RADIUS server has authenticated the information con tained in the ACCESS_REQUEST it sends an AC CESS_ACCEPT to your device together with the parameters used for setting up the connection ACCESS_REJECT Server gt Client If the information contained in the ACCESS_REQUEST does not correspond to the information in the user database of the RADIUS server it sends an ACCESS_REJECT to reject the connection ACCOUNTING_START Client gt Server If a RADIUS server is used for accounting your device sends an accounting message to the RADIUS server at the start of each connection ACCOUNTING_STOP Client gt Server If
29. for the connection to the server or proxy Possible values are 0 to 65535 The default value is 5060 Fields in the Codec Settings menu Field Description Codec Proposal Se Choose the order in which the codecs are offered for use by the quence media gateway If the first codec cannot be used the second is tried and so on Possible values e Default default value the codec in the first position in the menu will be used if possible e Quality The codecs are sorted by quality If possible the codec with the best quality is used e Lowest The codecs are sorted by required bandwidth If possible the codec with the lowest bandwidth requirement is used e Highest The codecs are sorted by required bandwidth If possible the codec with the highest bandwidth requirement is used Sort Order Select the codecs to be proposed for the connection The co Teldat GmbH 20 VoIP Field Description decs chosen here are proposed in a certain order depending on the setting in the Codec Proposal Sequence field Possible values e G 711 uLaw ISDN codec according to US law e G 711 aLaw ISDN codec according to EU law 729 Compressed from 31 to 8 kbps good voice quality e G 726 40 Compressed from 63 to 40 kbps 726 32 Compressed from 55 to 32 kbps 726 24 Compressed from 47 to 24 kbps e Q QA QA Q 726 16 Compressed from 39 to 16 kbps DTMF Outband DTMF Outband First the system attempts to use RFC
30. is placed before the 22 and the callback can be made directly from the caller list The number of bits per second transmitted in T Net or T ISDN from the PC or fax machine Fax machines achieve up to 14 4 kbps mo dems 56 kbps In the ISDN data and fax exchange with 64 kbps is possible With T DSL up to 8 mbps can be received and up to 768 kbps sent Terminal Selection Digit TTL stands for Time to Live and describes the time during which a data packet is sent between the individual servers before it is dis carded Twofish was a possible candidate for the AES Advanced Encryp tion Standard It is regarded as just as secure as Rijndael AES but is slower Universal Asymmetric Digital Subscriber Line User Datagram Protocol Update to a software program PBX firmware An update is the up dated version of an existing software product and is indicated by a new version number Data transfer during online connections where files are transferred from the user s PC to another PC or to a data network server Universal Plug and Play Data transmission rate from the client to the ISP Universal Uniform Resource Locator Universal Serial Bus Electronic user guidance that takes the user through the required functions of a terminal such as a telephone answering machine or fax machine step by step menu guided operation This function is only possible for system telephones and ISDN tele Signalling 1 V 11 V 24 V 28
31. nect to your device via an SSH connection This is encrypted so all the remote mainten ance options can be carried out securely The following preconditions must be met in order to connect to the device via SSH e The encryption keys needed for the process must be available on the device e An SSH client must be installed on your PC Encryption keys First of all make sure that the keys for encrypting the connection are available on your device 1 Log in to one of the types already available on your device e g via Telnet for login bintec Rxxx2 RTxxx2 Teldat GmbH 2 3 8 Access and configuration see Login on page 54 Enter update i for the input prompt You are now in the Flash Management shell Call up a list of all the files saved on the device 1s al If you see a display like the one below the keys needed are already there and you can connect to the device via SSH Flash Sh gt 1s al Flags Version Length Date Name Vr xpbc B 7 1 04 2994754 2004 09 02 14 11 48 box150 srel ppc860 Vrw pl f 0 0 350 2004 09 07 10 44 14 sshd host _rsa key pub Vrw pl f 0 0 1011 2004 09 07 10 44 12 sshd host_rsa_key Vrw p1 f 0 0 01 730 2004 09 07 10 42 17 sshd host _dsa key pub Vrw pl f 0 0 01 796 2004 09 07 10 42 16 sshd host_dsa key Flash Sh gt Note The device generates a key pair for each of the algorithms RSA and DSA i e two files must be stored in the flash for each algorithm see examp
32. 192 168 1 254 See also netmask IP payload compression A tool used on Windows computers to check or change its own IP settings IP over ATM Integrated Services Digital Network The address of an ISDN device that consists of an ISDN number fol lowed by further numbers that relate to a specific terminal e g 47117 ISDN subscriber connection The Basic Rate Interface consists of two B channels and one D channel In addition to the Basic Rate In terface there is the Primary Rate Interface The interface to the sub scriber is provided by an So bus Adapter for connecting a PC to the ISDN Basic Rate Interface From a technical perspective we differentiate between active and passive cards Active ISDN cards have their own processor which handles communication operations independently of the PC processor and therefore does not require any resources A passive ISDN card on bintec Rxxx2 RTxxx2 ISDN Login ISDN number ISDN router ISDN BRI ISDN Dynamic ISDN Intern al External ISDN PRI Iso ISP ITU Key Escrow LAN LAPB Last access Layer 1 LCD the other hand uses the PC s resources Function of your gateway Your gateway can be configured and ad ministrated remotely using ISDN Login ISDN Login operates on gateways in the ex works state as soon they are connected to an ISDN connection and therefore reachable via an extension number The network address of the ISDN interface e g 4711 A r
33. 20 2 2 SIP Accounts If your want your device to connect to other SIP servers e g servers of Internet SIP Ser vice providers you can configure the necessary entries here In this case the media gate way acts as a SIP client Furthermore you can configure the entries for SIP trunking scenarios here In this case the media gateway acts as a SIP server for other SIP servers An example for this is the connection of a SIP PBX e g Asterisk to the media gateway This means that not only all SIP provider accounts are configured here but also direct dial in PBXs connected with the media gateway Note In no case should you use this menu to configure SIP extensions i e for SIP clients or PSTN clients such as SIP telephones terminal adapters or ISDN telephones SIP extensions can be configured in the VolP gt Extensionsmenu The VoIP gt Media Gateway gt SIP Accounts menu displays a list of all existing SIP ac counts SIP Client Mode and SIP Server Mode 20 2 2 1 Edit or New Select the New button to create new SIP accounts Choose the icon to edit existing entries In this menu SIP accounts are configured in SIP client mode as well as in SIP serv er mode Extensions SIP Accounts Call Routing CLID Translation Call Translation ISDN Trunks Options Basic Parameters Description Administrative
34. 21 72 1 New Choose the New button to configure additional operations Trigger Actions Options Basic Parameters Description Command Type Reboot he Event List Selectone Y Event List Condition All v Reboot device after fo Seconds OK Cancel Fig 185 Local Services gt Scheduling gt Actions gt New The menu Local Services gt Scheduling gt Actions gt New consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter your chosen designation for the action Command Type Select the desired action Possible values Reboot default value Your device is rebooted e MIB SNMP The desired value is entered for a MIB variable e Interface Status The status of an interface is modified e Wlan Status The status of an WLAN SSID is modified e Software Update A software update is initiated e Configuration Management A configuration file is loaded onto your device or backed up by your device 21 Local Services Teldat GmbH Field Description e Ping Test Accessibility of an IP address is checked e Certificate Management A certificate is to be renewed deleted or entered e 5 GHz WLAN Bandscan A scan of the 5 GHz frequency band is performed e 5 8 GHz WLAN Bandscan A scan of the 5 8 GHz fre quency range is performed WLC New Neighbor Scan Only for devices with Wireless LAN Controller A Neighbor Scan is initiated in a WLAN net work controlled by the WLAN c
35. 24 3 1 Current Calls In the Monitoring gt ISDN Modem gt Current Calls menu a list of the existing ISDN con nections incoming and outgoing is displayed Teldat GmbH 24 Monitoring Current Calls Call History Automatic Refresh Interval 60 Seconds Apply View 20 per page Fitter in None Y equal v Go Service Remote Number Interface Direction Charge Duration Stack Channel Status Page 1 Fig 217 Monitoring gt ISDN Modem gt Current Calls Values in the Current Calls list Field Description Service Displays the service to or from which the call is connected PPP TESEC 265 2S PORS Remote Number Displays the number that was dialled in the case of outgoing calls or from which the call was made in the case of incoming calls Interface Displays additional information for PPP connections Direction Displays the send direction Incoming Outgoing Charge Displays the costs of the current connection Duration Displays the duration of the current connection Stack Displays the related ISDN port STACK Channel Displays the number of the ISDN B channel Status Displays the state of the connection null c initiated ovl send oc procd c deliverd c present c recvd ic procd up discon req discon ind suspd regq re sum req ovl recv 24 3 2 Call History In the Monitoring gt ISDN Modem gt Call History menu a list of the last 20 ISDN calls incoming and outgoing completed since the last system start
36. 90 for Internet connections Fields in the IP Mode and Routes menu Field Description IP Address Mode Choose whether your device has a static IP address or is as signed one dynamically Possible values e Get IP Address default value Your device is dynamically assigned an IP address e Static You enter a static IP address Default Route Select whether the route to this connection partner is to be defined as the default route The function is enabled with Enabled The function is enabled by default Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated Teldat GmbH 17 WAN Field Description The function is enabled with Enabled The function is enabled by default Local IP Address Only for IP Address Mode Static Enter the static IP address you received from your provider Route Entries Only if IP Address Mode Static Define other routing entries for this connection partner Add new entries with Add e Remote IP Address IP address of the destination host or network e Netmask Netmask for Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route range of values 0 15 The default value is 7 The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Block after connection Enter the wait time in seconds before the
37. A device that connects different networks at layer 3 of the OSI mod el and routes information from one network to the other The RSA algorithm named after its inventors Rivest Shamir Adle man is based on the problem of factoring large integers It therefore takes a large amount of data processing capacity and time to derive a RSA key Real Time Streaming Protocol See Primary Rate Interface The SAD Security Association Database contains information on security agreements such as AH or ESP algorithms and keys se quence numbers protocol modes and SA life For outgoing IPSec connections an SPD entry refers to an entry in the SAD i e the SPD defines which SA is to be applied For incoming IPSec connec tions the SAD is queried to determine how the packet is to be pro cessed Symmetric Digital Subscriber Line A server offers services used by clients Often refers to a certain computer in the LAN e g DHCP server Part of the T Com certification services for the Internet Digital pass for a company With the ServerPass T Com confirms that a server on the Internet belongs to a particular company and that this was verified through the presentation of an excerpt from the business re gister Additional voice service from T Com for the commercial distribution of private information services The T Com services are limited to providing the technical infrastructure and collection processing for Teldat GmbH Service 0700 S
38. Add Field Description Mode Only if Entries Add Defines whether Call Number should be used for incoming or outgoing calls or for both Possible values Both default value For incoming and outgoing calls e Incoming For incoming calls where your connection partner dials in to your device e Outgoing For outgoing calls where you dial your connec tion partner The calling party number of the incoming call is compared with the number entered under Call Number Call Number Enter the connection partner s numbers Number of Used Ports Select which port is used Fields in the IP Options menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF protocol packets are sent Possible values e Passive default value OSPF is not activated for this inter face i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this inter face are however included when calculating the routing in formation and propagated over active interfaces e Active OSPF is activated for this interface i e routes are propagated or OSPF protocol packets sent over this interface Teldat GmbH 17 WAN Field Description e Inactive OSPF is disabled for this interface Proxy ARP Mode Select whether and how ARP requests from your own LAN are to be responded to for the specified connection partner Possible values e Inactive default value
39. Callback optional like Windows Server Mode with the option of termination This setting should be avoided for security reasons The Mi crosoft client also has the option of aborting callback and maintaining the initial connection to your device without call back This only applies if no fixed outgoing number has been configured for the connection partner This is done by pressing CANCEL to close the dialog box that appears Fields in the Dial Numbers menu Field Description Entries Add new entries with Add Fields in the menu Dial Number Configuration entry lt 1 gt only appears for Entries Field Description o o Mode Only if Entries Add Defines whether Number should be used for incoming or outgo ing calls or for both Possible values e Both default value For incoming and outgoing calls e Incoming For incoming calls where your connection partner dials in to your device e Outgoing For outgoing calls where you dial your connec tion partner The calling party number of the incoming call is compared with the number entered under Number Call Number Enter the connection partner s numbers Fields in the IP Options menu Field Description Proxy ARP Mode Select whether and how ARP requests from your own LAN are to be responded to for the specified connection partner Possible values e Inactive default value Deactivates Proxy ARP for this 17 WAN Teldat GmbH Field Description connectio
40. Click the Windows Start button and then Settings gt Control Panel gt Network Con nections Windows XP or Control Panel gt Network and Sharing Center gt Change Adapter Settings Windows 7 2 Click on LAN Connection 3 Click on Properties in the status window 4 Look for the Internet Protocol TCP IP entry in the list of network components Installing the TCP IP protocol Teldat GmbH 7 Basic configuration If you cannot find the Internet Protocol TCP IP entry install the TCP IP protocol as fol lows 1 First click Properties then Install in the status window of the LAN Connection 2 Select the Protocol entry 3 Click Add 4 Select Internet Protocol TCP IP and click on OK 5 Follow the on screen instructions and restart your PC when you have finished Allocating PC IP address Allocate an IP address to your PC as follows 1 Select Internet Protocol TCP IP and click Properties 2 Choose Use next IP address and enter a suitable IP address Entering the gateway IP address in your PC Then continue by entering the IP address of the gateway in the configuration of your PC as follows 1 In Internet Protocol TCP IP gt Properties under Default gateway enter the IP ad dress of your gateway 2 Enter the IP address of your device under Use next DNS server address 3 Click OK 4 Close the status window withOK The computer now has an IPSec configuration Note You ca
41. Deactivates Proxy ARP for this connection partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the connection partner is Up or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up un til someone actually wants to use the route e Up only Your device responds to an ARP request only if the status of the connection to the connection partner is Up i e a connection already exists to the connection partner DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server and WINS Server Primary and Secondary from the connection partner or sends these to the connection partner The function is enabled with Enabled The function is enabled by default 17 1 5 AUX In the WAN Internet Dialup AUX menu a list of all AUX interfaces is displayed You can define various settings for communication between the gateway and modem in this menu You require a special cable for the console port of your gateway e g AUX Backup cable to connect an external analogue modem to the AUX port on a Teldat gate way 17 1 5 1 New Choose the Newbutton to set up new AUX interfaces Basic Parameters Description User Name Password Always on Connection Idle Timeout IP Mode and Routes IP Address Mode Default Route Create NAT Policy Block after connection failure for Maximum Number of
42. Disable v Select one v Add OK Cancel Fig 187 Local Services gt Surveillance gt Hosts gt New The menu Local Services gt Surveillance gt Hosts gt New consists of the following fields Fields in the Host Parameters menu Field Description Group ID If the availability of a group of hosts or the default gateway is to be monitored by your device select an ID for the group or the default gateway The group IDs are automatically created from 0 to 255 lf an entry has not yet been created a new group is created using the New ID option If entries have been created you can select one from the list of created groups Each host to be monitored must be assigned to a group The operation configured in Interface is only executed if no group member can be reached Fields in the Trigger menu Field Description Monitored IP Address Enter the IP address of the host to be monitored Possible values e Default Gateway default value The default gateway is 21 Local Services Teldat GmbH Field Description monitored e Specific Enter the IP address of the host to be monitored manually in the adjacent input field Source IP Address Select how the IP address is to be determined that your device uses as the source address of the packet sent to the host to be monitored Possible values e Automatic default value The IP address is determined automatically e Specific Enter the IP address in the adjacent input field
43. Domain 487 Domain Forwarding 436 Domain at the HotSpot Server 492 Domain Name 431 Done 187 Downstream 139 Drop non members 152 Drop In 235 Drop In Groups 235 Drop untagged frames 152 Dropped 534 540 Index Dropping Algorithm 225 DSA Key Status 93 DSCP TOS Value 193 DSCP TOS Filter Layer 3 214 229 DSL Chipset 138 DSL Configuration 137 DSL Mode 139 DSL Modem 137 DSL SyncType 139 DSP Module 72 DTIM Period 171 Duration 535 536 Dynamic blacklisting 180 Dynamic LS Update Compression 252 Dynamic RADIUS Authentication 358 DynDNS Provider 443 DynDNS Update 441 DynDNS Client 441 E E mail 113 E mail Address 523 EAP Preauthentification 176 Echo Cancellation 407 414 Enable authentication 501 Enable update 442 Enable BRRP 504 Enable IPSec 357 Enable server 460 Enable VLAN 153 Enabled 381 Encapsulation 305 Encrypt configuration 467 Encrypted 534 Encryption 104 291 368 375 Encryption Algorithms 92 End to End Pending Requests 313 End to End Send Interval 313 Entries 294 301 Entry active 98 103 Error 187 Errors 532 534 Ethernet Interface 500 Index Ethernet Interface Selection 123 Ethernet Ports 122 Event 520 Event Type 462 Event List 462 467 Event List Condition 467 Ex works setting 10 Exclude from NAT DMZ 236 Expire Time 404 409 Expiry Timer 546 550 551 551 Export indirect static routes 250 Extended Route 195 Extension UserName 404 Extensions 403 External
44. Encryption Algorithms Mispes YU Blowfish Y AES 128 C AES 256 Hashing Algorithms imps Y sHA 1 MRipemp 160 Key Status RSA Key Status Generated DSA Key Status Not generated Generate Advanced Settings Login Grace Time 600 Seconds Compression DEnabled TCP Keepalives MEnabled Logging Level information Y OK Cancel Fig 38 System Management gt Administrative Access gt SSH You need an SSH client application e g PUTTY to be able to reach the SSH Daemon If you wish to use SSH Login together with the PuTTY client you may need to comply with some special configuration requirements for which we have prepared FAQs You will find these in the Service Support section at www teldat de bintec Rxxx2 RTxxx2 10 System Management Teldat GmbH To be able to reach the shell of your device via an SSH client make sure the settings for the SSH Daemon and SSH client are the same Note If configuration of an SSH connection is not possible restart the device to initialise the SSH Daemon correctly The System Management gt Administrative Access gt SSHmenu consists of the following fields Fields in the menu SSH Secure Shell Parameters Field Value SSH service active Select whether the SSH Daemon is to be enabled for the inter face The function is activated by selecting Enabled The function is enabled by default SSH Port Here you can enter the port via which the SSH connection is to be establ
45. Enter how long the router must wait after the POP3 call before it is forced to send the alert mail The default value is 600 seconds Fields in the SMS Parameters menu only for RS120wu RS230au and RS230bu Field Description SMS Device You can receive notification of system alerts in text messages Select the device to be used to send the text message Maximum SMS per Day Limit the maximum number of SMS sent during a single day Activating No Limitation allows any number of SMS to be sent The defualt value is 10 SMS per day Note Entering a value of 0 is equivalent to activating No Lim itation Teldat GmbH 23 External Reporting 23 4 SNMP SNMP Simple Network Management Protocol is a protocol from the IP protocol family for transporting management information about network components Every SNMP management system contains an MIB SNMP can be used to configure con trol and administrate various network components from one system Such an SNMP tool is included on your device the Configuration Manager As SNMP is a standard protocol you can use any other SNMP managers e g HPOpenView For more information on the SNMP versions see the relevant RFCs and drafts e SNMP V 1 RFC 1157 e SNMP V 2c RFC 1901 1908 e SNMP V 3 RFC 3410 3418 23 4 1 SNMP Trap Options In the event of errors a message known as a trap packet is sent unrequested to monitor the system In the External Reporting gt SNMP
46. Entries 73 Maximum Number of History Entries 453 Maximum Sources 260 Maximum Burst Size MBS 310 Maximum E mails per Minute 523 Maximum Number of Syslog Entries 73 Maximum number of concurrent connec tions 92 Maximum Response Time 257 Maximum Time between Retries 363 Maximum TTL for Negative Cache Entries 431 Maximum TTL for Positive Cache Entries 431 Maximum Upload Speed 220 223 323 Maximum Upstream Bandwidth 139 Media Gateway 402 Media Gateway Status 425 Media Stream Termination 425 Members 391 397 424 Memory Usage 71 Index Memory Card 71 Message 530 Message Compression 520 Message Timeout 520 Messages 532 Metric 192 195 330 Metric Determination 250 Metric direct routes 250 Metric Offset for Inactive Interfaces 242 Metric Offset for Active Interfaces 242 MIB Variables 467 MIB SNMP Variable to add edit 467 Min queue size 225 Minimum Number of active Links 142 Minimum Time between Retries 363 MobIKE 335 Mode 111 193 197 236 257 260 294 301 339 342 355 Mode Bridge Group 86 Modem Escape Character 120 Monitored Certificate 462 Monitored Interface 462 481 Monitored Subsystems 520 Monitored Variable 462 Monitored Interfaces 486 528 Monitored IP Address 479 Monitoring 181 530 Monitoring Mode 503 MSN 135 MSN Configuration 134 MSN Recognition 135 MTU 381 532 Multicast 254 Multicast Group Prefix Length 266 Multicast Group Prefix Lengt
47. For Command Type Software Update Enter the file name of the software version For Command Type Certificate Management with Ac tion Import certificate Enter the file name of the certificate file Action For Command Type Configuration Management Select which operation is to be performed on a configuration file Possible values e Import configuration default value e Export configuration e Rename configuration e Delete configuration e Copy configuration For Command Type Certificate Management Select which operation you wish to perform on a certificate file Possible values e Import certificate default value e Delete certificate e SCEB Protocol Only for Command Type Certificate Management and 21 Local Services Teldat GmbH Field Description Configuration Managementif Action Import config uration Select the protocol for the data transfer Possible values e HTTP default value e HTTPS e TFTP CSV File Format Only for Command Type Configuration Management and Action Import configuration or Ex port configuration Select whether the file is to be sent in the CSV format The CSV format can easily be read and modified In addition you can view the corresponding file clearly using Microsoft Ex cel for example The function is enabled by default Remote File Name Only if Command Type Configuration Management For Action Import configuration Enter the name of the file under which it is
48. In dense mode all packets are forwarded and only packets to groups that have been explicitly can celled are rejected In sparse mode packets are only forward to groups if they have been ordered Your device uses PIM in sparse mode 16 4 1 PIM Interfaces A list of all PIM interfaces is displayed in the Multicast gt PIM gt PIM Interfaces menu PIM Interfaces PIM Rendezvous Points PIM Options View 20 per page Fitter in None vw equal Go Interface IP Version Designated Router Use as Stub interface Status Action Page 1 New Fig 111 Multicast gt PIM gt PIM Interfaces 16 4 1 1 Edit or New Choose the icon to edit existing entries To configure PIM lists select the New button PIM Interfaces PIM Rendezvous Points PIM Options PIM Interface Settings Interface Selectone PIM Mode Sparse Mode Use as Stub interface DEnabled Designated Router Priority OA Advanced Settings Hello Interval fo Seconds Triggered Hello Interval 5 Seconds Hello Hold Time hs Seconds Join Prune Interval fo Seconds Join Prune Hold Time 210 Seconds Propagation Delay seconds Override Interval E seconds OK C Cancel Fig 112 Multicast gt PIM gt PIM Interfaces gt New The Multicast gt PIM gt PIM Interfaces gt New menu consists of the following fields Fields in the PIM Interface Settings menu Field Description Interface Choose the interface used for PIM i e over which multicast routing is operated
49. Mode Maximum Groups Maximum Sources Select the IGMP status Possible values e Auto default value Multicast is activated automatically for hosts if the hosts open applications that use multicast e Up Multicast is always on e Down Multicast is always off Only for IGMP Status Up or Auto Select Multicast Mode Possible values e Compatibility Mode default value The router uses IG MP version 3 If it notices a lower version in the network it uses the lowest version it could detect e Version 3 only Only IGMP version 3 is used Enter the maximum number of groups to be permitted both in ternally and in reports Enter the maximum number of sources that are specified in ver sion 3 reports and the maximum number of internally managed sources per group Teldat GmbH 16 Multicast Field Description IGMP State Limit Enter the maximum permitted total number of incoming queries and messages per second The default value is 0 i e the number of IGMP status mes sages is not limited 16 3 Forwarding 16 3 1 Forwarding In this menu you specify which multicast groups are always passed between the interfaces of your device 16 3 1 1 New Choose the Newbutton to create forwarding rules for new multicast groups Forwarding Basic Parameters All Multicast Groups Enabled Multicast Group Address Source Interface None Destination Interface None v OK Cancel Fig 110 Multicast gt Forwa
50. No distinction is made below between timeslots and channels as the difference is immaterial for configuration purposes A list of the channel bundles already configured is shown Click Add to configure new channel bundles You can use the Add at Custom Time Slots to configure additional bundles Note This function is only available for leased lines Fields in the New Bundle menu Field Description Description Enter the name of the channel bundle Bundle Type Displays the type of channel bundle Possible values e PPP Multilink The channels are bundled as PPP Multilink channels e Physical Hyperchannel The channels are bundled as physical hyperchannels Timeslot Selection Select between Range Selection and Timeslot Matrix Timeslot Range Only if Timeslot Selection Range Selection Shows the logical channels timeslots combined to form this channel bundle e From Shows the first of the channels used for this channel bundle Possible values 1 to 31 e to Shows the last of the channels used for this channel bundle Possible values 1 to 31 11 Physical Interfaces Teldat GmbH Field Description Timeslot Matrix Only if Timeslot Selection Timeslot Matrix shows a list of all channels in detail If you do not wish to use all the chan nels between a certain start and end channel for a channel bundle you can make a selective assignment here X 75 Layer 2 Mode Here you define how the interface creat
51. Number of Admitted Choose how many users can connect using this peer profile Connections Possible values e One User default value Only one peer can be connected with the data defined in this profile e Multiple Users Several peers can be connected with the data defined in this profile The peer entry is duplicated for each connection request with the data defined in this profile Start Mode Select how the peer is to be switched to the active state Possible values e On Demand default value The peer is switched to the active state by a trigger e Always up The peer is always active Fields in the menu Advanced IP Options Field Description Public Source IP Ad dress If you are operating more than one Internet connection in paral lel you can specify here the public IP address which is to be used as the source address for the peer s data traffic Select whether the Public Source IP Address is to be enabled The function is enabled with Enabled In the input field enter the public IP address which is to be used as the sender address The function is disabled by default Back Route Verify Select whether a check on the back route should be activated for the interface to the connection partner The function is enabled with Enabled 18 VPN Teldat GmbH Field Description The function is disabled by default MobIKE Only for peers with IKEv2 MobIKE With changing public IP addresses enables only these
52. Only for Event Type Ping Test Enter the IP address whose accessibility is to be checked Source IP Address Only for Event Type Ping Test Teldat GmbH 21 Local Services Field Description Enter an IP address to be used as sender address for the ping test Possible values e Automatic default value The IP address of the interface over which the ping is sent is automatically entered as sender address e Specific Enter the desired IP address in the input field Status Only for Event Type Ping Test Select whether Destination IP Address Reacheable must be default value or Unreacheab e in order to initiate the opera tion Interval Only for Event Type Ping Test Enter the time in Seconds after which a ping must be resent The default value is 60 seconds Trials Only for Event Type Ping Test Enter the number of ping tests to be performed until Destina tion IP Address as Unreacheable applies The default value is 3 Monitored Certificate Only for Event Type Certificate Lifetime Select the certificate whose validity should be checked Remaining Validity Only for Event Type Certificate Lifetime Enter the desired value for the remaining validity of the certific ate in percentage Fields in the Select time interval menu Field Description Time Condition For Event Type Time only First select the type of time entry in Condition Type 21 Local Services Teldat GmbH Field Description Possible v
53. PIN or password A rule that defines a set of packets that should or should not be transmitted by the device An active component of a network consisting of wireless parts and optionally also of wired parts Several WLAN clients terminals can log in to an access point AP and communicate via the AP data If Glossary Access protection Accounting Active probing Ad hoc network ADSL AH Alphanumeric dis play Analogue connec tions Analogue terminals Analogue voice transmission Announcement Teldat GmbH the optional wired Ethernet is connected the signals between the two physical media the wireless interface and wired interface are bridged bridging Filters can be used to prevent external persons from accessing the data on the computers in your LAN These filters are a basic func tion of a firewall Recording of connection data e g date time connection duration charging information and number of data packets transferred Active probing takes advantage of the fact that as standard access points are to respond to client requests Clients therefore send probe requests on all channels and wait for responses from an ac cess point in the vicinity The response packet then contains the SSID of the wireless LAN and information on whether WEP encryp tion is used An ad hoc network refers to a number of computers that form an in dependent 802 11 WLAN each with a wireless adapter Ad hoc net work
54. R4402 gt The login was successful You are now in the SNMP shell To leave the SNMP shell after completing the configuration enter exit and press Return 8 3 Configuration options This chapter first offers an overview of the various tools you can use for configuration of your device You can configure your device in the following ways e GUI e Assistant SNMP shell commands Note The detailed help system of the Wizard will help you to clarify any questions you may have Therefore the wizard will not be discussed in any greater detail in this document The configuration options available to you depend on the type of connection to your device Types of connections and configurations Type of connection Possible types of configuration LAN Assistant GUI shell command Serial connection Shell command The following chapters describe the configuration based on GUI Note To change the device configuration you must log in with the user name admin If you do not know the password you cannot make any configuration settings This applies to all types of configuration 8 3 1 GUI Graphical User Interface The GUI is a web based graphic user surface that you can use from any PC with an up to date Web browser via an HTTP or HTTPS connection With the GUI you can perform all the configuration tasks easily and conveniently It is integ rated in your device and is available in English If required other languages can be dow
55. Select the action you wish to execute After each task a window is displayed showing the other steps that are required Possible values e No Action default value e Export configuration The configuration file Current File Name in Flash is transferred to your local host If you click the Go button a dialog box is displayed in which you can select the storage location on your PC and enter the de sired file name e Import configuration Under Filename select a config uration file you want to import Please note Click Go to first load the file under the name boot in the flash memory for the device You must restart the device to enable it Please note The files to be imported must be in CSV format e Copy configuration The configuration file in the Source File Name field is saved asDestination File Name e Delete configuration The configuration in the Select file field is deleted e Rename configuration The configuration file in the Se lect file field is renamed to New File Name e Restore backup configuration Only if under Save configuration with the setting Save configuration and Teldat GmbH 22 Maintenance Field Description back up previous boot configuration the current configuration was saved as boot configuration and the previ ous boot configuration was also archived You can load back the archived boot configuration e Delete software firmware The file in the Select file field is deleted e
56. Teldat GmbH 21 Local Services Field Description are initiated when the defined MIB variables assumes the as signed values e Interface Status Operations configured and assigned in Actions are initiated when the defined interfaces take on a specified status e Interface Traffic The operations configured and as signed in Actions are triggered if the data traffic on the spe cified interfaces falls below or exceed the defined value e Ping Test the operations configured and assigned in Ac tions are triggered if the defined IP address is accessible or not accessible e Certificate Lifetime Operations configured and as signed in Actions are initiated when the defined period of validity is reached Monitored Variable Only for Event Type MIB SNMP Select the MIB variable whose defined value is to be configured as initiator First select the System in which the MIB variable is saved then the MIB Table and finally the MIB Variable itself Only the MIB tables and MIB variables present in the respective area are displayed Compare Condition Only for Event Type MIB SNMP Select whether the MIB variable Greater default value Equal Less Not Equal must have the value given in Com pare Value or must lie within Range to initiate the operation Compare Value Only for Event Type MIB SNMP Enter the value of the MIB variable Index Variables Only for Event Type MIB SNMP Where required select MIB variables to uniquely i
57. The function is disabled by default Compression If necessary select the type of encryption that should be used for data traffic to the connection partner If encryption is set the remote terminal must also support it otherwise a connection cannot be set up Possible values e None default value Encryption is not used eS LAE IMSS TAC e MPPC Microsoft Point to Point Compression Fields in the IP Options menu Field Description OSPF Mode Specify whether OSPF protocol packets are sent over the inter face Possible values Teldat GmbH 17 WAN Field Description e Passive default value OSPF is not activated for this inter face i e no OSPF protocol packets sent over this interface Networks reachable over this interface are however included when calculating the routing information and propagated over active interfaces e Active OSPF is not activated for this interface i e OSPF protocol packets sent over this interface e Inactive OSPF is disabled for this interface Proxy ARP Mode Select whether and how ARP requests are to be responded to for the specified connection partner Possible values e Inactive default value Deactivates Proxy ARP for this connection partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the connection partner is Up Or Dormant In the case of Idle your device only re sponds to the ARP request the connectio
58. Twofish can be regarded as the successor to Blowfish e CAST CAST is also a very secure algorithm marginally slower than Blowfish but faster than 3DES e DES DES is an older encryption algorithm which is rated as weak due to its small effective length of 56 bits Hash algorithms Authentication e MD5 default value MD5 Message Digest 5 is an older hash algorithm It is used with a 96 bit digest length for IPSec e ALL All options can be used e SHA1 SHA1 Secure Hash Algorithm 1 is a hash algorithm developed by NSA United States National Security Associ ation It is rated as secure but is slower than MDS It is used with a 96 bit digest length for IPSec Note that RipeMD 160 and Tiger 192 are not available for mes sage hashing in phase 2 Use PFS Group As PFS Perfect Forward Secrecy requires another Diffie Hellman key calculation to create new encryption material you must select the exponentiation features If you enable PFS Enabled the options are the same as for the configuration of DH Group in the VPN gt IPSec gt Phase 1 Profiles menu PFS is 18 VPN Teldat GmbH Field Description used to protect the keys of a renewed phase 2 SA even if the keys of the phase 1 SA have become known The field has the following options e 1 768 Bit During the Diffie Hellman key calculation mod ular exponentiation at 768 bits is used to create the encryption material e 2 1024 Bit default value
59. You can enter individual host addresses or network addresses Direction Select whether the filter applies to the export or import of routes Possible values e Import default value e Export Metric Offset for Active Select the value to be added to the route metric if the status of Interfaces the interface is up During export the value is added to the ex ported metric if the interface status is up Possible values are 16 to 16 The default value is 0 Metric Offset for Inact Select the value to be added to the route metric if the status of ive Interfaces the interface is dormant During export the value is added to the exported metric if the interface status is dormant Possible values are 16 to 16 The default value is 0 15 Routing Protocols Teldat GmbH 15 1 3 RIP Options Global RIP Parameters RIP UDP Part Default Route Distribution Poisoned Reverse RFC 2453 Variable Timer RFC 2091 Variable Timer Timer for RIP V2 RFC 2453 Update Timer Route Timeout Garbage Collection Timer RIP Interfaces RIP Filter RIP Options 520 Enabled Enabled Enabled Enabled 30 Seconds 180 Seconds 120 Seconds OK Cancel Fig 100 Routing Protocols gt RIP gt RIP Options The menu Routing Protocols gt RIP gt RIP Options consists of the following fields Fields in the Global RIP Parameters menu Field Description RIP UDP Port Default Route D
60. addresses to be updated in the SAs without having to renegoti ate the SAs themselves The function is enabled by default Note that MobIKE requires a current IPSec client e g an up to date Windows 7 or Windows 8 client or the most recent ver sion of the Teldat IPSec client Proxy ARP Select whether your device is to respond to ARP requests from its own LAN on behalf of the specific connection partner Possible values e Inactive default value Deactivates Proxy ARP for this IPSec peer e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the IPSec peer is Up active or Dormant dormant In the case of Dormant your device only responds to the ARP request the connection is not set up until someone actually wants to use the route e Up only Your device responds to an ARP request only if the status of the connection to the IPSec peer is Up active i e a connection already exists to the IPSec peer IPSec Callback Teldat devices support the DynDNS service to enable hosts without fixed IP addresses to obtain a secure connection over the Internet This service enables a peer to be identified using a host name that can be resolved by DNS You do not need to configure the IP ad dress of the peer The DynDNS service does not signal whether a peer is actually online and cannot cause a peer to set up an Internet connection to enable an IPSec tunnel over the Internet This pos sibilit
61. bound on discard re s fuse interface meaning The logical interfaces REFUSE and IGNORE have the following REFUSE means if a route exists on this that packets from this interface are discarded and an ICMP Unreachable Reply is gen erated IGNORE means if a route exists on this that packets from this interface are discarded without comment If the option is activated routes connected to the two discard re fuse interfaces are saved by OSPF in its database If the option is deactivated these routes are ignored The function is disabled by default Dynamic LS Update Compression Only for RXL1250 RXL12100 Enable or disable the function The function is disabled by default 16 Multicast Teldat GmbH Chapter 16 Multicast What is multicasting Many new communication technologies are based on communication from one sender to several recipients Therefore modern telecommunication systems such as voice over IP or video and audio streaming e g IPTV or Webradio focus on reducing data traffic e g by offering TriplePlay voice video data Multicast is a cost effective solution for effective use of bandwidth because the sender of the data packet which can be received by several re cipients only needs to send the packet once The packet is sent to a virtual address defined as a multicast group Interested recipients log in to these groups Other areas of use One classic area in which multicast is used is for confe
62. e PAP CHAP MS CHAP Give priority to CHAP if refused use the authentication protocol requested by the PPTP partner MSCHAP version 1 or 2 possible e MS CHAPv2 default value Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option Encryption If necessary select the type of encryption that should be used for data traffic to the connection partner If Encryption is set the remote terminal must also support it otherwise a connection cannot be set up 18 VPN Teldat GmbH Field Description Possible values e None MPP encryption is not used e Enabled default value MPP encryption V2 with 128 bit is used to RFC 3078 e Windows compatible MPP encryption V2 with 128 bit is used as compatible with Microsoft and Cisco Compression If necessary select the type of encryption that should be used for data traffic to the connection partner If encryption is set the remote terminal must also support it otherwise a connection cannot be set up Possible values e None default value Encryption is not used ESTAS AMS SAS e MPPC Microsoft Point to Point Compression LCP Alive Check Select whether the availability of the remote terminal is to be checked by sending LCP echo requests or replies This is re commended for leased lines PPTP and L2TP connections The function is enabled with Enabled The function is enabled by default Fields in the IP Options
63. for the service specified under Service 0 is entered by de fault e Bounded Select whether the bandwidth defined in Band width can be exceeded in the longer term By activating this field you specify that it cannot be exceeded If the option is deactivated the bandwidth can be exceeded and the excess data rate is handled in accordance with the priority defined in the firewall policy The option is deactivated by default 19 1 3 Options In this menu you can disable or enable the firewall and can log its activities In addition you can define after how many seconds of inactivity a session shall be ended Filter Rules QoS Options Global Firewall Options Firewall Status i Enabled Logged Actions Al v Full Filtering v Enable Session Timer UDP Inactivity jiso Seconds TCP Inactivity 3500 Seconds PPTP Inactivity s6400 seconds Other Inactivity bo Seconds OK Cancel Fig 149 Firewall gt Policies gt Options The menu Firewall gt Policies gt Options consists of the following fields Fields in the Global Firewall Options menu 19 Firewall Teldat GmbH Field Description Firewall Status Enable or disable the firewall function The function is enabled with Enabled The function is enabled by default Logged Actions Select the firewall syslog level The messages are output together with messages from other subsystems Possible values e Ali default value All firewall activities are
64. green flashing Data traffic with 1 Gbps orange on The device is connected to the Ethernet at 100 mbps orange flashing Data traffic with 100 mbps greenand on The device is connected to the Ethernet at 10 orange mbps greenand flashing Data traffic with 10 mbps orange BRI 1 to 4 orange on D channel is active flashing At least one B channel is active PRI 1 to 2 orange on D channel is active flashing At least one B channel is active FXS 1t04 orange on Incoming call to terminal off The device is terminated or the connected could not be established DSL orange on DSL synchronisation successful The DSL con nection is active ADSL SHDSL VDSL flashing Data traffic via the DSL connection ADSL SHDSL VDSL 5 4 Connectors The network connection and the on off switch are located on the back of the device Fig 4 Mains connection All other connections are located on the front of the device bintec R1202 has a 4 port Ethernet switch a serial interface an ETH5 interface and an ISDN BRI interface The connections are arranged as follows a 0 MEDIR i Fig 5 Front of bintec R1202 Front of bintec R1202 1 CONSOLE Serial interface 2 POWER STATUS LED display for power and status 3 RESET Reset button 4 ETH5 Ethernet interface 5 ETH1 ETH4 10 100 1000 Base T Ethernet interface 6 BRI1 ISDN BRI interface 9 LED LED display
65. trusted ate without further checks during authentication The function is enabled with True The function is disabled by default 1 Caution It is extremely important for VPN security that the integrity of all certificates manually marked as trustworthy certification authority and user certificates is ensured The dis played fingerprints can be used to check this integrity Compare the displayed values with the fingerprints specified by the issuer of the certificate e g on the Internet It is sufficient to check one of the two values 10 6 1 2 Certificate Request Registration authority certificates in SCEP If SCEP Simple Certificate Enrollment Protocol is used your device also supports separ ate registration authority certificates Registration authority certificates are used by some Certificate Authorities CAs to handle certain tasks signature and encryption during SCEP communication with separate keys and to delegate the operation to separate registration authorities if applicable When a certificate is downloaded automatically i e if CA Certificate Download is selected all the certificates needed for the operation are loaded automatically If all the necessary certificates are already available in the system these can also be selec ted manually Select the Certificate Request button to request or import more certificates bintec Rxxx2 RTxxx2 Certificate List CRLs Certificate Servers Cert
66. 1 Items 1 1 OK Cancel Fig 80 Networking gt Routes gt Options The Networking gt Routes gt Optionsmenu consists of the following fields Teldat GmbH 14 Networking Fields in the Back Route Verify menu Field Description Mode Select how the interfaces to be activated for Back Route Verify are to be specified Possible values e Enable for all interfaces Back Route Verify is activ ated for all interfaces e Enable for specific interfaces default value A list of all interfaces is displayed in which Back Route Verify is only enabled for specific interfaces e Disable for all interfaces Back route verify is dis abled for all interfaces No Only for Mode Enable for specific interfaces Displays the serial number of the list entry Interface Only for Mode Enable for specific interfaces Displays the name of the interface Back Route Verify Only for Mode Enable for specific interfaces Select whether Back Route Verify is to be activated for the interface The function is enabled with Enabled By default the function is deactivated for all interfaces 14 2 NAT Network Address Translation NAT is a function on your device for defined conversion of source and destination addresses of IP packets If NAT is activated IP connections are still only allowed by default in one direction outgoing forward protective function Excep tions to the rule can be configured in NAT Configuration on page 19
67. 20 VoIP Teldat GmbH Field Description data packets are sent or received This value must be greater than the SIP Expire Time of the con nected SIP client SIP telephone terminal adapter etc The default value is 1800 Low Latency Trans Specify whether a mechanism should be used to minimise the mission transit time of VoIP data packets between two subscribers This guarantees good voice quality with high line load Note that low latency transmission only has to be enabled for calls that are not established via the connections configured in VoIP gt Media Gateway The function is activated by selecting Enabled The function is disabled by default 20 1 2 SIP Endpoints Shows the sessions that are currently being managed by ALG This includes static entries to make internal SIP servers proxies e g internal Asterisk serv er accessible from the WAN Internet by NAPT In addition internal SIP clients without re gistration can be made accessible using a static entry All active SIP sessions that have been initiated from internal SIP terminals are recognised dynamically and listed here These are only displayed for monitoring and administration and cannot be edited Note All automatically created entries that are not used for longer than 24 hours are auto matically deleted from the table 20 1 2 1 Edit or New Choose the New button to add static entries for SIP terminals in the LAN that are to be ac cessible by t
68. 25 5 5 Pin Assignments 1 1 2 a 29 5 5 1 Serial interface a o aoa a a ee 29 5 5 2 Ethernet interface o aoaaa aaa a a a a 29 5 5 3 ADSLinterlace s soe acs aa ae aaa AAA 30 5 5 4 SHDSLinteniace 2 a cake adoa is aw ed a a e Bad a A a 31 5 5 5 VDSE2 interface sce ae a AA a ae ad 32 5 5 6 ISDN PRl interface 2 2 o o 32 5 5 7 ISDN BRlinterface 2 2 o o 33 5 5 8 FXS interface 2 ee 34 5 6 WEEE information 2 oaa a a 35 bintec Rxxx2 RTxxx2 i Chapter 6 Variable switching of SO interfaces 37 6 1 Switching the SO interfaces from external to internal 37 Chapter 7 Basic configuration o o 41 71 RreSeuingSs i a lt 4 as na a as as ce ad he Ad 41 7 1 1 Preconfigured data a aoa a a a 41 7 1 2 Software update aoa oaoa a a a a a a 41 7 2 System requirements ooo a a 42 7 3 Preparation oao A AS RAE EE RASS 42 7 3 1 Gathering data sires ge a ee ee AL eo a4 42 73 2 ConfiguringaPC Sorin i o o en 44 74 Modify system password 2 a a 45 75 Setting up aninternetconnection 2 a a a ee ee 46 75 1 Internet connection over internal ADSL modem 46 75 2 Other internet connections 00 202 2 ee 47 75 3 Testing the configuration 2 o 47 76 Software Update lt cos a oa osoa ee 47 Chapter 8 Access and configuration ooo a 49 8 1 Access Options a ooa a a 49 8 1 1 Ac
69. 30 13 Muse built in VLAN ID f Advanced Settings Proy ARP DEnabled TCP MSS Clamping DEnabled OK Cancel Fig 57 LAN gt IP Configuration gt Interfaces gt j New The LAN gt IP Configuration gt Interfaces gt New menu consists of the following fields Fields in the Basic Parameters menu Field Description Based on Ethernet In This field is only displayed if you are editing a virtual routing in terface terface bintec Rxxx2 RTxxx2 Teldat GmbH 12 LAN Field Description Select the Ethernet interface for which the virtual interface is to be configured Address Mode Select how an IP address is assigned to the interface Possible values e Static default value The interface is assigned a static IP address in IP Address Netmask DHCP An IP address is assigned to the interface dynamically via DHCP IP Address Netmask Only for Address Mode Static With Add add a new address entry enter the IP Address and the corresponding Netmask of the virtual interface Interface Mode Only for physical interfaces in routing mode Select the configuration mode of the interface Possible values e Untagged default value The interface is not assigned for a specific purpose e Tagged VLAN This option only applies for routing inter faces You use this option to assign the interface to a VLAN This is done using the VLAN ID which is displayed in this mode and can be configured The defin
70. 47 to 24 kbps e DO GM Oo os 726 16 Compressed from 39 to 16 kbps DTMF Outband DTMF Outband First the system attempts to use RFC 2833 If the remote terminal does not use this stand ard SIP Info is used e T 38 Fax Allows the transmission of fax messages over data networks e SRTP SRTP is an encrypted variant of the Real Time Trans port Protocol RTP e Data RFC 4040 Enable the transport of 64 kbit s channel data in RTP packets By default G 711 uLaw G 711 aLawand G 729 are enabled The codecs actually used are the intersect of the codecs defined here and those signalled by the provider For outgoing calls any remaining codecs are dropped from the list that would require more than the available bandwidth Fields in the Voice Quality Settings menu Field Description Echo Cancellation Select whether echo cancellation should be used Echo cancellation is a technique to suppress echo feedback in voice communication on full duplex lines The function is enabled with Enabled The function is enabled by default Comfort Noise Genera Specify whether Comfort Noise Generation should be used tion CNG For digital voice transmission this function introduces a low Field Description level of background noise to avoid the impression that during pauses at the other end the connection is lost The function is enabled with Enabled The function is enabled by default Packet Size Specify how many
71. 5 Technical data Teldat GmbH Property bintec R3002 bintec R3502 bintec R3802 Ethernet interfaces RJ45 socket RJ45 socket RJ45 socket ISDN BRI interface RJ45 socket RJ45 socket RJ45 socket ADSL interface RJ45 socket VDSL2 interface RJ45 socket SHDSL interface RJ45 socket Standards amp Guidelines R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states SAFERNET TM Security Technology Community pass words PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Callback Ac cess Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Community pass words PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Callback Ac cess Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Community pass words PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Callback Ac cess Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Software supplied Dime Manager on DVD Dime Manager on DVD Dime Manager on DVD Documentation included Quick Install Guide and safety notices bintec Dime Manager User s Guide on DVD Installation poster Quick Install Guide and safety notices bintec Dime Ma
72. Always on Connection Idle Timeout IP Mode and Routes IP Address Mode Default Route Create NAT Policy Block after connection failure for Maximum Number of Dialup Retries Authentication DNS Negotiation Prioritize TCP ACK Packets PPTP Address Mode Local PPTP IP Address Remote PPTP IP Address LCP Alive Check PPPoE PPTP PPPoA ISDN AUX IP Pools Selectone e eessssss s tS ClEnablea 300 Seconds Ostatic Get IP Address M Enabled E Enabled Advanced Settings feo Seconds E PAP Y MEnabled Denabled Static fi 0 0 0 140 fi 0 0 0 138 MJEnabled L oK C cancel Fig 117 WAN gt Internet Dialup gt PPTP gt New The menu WAN gt Internet Dialup gt PPTP gt New consists of the following fields Fields in the Basic Parameters menu Field Description Description PPTP Ethernet Inter face Enter a name for uniquely identifying the internet connection The first character in this field must not be a number No special characters or umlauts must be used Select the IP interface over which packets are to be transported to the remote PPTP terminal If you want to use an external DSL modem select the Ethernet port to which the modem is connected bintec Rxxx2 RTxxx2 Teldat GmbH 17 WAN Field Description When using the internal DSL modem select here the EthoA in terface configured in Physical Interfaces gt ATM gt Profiles
73. Au thentication gt RADIUS configured RADIUS group Users Only for Role Server and Mode Local If your gateway is configured as an XAuth server the clients can be authenticated via a locally configured user list Define the members of the user group of this XAUTH profile here by 18 VPN Teldat GmbH Field Description entering the authentication name of the client Name and the authentication password Password Add new members with Add 18 1 5 IP Pools In the IP Pools menu a list of all IP pools for your configured IPSec connections is dis played If for an IPSec peer you have set IP Address Assignment IKE Config Mode Server you must define the IP pools here from which the IP addresses are assigned 18 1 5 1 Edit or New Choose the New button to set up new IP address pools Choose the 3 icon to edit exist ing entries IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Basic Parameters IP Pool Name IP Address Range Primary J DNS Server Secondary OK Cancel Fig 137 VPN gt IPSec IP Pools gt New Fields in the menu Basic Parameters Field Description IP Pool Name Enter any description to uniquely identify the IP pool IP Address Range Enter the first first field and last second field IP address of the IP address pool DNS Server Primary Enter the IP address of the DNS server that is to be used preferably by clients who draw an address from this pool Secondar
74. Autoconfiguration on Bootup is disabled and for Port ISDN Configuration Usage Dialup Euro ISDN or Q SIG Type Select the ISDN connection type Possible values e Point to Multipoint default value Point to multipoint connection e Point to Point Point to point ISDN access ISDN Switch Type Only for Port Usage Leased Line Select the ISDN protocol supplied by your provider Possible values e Leased Line B1 64S Leased line over B channel 1 64 kbps e Leased Line B1 B2 6452 Leased line over both B chan nels 128 kbps e Leased Line D B1 B2 TS02 Leased line over D channel and both B channels 144 kbps e Leased Line B1 B2 Different Endpoints Leased line to two different endpoints e Leased Line B1 D TSO01 Leased line over B channel 1 and D channel 80 kbps e Leased Line B2 D TSO01 Leased line over B channel 2 and D channel 80 kbps 11 Physical Interfaces Teldat GmbH Field Description e Leased Line B2 645S Leased line over B channel 2 64 kbps Call Number This parameter is exclusively used by Media Gateway Only for Port Usage Dialup Euro ISDN and ISDN Con figuration Type Point to Point Only for the devices RTxxx2 Enter the basic number of the Point to Point With incoming calls this basis call number is cut off by the called party number With outgoing calls this main number is attached to the number to be called calling party number The menu Advanced Settings consists of the fol
75. B telephone number This performance feature permits or suppresses the dis play of the called subscriber s telephone number If display of the B telephone number is suppressed your telephone number is not transmitted to the caller when you take a call Example You have set up call diversion to another terminal If this terminal has activ ated suppression of the B telephone number the calling party does not see a telephone number on the terminal display Glossary Combination device Conference call Configuration Man ager Configuration of the PBX with the PC Configuration of the PBX with the tele phone Connection of ana logue terminals Connection of ISDN terminals CRC CTI D channel Teldat GmbH If an analogue terminal connection of the PBX is set up as a multi functional port for combination devices all calls are received re gardless of the service In the case of trunk prefixes using codes the service ID Analogue Telephony or Telefax Group 3 can also be transmitted regardless of the configuration of the analogue con nection If O is dialled the service ID Analogue Telephony is also transmitted Performance feature of a PBX Several internal subscribers can telephone simultaneously Three party conferences are also pos sible with external subscribers Windows application similar to the Windows Explorer which uses SNMP commands to request and carry out the settings of your gate way
76. C to 40 C Relative atmospheric hu midity 10 to 90 non condensing in operation 5 to 95 non condensing when stored 10 to 90 non condensing in operation 5 to 95 non condensing when stored Room classification Only use in dry rooms Only use in dry rooms Available interfaces ADSL interface Internal ADSL2 modem for Annex A and Annex B VDSL2 interface In accordance with ITU G 993 2 5 Technical data Teldat GmbH Property bintec RT3002 bintec RT3502 supports Baud plan ISDN 998 Autodetection of VDSL profile Ethernet IEEE 802 3 LAN 4 port switch Permanently installed twisted pair only 10 100 1000 mbps auto sensing MDIX Permanently installed twisted pair only 10 100 1000 mbps auto sensing MDIX ETH5 Permanently installed twisted pair Permanently installed twisted pair only 10 100 1000 mbps auto only 10 100 1000 mbps auto sensing MDIX sensing MDIX ISDN BRI S0 Euro ISDN Euro ISDN point to multipoint point to point point to multipoint point to point connection connection TE or NT mode TE or NT mode Console RS232 Baudrates 1200 115200 Baud Baudrates 1200 115200 Baud Available sockets Serial interface V 24 5 pole mini USB socket 5 pole mini USB socket Ethernet interfaces RJ45 socket RJ45 socket ISDN BRI interface RJ45 socket RJ45 socket ADSL interface RJ45 socket
77. DHCP Enter the host name requested by the provider The maximum length of the entry is 45 characters Only for Address Mode DHCP Choose whether or not the BROADCAST bit is set in the DHCP requests for your device Some DHCP servers that assign IP addresses by UNICAST do not respond to DHCP requests with the set BROADCAST bit In this case it is necessary to send DHCP requests in which this bit is not set In this case disable this option The function is activated by selecting Enabled The function is enabled by default Select whether your device is to respond to ARP requests from its own LAN on behalf of defined remote terminals The function is activated by selecting Enabled Field Description The function is disabled by default TCP MSS Clamping Select whether your device is to apply MSS Clamping To pre vent IP packets fragmenting the MSS Maximum Segment Size is automatically decreased by the device to the value set here The function is activated by selecting Enabled The function is disabled by default Once enabled the default value 1350 is entered in the input field 12 2 VLAN By implementing VLAN segmentation in accordance with 802 1Q you can configure VLANs on your device The wireless ports of an access point in particular are able to re move the VLAN tag of a frame sent to the clients and to tag received frames with a pre defined VLAN ID This functionality makes an access point nothing less t
78. Datagram Datex J Day Night option Day Night Calendar DCE DCN DECT Default gateway Glossary A process for reducing the amount of data transmitted This enables higher throughput to be achieved in the same transmission time Ex amples of this technique include STAC VJHC and MPPC DLL A data packet is used for information transfer Each data packet contains a prescribed number of characters information and control characters The data transmission rate specifies the number of information units for each time interval transferred between sender and recipient A self contained data packet that is forwarded in the network with minimum protocol overhead and without an acknowledgement mechanism Abbreviation for Data Exchange Jedermann the T Online access platform Local dial in node in every local network Some German cities offer additional high speed access over T Net T Net ISDN If you want to transfer important calls made after office hours to your home office to an answering machine so that you are not disturbed you can use call assignment You can allocate each subscriber two different call allocations call assignment Day and call assignment Night With call assignments it is also possible to forward the call to an external subscriber so that you can be contacted at all times With call assignment Day Night therefore you define which internal terminals are to ring in the event of an external call Call ass
79. Description IP Address Netmask Enter the IP addresses IP Address and the corresponding netmasks Netmask of the ATM interface Add new entries with Add Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is enabled with Enabled The function is disabled by default Field in menu PPP over ATM Settings appears only for Type PPP over ATM Teldat GmbH 17 WAN Field Description Client Type Select whether the PPPoA connection is to be set up perman ently or on demand Possible values e On Demand default value The PPPoA is only set up on de mand e g for Internet access You ll find additional information on PPP over ATM under PPPoA on page 282 17 2 2 Service Categories In the WAN gt ATM gt Service Categories menu is displayed a list of already configured ATM connections PVC Permanent Virtual Circuit to which specific data traffic parameters were assigned Your device supports QoS Quality of Service for ATM interfaces Caution ATM QoS should only be used if your provider specifies a list of data traffic parameters traffic contract The configuration of ATM QoS requires extensive knowledge of ATM technology and the way the Teldat devices function An incorrect configuration can cause considerable disruption during operation If applicable save t
80. Description New Destination IP Ad Only for Type of traffic incoming Destination NAT dress Netmask New Destination Port New Source IP Ad dress Netmask New Source Port Enter the destination IP address to which the original source IP address is to be translated with corresponding netmask as the case arises Only for Type of traffic incoming Destination NAT Service user defined and Protocol TCP UDP TCP UDP Leave the destination port as it appears or enter the destination port to which the original destination port is to be translated Selecting Original leaves the original destination port If you disable Original an input field appears in which you can enter a new destination port Originalis active by default Only for Type of traffic outgoing Source NAT and NAT method symmetric Enter the source IP address to which the original source IP ad dress is to be translated with corresponding netmask as the case arises Only for Type of traffic incoming Destination NAT NAT method symmetrical Service user defined and Protocol TCP UDP TCP UDP Leave the source port as it appears or enter a new source port to which the original source port is to be translated Teldat GmbH 14 Networking Field Description Original leaves the original source port If you disable Ori ginal an input field appears in which you can enter a new source port Original is active by default 14 3 Load
81. Dialup Retries Usage Type Authentication DNS Negotiation Prioritize TCP ACK Packets LCP Alive Check Callback Mode Dial Numbers Entries IP Options Proxy ARP Mode PPPoE PPTP ISDN AUX IP Pools RARAS AAA arman DEnabled 600 Seconds O static O Provide IP Address Get IP Address MEnabled MeEnabled Advanced Settings fo Seconds 3 O standard Dialin onty Multi User Dialin only PAP v Enabled DEnabled Y Enabled Onone O Active O Passive Mode Number 4 Add O Inactive up or Dormant up only L oK D a Cancel Fig 120 WAN gt Internet Dialup gt AUX gt New The WAN gt Internet Dialup gt AUX gt New menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter a name for uniquely identifying the WAN partner The first character in this field must not be a number No special charac ters or umlauts must be used bintec Rxxx2 RTxxx2 Teldat GmbH 17 WAN Field Description User Name Password Always on Connection Idle Timeout Enter the user name Enter the password Select whether the interface should always be activated The function is enabled with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Only if Always on is disabled Enter the idle time in seconds for static short hold The stat
82. Enabled oK Cancel Fig 133 VPN gt IPSec gt Phase 1 Profiles gt New The menu VPN gt IPSec gt Phase 1 Profiles gt New consists of the following fields Fields in the Phase 1 IKE Parameters menu Field Description Description Proposals Enter a description that uniquely defines the type of rule In this field you can select any combination of encryption and message hash algorithms for IKE phase 1 on your device The combination of six encryption algorithms and four message hash algorithms gives 24 possible values in this field At least one proposal must exist Therefore the first line of the table can not be deactivated Encryption algorithms Encryption e 3DES default value 3DES is an extension of the DES al gorithm with an effective key length of 112 bits which is rated as secure lt is the slowest algorithm currently supported e Twofish Twofish was a final candidate for the AES Teldat GmbH Field Description Advanced Encryption Standard It is rated as just as secure as Rijndael AES but is slower Blowfish Blowfish is a very secure and fast algorithm Twofish can be regarded as the successor to Blowfish CAST CAST is also a very secure algorithm marginally slower than Blowfish but faster than 3DES DES DES is an older encryption algorithm which is rated as weak due to its small effective length of 56 bits AES Rijndael has been nominated as AES due to its fast key setup lo
83. Enter the first first field and last second field IP address of the IP address pool DNS Server Primary Enter the IP address of the DNS server that is to be used preferably by clients who draw an address from this pool Secondary Optionally enter the IP address of an alternative DNS server 18 4 GRE Generic Routing Encapsulation GRE is a network protocol that encapsulates other proto cols and transports them in the form of IP tunnels to the specified recipients The specification of the GRE protocol is available in two versions e GRE V 1 for use in PPTP connections RFC 2637 configuration in the PPTPmenu e GRE V 0 RFC 2784 for general encapsulation using GRE In this menu you can configure a virtual interface for using GRE V O The data traffic routed over this interface is then encapsulated using GRE and sent to the specified recipient 18 4 1 GRE Tunnels A list of all configured GRE tunnels is displayed in the VPN gt GRE gt GRE Tunnels menu 18 4 1 1 New Choose the New button to set up new GRE tunnels GRE Tunnels Basic Parameters Description Local GRE IP Address AA Remote GRE IP Address Default Route Enabled Local IP Address a Remote IP Address Netmask Metric Route Entries 1M CO Add _ _ MTU fisoo Use key Enabled 4 OK C Cancel Fig 145 VPN gt GRE gt GRE Tunnels gt New The VPN gt GRE gt GRE Tunnels gt Newmenu consists of the following fields Fields in the Basi
84. Filter RIP Options No Interface Direction IP Address Netmask Fiter Status New OK Cancel __ Fig 98 Routing Protocols gt RIP gt RIP Filter You can use the button to insert another filter above the list entry The configuration menu for creating a new window opens You can use the button to move the list entry A dialog box opens in which you can se lect the position to which the filter is to be moved 15 1 2 1 New Choose the New button to set up more RIP filters RIP Interfaces IP Options Basic Parameters Interface None Y IP Address Netmask wer gf Direction o O import O Export Metric Offset for Active Interfaces 0 i l Metric Offset for Inactive Interfaces a o a C OK Da Cancel Fig 99 Routing Protocols gt RIP gt RIP Filter gt New The menu Routing Protocols gt RIP gt RIP Filter gt New consists of the following fields Fields in the Basic Parameters menu bintec Rxxx2 RTxxx2 Teldat GmbH 15 Routing Protocols Field Description Interface Select the interface to which the rule to be configured applies IP Address Netmask Enter the IP address and netmask to which the rule is to be ap plied This address can be in the LAN or WAN The rules for incoming and outgoing RIP packets import or ex port for the same IP address must be separately configured
85. Firmware can be up dated by the user when a new software version is available firmware upgrade Describes the last part of a name on the Internet For www t com de the first level domain is de and in this case stands for Germany The flash key on a telephone is the R button R stands for Ruckfrage inquiry The key interrupts the line briefly to start certain functions such as inquiries via the PBX Performance feature of a PBX for diverting calls on the destination telephone Fragmentation Frame Frame relay Freecall FTP Full duplex Function keys G 991 1 G 991 2 G 992 1 G 992 1 Annex A G 992 1 Annex B G SHDSL Gateway Half duplex Handheld unit Hands free Process by which an IP datagram is divided into small parts in order to meet the requirements of a physical network The reverse pro cess is known as reassembly Unit of information sent via a data connection A packet switching method that contains smaller packets and fewer error checks than traditional packet switching methods such as X 25 Because of its properties frame relay is used for fast WAN connections with a high density of traffic Telephone number Previous service 0130 These telephone num bers have been switched to freecall 0800 since January 1 1998 File Transfer Protocol Operating mode in which both communication partners can commu nicate bidirectionally at the same time Keys on the telephone that can be assi
86. Forwarding Parameters menu Field Description Forward Select whether a host or domain is to be forwarded Possible values e Host default value e Domain Host Only for Forwarding Host Enter the name of the host to be forwarded The entry can also start with the wildcard e g teldat de If a name is entered without a full stop you complete with OK lt Default Domain gt is added Domain Only for Forwarding Domain Enter the name of the domain to be forwarded The entry can also start with the wildcard e g teldat de If a name is entered without a full stop you complete with OK lt Default Domain gt is added 21 Local Services Teldat GmbH Field Description Forward to Select the forwarding destination requests to the name defined in Host or Domain Possible values e Interface default value The request is forwarded to the defined Interface DNS Server The request is forwarded to the defined DNS Server Interface Only for Forward to Interface Select the interface via which the requests for the defined Do main are to be received and forwarded to the DNS server DNS Server Only for Forward to DNS Server Enter the IP address of the primary and secondary DNS server 21 1 5 Cache In the Local Services gt DNS gt Cachemenu a list of all available cache entries is dis played Global Settings DNS Servers Static Hosts Domain Forwarding Cache Statistics Automatic Refresh In
87. GHz and a pro file with 5 GHz are created by default the 2 4 GHz profile cannot be deleted For each wireless module profile you will see an entry with a parameter set Radio Profiles Configured Radio Modules Operation Band Wireless Mode 13 3 2 1 Edit or New Choose the icon to edit existing entries Select the New button in order to create new wireless module profiles bintec Rxxx2 RTxxx2 Slave Access Points Radio Profiles Wireless Networks VSS Radio Profile Definition Description a Operation Mode Access Point v Operation Band 2 4 GHz IniOutdoor Y Number of Spatial Streams ha Performance Settings Wireless Mode feo2ttbign F Max Transmission Rate to m Burst Mode DEnabled Airtime faimess MEnabled Advanced Settings Channel Plan All v Beacon Period 100 ms DTIM Period Booo RTS Threshold fay Short Guard Interval DEnabled Short Retry Limit A Long Retry Limit ff Fragmentation Threshold fae SS Bytes Cyclic Background Scanning C Enabled OK C Cancel Fig 66 Wireless LAN Controller gt Slave AP configuration gt Radio Profiles gt New The Wireless LAN Controller gt Slave AP configuration gt Radio Profiles gt New menu consists of the following fields Fields in the menu Radio Profile Definition Field Description Description Enter the desired description of the wireless module profile Operation Mode Define the mode in which the wireless module profile is to be op
88. Global Settings gt System The System Management gt Global Settings gt Systemmenu consists of the following fields Fields in the Basic Settings menu bintec Rxxx2 RTxxx2 10 System Management Teldat GmbH Field Value System Name Enter the system name of your device This is also used as the PPP host name A character string with a maximum of 255 characters is pos sible The device type is entered as the default value Location Enter the location of your device Contact Enter the relevant contact person Here you can enter the e mail address of the system administrator for example A character string with a maximum of 255 characters is pos sible The default value is TELDAT Maximum Number of Enter the maximum number of syslog messages that are stored Syslog Entries internally in the device Possible values are 0 to 1000 The default value is 50 You can display the stored messages in Monitoring gt Internal Log Maximum Message Select the priority of system messages above which a log Level of Syslog Entries should be created System messages are only recorded internally if they have a higher or identical priority to that indicated e all messages generated are recorded at Debug syslog level Possible values e Emergency Only messages with emergency priority are re corded e Alert Messages with emergency and alert priority are recor ded e Critical Messages with emergency alert and crit
89. Groups can be selected Teldat GmbH 19 Firewall Field Description Action Select the action to be applied to a filtered packet Possible values e Access default value The packets are forwarded on the basis of the entries e Deny The packets are rejected e Reject The packets are rejected An error message is is sued to the sender of the packet Apply QoS Only for Action Access Select whether you want to enable QoS for this policy with the priority selected in Priority The function is enabled with Enabled The option is deactivated by default If QoS is not activated for this policy bear in mind that the data cannot be prioritised on the sender side either A policy for which QoS has been enabled is also set for the fire wall Make sure therefore that data traffic that has not been ex pressly authorised if blocked by the firewall Priority Only for Apply QoS Enabled Select the priority with which the data specified by the policy is handled on the send side Possible values e None default value No priority e Low Latency Low Latency Transmission LTT i e hand ling of data with the lowest possible latency e g suitable for VoIP data e High e Medium e Low 19 Firewall Teldat GmbH 19 1 2 QoS More and more applications need increasingly larger bandwidths which are not always available Quality of Service QoS makes it possible to distribute the available bandwidths effectively a
90. IP route Source Interface Select the interface over which the data packets are to reach the device The default value is None New Source IP Ad Enter the IP address and netmask of the source host or source dress Netmask network Layer 4 Protocol Select a protocol Possible values ICMP IGMP TCP UDP GRE ESP AH OSPF PIM L2TP Any The default value is Any Source Port Only for Layer 4 Protocol TCP or UDP Enter the source port First select the port number range Possible values e Any default value The route is valid for all port numbers e Single Enables the entry of a port number e Range Enables the entry of a range of port numbers e Privileged Entry of privileged port numbers 0 1023 e Server Entry of server port numbers 5000 32767 e Clients 1 Entry of client port numbers 1024 4999 e Clients 2 Entry of client port numbers 32768 65535 e Not priviliged Entry of unprivileged port numbers 1024 65535 Enter the appropriate values for the individual port or start port of a range in Port and for a range the end port in to Port Destination Port Only for Layer 4 Protocol TCP or UDP Enter the destination port 14 Networking Teldat GmbH Field Description First select the port number range Possible values e Any default value The route is valid for all port numbers e Single Enables the entry of a port number e Range Enables the entry of a range of port
91. Import certificate Enter the URL of the server from which a certificate file is to be retrieved Local Certificate De scription For Command Type Certificate Management and Ac tion Import certificate Enter a description for the certificate under which to save it on the device Teldat GmbH 21 Local Services Field Description For Command Type Certificate Management and Ac tion Delete certificate Select the certificate to be deleted Password for protec ted Certificate Only for Command Type Certificate Management and Action Import certificate Select whether to use a secure certificate requiring a password and enter it into the entry field The function is disabled by default Overwrite similar certi ficate Only for Command Type Certificate Management and Action Import certificate Select whether to overwrite a certificate already present on the your device with the new one The function is disabled by default Write certificate in con figuration Only for Command Type Certificate Management and Action Import certificate Select whether to integrate the certificate in a configuration file and if so select the desired configuration file The function is disabled by default Certificate Request De Only for Command Type Certificate Management and scription Action SCEP Enter a description under which the SCEP certificate on your device is to be saved URL SCEP Server U
92. Interfaces i e edi hehe at bet oe We eee 481 21 8 3 Temperature 6 se 4 ee a a 482 21 8 4 Ping Generate tis on e Eo a a Tee Se cee MEJO 484 21 9 ISDN Theft Protection 2 2 e eo o 485 21 9 1 Options i gota Gok a a Beet a ey 485 21 10 UPNP ii oe ee A oe a ea ee a AA 487 21 10 1 Interfaces s 4 4 2 rr chants Mo ado dl ES Eo 488 21 10 2 General 2 2 2 a E a a A A i a aia 489 21 11 HotSpot Gateway aooaa a a a 490 21 11 1 HotSpot Gateway a ooa a a 491 21 11 2 ODIONS e 2 a le ba cd ee d Se a D de e e 495 21 12 BRRP r genat eat ai Men E AA ea ESA A A aay UA 496 21 12 1 Virt al Routers a eea e E a ae a ce ee an 497 21 12 2 VR Synchronisation ooa a a a 503 21 12 3 OPINAS 3 43 A AA A T Bs Ae 504 Chapter 22 Maintenance o e e eee 506 22 1 Diagnostics 0 tao td a ete a dede eg 506 22 1 1 Ping lest cx 24s 20 Ane as See A e E 506 22 1 2 DNS TESTA aie e a Be i See eh Tek ES 507 22 1 3 Traceroute Test sener seror a A es 507 22 2 Software amp Configuration 2 en 508 22 2 1 ODPtiONnS xr Soe ee a Se oe BP e a ee 508 X bintec Rxxx2 RTxxx2 bintec Rxxx2 RTxxx2 22 3 22 3 1 Chapter 23 23 1 23 1 1 23 2 23 2 1 23 2 2 23 3 23 3 1 23 3 2 23 4 23 4 1 23 4 2 23 5 23 5 1 Chapter 24 24 1 24 1 1 24 2 24 2 1 24 2 2 24 3 24 3 1 24 3 2 24 4 24 4 1 REDOOY Lama ae SRE ce nace ea aah RRR RY a Gat ra a 514 System Reboot 2 2
93. Internet or World Wide Web The external connections of larger PBXs can be grouped into bundles When an external call is initiated by the exchange code or in the event of automatic external line access a bundle released for this subscriber is used to establish the connection If a subscriber has authorisation for several bundles the connection is established using the first released bundle If one bundle is occupied the next released bundle is used If all the released bundles are occupied the subscriber hears the engaged tone A data transmission medium for use by all the devices connected to a network Data is forwarded over the entire bus and received by all devices on the bus Call to engaged team subscriber If one subscriber in a team has taken the receiver off the hook or is on the telephone you can de cide whether other calls are to be signalled for this team The setting for reaching a subscriber can be toggled between Standard and Busy On Busy In the basic configuration it is set to Standard If Busy on Busy is set for a team other callers hear the engaged tone Certificate Authority By allocating a calendar you switch between Day and Night call as Teldat GmbH Call allocation Call costs account Call diversion Call filter Call forwarding in the exchange Call forwarding in the PBX Glossary signment For each day of the week you can select any day night switching time A calendar has four switc
94. Jitter Control function is configured 17 4 1 1 New Click the New button to optimise voice transmission for other interfaces Teldat GmbH Basic Settings Interface Control Mode Maximum Upload Speed 17 WAN Controlled Interfaces None Controlled RTP Streams only 0 kbps OK Cancel Fig 128 WAN gt Real Time Jitter Control gt Controlled Interfaces gt New The menu WAN gt Real Time Jitter Control gt Controlled Interfaces gt New consists of the following fields Fields in the Basic Settings menu Field Description Interface Control Mode Maximum Upload Speed Define for which interfaces voice transmission is to be optim ised Select the mode for the optimisation Possible values e Controlled RTP Streams only default value By means of the data routed via the media gateway the system detects voice data traffic and optimises the voice transmis sion e All RTP Streams All RTP streams are optimised e Inactive Voice data transmission is not optimised e Always Voice data transmission is always optimised Enter the maximum available upstream bandwidth in kbp s for the selected interface 18 VPN Teldat GmbH Chapter 18 VPN A connection that uses the Internet as a transport medium but is not publicly accessible is referred to as a VPN Virtual Private Network Only authorised users have access to such a VPN which is seemingly also referred to as a VPN tunnel Normally the
95. New The Local Services gt BRRP gt Virtual Routers gt New menu consists of the following fields bintec Rxxx2 RTxxx2 21 Local Services Teldat GmbH Fields in the BRRP Advertisement Interface menu Field Description Ethernet Interface Choose the interface via which BRRP advertisement packets are sent and expected If you edit a Virtual Router the Ethernet interface is displayed and cannot be changed Please note The Ethernet interface for sending the advertise ments is always up and running and cannot therefore be used as the Virtual Router Interface IP Address Shows the IP address es of the interface via which BRRP ad vertisement packets are sent and expected Fields in the BRRP Monitored Interface menu Field Description Indicates on which physical interface the virtual interface is Virtual Router Interface based if a new virtual interface is created The name of the vir tual interface is assigned automatically when it is created Shows the name of the virtual interface if a virtual interface that has already been created is edited Virtual Router IP Ad Enter the IP address and the netmask of the virtual router Here dress enter the IP address that you want to use in the local network as the actual gateway IP address n Note To avoid problems in the LAN the IP Address for advert isements and the Virtual Router IP Address cannot origin ate from the same subnet Virtual Router ID Select the ID of t
96. Number of Spatial Streams Select how many traffic flows are to be used in parallel Possible values e 3 Three traffic flows are used e 2 Two traffic flows are used e 1 One traffic flow is used 13 Wireless LAN Controller Teldat GmbH Fields in the menu Performance Settings Field Description Wireless Mode Select the wireless technology that the access point is to use For Operation Band 2 4 GHz In Outdoor Possible values e 802 11g The device operates only in accordance with 802 11g 802 11b clients have no access e 802 11b Your device operates only in accordance with 802 11b and forces all clients to adapt to it e 802 11 mixed b g Your device adapts to the client technology and operates according to either 802 11b or 802 11g e 802 11 mixed long b g Your device adapts to the cli ent technology and operates according to either 802 11b or 802 11g Only a data rate of 1 and 2 mbps needs to be sup ported by all clients basic rates This mode is also needed for Centrino clients if connection problems occur e 802 11 mixed short b g Your device adapts to the client technology and operates according to either 802 11b or 802 11g The following applies for mixed short The data rates 5 5 and 11 mbps must be supported by all clients basic rates e 802 11b g n Your device operates according to either 802 11b 802 11g or 802 11n e 802 11g n Your device operates according to either 802 11g or 80
97. Only for Connection Type LAC Your device is dynamically assigned an IP address Default Route Only for IP Address Mode Get IP Address and Static Select whether the route to this connection partner is to be defined as the default route The function is enabled with Enabled The function is disabled by default Create NAT Policy Only for IP Address Mode Get IP Address and Static Specify whether Network Address Translation NAT is to be ac tivated for this connection The function is enabled with Enabled The function is disabled by default IP Assignment Pool Only for IP Address Mode Provide IP Address IPCP Select an IP pool configured in the WAN gt Internet Dialup gt IP Poolsmenu Local IP Address Only for IP Address Mode Static Enter the WAN IP address of your device Route Entries Only for IP Address Mode Static Enter Remote IP Address and Netmask of the LANs for L2TP partners and the corresponding Metric Add new entries with Add 18 VPN Teldat GmbH The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Block after connection Enter the wait time in seconds before the device should try failure for Authentication Encryption again after an attempt to set up a connection has failed The default value is 300 Select the authentication protocol for this L2TP partner Possible values PAP CHAP MS CHAP
98. Points Radio Profiles Wireless Networks VSS Access Point Settings Device WI2040n Location EAS Name jwizoaon oo Description LC CAPWAP Encryption MEnabled Radio Module1 Operation Mode Son Corr Active Radio Profile Selectone Channel No Profile Selected Used Channel 0 Transmit Power Max Y Profil MAC Address Assigned Wireless Network VSS n g SS Add 5 4 OK cancel Fig 64 Wireless LAN Controller gt Slave AP configuration gt Slave Access Points gt The data for wireless module 1 and wireless module 2 are displayed in the Wireless LAN Controller gt Slave AP configuration gt Slave Access Points gt menu if the correspond ing device has two wireless modules With devices featuring a single wireless module the data for wireless module 1 are displayed The menu consists of the following fields Fields in the Access Point Settings menu Field Description Device Displays the type of device for the AP Location Displays the locality of the AP The locations are given numbers if no location has been entered You can enter another locality bintec Rxxx2 RTxxx2 Teldat GmbH 13 Wireless LAN Controller Field Description Name Displays the name of the AP You can change the name Description Enter a unique description for the AP CAPWAP Encryption Select whether communication between the master and slaves is to be encrypted The function is activated by selecting Enabled The
99. Routing Domains using predefined passwords It is recommended that several areas are defined in larger networks If more than one area is configured one of these areas must possess the area ID 0 0 0 0 which defines the backbone area This must be the centre point of all areas i e all areas must be physically connected to the backbone area Occasionally gateways cannot be physically connected directly to the backbone area and virtual links must be set up The purpose of virtual links is to connect areas in which no physical connection to the back bone is possible and to maintain the connection of the backbone in case of a failure of the 0 0 0 0 area Summarizing is the term given to the consolidation of the various routes into a single ad vertisement summary link This is usually done by the ABR at the area borders Certain areas can be defined as stub areas in OSPF This prevents external networks e g those propagated from other protocols by redistribution in OSPF being propagated into the stub area Externally routing of such areas is propagated with a default route The configur ation of a stub area reduces the database size in the area and reduces the amount of stor age space needed on the gateways incorporated in the area 15 2 1 Areas OSPF areas must be defined before the gateway interface can be assigned to an area A list of all configured OSPF areas is displayed in the Routing Protocols OSPF Areas menu A
100. Server o 0 0 0 OK C Cancel __ Fig 177 Local Services gt DHCP Server gt DHCP Relay Settings The menu Local Services gt DHCP Server gt DHCP Relay Settings consists of the follow ing fields Fields in the Basic Parameters menu Field Description Primary DHCP Server Enter the IP address of a server to which BootP or DHCP re quests are to be forwarded Secondary DHCP Serv Enter the IP address of an alternative BootP or DHCP server er 21 5 Web Filter In theLocal Services gt Web Filter menu you can configure a URL based Web Filter ser vice which during operation accesses the Proventia Web Filter from the company Internet Security Systems www iss net and checks how a requested Internet page is categorised by the Proventia Web Filter The action resulting from the classification is configured on your device bintec Rxxx2 RTxxx2 21 5 1 General This menu contains the configuration of basic parameters for using the Proventia Web Fil ter Web Filter Options Web Filter Status Filtered Input Interface s Maximum Number of History Entries URL Path Depth Action if server not reachable Action if license not registered General Filter List Black White List History MEnabled Allow all O Block all O Log all Allow all Block all Log all License Information Licence Key B1 BT Activate 30 days demo licence Licence Status License valid until Not activa
101. Services gt BRRP gt Virtual Router gt New menu under BRRP Monitored Interface The watchdog daemon requests detailed information entered in the Virtual Routers Fields in the Synchronisation VR Interface menu Field Description Synchronisation Mode Indicates the mechanism with which virtual routers or interfaces are synchronised Possible values BRRP BRRP is used to synchronise the virtual router Virtual Router ID Select the ID of the virtual router to be synchronised Synchron ising the virtual router implicitly synchronises the virtual inter face associated with the virtual router 21 12 3 Options In the Local Services gt BRRP gt Options menu you can enable or disable the BRRP func tion Virtual Routers VR Synchronisation Options Basic Parameters Enable BRRP Enabled OK Cancel Fig 199 Local Services gt BRRP gt Options The Local Services gt BRRP gt Optionsmenu consists of the following fields Fields in the Basic Parameters menu Field Description Enable BRRP Enable or disable the BRRP function The function is enabled with Enabled The function is disabled by default bintec Rxxx2 RTxxx2 Chapter 22 Maintenance This menu provides you with numerous functions for maintaining your device It firstly provides a menu for testing availability within the network You can manage your system configuration files If more recent system software is available you can use this menu to in st
102. Severity Select the severity level which the string configured in the Matching String field must reach to trigger an e mail alert Possible values Emergency default value Alert Critical Error Warn ing Notice Information Debug Monitored Subsystems Select the subsystems to be monitored Add new subsystems with Add Message Timeout Enter how long the router must wait after a relevant event be fore it is forced to send the alert mail Possible values are 0 to 86400 The value 0 disables the timeout The default value is 60 Number of Messages Enter the number of syslog messages that must be reached be fore an E mail can be sent for this case If timeout is configured the mail is sent when this expires even if the number of mes sages has not been reached Possible values are 0 to 99 the default value is 1 Teldat GmbH 23 External Reporting 23 3 2 Alert Settings Alert Recipient Alert Settings Basic Parameters Alert Service Enabled Maximum E mails per Minute se Y E mail Parameters Sender E mail Address L r s C C CY SMTP Server SMTP Authentication Onone OESMTP SMTP after POP OK Cancel Fig 209 External Reporting gt Alert Service gt Alert Settings The menu External Reporting gt Alert Service gt Alert Settings consists of the following fields Fields in the Basic Parameters menu Field Description Alert Service Select whether the alert service is to be
103. Status MEnabled Trunk Mode off O client Server O gw trunk Registrar YS Outbound Proxy Realm Protocol UDP y Port 5060 User Name Authentication ID J Password A Registration Enabled Expire Time 600 Seconds Advanced Settings Codec Settings Codec Proposal Sequence Default Quality O Low Bandwidth High Bandwidth Mertuaw Moz alaw Mo729 Sort Order Oe726 32 Do726 24 Doz26 16 Dome outband Cl srte Cl Data RFC 4040 Echo Cancellation MEnabled Comfort Noise Generation CNG Menablea Packet Size fo ms C OK C Cancel_ Fig 158 VolP gt Media Gateway gt SIP Accounts gt New The VolP gt Media Gateway gt SIP Accounts gt New menu consists of the following fields Fields in the Basic Parameters menu bintec Rxxx2 RTxxx2 20 VoIP Teldat GmbH Field Description Description Enter the name of the SIP account Administrative Status Select whether the SIP account should be enabled or disabled The function is enabled with Enabled The function is enabled by default Trunk Mode Select whether and in which trunk mode the SIP account should be operated Trunk mode DDI Direct Dial In allows an incoming call to be assigned correctly to a terminal DDI For an outgoing call the caller can be indicated to the called party The setting that you can use depends on the provider Possible values e off default value Trunk mode is not used The SIP account has only one number
104. Teldat GmbH 6 Variable switching of SO interfaces Chapter 6 Variable switching of SO interfaces 6 1 Switching the SO interfaces from external to in ternal The devices bintec R4402 bintec RT1202 bintec RT3002 bintec RT3502 and bintec RT4202 have two or four BRI connections All BRI connections can be operated as internal or as external SO connections The external SO connections are used for connection to the network operator s ISDN network The internal SO connections are provided for connecting various ISDN terminals telephone PC etc In the ex works state the BRI connections are configured as external connections The two SO interfaces BRI 1 and BRI 2 can be switch from external ex works state to in ternal via a link plug field on the PCB for the device Additional interfaces BRI 3 and BRI 4 can be switched via the link plugs on the side of the ISDN L module If you use a SO interface as an internal connection you can specify for each interface whether or not the connection is powered via your device when the conncted terminal does not have its own power supply The respective link plugs must be moved to do this In addition you can switch the 100 Ohm terminators on off for each interface via additional link plugs You require terminators e if you connect an external connection directly with the external NTBA e for a point to point connection e if the bus starts directly with the connection of your device You can als
105. VPN 18 VPN Teldat GmbH Field Description ation or the hash algorithms is based on the author s knowledge and opinion at the time of creating this User Guide In particular the quality of the algorithms is subject to relative aspects and may change due to mathematical or cryptographic develop ments DH Group Only for Phase 1 IKE Parameters The Diffie Hellman group defines the parameter set used as the basis for the key calculation during phase 1 MODP as sup ported by Teldat devices stands for modular exponentiation Possible values e 1 768 Bit During the Diffie Hellman key calculation mod ular exponentiation at 768 bits is used to create the encryption material e 2 1024 Bit During the Diffie Hellman key calculation modular exponentiation at 1024 bits is used to create the en cryption material e 5 1536 Bit During the Diffie Hellman key calculation modular exponentiation at 1536 bits is used to create the en cryption material Lifetime Create a lifetime for phase 1 keys As for RFC 2407 the default value is eight hours which means the key must be renewed once eight hours have elapsed The following options are available for defining the Lifetime e Input in Seconds Enter the lifetime for phase 1 key in seconds The value can be a whole number from 0 to 2147483647 The default value is 14400 e Input in kBytes Enter the lifetime for phase 1 keys as amount of data processed in kBytes The v
106. Windows Start menu click Programs gt Accessories gt Communication gt HyperTerminal gt Device on COM1 or Device on COM2 if you use the COM2 port of your PC to start HyperTerminal 2 Press Return at least once after the HyperTerminal window opens A window with the login prompt appears You are now in the SNMP shell of your device You can now log in on your device and start the configuration Check If the login prompt does not appear after you press Return several times the connection to your device has not been set up successfully Therefore check the COM1 or COM2 settings on your PC 1 Click on File gt Properties 2 Click Configure in the Connect to tab The following settings are necessary Bits per second 9600 Data bits 8 Parity open Stopbits 1 Flow control open 3 Enter the values and click OK 4 Make the following settings in the Settings tab Emulation VT100 5 Click OK The changes to the terminal program settings do not take effect until you disconnect the connection to your device and then make the connection again If you use HyperTerminal there may be problems with displaying umlauts and other special characters If necessary therefore set HyperTerminal to Autodetection instead of VT 100 Unix You will require a terminal program such as cu on System V tip on BSD or minicom on Linux The settings for these programs correspond to those listed above Exampl
107. a Teldat gateway wish to deny all incoming FTP requests or only allow Telnet sessions between certain hosts Access filters in the gateway are based on the combination of filters and actions for filter rules rules and the linking of these rules to form rule chains They act on the incoming data packets to allow or deny access to the gateway for certain data A filter describes a certain part of the IP data traffic based on the source and or destination IP address netmask protocol and source and or destination port You use the rules that you set up in the access lists to tell the gateway what to do with the filtered data packets i e whether it should allow or deny them You can also define several rules which you arrange in the form of a chain to obtain a certain sequence There are various approaches for the definition of rules and rule chains Allow all packets that are not explicitly denied i e Deny all packets that match Filter 1 e Deny all packets that match Filter 2 e Allow the rest or Allow all packets that are explicitly allowed i e e Allow all packets that match Filter 1 e Allow all packets that match Filter 2 Deny the rest or Combination of the two possibilities described above A number of separate rule chains can be created The same filter can also be used in dif ferent rule chains You can also assign a rule chain individually to each interface N Caution Make sure you don t lock your
108. a queue If you add new queues you can also use classes in other class plans via the class ID 14 4 3 1 New Choose the New button to create additional prioritisations QoS Filter QoS Classification QoS Interfaces Policies Basic Parameters Interface eni 0 Prioritisation Algorithm Priority Queueing v Traffic shaping Enabled By creating a QoS policy a default entry with the lowest priority will be automatically generated Description Type Class ID Priority Bandwidth for Traffic Shaping Add Queues Policies oK Cancel Fig 88 Networking gt QoS gt QoS Interfaces Policies gt New The Networking gt 00S gt 00S Interfaces Policies gt New menu consists of the following fields Fields in the Basic Parameters menu Field Description Interface Select the interface for which QoS is to be configured Prioritisation Al Select the algorithm according to which the queues are to be gorithm processed This activates and deactivates QoS on the selected interface Possible values e Priority Queueing QoS is activated on the interface The available bandwidth is distributed strictly according to the queue priority e Weighted Round Robin QoS is activated on the interface The available bandwidth is distributed according to the weighting weight of the queue Exception High priority pack Teldat GmbH 14 Networking Field Description ets are always handled with priority e Weighted Fair Queueing Qo
109. accessible Domain Names 492 Additional Wire Pairs 142 Address Mode 146 307 Address Range 392 Address Type 392 Address List 392 Teldat GmbH Address Subnet 392 Addresses 392 Admin Status 211 250 Admin Status 541 Administration 152 Administrative Status 327 399 409 416 418 434 Administrative Access 89 ADSL Line Profile 141 ADSL Logic 510 Advertisement send interval 501 Airtime fairness 170 Alert Service 520 Alert Service 523 Alert Recipient 520 Alert Settings 523 Alert Service 520 Alive Check 100 347 352 Alive Check 532 All Multicast Groups 261 Allowed Addresses 180 Allowed HotSpot Client 494 Always on 272 278 283 288 296 865 372 Answer to client request 488 APN Access Point Name 120 Application Level Gateway 398 Apply QoS 385 Area 543 ArealD 248 250 Areas 248 ARP Lifetime 236 ARP Processing 175 As DHCP Server 433 As IPCP Server 433 Assert State 550 551 Assert Winner IP Address 550 551 Assigned Wireless Network VSS 165 Assistants 69 Associated Line 422 ATM 303 ATM Interface 142 ATM PVC 283 Teldat GmbH ATM Service Category 310 Attacked Access Point 185 Authentication 275 280 285 291 298 368 375 Authentication ID 404 409 Authentication Key 250 Authentication Method 327 342 Authentication Type 98 103 250 Authentication Method 532 Authentication for PPP Dialin 106 Autoconfiguration on Bootup 126 Autosave Mode 115
110. address pool If a client requires an IP address for the first time it sends a DHCP request with its MAC address to the available DHCP server as a network broadcast The client then receives its IP address from Teldat as part of a brief exchange You therefore do not need to allocate fixed IP addresses to PCs which reduces the amount of configuration work in your network To do this you set up a pool of IP ad dresses from which your device assigns IP addresses to hosts in the LAN for a defined period of time A DHCP server also transfers the addresses of the domain name server entered statically or by PPP negotiation DNS NetBIOS name server WINS and default gateway 21 4 1 IP Pool Configuration The Local Services gt DHCP Server IP Pool Configuration menu displays a list of all the configured IP pools This list is global and also displays pools configured in other menus 21 Local Services Teldat GmbH 21 4 1 1 Edit or New Choose the New button to set up new IP address pools Choose the Fay icon to edit exist ing entries IP Pool Configuration DHCP Configuration IP MAC Binding DHCP Relay Settings Basic Parameters IP Pool Name IP Address Range Primary J DNS Server Secondary OK Cancel Fig 174 Local Services gt DHCP Server IP Pool Configuration New Fields in the menu Basic Parameters Field Description IP Pool Name Enter any description to uniquely identify the IP pool IP Address Range Ente
111. and can display the information contained in them in various ways ac cording to the configuration Activate the Activity Monitor as follows e configure the relevant device s to be monitored 23 External Reporting Teldat GmbH e Start and configure the Windows application on your PC you can download BRICKware for Windows to your PC from the download area at www teldat de and from there import it to your device 23 5 1 Options Options Basic Parameters Monitored Interfaces None Physical Physical WANVPN Send information to AIlIP Addresses Broadcast Y Update Interval 5 Seconds UDP Destination Part 2107 Password seesceee OK Cancel Fig 212 External Reporting gt Activity Monitor gt Options The menu External Reporting gt Activity Monitor gt Options consists of the following fields Fields in the Basic Parameters menu Field Description Monitored Interfaces Select the type of information to be sent in the UDP packets to the Windows application Possible values None default value Deactivates the sending of information to the Activity Monitor e Physical Only information about the physical interfaces is sent e Physical WAN VPN Information about physical and virtual interfaces is sent Send information to Select where your device sends the UDP packets Possible values e All IP Addresses Broadcast default value The de fault value 255 255 255 255 means that the broadcast ad dress
112. approx 2 6 kg Memory 64 MB RAM 64 MB RAM 64 MB RAM 16 MB flash ROM 16 MB flash ROM 16 MB flash ROM LEDs 14 1x Power 1x 14 1x Power 1x 14 1x Power 1x Status 5x2 Ethernet 2x Function Status 5x2 Ethernet 2x Function Status 5x2 Ethernet 2x Function Power consumption of the device max 15 Watt nor mally 13 Watt max 15 Watt nor mally 13 Watt max 15 Watt nor mally 13 Watt Voltage supply Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Environmental requirements Storage temperature 25 C to 70 C 25 C to 70 C 25 C to 70 C Operating temperature 0 C to 40 C 0 C to 40 C 0 C to 40 C Relative atmospheric humidity 10 to 90 non condensing in opera tion 5 to 95 non condensing when stored 10 to 90 non condensing in opera tion 5 to 95 non condensing when stored 10 to 90 non condensing in opera tion 5 to 95 non condensing when stored Room classification Only use in dry rooms Only use in dry rooms Only use in dry rooms Available interfaces Teldat GmbH 5 Technical data Property bintec R3002 bintec R3502 bintec R38
113. be haviour Action Allowor Allow and Log e If you only create entries for those addresses that are to be allowed or logged it is not necessary to change the default behaviour all other calls are blocked 21 5 2 1 New Choose the New button to create additional filters General Filter List Black White List History Fitter Parameters Category Anonymous Proxies v Day Everyday v Schedule Start Stop Time From 00 00 to 23 59 Action Allow Allow and Log Block and Log OK Cancel Fig 179 Local Services gt Web Filter gt Filter List gt New The Local Services gt Web Filter gt Filter List gt Newmenu consists of the following fields Fields in the Filter Parameters menu 21 Local Services Teldat GmbH Field Description Category Select which category of addresses URLs the filter is to be used on The options are first the standard categories of the Proventia Web Filter default value Anonymous Proxies Actions can also be defined for the following special cases e g e Default behaviour This category applies to all Internet addresses e Other Category Some addresses are already known to the Proventia Web Filter but not yet classified The action as sociated with this category is used for such addresses e Unknown URL lf an address is not known to the Proventia Web Filter the action associated with this category is used Day Select the days on which the filter is to be active Possible se
114. be displayed Fields in the Physical Interfaces menu Field Value Interface Connection The physical interfaces are listed here and their most important Information Link settings are shown The system also displays whether the inter face is connected or active Interface specifics for Ethernet interfaces e IP address e Netmask e Not configured Interface specifics for ISDN interfaces e Configured e Not configured Interface specifics for xDSL interfaces e Downstream Upstream Line Speed Field Value Interface specifics for LTE connection e Current quality of the UMTS LTE connection Fields in the WAN Interfaces menu Field Value Description Connec All the WAN interfaces are listed here and their most important tion Information Link settings are shown The system also displays whether the inter face is active 10 2 Global Settings The basic system parameters are managed in the Global Settings menu 10 2 1 System Your device s basic system data are entered in the System Management gt Global Set tings gt System menu System Passwords Date andTime System Licences Basic Settings System Name ProductName Location 3 Contact TELDAT ss Maximurn Number of Syslog Entries po o Maximum Message Level of Syslog Entries information Maximum Number of Accounting Log Entries 20 Manual WLAN Controller IP Address PA LED mode Status w OK Cancel Fig 29 System Management gt
115. bintec RT1202 has a 4 port Ethernet switch a serial interface an ETH5 interface and two ISDN BRI interfaces The connections are arranged as follows bintec Rxxx2 RTxxx2 STATUS e CONSOLE ma POWER RESET Fig 6 Front of bintec RT1202 Front of bintec RT1202 1 CONSOLE Serial interface 2 POWER LED display for power and status STATUS 3 RESET Reset button 4 ETH5 Ethernet interface 5 ETH1 ETH4 10 100 1000 Base T Ethernet interface 6 BRI1 BRI2 ISDN BRI interface 9 LED LED display bintec R3002 bintec R3502 and bintec 3802 have a 4 port Ethernet switch a serial inter face an ETH5 interface and an ISDN BRI interface as well as a DSL interface The connections are arranged as follows o 005 ee 0 LILE Lp 1 23 4 5 5 6 8 9 Fig 7 Front of bintec R3002 Front of bintec R3002 bintec R3502 bintec R3802 1 CONSOLE Serial interface 2 POWER STATUS LED display for power and status 3 RESET Reset button 4 ETH5 Ethernet interface bintec Rxxx2 RTxxx2 5 ETH1 ETH4 10 100 1000 Base T Ethernet interface 6 BRI1 ISDN BRI interface 8 DSL DSL interface ADSL2 interface for bintec R3002 VDSL2 interface for bintec R3502 SHDSL interface for bintec R3802 9 LED LED display bintec RT3002 and bintec RT3502 have a 4 port Ethernet switch a serial in
116. by default Summary Only for Custom enabled Enter a subject name with attributes not offered in the list Example CN VPNServer DC mydomain DC com c DE Common Name Only for Custom disabled Enter the name according to CA E mail Only for Custom disabled Enter the e mail address according to CA Organizational Unit Only for Custom disabled Enter the organisational unit according to CA Organization Only for Custom disabled Enter the organisation according to CA Locality Only for Custom disabled Enter the location according to CA State Province Only for Custom disabled Enter the state province according to CA Country Only for Custom disabled Enter the country according to CA The menu Advanced Settings consists of the following fields Fields in the Subject Alternative Names menu Teldat GmbH 10 System Management Field Description 1 2 3 For each entry define the type of name and enter additional subject names Possible values e None default value No additional name is entered e TP An IP address is entered e DNS A DNS name is entered e E mail An e mail address is entered e URT A uniform resource identifier is entered e DN A distinguished name DN name is entered e RID A registered identity RID is entered Fields in the Options menu Field Description Autosave Mode Select whether your device automatically stores the various steps of the enrolment
117. can launch an update of the system software the ADSL logic and the BOOTmonitor 22 Maintenance Teldat GmbH Field Description e Export configuration The configuration file Current File Name in Flash is transferred to your local host If you click the Go button a dialog box is displayed in which you can select the storage location on your PC and enter the de sired file name e Export configuration with state information The active configuration from the RAM is transferred to your local host If you click the Go button a dialog box is dis played in which you can select the storage location on your PC and enter the desired file name e Restore backup Only if under Save configuration with the setting Save configuration and back up previ ous boot configuration the current configuration was saved as boot configuration and the previous boot configura tion was also archived You can load back the archived boot configuration e Copy configuration The configuration file in the Source File Name field is saved asDestination File Name e Rename configuration The configuration file in the Se lect file field is renamed to New File Name e Delete configuration The configuration in the Select file field is deleted e Delete software firmware The file in the Select file field is deleted Configuration Encryp Only for Action Import configuration Export con tion figuration Export configuration with state in formatio
118. can modify DHCP packets which pass through the DHCP drop in group and identify itself as an available DNS server Possible values e Unchanged default value e Own IP Address Exclude from NAT Here you can take data traffic from NAT DMZ Use this function to for example ensure that certain web serv ers in a DMZ can be accessed The function is enabled with Enabled Field Description The function is disabled by default Interface Selection Select all the ports which are to be included in the Drop In group in the network Add new entries with Add bintec Rxxx2 RTxxx2 Chapter 15 Routing Protocols 15 1 RIP The entries in the routing table can be defined statically or the routing table can be updated constantly by dynamic exchange of routing information between several devices This ex change is controlled by a Routing Protocol e g RIP Routing Information Protocol By de fault about every 30 seconds this value can be changed in Update Timer a device sends messages to remote networks using information from its own current routing table The complete routing table is always exchanged in this process If triggered RIP is used in formation is only exchanged if the routing information has changed In this case only the changed information is sent Observing the information sent by other devices enables new routes and shorter paths for existing routes to be saved in the routing table As routes between netw
119. carried out before the transactions for IKE Config Mode 18 1 4 1 New Choose the New button to create additional profiles IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Basic Parameters Description Role Server Y Mode radius Y RADIUS Server Group ID No Radius Server configured for XAUTH oK Cancel Fig 136 VPN gt IPSec gt XAUTH Profiles gt New Teldat GmbH 18 VPN The VPN gt IPSec gt XAUTH Profiles gt New menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter a description for this XAuth profile Role Select the role of the gateway for XAuth authentication Possible values e Server default value The gateway requires a proof of au thorisation e Client The gateway provides proof of authorisation Mode Only for Role Server Select how authentication is carried out Possible values e RADIUS default value Authentication is carried out via a Ra dius server It is configured in the System Management gt Re mote Authentication gt RADIUSmenu and selected in the RADIUS Server Group ID field e Local Authentication is carried out via a local list Name Only for Role Client Enter the authentication name of the client Password Only for Role Client Enter the authentication password RADIUS Server Group Only for Role Server ID Select the desired list in System Management gt Remote
120. cause inconsistencies or malfunctions Therefore it is recommended that the configuration is continued with the Setup Tool 8 3 1 3 GUI menus The configuration options of your device are contained in the sub menus which are dis played in the navigation bar in the left hand part of the window Note Please note that not all devices have the full range of functions Check the software of your device on the corresponding product page under www teldat de 8 3 2 SNMP shell SNMP Simple Network Management Protocol is a protocol that defines how you can ac cess the configuration settings All configuration settings are stored in the MIB Management Information Base in the form of MIB tables and MIB variables You can access these directly from the SNMP shell via SNMP commands This type of configuration requires a detailed knowledge of our devices 8 4 BOOTmonitor The BOOTmonitor is only available over a serial connection to the device The BOOTmonitor provides the following functions which you select by entering the cor responding number 1 Boot System reboot the system The device loads the compressed boot file from the flash memory to the working memory This happens automatically on starting Teldat GmbH 8 Access and configuration 2 Software Update via TFTP The devices performs a software update via a TFTP server 3 Software Update via XMODEM The device performs a software update via a serial interface
121. channel to be used and signals this to the exchange You can normally use the default value It is only necessary to change the setting in a few special cases If you encounter problems with outgoing calls ask your provider whether a special value has to be set Clock Mode Only if Port Usage Back to Back dialup Defines which connection partner sends the clock signal for synchronization between the sender and the recipient If the clock signal is not sent by the exchange itself one of the con nection partners must sent the signal Possible values e Extern The device receives the clock signal e Internal The device sends the clock signal ISDN Switch Type Only if Port Usage Leased LineSelect the ISDN connection type Possible values e Leased Line Custom Time Slots Up to 31 PPP in terfaces can be configured for leased lines to different destin ations e Leased Line 1 Hyperchannel G 703 G 704 1984 kbps structured e Leased Line Unstructured G 703 2048 kbps unstruc tured Custom Time Slots Only if Port Usage Leased Line and ISDN Switch Type Leased Line Custom Time Slots You have the option to bundle any channels on the physical lay Teldat GmbH 11 Physical Interfaces Field Description er as so called hyper channels You can also group together channels as PPP multilink channel bundles Timeslots divide the available 2 Mbps bandwidth of an S2M connection into logical channels
122. client mode routes can still be configured for data traffic via that interface The set tings received from the DHCP server are then copied along with those configured here to the active routing table This en ables e g in the case of dynamically changing gateway ad dresses particular routes to be maintained or routes with differ ent metrics i e of differing priority to be specified However if the DHCP server sends static routes the settings configured here are not copied to the routing e Default Route Template per DHCP The routing in formation is taken entirely from the DHCP server Only ad vanced parameters can be additionally configured This route remains unchanged by other routes created for this interface and is copied to the routing table in parallel with them e Host Route Template per DHCP The settings received by DHCP are supplemented by routing information about a particular host e Network Route Template per DHCP The settings re ceived by DHCP are supplemented by routing information about a particular network Note gt When the DHCP lease expires or when the device is re started the routes that consist from the combination of DH CP settings and those made here are initially deleted once more from the active routing If the DHCP is reconfigured they are re generated and re activated 14 Networking Teldat GmbH Field Description Route Class Select the type of Route Class Possibl
123. configuration Once you have completed the configuration of your device you can test the connection in your LAN and to the Internet Carry out the following steps to test your device 1 Test the connection to your device Click Run in the Start menu and enter ping fol lowed by a space and the IP address of your system e g 192 168 0 254 A win dow appears with the response Reply from 2 Test the internet access by entering www teldat de in the internet browser Teldat GmbH s Internet site offers you the latest news updates and documentation Note Incorrect configuration of the devices in your LAN may result in unwanted connections and increased charges Monitor your device and make sure it only sets up connections at the times you want it to Watch the LEDs on your device LED for ISDN ADSL and the Ethernet interface to which you have connected one or more WANs 7 6 Software Update The range of functions of Teldat devices is continuously being extended These extensions are made available to you by Teldat GmbH free of charge Checking for new software ver sions and the installation of updates can be carried out easily with the GUI An existing in ternet connection is needed for an automatic update Proceed as follows 1 Go to the Maintenance gt Software Configuration menu 2 Select under Action Update system softwareand under Source Location Cur rent Software from Teldat Server 3 Confirm with Go
124. configured list entry cancel Cancel E this and any settings made by pressing Cancel gt OK Confirms the settings of a new entry and the parameter A changes in a list Go Immediately starts the configured action New Calls the sub menu to create a new entry Add Inserts an entry in an internal list GUI buttons for special functions Button Position In the System Management gt Certificates gt Certificate List Import a menu and the System Management gt Certificates gt CRLs menu this button activates the sub menus for configuration of the certificate or CRL imports Request In the System Management gt Certificates gt Certificate List menu this button activates the sub menu for the configuration of the certificate request In the Monitoring gt ISDN Modem gt Current Calls menu press ing this button ends the active calls selected in the column Release Call Various icons indicate the following possible actions or statuses GUI Icons Symbol Position Deletes the list entry it ra Displays the menu for changing the settings of an entry Displays the details for an entry Moves an entry A combo box opens in which you can choose the list entry that selected entry is to be placed in front of after menu Sets the status of the entry to Inactive E Creates another list entry first and opens the configuration Sets the status of the entry to Active Teldat GmbH 8 Access and configuration Sy
125. connection inquiry brokering telephone num ber transmission In the special features connection three multiple subscriber numbers are included as standard If you want to make a business call late in the evening from your private sphere say the living room for example you can define your business telephone number as the outgoing multiple subscriber number MSN for this call The advantages of this are that the costs for the connection are recorded for the selected MSN and the per son you are calling can identify you by the transferred MSN Before you call an external number you can define which of your telephone numbers is to be sent to the exchange and called party You make the selection using the telephone number index A speeddial index 000 299 can be assigned to each of the 300 telephone numbers in the telephone book You then dial this speed dial index instead of the long telephone number Note that telephone numbers dialled using the speeddial function must also comply with the dialrule Service Profile Identifier The splitter separates data and voice signals on the DSL connec tion Glossary Teldat GmbH Spoofing Technique for reducing data traffic and thus saving costs espe cially in WANs SSID The Service Set Identifier SSID or Network Name refers to the wireless network code based on IEEE 802 11 SSL Secure Sockets Layer A technology now standard developed by Netscape which is generally used to sec
126. default value Primarily run CHAP on denial the authentication protocol required by the PPTP part ner MSCHAP version 1 or 2 possible e PAP Only run PAP PPP Password Authentication Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 password is transferred en crypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option If necessary select the type of encryption that should be used for data traffic to the L2TP partner This is only possible if STAC or MS STAC compression is not activated for the connection If Encryption is set the remote terminal must also support it oth erwise a connection cannot be set up Possible values e None MPP encryption is not used Enabled default value MPP encryption V2 with 128 bit is used to RFC 3078 e Windows compatible MPP encryption V2 with 128 bit is used as compatible with Microsoft and Cisco Teldat GmbH 18 VPN Field Description Compression If necessary select the type of encryption that should be used for data traffic to the connection partner If encryption is set the remote terminal must also support it otherwise a connection cannot be set up Possi
127. device should try failure for again after an attempt to set up a connection has failed The de fault value is 60 Maximum Number of Enter the number of unsuccessful attempts to setup a connec Dialup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Authentication Select the authentication protocol for this Internet connection Select the authentication specified by your provider Possible values e PAP default value Only run PAP PPP Password Authentic ation Protocol the password is transferred unencrypted 17 WAN Teldat GmbH Field Description DNS Negotiation Prioritize TCP ACK Packets LCP Alive Check 17 1 4 ISDN e CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 password is transferred en crypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e PAP CHAP MS CHAP Primarily run CHAP on denial then the authentication protocol required by the connection partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server from the connection partner or sends these to the connection partner The function is enable
128. displayed e Deny Only reject and deny events are shown see Action e Accept Only accept events are shown e None Syslog messages are not generated Full Filtering Here you define whether packets are only to be filtered if they are sent to an interface other than the interface that created the connection With Enable all the packets are filtered default value Fields in the Session Timer menu Field Description UDP Inactivity Enter the inactivity time after which a UDP session is to be re garded as expired in seconds Possible values are 30 to 86400 The default value is 180 TCP Inactivity Enter the inactivity time after which a TCP session is to be re garded as expired in seconds Possible values are 30 to 86400 The default value is 3600 PPTP Inactivity Enter the inactivity time after which a PPTP session is to be re garded as expired in seconds Possible values are 30 to 86400 Field Description The default value is 86400 Other Inactivity Enter the inactivity time after which a session of another type is to be regarded as expired in seconds Possible values are 30to 86400 The default value is 30 19 2 Interfaces 19 2 1 Groups A list of all configured interface routes is displayed in the Firewall gt Interfaces gt Groups menu You can group together the interfaces of your device This makes it easier to configure fire wall rules 19 2 1 1 New Choose the New button t
129. dress defined in the pimStarGAddressType object Source IP Address Displays the source IP address InetAddressType is defined in the pimStarGAddress Type object Reverse Indicates the address type of the RPF Next Hop to the RP or Path Forwarding RPF unknown 0 if the RPF Next Hop is not known Uptime Indicates the timespan since the entry was generated by the local router Upstream Override Indicates the remaining time until the local router sends out the Timer next Triggered S G rpt Join message on pimSGRPFlfIndex In the PIM SM specification this timer is named S G rpt Up stream Override Join Timer If the timer is deactivated it has the value 0 24 9 3 Interface Specific States The menu Monitoring PIM Interface Specific States includes interface specific status information 24 Monitoring View All G States View 20 per page Multicast Group Address Page 1 S G States View 20 per page Multicast Group Address Page 1 5 6 Rpt States Teldat GmbH Global Status Not Interface Specific Status Interface Specific States Fitter in None Y equal v Go Interface Join Prune State Uptime Expiry Timer Assert State Assert Winner IP Address Fitter in None equal v Go Source IP Address Interface Join Prune State Uptime Expiry Timer Assert State Assert Winner IP Address View 20 per page Fitter in None v equal v Go Multicast Group Address Source IP Address Interface Uptime Join Pr
130. e Netmask Netmask for Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route range of values 0 15 The default value is 7 IP Assignment Pool Only if IP Address Mode Provide IP Address Select IP pools configured in the WAN gt Internet Dialup gt IP Poolsmenu If an IP pool has not been configured here yet the message Not yet defined appears in this field The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Block after connection failure for Enter the wait time in seconds before the device should try again after an attempt to set up a connection has failed The default value is 50 Maximum Number of Dialup Retries Enter the number of unsuccessful attempts to setup a connec tion before the interface is blocked Teldat GmbH 17 WAN Field Description Possible values are 0 to 100 The default value is 5 Usage Type If necessary select a special interface use Possible values e Standard default value No special type is selected e Dialin only The interface is used for incoming dialup con nections and callbacks initiated externally e Multi User Dialin only The interface is defined as multi user connection partner e several clients dial in with the same user name and password Authentication Select the authentication protocol for
131. endpoints of the VCC or VPC Possible values e passive default value OAM CC requests are responded to after CC negotiation CC activation negotiation e Active OAM CC requests are sent after CC negotiation CC activation negotiation e Both OAM CC requests are sent and answered after CC ne gotiation CC activation negotiation e No negotiation Depending on the setting in the Direction field OAM CC requests are either sent and or responded to There is no CC negotiation e Passive The function is disabled Teldat GmbH 17 WAN Field Description Also select whether the test cells of the OAM CC are to be sent or received Possible values e Both default value CC data is both received and generated e Sink CC data is received e Source CC data is generated Continuity Check CC Select whether you want to activate the OAM CC test for the Segment segment connection segment connection of the local end point to the next connection point of the VCC or VPC Possible values e Passive default value OAM CC requests are responded to after CC negotiation CC activation negotiation e Active OAM CC requests are sent after CC negotiation CC activation negotiation e Both OAM CC requests are sent and answered after CC ne gotiation CC activation negotiation e No negotiation Depending on the setting in the Direction field OAM CC requests are either sent and or responded to There is no CC negoti
132. for extra licences via the online licensing pages in the sup port section at www teldat de Please follow the online licensing instructions Please also note the information on the licence card for licences at additional cost You will then re ceive an e mail containing the following data e Licence Key and e Licence Serial Number You enter this data in the System Management gt Global Settings gt System Licences gt New menu In the System Management gt Global Settings gt System Licences gt New menu a list of all registered licences is displayed Description Licence Type Licence Serial Number Status Possible values for Status Teldat GmbH 10 System Management Licence Meaning OK Subsystem is activated Not OK Subsystem is not activated Not supported You have entered a licence for a subsystem your device does not support In addition above the list is shown the System Licence ID required for online licensing Note To restore the standard licences for a device click the Default Licences button standard licences 10 2 4 1 Edit or New Choose the 3 icon to edit existing entries Choose the New button to enter more licences System Passwords Date and Time System Licences Basic Settings Licence Serial Number Licence Key OK Cancel Fig 32 System Management gt Global Settings gt System Licences gt New Activating extra licences You activate extra licences by adding the received licence
133. for internal con BRI 3 J2P Off On nection Power supply for internal con BRI 4 J3P Off On nection 100 Ohm terminator BRI 3 J2T Off On 100 Ohm terminator BRI 4 J3T Off On Connection of BRI 3 and BRI 4 J2 3 Off On E o o bintec Rxxx2 RTxxx2 Chapter 7 Basic configuration You configure your device using the GUI Graphical User Interface The way to obtain the basic configuration is explained below step by step Detailed know ledge of networks is not necessary A detailed online help system gives you extra support The Companion DVD also supplied includes all the tools that you need for the configura tion and management of your device 7 1 Presettings 7 1 1 Preconfigured data Your device is shipped with a pre defined IP configuration e IP Address 192 168 0 254 e Netmask 255 255 255 0 Use the following access data to configure your device in an ex works state e User Name admin e Password admin Note All Teldat devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthor ised use Make sure you change the passwords to prevent unauthorised access to your device How to change the passwords is described in Modify system password on page 45 7 1 2 Software update Your device contains the version of the system software available at the time of production More recent versions may have since been released You can easil
134. function is enabled by default You can override the encryption in order to view the communic ation for debugging purposes Fields in the Wireless module1 or in the Wireless module 2 menu Field Description Operation Mode Displays the mode in which the wireless module is to be oper ated You can change the mode Possible values e On default value The wireless module is used as an access point in your network e off The wireless module is not active Active Radio Profile Displays the wireless module profile that is currently selected You can select another wireless module profile from the list if more than one wireless module profile are being set up Channel Displays the channel that is assigned You can select another channel The number of channels you can select depends on the country setting Please consult the data sheet for your device Access Point mode Configuring the network name SSID in Access Point mode means that wireless networks can be logically separated from each other but they can still physically interfere with each other if they are operating on the same or closely adjacent wireless channels So if you are operating two or more radio networks close to each other it is advisable to allocate the networks to 13 Wireless LAN Controller Teldat GmbH Field Description different channels Each of these should be spaced at least four channels apart as a network also partially occupies the adja c
135. gt SNMP Trap Options menu you can configure the sending of traps SNMP Trap Options SNMP Trap Hosts Basic Parameters SNMP Trap Broadcasting Enabled SNMP Trap UDP Port 162 SNMP Trap Community snmp Trap OK Cancel Fig 210 External Reporting gt SNMP gt SNMP Trap Options The menu External Reporting gt SNMP gt SNMP Trap Options consists of the following fields Fields in the Basic Parameters menu Field Description SNMP Trap Broadcast Select whether the transfer of SNMP traps is to be activated 23 External Reporting Teldat GmbH Field Description ing Your device then sends SNMP traps to the LAN s broadcast ad dress The function is activated by selecting Enabled The function is disabled by default SNMP Trap UDP Port Only if SNMP Trap Broadcasting is enabled Enter the number of the UDP port to which your device is to send SNMP traps Any whole number is possible The default value is 162 SNMP Trap Com Only if SNMP Trap Broadcasting is enabled munity Enter a new SNMP code This must be sent by the SNMP Man ager with every SNMP request so that this is accepted by your device A character string of between 0 and 255 characters is possible The default value is SNMP Trap 23 4 2 SNMP Trap Hosts In this menu you specify the IP addresses to which your device is to send the SNMP traps In the External Reporting gt SNMP gt SNMP Trap Hosts menu a list of all configured SN M
136. gt VLANs gt New menu consists of the following fields Fields in the Configure VLAN menu Field Description VLAN Identifier Enter the number that identifies the VLAN In the y menu you can no longer change this value Possible values are 1 to 4094 VLAN Name Enter a unique name for the VLAN A character string of up to 32 characters is possible VLAN Members Select the ports that are to belong to this VLAN You can use the Add button to add members For each entry also select whether the frames to be transmitted from this port are to be transmitted Tagged i e with VLAN in formation or Untagged i e without VLAN information 12 LAN Teldat GmbH 12 2 2 Port Configuration In this menu you can define and view the rules for receiving frames at the VLAN ports VLANs Port Configuration Administration View 20 per page Fitter in None v equal v Go Interface PYID Drop untagged frames Drop non members ent 4 1 Management Page 1 items 1 1 OK Cancel Fig 60 LAN gt VLANs gt Port Configuration The LAN gt VLANs gt Port Configurationmenu consists of the following fields Fields in the Port Configuration menu Field Description Interface Shows the port for which you define the PVID and processing rules PVID Assign the selected port the required PVID Port VLAN Identifi er If a packet without a VLAN tag reaches this port it is assigned this PVID Drop untagged frame
137. have a data size of between Min queue size and Max queue size are preventively dropped to prevent queue overflow RED Random Early Detection This proced ure ensures a smaller long term queue size for TCP based data traffic so that traffic bursts can also usually be transmitted without large packet losses The function is activated with Enabled The function is disabled by default Min queue size Enter the lower threshold value for the process prevention of data congestion RED in bytes Possible values are 0 to 262143 The default value is 0 Max queue size Enter the upper threshold value for the process prevention of data congestion RED in bytes Possible values are 0 to 262143 The default value is 16384 14 5 Access Rules Accesses to data and functions are restricted with access lists which user gets to use which services and files You define filters for IP packets in order to allow or block access from or to the various hosts in connected networks This enables you to prevent undesired connections being set up via the gateway Access lists define the type of IP traffic the gateway is to accept or deny The access decision is based on information contained in the IP packets e g Teldat GmbH 14 Networking e source and or destination IP address e packet protocol e source and or destination port port ranges are supported Access lists are an effective means if for example sites with LANs interconnected over
138. i e several clients dial in with the same user name and password Authentication Select the authentication protocol for this PPTP partner Possible values e PAP default value Only run PAP PPP Password Authentic ation Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 password is transferred en crypted 17 WAN Teldat GmbH Field Description e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e PAP CHAP MS CHAP Primarily run CHAP on denial then the authentication protocol required by the connection partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option Encryption Only for Authentication MS CHAPvV2 If necessary select the type of encryption that should be used for data traffic to the connection partner This is only possible if STAC or MS STAC compression is not activated for the con nection If Encryption is set the remote terminal must also sup port it otherwise a connection cannot be set up Possible values e None default value MPP encryption is not used e Enabled MPP encryption V2 with 128 bit is used to RFC 3078 e Windows compatible MPP encryption V2 with 128 bit is used as compatible with Micr
139. if Enable IPSec not ac tivated IPSec Debug Level Select the priority of the syslog messages of the IPSec subsys tem to be recorded internally Possible values e Emergency highest priority e Alert O Cres jen cel e RETOR e Warning e Notice e Information Debug default value lowest priority Syslog messages are only recorded internally if they have a higher or identical priority to that indicated i e all messages generated are recorded at syslog level debug The Advanced Settings menu is for adapting certain functions and features to the special requirements of your environment i e mostly interoperability flags are set The default val ues are globally valid and enable your system to work correctly to other Teldat devices so that you only need to change these values if the remote terminal is a third party product or you know special settings are necessary These may be needed for example if the remote end operates with older IPSec implementations The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description IPSec over TCP Determine whether IPSec over TOP is to be used IPSec over TCP is based on NCP pathfinder technology This technology insures that data traffic IKE ESP AH between peers is integrated into a pseudo HTTPS session Teldat GmbH 18 VPN Field Description The function is enabled with Enabled The function is disabled by def
140. in higher performance and a lower volume of data to be trans ferred In the case of fast lines or data that cannot be com pressed you are advised against using this option as the per formance can be significantly affected by the increased effort during compression The function is enabled with Enabled The function is disabled by default Alive Check Select whether and how IPSec heartbeats are used A Teldat IPSec heartbeat is implemented to determine whether or not a Security Association SA is still valid This function sends and receives signals every 5 seconds depending on the configuration If these signals are not received after 20 seconds the SA is discarded as invalid Possible values e Autodetect default value Automatic detection of whether the remote terminal is a Teldat device If itis Heartbeats Send amp Expect for a remote terminal with Teldat or In active for a remote terminal without Teldat is set e Inactive Your device sends and expects no heartbeat Set this option if you use devices from other manufacturers e Heartbeats Expect only Your device expects a heartbeat from the peer but does not send one itself e Send Your device expects no heartbeat from the peer but sends one itself e Heartbeats Send amp Expect Your device expects a heartbeat from the peer and sends one itself Propagate PMTU Select whether the PMTU Path Maximum Transfer Unit is to be propagated during phase 2
141. information in the System Man agement gt Global Settings gt System Licences gt New menu The menu System Management gt Global Settings gt System Licences gt New consists of the following fields Fields in the Basic Settings menu Field Value Licence Serial Number Enter the licence serial number you received when you bought the licence Licence Key Enter the licence key you received by e mail 10 System Management Teldat GmbH Note If Not OKis displayed as the status e Enter the licence data again e Check your hardware serial number If Not Supported is displayed as the status you have entered a license for a sub system that your device does not support This means you cannot use the functions of this licence Deactivating a licence Proceed as follows to deactivate a licence 1 Goto System Management gt Global Settings gt System Licences gt New 2 Press the icon in the line containing the licence you want to delete 3 Confirm with OK The licence is deactivated You can reactivate your additional licence at any time by enter ing the valid licence key and licence serial number 10 3 Interface Mode Bridge Groups In this menu you define the operation mode for your device s interfaces Routing versus bridging Bridging connects networks of the same type In contrast to routing bridges operate at lay er 2 of the OSI model data link layer are independent of higher level protocols and tra
142. internally This is an advantage if enrol ment cannot be concluded immediately If the status has not been saved the incomplete registration cannot be completed As soon as the enrolment is completed and the certificate has been downloaded from the CA server it is automatically saved in the device configuration The function is enabled with Enabled The function is enabled by default 10 6 1 3 Import Choose the Import button to import certificates 10 System Management Teldat GmbH Certificate List CRLs Certificate Servers Import External Filenarne Browse Local Certificate Description File Encoding Auto v Password OK Cancel Fig 45 System Management gt Certificates gt Certificate List gt Import The menu System Management gt Certificates gt Certificate List gt Import consists of the following fields Fields in the Import menu Field Description External Filename Enter the file path and name of the certificate to be imported or use Browse to select it from the file browser Local Certificate De Enter a unique description for the certificate scription File Encoding Select the type of coding so that your device can decode the certificate Possible values e Auto default value Activates automatic code recognition If downloading the certificate in auto mode fails try with a cer tain type of encoding e Base64 e Binary Password You may need a password to obtain certificates
143. is displayed Current Calls Call History Automatic Refresh Interval 60 Seconds Apply View 120 per page E Filter in None y equal v Go Service Remote Number Interface Direction Charge Start Time Duration Page 1 Fig 218 Monitoring gt ISDN Modem gt Call History Values in the Call History list Field Description Service Displays the service to or from which the call was connected PPP IPSec X 25 POTS Remote Number Displays the number that was dialled in the case of outgoing calls or from which the call was made in the case of incoming calls Interface Displays additional information for PPP connections Direction Displays the send direction Incoming Outgoing Charge Displays the costs of the connection Start Time Displays the time at which the call was made or received Duration Displays the duration of the connection 24 4 Interfaces 24 4 1 Statistics In the Monitoring gt Interfaces gt Statistics menu current values and activities of all device interfaces are displayed With the filter bar you can select whether to display Transfer Totals or Transfer Throughput The values per second are shown on the Transfer Throughput display bintec Rxxx2 RTxxx2 Teldat GmbH 24 Monitoring Statistics Y Automatic Refresh Interval 60 Seconds Apply View 20 per page Filter in None equal v Go No Description Type Tx Packets TxBytes TxErrors RxPacket
144. is free You simply send an SMS contain ing ANMELD to the destination call number 8888 You then receive a free of charge confirmation of registration from the T Com SMS Service You can deregister your device or telephone number by sending an SMS containing ABMELD to the destination number 8888 Incoming SMS are then read out Information on which tele phones are SMS enabled can be obtained from T Punkt our cus tomer hotline 0800 330 1000 or on the Internet at ht tp www t com de You can connect SMS enabled telephones to your PBX and thus use the SMS performance feature in the T Com fixed network SMSs are forwarded to the recipient via the T Com SMS server To send an SMS with an SMS enabled terminal the telephone number 0193010 of the SMS server must be prefixed to the recipient num ber This telephone number is already stored in your PBX so manu al input of the server telephone is not necessary and does not need to be sent from the telephone To receive an SMS with your SMS enabled fixed network telephone you must register once with the Deutsche Telekom SMS Service Charges are made for sending SMSs There are no costs for receiving SMSs Simple Network Management Protocol Input level for SNMP commands All ISDN sockets and the NTBA of an ISDN point to multipoint con nection All So buses consist of a four wire cable The lines transmit digital ISDN signals The So bus is terminated with a terminating resistor after the last I
145. is to be estab lished Possible values are 0 to 65535 The default value is 443 Local Certificate Select a certificate that you want to use for the HTTPS connec tion Possible values e Internal default value Select this option if you want to use the certificate built into the device Teldat GmbH 21 Local Services Field Description e lt Certificate name gt Under System Management gt Cer tificates gt Certificate List select entered certificate 21 3 DynDNS Client The use of dynamic IP addresses has the disadvantage that a host in the network can no longer be found once its IP address has changed DynDNS ensures that your device can still be reached after a change to the IP address The following configuration steps are necessary e Registration of a host name at a DynDNS provider e Configuration of your device Registration The registration of a host name means that you define an individual user name for the DynDNS service e g dyn_client The service providers offer various domain names for this so that a unique host name results for your device e g dyn client provider com The DynDNS provider relieves you of the task of answer ing all DNS requests concerning the host dyn _client provider com with the dynamic IP address of your device To ensure that the provider always knows the current IP address of your device your device contacts the provider when setting up a new connection and propagates
146. keeps the IP address as signed to it without having to talk to the DHCP server Leased line Link Layer Control Switching node of a public local telephone network that supports the connection of end systems Function on telephones with an integrated loudspeaker You can press a button so that the people present in the room can also hear the telephone call Every device in the network is defined by a fixed hardware address MAC address The network card of a device defines this interna tionally unique address Encryption using public keys requires the public keys to be ex changed first During this exchange the unprotected keys can be in tercepted easily making a man in the middle attack possible The attacker can set a key at an early stage so that a key known to the man in the middle is used instead of the intended key from the real communication partner See HMAC MD5 Multifrequency code dialling method Management Information Base Switch for turning off the microphone The subscriber on the tele phone cannot hear the discussions in the room The access point accepts WPA and WPA2 Multilink PPP Modulator Demodulator MAC Protocol Data Unit every information packet exchanged on the wireless medium includes management frames and fragmented MSDUs MPPC MPPE MSDU MSN MSSID MTU Multicast Multiple subscriber number Multiprotocol gate way Microsoft Point to Point Compression Microsoft Point t
147. licence for devices in the R23x series and RS series BRRP Bintec Router Redundancy Protocol is a Teldat specific implementation of the VRRP Virtual Router Redundancy Protocol A router redundancy procedure is used mainly to safeguard the availability of a physical gateway in a LAN or WAN Terms and Definitions A number of special terms are used to describe the function The following terms are defined in the relevant RFC and in the Internet draft BRRP terms Field Description A router that uses the Virtual Router Redundancy Protocol It VRRP router can be integrated into one or more virtual routers Virtual Router An abstract object controlled by the VRRP which is used as default router for the hosts of a LAN It comprises a Virtual Router Identifier Virtual Router ID and an IP address or a group of associated IP addresses in a common LAN A VRRP router can protect the data traffic of one or more virtual routers IP Address Owner The VRRP router that possesses the IP address es of the vir tual router as real interface address es This is the router that if active answers packets for ICMP pings TCP connections etc to one of these IP addresses Primary IP Address An IP address that is selected from the group of real interface addresses A possible algorithm option is the selection of the Teldat GmbH 21 Local Services Field Description first address VRRP advertisements are always se
148. menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF protocol packets are to be sent Possible values e Passive default value OSPF is not activated for this inter face i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this inter face are however included when calculating the routing in formation and propagated over active interfaces e Active OSPF is activated for this interface i e routes are Teldat GmbH 18 VPN Field Description propagated or OSPF protocol packets sent over this interface e Inactive OSPF is disabled for this interface Proxy ARP Mode Select whether your device is to answer APR requests from your LAN on behalf of the specific PPTP partner Possible values e Inactive default value Disables Proxy ARP Address Resolution Protocol for this PPTP partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the PPTP partner is Up active or Dormant In the case of Idle your device only responds to the ARP request the connection is not set up un til someone actually wants to use the route e Up only Your device answers an APR request only if the status of the connection to the PPTP partner is Active i e if a connection to the PPTP partner has already been estab lished DNS Negotiation Select whether your device receives IP add
149. milliseconds of voice an RTP data packet should contain Possible values are 5 to 500 The default value is 20 20 2 3 Call Routing Here you can define the conditions for the routing of calls Define a list with rules or rule chains that are used to manipulate the indicated destination numbers A list of all existing entries is displayed in the VoIP gt Media Gateway gt Call Routing menu 20 2 3 1 Edit or New Choose the i icon to edit existing entries Select the New button to create new entries bintec Rxxx2 RTxxx2 Extensions SIP Accounts Call Routing CLID Translation Call Translation ISDN Trunks Options Basic Parameters Description Administrative Status MEnable Type Accept Rule Calling Line Any Y Calling Address Called Address Routing Rules Priority Line Called Address Translation Status Action 1 o fel mi C Add _ Routing Rule Priority fi Administrative Status MEnable Line E Called Address Translation C Apply OK C Cancel Fig 159 VoIP gt Media Gateway gt Call Routing gt New The VoIP gt Media Gateway gt Call Routing gt g New menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the name of the entry Administrative Status Select whether the entry should be activated The function is enabled with Enable The function is enabled by default Type Specify how calls a
150. modem until the entry in the profile is corrected Modem Escape Char Only for AUX Port Status enabled acter The value for this field is set by default to It should only be changed if the escape character of the modem is different Modem Init Sequence Only for AUX Port Status enabled Here you can enter an initialization string for your modem The command ATX3 amp K3 V1 is the default setting the modem does not wait for a free signal before dialling You can add other AT commands by separating them with semicolons The entry is limited to 50 characters Make sure you enter the command for activating the XON XOFF software flow control This is proprietary and cannot be set automatically The command sequence can be obtained from your modem manual or the manufacturer APN Access Point Only for AUX Port Status enabled Name If GPRS is used the so called Access Point Name of the pro 11 Physical Interfaces Teldat GmbH Field Description vider must be entered e g internet eplus de for eplus and so on A maximum of 40 characters can be entered If no APN or an incorrect APN is entered a configured GPRS connection will not function 11 2 Ethernet Ports An Ethernet interface is a physical interface for connection to the local network or external networks The Ethernet ports ETH1 to ETH4 are assigned to a single logical Ethernet interface in ex works state The logical Ethernet interface en 1 0 is assigned a
151. number and combination of wires depending on the device type used for the SHDSL connection Possible values e 2 wire Two wires are used with m pair bonding for a clock rate of 192 kbps to 5696 kbps e 4 wire Four wires are used with m pair bonding for a clock rate of 384 kbps to 11392 kbps This option supports 4 wire mode under G991 2 and Globespan Enhanced Mode e 4 wire standard Four wires are used for m pair bonding with a clock rate of 384 kbps to 11392 kbps This option sup ports 4 wire mode under G991 2 but not Globespan En hanced Mode e 4 wire IMA 4 wires are used with IMA for a clock rate of 384 kbps to 11392 kbps e 6 wire 6 wires are used with m pair bonding for a clock rate of 576 kbps to 17088 kbps e 6 wire IMA 6 wires are used with IMA for a clock rate of 576 kbps to 17088 kbps e 8 wire 8 wires are used with m pair bonding for a clock rate of 768 kbps to 22784 kbps e 8 wire IMA 8 wires are used with IMA for a clock rate of 768 kbps to 22784 kbps Additional Wire Pairs Only for Wire Mode 4 wire 4 wire standard 4 wire IMA 6 wire 6 wire IMA Field Description For Wire Mode 4 wire 4 wire standard or 4 wire IMA the second pair of wires is defined here For Wire Mode 6 wireor 6 wire IMAthe second and third pair of wires is defined here Wire pairs already used in defined connections are not available for selection If these continue to be used for this SHDSL con nection the exist
152. numbers e Privileged Entry of privileged port numbers 0 1023 e Server Entry of server port numbers 5000 32767 e Clients 1 Entry of client port numbers 1024 4999 e Clients 2 Entry of client port numbers 32768 65535 Not priviliged Entry of unprivileged port numbers 1024 65535 Enter the appropriate values for the individual port or start port of a range in Port and for a range the end port in to Port DSCP TOS Value Select the Type of Service TOS Possible values e Ignore default value The type of service is ignored e DSCP Binary Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in binary format e DSCP Decimal Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in decimal format e DSCP Hexadecimal Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in hexadecimal format e TOS Binary Value The TOS value is specified in binary format e g 00111111 e TOS Decimal Value The TOS value is specified in decimal format e g 63 e TOS Hexadecimal Value The TOS value is specified in hexadecimal format e g 3F Enter the relevant value for DSCP Binary Value DSCP Decimal Value DSCP Hexadecimal Value TOS Binary Teldat GmbH 14 Networking Field Description Value T
153. of Endpoint Server Enter the port for the internal SIP endpoint in the LAN External Port Specify the port on the WAN site of the gateway that is used for access through the NAPT barriers to a SIP endpoint in the LAN For clients the external port is recognised automatically and should not be changed 20 2 Media Gateway A media gateway serves as a translation instance between different telecommunications networks e g between the plain old phone network and the next generation networks IP networks With the Teldat Media Gateway a company equipped with an automatic PBX on a wired telephone network can be connected to a SIP Trunking Service Provider on the Internet in order to use IP telephony The Teldat Media Gateway supports the binding of several SIP Provider Accounts With this gateway you can set up extensions create an extension number plan and configure exchange functions and optimise voice data transmission for low bandwidth of the upload connection Note Your device must be fitted with a DSP module to be able to use the media gateway functions Information on building in the DSP module is provided in the installation in structions included with the module 20 2 1 Extensions Here you can configure the numbers of the terminal devices Extensions connected to the media gateway i e the numbers of the SIP terminals and the numbers of the ISDN ter minals depending on the available interfaces A list of all exi
154. only 10 100 1000 mbps auto only 10 100 1000 mbps auto sensing MDIX sensing MDIX ISDN BRI S0 Euro ISDN Euro ISDN point to multipoint point to point point to multipoint point to point connection connection TE or NT mode TE or NT mode ISDN PRI 2 ISDN Primary Rate Interface TE or NT mode Console RS232 Baudrates 1200 115200 Baud Baudrates 1200 115200 Baud FXS internal 4x for connection of analog tele phones or FAX Available sockets Serial interface V 24 5 pole mini USB socket 5 pole mini USB socket Ethernet interfaces RJ45 socket RJ45 socket ISDN BRI interface RJ45 socket RJ45 socket ISDN PRI interface RJ45 socket FXS 4x RJ45 sockets Standards amp Guidelines R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states Property bintec R4402 bintec RT4202 SAFERNET TM Security Technology Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP En cryption VPN with PPTP or IPSec Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPOA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP En cryption VPN with PPTP or IPSec Software supplied Dime Manager on DVD Dime Manager on DVD Documentation included Quick Install Guide and safety no ti
155. ponds to the status of the Per Interface S G Assert State Ma chine in der PIM SM Specification See I D ietf pim sm v2 new section 4 6 1 Assert Winner IP Ad Indicates the address of Assert Winner if pimStarGlAssertState dress runs AmAssertLoser InetAddressType is defined through the object pimSGlAssertWinnerAddressType Values in the S G RPT States list 24 Monitoring Teldat GmbH Field Description Multicast Group Ad Displays the multicast IP address InetAddressType is defined dress through the object pimSGAddressType Source IP Address Displays the source IP address InetAddressType is defined through the object pimStarGAddress Type Interface Displays the name of the interface Uptime Indicates the timespan since the entry was generated by the local router Join Prune State Indicates whether the local router should sever the source of the RP tree This corresponds in the PIM SM specification to the status of the Upstream S G rpt State Machine for Triggered Messages Expiry Timer Displays the remaining time until the S G rpt Prune State be comes invalid for this interface In the PIM SM specification this timer is named S G rpt Prune Expiry Timer If the timer is de activated it has the value 0 The value FFFFFFFF h stands for infinite In the PIM DM specification this timer is named S G Prune Timer Teldat GmbH Glossary 10 Base 2 100Base T 10Base T 1TR6 3DES Triple DES 802 11a
156. r den tj nat ut ska kasseras och l mnas till de f rutsedda sorterg rdarna och skiljas fr n normalt hus h llsavfall Tegnet p apparatet som viser en avfallcontainer med et kyss over betyr at apparatet m kastet p hertil egnet avfallssted og ikke sammen med vanlig avfall fra husholdningen To ovu odo nov Ppioketal OTIV ovokevi pe TO otavpwp vo kovt vep ATOPPLLLATWV onpaiver TL N OVOKEVI oTo T doG TnG StapKEtac xphong tng np ner va SiateOei eywpiot anr ta kavovik anoppiupata ota yr avt Tov okon npopien peva onpeia SidBeons Symbolet med gennemkrydset affaldsbeholder p apparatet betyder at apparatet n r det ikke kan bruges l ngere skal bortskaffes adskilt fra normalt husholdningsaffald p et af de dertil be regnede bortskaffelsessteder Znajduj cy si na urz dzeniu symbol przekre lonego pojemnika na mieci oznacza e po up ywie ywotno ci urz dzenia nale y go odda do odpowiedniej plac wki utylizacyjnej i nie wyrzuca go do normalnych mieci domowych Het doorgehaalde symbool van de afvalcontainer op het apparaat betekent dat het apparaat op het einde van zijn levensduur niet bij het normale huisvuil mag worden verwijderd Het moet bij een erkend inzamelpunt worden ingeleverd O s mbolo com um caixote de lixo riscado que se encontra no aparelho significa que o aparelho no fim da sua vida til deve ser eliminado separadamente do lixo dom stico nos centros de recol ha adequados
157. required to accept all multicast packets For Ethernet or FDD this is based on MAC mapping where the group address is encoded into the destina tion MAC address For routing between several networks the routers first need to make themselves known to all potential recipients in the subnet This is achieved by means of Membership Management protocols such as IGMP for IPv4 and MLP for IPv6 Membership Management protocol In IPv4 IGMP Internet Group Management Protocol is a protocol that hosts can use to provide the router with multicast membership information IP addresses of the class D ad dress range are used for addressing An IP address in this class represents a group A sender e g Internet radio sends data to this group The addresses IP of the various senders within a group are called the source addresses Several senders with different IP addresses can therefore transmit to the same multicast group leading to a 1 to n rela tionship between groups and source addresses This information is forwarded to the router by means of reports In the case of incoming multicast data traffic a router can use this in formation to decide whether a host in its subnet wants to receive it Your device supports the current version IGMP V3 which is upwardly compatible which means that both V3 and V1 V2 hosts can be managed Your device supports the following multicast mechanisms e Forwarding This relates to static forwarding i e incoming d
158. rule chain and thus add another rule to it Description Enter the name of the rule chain Access Filter Select an IP filter If the rule chain is new select the filter to be set at the first point of the rule chain If the rule chain already exists select the filter to be attached to the rule chain Action Define the action to be taken for a filtered data packet Possible values e Allow default value Allow packet if it matches the filter e Allow if filter does not match Allow packet if it does not match the filter e Deny if filter matches Deny packet if it matches the filter e Deny if filter does not match Deny packet if it does not match the filter e Ignore Use next rule To set the rules of a rule chain in a different order select the S button in the list menu for the entry to be shifted A dialog box opens in which you can decide under Move whether the entry below default value or above another rule of this rule chain is to be shifted 14 5 3 Interface Assignment In this menu the configured rule chains are assigned to the individual interfaces and the gateway s behavior is defined for denying IP packets A list of all configured interface assignments is displayed in the Networking gt Access Rules gt Interface Assignment menu Access Filter Rule Chains Interface Assignment View 20 per page Fitter in None v equal v Go Interface Rule Chain Silent Deny Reporti
159. saved on the server from which it is to be retrieved For Action Export configuration Enter the file name under which it should be saved on the serv er Local File Name Only for Command Type Configuration Management and Action Import configuration Re name configurationor Copy configuration At import renaming or copying enter a name for the configura tion file under which to save it locally on the device File Name in Flash For Command Type Configuration Management and Action Export configuration Select the file to be exported Teldat GmbH 21 Local Services Field Description For Command Type Configuration Management and Action Rename configuration Select the file to be renamed For Command Type Configuration Management and Action Delete configuration Select the file to be deleted For Command Type Configuration Management and Action Copy configuration Select the file to be copied Configuration contains certificates keys Only for Command Type Configuration Management and Action Import configuration Or Ex port configuration Select whether the certificates and keys contained in the config uration are to be imported or exported The function is disabled by default Encrypt configuration Only for Command Type Configuration Management and Action Import configuration or Ex port configuration Define whether the data of the selected Action are to be en crypted
160. the connection attempt of a client is initially refused so that the cli ent repeats the attempt in a different frequency band Possible values e Disabled optimized for fast roaming default value The function is not used for this VSS This is useful if clients are to switch between different radio cells with as little delay as possible e g with Voice over WLAN e 2 4 GHz band preferred Preference is given to accept ing clients in the 2 4 GHz band 13 Wireless LAN Controller Teldat GmbH Field Description e 5 GHz band preferred Preference is given to accepting clients in the 5 GHz band Fields in the menu MAC Filter Field Description Access Control l Select whether only certain clients are to be permitted for this wireless network The function is activated by selecting Enabled The function is disabled by default Allowed Addresses Use Add to make entries and enter the MAC addresses MAC Address of the clients to be permitted Dynamic blacklisting You can use the Dynamic blacklisting function to identify cli ents that want to gain possibly unauthorised access to the net work and block them for a certain length of time A client is blocked if the number of unsuccessful login attempts with a spe cified time exceeds a certain number This threshold value and the duration of the block can be configured A blocked client is blocked at all the APs that are managed by the wireless LAN controller for the VSS co
161. the PC without the need for a cable connec tion Because of the many different application areas for the Bluetooth technology the different types of connections between the devices are divided into profiles A profile determines the service function that the individual Bluetooth clients can use among each other Bandwidth on Demand Bootstrap protocol Bits per second A unit of measure for the transmission rate Glossary Break in BRI Bridge Broadcast Brokering Browser Bundle Bus Busy On Busy CA Calendar Teldat GmbH In a PBX the option of breaking in to an existing call This is sig nalled acoustically by an attention tone Basic Rate Interface Network component for connecting homogeneous networks As op posed to a gateway bridges operate at layer 2 of the OSI model are independent of higher level protocols and transmit data packets using MAC addresses Data transmission is transparent which means the information contained in the data packets is not inter preted Broadcasts data packages are sent to all devices in a network in order to exchange information Generally there is a certain address broadcast address in the network that allows all devices to inter pret a message as a broadcast Brokering makes it possible to switch between two external or in ternal subscribers without the waiting subscriber being able to hear the other conversation Program for displaying content on the
162. the following fields Fields in the Advanced Settings menu Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed The de fault value is 60 Maximum Number of Enter the number of unsuccessful attempts to setup a connec Dialup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Authentication Select the authentication protocol for this connection partner Select the authentication specified by your provider Possible values e PAP default value Only run PAP PPP Password Authentic ation Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 password is transferred en crypted 17 WAN Teldat GmbH Field Description e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e PAP CHAP MS CHAP Primarily run CHAP on denial then the authentication protocol required by the connection partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server from the connection partn
163. the handheld unit is charged using separate charging stations ISDN connection that includes two basic channels B channels each with 64 kbps and one control and signalling channel D chan nel with 16 kbps The two basic channels can be used independ ently of each other for each service offered in the T ISDN You can therefore telephone and fax at the same time T Com offers the Ba sic Rate Interface as a point to multipoint or point to point connec tion Binary digit Smallest unit of information in computer technology Signals are represented in the logical states 0 and 1 You can define a restriction on external dialling for individual sub scribers The telephone numbers entered in the blacklist table can not be called by the terminals subject to dialling control e g entry 0190 would block all connections to expensive service providers Block based encryption algorithm An algorithm developed by Bruce Schneier It relates to a block cipher with a block size of 64 bit and a key of variable length up to 448 bits Bluetooth is a wireless transfer technology that can connect up dif ferent devices Bluetooth replaces cables to connect various devices e g Notebook PC PDA etc Thanks to Bluetooth these devices can exchange data with each other without a fixed connection For example PCs notebooks or a PDA can access the Internet or a loc al network The appointments on a PDA can be synchronised with the appointments on
164. this which you should enter here for all PPP connections Establish the type of authentication process that should be performed then Teldat GmbH 17 WAN enter a common password and two codes You get this information for example from your Internet Service Provider ISP or the system administrator at your head office If the data you entered on your device is the same as the caller s data the call is accepted The call is rejected if the data is not the same Callback The callback mechanism can be used for every connection over an ISDN or over an AUX interface to obtain additional security regarding the connection partner or to clearly allocate the costs of connections A connection is not set up until the calling party has been clearly identified by calling back Your device can answer an incoming call with a callback or re quest a callback from a connection partner Identification can be based on the calling party number or PAP CHAP MS CHAP authentication Identification is made in the former case without call acceptance as the calling party number is transferred over the ISDN D channel and in the latter case with call acceptance Channel Bundling Your device supports dynamic and static channel bundling for dialup connections Channel bundling can only be used for ISDN connections for a bandwidth increase or as a backup Only one B channel is initially opened when a connection is set up Dynamic Dynamic channel bundling mean
165. this PPTP partner Possible values e PAP CHAP MS CHAP Primarily run CHAP on denial the au thentication protocol required by the PPTP partner MSCHAP version 1 or 2 possible e PAP default value Only run PAP PPP Password Authentic ation Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 password is transferred en crypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server from the connection partner or sends these to the connection partner The function is enabled with Enabled The function is enabled by default 17 WAN Teldat GmbH Field Description Prioritize TCP ACK Packets Select whether the TCP download is to be optimised in the event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is enabled with Enabled The function is disabled by default LCP Alive Check Select whether the availability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a
166. w Teldat JII bintec elmes elmeg IP S400 elmeg hybird zm POTS Public Network m um HHE HE mmm G Manual bintec Rxxx2 RTxxx2 Reference Copyright Version 7 0 2013 Teldat GmbH bintec Rxxx2 RTxxx2 1 Manual Teldat GmbH Legal Notice Aim and purpose This document is part of the user manual for the installation and configuration of Teldat devices For the latest information and notes on the current software release please also read our release notes particularly if you are updating your software to a higher release version You will find the latest release notes under www teldat de Liability This manual has been put together with the greatest possible care However the information con tained in this manual is not a guarantee of the properties of your product Teldat GmbH is only liable within the terms of its conditions of sale and supply and accepts no liability for technical inaccuracies and or omissions The information in this manual can be changed without notice You will find additional information and also release notes for Teldat devices under www teldat de Teldat devices make WAN connections as a possible function of the system configuration You must monitor the product in order to avoid unwanted charges Teldat GmbH accepts no responsibility for data loss unwanted connection costs and damage caused by unintended operation of the product Trademarks Teldat trademarks and the Teldat logo
167. with XMODEM 4 Delete configuration The device is reset to the ex works state All configuration files are deleted and the BOOTmonitor settings are set to the default values 5 Default BOOTmonitor Parameters You can change the default settings of the BOOTmonitor of the device e g the baud rate for serial connections 6 Show System Information Shows useful information about your device e g serial number MAC address and software versions The BOOTmonitor is started as follows The devices passes through various functional states when starting e Start mode BOOTmonitor mode e Normal mode After some self tests have been successfully carried out in the start mode your device reaches the BOOTmonitor mode The BOOTmonitor prompt is displayed if you are serially connected to your device Press lt sp gt for boot monitor or any other key to boot system R4402 Bootmonitor V 7 9 Rev 1 from 2009 10 19 00 00 00 Copyright c 1996 2005 by Teldat GmbH 1 Boot System 2 Software Update via TFTP 3 Software Update via XMODEM 4 Delete Configuration 5 Default Bootmonitor Parameters 6 Show System Information Your Choice gt _ After display of the BOOTmonitor prompt press the space bar within four seconds to use the functions of the BOOTmonitor If you do not make an entry within four seconds the device changes back to normal operating mode Note If you change the baudrate the preset value is 9600 baud ma
168. your device to a suitable DNS server This also includes specific forwarding of defined domains Forwarded Domains DNS cache for saving the positive and negative results of DNS requests e Static entries static hosts to manually define or prevent assignments of IP addresses to names e DNS monitoring statistics to provide an overview of DNS requests on your device Name server 21 Local Services Teldat GmbH Under Local Services gt DNS gt Global Settings gt Basic Parameters you enter the IP ad dresses of name servers that are queried if your device cannot answer requests itself or by forwarding entries Global name servers and name servers that are attached to an interface can both be entered Your device can also receive the global name servers dynamically via PPP or DHCP and transfer them dynamically if necessary Strategy for name resolution on your device A DNS request is handled by your device as follows 1 2 4 6 If possible the request is answered directly from the static or dynamic cache with IP address or negative response Otherwise if a suitable forwarding entry exists the relevant DNS server is asked de pending on the configuration of the Internet or dialin connections if necessary by set ting up a WAN connection at extra cost If the DNS server can resolve the name the information is forwarded and a dynamic entry created in the cache Otherwise if name servers have been ent
169. 0 Line Speed Interval 142 Link State ID 543 Load Balancing 182 Load Balancing 205 Load Balancing Groups 205 Local Address 422 Local Certificate 342 Local Hostname 362 Local Address 538 Local Certificate 440 Local Certificate Description 116 117 467 Local File Name 467 Local GRE IP Address 381 LocalID 327 532 Local ID Type 327 342 Local ID Value 342 Local IP Address 192 236 274 279 284 289 297 317 320 330 363 366 374 381 Local IP Address 532 Local Port 532 538 Local PPTP IP Address 280 Local Services 429 Locality 113 Location 73 164 Log Format 519 Logged Actions 389 Logging Level 94 Login Frameset 494 Login Grace Time 94 Logon 539 Long Retry Limit 171 Loopback End to End 313 Loopback Segment 313 Loopback active 198 Low Latency Transmission 399 MAC Address 146 307 451 MAC Address 538 539 Mail Exchanger MX 443 Maintenance 186 506 Teldat GmbH Management VID 153 Manual WLAN Controller IP Address 73 Manually resetting the device 10 Master down trials 501 Matching String 520 Max incoming control connections per remote IP Address 378 Max number of clients hard limit 178 Max number of clients soft limit 178 Max queue size 225 Max Transmission Rate 170 Maximum Number of Dialup Retries 275 280 285 291 298 Maximum Retries 363 Maximum Groups 260 Maximum Message Level of Syslog Entries 73 Maximum Number of Accounting Log
170. 02 ADSL2 interface Internal ADSL2 mo dem for Annex A and Annex B VDSL2 interface In accordance with ITU G 993 2 supports Baud plan ISDN 998 Autodetection of VD SL profile SHDSL interface Supports SHDSL bis Internal SHDSL 8 wire modem Bonding technology with 2 wire 4 wire 6 wire 8 wire as an inverse multiplexer per formed over IMA in accordance with the ATM forum Ethernet IEEE 802 3 LAN 4 port switch Permanently installed twisted pair only 10 100 1000 mbps autosensing MDIX Permanently installed twisted pair only 10 100 1000 mbps autosensing MDIX Permanently installed twisted pair only 10 100 1000 mbps autosensing MDIX ETH5 Permanently installed Permanently installed Permanently installed twisted pair only twisted pair only twisted pair only 10 100 1000 mbps 10 100 1000 mbps 10 100 1000 mbps autosensing MDIX autosensing MDIX autosensing MDIX ISDN BRI SO Euro ISDN Euro ISDN Euro ISDN point to multipoint poi point to multipoint poi point to multipoint poi nt to point connection nt to point connection nt to point connection Only TE mode Only TE mode Only TE mode Console RS232 Baudrates 1200 Baudrates 1200 Baudrates 1200 115200 Baud 115200 Baud 115200 Baud Available sockets Serial interface V 24 5 pole mini USB sock et 5 pole mini USB sock et 5 pole mini USB sock et
171. 13 Wireless LAN Controller Teldat GmbH Field Description e AES default value AES is used e TKIP TKIP is used Preshared Key Only for Security Mode wPA PSK Enter the WPA password Enter an ASCII string with 8 63 characters Note Change the default Preshared Key If the key has not been changed your device will not be protected against unau thorised access Radius Server You can control access to a wireless network via a RADIUS server With Add you can create new entries Enter the IP address and the password of the RADIUS server EAP Preauthentifica Only for Security Mode wPA Enterprise ee Select whether the EAP preauthentification function is to be ac tivated This function tells your device that WLAN clients which are already connected to another access point can first carry out 802 1x authentication as soon as they are within range Such WLAN clients can then simply connect over the existing network connection with your device The function is activated by selecting Enabled The function is enabled by default Fields in the menu Client load balancing Field Description Max number of clients hard limit Enter the maximum number of clients that can be connected to this wireless network SSID The maximum number of clients that can register with a wire less module depends on the specifications of the respective WLAN module This maximum is distrubuted across all wireless networks configured for
172. 2 19 3 1 Address Lista dia aS as a a a Ge Wo 392 19 3 2 GOUS S29 E A A ee a Sh 393 19 4 S6rviceS lt a uaa aa Clea eal es ates alk a es 394 19 4 1 Service List m i s 0 a eae Pe ee pales ane fos 394 19 4 2 E en Be deca na 396 Chapter 20 VolP 2 A nd De a ee ae ee 398 20 1 Application Level Gateway 2 2 a ee 398 20 1 1 SIP Proxies tudo ese o ee ek dt ed ee ca 398 20 1 2 SIP Endpointss e 2 4 823 owed Loe ee Bo a oe o 400 20 2 Media Gateway 2 e 402 20 2 1 EXt nSiOnS srera RS ri ds me a da ae aE HA rar ee Ee O eg a e o 403 20 2 2 SIP Accounts 2 aa Ae eos Se a et he oe te de 408 20 2 3 Call Routing 5 gt koe a Ae te Bed ee et Mee 415 20 2 4 GLID Translation iv 7 bec Be OS Se Bran Pe hs J SOP i Sn bes Bk 419 20 2 5 Calli Translations cs 2 5 ie eee he ee Ee eee te cs 421 20 2 6 ISDN Trunks 4044 2 dock e ck Ee ea 423 viii bintec Rxxx2 RTxxx2 20 2 7 OPtiONS i 42 ses ra ee at ER ee ee eat 424 20 3 RISP a A eo eee ley BAe eo ee ee i ales 427 20 3 1 RISP PIOVE aA SD a a ca ee E o hee 428 Chapter 21 Local Services vey a ta a ale ia 429 21 1 DNS en C2 ae Se ra sche A ey aas Aue sewers 429 21 1 1 GlobalSettings l 8 ot wate a tsi e a ade at o s 431 21 1 2 DNS Servers 2 o 433 21 1 3 Static Hosts 2 e LASS Baca wae oa DASE Daca i 2 435 21 1 4 Domain Forwarding 2 a a o o o 436 21 1 5 Caches 3 fret ele OR See eat ee le OS ee eae 438 21 1 6 Stat
173. 2 11n e 802 11n Your device operates only according to 802 11n For Operation Band 5 GHz Indoor 5 GHz Outdoor 5 GHz In Outdoor or 5 8 GHz Outdoor Possible values e 802 11a The device operates only in accordance with 802 11a e 802 11n Your device operates only according to 802 11n e 802 11a n Your device operates according to either 802 11a or 802 11n Teldat GmbH 13 Wireless LAN Controller Field Description Max Transmission Rate Select the transmission speed Possible values e Auto default value The transmission speed is determined automatically e lt Value gt According to setting for Operation Band Band width Number of Spatial Streams and Wireless Mode vari ous fixed values in mbps are available Burst Mode Activate this function to increase the transmission speed for 802 11g through frame bursting As a result several packets are sent one after the other without a waiting period This is par ticularly effective in 11b g mixed operation The function is enabled with Enabled The function is disabled by default If problems occur with older WLAN hardware this function should not be active Airtime fairness This function is not available for all devices The Airtime fairness function ensures that the access point s send resources are distributed intelligently to the connected cli ents This means that a powerful client e g a 802 11n client cannot achieve only a poor flow level becau
174. 2833 If the remote terminal does not use this stand ard SIP Info is used e T 38 Fax Allows the transmission of fax messages over data networks e SRTP SRTP is an encrypted variant of the Real Time Trans port Protocol RTP e Data RFC 4040 Enable the transport of 64 kbit s channel data in RTP packets By default G 711 uLaw G 711 aLawand G 729 are enabled The codecs actually used are the intersect of the codecs defined here and those signalled by the provider For outgoing calls any remaining codecs are dropped from the list that would require more than the available bandwidth Fields in the Voice Quality Settings menu Field Description Echo Cancellation Select whether echo cancellation should be used Echo cancellation is a technique to suppress echo feedback in voice communication on full duplex lines The function is enabled with Enabled The function is enabled by default 20 VoIP Teldat GmbH Field Description Comfort Noise Genera Specify whether Comfort Noise Generation should be used tion CNG For digital voice transmission this function introduces a low level of background noise to avoid the impression that during pauses at the other end the connection is lost The function is enabled with Enabled The function is enabled by default Packet Size Specify how many milliseconds of voice an RTP data packet should contain Possible values are 5to 500 The default value is 20
175. 2TP tunnel profile is used on the initiator side LAC to set up the connection The L2TP tunnel profile is needed on the responder side LNS to accept the connection 18 2 1 Tunnel Profiles A list of all configured tunnel profiles is displayed in the VPN gt L2TP gt Tunnel Profiles menu 18 2 1 1 New Choose the New button to create additional tunnel profiles Basic Parameters Description Bem o SS Local Hostname RR Remote Hostname A Password eseese gt LAC Mode Parameters Remote IP Address L UDP Source Port Oixea UDP Destination Port frzor Advanced Settings Local IP Address o Hello Intervall po Seconds Minimum Time between Retries k Seconds Maximum Time between Retries fie Seconds Maximum Retries es Data Packets Sequence Numbers DEnabled OK C Cancel Fig 139 VPN gt L2TP gt Tunnel Profiles gt New The menu VPN gt L2TP gt Tunnel Profiles gt New consists of the following fields bintec Rxxx2 RTxxx2 18 VPN Teldat GmbH Fields in the Basic Parameters menu Field Description Description Enter a description for the current profile The device automatically names the profiles L2TP and numbers them but the value can be changed Enter the host name for LNS or LAC Local Hostname e LAC The local hostname is used in outgoing tunnel setup messages to identify this
176. 31 Remote Number 535 536 Remote Port 532 538 Remote Authentication 96 Remote FileName 467 Remote GRE IP Address 381 Remote ID 532 Remote IP 531 Remote IP Address 362 Remote IP Address 532 Remote PPTP IP Address 280 372 Remote PPTP IP AddressHost Name 372 Remote User for Dialin only 288 Rendevous Point IP Address 546 547 Rendezvous Point IP Address 266 Reporting Method 234 Requested Rate 142 Reset 10 Resetting the settings 10 Response 436 Restore Default Settings 90 Result of Autoconfiguration 126 Retransmission Timer 246 Retries 100 Teldat GmbH Reverse Path Forwarding RPF 548 549 RFC 2091 Variable Timer 244 RFC 2453 Variable Timer 244 RIP 239 RIP Filter 241 RIP Interfaces 239 RIP Options 244 RIP UDP Port 244 Robustness 257 Rogue Clients 185 Rogue APs 184 Rogue Client MAC Address 185 Role 355 Route Announce 240 Route Class 190 Route Entries 274 279 284 289 297 317 320 330 366 374 381 Route Selector 208 Route Timeout 245 Route Type 190 195 Router ID 542 543 Routes 189 Routing Protocols 239 Routing table updates caused by Ex ternal Advertisements 544 Routing table updates caused by Sum mary Links Advertisements 544 RSA Key Status 93 RTS Threshold 171 RTSP 427 RTSP Port 428 RTSP Proxy 428 428 RTT Mode Realtime Traffic Mode 223 Rule Chain 233 234 Rule Chains 232 Running 187 Rx Bytes 537 538 Rx Errors 537 Rx Packet
177. 5 connector is as follows RJ45 socket for SHDSL connection bintec R3802 Pin Position 1 Line a4 Line b4 Line a3 Line a1 Line b1 Line b3 NO Oo fF W DY Line a2 5 Technical data Teldat GmbH Pin Position 8 Line b2 5 5 5 VDSL2 interface The VDSL2 interface on bintec R3502 and RT3502 is connected via an RJ45 plug The following pins are used for the VDSL connection Fig 15 VDSL2 interface RJ45 connector bintec R3502 and bintec RT3502 The pin assignment for the VDSL2 interface RJ45 connector is as follows RJ45 socket for VDSL connection bintec R3502 and bintec RT3502 Pin Position 1 Not used Not used Not used Line 1a Line 1b Not used Not used ON Oa F amp F 0 ND Not used 5 5 6 ISDN PRI interface Both of the ISDN PRI interfaces on bintec R4402 are connected via an RJ45 plug The cable supplied connects the RJ45 plug needed for the device to an RJ45 plug needed for the PRI connection The following pins are used for the connection Teldat GmbH 5 Technical data Fig 16 ISDN PRI interface RJ45 socket The pin assignment for the ISDN PRI interface RJ45 socket is as follows RJ45 socket for ISDN PRI connection Pin Position 1 T TE Not used R R Not used Not used aN Oa fF 0 DN Not used Note for NTs in Germany Note In Germany Transmit NT gt TE is often designated S2Mab a and b on the plug and Receive TE gt NT S2Man a and b 5 5 7 IS
178. 9 14 2 1 NAT Interfaces A list of all NAT interfaces is displayed in the Networking gt NAT gt NAT Interfaces menu 14 Networking Teldat GmbH NAT Interfaces NAT Configuration View 20 per page Filter in None v equal v Go Interface NAT active Loopback active Silent Deny PPTP Passthrough Portforwardings LAN_EN1 0 0 LAN_EN1 5 0 Page 1 Items 1 2 OK Cancel Fig 81 Networking gt NAT gt NAT Interfaces For every NAT interface the NAT active Loopback active Silent Deny and PPTP Passthrough Can be selected In addition Port forwardings displays how many port forwarding rules were configured for this interface Options in the menu NAT Interfaces Field Description NAT active Select whether NAT is to be activated for the interface The function is disabled by default Loopback active The NAT loopback function also enables network address trans lation for connectors whereby NAT is not activated This is often used in order to interpret queries from the LAN as if they were coming from the WAN You can use this to test the server ser vices The function is disabled by default Silent Deny Select whether IP packets are to be silently denied by NAT If this function is deactivated the sender of the denied IP packet is informed by means of an appropriate ICMP or TCP RST mes sage The function is disabled by default PPTP Passthrough Selec
179. AP v DNS Negotiation V Enabled Prioritize TCP ACK Packets JEnabled LCP Alive Check Enabled C OK Cancel Ny Fig 118 WAN gt Internet Dialup gt PPPoA gt New The menu WAN gt Internet Dialup gt PPPoA gt New consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter a name for uniquely identifying the connection partner The first character in this field must not be a number No special characters or umlauts must be used ATM PVC Select an ATM profile created in the ATM gt Profiles menu in dicated by the global identifiers VPI and VCI specified by the provider User Name Enter the user name Password Enter the password for the PPPoA connection bintec Rxxx2 RTxxx2 17 WAN Teldat GmbH Field Description Always on Select whether the interface should always be activated The function is enabled with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Only if Always on is disabled Timeout Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion
180. Address 422 External Filename 116 117 External Port 401 External Reporting 515 F Facility 516 Fallback interface to get DNS server 431 Faxheader 460 File Encoding 116 117 File Name 467 File Name in Flash 467 Filename 510 Filter 217 Filter Rules 388 Filter Rules 384 Filter List 455 Filtered Input Interface s 453 Firewall 383 Firewall Status 389 Firmware Maintenance 186 First Timeserver 80 First seen 185 Flow Control 123 Force certificate to be trusted 108 Forward 437 Forward to 437 Forwarded Requests 439 Forwarding 261 Teldat GmbH Fragmentation Threshold 171 Frozen Parameters 212 Full Filtering 389 G Garbage Collection Timer 245 Gateway 195 448 Gateway IP Address 192 General 255 453 489 Generate Private Key 111 Generate default route forthe AS 252 GenerationID 546 Global Settings 252 431 Global Status 545 Global Settings 73 GRE 380 GRE Tunnels 381 GRE Window Adaption 378 GRE Window Size 378 Group Description 98 206 207 236 Group ID 479 Groups 391 393 396 H Hashing Algorithms 92 Hello Interval 264 Hello Intervall 363 Hello Hold Time 264 High Priority Class 217 History 458 Hold Down Timer 246 Host 437 Host for multiple locations 496 Host Name 442 Hosts 478 HotSpot Gateway 491 HotSpot Gateway 490 539 HTTP 89 HTTPS 89 440 HTTPS Server 440 HTTPS TCP Port 440 Teldat GmbH IGMP 256 IGMP Proxy 259 IGMP State Limit 257 IGMP State Limit 260 IGMP S
181. Automatic flow control is performed 11 3 ISDN Ports In this menu you configure the ISDN interfaces of your device Here you enter data such as the type of ISDN connection to which your gateway is connected You can use the ISDN interfaces of your gateway for various types of use You must carry out two steps to configure the ISDN interfaces e Enter the settings for your ISDN connection Here you set the most important parameters of your ISDN connection e MSN Configuration Here you tell your device how to react to incoming calls from the WAN 11 3 1 ISDN Configuration Note If the ISDN protocol is not detected it must be selected manually under Port Usage und ISDN Configuration Type The automatic D channel detection is then switched off An incorrectly set ISDN protocol prevents ISDN connections being set up In the Physical Interfaces gt ISDN Ports gt ISDN Configuration menu a list of all ISDN ports and their configuration are displayed 11 3 1 1 Edit Choose the 3 button to edit the configuration of the ISDN port ISDN BRI interface 11 Physical Interfaces Teldat GmbH You can use the ISDN BRI interface of your gateway for both dialup connections and leased lines over ISDN Basic Parameters Port Name Autoconfiguration on Bootup Result of Autoconfiguration Port Usage ISDN Configuration Type X 31 lt 25 in D Channel Fig 51 Physical Interfaces gt ISDN Ports gt ISDN Configuration gt IS
182. Balancing The increasing amount of data traffic over the Internet means it is necessary to send data over different interfaces to increase the total bandwidth available IP load balancing en ables the distribution of data traffic within a certain group of interfaces to be controlled 14 3 1 Load Balancing Groups If interfaces are combined to form groups the data traffic within a group is divided accord ing to the following principles e In contrast to Multilink PPP based solutions load balancing also functions with accounts with different providers e Session based load balancing is achieved e Related dependent sessions are always routed over the same interface e A decision on distribution is only made for outgoing sessions A list of all configured load balancing groups is displayed in the Networking gt Load Balan cing gt Load Balancing Groups menu You can click the P icon next to any list entry to go to an overview of the basic parameters that affect this group Note Note that the interfaces that are combined into a load balancing group must have routes with the same metric If necessary go to the Networking gt Routes menu and check the entries there 14 3 1 1 New Choose the New button to create additional groups 14 Networking Teldat GmbH Load Balancing Groups Special Session Handling Basic Parameters Group Description Distribution Policy Session Round Robin v Distribution Mode Always Only
183. Before you start the configuration you should gather the data for the following purposes e Basic configuration if your device is in the ex works state e Internet access optional The following table shows examples of possible values for the necessary access data You can enter your personal data in the Your values column so that you can refer to these bintec Rxxx2 RTxxx2 Teldat GmbH 7 Basic configuration values later when needed If you configure a new network you can use the given example values for IP addresses and netmasks In cases of doubt ask your system administrator Basic configuration For a basic configuration of your gateway you need information that relates to your net work environment Basic information Access data Example value Your values IP address of your gateway 192 168 0 254 Netmask of your gateway 255 255 255 0 Internet access over ADSL If you want to set up Internet access you need an Internet Service Provider ISP You also receive your personal access data from your ISP The terms used for the required access data may vary from provider to provider However the type of information you need for dial in in is basically the same The following table lists the access data that your device also needs for a DSL connection to the Internet Data for internet access over ADSL Access data Example value Your values Provider name GoInternet Protocol PPP over Ethernet PPPoE Encapsu
184. CRL Checking Only if a CRL Distribution Point is present Ouse settings from superior certificate Force certificate to be trusted O True Wiew details Certificate SerialNumber 11 ry SubjectName lt CN r1200_aw OU Support O Teldat GmBH ST Bavaria C DE amp gt IssuerName lt CN linuxCA OU Support O Teldat GmBH ST Bavaria C DE gt Validity NotBefore 2006 Sep 15th 07 07 49 GMT Notifter 2008 Sep 14th 07 07 49 GMT PublicKeyInfo Algorithm name X 509 rsaEncryption Modulus n 1024 bits 16574300073 530619299711756289853 6583 6058592284552111716307381855989730994 424195975049742 634337589053 64905029295484509982 43 448632595011570952551767 7011616656908963216398179133323977323 1877712746643 12501085550617414306630 041183 48507669050906895786617697212081811410853590733 69329733126120426693 32010609789043 4357773 Exponent e 17 bits 65537 Extensions Available key usage basic constraints KeyUsage DigitalSignature NonRepudiation KeyEncipherment BasicConstraints ci FALSE v MD5 Fingerprint EE AB 21 CB 4A 82 02 44 6C A2 F6 5E 0D 0C 65 34 SHA1 Fingerprint 77 5A 14 BC 60 17 66 56 8C F7 CC 90 C0 4E 25 19 3B D3 7B F7 Used OK CU Cancel __ Fig 43 System Management gt Certificates gt Certificate List gt g The certificates and keys themselves cannot be changed but a few external attributes can be changed depending on the type of the selected entry The Syst
185. DN BRI interface The devices bintec R1202 R3002 R3502 and R3802 have an ISDN BRI interface which e g can be used for backup functions The devices bintec R4402 and RT1202 have two ISDN BRI interfaces The devices bintec RT3002 RT3502 and RT4202 have four ISDN BRI interfaces The devices bintec R1202 R3002 R3502 and R3802 can only be operated in TE mode The devices bintec R4402 and bintec RTxxxx can be operated in TE mode or in NT mode The connection is made via an RJ45 socket 5 Technical data Teldat GmbH Fig 17 ISDN BRI interface RJ45 socket The pin assignment for the ISDN BRI interface RJ45 socket in TE mode is as follows RJ45 socket for ISDN connection in TE mode Pin Position 1 Not used Not used Transmit Receive Receive Transmit Not used 0 JA Oa fF 0 DN Not used The pin assignment for the ISDN BRI interface RJ45 socket in NT mode is as follows RJ45 socket for ISDN connection in NT mode Pin Position 1 Not used Not used Receive Transmit Transmit Receive Not used Not used aN O a fF 0 PDN 5 5 8 FXS interface bintec RT4202 has four FXS interfaces The connection is made via an RJ45 socket bintec Rxxx2 RTxxx2 Fig 18 FXS interface RJ45 connector The pin assignment for the FXS interface RJ45 connector is as follows RJ45 connector for FXS connection Pin Position Not used Not used Not used a b Not used Not use
186. DN Configuration MSN Configuration bri 0 TE Y Enabled Port Usage Not used ISDN Configuration Type Point to Multipoint m Point to Multipoint Point to Point Advanced Settings Enabled OK Cancel The Physical Interfaces gt ISDN Ports gt ISDN Configuration gt menu consists of the following fields Fields in the Basic Parameters menu Field Description Port Name Autoconfiguration on Bootup Result of Autoconfig uration Shows the name of the ISDN port Select whether the ISDN switch type D channel detection for switched line is to be automatically identified The function is enabled with Enabled The function is enabled by default Shows the status of the ISDN Auto Config Automatic D channel detection runs until a setting is found or until the ISDN protocol is selected manually under Port Usage This field cannot be edited The result of automatic configuration for the Port Usage and the ISDN Configuration Type is dis played Possible values e All possible values for the Port Usage and the ISDN Config Teldat GmbH 11 Physical Interfaces Field Description uration Type e Running Detection is still running Port Usage Only if Autoconfiguration on Bootup is disabled Select the protocol that you want to use for the ISDN port Possible values e Not used The ISDN connection is not used e Dialup Euro ISDN e Leased Line e Q SIG Only if
187. Description COS Filter 802 1p Layer 2 Enter the service class of the IP packets Class of Service CoS Possible values are whole numbers between 0 and 7 The default value is Ignore 14 5 2 Rule Chains Rules for IP filters are configured in the Rule Chains menu These can be created separ ately or incorporated in rule chains In the Networking gt Access Rules Rule Chains menu all created filter rules are listed Access Filter Rule Chains Interface Assignment View 20 per page Fitter in None v equal v Go Description Filter Action Page 1 New Fig 91 Networking gt Access Rules Rule Chains 14 5 2 1 Edit or New Choose the icon to edit existing entries To configure access lists select the New but ton Access Filter Rule Chains Interface Assignment Basic Parameters Rule Chain New 2 Description PA Access Filter Selectone v Action Allow iffilter matches m 4 oK C Cancel Fig 92 Networking gt Access Rules Rule Chains gt New The Networking gt Access Rules Rule Chains gt Newmenu consists of the following fields bintec Rxxx2 RTxxx2 Teldat GmbH 14 Networking Fields in the Basic Parameters menu Field Description Rule Chain Select whether to create a new rule chain or to edit an existing one Possible values e New default value You can create a new rule chain with this setting e lt Name of class plan gt Select an already existing
188. Edit or New Choose theNew button to set up new IP address pools Choose the o icon to edit existing entries Teldat GmbH 17 WAN PPPoE PPTP PPPoA ISDN IP Pools Basic Parameters IP Pool Name l IP Address Range Primary Secondary J DNS Server OK Cancel Fig 121 WAN gt Internet Dialup IP Pools gt New Fields in the menu Basic Parameters Field Description IP Pool Name Enter any description to uniquely identify the IP pool IP Address Range Enter the first first field and last second field IP address of the IP address pool DNS Server Primary Enter the IP address of the DNS server that is to be used preferably by clients who draw an address from this pool Secondary Optionally enter the IP address of an alternative DNS server 17 2 ATM ATM Asynchronous Transfer Mode is a data transmission procedure that was originally designed for broadband ISDN ATM is currently used in high speed networks You will need ATM for example if you want high speed access to the Internet via the integrated ADSL or SHDSL modem In an ATM network different applications such as speech video and data can be transmit ted side by side in the asynchronous time multiplex procedure Each transmitter is provided with time sections for transmitting data With asynchronous transmission unused time sec tions of a transmitter are used by another transmitter With ATM the packet switching procedure is con
189. Enabted Compression None Ostac Oms stac Omppc IP Options OSPF Mode OPassive O Active O inactive Proxy ARP Mode O Inactive up or Dormant Up only OK C Cancel __ Fig 126 WAN gt Leased Line gt Interfaces gt Autogenerated from BRI ISDN S0 gt The WAN gt Leased Line gt Interfaces gt Autogenerated from BRI ISDN S0 gt menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the desired description for the connection Fields in the IP Mode and Routes menu Field Description Default Route Select whether the route to this connection partner is to be defined as the default route The function is enabled with Enabled The function is disabled by default bintec Rxxx2 RTxxx2 17 WAN Teldat GmbH Field Description Local IP Address Enter the IP address you received from your network operator Route Entries Define other routing entries for this connection class Add new entries with Add The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description LCP Alive Check Select whether the reachability of the remote terminal is to be checked The function is enabled with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload The function is enabled with Enabled
190. Fig 69 Wireless LAN Controller gt Monitoring gt Active Clients In the Wireless LAN Controller gt Monitoring gt Active Clients menu current values of all active clients are displayed For each client you will see an entry with the following parameter set Location Name VSS Client MAC Client IP Address Signal Noise dBm Status Uptime Possible values for Status Status Meaning None The client is no longer in a valid status Logon The client is currently logging on with the WLAN Associated The client is logged on with the WLAN Authenticate The client is in the process of being authenticated Status Meaning Authenticated The client is authenticated 13 4 2 Wireless Networks VSS Active Clients Wireless Networks VSS Client Management Neighbor APs Rogue APs Rogue Clients viemJRo per page Filter in None v equal v Go Location Slave AP Name VSS MAC Address VSS Channel Status Page 1 Fig 70 Wireless LAN Controller gt Monitoring gt Wireless Networks VSS In menu Wireless LAN Controller gt Monitoring gt Wireless Networks VSS an overview of the currently used AP is displayed You see which wireless module is assigned to which wireless network For each wireless a parameter set is displayed Location Name VSS MAC Address VSS Channel Clients Status 13 4 3 Load Balancing Active Clients Wireless Networks VSS Client Management Neighbor APs Rogue APs Rogue Clients
191. Fitter in None y equal y Go Default Description Proposals PFS Group Lifetime Page 1 C New D 4 OK C _ Cancel Fig 134 VPN gt IPSec gt Phase 2 Profiles In the Default column you can mark the profile to be used as the default profile 18 1 3 1 New Choose the New button to create additional profiles bintec Rxxx2 RTxxx2 18 VPN IPSec Peers Teldat GmbH Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Phase 2 IPSEC Parameters Description Proposals Use PFS Group Lifetime IP Compression Alive Check Propagate PMTU IPSec 2 Encryption Authentication Enabled AES v MDS5 vw AES v MD5 vw AES v MD5 vw Enabled 1768 Bit 21024 Bit O 5 1536 Bit 7200 Seconds 0 kBytes Rekey after 80 Lifetime Advanced Settings Enabled Autodetect v i Enabled OK Cancel Fig 135 VPN gt IPSec gt Phase 2 Profiles gt New The menu VPN gt IPSec gt Phase 2 Profiles gt New consists of the following fields Fields in the Phase 2 IPSEC Parameters menu Field Description Description Proposals Enter a description that uniquely identifies the profile The maximum length of the entry is 255 characters In this field you can select any combination of encryption and message hash algorithms for IKE phase 2 on your default The combination of six encryption algorithms and two message has
192. HotSpot Gateway gt HotSpot Gateway You can use the Enabled option to enable or disable the corresponding entry 21 11 1 1 Edit or New You configure the hotspot networks in the Local Services gt HotSpot Gateway gt HotSpot Gateway gt menu Choose the New button to set up additional Hotspot networks Basic Parameters Interface ONEN Domain atthe HotSpot Server C Walled Garden DEnabled Language for login window English Advanced Settings Ticket Type UsernameiPassword Y Allowed HotSpot Client All v Login Frameset M active Pop Up window for status indication Active Ml Enabled Default Idle Timeout 600 Seconds 4 OK C cancel Fig 195 Local Services gt HotSpot Gateway gt HotSpot Gateway gt The Local Services gt HotSpot Gateway gt HotSpot Gateway gt menu consists of the fol lowing fields Fields in the menu Basic Parameters bintec Rxxx2 RTxxx2 Teldat GmbH 21 Local Services Field Description Interface Choose the interface to which the Hotspot LAN or WLAN is con nected When operating over LAN enter the Ethernet interface here e g en1 0 If operating over WLAN the WLAN interface to which the access point is connected must be selected 4 Caution For security reasons you cannot configure your device over an interface that is configured for the Hotspot Therefore take care when selecting the
193. IP address is to be assigned to the interface Possible values e Static default value The interface is assigned a static IP address in IP Address Netmask DHCP An IP address is assigned to the interface dynamically via DHCP IP Address Netmask Only for Address Mode Static Enter the IP addresses IP Address and the corresponding netmasks Netmask of the ATM interfaces Add new entries with Add 17 WAN Teldat GmbH Field Description MAC Address Enter a MAC address for the internal router interface of ATM connection e g 00 a0 9 06 bf 03 An entry is only re quired in special cases For Internet connections it is sufficient to select the option Use built in standard setting An address is used which is derived from the MAC address of the en1 0 DHCP MAC Address Only for Address Mode DHCP Enter the MAC address of the internal router interface of ATM connection e g 00 e1 9 06 bf 03 If your provider has assigned you an MAC address for DHCP enter this here You can also select the Use built in option default setting An address is used which is derived from the MAC address of the enl 0 DHCP Hostname Only for Address Mode DHCP If necessary enter the host name registered with the provider to be used by your device for DHCP requests The maximum length of the entry is 45 characters Fields in menu Routed Protocols over ATM Settings appears only for Type Routed Protocols over ATM Field
194. IP addresses also enables the more secure ID Pro tect mode main mode to be used for tunnel setup Method of operation Various modes are available for transferring your own IP address to the peer The address can be transferred free in the D channel or in the B channel but here the call must be accepted by the remote station and therefore incurs costs If a peer whose IP address has been assigned dynamically wants to arrange for another peer to set up an IPSec tunnel it can transfer its own IP address as per the settings described in Fields in the menu IPSec Callback on page 339 Not all transfer modes are supported by all telephone companies If you are not sure automatic selection by the device can be used to ensure that all the available possibilities can be used Note The callback configuration should be the same on the two devices so that your device is able to identify the IP address information from the called peer The following roles are possible e One side takes on the active role the other the passive role e Both sides can take on both roles both The IP address transfer and the start of IKE phase 1 negotiation take place in the following steps 1 Peer A the callback initiator sets up a connection to the Internet in order to be as signed a dynamic IP address and be reachable for peer B over the Internet 2 Your device creates a token with a limited validity and saves it together with the cur rent IP addres
195. IPSec via PPPoE and VLAN Encryption Method Only if an IPSec Peers is selected as Interface Traffic shap ing is Active and Protocol Header Size below Layer 3 is not Undefiniert Protocol Header Offset 0 Select the encryption method used for the IPSec connection The encryption algorithm determines the length of the block cipher which is taken into account during bandwidth calculation Possible values ODES SMS Iilonmirigsia Case enjoin lolloels size 64 Bit e AES128 AES192 AES256 Twofish cipher block size 128 Bit Real Time Jitter Con Only for Traffic shaping enabled trol Real Time Jitter Control optimises latency when forwarding real time datagrams The function ensures that large data packets are fragmented according to the available upload bandwidth Real Time Jitter Control is useful for small upload bandwidths lt 800 kbps Activate or deactivate Real Time Jitter Control The function is enabled with Enabled The function is disabled by default Control Mode Only for Real Time Jitter Control enabled Select the mode for optimising voice transmission Possible values Teldat GmbH 14 Networking Field Description e All RTP Streams All RTP streams are optimised The function activates the RTP stream detection mechanism for the automatic detection of RTP streams In this mode the Real Time Jitter Control is activated as soon as an RTP stream has been detected e Inactive Voice d
196. Import language You can import additional language ver sions of the GUI into your device You can download the files to your PC from the download area at www teldat de and from there import them to your device e Update system software You can launch an update of the system software the ADSL logic and the BOOTmonitor e Import Voice Mail Wave Files Only displayed if an SD card is inserted In file name select the vms_wavfiles zip file that you wish to import e Export configuration with state information The active configuration from the RAM is transferred to your local host If you click the Go button a dialog box is dis played in which you can select the storage location on your PC and enter the desired file name Action Select the action you wish to execute After each task a window is displayed showing the other steps that are required Possible values e No Action default value e Import configuration Under Filename select a config uration file you want to import Please note Click Go to first load the file under the name boot in the flash memory for the device You must restart the device to enable it Please note The files to be imported must be in CSV format e Import language You can import additional language ver sions of the GUI into your device You can download the files to your PC from the download area at www teldat de and from there import them to your device e Update system software You
197. In the example above if a user types in 123 the device dials OGLANG 7S If the user wishes to call extension 111 he types in 123111 The device dials 09119673111 A period at the end of the number indicates a complete number This is dialled immediately the period is recognised If you want to use a speeddial number from this list you must dial followed by the speed dial number 20 3 RTSP In this menu you configure the use of the RealTime Streaming protocol RTSP RTSP is a network protocol for controlling multimedia traffic flows in IP based networks Payload data is not transferred using RTSP Rather it is used to control a multimedia ses sion between sender and recipient If you want to use RTSP the firewall and NAT must be configured accordingly Inthe VolP gt RTSP menu you can activate the RTSP proxy to enable requested RTSP sessions over the defined port if required 20 3 1 RTSP Proxy In the VoIP gt RTSP gt RTSP Proxy menu you configure the use of the RealTime Streaming protocol RTSP Proxy Basic Parameters RTSP Proxy DEnabled RTSP Port 554 OK C Cancel Fig 164 VolP gt RTSP gt RTSP Proxy The VoIP gt RTSP gt RTSP Proxymenu consists of the following fields Fields in the Basic Parameters menu Field Description RTSP Proxy Select whether you want to permit RTSP sessions The function is activated by selecting Enabled The function is disabled by default RTSP Port Select the po
198. Interval Enter the time interval in seconds to be used for checking the availability of hosts Possible values are 1 to 65536 The default value is 10 Within a group the smallest Interval of the group members is used Successful Trials Specify how many pings need to be answered for the host to be regarded as accessible You can use this setting to specify for example when a host is deemed to be accessible once more and used again instead of a backup device Possible values are 1 to 65536 The default value is 3 Unsuccessful Trials Specify how many pings need to be unanswered for the host to be regarded as inaccessible You can use this setting to specify for example when a host is deemed to be inaccessible and that a backup device should be used Possible values are 1 to 65536 The default value is 3 Teldat GmbH 21 Local Services Field Description Action to be performed Select which Action should be run For most actions you select an Interface to which the Action relates All physical and virtual interfaces can be selected For each interface select whether it is to be enabled Enable disabled Disable default value reset Reset or the con nection restablished Redia1 With Action Monitor you can monitor the IP address that is specified under Monitored IP Address This information can be used for other functions such as the Tracking IP Address 21 8 2 Interfaces A list of al
199. LoopObj LoopObj name wlanifTable 2 2005 01 10 22 47 13 Information IPSec init starting 3 2005 01 10 22 47 13 Information IPSec BinTec ipsecd version 3 0 Copyright c 1996 2010 by Funkwerk Enterprise Communications GmbH 4 2005 01 10 22 47 13 Information IPSec init running 5 2005 01 10 22 47 13 Information INET sshd pid 52 listening on 0 0 0 0 port 22 6 2005 01 10 22 47 12 Information Configuration system r4402 started at Mon Jan 10 22 47 12 2005 7 2005 01 10 22 47 09 Information Configuration boot_fac configuration loaded Page 1 Items 1 7 Fig 213 Monitoring gt Internal Log gt System Messages Values in the System Messages list Field Description No Displays the serial number of the system message Date Displays the date of the record Time Displays the time of the record Level Displays the hierarchy level of the message bintec Rxxx2 RTxxx2 Teldat GmbH 24 Monitoring Field Description Subsystem Displays which subsystem of the device generated the mes sage Message Displays the message text 24 2 IPSec 24 2 1 IPSec Tunnels A list of all configured IPSec tunnel providers is displayed in the Monitoring gt IPSec gt IPSec Tunnels menu IPSec Tunnels IPSec Statistics Automatic Refresh Interval 60 Seconds Apply View 20 per page Filter in None equal v Go Description Remote IP Remote Networks Security Algorithm Status Action 1 Peer 1 E a 1 4 Fe Page 1 Ite
200. M Rendezvouz point You can enter 411 Groups default value or specify a multicast network segment by selecting Specific Range Multicast Group Ad dress Only if Multicast Group Range Specific Range bintec Rxxx2 RTxxx2 Teldat GmbH 16 Multicast Field Description Here you enter the IP address of the multicast network seg ment Multicast Group Prefix Length Only if Multicast Group Range Specific Range Here you enter the network mask length of the multicast net work segment 224 0 0 0 4 indicates the entire multicast class D segment Possible values 4 default value to 32 Rendezvous Point IP Address Enter the IP address or the hostname of the rendezvous points Precedence Enter the value for pimGroupMappingPrecedence to be used for static RP configurations This allows precise control over which configuration is to be replaced by this static configuration When the function is activated pimStaticRPOverrideDynamic is ignored The absolute values of this object are only significant on the local router and need not be synchronised with other routers The function is deactivated with the default value 0 If the func tion is not activated by setting a value not O this can different consequences for other routers Hence avoid using this func tion if exact control of the behaviour of the static RP is not re quired 16 4 3 PIM Options PIM Interfaces PIM Rendezvous Points PIM Options Basic Settin
201. MP Proxy enables you to simulate several locally connected interfaces as a subnet to an adjacent router Queries coming in to the IGMP Proxy interface are forwarded to the local subnets Local reports are forwarded on the IPGM Proxy interface Multicast Receiver Multicast Sender Teldat Gateway Teldat Gateway e g bintec RXL12500 e g bintec RXL12500 IGMP Proxy Interface Multicast Receiver Fig 108 IGMP Proxy The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description IGMP Proxy Select whether your device is to forward the hosts IGMP mes sages in the subnet via its defined Proxy Interface Proxy Interface Only for IGMP Proxy enabled Select the interface on your device via which queries are to be received and collected 16 2 2 Options In this menu you can enable and disable IGMP on your system You can also define whether IGMP is to be used in compatibility mode or only IGMP V3 hosts are to be accep ted bintec Rxxx2 RTxxx2 16 Multicast Basic Settings IGMP Status Mode Maximum Groups Maximum Sources IGMP State Limit Teldat GmbH IGMP Options Oup ODown Auto Compatibility Mode Version 3 only 64 64 0 Messages per Second oK Cancel Fig 109 Multicast gt IGMP gt Options The Multicast gt IGMP gt Options menu consists of the following fields Fields in the Basic Settings menu Field Description IGMP Status
202. N on behalf of the specific L2TP partner Possible values e Inactive default value Deactivates Proxy ARP for this L2TP partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the L2TP partner is Up active or Dormant In the case of Idle your device only responds to the ARP request the connection is not set up un til someone actually wants to use the route e Up only Your device responds to an ARP request only if the status of the connection to the L2TP partner is Up active i e a connection already exists to the L2TP partner DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server und Secondary DNS Server and WINS Server Primary and Secondary from the L2TP partner or sends these to the L2TP partner The function is enabled with Enabled The function is enabled by default 18 2 3 Options Tunnel Profiles Users Options Global Options UDP Destination Port 1701 UDP Source Port Selection O Fixed oK Cancel Fig 141 VPN gt L2TP gt Options The menu VPN gt L2TP gt Options consists of the following fields Fields in the Global Options menu Teldat GmbH 18 VPN Field Description UDP Destination Port Enter the port to be monitored by the LNS on incoming L2TP tunnel connections Available values are all whole numbers from 1 to 65535 the default value is 1701 as specified in RFC 2661 UDP Source Port Se Select wheth
203. NMP shell of the device 2 Continue with Login on page 54 Windows 1 How an SSH connection is set up very much depends on the software used Consult the documentation for the program you are using As soon as you have connected to the device the login prompt window will appear You are now in the SNMP shell of the device 2 Continue with Login on page 54 Note PuTTY requires certain settings for a connection to a Teldat device The support pages of http www teldat de include FAQs which list the required settings 8 1 2 Access via the Serial Interface Each Teldat gateway has a serial interface with which a PC can be connected directly The following chapter describes what you have to remember when setting up a serial connec tion and what you can do to configure your device in this way Access via the serial interface is ideal if you are setting up an initial configuration of your device and a LAN access is not possible via the pre configured IP address 192 168 0 254 255 255 255 0 Windows If you are using a Windows PC you need a terminal program for the serial connection e g HyperTerminal Make sure that HyperTerminal was also installed on the PC with the Win dows installation However you can also use any other terminal program that can be set to the corresponding parameters see below Teldat GmbH 8 Access and configuration Proceed as follows to access your device via the serial interface 1 In the
204. OS Decimal Valueand TOS Hexadecimal Value Mode Select when the interface defined in Route Parameters gt Inter face is to be used Possible values 14 1 2 Dialup and wait default value The route can be used if the interface is up If the interface is dormant then dial and wait until the interface is up Authoritative The route can always be used Dialup and continue The route can be used when the interface is up If the interface is dormant then select and use the alternative route rerouting until the interface is up Never dialup The route can be used when the interface is up Always dialup The route can be used when the interface is up If the interface is dormant then dial and wait until the interface is up In this case an alternative interface with a poorer metric is used for routing until the interface is up IPv4 Routing Table A list of all IPv4 routes is displayed in the Network gt Routes IPv4 Routing Table menu The routes do not all need to be active but can be activated at any time by relevant data IPv4 Route Configuration IPv4 Routing Table Options traffic View 20 per page Fitter in None Destination IP Address Nemesi 0 0 0 0 0 0 0 0 10 0 0 0 255 255 255 0 Page 1 items 1 2 Gateway 10 0 0 232 10 0 0 1 equal v Go Extended Interface Metric Route Type Route Protocol BRIDGE_BRO 1 Default Route Local fmi via Gateway BRIDGE_BRO 0 Networ
205. Options Et o amp DAns 2h ae ty See Ae Bee in aS oe 196 14 2 NAT i cs og ee ee i Oe OR ona Ro E ae RA 197 14 2 1 NAT Interfaces 2 200 o a a 197 14 2 2 NAT Configuration 2 ee 199 14 3 Load Balancing os o oao eo o e i aa a 205 14 3 1 Load BalancingGroups a a a 205 14 3 2 Special Session Handling s aoa a a o 209 14 4 QOS aali Aa ade ht et a ort fot eet a ea 213 14 4 1 QOS FET ote Pe ty da Re ea daa 213 14 4 2 QoS Classification 2 a a a a 216 14 4 3 QoS Interfaces Policies 2 a a a a a a 219 14 5 ACCESS RUGS a g aa wich eat Meee A a Se hy a Wee lr 226 14 5 1 Access Filler 4 cnt 4 a de ah cae ens 228 bintec Rxxx2 RTxxx2 V 14 5 2 Rule Chainsin ai nate a ates Sa a Ke Bat hin Bead 232 14 5 3 Interface Assignment 2 2 233 14 6 Drop rt A ack Masi A SA 235 14 6 1 Drop In GroupS sia a A AD Be A 235 Chapter 15 Routing Protocols 0 00002 eae 239 15 1 ee ee Re A ee a eee Re 239 15 1 1 RIP InteriaGes e s tO et ental ttt Ge tod ce so rad te 239 15 1 2 RIBES be Ok A a DA Solel Bae 241 15 1 3 RIP Options s mis leane A Eh os 244 15 2 OSPF Gt A e a fe ne Pe AE Ge oe 246 15 2 1 ATOAS 6 aie kee Ree A a a 248 15 2 2 Interfaces 2k os a Ge ee ee 250 15 2 3 Global Settings 2 oa a a ee 252 Chapter 16 Multicast lt Sch teh he SO ae we RA 254 16 1 General alse 2 koe ra aa Geog Bega ele kale ue t 255 16 1 1 Generali gep eine te Gb he Sob we
206. P Address Route Entries Advanced Settings Block after connection failure for 300 Seconds Authentication Encryption Onone Enabled O Windows compatible Compression Onone Ostac Oms stac Opec LCP Alive Check MEnabled IP Options OSPF Mode OPassive O Active O Inactive O Inactive Up or Dormant O up only nat PPTP Callback Callback DEnabled oK yi Cancel Fig 142 VPN gt PPTP gt PPTP Tunnels gt New The VPN gt PPTP gt PPTP Tunnels gt New menu consists of the following fields Fields in the PPTP Partner Parameters menu bintec Rxxx2 RTxxx2 Teldat GmbH 18 VPN Field Description Description Enter a unique name for the tunnel The first character in this field must not be a number No special characters or umlauts must be used PPTP Mode Enter the role to be assigned to the PPTP interface Possible values e PNS default value this assigns the PPTP interface the role of PPTP server e Windows Client Mode This assigns the PPTP interface the role of PPTP client User Name Enter the user name Password Enter the password Always on Select whether the interface should always be activated The function is enabled with Enabled The function is disabled by default Connection Idle Timeout Only if Always on is disabled Enter the idle interval in seconds This determines how many seconds should pass between sending the last traffic data pack et and cle
207. P Base Number 130 Packet Size 407 414 Packets 532 Passed 534 Password 111 116 117 272 278 283 288 296 355 362 365 372 404 409 442 459 467 510 523 528 Password for protected Certificate 467 Passwords 75 Peak Cell Rate PCR 310 Peer Address 327 Peer ID 327 Phase 1 Profile 334 Phase 1 Profiles 341 Phase 2 Profile 334 Phase 2 Profiles 349 Physical Address 539 Physical Connection 138 Physical Interfaces 119 PIM 262 545 PIM Mode 263 PIM Status 268 PIM Interfaces 262 PIM Options 267 PIM Rendezvous Points 266 Ping 89 Ping Generator 484 Ping Test 506 Poisoned Reverse 244 Teldat GmbH Policies 384 Policy 100 104 Pool Usage 447 Pop Up window for status indication 494 POP3 Server 523 POP3 Timeout 523 Port 198 404 444 539 Port Configuration 152 Port Configuration 123 PortName 126 130 Port Usage 126 130 Positive Cache 431 PPPoA 282 PPPoE 271 PPPoE Mode 272 PPPoE Ethernet Interface 272 PPPoE Interfaces for Multilink 272 PPTP 277 371 PPTP Inactivity 390 PPTP Passthrough 198 PPTP Tunnels 371 PPTP Address Mode 280 PPTP Ethernet Interface 278 PPTP Mode 372 Pre empt mode go back into master state 501 Precedence 266 Preshared Key 176 327 Primary DHCP Server 452 Primary DNS Server 434 Primary IP Address 496 Prioritisation Algorithm 220 Prioritize TCP ACK Packets 275 280 285 298 308 318 321 368 375 Priorit
208. P Challenge Handshake Authentic ation Protocol as per RFC 1994 password is transferred en crypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e PAP CHAP MS CHAP Primarily run CHAP on denial then the authentication protocol required by the connection partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server from the connection partner or sends these to the connection partner The function is enabled with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is enabled with Enabled The function is disabled by default PPTP Address Mode Displays the address mode The value cannot be changed Possible values e Static The Local PPTP IP Address will be assigned to the 17 WAN Teldat GmbH Field Description selected Ethernet port Local PPTP IP Address Assign the PPTP interface an IP address that is used as the source address The default value is 10 0 0 140 Remote PPTP IP Ad Enter the IP add
209. P connections with V 120 MSN Enter the number used to check the called party number For the call to be accepted it is sufficient for the individual numbers in the entry to agree taking account of MSN Recognition MSN Recognition Select the mode your device is to use for the number comparis on for MSN with the called party number of the incoming call Possible values e Right to Left default value e Left to Right DDI Always select if your device is con nected to a point to point connection Bearer Service Select the type of incoming call service detection Possible values e Data Voice default value Both data and voice calls e Data data call e Voice Voice call modem voice analog fax 11 4 DSL Modem The ADSL modem on the bintec R3002 and bintec RT3002 is compatible with ANNEX A and ANNEX B standards and so can be used universally in several countries It is particu larly suitable for high speed Internet access and remote access use in SMEs or remote of fices The bintec R3502 features an integrated VDSL2 modem which supports automatic switch ing to ADSL2 If required VDSL connection is available at any time In addition to the VDSL2 modem the bintec R3502 has five gigabit Ethernet ports which can be configured for LAN WAN or DMZ 11 4 1 DSL Configuration In this menu you make the basic settings for your DSL connection Aut
210. P trap hosts is displayed 23 4 2 1 New Select the Newbutton to create additional SNMP trap hosts Teldat GmbH 23 External Reporting SNMP Trap Options SNMP Trap Hosts Basic Parameters IP Address OK Cancel Fig 211 External Reporting gt SNMP gt SNMP Trap Hosts gt New The menu External Reporting gt SNMP gt SNMP Trap Hosts gt New consists of the follow ing fields Fields in the Basic Parameters menu Field Description IP Address Enter the IP address of the SNMP trap host 23 5 Activity Monitor This menu contains the settings needed to monitor your device with the Windows tool Activity Monitor part of BRICKware for Windows Purpose The Activity Monitor enables Windows users to monitor the activities of your device Im portant information about the status of physical interfaces e g ISDN line and virtual inter faces is easily obtained with a single tool A permanent overview of the utilisation of your device is possible Method of operation A Status Daemon collects information about your device and transfers it as UDP packets to the broadcast address of the first LAN interface default setting or to an explicitly entered IP address One packet is sent per time interval which can be adjusted individually to val ues from 1 60 seconds Up to 100 physical and virtual interfaces can be monitored provided the packet size of 4096 bytes is not exceeded The Activity Monitor on your PC receives the packets
211. PF 17 WAN Teldat GmbH Field Description protocol packets sent over this interface e Inactive OSPF is disabled for this interface Proxy ARP Mode Select whether and how ARP requests are to be responded to for the specified connection partner Possible values e Inactive default value Deactivates Proxy ARP for this connection partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the connection partner is Up or Dormant In the case of Idle your device only re sponds to the ARP request the connection is not set up until someone actually wants to use the route e Up only Your device responds to an ARP request only if the status of the connection to the connection partner is Up i e a connection already exists to the connection partner 17 4 Real Time Jitter Control When telephoning over the Internet voice data packets normally have the highest priority Nevertheless if the upstream bandwidth is low noticeable delays in voice transmission can occur when other packets are routed at the same time The real time jitter control function solves this problem So that the line is not blocked for too long for the voice data packets the size of the other packets can be reduced if re quired during a telephone call 17 4 1 Controlled Interfaces In the WAN gt Real Time Jitter Control gt Controlled Interfaces a list of functions is dis played for which the Real Time
212. PN Field Description Remote IP Address Enter the fixed IP address of the LNS used as the destination address for connections based on this profile The destination must be a device that can behave like an LNS UDP Source Port Enter how the port number to be used as the source port for all outgoing L2TP connections based on this profile is to be de termined By default the Fixed option is disabled which means that ports are dynamically assigned to the connections that use this pro file If you want to enter a fixed port enable the Fixed option Se lect this option if you encounter problems with the firewall or NAT The available values are 0 to 65535 UDP Destination Port Enter the destination port number to be used for all calls based on this profile The remote LNS that receives the call must mon itor this port on L2TP connections Possible values are 0 to 65535 The default value is 1701 RFC 2661 The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Local IP Address Enter the IP address to be used as the source address for all L2TP connections based on this profile If this field is left empty your device uses the IP address of the interface used to reach the remote IP Address by the L2TP tun nel Hello Intervall Enter the interval in seconds between the sending of two L2TP HELLO messages These messages are used to keep the tun nel open
213. PPP authentication PPPoA PPPoE PRI Primary Rate Inter face PRI Protocol Proxy ARP PSN PSTN PVID R key RADIUS RADSL RAS Real Time Clock RTC Receiver volume Point to Point Protocol Security mechanism A method of authentication using passwords in PPP Point to Point Protocol over ATM Point to Point Protocol over Ethernet Primary Rate Interface ISDN subscriber connection The PRI consists of one D channel and 30 B channels in Europe In America 23 B channels and one D channel There is also the ISDN Basic Rate Interface Protocols are used to define the manner and means of information exchange between two systems Protocols control and rule the course of data communication at various levels decoding address ing network routing control procedures etc ARP Address Resolution Protocol Packet Switched Network Public Switched Telephone Network Port VLAN ID Telephones that have a R key inquiry key can also be connected to a PBX In modern telephones the R key triggers the hook flash function This is required for use of performance features in T Net such as inquiry brokering and three party conference Remote Authentication Dial In User Service Rate Adaptive Digital Subscriber Line Remote access service Hardware clock with buffer battery Function for controlling the volume in the telephone receiver Reconnection on the For a point to multipoint connection enables the terminal co
214. PS packet 14 3 2 1 Edit or New Choose the 2s icon to edit existing entries Select the New button create new entries Load Balancing Groups Special Session Handling Basic Parameters Admin Status Description Service Protocol Destination IP Address Netmask Destination PortRange Source Interface Source IP Address Netmask Source Por Range Special Handling Timer Frozen Parameters MeEnabled Userdetned aortverty E Any v All vA wi Any i m A tof 900 Seconds Advanced Settings Source IP Address lt Destination Address lV Destination Port 4 oK Cancel Fig 85 Networking gt Load Balancing gt Special Session Handling gt New bintec Rxxx2 RTxxx2 Teldat GmbH 14 Networking The Networking gt Load Balancing gt Special Session Handling gt New menu consists of the following fields Fields in the Basic Parameters menu Field Description Admin Status Description Service Protocol Destination IP Ad dress Netmask Select whether the Special Session Handling should be activ ated The function is activated by selecting Enabled The function is enabled by default Enter a name for the entry Select one of the preconfigured services if required The ex tensive range of services configured ex works includes the fol lowing O ACV e apple qt O eiela e charge o clics d e daytime e dhcp e discard The default value is User def
215. Packets 0 Rx Bytes 0 TCP Connections State Local Address Local Port Remote Address Remote Port Fig 220 Monitoring gt Interfaces gt Statistics gt p Values in the Statistics list Field Description Description Displays the name of the interface MAC Address Displays the interface text IP Address Netmask Shows the IP address and the netmask NAT Indicates if NAT is activated for this interface Tx Packets Shows the total number of packets sent Tx Bytes Displays the total number of octets sent Rx Packets Shows the total number of packets received Rx Bytes Displays the total number of bytes received Fields in the TCP Connections menu Field Description Status Displays the status of an active TCP connection Local Address Displays the local IP address of the interface for an active TCP connection Local Port Displays the local port of the IP address for an active TCP con nection Remote Address Displays the IP address to which an active TCP connection ex ists Remote Port Displays the port to which an active TCP connection exists 24 5 Bridges 24 5 1 br lt x gt In the Monitoring gt Bridges gt br lt x gt menu the current values of the configured bridges are shown bro Automatic Refresh Interval 300 seconds Apply MAC Address Port 00 a0 19 0b 08 98 eni 0 Fig 221 Monitoring gt Bridges Values in the br lt x gt list Field Description MAC Address Shows the MAC addresses of the associat
216. Parameters Destination IP Address Netmask Local IP Address ooo Metric pa Extended Route Parameters Description Mm Source Interface Any v Source IP Address Netmask naa 1 255 255 255 0 Layer 4 Protocol Any Y Source Port m Port HIS to Port E Destination Port E Port HT to Port E DSCP TOS Value ignore S y Mode Dialup and wait oK C Cancel Fig 78 Network gt Routes gt IPv4 Routes gt New with Extended Enabled The Network gt Routes gt IPv4 Routes gt New menu consists of the following fields Fields in the menu Basic Settings Field Description Interface Select the interface to be used for this route Route Type Select the type of route Possible values e Default Route via Interface Route via a specific in terface which is to be used if no other suitable route is avail able e Default Route via Gateway Route via a specific gate way which is to be used if no other suitable route is available bintec Rxxx2 RTxxx2 Teldat GmbH 14 Networking Field Description e Host Route via Interface Route to an individual host via a specific interface e Host Route via Gateway Route to an individual host via a specific gateway e Network Route via Interface default value Route to a network via a specific interface e Network Route via Gateway Route to a network via a specific gateway Only for interfaces that are operated in DHCP client mode Even if an interface is configured for DHCP
217. Position Position BRI 1 JOM Internal external pma Internal external switching Internal external switching BRI 2 J1M Internal external Power supply for internal con BRI 1 JOP Off On nection Power supply for internal con BRI 2 J1P Off On nection 100 Ohm terminator BRI 1 JOT Off On 100 Ohm terminator BRI 2 J1T Off On bintec Rxxx2 RTxxx2 You can also switch the interfaces BRI 3 and BRI 4 The link plugs are on the side of the ISDN L module J2M Mode e J3M Mode J2P Power ISDN L Module J3P Power J2 3 J2T Termination le J3T Termination Insert the link plugs for interfaces BRI 3 and BRI 4 as shown in the following figure 42M BRI 3 ISDN Mode Switch intern extern J3M BRI 4 off o J2P BRI 3 Power for internal BRI a O J3P BRI 4 Port 3 4 connect together in powerless state J2 3 J2T BRI 3 100 Ohm termination J3T BRI 4 on position ist only allowed if J2M BRI 3 is in int Mode and J3M BRI 4 is in ext Mode on is only permitted if J3M BRI 3 is set to internal mode and J4M BRI 4 is set to extern al mode Use Interface Link plug area Position Position Internal external switching BRI 3 J2M bintec Rxxx2 RTxxx2 Use Interface Link plug area Position Position Internal external switching BRI 4 J3M Internal external Power supply
218. R Only for Import external routes Disabled Select whether the Area Border Gateway shall send no LSA s in the stub area but rather only propagate a default route The function is enabled with Enabled The function is not activated by default Fields in the Route Aggregation menu Field Description IP Address Define the OSPF area e IP Address Here you enter the IP address of the area to be combined e Netmask Enter the netmask here e Advertise Subnetworks that are combined into areas either initiate propagation of the given combination Yes default value or cause the subnetwork not to be propagated outside the area at all No i e neither the actual subnetworks nor the combined overall subnetwork are propagated Add new entries with Add 15 2 2 Interfaces In the Routing Protocols gt OSPF gt Interfaces menu a list of all interfaces is displayed Areas Interfaces Global Settings View 20 per page Fitter in None y equal Go Interface Area ID IP Address Admin Status Status Metric ent 0 N A N A Passive N A N A ent 4 NIA NIA Passive NIA NIA Page 1 Items 1 2 Fig 103 Routing Protocols gt OSPF gt Interfaces N Caution If your interfaces are not only to be assigned to Backbone Area 0 0 0 0 you must first define OSPF areas in the Routing Protocols OSPF Areas menu 15 2 2 1 Edit Select the symbol to modify the OSPF settings fot the interfaces Areas Interfa
219. RL Only for Command Type Certificate Management and Action SCEP Enter the URL of the SCEP server e g ht tp scep teldat de 8080 scep scep dll Your CA administrator can provide you with the necessary data Subject Name Only for Command Type Certificate Management and Action SCEP 21 Local Services Teldat GmbH Field Description Enter a subject name with attributes Example CN VPNServer DC mydomain DC com c DE CA Name Only for Command Type Certificate Management and Action SCEP Enter the name of the CA certificate of the certification authority CA from which you wish to request your certificate e g cawindows Your CA administrator can provide you with the necessary data Password Only for Command Type Certificate Management and Action SCEP To obtain certificates you may need a password from the certi fication authority Enter the password you received from the cer tification authority here Key Size Only for Command Type Certificate Management and Action SCEP Select the length of the key to be created Possible values are 1024 default value to 2048 and 4096 Autosave Mode Only for Command Type Certificate Management and Action SCEP Select whether your device automatically stores the various steps of the enrolment internally This is an advantage if enrol ment cannot be concluded immediately If the status has not been saved the incomplete registration cannot be comp
220. ROM Shows the status of the DSA key If no DSA key has yet been generated Not generated is dis played in red and a link Generate is provided If you select the link the generation process is triggered and the view is up dated The Generating status is displayed in green When generation has been completed successfully the status changes from Generating to Generated If an error occurs during the generation Not generated and the Generate link are displayed again You can then repeat generation If the Unknown status is displayed generation of a key is not 10 System Management Teldat GmbH Field VENTO possible for example because there is not enough space in the FlashROM The menu Advanced Settings consists of the following fields Fields in the menu Advanced Settings Field Value Login Grace Time Enter the time in seconds that is available for establishing the connection If a client cannot be successfully authenticated dur ing this time the connection is terminated The default value is 600 seconds Compression Select whether data compression should be used The function is activated by selecting Enabled The function is disabled by default TCP Keepalives Select whether the device is to send keepalive packets The function is activated by selecting Enabled The function is enabled by default Logging Level Select the syslog level for the syslog messages generated by the SSH Daemon Possible se
221. S See Teldat GmbH CBC CCITT CD Call Deflection Central speeddial memory Certificate Channel Bundling CHAP Checksum field CLID Client CLIP CLIR COLR Glossary Block Cipher Modes Cipher Block Chaining Consultative Committee for International Telegraphy and Telephony The forwarding of calls This performance feature enables you to forward a call without having to take it yourself If you forward a call to an external subscriber you bear any connection costs from your connection to the destination of the forwarded call This feature can therefore be used by system telephones and ISDN telephones that support this function see user s guide for terminals For more in formation on using this performance feature with the telephone please see the user s guide Performance feature of a PBX Telephone numbers are stored ina PBX and can be called from every connected telephone using a key combination Certificate Channel bundling Challenge Handshake Authentication Protocol Frame Check Sequence FCS Calling Line Identification A client uses the services provided by a server Clients are usually workstations Abbreviation for Calling Line Identification Presentation Telephone number display of calling party Abbreviation for Calling Line Identification Restriction Temporary suppression of the transmission of the calling party s telephone number Connected Line Identification Restriction suppress
222. S Servers Static Hosts Domain Forwarding Cache Statistics Basic Parameters Domain Name Primary o 0 0 0 WINS Server Secondary o 0 0 0 Advanced Settings Positive Cache Enabled Negative Cache Enabled Cache Size 100 Entries Maximurn TTL for Positive Cache Entries e6400 Seconds Maximum TTL for Negative Cache Entries 300 Seconds Fallback interface to get DNS server automatic v IP address to use for DNSAMNS server assignment As DHCP Server Onone Own IP Address DNS Setting As IPCP Server O None ownIP Address DNS Setting OK Cancel Fig 165 Local Services gt DNS gt Global Settings The menu Local Services gt DNS gt Global Settings consists of the following fields Fields in the Basic Parameters menu Field Description Domain Name Enter the standard domain name of your device WINS Server Enter the IP address of the first and if necessary alternative l global Windows Internet Name Server WINS or NetBIOS Primary Name Server NBNS Secondary The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Positive Cache Select whether the positive dynamic cache is to be activated bintec Rxxx2 RTxxx2 21 Local Services Teldat GmbH Field Description i e successfully resolved names and IP addresses are to be stored in the cache The function is activated by selecting Enabled The function is enabled by default
223. S is activated on the inter face The available bandwidth is distributed as fairly as pos sible among the automatically detected traffic flows in a queue Exception High priority packets are always handled with priority e Disabled default value QoS is deactivated on the inter face The existing configuration is not deleted but can be ac tivated again if required Traffic shaping Activate or deactivate data rate limiting in the send direction The function is enabled with Enabled The function is disabled by default Maximum Upload Only for Traffic shaping enabled Speed Enter a maximum data rate for the queue in the send direction in kbits Possible values are 0 to 1000000 The default value is 0 i e no limits are set the queue can oc cupy the maximum bandwidth Protocol Header Size Only for Traffic shaping enabled below Layer 3 Choose the interface type to include the size of the respective overheads of a datagram when calculating the bandwidth Possible values e User defined Value in byte Possible values are 0 to 100 e Undefined Protocol Header Offset 0 default value Can only be selected for Ethernet interfaces e Ethernet e Ethernet and VLAN e PPP over Ethernet 14 Networking Teldat GmbH Field Description e PPP over Ethernet and VLAN Can only be selected for IPSec interfaces e IPSec over Ethernet e IPSec over Ethernet and VLAN e TPSec via PPP over Ethernet e
224. SDN socket The So bus starts at the NTBA and can be up to 150 m long Any ISDN devices can be operated on this bus However only two devices can use the So bus at any one time as only two B channels are available Teldat GmbH So connection So interface SOHO SPD Special features Special features connection Specify own tele phone number for next call Speeddial number SPID Splitter Glossary See ISDN Basic Rate Interface Internationally standardised interface for ISDN systems This inter face is provided on the network side by the NTBA On the user side the interface is intended for connecting a PBX point to point connection and for connecting up to eight ISDN terminals point to multipoint connection Small Offices and Home Offices The SPD Security Policy Database defines the security services available for IP traffic These security services are dependent on parameters such as the source and destination of the packet etc Performance features of the T Net and T ISDN networks such as display of the caller s number callback on busy call forwarding changeable connection lock changeable telephone number lock connection without dialling and transmission of charge information Availability depends on the standard of the connected terminals T ISDN Basic Rate Interface with an extensive range of services call waiting call forwarding third party conference display of call costs at the end of a
225. SG 1 i 1 I 1 1 Serial 1 1 i connect ISDN HE to PC BRI lines Ue Analog Switch Phones LAN Server Server Fig 2 Connection options using the example of bintec RT4202 When setting up and connecting carry out the steps in the following sequence refer to the connection diagrams for the individual devices in chapter Technical data on page 11 1 2 3 Affix the rubber feet supplied to the marked areas on the underside of the device Place your device on a fixed even surface or install your device in a 19 inch cabinet using the supplied bracket LAN For the standard configuration of your device via Ethernet connect the first switch port ETH1 of your device to your LAN using the Ethernet cable supplied The device automatically detects whether it is connected to a switch or directly to a PC ADSL only bintec R3002 and bintec RT3002 Connect the DSL interface DSL of your device to the DSL output of the splitter us ing the DSL cable supplied SHDSL only bintec R3802 Connect the SHDSL interface SHDSL of your device to the SHDSL connection us ing the DSL cable supplied VDSL only bintec R3502 and bintec RT3502 Connect the VDSL2 interface VDSL of your device to the VDSL connection using the VDSL cable supplied Mains connection Connect the device to a plug socket The power connection is located on the back of the device You can set up further connections as required e ISDN BRI see Vari
226. Sec gt Phase 1 Profiles menu IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Internet Key Exchange Version 1 IKEv1 View feo per page Fitter in None v equal y Go Default Description Proposals Authentication Mode DH Group Lifetime Page 1 Create new IKEv1 Profile New Internet Key Exchange Version 2 IKEv2 View feo per page L Fitter in None v equal y Default Description Proposals Lifetime Page 1 Create new IKEv2 Profile C OK C Cancel Fig 132 VPN gt IPSec gt Phase 1 Profiles In the Default column you can mark the profile to be used as the default profile 18 1 2 1 New Choose the New at Create new IKEv1 Profile or Create new IKEv2 Profile button to create additional profiles bintec Rxxx2 RTxxx2 IPSec Peers Phase 1 IKE Parameters Description Proposals DH Group Lifetime Authentication Method Mode Local ID Type Local ID Value Alive Check Block Time NAT Traversal Teldat GmbH Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Ikea Encryption Authentication Enabled AES v MD5 hc AES MD5 v AES v MD5 v 1768 Bit 2 1024 Bit O 5 1536 Bit haoo Seconds 0 kBytes Preshared Keys O Main Mode ID Protect Aggressive Cl strict Fully Qualified Domain Name FQDN r4402 Advanced Settings Autodetect v 30 Seconds
227. Select the desired ISDN interfaces to be included with this party line 20 2 7 Options In the VoIP gt Media Gateway gt Options menu you can perform global settings for the Me dia Gateway bintec Rxxx2 RTxxx2 Teldat GmbH 20 VoIP Extensions SIP Accounts Call Routing CLID Translation Call Translation ISDN Trunks Options Basic Parameters Media Gateway Status Session Border Controller Mode Media Stream Termination Default Drop Extension Dial Latency Speed Dialing Enabled Auto Y Enabled 5 Seconds Advanced Settings Shortcut Replacement Add oK Cancel Fig 163 VoIP gt Media Gateway gt Options The VoIP gt Media Gateway gt Optionsmenu consists of the following fields Fields in the Basic Parameters menu Field Description Media Gateway Status Select whether the media gateway function should be enabled Session Border Con troller Mode The function is enabled with Enabled The function is disabled by default Specify how the media gateway should behave in conjunction with a session border controller mode Possible values e Auto default value for all extensions that exactly agree with an existing SIP account the call routing is handled by the ses sion border controller i e all SIP messages configured for the corresponding SIP account are forwarded to the session bor der controller For all other extensions the call routing is handled by the media gateway in
228. Speed Enter a maximum data rate for the queue in kbits Possible values are 0 to 1000000 The default value is 0 Overbooking allowed Only for Traffic Shaping enabled Enable or disable the function The function controls the band width limit If Overbooking allowed is activated the bandwidth limit set for this queue can be exceeded as long as free bandwidth exists on the interface If Overbooking allowed is deactivated the queue can never occupy bandwidth beyond the bandwidth limit that has been set The function is enabled with Enabled The function is disabled by default Burst size Only for Traffic Shaping enabled Enter the maximum number of bytes that may still be transmit ted temporarily when the data rate permitted for this queue has been reached Possible values are 0 to 64000 The default value is 0 The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Dropping Algorithm Choose the procedure for rejecting packets in the QoS queue if the maximum size of the queue is exceeded Possible values 14 Networking Teldat GmbH Field Description e Tail Drop default value The newest packet received is dropped e Head Drop The oldest packet in the queue is dropped Random Drop A randomly selected packet is dropped from the queue Congestion Avoidance Enable or disable preventative deletion of data packets RED Packets which
229. Statistics The Monitoring gt IPSec gt IPSec Statistics menu consists of the following fields Fields in the Licences menu Field Description IPSec Tunnels Shows the IPSec licences currently in use In Use and the maximum number of licenses usable Maximum Fields in the Peers menu 24 Monitoring Teldat GmbH Field Description Status Displays the number of IPSec tunnels by their current status e Up Currently active IPSec tunnels e Going up IPSec tunnels currently in the tunnel setup phase e Blocked IPSec tunnels that are blocked e Dormant Currently inactive IPSec tunnels e Configured Configured IPSec tunnels Fields in the SAs menu Field Description IKE Phase 1 Shows the number of active phase 1 SAs Established from the total number of phase 1 SAs Total IPSec Phase 2 Shows the number of active phase 2 SAs Established from the total number of phase 2 SAs Total Fields in the Packet Statistics menu Field Description Total Shows the number of all processed incoming In or outgoing Out packets Passed Shows the number of incoming In or outgoing Out packets forwarded in plain text Dropped Shows the number of all rejected incoming In or outgoing Out packets Encrypted Shows the number of all incoming In or outgoing Out pack ets protected by IPSec Errors Shows the number of incoming In or outgoing Out packets for which processing led to errors 24 3 ISDN Modem
230. Storage temperature 25 C to 70 C 25 C to 70 C Operating temperature 0 C to 40 C 0 C to 40 C Relative atmospheric hu midity 10 to 90 non condensing in operation 5 to 95 non condensing when stored 10 to 90 non condensing in operation 5 to 95 non condensing when stored Room classification Only use in dry rooms Only use in dry rooms Available interfaces Ethernet IEEE 802 3 LAN 4 port switch Permanently installed twisted pair only 10 100 1000 mbps auto sensing MDIX Permanently installed twisted pair only 10 100 1000 mbps auto sensing MDIX Teldat GmbH 5 Technical data Property bintec R1202 bintec RT1202 ETH5 Permanently installed twisted pair Permanently installed twisted pair only 10 100 1000 mbps auto only 10 100 1000 mbps auto sensing MDIX sensing MDIX ISDN BRI SO Euro ISDN Euro ISDN point to multipoint point to point point to multipoint point to point connection connection Only TE mode TE or NT mode Console RS232 Baudrates 1200 115200 Baud Baudrates 1200 115200 Baud Available sockets Serial interface V 24 5 pole mini USB socket 5 pole mini USB socket Ethernet interfaces RJ45 socket RJ45 socket ISDN BRI interface RJ45 socket RJ45 socket Standards amp Guidelines R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp T
231. TE Port Usage Leased Line v ISDN Switch Type Leased Line Custom Time Slots v Description Bundle Type Number of Channels Custom Time Slots New Bundle PPP 0 m C Add ISDN Line Framing CACA Standard Y New Bundle Description Bundle Type PPP Multilink Physical Hyperchannel Timeslot Selection O Range Selection Timeslot Matrix O1 0 O3 04 O7 Os Osa Oro Di O14 O15 O16 Timeslot Matrix O1g O20 Oa O22 Da O26 027 O28 O31 X75 Layer 2 Mode pce ODTE OK UC Cancel __ Fig 52 Physical Interfaces gt ISDN Ports gt ISDN Configuration gt The Physical Interfaces gt ISDN Ports gt ISDN Configuration gt menu consists of the following fields Fields in the Basic Parameters menu Field Description Port Name Shows the name of the ISDN port Port Usage Select whether the ISDN switch type D channel detection for switched line is to be automatically identified Possible values e None default value ISDN connection is not used EURO ISDN S2M TE EURO ISDN S2M User Profile e EURO ISDN S2M NT EURO ISDN S2M Network Profile e Back to Back dialup Two S2M connections are dir bintec Rxxx2 RTxxx2 Teldat GmbH 11 Physical Interfaces Field Description ectly coupled e Leased Line You can select a leased line e Q SIG S2M TE Q SIG S2M User Profile e Q SIG S2M NT Q SIG S2M Network Profile ISDN Line Framing Only
232. TE Directive 1999 5 EC CE symbol for all EU states SAFERNET TM Security Technology Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPOA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP En cryption VPN with PPTP or IPSec Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPOA Callback Access Control Lists CLID NAT SIF MPPE Encryption PPTP En cryption VPN with PPTP or IPSec Software supplied Dime Manager on DVD Dime Manager on DVD Documentation included Quick Install Guide and safety no tices bintec Dime Manager User s Guide on DVD Installation poster Quick Install Guide and safety no tices bintec Dime Manager User s Guide on DVD Installation poster Online documentation User s Guide Workshops Release Notes if required User s Guide Workshops Release Notes if required General product features bintec R3002 bintec R3502 bintec R3802 5 Technical data Teldat GmbH Property bintec R3002 bintec R3502 bintec R3802 Dimensions and weights Equipment dimensions without cable B x H x D 19 housing 482 6 mm x 220 mm x 45 mm 19 housing 482 6 mm x 220 mm x 45 mm 19 housing 482 6 mm x 220 mm x 45 mm Weight approx 2 0 kg approx 2 0 kg approx 2 0 kg Transport weight incl docu mentation cables packaging approx 2 6 kg approx 2 6 kg
233. The application was called the DIME Browser before BRICK ware version 5 1 3 One important prerequisite for the transfer of your configuration to the PBX is that you have set up a connection between the PC and PBX You can do this using the LAN Ethernet connection With some restrictions you can also program your PBX using the telephone For information on programming your PBX using the tele phone please see the accompanying user s guide The performance features for analogue terminals can only be used with terminals that use the MFC dialling method and that have an R or flash key The internal telephone number of the connection and not the ex ternal number multiple subscriber number must be entered as the MSN in the ISDN terminal connected to the internal ISDN bus See the user s guide for the ISDN terminals Enter MSN Please note that not all the ISDN terminals available on the market can use the performance features provided by the PBX via their key interface Cyclic Redundancy Check Computer Telephony Integration Term for connection between a PBX and server CTI enables PBX functions to be controlled and evaluated by a PC Control and signalling channel of an ISDN Basic Rate Interface or Primary Rate Interface The D channel has a data transmission rate of 16 kbps In addition to the D channel each ISDN BRI has two B channels Teldat GmbH Data compression Data Link Layer Data packet Data transmission rate
234. The blacklist is configured for each VSS in the Wireless LAN Controller gt Slave AP configuration gt Wireless Networks VSS menu You can also add a new entry to the static blacklist Possible values for Rogue Clients Status Meaning Rogue Client MAC Ad Displays the MAC address of the client on the blacklist dress SSID Displays the SSID involved Attacked Access Point Displays the AP concerned Signal dBm Displays the signal strength of the client during the attempted access Type of attack This displays the type of potential attack e g an incorrect au thentication First seen Displays the time of the first registered attempted access Last seen Displays the time of the last registered attempted access Static Blacklist You can categorise a rogue client as untrustworthy by selecting the checkbox in the Static Blacklist column The block on the client does not then end automatically rather you need to lift it manually Delete You can delete entries with the symbol 13 4 6 1 New Choose the Newbutton to configure additional blacklist entries Active Clients Wireless Networks VSS Client Management Neighbor APs Rogue APs Rogue Clients New Blacklist Entry Rogue Client MAC Address ae Network Name SSID Select one e OK Cancel Fig 75 Wireless LAN Controller gt Monitoring Rogue Clients New The menu consists of the following fields Fields in the New Blacklist Entry menu Field Descriptio
235. The function is disabled by default Reboot after execution Only if Command Type Configuration Management Select whether your device should restart after the intended Ac tion The function is disabled by default Version Check Only for Command Type Configuration Management and Action Import configuration Select whether when importing a configuration file to check on the server for the presence of a more current version of the 21 Local Services Teldat GmbH Field Description already loaded configuration If not the file import is interrupted The function is disabled by default Destination IP Address Only if Command Type Ping Test Enter the IP address whose accessibility is to be checked Source IP Address Only if Command Type Ping Test Enter an IP address to be used as sender address for the ping test Possible values e Automatic default value The IP address of the interface over which the ping is sent is automatically entered as sender address e Specific Enter the desired IP address in the input field Interval Only if Command Type Ping Test Enter the time in Seconds after which a ping must be resent The default value is 1 second Count Only if Command Type Ping Test Enter the number of ping tests to be performed until Destina tion IP Address is considered unreachable The default value is 3 Server Address Only for Command Type Certificate Management and Action
236. UDP destin ation port that is to be supervised by the ALG In the ex works state there are two entries configured for the SIP Ports TCP 5060 and UDP 5060 in accordance with the IANA defini tion bintec Rxxx2 RTxxx2 Teldat GmbH 20 VoIP 20 1 1 1 Edit or New Choose the Fz icon to edit existing entries Choose the New button to create application level gateway entries SIP Proxies SIP Endpoints Basic Parameters Description o Administrative Status Y Enabled Protocol UDP v Destination Poo SCS Session Timeout 7200 Seconds Low Latency Transmission Enabled OK Cancel Fig 155 VolP gt Application Level Gateway gt SIP Proxies gt g New The VoIP gt Application Level Gateway gt SIP Proxies gt New menu consists of the fol lowing fields Fields in the Basic Parameters menu Field Description Description Enter the name of the application level gateway Administrative Status Select whether the SIP proxy should be enabled or disabled The function is activated by selecting Enabled The function is enabled by default Protocol Select the protocol to be used Possible values UDP default value or TCP Enter the port to be supervised by the proxy as Destination Port or each destination port to which VoIP clients from the LAN can connect you must configure a proxy The ports can be provider specific Session Timeout Enter the time in seconds for which a session stays up if no
237. V3 and less often V2 Two packet types play a central role in IGMP queries and reports Queries are only transmitted from a router If several IGMP routers exist in a network the router with the lowest IP address is the querier We differentiate here between a general query sent to 224 0 0 1 a group specific query Sent to a group address and the group and source specific query sent to a specific group address Reports are only sent by hosts to respond to queries 16 2 1 IGMP In this menu you configure the interfaces on which IGMP is to be enabled 16 2 1 1 Edit or New Choose the icon to edit existing entries Choose the New button to configure IGMP on other interfaces IGMP Options IGMP Settings Interface None v Query Interval 125 Seconds Maximum Response Time fi 0 0 Seconds Robustness 28 Last Member Query Interval fi 0 Seconds IGMP State Limit lo Messages per Second Mode O host O Routing Advanced Settings IGMP Proxy DEnabled 7 4 oK Cancel Fig 107 Multicast gt IGMP gt IGMP gt New The Multicast gt IGMP gt IGMP gt New menu consists of the following fields Fields in the IGMP Settings menu Field Description Interface Select the interface on which IGMP is to be enabled i e queries are sent and responses are accepted Query Interval Enter the interval in seconds in which IGMP queries are to be sent Possible values are 0 to 600 The default value is 125 Maximum Respon
238. a RADIUS server is used for accounting your device sends an accounting message to the RADIUS server at the end of each connection A list of all entered RADIUS servers is displayed in the System Management gt Remote Authentication gt RADIUS menu 10 5 1 1 Edit or New Choose the icon to edit existing entries Choose the New button to add RADIUS serv ers RADIUS TACACS Options Basic Parameters Authentication Type PPP Authentication Server IP Address M RADIUS Secret Jeoccccce Default User Password Jeeccceece Priority ov Entry active El Enabled Group Description Default Group 0 Advanced Settings Policy Authoritative v UDP Port fez Server Timeout IS Milliseconds Alive Check Enabled Retries A DEnabled RADIUS Dialout Reload Interval E j Seconds OK Cancel Fig 40 System Management gt Remote Authentication gt RADIUS gt New The System Management gt Remote Authentication gt RADIUS gt Newmenu consists of the following fields Fields in the Basic Parameters menu Field VENTO Authentication Type Select what the RADIUS server is to be used for Possible values e PPP Authentication default value only for PPP connec tions The RADIUS server is used for controlling access to a network bintec Rxxx2 RTxxx2 Teldat GmbH 10 System Management Field Value e Accounting for PPP connections only The RADIUS server is used for recording statistical call data e Lo
239. able Bit Rate V 1 VBR 1 Or Variable Bit Rate V 3 VBR 3 Enter a value for the maximum number of bits per second by which the PCR can be exceeded briefly Possible values 0 to 100000 The default value is 0 17 2 3 OAM Controlling OAM is a service for monitoring ATM connections A total of five hierarchies flow level F1 to F5 are defined for OAM information flow The most important information flows for an ATM connection are F4 and F5 The F4 information flow concerns the virtual path VP and the F5 information flow the virtual channel VC The VP is defined by the VPI value the VC by VPI and VCI Note Generally monitoring is not carried out by the terminal but is initiated by the ISP Your device then only needs to react correctly to the signals received This is ensured without a specific OAM configuration for both flow level 4 and flow level 5 Two mechanisms are available for monitoring the ATM connection Loopback Tests and OAM Continuity Check OAM CC These can be configured independently of each other i Caution The configuration of OAM requires extensive knowledge of ATM technology and the way the Teldat devices functions An incorrect configuration can cause considerable disruption during operation If applicable save the original configuration on your PC In the WAN gt ATM gt OAM Controlling menu a list of all monitored OAM flow levels is dis played 17 2 3 1 New Choose the New button to set up monit
240. able switching of SO interfaces on page 37 Connect the ISDN BRI interface BRI1 BRI2 or BRI3 BRI4 of the device to your ISDN socket using the ISDN BRI cable provided e ISDN PRI only bintec R4402 Connect the ISDN PRI interface PRI 1 or PRI 2 of the device to your PRI connection using the ISDN PRI cable provided e Other LANs Connect any other terminals in your network to the remaining switch ports ETH2 ETH3 ETH4 or ETH5 of your device using other Ethernet cables e Serial connection For alternative configuration possibilities connect the serial interface of your PC COM1 or COM2 to the serial interface of the gateway console However configuration via the serial interface is not provided by default e Analog telephone analog fax only bintec RT4202 Connect your analog telephone or your analog fax to the FXS connections The device is now ready for configuration with the GUI Chapter Basic configuration on page 41 provides a detailed step by step guide to the basic functions on your device 3 2 Cleaning You can clean your device easily Use a damp cloth or antistatic cloth Do not use solvents Never use a dry cloth the electrostatic charge could cause electronic faults Make sure that no moisture can enter the device and cause damage 8 bintec Rxxx2 RTxxx2 3 3 Support information If you have any questions about your new product or are looking for additional information the Teldat GmbH Support Centre can be reached Mond
241. abled by default If you activate the function all passwords and keys in all menus are displayed and can be edited in plain text One exception is IPSec keys They can only be entered in plain text If you press OK or call the menu again they are displayed as asterisks 10 2 3 Date and Time You need the system time for tasks such as correct timestamps for system messages ac counting or IPSec certificates bintec Rxxx2 RTxxx2 eer as System Passwords Date and Time System Licences Basic Settings Time Zone Europe Berlin v Current Local Time Saturday 2000 Apr 29 05 35 41 Manual Time Settings D Month Year Set Date Y Hour Minute Set Time Automatic Time Settings Time Protocol ISDN Timeserver DEnabled First Timeserver SNTP v Second Timeserver SNTP v Third Timeserver SNTP v Time Update Interval h 440 Minute s Time Update Policy Normal Internal Time Server C Enabled C OK C Cancel Fig 31 System Management gt Global Settings gt Date and Time You have the following options for determining the system time local time ISDN Manual The system time is updated via ISDN i e the date and time are taken from the ISDN when the first outgoing call is made or is set manually on the device If the correct location of the device country city is set for the Time Zone switching from summer time to winter time and back is automatic This is independent of the exchange time or the ntp
242. accessible once more it is always enabled If the function is not enabled the currently enabled backup router continues to be enabled even when the actual master router is accessible once more although the priority of the master router is higher than the priority of the backup router which is currently enabled The function is enabled by default Note the following exception If Virtual Interface Priority 255 is selected the gateway with this priority certainly takes over the master role i e the setting in Pre empt mode go back into master state is ignored You should therefore select a Virtual Interface Priority lower than 255255if you wish to use Pre empt Mode Enable authentication Enable or disable authentication The function is enabled with Enabled If the function is active an input field is displayed Enter the au thentication key here Please note Note that the authentication key must be the same for all virtual routers in the group The function is disabled by default Teldat GmbH 21 Local Services 21 12 2 VR Synchronisation The watchdog daemon is configured in the Local Services gt BRRP gt VR Synchronisation menu i e you define how state changes are handled After opening the menu Local Services gt BRRP gt VR Synchronisation a list of all syn chronisations is displayed You can either synchronise virtual interfaces or interfaces New synchronisations can be added in the New menu For example yo
243. accordance with the entries configured under Call Routing Note that the call routing is handled by the media gateway if the provider is not available backup e Off Call routing is handled exclusively by the media gateway in accordance with the entries configured under Call Routing and the local extensions For calls that are to be routed via a 20 VoIP Teldat GmbH Field Description particular provider SIP account you must configure a cor responding call routing entry Internal calls from internal ex tension to internal extension that are only to be routed intern ally do not require an additional call routing entry e lt SIP Trunk gt Select a SIP trunk account configured under VolP gt Media Gateway gt SIP Accounts In this case the call routing for all extensions is handled by the session border controller all SIP messages are forwarded to the session bor der controller Note that the call routing is handled by the me dia gateway if the provider is not available backup Please note Entries in Call Routing have priority ahead of the session border controller configuration Media Stream Termina Choose how RTP sessions are controlled by the system a If the function is enabled RTP sessions are terminated on the media gateway i e all RTP streams are controlled by the media gateway and routed via the media gateway The participating terminal devices e g SIP telephones are not connected dir ectly with one anoth
244. ackets received Update Packets Sent Link State Update Displays the number of Link State Update packets sent Packets Routing table updates caused by Summary Displays the number of incremental routing table updates per formed when new Summary Link Advertisements have been re Field Description Links Advertisements ceived Routing table updates caused by External Ad Displays the number of incremental routing table updates per vertisements formed when new external Advertisements have been received 24 9 PIM 24 9 1 Global Status The status of all configured PIM components is displayed in the Monitoring PIM Global Status menu Global Status Not Interface Specific Status Interface Specific States View All v PIM Interfaces View 20 per page Interface IP Address Page 1 viequal y Go Designated Router Fitter in None PIM Neighbors View 20 per page Filter in None x equal Go Interface Generation ID IP Address Uptime Expiry Timer Page 1 Multicast Group RP Mappings View 20 per page Multicast Group Address Page 1 Fitter in None v equal y Go Multicast Group Prefix Length Rendevous Point IP Address Fig 226 Monitoring PIM Global Status Values in the Global Status list Field Description View Select the desired view from the dropdown menu Are available A11 PIM Interfaces PIM Neighbors and Mu
245. al dBm 185 Silent Deny 234 Silent Deny 198 SIM Card Uses PIN 120 SIP Endpoints 400 SIP Accounts 408 SIP Endpoint IP Address 404 409 SIP Header Field s for Caller Address 412 SIP Proxies 398 Slave Access Points 163 Slave AP location 160 Slave AP configuration 162 SMS Device 524 SMTP Authentication 523 SMTP Server 523 SNMP 89 95 525 SNMP Version 95 SNMP Listen UDP Port 95 SNMP Read Community 76 SNMP Trap Broadcasting 525 SNMP Trap Community 525 SNMP Trap Hosts 526 SNMP Trap Options 525 SNMP Trap UDP Port 525 SNMP Write Community 76 Index Software amp Configuration 508 Sort Order 406 413 Source 385 Source Interface 193 211 261 Source Location 467 Source Port 193 201 333 Source Port Range 201 211 214 229 Source Location 187 510 Source File Name 510 Source IP Address 462 467 479 484 Source IP Address Netmask 201 211 214 229 333 Source IP Address 548 549 551 551 Source Port Range 394 Special Handling Timer 211 Special Session Handling 209 Specific Ports 378 Specify bandwidth 388 Speed Dialing 427 SSH 89 91 SSH Port 92 SSH service active 92 SSID 185 Stack 535 Start Mode 334 Start Time 465 Start Time 536 State 541 542 State Province 113 Static Blacklist 185 Static Hosts 435 Statistics 439 536 543 Status 70 462 531 533 535 537 538 541 Stop Time 465 Subject 520 Subject Name 467 Subsystem 530 Successful Trial
246. al data Teldat GmbH Fig 12 Ethernet 10 100 1000 Base T interface RJ45 connector The pin assignment for the Ethernet 10 100 1000 Base T interface RJ45 connector is as follows RJ45 socket for Ethernet connection Pin Position 1 Pair O Pair O Pair 1 Pair 2 Pair 2 Pair 1 Pair 3 Pair 3 aN DO oa fF 0 DY The Ethernet 10 100 1000 BASE T interface does not have an Auto MDI X function 5 5 3 ADSL interface The ADSL interface on bintec R3002 and RT3002 is connected via an RJ45 plug The cable supplied connects the RJ45 plug needed for the device to an RJ11 plug provided for Annex A The second cable supplied connected the RJ45 plug with an RJ45 plug for Annex B The following pins are used for the ADSL connection Fig 13 ADSL interface RJ45 socket The pin assignment for the ADSL interface RJ45 socket is as follows Teldat GmbH 5 Technical data RJ45 socket for ADSL connection bintec R3002 and RT3002 Pin Position 1 Not used Not used Not used Line 1a Line 1b Not used Not used aN DO oa fF WwW DY Not used 5 5 4 SHDSL interface The SHDSL interface on bintec R3802 is connected via an RJ45 connector The cable supplied connects the RJ45 connector needed for the device to an RJ45 connector needed for the SHDSL connection The following pins are used for the SHDSL connection Fig 14 SHDSL interface RJ45 connector bintec R3802 The pin assignment for the SHDSL interface RJ4
247. all it If you need other languages for the configuration interface you can import these You can also trigger a system reboot in this menu 22 1 Diagnostics In the Maintenance gt Diagnostics menu you can test the availability of individual hosts the resolution of domain names and certain routes 22 1 1 Ping Test Test DNSTest Traceroute Test Ping Test Test Ping Address Output E Fig 200 Maintenance gt Diagnostics gt Ping Test You can use the ping test to check whether a certain host in the LAN or an internet address can be reached The Outputfield displays the ping test messages The ping test is launched by entering the IP address to be tested in Test Ping Address and clicking the Go button bintec Rxxx2 RTxxx2 22 1 2 DNS Test Ping Test DNS Test Traceroute Test DNS Test DNS Address Output Fig 201 Maintenance gt Diagnostics gt DNS Test The DNS test is used to check whether the domain name of a particular host is correctly re solved The Outputfield displays the DSN test messages The ping test is launched by en tering the domain name to be tested in DNS Address and clicking the Go button 22 1 3 Traceroute Test Traceroute Test Traceroute Address Output Fig 202 Maintenance gt Diagnostics gt Traceroute Test bintec Rxxx2 RTxxx2 22 Maintena
248. alue can be a whole num ber from 0 to 2147483647 The default value is 0 The default value as per RFC is used 0 seconds and 0 Kbytes are entered Authentication Method Only for Phase 1 IKE Parameters Select the authentication method Teldat GmbH 18 VPN Field Description Possible values e Preshared Keys default value If you do not use certific ates for the authentication you can select Preshared Keys These are configured during peer configuration in the VPN gt IPSec gt IPSec Peers The preshared key is the shared password e DSA Signature Phase 1 key calculations are authenticated using the DSA algorithm e RSA Signature Phase 1 key calculations are authenticated using the RSA algorithm e RSA Encryption In RSA encryption the ID payload is also encrypted for additional security Local Certificate Only for Phase 1 IKE Parameters Only for Authentication Method DSA Signature RSA Signature Of RSA Encryption This field enables you to select one of your own certificates for authentication It shows the index number of this certificate and the name under which it is saved This field is only shown for authentication settings based on certificates and indicates that a certificate is essential Mode Only for Phase 1 IKE Parameters Select the phase 1 mode Possible values e Aggressive default value The Aggressive Mode is neces sary if one of the peers does not have a static IP address and preshared
249. alues Weekday Select a weekday in Condition Settings e periods default value In Condition Settings select a par ticular period e Day of Month Select a specific day of the month in Condi tion Settings Possible values for Condition Settings in Condition Type Weekday Monday default value Sunday Possible values for Condition Settings in Condition Type Periods e Daily The initiator becomes active daily default value e Monday Friday The initiator becomes active daily from Monday to Friday e Monday Saturday The initiator becomes active daily from Monday to Saturday e Saturday Sunday The initiator becomes active on Sat urdays and Sundays Possible values for Condition Settings in Condition Type Day of Month AS Start Time Enter the time from which the initiator is to be activated Activa tion is carried on the next scheduling interval the default value of this interval is 55 seconds Stop Time Enter the time from which the initiator is to be deactivated De activation is carried on the next scheduling interval If you do not enter a Stop Time or set a Stop Time Start Time the initiat or is activated and deactivated after 10 seconds Teldat GmbH 21 Local Services 21 7 2 Actions In the Local Services gt Scheduling gt Actions menu is displayed a list of all operations to be initiated by events or event chains configured in Local Services gt Scheduling gt Trigger
250. an be issued by several different issuers and in varying qualities the trustworthiness of the is suer is extremely important The quality of a certificate is regulated by the German Signa ture Act or respective EU Directives Certification authorities that issue so called qualified certificates are organised in a hier archy with the Federal Network Agency as the higher certifying authority The structure and content of a certificate are stipulated by the standard used X 509 is the most important and the most commonly use standard for digital certificates Qualified certificates are personal and extremely trustworthy Digital certificates are part of a so called Public Key Infrastructure PKI PKI refers to a system that can issue distribute and check digital certificates Certificates are issued for a specific period usually one year i e they have a limited valid ity period Your device is designed to use certificates for VPN connections and for voice connections over Voice over IP 10 6 1 Certificate List A list of all existing certificates is displayed in the System Management gt Certificates gt Certificate List menu 10 6 1 1 Edit Click the icon to display the content of the selected object key certificate or request bintec Rxxx2 RTxxx2 Certificate List CRLs Certificate Servers Edit parameters Description test Certificate is CA Certificate M true O Disabled O Always Certificate Revocation List
251. an use the configuration program to define whether call forwarding should be carried out in the PBX or the exchange You should use call for warding in the exchange if certain services are activated for your connection You can receive more information on this from your T Com advisor Call option day night Option of changing the call allocation on a PBX using a calendar Call pickup Call pickup Calls received after office hours are forwarded to a telephone still manned or to the answering machine or fax Performance feature of a PBX Calls can be received on an internal terminal that is not part of active call allocation An external call is only signalled for your colleague As you belong Glossary Call Relay on Busy Call Through Call to engaged sub scriber Call waiting Call waiting protec tion Callback on Busy Callback on no reply Called party number Caller list Teldat GmbH to several different teams this is not surprising You can now form various groups of subscribers in which call pickup is possible A call can only be picked up by subscribers terminals in the same pickup group The assignment of subscribers in pickup groups is not de pendent on the settings in the Day and Night team call assignment Reject Call Through is a dial in via an external connection to the PBX with the call put through from the PBX via another external connection Busy on busy The Call Waiting performance featu
252. are forwarded to the CAPI service A list of all MSNs is displayed in the Physical Interfaces gt ISDN Ports gt MSN Configura tion menu 11 3 2 1 New Set the New button to set up a new MSN ISDN Configuration MSN Configuration Basic Parameters ISDN Port bri2 0 v Service ISDN Login MSN MSN Recognition ORight to Left Left to Right DDI Bearer Service O Data Voice O Data O Voice OK Cancel Fig 53 Physical Interfaces gt ISDN Ports gt MSN Configuration gt New The menu Physical Interfaces gt ISDN Ports gt MSN Configuration gt New consists of the following fields Fields in the Basic Parameters menu 11 Physical Interfaces Teldat GmbH Field Description ISDN Port Select the ISDN port for which the MSN is to be configured Service Select the service to which a call is to be assigned on the MSN below Possible values e ISDN Login default value Enables login with TSDN Lo gin e PPP Routing Default setting for PPP routing Contains automatic detection of the PPP connections stated below ex cept PPP DOVB e IPSec Enables a number to be defined for IPSec callback e Other PPP Other services can be selected PPP 64k Allows 64 kpbs PPP data connections PPP 56k Allows 56 kpbs PPP data connections PPP V 110 9600 PPP Wo LAO LAAOO IRIE Wo HO 1QZ00 RB Vo HINO S400 Allows PPP connections with V 110 and bitrates of 9 600 bps 14 400 bps 19 200 bps 38 400 bps PPP V 120 Allows PP
253. aring the connection Possible values are 0 to 3600 seconds 0 deactivates the timeout The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Remote PPTP IP Ad dress Only for PPTP Mode PNS Enter the IP address of the PPTP partner Remote PPTP IP Ad dressHost Name Only for PPTP Mode Windows Client Mode Enter the IP address of the PPTP partner 18 VPN Teldat GmbH Fields in the IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Static default value You enter a static IP address e Provide IP Address Only for PPTP Mode PNS Your device dynamically assigns an IP address to the remote ter minal e Get IP Address Only for PPTP Mode Windows Cli ent Mode Your device is dynamically assigned an IP ad dress Default Route Only if IP Address Mode Static Select whether the route to this connection partner is to be defined as the default route The function is enabled with Enabled The function is disabled by default Create NAT Policy Only if IP Address Mode Static When you configure an PPTP connection specify whether Net work Address Translation NAT is to be enabled The function is enabled with Enabled The function is disabled by default Local IP Address Only for IP A
254. ata traffic for a group is passed in all cases This is a useful option if multicast data traffic is to be permanently passed IGMP IGMP is used to gather information about the potential recipients in a subnet In the case of a hop incoming multicast data traffic can thus be selected Tip With multicast the focus is on excluding data traffic from unwanted multicast groups Note that if forwarding is combined with IGMP the packets can be forwarded to the groups specified in the forwarding request 16 1 General 16 Multicast Teldat GmbH 16 1 1 General In the Multicast gt General gt Generalmenu you can disable or enable the multicast func tion General Basic Settings Multicast Routing Enabled OK Cancel Fig 106 Multicast gt General gt General The Multicast gt General gt Generalmenu consists of the following fields Fields in the Basic Settings menu Multicast Routing Select whether Multicast Routing should be used The function is enabled with Enabled The function is disabled by default 16 2 IGMP IGMP Internet Group Management Protocol see RFC 3376 is used to signal the informa tion about group membership in a subnet As a result only the packets explicitly wanted by a host enter the subnet Special mechanisms ensure that the requirements of the individual clients are taken into consideration At the moment there are three versions of IGMP V1 V3 most current sys tems use
255. ata transmission is not optimised e Controlled RTP Streams only This mode is used if either the VoIP Application Layer Gateway ALG or the VoIP Media Gateway MGW is active Real Time Jitter Control is activated by the control instances ALG or MGW e Always Real Time Jitter Control is always active even if no real time data is routed Queues Policies Configure the desired QoS queues For each class created from the class plan which is associated with the selected interface a queue is generated automatically and displayed here only for data traffic classified as outgoing and for data traffic classified as moving in both directions Add new entries with Add The Edit Queue Policy menu opens By creating a QoS policy a DEFAULT entry with the lowest pri ority 255 is automatically created The menu Edit Queue Policy consists of the following fields Fields in the Edit Queue Policy menu Field Description Description Enter the name of the queue policy Outbound Interface Shows the interface for which the QoS queues are being con figured Prioritisation queue Select the queue priority type Possible values e Class Based default value Queue for data classified as normal e High Priority Queue for data classified as high priority 14 Networking Teldat GmbH Field Description e Default Queue for data that has not been classified or data of a class for which no queue has been configured Class ID On
256. ate e g of the PCs With connection For example the state of a connection between a PC and data network or for data exchange between two PCs Term for electronic banking e g using T Online Part of the T Com certification services for the Internet Digital pass for the Internet With the Online Pass an Internet user can be au thenticated as a customer in a company Services available around the clock via communication services such as T Online and the Internet OSI Open Systems Interconnection Glossary OSPF Outgoing extension number signal Outgoing telephone number Packet switching PAP Parking PBX PBX PBX PBX PBX number PCMCIA PDM Teldat GmbH Open Shortest Path First The outgoing extension number signal is intended for internal con nections on the point to point to which an explicit extension number was not assigned When an external call is made the extension number entered under Outgoing Extension Number Signal is also transmitted If you have not suppressed transmission of your telephone number and the telephone of the person you are calling supports the CLIP function the person you are calling can see the telephone number of the connection you are calling from on their telephone display This telephone number transmitted during an external call is called the outgoing telephone number Packet switching Password Authentication Protocol The call is held temporarily in the e
257. atic Define other routing entries for this connection partner e Remote IP Address P address of the destination host or network e Netmask Netmask for Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route range of values 0 15 The default value is 7 Teldat GmbH 17 WAN Field Description IP Assignment Pool Only if IP Address Mode Provide IP Address Select IP pools configured in the WAN gt Internet Dialup gt IP Poolsmenu If an IP pool has not been configured here yet the message Not yet defined appears in this field The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed The default value is 300 Maximum Number of Enter the number of unsuccessful attempts to setup a connec Dialup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Usage Type If necessary select a special interface use Possible values e Standard default value No special type is selected e Dialin only The interface is used for incoming dialup con nections and callbacks initiated externally e Multi User Dialin only The interface is defined as multi user connection partner
258. atic Refresh Interval do not enter a value of less than 5 seconds other wise the refresh interval of the screen will be too short to make further changes bintec Rxxx2 RTxxx2 Teldat GmbH 10 System Management Automatic Refresh Interval 60 Seconds Apply O Warning System Password not changed System Information Uptime 0 Day s 0 Hour s 36 Minute s System Date Saturday 2004 Feb 07 23 37 45 Serial Number RNB060011DF0309 BOSS Version V 9 1 Rev 2 IPSec from 2012 08 31 00 00 00 Back up of configuration on SD card Not available Last configuration stored Saturday 2004 Feb 07 21 46 44 Resource Information CPU Usage 0 Memory Usage 32 5 1023 9 MByte 3 Memory Card 0 324 987 738 MByte 0 ISDN Usage External 0 2B Channels Active Sessions SIF RTP etc 0 Active IPSec Tunnels 0 0 Physical Interfaces Interface Connection Information Link en1 0 172 16 105 140 255 255 255 224 o ent 5 Not configured Not configured o LTE 6 0 BAD 113 dem o bri 0 Not configured o WAN Interfaces Description Connection Information Link LTE 172 22 129 38 Obtained by server o Fig 28 System Management gt Status The menu System Management gt Status consists of the following fields Fields in the System Information menu Field Value Uptime Displays the time past since the device was rebooted System Date Displays the current system date and system time Serial Number Displays the device serial number BOSS Version D
259. ation e None The function is disabled Also select whether the test cells of the OAM CC are to be sent or received Possible settings e Both default value CC data is both received and generated e Sink CC data is received e Source CC data is generated 173 Leased Line A leased line is a permanent fixed connection between two communication partners via a telecommunications network Unlike a switched line the entire transmission channels is al ways available The leased line cannot be set up by the subscriber by dialling and therefore has no call number The connection must be set up by the network operator 17 3 1 Interfaces In the WAN gt Leased Line gt Interfaces menu a list of all is displayed Automatic genera tion requires the corresponding ISDN interface to be configured Autogenerated from BRI ISDN SO Description Type Protocol bri2 0 1 Leased Line B1 645 PPP ma D Autogenerated from PRI ISDN S2M Leased Line 1 Hyperchannel 6 703 6 704 Fig 125 WAN gt Leased Line gt Interfaces bintec Rxxx2 RTxxx2 17 3 1 1 Edit Choose the j button to edit the configuration of the corresponding leased line for a BRI interface Interfaces Basic Parameters Description IP Mode and Routes Default Route C Enabled Local IP Address Remote IP Address Netmask Metric Route Entries 1g Add Advanced Settings LCP Alive Check Enabled Prioritize TCP ACK Packets D
260. ation When the configuration is sent by e mail e g for sup port purposes confidential configuration data can be protected fully if required You can save or import files with the actions Export configuration Export configuration with status information and Load configuration If you want to save a configuration file with the action Export configuration or Export configuration with status information you can choose whether the configuration file is saved encrypted or without encryption A Caution If you have saved a configuration file in an old format via the SNMP shell with the put command there is no guarantee that it can be reloaded to the device As a result the old format is no longer recommended Options Currently Installed Software Boss V 9 1 Rev 1 IPSec from 2012 06 29 00 00 00 System Logic 1 1 Software and Configuration Options Action No Action v Go Fig 203 Maintenance gt Software amp Configuration gt Options 22 Maintenance Teldat GmbH The Maintenance gt Software amp Configuration gt Optionsmenu consists of the following fields Fields in the Currently Installed Software menu Field Description BOSS Shows the current software version loaded on your device Shows the current system logic loaded on your device System Logic ADSL Logic Shows the current version of the ADSL logic loaded on your device Fields in the Software and Configuration Options menu Field Description Action
261. ault Send Initial Contact Select whether IKE Initial Contact messages are to be sent dur Message ing IKE phase 1 if no SAs with a peer exist The function is enabled with Enabled The function is enabled by default Sync SAs with ISP in Select whether all SAs are to be deleted whose data traffic was terface state routed via an interface on which the status has changed from Up to Down Dormant or Blocked The function is enabled with Enabled The function is disabled by default Use Zero Cookies Select whether zeroed ISAKMP Cookies are to be sent These are equivalent to the SPI Security Parameter Index in IKE proposals as they are redundant they are normally set to the value of the negotiation currently in progress Alternatively your device can use zeroes for all values of the cookie In this case select Enabled Zero Cookie Size Only for Use Zero Cookies enabled Enter the length in bytes of the zeroed SPI used in IKE propos als The default value is 32 Dynamic RADIUS Au Select whether RADIUS authentication is to be activated via thentication IPSec The function is enabled with Enabled The function is disabled by default Fields in the PKI Handling Options menu Field Description Ignore Certificate Re Select whether certificate requests received from the remote 18 VPN Teldat GmbH Field Description quest Payloads end during IKE phase 1 are to be ignored The function is enabled with Enabl
262. ault value Callup is permitted e Block all Callup of the requested page is blocked e Log all Callup is permitted but logged The menu License Information consists of the following fields Fields in the License Information menu Field Description Licence Key Enter the number of your Proventia Web Filter licence The pre set code assigned by ISS designates the device type In the ex works state you can activate a 30 day demo version of the Proventia Web Filter To do this click the link Activate 30 days demo licence Teldat GmbH 21 Local Services Field Description Licence Status Shows the result of the last validity check of the licence The validity of the licence is checked every 23 hours License valid until This shows the expiry date of the licence relative to the time set on your device and cannot be edited 21 5 2 Filter List In the Local Services gt Web Filter gt Filter List menu you configure how the various cat egories of Internet pages are to be handled You configure the relevant filters for this purpose A list of filters already configured is dis played There are basically different approaches for configuring the filters e First a filter list can be created that only contains entries for those addresses that are to be blocked In this case it is necessary to make an entry at the end of the filter list that al lows all accesses that do not match a filter Setting for this Category Default
263. ay to Friday between the hours of 8 am and 5 pm They can be contacted as follows Email hotline Oteldat de International Support Coordina Telephone 49 911 9673 1550 tion Fax 49 911 9673 1599 End customer Hotline 0900 1 38 65 93 1 10 min on land lines in Germany For detailed information on our support services contact www teldat de bintec Rxxx2 RTxxx2 9 Chapter 4 Reset Resetting the device enables you to return your device to a predefined initial state This may be necessary if you have made incorrect configuration settings or the device is to be reprogrammed Manually resetting the device You can reset the device to the ex works state with the RESET button Depending on how long it is pressed for the RESET button performs two different functions e After pressing briefly once the device reboots e Hold the RESET button until the STATUS LED starts to flash The device performs a factory reset This means the device is returned to its ex works state The boot configura tion is deleted and all passwords are reset bintec Rxxx2 RTxxx2 Chapter 5 Technical data This chapter summarises all the hardware properties of the R1202 R3002 R3502 R3802 R4402 RT1202 RT3002 RT3502 and RT4202 devices 5 1 Scope of supply Your device is supplied with the following parts Product Cable sets other Software Documentation name R1202 Ethernet cable Companion DVD Quick Install Guide and safety notices pr
264. backup connection more quickly in the event of line faults The function is enabled with Enabled The function is enabled by default Callback Mode Select the Callback Mode function Possible values None default value Your device does not call back e Active Select one of the following options e No PPP negotiation Your device calls the connection partner to request a callback e Windows Client Mode Your device calls the connection partner to request a callback via CBCP Callback Control Protocol Needed for Windows clients e Passive Select one of the following options e PPP Negotiation or CLID Your device calls back im mediately when requested to do so by the connection part ner e Windows Server Mode Your device calls back after a period of time suggested by the Microsoft client NT 10 seconds new systems 12 seconds It uses the call number Entries gt Number with the Mode Outgoing or Both entered for the connection partner If no number is entered the required number can be reported by the caller in a PPP negotiation This setting should be avoided where possible for security reasons Currently cannot be avoided for the connection of mobile Microsoft clients via DCN e Delayed CLID only Your device calls back after ap Teldat GmbH 17 WAN Field Description prox four seconds if your device is requested to do so by the connection partner Only makes sense for CLID e Windows Server Mode
265. bintec trademarks and the bintec logo elmeg trademarks and the elmeg logo are registered trademarks of Teldat GmbH Company and product names mentioned are usually trademarks of the companies or manufacturers concerned Copyright All rights reserved No part of this manual may be reproduced or further processed in any way without the written consent of Teldat GmbH The documentation may not be processed and in particular translated without the consent of Teldat GmbH You will find information on guidelines and standards in the declarations of conformity under www teldat de How to reach Teldat GmbH Teldat GmbH S dwestpark 94 D 90449 Nuremberg Germany Phone 49 911 9673 0 Fax 49 911 688 07 25 Teldat France S A S 6 8 Avenue de la Grande Lande F 33174 Gradignan France Phone 33 5 57 35 63 00 Fax 33 5 56 89 14 05 Internet www teldat de Table of Contents Chapter 1 IntrOdUCtiOn gt k so ae aks SS eae es ee RY Ge be 1 Chapter 2 About this guide 0 o e 3 Chapter 3 Installation o o o o ee 6 3 1 Setting Up andconnecting 2 o o 6 3 2 Cleaning 3 2 sisas a a Ye ae 8 3 3 Supportinformation a a a a a a 9 Chapter 4 Reset vi wade be Bae A a 10 Chapter 5 Technical data o a 11 5 1 Scope of supply 2 2 a 11 5 2 General Product Features 2 2 ee ee ee 13 5 3 LEDS echo ea dk Be hae ee ds ee Be ae 23 5 4 Connectors ds a OA ES A ee a me A
266. ble values e None default value Encryption is not used O SIAC PUSES TAC e MPPC Microsoft Point to Point Compression LCP Alive Check Select whether the availability of the remote terminal is to be checked by sending LCP echo requests or replies This is re commended for leased lines PPTP and L2TP connections The function is enabled with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is enabled with Enabled The function is disabled by default Fields in the IP Options menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF protocol packets are sent Possible values e Passive default value OSPF is not activated for this inter face i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this inter face are however included when calculating the routing in formation and propagated over active interfaces e Active OSPF is activated for this interface i e routes are propagated or OSPF protocol packets sent over this interface 18 VPN Teldat GmbH Field Description e Inactive OSPF is disabled for this interface Proxy ARP Mode Select whether your device is to respond to ARP requests from its own LA
267. ble values are 32 to 65535 The default value is 32 Encapsulation Only for Provider User defined Select the encapsulation to be used Note your provider s in structions Possible values in accordance with RFC 2684 e LLC Bridged no FCS Default value for Ethernet over ATM Is only displayed for Type Ethernet over ATM Bridged Ethernet with LLC SNAP encapsulation without Frame Check Sequence checksums e LLC Bridged FCS only displayed for Type Ethernet over ATM Teldat GmbH 17 WAN Field Description Bridged Ethernet with LLC SNAP encapsulation with Frame Check Sequence checksums e Non ISO default value for Routed Protocols over ATM Is only displayed for Type Routed Protocols over ATM Encapsulation with LLC SNAP header suitable for IP routing e LLC only displayed for Type PPP over ATM Encapsulation with LLC header e VC Multiplexing default value for PPP over ATM Bridged Ethernet without additional encapsulation Null En capsulation with Frame Check Sequence checksums Fields in menu Ethernet over ATM Settings appears only for Type Ethernet over ATM Field Description Default Ethernet for Only for Type Ethernet over ATM PPPoE Interfaces Select whether this Ethernet over ATM interface is to be used for all PPPoE connections The function is enabled with Enabled The function is disabled by default Address Mode Only for Type Ethernet over ATM Select how an
268. bles Only if Command Type MIB SNMP Where required select MIB variables to uniquely identify a spe cific data set in MIB Table e g ConnIfIndex The unique identification of a particular table entry is derived from the com bination of Index Variable usually an index variable which is flagged with and Index Value Use Index Variables to create more entries with Add Trigger Status Only if Command Type MIB SNMP Select what status the event must have in order to modify the MIB variable as defined Possible values e Active default value The value of the MIB variable is mod ified if the initiator is active e Inactive The value of the MIB variable is modified if the ini tiator is inactive e Both The value of the MIB variable is differentially modified if the initiator status changes MIB Variables Only if Command Type MIB SNMP Select the MIB variable whose value is to be configured as de pendent upon initiator status If the initiator is active Trigger Status Active the MIB vari able is described with the value entered in Active Value If the initiator is inactive Trigger Status Inactive the MIB variable is described with the value entered in Inactive Value 21 Local Services Teldat GmbH Field Description If the MIB variable is to be modified depending on whether the initiator is active or inactive Trigger Status Both it is de scribed with an active initiator with the value entered in Act
269. c default value Interface Select the interface to which the DNS server pair is to be as signed For Interface Mode Dynamic A global DNS server is created with the setting None For Interface Mode Static A DNS server is configured for all interfaces with the Any setting Primary DNS Server Only if Interface Mode Manual Enter the IP address of the first name server for Internet ad dress name resolution Secondary DNS Server Only if Interface Mode Manual Optionally enter the IP address of an alternative name server 21 1 3 Static Hosts A list of all configured static hosts is displayed in the Local Services gt DNS gt Static Hosts menu 21 1 3 1 New Choose the New button to set up new static hosts Global Settings DNS Servers Static Hosts Domain Forwarding Cache Statistics Basic Parameters DNS Hostname Response Positive v IP Address ooo TTL emo Seconds OK Cancel Fig 167 Local Services gt DNS gt Static Hosts gt New bintec Rxxx2 RTxxx2 21 Local Services Teldat GmbH The menu Local Services gt DNS gt Static Hosts gt New consists of the following fields Fields in the Basic Parameters menu Field Description DNS Hostname Response IP Address TTL Enter the host name to which the IP Address defined in this menu is to be assigned if a positive response is received to a DNS request If a negative response is received to a DNS re quest no address is
270. c Parameters menu Field Description Description Enter a description for the GRE tunnel Local GRE IP Address Enter the source IP address of the GRE packets to the GRE partner If no IP address is given this corresponds to IP address 0 0 0 0 the source IP address of the GRE packets is selected automatically from one of the addresses of the interface via which the GRE partner is reached Remote GRE IP Ad Enter the target IP address of the GRE packets to the GRE dress partner bintec Rxxx2 RTxxx2 18 VPN Teldat GmbH Field Description Default Route If you enable the Default Route all data is automatically routed to one connection The function is disabled by default Local IP Address Here enter the LAN side IP address that is to be used as your device s source address for your own packets through the GRE tunnel Route Entries Define other routing entries for this connection partner Add new entries with Add e Remote IP Address IP address of the destination host or network e Netmask Netmask for Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route range of values 0 15 The default value is 7 MTU Enter the maximum packet size Maximum Transfer Unit MTU in bytes that is allowed for the GRE connection between the partners Possible values are 1 to 8192 The default value is 1500 Use key Enable the k
271. c in combination with routing protocols and the creation of VPN backup scenarios With the routing based method the configured or dynamically learned routes are used to negotiate the IPSec phase 2 SAs While it is true that this meth od simplifies many configurations at the same time there can be problems due to compet ing routes or the coarser filtering of the data traffic The Additional Traffic Filter parameter fixes this problem You can filter more finely i e you can e g specify the source IP address or the source port If there is a Additional Traffic Filter configured it is used to negotiate the IPSec phase 2 SAs the route only de termines which data traffic is to be routed If an IP packet does not match the defined Additional Traffic Filter it is discarded If an IP packet meets the requirements in an Additional Traffic Filter IPSec phase 2 ne gotiation begins and data traffic is transferred over the tunnel Note The Additional Traffic Filter parameter is only relevant to the initiator of the IPSec connection it only applies to outgoing data traffic Note Please note that the phase 2 policies must be configured identically on both of the IPSec tunnel endpoints Add new entries with Add IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Peer Parameters Administrative Status Sup O Down Description Peer 1 Peer Addre Basic Parameters Peer ID Description l Protoc
272. ca te Stent Bh ETE eh Me ont cy ED Oe e 324 18 1 1 IPSec PEES 2 ot aiden seem She Sores ee eee de Mee ee ee a et eo ae rea wk 325 18 1 2 Phase 1 Profils 4 0 2 5 a a Eb ees eh at tee A 341 18 1 3 Phase 2 Profiles 2 1 2 a 349 18 1 4 XAWTH Profiles wx 0020 o ia a a ee E aOR 354 18 1 5 IP POOS a Gad sacle se AA RS Ee ce eee BORA aS 356 18 1 6 Opt E Sls oh eel BEN hee aio as 357 18 2 OTR os a dee te ore Mato Bek BA Pe ote MAE Batt Get Nab le es 360 18 2 1 Tunnel Profiles tio eee oe oe Ae ad ie ee OR ee 361 18 2 2 USOS ene nore host conten Be RY tee Rage he cet ce ok cr See oe ey ee caer SS 364 18 2 3 OPTIONS a Se hh ew Fk nn ect yer ora State Se Steck cua eae er as 370 18 3 PRT Pos 225 20d tt co path dig CAA o A ey 371 18 3 1 PPTP Tunnels 4 6 3 de Set hen od Bt ate See te da 371 bintec Rxxx2 RTxxx2 18 3 2 OPS su ess SS RE epee te el es a HE Eee te es an 378 18 3 3 IPPO 40 ae 2 ko a eee Sak ae Ok A Aa ea A a ee N 379 18 4 GRE o eh teeter ak 3 AO oe ON gcd oe ona 3 ee ooo ON os 380 18 4 1 GRE Tunnels aina see a AS AE a eo 381 Chapter 19 Birewalll 2 eas et A A 383 19 1 152 51 lt en a O a a ee A 384 19 1 1 FiltereRUIGSs 5 0 de Bda Go ME at Da A ot Le o ME at oa Lo 384 19 1 2 QOS o eh LASS ada a st a Be a 388 19 1 3 Options 4 mae ae A A EOD EA od 389 19 2 Interfaces fy DAA A a A A A L 391 19 2 1 GIOUPS secs a a a A A a a T 391 19 3 Addresses s 3 40 ina a a ia A E 39
273. can be influenced using this parameter This means that routes can be enabled or disabled irrespective of the interface s operation status The connection is monitored using the gateway s host surveillance function here Host surveillance entries must be configured in order to use this function These can be configured in the Local Ser vices gt Surveillance gt Hosts menu Here it is important that only the host surveillance entries with the the action Surveil lance are taken into account in the context of load balancing Links between the load balancing function and the host surveil lance function are made through the configuration of the Track ing IP Address in the Load Balancing gt Load Balancing Groups gt Advanced Settings menu The interface s load bal ancing status now varies according to the status of the assigned host surveillance entry Select the IP address for the route to be monitored You can choose from the IP addresses you have entered in the Local Services gt Surveillance gt Hosts gt New menu under Monitored IP Address and which are monitored with the aid of the Action to be executed field Action Monitor 14 3 2 Special Session Handling Special Session Handling enables you to route part of the data traffic to your device via a particular interface This data traffic is excluded from the Load Balancing function You can use the Special Session Handling function with online banking for example to ensure that th
274. ccess to T Online Supports all functions such as KIT e mail and the Internet with a browser T Online users receive this software free of charge T Service carries out all installation work and configurations for the PBX at the customer s request The service ensures optimum voice and data transmission at all times thanks to maintenance work T Service access enables you to have your PBX configured by T Service Give T Service a call Get advice and provide information on your configuration requirements T Service will then configure your PBX remotely without you having to do anything Terminal Adapter TAPI TAPI configuration TCP TCP IP TCU TE TEI Telefax Telematics Telnet Terminal adapter TFTP Three party confer ence Tiger 192 TLS Tone dialling Transfer internal code Telephony Application Program Interface You can use the TAPI configuration to modify the TAPI driver in line with the program that uses this driver You can check which MSN is to be assigned to a terminal define a line name and configure the dialling parameters First configure your PBX You must then config ure the TAPI interface Use the TAPI Configuration program Transmission Control Protocol Transmission Control Protocol Internet Protocol Telecommunication connection unit Terminal equipment Terminal Endpoint Identifier Term that describes the remote copying for transmitting texts graphics and documents true to the o
275. ce in send direction Possible values e None default value RIP is not enabled e RIP V1 Enables sending and receiving of version 1 RIP packets e RIP V2 Enables sending and receiving of version 2 RIP packets e RIP V1 V2 Enables sending and receiving RIP packets of both version 1 and 2 e RIP V2 Multicast For sending RIP V2 messages over multicast address 224 0 0 9 e RIP V1 Triggered RIP V1 messages are sent received and processed as per RFC 2091 triggered RIP e RIP V2 Triggered RIP V2 messages are sent received and processed as per RFC 2091 triggered RIP Receive Version Decide whether routes are to be imported via RIP and if so se lect the RIP version for receiving RIP packets over the interface in receive direction Possible values Teldat GmbH 15 Routing Protocols Field Description e None default value RIP is not enabled e RIP V1 Enables sending and receiving of version 1 RIP packets e RIP V2 Enables sending and receiving of version 2 RIP packets e RIP V1 V2 Enables sending and receiving RIP packets of both version 1 and 2 e RIP V1 Triggered RIP V1 messages are sent received and processed as per RFC 2091 triggered RIP e RIP V2 Triggered RIP V2 messages are sent received and processed as per RFC 2091 triggered RIP Route Announce Select this option if you want to set the time at which any activ ated routing protocols e g RIP are to propagate the IP routes define
276. ce is installed You can select Universal Time Coordinated UTC plus or minus the deviation in hours or a predefined location e g Europe Berlin Current Local Time The current date and current system time are shown here The entry cannot be changed Fields in the Manual Time Settings menu Field Description Set Date Enter a new date Format Day dd Month mm e Year yyyy Set Time Enter a new time Format e Hour hh e Minute mm 10 System Management Teldat GmbH Fields in the Automatic Time Settings Time Protocol menu Field Description ISDN Timeserver Only for devices with ISDN interface Determine whether the system time is to be updated via ISDN If a time server is configured the time is only determined over ISDN until a successful update is received from this time server Updating over ISDN is deactivated for the period in which the time is determined by means of a time server The function is activated with Enabled The function is disabled by default First Timeserver Enter the primary time server by using either a domain name or an IP address In addition select the protocol for the time server request Possible values e SNTP default value This server uses the simple network time protocol via UDP port 123 e Time Service UDP This server uses the Time service with UDP port 37 e Time Service TCP This server uses the Time service with TCP port 37 e None This time ser
277. cements can be made as on an intercom You configure an analogue answering machine under Terminal Type Display during and at end of connection Advice of charge during end Display only at end of connection Address Resolution Protocol An external call can be signalled to internal subscribers The entries in the Day option and Night option can be different A method of data transmission in which the time intervals between transmitted characters can vary in length This allows computers and peripheral devices to intercommunicate without being synchron ised by clock signals The beginning and end of the transmitted characters must be marked by start and stop bits in contrast to synchronous transmission Asynchronous transfer mode Superimposing of an acoustic signal during a telephone call e g for call waiting Check on the user s identify Based on the identity authentication the user can access certain services and resources A system that forwards incoming calls Special feature on telephones By pressing a key or code the caller requests a call back from the engaged terminal If the subscriber you want is not at their desk or cannot take the call they are auto matically connected with the caller as soon as they have used the telephone again and replaced the receiver This function can only be used on telephones that permit suffix dial ling An automatic callback from an inquiry connection is not pos sib
278. ces bintec Dime Manager User s Guide on DVD Installation poster Quick Install Guide and safety no tices bintec Dime Manager User s Guide on DVD Installation poster Online documentation 5 3 LEDs User s Guide Workshops Release Notes if required User s Guide Workshops Release Notes if required The device LEDs provide information on certain activities and statuses of the device The LEDs are arranged as follows STATUS Fig 3 Arrangement of LEDs ETH 1 You can determine the status of the router in BRRP operation with the aid of the status LED LED BRRP display LED Colour STATUS green STATUS green Status Information lights The device is functioning as a master router off The device is functioning as a backup bintec Rxxx2 RTxxx2 5 Technical data Teldat GmbH LED Colour Status Information router STATUS green flashing The device is being initialised In operation mode the LEDs display the following status information for your device LED status display 1 D Colour Status Information POWER green on The power supply is connected off No power supply STATUS green on After switching on The device has started Dur ing operation An error has occurred green flashing The device is active green off During operation An error has occurred ETH1to5 green on The device is connected to the Ethernet at 1 Gbps
279. ces Global Settings OSPF Interface Configuration Admin Status Passive 4 OK Cancel Fig 104 Routing Protocols gt OSPF gt Interfaces gt The Routing Protocols gt OSPF gt Interfaces gt g menu consists of the following fields Fields in the OSPF Interface Configuration menu Field Description Admin Status The status of an OSPF interface defines whether routes are propagated and or OSPF protocol packets are sent over the in terface If OSPF is not yet activated only the Admin Status field is shown in this case changes are irrelevant bintec Rxxx2 RTxxx2 Teldat GmbH 15 Routing Protocols Field Description Possible values e Active OSPF is activated for this interface i e routes are propagated or OSPF protocol packets sent over this interface e Passive OSPF is not activated for this interface i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this interface are however included when calculating the routing information and propagated over active interfaces e Inactive OSPF is completely disabled for this interface Area ID Select the ID of the area to which this interface shall be as signed If your interface is not only to be assigned to Backbone Area 0 0 0 0 you must first define OSPF areas in the Routing Proto cols gt OSPF gt Areas menu Metric Determination Defines how the metric of this interface is calculated
280. cess point or additional connected WLAN device or wired LAN and of the Hotspot serv er centrally located at a computing centre The operator account is administered on the server via an administration terminal e g a hotel reception PC this includes functions such as registration entry generating tickets statistical analysis etc Login sequence at the Hotspot server e When a new user connects with the Hotspot he she is automatically assigned an IP ad dress via DHCP e As soon as he attempts to access any Internet site with a browser the user is redirected to the home login page e After the user has entered the registration data user password these are sent to the central RADIUS server Hotspot server as RADIUS registration e Following successful registration the gateway opens Internet access e For each user the gateway sends regular additional information to the RADIUS server for recording accounting data e When the ticket expires the user is automatically logged off and again redirected to the home login page Requirements To operate a Hotspot the customer requires e a Teldat device as hotspot gateway with active Internet access and configured hotspot server entries for login and accounting see menu System Management gt Remote Au thentication gt RADIUS gt New with Group Description default group 0 Teldat Hotspot hosting article number 5510000198 e Access data e Documentation Software licensin
281. cess via LAN lt scs soa oa aca Soa a a a a 49 8 1 2 Access via the Serial Interface 2 aoa a a a a 52 8 1 3 Access over ISDN oaoa a 54 8 2 Login da A aw Bila ay SI A A che A 54 8 2 1 User names and passwords in ex works state 2 2 55 8 2 2 Logging in for Configuration 2 2 a 55 8 3 Configuration options 2 oa a a 56 bintec Rxxx2 RTxxx2 8 3 1 GUI Graphical User Interface 2 2 2 202 57 8 3 2 SNMP Shell won see ee re Ee Re ee 66 8 4 BOOT MONO y i i ese ke bP a Saree ld a Eee eee 66 Chapter 9 ASSISIANIS 3 ria A Be ate arth ere ees and 69 Chapter 10 System Management 70 10 1 A yee Grey kOe Hoty Oy Reh Mee Se cy aki te ts Sy ahs ee ke 70 10 2 Global Settings 2 ee 73 10 2 1 SSI AE ee o PA Bath et A eee Bad tae we a 73 10 2 2 Passwords 202 2 eTa Aue be ee ds ore as ee el he Bd 75 10 2 3 Date and TIM sc oon hotest a AN ee pe Oh ee ee 77 10 2 4 System Licences io See Se Geis 82 10 3 Interface Mode Bridge Groups 2 2 2 2 84 10 3 1 Interfaces tuo we o a o E A eee 86 10 4 Administrative Access 2 2 e 89 10 4 1 ACES A dd ll Kea Bee tee ot ts att hed Loos od 89 10 4 2 DOR et foe Da a at aah eaters he whe a eed Lot oa 91 10 4 3 SNMBS S fe e se ty Se ae EA ees A AA e 95 10 5 Remote Authentication 2 a ee 96 10 5 1 RADIUS sis e ebb ath a rs a Se a 96 10 5 2 TACACS Ecco fet be ieee he eee Feats os ie Be ii d
282. ciated Line Local Address Enter the name of the call translation Select the direction for the entry Possible values e Both default value For incoming and outgoing calls bidirectional e Incoming For incoming calls e Outgoing For outgoing calls Select the ISDN line or SIP account via which the calls are to be routed Possible values e pri lt Interface Index gt Restricts the call to the selected PRI interface e bri lt Interface Index gt Restricts the call to the selected BRI interface e lt SIP Account gt restricts the call to the selected SIP ac count Enter the internal number e g extension or PABX number For Teldat GmbH 20 VoIP Field Description incoming calls the signalled Called Party Number corresponds in the menu to the External Address is translated to Local Address For outgoing calls the signalled Calling Party Number corresponds in the menu to the Local Address field is trans lated to External Address Numerical and alphanumerical characters are permissible is a placeholder for an arbitrary digit See Local Address and External Address must contain the same number of wildcards External Address Enter the external number e g ISDN MSN or SIP account sub scriber number For incoming calls the signalled Called Party Number corresponds in the menu to the External Address is translated to Local Address For outgoing calls the signalled Calling Party Number corre
283. ck ground For each rogue AP you will see an entry with the following parameter set SSID MAC Ad dress Signal dBm Channel Last seen Detected via AP Accepted Note Check the rogue APs shown carefully as an attacker could attempt to spy on data in your network using a rogue AP You can class a rogue AP as trustworthy by enabling the Accepted checkbox If an alarm has been configured this is then removed and no longer sent The red background disap pears Click under New Neighborscan on Start to rescan adjacent AP s You will receive a warn ing that the wireless modules of the access points must also be disabled for a certain peri od of time When you start the process with OK a progress bar is displayed The located AP display is updated every ten seconds Teldat GmbH 13 Wireless LAN Controller 13 4 6 Rogue Clients Active Clients Wireless Networks VSS Client Management Neighbor APs Rogue APs Rogue Clients View 20 per page Fitter in None wv equal hee Go Static Blacklist Delete Rogue Client MAC Address Network Name SSID Attacked Access Point Signal dBm Type of attack First seen Last seen Select all Select all Deselect all Deselect all Page 1 New Apply Fig 74 Wireless LAN Controller gt Monitoring Rogue Clients The Wireless LAN Controller gt Monitoring Rogue Clients menu displays the clients which have attempted to gain unauthorised access to the network and which are therefore on the blacklist
284. ck Rate 142 Code 394 Codec Proposal Sequence 406 413 Index Comfort Noise Generation CNG 407 414 Command Mode 467 Command Type 467 Common Name 113 Compare Condition 462 Compare Value 462 Compression 94 318 321 368 375 Config Mode 330 Configuration Encryption 510 Configuration contains certificates keys 467 Configuration Interface 86 Configured Speed Mode 123 Confirm Admin Password 76 Congestion Avoidance RED 225 Connection State 214 229 Connection Type 288 365 Connection Idle Timeout 272 278 283 288 296 365 372 Consider 206 Contact 73 Continuity Check CC End to End 314 Continuity Check CC Segment 314 Control Mode 220 323 Controlled Interfaces 322 Controller Configuration 160 COS Filter 802 1p Layer 2 214 229 Count 467 Country 113 CPU Usage 71 Create area default route only ABR 248 Create NAT Policy 274 279 284 289 297 366 374 CRLs 116 CSV File Format 467 Current Calls 534 Current File Name in Flash 510 Current Local Time 79 Current Speed Mode 123 Custom 113 Teldat GmbH Custom Time Slots 130 Cyclic Background Scanning 171 D D Channel Mode 339 Data Packets Sequence Numbers 363 Date 530 Date and Time 77 Day 455 Default Route 274 279 284 289 297 317 320 330 366 374 381 Default Drop Extension 425 Default Ethernet for PPPoE Interfaces 307 Default Idle Timeout 494 Default Route Distribution 244 De
285. class in case of overloading Queued Shows the number of waiting packets with the corresponding packet class in case of overloading 24 8 OSPF In the Monitoring OSPF menu information on OSPF is monitored The OSPF monitor is arranged horizontally in three sections and shows information about OSPF interfaces the detected neighbor and the LinkStateDatabase entries 24 8 1 Status In the Monitoring gt OSPF gt Status menu a list of all interfaces configured for OSPF is dis played Status Statistics view All Y OSPF Interfaces View feo per page Fitter in None equal v Go Interface Designated Router Backup Designated Router Admin Status State Page 1 OSPF Neighbors View feo per page Filter in None equal Y Go Neighbor Router ID Interface State Page 1 OSPF Link State Database view feo per page Fitter in None equal v Go Area Type Link State ID Router ID Sequence Age Page 1 Fig 224 Monitoring gt OSPF gt Status Values in the Status list Field Description View Select the desired view from the dropdown menu Are available A11 OSPF Interfaces OSPF Neighbors and OSPF Link State Database In the OSPF Interfaces area all enabled OSPF interfaces are listed Values in the OSPF Interfaces list Field Description Interface Shows the interface for which OSPF has been configured bintec Rxxx2 RTxxx2 24 M
286. code the CRL Possible values e Auto default value Activates automatic code recognition If downloading the CRL in auto mode fails try with a certain 10 System Management Teldat GmbH Field Description type of encoding e Base64 e Binary Password Enter the password required for the import 10 6 3 Certificate Servers A list of certificate servers is displayed in the System Management gt Certificates gt Certi ficate Servers menu A certification authority certification service provider Certificate Authority CA issues your certificates to clients applying for a certificate via a certificate server The certificate server also issues the private key lt lt lt und h lt Zertifikatsperrlisten CRL bereit die zur Pr fung von Zertifikaten entweder per LDAP oder HTTP vom Ger t abgefragt werden gt gt gt 10 6 3 1 New Choose the New button to set up a certificate server Certificate List CRLs Certificate Servers Basic Parameters Description LDAP URL Path Idap OK Cancel Fig 47 System Management gt Certificates gt Certificate Servers gt New The System Management gt Certificates gt Certificate Servers gt Newmenu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter a unique description for the certificate server LDAP URL Path Enter the LDAP URL or the HTTP URL of the server Chapter 11 Physical Interfaces In this menu you confi
287. configuration as boot configuration while also archiving previous boot configuration as backup If you want to load the archived boot configuration into your device go to the Maintenance gt Software amp Configuration menu select Action Import configura tion and click on Go The archived backup is used as the current boot configuration The navigation bar also contains the main configuration menus and their sub menus Click the main menu you require The corresponding sub menu then opens If you click the sub menu you want the entry selected will be displayed in red All the other sub menus will be closed You can see at a glance the sub menu you are in Status page If you launch the GUI the status page of your device is displayed after you log in The most important data of your device can be seen on this at a glance Main configuration window The sub menus generally contain several pages These are called using the buttons at the top of the main window If you click a button the window is opened with the basic paramet ers You can extend this by clicking the Advanced Settings tab which displays the addi tional options Configuration elements The various actions that you can perform when configuring your device in the GUI are triggered by means of the following buttons GUI buttons Button Position Apply Updates the view 8 Access and configuration Teldat GmbH Button Position If you do not want to save a newly
288. connection if no other suit able route is available Access to the Internet should always be set up as the default route to the Internet Service Provider ISP Further information on possible route types can be found under Networking gt Routes Activating NAT With Network Address Translation NAT you conceal your whole network to the outside world behind one IP address You should certainly do this for your connection to the Inter net Service Provider ISP Only outgoing sessions are allowed initially if NAT is activated To allow certain connec tions from outside to hosts within the LAN these must be explicitly defined and admitted Connection Idle Timeout The connection idle timeout is determined in order to clear the connection automatically if it is not being used i e if data is no longer being sent to help you save costs Block after Connection Failure You use this function to set up a waiting time for outgoing connection attempts after which your device s connection attempt is regarded as having failed Authentication When a call is received on ISDN connections the calling party number is always sent over the ISDN D channel This number enables your device to identify the caller CLID provided the caller is entered on your device After identification with CLID your device can additionally carry out PPP authentication with the connection partner before it accepts the call Your device needs the necessary data for
289. connection is not considered except for Services TCP SIF The SIF sorts out all packets that are not explicitly or implicitly allowed The result can be a deny in which case no error message is sent to the sender of the rejected packet or a reject where the sender is informed of the packet rejection The incoming packets are processed as follows e The SIF first checks if an incoming packet can be assigned to an existing connection If so it is forwarded If the packet cannot be assigned to an existing connection a check is made to see if a suitable connection is expected e g as affiliated connection of an exist ing connection If so the packet is also accepted e If the packet cannot be assigned to any existing or expected connection the SIF filter rules are applied If a deny rule matches the packet the packet is rejected without send ing an error message to the sender of the packet if a reject rule matches the packet is rejected and an ICMP Host Unreachable message sent to the sender of the packet The packet is only forwarded if an accept rule matches e All packets without matching rules are rejected without sending an error message to the sender when all the existing rules have been checked default behaviour 19 1 Policies 19 1 1 Filter Rules The default behaviour with Action Access consists of two implicit filter rules If an incom ing packet can be assigned to an existing connection and if a suitable c
290. criber is established auto matically You can activate ShortHold When you do so you define the time after which an existing connection is cleared if data transfer is no longer taking place If you enter a time of 0 ShortHold is deactiv ated After the receiver of a telephone is lifted the telephone number of the external subscriber can be dialled immediately Performance feature of a terminal If the line is busy several redial attempts are made Corresponds to a telephone line in T Net In T ISDN the basic con nection contains two B channels each with a data transmission rate of 64 kbps Bearer channel of an ISDN Basic Rate Interface or a Primary Rate Interface for the transmission of traffic voice data An ISDN Basic Rate Interface consists of two B channels and one D channel AB channel has a data transmission rate of 64 kbps The data transmis sion rate of an ISDN Basic Rate Interface with your gateway can be increased to up to 128 kbps using channel bundling Bandwidth Allocation Control Protocols BACP BAP in accordance with RFC 2125 Teldat GmbH Base station Basic Rate Interface Bit Blacklist dialling ranges Block Cipher Modes Blowfish Bluetooth BOD BootP Bps Glossary Central unit of wireless telephone devices There are two different types The simple base station is used to charge the handheld unit For special feature telephones the base station can also be used as a telephone
291. critical real time applications that require a guaranteed data rate e Variable Bit Rate V 1 VBR 1 A guaranteed data rate is assigned to the connection Sustained Cell Rate SCR This may be exceeded by the volume configured in Maximum Burst Size MBS Any additional ATM traffic is discarded The Peak Cell Rate PCR constitutes the maxim um possible data rate This category is suitable for non critical Teldat GmbH 17 WAN Field Description Peak Cell Rate PCR Sustained Cell Rate SCR Maximum Burst Size MBS applications with burst data traffic e Variable Bit Rate V 3 VBR 3 A guaranteed data rate is assigned to the connection Sustained Cell Rate SCR This may be exceeded by the volume configured in Maximum Burst Size MBS Additional ATM traffic is marked and handled with low priority based on the utilisation of the destination network e is discarded if necessary The Peak Cell Rate PCR constitutes the maximum possible data rate This category is suitable for critical applications with burst data traffic Enter a value for the maximum data rate in bits per second Possible values 0 to 10000000 The default value is 0 Only for ATM Service Category Variable Bit Rate V 1 VBR 1 Or Variable Bit Rate V 3 VBR 3 Enter a value for the minimum available guaranteed data rate in bits per second Possible values 0 to 10000000 The default value is 0 Only for ATM Service Category Vari
292. ct only Your device expects a heartbeat from the peer but does not send one itself e Heartbeats Send only Your device expects no heart beat from the peer but sends one itself e Heartbeats Send amp Expect Your device expects a heartbeat from the peer and sends one itself Dead Peer Detection Use DPD dead peer detection in accordance with RFC 3706 DPD uses a request reply pro tocol to check the availability of the remote terminal and can be configured independently on both sides This option only checks the availability of the peer if data is to be sent to it e Dead Peer Detection Idle Use DPD dead peer de tection in accordance with RFC 3706 DPD uses a request reply protocol to check the availability of the remote terminal and can be configured independently on both sides This op tion is used to carry out a check at certain intervals depending on forthcoming data transfers Only for Phase 1 IKEv2 Parameters Enable or disable alive check 18 VPN Teldat GmbH Field Description The function is enabled by default Block Time Define how long a peer is blocked for tunnel setups after a phase 1 tunnel setup has failed This only affects locally initiated setup attempts Possible values are 1 to 86400 seconds 1 means the value in the default profile is used and 0 means that the peer is never blocked The default value is 30 NAT Traversal NAT Traversal NAT T also enables IPSec tunnels to be o
293. d aN Oa fF WN Not used 5 6 WEEE information z z z z z z z E E z z z The waste container symbol with the X through it on the device indicates that the device must be disposed of separately from normal domestic waste at an appropriate waste disposal facility at the end of its useful service life Das auf dem Ger t befindliche Symbol mit dem durchgekreuzten M llcontainer bedeutet dass das Ger t am Ende der Nutzungsdauer bei den hierf r vorgesehenen Entsorgungsstellen getrennt vom normalen Hausm ll zu entsorgen ist Le symbole se trouvant sur l appareil et qui repr sente un conteneur ordures barr signifie que l appareil une fois que sa dur e d utilisation a expir doit tre limin dans des poubelles sp cia les pr vues cet effet de mani re s par e des ordures m nag res courantes Il simbolo raffigurante il bidone della spazzatura barrato riportato sull apparecchiatura significa che alla fine della durata in vita dell apparecchiatura questa dovr essere smaltita separatamente dai rifiuti domestici nei punti di raccolta previsti a tale scopo El s mbolo del contenedor con la cruz que se encuentra en el aparato significa que cuando el equipo haya llegado al final de su vida til deber ser llevado a los centros de recogida previstos y que su tratamiento debe estar separado del de los residuos urbanos Symbolen som sitter p apparaten med den korsade avfallstunnan betyder att apparaten n
294. d enter the address of the general terms and conditions on the intranet server or public server e g htip www webserver de agb htm The page must lie within the address range of the walled garden network Additional freely ac cessible Domain Names Only if Walled Garden is enabled Add further URLs or IP addresses with Add The web pages can be accessed via these additional freely accessible ad dresses Language for login window Here you can choose the language for the start login page The following languages are supported English Deutsch Italiano Francais Espafiol Portugu s and Neder lands The language can be changed on the start login page at any time The menu Advanced Settings consists of the following fields Fields in the menu Advanced Settings Field Description Ticket Type Select the ticket type Possible values e Voucher Only the user name must be entered Define a de fault password in the input field e Username Password default value User name and pass word must be entered Allowed HotSpot Client Here you can define which type of users can log in to the Hot spot Possible values e A11 All clients are approved e DHCP Client Prevents users who have not received an IP address from DHCP from logging in Teldat GmbH 21 Local Services Field Description Login Frameset Enable or disable the login window The login window on the HTML homepage consists of two frames
295. d for this interface Note This setting does not affect the interface specific RIP con figuration mentioned above Possible values e Up or Dormant not for LAN interfaces interfaces in Bridge mode and interfaces for leased lines Routes are propagated if the interface status is up or ready e Up only default value Routes are only propagated if the interface status is up e Always Routes are always propagated independently of op erational status 15 1 2 RIP Filter In this menu you can specify exactly which routes are to be exported or imported You can use the following strategies for this e You explicitly deactivate the import or export of certain routes The import or export of all other routes that are not listed is still allowed e You explicitly activate the import or export of certain routes In this case you must also explicitly deactivate the import or export of all other routes This is achieved using a filter for IP Address Netmask no entry this corresponds to IP address 0 0 0 0 with net mask 0 0 0 0 To make sure this filter is used last it must be placed at the lowest posi tion You configure a filter for a default route with the following values IP Address Netmask no entry for IP address this corresponds to IP address 0 0 0 0 for netmask 255 255 255 255 A list of all RIP filters is displayed in the Routing Protocols gt RIP gt RIP Filter menu RIP Interfaces RIP
296. d for this wireless network If you wish to use VLAN segmentation enter a value between 2 and 4094 in the input field in order to identify the VLAN VLAN ID 1 is not possible 13 Wireless LAN Controller Teldat GmbH Note Before you continue please ensure that all access points that the WLAN controller shall manage are correctly wired and switched on 13 1 4 Start automatic installation You will see a list of all detected access points If you wish to change the settings of a detected AP click on 3 in the corresponding entry You will see the settings for all selected access points You can change these settings The following parameters are available in the Access Point Settings menu Location Displays the stated locality of the AP You can enter another locality Assigned Wireless Network VSS Displays the wireless networks that are currently assigned The following parameters are available in the wireless module 1 menu The parts wireless module 1 and wireless module 2 are displayed if the AP has two wire less modules Operation Mode Select the mode in which the wireless module is to be operated Possible values e On default value The wireless module is used as an access point in your network e off The wireless module is not active Active Radio Profile Displays the wireless module profile that is currently selected You can select another wire less module profile from the list if more than one wirel
297. d once with the strongest sig nal You see the following parameters for each AP SSID MAC Address Signal dBm Channel Security Last seen Strongest signal received by Total detections The entries are displayed in alphabetical order by SSID Security shows the security set tings of the AP Under Strongest signal received by you will see the parameters Loca tion and Name of the APs in which the displayed AP was found Total detections shows how often the corresponding AP was found during the scan Click under New Neighborscan on Start to rescan adjacent AP s You will receive a warn ing that the wireless modules of the access points must also be disabled for a certain peri od of time When you start the process with OK a progress bar is displayed The located AP display is updated every ten seconds 13 Wireless LAN Controller Teldat GmbH 13 4 5 Rogue APs Active Clients Wireless Networks VSS Client Management Neighbor APs Rogue APs Rogue Clients view20 per page Fitter in None v equal v Go SSD MAC Address Signal dBm Channel Last seen Detected via AP Accepted Page 1 Actions New Neighborscan START oK Fig 73 Wireless LAN Controller gt Monitoring gt Rogue APs APs which are using an SSID from their own network but are not managed by Wireless LAN Controller are displayed in the Wireless LAN Controller gt Monitoring gt Rogue APs menu Rogue APs which have been found for the first time are displayed with a red ba
298. d with Enabled The function is enabled by default Select whether the TCP download is to be optimised in the event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is enabled with Enabled The function is disabled by default Select whether the availability of the remote terminal is to be checked by sending LCP echo requests or replies This is re commended for leased lines PPTP and L2TP connections The function is enabled with Enabled The function is enabled by default A list of all ISDN interfaces is displayed in the WAN gt Internet Dialup gt ISDN menu In this menu you configure the following ISDN connections e Internet access over ISDN LAN to LAN connection over ISDN e Remote Mobile dial in e Use of the ISDN Callback function 17 1 4 1 New Choose the Newbutton to set up new ISDN interfaces bintec Rxxx2 RTxxx2 Basic Parameters Description Connection Type ISDN 64 kbps Y User Name Remote User for Dialin only Always on Connection Idle Timeout IP Mode and Routes IP Address Mode O static O Provide IP Address Get IP Address Remote IP Address Netmask CC Route Entries Advanced Settings 300 Usage Type O standard Dialin onty Multi User Dialin only Authentication PAP CHAP MS CHAP _ Callback Mode none O Active O Passive Bandwith on Demand Options
299. data traffic is transferred over the tunnel Note The parameter Additional Traffic Filter is exclusively relevant for the initiator of the IPSec connection it is only used for outgoing traffic Note Please note that the phase 2 policies must be configured identically on both of the IPSec tunnel endpoints 18 1 1 IPSec Peers An endpoint of a communication is defined as peer in a computer network Each peer of fers its services and uses the services of other peers A list of all configured IPSec Peers is displayed in the VPN gt IPSec gt IPSec Peers menu IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Internet Key Exchange Version 1 IKEv1 CC oa Prio Description Peer Address PeeriD Phase iProfle Phase 2Profle Status Action Internet Key Exchange Version 2 IKEv2 vow 20 pero rnern None vleqel YP Prio Description Peer Address PeeriD_ PhaseProfle Phase 2Profe Status Action EXA E eee Page 1 Fig 129 VPN gt IPSec gt IPSec Peers Peer Monitoring The menu for monitoring a peer is called by selecting the A button for the peer in the peer list See Values in the IPSec Tunnels list on page 532 18 1 1 1 New Choose the New button to set up more IPSec peers bintec Rxxx2 RTxxx2 IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Peer Parameters Administrative Status up ODown Descriptio
300. data transported over a VPN is encrypted A VPN allows field staff or staff working from home offices to access data on the company s network Subsidiaries can also connect to head office over VPN Various protocols are available for creating a VPN tunnel e g IPSec or PPTP The connection partner is authenticated with a password using preshared keys or certific ates With IPSec the data is encrypted using AES or 3DES for example with PPTP you can use MPPE 18 1 IPSec IPSec enables secure connections to be set up between two locations VPN This enables sensitive business data to be transferred via an unsecure medium such as the Internet The devices used function here as the endpoints of the VPN tunnel IPSec involves a num ber of Internet Engineering Task Force IETF standards which specify mechanisms for the protection and authentication of IP packets IPSec offers mechanisms for encrypting and decrypting the data transferred in the IP packets The IPSec implementation can also be smoothly integrated in a Public Key Infrastructure PKI see Certificates on page 106 IPSec implementation achieves this firstly by using the Authentication Header AH protocol and Encapsulated Security Payload ESP protocol and secondly through the use of crypto graphic key administration mechanisms like the Internet Key Exchange IKE protocol Additional Traffic Filter Teldat gateways support two different methods of setting up IPSec connecti
301. ddress Mode Static Assign the IP address from your LAN to the PPTP interface which is to be used as your device s internal source address Route Entries Only if IP Address Mode Static Define routing entries for this connection partner e Remote IP Address IP address of the destination host or LAN e Netmask Netmask for Remote IP Address Teldat GmbH 18 VPN Field Description e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 IP Assignment Pool IPCP Only if PPTP Mode pws IP Address Mode Provide IP Address Select a IP pool configured in the VPN gt PPTP gt IP Pools menu The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Block after connection failure for Enter the wait time in seconds before the device should try again after an attempt to set up a connection has failed The default value is 300 Authentication Select the authentication protocol for this PPTP partner Possible values e PAP Only run PAP PPP Password Authentication Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 password is transferred en crypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol
302. ddresses To enable your device to set up connections to networks or hosts outside your LAN you must configure the partners you want to connect to on your device This applies to outgoing connections your device dials its WAN partner and incoming connections a remote part ner dials the number of your device If you want to set up Internet access you must set up a connection to your Internet Service Provider ISP For broadband Internet access your device provides the PPP over Ethernet PPPoE PPP over PPTP and PPP over ATM PPPoA protocols You can also configure Internet access over ISDN Note Note your provider s instructions Dialin connections over ISDN are used to establish a connection to networks or hosts out side your LANs All the entered connections are displayed in a list which contains the Description the User Name the Authentication and the current Status The Status field can have the following values Possible values for Status Field Description connected Ez not connected dialup connection connection setup possible G not connected e g because of an error during setup of an out going connection a renewed attempt is only possible after a 17 WAN Teldat GmbH Field Description specified number of seconds o administratively set to down deactivated connection setup not possible for leased lines Default Route With a default route all data is automatically forwarded to one
303. deactivates the short hold The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Fields in the IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Get IP Address default value Your device is dynamically assigned an IP address e Static You enter a static IP address Default Route Select whether the route to this connection partner is to be defined as the default route The function is enabled with Enabled The function is enabled by default Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is enabled with Enabled The function is enabled by default Teldat GmbH 17 WAN Field Description Local IP Address Only if IP Address Mode Static Enter the static IP address of the connection partner Route Entries Only if IP Address Mode Static Define other routing entries for this connection partner Add new entries with Add e Remote IP Address IP address of the destination host or network e Netmask Netmask for Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route range of values 0 15 The default value is 7 The menu Advanced Settings consists of
304. dentify a spe cific data set in the MIB Table e g ConnIfIndex The unique identification of a particular table entry is derived from the com bination of Index Variable usually an index variable which is flagged with and Index Value Use Index Variables to create more entries with Add 21 Local Services Teldat GmbH Field Description Monitored Interface Only for Event Type Interface Status and Interface REA ERG Select the interface whose defined status shall trigger an opera tion Interface Status Only for Event Type Interface Status Select the status that the interface must have in order to initiate the intended operation Possible values e Up default value The function is enabled e Down The interface is disabled Traffic Direction Only for Event Type Interface Traffic Select the direction of the data traffic whose values should be monitored as initiating an operation Possible values e RX default value Incoming data traffic is monitored e TX Outgoing data traffic is monitored Interface Traffic Condi tion Only for Event Type Interface Traffic Select whether the value for data traffic must be Greater default value or Less the value specified in Trans ferred Traffic in order to initiate the operation Transferred Traffic Only for Event Type Interface Traffic Enter the desired value in kBytes for the data traffic to serve as comparison The default value is 0 Destination IP Address
305. ders have been set up via different interfaces and load balancing is be ing used 21 Local Services Teldat GmbH Global Settings DNS Servers Static Hosts Domain Forwarding Cache Statistics Basic Parameters Admin Status Description Priority Interface Mode Interface i Enabled 5 v O static Dynamic None v OK Cancel Fig 166 Local Services gt DNS gt DNS Servers gt New The Local Services gt DNS gt DNS Servers gt Newmenu consists of the following fields Fields in the Basic Parameters menu Field Description Admin Status Description Priority Interface Mode Select whether the DNS server should be enabled The function is activated by selecting Enabled The function is enabled by default Enter a description for DNS server Assign a priority to the DNS server You can assign more than one pair of DNS servers Primary DNS Server and Secondary DNS Server to an interface i e for example to an Ethernet port or a PPPoE WAN partner The pair with the highest priority is used if the interface is up Possible values from 0 highest priority to 9 lowest priority The default value is 5 Select whether the IP addresses of name servers for resolving the names of Internet addresses are to be obtained automatic ally or whether up to two fixed DNS server addresses are to be entered depending on the priority Possible values oS CAET Field Description e Dynami
306. device and is associated with the re mote hostname of a tunnel profile configured on the LNS These tunnel setup messages are SCCRQs Start Control Connection Request sent from the LAC and SCCRPs Start Control Connection Reply sent from the LNS e LNS Is the same as the value for Remote Hostname of the incoming tunnel setup message from the LAC Enter the host name of the LNS or LAC Remote Hostname e LAC Defines the value for Local Hostname of the LNS contained in the SCCRQs received from the LNS and the SCCRPs received from the LAC A Local Hostname con figured in the LAC must match Remote Hostname configured for the intended profile in the LNS and vice versa e LNS Defines the Local Hostname of the LAC If the Remote Hostname field remains empty on the LNS the related profile qualifies as the standard entry and is used for all incoming calls for which a profile with a matching remote hostname cannot be found Password Enter the password to be used for tunnel authentication Au thentication between LAC and LNS takes place in both direc tions i e the LNS checks the Local Hostname and the Pass wordcontained in the SCCRQ of the LAC and compares them with those specified in the relevant profile The LAC does the same with the fields of the SCCRP of the LNS If this field remains empty authentication data in the tunnel setup messages are not sent and are ignored Fields in the LAC Mode Parameters menu Teldat GmbH 18 V
307. dicated e Time System time without date e Date amp Time System time with date Protocol Select the protocol for the transfer of syslog messages Note that the syslog server must support the protocol Possible values e UDP default value TCP Type of Messages Select the message type Possible values e System Accounting default value e System e Accounting 23 2 IP Accounting In modern networks information about the type and number of data packets sent and re ceived over the network connections is often collected for commercial reasons This inform ation is extremely important for Internet Service Providers that bill their customers by data volume However there are also non commercial reasons for detailed network accounting If for example you manage a server that provides different kinds of network services it is useful for you to know how much data is generated by the individual services Your device contains the IP Accounting function which enables you to collect a lot of useful information about the IP network traffic each individual IP session 23 2 1 Interfaces In this menu you can configure the IP Accounting function individually for each interface Interfaces Options View 20 per page Filter in None v equal j Go IP Accounting terface Select all Deselect all 1 eni 0 O 2 eni 4 F Page 1 items 1 2 C oK Cancel _ Fig 206 Externa
308. dicates the timespan of the RP s existence 24 Monitoring Teldat GmbH Field Description Upstream Join Timer Join Prune Timer is used to periodically send Join RP mes sages and to correct Prune RP messages from peers on an Upstream LAN interface Values in the G States list Field Description Multicast Group Ad Displays the multicast group address dress Upstream Neighbor IP Displays the primary IP address of the Neighbor on pimStar Address GRPFlfIndex to which the local router periodically G sends Join messages The InetAddressType is defined through the pimStarGUpstreamNeighborType In the PIM SM specification this address is named RPF G Reverse Indicates the address type of the RPF Next Hop to the RP or Path Forwarding RPF unknown 0 if the Next Hop is not known Upstream Join State Indicates whether the local router should join the group s RP Tree This corresponds to the status of the Upstream G State Machine in the PIM SM specification Uptime Indicates the timespan since the entry was generated by the local router Upstream Join Timer Indicates the remaining time until the local router sends out the next periodic G Join message on pimStarGRPFlflndex In the PIM SM specification this address is named G Upstream Join Timer If the timer is deactivated it has the value 0 Values in the S G States list Field Description Multicast Group Ad Displays the multicast grou
309. ditional entries with the Add button Edit In the Local Services gt DHCP Server DHCP Configuration gt Advanced Settings menu you can edit an entry in the DHCP Options field if Option Vendor Group is selected Choose the Fr icon to edit an existing entry In popup menu you configure manufacture specif ic settings in the DHCP server for specific telephones Fields in the Basic Parameters menu Field Description Select vendor Your device does not currently use this parameter Here you can select for which manufacturer specific values 21 Local Services Teldat GmbH Field Description shall be transmitted for the DHCP server Possible values e Siemens default value e Other Provisioning Server Your device does not currently use this parameter code 3 Enter which manufacturer value shall be transmitted For the setting Select vendor Siemens the default value sdlp is displayed You can complete the IP address of the desired server 21 4 3 IP MAC Binding The Local Services gt DHCP Server gt IP MAC Binding menu displays a list of all clients that received an IP address from your device via DHCP You can allocate an IP address from a defined IP address pool to specific MAC addresses You can do this by selecting the Static Binding option in the list to convert a list entry as a fixed binding or you manually create a fixed IP MAC binding by configuring this in the New sub menu Note You can only create n
310. dle Timeout IP Mode and Routes IP Address Mode Default Route Create NAT Policy Local IP Address Route Entries Block after connection failure for Authentication Encryption Compression LCP Alive Check Prioritize TCP ACK Packets IP Options OSPF Mode Proxy ARP Mode DNS Negotiation Tunnel Profiles Users Options uns OLac essees gt DEnabled 300 Seconds O static O Provide IP Address DEnabled DEnabled Remote IP Address Netmask Metric A AE Add Advanced Settings 300 Seconds MS CHAPvw2 v O None Enabled Windows compatible Onone Ostac Oms stac Omppc Enabled DEnabled passive O Active O Inactive O Inactive Up or Dormant up only MEnabled oK Cancel Fig 140 VPN gt L2TP gt Users gt New The menu VPN gt L2TP gt Users gt New consists of the following fields Fields in the Basic Parameters menu Field Description Description bintec Rxxx2 RTxxx2 Enter a name for uniquely identifying the L2TP partner The first character in this field must not be a number No special characters or umlauts must be used The maximum length of the entry is 25 characters 18 VPN Teldat GmbH Field Description Connection Type Select whether the L2TP partner is to take on the role of the L2TP network server LNS or the functions of a L2TP access concentrator client LAC client Possible values e LNS default value If you se
311. dress Subnet Only for Address Type Address Subnet Enter the IP address of the host or a network address and the related netmask The default value is 0 0 0 0 Address Range Only for Address Type Address Range Enter the start and end IP address of the range 19 3 2 Groups A list of all configured address groups is displayed in the Firewall gt Addresses gt Groups menu You can group together addresses This makes it easier to configure firewall rules 19 3 2 1 New Choose the New button to set up additional address groups Address List Groups Basic Parameters Description E Addresses Selection Selection ANY OK Cancel Fig 152 Firewall gt Addresses gt Groups gt New The menu Firewall gt Addresses gt Groups gt New consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the desired description of the address group 19 Firewall Teldat GmbH Field Description Selection Select the members of the group from the available Addresses To do this activate the Fields in the Selection column 19 4 Services 19 4 1 Service List In the Firewall gt Services gt Service List menu a list of all available services is displayed 19 4 1 1 New Choose the New button to set up additional services Service List Groups Basic Parameters Description Protocol Any v OK Cancel Fig 153 Firewall gt Services gt Service List
312. ds and the default value is 1 1 An advertisement timer based on the sending interval for ad vertisements runs in the router and an advertisement packet is sent when the timer expires Master down trials Define the number of BRRP advertisements that must fail be fore the backup router with the lowest priority assumes that the master is inactive and takes over the role of master A master down timer based on the Master down trials para meter runs in the router when this timer expires the backup as sumes that the master is not reachable if no advertisement has been received The effective master down interval is the time calculated from the number of expected but omitted BRRP advertisements the advertisement interval and the skew time which adds a minim 21 Local Services Teldat GmbH Field Description um period depending on the priority The higher the priority the shorter the time added Consequently a backup router with a higher priority responds more quickly than a router with lower priority Possible values are whole numbers between 1 and 255 and the default value is 10 Pre empt mode go Define whether a backup router with higher priority has priority back into master state over a master router with low priority Pre empt mode is used to prevent unnecessary switching The function is enabled with Enabled The router with the high er priority always has priority This means that when the actual master router is
313. ds in the Basic Settings menu Field Value SNMP Version Select the SNMP version your device is to use to listen for ex ternal SNMP access Possible values e vi SNMP Version 1 e v2c Community Based SNMP Version 2 e v3 SNMP Version 3 10 System Management Teldat GmbH Field VENTO By default v1 v2c and v3 are enabled If no option is selected the function is deactivated SNMP Listen UDP Port Shows the UDP port 161 at which the device receives SNMP requests The value cannot be changed Tip If your SNMP Manager supports SNMPv3 you should if possible use this version as older versions transfer all data unencrypted 10 5 Remote Authentication This menu contains the settings for user authentication 10 5 1 RADIUS RADIUS Remote Authentication Dial In User Service is a service that enables authentica tion and configuration information to be exchanged between your device and a RADIUS server The RADIUS server administrates a database with information about user authen tication and configuration and for statistical recording of connection data RADIUS can be used for e Authentication e Accounting e Exchange of configuration data For an incoming connection your device sends a request with user name and password to the RADIUS server which then searches its database If the user is found and can be au thenticated the RADIUS server sends corresponding confirmation to your device This con
314. ds this Flash Your device saves its configuration in configuration files in the flash EEPROM Electrically Erasable Programmable Read Only Memory The data even remains stored in the flash when your device is switched off RAM The current configuration and all changes you set on your device during operation are Teldat GmbH 22 Maintenance stored in the working memory RAM The contents of the RAM are lost if the device is switched off So if you modify your configuration and want to keep these changes for the next time you start your device you must save the modified configuration in the flash memory before switching off The Save configuration button over the navigation area of the GUI This configuration is then saved in the flash in a file with the name boot When you start your device the boot configuration file is used by default Actions The files in the flash memory can be copied moved erased and newly created It is also possible to transfer configuration files between your device and a host via HTTP Configuration file format The file format of the configuration file allows encryption and ensures compatibility when restoring the configuration on the gateway in various system software versions This is a CSV format which can be read and modified easily In addition you can view the corres ponding file clearly using Microsoft Excel for example The administrator can store encryp ted backup files for the configur
315. e e Rule lt 49911 gt e number dialled 96731234 e manipulated number 4991196731234 20 2 5 Call Translation You can create a list for the translation of subscriber numbers i e this list associates in ternal and external numbers Note Which number called party number or calling party number is translated depends on the direction incoming or outgoing of the call in question For incoming calls it is the called party number for outgoing calls the calling party number that is translated For example the internal number 340 can be shown externally as 09119673900 or a call from outside for the number 09119673200 can be routed internally to the number 340 In the VoIP gt Media Gateway gt Call Translation menu a list of existing transformations is displayed 20 2 5 1 Edit or New Choose the a icon to edit existing entries Select the New button to create entries for call translation bintec Rxxx2 RTxxx2 20 VoIP Extensions Teldat GmbH SIP Accounts Call Routing CLID Translation Call Translation ISDN Trunks Options Basic Parameters Description Direction Associated Line Local Address External Address Both v v OK Cancel Fig 161 VoIP gt Media Gateway gt Call Translation gt New The VoIP gt Media Gateway gt Call Translation gt New menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Direction Asso
316. e Select the interface to be used to perform the action Possible values e Relay default value The overstepping of the limit is coupled with the relay see Physical Interfaces gt Relay gt Relay Con figuration menu e lt Interface gt The selected interface is turned off if the temper ature limit is exceeded bintec Rxxx2 RTxxx2 21 Local Services Teldat GmbH 21 8 4 Ping Generator In the Local Services gt Surveillance gt Ping Generator menu a list of all configured auto matically generated pings is displayed 21 8 4 1 Edit or New Choose the Fay icon to edit existing entries Choose the New button to create additional pings Hosts Interfaces Temperature Ping Generator Basic Parameters Destination IP Address Source IP Address Specific v Interval 10 Seconds Trials 3 OK Cancel Fig 190 Local Services gt Surveillance gt Ping Generator gt New The menu Local Services gt Surveillance gt Ping Generator gt New consists of the follow ing fields Fields in the Basic Parameters menu Field Description Destination IP Address Enter the IP address to which the ping is automatically sent Source IP Address Enter the source IP address of the outgoing ICMP echo request packets Possible values e Automatic The IP address is determined automatically e Specific default value Enter the IP address in the adja cent input field e g to test a particular extended route Interval Ent
317. e four ISDN BRI interfaces and four FXS interfaces The connections are arranged as follows 1 5 6 6 10 10 i _ alo wi AL Te a 2 3 4 5 6 6 9 10 10 Fig 10 Front of bintec RT4202 Front of bintec RT4202 1 CONSOLE Serial interface 2 POWER STATUS LED display for power and status 3 RESET Reset button 4 ETH5 Ethernet interface bintec Rxxx2 RTxxx2 5 ETH1 ETH4 10 100 1000 Base T Ethernet interface 6 BRI1 BRI4 ISDN BRI interface 9 LED LED display 10 FXS1 FXS4 FXS interfaces 5 5 Pin Assignments 5 5 1 Serial interface Your device has a serial interface for connection to a console This supports Baud rates from 1200 to 115200 Bps The interface is designed as a 5 pole mini USB socket Fig 11 5 pole mini USB socket The pin assignment is as follows Pin assignment of the mini USB socket Pin Position Not used TxD RxD Not used GND a fF O N 5 5 2 Ethernet interface The devices have an Ethernet interface with an integrated 4 port switch ETH1 ETH4 and a separate Ethernet interface ETH5 The 4 port switch is used to connect individual PCs or additional switches The ETH5 inter face can be used to connect an optional DSL modem or a DMZ The connection is made via an RJ45 socket bintec Rxxx2 RTxxx2 5 Technic
318. e Autodetect best mode Your device automatically de termines the most favourable mode It first tries all D channel modes before switching to the B channel Costs are incurred for using the B channel e Autodetect only D Channel Modes Your device auto matically determines the most favourable D channel mode The use of the B channel is excluded e Use specific D Channel Mode Your device tries to transfer the IP address in the mode set in the Mode field e Try specific D Channel Mode fall back to B Channel Your device tries to transfer the IP address in the mode set in the Mode field If this does not succeed the IP address is transferred in the B channel This incurs costs e Use only B Channel Mode Your device transfers the IP address in the B channel This incurs costs D Channel Mode Only for Transfer Mode Use specific D Channel Mode or Try specific D Channel Mode fall back to B Channel Select the D channel mode in which your device tries to transfer the IP address Possible values e LLC default value The IP address is transferred in the LLC information elements of the D channel e SUBADDR The IP address is transferred in the subaddress in formation elements of the D channel Field Description e LLC and SUBADDR The IP address is transferred in both the LLC and subaddress information elements 18 1 2 Phase 1 Profiles A list of all configured tunnel profiles is displayed in the VPN gt IP
319. e HTTPS data traffic is sent to a particular link Since a check is run in online banking to see whether all the data traffic comes from the same source data transmission using Load Balancing might be terminated at times without Special Session Handling The Networking gt Load Balancing gt Special Session Handling menu displays a list of entries If you have not configured any entries the list is empty Every entry contains parameters which describe the properties of a data packet in more or less detail The first data packet which the properties configured here match specifies the route for particular subsequent data packets Which data packets are subsequently routed via this route is configured in the Networking gt Load Balancing gt Special Session Handling gt New gt Advanced Settings menu If in the Networking gt Load Balancing gt Special Session Handling gt New menu for ex ample you select the parameter Service http SSL and leave the default value for all the other parameters the first HTTPS packet specifies the Destination Address and the Destination Port i e Port 443 with HTTPS for data packets sent subsequently If underFrozen Parameters for the two parameters Destination Address and Destina tion Port you leave the default setting enabled the HTTPS packets with the same source IP address as the first HTTPS packet are routed via port 443 to the same Destination Ad dress via the same interface as the first HTT
320. e Oe E 102 10 5 3 Options 6 eb bes Sa eo eho otek Se Ree bs 105 10 6 Certificates io kx acy dees Be a Ae he he de hcp de ce Sy a di de E 106 10 6 1 Certificate Eisto y a heSy oe te tol a ods vd Ce el SOR u e 107 10 6 2 CRES cid a ee Yee o cade 116 10 6 3 Certificate Servers x en A A 118 Chapter 11 Physical Interfaces 2 2 0 0 00 eee eee 119 bintec Rxxx2 RTxxx2 11 1 11 1 1 11 2 11 2 1 11 3 11 3 1 11 3 2 11 4 11 4 1 11 5 11 5 1 Chapter 12 12 1 12 1 1 12 2 12 2 1 12 2 2 12 2 3 Chapter 13 13 1 13 1 1 13 1 2 13 1 3 13 1 4 13 2 13 2 1 13 3 AUX at a Ae en ae Re Sis 119 AUX o Sens ae oi te Lee Cae Me aoe o hy ia was te Ma ese 45 119 EthernetiPortS e o e his cee Ba we By rta GP eee A too Gi ge is ie toca E 122 Port Configuration 004 404 24 5 4 fa Woe a bo on a ae 123 ISDN Ports 2 e 125 ISDN Configuration 2 e o 125 MSN Configuration 2 2 a e o o 134 DSL M dem isk tas ac A bak ch es a 4 137 DSL Configuration 2 o o o 137 SHDSE gsi 2 is E E EA ia 141 SHDSL Configuration 2 2 141 LAN oca e don e 145 IP Configuration o e o 145 Interfaces a cdo dle al a doll a at ll de A A 145 VLAN e E a o anne e od 149 MEANS 21 AP A AU A Tate 151 Port Configuration 2 o g 152 Administration o
321. e WAN gt ATM gt Profiles menu If the connection for your Internet access is set up using the internal modem the ATM con nection parameters must be set for this An ATM profile combines a set of parameters for a specific provider By default an ATM profile with the description AUTO CREATED is preconfigured Its values VPI 1 and VCI 32 are suitable for a Telekom ATM connection for example Note The ATM encapsulations are described in RFCs 1483 and 2684 You will find the RFCs on the relevant pages of the IETF www iet org rfc htm 17 2 1 1 New Choose the New button to set up new ATM profiles ATM Profiles Parameter Provider Description Type Virtual Path Identifier 4PI Virtual Channel Identifier YC Encapsulation Ethernet over ATM Settings Default Ethernet for PPPoE Interfaces Profiles Service Categories OAM Controlling User defined v Ethernet over ATM Y la 32 LLC Bridged no FCS vw DEnabled Address Mode static O DHCP IP Address Netmask IP Address Netmask n a Add p MAC Address Muse built in OK cancel Fig 122 WAN gt ATM gt Profiles gt New The menu WAN gt ATM gt Profiles gt New consists of the following fields Fields in the ATM Profiles Parameter menu Field Description Provider Select one of the preconfigured ATM profiles for your provider from the list or manually define the profile using User defined D
322. e have to be deactivated Consequently the operating status of all interfaces on a device must be synchronised This synchronisation is required if multiple interfaces are monitored on a single device This configuration is performed in the Local Services gt BRRP gt VR Synchronisation gt New menu e Switching on the redundancy procedure This configuration is performed in the Local Services gt BRRP gt Options menu You configure the advertisement interface and the virtual interface s in the Local Services gt BRRP gt Virtual Router gt New menu You must configure the same virtual routers with the same interfaces on all physical routers involved in the redundancy proced ure However the virtual routers have different priorities on the various physical routers 21 12 1 1 New Choose the New button to configure other virtual routers Virtual Routers VR Synchronisation Options BRRP Advertisement Interface Ethernet Interface Selectone Y IP Address IP Address Netmask BRRP Monitored Interface Virtual Router Interface Advertisement interface not selected IP Address Netmask Virtual Router IP Address 255 255 255 0 C Add Virtual Router ID 1 S Virtual Router Priority 100 Advanced Settings Advertisement send interval fi Master down trials fi 0 Pre empt mode go back into master state V Enabled Enable authentication o oK C Cancel Fig 197 Local Services gt BRRP gt Virtual Routers gt
323. e in greater detail Possible values e Any default value e Echo Reply e Destination unreachable O oures Quenela e Redirect e Echo e Time Exceeded e Parameter Problem e Timestamp e Timestamp Reply e Information Request e Information Reply e Address Mask Request e Address Mask Reply Field Description Code Selection options for the ICMP codes are only available for Type Destination unreachable Possible values e Any default value e Net Unreachable e Host Unreachable e Protocol Unreachable e Port Unreachable e Fragmentation Needed e Communication with Destination Network is Ad ministratively Prohibited e Communication with Destination Host is Admin istratively Prohibited 19 4 2 Groups A list of all configured service groups is displayed in the Firewall gt Services gt Groups menu You can group together services This makes it easier to configure firewall rules 19 4 2 1 New Choose the New button to set up additional service groups bintec Rxxx2 RTxxx2 Service List Groups Basic Parameters Description Service Selection KaZaA activity any apple qt auth chargen clients_1 clients_2 daytime dhcp Members discard O O O O O O O O O O O O O O O O O O O O O C OK C Cancel __ Fig 154 Firewall gt Services gt Groups gt New The menu Firewall gt Services gt Groups gt New consists of the following fields Fields
324. e length of time in minutes for which an address from the pool is to be assigned to a host After the Lease Time expires the address can be reassigned by the server The default value is 120 DHCP Options Specify which additional data is forwarded to the DHCP client Possible values for Option e Time Server default value Enter the IP address of the time server to be sent to the client Teldat GmbH 21 Local Services Field Description e DNS Server Enter the IP address of the DNS server to be sent to the client e DNS Domain Name Enter the DNS domain to be sent to the client e WINS NBNS Server Enter the IP address of the WINS NBNS server to be sent to the client e WINS NBT Node Type Select the type of the WINS NBT node to be sent to the client e TFTP Server Enter the IP address of the TFTP server to be sent to the client e CAPWAP Controller Enter the IP address of the CAPWAP controller to be sent to the client e URL provisioning server This option enables you to send a client any URL Use this option to send querying IP1x0 telephones the URL of the provisioning server if the telephones are to be provisioned automatically The URL then needs to take the form ht tp lt IP address of the provisioning serv er gt eg prov e Vendor Group Vendor Specific Information This enables you to send the client any manufacturer specific information in any text string Several entries are possible Add ad
325. e of a command line for using cu cu s 9600 c dev ttySl Example of a command line for using tip tip 9600 dev ttySs1 8 Access and configuration Teldat GmbH 8 1 3 Access over ISDN All devices that have an ISDN interface can be accessed and configured from another device via an ISDN call Access over ISDN with ISDN Login is especially recommended if your device is to be re motely configured or maintained This is also possible even if your device is still in the ex works state Access is then obtained with the aid of a device that is already configured or a PC with an ISDN card in the remote LAN The device to be configured in your own LAN is reached via a number of the ISDN connection e g 1234 This enables the administrator in the Remote LAN to configure your device remotely for example Note If you connect an unconfigured device to an ISDN connection in parallel to a PBX the PBX cannot take any calls until an ISDN number is configured on the device Access over ISDN costs money If your device and your computer are in the LAN it is cheaper to access your device via the LAN or via the serial interface Your device in your LAN merely needs to be connected to the ISDN connection and switched on To reach your device over ISDN Login proceed as follows 1 Connect your device to the ISDN 2 Log in as administrator on your device in the remote LAN in the usual way 3 Inthe SNMP shell type inisdnlogin lt number of t
326. e that a connection is terminated If this happens the relevant AP with the setting Remote WAN maintains its con figuration until the connection is reestablished It then boots up and the controller and the AP then resynchronize Slave AP LED mode The feature is only for the Access Points W1003n W2003n W2003n ext and W2004n available Select the lighting scheme of the slave AP LEDs Possible values e State default value Only the status LED flashes once per second e Flashing All LEDs show their standard behavior e Off All LEDs are deactivated 13 3 Slave AP configuration In this menu you will find all of the settings that are required to manage the slave access points Teldat GmbH 13 Wireless LAN Controller 13 3 1 Slave Access Points Slave Access Points Radio Profiles Wireless Networks VSS Automatic Refresh Interval 60 Seconds Apply View 20 per page Fitter in None v equal v Go Location lt Name IP Address LAN MAC Address Channel Search Channel Status Action 1 wi2040n 10 0 0 232 00 01 cd 06 76 fa auto Ch 100 Omtanages HH E e Page 1 Items 1 1 Fig 63 Wireless LAN Controller gt Slave AP configuration gt Slave Access Points In the Wireless LAN Controller gt Slave AP configuration gt Slave Access Points menu a list of all APs found with the wizard is displayed You will see an entry with a parameter set for each access point Location Name IP Ad dress LAN MAC Addre
327. e values e Standard Defines a route with the default parameters e Extended Select whether the route is to be defined with ex tended parameters If the function is active a route is created with extended routing parameters such as source interface and source IP address as well as protocol source and des tination port type of service TOS and the status of the device interface Fields in the menu Route Parameters Field Description Local IP Address Destination IP Ad dress Netmask Gateway IP Address Metric Only for Route Type Default Route via Interface Host Route via Interface or Network Route via Interface Enter the IP address of the host to which your device is to for ward the IP packets Only for Route Type Host Route via Interface or Net work Route via Interface Enter the IP address of the destination host or destination net work When Route Type Network Route via Interface Also enter the relevant netmask in the second field Only for Route Type Default Route via Gateway Host Route via Gateway Or Network Route via Gateway Enter the IP address of the gateway to which your device is to forward the IP packets Select the priority of the route The lower the value the higher the priority of the route Value range from 0 to 15 The default value is 7 Teldat GmbH 14 Networking Fields in the menu Extended Route Parameters Field Description Description Enter a description for the
328. ead office for example Password If you are already familiar with configuring Teldat devices and want to get started right away all you really need to know is the factory default user name and password Note User Name admin Password admin Note Remember to change the password immediately when you log in to the device for the first time All Teldat devices are supplied with the same password which means they are not protected against unauthorised access until you change the password How to change the passwords is described in chapter Modify system password on page 45 Workshops Step by step instructions for the most important configuration tasks can be found in the separate Application Workshop guide for each application which can be downloaded from the www teldat de website under Solutions Dime Manager The devices are also designed for use with Dime Manager The Dime Manager manage ment tool can locate your Teldat devices within the network quickly and easily The NET based application which is designed for up to 50 devices offers easy to use func tions and a comprehensive overview of devices their parameters and files All devices in the local network including remote devices that can be reached over SNMP are located using SNMP Multicast irrespective of their current IP address A new IP ad dress and password and other parameters can also be assigned A configuration can then be initiated over HTTP or TELNET If u
329. ed The function is disabled by default Send Certificate Re Select whether certificate requests are to be sent during IKE quest Payloads phase 1 The function is enabled with Enabled The function is enabled by default Send Certificate Select whether complete certificate chains are to be sent during Chains IKE phase 1 The function is enabled with Enabled The function is enabled by default Deactivate this function if you do not wish to send the peer the certificates of all levels from your level to the CA level Send CRLs Select whether CRLs are to be sent during IKE phase 1 The function is enabled with Enabled The function is disabled by default Send Key Hash Pay Select whether key hash payloads are to be sent during IKE loads phase 1 In the default setting the public key hash of the remote end is sent together with the other authentication data Only applies for RSA encryption Activate this function with Enabled to sup press this behaviour 18 2 L2TP The layer 2 tunnel protocol L2TP enables PPP connections to be tunnelled via a UDP connection Your Teldat device supports the following two modes e L2TP LNS Mode L2TP Network Server for incoming connections only e L2TP LAC Mode L2TP Access Concentrator for outgoing connections only Note the following when configuring the server and client An L2TP tunnel profile must be created on each of the two sides LAC and LNS The corresponding L
330. ed bridge Port Shows the port on which the bridge is active 24 6 HotSpot Gateway 24 6 1 HotSpot Gateway A list of all linked hotspot users is displayed in the Monitoring gt HotSpot Gateway gt Hot Spot Gateway menu HotSpot Gateway Automatic Refresh Interval feo Seconds Apply Authenticated HotSpot User User Name IP Address Physical Address Logon Interface Fig 222 Monitoring gt HotSpot Gateway gt HotSpot Gateway Values in the HotSpot Gateway list bintec Rxxx2 RTxxx2 24 Monitoring Teldat GmbH Field Description User Name Displays the user s name IP Address Shows the IP address of the user Physical Address Shows the physical address of the user Logon Displays the time of the notification Interface Shows the interface used 24 7 QoS In the Monitoring gt QoS menu statistics are displayed for interfaces on which QoS has been configured 24 7 1 QoS A list of all interfaces for which QoS was configured is displayed in the Monitoring gt QoS gt QoS menu Qos QoS Interface QoS Queue Send Dropped Queued Fig 223 Monitoring gt QoS gt QoS Values in the QoS list Field Description Interface Shows the interface for which QoS has been configured QoS Queue Shows the QoS queue which has been configured for this inter face Send Shows the number of sent packets with the corresponding pack et class Dropped Shows the number of rejected packets with the corresponding packet
331. ed by this channel bundle is to behave during connection setup You only need to configure these parameters if you used X 75 in layer 2 Possible values O DGIE TE 11 3 2 MSN Configuration In this menu you can assign the available ISDN numbers to the required services e g PPP routing ISDN login If you use the ISDN interface for outgoing and incoming dialup connections your own num bers for this interface can be entered in this menu these settings are not possible for leased lines Your device distributes the incoming calls to the internal services according to the settings in this menu Your own number is included as the calling party number for outgoing calls The device supports the following services e PPP Routing The PPP routing service is your device s general routing service This enables ISDN remote terminals to establish data connections with your LAN among oth er things This enables partners outside your own local network to access hosts within your LAN It is also possible to establish outgoing data connections to ISDN remote ter minals e ISDN Login The ISDN login service enables both incoming data connections with access to the SNMP shell of your device and outgoing data connections to other Teldat devices As a result your device can be remotely configured and administrated e PSec Teldat devices support the DynDNS service to enable hosts without fixed IP ad dresses to obtain a secure connectio
332. ed in the system Teldat GmbH 21 Local Services Fields in the IP address to use for DNS WINS server assignment menu Field Description As DHCP Server Select which name server addresses are sent to the DHCP cli ent if your device is used as DHCP server Possible values e None No name server address is sent e Own IP Address default value The address of your device is transferred as the name server address e DNS Setting The addresses of the global name servers entered on your device are sent As IPCP Server Select which name server addresses are to be transmitted by your device in the event of dynamic server name negotiation if your device is used as the IPCP server for PPP connections Possible values e None No name server address is sent e Own IP Address The address of your device is transferred as the name server address e DNS Setting default value The addresses of the global name servers entered on your device are sent 21 1 2 DNS Servers A list of all configured DNS servers is displayed in the Local Services gt DNS gt DNS Serv ers menu 21 1 2 1 Edit or New Choose the pl icon to edit existing entries Select the New button to set up additional DNS servers Here you can configure both global DNS servers and DNS servers that are to be assigned to a particular interface Configuring a DNS server for a particular interface can be useful for example if accounts with different provi
333. een the endpoints of the VCC or VPC The function is enabled with Enabled The function is disabled by default Only if Loopback End to End is enabled Enter the time in seconds after which a loopback cell is to be sent Possible values are 0 to 999 The default value is 5 Only if Loopback End to End is enabled Enter the number of directly consecutive loopback cells that may fail to materialise before the connection is regarded as in terrupted down Possible values are 1 to 99 The default value is 5 17 WAN Teldat GmbH Field Description Loopback Segment Select whether you want to activate the loopback test for the segment connection segment connection of the local end point to the next connection point of the VCC or VPC The function is enabled with Enabled The function is disabled by default Segment Send Interval Only if Loopback Segment is enabled Enter the time in seconds after which a loopback cell is sent Possible values are 0 to 999 The default value is 5 Segment Pending Re Only if Loopback Segment is enabled quests Enter the number of directly consecutive loopback cells that may fail to materialise before the connection is regarded as in terrupted down Possible values are 1 to 99 The default value is 5 Fields in the CC Activation menu Field Description Continuity Check CC Select whether you activate the OAM CC test for the connection End to End between the
334. el Fig 49 Physical Interfaces gt AUX gt AUX The Physical Interfaces gt AUX gt AUXmenu consists of the following fields Fields in the Basic Settings menu Field Description AUX Port Status Line Speed Select whether the AUX port should be enabled or disabled The port is enabled by choosing Enabled The port is disabled by default Only for AUX Port Status enabled Here you select the speed at which the gateway addresses the modem in bps Possible values e Default The Baud rate of the serial terminal connection is retained 9600 in ex works state All other values mean that the modem is addressed at the cor responding speed in bps e 9600 bps O AZO 199 e 38400 bps e 57600 bps default value Recommended for communica tion with a GSM modem e 115200 bps Recommended for communication with an ana Teldat GmbH 11 Physical Interfaces Field Description logue modem Incoming Service Type Only for AUX Port Status enabled Here you select the gateway subsystem to which an incoming call over the modem is to be assigned Possible values e Disabled No call is accepted e ISDN Login The call is assigned to the ISDN Login subsys tem e PPP Dialin default value The call is assigned to the PPP subsystem SIM Card Uses PIN Only for AUX Port Status enabled Here you enter the PIN of your GSM modem if your modem asks for it Entering a wrong PIN blocks communication with the
335. elect whether the RADIUS server configured in this entry is to 10 System Management Teldat GmbH Field Value be used The function is activated by selecting Enabled The function is enabled by default Group Description Define a new RADIUS group description or assign the new RA DIUS entry to a predefined group The configured RADIUS servers for a group are queried according to Priority and the Policy Possible values e New default value Enter a new group description in the text field e Default Group 0 Select this entry for special applications such as Hotspot Server configuration e lt Group Name gt Select a predefined group from the list The Advanced Settings menu consists of the following fields Fields in the Advanced Settings menu Field Value Policy Select how your device is to react if a negative response to a re quest is received Possible values e Authoritative default value A negative response to a request is accepted e Non authoritative A negative response to a request is not accepted A request is sent to the next RADIUS server un til your device receives a response from a server configured as authoritative UDP Port Enter the UDP port to be used for RADIUS data RFC 2138 defines the default ports 1812 for authentication 1645 in older RFCs and 1813 for accounting 1646 in older RFCs You can obtain the port to be used from the documenta tion for your RADIUS server The defaul
336. elow The GUI internet wizard can be used to help configure al ternative configuration types 7 5 1 Internet connection over internal ADSL modem The devices R3002 and RT3002 have an integrated ADSL2 modem for establishing a fast internet connection To make it easier to configure an ADSL internet connection the GUI has a Assistants to guide you through the connection set up process simply and quickly A selection of preconfigured connections from leading providers T Home Arcor makes con figuration even easier 1 In GUI select the Assistants gt Internet Access menu 2 With New make a new entry and take over the Connection Type Internal ADSL Modem 3 Follow the steps shown by the wizard The wizard has its own online help which of fers all of the information you may require 4 Once you have exited the wizard save the configuration by clicking on the Save con figuration button above the menu navigation Teldat GmbH 7 Basic configuration 75 2 Other internet connections In addition to an ADSL connection over the internal ADSL2 modem you can connect your device over other connection types with the internet or over an external modem e g a cable modem or an external gateway The corresponding wizard in GUI provides support for configurations of this type You can find the Internet wizards and other wizards for easy configuration of various applications at the top of the menu tree under Assistants 7 5 3 Testing the
337. em Management gt Certificates gt Certificate List gt 2 menu consists of the fol lowing fields Fields in the Edit parameters menu Field Description Description Shows the name of the certificate key or request Certificate is CA Certi Mark the certificate as a certificate from a trustworthy certifica ficate tion authority CA bintec Rxxx2 RTxxx2 Teldat GmbH 10 System Management Field Description Certificates issued by this CA are accepted during authentica tion The function is enabled with True The function is disabled by default Certificate Revocation Only for Certificate is CA Certificate True List CRL Checking Define the extent to which certificate revocation lists CRLs are to be included in the validation of certificates issued by the own er of this certificate Possible settings e Disabled No CRLs check e Always CRLs are always checked O Cally iif 2 CRE Digtrilouciem Roine is present default value A check is only carried out if a CRL Distribution Point entry is included in the certificate This can be determined under View Details in the certificate content e Use settings from superior certificate The set tings of the higher level certificate are used if one exists It is does not the same procedure is used as that described under Only if a CRL Distribution Point is present Force certificate to be Define that this certificate is to be accepted as the user certific
338. enabled for the inter face The function is enabled with Enabled The function is enabled by default Maximum E mails per Minute Limit the number of outgoing mails per minute Possible values are 1 to 15 the default value is 6 Fields in the E mail Parameters menu Field Description E mail Address Enter the mail address to be entered in the sender field of the E mail SMTP Server Enter the address IP address or valid DNS name of the mail server to be used for sending the mails The entry is limited to 40 characters SMTP Authentication Authentication expected by the SMTP server 23 External Reporting Teldat GmbH Field Description Possible values None default value The server accepts and send emails without further authentication e ESMTP The server only accepts e mails if the router logs in with the correct user name and password e SMTP after POP The server requires that e mails are called via POP3 by the sending IP with the correct POP3 user name and password before sending an e mail User Name Only if SMTP Authentication ESMTP or SMTP after POP Enter the user name for the POP3 or SMTP server Password Only if SMTP Authentication ESMTP or SMTP after POP Enter the password of this user POP3 Server Only if SMTP Authentication SMTP after POP Enter the address of the server from which the e mails are to be retrieved POP3 Timeout Only if SMTP Authentication SMTP after POP
339. ent channels In the case of manual channel selection please make sure first that the APs actually support these channels Possible values according to the selected wireless module pro file e For Operation Band 2 4 GHz In Outdoor Possible values are 1 to 13 and Auto default value e For Operation Band 5 GHz Indoor Possible values are 36 40 44 48 and Auto default value e For Operation Band 5 GHz In Outdoor and 5 GHz Outdoor Only the Auto option is possible here Used Channel Only for managed APs Displays the channel that is currently in use Transmit Power Displays the transmission power You can select another trans mission power Possible values e Max default value The maximum antenna power is used OD els e 8 dBm e 11 dBm e 14 dBm e 16 dBm Assigned Wireless Displays the wireless networks that are currently assigned Network VSS 13 3 2 Radio Profiles Slave Access Points Radio Profiles Wireless Networks VSS Radio Profiles Configured Radio Modules Operation Band Wireless Mode 2 4 GHz Radio Profile 0 2 4 GHz In Outdoor 802 1 Abigin pl 5 GHz Radio Profile oO 5GHzindoor 802 11a n im pl Fig 65 Wireless LAN Controller gt Slave AP configuration gt Radio Profiles An overview of all created wireless module profiles is displayed in the Wireless LAN Con troller gt Slave AP configuration gt Radio Profiles menu A profile with 2 4
340. er Note that for VoIP to VoIP connections there is no code translation for different VoIP terminal codecs The codecs of media gateway and VoIP terminals must there fore agree If the function is disabled RTP sessions are not terminated on the media gateway i e all RTP streams are routed by the me dia gateway without termination The RTP data packets can be routed in complex networks and thus also via other gateways The function is enabled with Enabled The function is enabled by default Default Drop Extension You can specify an extension to which incoming calls are for warded if they cannot be assigned to an extension or connected PABX Dial Latency Enter the maximum delay time before the system assumes the call number entered is complete and starts the SIP dialling pro cess sends the SIP INVITE message This timeout is reset each time that a button is pressed Possible values are 0 to 15 Teldat GmbH 20 VoIP Field Description The default value is 5 If you terminate the number entered with dialling is immedi ate Fields in the Advanced Settings menu Field Description Speed Dialing Define short sequences of numbers that can be dialled instead of the entire number Click Add to configure new speeddial numbers Enter the desired speeddial number for the user e g 123 under Shortcut Under Replacement enter the subscriber number to be dialled in place of the speed dial number e g 09119673
341. er or sends these to the connection partner The function is enabled with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is enabled with Enabled The function is disabled by default LCP Alive Check Select whether the availability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a backup connection more quickly in the event of line faults The function is enabled with Enabled The function is enabled by default MTU Enter the maximum packet size Maximum Transfer Unit MTU in bytes that is allowed for the connection With default value Automatic the value is specified by link control at connection setup If you disable Automatic you can enter a value Possible values are 1 to 8192 Field Description The default value is 0 17 1 2 PPTP A list of all PPTP interfaces is displayed in the WAN gt Internet Dialup gt PPTP menu In this menu you configure an Internet connection that uses the Point Tunnelling Protocol PPTP to set up a connection This is required in Austria for example 17 1 2 1 New Choose the New button to set up new PPTP interfaces bintec Rxxx2 RTxxx2 Basic Parameters Description PPTP Interface User Name Password
342. er the LNS should only use the monitored port lection UDP Destination Port as the local source port for the L2TP connection The function is enabled with Fixed The function is disabled by default 18 3 PPTP The Point to Point Tunnelling Protocol PPTP can be used to set up an encrypted PPTP tunnel to provide security for data traffic over an existing IP connection First a connection to an ISP Internet Service Provider is set up at both sites Once these connections are available a tunnel is set up to the PPTP partner over the Internet using PPTP The PPTP subsystem sets up a control connection between the endpoints of the tunnel This is used to send control data to set up keep alive and terminate the connection between the two PPTP tunnel end points As soon as this control connection is set up the PPTP transfers the traffic data packed in GRE packets GRE Generic Routing Encapsu lation 18 3 1 PPTP Tunnels A list of all PPTP tunnels is displayed in the PPTP Tunnels menu 18 3 1 1 New Click on New to set up further PPTP partners Fete opens 1p Poots PPTP Partner Parameters Description PPTP Mode OPNS Owindows Client Mode User Name Password Joccccece Always on DEnabled Connection Idle Timeout 300 Seconds Remote PPTP IP Address IP Mode and Routes IP Address Mode Ostatic O Provide IP Address Default Route DEnabled Create NAT Policy DEnabled Local I
343. er the interval in seconds during which the ping is sent to the address specified in Remote IP Address Possible values are 1to 65536 Field Description The default value is 10 Trials Enter the number of ping tests to be performed until Destina tion IP Address as Unreacheable applies The default value is 3 21 9 ISDN Theft Protection With the ISDN theft protection function you can prevent a thief who has stolen a gateway from gaining access to the gateway owner s LAN Without theft protection he could dial in to the LAN by ISDN if under WAN gt Internet Dialup gt ISDN gt g the field Always on is activated 21 9 1 Options All interfaces for which the theft protection is enabled are administratively set to down when the gateway boots The gateway then calls itself by ISDN and checks its location If the configured ISDN call numbers differ from the numbers dialled the interfaces remain disabled If the numbers agree the device assumes that it is at the original location and the inter faces are administratively set to up To reduce cost the function uses the ISDN D channel Note Note that the ISDN theft protection function is not available for Ethernet interfaces bintec Rxxx2 RTxxx2 21 Local Services Basic Parameters ISDN Theft Protection Service Dialling Number Incoming Number Outgoing Number Monitored Interfaces Number of Dialling Retries Timeout Teldat GmbH Options
344. er your device receives requests from RADIUS server dialout routes This enables temporary interfaces to be configured automatically and your device can initiate outgoing connections that are not configured permanently The function is activated by selecting Enabled Field VENTO The function is disabled by default If the function is active you can enter the following options e Reload Interval Enter the time period in seconds between update intervals The default entry here is 0 i e an automatic reload is not car ried out 10 5 2 TACACS TACACS permits access control for your device network access servers NAS and other network components via one or more central servers Like RADIUS TACACS is an AAA protocol and offers authentication authorisation and accounting services TACACS Accounting is currently not supported by Teldat devices The following TACACS functions are available on your device e Authentication for login shell e Command authorisation on the shell e g telnet show TACACS uses TCP port 49 and establishes a secure and encrypted connection A list of all entered TACACS servers is displayed in the System Management gt Remote Authentication gt TACACS menu 10 5 2 1 Edit or New Choose the i icon to edit existing entries Choose the New button to add TACACS serv ers bintec Rxxx2 RTxxx2 Teldat GmbH Basic Parameters Authentication Type Server IP Address TACACS Secret Priori
345. erated Possible values e off default value The wireless module profile is not active e Access Point Your device is used as an access point in bintec Rxxx2 RTxxx2 Teldat GmbH 13 Wireless LAN Controller Field Description your network Operation Band Select the frequency band of the wireless module profile Possible values e 2 4 GHz In Outdoor default value Your device is oper ated at 2 4 GHz mode 802 11b mode 802 11g and mode 802 11n inside or outside buildings e 5 GHz Indoor Your device is operated at 5 GHz mode 802 11a h and mode 802 11n inside buildings e 5 GHz Outdoor Your device is operated at 5 GHz mode 802 11a h and mode 802 11n outside buildings e 5 GHz In Outdoor Your device is operated at 5 GHz mode 802 11a h and mode 802 11n inside or outside build ings e 5 8 GHz Outdoor Only for so called Broadband Fixed Wireless Access BFWA applications The frequencies in the frequency range from 5755 MHz to 5875 MHz may only be used in conjunction with commercial offers for public network accesses and requires registration with the Federal Network Agency Bandwidth Not for Operation Band 2 4 GHz In Outdoor Select how many channels are to be used Possible values e 20 MHz default value One channel with 20 MHz bandwidth is used e 40 MHz Two channels each with 20 MHz bandwidth are used In the case one channel acts as a control channel and the other as an expansion channel
346. erator Route Entries Define other routing entries for this connection class Add new entries with Add Teldat GmbH 17 WAN The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description LCP Alive Check Select whether the reachability of the remote terminal is to be checked The function is enabled with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload The function is enabled with Enabled The function is disabled by default Compression If necessary select the type of encryption that should be used for data traffic to the connection partner If encryption is set the remote terminal must also support it otherwise a connection cannot be set up Possible values e None default value Encryption is not used eS LAE IMSS MAS e MPPC Microsoft Point to Point Compression Fields in the IP Options menu Field Description OSPF Mode Specify whether OSPF protocol packets are sent over the inter face Possible values e Passive default value OSPF is not activated for this inter face i e no OSPF protocol packets sent over this interface Networks reachable over this interface are however included when calculating the routing information and propagated over active interfaces e Active OSPF is not activated for this interface i e OS
347. ered taking into account the priority con figured and if the relevant interface status is up the primary DNS server is queried and then the secondary DNS server If one of the DNS servers can resolve the name the information is forwarded and a dynamic entry created in the cache Otherwise if a suitable Internet or dialin connection is selected as the standard inter face the relevant DNS server is asked depending on the configuration of the Internet or dialin connections if necessary by setting up a WAN connection at extra cost If one of the DNS servers can resolve the name the information is forwarded and a dy namic entry created in the cache Otherwise if overwriting the addresses of the global name servers is allowed in the WAN gt Internet Dialup menu Interface Mode Dynamic a connection is set up if necessary at extra cost to the first Internet or dialin connection configured to en able DNS server addresses to be requested from DNS servers DNS Negotiation Enabled if this has not been already attempted When the name servers have been negotiated successfully these name servers are then available for more queries Otherwise the initial request is answered with a server error If one of the DNS servers answers with non existent domain the initial request is im mediately answered accordingly and a corresponding negative entry is made in the DNS cache of your device 21 1 1 Global Settings Global Settings DN
348. erent speeds e g 100 mbps and 10 mbps networks Option of switching between the pulse dialling method and MFC method by means of a switch or key input on the terminal such as the telephone or fax machine Transmission process in which the sender and receiver operate with exactly the same clock signals in contrast to asynchronous trans mission Spaces are bridged by a stop code Syslog is used as the de facto standard for transmitting log mes sages in an IP network Syslog messages are sent as unencrypted text messages over the UDP port 514 and collected centrally They are usually used to monitor computer systems Telephone that belongs to a modern PBX which depending on the PBX has a number of special features and keys e g the T Concept PX722 Product name used by Deutsche Telekom AG for its DSL services and products Product name for T Com fax machines Telephony faxing data transfer and online services from one net work and a single connection T ISDN offers exciting services with numerous benefits for example a point to multipoint connection the ideal solution for families or small businesses This connection Glossary T Net T NetBox T NetBox telephone number T Online T Online software T Service T Service access TA Teldat GmbH option which can be used with the existing telephone cable costs less than two telephone connections but offers far greater quality and ease of use Two
349. erial cable Network cable 19 inch installation kit 4x rubber feet self adhesive Companion DVD Quick Install Guide and safety notices printed User s Guide on DVD bintec Dime Manager User s Guide on DVD Release Notes if required Installation poster printed RT1202 Ethernet cable ISDN BRI cable Serial cable Network cable 19 inch installation kit 4x rubber feet self adhesive Companion DVD Quick Install Guide and safety notices printed User s Guide on DVD bintec Dime Manager User s Guide on DVD Release Notes if required Installation poster printed RT3002 Ethernet cable Companion DVD Quick Install Guide and safety notices printed bintec Rxxx2 RTxxx2 Product Cable sets other Software Documentation name ISDN BRI cable User s Guide on DVD Serial cable bintec Dime Manager User s Guide on DVD Network cable Release Notes if required 2 ADSL cables for Annex A and for Annex B Installation poster printed 19 inch installation kit 4x rubber feet self adhesive RT3502 Ethernet cable Companion DVD Quick Install Guide and safety notices printed ISDN BRI cable User s Guide on DVD Serial cable bintec Dime Manager Network cable User s Guide on DVD VDSK cable Release Notes if required 19 inch installation kit Installation poster printed 4x rubber feet self adhesive RT4202 Ethernet cable Compani
350. erminals from the WAN across the NAPT barrier Choose the Fay icon to edit existing static entries Teldat GmbH 20 VoIP Note Entries created dynamically for active sessions cannot be edited These entries can only be removed resulting in the immediate termination of the corresponding SIP con nection SIP Proxies SIP Endpoints Basic Parameters Type of Endpoint O client O Server Protocol UDP vw Internal IP Address ho Remote Port A External Port A OK Cancel Fig 156 VoIP gt Application Level Gateway gt SIP Endpoints gt g New The VoIP gt Application Level Gateway gt SIP Endpoints gt g New menu consists of the following fields Fields in the Basic Parameters menu Field Description Type of Endpoint Select the role for the SIP endpoint in the LAN Possible values e Client default value The internal SIP endpoint is a SIP cli ent e g telephone e Server The internal SIP endpoint is a SIP server into which the SIP endpoint can login externally Protocol Select the protocol to be used for data transmission Possible values e UDP default value O MEI If a protocol has been automatically recognised it should not be changed 20 VoIP Teldat GmbH Field Description Internal IP Address Specify the IP address for the internal SIP endpoint in the LAN Remote Port Only for Type of Endpoint Client Enter the port of the removed SIP terminal in the WAN Internal Port Only for Type
351. erver You can use the CAPI Server function to assign user names and passwords to users of the CAPI applications on your device This makes sure that only authorised users can receive incoming calls and make outgoing calls via CAPI The CAPI service allows connection of incoming and outgoing data and voice calls to com munications applications on hosts in the LAN that access the Remote CAPI interface of your device This enables for example hosts connected to your device to receive and send faxes Note All incoming calls to the CAPI are offered to all registered and eavesdropping CAPI applications in the LAN In the ex works state a user with the user name default and no password is entered for the CAPI subsystem Once you ve created your intended users with password you should delete the de fault user without password 21 6 1 User A list of all configured CAPI users is displayed in the Local Services gt CAPI Server gt User menu bintec Rxxx2 RTxxx2 21 6 1 1 New Choose the New button to set up new CAPI users User Options Basic Parameters User Name Password ecccccce Access MeEnablea OK C cancel Fig 182 Local Services gt CAPI Server gt User gt New The menu Local Services gt CAPI Server gt User gt New consists of the following fields Fields in the Basic Parameters menu Field Description User Name Enter the user name for which access to the CAPI service is to be allowed or den
352. erver after 1 2 4 8 and 16 minutes e Aggressive For ten minutes the system attempts to con tact the time server after 1 2 4 8 seconds and then every 10 seconds Endless For an unlimited period the system attempts to contact the time server after 1 2 4 8 seconds and then every 10 seconds If certificates are used to encrypt data traffic in a VPN it is ex tremely important that the correct time is set on the device To ensure this is the case for Time Update Policy select the value Endless 10 System Management Teldat GmbH Field Description Internal Time Server Select whether the internal timeserver is to be used The function is activated by selecting Enabled Time requests from a client will be answered with the current system time This is given as GMT without offset The function is disabled by default Time requests from a client are not answered 10 2 4 System Licences This chapter describes how to activate the functions of the software licences you have pur chased The following licence types exist e Licences already available in the device s ex works state e Free extra licences e Extra licences at additional cost The data sheet for your device tells you which licences are available in the device s ex works state and which can also be obtained free of charge or at additional cost You can access this data sheet at www teldat de Entering licence data You can obtain the licence data
353. ervers menu 23 1 1 1 New Select the New button to set up additional syslog servers Syslog Servers Basic Parameters IP Address Level Information Facility locald Timestamp Onone O Time Date amp Time Protocol upp Otcp Type of Messages Osystem Accounting system amp Accounting oK C cancel Fig 205 External Reporting gt Syslog gt Syslog Servers gt New The menu External Reporting gt Syslog gt Syslog Servers gt New consists of the following fields Fields in the Basic Parameters menu Field Description IP Address Enter the IP address of the host to which syslog messages are passed Level Select the priority of the syslog messages that are to be sent to the host Possible values e Emergency highest priority e Alert O Ceijed el O iaa e Warning e Notice e Information default value bintec Rxxx2 RTxxx2 Teldat GmbH 23 External Reporting Field Description e Debug lowest priority Syslog messages are only sent to the host if they have a higher or identical priority to that indicated i e at syslog level Debug all messages generated are forwarded to the host Facility Enter the syslog facility on the host This is only required if the Log Host is a Unix computer Possible values loca10 7 The default value is 1o0ca10 Timestamp Select the format of the time stamp in the syslog Possible values e None default value No system time in
354. ervice 0900 Glossary the information providers The provided information is accessed us ing the telephone number 0190 which is uniform across Germany plus a 6 digit telephone number Information offering Entertainment weather finance sport health support and service hotlines Additional voice service from T Com Allows calls to be received via a location independent telephone number uniform across Germany starting with the numbers 0700 Free of charge routing to national fixed network Enhancement with Vanity possible Additional voice service from T Com Replaces Service 0190 Service number 0180 Additional voice service 0180call from T Com to receive calls from a Services Setup Tool SHA1 SHDSL Short hold Signalling Simplex operation ISDN subscribers only location dependent telephone number uniform across Germany starting with the numbers 0180 Euro ISDN contains service indicates with defined names Some of these have only historical meaning In general you should choose the Telephony service for real telephone calls If this selection does not work depends on network operator you can try speech audio 3k1Hz or telephony 3k1Hz The same applies for faxing Here too there is the collective term Fax plus a couple of more specific cases From a purely technical point of view the services are bits in a data word evaluated by means of a mask If you include several bits in the mask all these
355. escription Only for Provider User defined Enter the desired description for the connection ATM Interface Only if several ATM interfaces are available e g if several inter faces are separately configured in devices with SHDSL Select the ATM interface that you wish to use for the connec tion Type Only for Provider User defined Select the protocol for the ATM connection Possible values bintec Rxxx2 RTxxx2 17 WAN Teldat GmbH Field Description e Ethernet over ATM default value Ethernet over ATM EthoA is used for the ATM connection Permanent Virtual Circuit PVC e Routed Protocols over ATM Routed Protocols over ATM RPOA is used for the ATM connection Permanent Vir tual Circuit PVC e PPP over ATM PPP over ATM PPPoA is used for the ATM connection Permanent Virtual Circuit PVC Virtual Path Identifier Only for Provider User defined VPI Enter the VPI value of the ATM connection The VPI is the iden tification number of the virtual path to be used Note your pro vider s instructions Possible values are 0 to 255 The default value is 8 Virtual Channel Identi Only for Provider User defined fier VCI Enter the VCI value of the ATM connection The VCI is the iden tification number of the virtual channel A virtual channel is the logical connection for the transport of ATM cells between two or more points Note your provider s instructions Possi
356. eserve Interface 4 Add OK Cancel Fig 87 Networking gt QoS gt QoS Classification gt New The Networking gt QoS gt QoS Classification gt New menu consists of the following fields Fields in the Basic Parameters menu Field Description Class map Description Filter Choose the class plan you want to create or edit Possible values New default value You can create a new class plan with this setting e lt Name of class plan gt Shows a class plan that has already been created which you can select and edit You can add new filters Only for Class map New Enter the name of the class plan Select an IP filter If the class plan is new select the filter to be set at the first point of the class plan If the class plan already exists select the filter to be attached to the class plan bintec Rxxx2 RTxxx2 14 Networking Teldat GmbH Field Description To select a filter at least one filter must be configured in the Networking gt QoS gt QoS Filter menu Direction Select the direction of the data packets to be classified Possible values Incoming Incoming data packets are assigned to the class Class ID that is then to be defined e Outgoing default value Outgoing data packets are as signed to the class Class ID that is then to be defined e Both Incoming and outgoing data packets are assigned to the class Class ID that is then to be defined
357. ess module profile are being set up Channel Displays the channel that is assigned You can select an alternative channel Teldat GmbH M 13 Wireless LAN Controller The number of channels you can select depends on the country setting Please consult the data sheet for your device Note Configuring the network name SSID in Access Point mode means that wireless net works can be logically separated from each other but they can still physically interfere with each other if they are operating on the same or closely adjacent wireless chan nels So if you are operating two or more radio networks close to each other it is ad visable to allocate the networks to different channels Each of these should be spaced at least four channels apart as a network also partially occupies the adjacent chan nels In the case of manual channel selection please make sure first that the APs actually sup port these channels Transmit Power Displays the transmission power in dBm You can select another transmission power With OK you apply the settings Select the access points that your WLAN controller shall manage In the Manage column click on the desired entries or click on Select all in order to select all entries Click the Deselect all button to disable all entries and to then select individual entries if required e g for large lists Click on Start in order to install the WLAN and automatically assign the frequencies Note
358. estricted cone In this case UDP is automatically defined Select a protocol According to the selected Service different protocols are available Possible values Field Description e Any default value AH o Chaos O IBAS O T AS O JOP alia JER TS O RE e Kryptolan O ESTA O sien SPEUR O WRIRIP ENS JOD Source IP Address Only for Type of traffic incoming Destination NAT or Netmask excluding Without NAT Enter the source IP address and corresponding netmask of the bintec Rxxx2 RTxxx2 Teldat GmbH 14 Networking Field Description original data packets as the case arises Original Destination IP Only for Type of traffic incoming Destination NAT Address Netmask Enter the destination IP address and corresponding netmask of the original data packets as the case arises Original Destination Only for Type of traffic incoming Destination NAT Port Range Service user defined and Protocol TCP UDP TCP UDP Enter the destination port or the destination port range of the original data packets The default setting 411 means that the port is not specified Original Source IP Ad Only for Type of traffic outgoing Source NAT dress Netmask Enter the source IP address and corresponding netmask of the original data packets as the case arises Original Source Port Only for Type of traffic outgoing Source NAT NAT method symmetric Service user defined and Pro toco
359. etric Only for IP Address Assignment Static or IKE Config Mode Client and Default Route Enabled Select the priority of the route The lower the value the higher the priority of the route Value range from 0 to 15 The default value is 7 Route Entries Only for IP Address Assignment Static or IKE Config Mode Client Define routing entries for this connection partner e Remote IP Address IP address of the destination host or LAN e Netmask Netmask for Remote IP Address e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 Fields in the menu Additional Traffic Filter Field Description Additional Traffic Filter Only for Internet Key Exchange I KEv1 Use Add to create a new filter Additional data traffic filters Teldat Gateways support two different methods for establishing IPSec connections 18 VPN Teldat GmbH e a method based on policies and a method based on routing The policy based method can only be configured using the Setup tool With the GUI you use the routing based method The latter is also available using the Setup tool The policy based method uses data traffic filters to negotiate the IPSec phase 2 SAs This enables the filtering of the IP packets to be very fine grained down to protocol and port level The routing based method offers various advantages over the policy based method e g NAT PAT within a tunnel IPSe
360. ew static IP MAC bindings if IP address ranges were configured in Local Services gt DHCP Server gt DHCP Pool 21 4 3 1 New Choose the New button to set up new IP MAC bindings Teldat GmbH 21 Local Services IP Pool Configuration DHCP Configuration IP MAC Binding DHCP Relay Settings Basic Parameters Description IP Address MAC Address OK Cancel Fig 176 Local Services gt DHCP Server gt IP MAC Binding gt New The menu Local Services gt DHCP Server gt IP MAC Binding gt New consists of the follow ing fields Fields in the Basic Parameters menu Field Description Description Enter the name of the host to which the MAC Address the IP Address is to be bound A character string of up to 256 characters is possible IP Address Enter the IP address to be assigned to the MAC address spe cified in MAC Address is to be assigned MAC Address Enter the MAC address to which the IP address specified in IP Address is to be assigned 21 4 4 DHCP Relay Settings If your device for the local network does not distribute any IP addresses to the clients by DHCP it can still forward the DHCP requests on behalf of the local network to a remote DHCP server The DHCP server then assigns the your device an IP address from its pool which in turn sends this to the client in the local network IP Pool Configuration DHCP Configuration IP MAC Binding DHCP Relay Settings Basic Parameters Primary DHCP Server o 0 0 0 Secondary DHCP
361. exchanged between the gateways by flooding Each change of routing information is passed to all gateways in the network OSPF areas are defined to limit the number of Link State Updates All gateways of an area have an identical Link State database An area is interface specific Gateways whose interfaces belong to several areas and con nect these to the backbone are called Area Border Routers ABR ABRs therefore contain the information of the backbone area and all areas connected A gateway whose interfaces are all incorporated in one area are called Internal Routers IR There are four types of Link State packets Router links show the state of the interfaces of a gateway that belong to a certain area Summary links are generated by the ABR to define how the information on reachability in the network is exchanged between areas Usually all information is sent to the backbone area which then passes the information to the other areas Network links are sent by Designated Routers DS within a segment and propagate all gateways that are connected to a certain multi access segment like Ethernet Token Ring and FDDI also NBMA External links point to networks outside the AS These net works are incorporated in OSPF using redistribution In this case an Autonomous System Border Router ASBR incorporates these external routes in the AS It is possible to increase security by authenticating the OSPF packets so that the gateways can participate in
362. ey input for the GRE connection which makes it possible to distinguish between several parallel GRE connec tions between two GRE partners see RFC 1701 The identification is enabled with Enabled The function is disabled by default Key Value Only if Use key is enabled Enter the GRE connection key Possible values are 0 to 2147483647 The default value is 0 Teldat GmbH 19 Firewall Chapter 19 Firewall The Stateful Inspection Firewall SIF provided for Teldat gateways is a powerful security feature The SIF with dynamic packet filtering has a decisive advantage over static packet filtering The decision whether or not to send a packet cannot be made solely on the basis of source and destination addresses or ports but also using dynamic packet filtering based on the state of the connection to a partner This means packets that belong to an already active connection can also be forwarded The SIF also accepts packets that belong to an affiliated connection The negotiation of an FTP connection takes place over port 21 for example but the actual data exchange can take place over a completely different port SIF and other security features Teldats Stateful Inspection Firewall fits into the existing security architecture of Teldat The configuration work for the SIF is comparatively straightforward with systems like Network Address Translation NAT and IP Access Lists IPAL As SIF NAT and IPAL are active in the system s
363. face File gt Open non proportional Indicates commands that you must enter as written Courier e g ping 192 168 0 254 bold e g Windows Indicates keys key combinations and Windows terms Start menu bold e g Licence Key Identifies fields in the GUI italic e g none Indicates values that you enter or that can be configured Online blue and italic Indicates hyperlinks e g www teldat de Chapter 3 Installation A Caution Please read the safety notices carefully before installing and starting up your device These are supplied with the device 3 1 Setting up and connecting Note All you need for this is the cable supplied with the equipment A Caution Incorrect cabling of the ISDN and ETH interfaces may also damage your device Con nect only the ETH interface of the device to the LAN interface of the computer hub or an ISDN interface of the device if any only to the ISDN connection Note If you connect an unconfigured device to an ISDN connection in parallel to a PBX the PBX cannot take any calls until an ISDN number is configured on the device If no entry is specified every incoming ISDN call is accepted by the ISDN Login service 6 bintec Rxxx2 RTxxx2 Teldat GmbH 3 Installation ISDN BRI lines I 1 I I ETH ETH3 il BRIG Ps2 mA a I bintec RT4202 NO AAA 3888 ja POWER RESET ETHS ETH EHA BRIT BRI BERR FAS 1 FX
364. face type to be used The selection depends on the interfaces available Possible values e SIP A SIP terminal device is used for the call e ISDN An ISDN terminal device is used for the call Can only be selected if ISDN interfaces configured with Euro ISDN point to multipoint NT mode are available e Analogue An analogue terminal device is used for the call Can only be selected if analogue interfaces are available Select ISDN interface Only for Interface Type ISDN Select an ISDN interface The ISDN interfaces you can select depends on the device used Select analogue inter face Only for Interface Type Analogue Select an analogue interface Possible values e fxs5 1 e fxs5 2 e fxs5 3 default value e fxs5 4 Registration Only for Interface Type SIP Specify whether the registration mechanism is to be used by Teldat GmbH 20 VoIP Field Description SIP REGISTER Normally every SIP client user sends its cur rent position to a REGISTRAR server by means of a RE GISTER message This information about the user and his cur rent address is held by the REGISTRAR server and queried by other proxies to find the user The function is enabled with Enabled The function is enabled by default Apart from this standard procedure the relevant data can also be sent to a particular IP address that is already known to the correspondent Registration and authentication are not then needed and the Registration funct
365. fault User Password 98 Delete 185 195 Delete complete IPSec configuration 357 Demand Circuit Options 250 Description 108 118 133 164 168 193 199 211 214 217 223 229 233 272 278 283 288 296 305 317 320 327 333 342 350 355 362 365 372 381 391 392 393 394 397 399 404 409 416 419 422 424 434 451 462 467 531 532 537 538 Description Connection Information Link 73 Designated Router 541 545 Designated Router Priority 263 Destination 385 Destination Interface 261 Destination Port 193 333 Destination Port Range 201 211 214 229 Destination File Name 510 Destination IP Address 462 467 484 Teldat GmbH Destination IP Address Netmask 192 201 211 214 229 333 Destination IP Address 195 Destination Port Range 394 Details 531 Device 164 Device Mode 142 DH Group 342 DHCP Hostname 148 307 DHCP Options 448 DHCP Server 160 DHCP Configuration 446 DHCP Broadcast Flag 148 DHOP Client on Interface 236 DHCP MAC Address 148 307 DHCP Relay Settings 451 DHCP Server 445 Diagnostics 506 Dial Latency 425 Dialling Number 486 Direction 217 242 422 535 536 Distribution Mode 206 Distribution Policy 206 207 Distribution Ratio 208 DNS 429 DNS Hostname 436 DNS Negotiation 275 280 285 294 298 369 376 DNS Server 303 356 380 437 446 DNS Requests 439 DNS Servers 433 DNS Test 507
366. figuration methods All the configuration options of the GUI are described in this chapter The individual menus are described in the order of nav igation The individual chapters also contain more detailed explanations on the subsystem in question 2 About this guide Teldat GmbH Chapter Description WAN VPN Firewall VoIP Local Services Maintenance External Reporting Monitoring Glossary The glossary contains a reference to the most important tech nical terms used in network technology The index lists all the key terms for operating the device and all Index the configuration options and gives page numbers so they can be found easily To help you locate information easily this user s guide uses the following visual aids List of visual aids Symbol Use o Indicates practical information Indicates general and important points Indicates a warning of risk level Attention points out possible dangers that may cause damage to property if not observed Teldat GmbH 2 About this guide Symbol Use Indicates a warning of risk level Warning points out possible dangers that may cause physical injury or even death if not ob served The following typographical elements are used to help you find and interpret the informa tion in this user s guide Typographical elements Typographical element Use s Indicates lists Menu gt Submenu Indicates menus and submenus in the GUI and in the Windows inter
367. for your keys Enter the password here 10 6 2 CRLs In the System Management gt Certificates gt CRLs menu a list of all CRLs Certification Revocation List is displayed Teldat GmbH 10 System Management If a key is no longer to be used e g because it has fallen into the wrong hands or has been lost the corresponding certificate is declared invalid The certification authority revokes the certificate and publishes it on a certificate blacklist so called CRL Certificate users should always check against these lists to ensure that the certificate used is currently valid This check can be automated via a browser The Simple Certificate Enrollment Protocol SCEP supports the issue and revocation of certificates in networks 10 6 2 1 Import Choose the Import button to import CRLs Certificate List CRLs Certificate Servers CRL Import External Filename Browse Local Certificate Description File Encoding Auto v Password OK Cancel Fig 46 System Management gt Certificates gt CRLs gt Import The System Management gt Certificates gt CRLs gt Importmenu consists of the following fields Fields in the CRL Import menu Field Description External Filename Enter the file path and name of the CRL to be imported or use Browse to select it from the file browser Enter a unique description for the CRL Local Certificate De scription File Encoding Select the type of encoding so that your device can de
368. g Transport weight incl doc umentation cables pack aging approx 2 6 kg approx 2 6 kg Memory 64 MB RAM 64 MB RAM 16 MB flash ROM 16 MB flash ROM LEDs 16 1x Power 1x Status 5x2 Eth 20 1x Power 1x Status 5x2 Eth ernet 4x Function ernet 8x Function Power consumption of the device max 24 Watt typically 15 Watt max 24 Watt typically 15 Watt Voltage supply Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Environmental require ments Storage temperature 25 C to 70 C 25 C to 70 C Operating temperature 0 C to 40 C 0 C to 40 C 5 Technical data Teldat GmbH Property bintec R4402 bintec RT4202 Relative atmospheric hu midity 10 to 90 non condensing in operation 5 to 95 non condensing when stored 10 to 90 non condensing in operation 5 to 95 non condensing when stored Room classification Only use in dry rooms Only use in dry rooms Available interfaces Ethernet IEEE 802 3 LAN 4 port switch Permanently installed twisted pair only 10 100 1000 mbps auto sensing MDIX Permanently installed twisted pair only 10 100 1000 mbps auto sensing MDIX ETH5 Permanently installed twisted pair Permanently installed twisted pair
369. g 802 11b g A subscriber a b interface AAA Access code Access list Access point Glossary Thin Ethernet connection Network connection for 10 mbps net works with BNC connector T connectors are used for the connec tion of equipment with BNC sockets Twisted pair connection Fast Ethernet Network connection for 100 mbps networks Twisted pair connection Network connection for 10 mbps networks with RJ45 connector D channel protocol used in the German ISDN Today the more com mon protocol is DSS1 See DES Specified data rates of 54 48 36 24 18 12 9 and 6 mbps anda working frequency in the range of 5 GHz for IEEE802 11a or 2 4 GHz for IEEE802 11g IEEE802 11 g can be configured to run in compliance with 11b or 11b and 11 as well One of the IEEE standards for wireless network hardware Products that meet the same IEEE standard can communicate with each oth er even if they come from different hardware manufacturers The IEEE802 11b standard specifies the data rates of 1 2 5 5 and 11 mbps a working frequency in the range of 2 4 to 2 4835 GHz and WEP encryption IEEE802 11 wireless networks are also known as Wi Fi networks The A subscriber is the caller For connection of an analogue terminal In the case of an ISDN ter minal terminal adapter with a b interface the connected analogue terminal is able to use the supported T ISDN performance features Authentication Authorisation Accounting
370. g Please note that you must first activate the licence Go to www teldat de then Service Support gt Services gt Online Services Enter the required data please note the relevant explanations on the license sheet and follow the instructions of the online licensing You then receive the Hotspot server s login data Note Activation may require 2 3 business days Access data for gateway configuration RADIUS Server IP 62 245 165 180 RADIUS Server Password Set by Teldat GmbH Domain Individually set for customers by customer dealer Walled Garden Network Individually set for customers by customer dealer Walled Garden Server URL Individually set for customers by customer dealer Terms amp Conditions URL Individually set for customers by customer dealer Access data for configuration of the Hotspot server Admin URL https hotspot teldat de Username Individually set by Teldat Password Individually set by Teldat Note Also refer to the WLAN Hotspot Workshop that is available to download from www teldat de 21 11 1 HotSpot Gateway In the HotSpot Gateway menu you can configure the Teldat gateway installed onsite for the Hotspot Solution A list of all configured hotspot networks is displayed in the Local Services gt HotSpot bintec Rxxx2 RTxxx2 Gateway gt HotSpot Gateway menu Domain hotspot domain de C new DC OK gt Cancel Fig 194 Local Services gt
371. g the second entry then subsequent entries If the final entry in the list does not enable a connection to be set up successfully the operation is terminated until a new request is made When fall back occurs and all other ISPs can only be reached by dialup connections both B channels may be occupied If channel bundling is used you cannot be reached for the duration of this con nection Abbreviation of telefax In a FHSS system the frequency spread is achieved through con stantly changing frequencies based on certain hopping patterns In contrast to DSSS systems hopping patterns are configured not the frequency The frequency changes very frequently in one second Data transmission from one computer to another e g based on the Eurofile transfer standard A filter comprises a number of criteria e g protocol port number source and destination address These criteria can be used to se lect a packet from the traffic flow Such a packet can then be handled in a specific way For this purpose a certain action is asso ciated with the filter which creates a filter rule Describes the whole range of mechanisms to protect the local net work against external access Your gateway provides protection mechanisms such as NAT CLID PAP CHAP access lists etc Software code containing all a device s functions This code is writ ten to a PROM programmable read only memory and is retained there even after the device is switched off
372. gin Authentication The RADIUS server is used for controlling access to the SNMP shell of your device e IPSec Authentication The RADIUS server is used for sending configuration data for IPSec peers to your device e WLAN 802 1x The RADIUS server is used for controlling access to a wireless network e XAUTH The RADIUS server is used for authenticating IPSec peers via XAuth Vendor Mode Only for Authentication Type Accounting In hotspot applications select the mode define by the provider In standard applications leave the value set to Default Possible values for hotspot applications e France Telecom For France Telecom hotspot applications e bintec HotSpot Server For Teldat hotspot applications Server IP Address Enter the IP address of the RADIUS server RADIUS Secret Enter the shared password used for communication between the RADIUS server and your device Default User Password Some Radius servers require a user password for each RADI US request Enter the password that your device sends as the default user password in the prompt for the dialout routes on the RADIUS server Priority If a number of RADIUS server entries were created the server with the highest priority is used first If this server does not an swer the server with the next highest priority is used Possible values from 0 highest priority to 7 lowest priority The default value is 0 See also Policy in the Advanced Settings Entry active S
373. gned telephone numbers or network functions Data transmission recommendation for HDSL Data transmission recommendation for SHDSL Data transmission recommendation for ADSL See also G 992 1 An nex A and G 992 1 Annex B Data transmission recommendation for ADSL ITU T G 992 1 Annex A Data transmission recommendation for ADSL ITU T G 992 1 Annex B See G 991 2 Entrance and exit transition point Bidirectional communication method in which it is only possible to either send or receive at a particular point in time Also known as Simplex Mobile component of wireless telephone units In the event of digital transmission it is also possible to make telephone calls between the handheld units DECT If the telephone has a microphone and speaker installed you can bintec Rxxx2 RTxxx2 Teldat GmbH Hashing HDLC HDSL HDSL2 Headset HMAC HMAC MD5 HMAC SHA1 Holding a call Holding in the PBX Hook flash Host name Glossary conduct a call without using your hands As a result other people in the room can also participate in the call The process of deriving a number hash from a character string A hash is generally far shorter than the text flow it was derived from The hashing algorithm is designed so that there is a relatively low probability of generating a hash that is the same as another hash generated from a text sequence with a different meaning Encryption methods use hashing to make sure t
374. gs PIM Status Enabled Keepalive Period 210 Seconds Register Suppression Timer 60 Seconds OK Cancel Fig 115 Multicast gt PIM gt PIM Options 16 Multicast Teldat GmbH The Multicast gt PIM gt PIM Options menu consists of the following fields Fields in the Basic Settings menu Field Description PIM Status Keepalive Period Register Suppression Timer Select whether PIM should be activated The function is activ ated by selecting Enable The function is disabled by default Enter the interval in seconds within which a KeepAlive message must be sent Possible values 0 to 65535 The default value is 210 Enter the time in seconds after which a PIM Designated Router DR should no longer send any register encapsulated data to the Rendezvouz Point RP once the Register Stop Message has been received This object is used to employ timers at the DR as well as at the RP This timespan is named Re gister_Suppression_Time in the PIM SM specification Possible values 0 to 65535 The default value is 60 Teldat GmbH 17 WAN Chapter 17 WAN This menu offers various options for configuring accesses or connections from your LAN to the WAN You can also optimise voice transmission here for telephone calls over the Inter net 17 1 Internet Dialup In this menu you can set up Internet access or dialup connections In addition you can create address pools for the dynamic assignment of IP a
375. gt New The menu Firewall gt Services gt Service List gt New consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter an alias for the service you want to configure Protocol Select the protocol on which the service is to be based The most important protocols are available for selection Destination Port Range Only for Protocol TCP UDP TCP or UDP In the first field enter the destination port via which the service is to run If a port number range is specified in the second field enter the last port of the port range By default the field does not contain an entry If a value is displayed this means that the previously Teldat GmbH 19 Firewall Field Description specified port number is verified If a port range is to be checked enter the upper limit here Possible values are 1 to 65535 Source Port Range Only for Protocol TCP UDP TCP or UDP In the first field enter the source port to be checked if applic able If a port number range is specified in the second field enter the last port of the port range By default the field does not contain an entry If a value is displayed this means that the previously specified port number is verified If a port range is to be checked enter the upper limit here Possible values are 1to 65535 Type Only for Protocol TCMP The Type field shows the class of ICMP messages the Code field specifies the type of messag
376. gt New e g ethoa50 0 User Name Enter the user name Password Enter the password Always on Select whether the interface should always be activated The function is enabled with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Only if Always on is disabled Timeout Enter the idle interval in seconds This determines how many seconds should pass between sending the last traffic data pack et and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the timeout The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Fields in the IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Get IP Address default value Your device is automatic ally assigned a temporarily valid IP address from the provider e Static You enter a static IP address Default Route Select whether the route to this connection partner is to be 17 WAN Teldat GmbH Field Description defined as the default route The function is enabled with Enabled The function is enabled by default Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is enabled with Enabled
377. gure the physical interfaces that you have used when connecting your gateway The configuration interface only shows the interfaces that are available on your device In the System Management gt Status menu you can see a list of all physical interfaces and information on whether the interfaces are connected or active and whether they have already been configured 11 1 AUX You require a special cable for the console port of your gateway e g AUX Backup cable to connect an external analogue modem to the AUX port on a Teldat gateway 11 1 1 AUX With an analogue GSM interface the gateway also supports connections for analogue and GSM modems e g as backup In principle you can use any Hayes or GSMO07 07 compatible modem with a serial interface for this purpose The following mo dems have been tested successfully for Teldat e US Robotics Sportster Flash analogue modem e US Robotics 56K Fax Modem analogue modem e Siemens TC35i GSM modem 9 pol Sub D male Ethernet RJ45 pl 4 RxD plug 8 TXD DSR GND DTR CTS RTS Router Modem Y 0 00A0gNnN Fig 48 PIN assignment modem cable bintec Rxxx2 RTxxx2 11 Physical Interfaces Basic Settings AUX Port Status Line Speed Incoming Service Type SIM Card Uses PIN Modem Escape Character Modem Init Sequence APN Access Point Name Teldat GmbH AUX YJ Enabled 9600 bps ODisabled ISDN Login PPP Dialin A n n OK Canc
378. h algorithms gives 12 possible values in this field Encryption algorithms Encryption e 3DES default value 3DES is an extension of the DES al gorithm with an effective key length of 112 bits which is rated as secure It is the slowest algorithm currently supported e ALL All options can be used e AES Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of security against attacks and general speed The partner s AES key length is used here If this has also selected the parameter Teldat GmbH 18 VPN Field Description AES a key length of 128 bits is used e AES 128 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 128 bits e AES 192 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 192 bits e AES 256 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 256 bits e Twofish Twofish was a final candidate for the AES Advanced Encryption Standard It is rated as just as secure as Rijndael AES but is slower e Blowfish Blowfish is a very secure and fast algorithm
379. h 546 Multicast Routing 256 Multicast Group Address 261 266 Multicast Group Range 266 Multicast Group Address 546 548 548 549 550 551 551 N Name 164 355 Index NAT 197 538 NAT method 199 NAT Traversal 347 NAT Detection 532 NAT Configuration 199 NAT active 198 NAT Interfaces 197 Negative Cache 431 Negotiation Type 532 Neighbor 542 Neighbor APs 183 Netmask 195 236 307 308 366 Network Address 236 Network Configuration 236 Network Name SSID 175 Networking 189 New Destination Port 204 New Destination IP Address Netmask 204 New File Name 510 New Source Port 204 New Source IP Address Netmask 193 204 No 197 530 537 Not Interface Specific Status 546 Number of Messages 520 Number of Spatial Streams 168 Number of Dialling Retries 487 Number of Admitted Connections 334 Number of B Channels 293 Number of Used Ports 294 O OAM Controlling 311 OAM Flow Level 312 Operation Band 168 Operation Mode 165 168 Options 105 196 259 357 370 378 389 424 460 477 485 495 504 508 518 528 Organization 113 Organizational Unit 113 OSPF 246 541 OSPF Status 252 Teldat GmbH OSPF Mode 294 318 321 369 376 Other Inactivity 390 Outbound Interface 223 Outbound Proxy 409 Outgoing Number 486 Outgoing ISDN Number 377 Outgoing Phone Number 339 Overbooking allowed 223 Override Interval 264 Overwrite similar certificate 467 P P
380. h any value Teldat GmbH 21 Local Services You specify the Actions you want and define the Trigger that control when and under which conditions the Actions are to be carried out A Trigger may be a single event or a sequence of events which are combined into an Event List You also create an event list for a single event but it only contains one event Actions can be initiated on a time controlled basis Moreover the status or accessibility of interfaces or their data traffic may lead to execution of the configured actions or also the validity of licences Here also it is possible to set up every MIB variable as initiator with any value To take the event scheduler live enable the Schedule Interval under Options This inter val species the time gap in which the system checks whether at least one event has oc curred This event is used as the initiator for a configured action Caution The configuration of actions that are not available as defaults requires extensive know ledge of the method of operation of Teldat gateways An incorrect configuration can cause considerable disruption during operation If applicable save the original config uration on your PC Note To run the event scheduler the date configured on your device must be 1 1 2000 or later 21 7 1 Trigger The Local Services gt Scheduling gt Trigger menu displays all the event lists that have been configured Every event list contains at least one event which
381. h times which can be spe cifically assigned to each individual day of the week In a PBX calls can be assigned to certain terminals You can set up a call costs account for a subscriber here The maximum available number of units in the form of a limit can be as signed to each subscriber on their personal call costs account The cost limit is to be activated so that units can be booked Once the units have been used up no further external calls are possible In ternal calls can still be made at any time The units are booked to the account each time a call is ended Also known as call forwarding An incoming call is diverted to a spe cified telephone Internet or wireless connection Performance feature e g of the T Concept PX722 system tele phone special feature telephones or answering machines The call is only signalled in the case of certain previously defined telephone numbers You can only use the options of call forwarding in the exchange via the keypad if certain services are activated for your connection You can receive more information on this from your T Com advisor The exchange connects the calling subscriber with an external sub scriber you have specified The call forwarding CF performance feature of the PBX enables you to be reached even if you are not in the vicinity of your tele phone You achieve this by automatically forwarding your calls to the required internal or external telephone number You c
382. hall remain blocked When the block has ended the server is set to the status spe cified in the Entry active field The possible values are 0 to 3600 the default value is 60 The value 0 means that the server is never set to Blocked status and thus no other servers are queried Encryption Select whether data exchange between the TACACS server and the NAS is to be encrypted with MD5 The function is activated by selecting Enabled The function is enabled by default If the function is not enabled the packets and all related inform ation are transferred unencrypted Unencrypted transfer is not recommended as a default setting and should only be used for debugging 10 5 3 Options This setting possible here causes your device to carry out authentication negotiation for in coming calls if it cannot identify the calling party number e g because the remote terminal does not signal the calling party number If the data password partner PPP ID obtained by executing the authentication protocol is the same as the data of a listed remote terminal or RADIUS user your device accepts the incoming call RADIUS TACACS Options Global RADIUS Options Y Inband Authentication for PPP Dialin aS l Outband CLID OK Cancel Fig 42 System Management gt Remote Authentication gt Options The menu System Management gt Remote Authentication gt Options consists of the fol lowing fields 10 System Management Teldat GmbH F
383. han a VLAN compliant switch with the enhancement of grouping clients into VLAN groups In general VLAN segmenting can be configured with all interfaces bintec Rxxx2 RTxxx2 Standard LAN VLAN Segmentation gt o en VLAN VLAN VLAN Deve lop Public ment ment Wireless LAN 1 Wireless LAN 2 Fig 58 VLAN segmenting VLAN for Bridging and VLAN for Routing In the LAN gt VLAN menu VLANs virtual LANs are configured with interfaces that operate in Bridging mode Using the VLAN menu you can make all the settings needed for this and query their status N Caution For interfaces that operate in Routing mode you only assign a VLAN ID to the inter face You define this via the parameters Interface Mode Tagged VLAN and field VLAN ID in menu LAN gt IP Configuration gt Interfaces gt New bintec Rxxx2 RTxxx2 Teldat GmbH 12 LAN 12 2 1 VLANs In this menu you can display all the VLANs already configured edit your settings and cre ate new VLANs By default the Management VLAN is available to which all interfaces are assigned 12 2 1 1 Edit or New Choose the H icon to edit existing entries Select the New button in order to create new VLANs VLANs Port Configuration Administration Configure VLAN VLAN Identifier 1 VLAN Name Management Interface Egress Rule Delete VLAN Members en1 4 Untagged OK Cancel Fig 59 LAN gt VLAN gt VLANs gt New The LAN gt VLAN
384. hat intruders cannot change transmitted messages High Level Data Link Control High Bit Rate DSL High Bit Rate DSL version 2 Combination of headphones and microphone as a useful aid for anyone who makes a lot of telephone calls and wants to keep hands free for making notes Hashed Message Authentication Code Hashed Message Authentication Code uses Message Digest Al gorithm Version 5 Hashed Message Authentication Code uses Secure Hash Al gorithm Version 1 A telephone call is put on hold without breaking the connection inquiry brokering Both B channels of the ISDN connection are needed for the per formance features Call another person during a call and Speak al ternately with two people brokering As a result you cannot be reached from outside or make external calls via your PBX s second B channel With this setting an external caller put on hold hears the PBX s on hold music The use of the inquiry brokerage and three party conference spe cial features in T Net and certain performance features of some PBXs is only possible with the hook flash function long flash of the signal key on the telephone On modern telephones this key is in dicated with an R A name used in IP networks instead of the corresponding address A host name consists of an ASCII string that uniquely identifies the Glossary HTTP Hub IAE ICMP ICV Identify malicious callers intercept IEEE IETF Index Infras
385. he ISDN connection of your device gt g isdnlogin 1234 4 The login prompt appears You are now in the SNMP shell of your device Continue with Logging in for Configuration on page 55 8 2 Login With certain access data you can log in on your device and carry out different actions The extent of the actions available depend on the authorisations of the user concerned A login prompt appears first regardless of how you access your device You cannot view any information on the device or change the configuration without authentication Teldat GmbH 8 Access and configuration 8 2 1 User names and passwords in ex works state In its ex works state your device is provided with the following user names and passwords User names and passwords in ex works state Login Password Authorisations name admin admin Read and change system variables save configurations use GUI write public Read and write system variables except passwords changes are lost when you switch off your device read public Read system variables except passwords It is only possible to change and save configurations if you log in with the user name ad min Access information user names and passwords can also only be changed if you log in with the user name admin For security reasons passwords are normally shown not in plain text but only as asterisks The user names on the other hand are displayed as plain text The security concept of yo
386. he TOS value is specified in decimal format e g 63 TOS Hexadecimal Value The TOS value is specified in hexadecimal format e g 3F Set COS value 802 1p Layer 2 Here you can set change the service class Layer 2 priority in the VLAN Ethernet header of the IP packets based on the class Class ID that has been defined Possible values are whole numbers between 0 and 7 The default value is Preserve Interfaces Only for Class map New When creating a new class plan select the interfaces to which you want to link the class plan A class plan can be assigned to multiple interfaces 14 4 3 QoS Interfaces Policies In the Networking gt QoS gt QoS Interfaces Policies menu you set prioritisation of data Note Data can only be prioritized in the outgoing direction Packets in the high priority class always take priority over data with class IDs 1 254 It is possible to assign or guarantee each queue and thus each data class a certain part of the total bandwidth of the interface In addition you can optimise the transmission of voice data real time data 14 Networking Teldat GmbH Depending on the respective interface a queue is created automatically for each class but only for data traffic classified as outgoing and for data traffic classified in both directions A priority is assigned to these automatic queues The value of the priority is equal to the value of the class ID You can change the default priority of
387. he operation is currently in progress Done The update is complete The Wireless LAN Controller gt Maintenance gt Firmware Maintenance menu consists of the following fields Fields in the Firmware Maintenance menu Field Description Action Select the action you wish to execute After each task a window is displayed showing the other steps that are required Possible values e Update system software You can also start an update of the system software e Save configuration with state information You can save a configuration which contains the AP status inform ation Source Location Select the source for the action Possible values e HTTP server default value The file is stored respectively on a remote server specified in the URL e Current Software from Teldat Server The file is on the official Teldat update server Only for Action Update system software Field Description e TFTP server The file is stored respectively on a TFTP server specified in the URL URL Only for Source Location HTTP server or TFTP server Enter the URL of the update server from which the system soft ware file is loaded or on which the configuration file is saved bintec Rxxx2 RTxxx2 Chapter 14 Networking 14 1 Routes Default Route With a default route all data is automatically forwarded to one connection if no other suit able route is available If you set up access to the Internet you must configure the route
388. he original configuration on your PC 17 2 2 1 New Choose the New button to create additional categories 17 WAN Basic Parameters Virtual Channel Connection CC ATM Service Category Peak Cell Rate PCR Sustained Cell Rate SCR Maximum Burst Size MBS Teldat GmbH Profiles Service Categories OAM Controlling WPIL VCI32_ Select one v booo bps booo bps booo bps OK Cancel Fig 123 WAN gt ATM gt Service Categories gt New The menu WAN gt ATM gt Service Categories gt New consists of the following fields Fields in the Basic Parameters menu Field Description Virtual Channel Con nection VCC Select the already configured ATM connection displayed by the combination of VPI and VCI for which the service category is to be defined ATM Service Category Select how the data traffic of the ATM connection is to be con trolled A priority is implicitly assigned when you select the ATM service category from CBR highest priority through VBR 1 VBR 3 to VBR lowest priority Possible settings e Unspecified Bit Rate UBR default value No specif ic data rate is guaranteed for the connection The Peak Cell Rate PCR specifies the limit above which data is discarded This category is suitable for non critical applications e Constant Bit Rate CBR Constant Bit Rate The con nection is assigned a guaranteed data rate determined by the Peak Cell Rate PCR This category is suitable for
389. he service that gateway A previously performed All the tasks of a virtual router and the switching of services from one gateway to the other are controlled by the BRRP redundancy procedure The BRRP conforms to the specifications in RFC 2338 and the relevant Internet draft see www ietforg The configuration of the router redundancy procedure is carried out in the following steps e Configuration of the interface via which the BRRP advertisement data packets are sent 21 Local Services Teldat GmbH Note This interface is used to transmit the BRRP advertisement data packets and possibly to transmit keepalive monitoring data packets Another interface must be configured in the next step to transmit the usage data Configuration of the advertisement interface is performed in the Local Services gt BRRP gt Virtual Router gt New menu under BRRP Advertisement Interface Only the active router in the router group sends advertisement data packets The IPv4 multicast address 224 0 0 18 is used as the destination address for all routers in the group All passive routers in the group must monitor this address so that if the advertise ment data packets are not received that can react according to their priority and BRRP configuration e Configuration of the interface for transmitting usage data configuration of the virtual in terface A virtual interface is activated and deactivated by assigning it to a virtual router
390. he virtual router This ID identifies the virtual router in the LAN and is part of every BRRP advertisement packet that is sent by the current master Possible values are whole numbers between 1 and 255 Teldat GmbH 21 Local Services Field Description Virtual Interface Prior Define the transmitted BRRP priority of the interface for the vir ity tual router Higher priorities determine the master interfaces during the initialization pahse as well as with active Pre Empt Mode Possible values are between 1 and 255 The higher the value the higher the priority The value 255 defines that this virtual router always functions as master as soon as it is active The default value is 100 A priority of 255 is used for routers the IP address of which is idential with the IP address of the virtual router In the Advanced Settings menu you must configure all of the parameters for all virtual routers identically on all devices in the group We recommend leaving the preset values The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Advertisement send in Determine how often a BRRP advertisement packet is sent if terval the virtual router is defined as master Only the current master sends via multicast BRRP advertisements which also contain the ID and the priority of the master Possible values are whole numbers between 1 and 255 The value is indicated in secon
391. ic short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 600 Fields in the IP Mode and Routes menu Field Description IP Address Mode Default Route Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically or whether it should be assigned this dynamically at the remote terminal Possible values e Get IP Address default value Your device is dynamically assigned an IP address e Static You enter a static IP address e Provide IP Address Your device dynamically assigns an IP address to the remote terminal Select whether the route to this connection partner is to be defined as the default route The function is enabled with Enabled 17 WAN Teldat GmbH Field Description The function is enabled by default Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is enabled with Enabled The function is enabled by default Local IP Address Only if IP Address Mode Static Enter the static IP address of the connection partner Route Entries Only if IP Address Mode Static Define other routing entries for this connection partner Add new entries with Add e Remote IP Address IP address of the destination host or network
392. ical prior ity are recorded e Error Messages with emergency alert critical and error pri ority are recorded Teldat GmbH 10 System Management Field VENTO e Warning Messages with emergency alert critical error and warning priority are recorded e Notice Messages with emergency alert critical error warning and notice priority are recorded e Information default value Messages with emergency alert critical error warning notice and information priority are recorded e Debug All messages are recorded Maximum Number of Accounting Log Entries Enter the maximum number of accounting entries that are stored internally in the device Possible values are 0 to 1000 The default value is 20 Manual WLAN Control ler IP Address The feature is only for devices with WLAN controller available Enter the IP address of the WLAN controller The value can only be modified it the the WLAN controller func tion is enabled LED Mode The feature is only for W1003n W2003n W2003n ext and W2004n available Select the lighting scheme of the LEDs Possible values e Status default value Only the status LED flashes once per second e Flashing All LEDs show their standard behavior e off All LEDs are deactivated 10 2 2 Passwords Setting the passwords is another basic system setting 10 System Management Teldat GmbH System Passwords Date andTime System Licences System Password System Ad
393. ice Select one of the preconfigured services The extensive range of services configured ex works includes the following O Cctv apple gt auth e charge o elleme d e daytime e dhcp e discard The default value is User defined Protocol Select a protocol The Any option default value matches any protocol Type Only if Protocol TCMP bintec Rxxx2 RTxxx2 14 Networking Teldat GmbH Field Description Possible values e Any e Echo reply e Destination unreachable e Source quench e Redirect O Echo e Time exceeded e Timestamp e Timestamp reply The default value is Any See RFC 792 Connection State Only if Protocol TCP You can define a filter that takes the status of the TCP connec tions into account Possible values e Any default value All TCP packets match the filter e Established All TCP packets that would not open any new TCP connection on routing over the gateway match the filter Destination IP Ad dress Netmask Enter the destination IP address and netmask of the data pack ets Possible values e Any default value e Host Enter the IP address of the host e Network Enter the network address and the related net mask Destination Port Range Only if Protocol TCP UDP Enter a destination port number or a range of destination port numbers that matches the filter Teldat GmbH 14 Networking Field Description Possible values e A11 defa
394. ice neither reacts to incoming ISDN calls nor initiates ISDN calls to the remote device e Passive The local device only reacts to incoming ISDN calls and if necessary initiates setting up an IPSec tunnel to the peer No ISDN calls are sent to the remote device to cause this to set up an IPSec tunnel e Active The local device sends an ISDN call to the remote device to cause this to set up an IPSec tunnel The device does not react to incoming ISDN calls e Both Your device can react to incoming ISDN calls and send ISDN calls to the remote device The setting up of an IPSec tunnel is executed after an incoming ISDN call and initiated by an outgoing ISDN call Only for Mode Passive or Both Enter the ISDN number from which the remote device calls the local device calling party number Wildcards may also be used Only for Mode Active or Both Enter the ISDN number with which the local device calls the re mote device calls called party number Wildcards may also be used 18 VPN Teldat GmbH Field Description Transfer own IP ad Select whether the IP address of your own device is to be trans dress over ISDN GSM _ ferred over ISDN for IPSec callback The function is enabled with Enabled The function is disabled by default Transfer Mode Only for Transfer own IP address over ISDN GSM enabled Select the mode in which your device is to attempt to transfer its IP address to the peer Possible values
395. ied Destination File Name Only for Action Copy configuration Enter the name of the copy Select file Only for Action Rename configuration Delete con figurationor Delete software firmware Select the file or configuration to be renamed or deleted Field Description New File Name Only for Action Rename configuration Enter the new name of the configuration file 22 3 Reboot 22 3 1 System Reboot In this menu you can trigger an immediate reboot of your device Once your system has restarted you must call the GUI again and log in Pay attention to the LEDs on your device For information on the meaning of the LEDs see the Technical Data chapter of the manual Note Before a reboot make sure you confirm your configuration changes by clicking the Save configuration button so that these are not lost when you reboot System Reboot Do you really wantto rebootthe system now OK Fig 204 Maintenance gt Reboot gt System Reboot If you wish to restart your device click the OK button The device will reboot bintec Rxxx2 RTxxx2 Teldat GmbH 23 External Reporting Chapter 23 External Reporting In this system menu you define what system protocol messages are saved on which com puters and whether the system administrator should receive an e mail for certain events Information on IP data traffic can also be saved depending on the individual interfaces In addition SNMP traps can be sent
396. ied Password Enter the password which the user User Name shall use for identification to gain access to the CAPI service Access Select whether access to the CAPI service is to be permitted or denied for the user The function is activated by selecting Enabled The function is enabled by default bintec Rxxx2 RTxxx2 21 Local Services Teldat GmbH 21 6 2 Options User Options Basic Parameters Enable server i Enabled CAPI Server TCP Port 2662 OK Cancel Fig 183 Local Services gt CAPI Server gt Options The menu Local Services gt CAPI Server gt Options consists of the following fields Fields in the Basic Parameters menu Field Description Enable server Select whether your device is to be enabled as a CAPI server The function is activated by selecting Enabled The function is enabled by default Faxheader Only for devices the RTxxx2 series Select whether the fax header should be printed at the top of outgoing faxes The function is activated by selecting Enabled The function is disabled by default CAPI Server TCP Port The field can only be edited if Enable server is enabled Enter the TCP port number for remote CAPI connections The default value is 2662 21 7 Scheduling Your device has a event scheduler which enables certain standard actions for example activating and deactivating interfaces to be carried out Moreover every existing MIB vari able can be configured wit
397. ields in the Global RADIUS Options menu Field Description Authentication for PPP By default the following authentication sequence is used for in Dialin coming calls with RADIUS First CLID then PPP and then PPP with RADIUS Options e Inband Only inband RADIUS requests PAP CHAP MS CHAP V1 8 V2 i e PPP requests without CLID are sent to the RADIUS server defined in Server IP Address e Outband CLID Only outband RADIUS requests i e re quests for calling line identification CLID are sent to the RADIUS server Inband is enabled by default 10 6 Certificates An asymmetric cryptosystem is used to encrypt data to be transported in a network to gen erate or check digital signatures and the authenticate users A key pair consisting of a pub lic key and a private key is used to encrypt and decrypt the data For encryption the sender requires the public key of the recipient The recipient decrypts the data using his private key To ensure that the public key is the real key of the recipient and is not a forgery a so called digital certificate is required This confirms the authenticity and the owner of a public key It is similar to an official pass port in that it confirms that the holder of the passport has certain characteristics such as gender and age and that the signature on the passport is authentic As there is more than one certificate issuer e g the passport office for a passport and as such certificates c
398. if Port Usage is selected Select the framing type for layer 1 Possible values e CRC4 Standard default value CINORHERE The default value can be left in the majority of scenarios You can use the No CRC option if required e g in Sweden and France if the device is to be connected to a PABX P P Base Number Only if Port Usage not None Back to Back dialup or Leased Line Only for the devices RTxxx2 Enter the main number of the connection With incoming calls this basis call number is cut off by the called party number With outgoing calls this main number is attached to the number to be called calling party number Channel Selection Only if Port Usage EURO ISDN S2M TE EURO ISDN S2M NT Q SIG S2M TE Of Q SIG S2M NT An additional option is provided in order to guarantee the com patibility with special providers If you set the switch type appro priately you can select a value for the variable Channel Selec tion This defines how the B channel is selected for an outgoing call Possible values e Any Channel default value The device tells the PABX that all channels are available The exchange of the PABX se lects the channel to be used 11 Physical Interfaces Teldat GmbH Field Description e No channel identification The device sends no IE Information Element for channel identification The exchange selects the channel to be used e Submit preferred channel The device selects the
399. ificate Request Certificate Request Description CA Mode Manual O scep Generate Private Key RSA Y 1024 Y Bits Subject Name Custom DEnabled Common Name 3 E mail a Organizational Unit Organization Locality po 7 State Province L Country L t C SYr Advanced Settings Subject Alternative Names Options Autosave Mode Fl Enabled oK Cancel Fig 44 System Management gt Certificates gt Certificate List gt Certificate Request The menu System Management gt Certificates gt Certificate List gt Certificate Request consists of the following fields Fields in the Certificate Request menu Field Description Certificate Request De Enter a unique description for the certificate scription Mode Select the way in which you want to request the certificate Possible settings e Manual default value Your device generates a PKCS 10 for the key This file can then be uploaded directly in the browser or copied in the menu using the View details bintec Rxxx2 RTxxx2 10 System Management Teldat GmbH Field Description field This file must be provided to the CA and the received certificate must then be imported manually to your device e SCEP The key is requested from a CA using the Simple Cer tificate Enrolment Protocol Generate Private Key Only for Mode Manual Select an algorithm for key creation RSA default value and DSA are available Also select the length of the
400. ig Mode Client Can only be selected for IKEv1 Select this option if your gateway receives an IP ad dress from the server as IPSec client e IKE Config Mode Server Select this option if your gate way assigns an IP address as server for connecting clients This is taken from the selected IP Assignment Pool Config Mode Only for IP Address Assignment IKE Config Mode Server Of IKE Config Mode Client Possible values e Pull default value The client requests the IP address and the gateway answers the request e Push The gateway suggests an IP address to the client and the client must either accept or reject this This value must be identical for both sides of the tunnel IP Assignment Pool Only if IP Address Assignment IKE Config Mode Serv Sis Select an IP pool configured in the VPN gt IPSec gt IP Poolsmenu If an IP pool has not been configured here yet the message Not yet defined appears in this field Default Route Only for IP Address Assignment Static or IKE Config Mode Client Select whether the route to this IPSec peer is to be defined as Teldat GmbH 18 VPN Field Description the default route The function is enabled with Enabled The function is disabled by default Local IP Address Only for IP Address Assignment Static or IKE Config Mode Server Enter the WAN IP address of your IPSec tunnel This can be the same IP address as the address configured on your router as the LAN IP address M
401. ignment Day Night is achieved using a table in which all the incoming calls are assigned to internal subscribers You define switching of call variant Day Night Data Circuit Terminating Equipment Data communications network Digital European Cordless Telecommunication European standard for wireless telephones and wireless PBXs Internal calls can be made free of charge between several handheld units Another ad vantage is the higher degree of interception protection GAP Describes the address of the gateway to which all traffic not destined for its own network is sent Denial Of Service At A Denial of Service DoS attack is an attempt to flood a gateway or Glossary tack DES Destination number memory DHCP Dial preparation Dial in parameters Dialling control Dialup connection Digital exchange Digital voice trans mission DIME DIME Browser Direct Call Teldat GmbH host in a LAN with fake requests so that it is completely overloaded This means the system or a certain service can no longer be run Data Encryption Standard Speeddial memory Dynamic Host Configuration Protocol On some telephones with a display you can first enter a telephone check it first and then dial it Define the dial in parameters i e you enter the provider s dial in number and specify In the configuration for certain terminals you can define restrictions for external dialling A connection is set up when req
402. iguration 14 Networking Teldat GmbH Field Description Interface Select the interface for which NAT is to be configured Possible values e Any default value NAT is configured for all interfaces e lt Interface name gt Select one of the interfaces from the list Type of traffic Select the type of data traffic for which NAT is to be configured Possible values e incoming Destination NAT default value The data traffic that comes from outside e outgoing Source NAT Outgoing data traffic e excluding Without NAT Data traffic excluded from NAT NAT method Only for Type of traffic outgoing Source NAT Select the NAT method for outgoing data traffic The starting point for choosing the NAT method is a NAT scenario in which an internal source host has initiated an IP connection to an ex ternal destination host over the NAT interface and in which an internally valid source address and internally valid source port are translated to an externally valid source address and an ex ternally valid source port Possible values e full cone UDP only Any given external host may send IP packets via the external address and the external port to the initiating source address and the initial source port e restricted cone UDP only Like full cone NAT as ex ternal host however only the initial external destination host is allowed e port restricted cone UDP only Like restricted cone NAT howe
403. imStarGlAssertState dress runs AmAssertLoser InetAddressType is defined through the object pimStarGlAssertWinnerAddress Type Values in the S G States list Field Description Multicast Group Ad Displays the multicast IP address InetAddressType is defined dress through the object pimSGAddressType Source IP Address Displays the source IP address InetAddressType is defined through the object pimSGAddressType Interface Displays the name of the interface Join Prune State Indicates the status that results from the S G Join Prune mes sages received on this interface This corresponds to the status of the Downstream Per Interface S G State Machine in the PIM SM and PIM DM Uptime Indicates the time remaining before the local router reacts to an S G Prune message received on this interface The router waits this period to check whether another downstream router corrects the Prune message In the PIM SM specification this timer is named S G Prune Pending Timer If the timer is deac tivated it has the value 0 Expiry Timer Displays the remaining time until the S G Join State becomes invalid for this interface In the PIM SM specification this timer is named S G Join Expiry Timer If the timer is deactivated it has the value 0 The value FFFFFFFF h stands for infinite In the PIM DM specification this timer is named S G Prune Timer Assert State Displays the S G Assert State for this interface This corres
404. imultaneously attention must be given to possible interaction If any packet is rejected by one of the security instances this is done immediately This is irrelevant whether another instance would accept it or not Your need for security features should therefore be accurately analysed The essential difference between SIF and NAT IPAL is that the rules for the SIF are gener ally applied globally i e not restricted to one interface In principle the same filter criteria are applied to the data traffic as those used in NAT and IPAL e Source and destination address of the packet with an associated netmask e Service preconfigured e g Echo FTP HTTP e Protocol e Port number s To illustrate the differences in packet filtering a list of the individual security instances and their method of operation is given below NAT 19 Firewall Teldat GmbH One of the basic functions of NAT is the translation of the local IP addresses of your LAN into the global IP addresses you are assigned by your ISP and vice versa All connections initiated externally are first blocked i e every packet your device cannot assign to an exist ing connection is rejected This means that a connection can only be set up from inside to outside Without explicit permission NAT rejects every access from the WAN to the LAN IP Access Lists Here packets are allowed or rejected exclusively on the basis of the criteria listed above i e the state of the
405. in mode allows you to split a network into smaller segments without having to divide the IP network into subnets Several interfaces can be combined in a drop in group and as signed to a network to do this All of the interfaces are then configured with the same IP ad dress Within a segment network components which are connected to a connection can then be grouped and for example be protected by firewall Data traffic from network components between individual segments which are assigned to different ports are then controlled ac cording to the configured firewall rules 14 6 1 Drop In Groups The Networking gt Drop In gt Drop In Groups menu displays a list of all the Drop In Groups Each Drop In group represents a network 14 6 1 1 New Select the New button to set up other Drop In Groups 14 Networking Teldat GmbH Drop In Groups Basic Parameters Group Description O Mode Transparent Network Configuration Static 4 Network Address Ooo Netmask EF Local IP Address a ARP Lifetime 3600 Seconds DNS assignment via DHCP Unchanged Y Exclude from NAT DMZ Enabled Interface Interface Selection Add OK Cancel Fig 95 Networking gt Drop In gt Drop In Groups gt New The Networking gt Drop In gt Drop In Groups gt Newmenu consists of the following fields Fields in the Basic Parameters menu Field Description Group Description Enter a unique name for the Drop In group Mode Select which m
406. in the Basic Parameters menu Field Description Description Enter the desired description of the service group Members Select the members of the group from the available service ali ases To do this activate the Fields in the Selection column bintec Rxxx2 RTxxx2 Chapter 20 VoIP Voice over IP VoIP uses the IP protocol for voice and video transmission The main difference compared with conventional telephony is that the voice information is not transmitted over a switched connection in a telephone network but divided into data packets by the Internet protocol and these packets are then passed to the destination over undefined paths in a network This technology uses the existing network infrastructure for voice transmission and shares this with other communication services The Session Initiation Protocol SIP is used to establish clear and control a communica tion session 20 1 Application Level Gateway To enable IP telephones to connect by SIP to a VoIP Provider your device has an Applica tion Level Gateway ALG i e an appropriate proxy that implements the necessary NAPT and firewall releases Note The Application Level Gateway must always be used if NAT is enabled on the inter face that makes the connection to the Internet 20 1 1 SIP Proxies Here you can view a list of application level gateway entries that have already been con figured These entries enable the ALG Each entry defines a particular TCP or
407. independent lines so that you can still make a phone call receive a fax or surf the Internet when another family member is making a long call on the other line Three or more tele phone numbers which you can assign individually to your devices and distribute differently if needed through simple programming steps Most ISDN telephones can manage several telephone num bers so you can set up a central telephone in your household for example to allow you to react to calls to all ISDN telephone num bers with this telephone The fax and telephone in your home office can also each be assigned a number as can your son or daughter s phone As a result each family member can be contacted with a separate number helping to eliminate day to day friction And as far as the costs are concerned on request you can have your bill broken down to show which units have been charged for the indi vidual ISDN telephone numbers The digital telephone network of T Com for connecting analogue ter minals The answering machine in T Net and T ISDN The T NetBox can store up to 30 messages Enter the current T NetBox telephone number here if it differs from the 08003302424 entered ex works As soon as your T NetBox re ceives a voice or fax message notification is sent to your PBX Umbrella term the T Com online platform Offers services such as e mail and Internet access T Com software decoder for all conventional computer systems that enables a
408. ined Select a protocol if required The Any option default value matches any protocol Enter if required the destination IP address and netmask of the data packets Possible values e Any default value e Host Enter the IP address of the host e Network Enter the network address and the related net mask 14 Networking Teldat GmbH Field Description Destination Port Range Enter if required a destination port number or a range of des tination port numbers Possible values e A11 default value The destination port is not specified e Specify port Enter a destination port e Specify port range Enter a destination port range Source Interface If required select your device s source interface Source IP Address Enter if required the source IP address and netmask of the Netmask data packets Possible values e Any default value e Host Enter the IP address of the host e Network Enter the network address and the related net mask Source Port Range Enter if required a source port number or a range of source port numbers Possible values e A11 default value The destination port is not specified e Specify port Enter a destination port e Specify port range Enter a destination port range Special Handling Timer Enter the time period during which the specified data packets are to be routed via the route that has been defined The default value is 900 seconds The menu Adva
409. infrastructure mode all clients communicate with each other via access points only There is no direct communication between the individual clients A network of this kind is also known as a BSS basic service set and a network that consists of several BSS is known as an ESS extended service set Most wireless net works operate in infrastructure mode to establish a connection with the wired network Makes it possible to put the first call on hold in the event of a call waiting and take a new call Special signal on a PBX to differentiate between internal and extern Internal calls Internal telephone numbers Internet al calls Free of charge connection between terminals in a PBX Your PBX has a fixed internal telephone number plan The Internet consists of a number of regional local and university networks The IP protocol is used for data transmission on the Inter net Internet time sharing Allows several users to surf the Internet simultaneously over an Intranet IP IP Address IPComP IPCONFIG IPoA ISDN ISDN address ISDN Basic Rate In terface ISDN card ISDN connection The information is requested by the individual computers with a time delay Local computer network within a company based on Internet techno logy providing the same Internet services e g homepages and sending email Internet Protocol The first part of the address by which a device is identified in an IP network e g
410. ing connection must first be terminated Minimum Number of For Wire Mode 4 wire IMA 6 wire IMA or 8 wire IMA active Links the minimum number of active links is defined Requested Rate Only for Clock Rate Fixed Select which speed should be used Line Speed Interval Only for Clock Rate Adaptive Under Minimum select the minimum clock rate and under Max imum the maximum clock rate for the connection bintec Rxxx2 RTxxx2 Teldat GmbH 12 LAN Chapter 12 LAN In this menu you configure the addresses in your LAN and can structure your local network using VLANs 12 1 IP Configuration In this menu you can edit the IP configuration of the LAN and Ethernet interfaces of your device 12 1 1 Interfaces The existing IP interfaces are listed in the LAN gt IP Configuration gt Interfaces menu You can edit the IP configuration of the interfaces or create virtual interfaces for special applica tions Here is a list of all of the interfaces logical Ethernet interfaces and others created in the subsystems configured in the System Management gt Interface Mode Bridge Groups gt Interfaces menu Use the eo to edit the settings of an existing interface bridge groups Ethernet interfaces in routing mode You can use the New button to create virtual interfaces However this is only needed in special applications e g BRRP Depending on the option selected different fields and options are available All the config
411. ing to RFC 3260 is used to signal the priority of IP packets indicated in decimal format e DSCP Hexadecimal Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in hexadecimal format e TOS Binary Value The TOS value is specified in binary format e g 00111111 e TOS Decimal Value The TOS value is specified in decimal format e g 63 e TOS Hexadecimal Value The TOS value is specified in hexadecimal format e g 3F COS Filter Enter the service class of the IP packets Class of Service 802 1p Layer 2 CoS Possible values are whole numbers between 0 and 7 Value range 0 to 7 The default value is 0 14 4 2 QoS Classification The data traffic is classified in the Networking gt QoS gt QoS Classification menu i e the data traffic is associated using class IDs of various classes To do this create class plans for classifying IP packets based on pre defined IP filters Each class plan is associated to at least one interface via its first filter 14 4 2 1 New Choose the New button to create additional data classes Basic Parameters Class map Description Filter Direction High Priority Class Class ID Set DSCP TOS value Layer 3 Set COS value 802 1 p Layer 2 Interfaces QoS Filter QoS Classification QoS Interfaces Policies New m IZ Selectone Outgoing o 1 v Preserve v Pr
412. inted ISDN BRI cable User s Guide on DVD Serial cable bintec Dime Manager Network cable User s Guide on DVD 19 inch installation kit Release Notes if required 4x rubber feet self Installation poster printed adhesive R3002 Ethernet cable Companion DVD Quick Install Guide and safety notices printed ISDN BRI cable User s Guide on DVD Serial cable bintec Dime Manager Network cable User s Guide on DVD 2 ADSL cables for Annex A Release Notes if required and for Annex B Installation poster printed 19 inch installation kit 4x rubber feet self adhesive R3502 Ethernet cable Companion DVD Quick Install Guide and safety notices printed ISDN BRI cable User s Guide on DVD Serial cable bintec Dime Manager Network cable User s Guide on DVD bintec Rxxx2 RTxxx2 Product name Cable sets other Software Documentation VDSK cable 19 inch installation kit 4x rubber feet self adhesive Release Notes if required Installation poster printed R3802 Ethernet cable ISDN BRI cable Serial cable Network cable SHDSL cable 19 inch installation kit 4x rubber feet self adhesive Companion DVD Quick Install Guide and safety notices printed User s Guide on DVD bintec Dime Manager User s Guide on DVD Release Notes if required Installation poster printed R4402 Ethernet cable ISDN BRI cable ISDN PRI cable S
413. interface you want to use for the Hotspot If you select the interface over which the current configura tion session is running the current connection will be lost You must then log in again over a reachable interface that is not configured for the Hotspot to configure your device Domain at the HotSpot Enter the domain name that you used when setting up the Hot Server Spot server for this customer The domain name is required so that the Hotspot server can distinguish between the different cli ents customers Walled Garden Enable this function if you want to define a limited and free area of websites intranet The function is not activated by default Walled Network Net mask Only if Walled Garden is enabled Enter the network address of the Walled Network and the cor responding Netmask of the intranet server For the address range resulting from Walled Network Net mask clients require no authentication Example Enter 192 168 0 0 255 255 255 0 if all IP addresses from 192 168 0 0 to 19 168 0 255 are free Enter 192 168 0 1 255 255 255 255 if only the IP address 192 168 0 1 is free Walled Garden URL Only if Walled Garden is enabled Enter the Walled Garden URL of the intranet server Freely ac cessible websites must be reachable over this address 21 Local Services Teldat GmbH Field Description Terms amp Conditions Only if Walled Garden is enabled In the Terms amp Conditions input fiel
414. ion Enter a description of the peer that identifies it The maximum length of the entry is 255 characters Peer Address Enter the official IP address of the peer or its resolvable host name The entry can be omitted in certain configurations whereby your device then cannot initiate an IPSec connection Peer ID Select the ID type and enter the peer ID This entry is not necessary in certain configurations The maximum length of the entry is 255 characters Possible ID types e Fully Qualified Domain Name FQDN e E mail Address e IPV4 Address e ASN 1 DN Distinguished Name e Key ID Any string On the peer device this ID corresponds to the Local ID Value Internet Key Exchange Not available to devices in the WIxxxxn series These devices only support IKEv1 Select the version of the Internet Exchange Protocol to be used Possible values e TKEv1 default value Internet Key Exchange Protocol Ver sion 1 e TKEv2 Internet Kex Exchange Protocol Version 2 Teldat GmbH 18 VPN Field Description Authentication Method Only for Internet Key Exchange IKEv2 Select the authentication method Possible values e Preshared Keys default value If you do not use certific ates for the authentication you can select Preshared Keys These are configured during peer configuration in the IPSec Peers The preshared key is the shared password e RSA Signature Phase 1 key calculations are authenticated using the RSA alg
415. ion Port 362 UDP Destination Port 370 528 UDP Port 100 UDP Source Port 362 UDP Source Port Selection 370 Unchanged for 537 Unsuccessful Trials 479 Update Interval 444 Update Path 444 Update Interval 528 Update Timer 245 UPnP 487 UPnP Status 489 UPnP TCP Port 489 Upstream 139 Upstream Join State 547 548 548 Upstream Join Timer 547 548 548 Index Upstream Neighbor IP Address 547 548 548 Upstream Override Timer 549 Uptime 71 546 547 548 548 549 550 551 551 URL 187 510 URL IP Address 457 URL Path Depth 453 URL SCEP Server URL 467 Usage Type 291 298 Use CRL 467 Use as Stub interface 263 Use PFS Group 350 Use Zero Cookies 358 Used Channel 165 User 458 User Defined Channel Plan 171 UserName 272 278 283 288 296 365 372 409 442 459 523 539 Users 355 364 V Vendor Mode 98 Version Check 467 View 541 545 547 550 Virtual Routers 497 Virtual Channel Identifier VCI 305 Virtual Channel Connection VCC 310 312 Virtual Interface Priority 500 Virtual Path Connection VPC 312 Virtual Path Identifier VPI 305 Virtual Router 496 Virtual Router ID 500 503 504 Virtual Router Interface 500 Virtual Router Backup 496 Virtual Router IP Address 500 Virtual Router Master 496 VLAN 149 180 272 VLAN Identifier 151 VLAN Members 151 VLAN ID 146 180 272 VLAN Name 151 VLANs 151 VoIP 398 VPN 324 VR Synchronisation 503 VRRP Adver
416. ion is disabled An example of this method is Microsoft Exchange SIP Expire Time Only if Registration is enabled Enter the time in seconds after which the current registration be comes invalid and a new registration request is therefore sent For clients the external port is recognised automatically and should not be changed Possible values are 0 to 3600 The default value is 60 SIP Endpoint IP Ad Only if Registration is disabled dress For configurations with no registration e g connection to a Mi crosoft Exchange Communication Server the connection can be set up as a static host This requires you to specify the static IP address of the terminal Only for Interface Type SIP Authentication ID Enter a name that is to be used for authentication A maximum of 20 characters can be entered The name given here must also be entered on the SIP tele phone If you do not enter a name the name in the Extension User Name field is used 20 VoIP Teldat GmbH Field Description Only for Interface Type SIP Password Enter a password here A maximum of 20 characters can be entered The password given here must also be entered on the SIP tele phone Protocol Select the protocol to be used for data transmission Possible values UDP default value TCP or TLS If a protocol has been automatically recognised it should not be changed Port Enter the number of the UDP TCP port or TLS ports to be used
417. ions are disabled Distribution Mode Select the state the interfaces in the group may have if they are to be included in load balancing Possible values e Always default value Also includes idle interfaces e Only use active interfaces Only interfaces in the up state are included In the Interface area you add interfaces that match the current group context and config ure these You can also delete interfaces Use Add to create more entries Load Balancing Groups Special Session Handling Group Description Distribution Polic Session Round Robin y Distributiot Basic Parameters Group Description Ad Distribution Policy Session Round Robin A Interface Selection for Distribution Interface None y Distribution Ratio 0 Advanced Settings Route Selector None y Tracking IP Address None y Apply Cancel Fig 84 Networking gt Load Balancing gt Load Balancing Groups gt Add Fields in the Basic Parameters menu Field Description Group Description Shows the description of the interface group 14 Networking Teldat GmbH Field Description Distribution Policy Displays the type of data traffic selected Fields in the Interface Selection for Distribution menu Field Description Interface Select the interfaces that are to belong to the group from the available interfaces Distribution Ratio Enter the percentage of the data traffic to be assigned to an in terface The meaning differs accordi
418. irewall gt Policies gt Filter Rules gt New The menu Firewall gt Policies gt Filter Rules gt New consists of the following fields Fields in the Basic Parameters menu bintec Rxxx2 RTxxx2 19 Firewall Teldat GmbH Field Description Source Select one of the preconfigured aliases for the source of the packet In the list all WAN LAN interfaces interface groups see Fire wall gt Interfaces gt Groups addresses see Firewall gt Ad dresses gt Address List and address groups see Firewall gt Addresses gt Groups are available The value Any means that neither the source interface nor the source address is checked Destination Select one of the preconfigured aliases for the destination of the packet In the list all WAN LAN interfaces interface groups see Fire wall gt Interfaces gt Groups addresses see Firewall gt Ad dresses gt Address List and address groups see Firewall gt Addresses gt Groups The value Any means that neither the destination interface nor the destination address is checked Service Select one of the preconfigured services to which the packet to be filtered must be assigned The extensive range of services configured ex works includes the following igi e telnet ont O alas O tag O malicia O INESIS e Netmeeting Additional services are created in Firewall gt Services gt Service List In addition the service groups configured in Firewall gt Services gt
419. is a placeholder for an arbitrary character If the configured address agrees with the signalled address the entry is used In the Routing Rulesmenu you can define rules to determine how the subscriber number is manipulated before it is used for dialling Use Add to create more entries 20 VoIP Teldat GmbH Fields in the Routing Rules menu For Type Accept Rule only Field Description Priority Enter a whole number starting with 1 in ascending order to define the order of filter rules The rules are worked through in the order given in the list If a line or SIP account is not available the next rule is automat ically used Administrative Status Select whether the rule should be activated The rule is enabled with Enable The rule is active by default Line Choose the ISDN line PRI BRI or SIP account used for the outgoing call Called Address Trans Enter how the subscriber number is manipulated before it is lation used for dialling Notation lt a b gt i e a is replaced by b Every rule must be ended with a semicolon A number of rules can be chained to gether using semicolons as separators e g lt a b gt lt c d gt lt e f gt After confirmation of entry the rule chain is automatically sorted by the best match method Numerical and alphanumerical values are permissible is a placeholder for an arbitrary character Example 20 1 Example of a rule e Rule lt 49911 gt e number dia
420. is intended to be the ini tiator for an action 21 7 1 1 New Choose the New button to create more event lists 21 Local Services Basic Parameters Event List Description Event Type Select time interval Time Condition Start Time Stop Time Teldat GmbH Trigger Actions Options New Time v Condition Type Condition Settings O weekday aaa Periods Day of Month Daily v Hour Minute Hour Minute oK Cancel Fig 184 Local Services gt Scheduling gt Trigger gt New The menu Local Services gt Scheduling gt Trigger gt New consists of the following fields Fields in the Basic Parameters menu Field Description Event List Description Event Type You can create a new event list with New default value You give this lista name with Description You use the remaining parameters to create the first event in the list If you want to add to an existing event list select the event list you want and add at least one more event to it You can use event lists to create complex conditions for initiat ing an action The events are processed in the same order in which they are created in the list Only for Event List New Enter your chosen designation for the event list Select the type of event Possible values e Time default value The operations configured and assigned in Actions are initiated at specific points in time e MIB SNMP The actions configured and assigned in Actions
421. is wildcard MAC ad dress is renewed with each non IP unicast frame or non ARP unicast frame Wildcard MAC Address Only for Wildcard Mode static Transparent MAC Ad dress Enter the MAC address of a device that is connected over IP Only for Wildcard Mode static first Choose whether or not the Wildcard MAC Address are used in addition as WLAN MAC address to establish the connection to the access point The function is enabled with Enabled The function is disabled by default 10 4 Administrative Access In this menu you can configure the administrative access to the device 10 4 1 Access In the System Management gt Administrative Access gt Access menu a list of all IP capable interfaces is displayed 10 System Management Teldat GmbH Access SSH SNMP O Administrative access is currently unrestricted The displayed configuration is not yet activated Interface Telnet SSH HTTP HTTPS Ping SNMP ISDN Login eni 0 Y v v v v v eni 4 v v v v v v bri 0 v Advanced Settings Restore Default Settings iil Add OK Cancel Fig 36 System Management gt Administrative Access gt Access For an Ethernet interface you can select the access parameters Telnet SSH HTTP HT TPS Ping SNMP and for the ISDN interfaces ISDN Login Only for hybird devices You can also authorise your device for maintenance work from Teldat s Customer Service departme
422. ished The default value is 22 Maximum number of concurrent connec tions Enter the maximum number of simultaneously active SSH con nections The default value is 1 Fields in the menu Authentication and Encryption Parameters Field Value Encryption Algorithms Select the algorithms that are to be used to encrypt the SSH connection Possible options e 3DES e Blowfish e AES 128 e AES 256 Teldat GmbH 10 System Management Field VENTO Hashing Algorithms By default 3DES Blowfish and AES 128 are enabled Select the algorithms that are to be available for message au thentication of the SSH connection Possible options SIMS SEAN e RipeMD 160 By default MD5 SHA 1 and RipeMD 160 are enabled Fields in the menu Key Status Field VENTO RSA Key Status DSA Key Status Shows the status of the RSA key If an RSA key has not been generated yet Not generatedis displayed in red and a link Generate is provided If you select the link the generation process is triggered and the view is up dated The Generating status is displayed in green When generation has been completed successfully the status changes from Generating to Generated If an error occurs during the generation Not generated and the Generate link are displayed again You can then repeat generation If the Unknown status is displayed generation of a key is not possible for example because there is not enough space in the Flash
423. isplays any configured entries from Networking gt Access Rules gt Rule Chains 14 4 1 1 New Choose the New button to define more IP filters QoS Filter QoS Classification QoS Interfaces Policies Basic Parameters Description Service User defined v Protocol Any v Destination IP Address Netmask Any v Any v Source IP Address Netmask DSCP TOS Filter Layer 3 Ignore v COS Filter 802 1 p Layer 2 ignore v 4 OK Cancel Fig 86 Networking gt QoS gt QoS Filter gt New The Networking gt QoS gt QoS Filter gt New menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the name of the filter Service Select one of the preconfigured services The extensive range of services configured ex works includes the following O AEN VILE e apple qt O auth e charge o elieaes d e daytime e dhep Acs Carna The default value is User defined Protocol Select a protocol The Any option default value matches any protocol Type Only for Protocol TCMP 4 bintec Rxxx2 RTxxx2 Teldat GmbH 14 Networking Field Description Select the type Possible values Any Echo reply Destination unreach able Source quench Redirect Echo Time exceeded Timestamp Timestamp reply See RFC 792 The default value is Any Connection State With Protocol TCP you can define a filter that takes the status of the TCP connections i
424. isplays the currently loaded version of the system software Back up of configura tion on SD card Only with inserted SD cart visible RXL1250 RXL12100 Indicates whether a backup configuration is available on the SD card or not Last configuration stored Displays day date and time of the last saved configuration boot configuration in flash Fields in the Resource Information menu 10 System Management Teldat GmbH Field Value CPU Usage Displays the CPU usage as a percentage Memory Usage Displays the usage of the working memory in MByte in relation to the available total working memory in MByte The usage is also displayed in brackets as a percentage Memory Card Shows the status of any optional external memory card that has been inserted and the size of the memory in GBytes or MBytes ISDN Usage Internal Shows the number of active B channels and the maximum num ber of available B channels for internal connections ISDN Usage External Shows the number of active B channels and the maximum num ber of available B channels for external connections Active Sessions SIF Displays the total of all SIF TDRC and IP load balancing ses RTP etc sions Active IPSec Tunnels Displays the number of currently active IPSec tunnels in relation to the number of configured IPSec tunnels Fields in the Modules menu Field Value DSP Module Shows the type of plugged DSP module if any An acquired fax licence if any can
425. istics 4 a ohh OB es hah oe ee dR da hod BE a 439 21 2 HTTPS t i otun A Lee alo E Pe Aes 440 21 2 1 HTTPS Server 2 1 a 440 21 3 DynDNS Client te a 6 ORS a ee Eee ee EPS 441 21 3 1 DynDNS Update 2 2 o o 441 21 3 2 DynDNS Provider 2 2 1 o o 443 21 4 DHIGP S6IVEh is E Bo ee ee ee ds 445 21 4 1 IP Pool Configuration 2 445 21 4 2 DHCP Configuration 2 2 ee 446 21 4 3 IP MAG Binding ii 42 8 we chan ee ans Pe te Gog age A aaa aes 450 21 4 4 DHCP Relay Settings 2 a a a 451 21 5 Web Filter 23s gapt eon eo ae a SO Ee Gabe ain eb Ged 4 452 21 5 1 General li each AO REE habe ech Re A 453 21 5 2 Fit r bist e ceu Sloe woes Ble et Be ae pela ee e 455 21 5 3 Black White List 2 o eo 457 21 5 4 FUSTOY lt a spacers serail oe he ct eRe aa Sa oe tee Cet ERE ac BO 458 21 6 GAPI SeIVer o eh a BE See bok a ee eh a 458 21 6 1 User Y DAS thd ee Oh esi ht a Ue ic ete eae ht wig er eon t 458 21 6 2 Options lt lt 4 2 bt ah he a Brew oh ade de ht god 459 bintec Rxxx2 RTxxx2 21 7 Scheduling bio o eh Garey tenets le eae es ene dn Seon er i cap ge we 460 21 7 1 A O f Sete ee ie we gh ra say Eo 461 21 7 2 PACUIONIS o Sat ect Cansei tye clad ieee pe Sat actual gta dn 467 21 7 3 ODLONS fod a Pe Ba ale A pee Be BS Se di ae T 477 21 8 Surveillance s u i a bo eee Pee ee ee PE 478 21 8 1 HOSTS a aller a Pal ela a Be eres Be BAG 478 21 8 2
426. istribu tion Poisoned Reverse The setting option UDP Port which is used for sending and re ceiving RIP updates is only for test purposes If the setting is changed this can mean that your device sends and listens at a port that no other devices use The default value 520 should be retained Select whether the default route of your device is to be propag ated via RIP updates The function is enabled with Enabled The function is enabled by default Select the procedure for preventing routing loops With standard RIP the routes learnt are propagated over all in terfaces with RIP SEND activated With Poisoned Reverse however your device propagates over the interface via which it learnt the routes with the metric Next Hop Count 16 Teldat GmbH 15 Routing Protocols Field Description Network is not reachable The function is enabled with Enabled The function is disabled by default RFC 2453 Variable For the timers described in RFC 2453 select whether the same Timer values that you can configure in the Timer for RIP V2 RFC 2453 menu should be used The function is enabled with Enabled The function is enabled by default If you deactivate the function the times defined in RFC are re tained for the timeouts RFC 2091 Variable For the timers described in RFC 2091 select whether the same Timer values that you can configure in the Timer for Triggered RIP RFC 2091 menu should be used The functi
427. ition of a MAC address in MAC Address is optional in this module MAC Address Only with virtual interfaces and only for Interface Mode Un tagged Enter the MAC address associated with the interface For virtual interfaces you can use the MAC address of the physical inter face under which the virtual interface was created but this is not necessary You can also allocate a virtual MAC address The first 6 characters of the MAC are preset but can be changed VLAN ID Only for Interface Mode Tagged VLAN 12 LAN Teldat GmbH Field Description This option only applies for routing interfaces Assign the inter face to a VLAN by entering the VLAN ID of the relevant VLAN Possible values are 1 default value to 4094 The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description DHCP MAC Address DHCP Hostname DHCP Broadcast Flag Proxy ARP Only for Address Mode DHCP If Use built in is activated default setting the hardware MAC address of the Ethernet interface is used In the case of physical interfaces the current MAC address is entered by default If you disable Use built in you enter an MAC address for the virtual interface e g 00 e1 f 9 06 bf 03 Some providers use hardware independent MAC addresses to allocate their clients IP addresses dynamically If your provider has assigned you a MAC address enter this here Only for Address Mode
428. its present IP address 21 3 1 DynDNS Update In the Local Services gt DynDNS Client gt DynDNS Update menu a list of all configured DynDNS registrations for updating is displayed 21 3 1 1 New Choose the New button to set up further DynDNS registrations to be updated 21 Local Services Teldat GmbH DynDNS Update DynDNs Provider Basic Parameters Host Name E Interface Selectone User Name Ee Password ecocooooo Provider dyndns v Enable update DEnabled Advanced Settings Mail Exchanger Mx Wildcard DEnabled oK Cancel Fig 172 Local Services gt DynDNS Client gt DynDNS Update gt New The menu Local Services gt DynDNS Client gt DynDNS Update gt New consists of the fol lowing fields Fields in the Basic Parameters menu Field Description Host Name Enter the complete host name as registered with the DynDNS provider Interface Select the WAN interface whose IP address is to be propagated over the DynDNS service e g the interface of the Internet Ser vice Provider User Name Enter the user name as registered with the DynDNS provider Password Enter the password as registered with the DynDNS provider Provider Select the DynDNS provider with which the above data is re gistered A choice of DynDNS providers is already available in the uncon figured state and their protocols are supported Other DynDNS providers can be configured in the Local Ser vices gt DynDNS Client gt DynDNS Provider me
429. ity reasons The Mi crosoft client also has the option of aborting callback and maintaining the initial connection to your device without call back This only applies if no fixed outgoing number has been configured for the connection partner This is done by closing the dialog box that appears with Cancel Fields in the Bandwith on Demand Options menu Field Description Channel Bundling Select whether channel bundling is to be used for ISDN connec tions with the connection partner and if so what type Your device supports dynamic and static channel bundling for dialup connections Only one B channel is initially opened when a connection is set up Dynamic channel bundling means that your device connects other ISDN B channels to increase the throughput for connections if this is required e g for large data rates If the amount of data traffic drops the additional B channels are closed again In static channel bundling you spe cify right from the start how many B channels your device is to use regardless of the transferred data rate Possible values e None default value No channel bundling only one B channel is ever available for connections 17 WAN Teldat GmbH Field Description e Static Static channel bundling e Dynamic Dynamic channel bundling Fields in the Dial Numbers menu Field Description Entries Add new entries with Add Fields in menu Dial Number Configuration appears only for Entries
430. ive Value and with an inactive initiator with the value in Inactive Value Use Add to create more entries Interface Only if Command Type Interface Status Select the interface whose status should be changed Set interface status Only if Command Type Interface Status Select the status to be set for the interface Possible values e Up default value e Down e Reset Source Location Only if Command Type Software Update Select the source for the software update Possible values e Current Software from Teldat Server default value The latest software will be downloaded from the Teldat server e HTTP Server The latest software will be downloaded from an HTTP server that you define in Server URL e HTTPS Server The latest software will be downloaded from an HTTPS server that you define in Server URL e TFTP Server The latest software will be downloaded from an TFTP server that you define in Server URL Server URL For Command Type Software Update if Source Location not Current Software from Teldat Server Teldat GmbH 21 Local Services Field Description Enter the URL of the server from which the desired software version is to be retrieved For Command Type Configuration Management with Action Import configuration or Export configura tion Enter the URL of the server from which a configuration file is to be retrieved or on which the configuration file is to be backed up File Name
431. jndael AES was selected as AES due to its fast key generation low memory requirements and high level of security against attacks For more information on AES see ht tp csrc nist gov encryption aes Routing Information Protocol RipeMD 160 is a cryptographic hash function with 160 bits It is re garded as a secure replacement for MD5 and RipeMD Plug or socket for maximum eight wires Connection for digital ter minals In a multicell WLAN clients can move freely and log off from one ac cess point and log on to another when moving through cells without the user noticing this This is known as roaming To use the Room Monitoring performance feature the telephone must be activated in the room to be monitored by means of a code Glossary Room monitoring from external tele phones Room monitoring from internal tele phones Router RSA RTSP S2M interface SAD SDSL Server ServerPass Service 0190 Teldat GmbH and the receiver must be lifted or Hands free switched on If you replace the telephone receiver or turn off Hands free room mon itored ends and the performance feature is switched off This function can be used to monitor rooms from an external tele phone You can acoustically monitor a room from an internal telephone in your PBX This is set up using the telephone procedures described in the user s guide Please read the information on the described functions in the user s guide
432. k Name SSID is to be trans mitted The network name is displayed by selecting Visible It is visible by default Select whether communication between the WLAN clients is to be permitted within a radio cell bintec Rxxx2 RTxxx2 13 Wireless LAN Controller Teldat GmbH Field Description The function is activated by selecting Enabled The function is enabled by default ARP Processing Select whether the ARP processing function should be enabled The ARP data traffic is reduced in the network by the fact that ARP broadcasts that have been converted to ARP unicasts are forwarded to IP addresses that are known internally Unicasts are quicker and clients with an enabled power save function are not addressed The function is activated by selecting Enabled The function is disabled by default Make sure that ARP processing cannot be applied together with the MAC bridge function WMM Select whether voice or video prioritisation via WMM Wireless Multimedia is to be activated for the wireless network so that optimum transmission quality is always achieved for time critical applications Data prioritisation is supported in accordance with DSCP Differentiated Services Code Point or IEEE802 1d The function is activated by selecting Enabled The function is enabled by default Fields in the menu Security Settings Field Description Security Mode Select the security mode encryption and authentication for the wirele
433. k Route Local im via Interface Fig 79 Network gt Routes IPv4 Routing Table Fields in the menu IPv4 Routing Table 14 Networking Teldat GmbH Field Description Destination IP Address Displays the IP address of the destination host or destination network Netmask Displays the netmask of the destination host or destination net work Gateway Displays the gateway IP address Nothing is displayed here when routes are received by DHCP Interface Displays the interface used for this route Metric Displays the route s priority The lower the value the higher the priority of the route Route Type Displays the route type Extended Route Displays whether a route has been configured with advanced parameters Delete You can delete entries with the symbol 14 1 3 Options Back Route Verify The term Back Route Verify describes a very simple but powerful function If a check is ac tivated for an interface incoming data packets are only accepted over this interface if out going response packets are routed over the same interface You can therefore prevent the acceptance of packets with false IP addresses even without using filters IPv4 Route Configuration IPv4 Routing Table Options Back Route Verify O Enable for all interfaces Enable for specific interfaces Disable for all interfaces Mode View 20 per page Filter in None v equal v Go No Interface Back Route Verify 1 bro Enabled Page
434. ke sure the terminal program used also uses this baudrate If this is not the case you will not be able to es tablish a serial connection to the device bintec Rxxx2 RTxxx2 Chapter 9 Assistants The Assistants menu offers step by step instructions for the following basic configuration tasks e First steps e Internet Access VPN e SWYX only with active optional DSP module e VoIP PBX in LAN Choose the corresponding task from the navigation bar and follow the instructions and ex planations on the separate pages of the Wizard bintec Rxxx2 RTxxx2 Chapter 10 System Management The System Management menu contains general system information and settings You see a system status overview Global system parameters such as the system name date time passwords and licences are managed and the access and authentication meth ods are configured 10 1 Status If you log into the GUI your device s status page is displayed which shows the most im portant system information You see an overview of the following data e System status e Your device s activities Resource utilisation active sessions and tunnels e Status and basic configuration of the LAN WAN ISDN and ADSL interfaces e Information on plugged add on modules if any You can customise the update interval of the status page by entering the desired period in seconds as Automatic Refresh Interval and clicking on the Apply button N Caution Under Autom
435. key to be created Possible values 512 768 1024 1536 2048 4096 Please note that a key with a length of 512 bits could be rated as unsecure whereas a key of 4096 bits not only needs a lot of time to create but also occupies a major share of the resources during IPSec processing A value of 768 or more is however recommended and the default value is 1024 bits SCEP URL Only for Mode SCEP Enter the URL of the SCEP server e g ht tp scep teldat de 8080 scep scep dll Your CA administrator can provide you with the necessary data CA Certificate Only for Mode SCEP Select the CA certificate e In Download In CA Name enter the name of the CA certificate of the certification authority CA from which you wish to request your certificate e g cawindows Your CA ad ministrator can provide you with the necessary data If no CA certificates are available the device will first down load the CA certificate of the relevant CA It then continues with the enrolment process provided no more important para meters are missing In this case it returns to the Generate Certificate Request menu If the CA certificate does not contain a CRL distribution point Certificate Revocation List CRL and a certificate server is Teldat GmbH 10 System Management Field Description not configured on the device the validity of certificates from this CA is not checked e lt name of an existing certificate gt If all the nece
436. keys are used for authentication It requires only three messages to configure a secure channel e Main Mode ID Protect This mode also designated Main Mode requires six messages for a Diffie Hellman key calculation and thus for configuring a secure channel over which the IPSec SAs can be negotiated A condition is that both peers have static IP addresses if preshared keys are used for authentication Also define whether the selected mode is used exclusively 18 VPN Teldat GmbH Field Description Strict or the peer can also propose another mode Local ID Type Only for Phase 1 IKE Parameters Select the local ID type Possible values e Fully Qualified Domain Name FQDN e E mail Address e IPV4 Address e ASN 1 DN Distinguished Name Local ID Value Only for Phase 1 IKE Parameters Enter the ID of your device For Authentication Method DSA Signature RSA Signa ture or RSA Encryption the Use Subject Name from certi ficate option is displayed When you enable the Use Subject Name from certificate op tion the first alternative subject name indicated in the certificate is used or if none is specified the subject name of the certific ate is used Note If you use certificates for authentication and your certific ate contains alternative subject names see Certificates on page 106 you must make sure your device selects the first al ternative subject name by default Make sure you and your peer both use the
437. l Remote ID Shows the ID of the peer Negotiation Type Shows the exchange type Authentication Method Shows the authentication method MTU Shows the current MTU Maximum Transfer Unit Alive Check Shows the method for checking that the peer is reachable NAT Detection Displays the NAT detection method Local Port Shows the local port Remote Port Shows the remote port Packets Shows the total number of incoming and outgoing packets Bytes Shows the total number of incoming and outgoing bytes Errors Shows the total number of errors IKE Phase 1 SAs x The parameters of the IKE Phase 1 SAs are displayed here Teldat GmbH 24 Monitoring Field Description Role Algorithm Life time remaining Status IPSec Phase 2 SAs Shows the parameters of the IPSec Phase 2 SAs x Role Algorithm Life time remaining Status Messages The system messages for this IPSec tunnel are displayed here 24 2 2 IPSec Statistics In the Monitoring gt IPSec gt IPSec Statistics menu statistical values for all IPSec connec tions are displayed IPSec Tunnels IPSec Statistics Automatic Refresh Interval 60 Seconds Apply Licences In Use Maximum IPSec Tunnels 0 110 Peers Up Going up Blocked Dormant Configured Status 0 0 0 1 1 SAs Established Total IKE Phase 1 0 0 IPSec Phase 2 0 0 Packet Statistics In Out Total 59 135 Passed 59 135 Dropped 0 0 Encrypted 0 0 Errors D 0 Fig 216 Monitoring gt IPSec gt IPSec
438. l TCP UDP TCP UDP Enter the source port of the original data packets The default setting A11 means that the port remains unspecified Source Port Range Only for Type of traffic excluding Without NAT Ser vice user defined and Protocol TCP UDP TCP UDP Enter the source port or the source port range of the original data packets The default setting A11 means that the port re mains unspecified Destination IP Ad Only for Type of traffic excluding Without NAT or dress Netmask outgoing Source NAT and NAT method symmetric Enter the destination IP address and corresponding netmask of the original data packets as the case arises Destination Port Range Only for Type of traffic outgoing Source NAT NAT method symmetric Service user defined and Pro tocol TCP UDP TCP UDP or Type of traffic excluding Without NAT Service user defined and Protocol TCP UDP TCP UDP 14 Networking Teldat GmbH Field Description Enter the destination port or the destination port range of the original data packets The default setting A11 means that the port is not specified In the NAT Configuration gt Replacement Values menu you can define depending on whether you re dealing with inbound or outbound data traffic new addresses and ports to which specific addresses and ports from the NAT Configuration gt Specify original traffic menu can be translated Fields in the Replacement Values menu Field
439. l Reporting gt IP Accounting gt Interfaces In the External Reporting gt IP Accounting gt Interfaces menu a list of all interfaces con figured on your device is shown For each entry you can activate IP Accounting by setting the checkmark In the IP Accounting column you do not need to click each entry individu ally Using the options Select all or Deselect all you can enable or disable the IP account ing function for all interfaces simultaneously 23 2 2 Options In this menu you configure general settings for IP Accounting bintec Rxxx2 RTxxx2 Teldat GmbH 23 External Reporting Interfaces Options Log Format INET d t a c i r t gt Bi RIMF Ap 0 P O s OK Cancel Fig 207 External Reporting gt IP Accounting gt Options In the External Reporting gt IP Accounting gt Options menu you can define the Log Format of the IP accounting messages The messages can contain character strings in any order sequences separated by a slash e g t or n or defined tags Possible format tags Format tags for IP Accounting messages Field Description d Date of the session start in the format DD MM YY t Time of the session start in the format HH MM SS a Duration of the session in seconds cC Protocol i Source IP Address r Source Port Sot Source interface index l Destination IP Address R Destination Port oF Destination interface index p Packets sent 0 Octets sent P Packets received
440. l monitored hosts is displayed in the Local Services gt Surveillance gt Interfaces menu 21 8 2 1 Edit or New Choose the E icon to edit existing entries Choose the New button to set up monitoring for other interfaces Hosts Interfaces Temperature Ping Generator Basic Parameters Monitored Interface Select one y Trigger Interface goes up v Interface Action Enable v Interface Select one Y oK Cancel Fig 188 Local Services gt Surveillance gt Interfaces gt New The menu Local Services gt Surveillance gt Interfaces gt New consists of the following fields Fields in the Basic Parameters menu Field Description Monitored Interface Select the interface on your device that is to be monitored 21 Local Services Teldat GmbH Field Description Trigger Select the state or state transition of Monitored Interface that is to trigger a particular Interface Action Possible values e Interface goes up default value e Interface goes down Interface Action Select the action that is to follow the state or state transition defined in Trigger The action is applied to the Interface s selected in Interface Possible values e Enable default value Activation of interface s e Disable Deactivation of interface s Interface Select the interface s for which the action defined in Interface is to be performed You can choose all physical and virtual interfaces as well as op tions All PPP Interfaces and All IPSec I
441. l to which a data packet is to be sent For a connection to be selected and set up parameters must be defined for all the required connections These parameters are stored in lists which together permit the right con nection to be set up The PBX uses the PPP Point to Point Pro tocol for ISDN access and PPPoE Point to Point Protocol over Ethernet for access over T DSL The traffic on these two Internet connections is monitored separately by the PBX Special modem for data transmission using DSL access technology A DSL splitter is a device that splits the data or frequencies of vari ous applications that run via a subscriber line or distribution point and provides this via separate connections Digital Subscriber Line Digital Subscriber Signalling System Direct Sequence Spread Spectrum is a wireless technology that was originally developed for the military and offers a high level of protec tion against faults because the wanted signal is spread over a wide area The signal is spread by means of a spread sequence or chip ping code consisting of 11 chips across 22 MHz Even if there is a fault on one or more of the chips during transfer the information can still be obtained reliably from the remaining chips Data Terminal Equipment Teldat GmbH DTMF Dynamic IP address E1 T1 ECB ECT Email Glossary Dual Tone Multi Frequency tone dialling system In contrast to a static IP address a dynamic IP address is as
442. lation bridged no fcs VPI Virtual Path Identifier il VCI Virtual Circuit Identifier 32 Your user name MyName Password TopSecret Some Internet Service Providers such as T Online require additional information Additional information for T Online Access data Example value Your values User account 12 digits 000123456789 7 Basic configuration Teldat GmbH Access data Example value Your values T Online number usually 12 digits 06112345678 Joint user account 0001 Note To configure T Online Internet access enter the following succession of numbers without intervening spaces in the User Name field User account 12 digits T Online number usually 12 digits co user number for the main user always 0001 If your T Online number is less than 12 digits long a character is required between the T Online number and the co user number If you use T DSL you must add the character string t online de at the end of this string of numbers You user name could for example look like this 00012345678906112345678 0001 t online de 7 3 2 Configuring a PC In order to reach your device via the GUI and to be able to carry out configuration the PC used for the configuration has to satisfy some prerequisites e Make sure that the TCP IP protocol is installed on the PC e Assign fixed IP address to your PC Checking the TCP IP protocol Proceed as follows to check whether you have installed the protocol 1
443. le bintec Rxxx2 RTxxx2 Glossary Automatic callback on busy CCBS Automatic callback on no reply CCBS Automatic clearing of Internet connec tion ShortHold Automatic outside line Automatic redialling B channel B channel BACP BAP Teldat GmbH You urgently need to contact a business partner or internal sub scriber However when you call you always hear the engaged tone If you were to receive notification that the subscriber had ended the call your chance of reaching them would be very good With Call back on Busy you can reach the engaged subscriber once they have replaced the receiver at the end of the call Your telephone rings When you lift the receiver a connection to the required sub scriber is set up automatically An internal Callback on Busy is de leted automatically after 30 minutes The external Callback on Busy is deleted after a period specified by the exchange approx 45 minutes Manual deletion before this period has elapsed is also possible You urgently need to contact a business partner or internal sub scriber When you call them you always hear the ringing tone but your business partner is not close to the telephone and does not pick up With Callback on no reply you can reach the subscriber as soon as they have completed a call or lifted and replaced the re ceiver of their telephone Your telephone rings When you lift the re ceiver a connection to the required subs
444. le at above If no keys are available you have to generate these first Proceed as follows 1 2 3 4 5 6 Leave the Flash Management shell with exit Launch the GUI and log on to your device see Call up the GUI on page 58 Make sure that Deutsch is selected as the language Check the key status in the System Management gt Administrative Access gt SSH menu If both keys are available you ll see in both fields RSA Key Status and DSA Key Status the value Generated If one or both of these fields contains the value Not generated you must generate the relevant key To have the device generate the key click Generate The device generates the corresponding key and stores it in the FlashROM Gen erated indicates successful generation Make sure that both keys have been successfully generated If necessary repeat the procedure described above Login via SSH 8 Access and configuration Teldat GmbH Proceed as follows to log in on your device via SSH If you have made sure that all the keys needed are available on the device you have to check whether an SSH client is installed on your PC Most UNIX and Linux distributions in stall a SSH client by default Additional software e g PUTTY usually has to be installed on a Windows PC Proceed as follows to log in on your device via SSH UNIX 1 Enterssh lt IP address of the device gt in a terminal The login prompt window appears This is located in the S
445. lect this option the L2TP partner is configured so that it accepts L2TP tunnels and restores the encapsulated PPP traffic flow e LAC If you select this option the L2TP partner is configured so that it encapsulates a PPP traffic flow in L2TP and sets up a L2TP tunnel to a remote LNS Tunnel Profile Only for Connection Type LAC Select a profile created in the Tunnel Profile menu for the con nection to this L2TP partner User Name Enter the code of your device Password Enter the password Always on Select whether the interface should always be activated The function is enabled with Enabled The function is disabled by default Connection Idle Only if Always on is disabled Timeout Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 300 Fields in the IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Teldat GmbH 18 VPN Field Description Possible values e Static default value You enter a static IP address e Provide IP Address Only for Connection Type LNS Your device dynamically assigns an IP address to the remote terminal e Get IP Address
446. leted As soon as the enrolment is completed and the certificate has been downloaded from the CA server it is automatically saved in the device configuration The function is enabled by default Use CRL Only for Command Type Certificate Management and Action SCEP Define the extent to which certificate revocation lists CRLs are to be included in the validation of certificates issued by the own Teldat GmbH 21 Local Services Field Description er of this certificate Possible values e Auto default value In case there is an entry for a CDP CRL distribution point this should be evaluated in addition to the CRLs globally configured in the device e Yes CRLs are always checked e No No checking of CRLs Select radio Only for Command Type 5 GHz WLAN Bandscan and 5 8 GHz WLAN Bandscan Select the WLAN module on which to perform the frequency band scan WLC SSID Only if Command Type WLC VSS State Select the wireless network administered over the WLAN con troller whose status should be changed Set status Only if Command Type WLC VSS State Select the status for the selected wireless network Possible values e Activate default value e Deactivate 21 7 3 Options You configure the schedule interval in the Local Services gt Scheduling gt Options Trigger Actions Options Scheduling Options Schedule Interval 0 sec Enabled OK Cancel Fig 186 Local Services gt Sched
447. lled 96731234 e manipulated number 4991196731234 20 2 4 CLID Translation Here you define the processing of the calling party number for incoming calls You can for example add a prefix to a received call number in order to route corresponding outgoing calls via a particular SIP account In the VoIP gt Media Gateway gt CLID Translation menu a list of all existing entries is shown on which the received number is edited 20 2 4 1 Edit or New Choose the ig icon to edit existing entries Select the New button to create entries for CLID translation Extensions SIP Accounts Call Routing CLID Translation Call Translation ISDN Trunks Options Basic Parameters Description Calling Line v Called Line Any Called Address Calling Address Translation A OK C cancel Fig 160 VoIP gt Media Gateway gt CLID Translation gt g New The VoIP gt Media Gateway gt CLID Translation gt E New menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the name of the entry Calling Line Select the ISDN line or SIP account from which the call comes The selection depends on the interfaces available and on the SIP accounts that have been created Possible values e pri lt Interface Index gt Restricts the entry to the selected bintec Rxxx2 RTxxx2 20 VoIP Teldat GmbH Field Description PRI interface e bri lt Inte
448. lowing fields Fields in the Advanced Settings menu Field Description X 31 X 25 in D Chan Select whether you want to use X 31 X 25 in the D channel nel e g for CAPI applications The function is enabled with Enabled The function is disabled by default X 31 TEI Value Only if X 31 X 25 in D Channel is enabled With the ISDN autoconfiguration the X 31 TEl is detected auto matically If the autoconfiguration has not detected TEI you can manually enter the value assigned by the exchange Possible values are 0 to 63 The default value is 1 for automatic detection X 31 TEI Service Only for X 31 X 25 in D Channel enabled Select the service for which you want to use X 31 TEI Possible values Field Description e CAPI e CAPI Default e Packet Switch default value CAPI and CAPI Default are only for the use of X 31 TEI for CAPI applications For CAPI the TEI value set in the CAPI ap plication is used For CAPT Default the value of the CAPI ap plication is ignored and the default value set here is always used Packet Switch is set if you want to use X 31 TEI for the X 25 device ISDN PRI interface For a Primary Rate Interface PRI or S2M the channels are transmitted in series in so called time slots Choose the button to edit the configuration of the ISDN port bintec Rxxx2 RTxxx2 ISDN Configuration MSN Configuration Basic Parameters Port Name pri2 4
449. lt value or TCP Enter the Portvia which the data is to be transported The default value is 5060 In SIP client mode The ports can be provider specific User Name In SIP client mode Enter the username for authentication if your VoIP provider has assigned one for you In SIP server mode You must define the user name A maximum of 40 characters can be entered Authentication ID Enter a name that is to be used for authentication with the out bound proxy If you do not enter a name the name in the User Name field is used In SIP client mode Enter a name only if this is explicitly spe cified by the provider Password In SIP client mode The VoIP provider gives you a PIN or pass word for authentication You must enter this value here 20 VoIP Teldat GmbH Field Description In SIP server mode Define a PIN or a password A maximum of 40 characters can be entered Registration Specify whether the registration mechanism is to be used by SIP REGISTER Normally every SIP client user sends its cur rent position to a REGISTRAR server by means of a RE GISTER message This information about the user and his cur rent address is held by the REGISTRAR server and queried by other proxies to find the user The function is enabled with Enabled The function is enabled by default Apart from this standard procedure the relevant data can also be sent to a particular IP address that is already known to the correspondent Regi
450. lticast Group RP Mappings Values in the PIM Interfaces list bintec Rxxx2 RTxxx2 24 Monitoring Teldat GmbH Field Description Interface Displays the name of the PIM interface IP Address Displays the primary IP address of the PIM interface Designated Router Displays the primary IP address of the designated router on this PIM interface Values in the PIM Neighbors list Interface Displays the interface via which the PIM Neighbor is reached Generation ID Displays the ID of the neighbor gateway IP Address Displays the primary IP address of the PIM Neighbor Uptime Indicates how long the last PIM Neighbor is a neighbor of the local router Expiry Timer Indicates when the PIM Neighbor is no longer entered as neigh bor If the value 0 is displayed the PIM Neighbor always re mains entered as neighbor Values in the Multicast Group RP Mappings list Field Description Multicast Group Ad Displays the multicast group address dress Multicast Group Prefix Displays the related network mask Length Rendevous Point IP Displays the IP address of the Rendezvous point Address 24 9 2 Not Interface Specific Status The menu Monitoring PIM Not Interface Specific Status includes status information for all PIM interfaces Teldat GmbH 24 Monitoring Global Status Not Interface Specific Status Interface Specific States View All v 4 RP States View 20 per page Filter in None v equal v Go Rendev
451. ly for Prioritisation queue Class Based Select the QoS packet class to which this queue is to apply To do this at least one class ID must be given in the Network ing gt QoS gt QoS Classification menu Priority Only for Prioritisation queue Class Based Choose the priority of the queue Possible values are 1 high priority to 254 low priority The default value is 1 Weight Only for Prioritisation Algorithm Weighted Round Robin or Weighted Fair Queueing Choose the priority of the queue Possible values are 1 to 254 The default value is 1 RTT Mode Realtime Active or deactivate the real time transmission of the data Traffic Mode The function is enabled with Enabled The function is disabled by default RTT mode should be activated for QoS classes in which real time data has priority This mode improves latency when for warding real time datagrams It is possible to configure multiple queues when RTT mode is enabled Queues with enabled RTT mode must always have a higher priority than queues with disabled RTT mode Traffic Shaping Activate or deactivate data rate Traffic Shaping limiting in the send direction The data rate limit applies to the selected queue This is not the limit that can be defined on the interface The function is enabled with Enabled Teldat GmbH 14 Networking Field Description The function is disabled by default Maximum Upload Only for Traffic Shaping enabled
452. m size as of which the data packets are to be fragmented i e split into smaller units Low values are recom mended for this field in areas with poor reception and in the event of radio interference Possible values are 256 to 2346 The default value is 2346 Cyclic Background Scanning Not all devices support this function You can enable the Cyclic Background Scanning function so that a search is run at regular intervals for neighbouring or rogue access points in the network This search is run without negatively impacting the function as an access point Enable or disable the function Cyclic Background Scanning Field Description The function is enabled with Enabled The function is not activated by default 13 3 3 Wireless Networks VSS Slave Access Points Radio Profiles Wireless Networks VSS YSS Description Network Name SSID Number of associated radio modules Security Status Action vss 1 Funkwerk ec 0 WPAPSK 13 Assign unassigned VSS to all radio modules C START J C New Fig 67 Wireless LAN Controller gt Slave AP configuration gt Wireless Networks VSS An overview of all created wireless networks is displayed in the Wireless LAN Controller gt Slave AP configuration gt Wireless Networks VSS menu A wireless network is cre ated by default For every wireless network VSS you see an entry with a parameter set VSS Descrip tion Network Name SSID Number of associated radio modules Securi
453. mbol Position Indicates Dormant status for an interface or connection Indicates Up status for an interface or connection Indicates Down status for an interface or connection Indicates Blocked status for an interface or connection Indicates Going up status for an interface or connection Indicates that data traffic is encrypted MPBOSOoOOoOS Triggers a WLAN bandscan Displays the next page in a list ac Displays the previous page in a list You can select the following operating functions in the list view GUI List options Update Interval Here you can set the interval in which the view is to be updated To do this enter a period in seconds in the input field and con Filter You can have the list entries filtered and displayed according to certain criteria You can determine the number of entries displayed per page by entering the required number in View x per page Use the and buttons to scroll one page forward and one page back You can filter according to certain keywords within the configur ation parameters by selecting the filter rule you want under Fil ter in x lt Option gt y and entering the search word in the input field y launches filter operation Configuration elements Some lists contain configuration elements You can therefore change the configuration of the correspond 8 Access and configuration Teldat GmbH ing list entry directly in the list Automatic Refresh Inte
454. menu Advanced IPSec Options Field Description Phase 1 Profile Select a profile for Phase 1 Besides user defined profiles pre defined profiles are available Possible values e None use default profile Uses the profile marked as standard in VPN gt IPSec gt Phase 1 Profiles e Multi Proposal Uses a special profile which contains the proposals for Phase 1 3DES MD5 AES MD5 and Blowfish MD5 regardless of the proposal selection in menu VPN gt IPSec gt Phase 1 Profiles e lt Profilname gt Uses a profile configured in menu VPN gt IPSec gt Phase 1 Profiles for Phase 1 Phase 2 Profile Select a profile for Phase 2 Besides user defined profiles pre defined profiles are available Possible values e None use default profile Uses the profile marked as standard in VPN gt IPSec gt Phase 2 Profiles e Multi Proposal Uses a special profile which contains the proposals for Phase 2 3DES MD5 AES 128 MD5 and Blow fish MD5 regardless of the proposal selection in menu VPN gt IPSec gt Phase 2 Profiles e lt Profilname gt Uses a profile configured in menu VPN gt IPSec gt Phase 2 Profiles for Phase 2 Teldat GmbH 18 VPN Field Description XAUTH Profile Select a profile created in VPN gt IPSec gt XAUTH Profiles if you wish to use this IPSec peer XAuth for authentication If XAuth is used together with IKE Config Mode the transac tions for XAuth are carried out before the transactions for IKE Config Mode
455. menu for this device under Local Ser vices gt DHCP Server gt DHCP Pool gt New gt Advanced Set tings in the DHCP Options field on the Add button Select as Option CAPWAP Controller and in the Value field enter the IP address of the WLAN controller If you use static IP addresses in your network you must enter these to all APs manually The IP addresses of the wireless LAN controller must be entered for each AP in the System Management gt Global Settings gt System menu in the Manual WLAN Controller IP Address field Possible values e External or static default value An external DHCP server with an CAPWAP option 138 enabled assigns the IP addresses to the APs or you can give static IP addresses to the APs e Internal Your device on which the CAPWAP option 138 is active assigns the IP addresses to the APs IP Address Range Only for DHCP Server Internal Enter the start and end IP address of the range These IP ad dresses and your device must originate from the same network 13 Wireless LAN Controller Teldat GmbH Field Description Slave AP location Select whether the APs that the wireless LAN controller is to manage are located in the LAN or the WAN Possible values e Local LAN default value e Remote WAN The Remote WAN setting is useful if for example there is a wireless LAN controller installed at head office and its APs are distributed to different branches If the APs are linked via VPN it may b
456. mes Possible values are 1 to 65535 The default value is 100 DTIM Period Enter the interval for the Delivery Traffic Indication Message DTIM The DTIM field is a data field in transmitted beacons that in forms clients about the window to the next broadcast or multic ast transmission lf clients operate in power save mode they come alive at the right time and receive the data Possible values are 1 to 255 The default value is 2 Teldat GmbH 13 Wireless LAN Controller Field Description RTS Threshold Here you can specify the data packet length threshold in bytes 1 2346 as of which the RTS CTS mechanism is to be used This makes sense if several clients that are not in each other s wireless range are run in one access point Short Guard Interval Enable this function to reduce the guard interval time between transmission of two data symbols from 800 ns to 400 ns Short Retry Limit Enter the maximum number of attempts to send a frame with length less than or equal to the value defined in RTS Threshold After this many failed attempts the packet is dis carded Possible values are 1 to 255 The default value is 7 Long Retry Limit Enter the maximum number of attempts to send a data packet of length greater than the value defined in RTS Threshold After this many failed attempts the packet is discarded Possible values are 1 to 255 The default value is 4 Fragmentation Threshold Enter the maximu
457. message Possible values 0 to 32 seconds The default value is 1 Override Interval Define the value that the gateway enters in the Over ride_Interval field for the LAN Prune Delay option Override Interval defines the maximum time a downstream router can wait until sending a prune override message Possible values 0 to 65 seconds The default value is 3 16 4 2 PIM Rendezvous Points In menu Multicast gt PIM gt PIM Rendezvous Points you determine which Rendezvous Point is responsible for which group A list of all PIM Rendezvous Points is displayed PIM Interfaces PIM Rendezvous Points PIM Options View 20 per page L Filter in None v equal v Go Multicast Group Range Rendezvous Point IP Address Status Page 1 New Fig 113 Multicast gt PIM gt PIM Rendezvous Points 16 4 2 1 Edit or New Choose the icon to edit existing entries To configure PIM Rendezvous Points select the New button PIM Interfaces PIM Rendezvous Points PIM Options PIM Rendezvous Point Settings Multicast Group Range All Groups v Rendezvous Point IP Address pooo Precedence booo OK C Cancel Fig 114 Multicast gt PIM gt PIM Rendezvous Points gt New The Multicast gt PIM gt PIM Rendezvous Points gt New menu consists of the following fields Fields in the PIM Rendezvous Point Settings menu Field Description Multicast Group Range Select the Multicast group for the PI
458. min Password eseese Confirm Admin Password essees SNMP Communities SNMP Read Community eseese SNMP Write Community eseese Global Password Options Show passwords and keys in cleartet Show OK Cancel Fig 30 System Management gt Global Settings gt Passwords Note All Teldat devices are delivered with the same username and password As long as the password remains unchanged they are not protected against unauthorised use Make sure you change the passwords to prevent unauthorised access to the device If the password is not changed under System Management gt Status there appears the warning System password not changed The System Management gt Global Settings gt Passwords menu consists of the following fields Fields in the System Password menu Field Value System Admin Pass Enter the password for the user name admin word This password is also used with SNMPv3 for authentication MD5 and encryption DES Confirm Admin Pass Confirm the password by entering it again word Fields in the SNMP Communities menu Field Value SNMP Read Com Enter the password for the user name read munity SNMP Write Com Enter the password for the user name write Field VENTO munity Fields in the Global Password Options menu Field VENTO Show passwords and Define whether the passwords are to be displayed in clear text keys in clear text plain text The function is enabled with Show The function is dis
459. mode VDSL ADSL multi mode is used DSL SyncType Only for devices with an ADSL modem Select the ADSL synchronization type Possible values e ADSL Automode default value The ADSL mode is auto matically adapted for the remote terminal e ADSL1 ADSL1 G DMT is used e ADSL2 ADSL2 G 992 3 is used e ADSL2 Plus ADSL2 Plus G 992 5 is used e Inactive The ADSL interface is not active Only for ADSL Mode Annex A e Automode Annex M The ADSL mode is automatically adapted to the other end with reference to G 992 3 Annex M e ADSL2 Plus Annex M ADSL2 Plus G 992 3 Annex M is used e ANSI T1 413 ANSI T1 413 Only for ADSL Mode Annex B e ETSI TI 413 ETSI T1413 Transmit Shaping Select whether the data rate in the send direction is to be re duced This is only needed in a few cases for special DSLAMs Possible values e Default Line Speed default value The data rate in the send direction is not reduced e 128 000 bps to 2 048 000 bps The data rate in the send direction is reduced to a maximum of 128 000 bps to 2 048 000 bps in defined steps e User defined The data rate is reduced to the value entered Teldat GmbH 11 Physical Interfaces Field Description in Maximum Upstream Bandwidth Maximum Upstream Only for Transmit Shaping User defined Bandwidth Enter the maximum data rate in the send direction in bits per second The menu Advanced Settings consists of the following fields Field
460. ms 1 1 Fig 214 Monitoring gt IPSec gt IPSec Tunnels Values in the IPSec Tunnels list Field Description Description Displays the name of the IPSec tunnel Remote IP Displays the IP address of the remote IPSec Peers Remote Networks Displays the currently negotiated subnets of the remote termin al Security Algorithm Displays the encryption algorithm of the IPSec tunnel Status Displays the operating status of the IPSec tunnel Action Enables you to change the status of the IPSec tunnel as dis played Details Opens a detailed statistics window You change the status of the IPSec tunnel by clicking the e button or the button in the Action column By clicking the P button you display detailed statistics on the IPSec connection 24 Monitoring Teldat GmbH IPSec Tunnels IPSec Statistics Automatic Refresh Interval 60 Seconds Apply General Description Peer 1 Local IP Address 0 0 0 0 Remote IP Address 0 0 0 0 Local ID Remote ID Negotiation Type Authentication Method MTU 1418 Alive Check Statistics In Out Packets 0 0 Bytes 0 0 Errors a D Messages 0 Fig 215 Monitoring gt IPSec gt IPSec Tunnels gt Values in the IPSec Tunnels list Field Description Description Shows the description of the peer Local IP Address Shows the WAN IP address of your device Remote IP Address Shows the WAN IP address of the connection partner Local ID Shows the ID of your device for this IPSec tunne
461. n Rogue Client MAC Ad Enter the MAC address of the client you intend to include in the dress static blacklist Network Name SSID Pick the wireless network you want to exclude the rogue client from 13 5 Maintenance This menu is used for the maintenance of your managed APs 13 5 1 Firmware Maintenance Firmware Maintenance Managed Access Points Update firmware Select all Location Device IP Address LAN MAC Address Firmware Version Status Deselect all Action Update system software v Source Location HTTP server v URL OK C Cancel Fig 76 Wireless LAN Controller gt Maintenance gt Firmware Maintenance In the Wireless LAN Controller gt Maintenance gt Firmware Maintenance menu a list of bintec Rxxx2 RTxxx2 Teldat GmbH 13 Wireless LAN Controller all Managed Access Points is displayed For each managed AP you will see an entry with the following parameter set Update firm ware Location Device IP Address LAN MAC Address Firmware Version Status Click the Select all button to select all of the entries for a firmware update Click the Deselect all button to disable all entries and to then select individual entries if required e g if there is a large number of entries and only individual APs are to be given software updates Possible values for Status Status Meaning Image already exists The software image already exists no update is required Error An error has occurred Running T
462. n loaded from the download areaSoftware amp Configuration on page 508 atww teldat de and installed on your device To do this proceed as described in Options on page 508 The settings you make with the GUI are applied with the OK or Apply button of the menu and you do not have to restart the device If you finish the configuration and want to save your settings so that they are loaded as the boot configuration when you reboot your device save these by clicking the Save configur ation button You can also use the GUI to monitor the most important function parameters of your device bintec Rxxx2 RTxxx2 Automatic Refresh Interval 60 Seconds O warning System Password not changed System Information Uptime 24 Day s 1 Hour s 57 Minute s System Date Tuesday 2000 Jan 25 06 12 32 Serial Number SR6AAA009400008 BOSS Version V 9 1 Rev 2 IPSec from 2012 07 27 00 00 00 Last configuration stored Sunday 2000 May 21 04 38 27 l Resource Information CPU Usage 0 Memory Usage 21 8 63 9 MByte 33 ISDN Usage External 0 2B Channels Active Sessions SIF RTP etc 0 Active IPSec Tunnels 0 0 Physical Interfaces ent 0 192 168 0 254 255 255 255 0 o ent 4 Not configured Not configured o VWLAN1 jor o bri 0 Not configured o ADSL 0 kbps Downstream o 0 kbps Upstream l WAN Interfaces Description Connection Inf
463. n Define whether the data of the selected Action are to be encrypted The function is activated by selecting Enabled The function is disabled by default If the function is enabled you can enter the Password in the text field Filename Only for Action Import configuration Import lan guage Update system software Enter the path and name of the file or select the file with Teldat GmbH 22 Maintenance Field Description Browse via the explorer finder Source Location Only for Action Update system software Select the source of the update Possible values e Local File default value The system software file is stored locally on your PC e HTTP Server The file is stored on a remote server specified in the URL e Current Software from Teldat Server The file is on the official Teldat update server URL Only for Source Location HTTP Server Enter the URL of the update server from which the system soft ware file is loaded Current File Name in Flash For Action Export configuration Select the configuration file to be exported Include certificates and keys For Action Export configuration Export configur ation with state information Define whether the selected Action should also be applied for certificates and keys The function is activated by selecting Enabled The function is enabled by default Source File Name Only for Action Copy configuration Select the source file to be cop
464. n Peer Peer Address FT on Fully Qualified Domain Name FADN Y Pen Internet Key Exchange IKEv1 v Preshared Key C 7 7 Interface Routes IP Address Assignment Static A Default Route Cl Enabled Local IP Address Mm Remote IP Address Netmask Metric Route Entries Additional Traffic Filter Additional Traffic Filter Advanced IPSec Options Phase 1 Profile Phase 2 Profile XAUTH Profile Number of Admitted Connections Start Mode Advanced IP Options A Add Description Protocol Sre IPiMask Port Dest IPMask Port d 4 Add Advanced Settings None use default profile v None use default profile v Select one v One User Multiple Users On Demand Always up Public Source IP Address Cl Enabled Back Route Verify ClEnabled Proxy ARP Inactive up or Dormant Up only C OK C Cancel __ fr Fig 130 VPN gt IPSec gt IPSec Peers gt New The menu VPN gt IPSec gt IPSec Peers gt New consists of the following fields Fields in the menu Peer Parameters Field Description Administrative Status Select the status to which you wish to set the peer after saving the peer configuration bintec Rxxx2 RTxxx2 18 VPN Teldat GmbH Field Description Possible values e Up default value The peer is available for setting up a tunnel immediately after saving the configuration e Down The peer is initially not available after the configuration has been saved Descript
465. n is not set up until someone actually wants to use the route e Up only Your device responds to an ARP request only if the status of the connection to the connection partner is Up i e a connection already exists to the connection partner Choose the 3 button to edit the configuration of the corresponding leased line for a PRI interface 17 WAN Teldat GmbH Interfaces Basic Parameters Description IP Mode and Routes Default Route Enabled Local IP Address Remote IP Address Netmask Metric Route Entries Add Advanced Settings LCP Alive Check Enabled Prioritize TCP ACK Packets Enabled Compression Onone Ostac Oms stac Omppc IP Options OSPF Mode OPassive Active O Inactive Proxy ARP Mode O Inactive Up or Dormant Up only OK Cancel Fig 127 WAN gt Leased Line gt Interfaces gt Autogenerated from PRI ISDN S2M gt g The WAN gt Leased Line gt Interfaces gt Autogenerated from PRI ISDN S2M gt menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the desired description for the connection Fields in the IP Mode and Routes menu Field Description Default Route Select whether the route to this connection partner is to be defined as the default route The function is enabled with Enabled The function is disabled by default Local IP Address Enter the IP address you received from your network op
466. n now launch the GUI for configuration by entering the IP address of your device 192 168 0 250 in a supported browser Internet Explorer 6 or later Mozilla Firefox 1 2 or later and entering the pre configured login information User admin Password admin 7 4 Modify system password All Teldat devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthorised use Make sure you change the passwords to prevent unauthorised access to your device 7 Basic configuration Teldat GmbH Proceed as follows a Go to the System Management gt Global Settings gt Passwords menu b Enter a new password for System Admin Password c Enter the new password again under Confirm Admin Password d Click OK e Store the configuration using the Save configuration button above the menu naviga tion Note the following rules on password use e The password must not be easy to guess Names car registration numbers dates of birth etc should not be chosen as passwords e The password should contain at least one character that is not a letter special character or number e The password should be at least 8 characters long e Change your password regularly e g every 90 days 7 5 Setting up an internet connection You can establish various types of internet connection with your device The most common configuration is described b
467. n of data e g MPPE In the ex works setting all external connections made and received via your PBX are recorded and stored in the form of connection data records Encapsulating Security Payload The Extended Service Set describes several BSS several access points that form a single logical wireless network A local network that connects all devices in the network PC print ers etc via a twisted pair or coaxial cable Glossary Ethernet connec tions Eumex Recovery Euro ISDN Eurofile transfer Exchange Exchange access right Extended redialling Extension Extension number Extension numbers range Fall Back Priority of the Internet provider entries Teldat GmbH The 4 connections are led equally through an internal switch Net work clients can be directly connected to the connection sockets The ports are designed as 100 BaseT full duplex autosensing auto MDIX upwardly compatible to 10 Base T Up to 4 SIP telephones or IP softclients with SIP standard can be directly connected to PCs with a network card If the power supply to the PBX cuts out while new firmware is being loaded the PBX functions are deleted Harmonised ISDN standardised within Europe based on signalling protocol DSS1 the introduction of which network operators in over 20 European countries have committed to Euro ISDN has been in troduced in Germany replacing the previous national system 1 TR6 Communication protocol f
468. n over the Internet With the IPSec Callback function and using a direct ISDN call to an IPSec peer with a dynamic IP address you can signal to this IPSec peer that you are online and waiting for the setup of an IPSec tunnel over the Internet If the called peer currently has no connection to the Internet the ISDN call causes a connection to be set up The identification of the caller from his or her ISDN number is enough information to initiate setting up a tunnel Teldat GmbH 11 Physical Interfaces e X 25 PAD X 25 PAD is used to provide a protocol converter which converts non packet oriented protocols to packet oriented communication protocols and vice versa Data terminal equipment sending or receiving data on a non data packet oriented basis can this be adapted in line with Datex P public data packet network based on the prin ciple of a packet switching exchange When a call comes in your device first uses the entries in this menu to check the type of call data or voice call and the called party number whereby only part of the called party number reaches the device which is forwarded from the local exchange or if available the PBX The call is then assigned to the corresponding service Note If no entry is specified ex works state every incoming ISDN call is accepted by the ISDN Login service To avoid this you should make the necessary entries here As soon as an entry exists the incoming calls not assigned to any entry
469. n partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the connection partner is Up or Dormant In the case of Idle your device only re sponds to the ARP request the connection is not set up until someone actually wants to use the route e Up only Your device responds to an ARP request only if the status of the connection to the connection partner is Up i e a connection already exists to the connection partner 17 1 6 IP Pools The IP Pools menu displays a list of all IP pools Your device can operate as a dynamic IP address server for PPP connections You can use this function by providing one or more pools of IP addresses These IP addresses can be assigned to dialling in connection partners for the duration of the connection Any host routes entered always have priority over IP addresses from the address pools This means that if an incoming call has been authenticated your device first checks whether a host route is entered in the routing table for this caller If not your device can al locate an IP address from an address pool if available If address pools have more than one IP address you cannot specify which connection partner receives which address The addresses are initially assigned in order If a new dial in takes place within an interval of one hour an attempt is made to allocate the same IP address that was assigned to this partner the previous time 17 1 6 1
470. n seconds that the gateway is to wait before try ing again after an unsuccessful attempt to call itself Possible values are 2 to 20 The default value is 5 21 10 UPnP Universal Plug and Play UPnP makes it possible to use current messenger services e g real time video audio conferencing as peer to peer communication where one of the peers lies behind a NAT enabled gateway UPnP enables mostly Windows based operating systems to take control of other devices with UPnP functionality on the local network These include gateways access points and print servers No special device drivers are needed as known common protocols are used such as TCP IP HTTP and XML Your gateway makes it possible to use the subsystem of the Internet Gateway Device IGD from the UPnP function range In a network behind a NAT enabled gateway the UPnP configured computers act as LAN UPnP clients To do this the UPnP function on the PC must be enabled The pre configured port used for UPnP communication between LAN UPnP clients and the gateway is 5678 The LAN UPnP client acts as a so called service control point i e it re cognizes and controls the UPnP devices on the network The ports assigned dynamically by for example MSN Messenger lie in the range from 21 Local Services Teldat GmbH 5004 to 65535 The ports are released internally to the gateway on demand i e when an audio video transfer is started in Messenger When the application i
471. n until an update flush or update acknowledge packet arrives The default value is 5 seconds 15 2 OSPF OSPF Open Shortest Path First is a dynamic routing protocol that is frequently used in larger networks as an alternative to RIP It was originally developed to avoid a number of limitations of RIP when used in larger networks The problems with RIP avoided by OSPF include e Reduced network load After a short initialization phase routing information is not sent periodically as with RIP but only changed routing information e Authentication Gateway authentication can be configured to increase the security when exchanging routing information e Routing Traffic Control Gateways can be combined to form areas to limit the traffic cre ated by exchanging routing information Teldat GmbH 15 Routing Protocols e Connection costs OSPF differs from RIP in that the connection costs are not calculated from the number of next hops but from the bandwidth of the respective transport medi um e No limitation of the number of hops The limitation of the maximum number of 16 hops for RIP does not exist for OSPF Although the OSPF protocol is considerably more complex than RIP the basic concept is the same i e OSPF also determines the best path for forwarding the packets in each case OSPF is an Interior Gateway Protocol that is used to distribute routing information within an autonomous system AS The Link State Updates are
472. nager User s Guide on DVD Installation poster Quick Install Guide and safety notices bintec Dime Manager User s Guide on DVD Installation poster Online documentation User s Guide Workshops Release Notes if re quired User s Guide Workshops Release Notes if re quired General product features bintec RT3002 bintec RT3502 User s Guide Workshops Release Notes if re quired Teldat GmbH 5 Technical data Property bintec RT3002 bintec RT3502 Dimensions and weights Equipment dimensions without cable B x H x D 19 housing 482 6 mm x 220 mm x 45 mm 19 housing 482 6 mm x 220 mm x 45 mm Weight approx 2 0 kg approx 2 0 kg Transport weight incl doc umentation cables pack aging approx 2 6 kg approx 2 6 kg Memory 64 MB RAM 64 MB RAM 16 MB flash ROM 16 MB flash ROM LEDs 17 1x Power 1x Status 5x2 Eth 17 1x Power 1x Status 5x2 Eth ernet 5x Function ernet 5x Function Power consumption of the device max 24 Watt typically 15 Watt max 24 Watt typically 15 Watt Voltage supply Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Environmental require ments Storage temperature 25 C to 70 C 25 C to 70 C Operating temperature 0 C to 40 C 0
473. nce Teldat GmbH You use the traceroute test to display the route to a particular address IP address or do main name if this can be reached The Outputfield displays the traceroute test messages The ping test is launched by entering the IP address to be tested in Traceroute Address and clicking the Go button 22 2 Software amp Configuration You can use this menu to manage the software version of your device your configuration files and the language of the GUI 22 2 1 Options Your device contains the version of the system software available at the time of production More recent versions may have since been released You may therefore need to carry out a software update Every new system software includes new features better performance and any necessary bugfixes from the previous version You can find the current system software at www teldat de The current documentation is also available here Important If you want to update your software make sure you consider the corresponding re lease notes These describe the changes implemented in the new system software The result of an interrupted update e g power failure during the update could be that your gateway no longer boots Do not turn your device off during the update An update of BOOTmonitor and or Logic is recommended in a few cases In this case the release notes refer expressly to this fact Only update BOOTmonitor or Logic if Teldat GmbH explicitly recommen
474. nced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Frozen Parameters Specify whether when data packets are subsequently sent the two parameters Destination Address and Destination Port must have the same value as the first data packet i e whether Teldat GmbH 14 Networking Field Description the subsequent data packets must be routed via the same Des tination Port to the same Destination Address The two parameters Destination Address and Destination Port are enabled by default If you leave the default setting Enabled for one or both para meters the value of the parameter concerned must be the same as in the first data packet with data packets sent sub sequently You can disable one or both parameters if you wish The Source IP Address parameter must always have the same value in data packets sent subsequently as it did in the first data packet So it cannot be disabled 14 4 QoS QoS Quality of Service makes it possible to distribute the available bandwidths effectively and intelligently Certain applications can be given preference and bandwidth reserved for them This is an advantage especially for time critical applications such as VoIP The QoS configuration consists of three parts e Creating IP filters e Classifying data e Prioritising data 14 4 1 QoS Filter In the Networking gt QoS gt QoS Filtermenu IP filters are configured The list also d
475. ncerned so neither are they able to log into a different radio cell in that VSS If a client needs to be blocked permanently this can be done in the Wireless LAN Controller gt Monitoring Rogue Clients menu The function is activated by selecting Enabled The function is activated by default Failed attempts per Time Enter the number of failed attempts that have to originate from a specific MAC address during a certain time for a blacklist entry to be created Default values are 10 failed attempts during 60 seconds Blacklist blocktime Enter the time for which an entry in the dynamic blacklist re mains valid Default value is 500 seconds Fields in the menu VLAN Teldat GmbH 13 Wireless LAN Controller Field Description VLAN Select whether the VLAN segmentation is to be used for this wireless network The function is activated by selecting Enabled The function is disabled by default VLAN ID Enter the number that identifies the VLAN Possible values are 2 to 4094 VLAN ID 1 is not possible as it is already in use 13 4 Monitoring This menu is used to monitor your WLAN infrastructure 13 4 1 Active Clients Active Clients Wireless Networks VSS Client Management Neighbor APs Rogue APs Rogue Clients Automatic Refresh Interval bo Seconds Apply View 20 per page Fitter in None v equal v Go Location Slave AP Name SS Client MAC Client IP Address Signal Noise dBm Status Uptime Page 1
476. nd intelligently Certain applications can be given preference and bandwidth re served for them A list of all QoS rules is displayed in the Firewall gt Policies gt QoS menu 19 1 2 1 New Choose the New button to set up new QoS rules Filter Rules QoS Options Configure QoS Interface Interface Selectone Y Traffic Shaping Enabled Filter Rules Source Destination Service Priority Use Bandwidth Bit s Bounded oK Cancel Fig 148 Firewall gt Policies gt QoS gt New The Firewall gt Policies gt QoS gt New menu consists of the following fields Fields in the Configure QoS Interface menu Field Description Interface Select the interface on which bandwidth management is to be carried out Traffic Shaping Select whether you want to activate bandwidth management for the selected interface The function is enabled with Enabled The function is disabled by default Specify bandwidth Only for Traffic Shaping Enabled Enter the maximum available bandwidth in kbps for the selected interface Teldat GmbH 19 Firewall Field Description Filter Rules This field contains a list of all configured firewall policies for which QoS was activated Apply QoS Enabled The follow ing options are available for each list entry e Use Select whether this entry should be assigned to the QoS interface The option is deactivated by default e Bandwidth Enter the maximum available bandwidth in Bit s
477. nd is preconfigured with the IP Address 192 168 0 254 and Netmask 255 255 255 0 The logical Ethernet interface en 1 4 is assigned to the ETH5 port and is not precon figured Note To ensure your device can be reached when splitting ports make sure that Ethernet interface en1 0 is assigned with the preconfigured IP address and netmask to a port that can be reached via Ethernet If in doubt carry out the configuration using a serial connection via the Console interface ETH1 ETH4 The interfaces can be used separately They are logically separated from each other each separated port is assigned the desired logical Ethernet interface in the Ethernet Interface Selection field of the Port Configuration menu For each assigned Ethernet interface an other interface is displayed in the list in the LAN gt IP Configuration menu and the inter face can be confugred completely independently ETH5 By default the logical Ethernet interface en 1 4 is assigned to the ETH5 port The configur ation options are the same as those for the ports ETH1 ETH4 Teldat GmbH 11 Physical Interfaces VLANs for Routing Interfaces Configure VLANs to separate individual network segments from each other for example e g individual departments of a company or to reserve bandwidth for individual VLANs when managed switches are used with the QoS function 11 2 1 Port Configuration Port Separation Your device makes it possible to run the swi
478. nded ADSL2 READSL2 DELT Reach Extended ADSL2 Double Ended Line Test NDS HO E9923 Baines M Teldat GmbH 11 Physical Interfaces Field Description e ADSL2 ITU T G 992 5 Annex M O WoSin se E IIS i O MOS MIWKHL E9930 52 Fields in the Current Line Speed menu Field Description Downstream Displays the data rate in the receive direction direction from CO DSLAM to CPE router in bits per second The value cannot be changed Upstream Displays the data rate in the send direction direction from CPE router to CO DSLAM in bits per second The value cannot be changed Fields in the DSL Parameter menu Field Description DSL Mode Only for devices with an ADSL modem bintec R3002 bintec RT3002 Define which Annex of ITU T Recommendation G 991 2 is used for the connection Possible values e Annex A For applications in North America provider dependent e Annex B default value For applications in Europe provider dependent for example Only for devices with a VDSL modem bintec R3502 Select the DSL Mode Possible values e Inactive The VDSL interface is not active e ETSI T1 413 ETSIT1 413 e ADSL1 ADSL1 G DMT is used e ADSL Automode The ADSL mode is automatically adapted 11 Physical Interfaces Teldat GmbH Field Description for the remote terminal e ADSL2 ADSL2 G 992 3 is used e ADSL2 Plus ADSL2 Plus G 992 5 is used e VDSL default value VDSL is used e VDSL ADSL Multi
479. nected based A virtual connection is used for data transmission that negotiates between the transmitter and recipient or is configured on both sides This determines the route that the data should take for example Multiple virtual connections can be set up over a single physical interface 17 WAN Teldat GmbH The data is transmitted in so called cells or slots of constant size Each cell consists of 48 bytes of usage data and 5 bytes of control information The control information contains amongst other things the ATM address which is similar to the Internet address The ATM address is made up of the Virtual Path Identifier VPI and the Virtual Connection Identifier VCI this identifies the virtual connection Various types of traffic flows are transported over ATM To take account of the various de mands of these traffic flows on the networks e g in terms of cell loss and delay time suit able values can be defined using the service categories Uncompressed video data for ex ample requires different parameters to time uncritical data In ATM networks Quality of Service QoS is available i e the size of various network para meters such as bit rate delay and jitter can be guaranteed OAM Operation Administration and Maintenance is used to monitor the data transmission in ATM OAM includes configuration management error management and performance measurement 17 2 1 Profiles A list of all ATM profiles is displayed in th
480. nection of apter your PBX If a door intercom DoorLine is connected to your PBX via a function module you can speak with a visitor at the door via every authorised telephone You can assign particular telephones to each ring button These phones then ring if the ring button is pressed On analogue telephones the signal on the telephone matches the intercom call In place of the internal telephones an ex ternal telephone can also be configured as the call destination for Glossary Dotted Decimal Notation Download Downstream DSA DSS DSL and ISDN con nections DSL modem DSL splitter DSL xDSL DSS1 DSSS DTE Teldat GmbH the ring button Your door intercom can have up to 4 ring buttons The door opener can be pressed during an intercom call It is not possible activate the door opener if an intercom call is not taking place The syntactic representation of a 32 bit whole number written in four 8 bit numbers in decimal form and subdivided by a point It is used to represent IP addresses on the Internet e g 192 67 67 20 Data transfer during online connections where files are loaded from a PC or data network server to the user s own PC PBX or ter minal so that they can be used there Data transmission rate from the ISP to the customer Digital Signature Algorithm Digital Signature Standard Data is transferred between the Internet and your PBX over ISDN or T DSL The PBX determines the remote termina
481. new configuration is transferred to the PBX Direct dial in Performance feature of larger PBXs at the point to point connection The extensions can be called directly from outside Direct dialling range See Extension numbers range DISA Direct Inward System Access Display and output In the configuration it is possible to define storage of data records of connection data for specific terminals or all terminals In the ex works setting all in coming external connections and all external calls you make are stored Display of caller s A suitable telephone is a prerequisite for this feature Transmission number of the telephone number must be permitted by the caller DLCI In a Frame Relay network a DLCI uniquely describes a virtual con nection Note that a DLCI is only relevant for the local end of the point to point connection DMZ Demilitarised Zone DNS Domain Name System Do not disturb Station guarding DOI Domain of Interpretation Domain A domain refers to a logical group of devices in a network On the Internet this is part of a naming hierarchy e g bintec de Door intercom Door intercom device It can be connected to various PBXs A tele phone can be used to take an intercom call and open the door Door intercom on An analogue connection can be set up for connected of function analogue connection module MO6 to connect a DoorLine intercom system Door terminal ad The function module can be installed on an analogue con
482. ng Method en1 0 Yes Info mi Page 1 Items 1 1 New Fig 93 Networking gt Access Rules gt Interface Assignment 14 5 3 1 Edit or New Choose the i icon to edit existing entries Choose the New button to configure additional assignments Access Filter Rule Chains Interface Assignment Basic Parameters Interface Select one Y Rule Chain Selectone v Silent Deny MEnabled Reporting Method J info v OK Cancel Fig 94 Networking gt Access Rules gt Interface Assignment gt New The Networking gt Access Rules gt Interface Assignment gt New menu consists of the fol lowing fields Fields in the Basic Parameters menu Field Description Interface Select the interface for which a configured rule chain is to be as signed Rule Chain Select a rule chain Silent Deny Define whether the sender is to be informed if an IP packet is denied e Enabled default value The sender is not informed bintec Rxxx2 RTxxx2 Teldat GmbH 14 Networking Field Description e Disabled The sender receives an ICMP message Reporting Method Define whether a syslog message is to be generated if a packet is denied Possible values e No report No syslog message e Info default value A syslog message is generated with the protocol number source IP address and source port number e Dump A syslog message is generated with the contents of the first 64 bytes of the denied packet 14 6 Drop In Drop
483. ng to the Distribution Ratio em ployed e For Session Round Robin is based on the number of distrib uted sessions e For Load dependent Bandwidth the data rate is the de cisive factor The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Route Selector The Route Selector parameter is an additional criterion to help define a load balancing group more precisely Here routing in formation is added to the interface entry within a load balan cing group The route selector is required in certain scenarios to enable the IP sessions managed by the router to be balanced uniquely for each load balancing group The following rules ap ply when using the parameter e If an interface is only assigned to one load balancing group it is not necessary to configure the route selector e lf an interface is assigned to multiple load balancing groups configuration of the route selector is essential e The route selector must be configured identically for all inter face entries within a load balancing group Select the Destination IP Address of the desired route Teldat GmbH 14 Networking Field Description You can choose between all routes and all extended routes Tracking IP Address You can use the Tracking IP Address parameter to have a particular route monitored The load balancing status of the interface and the status of the routes connected to the interface
484. nnec bus parking tion to be reconnected to another ISDN socket during the telephone call bintec Rxxx2 RTxxx2 Teldat GmbH Glossary Recording telephone Performance feature of an answering machine Enables a conversa calls Remote Remote access Remote CAPI tion to be recorded during the telephone call Remote as opposed to local Opposite to local access see Remote bintec s own interface for CAPI Remote diagnosis re Some terminals and PBXs are supported and maintained by T mote maintenance Remote query Repeater Reset RFC Rijndael AES RIP RipeMD 160 RJ45 Roaming Room monitoring acoustic Service support offices over the telephone line which often means a service engineer does not have to visit the site Answering machine function Involves listening to messages re motely usually in connection with other options such as deleting messages or changing recorded messages A device that transmits electrical signals from one cable connection to another without making routing decisions or carrying out packet filtering See Bridge and Router Resetting the device enables you to return your system to a pre defined initial state This may be necessary if you have made incor rect configuration settings or the device is to be reprogrammed Specifications proposals ideas and guidelines relating to the Inter net are published in the form of RFCs request for comments Ri
485. ns mit data packets using MAC addresses Data transmission is transparent which means the information contained in the data packets is not interpreted With routing different networks are connected at layer 3 network layer of the OSI model and information is routed from one network to the other Conventions for port interface names If your device has a radio port it receives the interface name WLAN If there are several ra dio modules the names of wireless ports in the user interface of your device are made up of the following parts Teldat GmbH 10 System Management a WLAN b Number of the physical port 1 or 2 Example WLAN1 The name of the Ethernet port is made up of the following parts a ETH b Number of the port Example ETH1 The name of the interface connected to an Ethernet port is made up of the following parts a Abbreviation for interface type whereby en stands for internet b Number of the Ethernet port c Number of the interface Example en1 0 first interface on the first Ethernet port The name of the bridge group is made up of the following parts a Abbreviation for interface type whereby br stands for bridge group b Number of the bridge group Example bro first bridge group The name of the wireless network VSS is made up of the following parts Abbreviation for interface type whereby vss stands for wireless network a Number of the wireless module b Number of the i
486. nt You do this you enable either Service Login ISDN Web Access or Service Call Ticket SSH Web Access depending on the service you require and select the OK button Follow the instructions given by Telekom s Customer Service The menu Advanced Settings consists of the following fields Fields in the menu Advanced Settings Field Description Restore Default Set Only when you make changes to the administrative access con tings figuration are relevant access rules set up and activated You can restore the default settings with the icon 10 4 1 1 Add Select the Add button to configure administrative access for additional interfaces Access SSH SNMP Interface OK Cancel Fig 37 System Management gt Administrative Access gt Access gt Add The System Management gt Administrative Access gt Access gt Add menu consists of the following fields Fields in the menu Access Field Description Interface Select the interface for which administrative access is to be con figured 10 4 2 SSH Your devices offers encrypted access to the shell You can enable or disable this access in the System Management gt Administrative Access gt SSH Enabled menu standard value You can also access the options for configuring the SSH login Access SSH SNMP SSH Secure Shell Parameters SSH service active Enabled SSH Port pa Maximurn number of concurrent connections Authentication and Encryption Parameters
487. nt with the primary IP address as source of the IP packet VRRP Advertisement A keepalive that sends the master to the backup gateway to in dicate his reachability Virtual Router Master The VRRP router that takes over forwarding the packets that have been sent to the IP addresses associated with the virtual router It is also responsible for answering ARP Address Res olution Protocol requests for these IP addresses Virtual Router Backup The group of VRRP routers that take over responsibility for for warding the packets if the master fails In backup status these VRRP routers are inactive i e they do not respond to any ARP requests 21 12 1 Virtual Routers When using a route redundancy protocol multiple routers are combined into a logical unit The router redundancy protocol BRRP manages the routes involved and organises these as follows It ensures that only one routers within the logical connection is active It guarantees that if the active route fails another router takes over the function of the failed device The time that each router is active is determined by the priority assigned to the router Let us take the example of a simple scenario in which gateway A provides Internet access for the hosts in a LAN If this gateway fails all hosts cannot access the Internet and their routes are configured statically To allow the hosts continued access to the Internet gate way B offers all hosts in the LAN t
488. nter the recipient s e mail address The entry is limited to 40 characters Message Compression Select whether the text in the alert E mail is to be shortened The e mail then contains the syslog message only once plus the number of relevant events Enable or disable the field The function is enabled by default Subject You can enter a subject Event This feature is available only for devices with Wireless LAN Controller Select the event to trigger an email notification Possible values e Syslog contains string default value A Syslog mes sage includes a specific string e New Neighbor AP found A new adjacent AP has been found e New Rogue AP found A new Rough AP has been found i e an AP using an SSID of its own network yet is not a com ponent of this network e New Slave AP WTP found A new unconfigured AP has reported to the WLAN e Managed AP offline A managed AP is no longer access ible Matching String You must enter a Matching String This must occur in a syslog message as a necessary condition for triggering an alert The entry is limited to 55 characters Bear in mind that without the use of wildcards e g only those strings that correspond exactly to the entry fulfil the condition The Matching String 23 External Reporting Teldat GmbH Field Description entered therefore usually contains wildcards To be informed of all syslog messages of the selected level just enter
489. nterface Example vss1 0 first wireless network on the first wireless module The name of the WDS link or bridge link is made up of the following parts a Abbreviation for interface type b Number of the wireless module on which the WDS link or bridge link is configured c Number of the WDS link or bridge link Example wds1 0 first WDS link or bridge link on the first wireless module The name of the client link is made up of the following parts a Abbreviation for interface type b Number of the wireless module on which the client link is configured c Number of the client link 10 System Management Teldat GmbH Example sta1 0 first client link on the first wireless module The name of the virtual interface connected to an Ethernet port is made up of the following parts a Abbreviation for interface type b Number of the Ethernet port c Number of the interface connected to the Ethernet port d Number of the virtual interface Example en1 0 1 first virtual interface based on the first interface on the first Ethernet port 10 3 1 Interfaces You define separately whether each interface is to operate in routing or bridging mode If you want to set bridging mode you can either use existing bridge groups or create a new bridge group The default setting for all existing interfaces is routing mode When selecting the option New Bridge Group for Mode Bridge Group a bridge group i e br0 br1 etc is a
490. nterface over which the neighbor gateway was identified State The OSPF status with this neighbor gateway can have the fol Teldat GmbH 24 Monitoring Field Description lowing values e Down The connection to this OSPF neighbor is inactive e Init The initial phase A HELLO packet is received from the neighbor e Bidirectional Bidirectional communication with the neighbor The HELLO packets sent are accepted by the neighbor gateway with correct parameters e Start Exchange The exchange of Database Description packets between the gateways has started e Exchange Active exchange of Database Description packets with the neighbor Loading The gateway now exchanges Link State Advertise ments with the neighbor e Complete The Link State Databases of the gateway and its neighbor are now synchronized The headers of all Link State Advertisements LSA are listed in the section for the Link State Database Values in the OSPF Link State Database list Field Description Area Indicates the area database to which the LSA is assigned Type Indicates the LSA type There are five LSA types Router Link Network Link Summary Link Summary ASBR and AS Extern al Link State ID The Link State ID of the LSA The meaning of the Link State ID depends on the type of advertisement Router ID Identifies the gateway that has generated this LSA Sequence Age The age of the LSA in seconds 24 8 2 Statistics In the M
491. nterfaces 21 8 3 Temperature Devices from the WI series are fitted with a temperature sensor This is located on the main board under the first WLAN card The sensor measures the current temperature Its measurement range is from 55 to 125 C with an accuracy of less than 1 C In addition the minimum and maximum temperatures reached are shown together with the times at which they were reached These values are cleared and refilled upon rebooting the device Lower and upper limits are set for the temperature by default overstepping these sets an alert variable and generates a syslog message The values are updated every 10 seconds The temperature limits are configured in the Local Services gt Surveillance gt Temperature menu You can link the overstepping of a limit value with an action 21 8 3 1 Edit or New Choose the i icon to edit existing entries Choose the New button to configure new limits and actions Hosts Interfaces Temperature Ping Generator Basic Parameters Trigger Temperature above w C Action Enable v Interface Relay v OK C Cancel __ Fig 189 Local Services gt Surveillance gt Temperature gt New Fields in the Basic Parameters menu Field Description Trigger Enter here the temperature limit value min max Possible values e Temperature above e Temperature below Action Select the desired action Possible values e Enable default value e Disable Interfac
492. nto account Possible values e Established All TCP packets that would not open any new TCP connection on routing over the gateway match the filter e Any default value All TCP packets match the filter Destination IP Ad Enter the destination IP address of the data packets and the dress Netmask corresponding netmask Destination Port Range Only for Protocol TCP or UDP Enter a destination port number or a range of destination port numbers Possible values e A11 default value The destination port is not specified e Specify port Enter a destination port e Specify port range Enter a destination port range Source IP Address Enter the source IP address of the data packets and the corres Netmask ponding netmask Only for Protocol TCP or UDP Source Port Range Enter a source port number or a range of source port numbers Possible values e A11 default value The destination port is not specified e Specify port Enter a destination port e Specify port range Enter a destination port range 14 Networking Teldat GmbH Field Description DSCP TOS Filter Select the Type of Service TOS Layer 3 Possible values e Ignore default value The type of service is ignored e DSCP Binary Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in binary format 6 bit e DSCP Decimal Value Differentiated Services Code Point accord
493. nu Teldat GmbH 21 Local Services Field Description The default value is DynDNS Enable update Select whether the DynDNS entry configured here is to be activ ated The function is activated by selecting Enabled The function is disabled by default The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Mail Exchanger MX Enter the full host name of a mail server to which e mails are to be forwarded if the host currently configured is not to receive mail Ask your provider about this forwarding service and make sure e mails can be received from the host entered as MX Wildcard Select whether forwarding of all subdomains of the Host Name is to be enabled for the current IP address of the Interface advanced name resolution The function is activated by selecting Enabled The function is disabled by default 21 3 2 DynDNS Provider A list of all configured DynDNS providers is displayed in the Local Services gt DynDNS Cli ent gt DynDNS Provider menu 21 3 2 1 New Choose the New button to set up new DynDNS providers 21 Local Services Basic Parameters Provider Name Server Update Path Port Protocol Update Interval Teldat GmbH DynDNS Update DynDNS Provider 80 DynDNS v 300 Seconds oK Cancel Fig 173 Local Services gt DynDNS Client gt DynDNS Provider gt New The menu Local Services gt DynDNS Client gt DynDNS Pr
494. o Point Encryption MAC Service Data Unit a data packet that ignores fragmentation in the WLAN Multiple subscriber number See SSID Maximum Transmission Unit A specific form of broadcast in which a message is simultaneously transmitted to a defined user group Multiple subscriber number A gateway that can route several protocols e g IP X 25 etc Music on hold MoH Your PBX has two internal music on hold melodies On delivery in ternal melody 1 is active You can choose between melody 1 or 2 or deactivate the music on hold Music on hold MoH Performance feature of a PBX During an inquiry or call forwarding MWI NAT NDIS WAN Net surfing a melody is played that the waiting subscriber hears On your PBX you can choose between two internal melodies Transmission of a voice message from a mailbox e g T NetBox or MailBox to a terminal The receipt of the message on the terminal is signalled e g by a LED Network Address Translation NDIS WAN is a Microsoft enhancement of this standards in relation to wide area networking WAN The NDIS WAN CAPI driver per mits the use of the ISDN controller as a WAN card The NDIS WAN driver enables the use of a DCN network on Windows NDIS is the abbreviation for Network Device Interface Specification and is a standard for the connection of network cards hardware to network protocols software A journey of discovery for interesting information in wide ranging da
495. o connect the interfaces BRI 3 and BRI 4 to each other This can guarantee the power supply for a terminal on an BRI interface switched to internal mode in the event that your device is switched off or the power supply fails For example an external SO can be placed on an internal SO In this case an idle relay loops through from external SO to in ternal SO and so creates an emergency supply for the internal SO bus telephone Warning Always remove the power cord before opening the device This is the only way of en suring that the internal mains unit is completely dead If you do not remove the power cord there is a risk of injury or death Note that the device should only be opened by trained service personnel To carry out the switch proceed as follows Unscrew the two screws on the back of the device and slide the cover upwards The link plugs for the BRI 1 and BRI 2 interfaces can be found on all devices on the main PCB behind the terminal block 50 T i fey J2P JP OO ii JOM JM BRI 1 BRI 2 lore ES ooo Insert the link plugs for interfaces BRI 1 and BRI 2 as shown in the following figure ISDN Mode Switch Power for internal BRI intern extern f int ext OO Oo oo oo OO JOO fete 00 OO 00 OO 00 OO OO OO OO OO 00 JOM J1M BRI 4 BRI 2 connectors Use Interface Link plug area
496. o set up new interface groups Groups Basic Parameters Description Members 4 OK C cancel Fig 150 Firewall gt Interfaces gt Groups gt New The menu Firewall gt Interfaces gt Groups gt New consists of the following fields Fields in the Basic Parameters menu bintec Rxxx2 RTxxx2 19 Firewall Teldat GmbH Field Description Description Enter the desired description of the interface group Members Select the members of the group from the available interfaces To do this activate the field in the Selection column 19 3 Addresses 19 3 1 Address List A list of all configured addresses is displayed in the Firewall gt Addresses gt Address List menu 19 3 1 1 New Choose the New button to create additional addresses Address List Groups Basic Parameters Description Address Type Address Subnet Address Range Address Subnet y oK Cancel Fig 151 Firewall gt Addresses gt Address List gt New The menu Firewall gt Addresses gt Address List gt New consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the desired description of the address Address Type Select the type of address you want to specify Possible values e Address Subnet default value Enter an IP address with subnet mask Teldat GmbH 19 Firewall Field Description e Address Range Enter an IP address range with a start and end address Ad
497. ode is to be used to send the MAC addresses of network components Possible values e Transparent default value ARP packets and IP packets belonging to the drop in network are routed transparently unchanged e Proxy ARP packets and IP packets related to the drop in network are forwarded with the MAC address of the corres ponding interface Network Configuration Select how an IP address is assigned to the routers of the Drop In group Possible values e Static default value Teldat GmbH 14 Networking Field Description DECO Network Address Only for Network Configuration Static Enter the network address of the Drop In network Netmask Only for Network Configuration Static Enter the corresponding netmask Local IP Address Only for Network Configuration Static Enter the local IP address This IP address must be identical for all the Ethernet ports in a network DHCP Client on Inter Only for Network Configuration DHCP face Here you can select an Ethernet interface on your router which is to act as the DHCP client You need this setting for example if your provider s router is being used as the DHCP server You can choose from the interfaces available to your device however the interface must be a member of the drop in group ARP Lifetime Determines the time period for which the ARP entries will be held in the cache The default value is 3600 seconds DNS assignment via The gateway
498. of the first LAN interface is used Field Description e Single Host The UDP packets are sent to the IP address entered in the adjacent input field Update Interval Enter the update interval in seconds Possible values are 0 to 60 The default value is 5 UDP Destination Port Enter the port number for the Windows application Activity Monitor The default value is 2107 registered by IANA Internet As signed Numbers Authority Password Enter the password for the Activity Monitor bintec Rxxx2 RTxxx2 Chapter 24 Monitoring This menu contains information that enable you to locate problems in your network and monitor activities e g at your device s WAN interface 24 1 Internal Log 24 1 1 System Messages In the Monitoring gt Internal Log gt System Messages menu a list of all internally stored system messages is displayed Above the table you will find the configured vales for the Maximum Number of Syslog Entries and Maximum Message Level of Syslog Entries fields These values can be changed in the System Management gt Global Settings gt System menu System Messages Automatic Refresh interval 50 Seconds Apply _ Maximum Number of Syslog Entries 50 Maximum Message Level of Syslog Entries Information View 20 per page Fitter in None equal y Go No Date Time Level Subsystem Message 1 2005 01 12 22 39 28 Alert Configuration NCI Alert f Incitappiloopobj cpp 628 ERROR
499. ol Any v Internet Ke Interface Ro Source IP AddressiNetmask Network v IP Address Destination IP Address Netmask Network v Default Ro gt 7 C Apply 2 Cancel Local IP Ad gt rr Metric 1 amp Additional Traffic Fitter Description Protocol Src IP Mask Port Dest IP Mask Port Add Additional Traffic Filter Advanced Settings OK Cancel Fig 131 VPN gt IPSec gt IPSec Peers gt New gt Add Fields in the menu Basic Parameters Field Description Description Enter a description for the filter Protocol Select a protocol The Any option default value matches any protocol Source IP Address Enter if required the source IP address and netmask of the Netmask data packets Source Port bintec Rxxx2 RTxxx2 Possible values e Any e Host Enter the IP address of the host e Network default value Enter the network address and the related netmask Only for Protocol TCP or UDP Enter the source port of the data packets The default setting 18 VPN Teldat GmbH Field Description A11 1 means that the port is not specified Destination IP Ad Enter the destination IP address and corresponding netmask of dress Netmask the data packets Destination Port Only for Protocol TCP or UDP Enter the destination port of the data packets The default set ting Al1 1 means that the port is not specified The menu Advanced Settings consists of the following fields Fields in the
500. omatic Refresh Interval 300 Seconds DSL Port Status DSL Chipset Globespan Titanium Ultra Plus Physical Connection Unknown Current Line Speed Downstream 0 bps Upstream 0 bps DSL Parameter DSL Mode O Amex A Annex B DSL SyneType ADSL Automode Y Transmit Shaping Default Line Speed Y 4 oK C Cancel Fig 54 ADSL modem Physical Interfaces gt DSL Modem gt DSL Configuration bintec Rxxx2 RTxxx2 11 Physical Interfaces Teldat GmbH VDSL Configuration Automatic Refresh Interval jpo Seconds Apply DSL Port Status DSL Chipset Infineon Vinax Physical Connection Unknown Current Line Speed Downstream 0 bps Upstream 0 bps DSL Parameter DSL Mode Transmit Shaping WDSL v OK Cancel Fig 55 VDSL modem Physical Interfaces gt DSL Modem gt DSL Configuration The menu Physical Interfaces gt DSL Modem gt DSL Configuration consists of the follow ing fields Fields in the DSL Port Status menu Field Description DSL Chipset Shows the key of the installed chipset Physical Connection Shows the current DSL operation mode The value cannot be changed Possible values Unknown The ADSL link is not active ANSI T1 413 ANSI 11 413 ADSL1 ADSL classic G DMT ITU G 992 1 G lite G992 2 Splitterless ADSL ITU G 992 2 ADSL2 G DMT Bis ITU G 992 3 ADSL2 DELT ADSL2 Double Ended Line Test ADSL2 Plus ADSL2 Plus ITU G 992 5 ADSL2 Plus DELT ADSL2 Plus Double Ended Line Test READSL2 Reach Exte
501. on DVD Quick Install Guide and safety notices printed ISDN BRI cable User s Guide on DVD Serial cable bintec Dime Manager Network cable User s Guide on DVD 19 inch installation kit Release Notes if required 4x rubber feet self adhesive Installation poster printed 5 2 General Product Features The general product features cover performance features and the technical prerequisites for installation and operation of your device General product features bintec R1202 bintec RT1202 bintec Rxxx2 RTxxx2 5 Technical data Teldat GmbH Property bintec R1202 bintec RT1202 Dimensions and weights Equipment dimensions without cable B x H x D 19 housing 482 6 mm x 220 mm x 45 mm 19 housing 482 6 mm x 220 mm x 45 mm Weight approx 2 0 kg approx 2 0 kg Transport weight incl doc umentation cables pack aging approx 2 6 kg approx 2 6 kg Memory 64 MB RAM 64 MB RAM 16 MB flash ROM 16 MB flash ROM LEDs 13 1x Power 1x Status 5x2 Eth 14 1x Power 1x Status 5x2 Eth ernet 1x Function ernet 2x Function Power consumption of the device max 15 Watt normally 13 Watt max 15 Watt normally 13 Watt Voltage supply Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Voltage Range 85 264 V AC Frequency Range 47 63 Hz Efficiency Typ 79 Environmental require ments
502. on is enabled with Enabled The function is disabled by default If the function is not activated the times defined in RFC are re tained for the timeouts Fields in the Timer for RIP V2 RFC 2453 menu Field Description Update Timer Only for RFC 2453 Variable Timer Enabled An RIP update is sent on expiry of this period of time The default value is 30 seconds Route Timeout Only for RFC 2453 Variable Timer Enabled After the last update of a route the route time is active After timeout the route is deactivated and the Garbage Collec tion Timer is started The default value is 180 seconds 15 Routing Protocols Teldat GmbH Field Description Garbage Collection Only for RFC 2453 Variable Timer Enabled Timer The Garbage Collection Timer is started as soon as the route timeout has expired After this timeout the invalid route is deleted from the IPROUTETABLE if no update is carried out for the route The default value is 120 seconds Fields in the Timer for Triggered RIP RFC 2091 menu Field Description Hold Down Timer Only for RFC 2091 Variable Timer Enabled The hold down timer is activated as soon as your device re ceives an unreachable route metric 16 The route may deleted once this period has elapsed The default value is 120 seconds Retransmission Timer Only for RFC 2091 Variable Timer Enabled After this timeout update request or update response packets are sent agai
503. onitoring OSPF Statistics menu current values and activities are displayed 24 Monitoring Teldat GmbH Status Statistics Received Hello Messages Sent Hello Messages Received Database Description Packets Sent Database Description Packets Received Link State Acknowledge Packets Sent Link State Acknowledge Packets Received Link State Request Packets Sent Link State Request Packets Received Link State Update Packets Sent Link State Update Packets Routing table updates caused by Summary Links Advertisements 20 000 000 00000000 Routing table updates caused by External Advertisements Fig 225 Monitoring OSPF Statistics Values in the Statistics list Field Description Received Hello Mes Displays the number of Hello packets received sages Sent Hello Messages Displays the number of Hello packets sent Received Database De Displays the number of received databank entries scription Packets Sent Database De Displays the number of sent databank entries scription Packets Received Link State Displays the number of Link State Acknowlede packets re Acknowledge Packets ceived Sent Link State Ac Displays the number of Link State Acknowlede packets sent knowledge Packets Received Link State Displays the number of Link State Request packets received Request Packets Sent Link State Re Displays the number of Link State Request packets sent quest Packets Received Link State Displays the number of Link State Update p
504. onitoring Teldat GmbH Field Description Designated Router Shows the IP address of the designated router The designated router generates network links and distributes these to all gateways within the BMA network BMA Broad cast Multi Access Network e g Ethernet FDDI Tokenring A designated router is not shown for non BMA networks e g X 25 Frame Relay ATM Backup Designated Shows the IP address of the backup designated router Router Admin Status Shows the OSPF Admin Status active or passive of the interface State The OSPF status of the interface displayed here can take on the following values e Down OSPF is not running on this interface e Waiting The initial phase of the OSPF in which the DR and BDR are determined e Point to point The interface is a point to point interface DR or BDR are not shown e Designated Router The gateway is the designated router within the BMA network e Designated Router Backup The gateway is the backup designated router within the BMA network e Other Designated Router Another gateway is desig nated router or backup designated router within the BMA net work The Neighbor section lists the neighbor gateways that have been identified via the HELLO protocol Values in the OSPF Neighbors list Field Description Neighbor Shows the IP address of the neighbor gateway Router ID Shows the system wide router ID of the neighbor gateway Interface Indicates the i
505. onnection is expec ted e g such as an affiliated connection of an existing connection the packet is allowed The sequence of filter rules in the list is relevant The filter rules are applied to each packet in succession until a rule matches If overlapping occurs i e more than one filter rule matches a packet only the first rule is executed This means that if the first rule denies a packet whereas a later rule allows it the packet is rejected A deny rule also has no effect if a relevant packet has previously been allowed by another filter rule A list of all configured filter rules is displayed in the Firewall gt Policies gt Filter Rules menu Order Source vice ce 1 4 New D 4 OK C Cancel_ Fig 146 Firewall gt Policies gt Filter Rules You can use the button to insert another policy above the list entry The configuration menu for creating a new policy opens You can use the 4 button to move the list entry A dialog box opens in which you can se lect the position to which the policy is to be moved 19 1 1 1 New Choose the New button to create additional parameters Qos options Basic Parameters 7 Source o INTERFACE ALIASES Y Destination INTERFACE ALIASES vw Sece SERVICES y Action Access Y Apply QoS l Denablea C OK D4 Cancel Fig 147 F
506. ons e a method based on policies and a method based on routing The policy based method can only be configured using the Setup tool With the GUI you use the routing based method The routing based method is also available using the Setup tool Teldat GmbH 18 VPN The policy based method uses data traffic filters to negotiate the IPSec phase 2 SAs This allows for a very fine grained filter to be applied to the IP packet even at the level of the protocol and the port The routing based method offers various advantages over the policy based method e g NAT PAT within a tunnel IPSec in combination with routing protocols and the creation of VPN backup scenarios With the routing based method the configured or dynamically learned routes are used to negotiate the IPSec phase 2 SAs Although this method doe simplify many configurations problems may also be caused by competing routes or the coarser filtering of data traffic The Additional Traffic Filter parameter fixes this problem You can apply a finer filter i e you can enter the source IP address or the source port If a Additional Traffic Filter is configured this is used to negotiate the IPSec phase 2 SAs the route now only determines which data traffic is to be routed If an IP packet does not match the defined Additional Traffic Filter it is rejected If an IP packet meets the requirements in an Additional Traffic Filter IPSec phase 2 ne gotiation begins and
507. ontroller e WLC VSS State Only for devices with Wireless LAN Con troller The status of a wireless network is modified Event List Select the event list you want which has been created in Local Services gt Scheduling gt Trigger Event List Condition For the selected chains of events select how many of the con figured events must occur for the operation to be initiated Possible values e Ali default value The operation is initiated if all events oc cur e One The operation is initiated if a single event occurs e None The operation is initiated if none of the events occurs e One not The operation is initiated if one of the events does not occur Reboot device after Only if Command Type Reboot Enter the timespan in seconds that must elapse after occur rence of the event until the device is restarted The default value is 60 seconds MIB SNMP Variable to add edit Only if Command Type MIB SNMP Select the MIB table in which the MIB variable whose value shall be changed is saved First select the System then the MIB Table Only the MIB tables present in the respective area are displayed Teldat GmbH 21 Local Services Field Description Command Mode Only if Command Type MIB SNMP Select how the MIB entry is to be manipulated Possible settings e Change existing entry default value An existing entry shall be modified e Create new MIB entry A new entry shall be created Index Varia
508. opagated over active OSPF interfaces see Admin Status If the value is setto Yes indirect static routes are also propagated over active interfaces Demand Circuit Op Define whether Demand OSPF procedures Hello suppression tions on FULL Neighbors and setting of DoNotAge flags on the propagated LSA shall be performed Yes default value or not No This option should be enabled particularly in the case of connections for which the costs are calculated based on time e 9 ISDN dialup connections Internet connections with no flat rate 15 2 3 Global Settings The Routing Protocols gt OSPF gt Global Settings menu contains global OSPF paramet ers OSPF is activated on the gateway Areas Interfaces Global Settings Global OSPF Settings OSPF Status Enabled Generate default route for the AS Enabled Propagate routes bound on discardirefuse interface Enabled oK Cancel Fig 105 Routing Protocols gt OSPF gt Global Settings The Routing Protocols gt OSPF gt Global Settingsmenu consists of the following fields Fields in the Global OSPF Settings menu Field Description OSPF Status Enable or disable OSPF The function is disabled by default Teldat GmbH 15 Routing Protocols Field Description Generate default route for the AS If this option is activated the gateway propagates a default route over all active OSPF interfaces The function is disabled by default Propagate routes
509. or the exchange of files between two PCs over ISDN using an ISDN card file transfer or telephones or PBXs configured for this Node in the public telecommunication network We differentiate between local exchanges and remote exchanges PBXs differentiate between the following exchange access rights These can be set up differently for each subscriber in the configura tion A selected telephone number is parked in the telephone s memory It can be redialled later even if you have called other numbers in the meantime For PBXs describes the terminal e g telephone connected to the exchange Each extension can access PBX services and commu nicate with other extensions An extension is an internal number for a terminal or subsystem In point to point ISDN accesses the extension is usually a number from the extension numbers range assigned by the telephone pro vider In point to multipoint connections it can be the MSN or a part of the MSN direct dialling range The priority of the Internet provider entries is defined by the se quence in which they are entered in the list The first entry of a DSL connection is the standard access If a connection cannot be set up Teldat GmbH Fax FHSS Frequency Hopping Spread Spectrum File transfer Filter Firewall Firmware First level domain Flash key Follow me Glossary via the standard access after a predefined number of attempts setup is attempted usin
510. or the wireless LAN controller 13 2 1 General General Basic Settings Region Germany Interface LAN_EN1 0 DHCP Server with enabled CAPWAP option 138 External or static O Internal DHCP Server Local LAN O Remote WAN Status Y OK Cancel Slave AP location Slave AP LED mode Fig 62 Wireless LAN Controller gt Controller Configuration gt General The Wireless LAN Controller gt Controller Configuration gt Generalmenu consists of the following fields Fields in the Basic Settings menu Field Description Region Select the country in which the wireless LAN controller is to be operated Possible values are all the countries configured on the device s wireless module Teldat GmbH 13 Wireless LAN Controller Field Description The range of channels that can be used varies depending on the country setting The default value is Germany Interface Select the interface to be used for the wireless controller DHCP Server Select whether an external DHCP server shall assign IP ad dresses to the APs or if you wish to assign fixed IP addresses yourself Alternatively you can use your device as a DHCP server For this internal DHCP server CAPWAP option 138 is active in order to allow communication between the master and slaves Please note Make sure that option 138 is active when using an external DHCP server If you wish to use a Teldat Gateway for example as a DHCP server click on the GUI
511. oring for other flow levels Profiles Service Categories OAM Controlling OAM Flow Configuration OAM Flow Level FS MM Virtual Channel Connection CC ven voI32 v Loopback Loopback End to End DEnabled Loopback Segment DEnabled CC Activation Continuity Check CC End to End Passive v Direction Both v Continuity Check CC Segment Passive v Direction Both v gt OK C Cancel Fig 124 WAN gt ATM gt OAM Controlling gt New The menu WAN gt ATM gt OAM Controlling gt New consists of the following fields Fields in the OAM Flow Configuration menu bintec Rxxx2 RTxxx2 Teldat GmbH 17 WAN Field Description OAM Flow Level Virtual Channel Con nection VCC Virtual Path Connec tion VPC Select the OAM flow level to be monitored Possible values e F5 virtual channel level The OAM settings are used for the virtual channel default value e F4 virtual path level The OAM settings are used on the vir tual path Only for OAM Flow Level F5 Select the already configured ATM connection to be monitored displayed by the combination of VPI and VCI Only for OAM Flow Level F4 Select the already configured virtual path connection to be mon itored displayed by the VPI Fields in the Loopback menu Field Description Loopback End to End End to End Send Inter val End to End Pending Requests Select whether you activate the loopback test for the connection betw
512. orithm Local ID Type Only for Internet Key Exchange IKEv2 Select the local ID type Possible ID types e Fully Qualified Domain Name FODN e E mail Address e IPV4 Address e ASN 1 DN Distinguished Name e Key ID Any string Local ID Only for Internet Key Exchange IKEv2 Enter the ID of your device For Authentication Method DSA Signature or RSA Sig nature the Use Subject Name from certificate option is dis played When you enable the Use Subject Name from certificate op tion the first alternative subject name indicated in the certificate is used or if none is specified the subject name of the certific ate is used Note If you use certificates for authentication and your certific ate contains alternative subject names see Certificates on page 106 you must make sure your device selects the first al ternative subject name by default Make sure you and your peer both use the same name i e that your local ID and the peer ID your partner configures for you are identical 18 VPN Teldat GmbH Field Description Preshared Key Enter the password agreed with the peer The maximum length of the entry is 50 characters All charac ters are possible except for 0x at the start of the entry Fields in the menu Interface Routes Field Description IP Address Assign ment Select the configuration mode of the interface Possible values e Static default value Enter a static IP address e IKE Conf
513. orks can become unreachable RIP removes routes that are older than 5 minutes i e routes not verified in the last 300 seconds Garbage Collection Timer Route Timeout Routes learnt with triggered RIP are not deleted Your device supports both version 1 and version 2 of RIP either individually or together 15 1 1 RIP Interfaces A list of all RIP interfaces is displayed in the Routing Protocols gt RIP gt RIP Interfaces menu RIP Interfaces RIP Filter RIP Options View 20 per page Fitter in None v equal v Go No Interface Send Version Receive Version Route Announce 1 ent 0 None None Up only El 2 ent 4 None None Up only El Page 1 Items 1 2 Fig 96 Routing Protocols gt RIP gt RIP Interfaces 15 1 1 1 Edit For every RIP interface go to the menu to select options Send Version Receive Versionand Route Announce bintec Rxxx2 RTxxx2 15 Routing Protocols Teldat GmbH RIP Interfaces RIP Filter RIP Options RIP Parameters for en1 0 Send Version None bi Receive Version None v Route Announce Up only OK Cancel Fig 97 Routing Protocols gt RIP gt RIP Interfaces gt The menu Networking gt RIP gt RIP Interfaces gt consists of the following fields Fields in the RIP Parameters for menu Field Description Send Version Decide whether routes are to be propagated via RIP and if so select the RIP version for sending RIP packets over the inter fa
514. ormation Link Fig 20 GUI Home page 8 3 1 1 Call up the GUI 1 Check whether the device is connected and switched on and that all the necessary cables are correctly connected see Setting up and connecting on page 6 2 Check the settings of the PC from which you want to configure your device see Con figuring a PC on page 44 3 Open a web browser 4 Enter http 192 168 0 254 in the address field of the web browser 5 Enter admin in the User field and enter admin in the Password field and click LO GIN You are now in the status menu of your device s GUI see Status on page 70 8 3 1 2 Operating elements GUI window The GUI window is divided into three areas e The header e The navigation bar e The main configuration window Header binteg R4402 Soria y onnenn tos Navigation LA ESTOS System Name Location Contact TELDAT Main configuration Maximum Number of Syslog Entries 50 window a Maximum Message Level of Syslog Entries Information Y Maximum Number of Accounting Log Entries 20 oK Cancel Fig 21 Areas of the GUI Header e SM htpuiise t68 0 254 gt bintec R4402 Language English Standard Online Help Fig 22 GUI Header GUI Header Language English x Language In the dropdown menu choose the language in which you want to display the GUI Here you can choose the language in which yo
515. osoft and Cisco Callback Mode Select the Callback Mode function Possible values None default value Your device does not call back e Active Select one of the following options e No PPP negotiation Your device calls the connection partner to request a callback e Windows Client Mode Your device calls the connection partner to request a callback via CBCP Callback Control Protocol Needed for Windows clients e Passive Select one of the following options e PPP Negotiation or CLID Your device calls back im mediately when requested to do so by the connection part ner Teldat GmbH 17 WAN Field Description e Windows Server Mode Your device calls back after a period of time suggested by the Microsoft client NT 10 seconds new systems 12 seconds It uses the call number Entries gt Call Number with the Mode Outgoing or Both entered for the connection partner If no number is entered the required number can be reported by the caller in a PPP negotiation This setting should be avoided where possible for security reasons At present this cannot be avoided when connecting mobile Microsoft clients via a DCN e Delayed CLID only Your device calls back after ap prox four seconds if your device is requested to do so by the connection partner Only makes sense for CLID e Windows Server Mode Callback optional like Windows Server Mode with the option of termination This setting should be avoided for secur
516. ote det AN E A te en 540 24 71 AA A E E EA AE 540 24 8 OSPR it o ae eth he AENA ae A E ie it 541 24 8 1 Status A Sa ly ea Sg A 541 24 8 2 StatistiS Ei we bed AA ee Bade a te Bk ae BE ee 543 24 9 PIM AA hy I eget Sect da E a Oo ds 545 24 9 1 Global Stats 00d Gy hed a oe EE ae ed es a 545 24 9 2 Not Interface Specific Status 2 2 eee 546 24 9 3 Interface Specific States 2 2 ee 549 Glossary o o 553 INO A A O 594 bintec Rxxx2 RTxxx2 Teldat GmbH 1 Introduction Chapter 1 Introduction The powerful gateways R1202 R3002 R3502 R3802 R4402 RT1202 RT3002 RT3502 RT4202 have been specially developed for high speed Internet access and for VPN connections in SMEs and branch offices Safety notices The safety precautions brochure which is supplied with your device tells you what you need to take into consideration when using your Teldat gateway Installation How to connect your device is shown in Setting up and connecting on page 6 This chapter also tells you what preliminary tasks are necessary for configuration Configuration How to get your device running is explained in Basic configuration on page 41 There we show you how to start up your device from a Windows PC and how to install other useful online assistants At the end of the chapter you will be in a position to surf the Internet send or receive e mails and set up a connection to a partner network to access data at your company h
517. ous Point IP Address Upstream Join State Upstream Neighbor IP Address Uptime Upstream Join Timer Page 1 6 States View 20 per page Filter in None v equal v Go Multicast Group Address Upstream Neighbor IP Address Reverse Path Forwarding RPF Upstream Join State Uptime Upstream Join Timer Page 1 5 6 States View 20 per page Filter in None vw equal v Go Multicast Group Address Source IP Address Upstream Neighbor IP Address Upstream Join State Uptime Upstream Join Timer Shortest Path Tree Page 1 S G RPT States View 20 per page Fitter in None v equal v Go Multicast Group Address Source IP Address Reverse Path Forwarding RPF Uptime Upstream Override Timer Page 1 Fig 227 Monitoring PIM Not Interface Specific Status Values in the Not Interface Specific Status list Field Description View Select the desired view from the dropdown menu Are available A11 RP States G States S G States and S G RPT States Values in the RP States list Field Description Rendevous Point IP Displays the IP address of the Rendezvous Point RP for the Address group Upstream Join State The Upstream RP Join Prune Status indicates the status of the Upstream RP State Machine in the PIM SM Specifica tion Upstream Neighbor IP Displays the primary IP address of the Upstream Neighbors or Address unknown 0 if the Upstream Neighbor IP address is not known or if it is not a PIM Neighbor Uptime In
518. outer that does not have network connections but provides the same functions between PC ISDN and the Internet ISDN Basic Rate Interface This performance feature requires the installation of the T ISDN Speedmanager If you are surfing the Internet and use two B chan nels for downloading you cannot be reached by telephone from out side As a further call is signalled over the D channel your PBX can depending on the setting specifically shut down a B channel so that you can take the call Alternative name for the So bus ISDN Primary Rate Interface International Standardization Organization Internet Service Provider International Telecommunication Union Stored keys can be viewed by the government The US government in particular requires key storages to prevent crimes being covered up through data encryption Local Area Network Link Access Procedure Balanced The last access by T Service is stored and displayed in the configur ation Layer 1 of the ISO OSI Model the bit transfer layer Liquid Crystal Display a screen in which special liquid crystal is used to display information bintec Rxxx2 RTxxx2 bintec Rxxx2 RTxxx2 LCP LDAP Lease Time Leased Line LLC Local exchange Loudspeaker MAC Address Man in the Middle Attack MD5 MFC MIB Microphone mute Mixed mode MLPPP Modem MPDU Link Control Protocol Lightweight Directory Access Protocol The Lease Time is the time a computer
519. over the BRPP router redundancy protocol Configuration is performed in the Local Services gt BRRP gt Virtual Router gt New gt Eth ernet Interface menu In this step you configure the IP address settings and assign the interface to a virtual router The properties of the virtual router e g the priority are also defined here Note The system automatically assigns the MAC address of the virtual interface according to the following model 00 00 5E 00 01 lt ID of the virtual router gt The ID of the virtual router therefore determines the MAC address of the interface which is used to trans mit the usage data The configuration of the virtual interface MAC address IP address and the configura tion of the virtual router sending interval for advertisement master down trials must be identical on all routers with the same virtual router ID within the logical group You must use IP addresses from different subnets for the advertisement interface and for the virtual interface All virtual interfaces on a physical router should normally have the same priority e Configuration of the synchronisation between the virtual router and configuration of the events which result in a switching of the operating status of the virtual router Controlling the operating status of a virtual router implicitly also controls the operating status of the interface to which the virtual router is linked If an error occurs all interfaces on a devic
520. ovider gt New consists of the fol lowing fields Fields in the Basic Parameters menu Field Description Provider Name Server Update Path Port Protocol Enter a name for this entry Enter the host name or IP address of the server on which the provider s DynDNS service runs Enter the path on the provider s server that contains the script for managing the IP address of your device Ask your provider for the path to be used Enter the port at which your device is to reach your provider s server Ask your provider for the relevant port The default value is 80 Select one of the protocols implemented Possible values e DynDNS default value Static DynDNS e ODS Teldat GmbH 21 Local Services Field Description EN DYNS Nenu DOTEE HAIM O CAD INC 12 e Custom DynDNS e DnsExit Update Interval Enter the minimum time in seconds that your device must wait before it is allowed to propagate its current IP address to the DynDNS provider again The default value is 300 seconds 21 4 DHCP Server You can configure your device as a DHCP Dynamic Host Configuration Protocol server Your device and each PC in your LAN requires its own IP address One option for allocat ing IP addresses in your LAN is the Dynamic Host Configuration Protocol DHCP If you configure your device as a DHCP server the device automatically assigns IP addresses to requesting PCs in the LAN from a predefined IP
521. p address InetAddressType is dress defined in the pimSGAddressType object Source IP Address Displays the source IP address InetAddressType is defined in the pimSGAddress Type object Upstream Neighbor IP Displays the primary IP address of the Neighbor on pimSGRP Address Flflndex to which the router periodically S G sends Join mes sages The value is 0 if the RPF Next Hop is unknown or is no PM Neighbor InetAddressType is defined in the pimSGAd dressType object In the PIM SM specification this address is named RPF S G Upstream Join State Indicates whether the local router should join the Shortest Path Tree for the source and the group represented by this Teldat GmbH 24 Monitoring Field Description entry This corresponds to the status of the Upstream S G State Machine in the PIM SM specification Uptime Indicates the timespan since the entry was generated by the local router Upstream Join Timer Indicates the remaining time until the local router sends out the next periodic S G Join message on pimSGRPFlfIndex In the PIM SM specification this timer is named S G Upstream Join Timer If the timer is deactivated it has the value 0 Shortest Path Tree Indicates whether the Shortest Path Tree Bit is set i e whether forwarding via the Shortest Path Tree should take place Values in the S G RPT States list Field Description Multicast Group Ad Displays the multicast group address InetAddressType is
522. pened via one or more devices on which network address translation NAT is activated Without NAT T incompatibilities may arise between IPSec and NAT see RFC 3715 section 2 These primarily prevent the setup of an IPSec tunnel from a host within a LANs and behind a NAT device to another host or device NAT T enables these kinds of tunnels without conflicts with NAT device activated NAT is automatically detected by the IPSec Daemon and NAT T is used Only for TKEv1 profiles Possible values e Enabled default value NAT Traversal is enabled e Disabled NAT Traversal is disabled e Force The device always behaves as it would if NAT were in use Only for TKEv2 profiles The function is enabled with Enabled The function is enabled by default CA Certificates Only for Phase 1 IKE Parameters Only for Authentication Method DSA Signature RSA Signature Of RSA Encryption If you enable the Trust the following CA certificates option Field Description you can select up to three CA certificates that are accepted for this profile This option can only be configured if certificates are loaded 18 1 3 Phase 2 Profiles You can define profiles for phase 2 of the tunnel setup just as for phase 1 In the VPN gt IPSec gt Phase 2 Profiles menu a list of all configured IPSec phase 2 profiles is displayed IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options View feo per page L
523. r Trunk Mode Server You can set a number that is added as a prefix for outgoing calls to the sender s number and is removed from the destina tion number for incoming calls This corresponds to the trunk exchange number of an exchange Fields in the Codec Settings menu Field Description Codec Proposal Se Choose the order in which the codecs are offered for use by the quence media gateway If the first codec cannot be used the second is tried and so on Possible values e Default default value the codec in the first position in the menu will be used if possible e Quality The codecs are sorted by quality If possible the codec with the best quality is used e Low Bandwidth The codecs are sorted by required band width If possible the codec with the lowest bandwidth re quirement is used e High Bandwidth The codecs are sorted by required band width If possible the codec with the highest bandwidth re quirement is used Sort Order Select the codecs to be proposed for the connection The co decs chosen here are proposed in a certain order depending on the setting in the Codec Proposal Sequence field 20 VoIP Teldat GmbH Field Description Possible values 711 uLaw ISDN codec according to US law 711 aLaw ISDN codec according to EU law 729 Compressed from 31 to 8 kbps good voice quality 726 40 Compressed from 63 to 40 kbps 726 32 Compressed from 55 to 32 kbps 726 24 Compressed from
524. r the first first field and last second field IP address of the IP address pool DNS Server Primary Enter the IP address of the DNS server that is to be used preferably by clients who draw an address from this pool Secondary Optionally enter the IP address of an alternative DNS server 21 4 2 DHCP Configuration To activate your device as a DHCP server you must first define IP address pools from which the IP addresses are distributed to the requesting clients A list of all configured IP address pools is displayed in the Local Services gt DHCP Server DHCP Configuration menu In the list for each entry you have the possibility under Status of enabling or disabling the configured DHCP pools Note In the ex works state the DHCP pool is preconfigured with the IP addresses 192 168 0 10 to 192 168 0 49 and is used if there is no other DHCP server available in the network 21 4 2 1 Edit or New Choose the New button to set up new IP address pools Choose the icon to edit exist ing entries IP Pool Configuration DHCP Configuration IP MAC Binding DHCP Relay Settings Basic Parameters Interface Select one v IP Pool Name Notyet defined v Pool Usage Local v Advanced Settings Gateway Use router as gateway v Lease Time 120 Minutes Option Value DHCP Options q Add OK Cancel Fig 175 Local Services gt DHCP Server DHCP Configuration gt New The Local Services gt DHCP Server DHCP Configuration gt Ne
525. rding gt Forwarding gt New The Multicast gt Forwarding gt Forwarding gt New menu consists of the following fields Fields in the Basic Parameters menu Field Description All Multicast Groups Select whether all multicast groups i e the complete multicast address range 224 0 0 0 4 are to be forwarded from the defined Source Interface to the defined Destination Interface To do this check Enabled Disable the option if you only want to forward one defined mul ticast group to a particular interface 16 Multicast Teldat GmbH Field Description The option is deactivated by default Multicast Group Ad Only for All Multicast Groups not active dress Enter here the address of the multicast group you want to for ward from a defined Source Interface to a defined Destination Interface Source Interface Select the interface on your device to which the selected multic ast group is sent Destination Interface Select the interface on your device to which the selected multic ast group is to be forwarded 16 4 PIM Protocol Independent Multicast PIM is a multicast routing process that makes possible dynamic routing from multicast packets With PIM the distribution of information is regu lated via a central point which is known as the rendezvous point Data packets are initially routed here before being made available to other recipient routers Multicast routing protocols differentiates between sparse mode and dense mode
526. re 0 to 9 the default value is 0 Entry active Select whether this server is to be used for login authentication The function is activated by selecting Enabled The function is enabled by default The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Policy Select the interpretation of the TACACS response Possible values e Non authoritative default value The TACACS serv ers are queried in order of their priority see Priority until a positive response is received or a negative response has been received from an authoritative server e Authoritative A negative response to a request is accep ted i e a request is not sent to another TACACS server The device s internal user administration is not turned off by TACACS It is checked after all TACACS servers have been queried TCP Port Shows the default TCP port 49 used for the TACACS pro tocol The value cannot be changed Timeout Enter time in seconds for which the NAS is to wait for a re sponse from TACACS If a response is not received during the wait time the next con figured TACACS server is queried only if Policy Non authoritative and the status of the current server is set to Blocked The possible values are 1 to 60 the default value is 3 Teldat GmbH 10 System Management Field Description Block Time Enter the time in seconds for which the status of the current server s
527. re means that other people can contact you during a telephone call If another subscriber calls while you are on the telephone you hear your telephone s call waiting tone You can then decide whether to continue with your first call or speak to the person whose call is waiting If you do not want to use the call waiting feature you switch on call waiting protection If you are taking a call a second caller hears the engaged tone Performance feature in T ISDN PBXs and T Net A connection is set up automatically as soon as the Busy status on the destination connection ends When the connection is free this is signalled to the caller As soon as the caller lifts the receiver the connection is set up automatically However Callback must first be activated by the caller on his or her terminal You call a subscriber who does not pick up With Callback on no reply this is not a problem for you because with this special fea ture you can set up the connection without having to redial If you are not on the telephone yourself a new connection with the sub scriber is set up for a maximum of 180 minutes Number of the terminal called Special feature telephones such as the T Concept PX722 system telephone enable call requests to be stored during absence Calling party number Number of the calling terminal CAPI CAST Common ISDN Application Programming Interface A 128 bit encryption algorithm with similar functionality to DE
528. re to be routed Possible values e Accept Rule For calls forwarded by the media gateway to a PBX or an ISDN TE connector or a SIP DDI client For this the following can be used PRI interfaces in NT mode BRI in bintec Rxxx2 RTxxx2 Teldat GmbH 20 VoIP Field Description terfaces in NT mode SIP accounts in trunk mode server mode e Deny For calls that are not to be routed to be blocked Calling Line You can restrict the application of the entry to the line on which the call comes in The selection depends on the interfaces available and on the SIP accounts that have been created Possible values e pri lt Interface Index gt restricts the routing entry to the selected PRI interface e bri lt Interface Index gt restricts the routing entry to the selected BRI interface e lt SIP Account gt restricts the routing entry to the selected SIP account e Any No restriction of the entry Calling Address You can restrict the application of the entry to a particular caller To do this you must specify the subscriber number exactly no wildcards Called Address Enter the called address to which the rule is to be applied To do this enter an address numerically e g a subscriber num ber or alphanumerically e g for a trunk that is to be compared with a dialled address The following wildcards can be used e means that at the end of a character string any number of characters may follow e
529. reas Interfaces Global Settings view 20 perpage ID Fitter in None x equal Y Area ID Import external routes Page 1 C new Fig 101 Routing Protocols OSPF Areas 15 2 1 1 Edit or New Choose the icon to edit existing entries Choose the New button to create additional areas Areas Interfaces Global Settings Basic Parameters Area ID Import external routes Menabtea Route Aggregation Padaess O Ietmesk aese IP Address C OK UC Cancel Fig 102 Routing Protocols OSPF Areas gt New The Routing Protocols 0SPF Areas gt New menu consists of the following fields Fields in the Basic Parameters menu bintec Rxxx2 RTxxx2 Teldat GmbH 15 Routing Protocols Field Description Area ID Enter the ID to identify the OSPF aea The backbone area is OOP ORO Import external routes Specifies whether the gateway routing information generated from external autonomous systems not areas is to be impor ted The function is enabled with Enabled The function is activated by default Import summary routes Only for Import external routes Disabled Define whether summary LSAs routing information generated by Area Border Gateway are to be sent to the stub area Possible values Enabled default value Activates import e Disabled Deactivates the import Create area default route only AB
530. rences audio video with several re cipients The most well known are probably the MBone Multimedia Audio Tool VAT Video Conferencing Tool VIC and Whiteboard WB VAT can be used to hold audio con ferences All subscribers are displayed in a window and the speaker s are indicated by a black box Other areas of use are of particular interest to companies Here multicasting makes it possible to synchronise the databases of several servers which is valuable for multinationals or even companies with just a few locations Address range for multicast For IPv4 the IP addresses 224 0 0 0 to 239 255 255 255 224 0 0 0 4 are reserved for multicast in the class D network An IP address from this range represents a multicast group to which several recipients can log in The multicast router then forwards the re quired packets to all subnets with logged in recipients Multicast basics Multicast is connectionless which means that any trouble shooting or flow control needs to be guaranteed at application level At transport level UDP is used almost exclusively as in contrast to TCP it is not based on a point to point connection At IP level the main difference is therefore that the destination address does not address a Teldat GmbH 16 Multicast dedicated host but rather a group i e during the routing of multicast packets the decisive factor is whether a recipient is in a logged in subnet In the local network all hosts are
531. ress of the PPTP partner dress The default value is 10 0 0 138 LCP Alive Check Select whether the availability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a backup connection more quickly in the event of line faults The function is enabled with Enabled The function is enabled by default 17 1 3 PPPoA A list of all PPPoA interfaces is displayed in the WAN gt Internet Dialup gt PPPoA menu In this menu you configure a xDSL connection used to set up PPPoA connections With PPPoA the connection is configured so that the PPP data flow is transported directly over an ATM network RFC 2364 This is required by some providers Note your provider s spe cifications When using the internal DSL modem a PPPoA interface must be configured with Client Type On Demand for this connection in WAN gt ATM gt Profiles gt New 17 1 3 1 New Choose the Newbutton to set up new PPPoA interfaces PPPoE PPTP PPPoA ISDN AUX IP Pools Basic Parameters Description ATM PVC Selectone User Name Password ecccccce Always on ClEnablea Connection Idle Timeout 300 Seconds IP Mode and Routes IP Address Mode Ostatic Get IP Address Default Route MEnabled Create NAT Policy Enabled Advanced Settings Block after connection failure for 50 seconds Maximum Number of Dialup Retries E Authentication P
532. resses for Primary DNS Server and Secondary DNS Server from the PPTP part ner or sends these to the PPTP partner The function is enabled with Enabled The function is enabled by default Fields in the PPTP Callback menu Field Description Callback Enables a PPTP tunnel through the Internet to be set up with a PPTP partner even if the partner is currently inaccessible As a rule the PPTP partner will be requested by means of an ISDN call to go online and set up a PPTP connection The function is enabled with Enabled The function is disabled by default Note that you must activate the relevant option on the gateways of both partners An ISDN connection is usually required for this function Without ISDN callback is only to be activated in spe 18 VPN Teldat GmbH Field Description cial applications Incoming ISDN Num Only if Callback is enabled ber Enter the ISDN number from which the remote device calls the local device calling party number Outgoing ISDN Num Only if Callback is enabled ber Enter the ISDN number with which the local device calls the re mote device calls called party number Fields in the Dial Port Selection only if callback activated Field Description Selected Ports Enter the ISDN port over which callback is carried out Possible values e All Ports The callback is routed over an available ISDN port e Specify port In Specific Ports You can select the re q
533. rface Index gt Restricts the entry to the selected BRI interface e lt SIP Account gt Restricts the entry to the selected SIP ac count e Any No restriction of the entry Here you have the option of entering the destination line of the Called Line call Possible values e pri lt Interface Index gt Restricts the entry to the selected PRI interface e bri lt Interface Index gt Restricts the entry to the selected BRI interface e lt SIP Account gt Restricts the entry to the selected SIP ac count e Any No restriction of the entry Enter either Called Line or Called Address If a value other than Any is selected Called Address should not be used If Called Line Any and Called Address is not used all calls for Called Line are processed Called Address Here you have the option of entering the destination address of the call Enter either Called Line or Called Address If Called Address is used then Called Line Any can be set Calling Address Trans Enter the transformation rule applied to the call numbers lation Notation lt a b gt i e a is replaced by b Every rule must be ended with a semicolon A number of rules can be chained to gether using semicolons as separators e g lt a b gt lt c d gt lt e f gt After confirmation of entry the rule chain is automatically sorted by the best match method is a placeholder for an arbitrary digit Field Description Example 20 2 Example of a rul
534. riginal over the telephone net work Telematics is a combination of telecommunication and computer technology and describes data communication between systems and devices Protocol from the TCP IP protocol family Telnet enables communic ation with a remote device in the network Device for interface adaptation It enables different equipment to be connected to T ISDN The terminal adapter a b is used to connect analogue terminals to the So interface of the ISDN Basic Rate Inter face Existing analogue terminals can still be operated with tone di alling Trivial File Transfer Protocol A three way telephone call Performance feature in T Net T ISDN and your PBX Tiger 192 is a relatively new and very fast hash algorithm Transport Layer Security Multifrequency code method MFC If you receive an internal call e g from the subscriber with internal telephone number 22 while you are away this subscriber s internal bintec Rxxx2 RTxxx2 Glossary Transmission speed TSD TTL Twofish U ADSL UDP Update Upload UPnP Upstream URL USB User guidance UUS1 User to User Teldat GmbH telephone number is stored in your telephone s caller list However because your connection is automatically set to Automatic Outside Line as a result of the ex works settings you would first have to dial for a callback in order to obtain the internal dialling tone and then 22 If Transfer Internal Code is active
535. ring corresponds 11 Physical Interfaces Teldat GmbH Field Description to the numbering of the Ethernet ports on the back of the device Ethernet Interface Se Assign a logical Ethernet interface to the switch port lection You can select from five interfaces en1 0 to en1 4 In the ba sic setting switch ports 1 4 are assigned to interface en1 0 and switch port 5 is assigned to interface en1 4 Configured Speed Select the mode in which the interface is to run Mode Possible values e Full Autonegotiation default value e Auto 1000 mbps only e Auto 100 mbps only e Auto 10 mbps only e Auto 100 mbps Full Duplex e Auto 100 mbps Half Duplex e Auto 10 mbps Full Duplex e Auto 10 mbps Half Duplex e Fixed 1000 mbps Full Duplex e Fixed 100 mbps Full Duplex e Fixed 100 mbps Half Duplex e Fixed 10 mbps Full Duplex e Fixed 10 mbps Half Duplex e None The interface is created but remains inactive Current Speed Mode Shows the actual mode and actual speed of the interface Possible values e 1000 mbps Full Duplex e 100 mbps Full Duplex O 100 mbps Half Duplex OT SRL Drole o 10 mbps Half Duplex e Down Teldat GmbH 11 Physical Interfaces Field Description Flow Control Select whether a flow control should be conducted on the cor responding interface Possible values e Disabled default value No flow control is performed e Enabled Flow control is performed e Auto
536. rt over which the RTSP messages are to come in and go out Possible values are 0 to 65535 The default value is 554 bintec Rxxx2 RTxxx2 Teldat GmbH 21 Local Services Chapter 21 Local Services This menu offers services for the following application areas e Name resolution DNS e Configuration via web browser HTTPS e Locating of dynamic IP addresses using a DynDNS provider e Configuration of gateway as a DHCP server assignment of IP addresses e Access restriction on the Internet web filter e Assignment of incoming and outgoing data and voice calls to authorised users CAPI server e Automation of tasks according to schedule scheduling e Alive checks for hosts or interfaces ping tests e User LAN protection theft protection e Realtime video audio conferences Messenger services universal plug amp play e Provision of public Internet accesses hotspot e Use of a redundant gateway BRRP 21 1 DNS Each device in a TCP IP network is usually located by its IP address Because host names are often used in networks to reach different devices it is necessary for the associated IP address to be known This task can be performed by a DNS server which resolves the host names into IP addresses Alternatively name resolution can also take place over the HOSTS file which is available on all PCs Your device offers the following options for name resolution DNS Proxy for forwarding DNS requests sent to
537. rval 60 Seconds Apply Fig 25 Configuration of the update interval View 20 per page Fitter in None equal i Go Fig 26 Filter list Structure of the GUI configuration menu The menus of the GUI contain the following basic structures GUI menu structure Basic configuration When you select a menu from the navigation bar the menu of menu list basic parameters is displayed first In a sub menu containing several pages the menu containing the basic parameters is dis played on the first page The menu contains either a list of all the configured entries or the basic settings for the function concerned Sub menu The New button is available in each menu in which a list of all New the configured entries is displayed Click the button to display the configuration menu for creating a new list entry Sub menu Click this button to process the existing list entry You go to the ma configuration menu Menu Click this tab to display extended configuration options Advanced Settings The following options are available for the configuration GUI Configuration elements Input fields e g empty text field Text field with hidden input Teldat GmbH 8 Access and configuration Enter the data Radio buttons e g Address Mode static O DHCP Select the corresponding option Checkboxes e g activation by selecting checkbox Enabled Selection of several possible options Encryp
538. s Interfaces Interface Selectone Y oK Cancel Fig 34 System Management gt Interface Mode Bridge Groups gt Interfaces gt Add The System Management gt Interface Mode Bridge Groups gt Interfaces gt Addmenu consists of the following fields Fields in the Interfaces menu Field Description Interface Select the interface whose status should be changed Edit for devices the WIxxxxn and RS series For WLAN clients in bridge mode so called MAC Bridge you can also edit additional set tings via the Fay icon 10 System Management Teldat GmbH Interfaces Layer 2 5 Options Interface sta1 0 Wildcard Mode last v OK Cancel Fig 35 System Management gt Interface Mode Bridge Groups gt Interfaces gt Add You can realise bridging for devices behind access clients with the MAC Bridge function In wildcard mode you cannot define how Unicast non IP frames or non ARP frames are pro cessed To use the MAC bridge function you must carry out configuration steps in several menus 1 Select GUI menu Wireless LAN gt WLAN gt Radio Settings and click the icon to modi fy an entry 2 Select Operation Mode Access Client and save the settings with OK 3 Select the System Management gt Interface Mode Bridge Groups gt Interfaces menu The additional interface sta1 0 is displayed 4 For interface sta1 0 select Mode Bridge Group brO lt IPAddress gt and Con figuration Interface en 1 0 and save the set
539. s 479 Successfully Answered Queries 439 Summary 113 Teldat GmbH Surveillance 478 Sustained Cell Rate SCR 310 Switch Port 123 Sync SAs with ISP interface state 358 Synchronisation Mode 504 Syslog 515 Syslog Servers 515 System 73 System Logic 510 System Name 73 System Licences 82 System Messages 530 System Reboot 514 System Management 70 System Date 71 T TACACS 102 TACACS Secret 103 TCP Inactivity 390 TCP Keepalives 94 TCP Port 104 TCP MSS Clamping 148 Telnet 89 Temperature 482 Terms amp Conditions 492 Third Timeserver 80 Ticket Type 494 Time 530 Time Condition 465 Time Update Interval 80 Time Update Policy 80 Time Zone 79 Timeout 104 487 Timeslot Matrix 133 Timeslot Range 133 Timeslot Selection 133 Timestamp 516 Total 534 Traceroute Test 507 Tracking IP Address 208 Traffic Direction 462 Traffic shaping 220 223 388 Transfer Mode 339 Teldat GmbH Transfer own IP address over ISDN GSM 339 Transferred Traffic 462 Transmit Key 176 Transmit Power 165 Transmit Shaping 139 Transparent MAC Address 88 Trials 462 484 Trigger 461 481 483 Trigger Status 467 Triggered Hello Interval 264 Trunk Mode 409 TTL 436 Tunnel Profile 365 Tunnel Profiles 361 Tx Bytes 537 538 Tx Errors 537 Tx Packets 537 538 Type 214 229 305 394 416 537 543 Type of Endpoint 401 Type of Messages 516 Type of traffic 199 Type of attack 185 U UDP Inactivity 390 UDP Destinat
540. s 537 538 S Teldat GmbH SCEP URL 111 Schedule Interval 478 Schedule Start Stop Time 455 Scheduling 460 Second Timeserver 80 Secondary DHCP Server 452 Secondary DNS Server 434 Security Mode 176 Security Algorithm 531 Segment Pending Requests 313 Segment Send Interval 313 Select radio 467 Select vendor 449 Select analogue interface 404 Select file 510 Select ISDN interface 404 Selected Ports 378 Selection 393 Send 540 Send Version 240 Send Certificate Chains 359 Send Certificate Request Payloads 359 SendCRLs 359 Send information to 528 Send Initial Contact Message 358 Send Key Hash Payloads 359 Sent Database Description Packets 544 Sent Hello Messages 544 Sent Link State Acknowledge Packets 544 Sent Link State Request Packets 544 Sent Link State Update Packets 544 Sequence Age 543 Serial Number 71 Server 444 Server Address 467 Server Timeout 100 Server URL 467 Server Failures 439 Server IP Address 98 103 Service 135 201 211 214 229 385 535 536 Index Service Categories 309 Session Timeout 399 Session Border Controller Mode 425 Set status 467 Set Time 79 Set COS value 802 1p Layer 2 217 Set Date 79 Set DSCP TOS value Layer 3 217 Set interface status 467 Severity 520 SHDSL 141 SHDSL Configuration 141 SHDSL Type 142 Short Guard Interval 171 Short Retry Limit 171 Shortest Path Tree 548 Show passwords and keys in clear text 77 Sign
541. s If this option is enabled untagged frames are discarded If the option is disabled untagged frames are tagged with the PVID defined in this menu Drop non members If this option is enabled all tagged frames that are tagged with a VLAN ID to which the selected port does not belong are dis carded 12 2 3 Administration In this menu you make general settings for a VLAN The options must be configured sep arately for each bridge group VLANs Port Configuration Administration Bridge Group brO VLAN Options Enable VLAN DEnabled Management VID 1 Management C OK JC Cancel Fig 61 LAN gt VLANs gt Administration The LAN gt VLANs gt Administrationmenu consists of the following fields Fields in the Bridge Group br lt ID gt VLAN Options menu Field Description Enable VLAN Enable or disable the specified bridge group for VLAN The function is enabled with Enabled The function is not activated by default Management VID Select the VLAN ID of the VLAN in which your device is to oper ate bintec Rxxx2 RTxxx2 13 Wireless LAN Controller Teldat GmbH Chapter 13 Wireless LAN Controller By using the wireless LAN controller you can set up and manage a WLAN infrastructure with multiple access points APs The WLAN controller has a Wizard which assists you in the configuration of your access points The system uses the CAPWAP protocol Control and Provisioning of Wireless Access Points Pro
542. s RxBytes RxErrors Status Unchanged for Action 1 en1 0 Ethernet 6 69K 5 21M 0 14 23K 1 40M D o 2d 2h 2m 59s t 9 2 ent 4 Ethernet 0 0 0 0 0 0 o 2d 2h 3m 2s t 0 3 Peer1 Tunnel 0 0 0 0 0 0 e Od Oh 5m 27s t 9 Page 1 Items 1 3 Fig 219 Monitoring gt Interfaces gt Statistics Change the status of the interface by clicking the e or the button in the Action column Values in the Statistics list Field Description No Shows the serial number of the interface Description Displays the name of the interface Type Displays the interface text Tx Packets Shows the total number of packets sent Tx Bytes Displays the total number of octets sent Tx Errors Shows the total number of errors sent Rx Packets Shows the total number of packets received Rx Bytes Displays the total number of bytes received Rx Errors Shows the total number of errors received Status Shows the operating status of the selected interface Unchanged for Shows the length of time for which the operating status of the interface has not changed Action Enables you to change the status of the interface as displayed Press the 0 button to display the statistical data for the individual interfaces in detail 24 Monitoring Teldat GmbH Statistics Show Transfer Totals Y Automatic Refresh Interval 300 Seconds Apply Description en1 5 MAC Address 00 09 4f 5e db 66 IP Address Netmask NAT Disabled Tx Packets 0 Tx Bytes 0 Rx
543. s are available Network Name SSID Enter the name of the wireless network SSID bintec Rxxx2 RTxxx2 Teldat GmbH 13 Wireless LAN Controller Enter an ASCII string with a maximum of 32 characters Also select whether the Network Name SSID visible is to be transmitted Security Mode Select the security mode encryption and authentication for the wireless network Please note WPA Enterprise means 802 11x WPA Mode Select for Security Mode wPA PSK or WPA Enterprise whether you wish to use WPA oder WPA 2 or both Preshared Key Enter the WPA password for Security Mode WPA PSK Enter an ASCII string with 8 63 characters Important Change the default Preshared Key If the key has not been changed your device will not be protected against unauthorised access Radius Server You can control access to a wireless network via a RADIUS server With Add you can create new entries Enter the IP address and the password of the desired RADIUS server EAP Preauthentification For Security Mode WPA Enterprise select whether the EAP preauthentification func tion is to be Enabled This function tells your device that WLAN clients which are already connected to another access point can first carry out 802 1x authentication as soon as they are within range Such WLAN clients can then simply connect over the existing net work connection with your device VLAN Select whether the VLAN segmentation is to be use
544. s closed the ports are immediately closed again The peer to peer communication is initiated via public SIP servers with only the information from the two clients being forwarded The clients then communicate directly with one an other For further information about UPnP see www upnp org 21 10 1 Interfaces In this menu you configure the UPnP settings individually for each interface of your gate way You can determine whether UPnP requests from clients are accepted by each interface for requests from the local network and or whether the interface can be controlled via UPnP requests Interfaces General View 20 per page Fitter in None equal v Go Interface Answer to client request Interface is UPnP controlled ent 0 Enabled Enabled en1 4 Enabled Enabled Page 1 ltems 1 2 oK Cancel Fig 192 Local Services gt UPnP gt Interfaces The menu Local Services gt UPnP gt Interfaces consists of the following fields Fields in the Interfaces menu Field Description Interface Shows the name of the interface for which the UPnP settings are to be made The entry cannot be changed Answer to client re Determine whether UPnP requests from clients are to be quest answered via the particular interface from the local network The function is enabled with Enabled The function is disabled by default Teldat GmbH 21 Local Services Field Description Interface is UPnP con De
545. s in the Advanced Settings menu Field Description ADSL Line Profile Only for devices with a VDSL modem Select the line profile for your internet service provider Use the Standard profile if your provider does not appear in the list 11 5 SHDSL bintec R3802 has an integrated SHDSL modem The device supports G SHDSL according to ITU T recommendations G 991 2 Annex A and B and SHDLS bis according to G 991 2 Annex F and G Depending on the device type and configuration the gateway transmits the data over a pair of wires at up to 5696 kbps over two pairs of wires at up to 11392 kbps over three pairs of wires at up to 17088 kbps or over four pairs of wires at up to 22784 kbps 11 5 1 SHDSL Configuration In the SHDSL menu you configure the SHDSL interface of your device Note Ask your provider about any special features of your SHDSL connection Note Agree the connection conditions for back to back connections campus connect with your remote terminal The SHDSL interfaces can be configured separately or as a bundle 11 Physical Interfaces Teldat GmbH Choose the 3 button to edit the predefined SHDSL interfaces In the ex works state the logical SHDSL interfaces Shds1 0 to Shds1 3 are each preset with one pair of wires SHDSL Configuration SHDSL Parameters ATM Interface fcca 3 0 Device Mode OO Central Office CPE Customer Premises Equipment SHDSL Type O Amex A Annex B Clock Rate OFixed
546. s in the MIB entry belonging to peer B 3 Your device sends the initial ISDN call to peer B which transfers the IP address of peer A and the token as per the callback configuration 4 Peer B extracts the IP address of peer A and the token from the ISDN call and as signs them to peer A based on the calling party number configured the ISDN number used by peer A to send the initial call to peer B 5 The IPSec Daemon at peer B s device can use the transferred IP address to initiate phase 1 negotiation with peer A Here the token is returned to peer A in part of the payload in IKE negotiation 6 Peer A is now able to compare the token returned by peer B with the entries in the MIB and so identify the peer without knowing its IP address As peer A and peer B can now mutually identify each other negotiations can also be con Teldat GmbH M 18 VPN ducted in the ID Protect mode using preshared keys Note In some countries e g Switzerland the call in the D channel can also incur costs An incorrect configuration at the called side can mean that the called side opens the B channel the calling side incurs costs The following options are only available on devices with an ISDN connection Fields in the menu IPSec Callback Field Description Mode Incoming Phone Num ber Outgoing Phone Num ber Select the Callback Mode Possible values e Inactive default value IPSec callback is deactivated The local dev
547. s on is disabled Timeout Enter the idle interval in seconds This determines how many seconds should pass between sending the last traffic data pack et and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the timeout The default value is 20 Fields in the IP Mode and Routes menu 17 WAN Teldat GmbH Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Static default value You enter a static IP address e Provide IP Address Your device dynamically assigns an IP address to the remote terminal e Get IP Address Your device is dynamically assigned an IP address Default Route Only for IP Address Mode Static and Get IP Address Select whether the route to this connection partner is to be defined as the default route The function is enabled with Enabled The function is disabled by default Create NAT Policy Only for IP Address Mode Static and Get IP Address When you configure an ISDN Internet connection specify whether Network Address Translation NAT is to be activated The function is enabled with Enabled The function is disabled by default Local IP Address Only if IP Address Mode Static Assign the IP address from your LAN to the ISDN interface which is to be used as your device s internal source address Route Entries Only if IP Address Mode St
548. s that your device connects other ISDN B channels to in crease the throughput for connections if this is required e g for large data rates If the amount of data traffic drops the additional B channels are closed again If devices from other manufacturers are to be used at the far end ensure that these sup port dynamic channel bundling for a bandwidth increase or as a backup Static In static channel bundling you specify right from the start how many B channels your device is to use for connections regardless of the transferred data rate 17 1 1 PPPoE A list of all PPTOE interfaces is displayed in the WAN gt Internet Dialup gt PPPoE menu PPP over Ethernet PPPoE is the use of the Point to Point Protocol PPP network pro tocol over an Ethernet connection Today PPPoE is used for ADSL connections in Ger many In Austria the Point To Point Tunnelling Protocol PPTP was originally used for AD SL access However PPPoE is now offered here too by some providers 17 1 1 1 New Choose the New button to set up new PPPoE interfaces Basic Parameters Description PPPoE Mode PPPoE Ethernet Interface User Name Password Always on Connection Idle Timeout IP Mode and Routes IP Address Mode Default Route Create NAT Policy Block after connection failure for Maximum Number of Dialup Retries Authentication DNS Negotiation Prioritize TCP ACK Packets LCP Alive Check MTU PPPoE PPTP PPPoA ISDN AUX IP Pools
549. s the number of valid DNS requests received and ad dressed direct to your device Cache Hits Shows the number of requests that were answered with static or dynamic entries from the cache Forwarded Requests Shows the number of requests forwarded to other name serv ers Cache Hitrate Indicates the number of Cache Hits pro DNS request in per centage Successfully Shows the number of successfully answered requests positive Answered Queries and negative Server Failures Shows the number of requests that were not answered by any name server either positively or negatively 21 Local Services Teldat GmbH 21 2 HTTPS You can operate the user interface of your device from any PC with an up to date Web browser via an HTTPS connection HTTPS HyperText Transfer Protocol Secure is the procedure used to establish an en crypted and authenticated connection by SSL between the browser used for configuration and the device 21 2 1 HTTPS Server In the Local Services gt HTTPS gt HTTPS Servermenu configure the parameters of the backed up configuration connection via HTTPS HTTPS Server HTTPS Parameters HTTPS TCP Port 443 Local Certificate Internal Y Apply Cancel Fig 171 Local Services gt HTTPS gt HTTPS Server The Local Services gt HTTPS gt HTTPS Servermenu consists of the following fields Fields in the HTTPS Parameters menu Field Description HTTPS TCP Port Enter the port via which the HTTPS connection
550. s work independently without an access point on a peer to peer basis Ad hoc mode is also known as IBSS mode Independent Ba sic Service Set and makes sense for the smallest networks e g if two notebooks are to be linked to each other without an access point Asymmetric digital subscriber line Authentication header Display unit e g for T Concept PX722 system telephone able to display letters and other characters as well as digits For the connection of analogue terminals such as telephone fax and answering machine Terminals that transmit voice and other information analogously e g telephone fax machine answering machine and modem To transmit voice via the telephone acoustic oscillations are conver ted to continuous electrical signals which are transmitted via a net work of lines digital voice transmission If you want to call your employees or family members to a meeting or the dinner table you could call each one of them individually or simply use the announcement function With just one call you reach all the announcement enabled telephones without the subscribers having to pick up the receiver Announcement func Performance feature of a PBX On suitable telephones e g system tion Answering machine AOC D AOC D E AOC E ARP Assignment Asynchronous ATM Attention tone Authentication Authorisation Auto Attendant Automatic callback Automatic callback on busy telephones announ
551. same name i e that your local ID and the peer ID your partner configures for you are identical Alive Check During communication between two IPSec peers one of the peers may become unavail able e g due to routing problems or a reboot However this can only be detected when the end of the lifetime of the security connection is reached Up until this point the data packets are lost These are various methods of performing an alive check to prevent this happening In the Alive Check field you can specify whether a method should be used to check the availability of a peer Two methods are available Heartbeats and Dead Peer Detection Teldat GmbH 18 VPN The menu Advanced Settings consists of the following fields Fields in the Advanced Settings menu Field Description Alive Check Only for Phase 1 IKE Parameters Select the method to be used to check the functionality of the IPSec connection In addition to the default method Dead Peer Detection DPD the proprietary Heartbeat method is implemented This sends and receives signals every 5 seconds depending on the config uration If these signals are not received after 20 seconds the SA is discarded as invalid Possible values e Autodetect default value Your device detects and uses the mode supported by the remote terminal e Inactive Your device sends and expects no heartbeat Set this option if you use devices from other manufacturers e Heartbeats Expe
552. se For the sending of queries enter the time interval in seconds bintec Rxxx2 RTxxx2 16 Multicast Teldat GmbH Field Description Time within which hosts must respond The hosts randomly select a time delay from this interval before sending the response This spreads the load in networks with several hosts improving per formance Possible values are 0 0 to 25 0 The default value is 10 0 Robustness Select the multiplier for controlling the timer values A higher value can e g compensate for packet loss in a network suscept ible to loss If the value is too high however the time between logging off and stopping of the data traffic can be increased leave latency Possible values are 2 to 8 The default value is 2 Last Member Query In Define the time after a query for which the router waits for an terval answer If you shorten the interval it will be more quickly detected that the last member has left a group so that no more packets for this group should be forwarded to this interface Possible values are 0 0 to 25 0 The default value is 1 0 IGMP State Limit Limit the number of reports queries per second for the selected interface Mode Specify whether the interface defined here only works in host mode or in both host mode and routing mode Possible values e Routing default value The interface is operated in Routing mode e Host The interface is only operated in host mode IGMP Proxy IG
553. se a less powerful client e g a 802 11a client is treated in the same way when apportioning The function is enabled with Enabled The function is disabled by default This fuction is only applied to unprioritized frames of the WMM Classe Background The menu Advanced Settings consists of the following fields Fields in the menu Advanced Settings Field Description Channel Plan Select the desired channel plan The channel plan makes a preselection when a channel is se 13 Wireless LAN Controller Teldat GmbH Field Description lected This ensures that no channels overlap i e a distance of four channels is maintained between the channels used This is useful if more access points are used with overlapping radio cells Possible values e A11 All channels can be dialled when a channel is selected e Auto Depending on the region operation band wireless mode and bandwidth the channels that have a distance of 4 channels are provided e User defined You can select the desired channels your self User Defined Channel Plan Only for Channel Plan User defined The currently selected channels are displayed here With Add you can add channels If all available channels are displayed you cannot add any more entries You can also delete entries using the icon Beacon Period Enter the time in milliseconds between the sending of two beacons This value is transmitted in Beacon and Probe Response Fra
554. se of filter configuration and classification in the Proventia web filter In standard con figuration neither of the two lists contains entries Use the Add button to add further URLs or IP addresses to the list General Filter List Black White List History URL IP Address Blacklisted Whitelisted O m Add OK Cancel Fig 180 Local Services gt Web Filter gt Black White List gt Add The Local Services gt Web Filter gt Black White List gt Addmenu consists of the following fields Fields in the Black White List menu Field Description URL IP Address You enter a URL or IP address The length of the entry is limited to 60 characters Blacklisted You can select whether an URL or IP Address can always Whitelisted or never Blacklisted be called up Whitelisted Whitelistedis enabled by default Addresses listed in the White List are allowed automatically It is not necessary to configure a suitable filter 21 5 4 History In the Local Services gt Web Filter gt History menu you can view the recorded history of the web filter The history logs all requests that are marked for logging by a relevant filter Action Allow and Log likewise all rejected requests General Filter List Black White List History View ko per page Fitter in None equal y Go No Date Time Source URL Category Result Page 1 Fig 181 Local Services gt Web Filter gt History 21 6 CAPI S
555. self out when configuring filters If possible access your gateway for filter configuration over the serial console interface or ISDN Login 14 5 1 Access Filter This menu is for configuration of access filter Each filter describes a certain part of the IP traffic and defines for example the IP addresses the protocol the source port or the des tination port A list of all access filters is displayed in the Networking gt Access Rules gt Access Filter menu Access Filter Rule Chains Interface Assignment view 20 per page LIL Fiter in None equal Index Description Source Destination TOS Decimal Value Page 1 Fig 89 Networking gt Access Rules gt Access Filter 14 5 1 1 Edit or New Choose the i icon to edit existing entries To configure access fitters select the New but ton bintec Rxxx2 RTxxx2 Access Filter Rule Chains Interface Assignment Basic Parameters Description Service User defined v Protocol Any v Destination IP Address Netmask Any v Any v Source IP Address Netmask DSCP TOS Filter Layer 3 ignore y COS Filter 802 1 piLayer 2 ignore v oK cancel Fig 90 Networking gt Access Rules gt Access Filter gt New The Networking gt Access Rules gt Access Filter gt Newmenu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter a description for the filter Serv
556. server time Summer time starts on the last Sunday in March by switching from 2 a m to 3 a m The calendar related or schedule related switches that are scheduled for the missing hour are then carried out Winter time starts on the last Sunday in October by switching from 3 a m to 2 a m The calendar related or schedule related switches that are scheduled for the additional hour are then carried out If a value other than Universal Time Coordinated UTC option UTC x has been chosen for the Time Zone the switch from summer to winter time must be carried out manually when required Time server You can obtain the system time automatically e g using various time servers To ensure bintec Rxxx2 RTxxx2 Teldat GmbH 10 System Management that the device uses the desired current time you should configure one or more time serv ers Switching from summer time to winter time and back must be carried out manually if the time is derived using this method by changing the value in the Time Zone field with an option UTC or UTC Note If a method for automatically deriving the time is defined on the device the values ob tained in this way automatically have higher priority A manually entered system time is therefore overwritten The menu System Management gt Global Settings gt Date and Time consists of the fol lowing fields Fields in the Basic Settings menu Field Description Time Zone Select the time zone in which your devi
557. services are approved for activa tion while in the case of just one bit it is just the one selected ser vice Menu driven tool for the configuration of your gateway The Setup Tool can be used as soon as the gateway has been accessed serial ISDN Login LAN See HMAC SHA Single Pair High Speed Is the defined amount of time after which a connection is cleared if no more data is transmitted Short hold can be set to static fixed amount of time or dynamic according to charging information Simultaneous signalling All assigned terminals are called simultan eously If a telephone is busy call waiting can be used This connection can only be used for an ISDN telephone only T Concept PX722 system telephones with a simplex function If you call an ISDN telephone with a simplex function this automatically Glossary SIP SMS SMS receipt SMS server tele phone numbers SNMP SNMP shell So bus Teldat GmbH activates the Loudspeaker function so that a conversation can take place immediately Please see the information on the telephone user s guide on the simplex operation function Session Initiation Protocol Short Message Service If you have connected an SMS enabled terminal you can decide whether SMS receipt is to be permitted for the connection The ex works setting is no SMS receipt To receive an SMS with your SMS enabled terminal you must register once with the T Com SMS Ser vice One time registration
558. signed temporarily by DHCP Network components such as the web server or printer usually have static IP address while clients such as note books or workstations usually have dynamic IP addresses E1 European variant of the 2 048 mbps ISDN Primary Rate Inter face which is also called the E1 system Electronic Code Book mode Explicit Call Transfer This performance feature allows two external connections to be transferred without blocking the two B channels of the exchange connection Electronic mail Emergency numbers You urgently need to contact the policy fire brigade or another tele Encapsulation Encryption Entry of external connection data ESP ESS Ethernet phone number To make things worse all the connections are busy However you have informed your PBX of the telephone numbers that need to be contactable in an emergency If you now dial one of these numbers it is recognised by the PBX and a B channel of the T ISDN is automatically freed up for your emergency call Emer gency calls are not subject to configuration restrictions If Calling with prefix plus code number is set for a a connection the internal connection is busy To make an external call first dial O and then the required emergency number Encapsulation of data packets in a certain protocol for transmitting the packets over a network that the original protocol does not dir ectly support e g NetBIOS over TCP IP Refers to the encryptio
559. sing HTTP the Dime Manager automatically logs in to the devices on your behalf System software files and configuration files can be managed individually as required or in logical groups for devices of the same type You can find the Dime Manager on the enclosed product DVD 2 bintec Rxxx2 RTxxx2 Teldat GmbH 2 About this guide Chapter 2 About this guide This document is valid for Teldat devices with system software as of software version 9 1 2 The Reference which you have in front of you contains the following chapters User s Guide Reference Chapter Description Introduction About this guide Installation Basic configuration Reset Technical data Variable switching of SO interfaces Access and configura tion Assistants System Management Physical Interfaces LAN Wireless LAN Control ler Networking Routing Protocols Multicast You see an overview of the device We explain the various components of this manual and how to use it This contains instructions for how to set up and connect your device This chapter provides a step by step guide to the basic func tions on your device This chapter explains how to reset your device to the ex works state This section contains a description of all the device s technical properties This section describes how to switch the SO interfaces from ex ternal to internal This includes explanations about the different access and con
560. specified The entry can also start with the wildcard e g teldat de If a name is entered without a dot this is completed with OK lt Name gt after confirmation Entries with spaces are not allowed In this entry select the type of response to DNS requests Possible values e Negative A DNS request for DNS Hostname gets a negat ive response e Positive default value A DNS request for DNS Host name is answered with the related IP Address e None A DNS request is ignored no answer is given Only if Response Positive Enter the IP address assigned to DNS Hostname Enter the validity period of the assignment from DNS Hostname to IP Address in seconds only relevant for Response Pos itive transmitted to requesting hosts The default value is 86400 24 h 21 1 4 Domain Forwarding In the Local Services gt DNS gt Domain Forwardingmenu a list of all configured forward ings for defined domains is displayed Teldat GmbH 21 Local Services 21 1 4 1 New Choose the New button to set up additional forwardings Global Settings DNS Servers Static Hosts Domain Forwarding Cache Statistics Forwarding Parameters Forward Host Domain Host Forward to O Interface DNS Server Interface Automatic v oK Cancel Fig 168 Local Services gt DNS gt Domain Forwarding gt New The menu Local Services gt DNS gt Domain Forwarding gt New consists of the following fields Fields in the
561. splays a list of all IP pools for PPTP connections Your device can operate as a dynamic IP address server for PPTP connections You can use this function by providing one or more pools of IP addresses These IP addresses can be assigned to dialling in connection partners for the duration of the connection Any host routes entered always have priority over IP addresses from the address pools This means if an incoming call has been authenticated your device first checks whether a host route is entered in the routing table for this caller If not your device can allocate an IP address from an address pool if available If address pools have more than one IP ad dress you cannot specify which connection partner receives which address The ad dresses are initially assigned in order If a new dial in takes place within an interval of one hour an attempt is made to allocate the same IP address assigned to this partner the last time Choose theAdd button to set up new IP pools 18 VPN Teldat GmbH 18 3 3 1 Edit or New Choose theNew button to set up new IP address pools Choose the Fz icon to edit existing entries PPTP Tunnels Options IP Pools Basic Parameters IP Pool Name IP Address Range Primary DNS Server Secondary e OK Cancel Fig 144 VPN gt PPTP IP Pools gt New Fields in the menu Basic Parameters Field Description IP Pool Name Enter any description to uniquely identify the IP pool IP Address Range
562. sponds in the menu to the Local Address field is translated to External Address The External Address is not shown if the field Associated Line lt SIP Account gt is set In this case the User Name of the selected SIP Account is used as External Address 20 2 6 ISDN Trunks The ISDN Trunks menu is only displayed if you device has at least two ISDN connections in point to point mode BRI or PRI which are configured as TE party line or NT Note by Note that for BRI connections the connection mode NT mode or TE mode must be set by jumper in the device In this menu the ISDN party lines bundles are defined 20 2 6 1 Edit or New Choose the ry icon to edit existing entries Select the New button to create a new party line Extensions SIP Accounts Call Routing CLID Translation Call Translation ISDN Trunks Options Basic Parameters Description ISDN Mode External C OK C Cancei_ _ Fig 162 VolP gt Media Gateway gt ISDN Trunks The VolP gt Media Gateway gt ISDN Trunks menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the name of the party line The maximum number of characters is 40 ISDN Mode Select the mode in which the party line is to be operated Possible values e Extern default value Point to Point TE connection telecom party line e TrunkPoint to Point NT connection for connection of a PABX Members
563. ss Channel Search Channel Status Action Choose whether the selected Access Pont is to be managed by the WLAN Controller by clicking the e but ton or the button in the Action column You can disconnect the Access Point from the WLAN Controller and therefore remove it from your WLAN infrastructure by click on the button The Access Point then receives the Discovered status but is no longer Managed Click on the START button under Channel reallocation in order to reassign any assigned channels e g when a new access point has been added Possible values for Status Status Meaning Discovered The AP has registered at the wireless LAN controller The con troller has prompted the required parameters from the AP Initialising The WLAN controller and the APs communicate via CAPWAP The configuration is transferred and enabled to the APs Managed The AP is set to Managed status The controller has sent a configuration to the AP and has enabled this The AP is man aged centrally from the controller and cannot be configured via the GUI No License Available The AP does not have an unassigned licence for this AP Offline The AP is either administratively disabled or switched off or has its power supply cut off etc 13 3 1 1 Edit Choose the icon to edit existing entries You can also delete entries using the icon If you have deleted APs these will be loc ated again but shall not be configured Slave Access
564. ss network Possible values e Inactive default value Neither encryption nor authentica tion e WEP 40 WEP 40 bits e WEP 104 WEP 104 bits WPA PSK WPA Preshared Key WPA Enterprise 802 11x Teldat GmbH 13 Wireless LAN Controller Field Description Transmit Key Only for Security Mode WEP 40 or WEP 104 Select one of the keys configured in WEP Key as a standard key The default value is Key 1 WEP Key 1 4 Only for Security Mode WEP 40 WEP 104 Enter the WEP key Enter a character string with the right number of characters for the selected WEP mode For WEP 40 you need a character string with 5 characters for WEP 104 with 13 characters e g hellofor WEP 40 teldat wep1 for WEP 104 WPA Mode Only for Security Mode wPA PSK and WPA Enterprise Select whether you want to use WPA with TKIP encryption or WPA 2 with AES encryption or both Possible values WPA and WPA 2 default value WPA and WPA 2 can be used e WPA Only WPA is used e WPA 2 Only WPA2 is used WPA Cipher Only for Security Mode wPA PSK and WPA Enterprise and for WPA Mode wPAand WPA and WPA 2 Select the type of encryption you want to apply to WPA Possible values e TKIP default value TKIP is used e AES AES is used WPA2 Cipher Only for Security Mode wPA PSK and WPA Enterprise and for WPA Mode WPA 2and WPA and WPA 2 Select the type of encryption you want to apply to WPA2 Possible values
565. ssary certific ates are already available in the system you select these manually RA Sign Certificate Only for Mode SCEP Only for CA Certificate not Download Select a certificate for signing SCEP communication The default value is Use CA Certificate i e the CA certificate is used RA Encrypt Certificate Only for Mode SCEP Only if RA Sign Certificate not Use CA Certificate If you use one of your own certificates to sign communication with the RA you can select another one here to encrypt com munication The default value is Use RA Sign Certificate i e the same certificate is used as for signing Password Only for Mode SCEP You may need a password from the certification authority to ob tain certificates for your keys Enter the password you received from the certification authority here Fields in the Subject Name menu Field Description Custom Select whether you want to enter the name components of the subject name individually as specified by the CA or want to enter a special subject name If Enabled is selected a subject name can be given in Sum mary with attributes not offered in the list Example CN VPNServer DC mydomain DC com c DE 10 System Management Teldat GmbH Field Description If the field is not selected enter the name components in Com mon Name E mail Organizational Unit Organization Loc ality State Province and Country The function is disabled
566. sting subscribers is displayed in the VoIP gt Media Gateway gt Extensions menu 20 2 1 1 Edit or New Choose the icon to edit existing entries Select the New button to create new exten sions Extensions SIP Accounts Call Routing CLID Translation Call Translation ISDN Trunks Options Basic Parameters Description TT Extension User Name Interface Type OsIiP O analogue Registration Menabled Expire Time joc F ti i S Seconds Authentication ID Password L j Protocol Port 5060 Advanced Settings Codec Settings a Codec Proposal Sequence Default Quality O Lowest O Highest pe eaaa a a a n a a Sort Order Do 726 32 Do zz6 24 Doz2 16 CI DTMF outband Cl sRTP A Voice Quality Settings Echo Cancellation MEnabled Comfort Noise Generation CNG El Enabled Packet Size po ms 4 OK Cancel Fig 157 VoIP gt Media Gateway gt Extensions gt 2 New bintec Rxxx2 RTxxx2 20 VoIP Teldat GmbH The VoIP gt Media Gateway gt Extensions gt g New menu consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter the name of the extension Extension User Name ISDN terminals Enter the subscriber number the extension SIP terminals Enter the user name A maximum of 40 characters can be entered Interface Type Select the inter
567. stration and authentication are not then needed and the Registration function is disabled An example of this method is Microsoft Exchange SIP Expire Time Only if Registration is enabled Enter the time in seconds after which the current registration be comes invalid and a new registration request is therefore sent Possible values are 0 to 38400 The default value is 600 In answer to a REGISTER request a server can set another Ex pire Time which overwrites the setting here Fields in the Trunk Settings menu Field Description SIP Header Field s for Only for Trunk Mode Client Server or gw trunk Caller Address Select the position of the sender ID e g subscriber number in the SIP header for outgoing calls For incoming calls the sub scriber number is taken automatically from the SIP header Possible values e Disabled default value the sender ID is not sent Teldat GmbH 20 VoIP Field Description e Display and User Name The sender ID is placed in both Display and User fields of the SIP header e Display only The sender ID is placed in the Display field of the SIP header e User only The sender ID is sent in the User field of the SIP header e P Preferred The so called p preferred identity field is ad ded to the SIP header and contains the sender ID e P Asserted The so called p asserted identity field is ad ded to the SIP header and contains the sender ID Call Number Only fo
568. subnet from X X X 1 tO X X X 254 Subscriber Name To distinguish between connections more easily you can assign a subscriber name for each internal subscriber Suppress A CLIP CLIR Calling line identification presentation calling line identi telephone number fication restriction CLIR Teldat GmbH Suppress B tele phone number COLR Suppress own tele phone number Suppression of the telephone number Switch Switchable dialling method Synchronous Syslog System telephones T DSL T Fax T ISDN Glossary COLP COLR Connected line identification presentation connected line identification restriction Activate suppress transmission of called party s telephone number to caller This performance feature suppresses the display of the called subscriber s telephone number If display of the B telephone number is suppressed your telephone number is not transmitted to the caller when you take a call Temporary deactivation of the transmission of your own telephone number Performance feature of a PBX The display of the telephone number can be deactivated on an individual basis LAN switches are network components with a similar function to bridges or even gateways They switch data packets between the in put and output port In contrast to bridges switches have several in put and output ports This increases the bandwidth in the network Switches can also be used for conversion between networks with diff
569. t value is 1812 Teldat GmbH 10 System Management Field VENTO Server Timeout Enter the maximum wait time between ACCESS_REQUEST and response in milliseconds After timeout the request is repeated according to Retries or the next configured RADIUS server is requested Possible values are whole numbers between 50 and 50000 The default value is 1000 1 second Alive Check Here you can activate a check of the accessibility of a RADIUS server in Status Down An Alive Check is carried out regularly every 20 seconds by sending an ACCESS_ REQUEST to the IP address of the RADI US server If the server is reachable Status is set to alive again If the RADIUS server is only reachable over a switched line dialup connection this can cause additional costs if the server is down for a long time The function is activated by selecting Enabled The function is enabled by default Retries Enter the number of retries for cases when there is no response to a request If an response has still not been received after these attempts the Status is set to down In Alive Check Enabled your device attempts to reach the server every 20 seconds If the server responds Status is set back to alive Possible values are whole numbers between 0 and 10 The default value is 1 To prevent Status being set to down set this value to 0 RADIUS Dialout Only for Authentication Type PPP Authentication and IPSec Authentication Select wheth
570. t whether the setup and operation of several simultan eous outgoing PPTP connections from hosts in the network are also to be permitted if NAT is activated The function is disabled by default Teldat GmbH 14 Networking Field Description If PPTP Passthrough is enabled the device itself cannot be configured as a tunnel endpoint Port Shows the number of portforwarding rules configured in Net working gt NAT gt NAT Configuration 14 2 2 NAT Configuration In the Networking gt NAT gt NAT Configuration menu you can exclude data from NAT simply and conveniently as well as translate addresses and ports For outgoing data traffic you can configure various NAT methods i e you can determine how an external host es tablishes a connection to an internal host 14 2 2 1 New Choose the New button to set up NAT NAT Interfaces NAT Configuration Basic Parameters Description Interface Any v Type of traffic incoming Destination NAT Specify original traffic Service User defined Protocol any y Source IP Address Netmask Tany S Original Destination IP Address Netmask Tany Y Replacement Values New Destination IP Address Netmask Host w 0 0 0 0 OK Cancel Fig 82 Networking gt NAT gt NAT Configuration gt New The menu Networking gt NAT gt NAT Configuration gt New consists of the following fields Fields in the Basic Parameters menu Field Description Description Enter a description for the NAT conf
571. ta networks such as T Online Known mainly from the Internet bintec Rxxx2 RTxxx2 bintec Rxxx2 RTxxx2 NetBIOS Netmask Network Network address Network termination NTBA Neiz Direkt keypad functions NMS Notebook function NT NTBA NTP OAM Offline Online Online banking Online Pass Online services OSI model Network Basic Input Output System The second part of an address in an IP network used for identifica tion of a device e g 255 255 255 0 See also IP address Your PBX has a DSL router so that one or more PCs can surf the In ternet and download information A network address designates the address of a complete local net work In telecommunications the network termination is the point at which access to a communication network is provided to the terminal You can use the Netz Direkt keypad function automatic external line access to enter a key sequence from your ISDN or analogue telephone to use current T ISDN functions For more information on this consult your T Com client advisor and request the necessary codes e g call forwarding in the exchange Network Management Station During a telephone call a telephone number can be entered in the telephone s buffer so that it can be dialled at a later point in time Network Termination Network Termination for Basic Access Network Time Protocol Operation and Maintenance Without connection Connectionless operating st
572. tatus 260 Ignore Certificate Request Payloads 359 IKE Phase 1 534 IKE Phase 1 SAs 532 Image already exists 187 Import external routes 248 Import summary routes 248 Include certificates and keys 510 Incoming Number 486 Incoming ISDN Number 377 Incoming Phone Number 339 Incoming Service Type 120 Index Variables 462 467 Interface 87 88 91 152 160 190 195 197 199 208 220 234 242 257 263 323 388 434 437 442 447 467 481 483 488 492 535 536 539 540 541 542 545 546 550 551 551 Interface Action 481 Interface Mode 146 434 Interface Status 462 Interface Traffic Condition 462 Interface Type 404 Interface Description 86 Interface Assignment 233 Interface Connection Information Link 72 Interface is UPnP controlled 488 Interface Mode Bridge Groups 84 Interface Selection 236 Interface Specific States 549 Interfaces 86 145 217 250 316 391 481 488 518 536 Internal Port 401 Internal IP Address 401 Index Internal Log 530 Internal Time Server 80 Internet Dialup 269 Internet Key Exchange 327 Interval 462 467 479 484 Intra cell Repeating 175 Invalid DNS Packets 439 IP Compression 352 IP Accounting 518 IP Configuration 145 IP Address 249 307 308 436 451 500 516 527 539 545 546 IP Address Assignment 330 IP Address Mode 274 279 284 289 297 366 374 IP Address Range 303 356 374 380 446
573. tch ports as one interface or to logically separ ate these from each other and to configure them as independent Ethernet interfaces During configuration please note the following The splitting of the switch ports into several Ethernet interfaces merely logically separates these from each other The available total bandwidth of max 1000 mbps full duplex for all resulting interfaces remains the same For example if you split all the switch ports from each other each of the resulting interfaces only uses a part of the total bandwidth If you group together several switch ports into one interface the full bandwidth of max 1000 mbps full duplex is available for all the ports to gether Port Configuration Automatic Refresh Interval 60 Seconds Apply Switch Configuration Switch Port Ethernet Interface Selection Configured Speed Mode Current Speed Mode Flow Control 1 Jen 0 4 Full Autonegotiation v Down Disabled Y 2 en1 0 m FullAutonegotiation 100 mbps FullDuplex Disabled Y 3 mo Furautonegotiaion gt Down Disabled v 4 feni 0 Y FullAutonegotiation Dawn Disabled Y 5 fent 4 Y Full Autonegotiation Down Disabled v oK Cancel Fig 50 Physical Interfaces gt Ethernet Ports gt Port Configuration The menu Physical Interfaces gt Ethernet Ports gt Port Configuration consists of the fol lowing fields Fields in the Switch Configuration menu Field Description Switch Port Shows the respective switch port The numbe
574. ted Apply Fig 178 Local Services gt Web Filter gt General The Local Services gt Web Filter gt Generalmenu consists of the following fields Fields in the Web Filter Options menu Field Description Web Filter Status Filtered Input Inter face s Activate or deactivate the filter The function is activated by selecting Enabled The function is disabled by default Select for which of the existing Ethernet and WLAN interfaces web filtering is to be activated bintec Rxxx2 RTxxx2 21 Local Services Teldat GmbH Field Description Press the Add button to add more interfaces The requests from http Internet pages that reach your device via these interfaces are then monitored by web filtering Maximum Number of Define the number of entries to be saved in the web filtering his History Entries tory History menu Possible values are 1 to 512 The default value is 64 URL Path Depth Select the path length to which a URL is to be checked by the Cobion Orange Filter Action if server not Select which is to be done with URL requests if the web filtering reachable server cannot be reached Possible values e Allow all default value Callup is permitted e Block all Callup of the requested page is blocked e Log all Callup is permitted but logged Action if license not re Select what is to be done with URL requests if the licence key gistered status is Not Valid Possible values e Allow all def
575. terface an ETH5 interface four ISDN BRI interfaces as well as a DSL interface The connections are arranged as follows BEE EE I oF dt ot tl 1 23 4 5 5 6 6 8 9 Fig 8 Front of bintec RT3002 Front of bintec RT3002 bintec RT3502 1 CONSOLE Serial interface 2 POWER STATUS LED display for power and status 3 RESET Reset button 4 ETH5 Ethernet interface 5 ETH1 ETH4 10 100 1000 Base T Ethernet interface 6 BRI1 BRI4 ISDN BRI interface 8 DSL DSL interface ADSL2 interface for bintec RT3002 VDSL2 interface for bintec RT3502 9 LED LED display bintec R4402 has a 4 port Ethernet switch a serial interface an ETH5 interface two ISDN BRI interfaces and two ISDN PRI interfaces The connections are arranged as follows bintec Rxxx2 RTxxx2 1 Fig 9 Front of bintec R4402 I 23 4 5 Front of bintec R4402 1 CONSOLE Serial interface 2 POWER STATUS LED display for power and status 3 RESET Reset button 4 ETH5 Ethernet interface 5 ETH1 ETH4 10 100 1000 Base T Ethernet interface 6 BRI1 BRI2 ISDN BRI interface 7 PRI1 PRI2 ISDN PRI interface 9 LED LED display bintec RT4202 has a 4 port Ethernet switch a serial interface an ETH5 interfac
576. termine whether the NAT configuration of this interface is trolled controlled by UPnP The function is enabled with Enabled The function is disabled by default 21 10 2 General In this menu you make the basic UPnP settings Interfaces General Basic Parameters UPnP Status Enabled UPnP TCP Part 5678 OK Cancel Fig 193 Local Services gt UPnP gt General The Local Services gt UPnP gt Generalmenu consists of the following fields Fields in the General menu Field Description UPnP Status Decide how the gateway processes UPnP requests from the LAN The function is enabled with Enabled The gateway proceeds with UPnP releases in accordance with the parameters con tained in the request from the LAN UPnP client independently of the IP address of the requesting LAN UPnP client The function is disabled by default The gateway rejects UPnP requests NAT releases are not made UPnP TCP Port Enter the number of the port on which the gateway listens for UPnP requests The possible values are 1 to 65535 the default value is 5678 21 Local Services Teldat GmbH 21 11 HotSpot Gateway The HotSpot Solution allows provision of public Internet accesses using WLAN or wired Ethernet The solution is adapted to setup of smaller and larger Hotspot solutions for cafes hotels companies communal residences campgrounds etc The HotSpot Solution consists of a Teldat gateway installed onsite with its own WLAN ac
577. terval 60 Seconds Apply View 20 per page Filter in None v equal v Go Select all Description IP Address Response TTL Reference Counter Deselect all Make static T Page 1 OK Cancel Fig 169 Local Services gt DNS gt Cache You can select individual entries using the checkbox in the corresponding line or select them all using the Select all button A dynamic entry can be converted to a static entry by marking the entry and confirming with Make static This corresponding entry disappears from the list and is displayed in the list in the Static Hosts menu The TTL is transferred Teldat GmbH 21 Local Services 21 1 6 Statistics Global Settings DNS Servers Static Hosts Domain Forwarding Cache Statistics Automatic Refresh Interval jo Seconds Apply DNS Statistics Received DNS Packets 0 Invalid DNS Packets 0 DNS Requests 0 Cache Hits 0 Forwarded Requests 0 Cache Hitrate 9 0 Successfully Answered Queries 0 Server Failures 0 Fig 170 Local Services gt DNS gt Statistics In the Local Services gt DNS gt Statisticsmenu the following statistical values are dis played Fields in the DNS Statistics menu Field Description Received DNS Packets Shows the number of received DNS packets addressed direct to your device including the response packets for forwarded re quests Invalid DNS Packets Shows the number of invalid DNS packets received and ad dressed direct to your device DNS Requests Show
578. this radio module No more new wire less networks can be created and a warning message will ap pear if the maximum number of clients is reached Teldat GmbH 13 Wireless LAN Controller Field Description Possible values are whole numbers between 1 and 254 The default value is 32 Max number of clients soft limit Not all devices support this function To avoid a radio module being fully utilised you can set a soft restriction on the number of connected clients If this number is reached new connection queries are initially rejected If the cli ent cannot find another wireless network and therefore repeats its query the connection is accepted Queries are only definit ively rejected when the Max number of clients hard limit is reached The value of the Max number of clients soft limit must be the same as or less than that of the Max number of clients hard limit The default value is 28 You can disable this function if you set Max number of clients soft limit and Max number of clients hard limit to identical values Client Band select Not all devices support this function This function requires a dual radio setup where the same wire less networkis configured on both radio modules but in different frequency bands The Client Band select option enables clients to be moved from the frequency band originally selected to a less busy one providing the client supports this To achieve a changeover
579. tings with OK 5 Click the Save configuration button to save all of the configuration settings You can use the MAC Bridge The System Management gt Interface Mode Bridge Groups gt Interfaces gt menu consists of the following fields Fields in the Layer 2 5 Options menu Field Value Interface Shows the interface that is being edited Wildcard Mode Select the Wildcard mode you want to use on the interface Possible values none default value Wildcard mode is not used e static With this setting you must enter the MAC address of a device that is connected over IP under Wildcard MAC Ad dress Each packet without IP and without ARP is forwarded to this device This occurs even when the device is no longer connected e first lf you choose this setting the MAC address of the first non IP unicast frame or non ARP unicast frame which occurs Teldat GmbH 10 System Management Field VENTO on any of the Ethernet interfaces is used as the wildcard MAC address This wildcard MAC address can only be reset by rebooting the device or by selecting another wildcard mode last If you choose this setting the internal WLAN MAC ad dress is used to establish a connection to the access point As soon as a non IP unicast frame or non ARP unicast frame ap pears it is forwarded to the MAC address from which the last non IP unicast frame or non ARP unicast frame was received on the Ethernet interface of the device Th
580. tion Algorithms Y 3DES Y Blowfish 4 AES 128 L AES 256 Hashing Algorithms IMDS5 YI SHA 1 RipeMD160 Dropdown menus e g Configured Speed Mode Full Autonegotiation le Full Autonegotiation se Full Autonegotiation pe Full Autonegotiation v Click the arrow to open the list Select the required option using the mouse Internal lists e g Remote IP Address Netmask 255 255 255 0 m Add Click ada gt A new list entry is created Enter the correspond ing data If list input fields remain empty these are not saved when you confirm with OK Delete the entries by clicking the icon Display of options that are not available Options that are not available because they depend on the selection of other options are generally hidden If the display of these options could be helpful for a configuration de cision they are instead greyed out and cannot be selected Important Please look at the messages displayed in the sub menus These provide information on any incorrect configurations Warning symbols 8 Access and configuration Teldat GmbH Symbol Meaning O This symbol appears in messages referring you to settings that were made with the Setup Tool A This symbol appears in messages referring you to the fact that values were entered or selected incorrectly Pay particular attention to the following message Warning Changes not supported by the Setup Tool If you change them with the GUI this can
581. tisement 496 VRRP router 496 WwW Walled Garden 492 Walled Garden URL 492 Walled Network Netmask 492 WAN 269 Web Filter 452 Web Filter Status 453 Weight 223 WEP Key 1 4 176 Whitelisted 457 Wildcard 443 Wildcard Mode 88 Wildcard MAC Address 88 WINS Server 431 Wire Mode 142 Wireless Mode 170 Wireless Networks VSS 174 182 WLC SSID 467 WMM 175 WPA Cipher 176 WPA Mode 176 WPA2 Cipher 176 Write certificate in configuration 467 Xx X 31 X 25 in D Channel 128 X 31 TEI Service 128 X 31 TEI Value 128 X 75 Layer 2 Mode 133 XAUTH Profile 334 XAUTH Profiles 354 Z Zero Cookie Size 358 bintec Rxxx2 RTxxx2
582. to your Internet Service Provider ISP as a default route If for example you configure a cor porate network connection only enter the route to the head office or branch office as a de fault route if you do not configure Internet access over your device If for example you configure both Internet access and a corporate network connection enter a default route to the ISP and a network route to the head office You can enter several default routes on your device but only one default route can be active at any one time If you enter several default routes you should thus note differing values for Metric 14 1 1 IPv4 Routes A list of all configured routes is displayed in the Network gt Routes gt IPv4 Routes menu 14 1 1 1 Edit or New Choose the yp icon to edit existing entries Choose the New button to create additional routes Options Basic Parameters Route Type Network Route via Interface Interface None v Route Class standard O Extended Destination IP Address Netmask ee A Local IP Address booo Metric pa 4 OK Y Cancel Fig 77 Network gt Routes gt IPv4 Routes gt New with Extended Route Standard bintec Rxxx2 RTxxx2 If the Extendedoption is selected for the Route Class an extra configuration section opens IPv4 Route Configuration IPv4 Routing Table Options Basic Parameters Route Type Network Route via Interface v Interface None Route Class O Standard O Extended Route
583. to Rd Ai a 256 16 2 IGMP nt 3 oe Baht ty BR Seed Fab le a ed 256 16 2 1 IGMP ond ts dye BS Base ae Ra Wo a N a Pe ay Rd 257 16 2 2 Options 2 4 wel Poa Uy Rise EA SE en el Ra AR AD 259 16 3 Forwarding 29 0 8 2 Bee a Popup eo pua k 261 16 3 1 Forwarding 4 4 40 04 8 bos dee e ee ee 261 16 4 PIM eg sala A eho Ge we al ee bas Bn 262 16 4 1 PIM Interfaces i s woe od eae A ee Gee Soa a E A E 262 16 4 2 PIM Rendezvous Points a a a a ee 266 16 4 3 PIM OptionS lt 22 40 eon A eee 267 Chapter 17 WAN teehee A eee A GA Gee A ee BO Le 269 bintec Rxxx2 RTxxx2 17 1 Internet Dialup o o ir Bete at ack te A A EA a 269 17 1 1 PPPOE co Zei am a e vt EM Eatin eee gp aw ENN ada E 271 17 1 2 PPa Pd lt 2 a util e it o EP a bee he a Na a 277 17 1 3 PPPOA 2 ar a rra ph BiG ca BS da E 282 17 1 4 ISDN Gi ai Gp ey wrote a RD ceeds tee EE ee ee ae a E 286 17 1 5 AU MEA re E Bde atte he ae A ee oe da A PE 295 17 1 6 IP POOS 2 000 ri As a A ee 8 302 172 ATM e te e ad oe ioe t di att ele 303 17 2 1 Profiles 2 A das a E a a 304 17 2 2 Service Categories aooo a a a a 309 17 2 3 OAM Controlling rocio cc lee a ke a a o eee eet en Ai 311 17 3 eased Line 6 a tii wb eis at he who A wes at het cts 315 173 1 Interfaces 200 Els dado a E ot ys BD eh hd ee E Be 316 174 Real Time Jitter Control 2 2 ee 322 17 4 1 Controlled Interfaces 2 2 ee 322 Chapter 18 SPN a bale lili boas T ba da 324 18 1 IPS G Soe
584. to specific hosts in case of error Moreover you can pre pare your device for monitoring with the activity monitor 23 1 Syslog Events in various subsystems of your device e g PPP are logged in the form of syslog messages system logging messages The number of messages visible depends on the level set eight steps from Emergency over Information to Debug In addition to the data logged internally on your device all information can and should be transmitted to one or more external PCs for storage and processing e g to the system ad ministrator s PC The syslog messages saved internally on your device are lost when you reboot Warning Make sure you only pass syslog messages to a safe computer Check the data regu larly and ensure that there is always enough spare capacity available on the hard disk of your PC Syslog Daemon All Unix operating systems support the recording of syslog messages For Windows PCs the Syslog Demon included in the DIME Tools can record the data and distribute to various files depending on the contents can be called in the download area at www teldat de 23 1 1 Syslog Servers Configure your device as a syslog server so that defined system messages can be sent to suitable hosts in the LAN In this menu you define which messages are sent to which hosts and with which condi tions A list of all configured system log servers displayed in the External Reporting gt Syslog gt Syslog S
585. tocol for any communication between mas ters and slaves In smaller WLAN infrastructures with up to six APs one of the AP s assumes the master function and manages the other AP s as well as itself In larger WLAN networks a gateway e g such as a R1202 assumes the master function and manages the AP s Provided the controller has located all of the APs in its system each of these shall re ceive a new passport and configuration in succession i e they are managed via the WLAN controller and can no longer be amended externally With the WLAN controller you can e automatically detect individual access points APs and connect to a WLAN network e Load the system software into the APs e Load the configuration into the APs e Monitor and manage APs Please refer to your gateway s data sheet to find out the number of APs that you can man age with your gateway s wireless LAN controller and details of the licenses required 13 1 Wizard The Wizard menu offers step by step instructions for the set up of a WLAN infrastructure The Wizard guides you through the configuration When you select the Wizard you will receive instructions and explanations on the separate pages of the Wizard Note We highly recommended that you use the Wizard when initially configuring your WLAN infrastructure Teldat GmbH 13 Wireless LAN Controller 13 1 1 Basic Settings Here you can configure all of the various settings that you require for the ac
586. tructure mode Inquiry Internal call tone Teldat GmbH host computer HyperText Transfer Protocol Network component used to connect several network components together to form a local network star shaped ISDN connection unit ISDN connection socket Internet Control Message Protocol Integrity Check Value You have to request this performance feature from T Com The company will provide you with further information on the procedure If you enter code 77 during a call or after the caller has ended a call you hear the engaged tone from the exchange the caller s tele phone number is stored in the exchange ISDN telephones can also use separate functions for this performance feature For more in formation on this function please see your user s guide The Institute of Electrical and Electronics Engineers IEEE A large global association of engineers which continuously works on stand ards in order to ensure different devices can work together Internet Engineering Task Force The index from 0 9 is fixed Every external multiple subscriber number entered is assigned to an index You need this index when configuring performance features using the telephone s codes e g configuring Call forwarding in the exchange or Define telephone number for the next external call A network in infrastructure mode is a network that contains at least one access point as the central point of communication and control In a network in
587. ttings e Information default value Fatal and simple errors of the SSH Daemon and information messages are recorded e Fatal Only fatal errors of the SSH Daemon are recorded e Error Fatal and simple errors of the SSH Daemon are re corded e Debug All messages are recorded Teldat GmbH 10 System Management 10 4 3 SNMP SNMP Simple Network Management Protocol is a network protocol used to monitor and control network elements e g routers servers switches printers computers etc from a central station SNMP controls communication between the monitored devices and monit oring station The protocol describes the structure of the data packets that can be transmit ted as well as the communication process The data objects queried via SNMP are structured in tables and variables and defined in the MIB Management Information Base This contains all the configuration and status variables of the device SNMP can be used to perform the following network management tasks e Surveillance of network components e Remote controlling and configuration of network components e Error detection and notification You use this menu to configure the use of SNMP Access SSH SNMP Basic Settings SNMP Version Vivi Mivac Viva SNMP Listen UDP Port 161 OK Cancel Fig 39 System Management gt Administrative Access gt SNMP The menu System Management gt Administrative Access gt SNMP consists of the follow ing fields Fiel
588. ttings e Everyday default value The filter is used every day of the week e lt Weekday gt The filter is used on a certain day of the week Only one day can be selected per filter several filters must be configured if several individual days are to be covered e Monday Friday The filter is used from Monday to Friday The default value is Everyday Schedule Start Stop In From enter the time at which the filter is to be activated The Time time is entered in the form hh mm Enter the time at which the filter is to be deactivated after the to in the field The time is entered in the form hh mm The default value is 00 00 to 23 59 Action Select the action to be executed if the filter matches a call Possible values e Block and Log default value The call of the requested page is prevented and logged e Allow and Log Callup is permitted but logged You can view the logged events in the Local Services gt Web Filter gt Filter List menu Teldat GmbH 21 Local Services Field Description e Allow Callup is allowed and not logged 21 5 3 Black White List The Local Services gt Web Filter gt Black White List menu contains a list of URLs or IP addresses as the case applies The addresses on the White List can also be called if they had been blocked because of filter configuration and classification in the Proventia web filter The addresses on the Black List remain blocked even if they could be called becau
589. tual wireless LAN controller The wireless LAN controller uses the following settings Region Select the country in which the wireless controller is to be operated Please note The range of channels that can be used varies depending on the country set ting Interface Select the interface to be used for the wireless controller DHCP Server Select whether an external DHCP server shall assign IP addresses to the APs or if you wish to assign fixed IP addresses yourself Alternatively you can use your device as a DH CP server For this internal DHCP server CAPWAP option 138 is active in order to allow communication between the master and slaves If you use static IP addresses in your network you must enter these to all APs manually The IP addresses of the wireless LAN controller must be entered for each AP in the Sys tem Management gt Global Settings gt System menu in the Manual WLAN Controller IP Address field Please note Make sure that option 138 is active when using an external DHCP server If you wish to use a Teldat Gateway for example as a DHCP server click on the GUI menu for this device under Local Services gt DHCP Server gt DHCP Pool gt New gt Advanced Settings in the DHCP Options field on the Add button Select as Option CAPWAP Con troller and in the Value field enter the IP address of the WLAN cortroller IP Address Range If the IP addresses are to be assigned internally you must enter the start and end IP ad
590. ty Entry active Policy TCP Port Timeout Block Time Encryption 10 System Management RADIUS TACACS Options eae oo se ov MEnabled Advanced Settings Non authoritative 49 3 Seconds 60 Seconds Enabled oK Cancel Fig 41 System Management gt Remote Authentication gt TACACS gt New The System Management gt Remote Authentication gt TACACS gt Newmenu consists of the following fields Fields in the Basic Parameters menu Field Description Authentication Type Server IP Address TACACS Secret Priority Displays which TACACS function is to be used The value cannot be changed Possible values e Login Authentication Here you can define whether the current TACACS server is to be used for login authentication to your device Enter the IP address of the TACACS server that is to be re quested for login authentication Enter the password to be used to authenticate ana if applic able encrypt data exchange between the TACACS server and the network access server your device The maximum length of the entry is 32 characters Assign a priority to the current TACACS server The server with the lowest value is the one used first for TACACS login 10 System Management Teldat GmbH Field Description authentication If no response is given or access is denied only if Policy Non authoritative the entry with the next highest priority is used The available values a
591. ty Status Action Under Assign unassigned VSS to all radio modules click on the Start button to assign a newly created VSS to all wireless modules 13 3 3 1 Edit or New Choose the po icon to edit existing entries Choose the Newbutton to configure additional wireless networks bintec Rxxx2 RTxxx2 Service Set Parameters Network Name SSID Intra cell Repeating ARP Processing WMM Security Settings Security Mode Client load balancing Max number of clients hard limit Max number of clients soft limit Client Band select MAC Filter Access Control Dynamic blacklisting Failed attempts per Time Blacklist blocktime VLAN VLAN Slave Access Points Radio Profiles Wireless Networks VSS visible Enabled DEnabled lt Enabled Inactive v laz he Disabled optimized for fast roaming v DEnabled Y Enabled h 0 50 Seconds 500 Seconds DEnabled C OK C Cancel Fig 68 Wireless LAN Controller gt Slave AP configuration gt Wireless Networks VSS gt New The Wireless LAN Controller gt Slave AP configuration gt Wireless Networks VSS gt New menu consists of the following fields Fields in the menu Service Set Parameters Field Description Network Name SSID Intra cell Repeating Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Also select whether the Networ
592. u can synchronise both virtual routers R1 and R2 over BRRP To do this you must create two entries For the first entry as Monitoring VR Interface R1 and as Synchronisation VR Interface you must use R2 For the second entry as Monitoring VR Interface R2 and as Synchronisation VR Interface you must use R1 21 12 2 1 New Select the New button to create new synchronisations Virtual Routers VR Synchronisation Options Basic Parameters Monitoring WR Interface Monitoring Mode BRRP Virtual Router ID Selectone Y Synchronisation VR Interface Synchronisation Mode BRRP Virtual Router ID Selectone OK Cancel Fig 198 Local Services gt BRRP gt VR Synchronisation gt New The Local Services gt BRRP gt VR Synchronisation gt New menu consists of the following fields Fields in the Monitoring VR Interface menu Field Description Monitoring Mode Shows which mechanism is used for monitoring a virtual router Possible values BRRP The BRRP specific state advertisements are used for determining the state of the master The master sends ad 21 Local Services Teldat GmbH Field Description vertisements as per its configuration in the Local Services gt BRRP gt Virtual Routers gt New gt Advanced Set tings menu Virtual Router ID Select a virtual router using the Virtual Router ID and define which interface is to be checked You can choose previously defined IDs see Virtual Router ID in the Local
593. u must run your device s Ethernet switch in Split Port mode PPPoE Ethernet Inter Only for PPPoE Mode Standard face Select the Ethernet interface specified for a standard PPPoE connection If you want to use an external DSL modem select the Ethernet port to which the modem is connected When using the internal DSL modem select here the EthoA in terface configured in Physical Interfaces gt ATM gt Profiles gt New PPPoE Interfaces for Only for PPPoE Mode Multilink Multilink Select the interfaces you want to use for your Internet connec tion Click the Add button to create new entries User Name Enter the user name Password Enter the password VLAN Certain Internet service providers require a VLAN ID Activate this function to be able to enter a value under VLAN ID VLAN ID Only if VLAN is enabled Enter the VLAN ID that you received from your provider Always on Select whether the interface should always be activated The function is enabled with Enabled 17 WAN Teldat GmbH Field Description The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Only if Always on is disabled Timeout Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0
594. u perform the configuration German and English are available o E View Select the desired view from the dropdown menu Stand ard and SNMP browsers can be selected Online Help Online Help Click this button if you want help with the menu now active The description of the sub menu where you are now is displayed bintec Rxxx2 RTxxx2 Logout If you want to end the configuration click this button to Logout log out of your device A window is opened offering you the fol lowing options e Save configuration save previous boot configuration then exit e Save configuration then exit e Exit without saving Navigation bar Fig 23 Save Configuration button Status 3 gt Global Settings Interface Mode Bridge Groups Administrative Access Remote Authentication Certificates Fig 24 Menus bintec Rxxx2 RTxxx2 Teldat GmbH 8 Access and configuration The Save configuration button is found in the navigation bar If you save a current configuration you can save this as the boot configuration or you can also archive the previous boot configuration as a backup If you click the Save configuration button in the GUI you will be asked Do you really want to save the current configuration as a boot configuration You have the following two options e Save configuration i e save the current configuration as the boot configuration e Save configuration with boot backup i e save current
595. uired ISDN port Specific Ports Only for Selected Ports Specify port you can select ad ditional ports with Add 18 3 2 Options In this menu you can make general settings of the global PPTP profile PPTP Tunnels Options IP Pools Global Options GRE Window Adaption V Enabled GRE Window Size 0 Max incomming control connections per remote IP Address OK Cancel Fig 143 VPN gt PPTP gt Options The VPN gt PPTP gt Optionsmenu consists of the following fields Fields in the Global Options menu Teldat GmbH 18 VPN Field Description GRE Window Adaption Select whether the GRE Window Adaptation is to be enabled This adaptation only becomes necessary if you have installed service pack 1 from Microsoft Windows XP Since in SP 1 Mi crosoft has changed the confirmation algorithm in the GRE pro tocol the automatic window adaptation for GRE must be turned off for Teldat devices The function is enabled with Enabled The function is enabled by default GRE Window Size Enter the maximum number of GRE packets that can be sent without confirmation Windows XP uses a higher initial reception window in the GRE which is why the maximum send window size must be adjusted here by the GRE Window Size value Possible values are 0 to 230 The default value is 0 Max incoming control Enter the maximum number of control connections connections per re mote IP Address 18 3 3 IP Pools The IP Pools menu di
596. uired by dialling an extension num ber in contrast to a leased line Allows computer controlled crossbar switches to set up a connection quickly and special features such as inquiries call waiting three party conference and call forwarding to be activated All T Com ex changes have been digital since January 1998 As a result of the internationally standardised Pulse Code Modula tion PCM analogue voice signals are converted to a digital pulse flow of 64 kbps Advantages Better voice quality and less suscept ibility to faults during analogue voice transmission Desktop Internetworking Management Environment Old name for Configuration Manager You are not at home However there is someone at home who needs to be able to reach you quickly and easily by telephone if ne cessary e g children or grandparents As you can set up the Direct Call function for one or more telephones the receiver of the tele phone simply needs to be lifted After five seconds the PBX auto matically calls the defined direct call number if you do not start dial ling another number first You can enter up to 12 destination num bers when you configure Direct Call A direct call number can only be used by one subscriber If you want to change an entered direct call number you can simply enter the new direct call number without having to delete the old direct call number The old number is auto Teldat GmbH Glossary matically overwritten when the
597. uling gt Options 21 Local Services Teldat GmbH The Local Services gt Scheduling gt Optionsmenu consists of the following fields Fields in the Scheduling Options menu Field Description Schedule Interval Select whether the schedule interval is to be enabled for the in terface Enter the period of time in seconds after which the system checks whether configured events have occurred Possible values are 0 to 65535 The value 300 is recommended 5 minute accuracy Values lower than 60 are generally pointless and are an unnecessary use of system resources 21 8 Surveillance In this menu you can configure an automatic availability check for hosts or interfaces and automatic ping tests You can monitor temperature with devices from the bintec WI series Note This function cannot be configured on your device for connections that are authentic ated via a RADIUS server 21 8 1 Hosts A list of all monitored hosts is displayed in the Local Services gt Surveillance gt Hosts menu 21 8 1 1 Edit or New Choose the pl icon to edit existing entries Choose the New button to create additional monitoring tasks Teldat GmbH 21 Local Services Hosts Interfaces Temperature Ping Generator Host Parameters Group 1D New ID Y Trigger Monitored IP Address Default Gateway Y Source IP Address Automatic Y Interval fo Seconds Successful Trials EA Unsuccessful Trials ET Action Interface Action to be performed
598. ult value The filter is valid for all port numbers e Specify port Enables the entry of a port number e Specify port range Enables the entry of a range of port numbers Source IP Address Enter the source IP address and netmask of the data packets Netmask Source Port Range Only if Protocol TCP UDP Enter a source port number or the range of source port num bers Possible values e A11 default value The filter is valid for all port numbers e Specify port Enables the entry of a port number e Specify port range Enables the entry of a range of port numbers DSCP TOS Filter Layer 3 Select the Type of Service TOS Possible values e Ignore default value The type of service is ignored e DSCP Binary Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in binary format 6 bit e DSCP Decimal Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in decimal format DSCP Hexadecimal Value Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets indicated in hexadecimal format e TOS Binary Value The TOS value is specified in binary format e g 00111111 e TOS Decimal Value The TOS value is specified in decimal format e g 63 e TOS Hexadecimal Value The TOS value is specified in hexadecimal format e g 3F Field
599. une State Expiry Timer Page 1 Fig 228 Monitoring PIM Interface Specific States Values in the Interface Specific States list Field Description View Select the desired view from the dropdown menu Are available A11 G I States S G I States and S G RPT States Values in the G States list Field Description Multicast Group Ad Displays the multicast group address InetAddressType is dress defined in the pimStarGAddressType object Interface Displays the name of the interface Indicates the status that results from the G Join Prune mes sages received on this interface This corresponds to the status of the Downstream Per Interface G State Machine in the PIM SM specification Join Prune State Uptime Indicates the timespan since the entry was generated by the local router Expiry Timer Displays the remaining time until the G Join State becomes invalid for this interface In the PIM SM specification this ad dress is named G Join Expiry Timer If the timer is deactiv ated it has the value 0 The value FFFFFFFF h stands for infin ite Teldat GmbH 24 Monitoring Field Description Assert State Displays the G Assert State for this interface This corres ponds to the status of the Per Interface G Assert State Ma chinen in the PIM SM specification If pimStarGPimMode is bid ir this object must nolnfo be Assert Winner IP Ad Indicates the address of Assert Winner if p
600. ur device enables you to read all the other configuration settings with the user name read but not the access information It is therefore impossible to log in with read read the password of the admin user and subsequently log in with admin and make changes to the configuration Caution All Teldat devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthor ised use How to change the passwords is described in Passwords on page 75 Make sure you change the passwords to prevent unauthorised access to your device If you have forgotten your password you must reset your device to the ex works state which means your configuration will be lost 8 2 2 Logging in for Configuration Set up a connection to the device The access options are described in Access Options on page 49 GUI Graphical User Interface 8 Access and configuration Teldat GmbH Log in via the HTML surface as follows 1 Enter your user name in the User field of the input window 2 Enter your password in the Password field of the input window and confirm with Re turn or click the Login button The status page of the GUI opens in the browser SNMP shell Log into the SNMP shell as follows 1 Enter your user name e g admin and confirm with Return 2 Enter your user password e g admin and confirm with Return Your device logs in with the input prompt e g
601. uration options are listed below Note Please note If your device has obtained an IP address dynamically from a DHCP server operated in your network for the basic configuration the fallback IP address is deleted automat ically and your device will no longer function over this address However if you have set up a connection to the device over the fallback IP address or have assigned an IP address with the Dime Manager in the basic configuration you will only be able to access your device over this IP address The device will no longer obtain an IP configuration dynamically over DHCP Example of subnets If your device is connected to a LAN that consists of two subnets you should enter a second IP Address Netmask The first subnet has two hosts with the IP addresses 192 168 42 1 and 192 168 42 2 for example and the second subnet has two hosts with the IP addresses 192 168 46 1 and 192 168 46 2 To be able to exchange data packets with the first subnet your device uses the IP address 192 168 42 3 for example and 192 168 46 3 for the second subnet The netmasks for both subnets must also be indicated 12 1 1 1 Edit or New Choose the icon to edit existing entries Choose the New button to create virtual inter faces Interfaces Basic Parameters Based on Ethernet Interface Selectone Address Mode static O DHCP IP Address Netmask IP Address Netmask PA A k Add Interface Made Ountagged Y Tagged VLAN MAC Address 00
602. ure HTTP traffic between a web browser and a web server STAC Data compression procedure Standard connection T ISDN Basic Rate Interface with the performance features Inquiry Brokering and Telephone Number Transmission The standard con nection contains three multiple subscriber numbers Static IP address A fixed IP address in contrast to a dynamic IP address Station guarding Deactivation of acoustic call signalling do not disturb Subaddressing In addition to the transmission of ISDN telephone numbers addition al information in the form of a subaddress can be transmitted from the caller to the called party over the D channel when the connec tion is set up Addressing that goes beyond the pure MSN which can be used e g specifically to locate several ISDN terminals that can be reached on one telephone number for a particular service In the called terminal e g a PC various applications can also be ad dressed and in some cases executed Costs are charged for the performance feature and it must be requested separately from the network operator Subnet A network scheme that divides individual logical networks into smal ler physical units to simplify routing Subnet mask A method of splitting several IP networks into a series of subgroups or subnetworks The mask is a binary pattern that must match the IP addresses in the network 255 255 255 0 is the default subnet mask In this case 254 different IP addresses can occur in a
603. use active interfaces Interface Selection for Distribution Interface Distribution Ratio Route Selector Tracking IP Address Add OK Cancel Fig 83 Networking gt Load Balancing gt Load Balancing Groups gt New The menu Networking gt Load Balancing gt Load Balancing Groups gt New consists of the following fields Fields in the Basic Parameters menu Field Description Group Description Enter the desired description of the interface group Distribution Policy Select the way the data traffic is to be distributed to the inter faces configured for the group Possible values e Session Round Robin default value A newly added ses sion is assigned to one of the group interfaces according to the percentage assignment of sessions to the interfaces The number of sessions is decisive e Load dependent Bandwidth A newly added session is assigned to one of the group interfaces according to the share of the total data rate handled by the interfaces The current data rate based on the data traffic is decisive in both the send and receive direction Consider Only for Distribution Policy Load dependent Bandwidth Choose the direction in which the current data rate is to be con sidered Options e Download Only the data rate in the receive direction is con sidered Teldat GmbH 14 Networking Field Description e Upload Only the data rate in the send direction is con sidered By default the Down1oad and Upload opt
604. ut additional settings using other configuration options Therefore it is recommended that the configuration is continued with the GUI If you use SNMP shell commands continue with this configuration method 8 1 1 1 HTTP HTTPS With a current web browser you can use the HTML interfaces to configure your device For this enter the following in your web browser s address field e http 192 168 0 254 or e https 192 168 0 254 bintec Rxxx2 RTxxx2 8 1 1 2 Telnet Apart from configuration using a web browser with a Telnet connection you can also ac cess the SNMP shell and use other configuration options You do not need any additional software on your PC to set up a Telnet connection to your device Telnet is available on all operating systems Proceed as follows Windows 1 Click Run in the Windows Start menu 2 Entertelnet lt IP address of your device gt 3 Click OK A window with the login prompt appears You are now in the SNMP shell of your device 4 Continue with Logging in for Configuration on page 55 Unix You can also set up a Telnet connection on UNIX and Linux without any problem 1 Entertelnet lt IP address of your device gt in a terminal A window with the login prompt appears You are now in the SNMP shell of your device 2 Continue with Logging in for Configuration on page 55 8 1 1 3 SSH In addition to the unencrypted and potentially viewable Telnet session you can also con
605. uto matically created and the interface is run in bridging mode Interfaces Interface Description Mode Bridge Group 1 ent 0 Routing Mode Y 2 ent 4 Routing Mode Y Configuration Interface Selectone Y oK Cancel Fig 33 System Management gt Interface Mode Bridge Groups gt Interfaces The System Management gt Interface Mode Bridge Groups gt Interfacesmenu consists of the following fields Fields in the Interfaces menu Field Description Interface Description Displays the name of the interface Select whether you want to run the interface in Routing Mode or whether you want to assign the interface to an existing bro br1 etc or new bridge group New Bridge Group Mode Bridge Group Teldat GmbH 10 System Management Field Description When selecting New Bridge Group a new bridge group is automatically created after you click the OK button Configuration Interface Select the interface via which the configuration is to be carried out Possible values e Select one default value Ex works setting The right con figuration interface must be selected from the other options e Ignore No interface is defined as configuration interface e lt Interface name gt Select the interface to be used for con figuration If this interface is in a bridge group it is assigned the group s IP address when it is taken out of the group 10 3 1 1 Add Add Choose the New button to edit the mode of PPP interface
606. ver exclusively data from the initial destination port are allowed e symmetric default value any protocol Outbound an ex ternally valid source address and an externally valid source port are administratively set Inbound only response packets Teldat GmbH 14 Networking Field Description within the existing connection are allowed In the NAT Configuration gt Specify original traffic menu you can configure for which data traffic NAT is to be used Fields in the Specify original traffic menu Field Description Service Not for Type of traffic outgoing Source NAT and NAT method full cone restricted cone Orf port restricted cone Select one of the preconfigured services Possible values e User defined default value e lt service name gt Action Only for Type of traffic excluding Without NAT Select data packets to be excluded from NAT Possible values e Exclude default value All data packets will be excluded from NAT if they match the subsequently specified paramet ers Protocol Source IP Address Netmask Destination IP Ad dress Netmask ect e Do not exclude All data packets will be excluded from NAT if they do not match the subsequently specified paramet ers Protocol Source IP Address Netmask Destination IP Ad dress Netmask ect Protocol Only for certain services Not for Type of traffic outgoing Source NAT and NAT method full cone restricted cone Orf port r
607. ver is not currently used for the time re quest Second Timeserver Enter the secondary time server by using either a domain name or an IP address In addition select the protocol for the time server request Possible values e SNTP default value This server uses the simple network time protocol via UDP port 123 e Time Service UDP This server uses the Time service with UDP port 37 e Time Service TCP This server uses the Time service with TCP port 37 Teldat GmbH 10 System Management Field Description e None This time server is not currently used for the time re quest Third Timeserver Enter the third time server by using either a domain name or an IP address In addition select the protocol for the time server request Possible values e SNTP default value This server uses the simple network time protocol via UDP port 123 e Time Service UDP This server uses the Time service with UDP port 37 e Time Service TCP This server uses the Time service with TCP port 37 e None This time server is not currently used for the time re quest Time Update Interval Enter the time interval in minutes at which the time is automatic ally updated The default value is 1440 Time Update Policy Enter the time period after which the system attempts to contact the time server again following a failed time update Possible values e Normal default value The system attempts to contact the time s
608. w memory requirements high level of security against attacks and general speed The partner s AES key length is used here If this has also selected the parameter AES a key length of 128 bits is used AES 128 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 128 bits AES 192 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 192 bits AES 256 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 256 bits Hash algorithms Authentication e mD5 default value MD5 Message Digest 5 is an older hash algorithm It is used with a 96 bit digest length for IPSec e SHA1 SHA1 Secure Hash Algorithm 1 is a hash algorithm developed by NSA United States National Security Associ ation It is rated as secure but is slower than MDS It is used with a 96 bit digest length for IPSec e RipeMD 160 RipeMD 160 is a 160 bit hash algorithm It is used as a secure replacement for MD5 and RipeMD e Tiger1 92 Tiger 192 is a relatively new and very fast al gorithm Please note that the description of the encryption and authentic 18
609. w menu consists of the following fields Fields in the menu Basic Parameters Field Description Interface Select the interface over which the addresses defined in IP Ad dress Range are to be assigned to DHCP clients When a DHCP request is received over this Interface one of the addresses from the address pool is assigned IP Pool Name Enter any description to uniquely identify the IP pool bintec Rxxx2 RTxxx2 21 Local Services Teldat GmbH Field Description Pool Usage Specify whether the IP pool is used for DHCP requests in the same subnet or for DHCP requests that have been forwarded to your device from another subnet In this case it is possible to define IP addresses from another network Possible values e Local default value The DHCP pool is only used for DHCP requests in the same subnet e Relay The DHCP pool is only used for DHCP requests for warded from other subnets e Local Relay The DHCP pool is used for DHCP requests in the same subnet and from other subnets The menu Advanced Settings consists of the following fields Fields in the menu Advanced Settings Field Description Gateway Select which IP address is to be transferred to the DHCP client as gateway Possible values e Use router as gateway default value Here the IP ad dress defined for the Interface is transferred e No gateway No IP address is sent e Specify Enter the corresponding IP address Lease Time Enter th
610. way Possible values 0 to 60 seconds The default value is 5 Hello Hold Time Define the value of the holdtime field in a PIM Hello message This indicates how long a PIM route is available As soon as the Hello Hold Time has expired and no other Hello messages have been received the PIM router will be classed as unavail able Possible values 0 to 65535 seconds The default value is 105 Teldat GmbH 16 Multicast Field Description Join Prune Interval Define the frequency at which the PIM Join Prune messages are sent on the interface The value 0 means that no periodic PIM Join Prune messages are sent on this interface Possible values 0 to 18000 seconds The default value is 60 Join Prune Hold Time Define the value entered in the holdtime field of a PIM Join Prune message This is the time for which a recipient must maintain the Join Prune state Possible values 0 to 65535 seconds The default value is 210 Propagation Delay Define the value entered in the Propagation Delay field This field is part of the LAN Prune Delay option in the PIM Hello messages which are sent on this interface Propagation Delay and Override Interval represent the so called LAN Prune Delay settings These result in a delay in processing prune messages for upstream routers If the Propagation Delay is too short the transfer of multicast packets may be cancelled before a downstream router has sent a prune override
611. xchange The main difference to on hold The call is interrupted the receiver can be replaced Can be used for brokering Possible in T Net T ISDN and PBXs The ter minal must have MFC and the R key Private Branch Exchange The features offered by a PBX are manufacturer specific and enable operation of exchanges free internal calls callback on busy and conference calls among other things PBXs are used e g for office communication voice text and data transfer Private Branch Exchange PBX Private Automatic Branch Exchange A point to point ISDN access includes a PBX number and an exten sion numbers range The PBX number is used to reach the PBX A certain terminal of the PBX is then dialled via one of the extension numbers of the extension numbers range The PCMCIA Personal Computer Memory Card International Asso ciation is an industry association founded in 1989 that represents credit card sized I O cards such as WLAN cards Abbreviation for pulse dialling method Conventional dialling proced ure in the telephone network Dialled numbers are represented by a defined number of dc impulses The pulse dialling method is being PGP PH Phone book PIN Ping PKCS Point to multipoint Point to multipoint Point to multipoint Point to multipoint connection for the PBX Point to point Point to point ISDN access Polling Port POTS replaced by the multifrequency code method MFC Pretty Good Privac
612. y Optionally enter the IP address of an alternative Field Description DNS server 18 1 6 Options IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Global Options Enable IPSec DEnabled Delete complete IPSec configuration fm IPSec Debug Level Debus Y Advanced Settings IPSec over TCP CONCP Path Finder Technology Send Initial Contact Message MEnabled Sync SAs with ISP interface state Denabled Use Zero Cookies Enabled Zero Cookie Size laz Bit Dynamic RADIUS Authentication Denabled PKI Handling Options Ignore Certificate Request Payloads Cl Enabled Send Certificate Request Payloads Enabled Send Certificate Chains Enabled Send CRLs DEnabted Send Key Hash Payloads Enabled oK Cancel Fig 138 VPN gt IPSec gt Options The menu VPN gt IPSec gt Options consists of the following fields Fields in the Global Options menu Field Description Enable IPSec Select whether you want to activate IPSec The function is enabled with Enabled The function is active as soon as an IPSec Peer is configured Delete complete IPSec If you click the icon delete the complete IPSec configuration configuration of your device bintec Rxxx2 RTxxx2 18 VPN Teldat GmbH Field Description This cancels all settings made during the IPSec configuration Once the configuration is deleted you can start with a com pletely new IPSec configuration You can only delete the configuration
613. y Packet handler The PBX has an internal phone book You can store up to 300 tele phone numbers and the associated names You can access the PBX s phone book with the Teldat devices for example CS 410 You add entries to the phone book using the configuration interface Personal identification number Packet Internet Groper Public Key Cryptography Standards Point to multipoint connection Basic connection in T ISDN with three telephone numbers and two lines as standard The ISDN terminals are connected directly on the network termination NTBA or ISDN internet connection of a PBX Point to multipoint You enter the multiple subscriber numbers received from T Com with the order confirmation in the table fields defined for them in the configuration As a rule you receive three multiple subscriber num bers but can apply for up to 10 telephone numbers for each con nection When you enter the telephone numbers they are assigned to an index and also to a team Note that initially all telephone numbers are assigned to team 00 The internal telephone numbers 10 11 and 20 are entered in team 00 ex works External calls are therefore signalled with the internal telephone numbers 10 11 and 20 for the connections entered in team 00 Point to point Point to point Fax machine function that fetches documents provided by other fax machines or fax databases Input output Plain Old Telephone System bintec Rxxx2 RTxxx2 PPP
614. y 98 103 223 385 418 434 Priority Queueing 223 Profiles 304 Propagate PMTU 352 Propagate routes bound on discard re fuse interface 252 Propagation Delay 264 Index Proposals 342 350 Protocol 201 211 214 229 333 394 399 401 404 409 444 467 516 Protocol Header Size below Layer 3 220 Provider 305 442 Provider Name 444 Provisioning Server code 3 449 Proxy Interface 259 Proxy ARP 148 335 Proxy ARP Mode 294 301 318 321 369 376 Public Source IP Address 335 PVID 152 Q QoS 213 388 540 QoS Classification 216 QoS Interfaces Policies 219 QoS Filter 213 QoS Queue 540 Query Interval 257 Queued 540 Queues Policies 220 R RA Encrypt Certificate 111 RA Sign Certificate 111 Radio Profiles 167 RADIUS 96 RADIUS Dialout 100 RADIUS Secret 98 Radius Server 176 RADIUS Server Group ID 355 Real Time Jitter Control 220 Real Time Jitter Control 322 Realm 409 Reboot 514 Reboot after execution 467 Reboot device after 467 Receive Version 240 Received Database Description Index 544 Received DNS Packets 439 Received Hello Messages 544 Received Link State Acknowledge Pack ets 544 Received Link State Request Packets 544 Received Link State Update Packets 544 Recipient 520 Region 160 Register Suppression Timer 268 Registrar 409 Registration 404 409 Remaining Validity 462 Remote Hostname 362 Remote Port 401 Remote Address 538 Remote Networks 5
615. y is created with IPSec callback Using a direct ISDN call to a peer you can signal that you are online and waiting for the peer to set up an IPSec tunnel over the Internet If the called peer currently has no connection to the Internet the ISDN call causes a connec tion to be set up This ISDN call costs nothing depending on country as it does not have Teldat GmbH 18 VPN to be accepted by your device The identification of the caller from his or her ISDN number is enough information to initiate setting up a tunnel To set up this service you must first configure a call number for IPSec callback on the passive side in the Physical Interfaces gt ISDN Ports gt MSN Configuration gt New menu The value Service is available for this purpose in the IPSec field This entry ensures that incoming calls for this number are routed to the IPSec service If callback is active the peer is caused to initiate setting up an IPSec tunnel by an ISDN call as soon as this tunnel is required If callback is set to passive setting up a tunnel to the peer is always initiated if an ISDN call is received on the relevant number MSN in menu Physical Interfaces gt ISDN Ports gt MSN Configuration gt New for Service IPSec This ensures that both peers are reachable and that the connection can be set up over the Inter net The only case in which callback is not executed is if SAs Security Associations already exist i e the tunnel to the peer already exists
616. y perform an update with the GUI using the Maintenance gt Software amp Configuration menu For a description of the update procedure see Software Update on page 47 bintec Rxxx2 RTxxx2 72 System requirements Your Teldat gateway contains extensive features for encrypted data transfer and Internet access for both individual users and companies For configuration of the device your PC must meet the following system requirements e Microsoft Windows operating system Windows 2000 or higher e Internet Explorer 6 or 7 Mozilla Firefox Version 1 2 or higher Installed network card Ethernet DVD drive TCP IP protocol installed see Configuring a PC on page 44 High colour display more than 256 colours for correct representation of the graphics 7 3 Preparation To prepare for configuration you need to e gather the data required for the basic configuration and the Internet connection e Check whether the PC from which you want to perform the configuration meets the ne cessary requirements You can also e install the Dime Manager software which provides more tools for working with your device This installation is optional and not essential for the configuration or operation of the device 7 3 1 Gathering data You can gather the main data for configuration with the GUI quickly because you do not need any information that requires in depth knowledge of networks If necessary you can use the sample values
617. ynchronous modems An internationally agreed standard protocol that defines the interface between network components and a packet switched data network ITU T recommendation on the integration of X 25 compatible DTEs X 500 X 509 in ISDN D channel ITU T standards that cover user directory services see LDAP Ex ample The phone book is the directory in which you find people on the basis of their name agreement with the telephone directory The Internet supports several databases with information on users such as e mail addresses telephone numbers and postal ad dresses You can search these databases to obtain information about individuals ITU T standards that define the format of the certificates and certific ate queries and their use bintec Rxxx2 RTxxx2 Index Index 187 ISDN Timeserver 80 Modem Init Sequence 120 System Admin Password 76 1 2 3 114 A Access 459 Access Control 180 Access Filter 233 Access Filter 228 Access Rules 226 ACCESS_ACCEPT 97 ACCESS_REJECT 97 ACCESS REQUEST 97 ACCOUNTING_START 97 ACCOUNTING_STOP 97 Action 187 233 385 455 467 483 510 531 537 Action if license not registered 453 Action if server not reachable 453 Action to be performed 479 Actions 467 Active Clients 181 Active IPSec Tunnels 71 Active Radio Profile 165 Active Sessions SIF RTP etc 71 Activity Monitor 527 Additional Traffic Filter 331 333 Additional freely
Download Pdf Manuals
Related Search