Funkwerk WI2040n
Contents
1. Automatic Retresh Interval 300 Seconds Apply J LAP MAC Address Up Time Signal dEm RSSH RSSI2 RSSI3 Noise dBm SNRdB Data Rate mbps Od 20h 42m 59s 0 0 0 0 0 0 lO a atl Oe A o D de pe Tx Packets 0 Rx Packets 802 11 a b g e p J 148 o i jo 36 0 0 5 m e 1 24 0 0 118 0 0 T mc 10 uuas Ee E la 0 0 8 lo e 4 Internal Log 55 o y o RH LA y E faces p ha Want a E 5 Bridges 302 11n gt M o HotSpot Gateway Lu 0 ge QoS ras fa 0 E e 210 A 86 7 0 a 22 au 10 65 0 o H e Si Opie w 149 3 E 0 _ _ 128 9 a 0 124 7 a o e _ 4 114 4 0 0 A E Si na Jo io Total o o a Back Fig 183 Monitoring gt WLAN gt Client Links P Values in the Client Links list Field Description AP MAC Address Shows the MAC address of the client link partner Up Time Shows the time in hours minutes and seconds for which the cli ent link in question is active Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm SNR dB Shows the signal quality in dB Data Rate mbps Shows the current transmission rate of data received on this cli ent link in mbps Rate Shows separately for each of the stated data rates the values for Tx Packets and Rx Packets 21 5 Bridges 21 5 1 br lt x gt In the Monitoring gt Bridges gt2. Advanced IPSec Options Phase 1 Profile Phase 2 Profile Language English View Standard Online Help Logout EZ e o ana IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Peer Parameters 7 Administrative Status Sup O Down L she Es i Description Peer 1 Peer Address Fully Qualified Domain Name FQDN Peer ID Peer 1 Preshared Key Interface Routes IP Address Assignment Static Default Route Enabled Local IP Address Fs remar Passes nana mane Route Entries II Ta T Add m _ oo Advanced Settings None use default profile None use default profile KAUTH Profile Number of Admitted Connections Selectone One User O Multiple Users Start Mode DonDemand Always up Advanced IP Options Back Route Verify Enabled Proy ARP inactive Cup or Dormant Oup only oK yl Cancel Fig 112 VPN gt IPSec gt IPSec Peers gt New The VPN gt IPSec gt IPSec Peers gt New menu consists of the following fields Fields in the IPSec Peers Peer Parameters menu Field Description Select the status to which you wish to set the peer after saving the peer configuration Administrative Status Possible values Up defaul
3. i Rule oos options Fer Rls os opnens view 20 perpage Fiter in None viequal Go hid Mods a A A A e Order Source Destination Service Action Priorty Policy active hi ANY ANY any Access None Enabled E Page 1 tems 1 1 New y oK Cancel Fig 124 Firewall gt Policies gt Filter Rules You can use the button to insert another policy above the list entry The configuration menu for creating a new policy opens You can use the button to move the list entry A dialog box opens in which you can se lect the position to which the policy is to be moved Moreover the overview provides the option to show the firewall rules of the underlying set tings made in the System Management gt Administrative Access gt Access menu To do this enable the Show administrative access rules option bintec WLAN and Industrial WLAN 17 1 1 1 New Choose the New button to set up new parameters me 8 ay ta Language English View Standard Online Help Save configuration d Filter Rules QoS Options Physiealinterfaces Z Basic Parameters i Source A estination INTERFACE ALIASES Y pd Service L SERVICES v J Action Access Y a es e cable Policies 4 oK Cancel Interfaces Addresses Services Mi Fig 125 Firewall gt Policies gt Filt
4. OK J Cancel Fig 116 VPN gt IPSec gt Phase 2 Profiles gt New The VPN gt IPSec gt Phase 2 Profiles gt New menu consists of the following fields Fields in the Phase 2 Profiles Phase 2 IPSEC Parameters menu Field Description Description Enter a description that uniquely identifies the profile The maximum length of the entry is 255 characters Proposals In this field you can select any combination of encryption and message hash algorithms for IKE phase 2 on your default The combination of six encryption algorithms and two message hash algorithms gives 12 possible values in this field Encryption algorithms Encryption e 3DES default value 3DES is an extension of the DES al gorithm with an effective key length of 112 bits which is rated as secure lt is the slowest algorithm currently supported e ALL All options can be used e AES 128 Rijndael has been nominated as AES due to its bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 16 VPN Field Description fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 128 bits e AES 192 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 192 bits e AES 256 Rijndael has been nominated as AES due
5. JC Cancel o pa Ll Fig 38 System Management gt Interface Mode Bridge Groups gt Interfaces gt Edit You can realise bridging for devices behind access clients with the MAC Bridge function In wildcard mode you cannot define how Unicast non IP frames or non ARP frames are pro cessed To use the MAC bridge function you must carry out configuration steps in several menus 1 Select the Funkwerk Configuration Interface menu Wireless LAN gt WLAN gt Wireless Module Settings and click the icon to change an entry N Set Operation Mode to Access Client and save the settings with OK a o Select the menu options System Management gt Interface Mode Bridge Groups gt Interfaces The additional interface sta1 0 is displayed ES For interface sta1 0 select Mode Bridge Group br0 lt IPAddress gt and Con figuration Interface en 1 0 and save the settings with OK a al Click the Save Configuration button to save all of the configuration settings You can use the MAC Bridge The System Management gt Interface Mode Bridge Groups gt Edit menu consists of the following fields Fields in the lt stax x gt Layer 2 5 Option menu Field Value Interface Shows the interface that is being edited Wildcard Mode Select the Wildcard mode you want to use on the interface Possible values bintec WLAN and Industrial WLAN 9 System Management Funkwerk Enterprise Co
6. 14 Routing Funkwerk Enterprise Communications GmbH Field Description Mode 14 1 2 Options Back Route Verify Possible values e Ignore default value The type of service is ignored e DSCP Relates to a Differentiated Services Code Point to RFC 3260 e TOS Binary Value The TOS value is specified in binary format e g 00111111 e TOS Decimal Value The TOS value is specified in decimal format e g 63 Enter the relevant value for DSCP TOS Binary Value and TOS Decimal Value Select when the interface defined in Route Parameters gt In terface is to be used Possible values e Dialup and wait default value The route can be used if the interface is up If the interface is dormant then dial and wait until the interface is up e Authoritative The route can always be used e Dialup and continue The route can be used if the inter face is up If the interface is dormant then select and use the alternative route rerouting until the interface is up e Never dialup The route can be used if the interface is up e Always dialup The route can be used if the interface is up If the interface is dormant then dial and wait until the interface is up In this case an alternative interface with a poorer metric is used for routing until the interface is up The term Back Route Verify describes a very simple but powerful function If a check is ac tivated for an interface incoming
7. Fig 19 Antenna configuration for bintec WIx065n devices 6 6 Pin Assignments 6 6 1 Ethernet interface Your device has two Ethernet interfaces These are used to connect individual PCs or other switches The connection is made via an RJ45 socket Fig 20 Ethernet 10 100 Base T interface RJ45 socket The pin assignment for the Ethernet 10 100 Base T interface RJ45 socket is as follows RJ45 socket for LAN connection Pin Function Eth1 PoE Function Eth 2 1 TD Power TD 2 TD Power TD 3 RD Power RD 4 Power Not used 5 Power Not used 6 RD Power RD 7 Power Not used 8 Power Not used The Ethernet 10 100 BASE T interface does not have an Auto MDI X function in bintec bintec WLAN and Industrial WLAN W1002n 6 6 2 Serial interface Your device has a Serial interface for connection to a console This supports Baud rates from 1200 to 115200 Bps The interface is designed as a 9 pin SUB D socket o o Fig 21 9 pin Sub D connector The pin assignment is as follows Pin assignment of the Sub D port Pin bintec W1002n function 1 Not used 2 RxD 3 TxD 4 Not used 5 GND 6 DSR 7 RTS 8 CTS 9 Not used 6 6 3 Socket for power supply The WI devices have a 3 pole connection for the power supply An individual power supply can be connected with any polarity and to any terminal with 2 pins If a redundant power supply is selected 2 mains units the minus poles must be connected tog
8. Route Entries Only for IP Address Mode Static Enter the Remote IP Address and Netmask of the L2TP part ner LAN and the corresponding Metric Add new entries with Add The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings 16 VPN Funkwerk Enterprise Communications GmbH Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed The de fault value is 300 Authentication Select the authentication protocol for this L2TP partner Possible values PAP CHAP MS CHAP default value Primarily run CHAP on denial the authentication protocol required by the PPTP part ner MSCHAP version 1 or 2 possible e PAP Only run PAP PPP Password Authentication Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentica tion Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option Encryption If necessary select the type of encryption that should be used for data traffic to the L2TP partner This is only possible if STAC or MS STAC compressi
9. Enter the time in milliseconds between the sending of two beacons This value is transmitted in Beacon and Probe Response Frames Possible values are 1 to 65535 The default value is 100 msec DTIM Period Only if Operation Mode Access Point or Access Client with Client Mode Ad Hoc Enter the interval for the Delivery Traffic Indication Message DTIM The DTIM field is a data field in transmitted beacons that in forms clients about the window to the next broadcast or multic ast transmission lf clients operate in power save mode they come alive at the right time and receive the data Possible values are 1 to 255 The default value is 2 RTS Threshold Here you select how the RTS CTS mechanism is to be switched on off If you choose User Defined in the input field you can specify the data packet length threshold in bytes 1 2346 as of which the RTS CTS mechanism is to be used This makes sense if several clients that are not in each other s wireless range are run in one access point The mechanism can also be switched on off independently of the data packet length by selecting the value Always onor Always off default value Short Guard Interval Enable this function to reduce the guard interval time between transmission of two data symbols from 800ns to 400ns Short Retry Limit Enter the maximum number of attempts to send a frame of length less than or equal to the value defined in RTS Threshold After thi
10. Field Description that are required Possible values e Update system software You can also start an update of the system software e Save configuration with state information You can save a configuration which contains the AP status inform ation Source Location Select the source for the action Possible values e HTTP server default value The file is stored respectively on a remote server specified in the URL e Current software from Funkwerk server The file is on the official Funkwerk update server Only for Action Update system software e TFTP Server The file is stored respectively on a TFTP server specified in the URL URL Only for Source HTTP server or TFTP server Enter the URL of the update server from which the system soft ware file is loaded or on which the configuration file is saved bintec WLAN and Industrial WLAN Chapter 14 Routing 14 1 Routes Default Route With a default route all data is automatically forwarded to one connection if no other suit able route is available If you set up access to the Internet you must configure the route to your Internet Service Provider ISP as a default route If for example you configure a cor porate network connection only enter the route to the head office or branch office as a de fault route if you do not configure Internet access over your device If for example you configure both Internet access and a corporate network connection en
11. In modern networks information about the type and number of data packets sent and re ceived over the network connections is often collected for commercial reasons This inform ation is extremely important for Internet Service Providers that bill their customers by data volume However there are also non commercial reasons for detailed network accounting If for example you manage a server that provides different kinds of network services it is useful for you to know how much data is generated by the individual services Your device contains the IP Accounting function which enables you to collect a lot of useful information about the IP network traffic each individual IP session 20 2 1 Interfaces In this menu you can configure the IP Accounting function individually for each interface WI1040n Language English View Stendard Online Help wil040n view 20 perpage EN 2TFmerin None M equal y Go a z IP Accounting lo Interface Select all Deselect all C oK Cancel Fig 162 External Reporting gt IP Accounting gt Interfaces In the External Reporting gt IP Accounting gt Interfaces menu a list of all interfaces configured on your device is shown For each entry you can activate IP Accounting by set ting the checkmark In the IP Accounting column you do not need to click each entry indi vidually Using the options Select
12. Month mm e Year yyyy Set Time Enter a new time Format e Hour hh e Minute mm Fields in the Date and Time Automatic Time Settings Time Protocol menu Field Description First Timeserver Enter the primary time server using either a domain name or an bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 9 System Management Field Description IP address In addition select the protocol for the time server request Possible values e SNTP default value This server uses the simple network time protocol with UDP port 123 e Time Service UDP This server uses the Time service with UDP port 37 e Time Service TCP This server uses the Time service with TCP port 37 e None This time server is not currently used for the time re quest Second Timeserver Enter the secondary time server using either a domain name or an IP address In addition select the protocol for the time server request Possible values e SNTP default value This server uses the simple network time protocol with UDP port 123 e Time Service UDP This server uses the Time service with UDP port 37 e Time Service TCP This server uses the Time service with TCP port 37 e None This time server is not currently used for the time re quest Third Timeserver Enter the tertiary time server using either a domain name or an IP address In addition select the protocol for the time server request
13. Possible values e SNTP default value This server uses the simple network time protocol with UDP port 123 e Time Service UDP This server uses the Time service with UDP port 37 9 System Management Funkwerk Enterprise Communications GmbH Field Description e Time Service TCP This server uses the Time service with TCP port 37 e None This time server is not currently used for the time re quest Time Update Interval Enter the time interval in minutes at which the time is automatic ally updated The default value is 1440 Time Update Policy Enter the time period after which the system attempts to contact the time server again following a failed time update Possible values e Normal default value The system attempts to contact the time server after 1 2 4 8 and 16 minutes e Aggressive For ten minutes the system attempts to con tact the time server after 1 2 4 8 seconds and then every 10 seconds Endless For an unlimited period the system attempts to contact the time server after 1 2 4 8 seconds and then every 10 seconds If certificates are used to encrypt data traffic in a VPN it is ex tremely important that the correct time is set on the device To ensure this is the case for Time Update Policy select the value Endless Internal Timeserver Select whether the internal timeserver is to be used The function is activated by choosing Enabled Time requests from a client will be answ
14. ent 0 brO 192 168 252 255 255 255 0 senta brO 192 168 2524255 255 255 0 o WLANI Bridge Channelin Use 1 1 BR Link FW 2 0 0 0 o WAND om 20 Relay Mode Inaktive o DCI Recent System Logs IM Time Level Subsystem Message o o DAA HA E 01 44 34 Information WLAN Ife 200100 vss1 1 Station 00 00 84 01 AE 50 connected 00 05 13 Information WLAN fe 2001100 vss1 1 Station 00 00 84 01 AE 50 connected 23 50 29 Information WLAN Ifc 200100 vss1 1 Station connected 232 01 Information WLAN fe 200100 vss1 1 Station 00 0C 50 connected 19 21 37 Information WLAN ife 200100 vss1 1 Station 00 00 01 AE 50 connected ee i 19 10 32 Information WLAN Ifc 200100 vss1 1 Station 00 00 84 01 4E 50 connected 18 25 24 Information WLAN d Ife 200100 vss1 1 Station 00 0C 84 01 AE 50 connected 17 57 27 Information WLAN Me 2001 DO vss1 1 Station 00 0 A AE 50 connected 17 41 37 Information WLAN Ifc 200100 vss1 1 Station 00 AE 50 connected 473712 Information WLAN Ife 200100 vss1 1 Station 00 00 84 01 4E 50 connected Fig 24 Funkwerk Configuration Interface home page 7 3 1 1 Calling up Funkwerk Configuration Interface 1 Check whether the device is connected and switched on and that all the necessary cables are correctly connected see Technical data on page 28 2 Check the settings of the PC from which you want to configure y
15. i Onine Help Logout Slave Access Points Radio Modules Radio Profiles Wireless Networks VSS Automatic Refresh Interval 300 Seconds Apply J Location Operation Mode Search Channel Channel Transmit Power Status Default fe auto Ch 6 17dBm io z Actions Channel reallocation START Controller Configuration L Slave AP configuration Fig 80 Wireless LAN Controller gt Slave AP Configuration gt Radio Modules In the Wireless LAN Controller gt Slave AP Configuration gt Radio Modules menu an overview of all available wireless modules is displayed For each wireless module you will see an entry with a parameter set Location Operation Mode Channel Search Channel Transmission Power Status S Note For devices with two wireless modules two entries are displayed in the overview bintec WLAN and Industrial WLAN Click on the Start button under Channel Reallocation in order to reassign any assigned channels e g when a new access point has been added 13 3 2 1 Edit Choose the pl icon to edit existing entries View Standard Online Help Logout Slave Access Points Radio Modules Radio Profiles Wireless Networks VSS Radio Modules Settings Operation Mode Default E Active Radio Profle 2 4GHz Padio Profle Y channel Tao Used Channel Te Transmit Power Max y
16. m 3 Assigned Wireless Network VSS Rowing OOo y yss t Funkwerk ec WANN AN S Ge E PN OK Cancel nd Fig 81 Wireless LAN Controller gt Slave AP Configuration gt Radio Modules gt The Wireless LAN Controller gt Slave AP Configuration gt Radio Modules gt p menu consists of the following fields Fields in the Radio Modules Radio Modules Settings menu Field Description Operation Mode Displays the mode in which the wireless module is to be oper ated You can change the mode Possible values e off default value The wireless module is not active e Access Point The wireless module is used as an access point in your network e Default Uses the setting that was defined in the wireless module profile Active Radio Profile Displays the wireless module profile that is currently selected bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 13 Wireless LAN Controller Field Description You can select another wireless module profile from the list if several wireless module profiles are set up Channel Displays the channel that is assigned You can select another channel The number of channels you can selected depends on the country setting Please consult the data sheet for your device Access Point mode Configuring the network name SSID in Access Point mode means that wireless networks can be logically separated from each other but they can st
17. Control Mode 247 266 Controlled Interfaces 349 Corrupt Frames Received 397 COS filter 802 1p Layer 2 242 Country 117 CPU Usage 76 Create NAT Policy 257 261 298 CTS frames received in response to an RTS 397 Current File Name in Flash 371 Current Local Time 84 Current Speed Mode 125 Current Wildcard MAC Address 409 Custom 117 CW Max 196 CW Min 196 D Data Bits 127 Data Packets Sequence Numbers 295 Data Rate mbps 398 400 401 403 404 405 406 407 Date 389 Default Route 257 261 271 298 304 Default Route Distribution 228 Delete complete IPSec configuration 289 Index Description 113 123 193 218 242 245 250 255 260 270 275 282 286 293 297 304 315 316 318 318 321 342 344 390 391 395 397 Destination 309 Destination File Name 371 Destination Interface 235 Destination IP Address 355 391 Destination IP Address Netmask 211 219 242 Destination Port 212 Destination Port Range 318 Destination Port Range 219 242 Details 390 DH Group 275 DHCP Broadcast Flag 135 DHCP Hostname 135 DHCP MAC Address 135 DHCP Options 340 DHCP Server 185 Direction 227 245 Distribution Mode 232 Distribution Policy 232 Distribution Ratio 233 DNS Hostname 327 DNS Negotiation 258 262 301 DNS Requests 332 DNS Server 329 DNS Server Configuration 324 DNS Test 368 Domain 329 Domain at the HotSpot Server 363 Domain Nam
18. Remote PPTP IP Address 262 Response 327 Retransmission Timer 230 Retries 105 RFC 2091 Variable Timer 228 RFC 2453 Variable Timer 228 RIP UDP Port 228 Roaming Profile 152 Robustness 237 Role 286 Route Announce 224 Route Entries 257 261 271 298 304 Route Timeout 230 Route Type 211 RSA Key Status 99 RTS frames with no CTS received 397 RTS Threshold 150 152 196 Index RTT Mode Realtime Traffic Mode 250 Rx Bytes 395 Rx Errors 395 Rx Packets 395 396 398 400 401 403 404 405 406 S Scan channels 152 Scan Interval 152 Scan Threshold 152 SCEP URL 115 Schedule Interval 348 Second Timeserver 84 Secondary 324 324 Secondary DHCP Server 343 Security Algorithm 390 Security Mode 159 166 201 Select action 344 Select file 371 Select interface 344 Select radio 344 Selected Channel 144 Selection 318 Send 411 Send Certificate Chains 291 Send Certificate Request Payloads 291 SendCRLs 291 Send information to 387 Send Initial Contact Message 290 Send Key Hash Payloads 291 Send Version 224 Sender E Mail Address 380 Serial Number 76 Server 337 Server Failures 332 Server IP Address 103 108 Server Timeout 105 Service 219 309 Set Date 84 Set Time 84 Severity 382 SHDSL Logic 371 Funkwerk Enterprise Communications GmbH Short Guard Internal 150 Short Guard Interval 152 196 Short Retry Limit 150 152 196 Show passwords and keys in clear text
19. e Alarm relay The relay is automatically coupled with the red error LED bintec WLAN and Industrial WLAN 11 LAN Funkwerk Enterprise Communications GmbH Chapter 11 LAN In this menu you configure the addresses in your LAN and can structure your local network using VLANs 11 1 IP Configuration In this menu you can edit the IP configuration of the LAN and Ethernet interfaces of your device 11 1 1 Interfaces In the LAN gt IP Configuration gt Interfaces menu the available IP interfaces are listed You can edit the IP configuration of the interfaces or create virtual interfaces for special ap plications Here is a list of all of the interfaces logical Ethernet interfaces and others cre ated in the subsystems configured in the System Management gt Interface Mode Bridge Groups gt Interfaces menu Use the E to edit the settings of an existing interface bridge groups Ethernet interfaces in routing mode You can use the New button to create virtual interfaces However this is only needed in special applications e g BRRP Depending on the option selected different fields and options are available All the config uration options are listed below The default setting for all existing interfaces of your device is Bridging mode In the ex works state the bridge group br0 is pre configured as a DHCP client with the fallback IP ad dress 192 168 0 252 and netmask 255 255 255 0 Note Please note If y
20. gt Remote Authentication gt RADIUS menu and selected in the RADIUS Server Group ID field e Local Authentication is carried out via a local list Name Only if Role Client Enter the authentication name of the client Password Only if Role Client Enter the authentication password RADIUS Server Group Only if Role Server ID Select the desired RADIUS group configured in System Man agement gt Remote Authentication gt RADIUS Users Only if Role Server and Mode Local If your gateway is configured as an XAuth server the clients can be authenticated via a locally configured user list Define the members of the user group of this XAUTH profile here by entering the authentication name of the client Name and the authentication password Password Add new members with Add 16 1 5 IP Pools In the IP Pools menu a list of all IP pools for your configured IPSec connections is dis played If have set IP Address Assignment IKE Config Mode Server for an IPSec peer you must define the IP pools from which the IP addresses are assigned Use the Add button to set up new IP pools witodon a e Seea Oa o 110400 se a ms 7 as ry rx 1 gt 7 gt A F O PERTEN IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools _ Options view 20 CTT 5 Fierin None vw equal x Go C Add JAL OK JU Cancet__ Fig 118 VPN gt I
21. gt Request menu consists of the following fields Fields in the Certificate List Certificate Request menu Field Description Certificate Request De Enter a unique description for the certificate bintec WLAN and Industrial WLAN 9 System Management Funkwerk Enterprise Communications GmbH Field Description scription Mode Select the way in which you want to request the certificate Possible settings e Manual default value Your device generates a PKCS 10 for the key This file can then be uploaded directly in the browser or copied in the Edit menu using the View Details field This file must be provided to the CA and the received certificate must then be imported manually to your device e SCEP The key is requested from a CA using the Simple Cer tificate Enrolment Protocol Generate Private Key Only if Mode Manual Select an algorithm for key creation RSA default value and DSA are available Also select the length of the key to be created Possible values 512 768 1024 1536 2048 4096 Please note that a key with a length of 512 bits could be rated as unsecure whereas a key of 4096 bits not only needs a lot of time to create but also occupies a major share of the resources during IPSec processing A value of 768 or more is however recommended and the default value is 1024 bits SCEP URL Only if Mode SCEP Enter the URL of the SCEP server e g ht tp scep funkwerk de 8080 scep scep dll Your
22. gt WLAN gt Bridge Links gt F under Action click the Scan link 12 After the scan the results are listed For the desired list entry click on the Connect link 13 Save the configuration by clicking on the Save Configuration button above the menu navigation To use the bridge link autoconfiguration function proceed as described in the Automatic Configuration of a Bridge Link workshop and read the Wireless LAN chapter of the user s guide under WLAN gt Bridge Links gt Add Manual configuration 1 Goto Wireless LAN gt WLAN gt Wireless Module Settings gt Edit 2 In Operation Mode select Bridge 4 Click OK 3 Leave the default settings in all other fields 5 Go to Wireless LAN gt WLAN gt Bridge Links gt pl 6 In Preshared Key enter for example bridgesecret 7 For Remote MAC address enter the MAC address of the bridge to which your bridge is to set up a connection e g 00 a0 9 5a 42 53 8 Leave the default settings in all other fields 9 Click OK 10 Configure a bridge link on the remote device in the same way 11 Save the configuration by clicking on the Save Configuration button above the menu navigation Your device is ready for operation when you have completed the configuration The configuration of the device and its integration into your network are now completed 4 8 Software Update The range of functions of bintec devices is continuously b
23. s PC The syslog messages saved internally on your device are lost when you reboot Warning Make sure you only pass syslog messages to a safe computer Check the data regu larly and ensure that there is always enough spare capacity available on the hard disk of your PC Syslog Daemon All Unix operating systems support the recording of syslog messages For Windows PCs the Syslog Demon included in the DIME Tools can record the data and distribute to various files depending on the contents can be called in the download area at www funkwerk ec com 20 1 1 Syslog Servers Configure your device as a syslog server so that defined system messages can be sent to suitable hosts in the LAN In this menu you define which messages are sent to which hosts and with which condi tions In the External Reporting gt Syslog gt Syslog Servers menu a list of all configured sys tem log servers is shown 20 1 1 1 New Choose the New button to set up new syslog servers WI1040n Language English View Standard Online Help pa servers Basic Parameters 1 IP Address Ma cova miomaion 3 Facility local Timestamp Onone Time Onate el Time Pr tocol i 7 z up Orce g o Type of Messages Osystem O Accounting system amp Accounting i OK Cancel _ Fig 161 External Reporting gt Syslog gt Syslog Servers gt New The External Repor
24. 3 j Selectone Disable HTTPS Controlled Interfaces DynDNS Client C Add DHCP Server e AAA g OK C Cancel Surveillance Funkwerk Discovery HotSpot Gateway Fig 146 Local Services gt Surveillance gt Hosts gt New The Local Services gt Surveillance gt Hosts gt New menu consists of the following fields Fields in the Hosts Host Parameters menu Field Description Group ID Select an ID for the group of hosts whose availability is to be monitored by your device The group IDs are automatically created from 0 to 255 If an entry has not yet been created a new group is created using the New ID option If entries have been created you can select one from the list of created groups Each host to be monitored must be assigned to a group The action configured in Interface Action is only executed if no other group member can be reached Fields in the Hosts Trigger menu Field Description Monitored IP Address Enter the IP address of the host to be monitored Source IP Address Select how the IP address is to be determined that your device bintec WLAN and Industrial WLAN Field Description uses as the source address of the packet sent to the host to be monitored Possible values e Automatic default value The IP address is determined automatically e Specific Enter the IP address in the adjacent input field Interval Enter the time interval in seconds to be used for checking the
25. 63 characters Note Change the default Preshared Key If the key has not been changed your device will not be protected against unau thorised access EAP Preauthentification Only if Security Mode WPA Enterprise Select whether the EAP preauthentification function is to be ac tivated This function tells your device that WLAN clients which are already connected to another access point can first carry out 802 1x authentication as soon as they are within range Such WLAN clients can then simply connect over the existing network connection with your device The function is activated by choosing Enabled The function is enabled by default Fields in the MAC Filter menu Field Description ACL Mode Select whether only certain clients are to be permitted for this wireless network The function is activated by choosing Enabled The function is disabled by default 12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Allowed Addresses Use Add to make entries and enter the MAC addresses MAC Address of the clients to be permitted 12 1 3 WDS Links If you operate your device in access point mode Wireless LAN gt WLAN gt Wireless Module Settings gt g gt Operation Mode Access Point you can set up and edit the desired WDS links in the Wireless LAN gt WLAN gt WDS Links gt g gt New menu Important The WDS link can only be configured in the 2 4 GHz band and in the 5 GHz band
26. 7 Dime Manager initial screen The Dime Manager detects the devices installed in the network 2 In the list double click the device you want to configure The following dialog box appears IP Settings Device Name Current Password New Password Show passwords in clear text Oo IP configuration IP Address IP Address Mode Subnet Mask Gateway 172 16 98 110 Static IP address 255 255 248 0 00 00 ld Save configuration permanently Fig 8 IP address assignment with the Dime Manager 3 Enter the network parameters Device name IP address Netmask and Gateway and click on OK CS Note The maximum length of the Device name parameter is 32 characters bintec WLAN and Industrial WLAN The Device name parameter may contain only the letters a z A Z the digitss 0 9 dash and dot to avoid errors by other systems during interpretation of the Device name The first character must be a letter and the last character cannot be a dot or dash A single character is not permitted as a name Your device can now be reached over the Ethernet with its IP address using a Web browser and can now be configured Funkwerk Configuration Interface Call up Fig 9 Funkwerk Configuration Interface Login Start the configuration interface as follows a Enter the IP address of your device in the address line of your Web browser With DHCP server e the IP address that the DHC
27. 9 6 2 CRLs In the System Management gt Certificates gt CRLs menu a list of all CRLs is shown If a key is no longer to be used e g because it has fallen into the wrong hands or has been lost the corresponding certificate is declared invalid The certification authority revokes the certificate and publishes it on a certificate blacklist so called CRL Certificate users should always check against these lists to ensure that the certificate used is currently valid This check can be automated via a browser The Simple Certificate Enrollment Protocol SCEP supports the issue and revocation of certificates in networks 9 6 2 1 Import Choose the Import button to import other CRLs WI2040n Language English y View Standard y Certificate List CRLs certificate Servers CRL import iT eM External Filename Browse OPS Local Certificate Description Administrative Access Remote Authentication File Encoding Auto M Certificates Password e gt F a iq oK JA Cancel Fig 49 System Management gt Certificates gt CRLs gt Import The System Management gt Certificates gt CRLs gt Import menu consists of the follow ing fields Fields in the CRLs CRL Import menu bintec WLAN and Industrial WLAN Field Description External Filename Enter the file path and name of the CRL to be imported or use Bro
28. CPU Usage Displays the CPU usage as a percentage Memory Usage Displays the usage of the working memory in MByte in relation to the available total working memory in MByte The usage is also displayed in brackets as a percentage Temperature Devices of the bintec WI series are fitted with a temperature bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 9 System Management Field VENTO sensor This shows the current temperature and the maximum and minimum temperatures reached Active Sessions SIF Displays the total of all SIF TDRC and IP load balancing ses RTP etc sions Active IPSec Tunnels Displays the number of currently active IPSec tunnels in relation to the number of configured IPSec tunnels Other fields in the menu Status Field VENTO Physical Interface In The physical interfaces are listed here and their most important terface Specifics Link settings are shown The system also displays whether the inter face is connected or active Interface specifics for Ethernet interfaces e IP address e Netmask Interface specifics for serial ISDN interfaces e Configured e Not configured Interface specifics for xDSL interfaces e Downstream Upstream Line Speed Interface Specifics for WLAN Interfaces Access Point Mode e Operation Mode Access Point or Off e The channel used on this wireless module e Number of connected clients e Number of WDS links e Software version
29. CRLs are to be included in the validation of certificates issued by the own er of this certificate Possible settings e Disabled No checking of CRLs e Always CRLs are always checked O Oily ii a CRE Dilsicsllomuicaora Rolne ius Present default value If the CA certificate contains a CRL Distribu tion Point CDP this one is to be checked additionally to the revocation lists globally configured on the device Under View Details in the certificate content you can check wheth er the CA certificate contains a CDP e Use Settings from superior certificate The set tings of the higher level certificate are used if one exists It is does not the same procedure is used as that described under Only if a CRL Distribution Point is present Force certificate to be Define that this certificate is to be accepted as the user certific trusted ate without further checks during authentication The function is activated with True The function is disabled by default fl Caution It is extremely important for VPN security that the integrity of all certificates manually marked as trustworthy certification authority and user certificates is ensured The dis played fingerprints can be used to check this integrity Compare the displayed values with the fingerprints specified by the issuer of the certificate e g on the Internet It is sufficient to check one of the two values 9 6 1 2 Request Registration authority certific
30. IEEE 802 11a h 19 channels Europe Standards IEEE 802 11a b g d h i IEEE 802 11n MIMO 2T3R IEEE 802 3 IEEE 802 3af IEEE 802 1q VLAN Tagging Funkwerk Enterprise Communications GmbH 6 Technical data Property Value Frequency bands 2 4 GHz Indoor Outdoor 2412 2472 MHz 5 GHz Indoor 5150 5350 MHz 5 GHz Outdoor 5470 5725 MHz 5 GHz BFWA 5755 5875 MHz only in Germany and Great Britain reporting obligations in Germany licencing obligations in Great Britain Standards amp Guidelines R amp TTE Directive 1999 5 EC EN 60950 1 IEC60950 EN 300 328 EN 301 489 17 EN 301 489 1 EN 301 893 EN 60601 1 2 Medical electrical equipment Part 1 2 Buttons A monitor button Security features WEP64 40 bit key WEP 128 104 bit key WPA Per sonal WPA Enterprise WPA2 Personal WPA2 Enter prise Access Control List Network Name Broadcast can be deactivated WEP key length bit 40 64 or 104 128 Software supplied Dime Manager on DVD Printed documentation supplied Quick Install Guide Safety notices R amp TTE Compliance Information Online documentation General Product Features bintec WI1 User s Guide Workshops Release Notes if applicable 040n and bintec WI2040n Property Value Variants bintec WI1040n An internal wireless module 3 external antenna WLAN 1 Ant 1 WLAN 1 Ant 2 WLAN 1 Ant 3 bintec WI2040n
31. If you click on the Go button a dialog box is shown in which you can select the storage location on your PC and enter the desired file name e Export configuration with state information The active configuration from the RAM is transferred to your local host If you click on the Go button a dialog box is shown in which you can select the storage location on your PC and enter the desired file name e Copy The configuration file in the Source File Name field is saved as Destination file name e Rename The configuration file in the Select file field is re named as New Filename e Delete configuration The configuration file in the Se lect file field is deleted e Delete file The file in the Select file field is deleted Configuration Encryption Only for Action Import configuration Export con figuration Export configuration with state in formation Define whether the data of the selected Action are to be encrypted The function is activated by choosing Enabled The function is disabled by default If the function is active you can enter the Password in the text Funkwerk Enterprise Communications GmbH 19 Maintenance Field Description field Filename Only for Action Import configuration Import lan guage Update system software Enter the path and name of the file or select the file with Browse via the explorer finder Source Location Only for Action Update system software Select the source
32. If Not Supported is displayed as the status you have entered a license for a sub system that your device does not support This means you cannot use the functions of this licence bintec WLAN and Industrial WLAN Deactivating a licence Proceed as follows to deactivate a licence 1 Goto System Management gt Global Settings gt System Licenses 2 Press the icon in the line containing the licence you want to delete 3 Confirm with OK The licence is deactivated You can reactivate your additional licence at any time by enter ing the valid licence key and licence serial number 9 3 Interface Mode Bridge Groups In this menu you define the operation mode for your device s interfaces Routing versus bridging Bridging connects networks of the same type In contrast to routing bridges operate at lay er 2 of the OSI model data link layer are independent of higher level protocols and trans mit data packets using MAC addresses Data transmission is transparent which means the information contained in the data packets is not interpreted With routing different networks are connected at layer 3 network layer of the OSI model and information is routed from one network to the other Conventions for port interface names If your device has a radio port it receives the interface name WLAN If there are several ra dio modules the names of wireless ports in the user interface of your device are made up of the fol
33. Interfaces WLAN Bridges HotSpot Gateway Qos Fig 185 Monitoring gt Bridge Values in the sta lt x gt list Field Description Current Wildcard MAC Shows the current configured wildcard MAC address Address IP Address Shows the IP address of the host associated with this WLAN cli ent link MAC Address Shows the MAC address of the host associated with this WLAN client link Port Shows the port on which the bridge is active bintec WLAN and Industrial WLAN 21 6 Hotspot Gateway 21 6 1 Hotspot Gateway In the Monitoring gt Hotspot Gateway gt Hotspot Gateway menu a list of all connected hosts is shown voca See ENE wit04orl se pesar a Automatic Refresh inteval 300 Seconds Apply 7 Authenticated HotSpot User T i Username tess Physical Adress logn terface 7 Fig 186 Monitoring gt Hotspot Gateway gt Hotspot Gateway Values in the list Hotspot Gateway Field Description User Name Displays the user s name IP Address Shows the IP address of the user Physical Address Shows the physical address of the user Logon Shows the login time Interface Shows the interface used bintec WLAN and Industrial WLAN 21 7 QoS In the Monitoring gt QoS menu statistics are displayed for all interfaces for which QoS has been configured 21 71 QoS In the Monitoring gt QoS gt QoS menu a list of all interfaces is s
34. Monitored Interface 351 Monitored Interfaces 387 Monitored IP Address 349 MSDUs that could not be transmitted 397 MTU 304 391 Multicast Group Address 235 Multicast MSDUs received successfully 397 Multicast MSDUs transmitted success fully 397 N Name 286 NAT active 217 NAT Detection 391 NAT Method 218 NAT Traversal 279 Negative Cache 325 Negotiation Type 391 Netmask 211 227 298 357 Network Name SSID 158 166 168 200 Network Type 211 New Destination IP Address Netmask 221 New Destination Port 221 Funkwerk Enterprise Communications GmbH New File Name 371 New Source Port 221 No 215 389 395 Node Name 357 Noise dBm 398 400 401 403 404 405 406 407 Number of Admitted Connections 272 Number of Messages 382 Number of Spatial Streams 144 193 O Operation Band 144 193 Operation Mode 144 190 193 Organisation 117 Organisational Unit 117 OSPF Mode 301 Other Inactivity 314 Outgoing Interface 250 Overbooking allowed 250 P Packets 391 Parity 127 Passed 394 Password 115 120 121 255 260 286 293 297 335 371 381 387 Peer Address 270 PeerID 270 Phase 1 Profile 272 Phase 2 Profile 272 Physical Address 410 Physical Interface Interface Specifics Link 77 Ping 95 Ping Test 367 Poisoned Reverse 228 Policy 105 109 Pool Usage 339 POP3 Server 381 POP3 Timeout 381 Port 125 337 408 409 PortMode 126 131 Funkwerk Enterprise
35. Two internal wireless modules 4 external antenna WLAN 1 Ant 1 WLAN 1 Ant 2 WLAN 2 Ant 1 WLAN 2 Ant 2 6 Technical data Funkwerk Enterprise Communications GmbH Property Value Dimensions and weights Equipment dimensions without cable W x Lx H 220 mm x 185 mm x 42 mm without feet Weight approx 1 200 g 3 WLAN modules LEDs bintec WI1040n 6 1x Failure 1x Status 3x WLAN 2x Ethernet 1x SFP bintec WI2040n 7 1x Failure 1x Status 3x WLAN 2x Ethernet 1x SFP Power consumption of the device 5 24 Watt depending on extensions Voltage supply Earth conductor connection to earth 5 20W All devices must be earthed 24 V 30 DC 1 1 A with reverse voltage protection in sulated 3 pole PoE on Ethernet 1 Class 0 insulated with max two WLAN modules Protection against theft Theft protection is available as an option Temperature sensor Temperature monitoring and software controlled actions possible Environmental requirements Storage temperature 40 C to 85 C Operating temperature 25 C to 70 C Relative atmospheric humidity 10 to 95 non condensing Room classification Operate only in dry rooms Available interfaces Serial interface V 24 Permanently installed supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Ethernet IEEE 802 3 LAN Permanently installed tw
36. enter the Ethernet interface here e g en1 0 If operating over WLAN the WLAN interface to which the access point is connected must be selected i Caution For security reasons you cannot configure your device over an interface that is configured for the Hotspot Therefore take care when selecting the interface you want to use for the Hotspot If you select the interface over which the current configura tion session is running the current connection will be lost You must then log in again over a reachable interface that is not configured for the Hotspot to configure your device bintec WLAN and Industrial WLAN 18 Local Services Funkwerk Enterprise Communications GmbH Field Description Domain at the HotSpot Enter the domain name that you used when setting up the Hot Server Spot server for this customer The domain name is required so that the Hotspot server can distinguish between the different cli ents customers Walled Garden Enable this function if you want to define a limited and free area of websites intranet The function is not activated by default Walled Network Net mask Only if Walled Garden is enabled Enter the network address of the Walled Network the corres ponding Netmask of the intranet server For the address range resulting from Walled Network Net masks clients require no authentication Example Enter 192 168 0 0 255 255 255 0 if all IP addresses from 192 168 0 0 to 19
37. oe ed a a ar ee 107 9 5 3 Options 2s oss ete o ln Cen e al te 110 9 6 Certificates 262 has EM a phe SR ee oh OA Bae ae ale 112 9 6 1 Certificate List i e erie te a ee we a a E 112 9 6 2 CRES enti db 2 nt ey SS ee et ded et ts Sse e Bk 2 121 9 6 3 Certificate Servers ee 122 Chapter 10 Physical Interfaces o 124 10 1 Ethernet Ports acacia an ia a a eal ae ea 124 10 1 1 Port Configuration 2 2 en 124 10 2 SerialPort 208 4 Ate werd Dat AA eB ee he ee 126 10 2 1 Serial Porto Ay santei he eee kN See Okt oh ae ok ee 126 10 3 Relaas nl gt Wee Oe AG A ey ety a eG ee ay s 130 bintec WLAN and Industrial WLAN 10 3 1 Relay Configuration 2 en 131 Chapter 11 LAN eek us Gd a a ek Ak ata eth a 132 11 1 IP Configurationy 4i ada tao a a 132 11 1 1 Interfaces hood ao asa ee amp dee SS 132 11 2 VEAN data e bl ea tl de td dd a td a A 136 11 2 1 VEANS S tE ad oA sheds he ld A a a ta tod 138 11 2 2 Port Configuration 2 2 o 139 11 2 3 Administration sardea n eS ate aot A e a a 140 Chapter 12 Wireless LAN 24 446 Geb bee bee be eee 141 12 1 WEAN hoe male atten Bey dane ta oat EE E E May tee ee as 142 12 1 1 Radio Settings s ie eects A Ste eb deta ie tees Sap 142 12 1 2 Virtual Service Sets 0 155 12 1 3 WDS LINKS s oe eo aes a ee al A abe 162 12 1 4 Client links 2 so ais See Oe AAO BAe a Rae A A 165 12 1 5 Bridge EInkS
38. wki utylizacyjnej i nie wyrzuca go do normalnych mieci domowych Het doorgehaalde symbool van de afvalcontainer op het apparaat betekent dat het apparaat op het einde van zijn levensduur niet bij het normale huisvuil mag worden verwijderd Het moet bij een erkend inzamelpunt worden ingeleverd O s mbolo com um caixote de lixo riscado que se encontra no aparelho significa que o aparelho no fim da sua vida til deve ser eliminado separadamente do lixo dom stico nos centros de recol ha adequados Chapter 7 Access and configuration This chapter describes all the access and configuration options 7 1 Access Options The various access options are presented below Select the procedure to suit your needs There are various ways you can access your device to configure it e Via your LAN e Via the serial interface 7 1 1 Access via LAN Access via one of the Ethernet interfaces of your device allows you to to open the Funk werk Configuration Interface in a web browser for configuration purposes and to access your device via Telnet or SSH i Caution If you carry out the initial configuration with the Funkwerk Configuration Interface this can result in inconsistencies or malfunctions as soon as you carry out additional settings using other configuration options Therefore it is recommended that the con figuration is continued with the Funkwerk Configuration Interface If you use SNMP shell commands continue with this c
39. 168 0 255 are free Enter 192 168 0 1 255 255 255 255 if only the IP address 192 168 0 1 is free Walled Garden URL Only if Walled Garden is enabled Enter the Walled Garden URL of the intranet server Freely ac cessible websites must be reachable over this address Terms amp Conditions Only if Walled Garden is enabled In the General Terms and Conditions input field enter the ad dress of the general terms and conditions on the intranet server or public server e g http www webserver de agb htm The page must lie within the address range of the walled garden net work Language for login win dow Here you can choose the language for the start login page The following languages are supported English German Italian French Spanishand Portuguese The language can be changed on the start login page at any time The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Ticket Type Select the ticket type Possible values e Voucher Only the user name must be entered Define a de fault password in the input field e Username Password default value User name and pass word must be entered Allowed HotSpot Client Here you can define which type of users can log in to the Hot spot Possible values e A11 All clients are approved e DHCP Client Prevents users who have not received an IP address from DHCP from logging in 18 8 1 2 O
40. 255 224 0 0 0 4 are reserved for multicast in the class D network An IP address from this range represents a multicast group to which several recipients can log in The multicast router then forwards the re quired packets to all subnets with logged in recipients Multicast basics Multicast is connectionless which means that any trouble shooting or flow control needs to be guaranteed at application level At transport level UDP is used almost exclusively as in contrast to TCP it is not based on a point to point connection At IP level the main difference is therefore that the destination address does not address a dedicated host but rather a group i e during the routing of multicast packets the decisive factor is whether a recipient is in a logged in subnet In the local network all hosts are required to accept all multicast packets For Ethernet or FDD this is based on MAC mapping where the group address is encoded into the destina tion MAC address For routing between several networks the routers first need to make themselves known to all potential recipients in the subnet This is achieved by means of Membership Management protocols such as IGMP for IPv4 and MLP for IPv6 Membership Management protocol In IPv4 IGMP Internet Group Management Protocol is a protocol that hosts can use to provide the router with multicast membership information IP addresses of the class D ad dress range are used for addressing An IP ad
41. 3 2 DynDNS Provider In the Local Services gt DynDNS Client gt DynDNS Provider menu a list of all con figured DynDNS providers is shown 18 3 2 1 New Choose the New button to set up new DynDNS providers WI1040n View Standard Online Help Logout DynDNS Update DynDNS Provider Basic Parameters Provider Name Server Update Path Port 80 Protocol DynDNS Update Interval 300 Seconds be Y OK Cancel Surveillance Funkwerk Discovery HotSpot Gateway Fig 140 Local Services gt DynDNS Client gt DynDNS Provider gt New The Local Services gt DynDNS Client gt DynDNS Provider gt New menu consists of the following fields Fields in the DynDNS Provider Basic Parameters menu Field Description Provider Name Enter a name for this entry Server Enter the host name or IP address of the server on which the provider s DynDNS service runs Update Path Enter enter the path on the provider s server that contains the script for managing the IP address of your device Ask your provider for the path to be used Port Enter the port at which your device is to reach your provider s server Ask your provider for the relevant port bintec WLAN and Industrial WLAN 18 Local Services Funkwerk Enterprise Communications GmbH Field Description The default value is 80 Protocol Select one of the protocols implemented Possible va
42. 300 Seconds Apply Bridge Link Description Remote MAC UpTime Tx Packets _Rx Packets Signal dBm RSSI RSSI2 RSSI3 Noise dBm Data Rate mbps SS RS LL aon od 20h somas 19 io 10 0 0 0 _ O Rate _ Tx Packets Rx Packets 802 11 afbig CE ma 148 0 Jo 36 o F aa CO o T o 0 pa j Jo _ 11 EE o 3 0 o fe fo A Ie A 2 E jo 3 lr o 0 1802 11n E 7 E E 144 4 o o 139 lo O LGE 10 l CA _ 86 7 0 0 m2 lo llas E jos la fo 57 8 0 o a h i i 28 9 0 o ar fo o o 14 4 ao 0 ra Mn bT ie p et Total fo lo al Back p Fig 181 Monitoring gt WLAN gt Bridge Links Values in the Bridge Links list Field Description Bridge Link Description Shows the name of the bridge link Remote MAC Shows the MAC address of the bridge link partner Up Time Shows the time in hours minutes and seconds for which the bintec WLAN and Industrial WLAN Field Description bridge link in question is active Tx Packets Shows the total number of packets sent Rx Packets Shows the total number of packets received Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm Data Rate mbps Shows the current clock rate of data received on this bridge link in mbps Rate Shows separately for each of the stated data rates the values for Tx Packets and Rx Packets 21 4 5 Client Links In the Monitoring gt WLAN gt Client Links
43. 304 391 Local Port 129 391 Local PPTP IP Address 262 Locality 117 Index Location 79 188 Logged Actions 313 Logging Level 97 Logon 410 Long Retry Limit 150 152 196 MAC Address 133 342 357 398 400 408 409 Mail Exchanger MX 336 Management VID 140 Matching String 382 Max Receive Lifetime 196 Max Transmit MSDU Lifetime 196 Max Clients 158 200 Max Link Distance 144 Max queue size 252 Max Scan Duration 176 Max Time Period for Active Scan 152 Max Time Period for Passive Scan 152 Max Transmission Rate 148 195 Maximum Groups 240 Maximum Message Level of Syslog Entries 79 Maximum Messages per Minute 380 Maximum Number of Accounting Log Entries 79 Maximum Number of Dialup Retries 258 262 Maximum Number of Syslog Entries 79 Maximum Response Time 237 Maximum Retries 295 Maximum Sources 240 Maximum Time between Retries 295 Maximum TTL for Negative Cache Entries 325 Maximum TTL for Positive Cache Entries 325 Maximum Upload Speed 247 250 266 mbps 396 Members 315 321 Memory Usage 76 Message 389 Message Compression 382 Message Timeout 382 Messages 391 Metric 211 Metric Offset for Active Interfaces 227 Metric Offset for Inactive Interfaces 227 Min queue size 252 Min Time Period for Active Scan 152 Min Time Period for Passive Scan 152 Minimum Time between Retries 295 Mode 115 129 168 212 215 237 240 275 286 Mode Bridge Group 91
44. 6120426693 32010609789043 4357773 Exponent e 17 bits 65537 Extensions Available key usage basic constraints KeyUsage DigitalSignature NonRepudiation KeyEncipherment BasicConstraints c FALSE a F0 41 44 3F 6A 62 DD 12 97 2C 67 21 F7 59 80 3E MDS Fingerprint 98 5B D6 3E 4A 9B 95 8B FE FF C2 27 CF 24 42 A7 17 6F 8C 54 SHA1 Fingerprint OK PA Cancel Fig 46 System Management gt Certificates gt Certificate List gt g The certificates and keys themselves cannot be changed but a few external attributes can be changed depending on the type of the selected entry The System Management gt Certificates gt Certificate List gt menu consists of the following fields Fields in the menu Field Description Description Shows the name of the certificate key or request Certificate is CA Certific Mark the certificate as a certificate from a trustworthy certifica ate tion authority CA Certificates issued by this CA are accepted during authentica tion unless specified otherwise under Phase 1 Profiles The function is activated with True The function is disabled by default bintec WLAN and Industrial WLAN 9 System Management Funkwerk Enterprise Communications GmbH Field Description Certificate Revocation Only for Certificate is a CA certificate True List CRL Checking Define the extent to which certificate revocation lists
45. 82 Signal 168 SignaldBm 176 398 400 401 403 404 405 406 407 Silent Deny 217 SMTP Authentication 381 SMTP Server 381 SNMP 95 SNMP Listen UDP Port 100 SNMP Read Community 81 SNMP Trap Broadcasting 384 SNMP Trap Community 384 SNMP Trap UDP Port 384 SNMP Version 100 SNMP Write Community 81 SNRdB 400 407 Source 309 Source File Name 371 Source Interface 212 235 Source IP Address 349 355 Source IP Address Netmask 212 219 221 242 Source Location 207 344 371 Source Port 212 219 Source Port Range 318 Source Port Range 219 242 Specify bandwidth 312 SSH 95 SSH service active 97 Start Mode 272 Start Time 346 State Province 117 Status 390 393 395 Stop Bits 127 Stop Time 346 Subnet 316 Subsystem 383 389 Successfully Answered Queries 332 Summary 117 Sync SAs with ISP interface state 290 Funkwerk Enterprise Communications GmbH System Admin Password 81 System Date 76 System Logic 371 System Name 79 T TACACS Secret 108 TOP Inactivity 314 TCP Keepalives 97 TCP Port 109 TCP MSS Clamping 135 Telnet 95 Temperature 76 Terms amp Conditions 363 TFTP File Name 344 TFTP Server 344 Third Timeserver 84 Ticket Type 365 Time 389 Time Condition 346 Time Update Interval 84 Time Update Policy 84 Time Zone 84 Timeout 109 129 Timestamp 376 Total 394 Traceroute Test 368 Traffic shaping 247 250 312 Transmit Key 159 163 166 201 Transm
46. 82 dBm MCS4 79 dBm MSC5 75 dBm MCS6 73 dBm MCS7 70 dBm MCS8 87 dBm MCS9 84 dBm MCS10 81 dBm MCS11 79 dBm MCS12 77 dBm MCS13 72 dBm MCS14 68 dBm MCS15 67 dBm 6 Technical data Funkwerk Enterprise Communications GmbH Property Value 2 4 GHz 802 11n 40 MHz MSCO 87 dBm MSC1 84 dBm MCS2 82 dBm MCS3 79 dBm MCS4 75 dBm MSC5 71 dBm MCS6 69 dBm MCS7 67 dBm MCS8 86 dBm MCS9 83 dBm MCS10 79 dBm MCS11 77 dBm MCS12 74 dBm MCS13 69 dBm MCS14 67 dBm MCS15 65 dBm 5 GHz 802 11a h 6 Mbit s 88 dBm 9 Mbit s 87 dBm 12 Mbit s 86 dBm 18 Mbit s 84 dBm 24 Mbit s 82 dBm 36 Mbit s 78 dBm 48 Mbit s 74 dBm 54 Mbit s 73 dBm 5 GHz 802 11n 20 MHz MSCO 88 dBm MSC1 85 dBm MCS2 83 dBm MCS3 81 dBm MCS4 78 dBm MSC5 74 dBm MCS6 72 dBm MCS7 70 dBm MCS8 88 dBm MCS9 85 dBm MCS10 83 dBm MCS11 80 dBm MCS12 77 dBm MCS13 72 dBm MCS14 70 dBm MCS15 68 dBm 2 4 GHz 802 11n 40 MHz MSCO 84 dBm MSC1 82 dBm MCS2 79 dBm MCS3 77 dBm MCS4 74 dBm MSC5 69 dBm MCS6 67 dBm MCS7 66 dBm MCS8 83 dBm MCS9 82 dBm MCS10 79 dBm MCS11 76 dBm MCS12 72 dBm MCS13 68 dBm MCS14 66 dBm MCS15 64 dBm Modulation Modulation IEEE 802 11 standards a h 5 GHz b g 2 4 GHz Modulation types 11 5 5 2 and 1 Mbit s DSSS 2 4 GHz 54 48 36 24 18 12 9 and 6 Mbit s OFDM 2 4 and 5 GHz Channels IEEE 802 11b g 13 channels Europe
47. ARP Processing a iy Picasa WMM Enabled Max Clients p Security Settings o PY Security Mode Inactive MAC Filter a ACL Mode DEnabled Allowed Addresses MAC Adress Ada C ok Cancel Fig 64 Wireless LAN gt WLAN gt Wireless Networks VSS gt 2 gt New The Wireless LAN gt WLAN gt Wireless Networks VSS gt 2 gt New menu consists of the following fields Fields in the Virtual Service Sets Service Set Parameters menu Field Description Network Name SSID Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Also select whether the Network Name SSID is to be trans mitted The network name is shown by choosing Visible It is visible by default Intra cell Repeating Select whether communication between the WLAN clients is to be permitted within a radio cell The function is activated by choosing Enabled bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 12 Wireless LAN Field Description The function is enabled by default ARP Processing Select whether the ARP processing function should be enabled The ARP data traffic is reduced in the network by the fact that ARP broadcasts that have been converted to ARP unicasts are forwarded to IP addresses that are known internally Unicasts are quicker and clients with an enabled power save function are not addressed The function is activate
48. All and Disable All you can enable or disable the IP ac counting function for all interfaces simultaneously bintec WLAN and Industrial WLAN 20 2 2 Options In this menu you configure general settings for IP Accounting WI1040n ho View Standard Online Help Logout Lit a z z Interfaces Options Log Format INET d t a c Ki r t gt L i bene ceo e a ALARIAF p 0 P 0 s 4 OK UC cancel Fig 163 External Reporting gt IP Accounting gt Options In the External Reporting gt IP Accounting gt Options menu you can set the Log Format of the IP accounting messages The messages can contain character strings in any order sequences separated by a slash e g t or n or defined tags Possible format tags Format tags for IP accounting messages Field Description d Date of the session start in the format DD MM YY t Time of the session start in the format HH MM SS a Duration of the session in seconds C Protocol i Source IP Address r Source Port f Source interface index l Destination IP Address R Destination Port SF Destination interface index bintec WLAN and Industrial WLAN Field Description p Packets sent 0 Octets sent P Packets received O Octets received S Serial Number for accounting message A By default the following format instructions are entered in the Log Format field INET sdsttatcti tr f g
49. CA administrator can provide you with the necessary data CA Certificate Only if Mode SCEP Select the CA certificate e Download In CA Name enter the name of the CA certific ate of the certification authority CA from which you wish to request your certificate e g cawindows Your CA adminis Funkwerk Enterprise Communications GmbH 9 System Management Field Description RA Sign Certificate RA Encrypt Certificate Password trator can provide you with the necessary data If no CA certificates are available the device will first down load the CA certificate of the relevant CA It then continues with the enrolment process provided no more important para meters are missing In this case it returns to the Generate Certificate Request menu Ifthe CA certificate does not contain a CRL distribution point Certificate Revocation List CRL and a certificate server is not configured on the device the validity of certificates from this CA is not checked e lt name of an existing certificate gt If all the necessary certific ates are already available in the system you select these manually Only if Mode SCEP Only if CA Certificates is not Download Select a certificate for signing SCEP communication The default value is Use CA Certificate i e the CA cer tificate is used Only if Mode SCEP Only if RA Sign Certificate is not Use CA Certificate If you use one of your own certificates to
50. DHCP Hostname E DHCP Broadcast Flag i enabled Proxy ARP Denabtea TCP MSS Clamping Enabled OK I Cancel Fig 55 LAN gt IP Configuration gt Interfaces gt Edit New The LAN gt IP Configuration gt Interfaces gt Edit New menu consists of the following fields Fields in the Interfaces Basic Parameters menu bintec WLAN and Industrial WLAN 11 LAN Funkwerk Enterprise Communications GmbH Field Description Based on Ethernet Inter This field is only displayed if you are editing a virtual routing in face terface Select the Ethernet interface for which the virtual interface is to be configured Address Mode Select how an IP address is assigned to the interface Possible values e Static default value A static IP address is assigned to the interface in IP Address Netmask e DHCP An IP address is assigned to the interface dynamically via DHCP IP Address Netmask Only if Address Mode Static With Add add a new adress entry and enter the IP Address and corresponding Netmask Interface Mode Only for physical interfaces in routing mode Select the configuration mode of the interface Possible values e Untagged default value The interface is not assigned for a specific purpose e Tagged VLAN This option only applies for routing inter faces You use this option to assign the interface to a VLAN This is done using the VLAN ID which is displayed in this mode
51. Fields in the Users Basic Parameters menu Description Enter a name for uniquely identifying the L2TP partner The first character in this field must not be a number and no special characters or umlauts must be used The maximum length of the entry is 25 characters Connection Type Select whether the L2TP partner is to take on the role of the L2TP network server LNS or the functions of a L2TP access concentrator client LAC client bintec WLAN and Industrial WLAN 16 VPN Funkwerk Enterprise Communications GmbH Field Description Possible values e LNS default value If you select this option the L2TP partner is configured so that it accepts L2TP tunnels and restores the encapsulated PPP traffic flow e LAC If you select this option the L2TP partner is configured so that it encapsulates a PPP traffic flow in L2TP and sets up a L2TP tunnel to a remote LNS Tunnel Profile Only for Connection Type LAC Select a profile created in the Tunnel Profiles menu for the connection to this L2TP partner User Name Enter the code of your device Password Enter the password Always on Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Connection Idle Timeout Only if Always on is disabled Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traf
52. GRE Fig 122 VPN gt L2TP gt Options The VPN gt L2TP gt Options menu consists of the following fields Fields in the Options Global Options menu Field Description UDP Destination Port Enter the port to be monitored by the LNS on incoming L2TP tunnel connections Available values are all whole numbers from 1 to 65535 the default value is 1701 as specified in RFC 2661 UDP Source Port Selec Select whether the LNS should only use the monitored port bintec WLAN and Industrial WLAN Field Description UDP destination port as the local source port for the L2TP tion connection The function is activated with Fixed The function is disabled by default 16 3 GRE Generic Routing Encapsulation GRE is a network protocol that encapsulates other proto cols and transports them in the form of IP tunnels to the specified recipients The specification of the GRE protocol is available in two versions e GRE V 1 for use in PPTP connections RFC 2637 configuration in the PPTP menu e GRE V 0 RFC 2784 for general encapsulation using GRE In this menu you can configure a virtual interface for using GRE V O The data traffic routed over this interface is then encapsulated using GRE and sent to the specified recipient 16 3 1 GRE Tunnels In the VPN gt GRE gt GRE Tunnels menu a list of all configured GRE tunnels is shown bintec WLAN and Industrial WLAN 16 3 1 1 New Choose the New button to set up ne
53. GmbH Field Description e RSA Signature Phase 1 key calculations are authenticated using the RSA algorithm e RSA Encryption In RSA encryption the ID payload is also encrypted for additional security Local Certificate Only if Authentication Method DSA Signature RSA Sig nature or RSA Encryption This field enables you to select one of your own certificates for authentication It shows the index number of this certificate and the name under which it is saved This field is only shown for authentication settings based on certificates and indicates that a certificate is essential Mode Select the phase 1 mode Possible values e Aggressive default value The Aggressive Mode is neces sary if one of the peers does not have a static IP address and preshared keys are used for authentication it requires only three messages for configuring a secure channel e Main Mode ID Protect This mode also designated Main Mode requires six messages for a Diffie Hellman key calculation and thus for configuring a secure channel over which the IPSec SAs can be negotiated A condition is that both peers have static IP addresses if preshared keys are used for authentication Also define whether the selected mode is used exclusively Strict or the peer can also propose another mode Local ID Type Select the local ID type Possible values e Fully Qualified Domain Name FQDN e E mail Address e IPV4 Address e ASN 1 DN Disting
54. Link FW 2 0 0 0 0 A 5 WLAN2 om o EEE ecc Relay Mode Inaktive o Eemal Reporting 2 Recent System Logs Monitoring 7 Time Level Subsystem Message 01 44 34 Information WLAN Ife 200100 vss1 1 Station 00 0C 84 01 AE 50 connected 00 05 13 Information WLAN fe 200100 vss1 1 Station 00 00 84 01 AE 50 connected _ 23 50 29 Information WLAN fe 200100 vss1 1 Station 00 0C 84 01 AE 50 connected 23 21 01 Information WLAN Ife 200100 vss1 1 Station 00 00 84 01 AE 50 connected E Information WLAN Ife 200100 vss1 1 Station 00 0C 84 01 AE 50 connected information WLAN fe 200100 vss1 1 Station 00 00 84 01 AE 50 connected Information WLAN Ife 200100 vss1 1 Station D0 0C 84 01 AE 50 connected 7 Information WLAN Ifc 200100 vss1 1 Station 00 0C 84 01 AE 50 connected 2 Information WLAN Ifc 200100 vss1 1 Station 00 00 84 01 AE 50 connected 17 371 2 Information WLAN ite 2001 00 yss1 1 Station 00 00 84 01 AE 50 connected Fig 32 System Management gt Status The System Management gt Status menu consists of the following fields Fields in the Status System Information menu Field VENTO Uptime Displays the time past since the device was rebooted System Date Displays the current system date and system time Serial Number Displays the device serial number BOSS Version Displays the currently loaded version of the system software Fields in the Status Resource Information menu Field Value
55. Name the Authentication and the current Status The Status field can take the following values Possible values for Status Field Description o connected a not connected dialup connection connection setup possible a not connected e g because of an error during setup of an out going connection a renewed attempt is only possible after a specified number of seconds o administratively set to down deactivated connection setup not possible for leased lines bintec WLAN and Industrial WLAN 15 WAN Funkwerk Enterprise Communications GmbH Default Route With a default route all data is automatically forwarded to one connection if no other suit able route is available Access to the Internet should always be set up as the default route to the Internet Service Provider ISP Further information on possible route types can be found under Routing gt Routes Activating NAT With Network Address Translation NAT you conceal your whole network to the outside world behind one IP address You should certainly do this for your connection to the Inter net Service Provider ISP Only outgoing sessions are allowed initially if NAT is activated To allow certain connec tions from outside to hosts within the LAN these must be explicitly defined and admitted Connection Idle Timeout The connection idle timeout is determined in order to clear the connection automatically if it is not being used i e if data is no long
56. Netmask Gateway bintec WLAN and Industrial WLAN The value of this field can only be read Shows the interface of your device on which discovery is carried out The value of this field can only be read Shows the MAC address of the discovered access point You can change the name of the discovered access point You can change the IP address of the discovered access point You can change the related netmask You can change the gateway address of the discovered access point Field Description Authentication Password You must enter the administrator password for the access point otherwise you cannot carry out the configuration operation Last Write Result The value of this field can only be read Displays the result of the last configuration operation Possible values e No Error The access point reported a successful operation or a configuration change has not yet been made with OK e No Response The access point has not responded e Access Denied The access point reported an authorisation error Check the authentication password e Invalid IP Parameters There is a problem with the in tended IP parameters IP address netmask or gateway ad dress e Destination Unreachable The access point cannot be reached for internal reasons e g the interface to which the access point is connected is down A configuration request cannot be sent to the access point e Other AP Error The access point respond
57. Not OK Subsystem is not activated Not supported You have entered a licence for a subsystem your device does not support In addition above the list is shown the System License ID required for on line licensing Note To restore the standard licences for a device click the Default Licences standard li cences button 9 2 4 1 Edit New Choose the 3 icon to edit existing entries Choose the New button to add licences wiro4on 5 onne nep opos wio System Passwords Date and Time System Licences Stus Basic Settings Global Settings Interface Mode iBridge Licence Serial Number pU aaan Licence Key Administrative Access L Remote Authentication E Fig 36 System Management gt Global Settings gt System Licenses gt New Activating extra licences You activate extra licences by adding the received licence information in the System Man agement gt Global Settings gt System Licenses gt New menu The System Management gt Global Settings gt System Licences gt New menu con sists of the following fields Fields in the System Licences Basic Settings menu Field VENTO Licence Serial Number Enter the licence serial number you received when you bought the licence Licence Key Enter the licence key you received by e mail Note If Not OKis displayed as the status e Enter the licence data again e Check your hardware serial number
58. Only if Security Mode WEP 40 WEP 104 Select one of the keys configured in WEP Key lt 1 4 gt as the default key The default value is Key 1 WEP Key 1 4 Only if Security Mode WEP 40 WEP 104 Enter the WEP key Enter a character string with the right number of characters for the selected WEP mode For WEP 40 you need a string of 5 characters WEP 104 13 characters For example hello for WEP 40 funkwerk wep1 for WEP 104 WPA Mode Only if Security Mode WPA PSK and WPA Enterprise Select whether you want to use WPA with TKIP encryption or WPA 2 with AES encryption or both Possible values WPA and WPA 2 default value WPA and WPA 2 can be used e WPA Only WPA is used e WPA 2 Only WPA2 is used WPA Cipher Only for Security Mode wPA PSK and WPA Enterprise and for WPA Mode WPA and WPA and WPA2 Select the type of encryption you want to apply to WPA Possible values e Please select a valid option default value Funkwerk Enterprise Communications GmbH 12 Wireless LAN Field Description e AES AES is used e AES and TKIP AES or TKIP is used WPA2 Cipher Only for Security Mode WPA PSK and WPA Enterprise and for WPA Mode WPA2 and WPA and WPA2 Select the type of encryption you want to apply to WPA2 Possible values e AES default value AES is used e AES and TKIP AES or TKIP is used Preshared Key Only if Security Mode WPA PSK Enter the WPA password Enter an ASCII string with 8
59. Options 2 a o a eB Ses E RARA dk Sed 50 7 1 1 Access Ma LAN Taag a a A A al A 50 7 1 2 Access via the Serial Interface o oo ooa a 53 7 2 Eoggingim 2 hi e a Pae a a ged A Pik era a ee 55 7 2 1 User names and passwords in ex works state 55 7 2 2 Logging in for Configuration 2 a a 56 7 3 Configuration options a aoa a a a a 56 7 3 1 Funkwerk Configuration Interface for advanced users o 57 7 3 2 SNMP shell O dorado Yi yan a a 8 72 7 4 BOOTmonitor aoa a a 72 Chapter 8 ASSISTANTS 3 ais Gere a ed e a at a a eg a 74 bintec WLAN and Industrial WLAN Chapter 9 System Management 020005 75 9 1 Status 2s vee ee Ee Ge pele ae ee AE ie Boel ee ed 75 9 2 Global Settings 6 o a 78 9 2 1 SysieM e scs e eon BoE Bee Dee ee eee Bae 78 9 2 2 Passwords La co ads Ae Boe ly ey tok de td 80 9 2 3 Date and Times 4 8 da oh adel ee a ob Bel ta 82 9 2 4 System Licences 2 e 86 9 3 Interface Mode Bridge Groups 2 o 89 9 3 1 Interfaces nb cc o A a do at T 91 9 4 Administrative Access 2 2 ee 94 9 4 1 ACCESS 22s dodo erate ata an dee MEER ee Se tes ea ee MEG Rae Bd 95 9 4 2 SSH oho a rae ee So ae Ba ee Se ee E 96 9 4 3 SNMP ts 40 a aa haw cdl ao wal DOA RG ode a we ald 100 9 5 Remote Authentication 2 2 a a ee 101 9 5 1 RADIUS a 6 04 pA book Bet Y ee ee BE Sot ek alld We dik 101 9 5 2 TACACS En 3
60. Parameters Description lS IP Address iae EIS A Fig 142 Local Services gt DHCP Server gt IP MAC Binding gt New The Local Services gt DHCP Server gt DHCP Binding gt New menu consists of the fol lowing fields Fields in the IP MAC Binding Basic Parameters menu Field Description Description Enter the name of the host to the MAC Address of which the IP Address is to be bound A character string of up to 256 characters is possible IP Address Enter the IP address to be assigned to the MAC address spe cified in MAC Address MAC Address Enter the MAC address to which the IP address specified in IP Address is to be assigned 18 4 3 DHCP Relay Settings If your device for the local network does not distribute any IP addresses to the clients by DHCP it can still forward the DHCP requests on behalf of the local network to a remote DHCP server The DHCP server then assigns the your device an IP address from its pool which in turn sends this to the client in the local network bintec WLAN and Industrial WLAN WI1040n Language English View Standard w11040n DHCP Pool IP MAC Binding DHCP Relay Settings Basic Parameters Primary DHCP Server 0 0 0 0 Secondary DHCP Server 0 0 0 0 RA OR J cancel DynDNS Client DHCP Server Scheduling _ Surveillance 4 Funkwerk Discovery HotSpot Gateway Fig 143 Local Services gt
61. Protocol TCP IP and click on Properties 2 Choose Use following IP address and enter a suitable IP address the matching net mask your default gateway and your preferred DNS server If you run a DHCP server in your network you can apply the default Windows setting Ob tain IP address automatically and Obtain DNS server address automatically Your PC should now meet all the prerequisites for the configuration of your device 4 4 IP configuration In the ex works state your device is configured in DHCP Client mode and therefore dynam ically receives an IP address if you run a DHCP server in your network If this is not the case connect your device directly to the configuration PC and use the fallback IP address 192 168 0 252 Alternatively you can assign your device the required fixed IP address by using the Dime Manager To do this install the program from the DVD provided on your configuration PC Proceed as follows a Place the DVD provided in the DVD drive of your configuration PC The installation wizard should start automatically If it does not open the following file on the DVD us ing your file browser starter exe b Follow the instructions in the installation wizard Then carry out the following steps to configure an IP address for your device 1 Start the Dime Manager from the Windows Start menu Start gt Programs gt funk werk gt Dime Manager The following dialog box appears Fig
62. Routing Field Description First select the port number range Possible values Any default value The route is valid for all port numbers Single Enables the entry of a port number Range Enables the entry of a range of port numbers Privileged Entry of privileged port numbers 0 1023 Server Entry of server port numbers 5000 32767 Clients 1 Entry of client port numbers 1024 4999 Clients 2 Entry of client port numbers 32768 65535 Not privileged Entry of unprivileged port numbers 1024 65535 Enter the appropriate values for the indivividual port or start port of a range in Port and for a range the end port in to Port Destination Port Only if Layer 4 Protocol TCP or UDP Enter the destination port First select the port number range Possible values Any default value The route is valid for all port numbers Single Enables the entry of a port number Range Enables the entry of a range of port numbers Privileged Entry of privileged port numbers 0 1023 Server Entry of server port numbers 5000 32767 Clients 1 Entry of client port numbers 1024 4999 Clients 2 Entry of client port numbers 32768 65535 Not privileged Entry of unprivileged port numbers 1024 65535 Enter the appropriate values for the indivividual port or start port of a range in Port and for a range the end port in to Port DSCP TOS Value Select the Type of Service TOS
63. Secondary 0 0 0 0 Advanced Settings y A ae Positive Cache Enabled Negative Cache i Enabled CHIESA Cache Size 3 100 Entries Le S Maximum TTL for Positive Cache Entries B6400 Seconds Surveillance pe ar Funkwerk Discovery Maximum TTL for Negative Cache Entries Foo Seconds HotSpot Gate o 7 pos Fallback interface to get DNS server Automatic As DHCP Server O None Own IP Address Global DNS Setting IP address to use for DNSAMINS server assignment __ As IPCP Server O None Own IP Address Global DNS Setting saul J OK JC Cancel Fig 133 Local Services gt DNS gt Global Settings The menu Local Services gt DNS gt Global Settings consists of the following fields Fields in the Global Settings Basic Parameters menu Field Description Domain Name Enter the standard domain name of your device DNS Server Configura Select whether the addresses of the global name server on your tion device can be overwritten by transferred name server ad dresses Possible values e Dynamic default value The name server addresses can be automatically overwritten e Static The name server addresses are not overwritten DNS Server Only for DNS Server Configuration Static Primary Enter the IP address of the first and if necessary second global bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 18 Local Services Field Description Secondary DNS server WINS S
64. Shows the number of invalid DNS packets received and ad dressed direct to your device DNS Requests Shows the number of valid DNS requests received and ad dressed direct to your device Cache Hits Shows the number of requests that were answered with static or dynamic entries from the cache Forwarded Requests Shows the number of requests forwarded to other name serv ers Cache Hitrate 9 Displays the number of Cache Hits per DNS Request in Successfully Answered Shows the number of successfully answered requests positive Queries and negative bintec WLAN and Industrial WLAN Field Description Server Failures Shows the number of requests that were not answered by any name server either positively or negatively 18 2 HTTPS You can operate the user interface of your device from any PC with an up to date Web browser via an HTTPS connection HTTPS HyperText Transfer Protocol Secure is the procedure used to establish an en crypted and authenticated connection by SSL between the browser used for configuration and the device 18 2 1 HTTPS server In the Local Services gt HTTPS gt HTTPS Server menu you configure the parameters of the secure configuration connection over HTTPS WI1040n Language English View Standard HTTPS Server HTTPS Parameters 3 HTTPS TCP Port 443 3 Local Certificate Internal __ DHCP Server Scheduling E Funkwerk Discovery HotS
65. a remote bridge e Denied It is not possible to set up a bridge link from a re mote bridge Fields in the Bridge Links Bridge Security Settings menu Field Description Privacy Select whether an encryption method is to be used for this bridge link and if so which one Possible values e TKIP default value Temporal Key Integrity Protocol e AES Advanced Encryption Standard Both encryption methods are rated as secure with AES offering better performance Preshared Key Enter the password for this bridge link You can also obtain the preshared key automatically Fields in the Bridge Links Remote Partner menu Field Description Remote MAC Address Enter the MAC address of the bridge link partner 12 1 5 2 Bridge Links Scan After the desired Bridge Links have been configured the e icon is shown in the list You can use this icon to open the Automatic Bridge Link Configuration menu bintec WLAN and Industrial WLAN Radio Settings Bridge Links Automatic Bridge Link Configuration Bridge Link Description wds1 0 Max Scan Duration 120 Seconds Action Scan Remote Link Description Remote Device Name SignaldBm Remote MAC Address Remote link enabled Connected Action q OK Di Cancel Back Fig 75 Wireless LAN gt WLAN gt Bridge Links gt Automatic Bridge Link Configuration After successful scanning a selection of potential bridge partners is displayed in the scan list In the Action
66. a string of 5 characters WEP 104 13 characters For ex ample hello for WEP 40 funkwerk wep1 for WEP 104 WPA Mode bintec WLAN and Industrial WLAN 13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Depending on whether you wish to use WPA or WPA 2 or both select for Security Mode WPA PSK Or WPA Enterprise WPA Cipher Depending on which encryption you wish to use with WPA select for Security Mode WPA PSK or WPA Enterprise and for WPA Mode WPAor WPA and WPA2 WPA2 Cipher Depending on which encryption you wish to use with WPA2 select for Security Mode WPA PSK or WPA Enterprise and for WPA Mode WPA2 or WPA and WPA2 Preshared Key Enter the WPA password for Security Mode WPA PSK Enter an ASCII string with 8 63 characters Note Change the default Preshared Key If the key has not been changed your device will not be protected against unauthorised access RADIUS Server You can control access to a wireless network via a RADIUS server With Add you can create new entries Enter the IP address and the password of the desired RADIUS server EAP Preauthentification For Security Mode WPA Enterpri se select whether the EAP preauthentification func tion is to be set as Activated This function tells your device that WLAN clients which are already connected to another access point can first carry out 802 1x authentication as soon as they are within range Such WLAN clients can then simply
67. and can be configured In this mode the definition of a MAC ad dress in MAC Address is optional MAC Address Only for virtual interfaces and if Interface Mode Untagged Enter the MAC address associated with the interface For virtual interfaces you can use the MAC address of the physical inter face under which the virtual interface was created but this is not necessary You can also allocate a virtual MAC address The first 6 characters of the MAC are preset but can be changed Funkwerk Enterprise Communications GmbH 11 LAN Field Description VLAN ID Only if Interface Mode Tagged VLAN This option only applies for routing interfaces Assign the inter face to a VLAN by entering the VLAN ID of the relevant VLAN Possible values are 1 default value to 4094 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description DHCP MAC Address Only if Address Mode DHCP If Use Built In is activated default setting the hardware MAC address of the Ethernet interface is used In the case of physical interfaces the current MAC address is entered by default If you disable Use Built In you enter a MAC address for the vir tual interface e g 00 e1 9 06 bf 03 Some providers use hardware independent MAC addresses to allocate their clients IP addresses dynamically If your provider has assigned you a MAC address enter this here DHCP Hostname Only if Address Mod
68. be configured WI2040n guage English Online Help Logout Slave Access Points Radio Modules Radio Profiles Wireless Networks VSS Access Point Settings E Administration Status Enabled CAPWAP Encryption n 1 enabled Location OK Cancel Fig 79 Wireless LAN Controller gt Slave AP Configuration gt Slave Access Points gt The Wireless LAN Controller gt Slave AP Configuration gt Slave Access Points gt p menu consists of the following fields Fields in the Slave Access Points Access Point Settings menu Field Description Administrative Status Select whether the selected AP is to be managed from the WLAN controller The function is activated by choosing Enabled The function is enabled by default You can disconnect the AP from the WLAN controller and there fore remove it from your WLAN infrastructure by disabling the function The AP then receives the Located status but is no longer Managed bintec WLAN and Industrial WLAN Field Description CAPWAP Encryption Select whether communication between the master and slaves is to be encrypted The function is activated by choosing Enabled The function is enabled by default You can override the encryption in order to view the communic ation for debugging purposes Location Displays the stated locality of the AP You can enter another locality 13 3 2 Radio Modules r peen i A wiz040n
69. bintec Hotspot hosting article number 5510000198 Access data Documentation Software licensing Please note that you must first activate the licence Go to www funkwerk ec com then Service Support gt Services gt Online Services Enter the required data please note the relevant explanations on the license sheet and follow the instructions of the online licensing You then receive the Hotspot server s login data a Note Activation may require 2 3 business days Access data for gateway configuration RADIUS Server IP 62 245 165 180 RADIUS Server Password Set by Funkwerk Enterprise Communications GmbH Domain Individually set for customers by customer dealer Walled Garden Network Individually set for customers by customer dealer Walled Garden Server URL Individually set for customers by customer dealer Terms amp Conditions URL Individually set for customers by customer dealer Access data for configuration of the Hotspot server Admin URL https hotspot funkwerk ec com Username Individually set by FEC Password Individually set by FEC 3 Note Also refer to the WLAN Hotspot Workshop that is available to download from www funkwerk ec com 18 8 1 Hotspot Gateway In the Hotspot Gateway menu you can configure the bintec gateway installed onsite for the bintec Hotspot Solution In the Local Services gt Hotspot Gateway gt Hotspot Gateway menu a list of all con figured hotspot networks is shown
70. br lt x gt menu the current values of the configured bridges are shown WI1040n Language English View Standard bd wi1040n ES Automatic Refresh interval aoo Seconds C Apply a Se MAC Address Port 1 00 a0 19 0b 08 98 ent 0 pa asd E Interfaces wlan E Bridges E HotSpot Gateway Qos Fig 184 Monitoring gt Bridges Values in the br lt x gt list bintec WLAN and Industrial WLAN Field Description MAC Address Shows the MAC addresses of the associated bridge Port Shows the port on which the bridge is active 21 5 2 sta lt x gt In the Monitoring gt Bridges gt sta lt x gt menu the current values of the bridges to the con figured WLAN clients are shown ETT WI1040n t gt wit04o i Save configuration j bro stato i Bro Physicalinterfaces y Automatic Refresh Interval 60 Seconds Apply ES caremvriecara mac Address aabicccaktee tt A CAN as P Address MAC Address Port Wireless LAN Controller 192 168 1 28 00 16 43 37 8 d1 lent 0 E ont A ane J 192 168 1 2 o ent 0 Oo MET jent 0 i io2160 123 IA Jemio LocalSevices m 192 168 100 100 00 0a e4 27 c212 ent 0 Maintenance z 192168121 00 41 48 73 31 07 vento ExtemalReporting z 192158124 00 14 48 87 17 56 vent 0 7 192 168 1 38 00 1512 47 83 06 ent 0 192 188 1 1 fetscoab 0401 lento IPSec pm
71. class plan can be assigned to multiple interfaces 14 6 3 QoS Interfaces Policies You can define the priority in the Routing gt QoS gt QoS Interfaces Policies menu En Note Data can only be prioritized in the outgoing direction Packets in the high priority class always take priority over data with class IDs 1 254 It is possible to assign or guarantee each queue and thus each data class a certain part of the total bandwidth of the interface In addition you can optimise the transmission of voice data real time data Depending on the respective interface a queue is created automatically for each class but only for data traffic classified as outgoing and for data traffic classified in both directions A priority is assigned to these automatic queues The value of the priority is equal to the value of the class ID You can change the default priority of a queue If you add new queues you can also use classes in other class plans via the class IDs 14 6 3 1 New Choose the New button to set up other priorities wit0400 unroson APA Qos Filter QoS Classification QoS Interfaces Policies Basic Parameters Interface bro Priorisation algorithm Priority Queueing h Trafic shaping Enabled 4 Routes Mamur Upload Sped 0 kbps MAT ne F Protocol Header Size below Layer 3 Ethernet EA ARA i Load Balancing Real Time Jitter Control C Enabled Multicast
72. code This must be sent by the SNMP Man ager with every SNMP request so that this is accepted by your device A character string of between 0 and 255 characters is possible here The default value is SNMP Trap 20 4 2 SNMP Trap Hosts In this menu you specify the IP addresses to which your device is to send the SNMP traps In the External Reporting gt SNMP gt SNMP Trap Hosts menu a list of all configured SNMP trap hosts is shown 20 4 2 1 New Choose the New button to set up new SNMP trap hosts bintec WLAN and Industrial WLAN SNMP Trap Options SNMP Trap Hosts Basic Parameters IP Address C OK J Cancel_ Fig 167 External Reporting gt SNMP gt SNMP Trap Hosts gt New The External Reporting gt SNMP gt SNMP Trap Hosts gt New menu consists of the fol lowing fields Fields in the SNMP Trap Hosts Basic Parameters menu Field Description IP Address Enter the IP address of the SNMP trap host 20 5 Activity Monitor This menu contains the settings needed to monitor your device with the Windows tool Activity Monitor part of BRICKware for Windows Purpose The Activity Monitor enables Windows users to monitor the activities of your device Im portant information about the status of physical interfaces e g ISDN line and virtual inter faces is easily obtained with one tool A permanent overview of the utilisation of
73. column click on Connect to connect the local bridge with this bridge If the partners are connected with one another the icon appears in the Connected column The icon appears in the Connected column if the connection is active The Wireless LAN gt WLAN gt Bridge Links gt Automatic Bridge Link Configuration menu consists of the following fields Fields in the Automatic Bridge L ink Configuration menu Field Description Bridge Link Description Displays the name of the bridge link you configured Max Scan Duration Enter the maximum time in seconds for the scan Possible values are 10to 600 The default value is 120 Action Start the scan by clicking on Scan If the antennas are installed correctly on both sides and LOS is free the bridge finds available bridges and displays them in the following list If the partner bridge cannot be found check the line of sight and the antenna installation Then carry out the Scan again The partner should then be found bintec WLAN and Industrial WLAN Field Description Remote Link Description Displays the name of the bridge link configured on the remote bridge Remote Device Name Displays the name of the remote bridge Signal dBm Displays the signal strength of the detected bridge link Remote MAC Address Shows the MAC address of the remote bridge Remote Link Enabled Displays the status of the link on the remote bridge Connected Displays the status of the link on y
74. data packets are only accepted over this interface if out going response packets are routed over the same interface You can therefore prevent the acceptance of packets with false IP addresses even without using filters WI1040n p i Language English View Standard w Online Help Logout 11040 m IP Routes Options Back Route Verity Enable for all interfaces Mode Enable for specific interfaces O Disable for all interfaces View 20 per page LT Fitter in None Y equal f Go No Interface Back Route Verify pp bro O Enabled i Page 1 Items 1 1 General Allow deleting editing all routing entries Enabled OK Cancel Fig 91 Routing gt Routes gt Options The Routing gt Routes gt Options menu consists of the following fields Fields in the Options Back Route Verify menu Field Description Mode No Interface Select how the interfaces to be activated for Back Route Verify are to be specified Possible values e Enable for all Interfaces Back Route Verify is activ ated for all interfaces e Enable for specific interfaces default value A list of all interfaces is displayed in which Back Route Verify is only enabled for specific interfaces e Disable for all interfaces Back Route Verify is dis abled for all interfaces Only for Mode Enable for specific interfaces Displays the serial number of the list ent
75. device via the network and to be able to carry out configuration the PC used for the configuration has to satisfy some prerequisites Make sure that the TCP IP protocol is installed on the PC e Select the suitable IP configuration for your configuration PC The PC via which you want to configure the IP address for your device must be in the same network as your device Checking the Windows TCP IP protocol Proceed as follows to check whether you have installed the protocol 1 Click the Windows Start button and then Settings gt Control Panel gt Network Con nections Windows XP or Control Panel gt Network and Sharing Center gt Change Adapter Settings Windows 7 2 Click on LAN Connection 3 Click on Properties in the status window 4 Look for the Internet Protocol TCP IP entry in the list of network components Installing the Windows TCP IP protocol If you cannot find the Internet Protocol TCP IP entry install the TCP IP protocol as fol lows 1 First click Properties then Install in the status window of the LAN Connection 2 Select the Protocol entry 3 Click Add 4 Select Internet Protocol TCP IP and click on OK 5 Follow the on screen instructions and restart your PC when you have finished Allocating PC IP address bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 4 Basic configuration Allocate an IP address to your PC as follows 1 Select Internet
76. e Infrastructure default value In a network in infrastruc bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 12 Wireless LAN Field Description ture mode all clients communicate with each other via access points only There is no direct communication between the in dividual clients e Ad Hoc In ad hoc mode an access client can be used as central interface between a number of terminals In this way devices such as computers and printers can be wirelessly in terconnected Select the channel to be used Operation Band Select the operation band and usage area of the wireless mod ule For Operation Mode Access Point or Bridge Possible values e 2 4 GHz In Outdoor default value our device is oper ated at 2 4 GHz mode 802 11b and mode 802 11g inside or outside buildings e 5 GHz Indoor Your device is run with 5 GHz Mode 802 11a h inside buildings e 5 GHz Outdoor Your device is run with 5 GHz Mode 802 11a h outside buildings e 5 GHz In Outdoor Your device is run with 5 GHz Mode 802 11a h inside or outside buildings e 5 8 GHz Outdoor Only for so called Broadband Fixed Wire less Access BFWA applications The frequencies in the fre quency range from 5 755 MHz to 5 875 MHz may only be used in conjunction with commercial offers for public network accesses and requires registration with the Federal Network Agency For Operation Mode Access Client Possible values e
77. e WEP 104 WEP 104 Bit e WPA None Only if Client Mode Ad Hoc WPA None e WPA PSK Only if Client Mode Infrastructure WPA Preshared Key Transmit Key Only if Security Mode WEP 40 WEP 104 Select one of the keys configured in WEP Key lt 1 4 gt as the default key The default value is Key 1 WEP Key 1 4 Only if Security Mode WEP 40 WEP 104 Enter the WEP key Enter a character string with the right number of characters for the selected WEP mode For WEP 40 you need a string of 5 characters WEP 104 13 characters For example hello for WEP 40 funkwerk wep1 for WEP 104 WPA Mode Only if Security Mode WPA PSK Select whether you want to use WPA with TKIP encryption or WPA 2 with AES encryption or both Possible values Field Description e WPA default value Only WPA is used e WPA 2 Only WPA2 is used Preshared Key Only if Security Mode WPA PSK Enter the WPA password Enter an ASCII string with 8 63 characters WPA Cipher Only for Security Mode wPA PSK and WPA Mode wPA Select which encryption method should be used Possible values e TKIP default value Temporal Key Integrity Protocol e AES Advanced Encryption Standard TAES and TKIR Both encryption methods are rated as secure with AES offering better performance WPA2 Cipher Only for Security Mode wPA PSK and WPA Mode wPaA2 Select which encryption method should be used Possible values e TKIP default value T
78. ee a SS See Ela et 368 19 1 3 Traceroute Test ao oaoa oaa a a 368 19 2 Software amp Configuration o aoa a a a a a 369 19 2 1 Options IES UA A Siar at e E 369 19 3 ReDOOb as dono a A A Be at Sa ea oe 374 19 3 1 System Reboot i i ce Pe ae ck eee ee ee ap a Ge na ek 374 Chapter 20 External Reporting o 375 20 1 Syslog bea e OE a a ee 375 20 1 1 Syslog Servers a ooa a 375 20 2 IPSACCOUNTING oa se o ee sd Ge A Ge es 378 20 2 1 Interfaces sve ee hres ke Boe E oP ee Ee a 378 20 2 2 OPTIONS E Et He es ge ed a ER en Be Wee Rn ential 379 20 3 E mail Alert coito ete QUE hobo eet 380 20 3 1 E mail AlertServer 2 a m n e o o 380 20 3 2 E mail Alert Recipient o 382 viii bintec WLAN and Industrial WLAN 20 4 20 4 1 20 4 2 20 5 20 5 1 Chapter 21 21 1 21 1 1 21 2 21 2 1 21 2 2 21 3 21 3 1 21 4 21 4 1 21 4 2 21 4 3 21 4 4 21 4 5 21 5 21 5 1 21 5 2 21 6 21 6 1 21 7 21 7 1 bintec WLAN and Industrial WLAN SINR iste oe E do a do na A e EET E EE E e eee E 383 SNMP Trap Options 2 2 o o 384 SNMP Trap Hosts 2 1 a 385 Activity Monitors 2 cf a0 we aad bade ae ea DRS ee A 386 SA A A E AO 387 Monitoring o e ee 389 Internal Log foe ss io a a a e EM 389 System Messages 2 2 1 389 IPSEC to dr En Ae oes Ge eae a Se ee
79. eo 390 IPS GATUNINEIS ua ete Geet Rien Mowe ee a e 390 IPSec Statistic Szy ar So ee Ba tae a ge ee ante 392 Interfaces 2 a 394 Statistis 25 2 4 a ee Bh ee ds Gh ed 394 WEAN a 0 atril rs Se AGE am ted eet eam e add 396 WLAN1 2 2 2 a 396 MSS og Sh eee hes AE a RS ee ae A te 398 WISE A Die 8 eal ae Ss ot Ask 2 etek BM Sk 401 Bridge LINKS t ets lt a BOAR BA ec ge oe Se i Be gg 404 Client ENKS 95 2 ek ct nde she the de id oh ed se hd ee 406 Bridges s a as aE Bee oe ee he ee E 408 TES tel Ae aed ches et tee te dere tenes A A top Metre tte Sey 408 SUD is Be A AN Se e EN tell dhe SN oe tg ttle Oe tam et 409 Hotspot Gateway 2 o 410 Hotspot Gateway 2 2 o 410 QOS F ti Gt Rte hen E oe aeons etc WY Bich te Be Res a cps E 411 DOS aiaa a iee A NA a A ok OS 411 bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 1 Introduction Chapter 1 Introduction The new generation access points are manufactured in an environmentally friendly way and meet the RoHS directive They support the latest WLAN technology and are designed for use particularly in the professional environment Safety notices The safety precautions brochure which is supplied with your device tells you what you need to take into consideration when using your access point Installation How to connect your device is shown in chapter Installation on page 6 Configuration Chapter Basic configuration on page 14 also tell
80. example if the remote end operates with older IPSec implementations The Advanced Settings menu consists of the following fields Fields in the Options Advanced Settings menu Field Description Send Initial Contact Select whether IKE Initial Contact messages are to be sent dur Message ing IKE phase 1 if no SAs with a peer exist The function is activated with Enabled The function is enabled by default Sync SAs with ISP inter Select whether all SAs are to be deleted whose data traffic was face state routed via an interface on which the status has changed from Upto Down Dormant or Blocked The function is activated with Enabled Funkwerk Enterprise Communications GmbH 16 VPN Field Description The function is disabled by default Use Zero Cookies Select whether zeroed ISAKMP Cookies are to be sent These are equivalent to the SPI Security Parameter Index in IKE proposals as they are redundant they are normally set to the value of the negotiation currently in progress Alternatively your device can use zeroes for all values of the cookie In this case choose Enabled Zero Cookie Size Only if Use Zero Cookies activated Enter the length in bytes of the zeroed SPI used in IKE propos als The default value is 32 Dynamic RADIUS Au Select whether RADIUS authentication is to be activated via thentication IPSec The function is activated with Enabled The function is disabled by default Fields in the
81. fields Fields in the Interfaces Basic Parameters menu Field Description Monitored Interface Select the interface on your device that is to be monitored Trigger Select the state or state transition of Monitored Interfaces that is to trigger a particular Interface Action Possible values e Interface goes up default setting e Interface goes down Interface Action Select the action that is to follow the state or state transition defined in Trigger bintec WLAN and Industrial WLAN Field Description The action is applied to the Interface s selected in Interface Possible values e Enable default value Activation of interface s e Disable Deactivation of interface s Interface Select the interface s for which the action defined in Interface Action is to be performed All the physical and virtual interfaces and the options 411 PPP Interfaces and All IPSec Interfaces can be selected 18 6 3 Temperature The temperature sensor is only fitted in devices of the WI series It is located on the main board Its measurement range is from 55 to 125 C with an accuracy of less than 1 C In the Local Services gt Surveillance gt Temperature menu a list of all triggers gener ated is shown By default lower and upper limits are set for the temperature overstepping these sets an alert variable and generates a syslog message The values are updated every 10 seconds bintec WLAN and Industrial WLAN 18 6
82. following fields Fields in the Interfaces menu Field Description Shows the serial number of the interface bintec WLAN and Industrial WLAN Field Description Interface Description Displays the name of the interface Select whether you want to run the interface in Routing Mode Mode Bridge Group or whether you want to assign the interface to an existing bro br1 etc or new bridge group New Bridge Group If you select New Bridge Group a new bridge group is created automatically when you click OK Configuration Interface Select the interface via which the configuration is to be carried out Possible values e Select one default value Ex works setting The right con figuration interface must be selected from the other options e Ignore No interface is defined as configuration interface e lt Interface name gt Select the interface to be used for con figuration If this interface is in a bridge group it is assigned the group s IP address when it is taken out of the group 9 3 1 1 lt stax x gt Edit Click the icon to edit additional settings for WLAN clients in bridge mode so called MAC bridge bintec WLAN and Industrial WLAN wi04on View Stender L Save configuration Interfaces Status Global Settings Interface Mode Bridge 4 2s Groups Wildcard Mode none Y Administrative Access Remote Authentication Certificates l Layer 2 5 Options Interface sta1 0
83. for the update Possible values e Local File default value The system software file is stored locally on your PC e HTTP server The file is stored on a remote server specified in the URL e Current software from Funkwerk server The file is on the official Funkwerk update server URL Only for Source HTTP server Enter the URL of the update server from which the system soft ware file is loaded Current File Name in Flash For Action Export configuration Choose the configura tion file to be exported Include certificates and keys For Action Export configuration Export configur ation with state information select whether the selec ted Action is also to apply for certificates and keys The function is activated by choosing Enabled The function is enabled by default Source File Name Only for Action CopySelect the source file to be copied Destination File Name Only for Action CopyEnter the name of the copy Select file Only if Action Rename Delete configuration or De lete fileChoose the file or configuration to be renamed or deleted New File Name Only for Action RenameEnter the new name of the configura Field Description tion file 19 3 Reboot 19 3 1 System Reboot In this menu you can trigger an immediate reboot of your device Once your system has restarted you must call the Funkwerk Configuration Interface again and log in Pay attention to the LEDs on your device For i
84. for the wireless controller DHCP Server Select whether an external DHCP server shall assign IP ad dresses to the APs or if your device should be used as the DH CP server For an internal DHCP server CAPWAP option 138 is active in order to allow communication between the master bintec WLAN and Industrial WLAN Field Description and slaves Note Make sure that option 138 is active when using an extern al DHCP server Possible values e DHCP Server with enabled CAPWAP option 138 External default value An external DHCP server with act ive CAPWAP option 138 assigns the IP addresses to the APs e DHCP Server with enabled CAPWAP option 138 Internal Your device on which the CAPWAP option 138 is active assigns the IP addresses to the APs IP Address Range Only for DHCP Server DHCP server with enabled CAPWAP option 138 Internal Enter the start and end IP address of the range These IP ad dresses and your device must originate from the same network 13 3 Slave AP Configuration In this menu you will find all of the settings that are required to manage the slave access points bintec WLAN and Industrial WLAN 13 3 1 Slave Access Points WI2040n guage English Online Help Logout Slave Access Points Radio Modules Radio Profiles Wireless Networks VSS automatic Refresh interval 300 Seconds C Appl J Location Device IP Address MAC Address Status bintec W1002n 10 0 0 1
85. gt SSH menu consists of the follow ing fields Fields in the SSH SSH Secure Shell Parameters menu Field Value SSH service active Select whether the SSH Daemon is to be enabled for the inter face The function is activated by choosing Enabled bintec WLAN and Industrial WLAN 9 System Management Funkwerk Enterprise Communications GmbH Field VENTO The function is enabled by default Compression Select whether data compression should be used The function is activated by choosing Enabled The function is disabled by default TCP Keepalives Select whether the device is to send keepalive packets The function is activated by choosing Enabled The function is enabled by default Logging Level Select the syslog level for the syslog messages generated by the SSH Daemon Possible settings e Information default value Fatal and simple errors of the SSH Daemon and information messages are recorded e Fatal Only fatal errors of the SSH Daemon are recorded e Errors Fatal and simple errors of the SSH Daemon are re corded e Debug All messages are recorded Fields in the SSH Authentication and Encryption Parameters menu Field Value Encryption Algorithms Select the algorithms that are to be used to encrypt the SSH connection Possible options e 3DES e Blowfish e AES 128 e AES 256 3DES Blowfish and AES 128 and are enabled by default Hashing Algorithms Select the algorithms that are to be a
86. in door if the channel is NOT Auto The number of channels you can selected depends on the country setting Please consult the data sheet for your device WDS links WDS Wireless Distribution System are static links between access points AP which are generally used to connect clients with networks that are not directly ac cessible to them e g because the distance is too great The access point sends from one client to another access point which then forwards the data to another client Important Note that the data is transferred between the access points in unencrypted form over the WDS link in the default configuration You are therefore urgently advised to apply one of the available security methods WEP40 or WEP 104 to protect data on WDS links WDS links are configured as interfaces with the prefix wds They behave like VSS interface and only differ from these with respect to the predefined routing A WDS link is defined as a transit network this relates to a point to point connection or point to multipoint connection between two access points that are included in different networks 12 1 3 1 WDS Links gt New Choose the pl icon to edit existing entries Choose the New button to configure other WDS links View Standard Save confiri ao J Radio Settings Virtual Service Sets WDS Links Physical Interfaces asc Poraneters TAN 0S Description Muse default l WDS Security Setti
87. lt rs sae o a dy ae te eo 169 12 2 Administration s es rra a o e e 177 12 2 1 Basic Settings 00h e a eth a ad 177 Chapter 13 Wireless LAN Controller 179 13 1 Wizard s ase tc a nk ah ee ee e 179 13 1 1 Basic Setup o o se un e Boe yep ee Boe eredi ee 179 13 1 2 Wireless Radio Profiles 2 2 2 en 180 13 1 3 Wireless Networks 2 p o el Gok cel ea ld a 180 13 1 4 Start automaticinstallation 2 a a ln 183 13 2 Controller Configuration 2 2 ee 184 13 2 1 General cS ia te AS He ye Mii hee BIS Sam ad 185 13 3 Slave AP Configuration 2 el 186 bintec WLAN and Industrial WLAN 13 3 1 Slave Access Points 2 2 ee o 187 13 3 2 Radio Modull s i a ss Saian ww So an Boyd Aaa A a a eke 189 13 3 3 R dio Profiles s a e 20 a bok tee a bode es Be Bs 192 13 3 4 Wireless Networks VSS 2 199 13 4 Monitoringa 2 Sean E ratas e a ata HOR a Be 204 13 4 1 Active Glients iis LLL a a A ta 205 13 4 2 NelghborAPS lt p a A oR A 206 13 5 Maintenances s 5 3 2 4 60 20 aia a o a a AA E 206 13 5 1 Firmware Maintenance eee ee ee 207 Chapter 14 ROUING oe ee Eee ee a 209 14 1 ROUTES hats o ee ee we on a a we ca Oe a 209 14 1 1 IPERQUIOS 3 Oe A 8 oe AA 209 14 1 2 Options 2 a aa a 214 14 2 NAT 20 FO Ae ear a A al a ad A 216 14 2 1 NAT Interfaces gt c puia a a a a A Os Se 216 14 2 2 NAT Configuration sie s 2 o e o R 218 14
88. message will appear Fields in the Virtual Service Sets Security Settings menu Field Description Security Mode Select the security mode encryption and authentication for the wireless network Possible values 13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description e Inactive default value Neither encryption nor authentica tion WEP 40 WEP 40 Bit e WEP 104 WEP 104 Bit WPA PSK WPA Preshared Key WPA Enterprise 802 11x Transmit Key Only if Security Mode WEP 40 WEP 104 Select one of the keys configured in WEP Key lt 1 4 gt as the default key The default value is Key 1 WEP Key 1 4 Only if Security Mode WEP 40 WEP 104 Enter the WEP key Enter a character string with the right number of characters for the selected WEP mode For WEP 40 you need a string of 5 characters WEP 104 13 characters For example hello for WEP 40 funkwerk wep1 for WEP 104 WPA Mode Only if Security Mode WPA PSK and WPA Enterprise Select whether you want to use WPA with TKIP encryption or WPA 2 with AES encryption or both Possible values WPA and WPA 2 default value WPA and WPA 2 can be used e WPA Only WPA is used e WPA 2 Only WPA2 is used WPA Cipher Only for Security Mode wPA PSK and WPA Enterprise and for WPA Mode WPA and WPA and WPA2 Select the type of encryption you want to apply to WPA Possible values e TKIP default value TKIP is used F
89. name of your device This is also used as the PPP host name A character string of up to 255 characters is possible The device type is entered as the default value Location Enter the location of your device Contact Enter the relevant contact person Here you can enter the e mail address of the system administrator for example A character string of up to 255 characters is possible The default value is FUNKWERK Maximum Number of Enter the maximum number of syslog messages that are stored Syslog Entries internally in the device Possible values are 0 to 1000 bintec WLAN and Industrial WLAN 9 System Management Funkwerk Enterprise Communications GmbH Field Value The default value is 50 You can view the stored messages in Monitoring gt Internal Log Maximum Message Select the priority of system messages above which a log Level of Syslog Entries should be created System messages are only recorded internally if they have a higher or identical priority to that indicated i e all messages generated are recorded at syslog level debug Possible values e Emergency Only messages with emergency priority are re corded e Alert Messages with emergency and alert priority are recor ded e Critical Messages with emergency alert and critical prior ity are recorded e Errors Messages with emergency alert critical and error priority are recorded e Warning Messages with emergency alert critical er
90. numbers for Numbers data packets sent through a tunnel on the basis of this profile The function is not currently used The function is activated with Enabled The function is disabled by default 16 2 2 Users In the VPN gt L2TP gt Users menu a list of all configured L2TP partners is shown 16 2 2 1 New Choose the New button to set up new L2TP partners bintec WLAN and Industrial WLAN Language English View Standard Online Help Logout Tunnel Profiles Users Options Basic Parameters Description OA Connection Type Suns Orac ewwer i Password E E ooncanos d awayson Denabied Connection Idle Timeout 300 Seconds P Mode and Routes IP Address Mode static O Provide IP Address DefauitRoute Dnabied d Create NAT Policy Local IP Address Route Entries Advanced Settings Block after connection failure for 300 Seconds Authentication MS CHAPV2 Encryption Onone Enabled O Windows compatible LCP Alive Check Menabied Prioritize TCP ACK Packets DEnabled Options F OSPF Mode OPassive Active Olnactive pa vir gt Proxy ARP Mode inactive O Up or Dormant Oup only DNS Negotiation HEnabled OK Cancel Fig 121 VPN gt L2TP gt Users gt New The VPN gt L2TP gt Users gt New menu consists of the following fields
91. o messages per Second Es Mode OhHost Routing Advanced Settings Frew TO IGMP Proxy Enabled E rowrierace eE External Reporting v OK Cancel Monitoring ot Fig 101 Routing gt Multicast gt IGMP gt g New The Routing gt Multicast gt IGMP gt p New menu consists of the following fields Fields in the IGMP IGMP Settings menu Field Description Interface Select the interface on which IGMP is to be enabled i e queries are sent and responses are accepted Query Interval Enter the interval in seconds in which IGMP queries are to be sent Possible values are 0 to 600 The default value is 125 Maximum Response For the sending of queries enter the time interval in seconds Time within which hosts must respond The hosts randomly select a time delay from this interval before sending the response This spreads the load in networks with several hosts improving per formance bintec WLAN and Industrial WLAN 14 Routing Funkwerk Enterprise Communications GmbH Field Description Possible values are 0 to 100 The default value is 100 Robustness Select the multiplier for controlling the timer values A higher value can e g compensate for packet loss in a network suscept ible to loss If the value is too high however the time between logging off and stopping of the data traffic can be increased leave latency Possible values are 2 to 8 The default value is 2 Last Member Qu
92. of a renewed phase 2 SA even if the keys of the phase 1 SA have become known 16 VPN Funkwerk Enterprise Communications GmbH Field Description The field has the following options e 1 768 Bit During the Diffie Hellman key calculation modular exponentiation at 768 bits is used to create the en cryption material e 2 1024 Bit default value During the Diffie Hellman key calculation modular exponentiation at 1024 bits is used to create the encryption material e 5 1536 Bit During the Diffie Hellman key calculation modular exponentiation at 1536 bits is used to create the en cryption material Lifetime Define how the lifetime is defined that will expire before phase 2 SAs need to be renewed The new SAs are negotiated shortly before expiry of the current SAs As for RFC 2407 the default value is eight hours which means the key must be renewed once eight hours have elapsed The following options are available for defining the lifetime Entry in Seconds Enter the lifetime for phase 2 key in seconds The value can be a whole number from 0 to 2147483647 The default value is 7200 Entry in KBytes Enter the lifetime for phase 2 keys as amount of data processed in Kbytes The value can be a whole number from 0 to 2147483647 The default value is 0 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description IP Compression Select whether compression is
93. of channels you can selected depends on the country setting Please consult the data sheet for your device Note Configuring the network name SSID in Access Point mode means that wireless net works can be logically separated from each other but they can still physically interfere with each other if they are operating on the same or closely adjacent wireless channels So if you are operating two or more radio networks close to each other it is advisable to allocate the networks to different channels Each of these should be spaced at least four channels apart as a network also partially occupies the adjacent channels In the case of manual channel selection please make sure first that the APs actually sup port these channels Transmit Power Displays the transmission power in dBm You can select another transmission power By pressing OK you apply the settings in the Access Point Settings window Select the access points that your WLAN controller shall manage In the Manage column click on the desired entries or click on Select All in order to select all entries Click on Start in order to install the WLAN and automatically assign the frequencies Note If there are not enough licences available the message The maximum number of slave access points that can be supported has been exceeded Please check your li cences If this message is displayed then you should obtain additional licences if appropri ate During the installation
94. of the WLAN and the allocation of frequencies on the messages dis played you will see how far the installation has progressed The display is continuously up dated Provided that non overlapping wireless channels are located for all access points the con figuration that is set in the Wizard is transferred to the access points When the installation is complete you will see a list of the Managed access points 13 2 Controller Configuration In this menu you make the basic settings for the wireless LAN controller bintec WLAN and Industrial WLAN 13 2 1 General 40 Language English View Standard Online Help Logout Basic Settings Interface BRIDGE_BRO DHCP Server with enabled CAPWAP option 138 DHCP Server O External internal IP Address Range foao 10 0 05 oK JC Cancel _ Fig 77 Wireless LAN Controller gt Controller Configuration gt General The Wireless LAN Controller gt Controller Configuration gt General menu consists of the following fields Fields in the General Basic Settings menu Field Description Region Select the country in which the wireless LAN controller is to be operated Possible values are all the countries configured on the device s wireless module The range of channels that can be used varies depending on the country setting The default value is Germany Interface Select the interface to be used
95. of the following fields Fields in the RIP Parameters for lt Interface gt menu Field Description Send Version Decide whether routes are to be propagated via RIP and if so select the RIP version for sending RIP packets over the inter face in send direction Possible values e None default value RIP is not enabled e RIP V1 Enables sending and receiving of version 1 RIP packets e RIP V2 Enables sending and receiving of version 2 RIP packets e RIP V1 V2 Enables sending and receiving of both version 1 and version 2 RIP packets bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 14 Routing Field Description e RIP V2 Multicast For sending RIP V2 messages over the multicast address 224 0 0 9 e RIP V1 Triggered RIP V1 messages are sent received and processed as per RFC 2091 triggered RIP e RIP V2 Triggered RIP V2 messages are sent received and processed as per RFC 2091 triggered RIP Receive Version Decide whether routes are to be imported via RIP and if so se lect the RIP version for receiving RIP packets over the interface in receive direction Possible values None default value RIP is not enabled e RIP V1 Enables sending and receiving of version 1 RIP packets e RIP V2 Enables sending and receiving of version 2 RIP packets e RIP V1 V2 Enables sending and receiving of both version 1 and version 2 RIP packets e RIP V1 Triggered RIP V1 messages are se
96. of the wireless card Access Client Mode e Operation Mode Access Client or Off e The channel used on this wireless module Field VENTO e Software version of the wireless card Bridge mode e Operation Mode Bridge or Off e The channel used on this wireless module e Number of configured bridge links e Software version of the wireless card Interface specifics for relay e Configured Mode Recent System Logs Displays the last 10 system messages 9 2 Global Settings The basic system parameters are managed in the Global Settings menu 9 2 1 System The System Management gt Global Settings gt System menu is used for entering the basic system data of your device bintec WLAN and Industrial WLAN WI1040n wit040n System Passwords Date and Time System Licences A eed Basic Parameters Interface Mode Bridge System Name wit040n PO ee Location _ Administrative Access ea a Remote Authentication Contact FUNKWERK _ Certificates f PO STO L Maximum Number of Syslog Entries 50 Maximum Message Level of Syslog Entries Information Y Maximum Number of Accounting Log Entries 20 T OK J Cancel Fig 33 System Management gt Global Settings gt System The System Management gt Global Settings gt System menu consists of the following fields Fields in the System Basic Parameters menu Field Value System Name Enter the system
97. only certain clients are to be permitted for this wireless network The function is activated by choosing Enabled The function is disabled by default Allowed Addresses Use Add to make entries and enter the MAC addresses MAC Address of the clients to be permitted Fields in the Wireless Networks VSS VLAN menu Field Description VLAN Select whether the VLAN segmentation is to be used for this wireless network The function is activated by choosing Enabled The function is disabled by default VLAN ID Enter the number that identifies the VLAN Possible values are 1 to 4094 13 4 Monitoring This menu is used to monitor your WLAN infrastructure bintec WLAN and Industrial WLAN 13 4 1 Active Clients WI2040n Language English View Standard Online Help Active Clients Neighbor Ps Automatic Refresh interval 300 Seconds Apply vew 20 pe page Ll Feer Go Location VSS ent Mac Sign fT Stats Uptime Page 1 Controller Configuration Slave AP configuration Fig 86 Wireless LAN Controller gt Monitoring gt Active Clients In the Wireless LAN Controller gt Monitoring gt Active Clients menu the current values of all active clients are shown For each Active Client you will see an entry with a parameter set Location VSS Client MAC Signal dBm Status Uptime Possible values for Status Status Meaning Open The client is no longer in a valid
98. optimised e Down Voice data transmission is not optimised e Always Voice data transmission is always optimised Maximum Upload Speed Enter the maximum available upstream bandwidth in kbps for bintec WLAN and Industrial WLAN Field Description the selected interface bintec WLAN and Industrial WLAN 16 VPN Funkwerk Enterprise Communications GmbH Chapter 16 VPN A connection that uses the Internet as a transport medium but is not publicly accessible is referred to as a VPN Virtual Private Network Only authorised users have access to such a VPN which is seemingly also referred to as a VPN tunnel Normally the data transported over a VPN is encrypted A VPN allows field staff or staff working from home offices to access data on the company s network Subsidiaries can also connect to head office over VPN Various protocols are available for creating a VPN tunnel e g IPSec or PPTP The connection partner is authenticated with a password using preshared keys or certific ates With IPSec the data is encrypted using AES or 3DES for example with PPTP you can use MPPE 16 1 IPSec IPSec enables secure connections to be set up between two locations VPN This enables sensitive business data to be transferred via an unsecure medium such as the Internet The devices used function here as the endpoints of the VPN tunnel IPSec involves a num ber of Internet Engineering Task Force IETF standards which speci
99. status Logon The client has just logged on with the WLAN controller Logged on The client has logged on with the WLAN controller Authentication The client is in the process of being authenticated Authenticated The client is authenticated bintec WLAN and Industrial WLAN 13 4 2 Neighbor APs wizodon o a Active Clients View 20 perpage L Fiterin None Jequal i Go Detected via AP MAC Address SSD Signal dBm Channel Last Seen Controller Configuration Slave AP configuration Fig 87 Wireless LAN Controller gt Monitoring gt Neighbor APs In the Wireless LAN Controller gt Monitoring gt Neighbor APs menu all neighbouring APs that are located during the scan are displayed For each neighbouring AP you will see an entry with a parameter set Detected via AP MAC Address SSID Signal dBm Channel Last Seen under Detected via AP you will see the locality of the respective device Click on Start under New Neighborscan in order to scan for neighbouring APs again You will receive a warning that the wireless modules of the access points must also be disabled for a certain period of time When you start the process with OK a progress bar is dis played The located AP display is updated every ten seconds 13 5 Maintenance This menu is used for the maintenance of your managed APs bintec WLAN and Industrial WLAN 13 5 1 Firmware Maintenanc
100. status Unknown is displayed generation of a key is not possible for example because there is not enough space in the FlashROM 9 4 3 SNMP SNMP Simple Network Management Protocol is a network protocol used to monitor and control network elements e g routers servers switches printers computers etc from a central station SNMP controls communication between the monitored devices and monit oring station The protocol describes the structure of the data packets that can be transmit ted as well as the communication process The data objects queried via SNMP are structured in tables and variables and defined in the MIB Management Information Base This contains all the configuration and status variables of the device SNMP can be used to perform the following network management tasks e Surveillance of network components e Remote controlling and configuration of network components e Error detection and notification You use this menu to configure the use of SNMP wi1040n WI1040n Language English View Standard E Online Help Logout co ETE SNMP Version f pane Listen UDP Port C ok cancel Fig 42 System Management gt Administrative Access gt SNMP The System Management gt Administrative Access gt SNMP menu consists of the fol lowing fields Fields in the SNMP Basic Settings menu bintec WLAN and Industrial WLAN Field Value SNMP
101. the boot configuration and also archive the previous boot configuration as a backup If you want to load the archived boot configuration into your device go to Maintenance gt Software amp Configuration and select Action Restore Backup The archived backup is used as the current boot configuration bintec WLAN and Industrial WLAN The navigation bar also contains the main configuration menus and their sub menus Click the main menu you require The corresponding sub menu then opens If you click the sub menu you want the entry selected will be displayed in red All the other sub menus will be closed You can see at a glance the sub menu you are in Status page If you call the Funkwerk Configuration Interface after you log in the status page of your device is displayed The most important data of your device can be seen on this at a glance Main configuration window The sub menus generally contain several pages These are called using the buttons at the top of the main window If you click a button the window is opened with the basic paramet ers You can extend this by clicking the Advanced Settings tab which displays the addi tional options Configuration elements The various actions that you can perform when configuring your device in the Funkwerk Configuration Interface are triggered by means of the following buttons Funkwerk Configuration Interface buttons Button Function Updates the view Apply p
102. the following fields Fields in the Groups Basic Parameters menu Field Description Description Enter the desired description of the address group Selection Select the members of the group from the available Addresses To do this enable the field in the Selection column 17 4 Services 17 4 1 Service List In the Firewall gt Services gt Service List menu a list of all available services is shown 17 4 1 1 New Choose the New button to set up new services wit040n WI1040n Language English View Standard Online Help Logout Service List Groups Basic Parameters Description pS Lo gt Protocol Any amp OK J Cancel Fig 131 Firewall gt Services gt Service List gt New The Firewall gt Services gt Service List gt New menu consists of the following fields Fields in the Service List Basic Parameters menu bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 17 Firewall Field Description Description Enter an alias for the service you want to configure Protocol Select the protocol on which the service is to be based The most important protocols are available for selection Destination Port Range Only if Protocol TCP UDP TCP or UDP In the first field enter the destination port via which the service is to run If a port number range is specified in the second field enter th
103. to be activated before data en cryption If data is compressed effectively this can result in higher performance and a lower volume of data to be trans ferred In the case of fast lines or data that cannot be com pressed you are advised against using this option as the per formance can be significantly affected by the increased effort during compression Funkwerk Enterprise Communications GmbH 16 VPN Field Description The function is activated with Enabled The function is disabled by default Alive Check Select whether and how IPSec heartbeats are used A bintec IPSec heartbeat is implemented to determine whether or not a Security Association SA is still valid This function sends and receives signals every 5 seconds depending on the configuration If these signals are not received after 20 seconds the SA is discarded as invalid Possible values e Inactive Your device sends and expects no heartbeat Set this option if you use devices from other manufacturers e Heartbeats Expect only Your device expects a heartbeat from the peer but does not send one itself e Heartbeats Send only Your device expects no heart beat from the peer but sends one itself e Heartbeats send amp expect Your device expects a heartbeat from the peer and sends one itself e Autodetect Automatic detection of whether the remote ter minal is a bintec device If it is Heartbeat Both for a remote terminal with bintec or No
104. to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 256 bits e Twofish Twofish was a final candidate for the AES Advanced Encryption Standard It is rated as just as secure as Rijndael AES but is slower e Blowfish Blowfish is a very secure and fast algorithm Twofish can be regarded as the successor to Blowfish e CAST CAST is also a very secure algorithm marginally slower than Blowfish but faster than 3DES e DES DES is an older encryption algorithm which is rated as weak due to its small effective length of 56 bits Hash algorithms Authentication e MD 5 default value MD 5 Message Digest 5 is an older hash algorithm It is used with a 96 bit digest length for IPSec e ALL All options can be used e SHA 1 SHA1 Secure Hash Algorithm 1 is a hash al gorithm developed by the NSA United States National Secur ity Association It is rated as secure but is slower than MD5 It is used with a 96 bit digest length for IPSec Note that RipeMD 160 and Tiger 192 are not available for mes sage hashing in phase 2 Use PFS Group As PFS Perfect Forward Secrecy requires another Diffie Hellman key calculation to create new encryption material you must select the exponentiation features If you enable PFS En abled the options are the same as for the configuration in Phase 1 Group PFS is used to protect the keys
105. which it learnt the routes with the metric Next Hop Count 16 Network is not reachable The function is activated with Enabled The function is disabled by default RFC 2453 Variable For the timers described in RFC 2453 select whether the same Timer values that you can configure in the Timer for RIP V2 RFC 2453 menu The function is activated with Enabled The function is enabled by default If you deactivate the function the times defined in RFC are re tained for the timeouts RFC 2091 Variable For the timers described in RFC 2091 select whether the same Timer values that you can configure in the Timer for Triggered RIP RFC 2091 menu The function is activated with Enabled The function is disabled by default If the function is not activated the times defined in RFC are re tained for the timeouts 14 Routing Funkwerk Enterprise Communications GmbH Fields in the RIP Options Timer for RIP V2 RFC 2453 menu Field Description Update Timer Only for RFC 2453 Variable Timer Enabled An RIP update is sent on expiry of this period of time The default value is 30 seconds Route Timeout Only for RFC 2453 Variable Timer Enabled After the last update of a route the route time is active After timeout the route is deactivated and the Garbage Collec tion Timer is started The default value is 180 seconds Garbage Collection Only for RFC 2453 Variable Timer Enabled Timer The Garbage C
106. which is used as a trigger for data transmission The function is activated with Enabled The function is disabled by default Possible values 0 65535 Default value 100 Fields in the Serial Port Buffer menu Field Description Clear Serial RX Buffer Click the Clear button to clear the receive buffer Clear Serial TX Buffer Click the Clear button to clear the send buffer 10 3 Relay Devices of the WI series are fitted with a relay The rest i e normal unexcited fault state of the contacts is open You can choose whether the relay is manually controlled or used as an alarm relay coupled with the red error LED When manually controlled the state of the relay is set during booting when the configuration is loaded bintec WLAN and Industrial WLAN 10 3 1 Relay Configuration In this menu you can configure the port mode WI1040n Language English View Standard Rey contaran p J Port Mode E inaktive O Active O Alarm Relay k Le C o Cancel __ Fig 54 Physical Interfaces gt Relay gt Relay Configuration The Physical Interfaces gt Relay gt Relay Configuration menu consists of the following fields Fields in the Relay Configuration Basic Parameters menu Field Description Port Mode Possible values e Inactive default value The relay is manually set to al ways open e Active The relay is manually set to always closed
107. 0 18 1 5 Statistics ro a nse eases A A A an ee 332 18 2 HTTPS epa Godot ie Gt a a ath on web a 333 18 2 1 HTTPS Senver perap dei a ee ea ees ga Ae ait 333 18 3 DynDNS Client 2 3 0206 A ea ge ee ea 334 18 3 1 DynDNS Update 2 2 eee ee 335 18 3 2 DynDNS Provider 4 4 24865235 444604 48 48 Reba 336 18 4 DHCP Server 1 2 1 ee o 338 18 4 1 DHGP POON Las dr diet phe Bo tk A ate be Malt ditt Tn Liat Sih a tah 339 18 4 2 IP MAC Binding o e 341 18 4 3 DHCP Relay Settings ooa a o a 342 18 5 Scheduling oii untar a A atures of ite A 343 18 5 1 Schedule aoi se ap eee ke a De a Se ok 344 18 5 2 Options 2 eos gon ee Roe Oe OE Ee Ree 347 18 6 Surveillances ir Soe A Soe AA ee 348 bintec WLAN and Industrial WLAN 18 6 1 HOSTS hy he Go sings A ES Sn te te end Bal Giggs Dad ER Gxt Greig he Gong oe 348 18 6 2 IAS 2 woe ge wet ee RE Re Bo A ae ee 350 18 6 3 Temperature a se go ea hed tee ee be he da 352 18 6 4 Ping Generator lt v ss s es ro boross bucse noine 354 18 7 Funkwerk Discovery 2 oaa a a 355 18 7 1 Device Discovery ao soaa oao e ee ee 355 18 7 2 OPTIONS 004 P25 pr AO ae ei ee 359 18 8 Hotspot Gateway 2 a a o o eo 359 18 8 1 Hotspot Gateway lt 3 0 da Soc A a ee et 361 Chapter 19 Maintenance 0 2 0 0 02 ee eee ee 367 19 1 Diagnostics a s won eho Vo A ee oe Wa es 367 19 1 1 Ping Test id bP ee to ee eee A 367 19 1 2 DNS TeSt 00 a
108. 00 01 cd De 8 04 Omanaged Wi2040n 10 0 0 232 00 01 cd 06 76 fa Odiscovered lla Slave AP configuration Monitoring Maintenance Fig 78 Wireless LAN Controller gt Slave AP configuration gt Slave Access Points In the Wireless LAN Controller gt Slave AP configuration gt Slave Access Points menu a list of all located APs is displayed with help from the Wizard For each access point you will see an entry with a parameter set Location Device IP Address MAC Address Status Possible values for Status Status Meaning Discovered The AP has received an IP address via the DHCP and has com municated this to the controller via option 138 The controller has prompted the required parameters from the AP Initialise The WLAN controller and the APs communicate via CAPWAP The configuration is transferred and enabled to the APs Managed The AP is set to Managed status The controller has sent a configuration to the AP and has enabled this The AP is man aged centrally from the controller and cannot be configured via the FCI No licence available The AP does not have a WLAN controller licence Off The AP is either administratively disabled or switched off or has its power supply cut off etc bintec WLAN and Industrial WLAN 13 3 1 1 Edit Choose the pl icon to edit existing entries You can also delete entries with the aid of il If you have deleted APs these will be loc ated again but shall not
109. 1 Statistics In the Monitoring gt Interfaces gt Statistics menu the current values and activities of all device interfaces are shown bintec WLAN and Industrial WLAN Wi1040n Language Engi x onine Help Logout i show Transfer Totals Automatic Refresh Interval 300 Seconds Apply J View per page Is l Fiter in None Y equal Go No Description Type Tx Packets TxBytes Tx Errors Rx Packets Rx Bytes Rx Errors Status Unchanged for Action 1 lent 0 Ethemet 1371K 1268M 0 85 86K 46 45M 0 4sd1shs7mass ela A 2 lent 1 Ethernet 0 o o 0 0 0 daisnsimsis ale A 3 bro lEthernet 13 71K 1241M 0 8544K 4489M 0 4disnsrmas EE A par wasio 80211 0 o oF o oarnsemass els A ls wast 80211 0 Jo fo To Ja odtans7ms7s els A 6 Peert Tunnel 0 A A A i 0 o odmh mis PE A Page 1 tems 1 6 Fig 173 Monitoring gt Interfaces gt Statistics You change the state of the interface by pressing the e button or button in the Action column Press the 8 button to display the statistical data for the individual interfaces in de tail Values in the list Statistics Field Description No Shows the serial number of the interface Description Displays the name of the interface Type Displays the interface text Tx Packets Shows the total number of packets sent Tx Bytes Displays the total number of octets sent Tx Errors Shows the total number
110. 2 1 Groups In the Firewall gt Interfaces gt Groups menu a list of all configured interface groups is shown You can group together the interfaces of your device This makes it easier to configure fire wall rules 17 2 1 1 New Choose the New button to set up new interface groups wil040n Description 5 Members _ Addresses ia cemices Fig 128 Firewall gt Interfaces gt Groups gt New The Firewall gt Interfaces gt Groups gt New menu consists of the following fields Fields in the Groups Basic Parameters menu Field Description Description Enter the desired description of the interface group Members Select the members of the group from the available interfaces To do this activate the field in the Members column bintec WLAN and Industrial WLAN 17 3 Addresses 17 3 1 Address List In the Firewall gt Addresses gt Address List menu a list of all configured addresses is shown 17 3 1 1 New Choose the New button to set up new addresses WI1040n Language English View Standard Online Help wi1040n Address List i Basic Parameters Description FE gt Ts _ Address Type address Subnet Address Range Address Subnet 0 0 0 0 0 0 0 0 HE vases 7 n 1 o oK cancel Fig 129 Firewall gt Addresses gt Address
111. 2 4 and 5 GHz default value 0 3 Gliz e 2 4 GHz Usage Area Only for Operation Mode Access Client Client Mode 12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Infrastructure and Operation Band 2 4 and 5 GHzor IRCH Z Possible values e Indoor Outdoor default value e Indoor e Qutdoor IEEE 802 11d Compli Only for Operating Mode Access Client ance Possible values e Flexible default value e None O SECLE Channel The number of channels you can selected depends on the country setting Please consult the data sheet for your device Access Point Modus Bridge Modus Configuring the network name SSID in Access Point mode means that wireless networks can be logically separated from each other but they can still physically interfere with each other if they are operating on the same or closely adjacent wireless channels So if you are operating two or more radio networks close to each other it is advisable to allocate the networks to different channels Each of these should be spaced at least four channels apart as a network also partially occupies the adja cent channels In the case of manual channel selection please make sure first that the clients actually support these channels Possible values e For Frequency Band 2 4 GHz In Outdoor Possible values are 1 to 13 and Auto default value Auto is not possible in bridge mode e For Frequency Band 5 GHz Indoor Possibl
112. 24 9 pin Sub D connector Relay switching contact N O 42 V AC 1 A 30 V DC 2A potential free software con figurable switchable Ethernet interface RJ45 socket Antennas Antenna connection RTNC socket Transmit Power WLAN max 100 mW 20 dBm EIRP Receiver sensitivity 5 GHz 802 11a h 6 Mbit s 88 dBm 9 Mbit s 87 dBm 12 Mbit s 86 dBm 18 Mbit s 84 dBm 24 Mbit s 82 dBm 36 Mbit s 78 dBm 48 Mbit s 74 dBm 54 Mbit s 73 dBm 2 4 GHz 802 11b g 1 Mbit s 91 dBm 2 Mbit s 90 dBm 5 5 Mbit s 89 dBm 11 Mbit s 88 dBm 6 Mbit s 90 dBm 9 Mbit s 89 dBm 12 Mbit s 88 dBm 18 Mbit s 86 dBm 24 Mbit s 83 dBm 36 Mbit s 80 dBm 48 Mbit s 76 dBm 54 Mbit s 74 dBm 6 Technical data Funkwerk Enterprise Communications GmbH Property Value Modulation Modulation IEEE 802 11 standards a h 5 GHz b g 2 4 GHz Modulation types 11 5 5 2 and 1 Mbit s DSSS 2 4 GHz 54 48 36 24 18 12 9 and 6 Mbit s OFDM 2 4 and 5 GHz Channels IEEE802 11b g 13 channels Europe IEEE802 11a h 19 channels Europe Standards IEEE 802 11a b g d h i IEEE 802 3 IEEE 802 3af IEEE 802 1q VLAN Tagging Standards amp Guidelines R amp TTE Directive 1999 5 EC EN 60950 1 IEC60950 EN 60950 22 EN 301489 1 EN301489 17 EN 55022 EN 300328 1 EN 301893 EN 302502 EN 50371 Buttons Reset and reset to ex work settings possible with two but t
113. 3 1 New Click on the New button to configure new limits WI1040n Language English View Standard Hosts Interfaces Temperature Ping Generator Basic Parameters Trigger Temperature above 65 e Action Enable Interface Relay OK JC cancel d Funkwerk Discovery __ HotSpot Gateway Fig 148 Local Services gt Surveillance gt Temperature gt New The Local Services gt Surveillance gt Temperature gt New menu consists of the follow ing fields Fields in the Temperature Basic Parameters menu Field Description Trigger Enter here the temperature limit value min max Possible values e Temperature above e Temperature below Action Select the action that is to follow the state or state transition defined in Trigger Possible values e Enable default value e Disable bintec WLAN and Industrial WLAN Field Description Interface Select the interface via which the action is to be carried out Possible values e Relay default value The overstepping of the limit is coupled with the relay e lt Interface gt On overstepping the temperature limit the se lected interface is turned off 18 6 4 Ping Generator In the Local Services gt Surveillance gt Ping Generator menu a list is shown of all pings configured for automatic generation 18 6 4 1 Edit New Choose the i icon to edit existing entries Choose the N
114. 3 A O O E ay of OB 223 14 3 1 RIP Intenaces o aaa id Se o da he OK ae te Boe kee S 223 14 3 2 RIP Fiter ot da 2 ee edt a RE teed Bole a te ck te 226 14 3 3 RIP Options sa 2 6 aA o RR AA RRR eS RA a A 228 14 4 Load Balancing 2 2 e 231 14 4 1 Load Balancing Groups 2 a a 231 145 M lticast La fant stall A ord chin ad Sd 233 14 5 1 Forwarding ls Gor S ay eae Bea E A ah eles a aed 235 14 5 2 IGMP ee io E eee WOR EO Bate they WE 236 14 5 3 Options E ti WAL AA PAs ld Ban A A 239 14 6 QOS fn sate ek See Ok we eo ta Se OS i TA a a y a a A 241 14 6 1 QoS Filters 2 ta Br ee ee a oe ee i eee 241 14 6 2 QoS Classification 2 ee 244 bintec WLAN and Industrial WLAN V 14 6 3 QoS Interfaces Policies 2 2 ee 246 Chapter 15 WAN Mi Glatt ed antes fd Gt verti dl alates andi Gl ed 253 15 1 Internet Dialup o aa 253 15 1 1 PPPOE do as Goce id sl thy BD cd Boe Da et 255 15 1 2 PPTP 00 de en Ge ha yet ie Be ee ap Bk thd rd TR 259 15 1 3 IPSPOOIS s 2 4 mot alah dee Bath Bol Set be eg te Bh Bat bet 264 15 2 Real Time Jitter Control 2 2 ee ee 265 15 2 1 Controlled Interfaces 2 1 265 Chapter 16 VPN ls A a 268 16 1 IPS IR e IO e de do a e II d 268 16 1 1 IPS6c Pears ate da er ee ee hee Mid Be Soe eee id 268 16 1 2 Phase 1ProfileS 0 2 5008 e do e ao ee 274 16 1 3 Phase 2 Profiles a 281 16 1 4 XAU
115. 9 7 7 1 250 10 7 8 3 1 500 11 3 8 8 1 750 11 8 9 1 2 000 12 1 9 4 2 250 12 3 9 5 2 500 12 4 9 6 2 750 12 3 9 5 3 000 12 1 9 4 3 250 11 8 9 1 3 500 11 3 8 8 3 750 10 7 8 3 4 000 9 9 7 7 4 250 8 8 6 8 bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 12 Wireless LAN Distance from transmit an Radius of 1st Fresnel zone Radius at 60 of tenna km m 1st Fresnel zone m 4 500 7 4 5 7 4 750 5 4 4 2 Example Radius of 1st Fresnel zone as a function of distance to the transmit antenna for a distance of 700 m at 2 45 GHz Example 2 Distance from transmit an Radius of 1st Fresnel zone Radius at 60 of tenna km m 1st Fresnel zone m 100 1 6 1 25 200 2 1 1 6 300 2 3 1 75 400 2 3 1 75 500 2 1 6 600 1 6 1 25 3 Note When setting up a bridge link make sure that no obstacles or trees protrude into the Fresnel zone If obstacles exist the transmission rate will drop and the path may even tually fail It is not essential to consider the LOS for short distances inside buildings as the radius of the Fresnel zone will be very small here If you meet these requirements the link can be set up and maintained without further limitations A special feature of links with bintec bridges is that they are completely un affected by weather conditions dE Note For a bridge path always use the marked antenna connection This is the device s primary connection primary a
116. AD SL access However PPPoE is now offered here too by some providers 15 1 1 1 New Choose the New button to set up new PPPoE interfaces wit040n SE PPTP IP Pools Basic Parameters F z Description tea on PPPoE Mode standard O Muttilink PPPoE Ethernet Interface Belect one Ml User Name Fa o Password Ea Always on DEnabled Connection Idle Timeout ano Seconds pl ows seal ces IP Address Mode i Ostatic et P address E Default Route Enabled Create NAT Policy Menablea Advanced Settings Block after connection failure for 60 Seconds Maximum Number of Dialup Retries 115 Authentication PAPO DNS Negotiation T Enabled Prioritize TCP ACK Packets Cenabled LCP Alive check o Denabied 5 dl 1 C oK Cancel Fig 107 WAN gt Internet Dialup gt PPPoE gt New The WAN gt Internet Dialup gt PPPoE gt New menu consists of the following fields Fields in the PPPoE Basic Parameters menu bintec WLAN and Industrial WLAN 15 WAN Funkwerk Enterprise Communications GmbH Field Description Description Enter a name to uniquely identify the PPPoE partner The first character in this field must not be a number and no special characters or umlauts must be used PPPoE Mode Select whether you want to use a standard Internet connection over PPPoE Standard or your Inte
117. Advanced Settings PKI Handling Options menu Field Description Ignore Certificate Re Select whether certificate requests received from the remote quest Payloads end during IKE phase 1 are to be ignored The function is activated with Enabled The function is disabled by default Send Certificate Re Select whether certificate requests are to be sent during IKE quest Payloads phase 1 The function is activated with Enabled The function is enabled by default Send Certificate Chains Select whether complete certificate chains are to be sent during IKE phase 1 The function is activated with Enabled Field Description The function is enabled by default Deactivate this function if you do not wish to send the peer the certificates of all levels from your level to the CA level Send CRLs Select whether CRLs are to be sent during IKE phase 1 The function is activated with Enabled The function is disabled by default Send Key Hash Pay Select whether key hash payloads are to be sent during IKE loads phase 1 In the default setting the public key hash of the remote end is sent together with the other authentication data Only applies for RSA encryption activate this function with Enabled to sup press this behaviour 16 2 L2TP The layer 2 tunnel protocol L2TP enables PPP connections to be tunnelled via a UDP connection Your bintec device supports the following two modes e L2TP LNS Mode L2TP Netwo
118. Apply J Discovery Status ma Interface Status _ bro Discovery Initiate Funkwerk Discovery Interface Al w z o A a EA ypPE a SS ee 1 Interface Node Name IP Address Mask 5 MAC Address Last Write Result E aaah KR oro wi3040 192 168 0 252 255 255 255 0 90 01 cd 06 1a b4 No error el bro w1002n 10 0 0 233 255 255 255 0 00 01 cd 0e 8f 04 No error 15 eee Chissever gt DHCP Server Scheduling Fig 150 Local Services gt Funkwerk Discovery gt Device Discovery If access points were discovered in the network they are displayed in the list You use the button to go to the configuration menu for the access point bintec WI1040n wi10400 Funkwerk Discovery lotSpot Gateway View Standard v Basic Parameters N Interface MAC Address Node Name IP Address Netmask Gateway Authentication Password Last Write Result Online Help Logout Device Discovery Options bro 00 01 cd 06 1a b4 wi3040 192 168 0 252 255 255 255 0 0 0 0 0 No error q OK Cancel Fig 151 Local Services gt Funkwerk Discovery gt Device Discovery gt The Local Services gt Funkwerk Discovery gt Device Discovery gt g menu consists of the following fields Fields in the Device Discovery Basic Parameters Field Description Interface MAC Address Node Name IP Address
119. Client Fields in the Advanced Settings Access Client Mode menu bintec WLAN an Funkwerk Enterprise Communications GmbH 12 Wireless LAN Field Description Scan channels Choose the channels which the WLAN client automatically scans for available wireless networks Possible values e Ali default value All channels are scanned e Auto The channel is automatically selected e User Defined The desired channels can therefore be defined Roaming Profile Select the roaming profile The options available include typical roaming functions Possible values e Fast Roaming The WLAN client searches for available wireless networks as soon as the radio signal of the existing radio connection becomes unsuitable for higher data rates e Normal Roaming default value Standard roaming e Slow Roaming The WLAN client searches for available wireless networks as soon as the radio signal of the existing radio connection becomes weaker e No Roaming The WLAN client searches for available wire less networks if it is no longer connected to a wireless net work e Custom Roaming Specify the individual roaming paramet ers Scan Threshold Indicates the value in dBm above which the system scans for available wireless networks in the background The value can only be changed for Roaming Profile Custom Roaming The default value is 70 dBm Scan Interval Indicates the interval in milliseconds after which the system scans for ava
120. Communications GmbH Port Number 129 Portforwardings 217 Positive Cache 325 PPPoE Ethernet Interface 255 PPPoE Interfaces for Multilink 255 PPPoE Mode 255 PPTP Address Mode 262 PPTP Inactivity 314 PPTP Interface 260 PPTP Passthrough 217 Preshared Key 159 163 166 175 201 270 Primary 324 324 Primary DHCP Server 343 Priorisation algorithm 247 Priorisation queue 250 Prioritize TCP ACK Packets 258 262 299 Priority 103 108 250 309 Privacy 163 175 Propagate PMTU 284 Proposals 275 282 Protocol 219 242 318 337 376 Protocol Header Size below Layer 3 247 Provider 335 Provider Name 337 Proxy ARP 135 273 Proxy ARP Mode 301 Proxy Interface 239 PVID 139 Q QoS Queue 411 Query Interval 237 Queued 411 Queues Policies 247 R RA Encrypt Certificate 115 RA Sign Certificate 115 RADIUS Dialout 105 RADIUS Password 103 Index RADIUS Server 201 RADIUS Server Group ID 286 Rate 403 405 407 Real Time Jitter Control 247 Receive Version 224 Received DNS Packets 332 Received MPDUs that couldn t be de crypted 397 Recent System Logs 77 Recipient 382 Region 177 185 Remote Configuration 174 Remote Device Name 176 Remote GRE IP Address 304 Remote Hostname 293 Remote ID 391 Remote IP 129 Remote IP Address 294 390 Remote Link Description 176 Remote Link Enabled 176 Remote MAC 401 403 404 405 Remote MAC Address 165 175 176 Remote Networks 390 Remote Port 391
121. DHCP Server gt DHCP Relay Settings The Local Services gt DHCP Server gt DHCP Relay Settings menu consists of the fol lowing fields Fields in the DHCP Relay Settings Basic Parameters menu Field Description Primary DHCP Server Enter the IP address of a server to which BootP or DHCP re quests are to be forwarded Secondary DHCP Serv Enter the IP address of an alternative BootP or DHCP server er 18 5 Scheduling Your device has a event scheduler which enables certain standard actions activation or deactivation of interfaces to be carried out on a time dependent basis Cr Note To run the event scheduler the date configured on your device must be 1 1 2000 or later bintec WLAN and Industrial WLAN 18 5 1 Schedule In the Local Services gt Scheduling gt Time Schedule menu a list of all scheduled tasks is shown 18 5 1 1 New Choose the New button to set up new tasks F al r Xaa WI1040n Language English View Standard Online Help Logout wii040n lt Time Schedule Options Basic Parameters Description ae Action Select action Reboot device Select time interval 5 Condition Type Condition Settings O Weekday me Time Condition Periods 3 ODay of Month Daly m Start Time Hour Mime C OK cancel Funkwerk Discovery HotSpot Gateway Fig 144 Local Services gt Schedu
122. Description Displays the name of the client link you configured Action Start the scan by clicking on Scan If the antennas are installed correctly on both sides and LOS is free the client finds available clients and displays them in the following list If the partner client cannot be found check the line of sight and the antenna installation Then carry out the Scan again The partner should then be found AP MAC Address Shows the MAC address of the remote client Network Name SSID Displays the name of the remote client Channel Shows the Channel used Mode Shows the security mode encryption and authentication for the wireless network bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 12 Wireless LAN Field Description Signal Displays the signal strength of the detected client link in dBm Connected Displays the status of the link on your client Action You can change the status of the client link The available ac tions are displayed in this field 12 1 5 Bridge Links If you operate your device in bridge mode Wireless LAN gt WLAN gt Radio Settings gt p gt Operation Mode Bridge you can set up and edit the desired bridge links in the Wireless LAN gt WLAN gt Bridge Links gt gt New menu With the bridge function you can for example make a wireless connection between a bintec W1002n and one or more other bintec W1002n devices The range of these wire less connec
123. Filter Basic Parameters menu Field Description Interface Select the interface to which the rule to be configured applies IP Address Netmask Enter the IP Address and netmask to which the rule is to be ap plied This address can be in the LAN or WAN The rules for incoming and outgoing RIP packets import or ex port for the same IP address must be separately configured You can enter individual host addresses or network addresses Direction Select whether the filter applies to the export or import of routes Possible values e Import default value e Export bintec WLAN and Industrial WLAN Field Description Metric Offset for Active Select the value to be added to the route metric if the status of Interfaces the interface is up During export the value is added to the ex ported metric if the interface status is up Possible values are 16 to 16 The default value is 0 Metric Offset for Inactive Select the value to be added to the route metric if the status of Interfaces the interface is dormant During export the value is added to the exported metric if the interface status is dormant Possible values are 16 to 16 The default value is 0 14 3 3 RIP Options Wi 040n jim Engli View Standard wil040 7 a j Save configuration RIP Interfaces RIP Filter RIP Options E cc 5 len ae Physicalinterfaces Global RIP Parameters RIP UDP Po
124. Funkwerk Enterprise Communications GmbH 6 Technical data Property Value W x Lx H Weight approx 430 g LEDs 4 1x Status 1x WLAN 2x Ethernet Power consumption of the device 5 10 Watt depending on extensions Voltage supply External switched mode power supply 12 V DC 1 25 A PoE on Ethernet 1 Class 0 insulated with one WLAN module Environmental requirements Storage temperature 10 to 70 C Operating temperature 0 to 40 C Relative atmospheric humidity 10 to 95 non condensing Room classification Only use in dry rooms Available interfaces Serial interface V 24 Permanently installed supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Ethernet IEEE 802 3 LAN 2 port switch Permanently installed twisted pair only 10 100 mbps autosensing MDIX Available sockets Serial interface V 24 9 pin Sub D connector Ethernet interface RJ45 socket Antennas Antenna connection RTNC socket Transmit Power max 100 mW 20 dBm EIRP Receiver sensitivity 2 4 GHz 802 11b g 1 Mbit s 91 dBm 2 Mbit s 90 dBm 5 5 Mbit s 89 dBm 11 Mbit s 88 dBm 6 Mbit s 90 dBm 9 Mbit s 89 dBm 12 Mbit s 88 dBm 18 Mbit s 86 dBm 24 Mbit s 83 dBm 36 Mbit s 80 dBm 48 Mbit s 76 dBm 54 Mbit s 74 dBm 2 4 GHz 802 11n 20 MHz MSCO 89 dBm MSC1 87 dBm MCS2 85 dBm MCS3
125. GHz Radio Profile is set then the 5 GHz frequency band is used 13 1 3 Wireless Networks All of the configured wireless networks VSS are displayed in the list At least one wireless network VSS is set up This entry cannot be deleted Click on pto edit an existing entry You can also delete entries with the aid of il With Add you can create new entries You can create up to eight wireless networks VSS for a wireless module Note If you wish to use the default wireless network that is set up then you must at least change the Preshared Key parameters Otherwise you will be prompted 13 1 3 1 Change or add wireless networks Click on to edit an existing entry With Add you can create new entries The following parameters are available Network Name SSID Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Also select whether the Network Name SSID is to be transmitted with the Visibleop tion Security Mode Select the security mode encryption and authentication for the wireless network Note WPA Enterprise refers to 802 11x Transmit Key Enter a transmission key for Security Mode WEP 40 or WEP 104 Select one of the keys configured in WEP Key lt 1 4 gt as the default key WEP Key 1 4 Enter a WEP key for Security Mode WEP 40 or WEP 104 Note Enter a character string with the right number of characters for the selected WEP mode For WEP 40 you need
126. H 15 WAN Field Description The function is activated with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Only if Always on is disabled Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Fields in the PPPoE IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Get IP Address default value Your device is dynamic ally assigned an IP address e Static You enter a static IP address Default Route Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is enabled by default Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is activated with Enabled 15 WAN Funkwerk Enterprise Communications GmbH Field Description The function is enabled by default Local IP Address Only if IP Address Mo
127. If you do not want to save a newly configured list entry cancel Cancel E l ATA this and any settings made by pressing Cancel F Ha A Confirms the settings of a new entry and the parameter A changes in a list ot A y Immediately starts the configured action WU 3 Calls the the sub menu to create a new entry Inserts an entry in an internal list Add Funkwerk Configuration Interface buttons for special functions Button Function l Discover In the Access Point Search menu you use this button to start bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 7 Access and configuration Button Function automatic detection of all the access points available and con nected by Ethernet in the network In the System Management gt Certificates gt Certificates Import c and the System Management gt Certificates gt CRLs menus this button opens the sub menus for configuring the certificates or CRL imports ET que st In the System Management gt Certificates gt Certificates menu this button opens the sub menu for the configuration of the certificate request In the Surveillance gt ISDN Modem gt Current Calls menu clicking on this button ends the active calls selected in the column mh Various icons indicate the following possible actions or statuses Release Call Funkwerk Configuration Interface symbols Deletes the list entry Displays the menu for changing t
128. LAN Funkwerk Enterprise Communications GmbH 13 Wireless LAN Controller Field Description The function is enabled by default ARP Processing Select whether the ARP processing function should be enabled The ARP data traffic is reduced in the network by the fact that ARP broadcasts that have been converted to ARP unicasts are forwarded to IP addresses that are known internally Unicasts are quicker and clients with an enabled power save function are not addressed The function is activated by choosing Enabled The function is disabled by default Make sure that ARP processing cannot be applied together with the MAC bridge function WMM Select whether voice or video prioritisation via WMM Wireless Multimedia is to be activated for the wireless network so that optimum transmission quality is always achieved for time critical applications Data prioritisation is supported in accordance with DSCP Differentiated Services Code Point or IEEE802 1d The function is activated by choosing Enabled The function is enabled by default Max Clients Enter the maximum number of clients that can be connected to this wireless network SSID The maximum number of clients that can register with a wire less module depends on the specifications of the respective WLAN module This number can be shared across all con figured wireless networks If the maximum number of clients is reached no more new wireless networks can be created and a warning
129. LAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 19 Maintenance You use the traceroute test to display the route to a particular address IP address or do main name if this can be reached The Output field shows the traceroute test messages The traceroute test is started by entering the address to be tested in Traceroute Address and clicking on the Go button 19 2 Software amp Configuration 19 2 1 Options You can use this menu to manage the software version of your device your configuration files and the language of the Funkwerk Configuration Interface Your device contains the version of the system software available at the time of production More recent versions may have since been released You may therefore need to carry out a software update Every new system software includes new features better performance and any necessary bugfixes from the previous version You can find the current system software at www funkwerk ec com The current documentation is also available here Important If you want to update your software make sure you consider the corresponding re lease notes These describe the changes implemented in the new system software The result of an interrupted update e g power failure during the update could be that your gateway no longer boots Do not turn your device off during the update An update of BOOTmonitor and or Logic is recommended in a few cases In this case the release no
130. List gt New The Firewall gt Addresses gt Address List gt New menu consists of the following fields Fields in the Address List Basic Parameters menu Field Description Description Enter the desired description of the address Address Type Select the type of address you want to specify Possible values e Address Subnet default value Enter an IP address with subnet mask bintec WLAN and Industrial WLAN Field Description e Address Range Enter an IP address range with a start and end address Address Subnet Only if Address Type Address Subnet Enter the IP address of the host or a network address and the related netmask The default value is 0 0 0 0 Address Range Only if Address Type Address Range Enter the start and end IP address of the range 173 2 Groups In the Firewall gt Addresses gt Groups menu a list of all configured address groups is shown You can group together addresses This makes it easier to configure firewall rules 17 3 2 1 New Choose the New button to set up new address groups WI1040n View Standard Online Help Logout wit04on pesa Address List Groups Basic Parameters Description Selection C OK pine Cancel Fig 130 Firewall gt Addresses gt Groups gt New bintec WLAN and Industrial WLAN The Firewall gt Addresses gt Groups gt New menu consists of
131. MAC Address 168 406 407 Apply QoS 309 ARP Processing 158 200 Assigned Wireless Networks VSS 190 Authentication 258 262 299 Authentication for PPP Dialin 111 Funkwerk Enterprise Communications GmbH Authentication Method 275 391 Authentication Password 357 Authentication Type 103 108 Autosave Mode 119 Back Route Verify 215 273 Bandwidth 144 193 Based on Ethernet Interface 133 Baudrate 127 Beacon Period 150 196 Block after connection failure for 258 262 299 Block Time 109 279 blocked 253 BOSS 371 BOSS Version 76 Bridge Link Description 174 176 404 405 Burst Mode 148 195 Burst size 250 Byte Count 129 Bytes 391 C CA Certificate 115 CA Certificates 279 Cache Hitrate 332 Cache Hits 332 Cache Size 325 CAPWAP Encryption 188 Certificate is CA Certificate 113 Certificate Request Description 115 Certificate Revocation List CRL Checking 113 Channel 144 168 190 Channel Plan 150 196 Channel Sweep 152 Class ID 245 250 Class map 245 Clear Serial RX Buffer 130 Clear Serial TX Buffer 130 Client Link Description 168 406 Funkwerk Enterprise Communications GmbH Client Mode 144 Code 318 Common Name 117 Compression 97 Configuration Encryption 371 Configuration Interface 91 Configured Speed Mode 125 Confirm Admin Password 81 Connected 168 176 Connection Idle Timeout 255 260 297 Connection State 242 Connection Type 297 Consider 232 Contact 79
132. N
133. Options In this menu you can enable and disable IGMP on your system You can also define whether IGMP is to be used in compatibility mode or only IGMP V3 hosts are to be accep ted bintec WLAN and Industrial WLAN i Language English View Standard w Online Help Logout Forwarding IGMP Options Cup ODown Auto Compatibility Mode O version 3 only Maximum Groups 64 Maximum Sources 64 IGMP State Limit 0 Messages per Second OK JC cancel Fig 103 Routing gt Multicast gt Options The Routing gt Multicast gt Options menu consists of the following fields Fields in the Options Basic Settings menu Field Description IGMP Status Select the IGMP status Possible values auto default value Multicast is activated automatically for hosts if the hosts open applications that use multicast e Active Multicast is always on e Down Multicast is always off Mode Only for IGMP Status Active or Auto Select Multicast Mode Possible values e Compatibility Mode default value The router uses IG MP version 3 If it notices a lower version in the network it uses the lowest version it could detect e Version 3 only Only IGMP version 3 is used Maximum Groups Enter the maximum number of groups to be permitted both in bintec WLAN and Industrial WLAN Field Description ternally and in reports Maximum Sources Enter the maxim
134. P 3 Software Update via XMODEM 4 Delete Configuration 5 Default Bootmonitor Parameters 6 Show System Information Your Choice gt _ Fig 31 BOOTmonitor After display of the BOOTmonitor prompt press the space bar within four seconds to use the functions of the BOOTmonitor If you do not make an entry within four seconds the device changes back to normal operating mode ES Note If you change the baud rate the preset value is 9600 baud make sure the terminal program used also uses this baud rate If this is not the case you will not be able to establish a serial connection to the device bintec WLAN and Industrial WLAN Chapter 8 Assistants The Assistants menu offers step by step instructions for the following basic configuration tasks e First steps e Internet access e VPN e Wireless LAN e VoIP PBX in LAN Choose the corresponding task from the navigation bar and follow the instructions and ex planations on the separate pages of the Assistant bintec WLAN and Industrial WLAN Chapter 9 System Management The System Management menu contains general system information and settings You see a system status overview Global system parameters such as the system name date time passwords and licences are managed and the access and authentication meth ods are configured 9 1 Status If you log into the Funkwerk Configuration Interface your device s status page is dis played which shows the most
135. P CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e PAP CHAP MS CHAP Primarily run CHAP on denial then the authentication protocol required by the connection partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only e None Some providers use no authentication In this case se lect this option DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server from the connection partner or sends these to the connection partner The function is activated with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default LCP Alive Check Check whether the reachability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a backup connection more quickly in the event of line faults The function is activated with Enabled The function is disabled by default 15 1 2 PPTP In the WAN gt Internet Dialup gt PPTP menu a list of all PPTP interfaces is shown In this menu you configure an Internet connection that uses the Point Tunnelling Prot
136. P server assigned to your device Without DHCP server e With direct connection to the configuration PC the fallback IP address 192 168 0 252 e The fixed IP address assigned via the Dime Manager Press the Enter Return key b Enter admin in the User field and funkwerk in the Password field bintec WLAN and Industrial WLAN 4 Basic configuration Funkwerk Enterprise Communications GmbH 4 5 Modify system password All bintec devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthorised use Make sure you change the passwords to prevent unauthorised access to your device Proceed as follows a Go to System Management gt Global Settings gt Passwords b Enter a new password under System Admin Password Enter the new password again under Confirm Admin Password c d Click OK e Save the configuration by clicking on the Save Configuration button above the menu navigation Note the following rules on password use e The password must not be easy to guess Names car registration numbers dates of birth etc should not be chosen as passwords e The password should contain at least one character that is not a letter special character or number e The password should be at least 8 characters long e Change your password regularly e g every 90 days 4 6 Setting up a wireless network If you run your
137. PSec gt IP Pools gt Add The VPN gt IPSec gt IP Pools gt Add menu consists of the following fields Fields in the Options IP Pools menu Field Description IP Pool Name Enter the name of the IP pool IP Pool Range In the first field enter the first IP address of the range In the second field enter the last IP address of the range bintec WLAN and Industrial WLAN 16 1 6 Options WI1040n P View Standard Online Help Logout wit04on e IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Global Options A Enable IPSec Enabled Delete complete IPSec configuration fil E IPSec Debug Level E Debug Advanced Settings Send initial Contact Message Enabled o me O o Se SAS with ISP interface state o roe z j Use Zero Cookies I Enabled Dynamic RADIUS Authentication Denabled PKI Handing Options g o Ignore Certificate Request Payloads DEnabled send Certificate R guest P yicads E Enabled Send Certificate Chains Mnablea Send CRLs Denabiea Send Key Hash Payloads v ai E OK j Cancel 5 Fig 119 VPN gt IPSec gt Options The VPN gt IPSec gt Options menu consists of the following fields Fields in the Options Global Options menu Field Description Enable IPSec Select whether you want to
138. S server configured in this entry is to be used Funkwerk Enterprise Communications GmbH 9 System Management Field Value The function is activated by choosing Enabled The function is enabled by default Group Description Define a new RADIUS group description or assign the new RA DIUS entry to a predefined group The configured RADIUS servers for a group are queried according to priority and policy Possible values e New Enter a new group description in the text field e Default Group O default value Select this entry for spe cial applications such as Hotspot Server configuration e lt Group Name gt Select a predefined group from the list The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Value Policy Select how your device is to react if a negative response to a re quest is received Possible values e Authoritative default value A negative response to a request is accepted e Non authoritative A negative response to a request is not accepted A request is sent to the next RADIUS server un til your device receives a response from a server configured as authoritative UDP Port Enter the UDP port to be used for RADIUS data RFC 2138 defines the default ports 1812 for authentication 1645 in older RFCs and 1813 for accounting 4 180 84 cm older RFCs You can obtain the port to be used from the docu mentation for your RADIUS server The defau
139. Sec connection al A r E z WI1040n Logout EM ll ses wos Save configuration IPSec Tunnels IPSec Statistics PhystcalinterfaceS T Automatic Refresh interval 300 Seconds Apply Ce ener WirelessLAN ov Description Peer 1 Wireless LAN Controller y Local IP Address 0 0 0 0 Es A Remote IP Address 0 0 0 0 Oe Local iD Remote 0 es Soo0taton Tyne LocalSenices uT Authentication Method MTU 1418 p Alive Check A Sac J En IS Packets 0 0 Internal Log Bytes o Eet tmp Errors 0 Interfaces Interfaces 5 Ww Messages 0 Bridges HotSpot Gateway Qos Fig 171 Monitoring gt IPSec gt IPSec Tunnel gt Values in the list IPSec Tunnels Field Description Description Shows the description of the peer Local IP Address Shows the WAN IP address of your device Destination IP Address Shows the WAN IP address of the connection partner Local ID Shows the ID of your device for this IPSec tunnel bintec WLAN and Industrial WLAN Field Description Remote ID Shows the ID of the peer Negotiation Type Shows the exchange type Authentication Method Shows the authentication method MTU Shows the current MTU Maximum Transfer Unit Alive Check Shows the method for checking that the peer is reachable NAT Detection Displays the NAT detection method Local Port Shows the local port Remote Port Shows the remote port Packets Shows the total number of incoming and outgoing pa
140. Software menu Field Description BOSS Shows the current software version loaded on your device Shows the current system logic loaded on your device System Logic SHDSL Logic Shows the current version of the SHDSL logic loaded on your device ADSL Logic Shows the current version of the ADSL logic loaded on your device Fields in the Options Software and Configuration Options menu Field Description Action Select the action you wish to execute After each task a window is displayed showing the other steps that are required Possible values e No Action default value bintec WLAN and Industrial WLAN 19 Maintenance Funkwerk Enterprise Communications GmbH Field Description e Import configuration Under Filename select a config uration file you want to import Note Click Go to load the file under the name boot in the flash memory for the device You must restart the device to enable it Note The files to be imported must be in CSV format e Import language You can import other language versions of the Funkwerk Configuration Interface into your device You can download the files to your PC from the download area at www funkwerk ec com and from there import them to your device e Update system software you can start an update of the system software the ADSL logic and the BOOTmonitor e Export configuration The configuration file Current fi lename in flash memory is transferred to your local host
141. TH Profiles x i 202 2 o td EE a E EOR 285 16 1 5 IP POOIS 2725 See cia a a A e a a Dy Ra a E 288 16 1 6 OPS vis 4 E A ee Bee ek 289 16 2 ESTATE ula o rt e a A Bathe oN a e 292 16 2 1 Tunnel Profil s Len cio oo Bees sl dd as dl 292 16 2 2 USOS ia a te Gee SO a a AN oid ee a 296 16 2 3 OPTIONS la a E A A tae nee ete a 302 16 3 GRE e a a O nk a SD tS 303 16 3 1 GRE Tunnels aeta iar a i i i E e aaia Ba t as 303 Chapter 17 Firewall 3234 a SR Be Bh A a 306 171 POGIES wie sch 0 ace E A t EE e ai 307 17 1 1 Filter RUES acc foe a a a ed a a wal Oi ae ald 308 17 1 2 QOS fos ates A ds ld canes fee ha aa eerie tact 311 17 1 3 OptionS 2 4 se Boe Boe Boe we oe A ee wk a 313 bintec WLAN and Industrial WLAN 17 2 Interfaces o472 a By a ete SY see te FO pls een ay 315 17 2 1 Groups we ce NN 315 17 3 AdJArESSOS ii a rd card on nat de I 316 17 3 1 Address Listin qt dr a o O ma ld he 316 17 3 2 GLOUPS 3 5 Paci do e oh ote to e jac eh cies Ge oh ale ah Bere Baten E 317 17 4 Services a 318 17 4 1 Service ists y E da a e o kt n od 318 17 4 2 TOPS 4 Said B19 AOR e AI Ee ela Sez 320 Chapter 18 LOGAN SETVICES teca e doe bie Mel etoile ana 322 18 1 DINGS ug ook a SE ON deta eR ia e 322 18 1 1 Global SettingS ito eda Sen hd i ate a ee 324 18 1 2 Static HOSIS nas a A eee So ee TOA ee Dee A 327 18 1 3 Domain Forwarding 2 a o o 328 18 1 4 Caches am id a DN A Bake o RA EA eS 33
142. Version Select the SNMP version your device is to use to listen for ex ternal SNMP accesses Possible values e v1 SNMP Version 1 e v2c Community Based SNMP Version 2 e v3 SNMP Version 3 v1 v2c and v3 are active by default If no option is selected the function is deactivated SNMP Listen UDP Port Shows the UDP port 161 at which the device receives SNMP requests The value cannot be changed Tip If your SNMP Manager supports SNMPv3 you should if possible use this version as older versions transfer all data unencrypted 9 5 Remote Authentication This menu contains the settings for user authentication 9 5 1 RADIUS RADIUS Remote Authentication Dial In User Service is a service that enables authentica tion and configuration information to be exchanged between your device and a RADIUS server The RADIUS server administrates a database with information about user authen tication and configuration and for statistical recording of connection data RADIUS can be used for e Authentication e Accounting Exchange of configuration data For an incoming connection your device sends a request with user name and password to bintec WLAN and Industrial WLAN 9 System Management Funkwerk Enterprise Communications GmbH the RADIUS server which then searches its database If the user is found and can be au thenticated the RADIUS server sends corresponding confirmation to your device This con f
143. WLAN Funkwerk Enterprise Communications GmbH 15 WAN Field Description If you want to use an external DSL modem select the Ethernet port to which the modem is connected When using the internal DSL modem select here the EthoA in terface e g ethoa50 0 configured for this connection in Physical Interfaces gt ATM gt Profiles gt New The default value is Not specified User Name Enter the user name Password Enter the password Always on Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Only if Always on is disabled Enter the idle interval in seconds This determines how many seconds should pass between sending the last traffic data pack et and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the timeout The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Fields in the PPTP IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Get IP Address default value Your device is automatic 15 WAN Funkwerk Enterprise Communications GmbH Field Description ally assigned a tempora
144. according to 802 11n e 802 119 The device operates only in accordance with 802 119 802 11b clients have no access e 802 11b Your device operates only in accordance with 802 11b and forces all clients to adapt to it e 802 11 mixed b g Your device adapts to the client technology and operates according to either 802 11b or 802 119 e 802 11 mixed long b g Your device adapts to the cli ent technology and operates according to either 802 11b or 802 11g Only a data rate of 1 and 2 mbps needs to be sup ported by all clients basic rates This mode is also needed for Centrino clients if connection problems occur e 802 11 mixed short b g Your device adapts to the client technology and operates according to either 802 11b or 802 119 The following applies for mixed short The data rates 5 5 and 11 mbps must be supported by all clients basic rates For Frequency Band 5 GHz Indoor 5 GHz Outdoor 5 GHz In Outdoor 0r5 8 GHz Outdoor 13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description Possible values e 802 11 a n Your device operates according to either 802 11a or 802 11n e 802 11n Your device operates only according to 802 11n e 802 11a The device operates only in accordance with 802 11a Max Transmission Rate Select the transmission speed Possible values e Auto default value The transmission speed is determined automatically e lt Value gt Depending on the se
145. activate IPSec The function is activated with Enabled The function is active as soon as an IPSec Peer is configured Delete complete IPSec If you click the icon delete the complete IPSec configuration configuration of your device This cancels all settings made during the IPSec configuration Once the configuration is deleted you can start with a com pletely new IPSec configuration You can only delete the configuration if Enable IPSec Not activated bintec WLAN and Industrial WLAN 16 VPN Funkwerk Enterprise Communications GmbH Field Description IPSec Debug Level Select the priority of the syslog messages of the IPSec subsys tem to be recorded internally Possible values e Emergency highest priority e Alert O ies eal Gul Error e Warning e Notice e Information e Debug default value lowest priority Syslog messages are only recorded internally if they have a higher or identical priority to that indicated e all messages generated are recorded at syslog level debug The Advanced Settings menu is for adapting certain functions and features to the special requirements of your environment i e mostly interoperability flags are set The default val ues are globally valid and enable your system to work correctly to other bintec devices so that you only need to change these values if the remote terminal is a third party product or you know special settings are necessary These may be needed for
146. ad greyed out and cannot be selected Important Please look at the messages displayed in the sub menus These provide information on any incorrect configurations Warning symbols Icon Meaning O This symbol appears in messages referring you to settings that were made with the Setup Tool A This symbol appears in messages referring you to the fact that values were entered or selected incorrectly Pay particular attention to the following message Warning Changes not supported by the Setup Tool If you change them with the Funkwerk Configuration Interface this can cause inconsistencies or malfunctions Therefore it is recommended that the configuration is continued with the Setup Tool Funkwerk Enterprise Communications GmbH 7 Access and configuration 7 3 1 3 Funkwerk Configuration InterfaceMenus The configuration options of your device are contained in the sub menus which are dis played in the navigation bar in the left hand part of the window En Note Please note that not all devices have the full range of functions Check the software of your device on the corresponding product page under www funkwerk ec com The Funkwerk Configuration Interface contains the following menus Assistants First steps Internet access VPN Wireless LAN VolP PBX in LAN System Management In this menu you can make the basic settings that are required to add your gateway to your local network LAN The wizar
147. age 1 tems 1 1 j OK JC Cancel Fig 92 Routing gt NAT gt NAT Interfaces For each NAT interface you can select the options NAT Active Silent Deny and PPTP Passthrough In addition Port forwardings displays how many port forwarding rules were configured for this interface Options in the menu NAT Interfaces Field Description NAT active Select whether NAT is to be activated for the interface The function is disabled by default Silent Deny Select whether IP packets are to be silently denied by NAT If this function is deactivated the sender of the denied IP packet is informed by means of an ICMP or TCP RST message The function is disabled by default PPTP Passthrough Select whether the setup and operation of several simultan eous outgoing PPTP connections from hosts in the network are also to be permitted if NAT is activated The function is disabled by default lf PPTP Passthrough is enabled the device itself cannot be configured as a tunnel endpoint bintec WLAN and Industrial WLAN Field Description Portforwardings Shows the number of portforwarding rules configured in Rout ing gt NAT gt Portforwarding 14 2 2 NAT Configuration In the Routing gt NAT gt NAT Configuration menu you can exclude data from NAT ina simple and convenient manner You can configure var ious NAT methods You can de termine how an external host establishes a con nection to an internal host ref
148. ages occur In this menu you configure whether the device is to listen for external SNMP accesses and send SNMP traps In this menu you configure the surveillance of your device with the Windows Tool Activity Monitor component of BRICKware for Windows Internal Log IPSec Interfaces In this menu the system messages are displayed In this menu the IPSec connections and connection statistics that are currently active are displayed In this menu connection statistics and status of all interfaces are displayed 7 Access and configuration Funkwerk Enterprise Communications GmbH WLAN This menu shows you the WLAN connections statistics Bridges In this menu you can view the current values of the configured bridges Hotspot Gateway This menu shows a list of all bintec Hotspot users QoS In this menu statistics are displayed for all interfaces for which QoS has been configured 7 3 2 SNMP shell SNMP Simple Network Management Protocol is a protocol that defines how you can ac cess the configuration settings All configuration settings are stored in the MIB Management Information Base in the form of MIB tables and MIB variables You can access these directly from the SNMP shell via SNMP commands This type of configuration requires a detailed knowledge of our devices 74 BOOTmonitor The BOOTmonitor is only available over a serial connection to the device The BOOTmonitor provides the following functions wh
149. all the configuration tasks easily and conveniently It is integrated in your device and is available in English If re quired other languages can be downloaded from the download area of www funkwerk ec com and installed on your device The settings you make with the Funkwerk Configuration Interface are applied with the OK or Apply button of the menu and you do not have to restart the device If you finish the configuration and want to save your settings so that they are loaded as the boot configuration when you reboot your device save these by clicking the Save configur ation button You can also use the Funkwerk Configuration Interface to monitor the most important function parameters of your device wizoaon o E E f Automatic Refresh Interval 300 Seconds Apply Staus O Waring system Password not changed 5 mmmn ME a a N N F g 1face Mode Bridge TN i mms R Uptime 9 Dayis 19 Hour s 47 Minute s Administrative Access System Date Tue Feb 17 02 17 46 2004 Remote Authentication Serial Number WN2DJC010290024 Boss version V 7 9 Rev 6 IPSec from 2010 09 30 00 00 00 Resource mtormaton SS CPU Usage pow Memory Usage 21 7 31 9 MB 67 Temperature Current 40 C Min 36C Max 46 C Active Sessions SIF RTP etc 0 ween _ epee Bsr _ Interface Specifics SS
150. an access point nothing less than a VLAN aware switch with the enhancement of grouping clients into VLAN groups In general VLAN segmenting can be configured with all interfaces bintec WLAN and Industrial WLAN Standard LAN VLAN Segmentation EE GEER VLAN VLAN VLAN Manage Develop Public ment ment Wireless LAN 1 Wireless LAN 2 Fig 56 VLAN segmenting VLAN for Bridging and VLAN for Routing In the LAN gt VLAN menu VLANs virtual LANs are configured with interfaces that oper ate in bridging mode Using the VLAN menu you can make all the settings needed for this and query their status i Caution For interfaces that operate in Routing mode you only assign a VLAN ID to the inter face You define this via the parameter Interface Mode VLAN and the VLAN ID field in the LAN gt IP Configuration gt Interfaces gt New menu bintec WLAN and Industrial WLAN 11 2 1 VLANs In this menu you can display all the VLANs already configured edit your settings and cre ate new VLANs By default the Management VLAN is available to which all interfaces are assigned 11 2 1 1 Edit New Choose the o icon to edit existing entries Choose the New button to configure other VLANs wit 040n Language English View Standard Online Help Logout 11040n yal o z b VLANs Port Configuration Administration Configure VLAN VLAN Identifier f VLAN Name s Pdo VLAN Me
151. anced Settings Channel Plan Userdefined User Defined Channel Plan Beacon Period DTIM Period RTS Threshold Short Guard Interval Short Retry Limit Long Retry Limit Fragmentation Threshold OK JC cancel Fig 83 Wireless LAN Controller gt Slave AP Configuration gt Radio Profiles gt p New The Wireless LAN Controller gt Slave AP Configuration gt Radio Profiles gt p New menu consists of the following fields Fields in the Radio Profiles Radio Profile Definition Field Description Description Enter the desired description of the wireless module profile Operation Mode Define the mode in which the wireless module profile is to be operated bintec WLAN and Industrial WLAN 13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description Possible values e off default value The wireless module profile is not active e Access Point Your device is used as an access point in your network Operation Band Select the frequency band of the wireless module profile Possible values e 2 4 GHz In Outdoor default value Your device is oper ated at 2 4 GHz mode 802 11b mode 802 11g and mode 802 11n inside or outside buildings e 5 GHz Indoor Your device is operated at 5 GHz mode 802 11a h and mode 802 11n inside buildings e 5 GHz Outdoor Your device is operated at 5 GHz mode 802 11a h and mode 802 11n outside bui
152. arameters menu Field Description Description Enter a description for the current profile The device automatically names the profiles 127P and numbers them but the value can be changed Enter the host name for LNS or LAC Local Hostname e LAC The Local Hostname is used in outgoing tunnel setup messages to identify this device and is associated with the Remote Hostname of a tunnel profile configured on the LNS These tunnel setup messages are SCCRQs Start Control Connection Request sent from the LAC and SCCRPs Start Control Connection Reply sent from the LNS e LNS Is the same as the value for Remote Hostname of the incoming tunnel setup message from the LAC bintec WLAN and Industrial WLAN 16 VPN Funkwerk Enterprise Communications GmbH Field Description Enter the host name of the LNS or LAC Remote Hostname e LAC Defines the value for Local Host Name of the LNS contained in the SCCRQs received from the LNS and the SCCRPs received from the LAC The Local Hostname con figured in the LAC must match the Remote Hostname con figured for the intended profile in the LNS and vice versa e LNS Defines the Local Host Name of the LAC If the Re mote Hostname field remains empty on the LNS the related profile qualifies as the standard entry and is used for all in coming calls for which a profile with a matching Remote Hostname can be found Password Enter the password to be used for tunnel authentication Au thenti
153. are of the total data rate handled by the interfaces The current data rate based on the data traffic is decisive in both the send and receive direction Consider Only for Load Balancing Policy Bandwidth load dependent Choose the direction in which the current data rate is to be con sidered Options e Download Only the data rate in the receive direction is con sidered e Upload Only the data rate in the send direction is con sidered The Download and Upload are deactivated by default Distribution Mode Select the state the interfaces in the group may have if they are to be included in load balancing Possible values e Always default value Also includes idle interfaces e Only use active interfaces Only interfaces in the up state are included Funkwerk Enterprise Communications GmbH 14 Routing In the Interface Selection for Load Balancing area you add and configure interfaces that match the current group context You can also delete interfaces Use Add to create entries Fields in the Load Balancing Groups Interface Selection for Distribution menu Field Description Interface Select the interfaces that are to belong to the group from the available interfaces Distribution Ratio Enter the percentage of the data traffic to be assigned to an in terface The meaning differs according to the Distribution Policy used e Based on the number of sessions to be distributed for Ses sion Round Robin
154. as a table top device The access point can also be used as a table top device For this option use the four self adhesive feet on the bottom of the device Place your device on a solid level base 3 LAN For the standard configuration of your device via Ethernet connect port ETH1 or ETH2 of your device to your LAN using the Ethernet cable supplied The device automatically detects whether it is connected to a switch or directly to a PC Use just one of the ports ETH1 and ETH2 the second port is used to cascade a number of devices If you use both Ethernet connections on the same switch loops may be formed The standard patch cable RJ45 RJ45 is symmetrical It is therefore not possible to mix up the cable ends 4 Power connection Note uf Connect the device to a mains socket using the mains adaptor supplied Use the power cord supplied or the screw strip terminal in the case of the WI series and insert it in the appropriate socket on your device Now plug the power cord into a power socket 100 240 V The status LEDs signal that your device is correctly connected to the power supply WI series products are supplied without a mains unit All devices must be earthed Note uf To restrict power in the event of a fault the 24 V DC electric circuit is to be protected with an external 2 A fuse on the installation side for bintec WIx040n and bintec WIx065n The relay contact must also be protected externally with a 1 A fus
155. ate Traffic Shaping limiting in the send direction The data rate limit applies to the selected queue This is not the limit that can be defined on the interface The function is activated with Enabled The function is disabled by default Maximum Upload Speed Only for Traffic Shaping Enabled Enter a maximum data rate for the queue in kbits Possible values are 0 to 1000000 The default value is 0 Overbooking allowed Only for Traffic Shaping Enabled Enable or disable the function The function controls the band width limit If Overbooking allows is activated the bandwidth limit set for this queue can be exceeded as long as free bandwidth exists 14 Routing Funkwerk Enterprise Communications GmbH Field Description on the interface If Overbooking allowed is deactivated the queue can never occupy bandwidth beyond the bandwidth limit that has been set The function is activated with Enabled The function is disabled by default Burst size Only for Traffic Shaping Enabled Enter the maximum number of bytes that may still be transmit ted temporarily when the data rate permitted for this queue has been reached Possible values are 0 to 64000 The default value is 0 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Dropping algorithm Choose the procedure for rejecting packets in the QoS Queue if the maximum size of the queue
156. ates in SCEP If SCEP is used your device also supports separate registration authority certificates Registration authority certificates are used by some Certificate Authorities CAs to handle certain tasks signature and encryption during SCEP communication with separate keys and to delegate the operation to separate registration authorities if applicable When a certificate is downloaded automatically i e if CA Certificates Download is selected all the certificates needed for the operation are loaded automatically If all the necessary certificates are already available in the system these can also be selec ted manually Select the Request button to request or import more certificates nae Certificate List CRL Certicate servers Certificate Request Certificate Request Description MM ae Mode OManual scep A Remote Authentication naa PI key o IRSA y 11024 vpis ww mn Certificates Subject Name custom o Cenabtea Common Name ME Ea M5 Cie if Srbenbation E j E Locality _ ef Ss StaterProvince El m Country o eS g i Advanced Settings Sie Abie Neate E None LAA EN None seh Options a A Autosave Mode Enabled ok J cancel _ Fig 47 System Management gt Certificates gt Certificate List gt Request The System Management gt Certificates gt Certificate List
157. aud rate If this is not the case you will not be able to establish a serial connection to the device Possible values O SOO O 600 O 1200 e 2400 e 4800 bintec WLAN and Industrial WLAN 10 Physical Interfaces Funkwerk Enterprise Communications GmbH Field Description e 9600 default value O IIZ e 57600 c HAS200 Data Bits Select how many data bits should be sent in sequence for traffic data Possible values e 8 default value Eight data bits are sent in sequence e 7 Seven data bits are sent in sequence Parity Select whether or not a parity bit should be used to identify transmission errors Possible values e None default value No parity bit is used e Even An even number of 1 bits is used to identify transmis sion errors e Uneven An uneven number of 1 bits is used to identify transmission errors Stop Bits Stop bits terminate the data transmission of a transmission unit Choose whether a stop bit should be used or whether two stop bits should be used Possible values e 1 default value O Handshake Only for Port Mode Data Port Choose how the recipient can continue the data transmission so that no data is lost if no other data can be processed Possible values e None default value The recipient is unable to continue the data transmission Funkwerk Enterprise Communications GmbH 10 Physical Interfaces Field Description e RTS CTS The hardware handshak
158. authenticate users A key pair consisting of a pub lic key and a private key is used to encrypt and decrypt the data For encryption the sender requires the public key of the recipient The recipient decrypts the data using his private key To ensure that the public key is the real key of the recipient and is not a forgery a so called digital certificate is required This confirms the authenticity and the owner of a public key It is similar to an official pass port in that it confirms that the holder of the passport has certain characteristics such as gender and age and that the signature on the passport is authentic As there is more than one certificate issuer e g the passport office for a passport and as such certificates can be issued by several different issuers and in varying qualities the trustworthiness of the is suer is extremely important The quality of a certificate is regulated by the German Signa ture Act or respective EU Directives Certification authorities that issue so called qualified certificates are organised in a hier archy with the Federal Network Agency as the higher certifying authority The structure and content of a certificate are stipulated by the standard used X 509 is the most important and the most commonly use standard for digital certificates Qualified certificates are personal and extremely trustworthy Digital certificates are part of a so called Public Key Infrastructure PKI PKI refers to a syste
159. availability of hosts Possible values are 1 to 65536 The default value is 10 The smallest Interval of the group members is used within a group Trials Enter the number of pings that must remain unanswered for the host to be regarded as unavailable Possible values are 1 to 65536 The default value is 3 Controlled Interfaces Select the interface s for which the action defined in Interface Action is to be performed All physical and virtual interfaces can be selected For each interface select whether each interface is to be activ ated Enable or deactivated Disable default value reset Reset or if the connection is to be re established Dialup again 18 6 2 Interfaces In the Local Services gt Surveillance gt Interfaces menu a list of all monitored Inter faces is shown 18 6 2 1 Edit New Choose the pl icon to edit existing entries Choose the New button to set up monitoring for other interfaces WI1040n lt E Language English View Standard Online Help Logout Lis z m ben b Hosts Interfaces Temperature Ping Generator Selectone Y A Trigger Interface goes up lt f Interface Action Enable Interface Select one Y i OK Cancel __ Fig 147 Local Services gt Surveillance gt Interfaces gt New The Local Services gt Surveillance gt Interfaces gt New menu consists of the following
160. aximum TTL for Positive Cache Entries 18 Local Services Funkwerk Enterprise Communications GmbH Field Description The default value is 86400 Maximum TTL for Neg Enter the value set to which the TTL is to be set in the case of a ative Cache Entries negative dynamic entry in the cache The default value is 86400 Fallback interface to get Only if DNS Server Configuration Dynami cSelect the inter DNS server face to which a connection is set up for name server negotiation if other name resolution attempts were not successful The default value is Automatic i e a one time connection is set up to the first suitable connection partner configured in the system IP address to use for As DHCP Server DNS WINS server as signment Select which name server addresses are sent to the DHCP cli ent if your device is used as DHCP server Possible values e None No name server address is sent e Own IP Address default value The address of your device is transferred as the name server address e Global DNS Setting The addresses of the global name servers entered on your device are sent As IPCP Server Select which name server addresses are to be transmitted by your device in the event of dynamic server name negotiation if your device is used as the IPCP server for PPP connections Possible values e None No name server address is sent e Own IP Address The address of your device is transferred as the name server ad
161. bintec WLAN and Industrial WLAN WI1040n wi1040n Domain y BRIDGE_BRO roseta a a ll Enabled C New OK cancer Fig 153 Local Services gt Hotspot Gateway gt Hotspot Gateway gt You can use the Enabled option to enable or disable the corresponding entry 18 8 1 1 Edit New In the Local Services gt Hotspot Gateway gt Hotspot Gateway gt pl menu you config ure the Hotspot networks Choose the New button to set up additional Hotspot networks bintec WLAN and Industrial WLAN WI1040n HTTPS DynDNS Client DHCP Server Scheduling E illan V aiee gt Ta ia Language English Online Help Logout i A HotSpot Gateway Options Basic Parameters Interface BRIDGE_BRO Domain at the HotSpot Server Walled Garden 4 Enabled Walled Network Netmask 1 Walled Garden URL Terms Conditions ls Language for login window English M Advanced Settings Ticket Type Userame Password Allowed HotSpot Client All v oK J Cancel Fig 154 Local Services gt Hotspot Gateway gt Hotspot Gateway gt The Local Services gt Hotspot Gateway gt Hotspot Gateway gt menu consists of the following fields Fields in the Hotspot Gateway Basic Parameters menu Field Description Interface Choose the interface to which the Hotspot LAN or WLAN is con nected When operating over LAN
162. ble to distribute the available bandwidths effectively and intelligently Certain applications can be given preference and bandwidth re served for them In the Firewall gt Policies gt QoS menu a list of all QoS rules is shown 17 1 2 1 New Choose the New button to set up new QoS rules bintec WLAN and Industrial WLAN Save configuration _ i Filter Rules QoS Options Eisis maracas a Comte Gos eric tntertace Selecione Y MN trate shaping Enabled Vitis Lam ception Source Destination Service Priority Use Bandwidth Bits Bounded Ee Fer Rues ANY LOCAL any None 0 g O wan 7 i L Wila a Ca T Policies Interfaces Addresses J Services Fig 126 Firewall gt Policies gt QoS gt New The Firewall gt Policies gt QoS gt New menu consists of the following fields Fields in the QoS Configure QoS Interface menu Field Description Interface Select the interface on which bandwidth management is to be carried out Traffic Shaping Select whether you want to activate bandwidth management for the selected interface The function is activated with Enabled The function is disabled by default Specify bandwidth Only for Traffic Shaping Enabled Enter the maximum available bandwidth in kbps for the selected interface Filter Rules This field contains a list of all configured firewall policies for which QoS was enabled Apply QoS Enabled T
163. ble values Emergency default value Alert Critical Error Warn ing Notice Information Debug Message Timeout Enter how long the router must wait after a relevant event be fore it is forced to send the alert mail Possible values are 0 to 86400 The value O disables the timeout Number of Messages Enter the number of syslog messages that must be reached be fore an E mail can be sent for this case If timeout is configured the mail is sent when this expires even if the number of mes sages has not been reached Possible values are 0 to 99 the default value is 7 Message Compression Select whether the text in the alert E mail is to be shortened The e mail then contains the syslog message only once plus the number of relevant events Enable or disable the field The function is enabled by default Fields in the E mail Alert Recipient Monitored Subsystems menu Field Description Subsystem Select the subsystems to be monitored Add a new system with Add 20 4 SNMP SNMP Simple Network Management Protocol is a protocol from the IP protocol family for transporting management information about network components Every SNMP management system contains an MIB SNMP can be used to configure con trol and administrate various network components from one system Such an SNMP tool is included on your device the Configuration Manager As SNMP is a standard protocol you can use any other SNMP managers e g HPOpe
164. button 4 ETH1 PoE and 10 100 Base T Ethernet interface ETH2 5 ANT3 Connections for screwing on the external antennas ANT3 RX3 Top witho ANT1 ANT2 Connections for screwing on the external antennas sl ANT1 TX RX1 Connection of first directional antenna ig bintec WLAN and Industrial WLAN 6 Technical data Funkwerk Enterprise Communications GmbH ANT2 TX RX2 Connection of second option directional an tenna bintec WI1040n and bintec WI2040n have two Ethernet connections and a serial inter face The connections are arranged as follows Power 24V DC Eth4 Eth2 PoE 1 2 u R Fig 16 Underside bintec WI1040n and bintec WI2040n Underside of bintec WI1040n and bintec WI2040n 1 Power 24V DC Socket for power supply 2 Eth1 PoE Eth2 10 100 Base T Ethernet interfaces 3 Reset HW and Reset button and delete configuration Cfg 4 SFP SFP slot for 100 Mbit s fibre module optional 5 Serial Serial interface RS232 6 Relay N O Alarm relay bintec WI1065n and bintec WI2065n have two Ethernet connections and a serial inter face The connections are arranged as follows 7 1 2 34 5 6 Fig 17 Underside bintec WI1065n and bintec WI2065n Underside of bintec WI1065n and bintec WI2065n 1 Power 24 V DC Socket for power supply 2 Eth1 PoE Eth2 10 100 Base T Ethernet interfaces Funkwerk Enterprise Communications GmbH 6 Technical
165. carried out If a value other than Universal Time Coordinated UTC option UTC x has been chosen for the System Time Zone the switch from summer to winter time must be carried out manually when required Time server You can obtain the system time automatically e g using various time servers To ensure that the device uses the desired current time you should configure one or more time serv ers Switching from summer time to winter time and back must be carried out manually if the time is derived using this method by changing the value in the System Time Zone field with an option UTC or UTC bintec WLAN and Industrial WLAN Es Note If a method for automatically deriving the time is defined on the device the values ob tained in this way automatically have higher priority A manually entered system time is therefore overwritten The System Management gt Global Settings gt Date and Time menu consists of the fol lowing fields Fields in the Date and Time Basic Settings menu Field Description Time Zone Select the time zone in which your device is installed You can select Universal Time Coordinated UTC plus or minus the deviation in hours or a predefined location e g Europe Berlin Current Local Time The current date and current system time are shown here The entry cannot be changed Fields in the Date and Time Manual Time Settings menu Field Description Set Date Enter a new date Format Day dd
166. cation between LAC and LNS takes place in both direc tions i e the LNS checks the Local Hostname and the Pass word contained in the SCCRQ of the LAC and compares them with those specified in the relevant profile The LAC does the same with the fields of the SCCRP of the LNS If this field remains empty authentication data in the tunnel setup messages are not sent and are ignored Fields in the Tunnel Profiles LAC Mode Parameters menu Field Description Remote IP Address Enter the fixed IP address of the LNS used as the destination address for connections based on this profile The destination must be a device that can behave like an LNS UDP Source Port Enter how the port number to be used as the source port for all outgoing L2TP connections based on this profile is to be be de termined By default the Fixed option is disabled which means that ports are dynamically assigned to the connections that use this pro file If you want to enter a fixed port enable the Fixed option Select this option if you encounter problems with the firewall or NAT The available values are 0 to 65535 Funkwerk Enterprise Communications GmbH 16 VPN Field Description UDP Destination Port Enter the destination port number to be used for all calls based on this profile The remote LNS that receives the call must mon itor this port on L2TP connections Possible values are 0 65535 The default value is 1701 RFC 2661 The Advanced S
167. ce 14 5 1 1 New Choose the New button to create forwarding rules for new multicast groups wi oon gt one ip Lp Forwarding IGMP options Basic Parameters z 71 f 7 All Multicast Groups Enabled Multicast Group Address E Source Interface None Routes sid Destination Interface None p Ki Cane E 7 OK gt Cancel __ ana Fig 100 Routing gt Multicast gt Forwarding gt p New The Routing gt Multicast gt Forward gt p New menu consists of the following fields Fields in the Forwarding Basic Parameters menu bintec WLAN and Industrial WLAN 14 Routing Funkwerk Enterprise Communications GmbH Field Description All Multicast Groups Select whether all multicast groups i e the complete multicast address range 224 0 0 0 4 are to be forwarded from the defined Source Interface to the defined Destination Interface To do this check Enabled Disable the option if you only want to forward one defined mul ticast group to a particular interface The option is deactivated by default Multicast Group Address Only for All Multicast Groups disabled Enter here the address of the multicast group you want to for ward from a defined Source Interface to a defined Destination Interface Source Interface Select the interface on your device to which the selected multic ast group is sent Destination Interface S
168. cessful attempts to setup a connec alup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Authentication Select the authentication protocol for this Internet connection Select the authentication specified by your provider Possible values DNS Negotiation PAP default value Only run PAP PPP Password Authentica tion Protocol the password is transferred unencrypted CHAP Only run CHAP PPP Challenge Handshake Authentica tion Protocol as per RFC 1994 the password is transferred encrypted PAP CHAP Primarily run CHAP otherwise PAP MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol PAP CHAP MS CHAP Run primarily CHAP if denied then the authentication protocol required by the PPTP partner MSCHAP version 1 or 2 possible MS CHAPv2 Run MS CHAP version 2 only None Some providers use no authentication In this case se lect this option Select whether your device receives IP addresses for Primary DNS Server and Secondary DNS Server from the connection partner or sends these to the connection partner The function is activated with Enabled The function is enabled by default Prioritize TCP ACK Packets Select whether the TCP download is to be optimised in the event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activate
169. ch of the algorithms RSA and DSA i e two files must be stored in the flash for each algorithm see example at above If no keys are available you have to generate these first Proceed as follows 1 Leave the Flash Management shell with exit 2 Call up the Setup tool setup and navigate to the Security gt SSH Daemon gt Cer tification Management menu 3 To have the keys generated by the device mark one of the two entries with the cursor and confirm with Enter The device then generates the key and stores it in the FlashROM 4 Make sure that both keys have been successfully generated To do this repeat the procedure described above Login via SSH Proceed as follows to log in on your device via SSH bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 7 Access and configuration If you have made sure that all the keys needed are available on the device you have to check whether an SSH client is installed on your PC Most UNIX and Linux distributions in stall a SSH client by default Additional software e g PUTTY usually has to be installed on a Windows PC Proceed as follows to log in on your device via SSH UNIX 1 Enterssh lt IP address of the device gt ina terminal The login prompt window appears This is located in the SNMP shell of the device 2 Continue with Logging in on page 55 Windows 1 How an SSH connection is set up very much depends on the software used C
170. ckets Bytes Shows the total number of incoming and outgoing bytes Errors Shows the total number of errors IKE Phase 1 SAs x The parameters of the IKE Phase 1 SAs are displayed here Role Algorithm Life time remaining State IPSec Phase 2 SAs x Shows the parameters of the IPSec Phase 2 SAs Role Algorithm Local Remote Lifetime re maining State Messages The system messages for this IPSec tunnel are displayed here 21 2 2 IPSec Statistics In the Monitoring gt IPSec gt IPSec Statistics menu statistical values for all IPSec con nections are shown bintec WLAN and Industrial WLAN Save configuration 4 IPSec Tunnels IPSec Statistics DESEAS et System Management Y Physical Interfaces yy Automatic Refresh interval 300 Seconds Apply Licences In Use Maximum WirelessLAN ov IPSec Tunnels 0 10 Wireless LAN Controller y Peers Up Going up Blocked Dormant Configured Status 0 0 0 1 1 E SAs Established Total SKE Phase 1 0 0 IPSec Phase 2 0 0 Firewall med Packet Statistics In Out F p Total 34 79 taasang Passed 34 79 Maintenance v Dropped 0 0 AA Encrypted o 0 Errors 0 0 Internal Log x IPSec Interfaces wan Bridges HotSpot Gateway QoS Fig 172 Monitoring gt IPSec gt IPSec Statistics The Monitoring gt IPSec gt IPSec Statistics menu consists of the following fields Field in the IPSec Statistics Licenses menu Fi
171. connect over the exist ing network connection with your device VLAN Select whether the VLAN segmentation is to be used for this wireless network If you wish to use VLAN segmentation enter a value between 1 and 4094 in the input field in order to identify the VLAN Note Before you continue please ensure that all access points that the WLAN controller shall manage are correctly wired and switched on Funkwerk Enterprise Communications GmbH 13 Wireless LAN Controller 13 1 4 Start automatic installation You will see a list of all detected access points If you wish to change the settings of a detected AP click on iin the corresponding entry You will see the settings for all selected access points You can change these settings The following parameters are available Location Displays the stated locality of the AP You can enter another locality Active Radio Profile Displays the wireless module profile that is currently selected You can select another wire less module profile from the list if several wireless module profiles are set up Assigned Wireless Networks VSS Displays the wireless networks that are currently assigned Operation Mode Select whether the device is to be operated in Access Point mode orin Standard mode The Standard setting uses the value that you have selected in the corresponding Radio Profile Channel Displays the channel that is assigned You can select an alternative channel The number
172. cs 4 3 Preparations To prepare for configuration you need to e Obtain the data required for the basic configuration e Check whether the PC from which you want to perform the configuration meets the ne cessary requirements e Install the Dime Manager software which provides more tools for working with your device 4 3 1 Gathering data The main data for the basic configuration can be gathered quickly as no information is re quired that needs in depth network knowledge If applicable you can use the example val ues Before you start the configuration you should gather the data for the following purposes e IP configuration obligatory if your device is in the ex works state e Optional Configuration of a wireless network connection in Access Point mode e Optional Configuration of client links in Client Links mode e Optional Configuration of bridge links in Bridge mode The following table shows examples of possible values for the necessary data You can enter your personal data in the Your values column so that you can refer to these values later when needed If you configure a new network you can use the given example values for IP addresses bintec WLAN and Industrial WLAN and netmasks In cases of doubt ask your system administrator Basic configuration For a basic configuration of your gateway you need information that relates to your net work environment IP configuration of the access po
173. ct or are looking for additional information the Funk werk Enterprise Communications GmbH Support Centre can be reached Monday to Friday between the hours of 8 00 am and 5 pm They can be contacted as follows Email hotline funkwerk ec com International Support Coordina Telephone 49 911 9673 1550 tion Fax 49 911 9673 1599 End customer Hotline 0900 1 38 65 93 1 10 min on land lines in Germany For detailed information on our support services contact www funkwerk ec com bintec WLAN and Industrial WLAN 4 Basic configuration Funkwerk Enterprise Communications GmbH Chapter 4 Basic configuration You can use the Dime Manager IP address assignment and the Funkwerk Configura tion Interface other configuration steps for the basic configuration of your device The basic configuration is explained below step by step A detailed online help system gives you extra support This user s guide assumes you have the following basic knowledge e Basic knowledge of network structure e Knowledge of basic network terminology such as server client and IP address e Basic knowledge of using Microsoft Windows operating systems The Companion DVD also supplied includes all the tools that you need for the configura tion and management of your device You can find other useful applications on the Internet at www funkwerk ec com 4 1 Presettings 4 1 1 Preconfigured data You have three ways of accessing your device in yo
174. d 16 1 3 Phase 2 Profiles You can define profiles for phase 2 of the tunnel setup just as for phase 1 In the VPN gt IPSec gt Phase 2 Profiles menu a list of all configured IPSec phase 2 pro files is shown WI1040n Language English View Standard Online Help wit040n IPsec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options View 20 ee page Ll Fiter in None viequal Go Defaut Description _ Proposals _ PFS Group Lifetime a Page 1 C New Jar OK C cancel _ Fig 115 VPN gt IPSec gt Phase 2 Profiles In the Standard column you can mark the profile to be used as the default profile bintec WLAN and Industrial WLAN 16 1 3 1 New Choose the New button to set up new profiles a r gt E z WI1040n ME Language English View Stenderd Online Help Logout wit040n E z Save configuration 44 IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Phase 2 IPSEC Parameters Description Multi Proposal AES MDS Y AES MI MDS O AES MDS vw Proposals Use PFS Group Enabled 1768 Bit 2 1024 Bit O 511536 Bit Lifetime 7200 Seconds 0 kBytes Advanced Settings IP Compression DEnabled Alive Check Autodetect bd Propagate PMTU Enabled Traki hpa
175. d 20h 33m 0 0 0 0 0 0 lo o A Ee 1335 M Internal Log IPSec Interfaces wan Bridges HotSpot Gateway Qos L Fig 180 Monitoring gt WLAN gt Bridge Links Values in the list Bridge Links Field Description Bridge Link Description Shows the name of the bridge link Remote MAC Shows the MAC address of the bridge link partner Up Time Shows the time in hours minutes and seconds for which the bridge link in question is active Tx Packets Shows the total number of packets sent Rx Packets Shows the total number of packets received Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm Data Rate mbps Shows the current clock rate of data received on this bridge link in mbps bintec WLAN and Industrial WLAN If required the Test link can be used to start a link test The link test provides all the data necessary for checking the quality of the bridge link The link test also helps you to align the antennas This option is only displayed if the link state is Enabled Bridge link details You can use the P icon to open an overview of further details of the bridge links WI1040n View Standard Online Hel Logout out w11040n sena E i WLAN1 vss WDS Bridge Links Client Links Automatic Refresh Interval
176. d Industrial WLAN View Online Help Logout Navigation bar to carry out the configuration German and English are avail able View Select the desired view from the dropdown menu Stand ard and SNMP browsers can be selected Online Help Click this button if you want help with the menu now active The description of the sub menu where you are now is displayed Logout If you want to end the configuration click this button to log out of your device A window is opened offering you the fol lowing options e Save configuration backup previous boot configuration then exit Save configuration then exit e Exit without saving Save configuration J Fig 27 Save Configuration button bintec WLAN and Industrial WLAN Global Settings Interface Mode Bridge Administrative Access _ Remote Authentication Fig 28 Menus The Save Configuration button is found in the navigation bar If you save a current configuration you can save this as the boot configuration or you can also archive the previous boot configuration as a backup If you click the Save configuration button in the FCI you will be asked Do you really want to save the current configuration as a boot configuration You have the following two options e Save configuration i e save the current configuration as the boot configuration e Save configuration and backup previous boot configuration i e save the current configuration as
177. d by choosing Enabled The function is disabled by default Make sure that ARP processing cannot be applied in conjunc tion with the MAC bridge function WMM Select whether voice or video prioritisation via WMM Wireless Multimedia is to be activated for the wireless network so that optimum transmission quality is always achieved for time critical applications Data prioritisation is supported in accordance with DSCP Differentiated Services Code Point or IEEE802 1d The function is activated by choosing Enabled The function is enabled by default Max Clients Enter the maximum number of clients that can be connected to this wireless network SSID The maximum number of clients that can register with a wire less module depends on the specifications of the respective WLAN module This number can be shared across all con figured wireless networks If the maximum number of clients is reached no more new wireless networks can be created and a warning message will appear Fields in the Virtual Service Sets Security Settings menu Field Description Security Mode Select the security mode encryption and authentication for the wireless network Possible values 12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description e Inactive default value Neither encryption nor authentica tion e WEP 40 WEP 40 Bit e WEP 104 WEP 104 Bit WPA PSK WPA Preshared Key WPA Enterprise 802 11x Transmit Key
178. d guides you through the individual configuration steps to connect your local network LAN to the internet In this menu you are guided through all of the settings that are required to set up your LAN LAN connection as a virtual private network Wireless LAN involves the set up of a network using wireless technology The assistant is required e g for specific PBX in the LAN such as Hybird in order to guarantee SIP compatibility To do this external communication is carried out over a single IP address and NAT is realised as full cone NAT Status Global Settings In this menu general information on your device is displayed at a glance This information includes serial number software version cur rent memory and processor use status of the physical inter faces and the last 10 system messages In this menu you enter the basic system settings of your device such as for example system name system date system time and passwords 7 Access and configuration Funkwerk Enterprise Communications GmbH You can also manage licences that are necessary for the use of certain functions Interface Mode Bridge In this menu you define the mode in which the interfaces of Groups your device are to run routing or bridging and if necessary can define bridge groups Administrative Access In this menu you configure the access options for the individual interfaces Remote Authentication In this menu you configure the authen
179. d with Enabled The function is disabled by default 15 WAN Funkwerk Enterprise Communications GmbH Field Description PPTP Address Mode Displays the address mode The value cannot be changed Possible values e Static The IP address of the Ethernet port selected in PPTP Interface will be used Local PPTP IP Address Assign the PPTP interface an IP address that is used as the source address The default value is 10 0 0 140 Remote PPTP IP Ad Enter the IP address of the PPTP partner dress The default value is 10 0 0 138 LCP Alive Check Check whether the reachability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a backup connection more quickly in the event of line faults The function is activated with Enabled The function is disabled by default 15 1 3 IP Pools In the IP Pools menu a list of all IP pools is displayed Your device can operate as a dynamic IP address server for PPP connections You can use this function by providing one or more pools of IP addresses These IP addresses can be assigned to dialling in connection partners for the duration of the connection Any host routes entered always have priority over IP addresses from the address pools This means if an incoming call has been authenticated your device first checks whether a host route is entered in the routing table for this caller If not your device can allocate an IP add
180. data 3 HW Reset button performs restart 4 Cfg Deletes the configuration 5 SFP SFP slot for 100 Mbit s fibre module optional 6 Serial Serial interface RS232 7 Relay N O Alarm relay contact 6 5 Antenna connectors for industrial WLAN devices with 802 11n support En Note The three antenna for devices bintec WI1040n bintec WI1065n and bintec W1002n have 2 Transmit and 3 Receive functions in n operating mode MIMO 2T3R WLAN 1 Ant 1 and WLAN 1 Ant send and receive Ant 3 only receives For devices bintec WI2040n and bintec WI2065n only 2 antenna are used for each of the 2 wireless modules These are both sending and receiving antenna There is no third receiving antenna this is MIMO 2T2R operating mode However gross rates of 300 Mbps are possible The receiving sensitivity decreases slightly Only 2 antenna connections are required to operate bridgelink with dual polar isation antenna Antenna should be Lambda 2 or a multiple of this In bintec WIx040n the antenna are 37 mm apart in bintec WIx065n the antenna are 55 mm apart 2 4 GHz Lambda 2 corresponds to 6 15 cm 5 GHz Lambda 2 corresponds to 2 72 cm Devices with 802 11n support can use up to 3 antenna per wireless module The assign ment of the existing 4 antenna connectors is shown in the following graphic e 0000 WLAN 1 WLAN 1 WLAN 1 WLAN 2 WLAN 2 Ant 1 Ant 2 Ant 3 Ant 1 Ant 2 Fig 18 Antenna configuration for bintec WIx040n devices
181. ddressiNetmask booo pooo SS Destination PortRange AIF a EJ to Source IP AddressiNetmask joooo foooo OO source PortRange All vi gt tof gt DSCP TOS filter Layer 3 Ignore cos fter 8021pILayer 2 ic OK yc Cancel _ egp esp ggp gre hmp icmp igmp IGP igrp IP 1pip WOW MD alin INP ESO 102 kanyjorcoleral OS join AV ClO LSO SKA Cio TSIZ Mala VRIR says 5L ClO The Do not verify option default value matches any pro Description Enter the name of the filter Protocol Select a protocol Possible value tocol Type Only if Protocol icmp Select the type Possible values Any Echo reply Destination unreach able Source quench Redirect Echo Time expired Timestamp Timestamp reply See RFC 792 bintec WLAN Funkwerk Enterprise Communications GmbH 14 Routing Field Description The default value is Any Connection State If Protocol tcp you can define a filter that takes the status of the TCP connections into account Possible values e Established All TCP packets that would not open any new TCP connection on routing over the gateway match the filter e Any default value All TCP packets match the filter Destination IP Address Enter the destination IP address of the data packets and the Netmask corresponding netmask Destination Port Range Only if Protocol tcp or udp Enter a destination port number or a range of destination port numb
182. de Static Enter the static IP address of the connection partner Route Entries Only if IP Address Mode Static Define other routing entries for this connection partner Add a new entry with Add e Remote IP Address IP address of the destination host or network e Netmask Netmask of Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed The de fault value is 60 Maximum Number of Di Enter the number of unsuccessful attempts to setup a connec alup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Authentication Select the authentication protocol for this connection partner Select the authentication specified by your provider Possible values e PAP default value Only run PAP PPP Password Authentica tion Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentica tion Protocol as per RFC 1994 the password is transferred Funkwerk Enterprise Communications GmbH 15 WAN Field Description encrypted e PA
183. device in Access Point mode you must set up a wireless network Proceed as follows 1 Go to Wireless LAN gt WLAN gt Wireless Module Settings pl 2 In Operating Mode select Access Point Click OK 3 Leave the default settings in all other fields 4 5 Go to Wireless LAN gt WLAN gt Wireless Networks VSS gt 6 In Network name SSID enter for example Funkwerk ec 7 Under Security Mode select WPA PSK 8 In Preshared Key enter for example supersecret 9 Leave the default settings for all other fields Funkwerk Enterprise Communications GmbH 4 Basic configuration 10 Click OK 11 Save the configuration by clicking on the Save Configuration button above the menu navigation 4 7 Setting up a bridge link If you run your device in Bridge mode you must set up a bridge link Bridge link autoconfiguration 1 Go to Wireless LAN gt WLAN gt Wireless Module Settings gt pl 2 In Operation Mode select Bridge 3 Leave the default settings in all other fields 4 Click OK 5 Goto Wireless LAN gt WLAN gt Bridge Links gt New 6 In Preshared Key enter for example bridgesecret 7 8 Click OK 9 Configure a bridge link on the remote device in the same way Leave the default settings in all other fields 10 For your local device click the e icon in the list in Wireless LAN gt WLAN gt Bridge Links 11 In the menu that opens Wireless LAN
184. dified easily In addition you can view the corres ponding file clearly using Microsoft Excel for example The administrator can store encryp ted backup files for the configuration When the configuration is sent by e mail e g for sup port purposes confidential configuration data can be protected fully if required You can save or import files with the actions Export configuration Export configuration with state information and Load configuration If you want to save a configuration file with the action Export configuration or Export configuration with state information you can choose whether the configuration file is saved encrypted or without encryption Caution If you have saved a configuration file in an old format via the SNMP shell with the put command there is no guarantee that it can be reloaded to the device As a result the old format is no longer recommended WI1040n _ A AA DAL RARA tz Physical Interfaces y Currently Installed Software Mi Boss V 7 9 Rev 6 IPSec from 2010 08 06 00 00 00 WirelessLAN v System Logic 13 E Wireless LAN Controller y Fa Configuration Options Routing a _ Action No Action Software amp Configuration Reboot orion Fig 159 Maintenance gt Software amp Configuration gt Options The Maintenance gt Software amp Configuration gt Options menu consists of the following fields Fields in the Options Current Installed
185. door and outdoor versions For the bintec WI series devices a screw terminal bar is included as standard for power supply Devices of the industrial WLAN series with 802 11n support are fitted with a unit that heats the radio module to operating temperature when the temperature falls below 10 degrees Celsius Once this temperature has been reached the device continues with the start up process During the heating phase the red Failure LED flashes Caution The use of the wrong mains adapter may damage your device Only use the mains ad aptor supplied only for bintec W1002n If you require foreign adapters mains units please contact our funkwerk service fe Va fie E Wireless LAN YO Mae a OY Power supply Serial connect to PC Fig 2 Connection options bintec W1002n bintec WLAN and Industrial WLAN Wireless LAN Antenna cia Co Lob Led ay De a SFP Serial connect to PC Ethernet Alarm Relay connect via fibre optic Fig 3 Connection options bintec WIx040n and bintec WIx065n When setting up and connecting carry out the steps in the following sequence refer to the connection diagrams for the individual devices in chapter Technical data on page 28 1 Antennas Screw the standard antennas supplied on to the connectors provided for this pur pose Put the antennas in the required position before tightening the screw nut Once the screw nut has been tightened
186. dress e Global DNS Setting default value The addresses of the global name servers entered on your device are sent 18 1 2 Static Hosts In the Local Services gt DNS gt Static Hosts menu a list of all configured static hosts is shown 18 1 2 1 New Choose the New button to set up new static hosts wil040n Global Settings Static Hosts Domain Forwarding cache I Statistics Basic Parameters DNS Hostname aLa Reanarisa Positive CA IP Address pooo TTL joann Seconds Do i OK Cancel DHS HTTPS DynDNS Client DHCP Server Scheduling Surveillance Funkwerk Discovery HotSpot Gateway Fig 134 Local Services gt DNS gt Static Hosts gt New The Local Services gt DNS gt Static Hosts gt New menu consists of the following fields Fields in the Static Hosts Basic Parameters menu Field Description DNS Hostname Enter the host name to which the IP Address defined in this menu is to be assigned if a positive response is received to a DNS request If a negative response is received to a DNS re quest no address is specified The entry can also start with the wildcard e g funkwerk de If a name is entered without a dot this is completed with lt Name gt after confirming with OK is added bintec WLAN and Industrial WLAN Field Description Entries with spaces are not allowed Response In this entry select the t
187. dress in this class represents a group A sender e g Internet radio sends data to this group The addresses IP of the various senders within a group are called the source addresses Several senders with different IP addresses can therefore transmit to the same multicast group leading to a 1 to n rela tionship between groups and source addresses This information is forwarded to the router by means of reports In the case of incoming multicast data traffic a router can use this in formation to decide whether a host in its subnet wants to receive it Your device supports the current version IGMP V3 which is upwardly compatible which means that both V3 and V1 V2 hosts can be managed Your device supports the following multicast mechanisms e Forwarding This relates to static forwarding i e incoming data traffic for a group is passed in all cases This is a useful option if multicast data traffic is to be permanently passed e IGMP IGMP is used to gather information about the potential recipients in a subnet In the case of a hop incoming multicast data traffic can thus be selected Tip With multicast the focus is on excluding data traffic from unwanted multicast groups Note that if forwarding is combined with IGMP the packets can be forwarded to the groups specified in the forwarding request 14 5 1 Forwarding In this menu you specify which multicast groups are always passed between the interfaces of your devi
188. e o ae z wi2040n i English Online Help Logout 4 Save configuration d Firmware Maintenance Pryscahtetaces ee Update firmware Location Device IP Address MAC Address Firmware Version Status TU bintec W1002n 10 0 01 D0 01 cd De 8 04 V 7 9 Rev 6 Beta 6 IPSec from 2010 09 09 00 00 00 A UM is Action Update system software Wizard Source Location HTTP server x Controller Configuration gt gt pa Slave AP configuration URL Monitoring Maintenance oK Cancel _ Fig 88 Wireless LAN Controller gt Maintenance gt Firmware Maintenance In the Wireless LAN Controller gt Maintenance gt Firmware Maintenance a list of all Managed Access Points is displayed For each managed AP you will see an entry with a parameter set Update firmware Loca tion Device IP Address MAC Address Firmware Version Status Possible values for Status Status Meaning Image already exists The software image already exists no update is required Errors An error has occurred In progress The operation is currently in progress Complete The update is complete The Wireless LAN Controller gt Maintenance gt Firmware Maintenance consists of the following fields Fields in the Firmware Maintenance menu Field Description Action Select the action you wish to execute After each task a window is displayed showing the other steps bintec WLAN and Industrial WLAN
189. e 2 CoS Possible values 0 and 7 The default value is 0 14 6 2 QoS Classification The data traffic is classified in the Routing gt QoS gt QoS Classification menu i e the data traffic is associated using class IDs of various classes To do this create class plans for classifying IP packets based on pre defined IP filters Each class plan is associated to at least one interface via its first filter 14 6 2 1 New Choose the New button to set up other data classes bintec WLAN and Industrial WLAN WI1040n wil04on A oe 4 ia Language English View Standard Oa A e Online Help Logout Basic Parameters Class map Description Filter Direction High Priority Class Class ID Interfaces Qos Filter QoS Classification i QoS Interfaces Policies Selectone Y Outgoing C OK J C cance Fig 105 Routing gt QoS gt QoS Classification gt New The Routing gt QoS gt QoS Classification gt New menu consists of the following fields Fields in the QoS Classification Basic Parameters menu Field Description Class map Description Filter bintec WLAN and Industrial WLAN Choose the class plan you want to create or edit Possible values e New default value You can create a new class plan with this setting e lt Name of class plan gt Shows a class plan that has already been created which you can se
190. e DHCP Enter the host name requested by the provider The maximum length of the entry is 45 characters DHCP Broadcast Flag Only if Address Mode DHCP Choose whether or not the BROADCAST bit is set in the DHCP requests for your device Some DHCP servers that assign IP addresses by UNICAST do not respond to DHCP requests with the set BROADCAST bit In this case it is necessary to send DHCP requests in which this bit is not set In this case disable this option The function is activated by choosing Enabled The function is enabled by default Proxy ARP Select whether your device is to respond to ARP requests from its own LAN on behalf of defined remote terminals Field Description The function is activated by choosing Enabled The function is disabled by default TCP MSS Clamping Select whether your device is to apply MSS Clamping To pre vent IP packets fragmenting the MSS Maximum Segment Size is automatically decreased by the device to the value set here The function is activated by choosing Enabled The function is disabled by default Once enabled the default value 1350 is entered in the input field 11 2 VLAN By implementing VLAN segmentation in accordance with 802 1Q you can configure VLANs on your device The wireless ports of an access point in particular are able to re move the VLAN tag of a frame sent to the clients and to tag received frames with a pre defined VLAN ID This functionality makes
191. e AC or 2 A fuse DC bintec WLAN and Industrial WLAN 3 Installation Funkwerk Enterprise Communications GmbH Note If the bintec WIx065n is installed outdoors the lines laid outside the building are to be categorized as TNV1 electric circuits in accordance with EN60950 as their SELV level can also be overridden by transient overvoltage e g during storms during operation in line with the regulations When wiring the connections it is therefore necessary to make sure that protective measures against overvoltage are carried out where the cable enters the building to ensure that the limit values of a SELV electric circuit are maintained in the building You can set up further connections as required e Serial connection For alternative configuration possibilities connect the serial interface of your PC COM1 or COM2 to the serial interface of the gateway console However configuration via the serial interface is not provided by default Note Note that the serial interface of bintec WIx065n must only be used by a service tech nician as a maintenance interface The device is now ready for configuration 3 2 Cleaning You can clean your device easily Use a damp cloth or antistatic cloth Do not use solvents Never use a dry cloth the electrostatic charge could cause electronic faults Make sure that no moisture can enter the device and cause damage 3 3 Support information If you have questions about your produ
192. e last port of the port range By default the field does not contain an entry If a value is displayed this means that the previously specified port number is verified If a port range is to be checked enter the upper limit here Possible values are 1to 65535 Source Port Range Only if Protocol TCP UDP TCP or UDP In the first field enter the source port to be checked if applic able If a port number range is specified in the second field enter the last port of the port range By default the field does not contain an entry If a value is displayed this means that the previously specified port number is verified If a port range is to be checked enter the upper limit here Possible values are 1to 65535 Type Only if Protocol TCMP The Type field shows the class of ICMP messages the Code field specifies the type of message in greater detail Possible values e Any default value e Echo Replay e Destination Unreachable O Sources guencla e Redirect Field Description PECHO e Time Exceeded e Parameter Problem e Timestamp e Timestamp Reply e Information Request e Information Reply e Address Mask Request e Address Mask Reply Code ICMP code options can only be selected if Type Destina tion Unreachable Possible values e Any default value e Net Unreachable e Host Unreachable e Protocol Unreachable e Port Unreachable e Fragmentation Needed e Communication with Destination Network
193. e 324 dormant 253 down 253 Drop non members 139 Drop untagged frames 139 Dropped 394 411 Dropping algorithm 252 DSA Key Status 99 DSCP TOS Value 212 DSCP TOS filter Layer 3 242 DTIM Period 150 196 Index Duplicate received MSDUs 397 Dynamic RADIUS Authentication 290 E E mail 117 EAP Preauthentification 159 201 ED Threshold 196 Enable Discovery Server 359 Enable IPSec 289 Enable update 335 Enable VLAN 140 Encrypted 394 Encryption 109 299 Encryption Algorithms 98 Entry active 103 108 Errors 391 394 Extended Route 211 External Filename 120 121 F Facility 376 Fallback interface to get DNS server 325 File Encoding 120 121 Filename 371 Filter 245 Filter Rules 312 Firewall Status 313 First Timeserver 84 Force certificate to be trusted 113 Forward to 329 Forwarded Requests 332 Forwarding 329 Fragmentation Threshold 150 152 196 Frame transmissions without ACK re ceived 397 G Garbage Collection Timer 230 Gateway 211 340 357 Generate Private Key 115 Group Description 103 232 Funkwerk Enterprise Communications GmbH Group ID 349 H Handshake 127 Hashing Algorithms 98 Hello Interval 295 High Priority Class 245 Hold Down Timer 230 Host 329 Host for multiple locations 366 HostName 335 HTTP 95 HTTPS 95 HTTPS TCP Port 333 IEEE 802 11d Compliance 144 IGMP Proxy 239 IGMP State Limit 237 240 IGMP Status 240 Ignore Certificate Request Payloads 291 IKE Phas
194. e For Bandwidth Load Dependent the data rate is the de cisive factor 14 5 Multicast What is multicasting Many new communication technologies are based on communication from one sender to several recipients Therefore modern telecommunication systems such as voice over IP or video and audio streaming e g IPTV or Webradio focus on reducing data traffic e g by offering TriplePlay voice video data Multicast is a cost effective solution for effective use of bandwidth because the sender of the data packet which can be received by several re cipients only needs to send the packet once The packet is sent to a virtual address defined as a multicast group Interested recipients log in to these groups Other areas of use One classic area in which multicast is used is for conferences audio video with several re cipients The most well known are probably the MBone Multimedia Audio Tool VAT Video Conferencing Tool VIC and Whiteboard WB VAT can be used to hold audio con ferences All subscribers are displayed in a window and the speaker s are indicated by a black box Other areas of use are of particular interest to companies Here multicasting makes it possible to synchronise the databases of several servers which is valuable for multinationals or even companies with just a few locations 14 Routing Funkwerk Enterprise Communications GmbH Address range for multicast For IPv4 the IP addresses 224 0 0 0 to 239 255 255
195. e Monitoring gt IPSec gt IPSec Tunnel menu a list of all configured IPSec peers is shown Fa e e ra WI1040n E Language English Online Help Logout 400 E IPSec Tunnels IPSec Statistics Automatic Refresh Interval 300 Seconds Apply _ view 20 per page LIL Fiterin None equal f Go Description Rendle P Remote Networks Securty Algorta Saus acion 1 Peer e E A Page 1 tems 1 1 F lt a Internal Log IPSec Interfaces WLAN Bridges HotSpot Gateway Qos Fig 170 Monitoring gt IPSec gt IPSec Tunnel Values in the list IPSec Tunnels Field Description Displays the serial number of the IPSec tunnel Description Displays the name of the IPSec tunnel bintec WLAN and Industrial WLAN Field Description Remote IP Address Displays the IP address of the remote IPSec Peers Remote Networks Displays the currently negotiated subnets of the remote termin al Security Algorithm Displays the encryption algorithm of the IPSec tunnel Status Displays the operating status of the IPSec tunnel Action Enables you to change the status of the IPSec tunnel as dis played Details Opens a detailed statistics window You change the status of the IPSec tunnel by pressing the a button or button in the Action column By pressing the E button you display detailed statistics on the IP
196. e VLAN ID of the VLAN in which your device is to oper ate bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 12 Wireless LAN Chapter 12 Wireless LAN In the case of wireless LAN WLAN Wireless Local Area Network this relates to the cre ation of a network using wireless technology Network functions Like a wired network a WLAN offers all the main network functions Access to servers files printers and the e mail system is just as reliable as company wide Internet access Because the devices do not require any cables the great advantage of WLAN is that there are no building related restrictions i e the device location does not depend on the position and number of connections Currently applicable standard IEEE 802 11 In the case of 802 11 WLANs all the functions of a wired network are possible WLAN transmits inside and outside buildings with a maximum of 100 mW IEEE 802 11g is currently the most widespread standard for wireless LANs and offers a maximum data transmission rate of 54 mbps This procedure operates in the radio fre quency range of 2 4 GHz which ensures that parts of the building are penetrated as effect ively as possible with a low transmission power that poses no health risks A 802 11g compatible standard is 802 11b which operates in the 2 4 GHz range 2400 MHz 2485 MHz and offers a maximum data transmission rate of 11 mbps 802 11b and 802 11g WLAN systems involve no charg
197. e or login With 802 11a bandwidths of up to 54 mbps can be used in the 5150 GHz to 5725 MHz range With the higher frequency range 19 non overlapping frequencies are available in Germany This frequency range can also be used without a licence in Germany In Europe transmission power of not just 30 mW but 1000 mW can be used with 802 11h but only if TPC TX Power Control method for controlling transmission power in wireless sys tems to reduce interferences and DFS Dynamic Frequency Selection are used The pur pose of TPC and DFS is to ensure that satellite connections and radar devices are not in terfered with The standard 802 11n Draft 2 0 uses MIMO technology Multiple Input Multiple Output for data transmission that allows data transfer via WLAN over longer distances or with higher data rates With bandwidth 20 MHz or 40 MHz a gross data rate of 150 Mbps or 300 Mbps is achieved An amendment to the Telecommunications Act TKG allowed the 5 8 GHz band 5755 MHz 5875 MHz to be used for so called BFWA applications Broadband Fixed Wireless Access This simply requires registration with the Federal Network Agency However the use of TPC and DFS is mandatory in this case 12 1 WLAN In the Wireless LAN gt WLANx menu you can configure all the WLAN modules of your device Depending on the model one or more WLAN modules WLAN1 and in certain models WLAN2 and WLANS are available 12 1 1 Radio Settings In the Wirele
198. e other routing entries for this connection partner Add a new entry with Add Remote IP Address IP address of the destination host or network e Netmask Netmask of Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 MTU Enter the maximum packet size Maximum Transfer Unit MTU in bytes that is allowed for the GRE connection between the partners Possible values are 1 to 8192 The default value is 1500 Use key Enable the key input for the GRE connection which makes it possible to distinguish between several parallel GRE connec tions between two GRE partners see RFC 1701 The key is activated with Enable The function is disabled by default Key Value Only if Use Key is enabled Enter the GRE connection key Possible values are 0 to 2147483647 The default value is 0 bintec WLAN and Industrial WLAN 17 Firewall Funkwerk Enterprise Communications GmbH Chapter 17 Firewall The Stateful Inspection Firewall SIF provided for bintec gateways is a powerful security feature The SIF with dynamic packet filtering has a decisive advantage over static packet filtering The decision whether or not to send a packet cannot be made solely on the basis of source and destination addresses or ports but also using dynamic packet filtering based on the state of the connection to a
199. e used controls the data flow over the RTS and CTS lines e XON XOFF lf the software handshake is used the recipient sends special signs to the sender to control the data flow Fields in the Serial Port IP menu Field Description Mode Select the mode in which the gateway should process IP data packets Possible values e Server default value The gateway waits for incoming TCP connections e Client The gateway actively sets up a TCP connection e UDP The gateway sends and receives UDP packets Local IP Address Enter the IP address of the client logging in If Local IP Ad dress 0 0 0 0 any client can log in Local Port Enter the port for the Local IP Address Remote IP Enter the IP address of the server at which your gateway should log in Port Number Enter the port for the Remote IP Fields in the Serial Port Trigger menu Field Description Byte Count Enter the received characters in bytes which are used as a trig ger for data transmission The function is activated with Enabled The function is enabled by default Possible values 1 1460 Default value 128 Timeout Enter the time in ms since receiving the last character which is used as a trigger for data transmission The function is activated with Enabled Field Description The function is enabled by default Possible values 0 65535 Default value 0 Inter Byte Gap Enter the time in ms since receiving the first character
200. e values are 36 40 44 48 and Auto default value Funkwerk Enterprise Communications GmbH 12 Wireless LAN Field Description e For Operation Band 5 GHz In Outdoorand 5 GHz Outdoorand 5 8 GHz Outdoor Only the Auto option is possible here Access Client mode In Access Client mode you can only select the required channel in Client Mode Ad Hoc Possible values e For Frequency Band 2 4 GHz In Outdoor Possible values are 1 to 13 and Auto default value e For Frequency Band 5 GHz Indoor Possible values are 36 40 44 48 and Auto default value e For Operation Band 5 GHz In Outdoorand 5 GHz Outdoorand 5 8 GHz Outdoor Only the Auto option is possible here Selected Channel Displays the channel used Used Secondary Chan Only for Operation Mode Access Client or Bridge Dis nel plays the second channel used Bandwidth Only for Wireless Mode 802 11b g n 802 11g n 802 tim 802 1 1a n Select how many channels are to be used Possible values e 20 MHz default value One channel with 20 MHz bandwidth is used e 40 MHz Two channels each with 20 MHz bandwidth are used In the case one channel acts as a control channels and the other as an expansion channel Number of Spatial Only for Wireless Mode 802 11b g n 802 11g n Streams 802 11n 802 11a nSelect how many traffic flows are to be used in parallel 12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Possible value
201. e your device in access point mode Wireless LAN gt WLAN gt Radio Set tings gt 5 gt Operation Mode Access Point you can set up and edit the desired wireless networks in the Wireless LAN gt WLAN gt Wireless Networks VSS gt g gt New menu Eg Note The preset wireless network Funkwerk EC has the following security settings in the ex works state e Security Mode WPA PSK WPA Mode WPA and WPA2 e WPA Cipher and WPA2 Cipher AES and TKIP e The Preshared Key is filled with an internal system value which you must change during configuration Setting network names 12 Wireless LAN Funkwerk Enterprise Communications GmbH In contrast to a LAN set up over Ethernet a wireless LAN does not have any cables for set ting up a permanent connection between the server and clients Access violations or faults may therefore occur with directly adjacent radio networks To prevent this every radio net work has a parameter that uniquely identifies the network and is comparable with a domain name Only clients with a network configuration that matches that of your device can com municate in this WLAN The corresponding parameter is called the network name In the network environment it is sometimes also referred to as the SSID Protection of wireless networks As data can be transmitted over the air in the WLAN this data can in theory be intercepted and read by any attacker with the appropriate resources Particula
202. e1 393 IKE Phase1 SAs 391 Include certificates and keys 371 Inter Byte Gap 129 Interface 93 96 125 139 185 211 215 218 227 233 237 247 266 312 329 335 339 351 353 357 363 410 411 Interface Action 351 Interface Description 91 Interface Mode 133 Interfaces 245 Internal Timeserver 84 Interval 349 355 Intra cell Repeating 158 200 Invalid DNS Packets 332 IP Accounting 378 IP accounting message format 379 IP Address 227 327 342 357 376 386 398 400 409 410 IP Address Assignment 271 Funkwerk Enterprise Communications GmbH IP Address Mode 257 261 298 IP Address Range 185 339 IP address to use for DNS WINS server assignment 325 IP Address Netmask 133 IP Assignment Pool 271 IP Assignment Pool IPCP 298 IP Compression 284 IP Pool Name 265 288 IP Pool Range 265 288 IPSec Phase2 393 IPSec Phase2 SAs 391 IPSec Debug Level 289 IPSec Tunnels 393 K Key Value 304 L Language for login window 363 Last Member Query Interval 237 Last Write Result 357 Layer 4 Protocol 212 LCP Alive Check 258 262 299 LDAP URL Path 123 Lease Time 340 Level 376 389 Licence Key 88 Licence Serial Number 88 Lifetime 275 282 Local Certificate 275 333 Local Certificate Description 120 121 Local GRE IP Address 304 Local Hostname 293 LocalID 391 Local ID Type 275 Local ID Value 275 Local IP Address 129 211 257 261 271 295 298
203. ec c ipsecd version 3 0 Copyright c 1996 2010 by Funkwerk Enterprise Communications GmbH 1 2004 03 02 09 44 13 Information IPSec 12 2004 1 03 02 09 44 13 information INET o iint running sshd pid 34 listening on 10 o D 0 port 22 3 2004 03 02 08 44 13 Eror TTY 14 2004 03 02 09 44 13 Information wic 15 2004 03 02 09 44 13 Information TR 069 F SoIP nos SolP configuration found exit initiating ACI OML packed variable 2 description i is 722 bytes long 16 12004 03 02 09 44 13 Information TR 069 XML unpacked variable description i is 4600 bytes long pr 2004 03 02 09 44 13 Information TR 069 _TROSO Tree consists of 24 objects in 3 levels 18 2004 03 02 og 44 12 Information Configuration system wi1040n started atT Tue Mar 2 9 441 12 2004 _ 19 2004 03 02 094410 Information Configuration boot configuration loaded Page 1 tems 1 ng Fig 169 Monitoring gt Internal Log gt System Messages Values in the list System Messages Field Description No Displays the serial number of the system message Date Displays the date of the record Time Displays the time of the record Level Displays the hierarchy level of the message Subsystem Displays which subsystem of the device generated the mes sage Message Displays the message text 21 2 IPSec 21 2 1 IPSec Tunnels In th
204. ecessary enter the interface to be used for this route Network Type Not for Route Type Standard Route Also select the network type Possible values e Direct default value e in the LAN You define another IP address for the interface Field Description e in the WAN You define a route without a transit network e Indirect e in the LAN You define a gateway route e in the WAN You define a route with a transit network Local IP Address Only for Network Type Direct Enter the IP address of the gateway to which your device is to forward the IP packets Gateway Only for Network Type Indirect Enter the IP address of the host to which your device is to for ward the IP packets Metric Select the priority of the route The lower the value the higher the priority of the route Value range from 0 to 15 The default value is 7 Fields in the IP Routes Extended Route Parameters menu Field Description Source Interface Select the interface over which the data packets are to reach the device The default value is None Source IP Address Net Enter the IP address and netmask of the source host or source mask network Layer 4 Protocol Select a protocol Possible values ICMP TCP UDP GRE ESP AH OSPF L2TP Any The default value is Any Source Port Only if Layer 4 Protocol TCP or UDP Enter the source port bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 14
205. ect the country in which the wireless controller is to be operated Note The range of channels that can be used varies depending on the country setting Interface Select the interface to be used for the wireless controller DHCP Server Select whether an external DHCP server shall assign IP addresses to the APs or if your device should be used as the DHCP server For an internal DHCP server CAPWAP option 138 is enabled in order to allow communication between the master and slaves Note Make sure that option 138 is enabled when using an external DHCP server If for example you want to use a bintec gateway as a DHCP server click on the Add but ton in the DHCP Options field in the FCI menu of the device under Local Services gt DH CP Server gt DHCP Pool gt New gt Advanced Settings In Option select CAPWAP Con troller and enter the IP address of the WLAN controller in the Value field IP Address Range If the IP addresses are to be assigned internally you must enter the start and end IP ad dress of the desired range Note If you click on Continue a warning appears which informs you that continuing will overwrite the wireless LAN controller configuration Clicking on OK means that you agree with this and wish to continue with the configuration 13 1 2 Wireless Radio Profiles Select which frequency band your WLAN controller shall use Ifthe 2 4 GHz Radio Profile is set then the 2 4 GHz frequency band is used Ifthe 5
206. ed operation of the product Trademarks funkwerk trademarks and the funkwerk logo bintec trademarks and the bintec logo artem trademarks and the artem logo elmeg trademarks and the elmeg logo are registered trademarks of Funkwerk En terprise Communications GmbH Company and product names mentioned are usually trademarks of the companies or manufacturers concerned Copyright All rights reserved No part of this manual may be reproduced or further processed in any way without the written consent of Funkwerk Enterprise Communications GmbH The documentation may not be processed and in particular translated without the consent of Funkwerk Enterprise Communications GmbH You will find information on guidelines and standards in the declarations of conformity under www funkwerk ec com How to reach Funkwerk Enterprise Communications GmbH Funkwerk Enterprise Communications GmbH Stidwestpark 94 D 90449 Nuremberg Germany Phone 49 911 9673 0 Fax 49 911 688 07 25 Funkwerk Enterprise Communications France S A S 6 8 Avenue de la Grande Lande F 33174 Gradignan France Phone 33 5 57 35 63 00 Fax 33 5 56 89 14 05 Internet www funkwerk ec com Table of Contents Chapter 1 INtPOGUCHION wae eae eb eG ee ee HE ee 1 Chapter 2 About this guide 0 o e 3 Chapter 3 Installation o o o o ee 6 3 1 Setting Up and connecting a a a 6 3 2 Cleaning 2 se eke e a a ee Pe as 12 3 3 Supportinforma
207. eing extended These extensions are made available to you by Funkwerk Enterprise Communications GmbH free of charge Checking for new software versions and the installation of updates can be carried out eas ily with the Funkwerk Configuration Interface An existing internet connection is needed for an automatic update Proceed as follows 1 Inthe Maintenance gt menu select Software amp Configuration 2 Under Action select Update System Software and under Source Latest Software from Funkwerk Server 3 Then click on GO sata Language Engish 4 Standard Logout Qurrertty instaled Sonware Boss V 7 9 Rev 6 IPSec from 2010 08 06 00 00 00 Syatem Logic 13 Software and Configuration Options action Update systam software Source Location Current Sofware trom Funkwerk Server s The device will now connect to the Funkwerk Enterprise Communications GmbH download server and check whether an updated version of the system software is available If so bintec WLAN and Industrial WLAN your device will be updated automatically When installation of the new software is com plete you will be invited to restart the device A Caution Once you have clicked on GO the update cannot be cancelled interrupted If an error occurs during the update do not re start the device and contact support bintec WLAN and Industrial WLAN 5 Reset Funkwerk Enterprise Communications GmbH Chapter 5 Reset If the config
208. eld Description IPSec Tunnels Shows the IPSec licenses currently in use In use and the maximum number of licenses usable Maximum Field in the IPSec Statistics Peers menu Field Description Status Displays the number of IPSec tunnels by their current status e Active Currently active IPSec tunnels e Enable IPSec tunnels currently in the tunnel setup phase Blocked IPSec tunnels that are blocked e Dormant Currently inactive IPSec tunnels e Configured Configured IPSec tunnels Field in the IPSec Statistics SAs menu Field Description IKE Phase1 Shows the number of active phase 1 SAs Established from the total number of phase 1 SAs Total IPSec Phase2 Shows the number of active phase 2 SAs Established from bintec WLAN and Industrial WLAN Field Description the total number of phase 2 SAs Total Field in the IPSec Statistics Packet Statistics menu Field Description Total Shows the number of all processed incoming Incoming or outgoing Outgoing packets Passed Shows the number of incoming Incoming or outgoing Outgo ing packets forwarded in plain text Dropped Shows the number of rejected incoming Incoming or outgoing Outgoing packets Encrypted Shows the number of IPSec protected incoming Incoming or outgoing Outgoing packets Errors Shows the number of incoming Incoming or outgoing Outgo ing packets for which the processing led to errors 21 3 Interfaces 21 3
209. elect the interface on your device to which the selected multic ast group is to be forwarded 14 5 2 IGMP IGMP Internet Group Management Protocol see RFC 3376 is used to signal the informa tion about group membership in a subnet As a result only the packets explicitly wanted by a host enter the subnet Special mechanisms ensure that the requirements of the individual clients are taken into consideration At the moment there are three versions of IGMP V1 V3 most current sys tems use V3 and less often V2 Two packet types play a central role in IGMP queries and reports Queries are only transmitted from a router If several IGMP routers exist in a network the router with the lowest IP address is the querier We differentiate here between a general query sent to 224 0 0 1 a group specific query sent to a group address and the group and source specific query sent to a specific group address Reports are only sent by hosts to respond to queries In this menu you configure the interfaces on which IGMP is to be enabled 14 5 2 1 New Choose the New button to configure IGMP on other interfaces WI1040n 20 Language English View Standard Online Help Logout wil040n Y g IGMP Settings Interface None Query Interval 125 Seconds inu Responseirinie fia Seconds Robustness 123 Last Member bis iail Ma EO i ieee IOMP State Lint
210. eless module Tx Packets Shows the total number of packets sent for the data rate shown in mbps Rx Packets Shows the total number of packets received for the data rate shown in mbps bintec WLAN and Industrial WLAN You can choose the Advanced button to go to an overview of more details Online Help Save configuration d WLANI VSS WDS Bridge Links Client Links Phusiealinterfaces ES automatic Retrech interval 300 Seconds Apply Description Unicast MSDUs transmitted successfully Multicast MSDUs transmitted successfully Transmitted MPDUS 1 2 la ed 4 Multicast MSDUs received successfully 5 6 7 8 3 Unicast MPDUs received successfully MSDUs that could not be transmitted Frame transmissions without ACK received Duplicate received MSDUS Mainten e n 19 CTS frames received in response to an RTS 10 Received MPDUs that couldn t be decrypted pon o E 111 RTS frames with no CTS received 12 Corrupt Frames Received oooooooooo0 o0o Internal Log IPSec le Bak Interfaces wan Bridges HotSpot Gateway 00S Fig 175 Monitoring gt WLAN gt WLAN1 gt Advancedmenu Values in the list Advanced Field Description Displays the serial number of the list entry Description Displays the description of the displayed value Value Displays the statistical value Meaning of the list entries Description Meaning Unicast MSDUs trans Displays the number of MSDUs succ
211. emporal Key Integrity Protocol e AES Advanced Encryption Standard O AS cuna ML Both encryption methods are rated as secure with AES offering better performance 12 1 4 2 Client Link Scan After the desired Client Links have been configured the en icon is shown in the list You use this icon to open the Scan menu bintec WLAN and Industrial WLAN Online Help Logout FEMI Radio Settings Client Link nr Client Link Description sta1 0 1 Action a Scan wan AP MAC Address Network Name SSID Channel Mode Signal Connected Action Administration 00 a0 19 0c 4e 47 waltic_791p2 6 Access Point WPA PSK 34 dem O Select Wireless LAN Controller 020f833a an50 bla 3 Access Point WPA and WPA 2 PSK 34 dim Select Rowing o o o 02 6f83 3a c5 b8 blat 2 Access Point WPA and WPA2PSK 30 dim Select AN aee S E PE er a E AA Montera a Fig 67 Wireless LAN gt WLAN gt Client Link gt Scan After successful scanning a selection of potential scan partners is displayed in the scan list In the Action column click Select to connect the local clients with this client If the partners are connected with one another the icon appears in the Connected column The icon appears in the Connected column if the connection is active The Wireless LAN gt WLAN gt Client Link gt Scan menu consists of the following fields Fields in the Client Link Scan menu Field Description Client Link
212. ent Recipient wireless AN gy Matching String Wildcards allowed Wireless LAN Controller o gt ieee e w SI 22200 Tineo ED VPN Number or Messages 1 gt IE Message Compression HEnable A o AA noname Ti Subsystem ESE add Syslog IP Accounting 7 Alert 4 OK pi Cancel a g a 7 Activity Monitor Fig 165 External Reporting gt E mail Alert gt E mail Alert Recipient The External Reporting gt E mail Alert gt E mail Alert Recipient menu consists of the following fields Fields in the E mail Alert Receiver Add Edit E mail Alert Recipient menu Field Description Recipient Enter the E mail address of the recipient The entry is limited to 40 characters Matching String You must enter a Matching String This must occur in a syslog message as a necessary condition for triggering an alert The entry is limited to 55 characters Bear in mind that without the use of wildcards e g only those strings that correspond exactly to the entry fulfil the condition The Matching String bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 20 External Reporting Field Description entered therefore usually contains wildcards To be informed of all syslog messages of the selected level just enter Severity Select the severity at which the string configured in the Match ing String field must occur to trigger an E mail alert Possi
213. er Rules gt New The Firewall gt Policies gt Filter Rules gt New menu consists of the following fields Fields in the Policies Basic Parameters menu Field Description Source Select one of the preconfigured aliases for the source of the packet The list includes all WAN LAN interfaces interface groups see Firewall gt Interfaces gt Groups addresses see Firewall gt Addresses gt Address List and address groups see Firewall gt Addresses gt Groups for selection The value Any means that neither the source interface nor the source address is checked Destination Select one of the preconfigured aliases for the destination of the packet The list includes all WAN LAN interfaces interface groups see Firewall gt Interfaces gt Groups addresses see Firewall gt Addresses gt Address List and address groups see Firewall gt Addresses gt Groups for selection bintec WLAN and Industrial WLAN 17 Firewall Funkwerk Enterprise Communications GmbH Field Description The value Any means that neither the destination interface nor the destination address is checked Service Select one of the preconfigured services to which the packet to be filtered must be assigned The extensive range of services configured ex works includes the following FTP TELNET e SMTP DNS HTTP e NNTP O Imeeraeic e Netmeeting Other services are set up in Firewall gt Services gt Ser
214. er being sent to help you save costs Block after Connection Failure You use this function to set up a waiting time for outgoing connection attempts after which your device s connection attempt is regarded as having failed Authentication When a call is received on ISDN connections the calling party number is always sent over the ISDN D channel This number enables your device to identify the caller CLID provided the caller is entered on your device After identification with CLID your device can additionally carry out PPP authentication with the connection partner before it accepts the call Your device needs the necessary data for this which you should enter here for all PPP connections Establish the type of authentication process that should be performed then enter a common password and two codes You get this information for example from your Internet Service Provider ISP or the system administrator at your head office If the data you entered on your device is the same as the caller s data the call is accepted The call is rejected if the data is not the same 15 1 1 PPPoE In the WAN gt Internet Dialup gt PPPoE menu a list of all PPPoE interfaces is shown PPP over Ethernet PPPoE is the use of the Point to Point Protocol PPP network pro tocol over an Ethernet connection Today PPPoE is used for ADSL connections in Ger many In Austria the Point To Point Tunnelling Protocol PPTP was originally used for
215. er the key for this WDS link in Preshared Key e WPA 2 Data traffic on this WDS link is encrypted with WPA Enter the key for this WDS link in Preshared Key Transmit Key Only if Privacy WE P40 WEP104 Select one of the keys configured in WEP Key lt 1 4 gt as the default key The default value is Key 1 WEP Key 1 4 Only if Privacy WEP40 WEP104 Enter the WEP key There are two ways of entering a WEP key e Direct entry in hexadecimal form If the entry starts with 0x the generator is deactivated Enter a hexadecimal string with exactly the right number of charac ters for the selected WEP mode 10 characters for WEP40 or 26 characters for WEP104 e g WEP40 0xA0B23574C5 WEP104 0x81DC9BDB52D04DC20036DBD831 e Direct entry of ASCII characters Enter a character string with the right number of characters for the selected WEP mode For WEP40 you need a string of 5 characters WEP104 13 characters For example helio for WEP40 funkwerk wep1 for WEP104 Preshared Key Only if Privacy WPA WPA 2 Enter the WPA password Enter an ASCII string with 8 63 characters Fields in the Remote Partner menu Field Description Remote MAC Address Enter the MAC address of the WDS partner 12 1 4 Client Link If you operate your device in access client mode Wireless LAN gt WLAN gt Radio Set tings gt g gt Operation Mode Access Client you can edit the available Client Links in the Wireless LAN gt WLANx g
216. er to RFC 3489 14 2 2 1 New Choose the New button to set up NAT pra aE E WI1040n A Language English_ View Standard v Online Help Logout 4 pees Save configuration 1 NAT Interta rfaces NAT Configuration ADA OS ee as erf Basic Parameters Description ji A ay x A Tyne oftratic incoming Destination NAT i i Specity orginal tratfic i service User defined x k Load Balancing Brate Any Tel C Mutticast OOOO O Source IP AddressiNetmask Any v g Source PortiRange Ear A to Destination P Address Netmask lay el E P i Destination PortRange AF yin of L DES F TENE Maintenance v New Destination IP Address Netmask Host pooo E A New Destination Port o a origina EZ 3553 eiii CC ok JC cancel Fig 93 Routing gt NAT gt NAT Configuration gt New The Routing gt NAT gt NAT Configuration gt New menu consists of the following fields Fields in the NAT Configuration Basic Parameters menu Field Description Description Enter a description for the NAT Configuration Interface Select the interface for which NAT is to be configured bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 14 Routing Field Description Type of traffic Select the type of data traffic for which NAT is to be configured Possible val
217. erates according to either 802 11b or 802 11g Only a data rate of 1 and 2 mbps needs to be sup ported by all clients basic rates This mode is also needed for Centrino clients if connection problems occur 802 11 mixed short b g Your device adapts to the client technology and operates according to either 802 11b or 802 11g The following applies for mixed short The data rates 5 5 and 11 mbps must be supported by all clients basic rates 802 11 b g n Your device operates according to either 802 11b 802 11g or 802 11n 802 11 ofe Your device operates according to either 802 11g or 802 11n 802 11 n Your device operates only according to 802 11n In Operation Mode Access Client with Client Mode Ad Hoc additional options are available for Operation Band 5 GHz Indoor 5 GHz Outdoor 5 GHz In Outdoor 5 8 GHz Outdoor Possible values 802 11a The device operates only in accordance with 802 11a 802 11n Your device operates only according to 802 11n 802 11 a n Your device operates according to either 802 11a or 802 11n 802 11a b g n read only Only in Operation Mode Ac cess Client with Client Mode Infrastructure Max Transmission Rate Select the transmission speed Possible values Auto default value The transmission speed is determined 12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description automatically e lt Value gt Depending on the setting for Operation Band Ba
218. ered with the current system time This is given as GMT without offset The function is disabled by default Time requests from a client are not answered 9 2 4 System Licences This chapter describes how to activate the functions of the software licences you have pur chased Funkwerk Enterprise Communications GmbH 9 System Management The following licence types exist e Licences already available in the device s ex works state e Free extra licences e Extra licences at additional cost The data sheet for your device tells you which licences are available in the device s ex works state and which can also be obtained free of charge or at additional cost You can access this data sheet at www funkwerk ec com You can obtain the licence data for extra licences via the online licensing pages in the sup port section at www funkwerk ec com Please follow the online licensing instructions Please also note the information on the licence card for licences at additional cost You will then receive an e mail containing the following data e License Key and e Licence Serial Number You enter this data in the System Management gt Global Settings gt System Licenses gt New menu In the System Management gt Global Settings gt System Licenses menu a list of all re gistered licenses is shown Description License Type License Serial Number Status Possible values for Status Licence Meaning OK Subsystem is activated
219. ers Possible values e Ali default value The destination port is not specified e Specify port Enter a destination port e Specify port range Enter a destination port range Source IP Address Net Enter the source IP address of the data packets and the corres mask ponding netmask Only if Protocol tcp or udp Source Port Range Enter a source port number or a range of source port numbers Possible values e Ali default value The destination port is not specified e Specify port Enter a destination port e Specify port range Enter a destination port range DSCP TOS filter Layer Specify how the priority of the IP packets is signalled 3 Possible values e Ignore default value No priority signalling is used e DSCP Binary Value Differentiated Services Code Point is Field Description used to signal the priority of IP packets indicated in binary format currently not implemented e DSCP Decimal Value Differentiated Services Code Point is used to signal the priority of IP packets indicated in decim al format possible values 0 to 63 currently not implemented e TOS Binary Value Type of Service is used to signal the priority of IP packets indicated in binary format e TOS Decimal Value Type of Service is used to signal the priority of IP packets indicated in decimal format possible values 0 to 255 COS filter 802 1p Layer Enter the service class of the IP packets Class of servic
220. erver Enter the IP address of the first and if necessary alternative i global Windows Internet Name Server WINS or NetBIOS Primary Name Server NBNS Secondary The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Positive Cache Select whether the positive dynamic cache is to be activated e successfully resolved names and IP addresses are to be stored in the cache The function is activated by choosing Enabled The function is enabled by default Negative Cache Select whether the negative dynamic cache is to be activated i e whether queried names for which a DNS server has sent a negative response are stored as negative entries in the cache The function is activated by choosing Enabled The function is enabled by default Cache Size Enter the maximum total number of static and dynamic entries Once this value is reached the dynamic entry not requested for the longest period of time is deleted when a new entry is added If the Cache Size is reduced by the user dynamic entries are deleted if necessary Static entries are not deleted Cache Size cannot be set to smaller than the current number of static entries Possible values 0 1000 The default value is 100 Maximum TTL for Posit Enter the value to which the TTL is to be set for a positive dy ive Cache Entries namic DNS entry in the cache if its TTL 0 is or its TTL exceeds the value for M
221. ery In Define the time after a query for which the router waits for an terval answer If you shorten the interval it will be more quickly detected that the last member has left a group so that no more packets for this group should be forwarded to this interface Possible values are 0 to 255 The default value is 10 IGMP State Limit Limit the number of reports queries per second for the selected interface Mode Specify whether the interface defined here only works in host mode or in both host mode and routing mode Possible values e Host and Routing default value The interface is oper ated in routing mode and in host mode e Host only The interface is only operated in host mode IGMP Proxy IGMP Proxy enables you to simulate several locally connected interfaces as a subnet to an adjacent router Queries coming in to the IGMP Proxy interface are forwarded to the local subnets Local reports are forwarded on the IPGM Proxy interface bintec WI3040 bintec WI3040 Multicast Receiver paje Q O Q IGMP Proxy Interface Multicast Receiver Fig 102 IGMP Proxy The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description IGMP Proxy Select whether your device is to forward the hosts IGMP mes sages in the subnet via its defined Proxy Interface Proxy Interface Select the interface on your device via which queries are to be received and collected 14 5 3
222. ess server your device The maximum length of the entry is 32 characters Priority Assign a priority to the current TACACS server The server with the lowest value is the one used first for TACACS login authentication If this does not respond or access is denied only if Policy Non authoritative the entry with the bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 9 System Management Field Description next highest priority is used The available values are 0 to 9 the default value is 0 Entry active Select whether this server is to be used for login authentication The function is activated by choosing Enabled The function is enabled by default The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Policy Select the interpretation of the TACACS response Possible values e Non authoritative default value The TACACS serv ers are queried in order of their priority see Priority until a positive response is received or a negative response is re ceived from an authoritative server e Authoritative A negative response to a request is ac cepted i e a request is not sent to another TACACS server The device s internal user administration is is not turned off by TACACS It is checked after all TACACS servers have been queried TCP Port Shows the default TCP port 49 used for the TACACS pro tocol The value cann
223. essfully sent to unicast ad mitted successfully dresses since the last reset An acknowledgement was received for each of these packets Multicast MSDUs trans Displays the number of MSDUs successfully sent to multicast mitted successfully addresses including the broadcast MAC address Transmitted MPDUs Displays the number of MPDUs received successfully Multicast MSDUs re Displays the number of successfully received MSDUs that were ceived successfully sent with a multicast address Unicast MPDUs re Displays the number of successfully received MSDUs that were ceived successfully sent with a unicast address MSDUs that could not Displays the number of MSDUs that could not be sent bintec WLAN and Industrial WLAN Description Meaning be transmitted Frame transmissions Displays the number of sent frames which which an acknow without ACK received ledgement frame was not received Duplicate received MS Displays the number of MSDUs received in duplicate DUs CTS frames received in Displays the number of received CTS clear to send frames response to an RTS that were received as a response to RTS request to send Received MPDUs that Displays the number of received MSDUs that could not be en couldn t be decrypted crypted One reason for this could be that a suitable key was not entered RTS frames with no CTS Displays the number of RTS frames for which no CTS was re received ceived Corrupt Frames Re Displays the number
224. eted successfully and be fore IKE Phase 2 begins If XAuth is used together with IKE Config Mode the transactions for XAuth are carried out before the transactions for IKE Config Mode 16 1 4 1 New Choose the New button to set up new profiles WI1040n Language English View Standard Online Help wil040n IPSec Peers I Phase 1 Profiles I Phase 2 Profiles XAUTH Profiles IP Pools Options AE Basic Parameters Description Eo ST Roe Sever z m Mode radius Y RADIUS Server Group ID No Radius Server configured for XAUTH F A 4 oK Cancel __ Fig 117 VPN gt IPSec gt XAUTH Profiles gt New The VPN gt IPSec gt XAUTH Profiles gt New menu consists of the following fields Fields in the XAUTH Profiles Basic Parameters menu bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 16 VPN Field Description Description Enter a description for this XAuth profile Role Select the role of the gateway for XAuth authentication Possible values e Server default value The gateway requires a proof of au thorisation e Client The gateway provides proof of authorisation Mode Only if Role Server Select how authentication is carried out Possible values RADIUS default value Authentication is carried out via a Ra dius server This is configured in the System Management
225. ether to terminal 2 and the plus poles must be connected separately to terminals 1 and 3 Fig 22 3 pole connector for the power supply The pin assignment is as follows bintec WLAN and Industrial WLAN Pin assignment of the connector for the power supply Pin Configuration 2 6 7 Frequencies and channels Different certification regulations apply around the world ETSI standards generally apply predominantly used in Europe For operation in Europe please read the notes in the R amp TTE Compliance Information bintec WLAN and Industrial WLAN 6 8 WEEE information z E z z z z z A E z z Z The waste container symbol with the X through it on the device indicates that the device must be disposed of separately from normal domestic waste at an appropriate waste disposal facility at the end of its useful service life Das auf dem Ger t befindliche Symbol mit dem durchgekreuzten M llcontainer bedeutet dass das Ger t am Ende der Nutzungsdauer bei den hierf r vorgesehenen Entsorgungsstellen getrennt vom normalen Hausm ll zu entsorgen ist Le symbole se trouvant sur l appareil et qui repr sente un conteneur ordures barr signifie que l appareil une fois que sa dur e d utilisation a expir doit tre limin dans des poubelles sp cia les pr vues cet effet de mani re s par e des ordures m nag res courantes Il simbolo raffigurante il bidone della spazzatura barrato riportato sull a
226. ettings menu consists of the following fields Fields in the menu Advanced Settings Field Description Local IP Address Enter the IP address to be used as the source address for all L2TP connections based on this profile If this field is left empty your device uses the IP address of the interface used to reach Remote IP Address by the L2TP tun nel Hello Interval Enter the interval in seconds between the sending of two L2TP HELLO messages These messages are used to keep the tun nel open The available values are 0 to 255 the default value is 30 The value 0 means that no L2TP HELLO messages are sent Minimum Time between Enter the minimum time in seconds that your device waits be Retries fore resending a L2TP control packet for which it received no re sponse The wait time is dynamically extended until it reaches the Max imum Time between Retries The available values are 1 to 255 the default value is 7 Maximum Time between Enter the maximum time in seconds that your device waits be Retries fore resending a L2TP control packet for which it received no re sponse The available values are 8 to 255 the default value is 1 6 Maximum Retries Enter the maximum number of times your device is to try to re send the L2TP control packet for which is received no response Field Description The available values are 8 to 255 the default value is 5 Data Packets Sequence Select whether your device is to use sequence
227. eue Select the queue priority type Possible values e Class Based default value Queue for data classified as normal e High Priority Queue for data classified as high priority e Default Queue for data that has not been classified or data of a class for which no specific queue has been configured Class ID Only if Priority Queue Class based Select the QoS packet class to which this queue is to apply To do this at least one class ID must be given in the Routing gt QoS gt QoS Classification menu Priority Only if Priority Queue Class based Choose the priority of the queue Possible values are 1 to 254 The default value is 1 Funkwerk Enterprise Communications GmbH 14 Routing Field Description Weight Only if Priorisation algorithm Weighted Round Robin or Weighted Fair Queueing Choose the weight of the queue Possible values are 1 to 254 The default value is 1 RTT Mode Realtime Active or deactivate the real time transmission of the data Traffic Mode The function is activated with Enabled The function is disabled by default RTT Mode should be activated for QoS classes in which real time data has priority This mode improves latency when for warding real time datagrams It is possible to configure multiple queues when RTT Mode is enabled Queues with enabled RTT mode must always have a higher priority than queues with disabled RTT Mode Traffic Shaping Activate or deactivate data r
228. ew 20 perpage LI Fiterin L oK C Cancel Funkwerk Discovery HotSpot Gateway Fig 136 Local Services gt DNS gt Cache You can select individual entries using the checkbox in the corresponding line or select them all using the Select All button A dynamic entry can be converted to a static entry by marking the entry and confirming with Set to Static This entry then disappears from the list and is included in the list in the Stat ic Hosts menu The TTL is transferred in this operation bintec WLAN and Industrial WLAN 18 1 5 Statistics WI1040n E Language English Online Help Logout E m Global Settings static Hosts Domain Forwarding Cache Statistics Automatic Refresh Interval 60 Seconds Apply p DNS Statistics Received DNS Packets Invalid DNS Packets DNS Requests Cache Hits Forwarded Requests Cache Hitrate Successfully Answered Queries e e oje ojo olo Server Failures DynDNS Client D Surveillance mkwerk Discovery Fig 137 Local Services gt DNS gt Statistics In the menu Local Services gt DNS gt Statistics the following statistical values are shown Fields in the Statistics DNS Statistics menu Field Description Received DNS Packets Shows the number of received DNS packets addressed direct to your device including the response packets for forwarded re quests Invalid DNS Packets
229. ew button to set up further pings wit040n Hosts Interfaces Temperature Ping Generator Basic Parameters Destination IP Address p 1 Source IP Address Specific xf pS REA Interval 10 Seconds oK JC Cancel _ DHCP Server Scheduling E Surveillance ed M E Fig 149 Local Services gt Surveillance gt Ping Generator gt New The Local Services gt Surveillance gt Ping Generator gt New menu consists of the fol lowing fields bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 18 Local Services Fields in the Ping Generator Basic Parameters menu Field Description Destination IP Address Enter the IP address to which the ping is automatically sent Source IP Address Enter the source IP address of the outgoing ICMP echo request packets Possible values e Automatic The IP address is determined automatically e Specific default value Enter the IP address in the adja cent input field e g to test a particular extended route Interval Enter the interval is seconds during which the ping is to be sent to the target IPaddress specified in Target IP Address Possible values are 1 to 65536 The default value is 10 18 7 Funkwerk Discovery 18 71 Device Discovery The funkwerk Discovery protocol is used to identify and configure bintec access points that are in the same wired network as
230. face of the Internet Ser vice Provider User Name Enter the user name as registered with the DynDNS provider bintec WLAN and Industrial WLAN 18 Local Services Funkwerk Enterprise Communications GmbH Field Description Password Enter the password as registered with the DynDNS provider Provider Select the DynDNS provider with which the above data is re gistered A choice of DynDNS providers is already available in the uncon figured state and their protocols are supported Other DynDNS providers can be configured in the Local Ser vices gt DynDNS Client gt DynDNS Providers menu The default value is DynDNS Enable update Select whether the DynDNS entry configured here is to be activ ated The function is activated by choosing Enabled The function is disabled by default The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Mail Exchanger MX Enter the full host name of a mail server to which e mails are to be forwarded if the host currently configured is not to receive mail Ask your provider about this forwarding service and make sure e mails can be received from the host entered as MX Wildcard Select whether the forwarding of all subdomains of the Host Name are to be enabled for the current IP address of the Inter face advanced name resolution The function is activated by choosing Enabled The function is disabled by default 18
231. fault profile 16 1 2 1 New Choose the New button to set up new profiles bintec WLAN and Industrial WLAN e S Language English_v L Save configuration IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Bhysicalinterfacesl T Phase KE Parameters MAN Description PSK Multiproposal O oa Encryption Authentication Enabled Wireless LAN Controllata AES MD5 Routing FA o Proposals AES F Ms IE AES MD5 MO IPSec DH Group O 1 768 Bit 2 1024 Bit O 5 1536 Bit L2TP ie a a EE a pienam Lifetime 14400 Seconds 0 hayes 1 A Authentication Method Preshared Keys Local Services Y Mode O Main Mode 1D Protect Aggressive Ci strict MAIS cl Local ID Type Fully Qualified Domain Name FQDN Y ae z Local ID Value wi1040n l Advanced Settings Alive Check _Autodetect A Block Time 30 Seconds NAT Traversal Menablea oK E Cancel Fig 114 VPN gt IPSec gt Phase 1 Profiles gt New The VPN gt IPSec gt Phase 1 Profiles gt New menu consists of the following fields Fields in the Phase 1 Profiles Phase 1 IKE Parameters menu Field Description Description Enter a description that uniquely defines the type of rule Proposals In this field you can select any combination of encryption and message hash algorithms for IKE phase 1 on your device The combination of six encryption algorithms and four message hash algorithms give
232. fic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 300 Fields in the Users IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Static default value You enter a static IP address e Provide IP Address Only for Connection Type LNS Funkwerk Enterprise Communications GmbH 16 VPN Field Description Your device dynamically assigns an IP address to the remote terminal e Get IP Address Only for Connection Type LAC Your device is dynamically assigned an IP address Default Route Only if IP Address Mode Get IP Address and Static Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is disabled by default Create NAT Policy Only if IP Address Mode Get IP Address and Static Specify whether Network Address Translation NAT is to be ac tivated for this connection The function is activated with Enabled The function is disabled by default IP Assignment Pool Only if IP Address Mode Provide IP Address IPCP Select an IP pool configured in the WAN gt Internet Dialup gt IP Pools menu Local IP Address Only for IP Address Mode Static Enter the WAN IP address of your device
233. fields Fields in the Options Basic Parameters menu Field Description Monitored Interfaces Select the type of information to be sent in the UDP packets to the Windows application Possible values bintec WLAN and Industrial WLAN Field Description e None default value Deactivates the sending of information to the Activity Monitor e Physical Only information about the physical interfaces is sent e Physical WAN VPN Information about physical and virtual interfaces is sent Send information to Select where your device sends the UDP packets Possible values e All IP Addresses broadcast default value The de fault value 255 255 255 255 means that the broadcast ad dress of the first LAN interface is used e Single Host The UDP packets are sent to the IP address entered in the adjacent input field Update Interval Enter the update interval in seconds Possible values are 0 to 60 The default value is 5 UDP Destination Port Enter the port number for the Windows application Activity Monitor The default value is 2107 registered by IANA Internet As signed Numbers Authority Password Enter the password for the Activity Monitor bintec WLAN and Industrial WLAN Chapter 21 Monitoring This menu contains information that enable you to locate problems in your network and monitor activities e g at your device s WAN interface 21 1 Internal Log 21 1 1 System Messages In the Monitoring g
234. figuration enter exit and press Return 73 Configuration options This chapter first offers an overview of the various tools you can use for configuration of your device You can configure your device in the following ways e Funkwerk Configuration Interface e Assistant SNMP shell commands a Note The detailed help system of the Assistant will help you to clarify any questions you may have Therefore the wizard will not be discussed in any greater detail in this docu ment bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 7 Access and configuration The configuration options available to you depend on the type of connection to your device Types of connections and configurations Type of connection Possible types of configuration LAN Assistant Funkwerk Configuration Interface shell commands Serial connection Shell command Therefore several types of configuration are available for each type of connection ES Note To change the device configuration you must log in with the user name admin If you do not know the password you cannot make any configuration settings This applies to all types of configuration 7 3 1 Funkwerk Configuration Interface for advanced users Funkwerk Configuration Interface is a web based graphic user surface that you can use from any PC with an up to date Web browser via an HTTP or HTTPS connection With the Funkwerk Configuration Interface you can perform
235. funkwerk enterprise communications Manual bintec WLAN and Industrial WLAN Reference Copyright Version 9 0 2010 Funkwerk Enterprise Communications GmbH bintec WLAN and Industrial WLAN 1 Manual Funkwerk Enterprise Communications GmbH Legal Notice Aim and purpose This document is part of the user manual for the installation and configuration of funkwerk devices For the latest information and notes on the current software release please also read our release notes particularly if you are updating your software to a higher release version You will find the latest release notes under www funkwerk ec com Liability This manual has been put together with the greatest possible care However the information con tained in this manual is not a guarantee of the properties of your product Funkwerk Enterprise Com munications GmbH is only liable within the terms of its conditions of sale and supply and accepts no li ability for technical inaccuracies and or omissions The information in this manual can be changed without notice You will find additional information and also release notes for funkwerk devices under www funkwerk ec com Funkwerk devices make WAN connections as a possible function of the system configuration You must monitor the product in order to avoid unwanted charges Funkwerk Enterprise Communications GmbH accepts no responsibility for data loss unwanted connection costs and damage caused by un intend
236. fy mechanisms for the protection and authentication of IP packets IPSec offers mechanisms for encrypting and decrypting the data transferred in the IP packets The IPSec implementation can also be smoothly integrated in a Public Key Infrastructure PKI see Certificates on page 112 The funkwerk IPSec implementation achieves this firstly by using the Authentication Header AH protocol and Encapsulated Security Payload ESP protocol and secondly through the use of cryptographic key key administration mechanisms like the Internet Key Ex change IKE protocol 16 1 1 IPSec Peers An endpoint of a communication is defined as peer in a computer network Each peer of fers its services and uses the services of other peers In the VPN gt IPSec gt IPSec Peers menu a list of all configured IPSec peers is shown WI1040n w11040n Language English View Standard Online Help Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Peer Address fo D _ Phase t Profile Phase 2 Profile Status C new Fig 111 VPN gt IPSec gt IPSec Peers Peer Monitoring The menu for monitoring a peer is called by selecting the P button for the peer in the peer list See Values in the list IPSec Tunnels on page 391 16 1 1 1 New Choose the New button to set up more IPSec peers bintec WLAN and Industrial WLAN
237. gers that may cause physical injury or even death if not ob served gt gt io The following typographical elements are used to help you find and interpret the informa tion in this user s guide Typographical elements Typographical element Use Indicates lists Menu gt Submenu Indicates menus and sub menus File gt Open non proportional e g Indicates commands that you must enter as written Typographical element Use ping 192 168 1 254 bold e g Windows Indicates keys key combinations and Windows terms Start menu bold e g Licence Key Indicates fields italic e g none Indicates values that you enter or that can be configured Online blue and italic Indicates hyperlinks e g www funkwerk ec com bintec WLAN and Industrial WLAN 5 3 Installation Funkwerk Enterprise Communications GmbH Chapter 3 Installation Note Please read the safety notices carefully before installing and starting up your device These are supplied with the device Refer to chapter Technical data on page 28 3 1 Setting up and connecting Note All you need for this are the cables and antennas supplied with the equipment The device can be fitted with various antenna systems External screw on standard antennas can be used optional The access points of the outdoor version bintec WIx065n can be mounted on a mast or DIN rail indoor version only Optional theft protection is also available for the in
238. gur ation parameters by selecting the filter rule you want under Fil ter in x lt Option gt y and entering the search word in the input field Go starts the filter operation Configuration elements Some lists contain configuration elements You can therefore change the configuration of the correspond ing list entry directly in the list Automatic Refresh riteral60 Senet Apply Fig 29 Configuration of the update interval View 20 _ per page gt gt Fiter in None v equal leal Go Fig 30 Filter list Structure of the Funkwerk Configuration Interface configuration menu trial WLAN Funkwerk Enterprise Communications GmbH 7 Access and configuration The menus of the Funkwerk Configuration Interface contain the following basic struc tures Funkwerk Configuration Interface Menu architecture Basic configuration menu list Sub menu New Sub menu Es Menu Advanced Settings When you select a menu from the navigation bar the menu of basic parameters is displayed first In a sub menu containing several pages the menu containing the basic parameters is dis played on the first page The menu contains either a list of all the configured entries or the basic settings for the function concerned The New button is available in each menu in which a list of all the configured entries is displayed Click the button to display the configuration menu for creating a new list entry Click this button t
239. h Logging in for Configuration on page 56 7 1 1 3 SSH In addition to the unencrypted and potentially viewable Telnet session you can also con nect to your device via an SSH connection This is encrypted so all the remote mainten ance options can be carried out securely The following preconditions must be met in order to connect to the device via SSH e The encryption keys needed for the process must be available on the device e An SSH client must be installed on your PC Encryption keys First of all make sure that the keys for encrypting the connection are available on your bintec WLAN and Industrial WLAN device 1 Log in to one of the types already available on your device e g via Telnet for login see Logging in on page 55 2 Enter update i for the input prompt You are now in the Flash Management shell 3 Call up a list of all the files saved on the device 1s al If you see a display like the one below the keys needed are already there and you can connect to the device via SSH Flash Sh gt 1s al Flags Version Length Date Name Vr xpbc B 7 1 04 2994754 2004 09 02 14 11 48 box150_ srel ppc860 Vrw pl f 0 0 350 2004 09 07 10 44 14 sshd_host_rsa_key pub Vrw pl f 0 0 1011 2004 09 07 10 44 12 sshd_host_rsa_key Vrw pl f 0 0 01 730 2004 09 07 10 42 17 sshd host _dsa _key pub Vrw pl f 0 0 01 796 2004 09 07 10 42 16 sshd host_dsa_key Flash Sh gt dE Note The device generates a key pair for ea
240. h in dBm Signal to Noise Ratio in dB is an indicator of the quality of the wireless connection Values e gt 25 dB excellent bintec WLAN and Industrial WLAN Field Description e 15 25 dB good e 2 15 dB borderline e 0 2 dB bad Data Rate mbps Shows the current transmission rate of data received by this cli ent in mbps The following clock rates are possible IEEE 802 11b 11 5 5 2 and 1 mbit IEEE 802 11g a 54 48 36 24 18 12 9 6 mbit If the 5 GHz frequency band is used the display of 11 5 5 2 and 1 mbit is suppressed for IEEE 802 11b Rate Displays the possible data rates on this wireless module Tx Packets Shows the number of sent packets for the data rate Rx Packets Shows the number of received packets for the data rate 21 4 3 WDS In the Monitoring gt WLAN gt WDS menu the current values and activities of the con figured WDS links are shown Online Help Logout Automatic Refresh interval 300 Seconds Apply WDS Table WDS Description RemoteMAC UpTime TxPackets Rx Packets Signal dBm RSM RSSI2 RSSI3 Noise dBm Data Rate mbps wos1 0 00 00 00 00 00 00 Od 20h 22m Os 0 0 0 0 0 0 0 lo A wds1 1 00 00 00 00 00 00 Od 20h 21m 9s 0 0 0 0 0 0 0 lo al Internal Log IPSec Interfaces Fig 178 Monitoring gt WLAN gt WDS Values in the list WDS bintec WLAN and Industrial WLAN Field Description WDS Description Show
241. hapter explains how to reset your device to the ex works state This section contains a description of all the device s technical Technical data properties This includes explanations about the different access and con Access and configura figuration methods tion Assistants These chapters describe all configuration options of the Funk werk Configuration Interface The individual menus are de System management scribed in the order of navigation Physical Interfaces The individual chapters also contain more detailed explanations LAN on the subsystem in question Wireless LAN Wireless LAN Controller Routing WAN VPN Firewall 2 About this guide Funkwerk Enterprise Communications GmbH Chapter Description Local Services Maintenance External Reporting Monitoring The glossary contains a reference to the most important tech Glossary nical terms used in network technology The index lists all the key terms for operating the device and all Index the configuration options and gives page numbers so they can be found easily To help you locate information easily this user s guide uses the following visual aids List of visual aids Indicates practical information Indicates general and important points Indicates a warning of risk level Attention points out possible dangers that may cause damage to property if not observed Indicates a warning of risk level Warning points out possible dan
242. he Diffie Hellman key calculation modular exponentiation at 768 bits is used to create the en cryption material e 2 1024 Bit During the Diffie Hellman key calculation modular exponentiation at 1024 bits is used to create the en cryption material e 5 1536 Bit During the Diffie Hellman key calculation modular exponentiation at 1536 bits is used to create the en cryption material Lifetime Create a lifetime for phase 1 keys As for RFC 2407 the default value is eight hours which means the key must be renewed once eight hours have elapsed The following options are available for defining the lifetime Entry in Seconds Enter the lifetime for phase 1 key in seconds The value can be a whole number from 0 to 2147483647 The default value is 14400 Entry in KBytes Enter the lifetime for phase 1 keys as amount of data processed in kBytes The value can be a whole number from 0 to 2147483647 The default value is 0 The standard value as per RFC is used 0 seconds and 0 Kbytes are entered Authentication Method Select the authentication method Possible values e Preshared Keys default value If you do not use certific ates for the authentication you can select Preshared Keys These are configured during peer configuration in the IPSec Peers menu The preshared key is the shared password e DSA Signature Phase 1 key calculations are authenticated using the DSA algorithm 16 VPN Funkwerk Enterprise Communications
243. he follow ing options are available for each list entry e Use Select whether this entry should be assigned to the QoS interface The option is deactivated by default e Bandwidth Enter the maximum available bandwidth in Bps bintec WLAN and Industrial WLAN Field Description for the service specified under Services 0 is entered by de fault e Fixed Select whether the bandwidth defined in Bandwidth can be exceeded in the longer term By activating this field you specify that it cannot be exceeded If the option is deac tivated the bandwidth can be exceeded and the excess data rate is handled in accordance with the priority defined in the firewall policy The option is deactivated by default 17 1 3 Options In this menu you can disable or enable the firewall and can log its activities In addition you can define after how many seconds of inactivity a session shall be ended Save configuration Ya Filter Rules QoS Options Plysicaijuterfaces x Gs Frewat pone A Firewall Status Enabled Wireless LAN yy Logged Actions All Wireless LAN Controller T sesion Timer nP ad O UDP Inactivity 180 Seconds a PN TCP Inactivity 3600 Seconds qu PPTP Inactivity 86400 Seconds Policies F E P EATER IJ Other Inactivity 30 Seconds Interfaces x z Addresses Services OK a Cancel 1 BE a E z mE N yN I g S E gt Policies gt Options The Firewall gt Policies gt Option
244. he general value for Network Name SSID Any and do not know the SSID settings e Use the available encryption methods To do this select Security Mode WEP 40 WEP 104 WPA PSK or WPA Enterprise or both and enter the relevant key in the access point under WEP Key1 4 or Preshared Key and in the WLAN clients e The WEP key should be changed regularly To do this change the Transmit Key Select the longer 104 Bit WEP key e For the transfer of highly security critical informationen Security Mode WPA Enterprise should be configured with WPA Mode WPA 2 This method contains hardware based encryption and RADIUS authentication of the client In special cases combination with IPSec is possible e Restrict WLAN access to permitted clients Enter the MAC addresses of the wireless net work cards of these clients in the Allowed Addresses list in the MAC Filter menu see Fields in the MAC Filter menu on page 161 In the Wireless LAN gt WLAN gt Virtual Service Sets menu a list of all WLAN networks shown 12 1 2 1 Virtual Service Sets gt New Choose the p icon to edit existing entries Choose the New button to configure other wire less networks View Stendard Online Help Logout Radio Settings Virtual Service Sets WDS Links WI1040n Language English wirod Service Set Parameters Network Name SSID isibe intra cell Repeating az enabled y
245. he respective port The numbering corresponds to the numbering of the Ethernet ports on the back of the device Interface Displays the interface assigned to the Ethernet port here Configured Speed Select the mode in which the interface is to run Mode Possible values e Full Autonegotiation default value e Auto 100 mbps only e Auto 10 mbps only e Auto 100 mbps Full Duplex e Auto 100 mbps Half Duplex e Auto 10 mbps Full Duplex e Auto 10 mbps Half Duplex e Fixed 100 mbps Full Duplex e Fixed 100 mbps Half Duplex e Fixed 10 mbps Full Duplex e Fixed 10 mbps Half Duplex e Disabled The interface is created but remains inactive Current Speed Mode Shows the actual mode and actual speed of the interface Possible values e 100 mbps Full Duplex e 100 mbps Half Duplex e 10 mbps Full Duplex e 10 mbps Half Duplex e Inactive bintec WLAN and Industrial WLAN 10 2 Serial Port The serial interface can be operated as a console or as a data interface In data interface mode the data for the serial interface can be transmitted over an IP infrastructure Serial over IP 10 2 1 Serial Port You can make settings for the serial interface in the Physical Interfaces gt Serial Port gt Serial Port menu wi1040n EST Serial Port General Port Mode Configuration Data Port A oK Cancel _ Fig 52 Physical Interfaces gt Serial Po
246. he settings of an entry Displays the details for an entry Moves an entry A combo box opens in which you can choose the list entry that selected entry is to be be placed in front of after Creates another list entry first and opens the configuration menu Sets the status of the entry to Inactive Sets the status of the entry to Active Indicates Dormant status for an interface or connection Indicates Up status for an interface or connection Indicates Down status for an interface or connection Indicates Blocked status for an interface or connection Indicates Going up status for an interface or connection Indicates that data traffic is encrypted POopooe Pl Mm e i El E Triggers a WLAN bandscan y Displays the next page in a list A x 1 Displays the previous page in a list You can select the following operating functions in the list view Funkwerk Configuration Interface list options Update Interval Here you can set the interval in which the view is to be updated To do this enter a period in seconds in the input field and con firm it with Apply j Filter You can have the list entries filtered and displayed according to certain criteria You can determine the number of entries displayed per page by entering the required number in View x per Page Use the and gt buttons to scroll one page forward and one page back You can filter according to certain keywords within the confi
247. his menu you configure the port and certificate for a config uration session over HTTPS In this menu you configure the dynamic name resolution In this menu you configure your device as a DHCP server In this menu you configure time dependent standard actions of your devices In this menu you configure the surveillance of interfaces or hosts in the network In this menu you can configure management functions for bintec Access Point In this menu you configure the bintec Hotspot Gateway Funkwerk Enterprise Communications GmbH 7 Access and configuration Diagnostics Software amp Configura tion Reboot External Reporting In this menu you can test the accessibility of hosts DNS servers or routing In this menu you can manage your device s configuration files You can save them either locally on your device or on your computer for example you can start an update of the system software the ADSL logic and the BOOTmonitor In this menu you can initiate the rebooting of the device Syslog IP Accounting E mail Alert SNMP Activity Monitor Monitoring In this menu you configure the host to which the data logged in ternally on the device is forwarded for saving and further pro cessing In this menu you decide for which interfaces accounting mes sages are to be generated Depending on the configuration in this menu e mails are sent to the administrator as soon as relevant syslog mess
248. hown for which QoS has been configured witadon Ve Sened E Logos w11040n eta i Interface QoS Queue Send Dropped Queued crass Jo o jo E Junpriorized pa Je 2 Fig 187 Monitoring gt QoS gt QoS Values in the QoS list Field Description Interface Shows the interface for which QoS has been configured QoS Queue Shows the QoS Queue which has been configured for this in terface Send Shows the number of sent packets with the corresponding pack et class Dropped Shows the number of rejected packets with the corresponding packet class in case of overloading Queued Shows the number of waiting packets with the corresponding packet class in case of overloading bintec WLAN and Industrial WLAN Index Index 193 91 390 397 1 2 3 119 A ACCESS_ACCEPT 102 ACCESS_ REJECT 102 ACCESS_REQUEST 102 ACCOUNTING_START 102 ACCOUNTING_STOP 102 ACL Mode 161 203 Action 168 168 176 176 207 309 353 371 390 395 Active IPSec Tunnels 76 Active Radio Profile 190 Active Sessions SIF RTP etc 76 Address 316 Address Mode 133 Address Range 316 Address Type 316 Administrative Status 188 270 ADSL Logic 371 Alert Service 380 Alive Check 105 279 284 391 All Multicast Groups 235 Allow deleting editing all routing entries 216 Allowed Addresses 161 203 Allowed Hotspot Client 365 Always on 260 297 Always on 255 AP
249. ht approx 1900 g 3 WLAN modules LEDs 8 1x Failure 1x Status 3x WLAN 2x Ethernet 1x SFP Power consumption of the device 5 24 Watt depending on extensions Voltage supply Earth conductor connection to earth 5 20W All devices must be earthed 24 V 30 DC 1 1 A with reverse voltage protection in sulated 3 pole PoE on Ethernet 1 Class 0 insulated with max two Funkwerk Enterprise Communications GmbH 6 Technical data Property Value WLAN modules Protection against theft Theft protection is available as an option Temperature sensor Temperature monitoring and software controlled actions possible Environmental requirements Storage temperature 40 C to 85 C Operating temperature 20 C to 65 C Relative atmospheric humidity 10 to 100 Available interfaces Serial interface V 24 Permanently installed supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Ethernet IEEE 802 3 LAN Permanently installed twisted pair only 10 100 mbps autosensing MDI MDIX 2x 10 100 Base T TX Relay An alarm using relay is possible in the event of overtem perature or error potential free working contact 42 V AC 1A 30VDC2A Optical interface Module slot for optical interface 100 mbps LWL Single Mode LC or LWL Multimode LC 1x 100 Base FX SX with SFP module Available sockets Serial interface V
250. ia 802 1x e g RADIUS for user authentication Authentication using EAP is usually used in large wireless LAN installations as an authen tication instance in the form of a server e g a RADIUS server is used in these cases PSK preshared keys are usually used in smaller networks such as those seen in SoHo Small Funkwerk Enterprise Communications GmbH 12 Wireless LAN office Home office Therefore all the wireless LAN subscribers must know the PSK be cause it is used to generate the session key WPA2 WPA2 is the enhancement of WPA In WPA2 the 802 11i standard is not only implemen ted for the first time in full but another encryption algorithm AES Advanced Encryption Standard is also used Access control You can control which clients can access your wireless LAN via your device by creating an Access control list ACL Mode or MAC Filter In the Access Control List you enter the MAC addresses of the clients that may access your wireless LAN All other clients have no access Security measures To protect the data transferred on the WLAN you may need to carry out the following con figuration steps in the Wireless LAN gt WLAN gt Wireless Networks VSS gt New gt g menu e Change the access passwords for your device e Change the default SSID Network Name SSID Funkwerk ec of your access point Set Visible Enabled This will exclude all WLAN clients that attempt to establish a connection with t
251. ible network topologies are described here to give you an overview of the options available when you use bintec bridges LAN A LAN B Fig 68 Point to point topology LANC LAN A Fig 69 Point to multipoint topology bintec WLAN and Industrial WLAN Radio Cell Radio Cell Fig 70 Wireless backbone Radio Cell Radio Cell Fig 71 Wireless bridge with connection of wireless clients To be able to set up a wireless link to bintec bridges an uninterrupted view must exist between the antennas at both ends This is called a line of sight abbreviated to LOS The term line of sight does not just mean a straight line of vision between the two anten nas but a kind of tunnel which must not be disturbed by obstacles This tunnel is called the 1st Fresnel zone The Fresnel zone has the shape of an ellipse rotated around its lon bintec WLAN and Industrial WLAN gitudinal axis At least 60 of the 1st Fresnel zone must remain free of obstacles The ra dius or the small semi axis depends on the frequency used and the distance between the antennas First Fresnel Zone Fig 72 1 Fresnel zone Example Radius of 1st Fresnel zone as a function of distance from transmit antenna for antenna separation of 5 km at 2 45 GHz Example 1 Distance from transmit an Radius of 1st Fresnel zone Radius at 60 of tenna km m 1st Fresnel zone m 0 250 5 4 4 2 0 500 7 4 5 7 0 750 8 8 6 8 1 000 9
252. ible values e Authentication default value The RADIUS server is used for controlling access to a network e Accounting The RADIUS server is used for recording stat istical call data e Login Authentication The RADIUS server is used for controlling access to the SNMP shell of your device e IPSec Authentication The RADIUS server is used for sending configuration data for IPSec peers to your device e WLAN 802 1x The RADIUS server is used for controlling access to a wireless network e XAUTH The RADIUS server is used for authenticating IPSec peers via XAuth Vendor Mode Only for Authentication Type Accounting In hotspot applications select the mode define by the provider In standard application leave the default value Standard Possible values for hotspot applications e France Telecom For France Telecom hotspot applications e bintec HotSpot Server For bintec hotspot applications Server IP Address Enter the IP address of the RADIUS server RADIUS Password Enter the shared password used for communication between the RADIUS server and your device Priority If a number of RADIUS server entries were created the server with the highest priority is used first If this server does not an swer the server with the next highest priority is used Possible values from 0 highest priority to 7 lowest priority The default value is 0 See also Policy in the Advanced Settings Entry active Select whether the RADIU
253. ich you select by entering the cor responding number 1 Boot System reboot the system The device loads the compressed boot file from the flash memory to the working memory This happens automatically on starting 2 Software Update via TFTP The devices performs a software update via a TFTP server 3 Software Update via XMODEM The device performs a software update via a serial interface with XMODEM 4 Delete configuration The device is reset to the ex works state All configuration files are deleted and the BOOTmonitor settings are set to the default values 5 Default BOOTmonitor Parameters You can change the default settings of the BOOTmonitor of the device e g the baud rate for serial connections 6 Show System Information Shows useful information about your device e g serial number MAC address and software versions The BOOTmonitor is started as follows The devices passes through various functional states when starting e Start Mode BOOTmonitor mode e Normal mode After some self tests have been successfully carried out in the start mode your device reaches the BOOTmonitor mode The BOOTmonitor prompt is displayed if you are serially connected to your device Press lt sp gt for boot monitor or any other key to boot system W1002 Bootmonitor V 7 9 1 Rev 1 from 2009 10 19 00 00 00 Copyright c 1996 2009 by Funkwerk Enterprise Communications GmbH 1 Boot System 2 Software Update via TFT
254. ies Choose the New button to configure other wire less networks bintec WLAN and Industrial WLAN Slave Access Points Radio Modules Radio Profiles Wireless Networks VSS Service Set Parameters Network Name SSID Funkwereec visible Loreen Reser Das z ARP Processing DEnabled wana MeEnablea Max Clients Ie Security Settings 6 Security Mode WPAPSK Mi WPAMode PA nd WPAZ mE a WPA Cipher E TKIP E AES E WPA2 Cipher SK Maes Preshared Key 7 eesse MAC Fiter y ACL Mode Enabled 17 Allowed Addresses E L Add J VLAN VLAN DEnabled OK Cancel Fig 85 Wireless LAN Controller gt Slave AP Configuration gt Wireless Networks VSS gt p New The Wireless LAN Coniroller gt Slave AP Configuration gt Wireless Networks VSS gt New menu consists of the following fields Fields in the Virtual Service Sets Service Set Parameters menu Field Description Network Name SSID Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Also select whether the Network Name SSID is to be trans mitted The network name is shown by choosing Visible It is visible by default Intra cell Repeating Select whether communication between the WLAN clients is to be permitted within a radio cell The function is activated by choosing Enabled bintec WLAN and Industrial W
255. if a suitable Internet or dialin connection is selected as the standard inter face the relevant DNS server is asked depending on the configuration of the Internet or dialin connections if necessary by setting up a WAN connection at extra cost If one of the DNS servers can resolve the name the information is forwarded and a dy namic entry created in the cache Otherwise if overwriting the addresses of the global name servers is allowed DNS Server Configuration Dynamic a connection is set up in some cases at extra cost that is configured to enable DNS server addresses to be requested from DNS servers DNS Negotiation Enabled if this has not been attempted previously If name server negotiation is successful these are entered as global name servers and are therefore available for further requests Otherwise the initial request is answered with a server error If one of the DNS servers answers with non existent domain the initial request is im mediately answered accordingly and a corresponding negative entry is made in the DNS cache of your device 18 1 1 Global Settings aes z WI1040n PY Language English View Standard Online Help Logout on f z Global Settings Static Hosts Domain Forwarding Cache Statistics Basic Parameters Domain Name A in A A E DNS Server Configuration Dynamic O static Primary 0 0 0 0 WINS Server t
256. ilable wireless networks The value can only be changed for Roaming Profile Custom Roaming The default value is 5000 ms Channel Sweep Indicates how many frequencies are scanned in the back ground The value can only be changed for Roaming Profile Custom 12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Roaming The default value is 2 The value 0 disables the scan in the background The value 1 enables the scan of all avail able frequencies Min Time Period for Act Indicates the minimum time in milliseconds a frequency is act ive Scan ively scanned The value can only be changed for Roaming Profile Custom Roaming The default value is 10 ms Max Time Period for Indicates the maximum time in milliseconds a frequency is act Active Scan ively scanned The value can only be changed for Roaming Profile Custom Roaming The default value is 40 ms Min Time Period for Indicates the minimum time in milliseconds a frequency is pass Passive Scan ively scanned The value can only be changed for Roaming Profile Custom Roaming The default value is 20 ms Max Time Period for Indicates the maximum time in milliseconds a frequency is act Passive Scan ively scanned The value can only be changed for Roaming Profile Custom Roaming The default value is 120 ms RTS Threshold Select how the RTS CTS mechanism is to be switched on off If you choose User Defined in the input field you can s
257. ill physically interfere with each other if they are operating on the same or closely adjacent wireless channels So if you are operating two or more radio networks close to each other it is advisable to allocate the networks to different channels Each of these should be spaced at least four channels apart as a network also partially occupies the adja cent channels In the case of manual channel selection please make sure first that the APs actually support these channels Possible values according to the selected wireless module pro file e For Frequency Band 2 4 GHz In Outdoor Possible values are 1 to 13 and Auto default value e For Frequency Band 5 GHz Indoor Possible values are 36 40 44 48 and Auto default value e For Operation Band 5 GHz In Outdoorand 5 GHz Outdoorand 5 8 GHz Outdoor Only the Auto option is possible here Used Channel Only for managed APs Displays the channel that is currently in use Transmit Power Displays the transmission power You can select another trans mission power Field Description Possible values e Max default value The maximum antenna power is used O 3 eli e 8 dBm e 11 dBm e 14 dBm e 16 dBm Assigned Wireless Net Displays the wireless networks that are currently assigned works VSS 13 3 3 Radio Profiles Wi2040n lt Ed Language English View Standard Online Help Slave Access Points Radio Modules Radio Profi
258. important system information You see an overview of the following data e System status e Your device s activities Resource utilisation active sessions and tunnels e Status and basic configuration of LAN WAN and WLAN interfaces e The last 10 system messages You can customise the update interval of the status page by entering the desired period in seconds as Automatic Update Interval and clicking on the Apply button fl Caution Under Automatic Refresh Interval do not enter a value of less than 5 seconds other wise the refresh interval of the screen will be too short to make further changes bintec WLAN and Industrial WLAN Automatic Refresh Interval 300 Seconds Apply gt Status O warning System Password not changed Global Settings System information Interface Mode Bridge EE Uptime 9 Davis 19 Hour s 47 Minute s Acininistrakivs Acres ame System Date Tue Feb 17 02 17 46 2004 _Remote Authentication Serial Number WN2DJC010290024 Certificates T ryan VEET so GEA A BOSS Version V 7 9 Rev 6 IPSec from 2010 09 30 00 00 00 PNC are nioan i Cf eeu Usage 0 Wireless LAN 3 Memory Usage 21 7 31 9 MB 67 Wireless LAN Contes Temperature Current 40 C Min 36 C Max 46 C EA Active Sessions GIF RTP etc O WM Physical Interface Interface Specifics Link Passe brO 192 168 252 255 255 255 0 o mewa tt brO 192 168 252 255 255 255 0 Eer O WAN Bridges Channel in Use 1 1 BR
259. inal traffic menu Field Description Service Not for Type of traffic outgoing Source NAT and NAT Field Description method full cone restricted cone Or port restricted cone Select one of the preconfigured services Possible values e User defined default value e lt Service name gt Protocol For certain services only Not for Type of traffic outgoing Source NAT and NAT method full cone restricted cone Or port restricted cone In this case UDP is selected automatic ally Select a protocol Depending on the selected service different protocolls are available Possible values e Any default value e AH e Chaos SENT O CMI e igmp CGE O WP SETET ATE e IPv6 O MES alia JER IPS OS bintec WLAN Funkwerk Enterprise Communications GmbH 14 Routing Field Description e Kryptolan O fb 252 OSA O ION DIES eTRSVE O SIRIS STER SET TSA TUDE SVERRE O SINS IDE Source IP Address Net mask Enter the source IP address and if required the corresponding netmask of the original data packets Source Port Only for Type of traffic outgoing Source NAT NAT method symmetrisch and Service User defined Enter the source port of the original data pack ets The default setting Al 1 means that the port is not specified Source Port Range Not for Type of traffic outgoing Source NAT Enter the source port or the source port range of the original data pack et
260. ing slowly on static on flickering on flashing fast on flashing fast off ETH 1 2 2x green on on flickering SFP green off on on flickering Information Errors Ready Free At least one client is registered At least one client is registered and there is data traffic BLD Broken Link Detection active 5 GHz scan active No cable or no Ethernet link Cable plugged in and link Cable plugged in and link with data traffic No data traffic Data traffic via the SFP interface Cable plugged in and data traffic During the heating phase the red Failure LED flashes The other LEDs then come on dur ing booting if the units are initialised Note Note that the number of active WLAN LEDs depends on the number of existing wire less modules The LEDs on bintec WI1065n and bintec WI2065n are arranged as follows bintec WLAN and Industrial WLAN Failure Status Fig 14 LEDs of bintec WI1065n and bintec WI2065n In operation mode the LEDs display the following status information for your device LED status display bintec WI1065n and bintec WI2065n LED Failure red Status green WLAN 1 2 3 3x green ETH 1 2 2x green SFP green Status on flashes off off on static on flashing on flashing slowly on static on flickering on flashing fast on flashing fast off on on flickering off on on flickering Info
261. int Access data Example value Your values IP address of your access point 192 168 0252 Netmask of your access point 255 255 2550 Access Point mode If you run your device in Access Point mode you can set up the required wireless net works To do this you need the following data Configuration of a wireless network Access data Example value Your values Network Name SSID Funkwerk ec Security mode WPA PSK Preshared Key supersecret Access Client mode If you run your device in Access Client mode you can set up the required client links To do this you need the following data IP configuration of the access client Access data Example value Your values Network Name SSID Funkwerk ec Security mode WPA PSK Preshared Key supersecret Bridge mode If you run your device in Bridge mode you can either configure connections to other bridges manually or use the bridge link autoconfiguration function For the manual configur ation of a bridge link you need the following data Configuration of a bridge link bintec WLAN and Industrial WLAN 17 Access data Example value Your values Preshared Key bridgesecret MAC address of remote bridge 00 a0 9 5a 42 53 To use the bridge link autoconfiguration function proceed as described in the Automatic Configuration of a Bridge Link workshop and read the Wireless LAN chapter of the user s guide under WLAN gt Bridge Links gt Add 4 3 2 Configuring a PC In order to reach your
262. ion Settings with Condition Type Weekday Monday default value Sunday Possible values for Condition Settings with Condition Type Periods e Daily The initiator becomes active daily default value e Monday Friday The initiator becomes active daily from Monday to Friday e Monday Saturday The initiator becomes active daily from Monday to Saturday e Saturday Sunday The initiator becomes active on Sat urdays and Sundays Field Description Possible values for Condition Settings with Condition Type Day of the month dl sap Sills Start Time Enter the time from which the initiator is to be activated Activa tion is carried on the next scheduling interval the default value of this interval is 55 seconds Stop Time Not if Select Action Reboot device Enter the time from which the initiator is to be deactivated De activation is carried on the next scheduling interval If you do not enter a Stop Time or set Stop Time Start Time the initiator is activated and deactivated after 10 seconds 18 5 2 Options In the Local Services gt Scheduling gt Options menu you configure the schedule inter val WI1040n 5 Language English Y Online Help Logout wit040n T Time Schedule Options Scheduling Options Schedule Interval 0 sec Enabled OK C Cancel DynDNS Client DHCP Server Scheduling Surveillance Funkwerk Discovery Fig 145 L
263. ion to your device First carry out the reset procedure de scribed and enter erase bootconfigas Login at the login prompt in the command line Leave the password empty and press the Return key The device runs through the boot sequence again You can now configure your device again as described from Basic configuration on page 14 En Note If you delete the boot configuration using the Funkwerk Configuration Interface all passwords will also be reset and the current boot configuration deleted The next time the device will boot with the standard ex works settings On devices of the WI series there is a further button the HW reset After pressing briefly once the device reboots Fig 10 Underside of the bintec WIx040n with the HW and Cfg reset buttons bintec WLAN and Industrial WLAN Chapter 6 Technical data This chapter summarises all of the hardware properties of the devices W1002n WI1040n WI2040n WI1065n and WI2065n Caution bintec WIx065n is a class A set up This set up can cause interference in living areas in this case the operator can request for appropriate measures to be taken 6 1 Scope of supply Your device is supplied with the following parts Cable sets mains unit other Software Documentation bintec W1002n Ethernet cable RJ 45 STP Companion Quick Install Guide printed DVD Plug in power pack 12 V 230 v 3 external standard antennas Self adhesive feet to allow the device
264. irmation also contains parameters called RADIUS attributes which your device uses as WAN connection parameters If the RADIUS server is used for accounting your device sends an accounting message at the start of the connection and a message at the end of the connection These start and end messages also contain statistical information about the connection IP address user name throughput costs RADIUS packets The following types of packets are sent between the RADIUS server and your device client Packet types Field Value ACCESS_REQUEST Client gt Server If an access request is received by your device a request is sent to the RADIUS server if no corresponding connection part ner has been found on your device ACCESS_ACCEPT Server gt Client If the RADIUS server has authenticated the information con tained in the ACCESS_REQUEST it sends an AC CESS_ACCEPT to your device together with the parameters used for setting up the connection ACCESS_REJECT Server gt Client If the information contained in the ACCESS_REQUEST does not correspond to the information in the user database of the RADIUS server it sends an ACCESS_REJECT to reject the connection ACCOUNTING_START Client gt Server If a RADIUS server is used for accounting your device sends an accounting message to the RADIUS server at the start of each connection ACCOUNTING_STOP Client gt Server Field VENTO If a RADIUS server is used for acco
265. is Ad ministratively Prohibited e Communication with Destination Host is Admin istratively Prohibited 174 2 Groups In the Firewall gt Services gt Groups menu a list of all configured service groups is shown You can group together services This makes it easier to configure firewall rules 17 4 2 1 New Choose the New button to set up new service groups bintec WLAN WI1040n Language English View Standard Online Help wi1040n Service List Groups Basic Parameters E Description iG o fo o o E dhcp o Members discard jo dns fo echo la exec la imed a CC a unix print ED unpriv o T ups lo 7 uucp path la who ja whois io wins Bu A Cancel bo Fig 132 Firewall gt Services gt Groups gt New The Firewall gt Services gt Groups gt New menu consists of the following fields Fields in the Groups Basic Parameters menu Field Description Description Enter the desired description of the service group Members Select the members of the group from the available service ali ases To do this activate the field in the Members column bintec WLAN and Industrial WLAN 18 Local Services Funkwerk Enterprise Communications GmbH Chapter 18 Local Services This menu offers services for the following application areas e Name resolution DNS e Locating of dy
266. is exceeded Possible values e Tail Drop default value The newest packet received is dropped Head Drop The oldest packet in the queue is dropped Random Drop A randomly selected packet is dropped from the queue Min queue size Enter the minimum size of the queue in bytes Possible values are 0 to 16384 The default value is 0 Max queue size Enter the maximum size of the queue in bytes Possible values are 0 to 16384 The default value is 16384 Chapter 15 WAN This menu offers various options for configuring accesses or connections from your LAN to the WAN You can also optimise voice transmission here for telephone calls over the Inter net 15 1 Internet Dialup In this menu you can set up Internet access or dialup connections To enable your device to set up connections to networks or hosts outside your LAN you must configure the partners you want to connect to on your device This applies to outgoing connections your device dials its WAN partner and incoming connections a remote part ner dials the number of your device If you want to set up Internet access you must set up a connection to your Internet Service Provider ISP For broadband Internet access your device provides the PPP over Ethernet PPPoE and PPP over PPTP protocols S Note Note your provider s instructions All the entered connections are displayed in the corresponding list which contains the De scription the User
267. isted pair only 10 100 mbps autosensing MDI MDIX 2x 10 100 Base T TX Relay An alarm using relay is possible in the event of overtem perature or error potential free working contact 42 V AC 1A 30VDC2A Optical interface Module slot for optical interface 100 mbps LWL Single Mode LC or LWL Multimode LC 1x 100 Base FX SX with SFP module Available sockets Funkwerk Enterprise Communications GmbH 6 Technical data Property Value Serial interface V 24 9 pin Sub D connector Relay switching contact N O 42 V AC 1 A 30 V DC 2A potential free software con figurable switchable Ethernet interface RJ45 socket Antennas Antenna connection RTNC socket Transmit Power WLAN max 100 mW 20 dBm EIRP Receiver sensitivity 5 GHz 802 11a h 6 Mbit s 88 dBm 9 Mbit s 87 dBm 12 Mbit s 86 dBm 18 Mbit s 84 dBm 24 Mbit s 82 dBm 36 Mbit s 78 dBm 48 Mbit s 74 dBm 54 Mbit s 73 dBm 2 4 GHz 802 11b g 1 Mbit s 91 dBm 2 Mbit s 90 dBm 5 5 Mbit s 89 dBm 11 Mbit s 88 dBm 6 Mbit s 90 dBm 9 Mbit s 89 dBm 12 Mbit s 88 dBm 18 Mbit s 86 dBm 24 Mbit s 83 dBm 36 Mbit s 80 dBm 48 Mbit s 76 dBm 54 Mbit s 74 dBm Modulation Modulation IEEE 802 11 standards a h 5 GHz b g 2 4 GHz Modulation types 11 5 5 2 and 1 Mbit s DSSS 2 4 GHz 54 48 36 24 18 12 9 and 6 Mbit s OFDM 2 4 and 5 GHz Channels IEEE802 11b g 13 cha
268. it Power 144 190 Transmitted MPDUs 397 Transparent MAC Address 93 Trials 349 Trigger 351 353 TTL 327 Tunnel Profile 297 Tx Bytes 395 Tx Errors 395 Tx Packets 395 396 398 400 401 403 404 405 406 Type 242 318 395 Type of Messages 376 Type of traffic 218 Index U UDP Destination Port 294 302 387 UDP Inactivity 314 UDP Port 105 UDP Source Port 294 UDP Source Port Selection 302 Unchanged for 395 Unicast MPDUs received successfully 397 Unicast MSDUs transmitted successfully 397 up 253 Up Time 398 401 403 404 406 407 Update Interval 337 387 Update Path 337 Update Timer 230 Update URL 344 UpTime 405 UptTme 400 Uptime 76 URL 207 371 Usage Area 144 Use key 304 Use PFS Group 282 Use Zero Cookies 290 Used Channel 190 Used Secondary Channel 144 User Defined Channel Plan 196 User Name 255 260 297 335 381 410 Users 286 V Value 397 Vendor Mode 103 VLAN 204 VLAN ID 133 204 VLAN Identifier 138 VLAN Members 138 VLAN Name 138 WwW Walled Garden 363 Walled Garden URL 363 Walled Network Netmask 363 WDS Description 163 401 403 Weight 250 WEP Key 1 4 163 WEP Key 1 4 159 166 201 Wildcard 336 Wildcard MAC Address 93 Wildcard Mode 93 Wireless Mode 148 195 WMM 158 200 WPA Cipher 159 166 201 WPA Mode 159 166 201 WPA2 Cipher 159 166 201 X XAUTH Profile 272 Z Zero Cookie Size 290 bintec WLAN and Industrial WLA
269. it may not be possible to rotate the radiator any more If two antennas are connected to the device these must be installed at least 6 cm and preferably 12 cm apart so that antenna diversity can be used In highly reflective environments it may make sense to maintain an angle of 90 in the direction of the antennas For this arrange the antennas in a V shape 2 Installation The access points can be fitted to the wall using brackets on the housing or can 8 bintec WLAN and Industrial WLAN used as a table top device Wall mounting To attach the device to the wall use the brackets on the back of the housing Op tional wall mounting with theft protection is available Warning Before drilling make sure that there are no building installations where you are drilling If gas electricity water or waste water lines are damaged you may endanger your life or damage property e Screw the mount to the wall with the 2 screws Hang the device in the mount with the screw nut but do not tighten it Make sure the device connections are accessible e Protect the device against theft with the lock supplied Fig 4 Wall mounting straps bintec W1002n bintec WLAN and Industrial WLAN Fig 5 Wall mounting of the bintec WIx040n standard design DIN rail or theft protection optional bintec WLAN and Industrial WLAN Fig 6 Wall mounting of the bintec WIx065n standard design and with theft protection Use
270. it040n save contiguation Fara Passwords O Svatem Lcences ive conf System Passwol s Date and Time System Licences py ca Basic Settings Interface Mode Bridge TMB Zoe E Groups Current Local Time Tue Mar 02 06 33 29 2004 Administrative Access Manual Time Settings Remote Authentication ee RA Day Month Year Set Date Hour Minute Set Time A Automatic Time Settings Time Protocol FirstTimeserver SNTP Second Timeserver SNTP amp Third Timeserver SNTP Time Update Interval 1440 Minute s s 1 EA J Time Update Policy Normal x Internal Time Server Denabled En oK Cancel Fig 35 System Management gt Global Settings gt Date and Time You have the following options for determining the system time local time Manual The system time can be set manually on the device If the correct location of the device country city is set for the System Time Zone switch ing from summer time to winter time and back is automatic The switch occurs independ ently of an NTP server Summer time starts on the last Sunday in March by switching from 2 a m to 3 a m The calendar related or schedule related switches that are scheduled for the missing hour are then carried out Winter time starts on the last Sunday in October by switching from 3 a m to 2 a m The calendar related or schedule related switches that are scheduled for the additional hour are then
271. ldings e 5 GHz In Outdoor Your device is operated at 5 GHz mode 802 11a h and mode 802 11n inside or outside build ings e 5 8 GHz Outdoor Only for so called Broadband Fixed Wireless Access BFWA applications The frequencies in the frequency range from 5755 MHz to 5875 MHz may only be used in conjunction with commercial offers for public network accesses and requires registration with the Federal Network Agency Bandwidth Not for Frequency Band 2 4 GHz In Outdoor Select how many channels are to be used Possible values e 20 MHz default value One channel with 20 MHz bandwidth is used e 40 MHz Two channels each with 20 MHz bandwidth are used In the case one channel acts as a control channel and the other as an expansion channel Number of Spatial Select how many traffic flows are to be used in parallel Streams Possible values Funkwerk Enterprise Communications GmbH 13 Wireless LAN Controller Field Description e 2 default value Two traffic flows are used e 1 One traffic flow is used Fields in the Wireless Modules Performance Settings menu Field Description Wireless Mode Select the wireless technology that the access point is to use For Frequency Band 2 4 GHz In Outdoor Possible values 0 802 11 feae Your device operates according to either 802 11b 802 11g or 802 11n 802 11 g n Your device operates according to either 802 11g or 802 11n O 02 iil me Your device operates only
272. lds in menu Port Configuration Field Description Interface Shows the port for which you define the PVID and processing rules PVID Assign the selected port the required PVID Port VLAN Identifi er If a packet without a VLAN tag reaches this port it is assigned this PVID Drop untagged frames If this option is enabled untagged frames are discarded If the option is disabled untagged frames are tagged with the PVID defined in this menu bintec WLAN and Industrial WLAN Field Description Drop non members If this option is enabled all tagged frames that are tagged with a VLAN ID to which the selected port does not belong are dis carded 11 2 3 Administration In this menu you make general settings for a VLAN The options must be configured sep arately for each bridge group ai k woso PP wit040n La C s View Standard Online Help Logout VLANs Port Configuration Administration ee e pE Enabled Configuration r Fi oo aA Management VID 1 Management OK gt Cancel Fig 59 LAN gt VLAN gt Administration The LAN gt VLAN gt Administration menu consists of the following fields Fields in the Administration Bridge Group br lt ID gt VLAN Options menu Field Description Enable VLAN Enable or disable the specified bridge group for VLAN The function is activated with Enabled The function is not activated by default Management VID Select th
273. lect and edit Only if Class map New Enter the name of the class plan Select an IP filter If the class plan is new select the filter to be set at the first point of the class plan If the class plan already exists select the filter to be attached to the class plan To select a filter at least one filter must be configured in the 14 Routing Funkwerk Enterprise Communications GmbH Field Description Routing gt QoS gt QoS Filter menu Direction Select the direction of the data packets to be classified Possible values Incoming Incoming data packets are to be classified e Outgoing default value Outgoing data packets are to be classified e Both Incoming and outgoing data packets are to be classi fied High Priority Class Enable or disable the high priority class If the high priority class is active the data packets are associated with the class with the highest priority and priority O is set automatically The function is activated with Enabled The function is disabled by default Class ID Only if High Priority Class is inactive Choose a number which assigns the data packets to a class Note The class ID is a label to assign data packets to specific classes The class ID defines the priority Possible values are whole numbers between 1 and 254 Interfaces Only if Class map New When creating a new class plan select the interfaces to which you want to link the class plan A
274. lected channels are displayed here By using Add you can add channels If all available channels are displayed you cannot add any more entries You can also delete entries with the aid of m Beacon Period Enter the time in milliseconds between the sending of two beacons This value is transmitted in Beacon and Probe Response Frames Possible values are 1 to 65535 The default value is 100 DTIM Period Enter the interval for the Delivery Traffic Indication Message DTIM The DTIM field is a data field in transmitted beacons that in forms clients about the window to the next broadcast or multic ast transmission If clients operate in power save mode they come alive at the right time and receive the data Possible values are 1 to 255 The default value is 2 RTS Threshold Here you can specify the data packet length threshold in bytes 1 2346 as of which the RTS CTS mechanism is to be used This makes sense if several clients that are not in each other s wireless range are run in one access point Field Description Short Guard Interval Enable this function to reduce the guard interval time between transmission of two data symbols from 800 ns to 400 ns Short Retry Limit Enter the maximum number of attempts to send a frame of length less than or equal to the value defined in RTS Threshold After this many failed attempts the packet is dis carded Possible values are 1 to 255 The default value is 7 Lo
275. les Wireless Networks VSS Radio Profile Number of Managed APS Operation Band Wireless Mode TA 2 4 GHz Radio Profile 1 2 4 GHz In Outdoor 802 11 bigin pl Car ed tas a A 5 GHz Radio Profile lo 5 GHz In Outdoor 802 11afn mea New Fig 82 Wireless LAN Controller gt Slave AP Configuration gt Radio Profiles In the Wireless LAN Controller gt Slave AP Configuration gt Radio Profiles menu an overview of all available wireless module profiles is displayed A profile with 2 4 GHz and a profile with 5 GHz are created by default the 2 4 GHz profile cannot be deleted For each wireless module profile you will see an entry with a parameter set Radio Profile Number of Managed APs Operation Band Wireless Mode bintec WLAN and Industrial WLAN 13 3 3 1 Edit New Choose the eo icon to edit existing entries Select the Newbutton in order to create new wireless module profiles Slave Access Points Radio Modules Radio Profiles le orks VSS Radio Profile Definition 7 1 Description fea GHz Radio Profile Operation Mode Access Point 2 4 GHz In Outdoor 2 cr aa e Controller Configuration Number of Spatial Streams Slave AP configuration e maa c Monitoring Ait elle Ea dei Ih Maintenance Wireless Mode 802 11 b g n AA Max Transmission Rate Auto x Burst Mode Cenabtea Adv
276. ling gt Time Schedule gt New The Local Services gt Scheduling gt Time Schedule gt New menu consists of the follow ing fields Fields in the Time Schedule Basic Parameters menu Field Description Description Enter the desired name for the scheduled task Fields in the Time Schedule Action menu Field Description Select action Select the desired action Possible values bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 18 Local Services Field Description Reboot device default value Your device is rebooted e Activate interface The interface defined in the Select Interface field is activated e Deactivate interface The interface defined in the Se lect Interface field is deactivated e Activate WLAN The WLAN interface defined in the Select Interface field is activated e Deactivate WLAN The WLAN interface defined in the Se lect Interface field is deactivated e Initiate 5 GHz WLAN Bandscan The wireless module selected in Select Wireless Module is scanned in the 5 GHz frequency band During the scan all wireless connections are interrupted e Trigger software update A software update is initiated e Trigger configuration backup The backup of the device configuration to a TFTP server is initiated Select radio Only if Select action Initiate 5 GHz WLAN Bandscan Select the wireless module to be used for the scan Select interface Only if Select action Activa
277. link is configured c Number of the client link Example sta1 0 first client link on the first wireless module The names of the virtual interfaces connected to an Ethernet port are made up of the fol lowing parts a Abbreviation for interface type b Number of the Ethernet port c Number of the interface connected to the Ethernet port d Number of the virtual interface Example en1 0 1 first virtual interface based on the first interface on the first Ethernet port 9 3 1 Interfaces You define separately whether each interface is to operate in routing or bridging mode If you want to set bridging mode you can either use existing bridge groups or create a new bridge group The default setting for all existing interfaces is bridging mode On selecting the New Bridge Group option for Mode Bridge Group a bridge group i e bri br2 etc is automatically created and the interface is run in bridging mode w11040n WI1040n Language English Online Heip FT h gt Interfaces Interface Description Mode Bridge Group 1 ent 0 brO 192 168 0 252 Interface Mode Bridge Se ee EEES bra 192 168 0 252 M E Administrative Access Configuration Interface Selectone OK Cancel Fig 37 System Management gt Interface Mode Bridge Groups gt Interfaces The System Management gt Interface Mode Bridge Groups gt Interfaces menu con sists of the
278. locate your bintec devices within the network quickly and easily The NET based application which is designed for up to 50 devices offers easy to use func tions and a comprehensive overview of devices their parameters and files All devices in the local network including remote devices that can be reached over SNMP are located using SNMP Multicast irrespective of their current IP address A new IP ad dress and password and other parameters can also be assigned A configuration can then be initiated over HTTP or TELNET If using HTTP the Dime Manager automatically logs in to the devices on your behalf System software files and configuration files can be managed individually as required or in logical groups for devices of the same type You can find the Dime Manager on the enclosed product DVD Funkwerk Enterprise Communications GmbH 2 About this guide Chapter 2 About this guide This document is valid for bintec devices with system software as of software version 7 9 5 The guide which you have in front of you contains the following chapters User s Guide Reference Chapter Description Introduction You see an overview of the the device About this guide We explain the various components of this manual and how to use it Installation This contains instructions for how to set up and connect your device Basic configuration This chapter provides a step by step guide to the basic func tions on your device Reset This c
279. lowing parts a WLAN b Number of the physical port 1 or 2 Example wLAN1 The name of the Ethernet port is made up of the following parts a ETH where en stands for Ethernet b Number of the port Example ETH1 bintec WLAN and Industrial WLAN 9 System Management Funkwerk Enterprise Communications GmbH The names of the interfaces connected to an Ethernet port are made up of the following parts a Abbreviation for interface type b Number of the Ethernet port c Number of the interface Example en1 0 first interface on the first Ethernet port The name of the bridge group is made up of the following parts a Abbreviation for interface type b Number of the bridge group Example bro first bridge group The name of the wireless network is made up of the following parts a Abbreviation for interface type b Number of the wireless module c Number of the interface Example vss1 0 first wireless network on the first wireless module The name of the WDS link or bridge link is made up of the following parts a Abbreviation for interface type b Number of the wireless module on which the WDS link or bridge link is configured c Number of the WDS link or bridge link Example wds1 0 first WDS link or bridge link on the first wireless module The name of the client link is made up of the following parts a Abbreviation for interface type b Number of the wireless module on which the client
280. lt value is 1812 Server Timeout Enter the maximum wait time between ACCESS REQUEST 9 System Management Funkwerk Enterprise Communications GmbH Field VENTO and response in milliseconds After timeout the request is repeated according to Retries or the next configured RADIUS server is requested Possible values are whole numbers between 50 and 50000 The default value is 1000 1 second Alive Check Here you can activate a check of the reachability of a RADIUS server in Status Down An Alive Check is carried out regularly every 20 seconds by sending an ACCESS_ REQUEST to the IP address of the RADI US server If the server is reachable Status is set to alive again If the RADIUS server is only reachable over a switched line dialup connection this can cause additional costs if the server is down for a long time The function is activated by choosing Enabled The function is enabled by default Retries Enter the number of retries for cases when there is no response to a request If an answer has still not been received after these attempts the Status is set to down If the Active Check En ableayour device tries to reach the server every 20 seconds If the server answers the Status is set back to alive Possible values are whole numbers between 0 and 10 The default value is 1 To prevent Status being set to down set this value to 0 RADIUS Dialout Only for Authentication Type Authentication and IPSec Authen
281. lues e DynDNS default value e Static DynDNS e ODS HN e DYNS e GnuDIP HTML e GnuDIP TCP e Custom DynDNS e dnsexit Update Interval Enter the minimum time in seconds that your device must wait before it is allowed to propagate its current IP address to the DynDNS provider again The default value is 300 seconds 18 4 DHCP Server You can configure your device as a DHCP Dynamic Host Configuration Protocol server Your device and each PC in your LAN requires its own IP address One option for allocat ing IP addresses in your LAN is the Dynamic Host Configuration Protocol DHCP If you configure your device as a DHCP server the device automatically assigns IP addresses to requesting PCs in the LAN from a predefined IP address pool A PC sends out an ARP re quest and in turn receives its IP address assigned by your device You therefore do not need to allocate fixed IP addresses to PCs which reduces the amount of configuration work in your network To do this you set up a pool of IP addresses from which your device assigns IP addresses to hosts in the LAN for a defined period of time A DHCP server also transfers the addresses of the domain name server entered statically or by PPP negotiation DNS NetBIOS name server WINS and default gateway 18 4 1 DHCP Pool To activate your device as a DHCP server you must first define IP address pools from which the IP addresses are distributed to the requesting clients I
282. m that can issue distribute and check digital certificates Certificates are issued for a specific period usually one year i e they have a limited valid ity period Your device is designed to use certificates for VPN connections and for voice connections over Voice over IP 9 6 1 Certificate List In the System Management gt Certificates gt Certificate List menu a list of all available certificates is shown 9 6 1 1 Edit Click the icon to display the content of the selected object key certificate or request Global Settings Description Interface Mode Bridge _A Groups Certificate is CA Certificate Cte fox e e u Ane 1 L Remote Authentication _ Borge Sere ne trusted Z True 7 o View details Certificate Es SerialNumber 11 SubjectName lt CN r1200_aw OU Support O Funkwerk EC ST Bavaria C DE gt IssuerName lt CN linuxCA OU Support O Funkwerk EC ST Bavaria C DE amp gt Validity NotBefore 2006 Sep 15th 07 07 49 GMT Not fter 2008 Sep 14th 07 07 49 GMT PublicKeyInto Algorithm name X 509 rsaEncryption Modulus n 1024 bits 16574300073530619299711756289853658360585922845521117163073815855989730994 424195975049742 634337589053 6490502929548450998243448632595011570952551767 7011616656908963216398179133323977323187771274664312501085550617414306630 041183 48507669050906895786617697212081811410853590733 69329733 12
283. ma eo lze 43 3 128 8 c0050500000000 S a rotar p 2 o Z C Back _ J Fig 179 Monitoring gt WLAN gt WDS gt Values in the WDS list Field Description WDS Description Shows the name of the WDS link Remote MAC Shows the MAC address of the WDS link partner Up Time Shows the time in hours minutes and seconds for which the WDS link is active Tx Packets Shows the total number of packets sent Rx Packets Shows the total number of packets received Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm Data Rate mbps Shows the current transmission rate of data received on this WDS link in mbps Rate Shows separately for each of the stated data rates the values bintec WLAN and Industrial WLAN Field Description for Tx Packets and Rx Packets 21 4 4 Bridge Links In the Monitoring gt WLAN gt Bridge Links menu the current values and activities of the bridge links are shown Save configuration J WLAN1 VSS DS Bridge Links Client Links Physical Interfaces pec Automatic Refresh Interval 300 Seconds C Apply 0 e Bridge Link Table WielessLAN oy Bridge Link Tx Rx Signal dBm RSSH RSSI2 Noise Data Rate m Se 3 Description PE AS AS wem Packets Packets RSSI3 dBm mbps VIA waso 00 00 00 00 00 00 04 20h34m o o 0 0 0 0 lo 0 ra Roming E 245 J wasi 00 00 00 00 00 00 0
284. mbH The bintec HotSpot Solution consists of a bintec gateway installed onsite with its own WLAN access point or additional connected WLAN device or wired LAN and of the Hot spot server centrally located at a computing centre The operator account is administered on the server via an administration terminal e g a hotel reception PC this includes func tions such as registration entry generating tickets statistical analysis etc Login sequence at the Hotspot server When a new user connects with the Hotspot he she is automatically assigned an IP ad dress via DHCP As soon as he attempts to access any Internet site with a browser the user is redirected to the home login page After the user has entered the registration data user password these are sent to the central RADIUS server Hotspot server as RADIUS registration Following successful registration the gateway opens Internet access For each user the gateway sends regular additional information to the RADIUS server for recording accounting data When the ticket expires the user is automatically logged off and again redirected to the home login page Requirements To operate a Hotspot the customer requires A bintec device as a Hotspot gateway with an active internet access and configured Hot spot server Entries for login and accounting see menu System Management gt Re mote Authentication gt RADIUS gt New with Group Description Standard Group 0
285. mbers OK Cancel __ Fig 57 LAN gt VLAN gt VLANs gt Edit New The LAN gt VLAN gt VLANs gt Edit New menu consists of the following fields Fields in the VLANs Configure VLAN menu Field Description VLAN Identifier Enter the number that identifies the VLAN In the Edit menu you can no longer change this value Possible values are 1 to 4094 VLAN Name Enter a unique name for the VLAN A character string of up to 32 characters is possible VLAN Members Select the ports that are to belong to this VLAN You can use the Add button to add members bintec WLAN and Industrial WLAN Field Description For each entry also select whether the frames to be transmitted from this port are to be transmitted tagged i e with VLAN in formation or untagged i e without VLAN information 11 2 2 Port Configuration In this menu you can define and view the rules for receiving frames at the VLAN ports ra Language English View Standard Save configuration d VLANs Port Configuration Administration m View 20 per page lriterin None lequal Go Interface PVID Drop untagged frames Drop non members ent 0 1 Management O LVL AA T Management Bi O O E EEN a OK J Cancel HH Fig 58 LAN gt VLAN gt Port Configuration The LAN gt VLAN gt Port Configuration menu consists of the following fields Fie
286. menu the current values and activities of the client links are shown a F a ea pa gar o e Language English View Standard Online Help lt a ESTATE uration d 7 WLAN1 VSS WDS Bridge Links Client Links automatic Refresh interval 300 Seconds Apply Client Link Table Client Link Description AP MAC Address Up Time Tx Packets Rx Packets Signal dBm RSSH RSSI2 RSSI3 Noise dm Data Rate mbps WLANI sta1 0 Od 20h 41m 42s 0 0 0 0 0 0 0 0 P IPSec Interfaces WLAN Bridges Hotspot Gateway MA Fig 182 Monitoring gt WLAN gt Client Links Values in the Client Links list Field Description Client Link Description Shows the name of the client link AP MAC Address Shows the MAC address of the client link partner Up Time Shows the time in hours minutes and seconds for which the cli bintec WLAN and Industrial WLAN Field Description ent link in question is active Tx Packets Shows the total number of packets sent Rx Packets Shows the total number of packets received Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm Shows the current transmission rate of data received on this cli ent link in mbps Data Rate mbps Client Link Details You can use the P icon to open an overview of further details of the client links Language English x View Standard Online Help Logout
287. ministration gt Status appears the warning System password not changed The System Management gt Global Settings gt Passwords menu consists of the follow ing fields Fields in the Passwords System Password menu Field Value System Admin Pass Enter the password for the user name admin This password is also used with SNMPv3 for authentication MD5 and encryption DES Confirm Admin Pass Confirm the password by entering it again Fields in the Passwords SNMP Communities menu bintec WLAN and Industrial WLAN Field Value SNMP Read Community Enter the password for the user name read SNMP Write Community Enter the password for the user name write Fields in the Passwords Global Password Options menu Field Value Show passwords and Define whether the passwords are to be displayed in clear text keys in clear text plain text The function is activated with Show The function is disabled by default If you activate the function all passwords and keys in all menus are displayed and can be edited in plain text The WLAN and IPSec keys are one exception here They can only be entered in plain text If you press OK or call the menu again they are displayed as asterisks 9 2 3 Date and Time You need the system time for tasks such as correct timestamps for system messages ac counting or IPSec certificates bintec WLAN and Industrial WLAN WI1040n Language English View Standard mil w
288. mmunications GmbH Field VENTO e None default value Wildcard mode is not used e Static With this setting you must enter the MAC address of a device that is connected over IP under Wildcard MAC Ad dress Each packet without IP and without ARP is forwarded to this device This occurs even when the device is no longer connected e First lf you choose this setting the MAC address of the first non IP unicast frame or non ARP unicast frame which occurs on any of the Ethernet interfaces is used as the wildcard MAC address This wildcard MAC address can only be reset by rebooting the device or by selecting another wildcard mode e Last If you choose this setting the internal WLAN MAC ad dress is used to establish a connection to the access point As soon as a non IP unicast frame or non ARP unicast frame ap pears it is forwarded to the MAC address from which the last non IP unicast frame or non ARP unicast frame was received on the Ethernet interface of the device This wildcard MAC ad dress is renewed with each non IP unicast frame or non ARP unicast frame Wildcard MAC Address Only for Wildcard Mode Static Enter the MAC address of a device that is connected over IP Transparent MAC Ad Only for Wildcard Mode Static First dress Choose whether or not the Wildcard MAC Address is used in addition to the WLAN MAC address to establish the connection to the access point The function is activated with Enabled The fu
289. mport Choose the Import button to import other certificates bintec WLAN and Industrial WLAN View Standard w Online Help Certificate List CRLs Certificate Servers import Interface Mode Bridge External Filename Browse 6 ae SS Local Certificate Description _ Administrative Access S dni et LA d Remote Authentication File Encoding Auo w Certificates T _ Piysicallmertaces z 035 E OK Cancel Fig 48 System Management gt Certificates gt Certificate List gt Import The System Management gt Certificates gt Certificate List gt Import menu consists of the following fields Fields in the Certificate List Import menu Field Description External Filename Enter the file path and name of the certificate to be imported or use Browse to select it from the file browser Local Certificate De Enter a unique description for the certificate scription File Encoding Select the type of coding so that your device can decode the certificate Possible values e auto default value Activates automatic code recognition If downloading the certificate in auto mode fails try with a cer tain type of encoding e Base64 e Binary Password You may need a password to obtain certificates for your keys bintec WLAN and Industrial WLAN Field Description Enter the password here
290. n the Local Services gt DHCP Server gt DHCP Pool menu a list of all configured IP ad dress pools is shown In the list for each entry you have the possibility under Pool of enabling or disabling the configured DHCP pools 18 4 1 1 New Choose the New button to set up new IP address pools Choose the o icon to edit exist ing entries WI1040n Language English View Standard Online Help DHCP Pool IP MAC Binding DHCP Relay Settings Basic Parameters Interface Selectone IP Address Range Pool Usage Local Advanced Settings I PES Gateway Use router as gateway _ _ _ Lease Time 120 Minutes f gt HTTPS DHCP Options DynDHS Client DHCP Server Scheduling OK j __Cancel__ Surveillance E Funkwerk Discovery _ HotSpot Gateway JE Fig 141 Local Services gt DHCP Server gt DHCP Pool gt New The Local Services gt DHCP Server gt DHCP Pool gt New menu consists of the following fields Fields in the DHCP Pool Basic Parameters menu Field Description Interface Select the interface over which the addresses defined in IP Range are to be assigned to DHCP clients bintec WLAN and Industrial WLAN 18 Local Services Funkwerk Enterprise Communications GmbH Field Description When a DHCP request is received over this Interface one of the addresse
291. nView For more information on the SNMP versions see the relevant RFCs and drafts e SNMP V 1 RFC 1157 e SNMP V 2c RFC 1901 1908 e SNMP V 3 RFC 3410 3418 20 4 1 SNMP Trap Options In the event of errors a message known as a trap packet is sent unrequested to monitor the system In the External Reporting gt SNMP gt SNMP Trap Options menu you can configure the sending of traps WI1040n Language English View Standard Online Help if eet ares PEER S SNMP Trap Hosts _ Basic Parameters SNMP Trap Broadcasting Enabled DOO _ m A a Fig 166 External Reporting gt SNMP gt SNMP Trap Options The External Reporting gt SNMP gt SNMP Trap Options menu consists of the following fields Fields in the SNMP Trap Options Basic Parameters menu bintec WLAN and Industrial WLAN Field Description SNMP Trap Broadcast Select whether the transfer of SNMP traps is to be activated ing Your device then sends SNMP traps to the LAN s broadcast ad dress The function is activated by choosing Enabled The function is disabled by default SNMP Trap UDP Port Only if SNMP Trap Broadcasting is enabled Enter the number of the UDP port to which your device is to send SNMP traps Any whole number is possible The default value is 162 SNMP Trap Community Only if SNMP Trap Broadcasting is enabled Enter a new SNMP
292. namic IP addresses using a DynDNS provider e Configuration of gateway as a DHCP server assignment of IP addresses e Access restriction on the Internet web filter e Assignment of incoming and outgoing data and voice calls to authorised users CAPI server e Automation of tasks according to schedule scheduling e Alive checks for hosts or interfaces ping tests e User LAN protection theft protection e Realtime video audio conferences Messenger services universal plug play e Provision of public Internet accesses hotspot 18 1 DNS Each device in a TCP IP network is usually located by its IP address Because host names are often used in networks to reach different devices it is necessary for the associated IP address to be known This task can be performed by a DNS server which resolves the host names into IP addresses Alternatively name resolution can also take place over the HOSTS file which is available on all PCs Your device offers the following options for name resolution DNS Proxy for forwarding DNS requests sent to your device to a suitable DNS server This also includes specific forwarding of defined domains Forwarded Domains DNS cache for saving the positive and negative results of DNS requests e Static entries Static Hosts for manually defining or preventing assignments of IP ad dresses to names DNS monitoring for providing an overview of DNS requests on your device Global Name Serve
293. nction is disabled by default 9 4 Administrative Access In this menu you can configure the administrative access to the device 9 4 1 Access In the Administrative Access gt Access menu a list of all IP configurable interfaces is shown witodon PE wi1040n Access ssh sume EA Interface Telnet SH HTTP HTTPS Ping SNMP im pro E la E ja Ja Cada ow JC cancel Fig 39 System Management gt Administrative Access gt Access For the Ethernet interface you can select the access parameters Telnet SSH HTTP HT TPS Ping and SNMP bintec WLAN and Industrial WLAN 9 4 1 1 Add Press the Add button to configure administrative access for additional interfaces WI1040n Language English View Standard Online Help w 1040n g f Interface Select one C ok JC cano J Fig 40 System Management gt Administrative Access gt Access gt Add The System Management gt Administrative Access gt Access gt Add menu consists of the following fields Fields in the Access menu Field Description Interface Select the interface for which administrative access is to be con figured 9 4 2 SSH Your devices offers encrypted access to the shell You can enable enabled default value or disable this access in the System Management gt Administrative Access gt SSH men
294. ndividual security instances and their method of operation is given below Funkwerk Enterprise Communications GmbH 17 Firewall NAT One of the basic functions of NAT is the translation of the local IP addresses of your LAN into the global IP addresses you are assigned by your ISP and vice versa All connections initiated externally are first blocked i e every packet your device cannot assign to an exist ing connection is rejected This means that a connection can only be set up from inside to outside Without explicit permission NAT rejects every access from the WAN to the LAN IP Access Lists Here packets are permitted or rejected exclusively on the basis of the criteria listed above i e the state of the connection is not considered except where Services tcp SIF The SIF sorts out all packets that are not explicitly or implicitly allowed The result can be a deny in which case no error message is sent to the sender of the rejected packet or a reject where the sender is informed of the packet rejection The incoming packets are processed as follows e The SIF first checks if an incoming packet can be assigned to an existing connection If so it is forwarded If the packet cannot be assigned to an existing connection a check is made to see if a suitable connection is expected e g as affiliated connection of an exist ing connection If so the packet is also accepted e If the packet cannot be assigned to any existi
295. ndwidth Number of spatial streams and Wireless Mode different whole values in mbps will be available for se lection Burst Mode Activate this function to increase the transmission speed for 802 11g through frame bursting As a result several packets are sent one after the other without a waiting period This is par ticularly effective in 11b g mixed operation The function is activated with Enabled The function is activated by default If problems occur with older WLAN hardware this function should be deactivated The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Channel Plan Only for Operation Mode Access Point and Channel Auto Select the desired channel plan The channel plan makes a preselection when a channel is se lected This ensures that no channels overlap i e a distance of four channels is maintained between the channels used This is useful if more access points are used with overlapping radio cells Possible values e A11 All channels can be dialled when a channel is selected e Auto Depending on the region operation band wireless mode and bandwidth the channels that have a distance of 4 channels are provided e User Defined Select the desired channels Beacon Period Only if Operation Mode Access Point or Access Client with Client Mode Ad Hoc Funkwerk Enterprise Communications GmbH 12 Wireless LAN Field Description
296. ne for a remote terminal without bintec is set Propagate PMTU Select whether the PMTU Path Maximum Transfer Unit is to be propagated during phase 2 The function is activated with Enabled The function is enabled by default 16 1 4 XAUTH Profiles In the XAUTH Profiles menu a list of all XAuth users is displayed Extended Authentication for IPSec XAuth is an additional authentication method for IPSec tunnel users The gateway can take on two different roles when using XAuth as it can act as a server or as a client e As a server the gateway requires a proof of authorisation e Asa client the gateway provides proof of authorisation In server mode multiple users can obtain authentication via XAuth e g users of Apple iPhones Authorisation is verified either on the basis of a list or via a Radius Server If using a one time password OTP the password check can be carried out by a token server e g SecOVID from Kobil which is installed behind the Radius Server If a company s headquarters is connected to several branches via IPSec several peers can be configured A specific user can then use the IPSec tunnel over various peers depending on the assign ment of various profiles This is useful for example if an employee works alternately in dif ferent branches if each peer represents a branch and if the employee wishes to have on site access to the tunnel XAuth is carried out once IPSec IKE Phase 1 has been compl
297. nformation on the meaning of the LEDs see the Technical Data chapter of the manual 3 Note Before a reboot make sure you confirm your configuration changes by clicking the Save Configuration button so that these are not lost when you reboot Do you really want to reboot the system now Fig 160 Maintenance gt Reboot gt System Reboot If you want to restart your device click on the OK button The device will reboot bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 20 External Reporting Chapter 20 External Reporting In this system menu you define what system protocol messages are saved on which com puters and whether the system administrator should receive an e mail for certain events Information on IP data traffic can also be saved depending on the individual interfaces In addition SNMP traps can be sent to specific hosts in case of error Moreover you can pre pare your device for monitoring with the activity monitor 20 1 Syslog Events in various subsystems of your device e g PPP are logged in the form of syslog messages system logging messages The number of messages visible depends on the level set eight levels from Emergency and Information to Debug In addition to the data logged internally on your device all information can and should also be passed to one or more external PCs for storage and processing e g to the system ad ministrator
298. ng Retry Limit Enter the maximum number of attempts to send a data packet of length greater than the value defined in RTS Threshold After this many failed attempts the packet is discarded Possible values are 1 to 255 The default value is 4 Fragmentation Enter the maximum size as of which the data packets are to be Threshold fragmented i e split into smaller units Low values are recom mended for this field in areas with poor reception and in the event of radio interference Possible values are 256 to 2346 The default value is 2346 bintec WLAN and Industrial WLAN 13 3 4 Wireless Networks VSS Slave Access Points Radio M lodules Radio Profi les Wir VSS Descristion Network Name SSID Number of associated radio modules Securty Status Action vss 1 Funkwerk ec hi WPA PSK IC ace i a New Controller Configuration Fig 84 Wireless LAN Controller gt Slave AP Configuration gt Wireless Networks VSS In the Wireless LAN Controller gt Slave AP Configuration gt Wireless Networks VSS menu an overview of all wireless networks that have been created is displayed A wireless network is created by default For each wireless network VSS you will see an entry with a parameter set VSS Descrip tion Network Name SSID Number of associated radio modules Security Status Action 13 3 4 1 Edit New Choose the pjicon to edit existing entr
299. ng or expected connection the SIF filter rules are applied If a deny rule matches the packet the packet is rejected without send ing an error message to the sender of the packet if a reject rule matches the packet is rejected and an ICMP Host Unreachable message sent to the sender of the packet The packet is only forwarded if an accept rule matches e All packets without matching rules are rejected without sending an error message to the sender when all the existing rules have been checked default behaviour 17 1 Policies 17 1 1 Filter Rules The default behavior with Action Access consists of two implicit filter rules If an incom ing packet can be assigned to an existing connection and if a suitable connection is expec ted e g such as an affiliated connection of an existing connection the packet is allowed The sequence of filter rules in the list is relevant The filter rules are applied to each packet in succession until a rule matches If overlapping occurs i e more than one filter rule matches a packet only the first rule is executed This means that if the first rule denies a packet whereas a later rule allows it the packet is rejected A deny rule also has no effect if a relevant packet has previously been allowed by another filter rule In the Firewall gt Policies gt Filter Rules menu a list of all configured filter rules is shown WI1040n Language English View Standard 110401
300. ngs wan ma m Privacy None Administration 5 Wireless LAN Como 77e Perner Routing ti no 7 Remote MAC Address 00 00 00 00 00 00 es C OK JC Cancel Monitoring Fig 65 Wireless LAN gt WLAN gt WDS Links gt gt New The Wireless LAN gt WLAN gt WDS Links gt gt New menu consists of the following fields Fields in the WDS Links Basic Parameters menu Field Description WDS Description Enter a name for the WDS link If the Use Standard option is activated the generated name of the interface is automatically used If the option is not activated you can enter a suitable name in the input field The Use Standard option is enabled by default Fields in the WDS Security Settings menu Field Description Privacy Select whether an encryption method is to be used for this WDS link and if so which one Possible values e None default value Data traffic on this WDS link is not en crypted e WEP40 Data traffic on this WDS link is encrypted with WEPA40 In WEP Key 1 4 enter the key for this WDS link bintec WLAN and Industrial WLAN 12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description and in Transmission Key select the default key WEP104 Data traffic on this WDS link is encrypted with WEP104 In WEP Key 1 4 enter the key for this WDS link and in Transmission Key select the default key e WPA Data traffic on this WDS link is encrypted with WPA Ent
301. nkwerk Enterprise Communications GmbH 7 Access and configuration 7 2 Logging in With the help of certain access data you can log in on your device and carry out different actions The extent of the actions available depend on the authorisations of the user con cerned A login prompt appears first regardless of how you access your device You cannot view any information on the device or change the configuration without authentication 7 2 1 User names and passwords in ex works state In its ex works state your device is provided with the following user names and passwords User names and passwords in ex works state User Name Password Authorisations admin funkwerk Read and change system variables save configurations use Funkwerk Configuration Interface write public Read and write system variables except passwords changes are lost when you switch off your device read public Read system variables except passwords It is only possible to change and save configurations if you log in with the user name ad min Access information user names and passwords can also only be changed if you log in with the user name admin For security reasons passwords are normally shown on the Setup Tool screen not in plain text but only as asterisks The user names on the other hand are displayed as plain text The security concept of your device enables you to read all the other configuration settings with the user name read but no
302. nly if Real Time Jitter Control Enabled Select the mode for optimising voice transmission Possible values All RTP Streams All RTP streams are optimised The function activates the RTP stream detection mechanism for the automatic detection of RTP streams In this mode the Real Time Jitter Control is activated as soon as an RTP stream has been detected Inactive Voice data transmission is not optimised Controlled RTP Streams only default value This mode is used if either the VoIP Application Layer Gateway ALG or the VoIP Media Gateway MGW is active Real Time Jitter Control is activated by the control instances ALG or MGW Always Real Time Jitter Control is always active even if no 14 Routing Funkwerk Enterprise Communications GmbH Field Description real time data is routed Queues Policies Configure the desired QoS queues For each class created from the class plan which is associated with the selected interface a queue is generated automatically and displayed here only for outgoing classified data traffic and for data traffic classified in both directions Add a new entry with Add The Edit Queues Policies menu opens The Edit Queues Policies menu consists of the following fields Fields in the Edit Queues Policies menu Field Description Description Enter the name of the queue policy Shows the interface for which the QoS Queues are being con Outgoing Interface figured Priorisation qu
303. nnels Europe IEEE802 11a h 19 channels Europe Standards IEEE 802 11a b g d h i IEEE 802 3 IEEE 802 3af IEEE 802 1q VLAN Tagging Standards amp Guidelines R amp TTE Directive 1999 5 EC EN 60950 1 IEC60950 EN 60950 22 EN 301489 1 EN301489 17 EN 55022 EN 300328 1 EN 301893 EN 302502 EN 50371 Medical equipment EN 60601 1 EN 60601 2 EN 55011 6 Technical data Funkwerk Enterprise Communications GmbH Property Value E1 mark vehicle licencing Buttons Reset and reset to ex work settings possible with two but tons 1x config reset 1x HW reset Security features WEP WPA WPA2 Access Control List Network Name Broadcast can be deactivated WEP key length bit 40 64 or 104 128 Software supplied Dime Manager on DVD Printed documentation supplied Quick Install Guide Safety notices R amp TTE Compliance Information Online documentation General Product Features bintec WI1 User s Guide Workshops Release Notes if applicable 065n and bintec WI2065n Property Value Variants bintec WI1065n An internal wireless module 3 external antenna WLAN 1 Ant 1 WLAN 1 Ant 2 WLAN 1 Ant 3 bintec WI2065n Two internal wireless modules 4 external antenna WLAN 1 Ant 1 WLAN 1 Ant 2 WLAN 2 Ant 1 WLAN 2 Ant 2 Dimensions and weights Equipment dimensions without cable 257 mm x 285 mm x 60 mm WxLxH Weig
304. nt received and processed as per RFC 2091 triggered RIP e RIP V2 Triggered RIP V2 messages are sent received and processed as per RFC 2091 triggered RIP Route Announce Select this option if you want to set the time at which any activ ated routing protocols e g RIP are to propagate the IP routes defined for this interface Note This setting does not affect the interface specific RIP con figuration mentioned above Possible values e Up or Dormant not for LAN interfaces interfaces in Bridge mode and interfaces for leased lines Routes are propagated if the interface status is up or ready e Up Only Routes are only propagated if the interface status is up e Always Routes are always propagated independent of oper ational status 14 3 2 RIP Filter In this menu you can specify exactly which routes are to be exported or imported You can use the following strategies for this e You explicitly deactivate the import or export of certain routes The import or export of all other routes that are not listed is still allowed e You explicitly activate the import or export of certain routes In this case you must also explicitly deactivate the import or export of all other routes You can do this using a filter for IP Address no entry this corresponds to the IP address 0 0 0 0 with Netmask no entry this corresponds to the netmask 0 0 0 0 To make sure this filter is used last it must be placed at the lowest po
305. ntenna connection Ant Fig 73 Antenna connection A label containing details of the two antennas is located on the back of the device The primary antenna is designated Ant 1 12 1 5 1 Bridge Links gt New Choose the picon to edit existing entries Choose the New button to configure other bridge links WI1040n View Standard Online Hel Logout out 110404 guage Engl o Basic Parameters Bridge Link Description Use default Remote Configuration O Denied Allowed mues PresharedKey El automatic pn j Remote MAC Address d Eoo apa aD OK y cancel Fig 74 Wireless LAN gt WLAN gt Bridge Links gt gt New The Wireless LAN gt WLAN gt Bridge Links gt gt New menu consists of the following fields Fields in the Bridge Links Basic Parameters menu Field Description Bridge Link Description Enter a name for the bridge link If the Use Standard option is activated the generated name of the interface is automatically used bintec WLAN and Industrial WLAN Field Description If the option is not activated you can enter a suitable name in the input field The Use Standard option is enabled by default Remote Configuration Select whether setup of a bridge link from a remote bridge is to be permitted Possible values e Allowed default value It is possible to set up a bridge link from
306. o process the existing list entry You go to the configuration menu Click this tab to display extended configuration options The following options are available for the configuration Funkwerk Configuration Interface configuration elements Input fields Radio buttons Checkboxes e g empty text field Text field with hidden input e Enter the data e g Address Mode Static DHCP Select the corresponding option e g activation by selecting checkbox Enabled Selection of several possible options Encryption Algorithms 13DES 4 Blowfish AES 128 AES 256 Hashing Algorithms IMDS 141 SHA 1 IVI RipeMD160 7 Access and configuration Funkwerk Enterprise Communications GmbH Dropdown menus e g C Full Autonegotiation C Full Autonegotiation SA Full Autonegotiation im Click the arrow to open the list Select the required option using the mouse Internal lists e g Remote IP Address Netmask 255 255 255 0 m Add Click ada A new list entry is created Enter the correspond ing data If list input fields remain empty these are not saved when you confirm with OK Delete the entries by clicking the icon Display of options that are not available Options that are not available because they depend on the selection of other options are generally hidden If the display of these options could be helpful for a configuration de cision they are inste
307. ocal Services gt Scheduling gt Options The Local Services gt Scheduling gt Options menu consists of the following fields bintec WLAN and Industrial WLAN Fields in the Options Scheduling Options menu Field Description Schedule Interval Select whether the schedule interval is to be enabled for the in terface Enter the interval in seconds during which the system checks whether there are planned tasks Possible values are 0 to 65535 The value 300 is recommended 5 minute accuracy Values lower than 60 are generally pointless and are an unnecessary use of system resources The field is not activated by default 18 6 Surveillance In this menu you can configure an automatic availability check for hosts or interfaces and automatic ping tests a Note This function cannot be configured on your device for connections that are authentic ated via a RADIUS server 18 6 1 Hosts In the Local Services gt Surveillance gt Hosts menu a list of all monitored hosts is shown 18 6 1 1 Edit New Choose the i icon to edit existing entries Choose the New button to set up new surveil lance tasks servers bintec WLAN and Industrial WLAN Host Parameters Group iD New iD WuelessLAN trigger WirelessLAN Comioller Z monitored IP Address 00 00 Routing l dt Source IP Address Automatic VPN Interval 10 Seconds ee S g Interface Interface Action DUS
308. ocol PPTP to set up a connection e g required in Austria 15 1 2 1 New Choose the New button to set up new PPTP interfaces winoaon Sa 40n Basic Parameters 3 o 0 o i Description Dd PPTP Interface p Selectors al x User Name i Wi Password 7 eeccccce reaa Eei r Ti Connection Idle Timeout oo seconds oan os A IP Address Mode Ostatic Get IP Address DefautRoute ssisCemaed Create NAT Policy off HlEnabled E o Advanced Settings Block fier opa failure for Bo a Maximum Number of Dialup Retries a Authentication a Ee EO DNS Negotiation 1 i enable l aii Prioritize TCP ACK Packets Elenabled j PPTP Address Mode static o Local PPTP IP Address fiooo1a Remote PPTP IP Address foao hi LCP Alive Check Dlenabiea 3 Er OK Cancel i Fig 108 WAN gt Internet Dialup gt PPTP gt New The WAN gt Internet Dialup gt PPTP gt New menu consists of the following fields Fields in the PPTP Basic Parameters menu Field Description Description Enter a name for uniquely identifying the internet connection The first character in this field must not be a number and no special characters or umlauts must be used PPTP Interface Select the IP interface over which packets are to be transported to the remote PPTP terminal bintec WLAN and Industrial
309. of answer ing all DNS requests concerning the host dyn_client provider com with the dynamic IP address of your device To ensure that the provider always knows the current IP address of your device your device contacts the provider when setting up a new connection and propagates its present IP address 18 3 1 DynDNS Update In the Local Services gt DynDNS Client gt DynDNS Update menu a list of all configured DynDNS registrations is shown that are to be updated 18 3 1 1 New Choose the New button to set up further DynDNS registrations to be updated WI1040n le Language English Online Help Logout w110400 2 DynDNS Update DynDNS Provider Basic Parameters Host Name Interface Selectone UserName Password ecccccce Provider dyndns v Enable update Enabled Advanced Settings O T Mail Exchanger MX L ke wildcard Denabled C ok C Cancel _ Fig 139 Local Services gt DynDNS Client gt DynDNS Update gt New The Local Services gt DynDNS Client gt DynDNS Update gt New menu consists of the following fields Fields in the DynDNS Update Basic Parameters menu Field Description Host Name Enter the complete host name as registered with the DynDNS provider Interface Select the WAN interface whose IP address is to be propagated over the DynDNS service e g the inter
310. of errors sent Rx Packets Shows the total number of packets received Rx Bytes Displays the total number of bytes received Rx Errors Shows the total number of errors received Status Shows the operating status of the selected interface Unchanged for Shows the length of time for which the operating status of the interface has not changed Action Enables you to change the status of the interface as displayed bintec WLAN and Industrial WLAN 21 4 WLAN 21 4 1 WLAN1 In the Monitoring gt WLAN gt WLAN1 menu the current values and activities of the first interface are shown WI1040n Language English View Standard Online Help w 11040n WLANT vss wps Bridge Links Client Links Automatic Refresh Interval 300 Seconds Apply WLAN Statistics z 5 mbes Tx Packets TEE 802 11 afbig ce a KO o o e fo FE pe 0 O 24 0 0 pe LS 0 E K 12 0 0 aa IN o is o i 5 5 0 o 2 o i AA 1 10 o F sozin 1444 o A CE i 139 0 0 pss mo 0 867 jo fo 22 o o 65 0 0 on e 43 3 0 o zsa p o 121 7 0 0 14 4 lo o 2 ps i i E Total y p Advanced Fig 174 Monitoring gt WLAN gt WLAN1 Values in the list WLAN1 Field Description mbps Displays the possible data rates on this wir
311. of frames received incompletely or with er ceived rors 21 4 2 VSS In the Monitoring gt WLAN gt VSS menu the current values and activities of the con figured wireless networks are shown WI1040n Ed Language English View Standard Online Help Logout 10400 WLAN1 VSS WDS Bridge Links Client Links Automatic Refresh interval 300 Seconds Apply J Client Node Table os MAC Address IP Address Up Time TxPackets Rx Packets Snel dam Noise dim Data Rate mbps RSSH RSSI2 RSSIS Funkwerk ec vss1 0 a 00 04 10 67 5513 0 0 0 0 ODay s 0 0 9 2 2 89 0 0 0 99 4 a Bridges HotSpot Gateway Qos Fig 176 Monitoring gt WLAN gt VSS Values in the list VSS bintec WLAN and Industrial WLAN Field Description MAC Address Shows the MAC address of the associated client IP Address Shows the IP Address of the client Up Time Shows the time in hours minutes and seconds for which the cli ent is logged in Tx Packets Shows the total number of packets sent Rx Packets Shows the total number of packets received Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm Data Rate mbps Shows the current transmission rate of data received by this cli ent in mbps The following clock rates are possible IEEE 802 11b 11 5 5 2 and 1 mbit IEEE 802 119 a 54 48 36 24 18 12 9 6 mbit If the 5 GHz frequency band is used the di
312. ograms gt Accessories gt HyperTerminal in the Windows Start menu 2 Press Return at least once after the HyperTerminal window opens A window with the login prompt appears You are now in the SNMP shell of your device You can now log in on your device and start the configuration Check If the login prompt does not appear after you press Return several times the connection to your device has not been set up successfully Therefore check the COM1 or COM2 settings on your PC 1 Click on File gt Properties 2 Click Configure in the Connect to tab The following settings are necessary Bits per second 9600 Data bits 8 Parity open Stopbits 1 Flow control open 3 Enter the values and click OK 4 Make the following settings in the Settings tab Emulation V7100 5 Click OK The changes to the terminal program settings do not take effect until you disconnect the connection to your device and then make the connection again If you use HyperTerminal there may be problems with displaying umlauts and other special characters If necessary therefore set HyperTerminal to Autodetection instead of VT 100 Unix You will require a terminal program such as cu on System V tip on BSD or minicom on Linux The settings for these programs correspond to those listed above Example of a command line for using cu cu s 9600 c dev ttySl Example of a command line for using tip tip 9600 dev ttySl Fu
313. ol any E source Pot PH Pot O to ro Destination Port NENE Port ENS to Port DSCP TOS Value Ignore Mode Dialup andwat L ok XC Cancel Fig 90 Routing gt Routes gt IP Routes gt New with Extended Route Activated N and Industrial W Funkwerk Enterprise Communications GmbH 14 Routing The Routing gt Routes gt IP Routes gt New menu consists of the following fields Fields in the IP Routes Route Class menu Field Description Extended Route Select whether the route is to be defined with extended para meters If the function is active a route is created with extended routing parameters such as source interface and source IP ad dress as well as protocol source and destination port type of service TOS and the status of the device interface The function is activated by choosing Enabled The function is disabled by default Fields in the IP Routes Route Parameters menu Field Description Route Type Select the type of route Possible values e Network Route default value Route to a network e Default Route ls used if no other suitable route is avail able e Host Route Route to a single host Destination IP Address Only if Route Type Host Route or Network Route Netmask Enter the IP address of the destination host If Route Type Network Route also enter the netmask in the second field If no entry is made your device uses a default net mask Interface If n
314. ollection Timer is started as soon as the route timeout has expired After this timeout the invalid route is deleted from the IPROUTETABLE if no update is carried out for the route The default value is 120 seconds Fields in the RIP Options Timer for Triggered RIP RFC 2091 menu Field Description Hold Down Timer Only for RFC 2091 Variable Timer Enabled The hold down timer is activated as soon as your device re ceives an unreachable route metric 16 The route may deleted once this period has elapsed The default value is 120 seconds Retransmission Timer Only for RFC 2091 Variable Timer Enabled After this timeout update request or update response packets are sent again until an update flush or update acknowledge packet arrives The default value is 5 seconds 14 4 Load Balancing 14 4 1 Load Balancing Groups The increasing amount of data traffic over the Internet means it is necessary to send data over different interfaces to increase the total bandwidth available IP load balancing en ables the controlled distribution of data traffic within a particular group of interfaces accord ing to the following principles e In contrast to Multilink PPP based solutions load balancing also functions with accounts with different providers e Session based load balancing is achieved e Related dependent sessions are always routed over the same interface e A decision on distribution is only made for outgoing ses
315. on is not activated for the connection If Encryption is set the remote terminal must also support it oth erwise a connection cannot be set up Possible values e None MPP encryption is not used Enabled default value MPP encryption V2 with 128 bit is used to RFC 3078 e Windows compatible MPP encryption V2 with 128 bit is used as compatible with Microsoft and Cisco LCP Alive Check Check whether the reachability of the remote terminal is to be checked by sending LCP echo requests or replies This is re commended for leased lines PPTP and L2TP connections Funkwerk Enterprise Communications GmbH 16 VPN Field Description The function is activated with Enabled The function is disabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default Fields in the Advanced Settings IP Options menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF protocol packets are to be sent Possible values e Passive default value OSPF is not activated for this inter face i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this inter face are however included when calculating the routing in f
316. onfiguration method 7 1 1 1 HTTP HTTPS With a current web browser you can use the HTML interfaces to configure your device The configuration can be set up using the Funkwerk Configuration Interface To do this enter the IP address of your device in the address field of your Web browser With DHCP server e the IP address that your DHCP server assigned to your device Without DHCP server e With direct connection to the configuration PC the fallback IP address 192 168 0 252 bintec WLAN and Industrial WLAN e The fixed IP address assigned via the Dime Manager Press the Enter Return key 7 1 1 2 Telnet Apart from configuration using a web browser with a Telnet connection you can also ac cess the SNMP shell and use other configuration options You do not need any additional software on your PC to set up a Telnet connection to your device Telnet is available on all operating systems Proceed as follows Windows 1 Click Run in the Windows Start menu 2 Entertelnet lt IP address of your device gt 3 Click OK A window with the login prompt appears You are now in the SNMP shell of your device 4 Continue with Logging in for Configuration on page 56 Unix You can also set up a Telnet connection on UNIX and Linux without any problem 1 Entertelnet lt IP address of your device gt in a terminal A window with the login prompt appears You are now in the SNMP shell of your device 2 Continue wit
317. ons 1x config reset 1x HW reset Security features WEP WPA WPA2 Access Control List Network Name Broadcast can be deactivated WEP key length bit 40 64 or 104 128 Software supplied Dime Manager on DVD Printed documentation supplied Quick Install Guide Safety notices R amp TTE Compliance Information Online documentation User s Guide Workshops Release Notes if applicable To ensure safe operation the WI series devices have a connection to earth The minimum cross section of the earth lead should be 1 5 mm The distance between the device and the connection to earth should be as short as possible For the bintec WIx065n devices the connection to earth is under the cover Fig 11 Connection to earth bintec WIx040n 6 3 LEDs The LEDs show the radio status radio activity Ethernet activity and LED states of your device The LED states are indicated by combinations of the LEDs which are explained in detail in this chapter The LEDs on bintec W1002n are arranged as follows bintec W1002n em Fig 12 LEDs of bintec W1002n In operation mode the LEDs display the following status information for your device LED status display bintec W1002n 1 D Status Information Status off The power supply is not connected If other LEDs are on also Error on static Errors on flashing Ready WLAN 1 2 on flashing slowly Free on static At least one client is regis
318. onsult the documentation for the program you are using As soon as you have connected to the device the login prompt window will appear You are now in the SNMP shell of your gateway 2 Continue with Logging in on page 55 En Note PuTTY requires certain settings for a connection to a bintec device The support pages of http www funkwerk ec com include FAQs which list the required settings 71 2 Access via the Serial Interface Your device has a serial interface with which a PC can be connected directly The follow ing chapter describes what you have to remember when setting up a serial connection and what you can do to configure your device in this way Access via the serial interface is ideal if you are setting up an initial configuration of your device and a LAN access is not possible via the pre configured IP address 192 168 0 252 255 255 255 0 Windows To connect your device to your PC via the serial interface proceed as described in nstalla tion on page 6 If you are using a Windows PC you need a terminal program for the serial connection e g HyperTerminal Make sure that HyperTerminal was also installed on the PC with the Win dows installation However you can also use any other terminal program that can be set to 7 Access and configuration Funkwerk Enterprise Communications GmbH the corresponding parameters see below Proceed as follows to access your device via the serial interface 1 Click on Pr
319. ormation and propagated over active interfaces e Active OSPF is activated for this interface i e routes are propagated or OSPF protocol packets sent over this interface e Inactive OSPF is disabled for this interface Proxy ARP Mode Select whether your device is to respond to ARP requests from its own LAN on behalf of the specific L2TP partner Possible values e Inactive default value Deactivates Proxy ARP for this L2TP partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the L2TP partner is Up active or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up until someone actually wants to use the route e Up Only Your device responds to an ARP request only if the status of the connection to the L2TP partner is Up active i e Field Description a connection already exists to the L2TP partner DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server Secondary DNS Server primary WINS and sec ondary WINS from the L2TP partner or sends these to the L2TP partner The function is activated with Enabled The function is enabled by default 16 2 3 Options aS Or Language English View Standard Save configuration Yo Tunnel Profiles Users Options tr UDP Destination Port 1701 A A UDP Source Port Selection DFixed o e C ok C Cancel IPSec L2TP
320. ot be changed Timeout Enter time in seconds for which the NAS is to wait for a re sponse from TACACS If a response is not received during the wait time the next con figured TACACS server is queried only if Policy Non authoritative and the current server is set to status Blocked The possible values are 1 to 60 the default value is 3 Block Time Enter the time in seconds for which the current server is to re main in blocked status Field Description At the end of the block time the server is set to the status spe cified in the Administrative Status field The possible values are 0 to 3600 the default value is 60 The value 0 means that the server is never set to Blocked status and thus no other servers are queried Encryption Select whether data exchange between the TACACS server and the NAS is to be encrypted with MD5 The function is activated by choosing Enabled The function is enabled by default If the function is not enabled the packets and all related inform ation are transferred unencrypted Unencrypted transfer is not recommended as a default setting and should only be used for debugging 9 5 3 Options This setting possible here causes your device to carry out authentication negotiation for in coming calls if it cannot identify the calling party number e g because the remote terminal does not signal the calling party number If the data password partner PPP ID obtained by executing the au
321. our bridge Action You can change the status of the bridge link The available ac tions are displayed in this field 12 2 Administration The Wireless LAN gt Administration menu contains basic settings for running your gate way as an access point AP 12 2 1 Basic Settings WI1040n View Standard Online Help Logout Basic Settings WLAN Administration Region Germany OK C Cancel Fig 76 Wireless LAN gt Administration gt Basic Settings The Wireless LAN gt Administration gt Basic Settings menu consists of the following fields Fields in the Basic Settings WLAN Administration menu bintec WLAN and Industrial WLAN Field Description Region Select the country in which the access point is to be run Possible values are all the countries configured on the device s wireless module The range of channels available for selection Channel in the WLAN Wireless Modules menu changes depending on the country setting The default value is Germany bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 13 Wireless LAN Controller Chapter 13 Wireless LAN Controller By using the wireless LAN controller you can set up and manage a WLAN infrastructure with up to 24 access points APs The WLAN controller has a Wizard which assists you in the configuration of your access points The system uses the CAPWAP protocol Control and Pro
322. our device see Con figuring a PC on page 18 3 Open a web browser 4 Enter http 192 168 0 252 or the IP address dynamically assigned by your DHCP server or the address statically assigned by you with the Dime Manager in the Web browser s address field 5 Enter admin in the User field and funkwerk in the Password field and click LOGIN You are not in the status menu of your device s Funkwerk Configuration Interface see Status on page 75 7 3 1 2 Operating elements Funkwerk Configuration Interface window The Funkwerk Configuration Interface window is divided into three areas e The header e The navigation bar e The main configuration window Meade wis04on TE Navigation bar Main configuration Cua Maximurn Number of Systog Entries window Maximum Message Level of SysiogEnties Ieformation Madmurn Number of Accounting Log Entries 20 oK IC Cancel Fig 25 Areas of the Funkwerk Configuration Interface Header http j 192 168 0 254 WI1040n Language English Y View Standard Y Online Help wi10401 2 Fig 26 Funkwerk Configuration Interface header Funkwerk Configuration Interface header j aria Language selection From the dropdown menu select the lan Langua el English e guage in which the Funkwerk Configuration Interface is to be displayed Here you can select the language in which you want bintec WLAN an
323. our device has obtained an IP address dynamically from a DHCP server operated in your network for the basic configuration the fallback IP address 192 168 0 252 is deleted automatically and your device will no longer function over this address However if you have set up a connection to the device over the fallback IP address 192 168 0 252 or have assigned an IP address with the Dime Manager in the basic configuration you will only be able to access your device over this IP address The device will no longer obtain an IP configuration dynamically over DHCP Example of subnets If your device is connected to a LAN that consists of two subnets you should enter a second IP Address Netmask The first subnet has two hosts with the IP addresses 192 168 42 1 and 192 168 42 2 for example and the second subnet has two hosts with the IP addresses 192 168 46 1 and 192 168 46 2 To be able to exchange data packets with the first subnet your device uses the IP address 192 168 42 3 for example and 192 168 46 3 for the second subnet The netmasks for both subnets must also be indicated 11 1 1 1 Edit New Choose the i icon to edit existing entries Choose the New button to create virtual inter faces 40n Interfaces EET E y Address Mode Ostatic DHCP fe rates ES 7 iP adress Nermask pose o s Advanced Settings DHCP MAC Address i use buitt in
324. partner This means packets that belong to an already active connection can also be forwarded The SIF also accepts packets that belong to an affiliated connection The negotiation of an FTP connection takes place over port 21 for example but the actual data exchange can take place over a completely different port SIF and other security features bintec s Stateful Inspection Firewall fits into the existing security architecture of bintec device very well due to its simple configuration The configuration work for the SIF is com paratively straightforward with systems like Network Address Translation NAT and IP Ac cess Lists IPAL As SIF NAT and IPAL are active in the system simultaneously attention must be given to possible interaction If any packet is rejected by one of the security instances this is done immediately This is irrelevant whether another instance would accept it or not Your need for security features should therefore be accurately analysed The essential difference between SIF and NAT IPAL is that the rules for the SIF are gener ally applied globally i e not restricted to one interface In principle the same filter criteria are applied to the data traffic as those used in NAT and IPAL e Source and destination address of the packet with an associated netmask e Service preconfigured e g Echo FTP HTTP e Protocol e Port number s To illustrate the differences in packet filtering a list of the i
325. pecify the data packet length threshold in bytes 1 2346 as of which the RTS CTS mechanism is to be used This makes sense if several clients that are not in each other s wireless range are run in one access point The mechanism can also be switched on off independently of the data packet length by selecting the value Always onor Always off default value Short Guard Interval Enable this function to reduce the guard interval time between transmission of two data symbols from 800ns to 400ns Short Retry Limit Enter the maximum number of attempts to send a frame of length less than or equal to the value defined in RTS Threshold After this many failed attempts the packet is dis carded Funkwerk Enterprise Communications GmbH 12 Wireless LAN Field Description Possible values are 1 to 255 The default value is 7 Long Retry Limit Enter the maximum number of attempts to send a data packet of length less than or equal to the value defined in RTS Threshold After this many failed attempts the packet is dis carded Possible values are 1 to 255 The default value is 4 Fragmentation Enter the maximum size as of which the data packets are to be Threshold fragmented i e split into smaller units A low value is recom mended for this field in areas with poor reception and in the event of radio interference Possible values are 256 to 2346 The default value is 2346 bytes 12 1 2 Virtual Service Sets If you operat
326. pot Gateway Fig 138 Local Services gt HTTPS gt HTTPS Server The Local Services gt HTTPS gt HTTPS Server menu consists of the following fields Fields in the HTTPS Server HTTPS Parameters menu bintec WLAN and Industrial WLAN Field Description HTTPS TCP Port Enter the port via which the HTTPS connection is to be estab lished Possible values are 0 to 65535 The default value is 443 Local Certificate Select a certificate that you want to use for the HTTPS connec tion Possible values e Internal default value Select this option if you want to use the certificate built into the device e lt Certificate name gt Select the entered certificate under System Management gt Certificates gt Certificate List 18 3 DynDNS Client The use of dynamic IP addresses has the disadvantage that a host in the network can no longer be found once its IP address has changed DynDNS ensures that your device can still be reached after a change to the IP address The following configuration steps are necessary e Registration of a host name at a DynDNS provider e Configuration of your device Registration The registration of a host name means that you define an individual user name for the DynDNS service e g dyn_client The service providers offer various domain names for this so that a unique host name results for your device e g dyn client provider com The DynDNS provider relieves you of the task
327. pou 005 se Description Type Class ID Priority Bandwidth for Traffic Shaping Queues Policies porro om a emt 8 Mo Fig 106 Routing gt QoS gt QoS Interfaces Policies gt New The Routing gt QoS gt QoS Interfaces Policies gt New menu consists of the following fields Fields in the QoS Interfaces Policies Basic Parameters menu Field Description Interface Select the interface for which QoS is to be configured bintec WLAN and Industrial WLAN 14 Routing Funkwerk Enterprise Communications GmbH Field Description Priorisation algorithm Select the algorithm according to which the queues are to be processed This activates and deactivates QoS on the selected interface Possible values e Priority Queueing default value QoS is activated on the interface The available bandwidth is distributed strictly ac cording to the queue priority e Weighted Round Robin QoS is activated on the interface The available bandwidth is distributed according to the weighting weight of the queue Exception High priority pack ets are always handled with priority e Weighted Fair Queueing QOS is activated on the inter face The available bandwidth is distributed as fairly as pos sible among the automatically detected traffic flows in a queue Exception High priority packets are always handled with priority e Disabled QoS is deactivated on the interface The existing configuration i
328. pparecchiatura significa che alla fine della durata in vita dell apparecchiatura questa dovr essere smaltita separatamente dai rifiuti domestici nei punti di raccolta previsti a tale scopo El s mbolo del contenedor con la cruz que se encuentra en el aparato significa que cuando el equipo haya llegado al final de su vida til deber ser llevado a los centros de recogida previstos y que su tratamiento debe estar separado del de los residuos urbanos Symbolen som sitter p apparaten med den korsade avfallstunnan betydet att ro nar den tj nat ut ska kasseras och l mnas till de f rutsedda sorterg rdarna och skiljas fran normalt hus h llsavfall Tegnet p apparatet som viser en avfallcontainer med et kyss over betyr at apparatet m kastet p hertil egnet avfallssted og ikke sammen med vanlig avfall fra husholdningen To o uBolo nov Ppioxetal otv OVOKEV pe TO otavpwp vo kOVT IVE anoppipp tov onpaiver OTL N ovoxev OTO T AOS TNG StapKetac XPG TNG pe va dtatebei Ae and TA KAVOVIK anoppippata ota yr aut Tov okon npoBhen peva onpeia di Beono Symbolet med gennemkrydset affaldsbeholder p apparatet betyder at apparatet nar det ikke kan bruges l ngere skal bortskaffes adskilt fra normalt husholdningsaffald p et af de dertil be regnede bortskaffelsessteder Znajduj cy sig na urz dzeniu symbol przekreslonego pojemnika na mieci oznacza e po up ywie ywotno ci urz dzenia nale y go odda do odpowiedniej plac
329. ptions In the Local Services gt Hotspot Gateway gt Options menu you configure general set tings for the Hotspot bintec WLAN and Industrial WLAN WI1040n w 11040n DynDNS Client Funkwerk Discovery Language English View Standard Online Help Hotspot Gateway Options Basic Parameters e E E PA oK E Cancel Host for multiple locations Fig 155 Local Services gt Hotspot Gateway gt Options The Local Services gt Hotspot Gateway gt Options menu consists of the following fields Fields in the Options Basic Parameters menu Field Description Host for multiple loca tions If several locations branches are set up on the Hotspot server enter the value of the NAS identifier RADIUS server parameter that has been registered for this location on the Hotspot server bintec WLAN and Industrial WLAN Chapter 19 Maintenance This menu provides you with numerous functions for maintaining your device It firstly provides a menu for testing availability within the network You can manage your system configuration files If more recent system software is available you can use this menu to in stall it If you need other languages for the configuration interface you can import these You can also trigger a system reboot in this menu 19 1 Diagnostics In the Maintenance gt Diagnostics menu you can test the accessibility of indi
330. r The IP addresses of global name servers that are queried if your device is unable to an swer requests itself or by forwarding entries are entered in Local Services gt DNS gt Global Settings gt Basic Parameters Funkwerk Enterprise Communications GmbH 18 Local Services For local applications the IP address of your device or the general loopback address 127 0 0 1 can be entered as the global name server Your device can also receive the global name servers dynamically and transfer them dy namically if necessary Strategy for name resolution on your device A DNS request is handled by your device as follows 1 2 6 If possible the request is answered directly from the static or dynamic cache with IP address or negative response Otherwise if a suitable forwarding entry exists the relevant DNS server is asked de pending on the configuration of the Internet or dialin connections if necessary by set ting up a WAN connection at extra cost If the DNS server can resolve the name the information is forwarded and a dynamic entry created in the cache Otherwise if global name servers are entered the primary DNS server then the sec ondary DNS server are asked If the IP address of your device or the loopback ad dress is entered for local applications these are ignored here If one of the DNS serv ers can resolve the name the information is forwarded and a dynamic entry created in the cache Otherwise
331. r attention must therefore be paid to protecting the wireless connection There are three security modes WEP WPA PSK and WPA Enterprise WPA Enterprise of fers the highest level of security but this security mode is only really suitable for compan ies because it requires a central authentication server Private users should choose WEP or preferably WPA PSK with higher security as their security mode WEP 802 11 defines the WEP security standard Wired Equivalent Privacy encryption of data with 40 bits Security Mode WEP 40 or 104 bits Security Mode WEP 104 However this widely used WEP has proven susceptible to failure However a higher degree of se curity can only be achieved through hardware based encryption which required additional configuration for example 3DES or AES This permits even sensitive data from being transferred via a radio path without fear of it being stolen IEEE 802 11i Standard IEEE 802 11i for wireless systems contains basic security specifications for wire less networks in particular with regard to encryption It replaces the insecure WEP Wired Equivalent Privacy with WPA Wi Fi Protected Access It also includes the use of the ad vanced encryption standard AES to encrypt data WPA WPA Wi Fi Protected Access offers additional privacy by means of dynamic keys based on the Temporal Key Integrity Protocol TKIP and offers PSK preshared keys or Extens ible Authentication Protocol EAP v
332. rce IP Address Net Only for Type of Traffic outgoing Source NAT and NAT mask method symmetric Enter the source IP address and if required the corresponding netmask to which the origi nal source IP address is to be trans lated New Source Port Only for Type of Traffic outgoing Source NAT and NAT method symmetric Leave the source port as it appears or enter a new source port to which the original source port is to be translated Selecting Original leaves the original source port If you dis able Original an input field appears in which you can enter a new source q port Original is active by default 14 3 RIP The entries in the routing table can be defined statically or the routing table can be updated constantly by dynamic exchange of routing information between several devices This ex change is controlled by a Routing Protocol e g RIP Routing Information Protocol By de fault about every 30 seconds this value can be changed in Update Timer a device sends messages to remote networks using information from its own current routing table The complete routing table is always exchanged in this process If triggered RIP is used in formation is only exchanged if the routing information has changed In this case only the changed information is sent Observing the information sent by other devices enables new routes and shorter paths for existing routes to be saved in the routing table As intermediate routes be
333. rded Possible values e Host default value e Domain Host Only for Forward Host Enter the name of the host to be forwarded The entry can also start with the wildcard e g funkwerk com If a name is entered without a full stop once you confirm with OK lt Default Domain is added Domain Only for Forward Domain Enter the name of the domain to be forwarded The entry can also start with the wildcard e g funkwerk com bintec WLAN and Industrial WLAN Field Description If aname is entered without a full stop once you confirm with OK lt Default Domain gt is added Forward to Select the forwarding destination requests to the name defined in Host or Domain Possible values e Interface default setting The request is forwarded to the defined Interface e DNS Server The request is forwarded to the defined DNS server Interface Only for Forward to Interface Select the interface via which the requests for the defined Do main are to be received and forwarded to the DNS server DNS Server Only for Forward to DNS server Enter the IP address of the primary and secondary DNS server 18 1 4 Cache In the Local Services gt DNS gt Cache menu a list of all available cache entries is shown bintec WLAN and Industrial WLAN wil040n Global Settings static Hosts Domain Forwarding Ca Automatic Refresh interval 60 Seconds Apply Vi
334. re it is used with a key length of 192 bits e AES 256 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 256 bits Hash algorithms Authentication e MD5 default value MD 5 Message Digest 5 is an older hash algorithm It is used with a 96 bit digest length for IPSec e SHA1 SHA1 Secure Hash Algorithm 1 is a hash algorithm developed by the NSA United States National Security Asso ciation It is rated as secure but is slower than MD5 It is used with a 96 bit digest length for IPSec e RipeMD 160 RipeMD 160 is a 160 bit hash algorithm It is used as a secure replacement for MD5 and RipeMD e Tiger1 92 Tiger 192 is a relatively new and very fast al gorithm Please note that the description of the encryption and authentic ation or the hash algorithms is based on the author s knowledge and opinion at the time of creating this User Guide In particular the quality of the algorithms is subject to relative aspects and may change due to mathematical or cryptographic develop ments Funkwerk Enterprise Communications GmbH 16 VPN Field Description DH Group The Diffie Hellman group defines the parameter set used as the basis for the key calculation during phase 1 MODP as sup ported by bintec devices stands for modular exponentiation Possible values e 1 768 Bit During t
335. ress Translation In this menu you configure the dynamic updating of the routing table via RIP In this menu you configure application controlled bandwidth management In this menu you configure the use of multimedia streaming protocols for e g voice over IP or video and audio streaming e g IPTV or Webradio or TriplePlay voice video data In this menu you configure all the Quality of Service settings Z Internet Dialup Real Time Jitter Con trol VPN In this menu you define the Internet connections for the various connection protocols or dialup connections In this menu you can set the upstream speed 7 Access and configuration Funkwerk Enterprise Communications GmbH IPSec L2TP GRE Firewall In this menu you configure VPN connections over IPSec In this menu you configure the use of L2TP Layer 2 Tunnelling Protocol This menu shows a list of all configured GRE tunnels Policies Interfaces Addresses Services Local Services In this menu you configure the filter rules for the firewall In this menu you can group together the interfaces to be filtered In this menu you can create the address aliases to be filtered In this menu you can create the service aliases to be filtered DNS HTTPS DynDNS Client DHCP Server Scheduling Surveillance Funkwerk Discovery Hotspot Gateway Maintenance In this menu you configure the name resolution In t
336. ress from an address pool if available If address pools have more than one IP ad dress you cannot specify which connection partner receives which address The ad dresses are initially assigned in order If a new dial in takes place within an interval of one hour an attempt is made to allocate the same IP address assigned to this partner the last time Use the Add button to set up new IP pools WI1040n View Standard Online Help Logout wi1040n detal E gt PPPoE PPTP IP Pools View 20 per page LIT Fterin None viequal Teo IP Pool Name IP Pool Range _ 0 0 0 0 m Page i lems 1 1 p 4 Add Jd OK JC cance _ Real Time Jitter Control Fig 109 WAN gt Internet Dialup gt IP Pools gt Add The WAN gt Internet Dialup gt IP Pools gt Add menu consists of the following fields Fields in the Internet Dialup IP Pools menu Field Description IP Pool Name Enter the name of the IP pool IP Pool Range In the first field enter the first IP address of the range In the second field enter the last IP address of the range 15 2 Real Time Jitter Control When telephoning over the Internet voice data packets normally have the highest priority Nevertheless if the upstream bandwidth is low noticeable delays in voice transmission can occur when other packets are routed at the same time The real time jitter control function solve
337. rily valid IP address from the provider e Static You enter a static IP address Default Route Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is enabled by default Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is activated with Enabled The function is enabled by default Local IP Address Only for IP Address Mode Static Assign an IP address from your LAN to the PPT interface which is to be used as your device s internal source address Route Entries Only if IP Address Mode Static Define other routing entries for this PPTP partner Add a new entry with Add e Remote IP Address P address of the destination host or destination network e Netmask Netmask of Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed The de fault value is 60 Funkwerk Enterprise Communications GmbH 15 WAN Field Description Maximum Number of Di Enter the number of unsuc
338. rk Server for incoming connections only e L2TP LAC Mode L2TP Access Concentrator for outgoing connections only Note the following when configuring the server and client An L2TP tunnel profile must be created on each of the two sides LAC and LNS The corresponding L2TP tunnel profile is used on the initiator side LAC to set up the connection The L2TP tunnel profile is needed on the responder side LNS to accept the connection 16 2 1 Tunnel Profiles In the VPN gt L2TP gt Tunnel Profiles menu a list of all configured tunnel profiles is shown 16 2 1 1 New Choose the New button to set up new tunnel profiles bintec WLAN and Industrial WLAN wios APA wito Tunnel Profiles Users Options Basic Parameters Description jz S Local Hostname g Bao l Remote Hostname T Password pesses LAC Mode Parameters a i Remote IP Address Oe UDP Source Port Oixed UDP Destination Port for E Advanced Settings Local IP address o Ae Bea Hello Intervall i i f 30 Seconds a Minimum Time nsa Retries fi iait Maximum Time between Retries fe seconds Maximum Retries lp Data Packets Sequence Numbers Denabied f E i F 3 OK y C Cancel A Fig 120 VPN gt L2TP gt Tunnel Profiles gt New The VPN gt L2TP gt Tunnel Profiles gt New menu consists of the following fields Fields in the Tunnel Profiles Basic P
339. rmation After power up and during booting or if an error occurs During the heating phase If the device is at the login prompt The power supply is not connected If other LEDs are on also Error Errors Ready Free At least one client is registered At least one client is registered and there is data traffic BLD Broken Link Detection active 5 GHz scan active No cable or no Ethernet link Cable plugged in and link Cable plugged in and link with data traffic No data traffic Data traffic via the SFP interface Cable plugged in and data traffic bintec WLAN and Industrial WLAN During the boot operation only the red LED is on The other LEDs then come on during booting if the units are initialised 6 4 Connectors All the connections are located on the underside of the device On bintec W1002n the third antenna connection is located on the underside of the device The connectors on industrial WLAN devices with 802 11n support are the same as the con nectors on other industrial WLAN devices Only the assignment of the antenna connectors is different See Antenna connectors for industrial WLAN devices with 802 11n support on page 45 bintec W1002n has two Ethernet connections and a serial interface The connections are arranged as follows 5 Fig 15 bintec W1002n underside bintec W1002n underside 1 POWER Socket for plug in power pack 2 CONSOLE Serial interface 3 RESET Reset
340. rnet access is to be set up over several interfaces Multilink If you choose Mul tilink you can connect several DSL connections from a pro vider over PPP as a static bundle in order to obtain more band width Each of these DSL connections should use a separate Ethernet connection for this At the moment many providers are still in the process of preparing the PPPoE Multilink function For PPPoE Multilink we recommend using your device s Ether net switch in Split Port mode and to use a separate Ethernet in terface e g en1 1 en1 2 for each PPPoE connection If you also want to use an external modem for PPPoE Multilink you must run your device s Ethernet switch in Split Port mode PPPoE Ethernet Inter Only if PPPoE Mode Standard face Select the Ethernet interface specified for a standard PPPoE connection If you want to use an external DSL modem select the Ethernet port to which the modem is connected When using the internal DSL modem select here the EthoA in terface configured in Physical Interfaces gt ATM gt Profiles gt New The default value is Not specified PPPoE Interfaces for Only if PPPoE Mode Multilink Multilink Select the interfaces you want to use for your Internet connec tion Click the Add button to create new entries User Name Enter the user name Password Enter the password Always on Select whether the interface should always be activated Funkwerk Enterprise Communications Gmb
341. ror and warning priority are recorded e Notice Messages with emergency alert critical error warning and notice priority are recorded e Information default value Messages with emergency alert critical error warning notice and information priority are recorded e Debug All messages are recorded Maximum Number of Ac Enter the maximum number of accounting entries that are counting Log Entries stored internally in the device Possible values are 0 to 1000 The default value is 20 9 2 2 Passwords Setting the passwords is another basic system setting m wit 040n z View Standard w11040 A Save Commutation dl System Passwords Date and Time System Licences paus System Password Global Settings T Interface Mode Bridge System Admin Password eocccsce a Confirm Admin Password eeccccce Administrative Access L Remote Authentication SNMP Communities Certificates SNMP Read Community eeessos OS SNMP Write Community ecccccce Mi Global Password Options En P Show passwords and keys in cleartet Show sl C ok JC Cancel Fig 34 System Management gt Global Settings gt Passwords En Note All bintec devices are delivered with the same username and password As long as the password remains unchangea they are not protected against unauthorised use Make sure you change the passwords to prevent unauthorised access to the device If the password is not changed under System Ad
342. rt gt Serial Port The Physical Interfaces gt Serial Port gt Serial Port menu consists of the following fields Fields in the Serial Port General menu Field Description Port Mode Select in which mode the serial interface is to be used Possible values e Configuration default value The serial interface is used as a console e Data Port The serial interface is operated as a data inter face Serial over IP is used bintec WLAN and Industrial WLAN If the Data Port option is selected for the Port Mode an extra configuration section opens Language English View Standard w Online Help Logout Serial Port General eee coma o Peat Baudrate 9600 Data Bis ey ew J f 5 Stop Bits i 7 Handshake Noe Pe Mode server O client OUDP Local IP Address nano loca Port i F Remote IP poao Port Number gt E Ra Tigger Byte Count g pza Timeout Denabled InterByte Gap foo ms Zenabtea Butter Clear Serial RX Bufter Clear Clear Serial TX Buffer Clear fe OK a Cancel Fig 53 Physical Interfaces gt Serial Port gt Serial Port with Port Mode Data Port Fields in the Serial Port Serial Settings menu Field Description Baudrate Select which baud rate should be used Make sure that the re mote terminal is suitable for the selected b
343. rt Bo Wee cc Default Route Distribution Enabled po Poisoned Reverse SRF Routes RFC 2453 Variable Timer enabled AAT ent RFC 2091 Variable Timer Enabled m Balancing Timer for RiP v2 RFC 2453 s Multicast Update Timer po seconds aos gt WAN i Rove inant 180 Seconds VPN Garbage Collection Timer fa Seconds E _ LocalServices q OK Cancel picas PR Eraro Reuorinn aa LL a Fig 98 Routing gt RIP gt RIP Options The Routing gt RIP gt RIP Options menu consists of the following fields Fields in the RIP Options Global RIP Parameters menu Field Description RIP UDP Port The setting option UDP Port which is used for sending and re bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 14 Routing Field Description ceiving RIP updates is only for test purposes If the setting is changed this can mean that your device sends and listens at a port that no other devices use The default value 520 should be retained Default Route Distribu Select whether the default route of your device is to be propag tion ated via RIP updates The function is activated with Enabled The function is enabled by default Poisoned Reverse Select the procedure for preventing routing loops With standard RIP the routes learnt are propagated over all in terfaces with RIP SEND activated With Poisoned Reverse however your device propagates over the interface over
344. rver as IPSec client e IKE Config Mode Server Select this option if your gate way assigns an IP address as DHCP server for connecting cli ents This is taken from the selected IP Assignment Pool 16 VPN Funkwerk Enterprise Communications GmbH Field Description IP Assignment Pool Only if IP Address Assignment IKE Config Mode Serv Cr Select an IP pool configured in the VPN gt IP Pools menu If an IP pool has not been configured here yet the message Not yet defined appears in this field Default Route Only for IP Address Assignment Static Select whether the route to this IPSec peer is to be defined as the default route The function is activated with Enabled The function is disabled by default Local IP Address Only if IP Address Assignment Static and IKE Config Mode Server Enter the WAN IP address of your IPSec tunnel This can be the same IP address as the address configured on your router as the LAN IP address Route Entries Define routing entries for this connection partner e Remote IP Address P address of the destination host or LAN e Netmask Netmask of Remote IP Address e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced Settings menu consists of the following fields Fields in the Advanced Settings Advanced IPSec Options menu Field Description Phase 1 Profile For phase 1 select a profile already configured in
345. rvers is displayed 9 5 2 1 Edit New Choose the i icon to edit existing entries Choose the New button to add TACACS serv ers bintec WLAN and Industrial WLAN RADIUS TACACS Options Basic Parameters Interface Mode Bridge Authentication Type J Laden OPA EE bi E Server IP Address Administrative Access _Remote Authentication TACACS Secret joeccccce Certificates f Plysicailitertaces J Priority oy LAN Entry active 4 Enabled Wiles LAN Cole ee is Routing 7 Poley Norrauthoritative A ree ron M A E Local Services Y pauls bY asa ed Encryption El Enabled Monitor ing gt OK pi Cancel Fig 44 System Management gt Remote Authentication gt TACACS gt New The System Management gt Remote Authentication gt TACACS gt New menu con sists of the following fields Fields in the TACACS Basic Parameters menu Field Description Authentication Type Displays which TACACS function is to be used The value cannot be changed Possible values e Login Authentication Here you can define whether the current TACACS server is to be used for login authentication to your device Server IP Address Enter the IP address of the TACACS server that is to be re quested for login authentication TACACS Secret Enter the password to be used to authenticate and if applic able encrypt data exchange between the TACACS server and the network acc
346. ry Only for Mode Enable for specific interfaces Displays the name of the interface Field Description Back Route Verify Only for Mode Enable for specific interfaces Select whether Return Route Checkingis to be enabled for this interface The function is activated with Enabled By default the function is deactivated for all interfaces Fields in the Options General menu Field Description Allow deleting editing all Define whether all the routes entered on your device can be ed routing entries ited and deleted in the Routing gt Routes gt Routes menu The function is activated with Enabled By default the function is deactivated for all interfaces 14 2 NAT Network Address Translation NAT is a function on your device for defined conversion of source and destination addresses of IP packets If NAT is activated IP connections are still only allowed by default in one direction outgoing forward protective function Excep tions to the rule can be configured in NAT Configuration on page 218 14 2 1 NAT Interfaces In the Routing gt NAT gt NAT Interfaces menu a list of all NAT interfaces is shown bintec WLAN and Industrial WLAN woon PP onne nen Leg k z NAT Interfaces NAT Configuration View 20 perpage gt rmerin None equal xj Go Interface NAT active Silent Deny PPTP Passthrough Portforwardings BRIDOE_BRO o al oO 9 P
347. s e 2 default value Two traffic flows are used e 1 One traffic flow is used Max Link Distance Only for Operation Mode Bridge Enter the maximum link range If the Use default option is enabled the automatically gener ated range is used If this option is not enabled enter the desired maximum value in the m field The Use default option is enabled by default Transmit Power Select the maximum value for the radiated antenna power The actually radiated antenna power may be lower than the maxim um value set depending on the data rate transmitted The max imum value for Transmit Power is country dependent Possible values e Max default value The maximum antenna power is used Saba e 8 dBm e 11 dBm e 14 dBm e 16 dBm Fields in the Radio Settings Performance Settings menu Field Description Wireless Mode Select the wireless technology that the access point is to use Only for Operation Band 2 4 GHz In Outdoor Possible values e 802 11g The device operates only in accordance with 802 119 802 11b clients have no access Funkwerk Enterprise Communications GmbH 12 Wireless LAN Field Description 802 11b Your device operates only in accordance with 802 11b and forces all clients to adapt to it 802 11 mixed b g Your device adapts to the client technology and operates according to either 802 11b or 802 11g 802 11 mixed long b g Your device adapts to the cli ent technology and op
348. s The default setting A11 means that the port is not specified Destination IP Address Enter the destination IP address ana if required the corres Netmask ponding netmask of the original data packets Destination Port Range Only for Service User defined Enter the destination port or the destination port range of the original data packets The default setting 411 means that the port is not specified In the NAT Configuration gt Substitution values menu you can define new address and ports depending on whether the data traffic is incoming or outgoing to which specific ad dress and ports are translated from the NAT Configuration gt Specify original traffic menu Fields in the NAT Configuration Replacement Values menu 14 Routing Funkwerk Enterprise Communications GmbH Field Description New Destination IP Ad Only for Type of Traffic incoming Destination NAT dress Netmask Enter the destination IP address and if required the corres ponding netmask to which the original destination IP address is to be translated New Destination Port Only for Type of Traffic incoming Destination NAT Leave the destination port as it appears or enter the destination port to which the original destination port is to be translated Selecting Original leaves the original destina tion port If you disable Original an input field appears in which you can enter a new destina tion port Original is active by default Sou
349. s 24 possible values in this field At least one proposal must exist Therefore the first line of the table can not be deactivated Encryption algorithms Encryption e 3DES default value 3DES is an extension of the DES al gorithm with an effective key length of 112 bits which is rated as secure It is the slowest algorithm currently supported e Twofish Twofish was a final candidate for the AES Advanced Encryption Standard It is rated as just as secure as Rijndael AES but is slower bintec WLAN and Industrial WLAN 16 VPN Funkwerk Enterprise Communications GmbH Field Description e Blowfish Blowfish is a very secure and fast algorithm Twofish can be regarded as the successor to Blowfish e CAST CAST is also a very secure algorithm marginally slower than Blowfish but faster than 3DES e DES DES is an older encryption algorithm which is rated as weak due to its small effective length of 56 bits e AES Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of security against attacks and general speed e AES 128 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 128 bits e AES 192 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed He
350. s from the address pool is assigned IP Address Range Enter the first first field and last second field IP address of the IP address pool Pool Usage Specify whether the IP pool is used for DHCP requests in the same subnet or for DHCP requests that have been forwarded to your device from another subnet In this case it is possible to define IP addresses from another network Possible values e Local default value The DHCP pool is only used for DHCP requests in the same subnet e Local Relay The DHCP pool is used for DHCP requests in the same subnet and from other subnets e Relay The DHCP pool is only used for DHCP requests for warded from other subnets The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Gateway Select which IP address is to be transferred to the DHCP client as gateway Possible values No gateway default value No IP address is sent e Use router as gateway The IP address defined for the Interface is transferred e Specify Enter the corresponding IP address Lease Time Enter the length of time in minutes for which an address from the pool is to be assigned to a host After the Lease Time Minutes expires the address can be re assigned by the server The default value is 120 Funkwerk Enterprise Communications GmbH 18 Local Services Field Description DHCP Options Specify which additional data is forwarded to
351. s many failed attempts the packet is dis carded Field Description Possible values are 1 to 255 The default value is 7 Enter the maximum number of attempts to send a data packet of length less than or equal to the value defined in RTS Threshold After this many failed attempts the packet is dis carded Long Retry Limit Possible values are 1 to 255 The default value is 4 Enter the maximum size as of which the data packets are to be fragmented i e split into smaller units A low value is recom mended for this field in areas with poor reception and in the event of radio interference Fragmentation Threshold Possible values are 256 to 2346 The default value is 2346 bytes If Access Client has been selected for the Operation Mode with Client Mode Infra structure the following parameters will also be available under Advanced Settings Advanced Settings Scan channels Roaming Profile Scan Threshold Scan Interval Channel Sweep Min Period Active Scan Max Period Active Stan Min Period Passive Scan Max Period Passive Scan RTS Threshold Short Guard Interval Short Retry Limit Long Retry Limit Fragmentation Threshold A Normal Roaming 3 70 dBm 5000 ms 2 10 ms 40 ms 20 ms 120 ms Always of Y Enabled 2346 Bytes ok Cancel Fig 63 Wireless LAN gt WLANx gt Wireless Module Settings gt gt Advanced Settings for Operation Mode Access
352. s menu consists of the following fields Fields in the Options Global Firewall Options menu Firewall Status Enable or disable the firewall function The function is activated with Enabled The function is enabled by default bintec WLAN and Industrial WLAN Field Description Logged Actions Select the firewall syslog level The messages are output together with messages from other subsystems Possible values e All default value All firewall activities are displayed e Deny Only reject and deny events are shown see Action e Accept Only accept events are shown e None Syslog messages are not generated Fields in the Options Session Timer menu Field Description UDP Inactivity Enter the inactivity time after which a UDP session is to be re garded as expired in seconds Possible values are 30 to 86400 The default value is 180 TCP Inactivity Enter the inactivity time after which a TCP session is to be re garded as expired in seconds Possible values are 30 to 86400 The default value is 3600 PPTP Inactivity Enter the inactivity time after which a PPTP session is to be re garded as expired in seconds Possible values are 30 to 86400 The default value is 86400 Other Inactivity Enter the inactivity time after which a session of another type is to be regarded as expired in seconds Possible values are 30 to 86400 The default value is 30 trial WLAN 17 2 Interfaces 17
353. s not deleted but can be activated again if re quired Traffic shaping Activate or deactivate data rate limiting in the send direction The function is activated with Enabled The function is disabled by default Maximum Upload Speed Only enabled for Traffic shaping Enter a maximum data rate for the interfaces in the send direc tion in kbits Possible values are 1 to 1000000 The default value is 0 i e no limits are set the queue can oc cupy the maximum bandwidth Protocol Header Size Choose the interface type to include the size of the respective below Layer 3 overheads of a datagram when calculating the bandwidth Possible values e Custom value in Byte possible values are 0 to 100 Funkwerk Enterprise Communications GmbH 14 Routing Field Description Real Time Jitter Control Ethernet default value Ethernet and VLAN PPPOE PPPoE and VLAN IPSec over Ethernet IPSec over Ethernet and VLAN IPSec via PPP over Ethernet IPSec via PPPoE and VLAN Only enabled for Transmit Shaping Real Time Jitter Control optimises latency when forwarding real time datagrams The function ensures that large data packets are fragmented according to the available upload bandwidth Real Time Jitter Control is useful for small upload bandwidths lt 800 kbps Activate or deactivate Real Time Jitter Control The function is activated with Enabled The function is disabled by default Control Mode O
354. s the name of the WDS link Remote MAC Shows the MAC address of the WDS link partner Up Time Shows the time in hours minutes and seconds for which the WDS link is active Tx Packets Shows the total number of packets sent Rx Packets Shows the total number of packets received Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm Data Rate mbps Shows the current transmission rate of data received on this WDS link in mbps If required the Test link can be used to start a link test The test is only available for funk werk devices and only if the WDS link is active The link test provides all the data necessary for checking the quality of the WDS link The link test also helps you to align the antennas This option is only displayed if the link is en abled WDS Link Details You use the O icon to open an overview of further details for the WDS links bintec WLAN and Industrial WLAN witoaon TEE e witst H P ion WLAN1 VSS WDS Bridge Links Client Links Automatic Refresh interval 300 Seconds L Apply J WDS Description Remote MAC Up Time Tx Packets Rx Packets Signal dBm RSSH RSSI2 RSSI3 Noise dBm Data Rate mbps iwds1 0 00 00 00 00 00 00 0d 20h 25m50s 0 0 0 0 0 0 10 0 Rate Tx Packets Rx Packets 802 11 albig 154 l jaa ao fie lo 10 je a 22 0 0 x000000 802 11n 1144 4 139 11155 86 7
355. s this problem So that the line is not blocked for too long for the voice data packets the size of the other packets can be reduced if re quired during a telephone call 15 2 1 Controlled Interfaces In the WAN gt Real Time Jitter Control gt Controlled Interfaces menu a list of all inter faces is shown for which the real time jitter control has been configured bintec WLAN and Industrial WLAN 15 2 1 1 New Click o the New button to set up port forwarding for other interfaces Online Help Logout i gt Y wit 040n View Standard wil040n z Controlled Interfaces Bast setings Interface None Control Mode Controlled RTP Streams only Maximum Upload Speed 0 kbps OK Cancel J Internet Dialup Real Time Jitter Control Fig 110 WAN gt Real Time Jitter Control gt Controlled Interfaces gt New The WAN gt Real Time Jitter Control gt Controlled Interfaces gt New menu consists of the following fields Fields in the Conirolled Interfaces Basic Settings menu Field Description Interface Define for which interfaces voice transmission is to be optim ised Control Mode Select the mode for the optimisation Possible values e Only Controlled RTP Streams default value By means of the data routed via the media gateway the system detects voice data traffic and optimises the voice transmis sion e All RTP Streams All RTP streams are
356. s to the config uration request with an unexpected or non specific error e Internal Error An internal device problem prevented the configuration option from being carried out bintec WLAN an 18 72 Options In this menu you can grant permission for your device to be discovered by other bintec devices using the funkwerk Discovery protocol and to be configured by means of this wit040n Device Discovery Options Discovery Server Options Enable Discovery Server 2 Enabled oK Cancel DynDNS Client DHCP Server _ Scheduling Surveillance E Funkwerk Discovery __ HotSpot Gateway Fig 152 Local Services gt Funkwerk Discovery gt Options The Local Services gt Funkwerk Discovery gt Options menu consists of the following fields Fields in the Options Discovery Server Options menu Field Description Enable Discovery Server Select whether your device is to be discovered and configured by other bintec devices in the network The function is activated with Enabled The function is disabled by default 18 8 Hotspot Gateway The bintec HotSpot Solution allows provision of public Internet accesses using WLAN or wired Ethernet The solution is adapted to setup of smaller and larger Hotspot solutions for cafes hotels companies communal residences campgrounds etc bintec WLAN and Industrial WLAN 18 Local Services Funkwerk Enterprise Communications G
357. s you what preliminary tasks are necessary for configuration You will then be shown how you can access your device from a Windows PC using a current web browser and how to make basic settings Password If you are familiar with the configuration of bintec devices and you want to get started right away all you really need to know is the preset user name and password User Name admin Password funkwerk S Note Remember to change the password immediately when you log in to the device for the first time All bintec devices are supplied with the same password which means they are not protected against unauthorised access until you change the password How to change the passwords is described in chapter Modify system password on page 22 Workshops Step by step instructions for the most important configuration tasks can be found in the separate FEC Application Workshop guide for each application which can be down loaded from the www funkwerk ec com website under Solutions WLAN Management 1 Introduction Funkwerk Enterprise Communications GmbH The devices are designed for use with WiLMA WiLMA the WLAN management solution from Funkwerk offers a software application in a client server architecture that allows you to centrally monitor control and maintain all Funkwerk access points in medium and large wireless LANs Dime Manager The devices are also designed for use with Dime Manager The Dime Manager manage ment tool can
358. sign communication with the RA you can select another one here to encrypt com munication The default value is Use RA Sign Certificate i e the same certificate is used as for signing Only if Mode SCEP You may need a password from the certification authority to ob tain certificates for your keys Enter the password you received from the certification authority here Fields in the Certificate List Subject Name menu 9 System Management Funkwerk Enterprise Communications GmbH Field Description Custom Select whether you want to enter the name components of the subject name individually as specified by the CA or want to enter a special subject name If Enabled is selected a subject name can be given in Sum mary with attributes that are not offered in the list Example CN VPNServer DC mydomain DC com c DE If the field is not marked enter the name components in Com mon Name E mail Organisational Unit Organisation Loca tion State Province and Couniry The function is disabled by default Summary Only for Custom enabled Enter a subject name with attributes not offered in the list Example CN VPNServer DC mydomain DC com c DE Common Name Only for Custom disabled Enter the name according to CA E mail Only for Custom disabled Enter the e mail address according to CA Organisational Unit Only for Custom disabled Enter the organisational unit according to CA Organisation Onl
359. sions In the Routing gt Load Balancing gt Load Balancing Groups menu a list of all con figured load balancing groups is shown 14 4 1 1 New Choose the New button to set up new groups WI1040n Language English View Standard wit Basic Parameters Group Description Session Round Robin v Aways Only use active interfaces Distribution Policy Distribution Mode Interface Selection for Distribution Lae a Intertace Distribution Ratio QUINTO gt OK JC Cancei__ Fig 99 Routing gt Load Balancing gt Load Balancing Groups gt New The Routing gt Load Balancing gt Load Balancing Groups gt New menu consists of the 14 Routing Funkwerk Enterprise Communications GmbH following fields Fields in the Load Balancing Groups Basic Parameters menu Field Description Group Description Enter the desired description of the interface group Distribution Policy Select the way the data traffic is to be distributed to the inter faces configured for the group Possible values e Session Round Robin default value A newly added session is assigned to one of the group interfaces according to the percentage assignment of sessions to the interfaces The number of sessions is decisive e Load dependent Bandwidth A newly added session is assigned to one of the group interfaces according to the sh
360. sition You configure a filter for a default route with the following values IP Address no entry this corresponds to the IP address 0 0 0 0 with Netmask 255 255 255 255 In the Routing gt RIP gt RIP Filter menu a list of all RIP filters is shown W11040n Language English Y View Standard Online Help RIP Interfaces RIP Filter RIP Options O E Interface Direction P Address Netmask Fiter Status New dC OK J C Cancel Fig 96 Routing gt RIP gt RIP Filter You can use the button to insert another filter above the list entry The configuration menu for creating a new window opens You can use the button to move the list entry A dialog box opens in which you can se bintec WLAN and Industrial WLAN lect the position to which the filter is to be moved 14 3 2 1 New Choose the New button to set up more RIP filters WI1040n Language English Online Help Logout 110401 y RIP Interfaces RIP Filter RIP Options Basic Parameters E i IP Address Netmask oes Direction import O Export 7 Metric Offset for Active Interfaces ow Metric Offset for Inactive Interfaces os OK C Cancel Fig 97 Routing gt RIP gt RIP Filter gt New The Routing gt RIP gt RIP Filter gt New menu consists of the following fields Fields in the RIP
361. splay of 11 5 5 2 and 1 mbit is suppressed for IEEE 802 11b VSS Details for Connected Clients In the Monitoring gt WLAN gt VSS gt lt Connected client gt gt p menu the current values and activities of a connected client are shown bintec WLAN and Industrial WLAN WI1040n 110401 Language English v View Standard Online Help Automatic Refresh Interval 300 Seconds C Apply J Client MAC Address IP Address Up Time ES Noise dBm SNRdB Data Rate mbps 00 0c 84 03 8b 9a 10 0 0 234 ODay s 00 14 90 92 90 88 87 3 he Rate TePackets ee AA e e 802 1 1aIbig 5 a i 0 So ao 0 o ECN o lo fe 0 l3 fs 0 EE hz lo re o a ta o 3 0 a CEA Ma he 55 o o 2 0 o Te 4 0 802 11n 300 io lo 270 o lo 240 0 lo CARA 1150 0 0 Has 0 if 120 0 lo i fo o 7 A TE o 3 C 0 lo as o lo 30 o lo 15 Se E i o Total 0 Nie Back Fig 177 Monitoring gt WLAN gt VSS gt lt Connected client gt gt p Values in the VSS lt Connected client gt list Field Description Client MAC Address IP Address Up Time Signal dBm Noise dBm SNR dB Shows the MAC Address of the associated client Shows the IP address of the client Shows the time in hours minutes and seconds for which the cli ent is logged in Shows the received signal strength in dBm Shows the received noise strengt
362. ss LAN gt WLAN gt Radio Settings menu an overview of all the configura tion options for the WLAN module is shown WI1040n eens View Standard Online Help English AA Rado Settings MAC Address 4 Qperetion Mode Operation Band 1 Channelin Use Maximum Birate iranemtPower Sietus I 00 00 00 00 00 00 ofr 12 4 GHz 6 Auto Max o a Fig 60 Wireless LAN gt WLAN gt Radio Settings 12 1 1 1 Radio Settings gt Edit In this menu you change the settings for the wireless module Choose the button to edit the configuration bintec WLAN and Industrial WLAN WI1040n Fig 61 Wireless LAN gt WLAN gt Radio Settings gt Advanced Seitings for Operation Language Engish View Stender Online Help Logout Wireless Settings ae Operation Mode Access Point Operation Band 2 4 GHz In Outdoor Channel Auto Selected Channel 6 Number of Spatial Streams za Transmit Power Mx Y Performance Settings Wireless Mode Bomban A Max Transmission Rate lao 8 Burst Mode T Menablea E Advanced Settings Channel Plan A A Beacon Period TS DTIM Period E al RTS Threshold Always off Short Guard Interval Fl Enabled Short Retry Limit gt Long Retry Limit _ ce _ Threshold 2346 B
363. t 1 3R 3F3p30 P30 s 20 3 E mail Alert Depending on the configuration E mails are sent to the administrator as soon as relevant syslog messages occur 20 3 1 E mail Alert Server The E mail Alert Server menu consists of the following fields WI1040n Language English View Standard Online Help w11040n E mail Alert Server E mail Alert Recipient Basic Parameters Alert Service Y Enable Sender E Mail Address Maximum Messages per Minute bm EE SMTP Server SMTP Authentication uE Onone OESMTP OSMTP after POP OK C cancel J Fig 164 External Reporting gt E mail Alert gt E mail Alert Server The External Reporting gt E mail Alert gt E mail Alert Server menu consists of the fol lowing fields Fields in the E mail Alert Server Basic Parameters menu bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 20 External Reporting Field Description Alert Service Enable or disable the function Sender E Mail Address Enter the mail address to be entered in the sender field of the E mail Maximum Messages per Minute Limit the number of outgoing mails per minute Possible values are 1 to 15 the default value is 6 Fields in the E mail Alert Server SMTP Settings menu Field Description SMTP Server Enter the address IP address or valid DNS name of the mail server to be used for sending
364. t Client Links gt gt menu The client mode can be operated in infrastructure mode or in ad hoc mode In a network in infrastructure mode all clients communicate with each other via access points only There is no direct communication between the individual clients In ad hoc mode an access client can be used as central interface between a number of terminals In this way devices such as computers and printers can be wirelessly intercon nected 12 1 4 1 Client Link gt p Choose the pl icon to edit existing entries wi1040n Radio Settings Client Link Basic Parameters Network Name SSID Security Settings Security Mode Inactive OK JC Cancel g Fig 66 Wireless LAN gt WLAN gt Client Link gt gt The Wireless LAN gt WLAN gt Client Link gt g gt menu consists of the following fields bintec WLAN and Industrial WLAN 12 Wireless LAN Funkwerk Enterprise Communications GmbH Fields in the Client Link Basic Parameters menu Field Description Network Name SSID Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Fields in the Client Link Security Settings menu Field Description Security Mode Select the security mode encryption and authentication for the wireless network Possible values e Inactive default value Neither encryption nor authentica tion e WEP 40 WEP 40 Bit
365. t Internal Log gt System Messages menu a list of all internally stored system messages is shown Above the table you will find the configured Maximum Num ber of Syslog Entries and the configured Maximum Message Level of Syslog Entries These values can be changed in the System Management gt Global Settings gt System menu WI1040n 110401 o o a Automatic Refresh Interval 300 Seconds 1 Apply _ Maximum Number of Syslog Entries 50 Maenu mi Message Level of Syslog Entries Information pl oe No Date Time f Level Subsystem Message HotSpot Gateway ga 2004 03 07 01 14 38 Information INET 2 2004 03 07 0 4 28 Information INET ja 2004 1 03 1 06 05 44 02 Information WLAN APDISCD 2 access points found on interface 150000 APDISCD discovery initiated on interface 150000 Bridge link is down a 12004 03 06 05 44 02 Error WLAN 5 2004 03 06 05 44 02 Error WLAN novifforthatindex Me 210100 no vif for that index je 2004 03 06 05 43 12 Information WLAN a 2004 03 06 06 43 42 Error WLAN e 12004 03 02 09 44 14 Information T TR os Bridge linki is down fi 210000 no vif for that index install _cacerts0 installed 95 root certificates la 1 12004 03 1 02 09 44 13 Information IPsec init starting jo PERES 4a 13 Information IPSec f T BinT
366. t the access information lt is therefore impossible to log in with read read the password of the admin user and subsequently log in with admin and make changes to the configuration A Caution All bintec devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthor ised use How to change the passwords is described in on page Make sure you change the passwords to prevent unauthorised access to your device If you have forgotten your password you must reset your device to the ex works state which means your configuration will be lost 7 2 2 Logging in for Configuration Set up a connection to the device The access options are described in Access Options on page 50 Funkwerk Configuration Interface Log in via the HTML surface as follows 1 Enter your user name in the User field of the input window 2 Enter your password in the Password field of the input window and confirm with Re turn or click the Login button The status page of the Funkwerk Configuration Interface opens in the browser SNMP shell Log into the SNMP shell as follows 1 Enter your user name e g admin and confirm with Return 2 Enter your user password e g funkwerk and confirm with Return Your device logs in with the input prompt e g w1002 gt The login was successful You are now in the SNMP shell To leave the SNMP shell after completing the con
367. t value The peer is available for setting up a tunnel immediately after saving the configuration e Down The peer is initially not available after the configuration has been saved Description Enter a description of the peer that identifies it bintec WLAN and Industrial WLAN Funkwerk Enterprise Communications GmbH 16 VPN Field Description The maximum length of the entry is 255 characters Peer Address Enter the official IP address of the peer or its resolvable host name The entry can be omitted in certain configurations whereby your device then cannot initiate an IPSec connection Peer ID Select the ID type and enter the peer ID This entry is not necessary in certain configurations The maximum length of the entry is 255 characters Possible ID types e Fully Qualified Domain Name FQDN e E mail Address e IPV4 Address e ASN 1 DN Distinguished Name On the peer device this ID corresponds to the parameter Local ID Value Preshared Key Enter the password agreed with the peer The maximum length of the entry is 50 characters All charac ters are possible except for 0x at the start of the entry Fields in the IPSec Peers Interface Routes menu Field Description IP Address Assignment Select the configuration mode of the interface Possible values e Static default value Enter a static IP address e IKE Config Mode Client Select this option if your gate way receives an IP address from the se
368. te interface or Deactiv ate interface or if Select action Activate WLAN Or Deactivate WLAN Select which interface is to be activated or deactivated Source Location Only if Select action Trigger software update Select the desired source Possible values e Current software from Funkwerk server The latest software will be downloaded from the Funkwerk server e HTTP server The latest software will be downloaded from an HTTP server that you define in Update URL Update URL Only if Select action Trigger software update and 18 Local Services Funkwerk Enterprise Communications GmbH Field Description Source HTTP Server Enter the name of the HTTP server from which you wish to download a configuration file TFTP Server Only if Select action Trigger configuration backup Enter the IP address of the TFTP server to which you wish to transfer a configuration file TFTP File Name Only if Select action Trigger configuration backup Enter the name with which configuration file is to be transferred to the TFTP server Fields in the Time Schedule Select time interval menu Field Description Time Condition First select the type of time entry in Condition Type Possible values e Weekday In Condition Settings select a weekday e Periods default setting In Condition Settings select a particular period e Day of Month In Condition Settings select a particular day of the month Possible values for Condit
369. ter a default route to the ISP and a network route to the head office You can enter several default routes on your device but only one default route can be active at any one time If you enter several default routes you should make sure the values for Metric are different 14 1 1 IP Routes In the Routing gt Routes gt IP Routes menu a list of all configured routes is shown 14 1 1 1 Edit New Choose the o icon to edit existing entries Choose the New button to create routes bintec WLAN and Industrial WLAN WI1040n Route Class Extended Route Dnabled Route Parameters Route Type Network Rowe x Destination IP Address Netmask 1 Mo Interface None Ml Network Type T Direct l Local IP Address 0 0 0 0 Metric M al C ok Cancel Fig 89 Routing gt Routes gt IP Routes gt New with Extended Route Not activated If the Extended Route option is selected for Route Class an extra configuration section opens witodon i 1 5 Options 3 Route Class Extended Route Enabled Route Parameters Route hoe Network Rowe Destination IP Address f Netmask Ma a TIEM Interface Noe M Nebwork Type Direct Local IP Address 0 0 0 0 Metric 18 Extended Route Parameters Source Interface None Source IP AddressNetmask 0 0 0 0 1 booo Layer 4 Protoc
370. tered on flickering At least one client is registered and there is data traffic on flashing fast BLD Broken Link Detection active on flashing fast 5 GHz scan active bintec WLAN and Industrial WLAN 6 Technical data Funkwerk Enterprise Communications GmbH LED Status Information ETH 1 2 off No cable or no Ethernet link on Cable plugged in and link on flickering Cable plugged in and link with data traffic During the heating phase the red Failure LED flashes Once this temperature has been reached the device continues with the start up process All LEDs are on during the start up process This means the monitor has been started and firmware is being loaded En Note Note that the number of active WLAN LEDs depends on the number of existing wire less modules The LEDs on bintec WI1040n and bintec WI2040n are arranged as follows Failure Status WLAN 1 WLAN 2 WLAN 3 Eth 1 Eth 2 SFP Fig 13 LEDs of bintec WI1040n and bintec WI2040n In operation mode the LEDs display the following status information for your device LED status display bintec WI1040n and bintec WI2040n LED Status Information Failure red on After power up and during booting or if an error occurs flashes During the heating phase off If the device is at the login prompt Status green off The power supply is not connected If other LEDs are on also Error 1 D Status on static on flashing WLAN 1 2 3 3x green on flash
371. terface to the connection partner The function is activated with Enabled The function is disabled by default Proxy ARP Select whether your device is to respond to ARP requests from its own LAN on behalf of the specific connection partner Possible values e Inactive default value Deactivates Proxy ARP for this IPSec peer Field Description e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the IPSec peer is Up active or Dormant In the case of Idle your device only re sponds to the ARP request the connection is not set up until someone actually wants to use the route e Up Only Your device responds to an ARP request only if the status of the connection to the IPSec peer is Up active i e a connection already exists to the IPSec peer 16 1 2 Phase 1 Profiles In the VPN gt IPSec gt Phase 1 Profiles menu a list of all configured IPSec phase 1 pro files is shown wil040n WI1040n Language English View Standard IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options view 20 perpage Ll Fter in None Y equal i Go Default T Description Proposals Authentication Mode DH Group T Lifetime E Page 1 New J oK J Cancel Fig 113 VPN gt IPSec gt Phase 1 Profiles In the Standard column you can mark the profile to be used as the de
372. terfaces that you have used when connecting your gateway The configuration interface only shows the interfaces that are available on your device In the System Management gt Status menu you can see a list of all physical interfaces and information on whether the interfaces are connected or active and whether they have already been configured 10 1 Ethernet Ports An Ethernet interface is a physical interface for connection to the local network or external networks En Note In the ex works state the Ethernet ports ETH1 and ETH2 are assigned to the standard bridge group bro which is configured as DHCP client and with the fallback IP ad dress 192 168 0 252 and Netmask 255 255 255 0 10 1 1 Port Configuration Your device allows you to configure the two Ethernet interfaces separately WI1040n Language English View Standard Y Online Help w11040n Port Configuration e a A Port Interface Configured Speed Mode Current Speed Mode eth jemo Full Autonegotiation a 100 mbps Full Duplex Ema jem FullAutonegotiation MS E oK FJI cancel Fig 51 Physical Interfaces gt Ethernet Ports gt Port Configuration bintec WLAN and Industrial WLAN The Physical Interfaces gt Ethernet Ports gt Port Configuration menu consists of the following fields Fields in menu Port Configuration Field Description Port Shows t
373. tes refer expressly to this fact Only update BOOTmonitor or Logic if Funkwerk Enterprise Communications GmbH explicitly recommends this Flash Your device saves its configuration in configuration files in the flash EEPROM Electrically Erasable Programmable Read Only Memory The data even remains stored in the flash when your device is switched off RAM The current configuration and all changes you set on your device during operation are 19 Maintenance Funkwerk Enterprise Communications GmbH stored in the working memory RAM The contents of the RAM are lost if the device is switched off So if you modify your configuration and want to keep these changes for the next time you start your device you must save the modified configuration in the flash memory before switching off Save Configuration button in the Funkwerk Configuration Interface navigation area This configuration is then saved in the flash in a file with the name boot When you start your device the boot configuration file is used by default Operations The files in the flash memory can be copied moved erased and newly created It is also possible to transfer configuration files between your device and a host via HTTP Configuration file format The file format of the configuration file allows encryption and ensures compatibility when restoring the configuration on the gateway in various system software versions This is a CSV format which can be read and mo
374. the DHCP client Possible values for Option e Time Server default value Enter the IP address of the time server to be sent to the client e DNS Server Enter the IP address of the DNS server to be sent to the client DNS Domain Name Enter the DNS domain to be sent to the client e WINS NBNS Server Enter the IP address of the WINS NBNS server to be sent to the client e WINS NBT Node Type Enter the type of the WINS NBT node to be sent to the client e TFTP Server Enter the IP address of the TFTP server to be sent to the client Several entries are possible Add new entries with the Add but ton 18 4 2 IP MAC Binding In the Local Services gt DHCP Server gt IP MAC Binding menu a list is shown of all cli ents that have received an IP address from your device via DHCP You can now allocate an IP address from a defined IP address pool to specific MAC ad dresses You can do this by selecting the Static Binding option in the list to convert a list entry as a fixed binding or you manually create a fixed IP MAC binding by configuring this in the New sub menu C Note You can only create new static IP MAC bindings if IP address ranges have been con figured in Local Services gt DHCP Server gt DHCP Pool 18 4 2 1 New Choose the New button to set up new IP MAC bindings WI1040n Language English v Online Help Logout DHCP Pool IP MAC Binding DHCP Relay Settings Basic
375. the Dime Manager in the basic configuration you will only be able to access your device over this IP address The device will no longer obtain an IP configuration dynamically over DHCP Use the following access data to configure your device in an ex works state e User Name admin e Password funkwerk ES Note All bintec devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthor ised use Make sure you change the passwords to prevent unauthorised access to your device How to change the passwords is described in Modify system password on page 22 4 1 2 Software update Your device contains the version of the system software available at the time of production More recent versions may have since been released You can easily perform an update with the Funkwerk Configuration Interface using the Maintenance gt Software amp Con figuration menu For a description of the update procedure see Software Update on page 24 4 2 System requirements For configuration your PC must meet the following system requirements e Microsoft Windows operating system Windows 2000 or higher e Internet Explorer 6 or 7 Mozilla Firefox Version 1 2 or higher e Installed network card Ethernet e DVD drive e TCP IP protocol installed see Configuring a PC on page 18 e High colour display more than 256 colours for correct representation of the graphi
376. the Phase 1 Profiles menu You can also select the profile marked as the default in Phase 1 Profiles None use Default Profile Phase 2 Profile For phase 2 select a profile already configured in the Phase 2 Profiles menu You can also select the profile marked as the Funkwerk Enterprise Communications GmbH 16 VPN Field Description default in Phase 2 Profiles None use Default Profile XAUTH Profile Select a profile created in VPN gt IPSec gt XAUTH profiles if you wish to use this IPSec peer XAuth for authentication If XAuth is used together with IKE Config Mode the transac tions for XAuth are carried out before the transactions for IKE Config Mode Number of Admitted Choose how many users can connect using this peer profile Connections i Possible values e One User default value Only one peer can be connected with the data defined in this profile e Multiple Users Several peers can be connected with the data defined in this profile The peer entry is duplicated for each connection request with the data defined in this profile Start Mode Select how the peer is to be switched to the active state Possible values e On Demand default value The peer is switched to the active state by a trigger e Always on The peer is always active Fields in the Advanced Settings Advanced IP Options menu Field Description Back Route Verify Select whether a check on the back route should be activated for the in
377. the availability of the remote terminal and can be configured independently on both sides This op tion is used to carry out a check at certain intervals depending on forthcoming data transfers Block Time Define how long a peer is blocked for tunnel setups after a phase 1 tunnel setup has failed This only affects locally initiated setup attempts Possible values are 1 to 86400 seconds 1 means the value in the default profile is used and 0 means that the peer is never blocked The default value is 30 NAT Traversal NAT Traversal NAT T also enables IPSec tunnels to be opened via one or more devices on which network address translation NAT is activated Without NAT T incompatibilities may arise between IPSec and NAT see RFC 3715 section 2 These primarily prevent the setup of an IPSec tunnel from a host within a LANs and behind a NAT device to another host or device NAT T enables these kinds of tunnels without conflicts with NAT device activated NAT is automatically detected by the IPSec Daemon and NAT T Field Description is used The function is activated with Enabled The function is enabled by default CA Certificates Only if Authentication Method DSA Signature RSA Sig nature or RSA Encryption If you enable the Trust the following CA certificates option you can select up to three additional CA certificates that are ac cepted for this profile This option can only be configured if certificates are loade
378. the mails The entry is limited to 40 characters SMTP Authentication Authentication expected by the SMTP server Possible values e None default value The server accepts and send emails without further authentication e ESMTP The server only accepts emails if the router is logged in with the correct user name and password e SMTP after POP The server requires that emails are called via POPS by the sending IP with the correct POP3 user name and password before sending an email User Name Only if SMTP Authentication ESMTP or SMTP after POP Enter the user name for the POP3 or SMTP server Password Only if SMTP Authentication ESMTP or SMTP after POP Enter the password of this user POP3 Server Only if SMTP Authentication SMTP after POP Enter the address of the server from which the e mails are to be retrieved POPS Timeout Only if SMTP Authentication SMTP after POP Enter how long the router must wait after the POP3 call before it is forced to send the alert mail Field Description The default value is 600 seconds 20 3 2 E mail Alert Recipient In the E mail Alert Recipient menu a list of syslog messages is displayed 20 3 2 1 New Choose the New button to create new e mail alert receivers ad a T Les g L E Language English View Standard t i L Save configuration E mail Alert Server E mail Alert Recipient Physicalinterfaces 7 Add Ect E mail Alert Recipi
379. thentication protocol is the same as the data of a listed remote terminal or RADIUS user your device accepts the incoming call bintec WLAN and Industrial WLAN wi1040n 4 pn Language English View Standard Online Help Logout 1040n z Authentication for PPP Dialin RADIUS TACACS Options Global RADIUS Options nband Outband CLID OK SC Cancel Fig 45 System Management gt Remote Authentication gt Options The System Management gt Remote Authentication gt Options menu consists of the following fields Fields in the Options Global RADIUS Options menu Field Description Authentication for PPP Dialin bintec WLAN and Industrial WLAN By default the following authentication sequence is used for in coming calls with RADIUS First CLID then PPP and then PPP with RADIUS Options e Inband Only inband RADIUS requests PAP CHAP MS CHAP V1 8 V2 i e PPP requests without CLID are sent to the RADIUS server defined in Server IP Address e Outband CLID Only outband RADIUS requests i e re quests for calling line identification CLID are sent to the RA DIUS server Inband is activated by default 9 System Management Funkwerk Enterprise Communications GmbH 9 6 Certificates An asymmetric cryptosystem is used to encrypt data to be transported in a network to gen erate or check digital signatures and the
380. tication Select whether your device receives requests from RADIUS server dialout routes This enables temporary interfaces to be configured automatically and your device can initiate outgoing connections that are not configured permanently The function is activated by choosing Enabled The function is disabled by default Field VENTO If the function is active you can enter the following options e Reload Interval Enter the time period in seconds between the update intervals The default entry here is 0 i e an automatic reload is not car ried out e Default User Password Some Radius servers require a user password for each RADIUS request Enter the password that your device sends as the default user password in the prompt for the dialout routes on the RADIUS server 9 5 2 TACACS TACACS permits access control for your device network access servers NAS and other network components via one or more central servers Like RADIUS TACACS is an AAA protocol and offers authentication authorisation and accounting services TACACS Accounting is currently not supported by bintec devices The following TACACS functions are available on your device e Authentication for login shell e Command authorisation on the shell e g telnet show TACACS uses TCP port 49 and establishes a secure and encrypted connection In the System Management gt Remote Authentication gt TACACS menu a list of all registered TACACS se
381. tication via a RADIUS server or TACAS server Certificates In this menu you can generate and import keys and have them certified Physical Interfaces Ethernet Ports In this menu you configure the Ethernet interfaces of your device To do this you select the speed and type of interface for example Serial Port This menu is for configuring the serial interface if one exists Relay In this menu you configure the relay r zZ IP configuration In this menu you carry out the IP configuration of the LAN inter faces for your device VLAN In this menu you configure the VLANs Wireless LAN WLAN In this menu you configure your wireless modules as an access point or bridge Administration In this menu you make the basic WLAN settings Funkwerk Enterprise Communications GmbH Wireless LAN Controller 7 Access and configuration Wizard Controller Configura tion Slave AP Configura tion Monitoring Maintenance Routing The Wizard helps you to set up a WLAN infrastructure In this menu you make the basic wireless LAN controller set tings In this menu you configure the slave access points In this menu you can monitor active and neighbouring clients In this menu you can update access point software and save any configurations Routes NAT RIP Load Balancing Multicast In this menu you enter additional routes In this menu you configure the NAT firewall NAT Network Ad d
382. ting gt Syslog gt Syslog Servers gt New menu consists of the fol lowing fields Fields in the Syslog Servers Basic Parameters menu Field Description IP Address Enter the IP address of the host to which syslog messages are passed Level Select the priority of the syslog messages that are to be sent to the host Possible values e Emergency highest priority e Alert O Cried cell error bintec WLAN and Industrial WLAN Field Description e Warning e Notice e Information default value e Debug lowest priority Syslog messages are only sent to the host if they have a higher or identical priority to that indicated e all messages generated are recorded at syslog level Debug Facility Enter the syslog facility on the host This is only required if the Log Host is a Unix computer Possible values loca10 7 The default value is 10ca10 Timestamp Select the format of the time stamp in the syslog Possible values e None default value No system time indicated e Time System time without date e Date amp Time System time with date Protocol Select the protocol for the transfer of syslog messages Note that the syslog server must support the protocol Possible values UDP default value TCP Type of Messages Select the message type Possible values e System amp Accounting default value e System e Accounting bintec WLAN and Industrial WLAN 20 2 IP Accounting
383. tion 2 2 o e 13 Chapter 4 Basic configuration o o 14 4 1 PresctidgS apar d da a AP Bee IA A 14 4 1 1 Preconfigured data o 14 4 1 2 Software update 2 e 15 4 2 System requirements 2 o o 16 4 3 Preparations s e soco c soca do narad ee we ee 16 4 3 1 Gathering datas 2 sig ek a o aa a de d 16 4 3 2 ConfiguringaPC e soso e os o torace noe d eo 18 4 4 IP configuration o a a a a 19 4 5 Modify system password aoa a a a a a a a 22 4 6 Setting up a wireless network 2 2 a 22 4 7 Setting up a bridge link 2 a a 23 4 8 Software Update 2 a a a a a 24 Chapter 5 Resets aristas riada ENEN Es 26 bintec WLAN and Industrial WLAN i Chapter 6 Technical data o eee eee eee 28 6 1 SCONE Of SUPPLY as fe us e a USA a a BMG 28 6 2 General Product Features a oa o e 2 4 30 6 3 LEDS Gui 24 34 RARA A AAA 39 6 4 Connectors yx ie o a iio e Da A he eh e Be 43 6 5 Antenna connectors for industrial WLAN devices with 802 11n support 45 6 6 Pin ASSIGNMONIS uti a EI os 46 6 6 1 Ethernet interface ee ee 46 6 6 2 Serialiidterface pri e A Be e T e 47 6 6 3 Socket for power supply 2 2 o 47 6 7 Frequencies and channels e eo 48 6 8 WEEE information 2 oaa eo 49 Chapter 7 Access and configuration 0 50 71 Access
384. tions can be several kilometres depending on the antennas used a Note Always use the antennas and antenna cables supplied with the equipment to prevent unintentional violations of the applicable law If you have special requirements e g re garding cable lengths please contact your dealer or Funkwerk Enterprise Communica tions GmbH Bridges are generally used to interconnect various LAN segments at Layer 2 of the OSI 7 layer model The special feature of bintec bridges is that the distances between these segments can be several kilometres without the necessity for a cable for these ranges If you operate a wireless port in Bridge mode this can only be used for a bridge link This means e The port has no network name e Wireless clients cannot log in associate to this port e There is no node table for this port as there are no clients e There is no Access Control List ACL for this port This port will only connect to the partner bridge port you have configured and also only ac cept connections from this port The bintec bridges have transmission rates far above the possibilities of the ISDN SO ISDN S2M or ADSL The high speed bridge bridge even surpasses standard Ethernet 10BaseT 10Base2 10Base5 N Caution Never connect two bridges that have set up a connection to each other with radio to the same LAN segment This leads to unavoidable overloading of your network and stops all network traffic Some of the poss
385. to be used as a desktop device 2 screws and 2 raw plug for fastening to the wall R amp TTE Compliance Informa tion printed User s Guide on DVD Safety notices bintec WI1040n Ethernet cable RJ 45 STP Serial cable D SUB9 3 external standard antennas Self adhesive feet to allow the device to be used as a desktop device Blind stops for SFP SD slot cover with screw 3 pole screw terminal bar for the power supply Companion DVD Quick Install Guide printed R amp TTE Compliance Informa tion printed User s Guide on DVD Safety notices bintec WLAN and Industrial WLAN Cable sets mains unit other Software Documentation 2 pole screw terminal bar for relay Mounting bracket for wall mounting 1 screw pin set Blind stops for Ethernet inter faces bintec WI2040n Ethernet cable RJ 45 STP Serial cable D SUB9 4 external standard antennas Self adhesive feet to allow the device to be used as a desktop device Blind stops for SFP SD slot cover with screw 3 pole screw terminal bar for the power supply 2 pole screw terminal bar for relay Mounting bracket for wall mounting 1 screw pin set Blind stops for Ethernet inter faces Companion DVD Quick Install Guide printed R amp TTE Compliance Informa tion printed User s Guide on DVD Safety notices bintec WI1065n Ethernet cable RJ 45 STP Serial cable D SUB9 3 e
386. tting for Operation Band Bandwidth Number of spatial streams and Wireless Mode different whole values in mbps will be available for se lection Burst Mode Activate this function to increase the transmission speed for 802 11g through frame bursting As a result several packets are sent one after the other without a waiting period This is par ticularly effective in 11b g mixed operation The function is activated with Enabled The function is disabled by default If problems occur with older WLAN hardware this function should not be active The Advanced Settings menu consists of the following fields Fields in the Wireless Modules Advanced Settings menu Field Description Channel Plan Select the desired channel plan The channel plan makes a preselection when a channel is se lected This ensures that no channels overlap i e a distance of four channels is maintained between the channels used This is useful if more access points are used with overlapping radio cells Funkwerk Enterprise Communications GmbH 13 Wireless LAN Controller Field Description Possible values e A11 All channels can be dialled when a channel is selected e Auto Depending on the region operation band wireless mode and bandwidth the channels that have a distance of 4 channels are provided e User Defined You can select the desired channels your self User Defined Channel Only for Channel Plan User defined Plan The currently se
387. tween networks can become unreachable RIP removes routes that are older than 5 minutes i e routes not verified in the last 300 seconds Garbage Collection Timer Route Timeout Routes learnt with triggered RIP are not deleted Your device supports both version 1 and version 2 of RIP either individually or together 14 3 1 RIP Interfaces In the Routing gt RIP gt RIP Interfaces menu a list of all RIP interfaces is shown 10401 WI1040n Language English View Standard online Heip Logout Save E P ation RIE Interfaces RIF Fitter RIP options Semio EE a None equal 5 xf i Go o z No Interface Send Version Receive Version Route Announce apenas A A A bro None None Up only el ln ST 1 el e Load Balancing Fig 94 Routing gt RIP gt RIP Interfaces bintec WLAN and Industrial WLAN 14 3 1 1 Edit For each RIP interface you can in the menu select the options Send Version Re ceive Versionand Route Announce WI1040n Language English View Standard Online Help w11040n RIP Interfaces RIP Filter RIP Options RIP Parameters for bro Send Version None S y eae jp Receive Version None hd Route Announce Up only OK JC Cancel Fig 95 Routing gt RIP gt RIP Interfaces gt The Routing gt RIP gt RIP Interfaces gt menu consists
388. u and have access to the options for configuration of the SSH login bintec WLAN and Industrial WLAN Online Help Logout 4 o EA Language Engish v wii040n Save configuration b Access SSH SNMP SSH Secure Shell Parameters CC im interface Mode Bridge i SSH Seint active J _ Enabled 3 Groups Compression Denabled Administrative Access AAA MS ema pois TAE aa E Le Certificates o Logging Level Information Authentication and Encryption Parameters Encryption Algorithms M3pEs Blowfish v AES 128 _JAES 256 Hashing Algorithms iMD5 4 SHA 1 RipeMD 160 Key Status i RSA Key Status Generated DSA Key Status Generated oK Cancel Fig 41 System Management gt Administrative Access gt SSH You need an SSH client application e g PUTTY to be able to reach the SSH Daemon If you wish to use SSH Login together with the PuTTY client you may need to comply with some special configuration requirements for which we have prepared FAQs You will find these in the Service Support section at www funkwerk ec com To be able to reach the shell of your device via an SSH client make sure the settings for the SSH Daemon and SSH client are the same Note If configuration of an SSH connection is not possible restart the device to initialise the SSH Daemon correctly The System Management gt Administrative Access
389. ues e incoming Destination NAT default value The data traffic that comes from outside e outgoing Source NAT The data traffic that goes out side e exclusive Without NAT The data traffic that is ex cluded from NAT NAT method Only for Type of traffic outgoing Source NAT Select the NAT method for outgoing data traffic The starting point for choosing the NAT method is a NAT scenario where an internal source host has initialized an IP connection to an ex ternal destination host over a NAT interface and where an in ternal valid source address and an internal valid source port are mapped to an external valid source address and an external valid source port Possible values e full cone only UDP Any external host may send IP pack ets to the initializing source address and the initial source port via external address and external port e restricted cone only UDP The same as full cone NAT for the external host howev er the initial external destina tion host must be used e port restricted cone only UDP The same as restric ted cone NAT but only data from the initial destination port are allowed e symmetric default value any protocol In outgoing direc tion an external valid source address and an external valid source port are administratively set In incoming direc tion only response packets within the es tablished connection are permitted Fields in the NAT Configuration Specify orig
390. uished Name Local ID Value Enter the ID of your device Funkwerk Enterprise Communications GmbH 16 VPN Field Description For Authentication Method DSA Signature RSA Signa ture or RSA Encryption the Use Subject Name from cer tificate option is shown If you enable the Use Subjectname from Certificate option the first alternative subject name indicated in the certificate is used or if none is specified the subject name of the certificate is used Note If you use certificates for authentication and your certific ate contains alternative subject names see Certificates on page 112 you must make sure your device selects the first al ternative subject name by default Make sure you and your peer both use the same name i e that your local ID and the peer ID your partner configures for you are identical Alive Check During communication between two IPSec peers one of the peers may become unavail able e g due to routing problems or a reboot However this can only be detected when the end of the lifetime of the security connection is reached Up until this point the data packets are lost These are various methods of performing an alive check to prevent this happening In the Alive Check field you can specify whether a method should be used to check the availability of a peer Two methods are available Heartbeats and Dead Peer Detection The Advanced Settings menu consists of the following fields Fields in the menu Ad
391. um number of sources that are specified in ver sion 3 reports and the maximum number of internally managed sources per group IGMP State Limit Enter the maximum permitted total number of incoming queries and messages per second The default value is 0 i e the number of IGMP status mes sages is not limited 14 6 QoS QoS Quality of Service makes it possible to distribute the available bandwidths effectively and intelligently Certain applications can be given preference and bandwidth reserved for them This is an advantage especially for time critical applications such as VoIP The QoS configuration consists of three parts e Creating IP filters e Classifying data e Prioritising data 14 6 1 QoS Filter IP filters are configured in the Routing gt QoS gt QoS Filter menu 14 6 1 1 New Choose the New button to define more IP filters bintec WLAN and Industrial WLAN WI1040n as m gt Language English View Standard w Online Help Logout QoS Filter aos Classification 008 Interfaces Policies Fig 104 Routing gt QoS gt QoS Filter gt New The Routing gt QoS gt QoS Filter gt New menu consists of the following fields Fields in the QoS Filter Basic Parameters menu Field Description s 12tp ah Chaos dont veri fy Basic Parameters y Description it Protocol j lo 8 Connection State Any y Destination IP A
392. unkwerk Enterprise Communications GmbH 13 Wireless LAN Controller Field Description e AES AES is used e AES and TKIP AES or TKIP is used WPA2 Cipher Only for Security Mode wPA PSK and WPA Enterprise and for WPA Mode wWPA2 and WPA and WPA2 Select the type of encryption you want to apply to WPA2 Possible values e AES default value AES is used e TKIP TKIP is used e AES and TKIP AES or TKIP is used Preshared Key Only if Security Mode WPA PSK Enter the WPA password Enter an ASCII string with 8 63 characters Note Change the default Preshared Key If the key has not been changed your device will not be protected against unau thorised access RADIUS Server You can control access to a wireless network via a RADIUS server With Add you can create new entries Enter the IP address and the password of the RADIUS server EAP Preauthentification Only if Security Mode WPA Enterprise Select whether the EAP preauthentification function is to be ac tivated This function tells your device that WLAN clients which are already connected to another access point can first carry out 802 1x authentication as soon as they are within range Such WLAN clients can then simply connect over the existing network connection with your device The function is activated by choosing Enabled The function is enabled by default Fields in the Virtual Service Sets MAC Filter menu Field Description ACL Mode Select whether
393. unting your device sends an accounting message to the RADIUS server at the end of each connection In the System Management gt Remote Authentication gt RADIUS menu a list of all re gistered RADIUS servers is displayed 9 5 1 1 Edit New Choose the yp icon to edit existing entries Choose the New button to add RADIUS serv ers K z Online Help Logout RADIUS TACACS Options E AA Basic Parameters Global Settings y ne interface Mode Bridge Authentication Type Authentication E Gos Serveri Address Administrative Access Remote Authentication RADIUS Secret eoccccce Certificates lt Priority ov Entry active 4 Enabled Group Description Default Group 0 Advanced Settings Policy Authoritative Y UDP Port ie p sewer Timeout OO Cts cons alive Check Venados 8 Reties o RADIUS Dialout Reload Interval fo seconds Default User Password eoceccee OK Cancel Fig 43 System Management gt Remote Authentication gt RADIUS gt New The System Management gt Remote Authentication gt RADIUS gt New menu consists of the following fields Fields in the RADIUS Basic Parameters menu Field VENTO Authentication Type Select what the RADIUS server is to be used for bintec WLAN and Industrial WLAN 9 System Management Funkwerk Enterprise Communications GmbH Field Value Poss
394. ur network to perform configuration tasks a Dynamic IP address In ex works state your device is set to DHCP client mode which means that when it is connected to the network it is automatically assigned an IP address if a DHCP server is run You can then access your device for configuration purposes using the IP ad dress assigned by the DHCP server For information on determining the dynamically assigned IP address please see your DHCP server documentation b Fallback IP address If you do not run a DHCP server you can connect your device directly to your configur ation PC and then reach it using the following predefined fallback IP configuration e IP Address 192 168 0 252 e Netmask 255 255 255 0 Make sure that the PC from which the configuration is performed has a suitable IP Funkwerk Enterprise Communications GmbH 4 Basic configuration configuration see Configuring a PC on page 18 c Assigning a fixed IP address You can use the Dime Manager to assign a new IP address and the required pass word to your device gt Note Please note If your device has obtained an IP address dynamically from a DHCP server operated in your network for the basic configuration the fallback IP address 192 168 0 252 is deleted automatically and your device will no longer function over this address However if you have set up a connection to the device over the fallback IP address 192 168 0 252 or have assigned an IP address with
395. uration is incorrect or if your device cannot be accessed you can reset the device to the ex works standard settings using the Reset button on the bottom of the device Practically al existing configuration data will then be ignored only the current user pass words are retained Configurations stored in the device are not deleted and can if required be reloaded when the device is rebooted For bintec W1002n proceed as follows 1 Switch off your device 2 Press the Reset button on your device 3 Keep the Reset button on your device pressed down and switch the device back on 4 Look at the LEDs Initially all LEDs illuminate The device runs through the boot sequence After the LED has flashed three times release the Reset button The Status LED flashes and the Eth 1 and Eth 2 LEDs illuminate if these exist for the ports that are connected to the Ethernet On devices of the WI series the red Failure LED flashes first Hold in the Cfg button un til the red LED goes out and the green Status LED starts to flash Proceed as follows if you also want to reset all the user passwords to the ex works state and delete stored configurations when resetting the device 1 Set up a serial connection to your device Reboot your device and monitor the boot sequence Start the BOOTmonitor as described in BOOTmonitor on page 72 and choose the 4 Delete configuration and follow the instructions or 2 Set up a serial connect
396. vailable for message au thentication of the SSH connection Funkwerk Enterprise Communications GmbH 9 System Management Field VENTO Possible options O MIDS e SHAI e RipeMD160 MD5 SHA 1 and RipeMD1 60 are enabled by default Fields in the SSH Key Status menu Field Value RSA Key Status Shows the status of the RSA key If an RSA key has not been generated yet Not Generatedis displayed in red and a link Generate is provided If you select the link the generation process is triggered and the view is up dated The status Generating is displayed in green When generation has been completed successfully the status changes from Generating to Generated If an error occurs during generated Not Generated and the Generate link are displayed again You can then repeat generation If the status Unknown is displayed generation of a key is not possible for example because there is not enough space in the FlashROM DSA Key Status Shows the status of the DSA key If a DSA key has not been generated yet Not Generatedis displayed in red and a link Generate is provided If you select the link the generation process is triggered and the view is up dated The status Generating is displayed in green When generation has been completed successfully the status changes from Generating to Generated If an error occurs during generated Not Generated and the Generate link are displayed again You can then repeat generation If the
397. vanced Settings Field Description Alive Check Select the method to be used to check the functionality of the IPSec connection In addition to the default method Dead Peer Detection DPD the proprietary Heartbeat method is implemented This sends and receives signals every 5 seconds depending on the config uration If these signals are not received after 20 seconds the SA is discarded as invalid Possible values e Autodetect default value Your device detects and uses 16 VPN Funkwerk Enterprise Communications GmbH Field Description the mode supported by the remote terminal e Down Your device sends and expects no heartbeat Set this option if you use devices from other manufacturers e Heartbeats Expect only Your device expects a heartbeat from the peer but does not send one itself e Heartbeats Send only Your device expects no heart beat from the peer but sends one itself e Heartbeats send amp expect Your device expects a heartbeat from the peer and sends one itself e Dead Peer Detection Use DPD dead peer detection in accordance with RFC 3706 DPD uses a request reply pro tocol to check the availability of the remote terminal and can be configured independently on both sides This option only checks the availability of the peer if data is to be sent to it e Dead Peer Detection Idle Use DPD dead peer de tection in accordance with RFC 3706 DPD uses a request reply protocol to check
398. vice List In addition the service groups configured in Firewall gt Ser vices gt Groups can be selected Action Select the action to be applied to a filtered packet Possible values e Access default value The packets are forwarded on the basis of the entries e Deny The packets are rejected e Reject The packets are rejected An error message is is sued to the sender of the packet Apply QoS Only for Action Access Select whether you want to enable QoS for this policy with the priority selected in Data Traffic Priority The function is activated with Enabled The option is deactivated by default Field Description If QoS is not activated for this policy bear in mind that the data cannot be prioritised on the sender side either A policy for which QoS has been enabled is also set for the fire wall Make sure therefore that data traffic that has not been ex pressly authorised if blocked by the firewall Priority Only for Apply QoS enabled Select the priority with which the data specified by the policy is handled on the send side Possible values None default value No priority e Low Latency Low Latency Transmission LTT i e hand ling of data with the lowest possible latency e g suitable for VoIP data e High e Medium e Low 17 1 2 QoS More and more applications need increasingly larger bandwidths which are not always available Quality of Service QoS makes it possi
399. vidual hosts the resolution of domain names and certain routes 19 1 1 Ping Test WI1040n Language English View Standard Online Help wi on Ping Test DNs Test Traceroute Test Ping Test z a Test Ping Address A Output 7 7 o T Software amp Configuration Fig 156 Maintenance gt Diagnostics gt Ping Test You can use the ping test to check whether a certain host in the LAN or an internet address can be reached The Output field shows the ping test messages The ping test is started by entering the IP address to be tested in Test Ping Address and clicking on the Go but ton bintec WLAN and Industrial WLAN 19 1 2 DNS Test Wion A wi1040n Test f Traceroute Test DNS Test DNS Address Output ie Go Fig 157 Maintenance gt Diagnostics gt DNS Test The DNS test is used to check whether the domain name of a particular host is correctly re solved The Output field shows the DNS test messages The DNS test is started by enter ing the domain name to be tested in DNS Address and clicking on the Go button 19 1 3 Traceroute Test wito4on PE wi1040n Traceroute Test Traceroute Address Output Go Fig 158 Maintenance gt Diagnostics gt Traceroute Test bintec W
400. visioning of Wireless Access Points Protocol for any communication between mas ters and slaves In smaller WLAN infrastructures with up to six APs one of the AP s assumes the master function and manages the other AP s as well as itself In larger WLAN networks a gateway e g such as a R1202 assumes the master function and manages the AP s Provided the controller has located all of the APs in its system each of these shall re ceive a new passport and configuration in succession i e they are managed via the WLAN controller and can no longer be amended externally With the bintec WLAN controller you can e automatically detect individual access points APs and connect to a WLAN network e Load the system software into the APs e Load the configuration into the APs e Monitor and manage APs 13 1 Wizard The Wizard menu offers step by step instructions for the set up of a WLAN infrastructure The Wizard guides you through the configuration When you select the Wizard you will receive instructions and explanations on the separate pages of the Wizard Cer Note We highly recommended that you use the Wizard when initially configuring your WLAN infrastructure 13 1 1 Basic Setup Here you can configure all of the various settings that you require for the actual wireless LAN controller 13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH The wireless LAN controller uses the following settings Region Sel
401. w GRE tunnels ales ta v WI 040n E Language English View Standard Online Help Logout aoi GRE Tunnels Basic Parameters 7 Description Local GRE IP Address Remote GRE IP Address Default Route E Tenabled Local IP Address Mea F Ranas P Address Netmask f Route Entries I i a MTU C o Use key Enabled ps C OK gt Cancel Fig 123 VPN gt GRE gt GRE Tunnels The VPN gt GRE gt GRE Tunnels menu consists of the following fields Fields in the GRE Tunnels Basic Parameters menu Field Description Description Enter a description for the GRE tunnel Local GRE IP Address Enter the source IP address of the GRE packets to the GRE partner If no IP address is given this corresponds to IP address 0 0 0 0 the source IP address of the GRE packets is selected automatically from one of the addresses of the interface via which the GRE partner is reached Remote GRE IP Ad Specify the destination IP address of the host or network to dress which the packets are to be sent through the GRE tunnel Default Route If you enable the Default Route all data is automatically routed to one connection The function is disabled by default Local IP Address Enter the IP address to be used as the source address for this GRE connection bintec WLAN and Industrial WLAN Field Description Route Entries Defin
402. wse to select it from the file browser Enter a unique description for the CRL Local Certificate De scription File Encoding Select the type of encoding so that your device can decode the CRL Possible values e auto default value Activates automatic code recognition If downloading the CRL in auto mode fails try with a certain type of encoding e Base64 e Binary Password Enter the password to be used for the import 9 6 3 Certificate Servers In the System Management gt Certificates gt Certificate Servers menu a list of all certi ficate servers is shown A certificate server provides for certificate revocation lists CRL that are used by the device to verify certificates via LDAP or HTTP 9 6 3 1 New Choose the New button to set up new certificate servers bintec WLAN and Industrial WLAN Basic Parameters Description oae URL Path idap Fig 50 System Management gt Certificates gt Certificate Servers gt New The System Management gt Certificates gt Certificate Servers gt New menu consists of the following fields Fields in the Certificate Servers Basic Parameters menu Field Description Description Enter a unique description for the certificate server LDAP URL Path Enter the LDAP URL of the server bintec WLAN and Industrial WLAN Chapter 10 Physical Interfaces In this menu you configure the physical in
403. xternal standard antennas Blind stops for SFP SD slot cover with screw 3 pole screw terminal bar for the power supply 2 pole screw terminal bar for Companion DVD Quick Install Guide printed R amp TTE Compliance Informa tion printed User s Guide on DVD Safety notices Cable sets mains unit other Software Documentation relay 1 screw pin set Blind stops for Ethernet inter faces 4 threaded caps for antennas bintec WI2065n Ethernet cable RJ 45 STP Companion Quick Install Guide printed DVD Serial cable D SUB9 R8TTE Compliance Informa tion printed 4 external standard antennas User s Guide on DVD Blind stops for SFP Safety notices SD slot cover with screw 3 pole screw terminal bar for the power supply 2 pole screw terminal bar for relay 1 screw pin set Blind stops for Ethernet inter faces 4 threaded caps for antennas One set of rubber seals for cable bushings 6 2 General Product Features The general product features cover performance features and the technical prerequisites for installation and operation of your device The features are summarised in the following table General Product Features bintec W1002n Property Value bintec W1002n One internal wireless module 3 external antennas Dimensions and weights Equipment dimensions without cable 163 mm x 168 mm x 50 mm bintec WLAN and Industrial WLAN
404. y for Custom disabled Enter the organisation according to CA Locality Only for Custom disabled Enter the location according to CA State Province Only for Custom disabled Enter the state province according to CA Country Only for Custom disabled Field Description Enter the country according to CA The Advanced Settings menu consists of the following fields Fields in the Advanced Settings Subject Alternative Names menu Field Description 1 2 3 For each entry define the type of name and enter additional subject names Possible values e None default value No additional name is entered e IP An IP address is entered e DNS A DNS name is entered e Email An e mail address is entered e URI A uniform resource identifier is entered e DN A distinguished name DN name is entered e RID A registered identity RID is entered Fields in the Advanced Settings Options menu Field Description Autosave Mode Select whether your device automatically stores the various steps of the enrolment internally This is an advantage if enrol ment cannot be concluded immediately If the status has not been saved the incomplete registration cannot be completed As soon as the enrolment is completed and the certificate has been downloaded from the CA server it is automatically saved in the device configuration The function is activated with Enabled The function is enabled by default 9 6 1 3 I
405. your device is possible Method of operation A Status Daemon collects information about your device and transfers it as UDP packets to the broadcast address of the first LAN interface default setting or to an explicitly entered bintec WLAN and Industrial WLAN IP address One packet is sent per time interval which can be adjusted individually to val ues from 1 60 seconds Up to 100 physical and virtual interfaces can be monitored provided the packet size of 4096 bytes is not exceeded The Activity Monitor on your PC receives the packets and can display the information contained in them in various ways ac cording to the configuration Activate the Activity Monitor as follows e configure the relevant device s to be monitored e Start and configure the Windows application on your PC you can download BRICKware for Windows to your PC from the download area at www funkwerk ec com and from there import it to your device 20 5 1 Options WI1040n PY Language English Online Help Logout wi1040n Options Basic Parameters 3 Monitored Interfaces None OPhysical O Physical WANVPN Send information to All IP Addresses Broadcast Update Interval 5 Seconds UDP Destination Port 2107 Password C OK pin Cancel Fig 168 External Reporting gt Activity Monitor gt Options The External Reporting gt Activity Monitor gt Options menu consists of the following
406. your device Once an access point has been discovered certain basic parameters node name IP address netmask and device address can be configured on the access point provided you know the administrator password En Note Any bintec access points that exist are determined by means of a multicast The IP address of the access point is therefore irrelevant Please note that the discovered bintec access points are not stored in the flash which means discovery must be repeated after you reboot your device In the Local Services gt Funkwerk Discovery gt Device Discovery menu under Res ults a list is shown of all access points found on the network In the Interface field select the interface of your device via which access point discovery is to be carried out You use the A11 option to query all interfaces The current discovery status is displayed for each individual interface under Discovery Status None means that discovery is not active Discovery is displayed when discovery is currently being carried out This discovery function also enables your device to be discovered and configured by other access points with a discovery function You configure this in the Options sub menu 18 7 1 1 Discover Choose the Discover button to start bintec access point discovery ra et 3 Ves seis a one ano D y Optio s Automatic Retresh interval 50 Seconds
407. ype of response to DNS requests Possible values e Negative A DNS request for Name is answered with a negative response e Positive default value A DNS request for Name is answered with the associated IP Address e None A DNS request is ignored no answer is given IP Address Only if Response Positive Enter the IP address assigned to Name TTL Enter the the time for which the assignment of Name to IP Ad dress is to be valid in seconds only relevant if Response Positive that is transferred to requesting hosts The default value is 86400 24 h 18 1 3 Domain Forwarding In the Local Services gt DNS gt Domain Forwarding menu a list of all configured for warding for defined domains is shown 18 1 3 1 New Choose the New button to set up new forwardings bintec WLAN and Industrial WLAN WI1040n Language English Online Help Logout Global Settings Static Hosts Domain Forwarding Cache Statistics Forwarding Parameters Forward Host O Domain Host Forward to Interface ODNS Server Interface Automatic 4 OK D Cancel Fig 135 Local Services gt DNS gt Domain Forwarding gt New The Local Services gt DNS gt Domain Forwarding gt New menu consists of the follow ing fields Fields in the Domain Forwarding Forwarding Parameters menu Field Description Forwarding Select whether a host or domain is to be forwa
408. ytes ok C Cancel 3 Mode Access Point bintec _ Language English View Standard Online Help Logout 7 m WI1040n w11040n Wireless Settings Operation Mode Access Client Client Mode infrastructure O Ad Hoc Operation Band 24G 7 e IEEE 802 11d Compliance Flexible Ml y Channel IE o EX selected Channel 6 Used Secondary Channel 0 a 3 Bandwidth i g 40 MHz Number of Spatial Streams an Transmit Power Max Performance Settings Wireless Mode 802 11b g n_ F max Transmission Rate j An S E Burst Made i gt Enabled 3 Advanced Settings C ok y Cancel Fig 62 Wireless LAN WLAN Radio Settings pl for Operation Mode Access Client The Wireless LAN gt WLAN gt Radio Settings Settings gt p menu consists of the fol lowing fields Fields in the Radio Settings Wireless Settings menu Field Description Define the mode in which the wireless module of your device is to operate Operation Mode Possible values e off default value The wireless module is not active e Access Point Your device is used as an access point in your network e Access Client Your device serves as an Access Client in your network e Bridge Your device is used as a wireless bridge in your net work Client Mode Only for Operating Mode Access Client Possible values
Download Pdf Manuals
Related Search