Brother 5050 Printer User Manual
Contents
1. m jet m EL m m m EL m ao m EL m ao m a m CL m EL m m m EL m m m eu m oa m EL m ao m EL m ee m EL m m m oa m jet m E m ao m m jet m m m oa m EL m m m EL 1 L z Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete Delete melee gt View the translation rules of a game or application click the name of the rule gt Change the translation rules of a game or application click the Edit link of the game or application gt Remove a game or application from your SpeedTouch click the Delete link of the game or application E DOC CTC 20051017 0151 v1 0 S D e d to LU C hn Chapter 4 Basic Configuration 4 9 4 Accessing the Game or Application Definition page Overview Configure Game or Application Definition Proceed as follows to access the Game or Application Definition page 1 In the Toolbox menu click Game amp Application Sharing 2 In the Pick a task list click Modify a game or application 3 Cli2. Re start Click the Restart button to restart the SpeedTouch and activate the software module A progress bar will show indicating the time needed S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Introduction Topics E DOC CTC 20051017 0151 v1 0 Chapter 7 Troubleshooting Troubleshooting This chapter suggest solutions for problems you may encounter while installing or configuring y our SpeedTouch If the suggestions do not resolve the problem look at the support pages on http www speedtouch com support or contact your service provider For Internet connection troubleshooting refer to the provided Installation and Setup Guide In this chapter gt General SpeedTouch Troubleshooting gt UPnP on Windows XP Systems gt Reset to Factory Defaults Speedtouch 187 Chapter 7 Troubleshooting 7 1 speedTouch does not work speedTouch unreachable Poor SpeedTouch performance 188 General SpeedlTouch Troubleshooting If none of the LEDs light up make sure that gt The SpeedTouch is plugged into a power socket outlet gt You are using the correct power supply for your SpeedTouch device The power requirements for your SpeedTouch are clearly indicated V on the identification label on the bottom of the SpeedTouch gt The SpeedTouch is turned on via the rocker switch at the back panel If your SpeedTouch is cannot be reach
3. S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Pee Introduction Wireless client requirements E DOC CTC 20051017 0151 v1 0 Wireless Ethernet The SpeedTouch 608 WL 620W i Fi certified IEEE 802 11g compliant wireless access point allows multiple computers to connect wirelessly to your local network over the SpeedTouch Wireless LAN environment The SpeedTouch is backward compatible with IEEE 802 11b which means 802 11b and 802 11g devices can coexist in the same wireless network The Wireless Distribution System WDS on your SpeedTouch allows you to extend the range of your wireless network To be able to use WDS you will need to introduce an additional WDS enabled access point into your wireless network To be able to connect the computers make sure that a wireless client adapter WLAN client is installed on each computer you want to connect via the WLAN All wireless client adapters compliant to 802 11g and or 802 11b can communicate with the SpeedTouch and other members of the SpeedTouch W LAN environment However be aware that only 802 11g compliant wireless clients are able to gain full profit of the 54 Mb s Max bandwidth delivered by the SpeedTouch It is highly recommended to use only wireless client adapters that are Wi Fi certified to ensure smooth interoperability with the SoeedTouch s WLAN Speedtouch Chapter 2 Local Network Setup Chapter 2 Local Network Setu
4. Sent Received KB KB Internet e Yiew more Link Status Type Last Error Message Pick a task Speedtouch Help 0 days 4 19 19 640 6 144 0 00 0 00 Leen Disconnected PPPoE None Check connectivity to the Internet nc THOMSON BRAND If you configured a dial up connection you can establish terminate the connection by clicking Connect Disconnect Speedtouch E DOC CTC 20051017 0151 v1 0 4 4 1 Introduction Checking your Internet connectivity Analysing the test results E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration Connectivity Check On this page you can perform a connectivity check on an Internet service of your SpeedTouch The following message appears Connectivity Check This page enables you to perform a connectivity check on an Internet service of your SpeedTouch Choose an Internet service and click the button ta launch the tests Internet Service ta Check Internet Check Connectivity Proceed as follows 1 In the left menu click Broadband Connection 2 In the Pick a task list click Check connectivity to the Internet 3 In the Internet Service to Check list click the Internet service that you want to check 4 Click Check Connectivity The SpeedTouch lists the test results in the Test Results list If the test is successful you will get a list of green check marks Otherwise a red cross will indicate which tests ha
5. It is highly recommended to use the application oriented web pages for VPN configurations Only in exceptional cases these pages will not be sufficiently flexible to fulfil your requirements Only in these cases the Advanced VPN menu should be used Configuring an operational IPSec connection basically consists of the definition of a Peer Profile and a Connection Profile The Peer represents the remote Security Gateway and all the parameters required to set up an IKE Security Association to this Security Gateway A Connection represents the IPSec connection and all its associated parameters All parameters of an IPSec configuration can be adjusted so the functionality of these web pages corresponds to the Command Line Interface CLI Choices have to be made in accordance to the data known to the user and the VPN layout The Advanced VPN menu should be used by skilled persons only as these o pages allow you to manually adjust configuration components that are in general automatically generated by the SpeedTouch Therefore take care when altering settings in the Advanced VPN menu speedtouch Chapter 5 Expert Configuration 9 7 6 Debug Status page This page shows the status of the IKE Security Association Phase 1 and the IPSec Security Association s Phase 2 For an operational VPN connection both an IKE Security Association and an IPSec Security Association should be active Statistics page This page shows the amoun
6. The purpose of this page is to centralise the management of all SpeedTouch embedded Services and Applications or otherwise stated all internal modules and engines of the SpeedTouch that accept relay or initiate IP traffic The SpeedTouch Service table provides an overview of registered services and some additional information a a de et Fort RemoteIP b 2 IT PPTP VPN group auto any any any e ff ONS Client dent udp auto Sa any any e IT Simple Network Tim clent udp auto 123 any any e Ping using ICMP fo Cent icmp auto 5 any any e Ping using UDP for dent udp auto a any any e TraceRoute using I Cent icmp auto fa any any e i TraceRoute using U dent udp auto 33434 any any e System Logging Eve dent udp auto 514 any any e ff HTTP web server server tcp a0 a0 lan any e ff HTTP web server ov server tcp 443 443 lan any b HTTP intercept proxy proxy tcp auto BO lani 8080 any any e fv File Transfer server tcp 1 1 lan any e W virtual Terminal server tcp 23 23 lan any e Routing Informatio peer udp auto gs20 s20 any any e IT Handles the rip qu server udp s20 s20 any any e ff ONS Server relay udp auto 53 53 lan any Le L Dynamic ONS group auto any any any b DHCP Server server udp 49152 49152 any any e TI Rx snmp GET SET a server udp 161 161 lan any e Send snmp traps to dent udp auto any any any e Simple Service Dis server udp auto 1900 1900 any any e Setup
7. gt User Management Allows you to manage the users configured on your SpeedTouch The Toolbox page The Toolbox page gives you an overview of the available services and their current status You can click on the names of these services to go to the corresponding Web page Speedtouch Administrator Help Home gt Toolbox SpeedTouch Toolbox Your SpeedTouch device offers multiple services Broadband Connection Those services enable you to protect your network to ease sharing of games and applications with other people on the Internet or manage your local network Remote Assistance Game amp Application Sharing Remote Assistance Game amp Application Sharing Disabled UPnP Enabled Web Site Filtering Web Site Filtering Firewall Firewall Intrusion Detection Address Filtering Enabled Content Filtering Disabled Security Level Disabled Dynamic DNS Intrusion Detection Dynamic DNS User Management Enabled Disabled Office Network User Management Expert Mode Logged In As Administrator Switch User eee THOMSON BRAND E DOC CTC 20051017 0151 v1 0 S D e d tO U C h 57 Chapter 4 Basic Configuration 4 5 1 Remote Assistance Enabling Remote The Remote Assistance page allows you to make your SpeedTouch accessible for Assistance remote support Remote Assistance Remote assistance is currently disabled By clicking on the Enabl
8. To delete an IP route 1 Select the IP route you want to delete 2 Click Delete An IP prefix is the combination of an IP address and sub net mask and e g 192 6 11 150 24 Speedtouch 127 Chapter 5 Expert Configuration Chapter 5 Expert Configuration 5 3 9 RIP Overview The RIP web page contains three tabs gt gt gt Configuration Interfaces Neighbours Configuration Neighbours RIP settings details RIP status D RIP version aey f Default metric Poo H Update time 1 3600 seconds wooo Timeout time 1 3600 seconds Dm 000t sCsi Csi i i s S Garbage time 1 3600 seconds E Configuration The Configuration section allows you to enable disable the SoeedTouch RIP functionality and configure the some basic RIP settings Interfaces The RIP Interfaces table allows you to configure interface specific RIP settings such as gt gt Override the master RIP status enable disable Override the master RIP version separately for receiving and sending RIP messages Specify whether authorization is needed or not and if so the required authorization string Specify whether routed must be included in RIP updates sent to a gateway from which the updates were learned Specify whether the interface should transmit RIP updates or not Neighbours Optionally the RIP Neighbours table allows you to define one or more RIP neighbours This
9. Configure your SpeedTouch via HTTP or HTTPS For more information see 1 2 1 Access via the Web Interface on page 7 Fine tune your SpeedTouch configuration For more information see 1 2 2 Access via CLI on page 8 Back up and restore data on your SpeedTouch For more information see 1 2 3 Access via FTP on page 10 Allow a remote user to help you configuring your SpeedTouch For more information see 1 2 4 Remote Assistance on page 13 E DOC CTC 20051017 0151 v1 0 Chapter 1 Getting to know your SpeedTouch 1 2 1 Access via the Web Interface To access the Proceed as follows Speediouch via the 4 Open a Web browser Web interface 2 In the address bar type your SpeedTouch s IP address or DNS host name http speedtouch lan or 192 168 1 254 by default 4 You can access the pages via HTTP or HTTPS For remote assistance the secure version HTTPS is used in combination with certificates Simply provide your ISP with the link as shown user name and password before he can log on to the pages For more information see 1 2 4 Remote Assistance on page 13 The SpeedTouch Home page appears from where you can navigate to all the configurable aspects of the SpeedTouch For more information on the Web pages see 4 Basic Configuration on page 35 EN Speedtouch Chapter 1 Getting to know your SpeedTouch 1 2 2 Access via CLI
10. Speedtouch Speed Touch 6035 608 608 WL 620 Wireless Business DSL Routers Lil User s Guide A 93 THOMSON BRAND ES opeed Touch 603 008 608 WL 620 User s Guide Speedtouch Copyright Copyright 1999 2005 THOMSON All rights reserved Distribution and copying of this document use and communication of its contents is not permitted without written authorization from THOMSON The content of this document is furnished for informational use only may be subject to change without notice and should not be construed as a commitment by THOMSON THOMSON assumes no responsibility or liability for any errors or inaccuracies that may appear in this document Thomson Telecom Belgium Prins Boudewijnlaan 47 B 2650 Edegem Belgium www speedtouch com Trademarks The following trademarks are used in this document gt SpeedTouch is a trademark of THOMSON gt Bluetooth word mark and logos are owned by the Bluetooth SIG Inc gt Ethernet is a trademark of Xerox Corporation gt Wi Fi and the Wi Fi logo are registered trademarks of the Wi Fi Alliance Wi Fi CERTIFIED Wi Fi ZONE Wi Fi Alli ance their respective logos and Wi Fi Protected Access are trademarks of the Wi Fi Alliance gt UPnP is a certification mark of the UPnP Implementers Corporation gt Microsoft MS DOS Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corpo ration i
11. System Information page see 4 3 1 Information on page 44 gt The SpeedTouch Diagnostics task see 4 4 1 Connectivity Check on page 53 E DOC CTC 20051017 0151 v1 0 S D e e d tO U C h 31 Chapter 3 Internet Connectivity Dial In Clients Chapter 3 Internet Connectivity Dial In Clients Terminating an Internet Proceed as follows to close an active PPP connection session 4 2 Go to the SpeedTouch Web pages Click Disconnect at the appropriate broadband connection The SpeedTouch embedded PPP dial in client closes the Internet connection The Internet Link status changes to Disconnected and your computer is offline S D e d tO U C n E DOC CTC 20051017 0151 v1 0 3 2 Internet Gateway Device Control Agent Introduction Windows XP users can easily establish PPP sessions thanks to the Windows XP Internet Gateway Device IGD Discovery and Control Client that allows you to control the SpeedTouch directly from you computer The IGD Control Client only allows to connect or disconnect a fully configured connection Preconditions Make sure that gt gt The following subcomponents of the Windows XP Networking Services are added to your Windows XP system gt UPnP see SpeedTouch not detected by UPnP or IGD Control Client on page 192 gt IGD Discovery and Control Client see Adding IGD Discovery and Control on page 193 UPnP is enabled on
12. To add an NIP server 1 Click New if an entry is currently selected click Cancel first 2 Type the host name or IP address of the NTP server You can check the Internet for free accessible real time NTP servers 3 Select the NTP version 1 2 3 or 4 This information is most likely provided with the NTP server s IP address 4 Click Apply You can add multiple NTP servers This ensures that the SpeedTouch SNTP client will always be able to contact at least one NTP server to synchronize the SpeedTouch real time clock with You can manually configure the SpeedTouch s real time clock in case no connection to an NTP server ts available To manually configure the Speed Touch real time clock 1 Type the current Date day month year 2 Type the current Time hours minutes seconds in 24 hour clock 3 Select the Time Zone suiting your physical regional location 4 Select Daylight saving to adjust the SpeedTouch real time clock to daylight saving time if used in your region d Click Apply to apply the time settings to the SpeedTouch real time clock S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Ies Overview Ping Add delete a ping test Modifpingestproperties E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration SLA The Service Level Agreement SLA page allows you to view and configure ping and traceroute tests Ping Traceroute Test TT Owners Target Address St
13. system logging engine System Update manage various kinds of system configuration files and to perform a system upgrade SpeedTouch Services view configure existing SpeedTouch services or to add new ones SNTP view configure SpeedTouch s real time clock engine SL access the SpeedTouch Service Level Agreement SLA facilities Add on add new or extend existing functionality of your SpeedTouch via software key activation S D e d tO U C n E DOC CTC 20051017 0151 v1 0 0 2 1 Introduction E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration Easy Setup Click Easy Setup to start the SpeedTouch Easy Setup wizard The Easy Setup wizard provides an easy way to prepare the SpeedTouch for Internet connectivity Depending on the installed wizard templates see Manage configuration files on page 111 for more information you can select from one or more semi automatic scripts helping you to fully configure most aspects of the SpeedTouch with a minimum of effort and risk of wrong or insufficient configurations SpeedTouch 620 0436DT01N Microsoft Internet Explorer provided Ioj x iS speedtouch Welcome to the SpeedTouch Easy Setup This wizard helps you configure your SpeedTouch To continue click Next EH MSON BRAND speedtouch lt Back Next gt Cancel speedtouch Chapter 5 Expert Configuration 9 2 2 system Information O
14. 4 Expressions are also used by the SpeedTouch Stateful Inspection Firewall Interface The Interface section bundles all expressions that express a relation based on Interfaces The Expressions table provides following information per expression gt The Name of the expression gt ASummary of the expression s configuration gt For more detailed information you can expand the expression click D Adding an interface To add a new interface related expression related expression 4 Click New 2 In the Interface Expressions Properties table gt Type a Name for the expression gt Select the Interface group the expression should relate to For negative logic select Not gt Select the interface the expression should relate to An interface is the connection between the SpeedTouch and one of his attached networks For negative logic select Not 3 Click Apply E DOC CTC 20051017 0151 v1 0 S D e d to LU C hn Chapter 5 Expert Configuration Adding an IP related expression Service Adding a service related expression The IP section bundles all expressions that express a relation based on IP addresses The Expressions table provides following information per expression gt The Name of the expression gt ASummary of the expression s configuration gt For more detailed information you can expand the expression click To add a new IP related expression 1 Click New 2 Inthe IP Expressi
15. Devices Allows you the view configure the devices detected on your local network gt Interfaces Allows you to view configure the interfaces that are available on the SpeedTouch The Office Network page gives you an overview of your SpeedTouch network Speedtouch Administrator Help Home gt Office Network SpeedTouch S e Broadband Connection T WI Toolbox faa Office Network t i Wireless L wean S peedTouchi23456 ir HA E Ethernet ethport1 100Mbps ethport2 100Mbps ethport3 100Mbps ohn Devices Interfaces Expert Mode f S sg A nc THOMSON BRAND If you click on a wireless client you can ethport4 100Mbps gt View the wireless client s network settings gt Configure the wireless client s network settings by clicking Configure Speedtouch E DOC CTC 20051017 0151 v1 0 4 6 1 Devices Overview The Overview page gives you an overview of the devices that are currently connected to the SpeedTouch network Click on a device name to get more information on a specific device Local Network Devices e Detected Device s The table below contains the list of devices the SpeedTouch detected on your local network Click on a device name to get more information on a device Name IP Address Interface T speedtouch 192 168 1 254 Ween 192 168 1 64 E ethportz d The detected device dsldevice is the SpeedTouch itself Confi
16. Select The name of the destination IP expression You can also type an IP address gt Service The service or protocol e g smtp http telnet gt Flags gt Enable To enable the rule or not gt Log To log the actions concerning this rule You can see the result in Firewall gt Log gt Action gt Accept The connection is accepted gt Deny Send to the sender that the packet could not be delivered gt Drop The packet is silently discarded Reset Reset of the connection gt Count Counts the number of connections that match the rule description Contrary to other actions this action does not stop further parsing of the firewall rules database The results are shown in the Hits column 6 Click Apply Speedtouch 173 Chapter 5 Expert Configuration Chapter 5 Expert Configuration D Click Set Active to activate the new settings 174 S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration 9 6 2 Log Introduction E DOC CTC 20051017 0151 v1 0 The Log page allows you to view log messages when a firewall rule is hit the firewall is enabled or disabled a firewall rule is created gt gt the firewall level is changed gt gt a firewall rule is modified a firewall rule is deleted System Up Time 00 02 33 since power on View Mode al lagged messaqes stop AutoRetresh System UpTime Message Contents
17. Service Name Routed PPPoE on 0 35 and 8 35 Time Since Power on 0 days 4 18 58 Update Broadband Connection Pick a task Toolbox B Office Network s Expert Mode Set Up Update Restart Return to Factory Default Settings View event logs Check connectivity to the Internet ae THOMSON BRAND VIII E DOC CTC 20051017 0151 v1 0 S D e d to LU C hn Chapter 4 Basic Configuration 4 3 1 Information Information The Information page summarizes important information on your SpeedTouch You may need this information when you contact your helpdesk System Information This page summarizes important information on your SpeedTouch You may need this information when i you contact your helpdesk Product Name SpeedTouch X Serial Number 045207108 Software Release XM Software Variant AA Boot Loader Version 1 0 16 Product Code 35723430 Board Name BANT K eee S D e d tO U C n E DOC CTC 20051017 0151 v1 0 4 3 2 Easy Setup Wizard E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration opeedTouch Easy Setup The Easy Setup Wizard helps you to configure your Speed Touch Internet connection Proceed as follows to configure the SpeedTouch using the SpeedTouch Easy Setup wizard 1 In the left menu click SpeedTouch 2 Inthe Pick a task list click Set up The Easy Setup wizard will now guide you through the configuration of your SpeedTouch Speed
18. Your Windows XP system is able to discover and control Internet Gateway Devices IGD like the SpeedTouch on your local network Therefore it is recommended to add the IGD Discovery and Control client to your system Proceed as follows 1 On the Windows taskbar click Start 2 Select Settings gt Control Panel gt Add or Remove Programs 3 In the Add or Remove Programs window click Add Remove Windows Components The Windows Components Wizard appears Windows Components Wizard Windows Components You can add or remove components of Windows xP To add of remove a component click the checkbox A shaded box means that only part of the component will be installed To see what s included in a component click Details Components wi W MSN Explorer Networking Services L ay Other Network File and Print Services E Update Root Certificates Description Contains a variety of specialized network related services and protocols Total disk space required 0 0 MB Gest Space available on disk 2386 9 MB Dep 4 Select Networking Services in the Components list and click Details 5 In the Networking Services window Select Internet Gateway Device Discovery and Control Client and click OK Networking Services To add or remove a component click the check box A shaded box means that only part of the component will be installed To see what s included in a component click Details Subcomponents of
19. gt Server The SpeedTouch IP address used as DHCP server address applicable for SpeedTouch multi homing gt Primary DNS Server The IP address of the primary DNS server gt Secondary DNS Server The IP address of the secondary DNS server The table header shows following pool properties in addition gt State the current DHCP server s address pool state gt PPP the PPP interface used to fill the DHCP server s address pool dynamically dynamic pools only Two kinds of DHCP server address pools can be envisaged Static address pools gt Dynamic address pools Static address pools are configured manually by the user state static on the other hand dynamic pools are configured dynamically based on the PPP IPCP parameters negotiated for a Routed PPP connection PPP interface given in the PPP column When the PPP connection is up state up all pool properties are defined except for the lease time which has to be configured manually At the moment the PPP connection goes down state down the pool parameters are remain valid to preserve LAN connectivity If the pool parameters have been changed after the PPP connection comes up again all associated leases are updated as well Speedtouch 157 Chapter 5 Expert Configuration DHCP Relay Relay Config Relay Interfaces The DHCP relay tab allows you to add delete and overview SpeedTouch s DHCP relay interfaces The DHCP relay co
20. to be policed to pre configured bandwidths This rate limiting can be configured for a specific interface IP address or service A meter can be selected by a label or can be interface specific The following settings are available gt Name The name of the IPQoS meter Interface The name of the interface Label The name of the label Drop rate The drop rate in kilobits per second Kb s Mark rate The mark rate in kilobits per second Kb s Burst The burst size in kilobytes KB Status The status of the IPQ0S meter entry This can be either Started or Stopped To activate or de activate a particular rate limiting entry simply select or clear the Status check box of the IPQ0S meter entry o Selecting or clearing the check box of an IPOoS meter entry immediately activates or de activates the corresponding rate limiting dropped The number of packets that exceeded the drop rate and as a consequence are dropped speedtouch al Chapter 5 Expert Configuration Chapter 5 Expert Configuration gt marked The number of packets that exceeded the mark rate and as a consequence are marked gt compliant The number of packets that comply to the IPQoS meter rate limits and as a consequence can pass To add a new IPQosS rate limiting entry 1 Click New 2 Type gt a Name for the new entry gt the Drop and Mark rate gt the Burst size 3 Select gt the Inter
21. used by the SpeedTouch Home Install Wizard available on the SpeedTouch Setup CD or the embedded Easy Setup wizard gt ing Files with extension Ing are language packs for your SpeedTouch These files allow you to select the language in which the SpeedTouch web interface is presented You can only upload files with known extensions however this does not o guarantee the validity of a system file Only upload files if these are gt configuration files ini you backed up yourself from this SpeedTouch gt template files tpl that are known to be valid for your SpeedTouch e g stemming from the SpeedTouch Setup CD delivered with your SpeedTouch gt language packs Ing that match your SpeedTouch s Board name and Software release 3 D aa d to UC he E DOC CTC 20051017 0151 v1 0 Manage configuration files Manage language packs E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration To upload system files 1 Click Browse to specify the file on your local drive you wish to upload 2 Click Upload to upload the system file to your SoeedTouch o Each file requires an amount of memory Make sure to limit the number of files to the minimum This table allows you to view configuration files that are currently stored on your SpeedTouch Following configuration files are listed gt Active Configuration showing details on the configuration that is currently running on yo
22. you will have to specify a port range for the inside and outside address Creating a NAT Proceed as follows to create a template template 4 Click New to create a new template 2 Select or fill in all the fields see above 3 Click Apply S D e d tO U C n E DOC CTC 20051017 0151 v1 0 ore y Definition Overview E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration IP QoS Quality of Service is the ability for an application to obtain the network service it requires for successful operation Nowadays the total amount of data traffic increases while new types of data emerge like voice data video data audio data These new types of data pose new requirements for data transport e g low latency low data loss To meet these requirements the entire network must ensure them via a connection service guarantee Such a connection service guarantee can both be applied to connection oriented networks connection based and to packet oriented networks data stream or data type based Led Ee ee et ee ee dee D atm Duc D 28 IS early wt 25 25 25 25 a0 2 kB b atm Duc H 28 IS early wt 25 25 25 25 BO 2 kB Click Apply to commit the changes Cancel to abort IP QoS configuration Name kam pe D 2 State a Discard early Priority wi r WFO queue Weight 1 Gi 25 WFO queue Weight 2 Gi 25 WFO queue Weight 3 Gi 25 WFO queue Weight 4 Gi 25 Max highest queue rate S
23. 2 Error conditions err 3 Warning conditions warning 4 Normal but significant conditions notice 5 Informational messages info 6 v v v vyv v w wv Debug level messages debug 7 speedtouch Chapter 5 Expert Configuration Chapter 5 Expert Configuration 9 2 6 system Update Overview The System Update page features all means for management and maintenance of your SpeedTouch It consists of two sections System configuration System Upgrade Upload File Configuration Files f Language Packs Specify a file to upload Browse sewage system configuration The System Configuration section allows you to manage locally stored system files Select gt Upload File to upload a system file to the SpeedTouch See Upload system files on page 110 for more information gt Configuration Files to manage stored configuration files See Manage configuration files on page 111 for more information gt Language Packs to manage stored SpeedTouch web interface language packs See Manage language packs on page 111 for more information Upload system files Following file types are allowed gt Jini Files with extension ini are SpeedTouch configuration files These files are intended for backing up configurations to back up your current configuration see 4 3 5 Back up amp Restore on page 48 gt mm Files with extension tpl are configuration templates
24. 20051017 0151 v1 0 5 7 5 7 1 5 7 2 5 7 3 5 7 4 9 7 9 5 7 6 5 8 7 1 7 1 1 7 1 2 7 1 3 7 2 7 3 E DOC CTC 20051017 0151 v1 0 b A od h WEE 176 LANTO LAN E 177 VPN WGI saeceeeacctasnnccersseovorancetescecestcocadscacevecnentanaleaedeccntstecaatiabtuataearsdutenvitnestaececadsesusnencs 178 a Si RE 179 uge 180 EE lee 181 Kee E 182 SIP FBA Ge ai 183 Software UC 185 TroUubDIeEShOOting 0 ccccceeceeceeceeeeeeeeeanseneeeeeeeeeeneeees 187 General SpeedTouch Troubleshooting 00c ceesseeeessnneeeees 188 Wired Ethernet Troubleshooting EE 189 Wireless Ethernet TroubDlOShOoting cccccccsceecseeesseeesseeeseeesaeeeseeeseeesseesseeessaeesaaes 190 Upgrade TroubleShootinng ENEE 191 UPnP on Windows XP Systems neue NENNEN EEN EE Ee 192 Reset to Factory Defaults ee KENE NENNEN ENNEN ENEE EN 194 Speedtouch D Contents Contents E wi S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Used symbols Terminology Documentation and software updates E DOC CTC 20051017 0151 v1 0 About this User s Guide The following symbols are used in this User s Guide A A note provides additional information about a topic A tip provides an alternative method or shortcut to perform an action o A caution warns you about potential problems or specific precautions that need to be taken Generally the SpeedTouch 605 i SpeedTouch 608 i SpeedTouch 608 i WL and Sp
25. Backup amp Restore This page enables you to save and restore the configuration of your SpeedTouch Follow instructions below e Backup current configuration In order to store the current configuration of your SpeedTouch click on the Backup Configuration Now button You will be prompted by your web browser to store the configuration file locally on your hard disk Choose a location and store the file on your computer Backup Configuration Nowy e Restore saved configuration You can restore 4 configuration file you have previously stored on your computer Click on Browse choose the configuration file you want to restore on your SpeedTouch and click on Restore Configuration Now to restore the configuration Configuration File Browse Restore Configuration How Proceed as follows 1 In the SpeedTouch menu click Configuration 2 Click Configure 3 In the Pick a task list click Save or Restore Configuration Proceed as follows 1 Click Back up Configuration Now 2 Click Save 3 Choose a location to save your backup file and click Save Proceed as follows 1 Click Browse 2 Select the configuration file you want to restore and click Open 3 Click Restore Configuration Now The SpeedTouch loads your configuration and restarts At the end of the procedure the SpeedTouch returns to the Home page S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configurati
26. Broadband Connection Service Name Router modified by user Date amp Time Thu 01 Jan 1970 02 57 45 01 00 Pick a task Set Up Tasks E Update gt Restart Toolbox fia zy Office Network Gs Expert Mode ki ed Retur to Factory Default Settings D View event logs Check connectivity to the Internet ats THOMSON BRAND S D e d tO U C n E DOC CTC 20051017 0151 v1 0 4 1 1 Menu items Collapsing and expanding the menu E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration Menu The menu is located on the left side of the page and consists of the following menu items gt SpeedTouch Provides basic information on the SpeedTouch gt Broadband Connection Allows you to view configure your broadband connections gt Toolbox Allows you to assign games or applications to a device and secure your Internet connection gt Office Network Allows you to manage your local network gt Expert Configuration Mode Allows you to go to Expert Configuration mode for advanced configuration and maintenance of your SpeedTouch device You can collapse expand the menu by clicking the arrow located at the top of the menu Speedtouch Chapter 4 Basic Configuration 4 1 2 Language Bar Language bar The language bar is located under the SoeedTouch logo and allows you to change the language of the Speed Touch Web interface o The language bar will only be shown if
27. Cancel Click Apply The SpeedTouch prompts you to make some adjustments as a result of the new configuration Click OK Release and renew the IP address of the device z For more information see your operating system s user guide or help If necessary reassign server applications to this device S D e d tO U C n E DOC CTC 20051017 0151 v1 0 4 6 4 Availability Accessing the wireless device settings page Overview Configure E DOC CTC 20051017 0151 v1 0 Wireless Device Settings This page is only available on SpeedTouch devices equipped with a wireless access point Proceed as follows 1 In the Office Network menu click Devices 2 In the Detected Device s list click the name of the wireless device you want to view The Overview page displays the following items gt Information allows you to view gt Status displays whether the device is currently connected to the SpeedTouch network Type displays the device type Connected To displays the interface to which the device is currently connected Allowed on LAN indicates whether the wireless client is allowed to connect to the SpeedTouch WLAN gt Addressing allows you to view gt gt Physical Address displays the MAC address of the device IP Address Assignment displays whether the device is using a static or dynamic IP address IP Address displays the current IP address of the device Always use t
28. DHCP Pools DHCP Pool Name Address Range Gateway LAN private 192 168 1 64 192 168 1 253 192 168 1 254 The Configure page allows you to gt gt Change the IP address settings of the SpeedTouch Change the DHCP IP address pool settings Before changing the DHCP pools make sure that at least one IP address of the SpeedTouch uses the same subnet as the IP addresses in the DHCP pools Under IP Addresses proceed as follows 1 2 3 Type the IP address of your choice for example 192 168 1 1 in the left text box Type subnet mask for example 255 255 255 0 in the right text box Click Add Network devices using the same subnet mask can now access the SpeedTouch using this IP address speedtouch Chapter 4 Basic Configuration Chapter 4 Basic Configuration 4 6 9 DHCP Pool page Accessing the DHCP Pool page DHCP Pool 1 2 3 4 On the DHCP Pool page you can create change a DHCP pool Proceed as follows In the Office Network menu click Interfaces Click the name of the interface which DHCP pool settings you want to change Click Configure Under DHCP Pools click gt Add to add a new DCHP pool gt Edit to edit an existing DHCP pool gt Delete to delete an existing DHCP pool 4 This link will only be shown if there are more than one DHCP pools The DHCP Pool page appears rour _DHCP pool Configure parameters for your DHCP poal e Pool Confi
29. EL Disabling the SpeedTouch DNS server will disable all DNS forwarding 1 functionality as well This may compromise end to end connectivity through the SpeedTouch connections The Hostname Table shows all DNS host names with respective IP address the SpeedTouch DNS server is aware of for example entries created via DHCP server replies to leases If not all computers reveal their hostname in the DHCP request or even worse if they do not support DHCP static entries can be added to the local DNS database Proceed as follows 1 Click New 2 In the Hostname field type the name you want to associate to the specified IP address 3 In the Address box type the IP address of the computer 4 Click Add o Make sure to keep the database consistent S D e d tO U C n E DOC CTC 20051017 0151 v1 0 9 9 3 Managed Switch Overview Your SpeedTouch is equipped with a four port 10 100Base T auto sensing MDI MDI X Ethernet switch Each physical Ethernet port of the switch can be managed individually for extended networking control and monitoring purposes Pon Group state Speed Duplex ____ ResultType b 1 Enabled Auto 100BaseTFO b 2 Enabled Auto Not connected b 3 Enabled Auto Not connected b 4 Enabled Auto Not connected Select an entry to change its configuration Monitor traffic an capture port Port 1 Capture incoming traffic from ingress mirror port None Capture outgoing traffic from fe
30. Internet Game amp Application sharing is not allowed by the firewall Apply Cancel Select one of following security levels gt High All outgoing connections are blocked except for traffic from well known protocols such as DNS HTTP HTTPS FTP TELNET IMAP and POP All incoming connections are blocked Game and Application Sharing is not allowed gt Medium All outgoing connections are blocked except MS Windows protocols such as NetBIOS RPC and SMB All incoming connections are blocked as well However Game and Application Sharing is allowed gt Standard All outgoing connections are allowed All incoming connections are blocked except for inbound connections assigned to a local host via Game and Application Sharing S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Details of a security level Creating a new security level Editing a security level E DOC CTC 20051017 0151 v1 0 d Chapter 4 Basic Configuration Low All outgoing connections are allowed All incoming connections are blocked except for ICMP Internet Control Management Protocol and inbound connections assigned to a local host via Game and Application Sharing Disabled All in and outgoing traffic is allowed to pass through your SpeedTouch including Game and Application Sharing This is the default firewall level BlockAll All traffic from and to the Internet is blocked Game and Application Sharing is not al
31. Networking Services E eg Gateway Device Discovery and Geng en 0 0 ME O B Peerto Peer 0 0 MB RIP Listener 0 0 MB iE Simple TCP IP Services 0 0 MB iE UPnP User Interface 0 2 MB Description Allows you to find and control Intemet connection sharing hardware and software that uses UPnP TM Total disk space required 56 5 MB Space available on disk 28541 4 MB 6 Click Next to start the installation and follow the instructions in the Windows Components Wizard Z Atthe end of the procedure the wizard informs you that the installation was successful Click Finish to quit Speedtouch Chapter 7 Troubleshooting 7 3 Resetting your speedTouch Software reset Hardware reset Reset to Factory Defaults You might consider a reset to factory defaults as described below Q Be aware that a reset to factory defaults will revoke all configurational changes you made to the SpeedTouch You can choose between b Software reset gt Hardware reset A reset to factory default settings deletes the configuration profile settings Therefore after the reset a reconfiguration of your SpeedTouch will be needed Also your WLAN clients will have to be re associated as described in 2 2 2 Connecting Wireless Clients for the First Time on page 20 Proceed as follows 1 Go to the SpeedTouch Web pages 2 In the menu select SpeedTouch gt Configuration 3 In the
32. On this page you can gt Click Reset Password to reset the password of the selected user to the user name So if you reset the password of John his password will be John Change the administration rights of the selected user o You can not change the administration rights of the account you are logged on with speedtouch Chapter 4 Basic Configuration 4 9 19 Change Default User The Default User page On this page you can change the default user If users browse to the SpeedTouch Web pages they will be automatically logged on with this account o To allow users to automatically log on under this account this default user account must be configured with a blank password Changing the default Proceed as follows USEF 4 Inthe Toolbox menu click User Management 2 Inthe Pick a task list click Set the default user 3 The Change Default User page appears Change Default User This page allows you to change the default user The default user is the user whose settings will be chosen as the default login settings e Change Default User User Name Change Default User Cancel 4 In the User Name list click the name of the new default user 5 Click Change Default User to confirm your choice D ce d to UC he E DOC CTC 20051017 0151 v1 0 4 9 16 Adding users E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration Add User Proceed as follows 1 In the Toolbox menu
33. To add a Routed PPPoA connection entry 1 Click New 2 In the Interface box type a unique interface name different from the MER interface name 3 In the Destination list click the appropriate Routed Ethernet destination indicated by the Routed Ethernet interface name 4 Type user name and password for the account at the ISP optional 5 Click Apply Once created per Routed PPPoA connection additional configuration is possible by clicking gt Routing gt Other 4 These parameters can only be modified when the link is down Take the link down first by clicking Hang up Following fields are available gt Destination Controls the networks that can be reached via this particular PPP connection Specify the remote host or network in prefix notation e g 172 16 0 0 16 gt Label Allows you to assign a label to this connection Speedtouch Chapter 5 Expert Configuration Chapter 5 Expert Configuration Other This window holds miscellaneous information and configuration possibilities Following fields are available gt Mode A PPP connection can be established in three ways gt Manually You have to press the Dial In button of a particular connection gt Always On The SpeedTouch automatically tries to establish PPP connections gt On Demand A PPP connection is triggered by specific frames arriving at the Ethernet port gt Idle Time Limit Allows you to specify after wh
34. and upgrade server udp auto 32355 3235 any any b CPE Wan Management dent tcp auto any any any b PE Wan Management server tcp 51005 51005 any any Le LZ Ip connectivity co group auto any any any e fv ICMP echo responder server icmp 5 5 lan any Select an entry to change its configuration show dynamic SpeedTouch services show members of service groups Optionally you can click gt Show Hide Dynamic SpeedTouch services to show hide SpeedTouch services that have been dynamically created by the SpeedTouch gt Show Hide members of service groups to show hide all the individual SpeedTouch services that are member of a SpoeedTouch service Group Select a service to gt View detailed SpeedTouch service information gt Edit SpeedTouch service properties o Generally it is advised not to alter any of the settings of a SpeedTouch service speedtouch Chapter 5 Expert Configuration Chapter 5 Expert Configuration Edit SpeedTouch Editing SpeedTouch services might be useful in cases where you want to hide service properties protect the service by deviation from the typical service settings or restricting access from to interfaces However o Do not edit SpeedTouch system services unless specifically needed To edit a SpeedTouch system service 1 Select the service 2 In Service properties gt Select or clear Service enabled to respectively enable
35. click User Management 2 Inthe Pick a task list click Add new user 3 The Add User page appears Add User e User definition Mame ew user Administration Privileges Administrator This page allows you to add auser You re only allowed to add auser who has privileges which are the same or lower than your own The password of the new user will be the same as the account name Apply Cancel 4 Under User definition you can configure gt The name of the new user The password of the new user will be equal to the user name for example if the user name is John Doe the password will be John Doe Also when resetting a user the password will be changed into the user name gt The administration rights of the new user o You can only add users with less than or equal administration rights as yourself Speedtouch Administrator Help Home gt Office Network SpeedTouch R senan Keele lee Broadband Connection pn l Wireless L WLAN SpeedTouch9ssceF AA Toolbox EN A Ethernet 54 Sl ethporti _ 100Mbps edgmsdoc01 ethport2 100Mbps Devices ethport3 Interfaces 100Mbps ethport4 100Mbps Expert Mode ee THOMSON BRAND Speedtouch Chapter 4 Basic Configuration 4 6 Office Network Menu The Office Network page Viewing wireless client information Office Network The Office Network menu consists of the following items gt
36. connect to the SpeedTouch having the correct wireless settings that is the network name and if required the network key within the time frame of one minute will be added to the table The SpeedTouch automatically saves your current configuration at the end of the registration phase Some WLAN clients do not automatically join a WLAN If so follow 7 the instructions for the WLAN client software to initiate the association Successfully registered stations are associated to the SpeedTouch WLAN Depending on your WLAN client adapter a wireless icon may become green or a message similar to the following may appear Successfully joined Wireless network SpeedTouch123456 The wireless clients will be added to the SpeedTouch ACL After one minute the ACL is locked 4 The registration procedure can be repeated as often as needed Speedtouch 25 Chapter 2 Local Network Setup 2 2 9 Extending the Range of Your Wirelstess Network Wireless Distribution The SpeedTouch features the Wireless Distribution System WDS functionality System WDS This feature allows you to extend the range of your wireless network by introducing one or more WDS enabled devices into your wireless network WDS enables data packets to pass from one wireless access point to another as if the access points were ports on a wired Ethernet switch WDS allows you to extend the range of your SpeedTouch by means of one or more wireless
37. encrypted Wireless security settings are described in 2 2 3 Wireless Security on page 22 This default network name SSID is printed on the identification label located on the bottom of your SpeedTouch and is unique for each device It consists of the concatenation of the word SpeedTouch and 6 hexadecimal characters without any spaces for example Speed Touch123456 The SpeedTouch is broadcasting its network name SSID The radio channel number is set to automatically scan for the best radio channel Registration is not activated New stations are allowed automatically The Access Control List is open and empty No wireless client will be denied access to the SpeedTouch based on its physical hardware address The default wireless settings may differ from the settings listed above depending on your Service Provider s requirements If this is the case refer to the installation configuration instructions provided by your Service Provider To prepare wireless Make sure that clients for the first time p gt The SpeedTouch is turned on and ready for service The SpeedTouch is in its default configuration If necessary reset the SpeedTouch to its default configuration See 7 3 Reset to Factory Defaults on page 194 for more information A wireless client adapter is installed on your computer The wireless client adapter s IP configuration is set to dynamically obtain its IP configur
38. follows 1 2 3 4 GU Click the Edit link of the TCP UDP port definition of the game or application In the Protocol list click the protocol the game or application uses In the Port Range box type the port range the game or application uses In the Translate To box type the port range to which the SpeedTouch has to translate the ports specified under Port Range If you want to make a dynamic translation rule you must specify a trigger protocol and port 4 As soon as the SpeedTouch receives outgoing traffic on this trigger port it will activate this translation rule Click Apply Speedtouch Chapter 4 Basic Configuration 4 5 0 New Game or Application Creating anew game or Proceed as follows application 4 In the Toolbox menu click Game amp Application Sharing 2 In the Pick a task list click Create a new game or application he following window appears New Game or Application Enter the name of the new game or application Name ew entry Select how you want to define the new game or application f Clone Existing Game or Application ABC Another Bittorent Client Z Manual Entry of Port Maps Next Cancel 3 Type the name of the game or application in the Name box 4 Click gt Clone Existing Game or Application if you want to start from the port mappings of the selected game or application gt Manual Entry of Port Maps if you want to manually configure the port m
39. its SSID and to accept only those clients who have exactly the same SSID as configured on the Speed Touch To change the Network Name broadcasting configuration 1 Select Only stations with correct Network Name SSID can connect to disable Network Name broadcasting 2 Click Apply to immediately apply your changes When you enable this option the SSID will not be broadcasted The SpeedTouch wireless network will no longer be visible in the list of available networks of your wireless client By default the interoperability mode allows for both IEEE 802 11g complaint wireless clients and IEEE 802 11b compliant wireless clients to connect to the SpeedTouch To change the interoperability mode 1 Select the desired option gt 802 11g and b to allow both IEEE802 11b and IEEE802 11g compliant wireless clients to connect to the Speed Touch gt 802 11g only to allow only IEEE802 11g compliant wireless clients 2 Click Apply to immediately apply your changes By default the SpeedTouch chooses its radio channel automatically at start up of the access point on basis of the least interference with other access points To update the channel 1 Click update to let the SpeedTouch re evaluate the aerial conditions to base the new channel selection on Your changes will immediately be applied Wireless associated clients always follow the access point s radio channel selection They will change their channel into that of
40. mm Em Em Em Em Em mm mm Em Em pm Em Em mm em Em Em Em Em Em Em mm Em Em pm Em Em mm em Em Em Em Em Em pm mm Em Em Em Em Em pm Em Em Em Em Em Em pm em Em Em pm em Em mm em Em Em pm mm Em Em mm Em Em pm em Em Em Em Em Em pm em pm mm S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration 4 4 3 Internet Services Internet Services The Internet Services page displays information on your Internet Connection s information EE EE EES EEEEEEEEEEEES Sa aa ll lalallala EEEEEER Internet Disconnect e View more Type PPPoE Uptime 1 day 4 14 25 IP Address 217 136 53 59 Data Transferred Sent Received MB MB 1470 328 71 If you configured a dial up connection you can establish terminate the connection by clicking Connect Disconnect To view more detailed information on a specific connection click the View more link of the corresponding connection E DOC CTC 20051017 0151 v1 0 S D e d to LU C hn Chapter 4 Basic Configuration 4 4 4 Accessing the Internet service Settings page Overview Details Internet Service Settings Proceed as follows 1 In the Broadband Connection menu click Internet Services 2 Click the View more link of the Internet service you want to view The Overview page gives you basic information on the selected Internet Service f If you configured a connection you can establish terminate the connection by clicking Connect Disconnect Th
41. repeaters like for instance a Speed Touch 180 The following illustration depicts two WDS enabled devices communicating via WDS Ze E S S a Lo gd CR e D V wostink III 3 EES 180 Speed Touch 620 a a 4 N Ba The SpeedTouch allows you to add up to four wireless repeaters A Repeaters extend the coverage area of your wireless LAN However bear in 7 mind that throughput is reduced for wireless clients that are connected through a repeater Preconditions Make sure that gt Your wireless repeater is be WDS enabled gt Both your SpeedTouch and your wireless repeater use gt The same WEP key if WEP is enabled o WPA encryption is not supported when using WDS gt The same fixed channel A The SpeedTouch and your wireless repeater do not necessarily need to 7 use the same SSID Using different SSIDs allows you to force your wireless clients to use either the access point of the SpoeedTouch or the one of your wireless repeater 5 D aa d to UC he E DOC CTC 20051017 0151 v1 0 To configure WDS Proceed as follows 1 Go to the SpeedTouch Web pages 2 Inthe menu select Home Network 3 Click your WLAN d In the upper right corner click Configure If not already done set a fixed channel and check whether the security settings WEP encryption or no encryption on your SpeedTouch are the same as on the repeater 5 On the Wireless Access Point page in the
42. s MAC address is used Host name The host name associated with the dynamic IP address to be communicated to the remote DHCP server User ID The user class identifier option to be associated with the lease Lease time The preferred duration of the lease of the dynamic IP address if assigned If not accepted the remote DHCP server may overrule this lease time Vendor ID Enable transmission of the vendor class identifier option selected or not cleared Speedtouch Chapter 5 Expert Configuration ieee Overview Configuration Hostname Table DNS DNS is short for Domain Name System It is a network functionality that allows network members to use host names rather than IP addresses for referencing networked computers Configuration Hostname Table DNS properties Domain name lan Activate server IS Apply The DNS web page consists of two sections gt Configuration gt Hostname Table In addition to the host name a local computer needs the DNS domain name to construct a fully qualified name By default the SpeedTouch DNS s domain name is lan You can specify another sub domain name in the domain field and Apply In normal conditions you should never disable the SpeedTouch DNS server surely not in case the SpeedTouch DHCP server is active on the local network as well If required however you can disable the SpeedTouch DNS server by clearing Activate Server and Apply
43. specified can be executed Example To execute the CLI command ip iplist to list all IP addresses currently assigned to SpeedTouch interfaces at the FTP prompt type quote site ip iplist and press ENTER ftp gt quote site ip iplist 200 Interface Type IP address Point to point Mask 200 2 LocalNetwork Ethernet 10 0 0 138 2556259525950 200 2 LocalNetwork Ethernet 192 168 1 254 255 255 255 0 200 1 Internet Serial 81 240 198 191 81 240 198 1 200 0 loop Internal 127 0 0 1 255 2554255 42955 200 200 CLI command ip iplist executed ftp gt For more information on CLI commands see the SpeedTouch CLI Reference Guide S D e d tO U C n E DOC CTC 20051017 0151 v1 0 1 2 4 To access the SpeedTouch remotely To enable remote access To disable remote access E DOC CTC 20051017 0151 v1 0 Chapter 1 Getting to know your SpeedTouch Remote Assistance You can make your SpeedTouch accessible from the Internet with regard to remote support In this way you can allow your help desk to access your Speed Touch remotely Proceed as follows 1 Go to the SpeedTouch pages as described in 1 2 1 Access via the Web Interface on page 7 2 In the menu select Toolbox gt Remote Assistance 3 Click Enable Remote Assistance 4 Provide the following parameters to your help desk gt URL the HTTPS link gt User name gt Password Your ISP is now able to access your SpeedTouch
44. the SIP PBX registrar entry Under Service properties click Service enabled Optionally you can change the SIP port in the Internal TCP UDP port box The SIP PBX menu consists of vo v v wv General Location Service Call Logging Call Screening The General page allows you to gt Set or change the default proxy and registrar By default these fields are left empty This implies that if you configure a SIP User to use the default settings this User Agent is only allowed to register to the SIP PBX 4 It is possible to add a specific registrar proxy for a user overriding the default registrar proxy The forward time out is the time in seconds in which the SIP PBX expects a reply from an outbound proxy registrar When the timer expires the SIP PBX stops the attempt to communicate externally This implies that the User Agents will only be working locally When the Allow all registration check box is selected then all User Agents are allowed to register to the SIP PBX If not only the User Agents that are configured in Location Service gt My Users will be allowed to register Speedtouch Chapter 5 Expert Configuration Chapter 5 Expert Configuration Location Service Call Logging Call Screening gt Enable disable call screening Port Listening on port E060 Default proxy and registrar Default outbound proxy Default outbound registrar Proxy behaviour Forwar
45. the new updated channel selection To configure a fixed channel 1 In the Channel Selection list click the desired channel Be aware of your region limitations 2 Click Apply to immediately apply your changes To return to auto mode 1 In the Channel Selection list click auto 2 Click Apply to immediately apply your changes speedtouch Chapter 5 Expert Configuration Enable disable the To disable your wireless interface wireless interface 4 Clear wireless interface enabled 2 Click Apply to immediately apply your changes o All your wireless clients will be disconnected You can also disable your wireless interface by pressing the front panel button for 10 seconds When the WLAN led is extinguished the interface is disabled To enable the wireless interface 1 Select Wireless interface enabled 2 Click Apply to immediately apply your changes You can also enable your wireless interface by pressing the front panel V button for 10 seconds until the WLAN led starts flashing Security The security configuration tab allows you to configure the SpeedTouch gt Security Mode settings gt Access Control settings security Mode Three security levels are available for protecting the SpeedTouch wireless network environment gt level 0 No security i e the data will not be encrypted no authentication process will be used level 1 Backwards compatible security with any Wi Fi certifie
46. to act as a proxy server A proxy server acts both as a server and a client for the purpose of making requests on behalf of other clients Requests are serviced internally or by passing them on to other servers A proxy interprets and if necessary rewrites a request message before forwarding it For example HTTP Intercept Read only The default levels are set read only to indicate you cannot change or add rules Click customize to copy the level and add or change rules The read only check box is only present when a default level is active 172 S D 2 d tO U C n E DOC CTC 20051017 0151 v1 0 Creating a firewall rule E DOC CTC 20051017 0151 v1 0 Proceed as follows to create a new security level and to add rules 1 Select one of the six security levels af Go N Click Customize Type name and description for the new security level and click Apply Click New to add a rule Fill in all the fields gt Index The index of the firewall rule The firewall hierarchically goes through the rules starting from rule 1 When no rule is hit the firewall will block the traffic because of his default behaviour gt Name The name of the rule gt Source Interface The source interface e g _lan1 wan _dmz1 gt Source IP Select The name of the source IP expression You can also type an IP address gt Destination Interface The destination interface e g _lan1 wan _dmz1 gt Destination IP
47. uses all bandwidth gt Max highest queue burst Represents the Real Time queue burst size in kilobytes for rate limiting Ki S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Queues Meter E DOC CTC 20051017 0151 v1 0 The Queues page allows you to prioritize data The following settings are available gt Propagate If the propagate function is enabled an overflow to a lower priority queue will be created in case the initial queue is full If the function is disabled packets in excess of the queue will be dropped ECN If the ECN marking is enabled the Congestion Experienced code point in the ECN field is set This means that when a queue is congested the EC code point will be set instead of dropping the packet if the ECN marking is disabled packets will be dropped if the queue is congested AckFilter If the Ack filtering option is enabled duplicate ACK packets in a queue will only be sent once Meaning that the last duplicate ACK packet will be sent and the other ACK packets will be dropped If the ackfiltering option is disabled all ACK packets will be sent in their original sequence To make changes to the configuration of the queues simply select or clear the appropriate check box es UI Selecting or clearing a setting s check box immediately applies the change made to the corresponding setting of the queue The Meter page allows you to configure rate limiting This allows aggregated data
48. wireless client s using the SpeedTouch web pages see Registering clients via Web pages on page 24 If New stations are allowed via registration you can add a wireless client to the ACL via gt Registering clients via Web pages gt Registering clients via the association button Proceed as follows to add a wireless client to the ACL 1 Go to the SpeedTouch Web pages 2 In the menu select Home Network gt Devices 3 In the Pick a task list click Search for wireless devices The SpeedTouch searches for new wireless stations that use the encryption key of the SpeedTouch Access Point The SpeedTouch takes you to the Home Network The new station will be shown next to the name of the SpeedTouch WLAN 4 Click the name of the new station 5 Click Configure 6 Select Allowed on WLAN and then click Apply The device is added to the ACL and will always be allowed to connect to the SpeedTouch S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 2 Local Network Setup Registering clients via Proceed as follows to register new wireless network clients via the association the association button button 1 E DOC CTC 20051017 0151 v1 0 Push the Association button on the SpeedTouch back panel for at least two seconds The WLAN LED toggles between green and red The ACL will be unlocked for a time frame of one minute Any new wireless client successfully attempting to
49. your SpeedTouch 1 1 Front panel LEDs Speed l ouch LED Behaviour The SpeedTouch is equipped with a number of LEDs on its front panel indicating the state of the device during normal operation speedtouch The following table shows the meaning of the different LEDs Colour State Power Green Solid on device malfunction Ethernet Green Blinking Ethernet activity Solid on Ethernet connection no activity Off No Ethernet connection WLAN Green Blinking green S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Q E Colour State passing through Internet Green Blinking Internet activity Solid on Internet connectivity no activity Solid on Internet connection setup failed Off No Internet connection Ethernet LEDS A LED may be provided per Ethernet port to indicate link integrity or activity E DOC CTC 20051017 0151 v1 0 Depending on the SpeedTouch product you are using a second LED A may be provided to indicate the 10 100Base T selection Indicator Description Activity a 100Base T Ethernet connection Optional Speedtouch D Chapter 1 Getting to know your SpeedTouch Chapter 1 Getting to know your SpeedTouch 1 2 Accessing your Speedlouch Access methods Your SpeedTouch is accessible in one of the following ways Access Method Web browser Command Line Interface CLI File Transfer Protocol FTP Remote Assistance el Speedtouch
50. your SpeedTouch To enable UPnP see 4 5 2 Game amp Application Sharing on page 59 Starting an Internet Proceed as follows to start an Internet session session 4 2 E DOC CTC 20051017 0151 v1 0 In the Windows taskbar click Start Select Settings gt Control Panel The Control Panel window appears Go to Network and Internet Connections gt Network Connections The Network Connections window appears s Network Connections File Edit View Favorites Tools Advanced Help CH Back v gt Ki pe Search Ki Folders E Address E Network Connections Internet Gateway Network Tasks 3 Internet Connection 4 Create a new connection Connecting CM internet Connection See Also LAN or High Speed Internet i Network Troubleshooter Local Area Connection Enabled L a PCh Er MCIA Fast Ethernet Card Other Places DC Control Panel My Network Places CH My Documents ig My Computer Details Network Connections System Folder You will find an Internet Gateway icon representing the SpeedTouch IGD Internet connection ability Double click the Internet Connection icon The SpeedTouch embedded PPP dial in client establishes the Internet connection The Internet Gateway icon displays Connected and your computer is online Open a Web browser and surf the Internet Speedtouch 33 Chapter 3 Internet Connectivity Dial In Clients Chapter 3 Internet Connectivity Dial I
51. 00 01 50 FIREWALL level changed to Medium 00 00 06 FIREWALL level changed to Disabled 00 00 05 FIREWALL event 1 of 13 enabled rules View All View Important Only View Critical Only Speedtouch 175 Chapter 5 Expert Configuration 0 7 VPN Availability The VPN feature is only available if you activated the VPN software module For more information see 5 2 10 Add on on page 120 Overview The VPN menu consists of following items LAN to LAN connect your LAN with a remote LAN through an IPSec VPN tunnel VPN Client set up a connection between the SpeedTouch and a remote VPN server Certificates manage your authentication certificates Advanced configure VPN tunnels with a component oriented environment Debug see status statistics and logging VPN Server set up the SpeedTouch as a VPN server 176 S D 2 d tO U C n E DOC CTC 20051017 0151 v1 0 0 7 1 Tabs Configuration procedure E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration LAN to LAN The LAN to LAN page consists of two tabs Select gt Remote Gateway Address Known as the starting page when the SpeedTouch must be able to initiate a VPN connection gt Remote Gateway Address Unknown as the starting page when the SpeedTouch only needs to have responder capability By not specifying the Remote Gateway Address you allow additional sites to join the VPN without requiring any modification to the c
52. 254 24 Extra gt dmzi 192 168 2 254 24 Extra gt lani 10 0 0 138 24 Extra gt lani 192 168 1 254 24 Extra loop 2 Oe Auto e Click Apply to commit changes IP address properties Interface nternet Address mask Obtain an IP address automatically C 3 Either gt Type a valid IP address mask in prefix notation gt Select Obtain an IP address automatically 4 Click Apply to add the IP address To change the configuration of an existing IP address 1 Select the IP address entry 2 Make your changes 3 Click Apply el S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration 9 3 2 Expressions Overview Expressions are used in rules for source and destination interface source and destination IP address es ranges and services The Expressions page consists of three sections gt Interface gt IP b Service intertace abl service XY expression Summary DHCP S_if_O intf land DHCP R_if_O intf questl wan intfgroup 0 local intfgroup 1 lan intfgroup 2 tunnel intfgroup 3 dmz intfgroup 4 guest intfgroup 5 _Internet intf Internet lani intf lan1 _wanl intf wan1 _dmzi intf dmz1 _guesti intf guesti HTTF_if_0 intfgroup 2 HTTFs_if_0 intfgroup 2 FTP_if_0O intfgroup 2 Velen it intfgroup 2 DNS S_if_o intfgroup 2 SNMP_AGENT_if_O intfgroup 2 PING RESPONDER_if_0 intfgroup 2 HTTDI intf land Click New to create a new entry
53. 6 System Update on page 110 for more information D ce d to UC he E DOC CTC 20051017 0151 v1 0 system Select System to view some important system information of the SpeedTouch The System table lists the SpeedTouch s gt gt v v v wv Product Name Physical Address This worldwide unique hardware address is also called Medium Access Control MAC address Software Release Board Name Serial Number Product Code RW Most of the information is also listed on the identification label on the E DOC CTC 20051017 0151 v1 0 bottom of the SpeedTouch Speedtouch Chapter 5 Expert Configuration Chapter 5 Expert Configuration 5 2 3 Overview Connections Start stopPPPsessions Connections The Connections page allows you to start and stop PPP connection sessions All existing PPP connections are listed in the Connections table If no PPP connections have been defined this table is empty Interface Destination Mode tink State a Internet RELAY always on idle down Specify your username and password User Password Save this password IS In the Connections table per interface following information is provided gt Interface the name of the PPP connection interface gt Destination the name of the ATM interface of the PPP connection gt Mode the PPP connection mode being either gt always on by default the session will always be active gt dial in the sessio
54. Aging time Using this input the aging timer of the bridge internal database can be changed If the aging time of a MAC entry has expired this entry will be removed from the database Virtual LAN By selecting this checkbox the SpeedTouch bridge will become fully VLAN ID aware This means that if incoming Ethernet packets are VLAN tagged this tag will be taken into account and as such the packet will only be bridged to the ports that are member of that VLAN o The SpeedTouch will always take into account the VLAN interface v configuration that is set This means that if an interface is configured to be member of VLAN_A it will not be able to communicate with an interface that is set to be VLAN_B even if the bridge state is set to VLAN disabled Speedtouch 147 Chapter 5 Expert Configuration Chapter 5 Expert Configuration Add a new Bridge port VLAN VLAN interface overview Proceed as follows to add a new port to the Ethernet Bridge 1 Click New under the Bridge Ethernet overview table 2 In the Interface box type a unique interface name in the Destination list select the interface you want to use for this connection 3 Mark the Multicast filter checkbox if you wish to filter out multicast streams on this interface In normal situations multicast packets are flooded on all ports of the bridge but this might cause unwanted performance issues on some interface types 4 Select the VLAN name to wh
55. Assuming a numbered IPOA link configure the Local and Remote IP addresses If required enable NAPT via the NAPT box by default unchecked For IP connectivity beyond the local and remote IP address a single or summarized network can be supplied in the Destination Network field In the ultimate case all destination networks can be specified via the so called default route 0 0 0 0 0 Click Apply If all field values are correctly specified the Routed IPoA interface is created and attached to the specified ATM virtual channel In the assumption that Local IP Remote IP and Destination Network are specified 3 IP routes are automatically added gt gt gt A host route to Local IP address A host route to the Remote IP address A network route to the specified Destination Network speedtouch Ki Chapter 5 Expert Configuration 0 4 8 Overview PPTP to PPP Relay The PPTP to PPP Relay referred to as Relay further in this section interacts with a PPTP tunnelling application installed on the locally attached computers for example Microsoft s Dial Up Networking A typical user relay interaction scenario is as follows A PPTP Tunnelling application is started on one of the locally attached computers This application establishes a PPTP tunnel to the SpeedTouch and is the trigger for the Relay to come into action The Relay chooses a free PPPoA phonebook entry and from then on relays all PPP frames so
56. Block if you want to block this Web site gt Redirect if you want to redirect to another page Type the address of the redirect page in the Redirect box 3 Click Add Use this feature if gt Block is selected under Action for Unknown Sites gt Allow is selected under Action for Unknown Sites and you want to make an exception on a block redirect rule For example you are blocking bank com but you want to allow access to netbanking bank com gt A content category group is blocked by Content Based Filtering and you want to make an exception For example you are blocking Finance Investment content but you want to allow access to netbanking bank com Proceed as follows 1 Type the URL of the Web site you want to allow for example netbanking bank com in the Web Site box 2 Click Allow in the Action list 3 Click Add Proceed as follows 1 Type the URL of the Web site you want to redirect for example cracks am in the Web Site box Click Redirect in the Action list 3 Type the URL of the Web site you want to redirect to for example mycompany com internetpolicy htm in the Redirect box 4 Click Add N S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Redirecting all Web Proceed as follows sites 4 2 3 Type in the Web Site box Click Redirect in the Action list Type the URL of the Web site you want to redirect to for example mycompany co
57. Click Next The Configuration section appears Proceed as follows 1 Click gt Clone Existing Level to start from a previously created content level RW If no levels have been defined before this option will not be shown gt Black List to allow all Web sites by default gt White List to block all Web sites by default 2 Click Next The Content level definition section appears S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Content level definition Only Web sites that match the selected content level will be allowed Proceed as follows 1 2 If you want to gt Allow a category Select the check box next to the category name gt Allow an entire group Select the check box next to the group name gt Block a category Clear the check box next to the category name gt Block an entire group Clear the check box next to the group name Click Apply Content level activation To activate your new content level 1 2 3 4 E DOC CTC 20051017 0151 v1 0 In the Toolbox menu click Web Site Filtering In the upper right corner click Configure In the Content Level list select your new content level Click Apply The new content level is now active Speedtouch Chapter 4 Basic Configuration Chapter 4 Basic Configuration 4 9 10 About the firewall Overview Configure security Levels 72 Firewall The firewall allows you to secure traffic from and to
58. Message Integrity Check MIC which is a strong mathematical function in which the recipient and transmitter each compute and compare the MIC If they don t match it is assumed that a third person has been trying to read the data To enable level2 WPA PSK 1 Select Security Level 2 WPA PSK WPA Personal 2 In the WPA passphrase box type a passphrase also known as Pre shared key of your choice The passphrase must consist of 8 to 63 ASCII characters or 64 HEX digits 3 In the Encryption list click the desired Encryption method either TKIP or AES 4 AES is not yet implemented in most clients but AES is implemented in the SpeedTouch because it will be the future security standard 4 Optionally select the rekeying interval 5 Click Apply to immediately apply your changes E DOC CTC 20051017 0151 v1 0 S D e d tO U C n 167 Chapter 5 Expert Configuration WPA Access Control Associated stations WPA is the highest form of security available but make sure that your wireless client and client manager are compatible with it If you want to use this level of encryption you must have a RADIUS Remote Authentication Dial in User Service server installed on your network To enable level2 WPA 1 Select Security Level 2 WPA 2 Enter the RADIUS settings provided by your network administrator in the appropriate fields 3 Click Apply to immediately apply your changes Wireless client access control allows to
59. P server gt DHCP Relay To configure the SpeedTouch DHCP relay gt DHCP Client To configure the SpeedTouch DHCP client DHCP Server DMP Relays DHeP client Server Config Server Leases Address Pools Name StartAddress End Address Interface State PPP b LAN private 192 168 1 64 192 168 1 255 lanl static b GUEST private 192 168 3 64 192 166 3 253 guestl static b DM2_ private 192 168 2 64 192 168 2 2553 dmz1 static Click New to create a new entry The DHCP server configuration is split up in three sections gt Server Config To configure the SpeedTouch DHCP server master settings and behaviour gt Server Leases To overview current the SpeedTouch DHCP server s current leases and or add delete static DHCP lease entries gt Address Pools To overview and add delete DHCP address pools for the SpeedTouch DHCP server As mentioned before the SpeedTouch DHCP server configuring local network hosts can be run in conjunction with one or more SpeedTouch DHCP clients or SpeedTouch DHCP Relay agents each created on behalf of a wide area connection l e for WAN interfaces the SpeedTouch offers DHCP client or DHCP relay support to configure MAC Encapsulated Routing MER or Routed IPoA interfaces independently Following fields are available gt Activate server Select this check box to enable the SpeedTouch DHCP server gt Activate verify firs
60. PPoE or a PPPoE Relay interface gt ppp for a Routed PPP over ATM PPPoA interface D ce d to UC he E DOC CTC 20051017 0151 v1 0 0 4 2 Introduction Creating a Routed PPPoE connection entry Additional configuration Routing E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration Routed PPPoE The Routed PPPoE configuration page allows you to add new Routed PPPoE or Routed PPPoE Relay connection entries or to change settings of existing entries interface Destination Mode tink State Le Internet RELAY Always On not connected down Click New to create a new entry To add a Routed PPPoE connection entry 1 Click New 2 In the Interface box type a unique interface name different from the MER interface name 3 In the Destination list click the appropriate Routed Ethernet destination indicated by the Routed Ethernet interface name Za Type user name and password for the account at the ISP optional 5 If applicable type a Service name and or Access Concentrator optional 6 Click Apply Once created per Routed PPPoE connection additional configuration is possible by clicking gt Routing gt Other 4 These parameters can only be modified when the link is down Take the link down first by clicking Hang up Following fields are available gt Destination Controls the networks that can be reached via this particular PPP connection Specify the remote ho
61. Pick a task list click Configure WDS E e SpeedTouch123456 e Configuration WDS Enabled Iv e Accessible Access Points WDS SSID BSSID Channel Noise There are no networks detected Apply Cancel Pick a task Scan for wireless accesspoints 6 Select WDS Enabled D In the Pick a task list click Scan for wireless access points A warning is displayed Microsoft Internet Explorer 8 Click OK The SpeedTouch scans for access points on the same radio channel 9 Select your repeater in the List of Accessible Access Points and then click Apply e Configuration WDS Enabled Iv e Accessible Access Points WDS SSID BSSID Channel Noise d YourNetwork 00 30 F1 DB B8 3D 3 59 Apply Cancel E DOC CTC 20051017 0151 v1 0 S D e d tO U C bh Chapter 2 Local Network Setup Chapter 2 Local Network Setup D ce d to UC he E DOC CTC 20051017 0151 v1 0 Chapter 3 Internet Connectivity Dial In Clients 3 Internet Connectivity Dial In Clients Introduction If you want to set up initial Internet connectivity using the Home Install Wizard on the Setup CD or the embedded Easy Setup refer to the provided Installation and Setup Guide Access methods Depending on the configuration of the SoeedTouch you may have gt Direct access As soon as the initial configuration is finished immediate and uninterrupted WAN access is provided If you have direct access the remote organ
62. Pick a task list click Reset my SpeedTouch to default settings The SpeedTouch restarts 4 The SpeedTouch returns to the SpeedTouch home page unless the IP address of your computer is not in the same subnet as the default IP address of the SpeedTouch being 192 168 1 254 Proceed as follows 1 Make sure the SpeedTouch is turned on 2 Use a pen or an unfolded paperclip to push the recessed reset button on the back panel The reset button is marked with a red circle Push it until the power LED lights red this will take about 7 seconds 3 Release the reset button S D e d tO U C bh E DOC CTC 20051017 0151 v1 0 Chapter 7 Troubleshooting 4 The SpeedTouch restarts o Your system administrator may have disabled the physical reset button of the SpeedTouch In this case a hardware reset to defaults is not possible EN Speedtouch Chapter 7 Troubleshooting D ce d to UC he E DOC CTC 20051017 0151 v1 0 A 93 THOMSON BRAND O LA LGLO LLOLGO00Z D 19 00G 4 Pp m s syyn Weg S007 NOSINOHL Need more help Additional help is available online at www speedtouch com A 93 THOMSON BRAND
63. PnP to enable UPnP on the SpeedTouch UPnP provides NAT Traversal UPnP aware applications on a PC will automatically create Hyper NAT entries on the SpeedTouch for incoming traffic on the protocol ports this type of traffic needs As a consequence these applications are able to traverse the SpeedTouch without the need for extra and manual configuration UPnP is an architecture for transparent peer to peer connectivity of J computers intelligent appliances and wireless devices It enables seamless operation of a wide range of games and messaging applications For security reasons you are able to configure the UPnP policy towards Windows XP and UPnP aware applications and Operating Systems In case you select the Use Extended Security check box only limited UPnP operation between a host running MS Windows XP and the SpeedTouch is allowed A local host is gt NOT allowed to connect disconnect the SpeedTouch Internet Gateway Device IGD connection gt Allowed to add delete Hyper NAT entries only for its own IP address not for other local hosts If you clear the Use Extended Security check box all UPnP and IGD based communication between any local host and the SpeedTouch is allowed speedtouch Chapter 4 Basic Configuration gt Assign a game or application to a specific network device Speedtouch Game amp Application Sharing This page summarizes the games and applications define
64. Proceed as follows 1 In the Office Network menu click Devices 2 In the Pick a task list click Search for wireless devices The SpeedTouch searches for new wireless stations that use the encryption key of the SpeedTouch Access Point The SpeedTouch takes you to the Office Network The new station will be shown next to the name of the SpeedTouch WLAN To view the device settings click the name of the new station For more Information see 4 6 4 Wireless Device Settings on page 87 S D e d tO U C n E DOC CTC 20051017 0151 v1 0 4 6 6 Availability What is WDS Configuring WDS Establishing a WDS connection E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration Configuring WDS This page is only available on SpeedTouch devices equipped with a wireless access point The Wireless Distribution System WDS allows you to extend the range of your wireless network by introducing one or more WDS enabled devices into your wireless network o You can only establish WDS links with WDS enabled devices Proceed as follows to access the WDS pages on the SpeedTouch 1 In the left menu click Office Network 2 Under Wireless click the Access Point you want to configure for WDS The Access Point names have the following format WLAN V Network Name for example WLAN SpeedTouch123456 3 Click Configure A In the Pick a task list click Configure WDS Proceed as foll
65. S ge 94 Lage du e EE 95 OPCE POO E 96 Expert Configuration ccccccccsscseseceesceesaseeeeseeesaees 99 PLONE sian AEE EAEE 101 speedtouch Contents Contents 5 2 5 2 1 5 2 2 5 2 3 5 2 4 5 2 5 5 2 6 5 2 7 5 2 8 5 2 9 5 2 10 5 3 5 3 1 5 3 2 0 5 0 5 3 4 5 3 5 5 3 6 5 3 7 5 4 5 4 1 5 4 2 5 4 3 5 4 4 5 4 5 5 4 6 5 4 7 5 4 8 5 4 9 5 5 55 1 5 5 2 5 5 3 5 5 4 5 6 5 6 1 5 6 2 SCC OU WEE 102 AS SC acc ae ete ce cates sso E E 103 System Elan te gun ele EE 104 CONE TON eee ee een re err te ere me pro Pr nt ee Cte ere oe error eee eer oe eer over ven rer 106 Mtcielvier ge 107 el e P E E A A E E E E 108 SEART Ch e ee 110 SpeedTouch M ServiCES Eege 113 HCH RE 116 EE 117 e E a E 120 USR tg EEE 121 IP ee ER ONS oa se eee re ee caste ested sees seen tomes scene weeeadee ewan eens uaecounecee wee usantteseeeane 123 TS We EEN 125 I ROUNO E 127 lege 128 VR 129 Jee 131 CONMECU EE 135 ATN E 136 ROUted PPF Oe E 139 Ro ted PPPOA E 141 POOO TPF O EN 144 Bridged Ethernet E 147 Kon ed EINE NO orr A E A 150 ROUE IFO A pur A E 151 PPTP to PPP Relay a tesactcasueccsvedarsanensceancossueeceamesbesnteneceueecsssaneesteecreurnneeewensiieuteiadecciucess 152 NO aA N e A atures sane ceueiere ne sseueeseneateun tse 153 Local Networkung see ee ENEE NENNEN EEN ENEE E Ee 154 DAC EE 155 BIV 160 Managed Switch E 161 MVS EE E 163 lU BS 170 PONCY EE 171 LOG E 175 S D e d tO U C n E DOC CTC
66. To access the You can access the Command Line Interface CLI via Speedtouch via the rt The embedded Expert pages For more information see 5 Expert Command Line Configuration on page 99 Interface CLI gt A Telnet session This requires a TCP IP connection between the host from which the Telnet session is opened and the Speedlouch Your SpeedTouch and the connected computer must have an IP address in the same subnet gt The serial Console interface gt Quote site commands over FTP For more information see Quote site command on page 12 For more information on CLI commands see the SpeedTouch CLI Reference Guide 5 D ce d to UC he E DOC CTC 20051017 0151 v1 0 Chapter 1 Getting to know your SpeedTouch To start a Telnet Proceed as follows Session 4 Open a telnet application 4 You can use the Command Prompt window In Microsoft Windows XP for instance 1 On the Windows taskbar click Start 2 Select All Programs gt Accessories gt Command Prompt 2 Connect to your SpeedTouch 4 In the Command Prompt window At the prompt type telnet followed by the IP address of your SpeedTouch 192 168 1 254 by default 3 Enter your SpeedTouch security user name and password d The default user is Administrator and the default password is blank As soon as you have opened a session to the CLI the SpeedTouch banner is displayed followed by the CLI p
67. Touch 620 0436DTOIN Microsoft Internet Explorer provid lol x a speedtouch Welcome to the SpeedTouch Easy Setup This wizard helps you configure your SpeedTouch To continue click Next oo THOMSON BRAND Speedtouch lt Back Next gt Cancel speedtouch Chapter 4 Basic Configuration 4 3 3 Restart Restarting your Proceed as follows SpeedTouch 4 Inthe left menu click SpeedTouch 2 In the Pick a task list click Restart The following message appears Se eee eee Em Em pm em eee You are about to restart your SpeedTouch All active connections will be restarted Do you want to proceed es restart my SpeedTouch No 3 Click Yes restart my SpeedTouch The SpeedTouch restarts The SpeedTouch returns to the Home page D ce d to UC he E DOC CTC 20051017 0151 v1 0 4 3 4 Overview Details Configure E DOC CTC 20051017 0151 v1 0 Configuration Chapter 4 Basic Configuration The Overview page displays the current configuration of your SpeedTouch The Details page displays more detailed information on the current configuration of your SpeedTouch The Configure page allows you to change the current configuration System Configuration aa This page lets you configure your SpeedTouch e Service Configuration You cannot directly edit the service settings of your SpeedTouch In order to modify those settings you must use the Co
68. a networking devices EL In the SpeedTouch package a yellow full wired straight through RJ 45 RJ 45 Ethernet cable is included Use the yellow Ethernet cable provided to wire your computer s Ethernet port to one of the SpeedTouch s Ethernet ports The Ethernet cable can also be used to wire an Ethernet port of your SpeedTouch to any external Ethernet hub or switch Please follow the installation instructions supplied with the external hub or switch for connections and Ethernet cabling LED indicators allow you to check your Ethernet See 1 1 SoeedTouch LED Behaviour on page 4 for more information Once you have connected a device you can personalise its settings For more information see Device settings on page 15 Your SpeedTouch intelligently switches data between the devices on your LAN using priority queuing to ensure that higher priority messages are delivered first and in real time This feature maximizes your network performance The managed Ethernet switch allows you to configure a Virtual Local Area Network VLAN group ports or isolate a port configure secure channel connections define Quality of Service QoS and configure port mirroring allowing monitoring from one port to another You can configure the managed Ethernet switch manually using CLI For more information see the SpeedTouch CLI Reference Guide or on the expert Web pages see 5 5 3 Managed Switch on page 161
69. abel rule Name The name of the rule Label The label allows to identify packets with matching criteria If such a packet arrives it is labelled with a packet classification label Still no packet classified routing is done Only if you add a route that uses that particular label as route criterion the effective classification based routing is applied Service The service or protocol e g smtp http telnet Source Interface The source interface e g _lan1 _wan1 _dmz1 Source IP Select The name of the source IP expression Destination IP Select The name of the destination IP expression State Select this check box to enable this rule Log Select this check box to generate a syslog message when this label is being used 3 Click Apply IP QoS Rules The IP QoS Rules section provides an overview of the existing routing rules Proceed as follows to create a new rule 1 Click New to create a new rule 2 Fill in all the fields 3 Click Apply S D e d tO U C n E DOC CTC 20051017 0151 v1 0 0 3 4 IP Routing Overview The IP Routing table presents the current content of the SoeedTouch Routing Adding an IP route Deleting an IP route E DOC CTC 20051017 0151 v1 0 Information Base It contains all routes to all possible destinations and is consulted by the SpeedTouch any time prior to sending or forwarding any packets Destination Label Gateway interface Metr
70. allowed to use the outbound connections gt Foreign address Foreign address is to define the address es that are allowed to use the inbound connections gt Flags gt Description 4 If you selected NAPT you will have to specify a port range for the inside and outside address Speedtouch Chapter 5 Expert Configuration Creating a NAT Proceed as follows to create a address translation mapping mapping 4 Click New to create a new map 2 Select or fill in all the fields see above 3 Click Apply Templates The Template page allows you to create a NA P T template Depending on your needs following fields are available gt Interface The name of the IP interface that needs to be NAT ed gt Group The IP interface group scope for this template gt Type Allows you to choose the translation type gt Protocol The IP protocol on which address translation has to be applied This allows the SpeedTouch to link specific traffic protocol dependent to a chosen private host gt Outside address The outside typically public IP address es gt Inside address The inside typically private IP address es gt Access list You can use the access list to define the address es that are allowed to use the outbound connections gt Foreign address Foreign address is to define the address es that are allowed to use the inbound connections gt Flags gt Description L If you selected NAPT
71. annel 1 The Recorded Events table gives you an overview of the last event logs that have been recorded since the SpoeedTouch was turned on The first column of the table indicates the importance of the event log Informational Warning Error The Category list allows you to filter the events shown in the Recorded Events table For example by clicking Security you can view all security related events for example generated by the SpeedTouch firewall S D e d tO U C n E DOC CTC 20051017 0151 v1 0 4 3 8 Updating the speedTouch system software E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration Update The Update page allows you to gt gt a View System Information View information on the current System Firmware Update your SpeedTouch from a remote server Use this option if you want your SpeedTouch to check the internet for new firmware and update if it found one Update from a PC Use this option if you want to install an update on your SpeedTouch that is located on the PC 3 System Update a This page allows you to update your SpeedTouch with the latest software version available Choose a Way to Update your SpeedTouch and follow the instructions e System Information Product Name SpeedTouch 585 Serial Number 045207108 Boot Loader Version 1 0 16 Product Code 35723430 Board Name BANT K e System Firmware Current Software Version 5 3 0 15 Curr
72. apping for this game or application The SpeedTouch creates the game or application and takes you to the Game or Application Definition page to configure the port mappings for this game or application 5 Enter the necessary port mappings and click Add D ce d to UC he E DOC CTC 20051017 0151 v1 0 4 9 6 Web Site Filtering Overview Configure Content levels E DOC CTC 20051017 0151 v1 0 Web site Filtering The SpeedTouch allows you to block allow particular Web sites gt Based on the Web site s URL As within a Web site lots of references can be made to other URLs it is recommended to use this feature in combination with content based filtering gt Based on the Web site s content gt By redirecting a Web site to another Web site If your administrator account is configured as default user make sure you Q configure a password for this account or change the default user Otherwise users on your local network can browse to your SpeedTouch to disable your filtering rules For more information see 4 5 13 User Management on page 77 and 4 5 15 Change Default User on page 80 The Overview page displays gt The current Address Based Filtering rules gt The current Content Based Filtering configuration To view which content types are blocked allowed click Details For more information see 4 5 8 Content Level on page 69 o Address based filtering rules have priority over
73. are allowed automatically e Encryption Disabled Use WEP Encryption Co Use WPA PSK Encryption WPA PSK Encryption Key 462 7FO08CB3 WPA PSK Version WPA wi On the Wireless Access Point page you can give a new name to your Network Name SSID Under Security you can clear Broadcast Network Name SSID to prohibit the Network Name from being broadcast S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 2 Local Network Setup Access Control List The SpeedTouch features a managed Access Control List ACL and a physical ACL registration mechanism in the form of the Association Registration button on the back panel of your SpeedTouch On the Wireless Access Point page you have the following options for the ACL New stations are gt gt Allowed automatically All new stations can access the SpeedTouch Allowed via registration Only allowed stations in the ACL have access You can add new stations via gt The Association Registration button gt The Search for wireless devices task For more information see Registering wireless clients on page 24 Not allowed Only allowed stations in the ACL have access You can add new stations to the ACL only via the Search for wireless devices task For more information see Registering clients via Web pages on page 24 Data encryption To set up wireless connectivity you can choose different levels of secur
74. ated and managed by means of the DHCP Client table Following fields are listed in the DHCP Client table gt gt Interface The name of the SpeedTouch logical interface for which this DHCP client applies The Address column shows the IP address assigned to the interface given in the first column The State column shows the current state of the dynamic interface According to RFC2131 following states are envisaged gt init The DHCP client hasn t been activated yet You can activate a DHCP client entry by selecting it and clicking Enable gt requesting The DHCP client is searching for a DHCP server gt selecting The DHCP client requests a server for an IP address gt bound A dynamic IP address has been assigned by the DHCP server gt renewing The DHCP client requests a known server to extend its lease gt rebinding The DHCP client searches a server to extend its lease The Timeout column is filled in for each DHCP client which is currently in the bound state It indicates the lease time of the assigned IP address For each of these interfaces you can configure following fields gt E DOC CTC 20051017 0151 v1 0 IP Address The preferred IP address to be assigned to the DHCP client If not accepted the remote DHCP server may overrule this address Client ID MAC address of the SpeedTouch logical interface to be communicated to the remote DHCP server If empty the SoeedTouch
75. ation DHCP this is usually the default For more information see the documentation of your wireless client adapter To configure wireless The wireless client must be correctly configured for the default network name As clients for the first time the SpeedlTouch broadcasts its network name to the wireless clients you can select the SpeedTouch wireless network from a list of available networks Depending on your wireless client a wireless icon may become green or a message similar to the following may appear Successfully joined Wireless network Speed Touch123456 L Some wireless clients do not automatically join a wireless network If so follow the instructions for the wireless client software to initiate association S D e d tO U C n E DOC CTC 20051017 0151 v1 0 First time association The example below shows how the SpeedTouch wireless network is presented example towards a Windows XP Service Pack 2 system t Wireless networks detected x One or more of your preferred networks are in range To see the list and connect to a network cick this message Proceed as follows to associate your wireless client to the SpeedTouch 1 2 3 E DOC CTC 20051017 0151 v1 0 Click the network icon in the notification area IR CR The Wireless Network Connection window appears i Wireless Network Connection Network Tasks SG Refresh network list Set up a wireless network for a home or smal
76. atus r x z S Specify following properties and click 4pply to commit New test Ping to my ISP Target address The page contains two sections gt gt Select Ping to view configure and perform ping tests Select Traceroute to view configure and perform traceroute tests The Ping table provides a list of configured ping test entries By default no ping tests are configured To add a ping test see Add delete a ping test Select a ping test entry to gt gt Modify ping test properties Perform a ping test and view test results and history see Ping tests and results Delete the entry see Add delete a ping test To add a ping test entry 1 2 3 4 Click New if an entry is currently selected click Cancel first Type a name for the ping test entry Type the host name or IP address of the target to ping Click Apply To delete a ping test 1 2 Select the ping test entry to delete Click Delete To modify a ping test entry 1 2 3 4 Select the ping test entry Click Modify Make your changes Click Apply to apply your changes to the ping test entry speedtouch 117 Chapter 5 Expert Configuration Ping tests and results To start stop a ping test 1 2 Select the ping test entry Click gt Activate to start the ping test gt Deactivate a ping test that is currently running To view the results of the ping test 1 2 Select the pin
77. authorize or explicitly inhibit access between specific wireless clients and the SpeedTouch wireless access point based on the wireless client s MAC address The Access Control tab allows you to manage the SpeedTouch Access Control List ACL By default New stations allowed automatically is selected Any client with the correct wireless settings Network Name and if required Network key will be automatically associated to the SpeedTouch and will be allowed to send receive data via the SpeedTouch wireless access point In case New wireless client allowed is not selected you must manually add the wireless clients and their authorization to the access control list You can use the Association Registration button to allow wireless clients to enter the access control list This button can be found on the back panel of the SpeedTouch or on the Access Control tab Pressing this button triggers the SpeedTouch to unlock the access control list for a time frame of one minute after which the access control list is locked again Any wireless clients trying to associate with the SpeedTouch having the correct wireless settings Network Name and if required Network key will be added to the table Per wireless client present in the access control list the following information is provided and can be re configured gt An intuitive name for the wireless client gt Whether the wireless client is allowed select yes or not s
78. b pages providing an interface to the software installed on the device It allows easy setup and management of the SpeedTouch via your Web browser from any PC connected to the SpeedTouch See 1 2 1 Access via the Web Interface on page 7 to access the pages The pages are grouped in gt Basic Mode offering the main configuration tasks gt Expert Mode adding advanced features to the basic mode and presenting the Command Line Interface CLI commands in a graphical user interface Consult gt The SpeedTouch Installation and Setup Guide for more information on setup and installation procedures gt The SpeedTouch Application Notes and Configuration guides for advanced configuration concepts Speedtouch 35 Chapter 4 Basic Configuration 4 1 Navigation Navigation components The SpeedTouch Web interface consists of the following components v wy v v v Menu Language Bar Navigation Bar Notification Area Tasks Navigation bar Notification area Language bar speedtouch Administrator Home gt SpeedTouch 8 Your DSL connection is down Verify that your SpeedTouch is correctly connected to your phone line If the problem persists check your documentation SpeedTouch emu Information Product Name SpeedTouch 620 Serial Number 0436DTO1N Information Menu Configuration Event Logs Update Software Release 5 3 0 15 Configuration
79. by the firewall BlockAll Use this Security Level to block all traffic from and to the Internet Game and Application sharing is not allowed by the firewall High Use this Security Level to block all outgoing connections except well known applications DNS HTTP HTTPS FIP TELNET IMAP POP and block all incoming connections Game amp Application sharing is not allowed by the firewall Medium Use this Security Level to allow all outgoing connections except Windows protocols NetBIOS RPC SMB and block all incoming connections Game and Application sharing is allowed by the firewall Standard Use this Security Level to allow all outgoing connections and block all incoming traffic Game and Application sharing is allowed by the firewall Low Use this Security Level to allow all outgoing connections and block all incoming traffic except Internet Control Management Protocol ICMP Game and Application sharing is allowed by the firewall Level Standard Description Use this Security Level to allow all outgoing c Loose UDP tracking al Game Application Sharing Allowed Iv Praxying allowed al Readonly a Nr Name Action Service Srcintf Src IP Dstintf_ DstIP_ Log Hits Module level Firewall Level Module al 2 3 4 5 6 5 F ToGuest drop Any Any Any quest Any D 0 L Frama accept Any lan Any Any Any E 0 LZ GuesttoWw AN accept Any quest Any wan Any D 0 L DMZToWAN accept Any d
80. ccssscccssseeceeseeceeeeeeceeseeeeeseeesaneees 20 Wireless SECULI eebe 22 Connecting Additional Wireless Cliente 24 Extending the Range of Your Wirelstess Network 26 Internet Connectivity Dial In Clients 008 29 SpeedTouch Web Pages eene NENNEN ENNEN EEN EEN EE EN 31 Internet Gateway Device Control Agent 0cssseeessneeessneeees 33 Speedtouch D Contents Contents 4 1 4 1 1 4 1 2 4 1 3 4 1 4 4 1 5 4 2 4 3 4 3 1 4 3 2 4 3 3 4 3 4 4 3 5 4 3 6 4 3 7 4 3 8 4 4 4 4 1 4 4 2 4 4 3 4 4 4 Basic Configuration ccccsccsecsseecseeceeeeeesaeeseeseeeeaes 35 IN VAG EN d TEE 36 VE El enya tts ees etna aco dren cet E E E N EA A teed ee i EEE A E E E at E 37 Language EE 38 Navigation e 39 pleidiitercidiel aps cre eremrrreernr tt emer ten en Omir mar n ener este rte aren nee mtn N 40 DEE 41 wll vidinnrsnachcaceteudesncekasdndcsdbcnveesducntsntatnnserdechusadscanenasdiacanndeddebuncsi 42 SCS OG WE 43 VEO TAN Lg e e E 44 SpeedTouch Basy de E 45 FC SUA EE 46 ee de UI 47 BaCk UDO ROSTO E E ee atre eran er een ener eee eee ne ey eer ere ee 48 Reset to Factory Defaults AEN 49 BV GIG OS eane 50 leet 51 Broadband Connection enee EEN EEN EEN ENEE EEN En 52 Connec iV E 53 Re ee te Eege Macc e O sens ease anes aseenene sate ceoeaeieseeneeacieredes 54 NAD FUNG CCS E eects ste S E otic saster saves atten oeninn rans ees ete eed eee 55 Internet Service E de e CN 56 S D
81. ck the name of the game or application you want to view change This page gives you an overview of the port mappings used to allow this service or game to be initiated from the Internet 4 Consult the user s guide or support pages of your application to know which ports are being used by this application A service consists of one or more TCP UDP port ranges Each incoming port range can be translated into a different internal local network port range Port ranges can be statically assigned to devices or dynamically assigned using an outgoing trigger Under gt Game or Application Name you can Change the name of the game or application gt Game or Application Definition you can Change the TCP UDP port definition for this game or application Lotus Notes e Game or Application Name New Name Lotus Notes Apply Cancel e Game or Application Definition 4 game or application is made of one or more TCP UDP port ranges Each incoming port range can be translated into a different internal local network port range Port ranges can be statically assigned to devices or dynamically assigned using an outgoing trigger Translate Trigger Trigger Protocol Port Range To Protocol Port Any lasg Ise EE dit Delete Any x Any Add S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Adding a Port Translation rule E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration Proceed as
82. content based filtering rules On the Configure page you can Deny access to a specific web site Redirect a Web site gt gt Allow access to a specific Web site gt gt Configure content based filtering settings The following content levels are available gt Alk Allow all categorized Web sites gt Legal Allow all except illegal extreme spam and spyware Web sites gt Teenagers Block illegal adult extreme online ordering gambling spam and spyware Web sites gt Children Only allow children save Web sites gt BlockAll Block all categorized Web sites speedtouch Chapter 4 Basic Configuration Chapter 4 Basic Configuration Deny access to a specific Web site Allow access to a specific Web site Redirect a Web site Use this feature if b Allow is selected under Action for Unknown Sites gt Block is selected under Action for Unknown Sites and you want to make an exception on an allow rule For example you are allowing provider com but you want to deny access to mail provider com gt A content category group is allowed by Content Based Filtering and you want to make an exception For example you are allowing Web Mail content but you want to deny access to mail provider com Proceed as follows 1 Type the URL of the Web site you want to block for example mail provider com in the Web Site box 2 In the Action list click gt
83. ctivate a software module Browse to the SpeedTouch web pages at http 192 168 1 254 The SpeedTouch home page appears Select Expert Mode gt SpeedTouch gt Add On The Add On page appears 1 2 Name Description ile Stats OO O VPM256 32 IPSEC based YPN capability VPN256 32 sul Key Enabled ISDN ISON Backup capability ISDN sw Key Enabled SIP2Z56 svle Key Enabled SIP256 Session Initiation Protocol capability Paste the Software Activation Code you received into this box and click Odd Speedtouch Chapter 6 Software Keys 3 4 Select the desired software module to open the registration web site on the Internet SEARCH NAVIGATION TOOL products we support w Products Complete this form to receive your new Software Key to upgrade your modem UserName Password Firstname eng Lastname Email Confirm Email ir Request Software Key Complete the form to request a new software Key Select the Request Software Key button to proceed Key dx Tocezcodke 9tuyikaex2zicegUlyotrr bes aNhlstTcat As a result you will get a text box with the key in it Copy the key and past it into the Software Activation Code Input Display and click the Add button H Key saved Restart to activate key VDNZbp 23 IPSEC based YPN capability VPN256 32 sl Key Verified Restart ISDN ISON Backup capability None No Key SIP256 Session Initiation Protocol capability None No Key
84. d by the server Bytes received Number of bytes received on this PPP connection Bytes dropped Number of bytes failed to transmit Bytes sent Number of bytes transmitted over this PPP connection speedtouch E DOC CTC 20051017 0151 v1 0 0 4 9 Overview Bridged Ethernet Bridge properties E DOC CTC 20051017 0151 v1 0 Bridged Ethernet The Bridged Ethernet page consists of following sections gt Bridged Ethernet gt VLAN The Bridged Ethernet page allows you to configure the Speed Touch for IEEE802 1D Transparent Bridging which equally may include preparing it for Bridged PPPoE Next to transparent bridging the SpeedTouch also features full VLAN awareness and as such allows Ethernet interface grouping or VLAN tag based forwarding The Bridged Ethernet page gives you an overview of all interfaces that are connected to the SpeedTouch Ethernet bridge Bridged ethernet lll interface Destination State Port LAN b OBC Internal connected OBC default Le ethporti ethif1 connected ethporti default Le ethportz ethifz connected ethpoarte default b ethpoarts ethit 3 connected ethports default Le ethport4 ethif4 connected ethport4 default Click New to create a new entry Aging Time Aging 10 1000000 seconds S00 Virtual LAN D Under the Bridged Ethernet overview table are the parameters that are applicable for the Ethernet bridge itself Following parameters are configurable gt
85. d client WEP i e encrypting the traffic between the SpeedTouch and the clients by sharing a pre defined 64 bit or 128 bit Network key gt level 2 WPA PSK is the highest form of security available for home users but make sure that your wireless client and client manager are compatible with it gt level 3 WPA is the highest form of security available but make sure that your wireless client and client manager are compatible with it If you want to use this level of encryption you must have a RADIUS Remote Authentication Dial in User Service server installed on your network By default the SpeedTouch access point uses security level 0 implying that no encryption is used for wireless networking In case security level 1 or 2 is active select Security Level 0 no encryption to return to security level 0 Selecting this security level has immediate effect Data will no longer be encrypted Therefore to re access the wireless environment of the SpeedTouch you must first disable security on your wireless client D ce d to UC he E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration WEP The Wired Equivalent Privacy WEP algorithm is used to protect wireless communication from eavesdropping WEP relies on a secret key that is shared between the wireless client e g a laptop with a wireless ethernet card and the SpeedTouch The fixed secret key is used to encrypt packets before they are transmitted Le duri
86. d messages generated during SpeedTouch operation Per message following information is shown gt Facility gt Severity gt The system message content and time of generation By default the table is automatically refreshed every 30 seconds and shows all system log messages gt Click Stop AutoRefresh to stop the automatic refreshing of the table The Message buffer view options menu becomes accessible to gt Select the Facility level of syslog messages to show in the table gt Select the Severity level of syslog messages to show in the table gt Change the Refresh rate of the table As long as AutoRefresh is disabled you can manually refresh the table by clicking Refresh gt Click AutoRefresh to apply your changes and to start automatic update of the table using the new refresh rate This section allows you to view configure remote destinations syslog servers to send a subset of the SoeedTouch syslog messages for remote monitoring purposes To add a destination 1 In the Facility box type the Facility of your choice 2 In the Severity box click the Severity of your choice 3 In the Destination box type a destination IP address or host name to send the messages to 4 Click Add S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Facility severity E DOC CTC 20051017 0151 v1 0 To change or delete a destination 1 Select the applicable interface 2 If needed make your changes and clic
87. d on your SpeedTouch Each game or application can be assigned to a device on your local network Universal Plug and Play Universal Plug and Play UPnP is a technology that enables seamless operation of a wide range of games and messaging applications Use UPnP a Use Extended Security D Apply Cancel Assigned Games amp Applications Click on Unassign to disable a game or a application or use the last row in the table to assign a game or application to 4 local network device If the game or the application you are looking for does not exist click here to create it fyou will be asked for game or application details Choose User defined in the device list and enter its IP address if the device you are looking for does not appear in the device list Game or Application Device Log FIP Server YourPe Off Edit Unassign HTTP Server World Wide web YourPe Off Edit Unassign NetMeeting CourbC Off Edit Unassign ABC Another Bittorent Client YourPC O Add E DOC CTC 20051017 0151 v1 0 4 5 3 Defined Games amp Applications Accessing the Defined Proceed as follows to access the Defined Games amp Applications page Games amp Applications 4 Page In the Toolbox menu click Game amp Application Sharing In the Pick a task list click Modify a game or application Chapter 4 Basic Configuration The Defined Games amp This page gives you an overview of the games and applications defined o
88. d timeout 1 7 5 Location service properties Allow all registrations a Call screening status Active D SIP PEX status disabled The Location Service page allows you to gt View the registered users gt Add new SIP users All inbound and outbound SIP sessions that cross the multi media SIP PBX can be monitored from the SpeedTouch web interface Both successful and failed calls will be shown This is a useful tool to supervise the SIP communications involving your LAN User Agents The Syslog Settings tab allows you to log SIP call information to the syslog To increase SIP communications security it may make sense to block sessions Originating from either side of the network that are associated with particular users Or groups on account of fraud abuse and so forth S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 6 Software Keys G Software Keys Introduction HowtoactivateaSoftware module E DOC CTC 20051017 0151 v1 0 A Software Key is a tool to disclose or activate services or software modules The following Software modules can be activated gt VPN256 32 VPN16 4 VPN16 1 Integrated VPN IPSec capability SpeedTouch 620 only VPN16 4 Integrated VPN IPSec extesnsion Speed Touch 608 608 WL only ISDN Integrated ISDN Modem full capacity Speed Touch 608 WL 620 only SIP256 SIP Multi Media PBX capability Speed Touch 620 only Proceed as follows to a
89. e d tO U C n E DOC CTC 20051017 0151 v1 0 4 5 4 5 1 4 5 2 4 5 3 4 5 4 4 5 5 4 5 6 4 5 7 4 5 8 4 5 9 4 5 10 4 5 11 4 5 12 4 5 13 4 5 14 4 5 15 4 5 16 E DOC CTC 20051017 0151 v1 0 4 6 4 6 1 4 6 2 4 6 3 4 6 4 4 6 5 4 6 6 4 6 7 4 6 8 4 6 9 5 1 WOO OK EE 57 Remote Assistance an cceccisccassccnssinencteetesteneencenenensasecsatescanesenteecetedsntienteseseetextensdansecindesaxslens 58 Game amp Application Sharing E 59 Defined Games E e e le le ET 61 Game or Application Definition EE 62 New Game or Application ssonsssusnnsnnnneennnrrrnrnrnrnnnrrnnnnnnnnnnnnnrnnnrrrnnerrnnnnnrnnennnennnnennnnne 64 Wep oe FN NC E 65 EREECHEN 68 Coment We V6 eenegen 69 New Content Cevea etcetera i E E 70 PV UE 72 Iaige See Derecho WEE 75 Byname RE 76 User Management cccccsccessseeceeeeseeeesaeeesaaeesaeeesaeeesaeeesaeeesaeesaeeesaeeesaeesseeesseeeseeeesagees 77 PUTUS E EE 79 Change Detak E 80 AU OM e E tw su ea wisaameuecnisue cme nen seen ose doses vase gosesoease goeaeaneece 81 OPTICS NGC WV OUNG resis tanceintinewarsbsccicnbinawesapsdcidecainandescesisacatunenneeteacacas 82 ENEE 83 Device SENS E 84 Assign Public Mrs cencseencsad seseece sects narcacadssaneseadehsakcnacadosdancsaeesancesqecesancesaeseeqieaetcesecenaaeesaceies 86 Wireless Device SGU S E 87 Acces E a e es tec acetates ce socenerscceetee ss aendcsaenccaasieceactsce sadeneuseeeeaaaiaces eccensasaueccances 88 OIE CNT WOS cat ceteie A E 93 NW
90. e Details page gives you more detailed information on the selected Internet Service Internet Uptime Data Transferred Disconnect e Connection Information 1 day 4 15 24 14 65 325 99 Sent Received KBB e Connection Settings DVC Info VPIWCT 6 55 Type PPPoE e PPP Settings Username cpesit rednet Password SRR GR HE Ro Connection Mode Always On Service Name Concentrator Name 15031100007146 Redback e TCP IP Settings IF Address 101 101 101 39 32 101 101 101 1 10 50 2 20 10 50 2 21 Default Gateway Primary DNS Secondary DNS d If you configured a dial up connection you can establish terminate the connection by clicking Connect Disconnect E DOC CTC 20051017 0151 v1 0 Speedtouch Chapter 4 Basic Configuration 4 5 Toolbox The Toolbox menu The Toolbox menu consists of the following menu items gt Remote Assistance Allows you to make your SpeedTouch accessible for remote support gt Game amp Application Sharing Allows you to share services and games that you run in your private network towards the Internet gt Web Site Filtering Allows you to block allow access to specific Web sites gt Firewall Allows you to configure the security level of the SpeedTouch firewall H Intrusion Detection Allows you to view the intrusions you are protected against gt Dynamic DNS Allows you to assign a DNS host name to your broadband connection s
91. e Remote Assistance button your SpeedTouch will be accessible from your broadband connection After 20 minutes of inactivity or on reboot remote assistance will be automatically disabled Provide the following parameters to your ISP URL https 101 101 101 39 51003 Username tech Password yhxj3mtq Enable Remote Assistance Quit o If you want to enable remote assistance you must be connected to the Internet Proceed as follows to use remote assistance 1 If necessary type a password in the Password box 2 Click Enable Remote Assistance 3 Pass the information listed under gt URL gt Username gt Password to your technical support in order for them to be able to access your SpeedTouch Once the technical support is connected no other connections can be made Terminating remote The remote assistance session ends assistance ifthe technical support disables remote assistance gt after 20 minutes of inactivity gt after restarting your SpeedTouch S D e d tO U C n E DOC CTC 20051017 0151 v1 0 4 9 2 Overview Configure E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration Game amp Application Sharing The Overview page summarizes the applications or games installed on a particular local host on your network for which the SpeedTouch should accept inbound initiated connections coming from the Internet gt On the Configure page you can Select Use U
92. e to supply suitable values according your network configuration Statistics For a running PPP session the fourth tab allows you to overview following connection statistics gt IP address Local IP address assigned by the server gt Bytes received Number of bytes received on this PPP connection gt Bytes dropped Number of bytes failed to transmit D ce d to UC he E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration gt Bytes sent Number of bytes transmitted over this PPP connection EN Speedtouch Chapter 5 Expert Configuration 0 4 4 Availability Introduction Creating a Routed PPPol connection entry Additional configuration Routing Routed PPPol The ISDN modem is only fully functional after activating the ISDN software module with the ISDN software module activation key For more information see 5 2 10 Add on on page 120 The Routed PPPol configuration page allows you to add new Routed PPPol connection entries or to change settings of existing entries To add a Routed PPPol connection entry 1 Click New 2 In the Interface box type a unique interface name 3 Inthe ISP profile list click gt The name of a profile if you want to use an existing profile gt New to create a new profile Type the name you want to assign to this profile in the Enter Name box These ISP profile contain the ISDN parameters 4 Type user name and password for the accoun
93. ection will NOT be authenticated gt Local IP and Remote IP During PPP session setup IP addresses are negotiated Typically at the client side these fields are left empty This forces the client to ask the server for addresses To setup the SpeedTouch as PPP server you are able to supply suitable values according your network configuration gt Primary DNS and Secondary DNS During PPP session setup the BRAS will normally provide the DNS server IP addresses Typically at the client side these fields should therefore be left empty In cases where the DNS server IP addresses are not provided by the BRAS or to setup the SpeedTouch as PPP server you are able to supply suitable values according your network configuration Statistics For a running PPP session the fourth tab allows you to overview following connection statistics gt IP address local IP address assigned by the server gt Bytes received Number of bytes received on this PPP connection gt Bytes dropped Number of bytes failed to transmit gt Bytes sent Number of bytes transmitted over this PPP connection D aa d tO UC hn E DOC CTC 20051017 0151 v1 0 5 4 3 Introduction Creating a Routed PPPoA connection entry Additional configuration Routing E DOC CTC 20051017 0151 v1 0 Routed PPPoA The Routed PPPoA configuration page allows you to add new Routed PPPoA connection entries or to change settings of existing entries
94. ed due to misconfiguration you might consider a hardware reset to factory defaults as described in 7 3 Reset to Factory Defaults on page 194 Q However note that resetting the SpeedTouch to its factory settings will revoke all the changes you made to the configuration Make sure that the SpeedTouch is installed and configured as instructed in the Installation and Setup Guide or as instructed by the Service Provider S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 7 Troubleshooting 7 1 1 Wired Ethernet Troubleshooting LANLEDdoesnotlightup Make sure that gt The LAN cable is securely connected to the 10 100Base T port gt You are using the correct cable type for your Ethernet equipment that is UTP CAT5 with RJ 45 connectors EN Speedtouch Chapter 7 Troubleshooting 7 1 2 Wireless Ethernet Troubleshooting Not able to connect Check the following wireless clients p yf registration is enabled you must press the Association button to register the wireless client or search for wireless devices via the embedded Web pages gt Make sure the SpeedTouch Association Control List is not locked You can check this on the Web pages On the Wireless Access Point settings make sure New stations are not allowed is NOT selected No wireless connectivity Make sure that gt Both the wireless client adapter and the SpeedTouch are allowed to connect through wireless channels as de
95. ee authentication methods can be selected for the connection gt Auto default Preferably the CHAP Challenge Handshake Authentication Protocol will be used However if not successful PAP Password Authentication Protocol authentication is used instead If in turn PAP fails the connection will NOT be authenticated gt CHAP CHAP authentication is forced If not successful the connection will NOT be authenticated b PAP PAP authentication is forced If not successful the connection will NOT be authenticated gt Local IP and Remote IP During PPP session setup IP addresses are negotiated Typically at the client side these fields are left empty This forces the client to ask the server for addresses To setup the SpeedTouch as PPP server you are able to supply suitable values according your network configuration gt Primary DNS and Secondary DNS During PPP session setup the BRAS will normally provide the DNS server IP addresses Typically at the client side these fields should therefore be left empty In cases where the DNS server IP addresses are not provided by the BRAS or to setup the SpeedTouch as PPP server you are able to supply suitable values according your network configuration EN Speedtouch Chapter 5 Expert Configuration Statistics For a running PPP session the fourth tab allows you to overview following connection statistics gt IP address Local IP address assigne
96. eed Touch 620 i will be referred to as SpeedTouch in this User s Guide THOMSON continuously develops new solutions but is also committed to improve its existing products For suggestions regarding this document please contact documentation speedtouch thomson net For more information on THOMSON s latest technological innovations documents and software releases visit us at www speedtouch com Speedtouch D About this User s Guide About this User s Guide D S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Introduction Installation Configuration Before you begin E DOC CTC 20051017 0151 v1 0 Getting to know your SpeedTouch With the SpeedTouch 605 i and SpeedTouch 608 i Business DSL Routers and the Speed Touch 608 WL i and Speed Touch 620 i Wireless Business DSL Routers you can build a secure small home office network seamlessly connecting wired and wireless devices and surf the Internet at high speed all combined in one device For more information on how to set up install and wire your SpeedTouch and set up Internet connection refer to the Installation and Setup Guide This User s Guide will help you configuring your SpeedTouch Before connecting the SpeedTouch please read the SpeedTouch Quick Installation Guide and the Safety Instructions and Regulatory Notices Speedtouch al Chapter 1 Getting to know your SpeedTouch Chapter 1 Getting to know
97. elds in the VPN Server web page 3 Select the IKE Authentication method Either Preshared Key or Certificate Authentication can be selected 4 Click Apply to confirm the data and Save All to make the configuration permanent Optional If you use the Extended Authentication protocol you have to compose an authorized users list Speedtouch 179 Chapter 5 Expert Configuration 0 7 4 Certificates pages secure Storage page Request Import page CRL page CEP page Certificates The Certificates pages allow you to manage your certificates This page shows the list of certificates stored in the SpoeedTouch This page allows importing new certificates from a Certificate Authority into the SpeedTouch This page allows managing the use of Certificates Revocation Lists This page allows configuring the Certificates Enrollment Protocol settings S D e d tO U C n E DOC CTC 20051017 0151 v1 0 es When to use How to use E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration Advanced The Advanced VPN menu gives access to two main pages where the complete IPSec configuration can be done These pages are component oriented as opposed to the application oriented pages described in 5 7 1 LAN to LAN on page 177 5 7 2 VPN Client on page 178 and 5 7 3 VPN Server on page 179 Component oriented means that a number of components are constructed and subsequently combined
98. elect no to exchange data between the wireless clients and the SpeedTouch Regardless of whether registration of wireless clients is controlled via the Association Registration button or not you can always manually add delete clients to from the access control list or define wireless clients that are specifically allowed select yes or not allowed select no to access the SpeedTouch wireless network To delete all wireless clients from the access control list click Flush Be aware that if you are connected wirelessly to the SpeedTouch you will lose your connection The Associated Stations tab allows you to overview the currently associated clients To add an associated station to the access control list 1 Select the entry you want to explicitly add to the ACL Associated stations that are not present in the ACL yet are identified by the name Not Registered ACL 2 To change the access rights for this station click Access Control GA Change the name of the station optional but recommended 4 Inthe Allowed list click S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Networks Other Networks WDS E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration gt Yes to allow it to exchange data with other stations gt Noto explicitly deny the station to associate with the SpeedTouch 5 Click Apply to immediately apply your changes The Networks tab allows you to gt Scan for Oth
99. ent Software Variant D Available Software Version No update available Update SpeedTouch from remote server gt To check if 4 new software version is available click on Check For Updates Check For Updates Upgrade from PC gt To Update your SpeedTouch from your PC you may follow the three steps described below 1 Download the latest software to your PC You may Update your SpeedTouch by downloading the latest software from the SpeedTouch Support Site to your PC s hard drive Upload software to your SpeedTouch Select the update file you have placed on your PC s hard drive Browse 3 Load the new software and restart your SpeedTouch Note uploading the new software takes several minutes to complete Proceed speedtouch Chapter 4 Basic Configuration 4 4 The Broadband Connection menu The Broadband Connection page Broadband Connection The Broadband Connection menu consists of following menu items gt DSL Connection gt Internet Services The Broadband Connection page gives you a short status overview of the connections configured on the SpeedTouch SpeedTouch DSL Connection Internet Services Toolbox Expert Mode Click View more to see more information on the selected broadband connection Administrator Home gt Broadband Connection DSL Connection e Yiew more Uptime Bandwidth Up Down kbps kbps Data Transferred
100. er Networks gt Enable WDS connections with other wireless devices The Other Networks tab allows you to overview the wireless networks in your neighbourhood To scan for other wireless networks 1 Click Scan 2 The SpeedTouch scans all channels for wireless networks 3 The SpeedTouch lists the available networks in the table The Wireless Distribution System WDS allows you to extend the range of your SpeedTouch by means of one or more wireless repeater s To allow a WDS connection with a specific access point 1 Click New 2 In the Name box type an appropriate name for the access point 3 In the BSSID box type the BSSID of the access point Speedtouch Chapter 5 Expert Configuration 170 5 6 Firewall Overview The Firewall menu consists of the following topics Expressions view configure interface or IP or Service related expressions For more information see 5 3 2 Expressions on page 123 Policy view configure the SpeedTouch Stateful Inspection Firewall security level and its policies view log messages for SpeedTouch firewall events S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration 9 6 1 Policy Firewall levels E DOC CTC 20051017 0151 v1 0 The Level list allows you to choose between the following level gt Disabled All traffic is allowed to pass through your SpeedTouch Game and Application sharing is allowed
101. er the Pre Shared Keys PSKs are identical gt Stronger encryption types gt Temporal Key Integrity Protocol TKIP default Instead of using a fixed WEP key TKIP uses in pairs temporary session keys which are derived from the PSK during the 4 way handshake For each packet it uses a different key TKIP also provides a message integrity check MIC and a rekeying mechanism in seconds gt Advanced Encryption Standard AES State of the art encryption can only be used if all wireless devices in your WLAN support AES gt Message Integrity Check MIC Which is a strong mathematical function in which the recipient and transmitter each compute and compare the MIC If they don t match it is assumed that a third person has been trying to read the data Proceed as follows to enable WPA PSK 1 Select Use WPA PSK Encryption 2 In the WPA PSK Encryption Key box type a pass phrase also known as Pre shared key of your choice The pass phrase must consist of 8 to 63 ASCII characters or 64 HEX digits 3 In the WPA PSK Version list click the desired WPA PSK version Depending on the WPA PSK version you choose one of the following WPA PSK encryption will be set automatically gt WPA TKIP gt WPA2 AES gt WPA WPA2 TKIP AES AES is not yet implemented in most clients but it is in the SpeedTouch because it will be the future security standard D Click Apply to immediately apply your changes 5 Configure yo
102. face to which the entry applies gt Drop action You can either choose to simply count the number of packets that exceed the drop rate or to effectively drop them gt Mark action You can either choose to simply count the number of packets that exceed the mark rate or to effectively mark them gt Marking In case you have chosen to mark packets that exceed the mark rate you can select what marking is applied TOS DSCP or Precedence 4 Depending on the selected marking you must also select an appropriate TOS DSCP or Precedence value Select Disabled in case no marking must be applied gt Classification You can select gt ignore so that no changes are made to the classification gt overwrite so that the internal priority will be overwritten no matter what the value is gt decrease so that the internal priority will only be overwritten in case the value defined is lower than the value upon arrival gt offset to effectively lower the priority setting with a relative offset as defined in Class value gt Class The class or offset used for classification 4 Click Apply 4 D aa d to UC he E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration 5 4 Connections Overview The Connections menu consists of the following topics ATM view configure SpeedTouch s ATM interfaces Routed PPPoE view configure the Routed PPP over Ethernet PPPoE Internet services Routed PPPoA vie
103. ffic gt Both incoming and outgoing traffic D ce d to UC he E DOC CTC 20051017 0151 v1 0 0 0 4 Chapter 5 Expert Configuration Wireless Availability This page is only available on SpeedTouch devices equipped with a wireless Overview E DOC CTC 20051017 0151 v1 0 access point The SpeedTouch IEEE802 11g compliant Wireless LAN WLAN interface allows you to share its high speed Internet connection with multiple networking clients in a local network without needing to re wire your home The SpeedTouch acts as a wireless Access Point AP connecting wireless clients and transferring data between them The wireless web page consists of four sections gt Access point settings to configure the basic settings of the SoeedTouch wireless access point gt Security to overview and control the security settings and wireless client access to the SpeedTouch s wireless network segment gt Associated stations to overview the wireless stations currently associated with the SpeedTouch wireless access point gt Networks to scan for wireless clients in your neighbourhood and scan for view configure WDS connections with other wireless devices Be aware that in case you are connected wirelessly to the SpeedTouch and you change its wireless access point settings wireless connectivity may be lost speedtouch Chapter 5 Expert Configuration Access point settings This section
104. fined for local regulatory domain gt The WLAN client is configured for the correct wireless settings SSID security settings gt Check the signal strength indicated by the wireless client manager If the signal is low try to place the SpeedTouch or to direct the SpeedTouch s antenna for optimal performance gt Make sure that the wireless client adapter is enabled message like radio on Poor wireless Check the following connectivity or reach Choose automatic channel selection or carefully select a radio channel that does not interfere with other radio channels gt Make sure both the WLAN client adapter and the SpeedTouch are allowed to connect through wireless channels as defined for local regulatory domain gt Check the location of the SpeedTouch in the building gt Check the signal strength indicated by the wireless client manager If the signal is low try to place the SpeedTouch or to direct the SpeedTouch s antenna for optimal performance D ce d to UC he E DOC CTC 20051017 0151 v1 0 Chapter 7 Troubleshooting 7 1 3 Upgrade Troubleshooting Error messages While upgrading your SpeedTouch via the Web pages one of the following E DOC CTC 20051017 0151 v1 0 messages may appear Message Failed to retrieve new software The file does not exist version from the support site Try meaning there is no newer again later software release Loss of connec
105. g test entry if needed Click Result Ping jiraceroute gt PingSpeedTouch modem 192 168 1 254 Stopped 5 PingMyPC modem 192 168 1 10 Stopped Result Status Target IP address FN Min RTT us km C C Max RTT us km ti tw Avg RTT us km t CCOC C d Probe responses PO Sent probes pO RttSumOfSquares ms fOr Last good probe 01 01 70 01 11 00 91 7541 To overview a history of ping tests 1 2 Select the ping test entry Click History Traceroute The Traceroute table provides a list of configured traceroute test entries By default no traceroute tests are configured To add a traceroute test see Add delete a traceroute test below Per traceroute test entry following information is shown in the table gt gt gt gt an intuitive Test name of the traceroute Test the traceroute test entry Owner the traceroute Target Address host or IP address the traceroute test Status being either gt Stopped gt In Progress Select a traceroute test entry to gt gt Modify traceroute test properties Perform a traceroute test and view test results and history see traceroute tests and results Delete the entry see Add delete a traceroute test S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Add delete a traceroute test Modify traceroute test properties traceroute tests and results E DOC CTC 20051017 0151 v1 0 To add a
106. ges Introduction As the SpeedTouch Web pages are controllable from any Operating System with an installed Web browser the method to establish PPP sessions described later can be used on any computer system For more information on Internet connection setup refer to the provided Installation and Setup Guide starting an Internet Proceed as follows to start an Internet session session 4 Open a Web browser on your computer and browse to the SpeedTouch Web pages see 1 2 1 Access via the Web Interface on page 7 for more information Speedtouch Administrator Help Home SpeedTouch SpeedTouch quay e Information Broadband Connection Product Name SpeedTouch XXX Software Release X X X X Toolbox Broadband Connection s Internet Disconnected Office Network Toolbox Expert Mode e Remote Assistance Disabled e Game amp Application Sharing e Firewall Disabled e Web Site Filtering Office Network E Ethernet Unknown 00 0d 88 4f a8 f6 EE THOMSON BRAND The SpeedTouch home page appears by default 2 Click Connect at the appropriate broadband connection f You might be requested to enter your user name and password The SpeedTouch embedded PPP dial in client establishes the Internet connection 3 Browse the Web Monitoring your You can view and monitor your connection to the Internet as long as the session is Internet connection running via gt The SpeedTouch
107. gress mirror port None Click Apply to commit configuration changes The Managed Switch page consists of two sections gt Managed Ethernet Switch gt provides an overview of each individual Ethernet port gt Allows per Ethernet port to configure some Ethernet port properties gt Mirror Configuration allows you to configure port mirroring and traffic capturing Managed Ethernet Under Managed Ethernet Switch you can select a port to change Switch gt State Allows you to enable disable the interface gt Speed Duplex Select either gt auto Auto negotiation of Ethernet communication speed 10Mb s or 100Mb s and Duplex mode half duplex or full duplex gt 10BaseTHD 10Mb s communication speed in half duplex mode gt 10BaseTFD 10Mb s communication speed in full duplex mode gt 100BaseTHD 100Mb s communication speed in half duplex mode gt 100BaseTFD 100Mb s communication speed in full duplex mode EN Speedtouch Chapter 5 Expert Configuration Chapter 5 Expert Configuration Mirror Configuration Port mirroring allows monitoring from one port called mirrored port to another port called mirror capture port This functionality allows any port s Ingress and or Egress traffic to be monitored to a pre defined mirror capture port Depending on your configuration you can mirror from mirror port to mirror capture port gt The outgoing traffic gt The incoming tra
108. guration Interface LocalNework Start Address Damm 0000 End Address EA Subnet Mask 255 255 2550 Server fisz1681284 0 Gateway 2168 1254 00 Primary DNS hazas s Secundary DNS booo o Primary WINS booo o Secondary WINS booo oo Lease Time Infinite Always give same address to si DHCP clients Apply Cancel S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Components of the DHCP Pool page E DOC CTC 20051017 0151 v1 0 gt Chapter 4 Basic Configuration The following settings are available for configuration Interface The SpeedTouch interface to which the DHCP pool applies Start Address The start IP address of the DHCP server s address pool End Address The end IP address of the DHCP server s address pool 4 Both the start and end IP address define the IP address range used by the DHCP server to assign leases Subnet Mask The subnet mask of the DHCP server s address pool Server The SpeedTouch IP address used as DHCP server address Gateway The IP address that will be assigned to the DHCP clients as their default gateway Primary DNS The IP address of the primary DNS server Secondary DNS The IP address of the secondary DNS server Primary WINS The IP address of the primary WINS server Secondary WINS The IP address of the secondary WINS server Lease Time The time for which the DHCP client is allowed to use the assigned IP address 4 If y
109. gure The Configure page gives you an overview of the devices that are currently connected to the SpeedTouch network If you want to gt Get more information on a specific device click on the name of the device See 4 6 2 Device Settings on page 84 for more information gt Edit a device from the Detected Device s list click Edit gt Delete a device from the Detected Device s list click Delete Once a device connects to the SpeedTouch network it will remain listed in the Detected Device s list until you delete it EN Speedtouch Basic Configuration Chapter 4 Chapter 4 Basic Configuration 4 6 2 Accessing the device settings page Overview Device Settings Proceed as follows 1 In the Office Network menu click Devices 2 In the Detected Device s list click the name of the device you want to view The Overview page displays the following items gt Information allows you to view gt Status shows whether the device is currently connected to the SpeedTouch network gt Type shows the device type gt Connected To shows the interface to which the device is currently connected gt Addressing allows you to view gt Physical Address shows the MAC address of the device gt IP Address Assignment shows whether the device is using a static or dynamic IP address gt IP Address shows the current IP address of the device gt Always use the same addres
110. he same address indicates whether the wireless client has a static DHCP lease or not DHCP Lease Time displays the time for which the wireless client can use this IP address gt Connection Sharing Gives you an overview of the games or services that are currently assigned to this device Click the name of the game or service to view the used port mappings For more information see 4 5 4 Game or Application Definition on page 62 On the Configure page you can gt Change the device information gt Assign a static DHCP server lease to this device by selecting the Always use the same address check box gt Allow a game or service running on this device to be initiated from the Internet Speedtouch Chapter 4 Basic Configuration Chapter 4 Basic Configuration 4 6 5 Availability Accessing the Access Point settings Overview Details Access Point Settings This page is only available on SpeedTouch devices equipped with a wireless access point Proceed as follows 1 In the left menu click Office Network 2 Under Wireless click the name of the Access Point you want to view or configure The Access Point names have the following format WLAN Network Name for example WLAN SpeedTouch123456 The Overview page displays a brief overview of the current configuration The Details page displays a more detailed overview of the current configuration Under Configura
111. he various parameter fields in the VPN Client web page Select the IKE Authentication method Either Preshared Key or Certificate Authentication can be selected Select the Start Mechanism Either manual dial in or Automatic Start Always On can be selected Click Add to confirm the data and Save All to save the configuration S D e d tO U C n E DOC CTC 20051017 0151 v1 0 5 3 The SpeedTouch as VPN Server Configuration procedure E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration VPN Server In a VPN client server scenario the VPN server is always the responder in the IKE negotiations Various VPN clients can dial in to a VPN server since it supports multiple simultaneous VPN connections A VPN server does not know a priori which remote Security Gateway will attempt to set up a VPN connection In time new users may join the VPN It is an advantage that the SoeedTouch VPN server requires no modifications to its configuration when new clients are added to the VPN The SpeedTouch can establish a secure connection with any Remote Gateway that meets the VPN settings regardless its location in the public network The use of the Extended Authentication protocol can optionally be configured In this case a list of authorized users is composed and stored in the SpeedTouch Perform the following steps to configure your VPN server 1 Select VPN gt VPN Server 2 Fill out the various parameter fi
112. heckbox A shaded box means that only part of the component will be installed To see what s included in a component click Details Components MI WP MSN Explorer 135MB A Networking Services 0 3 MB O 24 Other Network File and Print Services 0 0 MB M E Update Root Certificates 0 0 MB v Description Contains a variety of specialized network related services and protocols Total disk space required 0 0 MB Gest Details Space available on disk 2386 9 MB 5 In the Networking Services window select Universal Plug and Play or UPnP User Interface and click OK Networking Services To add of remove a component click the check box A shaded box means that only part of the component will be installed To see what s included in a component click Details Subcomponents of Networking Services O ERIP Listener 0 0 MB O 24 Simple TCP IP Services 0 0 MB amp Universal Plug and Play 0 2 MB Description Allows your computer to discover and control Universal Plug and Play devices Total disk space required 0 0 MB Space available on disk 2387 9 MB 6 Click Next to start the installation and follow the instructions in the Windows Components Wizard Z Atthe end of the procedure the wizard informs you that the installation was successful Click Finish to quit S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Adding IGD Discovery and Control E DOC CTC 20051017 0151 v1 0 Chapter 7 Troubleshooting
113. i ot Max highest queue burst E Quality of Service allows specifying a connection service guarantee via a set of connection parameters Throughout the network this set of connection parameters will be used to handle the connection data in a way to achieve the connection service guarantee This handling includes reserving bandwidth priority based queuing scheduling modifying data characteristics Examples of connection parameters include the maximum amount of bandwidth that may be used the guaranteed amount of bandwidth that will always be available the maximum delay the data can experience throughout the network a priority indication The IPQ0S menu consists of following sections gt Configuration gt Queues gt Meter speedtouch Chapter 5 Expert Configuration Configuration The Configuration page allows you to configure IPQosS for a given destination interface for the IPQ0S queues instantiation When enabling or disabling IPQoS take the following into account gt if the WAN interface for example PPPOA IPoA is detached at the time of enabling disabling IPQoS then the WAN interface has to be attached in order for the enabling disabling of IPQoS to take effect gt if the WAN interface is attached at the time of enabling disabling IPQoS then the WAN interface has to be detached and then re attached in order for the enabling disabling of IPQoS to take effect The following settings are avai
114. ic b 255 255 255 255 32 127 0 0 1 loop U e 1927 168 1 254 92 127 0 0 1 loop U e 10 0 0 156 32 127 0 0 1 loop U be 1927 168 2 254 92 5 127 0 0 1 loop U E 192 165 3 254 32 127 0 0 1 loop U e 127 0 0 1 52 127 0 0 1 loop U e 192 166 3 0 24 192 1656 3 254 guesti U e Lo3 16ep 2Dd24 197 166 2 254 dmz1 U e 192 168 1 0 24 197 166 1 254 lant U e L0D 0 Dd24 10 0 0 138 lani U e 224 0 0 0 4 192 168 1 254 lanl U Use the input fields below to change the selected entry Click Apply to commit changes Click Delete to remove the selected entry IP routing properties Destination 192 168 3 254 92 0 Label a Gateway hann Interface Metric OO Similar to the IP address table a number of IP Routes are pre configured Other routes are either added via adding an IP address manually or via the address negotiation of a Packet Service connection session e g for Routed PPPoA s or Routed PPPoE s IPCP via the DHCP client e g for Routed Ethernet MER via pre configuration for example for Routed IPoA or by the Routing Information Protocol To add an IP route 1 Click New in the bottom row of the table 2 Specify the Destination IP prefix 3 If needed select a packet classification routing Label in case the route applies for classified packets 4 Either specify the IP address of a directly connected Gateway OR select the Interface to which the route should apply mutually exclusive 5 Click Apply
115. ich arriving packets on this interface should be assigned In VLAN enabled mode this is only applicable for untagged packets 5 Select the default Priority to be used for tagging outgoing VLAN packets on this interface 6 Mark the Ingress Filtering checkbox to filter out VLAN tagged packets that arrive on an interface that has not the same VID as the packet D Mark the Accept VLAN only checkbox to no longer accept packets arriving on this interface without a VLAN tag 8 Choose your preferred Priority configuration from the list This will make the SpeedTouch to map the priority indication in the VLAN packet IEEE 802 1p value to an internal priority class This internal class can be taken into account in other modules of the SpeedTouch gt Disabled to not perform priority mapping gt Overwrite to set the VLAN priority indication as the internal priority 9 Click Apply 4 The parameters that are marked with an asterisk are only applicable when the SpeedTouch Ethernet bridge is in VLAN enabled mode Next to transparent bridging the SpeedTouch is also capable of operating in a full VLAN ID aware mode By using VLAN tagging it is possible to make distinction between different virtual networks residing on the same physical Ethernet segment and as such define different properties for them On the VLAN page there is an overview of all VLANs that are defined in the SpeedTouch through the Virtual LAN pages and
116. ich time limit the PPP connection is released Otherwise stated if no traffic passes over the PPP connection for Idle Time the connection is closed gt Authentication allows you to select the default PPP authentication mechanism when starting the PPP session Via the drop down box three authentication methods can be selected for the connection gt Auto default Preferably the CHAP Challenge Handshake Authentication Protocol will be used However if not successful PAP Password Authentication Protocol authentication is used instead If in turn PAP fails the connection will NOT be authenticated gt CHAP CHAP authentication is forced If not successful the connection will NOT be authenticated b PAP PAP authentication is forced If not successful the connection will NOT be authenticated gt Local IP and Remote IP During PPP session setup IP addresses are negotiated Typically at the client side these fields are left empty This forces the client to ask the server for addresses To setup the SpeedTouch as PPP server you are able to supply suitable values according your network configuration gt Primary DNS and Secondary DNS During PPP session setup the BRAS will normally provide the DNS server IP addresses Typically at the client side these fields should therefore be left empty In cases where the DNS server IP addresses are not provided by the BRAS or to setup the SpeedTouch as PPP server you are abl
117. is user can perform any service via any access channel from WAN origin only Administrator This user can perform any service via any access channel from LAN or Local origin only LAN_Admin This user can perform only LAN related configurations via any access channel from any origin Poweruser This user has access to the GUI Service overview page via HTTP or HTTPS access channel from LAN origin only E DOC CTC 20051017 0151 v1 0 S D e d tO U C n 77 Chapter 4 Basic Configuration WAN_Admin User Speedtouch This user can perform only WAN related configurations via any access channel from any origin This user has access to the GUI Overview pages remote assistance via HTTP or HTTPS access channel from LAN origin only This user does not have any privileges E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration 4 5 14 Edit User Editing a user account E DOC CTC 20051017 0151 v1 0 Proceed as follows 1 In the Toolbox menu click User Management 2 Under Local User Data click the name of the user you want to edit M Edit User This page allows you to edit the user settings Besides resetting your password you re not allowed to change your own settings If you want to have your settings changed ask someone with higher privileges e User definition Mame Jon Administration Privileges User Reset Password Apply Cancel The Edit User page appears
118. isation might ask for a user name and password on an Internet welcome page gt Dial in access Access must be explicitly established that is by dialling into a Broadband Remote Access Server BRAS Depending on the SpeedTouch configuration dial in access is provided via the SpeedTouch s Routed PPPoA or Routed PPPoE packet services with embedded PPP client Connection protocols The applied connection protocol model depends on the service profile you selected to configure the SpeedTouch and should correspond with the Service Provider s requirements If for instance your ISP provides PPPoE you should configure PPPoE You can find more information on connection protocols in the Internet Connection Configuration Guide Dial in clients There are different ways to dial in depending on the operating system on your computer and your preferences Dial in method canbeusedonfollowing For more information Operating system Embedded PPP dial in client Dial in client on Windows Mac unix 3 1 SpeedTouch embedded pages other Web Pages Windows XP UPnP Windows XP 3 2 Internet Gateway Internet Gateway Device Control Agent Device on page 33 EN Speedtouch Chapter 3 Internet Connectivity Dial In Clients Embedded PPP dial in clients Broadband host PPPoE dial in clients The Speed Touch s embedded PPP dial in client allows you to establish an Internet connection for computers
119. ity gt E DOC CTC 20051017 0151 v1 0 Security disabled default No security the data will not be encrypted no authentication process will be used WEP Wired Equivalent Privacy Traffic between the SpeedTouch and the clients is encrypted by sharing a pre defined 64 bit or a 128 bit Network key for secure communication with legacy 802 11b clients The default 64 bit hexadecimal WEP key is printed on the identification label located at the bottom of the SpeedTouch and is unique for each device WPA PSK Wi Fi Protected Access Pre Shared Key The highest form of security available for home users Make sure that your wireless client and client manager are compatible with it The default WPA Personal pass phrase is printed on the identification 7 label located at the bottom of the SpeedTouch and is unique for each device The WPA Personal pass phrase must consist of 8 to 63 ASCII characters or 8 to 64 HEX digits gt Wi Fi Protected Access WPA Encryption WPA is the highest form of security available but make sure that your wireless client and client manager are compatible with it If you want to use this level of encryption you must have a RADIUS Remote Authentication Dial in User Service server installed on your network Wireless access points may already have been configured during the Home Install Wizard If you change wireless settings wireless clients will be disconnected In this case you need to reco
120. k gt New to add a new destination with the new settings next to the existing one gt Apply to apply the changes to the existing destination gt Delete to remove the destination from the list of destinations destinations to re enable forwarding of syslog messages click Activate Click Deactivate to withdraw all forwarding of syslog messages for all Following priority facilities are possible for a syslog message generated by the SpeedTouch The facilities are listed by descending priority each followed by notation priority value gt Kernel messages kern 0 User level messages user 8 Mail system mail 16 System daemons daemon 24 Authorization messages auth 32 Syslog daemon messages syslog 40 Line printer subsystem lpr 48 Network news subsystem news 56 UUCP subsystem uucp 64 Clock daemon cron 72 Security messages security 80 FTP daemon ftp 88 NTP subsystem ntp 96 Log audit audit 104 Log alert alert 112 Clock daemon clock 120 v v yv Y Y Y Y Y Y Y Y Y Y Yy ww p Local use messages local0 local7 128 184 Following priority severities are possible for a syslog message generated by the SpeedTouch SpeedTouch The severities are listed by descending priority each followed by notation priority value gt Emergency conditions system unusable emerg 0 Alert conditions immediate action is needed alert 1 Critical conditions crit
121. l office Related Tasks A Learn about wireless networking iy Change the order of preferred networks pe Change advanced settings In the Choose a wireless network list select the SpeedTouch wireless network and click Connect The following window appears Wireless Network Connection You are connecting to the unsecured network SpeedTouchECB3BD Information sent over this network is not encrypted and might be visible to other people For other Operating Systems the wireless client will in most cases be configured via dedicated client managers Speedtouch Chapter 2 Local Network Setup Chapter 2 Local Network Setup 2 2 3 Introduction Security settings Network Name SSID Wireless Security Since the SpeedTouch wireless environment is a radio environment precautions must be taken to ensure that your wireless network is safe from malicious intruders To secure your wireless network the following wireless access point settings can be personalised gt Your Network Name SSID gt ACL setting gt Data encryption To personalise the wireless security settings on your SpeedTouch Go to the SpeedTouch Web pages In the menu select Home Network Click your WLAN In the upper right corner click Configure ao P A M On the Wireless Access Point page you can modify the Security settings e Security Broadcast Network Name Allow New Devices New stations
122. lable gt Name The destination interface for the IPQoS queues instantiation gt State Disable or enable IPQoS for the interface gt Discard Determines the packet discard strategy in case of congestion Choose between gt tail Tail Drop arriving packets will be dropped as soon as the destination queue is in an overflow state gt early Early Packet discard arriving packets will be dropped early according to the BLUE active queue management algorithm gt Priority Select the sub queue priority algorithm Choose between gt wed Weighted Fair Queuing WFQ is used for the four AF queues The realtime queue has priority over the WFO queues which have priority over the best effort queue gt strict Priority queuing is used Strict Priority scheduling is used between all queues The higher the queue number the higher the priority gt wrr Weighted Round Robin WRR is used for the four AF queues Each queue is scheduled in turn with a circular round wrapping gt WFQ queue Weight A number between 1 and 97 Represents the weight of the queue used for WFQ or WRR gt Max highest queue rate Represents a percentage of the interface bandwidth for rate limiting of the Real Time queue In case of congestion the Real Time queue will only use this percentage of the interface bandwidth when there is also traffic on the other queues This prevents other queues from starvation when the highest
123. lowed by the firewall Although BlockAll should block all connections some mandatory types 7 of traffic such as DNS will still be relayed between LAN and WAN via the SpeedTouch The firewall levels only have impact on the forward hook This means that the handling of traffic from and to the Web pages of the SpeedTouch is independent of the selected firewall level Protocol checks will be performed on all accepted connections irrespective of the chosen level You can only disable protocol checks via the CLI To view the details of the currently active security level 1 2 In the Toolbox menu click Firewall Click the Details link Following information is provided per rule that is part of the security level gt gt gt The name of the rule The Action that is applied on the traffic when the rule is valid The Source and Destination interface or IP address range to which the rule applies The protocol or SpeedTouch Service for which the rule applies The number of Hits number of times that the rule was applied to traffic Proceed as follows OO OU bh WN In the Toolbox menu click Firewall In the upper right corner click Configure In the Pick a task list click Create a new Security Level In the Name box type a name for the new security level Choose an existing security level to clone from Click Apply Proceed as follows 1 2 3 In the Toolbox menu click Firewall In the upper
124. ly a routed PPPoE Relay scenario Interface Destination State Le wand bridge connected b dmzi bridge connected Le guest bridge connected Click New to create a new entry S D e d tO U C n E DOC CTC 20051017 0151 v1 0 0 4 7 Creating a new Routed IPoA Ethernet Interface Generated IP routes E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration Routed IPoA To add a new Routed IPoA Ethernet interface proceed as follows 1 2 Click New Following fields become available gt Interface Name Is a name that has local significance only and allows to reference a particular Routed IPoA interface gt Local IP Address Is an IP address that must be configured on the local Routed IPoA Ethernet interface and is provided by your ISP or system administrator gt Remote IP address Is an IP address that is configured on the device connected at the remote end of the ATM virtual channel and is again supplied by your ISP or system administrator gt Destination Network This input field allows to specify all networks 0 0 0 0 0 a summarized network e g 20 0 0 0 24 20 0 1 0 24 20 0 2 0 24 and 20 0 3 0 24 can be summarized into 20 0 0 0 22 or a specific network e g 20 0 0 0 24 Additional networks can be specified via entries in the forwarding table In the Interface box type a unique interface name In the Destination list select the interface you want to use for this connection
125. m internetpolicy htm in the Redirect box Click Add Type the URL of the Web site you want to redirect to for example mycompany com internetpolicy htm in the Web Site box Click Allow in the Action list Click Add Configure content Under Content Based Filtering you can based filtering settings p gt gt E DOC CTC 20051017 0151 v1 0 Enable disable content based filtering Allow block uncategorized Web sites Select a content level in the Content Level list 4 To change a content level definition click the Edit link of the content y level you want to change For more information see 4 5 8 Content Level on page 69 speedtouch Chapter 4 Basic Configuration Chapter 4 Basic Configuration 4 9 Accessing this page Web Filtering Activation page Standard license activation Web Filtering Activation Proceed as follows 1 In the Toolbox menu click Web Site Filtering 2 In the Pick a task list click Activate Web Filtering License This page you can gt Activate a Web Filtering evaluation license gt Activate a free 30 days Web Filtering evaluation license Proceed as follows 1 Click Standard 2 In the License Key box type the license key provided by your ISP 3 Click Apply S D e d tO U C n E DOC CTC 20051017 0151 v1 0 4 9 8 Accessing the Content Level page Overview Configure E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configu
126. may be necessary in cases where multicast messages can not be sent or received among the network S D e d tO U C n E DOC CTC 20051017 0151 v1 0 0 3 6 Overview Interfaces Mappings E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration NAT The NAT menu consists of following sections Interfaces gt Mappings gt Templates The Interface page allows you to enable disable NAPT on a specific interface Interface Group NPT State loop local Disabled UF IS Internet wan Enabled DOWN fe land lan Disabled UF IS wand wan Enabled BOOT C dmzi1 drz Disabled UF KI guest quest Disabled UF Proceed as follows to enable disable an interface 1 Select the interface that has to be enabled disabled 2 Click Save All to make the settings permanent The Mappings page allows you to map one or more private IP addresses into one or more public IP address on a specific interface Depending on your needs following fields are available gt Interface The name of the IP interface that needs to be NAT ed gt Protocol The IP protocol on which address translation has to be applied This allows the SpeedTouch to link specific traffic protocol dependent to a chosen private host gt Outside address The outside typically public IP address es gt Inside address The inside typically private IP address es b Access list You can use the access list to define the address es that are
127. me box type the Connection Service Name 3 In the Address box type the Virtual Channel Identifiers VPI and VCI for example 8 35 4 Click Apply There are a few limitations on names gt A phonebook name cannot have spaces gt The name INCOMING is reserved for internal use gt For entries of connection service type PPPoA planned to be used for the Relayed PPPoA packet service the phonebook name may not start with capital P or T Microsoft Windows OS restrictions gt Phonebook entries with a name starting with DHCP are reserved for the PPP to DHCP spoofing feature of the SpeedTouch S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Virtual Channel The address format is vpi vci e g 8 35 or vpi vci e g 8 35 Identifiers VPI and VCI VPI Virtual Path Identifier and VCI Virtual Channel Identifier are two parameters identifying ATM Virtual Channels It is the responsibility of the network operator to provide end to end connectivity throughout the network on these virtual channels Due to regional differences or because of the specific policy of your local operator specific VPI VCI values may be required In this case the network operator ISP or corporate administrator will provide the correct values The VPI can range from 0 to 15 VCI from 32 511 QoS Book The QoS Book table displays following parameters gt Name The name of the new Oo entry txctd The name of the Connection T
128. more than one language is available 3 D aa d to UC he E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration 4 1 3 Navigation Bar Navigation bar The navigation bar is located at the top of the page and allows you to gt View the current user name Click this name to change your password or switch to another user gt View the current position on the SpeedTouch Web interface gt Get context related Help information Display level Depending on the page you are viewing the following buttons will be available gt Overview to view a summary of the current status or configuration gt Details to view more detailed information on the current status or configuration gt Configure to change the current settings EN Speedtouch Chapter 4 Basic Configuration 4 1 4 Notification Area Notification area The notification area is located under the Navigation Bar and is used to display gt Error messages indicated by a red traffic light gt Warnings indicated by an orange traffic light gt Information indicated by a green traffic light If none of these events occur the notification area will not be shown D ce d to UC he E DOC CTC 20051017 0151 v1 0 4 1 9 Tasks E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration Tasks To allow a quick configuration of your SpeedTouch some pages may offer you a number of related tasks in the Pick a task list The
129. mz Any wan Any D 0 i WANToDMZ accept Any wan Any drz Any D 0 iY DMZToDM2Z accept Any dmz Any dmz Any 0 LZ ToTunnel accept Any Any Any tunnel Any Li 0 ai FromTunnel accept Any tunnel Any Any Any D D speedtouch 171 Chapter 5 Expert Configuration Buttons Click gt Customize to create a new firewall level starting from the selected firewall level For more information see Creating a firewall rule on page 173 gt Set Active to activate the selected firewall rule Q To save the new configuration click Save All Loose UDP tracking If this check box is gt Selected The source port of the original UDP connection is opened for all hosts which want to connect to this port This can be configured for example for gaming to allow the client to 7 receive information from other players of the same online game loose udp tracking should be configured to allow incoming packets on the port that was used to start the communication with the server gt Cleared Only returning UDP streams belonging to the same connection are allowed Game amp Application Select this check box to allow the firewall to open ports for games and application Sharing Allowed sharing in order to use applications like Peer to Peer file sharing Prob Internet Games Web serving FTP serving WebCams IRC DDC and Instant Messaging such as AIM ICO Yahoo and MS Messenger Proxying allowed Select this check box to allow the firewall
130. n Clients Internet connection Status t Internet Connection Status General Internet Gateway Status Duration Speed Activity Internet Internet Gateway BI Ki Bytes Sent 3 579 037 Recened 4 155 677 As long as the SpeedTouch embedded PPP dial in client is connected you can view the connection status and some counters by double clicking the Internet Connection icon in the Network Connections window Connected 00 01 16 3 3 Mbps Mu Computer 5 606 200 12 502 062 Terminating an Internet session 4 2 Disconnect Proceed as follows to terminate an Internet session In the Windows taskbar click Start Select Settings gt Control Panel gt Network and Internet Connections gt Network Connections In the Network Connections window right click the Internet Connection icon and select Disconnect to close the session 4 You can also double click the icon Then the Internet Connection 7 Status window will appear on which a Disconnect button is available to close the session The SpeedTouch embedded PPP dial in client will close the Internet connection The Internet Gateway icon displays Disconnected and your computers are offline E DOC CTC 20051017 0151 v1 0 Speedtouch Embedded Basic and Expert Mode speedTouch documentation E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration Basic Configuration The SpeedTouch comes with embedded We
131. n is only activated if you explicitly Dial in gt dial on demand the session is automatically started as soon as outgoing traffic has been generated gt Link the actual PPP link status being either gt idle no PPP link set up gt connecting PPP link set up pending gt connected PPP link set up gt empty in case of an idle listening PPP connection gt State the PPP connection interface state being either gt up WAN connectivity on this interface achieved gt down no WAN connectivity achieved yet To start an idle PPP session 1 Select the applicable PPP connection with Link idle 2 Type edit the Password for the user name 3 Select whether the password should be saved or not 4 Click Dial in to apply your changes and start the PPP connection session To stop an active PPP connection session with Link connecting or connected 1 Select the applicable PPP connection 2 Click Hang up to stop the PPP connection session S D e d tO U C n E DOC CTC 20051017 0151 v1 0 9 2 4 Diagnostics Overview The Diagnostics page provides in depth information counters and statistical data E DOC CTC 20051017 0151 v1 0 on the SpeedTouch system settings and its LAN and WAN connections The diagnostics are broken down into three expandible categories gt System gt LAN gt WAN E Expand All E Collapse All System 0O W I Ethernet E E E A o e wW an Connections Fd IP Connecti
132. n the United States and or other countries gt Apple and Mac OS are registered trademarks of Apple Computer Incorporated registered in the United States and other countries gt UNIX is a registered trademark of UNIX System Laboratories Incorporated gt Adobe the Adobe logo Acrobat and Acrobat Reader are trademarks or registered trademarks of Adobe Systems Incor porated registered in the United States and or other countries gt Netscape and Netscape Navigator are registered trademarks of Netscape Communications Corporation Other brands and product names may be trademarks or registered trademarks of their respective holders Document Information Status January 2006 Reference Short Title User s Guide ST605 608 WL 620 R5 4 Speedtouch Contents E DOC CTC 20051017 0151 v1 0 1 1 1 2 1 2 1 1 2 2 1 2 3 1 2 4 2 1 2 2 2 2 1 2 2 2 2 2 3 2 2 4 Z 2 0 3 1 3 2 About this User s Guide ccccceeccseeeseeeeeeeesaeeeans 1 Getting to know your SpeedTouch cccecseceeees 3 SpeedTouch LED Behaviour nee EEN ENEE EEN EN 4 Accessing your SpeedTouch eene NENNEN NENNEN EEN ENEE ENEE EEN 6 ACCESS Via IN Wep Ra En ACC E 7 PCC E U E E E 8 EE Eege 10 Remote FAS SIo ne 13 Local Network Setup c ccccecssesseeceesseseeeeeeseeeaeees 15 Wired Ethernet E 16 Wireless Ethernet E 17 WV TENE e 18 Connecting Wireless Clients for the First TIME c
133. n your Applications page SpeedTouch Each game or application can be assigned to a device on your local network Game or Application ABC Another Bittorent Chent 4qe of Empires Age of Mythology AIM Talk Aliens vs Predator America s Army AZUreuUs Bay YPN BearShare BitTorrent Black and White Call of Duty Call of Duty United Offensive CarbonCopy32 Castle Wolfenstein Championship Manager 03 04 Checkpoint Fwi VPM Command and Conquer Generals command and Conquer Zero Hour Counter Strike Cu SeeMe Cornell Cu SeeMe White Pine 3 1 2 and 4 0 Dark Reign 2 Default Server Delta Force Destroyer Command Diablo II Direct Connect Direct 7 Directs 6 Directs 9 Pooma Dune 2000 Dungeon Siege eDonkey Elite Force eMule Enemy Territory Everquest r l Tel e ss de If you want to Defined Games amp Applications This page summarizes the games and applications defined on your SpeedTouch Each game or application can be assigned to a device on your local network Assigned to Mode Client Server Server Client Server Server Client Server Server Client Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server CH we enn mm re m oa m EE m m m jet m EL m St m eu
134. nfiguration Wizard and follow the instructions appearing on the sereen Service Name e Time Configuration 4uto configuratian Date dd mm yyyy Time hh mm ss Timezone Summer Time e System Configuration Web Browsing Interception If you want to gt Reconfigure your SpeedTouch Routed PPPoE on 0735 and 6 35 Click Configuration Wizard under Service Configuration For more information see 4 3 2 SoeedTouch Easy Setup on page 45 gt Configure the time settings of your SpeedTouch gt Select Auto configuration if you want the SpeedTouch to use a time server to synchronise its clock to a dedicated time server gt Clear Auto configuration to manually configure the SpeedTouch time settings gt Disable enable Web browsing interception or set it to automatic In the Web Browsing Interception list click the Web browsing interception setting of your choice If you disable Web browsing interception or set it to automatic you will not be able to use Web Site Filtering Click Apply to apply and save your settings Speedtouch Chapter 4 Basic Configuration 4 3 9 Introduction Accessing the Backup amp Restore page Saving your current configuration Restoring a previously saved configuration Back up amp Restore The Back up amp Restore page allows you to gt Save your current configuration gt Restore a previously saved configuration
135. nfiguration is split up in two sections gt Relay Config To add delete and configure a DHCP relay server on a certain interface Relay Interfaces To enable disable and define the behaviour of the DHCP relay agent per configured interface The Relay Configuration table allows you to add or delete additional DHCP relay agents for a specific interface To create a new DHCP relay agent 1 2 3 Click New In the DHCP relay server box type the IP address of the DHCP server In the Interface list click the appropriate relay interface click None to indicate no interface is specified In the Gateway Address giaddr box type the Gateway IP address to be used for the giaddr field in relayed DHCP packets Click Apply The Relay Interfaces table allows you to configure interface specific DHCP relay settings as gt Enable disable the DHCP relay server gt The maximum number of hops allowed for relayed DHCP requests and replies as indicated in the DHCP packet gt Defining whether to forward trusted or to drop not trusted DHCP request packets when a DHCP relay agent info option is present and the Gateway IP address field is 0 as specified in RFC3046 gt Define the remote ID as specified in RFC3046 to allow the DHCP relay agent to relay DHCP responses to the proper network S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration DHCP Client Dynamic interfaces are cre
136. nfigure the wireless clients before you can connect to the Internet again Speedtouch 23 Chapter 2 Local Network Setup 2 2 4 Preconditions security issues Registering wireless clients Registering clients via Web pages Connecting Additional Wireless Clients Make sure that gt The SpeedTouch is turned on and ready for service gt The SpeedTouch has been configured as DHCP server default gt The wireless client adapters have been installed on all the computers you want to connect to the WLAN gt Depending on the personalised wireless settings gt Make sure you use the same encryption or security level on the client as on your SpeedTouch If for instance WPA PSK is enabled on the SpeedTouch you must also configure the wireless client to use WPA PSK and configure the same WPA PSK pass phrase gt If the Network Name SSID is not broadcast you must configure the wireless client for the SoeedTouch Network Name Refer to the documentation of your wireless client for more information gt Ifthe SpeedTouch ACL settings are set to gt New stations are allowed automatically your device can access the SpeedTouch WLAN without additional configuration gt New stations are allowed via registration you have to register your wireless client s For more information see Registering wireless clients on page 24 gt New stations are not allowed you have to search for
137. ng transmission between client and AP in the air the information in the packets is encrypted To enable level WEP 1 Select Security Level 1 WEP 2 In the Type list click the desired Data Security level either 64 bit or 128 bit and Alphanumeric or Hexadecimal 3 In the Encryption key box type a Network key of your choice In case of gt 64 bits Alphanumeric The 40 bits Network key must consist of 5 alohanumeric characters gt 64 bits Hexadecimal The 40 bits Network key must consist of 10 hexadecimal digits gt 128 bits Alphanumeric The 104 bits Network key consists of 13 alphanumeric characters gt 128 bits Hexadecimal The 104 bits Network key consists of 26 hexadecimal digits A Click Apply to immediately apply your changes WPA PSK The SpeedTouch supports WPA PSK which has 3 improvements regarding to WEP gt Authentication via a 4 way handshake to check whether the Pre Shared Keys PSKs are the same gt Stronger encryption types gt Temporal Key Integrity Protocol TKIP default Instead of using a fixed WEP key TKIP uses in pairs temporary session keys which are derived from the PSK during the 4 way handshake For each packet it uses a different key TKIP also provides a message integrity check MIC and a rekeying mechanism in seconds gt Advanced Encryption Standard AES State of the art encryption can only be used if all wireless devices in your WLAN support AES gt
138. nication from eavesdropping WEP relies on a secret key that is shared between the wireless client for example a laptop with a wireless Ethernet card and the SpeedTouch The fixed secret key is used to encrypt packets before they are transmitted Meaning during transmission between client and AP in the air the information in the packets is encrypted A If your wireless client s support s WPA PSK we recommend you to use 7 WPA PSK because WEP encryption has been proven to have some security issues To enable WEP 1 Select Use WEP Encryption 2 In the WEP Key Length list click the desired Data Security level either 64 bit or 128 bit and Alphanumeric or Hexadecimal 3 In the Encryption key box type a Network key of your choice In case of gt 64 bit Alphanumeric The 40 bit Network key must consist of 5 alphanumeric characters EN Speedtouch Chapter 4 Basic Configuration gt 64 bit Hexadecimal The 40 bit Network key must consist of 10 hexadecimal digits gt 128 bit Alphanumeric The 104 bit Network key consists of 13 alphanumeric characters gt 128 bit Hexadecimal The 104 bit Network key consists of 26 hexadecimal digits 4 Click Apply to immediately apply your changes 5 Configure your wireless client s with the same settings WPA PSK The SpeedTouch supports WPA PSK which offers three advantages over WEP WPA Encryption gt Authentication via a 4 way handshake to check wheth
139. o anothersystem software version The System Upgrade section allows you to manage your SpeedTouch s system software and upload or apply a new system software For extended management reasons and roll back scenarios your SpeedTouch provides storage room for two system software packages the active system software the SpeedTouch is currently running and the passive one gt The System software properties table provides information on the active software gt Alink is provided to check for the latest available system software based on the information provided in the System software properties table and your Speed Touch s serial number gt The Software Versions table allows you to overview the currently stored active and passive system software and to gt Upload system software gt Switch to another system software version Proceed as follows 1 Make sure you have a valid system software for your SpeedTouch readily available on your local disk Use the link provided to check for the latest available system software 2 If a Passive system software version is listed click Remove Passive to remove it from the SpeedTouch storage 3 Click Browse to specify the system software file on your local drive you wish to upload 4 Click Upload to upload the system software to your SpeedTouch Uploading system software may take a few minutes Meanwhile do not browse to another SpeedTouch page in o
140. oftware activation key to enable the corresponding software module To acquire a software activation key for activating a SpeedTouch software module proceed as follows 1 2 amp UI Click the name of the software module you intend to activate This link will forward you to the SpeedTouch software activation key web server Follow the instructions for generating and downloading the software activation key If required paste the obtained software key in the Software Activation Code Input display box Click Add to process the software activation key Click Restart to restart the SpoeedTouch This allows the SpeedTouch system software to validate the software activation key and to activate the corresponding module t Important The key is unique for each module and for each Speed Touch device It can not be re used for activating another software module or be copied from or to another SpeedTouch device Once activated the software key can not be disabled anymore via the Add on web page For more information refer to 6 Software Keys on page 185 S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration 5 3 IP Router Overview The IP Router menu consists of the following topics IP Addresses view configure the IP addresses assigned to any of the SpeedTouch interfaces Expressions view configure interface or IP or Service related expressions view c
141. on 4 3 6 Reset to Factory Defaults Introduction The Reset to Factory Defaults page allows you to reset the SpoeedTouch to return to the initial configuration of your SpeedTouch All your changes will be deleted The following message appears Warning Reset to Factory Defaults You are about to reset your SpeedTouch to factory default settings All active connections will be disconnected Do you want to proceed es reset my SpeedTouch No Resetting the Proceed as follows SpeedTouch factory 4 Inthe left menu click SpeedTouch aerate 2 In the Pick a task list click Return to Factory Default Settings 3 Click Yes reset my SpeedTouch o If you reset your SpeedTouch to factory default settings all active connections will be disconnected EN Speedtouch Chapter 4 Basic Configuration 4 3 7 Event Logging Recorded Events Category Event Logs The Event Logs page summarizes the last events recorded on your SpeedTouch Event Logging aan This page summarizes the last events that have been recorded on your SpeedTouch Choose a display filter Category LAM S e Recorded Events Time Message 00 23 11 since last boot DHCS server up 00 23 10 since last boot DHCS server went down 00 00 04 since last boot DHCS server up 00 00 03 since last boot WIRELESS interface turned on D D CR a gt aD 00 00 03 since last boot WIRELESS automatic channel selection done ch
142. on upload files Example ftp gt put C MyBackupFiles user ini A configuration file must be uploaded to the dl directory get download files Example ftp gt get user ini Downloading the configuration file must be done from the dl directory quit FTP Speedtouch DI Chapter 1 Getting to know your SpeedTouch FTP file transfer To allow correct file transfers set the transfer mode to binary at the ftp prompt type bin and press ENTER Turn on the hashing option to see the progression of the file transfer At the V ftp prompt type hash and press ENTER Example home doejohn 1 S ftp 192 168 1 254 Connected to 192 168 1 254 220 Inactivity timer 120 seconds Use site idle lt secs gt to change Name 192 168 1 254 doejohn 331 SpeedTouch 00 90 D0 01 02 03 User doejohn OK Password requir ed Password 330 OK ftp gt ftp gt bin 200 TYPE is now 8 bit binary ftp gt ftp gt hash 200Hash mark printing on 8192 bytes hash mark ftp gt cd ol 250 Changed to dl ftp gt put C user ini 200 Connected to 192 168 1 10 port 1271 150 Opening data connection for user ini 226 File written successfully ftp 256 bytes sent in 0 000Seconds 256000 000Kbytes sec ftp gt Quote site command _ All the CLI commands can be executed from within an FTP session Only complete CLI commands in other words the complete command syntax with all the parameters already
143. onfiguration of your SpeedTouch Gateway Address Local Network Remote Network Empty table Use the fields below to add 4 new entry Remote Gateway Address or FQODN Backup Address or FODN IKE Authentication Use Preshared Key Authentication Use Cerificate Authentication Primary Untrusted Physical Interface IKE Exchange Mode Inactivity Timeout seconds 3600 IKE Security Descriptors Descriptor unset Miscellaneous Items marked with are mandatory Perform the following steps to configure your LAN to LAN application 1 On the LAN to LAN web page select either Remote Gateway Address Known or Remote Gateway Address Unknown N Configure the Remote Gateway parameters ER Define the Connection parameters 4 Save the configuration Speedtouch 177 Chapter 5 Expert Configuration The VPN Client page 178 ee Configuration procedure VPN Client The VPN client in the SoeedTouch can replace a software VPN client installed on a computer You can use it for example to connect from your home to your employer s corporate network for tele working The VPN Client page allows you to configure a VPN client that functions in Initiator mode This means that the VPN client takes the initiative to set up a Secure connection to a remote VPN server Perform the following steps to configure your VPN client 1 2 3 Select VPN gt VPN Client Fill out t
144. onfigure packet classification and handling IP Routing view configure the SpeedTouch IP forwarding and routing table view configure the Speed Touch Routing Information Protocol RIP engine NAT vie configure the SpeedTouch Address Translation information base IP QoS view configure the SpeedTouch IP Quality of Service IPQoS engine E DOC CTC 20051017 0151 v1 0 S D e e d tO U C h mm Chapter 5 Expert Configuration 5 3 1 IP Addresses Overview The IP address table shows all IP addresses configured on any of SpeedTouch s interfaces In the table following information is provided per IP address gt The Interface to which the IP address applies gt The IP address Netmask in prefix notation gt The IP address Type being either gt auto in case the address has been automatically assigned by the SpeedTouch at startup or via negotiation gt extra in case of a manually configured IP address gt You can also assign additional new IP addresses to the SpeedTouch see Add change an IP address In case you select an IP address entry you can gt Make changes to the IP address configuration see Add change an IP address and click Apply b Click Delete to delete the IP address Add change an IP To add a new IP address to the SpeedTouch address 4 Click New 2 Select the Interface to which the IP address must apply interface sf Address Netmask Type gt guesti 192 168 3
145. ons Properties table gt Type a Name for the expression gt Type an IP address or an IP address range For negative logic select Not You can define a valid IP address range by gt Typing a subnet e g 10 0 0 0 8 gt Typing a IP address subset range e g 10 1 31 9 11 1 5 gt Using wild cards e g 192 5 3 Click Apply to add the expression to the table The Service section bundles all expressions that express a relation based on services The Expressions table provides following information per expression gt The Name of the expression gt A Summary of the expression s configuration gt For more detailed information you can expand the expression click D To add a new service related expression 1 Click New 2 In the Service Expressions Properties table gt Type a Name for the expression gt Select a Protocol to filter on For negative logic select Not gt Type a Source port from to to define the source port range For negative logic select Not gt Type a Destination port from to to define the destination port range For negative logic select Not 3 Click Apply to add the expression to the table S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration 5 3 3 Classification Overview The Classification page consists of three section gt Labels providing a list of existing packet classification labels and abilities to add modify or delete
146. or disable the service gt Depending on the service either gt Select a Source IP interface gt Type a new Internal TCP UDP port 3 In External TCP UDP Port optionally gt Clear existing External TCP UDP ports if applicable gt Type the port number of an additional external TCP UDP port to add 4 In Allow service via Interface optionally gt Clear existing interfaces if applicable gt Type the name of the additional interface 5 In Accept service from Remote IP optionally gt Clear existing remote IP addresses if applicable gt Type the IP address of the specific remote IP host 6 Click Apply to apply your changes to the SpeedTouch service 4 You must repeat the procedure for each individual External TCP UDP port interface or remote IP address you want to add D ce d to UC he E DOC CTC 20051017 0151 v1 0 speedTouch service types E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration The SpeedTouch service can be of following type Indicates a SpeedTouch service that Client is the originator of an IP connection source IP packets Server is the responder of an IP connection listening to IP packets Peer can be an originator or a responder of an IP connection Proxy is a responder on the LAN side and originator on the WAN side of the SpeedTouch is a responder on one side LAN or WAN and re Originates on the other side WAN resp LAN of the S
147. ou select Always give same address to DHCP clients the lease time will be automatically set to Infinite Always give same address to DHCP clients Select this check box if you always want to use the same IP address for the DHCP clients Speedtouch Chapter 4 Basic Configuration D ce d to UC he E DOC CTC 20051017 0151 v1 0 o Introduction Web GUI overview E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration Expert Configuration The SpeedTouch Expert Mode pages allows for advanced configuration and maintenance of your SpeedTouch device While the Basic pages are mainly constructed to allow you to overview and diagnose the running product and its configuration the Expert Mode pages have been designed to allow in depth configuration of every aspect of your SpeedTouch The following Site Map gives you an overview of all available menus in Expert Mode Speed Touch view information on your SpeedTouch configure or upgrade tt IP Router view configure the SpeedTouch IP interfaces IP routing table and NAT entries Connections view configure a broadband connection Local Networking view configure the Speed Touch DHCP server client the DNS configuration the managed Ethernet switch view configure the Speed lTouch Firewall configure the SpeedTouch for VPN SIP PBX configure the SpeedTouch SIP PBX Back to Basic switch to the Basic Configuration web inte
148. ows 1 In the Pick a task list click Scan for wireless Access Points The SpeedTouch warns you that all associated stations will lose connectivity for a few seconds 2 Click OK The SpeedTouch lists the results in the Accessible Access Points table Go Select the Access Point to which you want to establish a WDS connection 4 Click Apply 5 Configure this Access Point with gt The same WEP key if WEP is enabled gt The same fixed channel Speedtouch Chapter 4 Basic Configuration 4 6 7 Interfaces overview Interfaces The Interfaces page gives you an overview of the interfaces used on your SpeedTouch If you want to know more about the network settings of a specific interface click the name of the interface you want to view Interfaces e LocalNetwork ethporti f100Mbps ethpoarte f100Mbps ethpoarts f100Mbps ethport4 f100Mbps d WLAN SpeedTouchDobgs1 l 54mbps S D e d tO U C n E DOC CTC 20051017 0151 v1 0 4 6 8 Interface Settings Overview The Overview page gives you an overview of the current interface settings Configure Assigning a new IP address to the speedTouch E DOC CTC 20051017 0151 v1 0 Interface LocalNetwork e Interface Information Interface Group lan e TCP IP Configuration Auto IP Disabled Use DHCP Server Enabled e IP Addresses IP Address Mask Type 10 0 0 136 24 Static 192 1668 1 254 24 Static e
149. p 2 2 1 802 11b g Wireless Fidelity Access Point Network Name or SSID Radio channels Wireless Basics gt 802 11b is an IEEE standard operating at 2 4 GHz at a speed of up to 11 Mb s gt 802 11g a newer IEEE standard also operating at 2 4 GHz gives you up to 54 Mb s speed more security and better performance The Wi Fi certification ensures that your SpeedTouch will interoperate with any Wi Fi certified 802 11g and 802 11b compliant wireless device The SpeedTouch Wireless LAN Access Point AP behaves as a networking hub allowing to wirelessly interconnect several devices to the local W LAN and to provide access to the Internet The WLAN s radio link is a shared medium As no physical connection exists between the SpeedTouch and wireless clients a name must be given to allow unique identification of your WLAN radio link This is done by the Service Set ID SSID also referred to as Network Name Wireless clients must be part of this SSID environment in order to be able to communicate with other clients on the W LAN including the SpeedTouch The 802 11g standard allows several WLAN networks using different radio channels to be co located The SpeedTouch supports multiple radio channels and is able to select the best radio channel at each startup You can choose to set the channels automatically or manually The different channels overlap To avoid interference with another access poin
150. packet classification label entries gt Routing Rules allow you to associate a routing label used in IP Routing to a data flow by means of classification rules gt IPQoS Rules allow you to associate an IP QoS label used in IP QoS to a data flow by means of classification rules Labels The Labels section provides an overview of existing packet classification labels Labels Routing Rules f IP GoS Rules Name Classification Class TCP Ack Class TOS Marking b DSP overwrite dscp defclass disabled b Games Increase 10 10 disabled b Interactive increase 5 5 disabled L Management Increase 1 1 disabled b Video increase 10 10 disabled b Von overwrite 14 14 disabled Le default Increase default prioritize disabled Click New to create a new entry The Labels table provides following information per label the packet classification label Name the kind of packet Classification the Class of classification the TCP Ack class whether TOS Marking is enabled or disabled Proceed as follows to create a new label 1 Click New to add a label 2 Fill in all the fields 3 Click Apply v v v v wv E DOC CTC 20051017 0151 v1 0 S D e e d to U C h Ki Chapter 5 Expert Configuration Routing Rules The Routing Rules section provides an overview of the existing routing rules Proceed as follows to create a new rule 1 Click New to create a new rule 2 Fill in all the fields gt Index The index of the l
151. page gives you an overview of the Virtual LANs currently defined on the SpeedTouch It also allows you to add new VLANs and delete existing VLANs Ps Identification Name b 1 default b E Wan b 4 dmz b 5 guest Click Apply to commit changes YLAN properties Name Vid 2 508 To add a Virtual LAN 1 Click New In the Name box type a unique name that describes the use of the VLAN In the VID box enter the unique VLAN ID to be used for this VLAN Click Apply to create the VLAN you have defined oh N Click Save All to make your changes permanent The Virtual LANs that are defined can be used in the Ethernet Configuration pages as described in 5 4 5 Bridged Ethernet Speedtouch 153 Chapter 5 Expert Configuration Chapter 5 Expert Configuration 9 9 Local Networking Overview The Connections menu consists of the following topics DHCP View configure the Speed louch DHCP settings DNS View configure the SpeedTouch DNS settings Managed Switch View configure the Speed Touch Managed Wireless View configure the SpeedTouch wireless access point settings 4 D aa d to UC he E DOC CTC 20051017 0151 v1 0 5 9 1 Overview DHCP Server Server Config E DOC CTC 20051017 0151 v1 0 DHCP The DHCP web page offers three tabs to configure the SpeedTouch s DHCP functionality gt DHCP Server To configure the general behaviour of the SoeedTouch s DHC
152. peedTouch is an assembly of SpeedTouch services Editing such kind of entries will edit all members of that Group Transparent Map uses transparent NAT port mappings Dynamic has been dynamically created or enabled by the SpeedTouch service manager Sibling the service is member of a SpeedTouch Group service Shared uses a protocol port as another existing SpeedTouch service Speedtouch 115 Chapter 5 Expert Configuration 5 2 0 Overview SNTP Client Manual ONTP The Simple Network Time Protocol SNTP web page allows you to configure the SpeedTouch real time clock B r Manual Lech Hamme Z IP Address version Status r 7 1 Click Apply to commit changes SNTP properties Name d IP Address Version 3 The page contains two sections gt SNTP Client b Manual Selecting Manual immediately disables the SpeedTouch SNTP client As a consequence the SpeedTouch real time clock will no longer be periodically synchronised with an Internet time server As long as the SNTP section is selected automatic time synchronisation of the SpeedTouch real time clock by means of the SpeedTouch SNTP client is guaranteed given that NTP servers are configured of course The SNTP table allows you to overview and add delete NTP servers present on the Internet or your local network to which the SpeedTouch real time clock is able to synchronize its time settings with
153. provides an overview and allows you to configure the basic wireless networking parameters for your SoeedTouch wireless access point Access Point Settings Security Gogiil an aia cok Networks Network name SSIDi SpeedToucht 23456 Rate E4 Mbps Interoperability Mode 802 11 b g Channel Selection E Regu Only Fram Wirel latory Domain Europe stations with correct Network name SSID can connect D ebursting D ess interface enabled ia Following wireless access point settings can be viewed or configured gt Network Name SSID The network name also known as Service Set ID SSID For more information see Network Name SSID on page 165 Rate Displays the current modulation rate in which the SpeedTouch is operating Take into consideration that if the distance between the SpeedTouch and the clients increases the throughput decreases Walls closets and big metal objects have a negative influence Interoperability Mode Channel Selection allows you to choose between gt Auto The best communication channel is automatically selected by the SpeedTouch recommended setting The Current Channel displays the channel currently in use gt A specific channel Regulatory Domain displays the access point s Regulatory Domain Only stations with correct Network name SSID can connect If this check box is gt Cleared the SpeedTouch broadcasts its SSID and accep
154. raffic Descriptor CTD for the transmit upstream direction rxctd The name of the CTD for the receive downstream direction Interfaces The Interfaces tab allows you to configure gt E DOC CTC 20051017 0151 v1 0 Name The name of the ATM interface to be configured Destination The WAN destination for this ATM interface Typically an ATM phonebook entry QoS name The name of the Quality of Service QoS book entry to apply on this ATM interface Encapsulation The type of encapsulation to be used for this ATM interface Choose between gt We Logical Link Control LLC Sub Network Access Protocol SNAP gt vemux Virtual Channel MUltipleXing VCMUX gt auto the SpeedTouch will determine the encapsulation method to use Number of retries A number between 0 and 65535 Represents the number of times the SpeedTouch retries to set up a WAN connection before giving up FCS Enable or disable the inclusion of the Ethernet Frame Check Sequence FCS in the packet header on the WAN side only used for Ilc encapsulation for mac S d This parameter is normally left disabled Speedtouch 137 Chapter 5 Expert Configuration Chapter 5 Expert Configuration gt Upper layer protocol Select the Upper Layer Protocol ULP for this interface Choose between gt ip for a Routed IPoA interface gt mac for a Bridged Ethernet Routed ETHOA Bridged PPP over Ethernet PPPoE Routed P
155. ration Content Level Proceed as follows 1 In the Toolbox menu click Web Site Filtering 2 Click Configure 3 Click the Edit link of the content level you want to edit The Content Level page gives you an overview of the different categories and their rules The following icons indicate whether the content type is allowed or not Description The category group is allowed The category group is not allowed PJ The group is partly allowed This page allows you to change gt The content level name gt The content level description gt The content level configuration speedtouch Chapter 4 Basic Configuration 4 9 9 Accessing the New Content Level page Procedure Content level creation Content level configuration New Content Level On this page you to create a new content level Proceed as follows to access this page 1 In the Toolbox menu click Web Site Filtering 2 In the upper right corner click Configure 3 In the Pick a task list click Create a new content level To apply a new content level you must perform the following actions Content level creation Content level configuration Content level definition A Gd M Content level activation o You can create up to 16 content levels Proceed as follows 1 In the Name box type a name for the new content level 2 In the Description box type a short text to describe what this security level will do 3
156. rder not to interrupt the upload process If the upload was successful the uploaded system software will be listed as Passive system software version To upgrade your SpeedTouch system software to a new version or in some cases roll back to a previous version 1 Make sure that a Passive system software is correctly uploaded to your SpeedTouch it should be listed in the Software Versions table 2 Click Switch Over to restart the SoeedTouch and activate the passive system software version as active version Switching the system software versions may take a few minutes Do not power off your SpeedTouch or interrupt the switch process in any other way During restart the SoeedTouch will switch the passive and active system software the previous active system software will be stored as passive system software version A If for any reason the switch over failed the system software version that 7 was running as active software version will be retained To ensure correct operation of the SpeedTouch after recovery the previous passive system software may need to be removed instead the active system software will be duplicated as passive system software version S D e d tO U C n E DOC CTC 20051017 0151 v1 0 ew Overview E DOC CTC 20051017 0151 v1 0 opeedTouch Services The SpeedTouch Services page allows you to view and configure all services that are currently configured on your SpeedTouch
157. residing on your local network using only one computer of the network to control the client If this computer runs gt Any Operating System you can always use the SpeedTouch Web pages See 3 1 SpeedTouch Web Pages on page 31 to proceed gt Windows XP you can use the Windows XP Internet Gateway Device Control Client See 3 2 Internet Gateway Device Control Agent on page 33 to proceed You can also connect to the Internet using a Broadband PPPoE dial in application The PPP over Ethernet connection scenario provides PPP like dial in behaviour over the virtual Ethernet segment To be able to use a broadband dial in application on your computer for connecting to the Internet the SoeedTouch needs to be configured for Bridged Ethernet or Routed PPPoE with PPPoE relay via the SpeedTouch Home Install Wizard on the Setup CD or the embedded Easy Setup If your Computer runs you Can use Windows XP the Windows XP broadband dial in client Mac OS X a Mac OS X broadband dial in client a broadband PPPoE dial in client provided by you Service Provider A Upon availability of OS specific PPPoE dial in client applications the latter E method is Operating System independent For PPPoE session connectivity from a Mac OS 8 6 9 x a Windows 95 98 SE ME 2000 or a Linux system a host PPPoE dial in application is mandatory S D e d tO U C n E DOC CTC 20051017 0151 v1 0 3 1 Speedlouch Web Pa
158. rface Configuration Speedtouch Chapter 5 Expert Configuration Expert Mode navigation The Navigation and notification area displays the current user and the site navigator as well as notification messages if applicable In addition following action buttons are always available on every page Save All force a save of the current configuration of your SpeedTouch CLI access the complete SpeedTouch Command Line Interface in a graphical way open the SpeedTouch help pages If available on your SpeedTouch you are able to change the language of your SpeedTouch web pages via the language action buttons in the top right corner on each of the SpeedTouch pages S D e d tO U C n E DOC CTC 20051017 0151 v1 0 5 1 Overview E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration Home The Expert Mode home page is in fact the same as the Speed Touch home page in Basic Mode it provides an instant overview of all aspects of your Speed Touch configuration and operational status For more information see Home of Basic Configuration web interface Speedtouch Chapter 5 Expert Configuration 9 2 Speedlouch Overview The SpeedTouch menu consists of the following topics Diagnostics view detailed system and configuration information of the SpeedTouch and perform IP connectivity checks on WAN connections Syslog view configure the Speed Touch
159. right corner click Configure Select a security level and then click the Edit link The firewall settings of the selected security level appear You can Speedtouch Chapter 4 Basic Configuration gt gt Select a row using the Edit link to modify the security rule Click Add to create a new security rule 5 Edit or define following parameters of the rule gt gt The Name of the security rule The Source Interface and IP Address range Use Any as IP address in case all traffic for the interface should be parsed Or you can type a User defined IP address range The Destination Interface and IP Address range Use Any as IP address in case all traffic for the interface should be parsed Or you can type a User defined IP address range The Service type of the traffic this can be a protocol dns smtp or a specific SpeedTouch system service 6 Select an Action that should be done on traffic for which the security rules applies gt Accept to allow the traffic to pass gt Deny to drop the traffic without notification gt Count to let the traffic pass but count it Hits 7 Click Apply S D e d tO U C n E DOC CTC 20051017 0151 v1 0 4 9 11 Intrusion Detection E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration Intrusion Detection Your SpeedTouch protects your network against malicious intrusions The Intrusion Detection page shows you the in
160. rompt as shown in the example below Username Administrator SpeedTouch 4 I Version 5 4 Ey ZK Copyright Zei 1999 2005 7 3 THOMSON Z 4 Administrator gt E DOC CTC 20051017 0151 v1 0 S D e e d tO U C h D Chapter 1 Getting to know your SpeedTouch 1 2 3 Access via FTP To access the You can access the file system of the SpoeedTouch via the File Transfer Protocol speedTouch via the FTP in order to File Transfer Protocol p Restore or back up configuration files templates or language packs FTP gt Upgrade your configuration or firmware File system The SpeedTouch file system is stored on non volatile memory and contains the SpeedTouch software service template files and optionally default setting files To open an FIP session Proceed as follows 1 Open a Command Prompt window A In Microsoft Windows XP for instance 1 On the Windows taskbar click Start 2 Select All Programs gt Accessories gt Command Prompt 2 Atthe prompt type ftp followed by the IP address of your SpeedTouch 192 168 1 254 by default 3 Enter your SpeedTouch security user name and password R The default user is Administrator and the default password is blank The example below shows an FTP session to the SpeedTouch file system Go COWINDOWS system32 cmd exe ftp 192 166 1 254 Microsoft Windows AP Version 5 1 2606 LC Copyright 1985 2061 Microsoft Corp C Doc
161. s indicates whether the wireless client has a static DHCP lease or not gt DHCP Lease Time displays the time for which the wireless client can use this IP address gt Connection Sharing Gives you an overview of the games or services that are currently assigned to this device Click the name of the game or service to view the used port mappings For more information see 4 5 4 Game or Application Definition on page 62 S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Configure E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration The Configure page allows you to gt Change the device information gt Allow a game or service running on this device to be initiated from the Internet PC1 e Information New Mame FC Status Active Type G Connected To ethifl Ethernet e Addressing Physical Address O0 01 02 98 1f df IP Address Assignment DHCP IF Address 192 168 1 64 Always Use the same E address DHCP Lease Time 1 day 0 00 00 Apply Cancel e Connection Sharin Game or Service FIP Server Unassign HTTP Server World Wide Web Unassign Age of Empires Add Speedtouch Chapter 4 Basic Configuration 4 6 3 Introduction Assigning the public IP address to a device Assign Public IP On this page you can assign the public IP address of your Internet Connection s to a specific device on your local network You might want to do this if g
162. se could be found in the table a new lease will be created when the client s request is granted Existing DHCP leases can be made static i e TTL infinite by selecting the DHCP lease and clicking Lock DHCP leases can be added manually e g for DHCP client devices that need a static IP configuration You can also remove existing DHCP leases S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Address Pools Address pool types E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration One or more disjunctive DHCP server address pools can be created per existing SpeedTouch interface using the Address Pool table The first address pool displayed in the table has the highest priority for a certain interface If you select one of the address pools following fields become available gt Name The name of the DHCP server s address pool gt interface The SpeedTouch interface for which the address pool applies gt Start address The start IP address of the DHCP server s address pool gt End address The end IP address of the DHCP server s address pool Both the start and end IP address define the IP address range used by the DHCP server to assign leases gt Subnet mask The subnet mask of the DHCP server s address pool gt Lease time The maximum time a client is allowed to use the address gt Gateway The IP address that will be assigned to DHCP clients as their default gateway
163. se tasks will guide you to the page where you can perform the selected task Speedtouch Chapter 4 Basic Configuration 4 2 Home SpeedTouch home The SpeedTouch home page gives you a short overview of all the configurable page aspects of the SpeedTouch SpeedTouch Toolbox Office Network v v v wv Broadband Connection SpeedTouch Broadband Connection Toolbox Office Network Expert Mode E THOMSON BRAND Speedtouch Administrator Help Home SpeedTouch e Information Product Name SpeedTouch XXX Software Release X X X X Broadband Connection es Internet Disconnected Toolbox e Remote Assistance Disabled e Game amp Application Sharing e Firewall Disabled e Web Site Filtering Office Network E Ethernet Unknown 00 0d 88 4f a8 f6 S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration 4 3 SpeedTouch The SpeedTouch menu The SpeedTouch menu consists of the following items Information Configuration Event Logs Update v v v Ww The SpeedTouch page The SpeedTouch page gives you some basic information on the SpeedTouch gt Product Information gt Configuration Speedtouch Administrator Help Home gt SpeedTouch SpeedTouch Information e Information Configuration Product Name SpeedTouch 620 Serial Number 0452 T03Y Event Logs Software Release xx e Configuration
164. st or network in prefix notation e g 172 16 0 0 16 gt Label Allows you to assign a label to this connection Speedtouch Chapter 5 Expert Configuration Other This window holds miscellaneous information and configuration possibilities Following fields are available gt Mode A PPP connection can be established in three ways gt Manually You have to press the Dial In button of a particular connection gt Always On The SpeedTouch automatically tries to establish PPP connections gt On Demand A PPP connection is triggered by specific frames arriving at the Ethernet port gt Idle Time Limit Allows you to specify after which time limit the PPP connection is released Otherwise stated if no traffic passes over the PPP connection for Idle Time the connection is closed gt Authentication allows you to select the default PPP authentication mechanism when starting the PPP session Via the drop down box three authentication methods can be selected for the connection gt Auto default Preferably the CHAP Challenge Handshake Authentication Protocol will be used However if not successful PAP Password Authentication Protocol authentication is used instead If in turn PAP fails the connection will NOT be authenticated gt CHAP CHAP authentication is forced If not successful the connection will NOT be authenticated b PAP PAP authentication is forced If not successful the conn
165. t You do not want to use the Network Address Translation engine of your SpeedTouch This device is running server applications Web server and you want it to be accessible from the Internet You can also achieve this by creating a port mapping for the specified server as described in 4 5 2 Game amp Application Sharing on page 59 This device has to be considered as the unique access point to your local network DMZ o Be aware that the device to which you assign the public IP address will lose all security offered by the SpeedTouch Proceed as follows 1 2 ER In the Office Network menu click Devices In the Pick a task list click Assign the public IP address of a connection to a device Click the Edit link of your Internet connection In the Device list select the device you want to assign the public address to Assign the public IP address of a connection to a LAN device This page allows you to assign the public IP address of your Internet Connection s to a specific device on your local network You might want to do this if e You encounter issues with some applications through the Network Address Translation engine of your SpeedTouch e This device is running server applications web server and you want it to be accessible from the internet e This device has to be considered as the unique entry to your local network DMZ Internet Service Device Internet Apply
166. t Select this check box to enable IP address conflict network probing before handing out an address to a client gt Activate trust client Select this check box if you want the SpeedTouch to take the IP address suggested by a DHCP client into account speedtouch Ki Chapter 5 Expert Configuration Chapter 5 Expert Configuration Server Leases In case the SpeedTouch DHCP server is running this table holds all leases which are assigned by the DHCP server to accepted DHCP clients Following lease parameters are shown gt Client ID The MAC address of the DHCP client gt Address The IP address leased by the DHCP client gt Pool The DHCP server address pool the lease IP address is taken from gt TTL The DHCP server lease s Time To Live in seconds For a permanent DHCP lease TTL displays infinite gt State The DHCP server lease state gt Free in case of statically added DHCP leases Indicating unused DHCP server leases No DHCP request from this particular Client ID has been received by the DHCP server yet gt Used Indicating assigned DHCP leases A DHCP lease has been assigned to this Client ID in the past actually Pool lease time TTL seconds ago As soon as a DHCP request is received the SoeedTouch DHCP server will assign the IP address matching the DHCP client s identity to this client e g in case of a renewal or for static entries If no pre configured lea
167. t make sure that the separation in terms of frequency is as high as possible It is recommended to keep at least 3 channels between 2 different access points The SpeedTouch supports all channels allowed for wireless networking However depending on local regulations the number of channels actually allowed to be used may be additionally restricted as shown in the table below S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Antennas E DOC CTC 20051017 0151 v1 0 Chapter 2 Local Network Setup Direct the external antenna to allow optimization of the wireless link If for example the antenna Is erect wireless links in the horizontal plane are favoured Please note that the antenna characteristics are influenced by the environment that is by reflections of the radio signal against walls or ceilings It is advisable to use the received signal strength as indicated by the wireless client manager to optimize the antenna position for the link to a given client Concrete walls weaken the radio signal and thus affect the connection Speedtouch Chapter 2 Local Network Setup 2 2 2 Connecting Wireless Clients for the First Time Wireless default After every Reset to Defaults the SoeedTouch wireless access point settings configuration is returned to its initial default settings These default settings are gt Security level is low security disabled for an easy first use meaning the data will not be
168. t at the ISP 5 If needed enter the ISDN parameters of your ISP 6 Click Apply Once created per Routed PPPol connection additional configuration is possible by clicking 1 Routing 2 Other 4 These parameters can only be modified when the link is down Take the link down first by clicking Hang up Following fields are available gt Destination Controls the networks that can be reached via this particular PPP connection Specify the remote host or network in prefix notation e g 172 16 0 0 16 gt Label Allows you to assign a label to this connection S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration Other This window holds miscellaneous information and configuration possibilities Following fields are available gt Mode A PPP connection can be established in three ways gt Manually You have to press the Dial In button of a particular connection gt Always On The SpeedTouch automatically tries to establish PPP connections gt On Demand A PPP connection is triggered by specific frames arriving at the Ethernet port gt Idle Time Limit Allows you to specify after which time limit the PPP connection is released Otherwise stated if no traffic passes over the PPP connection for Idle Time the connection is closed gt Authentication allows you to select the default PPP authentication mechanism when starting the PPP session Via the drop down box thr
169. t of traffic carried over the IKE Security Association Phase 1 and the IPSec Security Association s Phase 2 Logging page On the Logging page you can monitor the received and transmitted messages of the IKE and IPSec negotiations Proceed as follows 1 2 3 4 Browse to Expert mode gt VPN gt Debug gt Logging Select the desired level of Trace Detail Select high to see the most detailed level of logging Start the VPN connection Browse again to Expert mode gt VPN gt Debug gt Logging Tear Down All Tunnels On this page you can halt all established VPN tunnels S D e d tO U C n E DOC CTC 20051017 0151 v1 0 5 0 Availability SpeedTouch SIP PBX Enabling the SIP PBX Overview General E DOC CTC 20051017 0151 v1 0 SIP PBX The SIP PBX feature is only available if you activated the SIP PBX software module For more information see 5 2 10 Add on on page 120 The SpeedTouch has a key role in the enhancement of Voice over IP services for corporations universities or enterprises Using the SpeedTouch integrated multi media SIP PBX the user can secure the SIP communications and manage without involvement of the operator certain local services such as registration blocking sessions screening sessions logging The added value of a PBX is now available in a SIP enabled network To enable the SIP PBX 1 2 3 4 On the SpeedTouch menu click SpeedTouch Services Select
170. the Service list click your Dynamic DNS service T In the Host box type the host name you want to assign to this interface for example myspeedtouch dyndns org 8 Click Apply S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration 4 9 13 User Management Overview The Overview page gives you an overview of the currently configured users and their privileges Click the name of a user to edit his user account User Management dech This page provides you with information regarding the users configured on your SpeedTouch e Local User Data The table below shows the configured users who are able to access your SpeedTouch You need to configure user privileges if you want to differentiate between people using your SpeedTouch The current privileges of the user are mentioned in the privileges column Username Privileges Default User Administrator Administrator VM Edit Jon User Edit Balara Melissa User Edit Delete Add Configure On the Configure page you can gt Click Add to create a new user account gt Click Edit to change a user account gt Click Delete to remove a user Types of users The table below shows the types of users and their privileges root This is the root master account This user has all privileges without any exceptions or limitations SuperUser This user can perform any service via any access channel from any access origin TechnicalSupport Th
171. the SpeedTouch There are different security levels depending on the degree of security you need The Overview page summarizes the overall security policy configured on your SpeedTouch On the Configure page you can select the security level of the SpeedTouch Firewall This page summarizes the overall security policy configured on your SpeedTouch e Security Settings Security Level High Use this Security Level to block all outgoing connections except well known applications ONS HTTP HTTPS FTP TELNET IMAP POP and block all incoming connections Game amp Application sharing is not allowed by the firewall Ze Medium Use this Security Level to allow all outgoing connections except Windows protocols Netbios RPC SMB and block all Incoming connections Game amp Application sharing is allowed by the firewall Standard Use this Security Level to allow all outgoing connections and block all incoming traffic Game amp Application sharing is allowed by the firewall Low Use this Security Level to allow all outgoing connections and block all incoming traffic except Internet Control Management Protocol ICMP Game amp Application sharing is allowed by the firewall Disabled Disable the firewall All traffic is allowed to pass through your SpeedTouch Game amp Application sharing is allowed by the firewall Blocksll Use this Security Level to block all traffic from and to the
172. the bridge ports that are member of it S D e d tO U C n E DOC CTC 20051017 0151 v1 0 VLAN interface configuration E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration Proceed as follows to add or remove Bridged Ethernet interfaces for a certain VLAN 1 Select the VLAN you wish to edit 2 Alisting of all bridge interfaces will appear each followed by a drop down list Change the value of the drop down list to add or remove interfaces from this VLAN gt none which means that this interface is not a member of the selected VLAN gt Tagged which means that this interface is a member of the selected VLAN and that packets coming in and going out of the SpeedTouch will be VLAN tagged gt Untagged which means that this interface is a member of the selected VLAN but that the VLAN functionality will be not visible outside the SpeedTouch This means that inside the SpeedTouch VLAN will be used to isolate interfaces from each other but that outside of the SpeedTouch no VLAN tagging will be used 3 Click Apply speedtouch Chapter 5 Expert Configuration 0 4 6 Introduction Routed Ethernet The Routed Ethernet web page allows you to add and modify Routed Ethernet interfaces Routed Ethernet interfaces can be used for creating end to end MAC Encapsulated Routing MER connections or for creating a destination interface to create Routed PPPoE connections on or to app
173. tion the following fields are available gt Interface Enabled Indicates whether the wireless interface is enabled or disabled gt Physical Address Displays the Base Service Set Identifier BSSID of the selected Access Point gt Network Name SSID Displays the network name of your WLAN gt Interface Type Displays one of the following interface types gt 802 11b Only stations that are configured in 802 11b mode can associate gt 802 11b legacy g This is a special compatibility mode for 802 11b g and is in fact designed for older types of b clients Use this mode if you are experiencing problems with wireless clients that connect to the SpeedTouch Access Point gt 802 11b g Only stations that are configured in 802 11b g mode can associate gt 802 11g Only stations that are configured in 802 11g mode can associate gt Actual Speed Displays the current transmission speed gt Channel Selection Displays whether you select a fixed channel yourself or the SoeedTouch selects a channel for you gt Region Displays your region gt Channel Displays the channel that is currently used by the Access Point S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration gt Allow multicast from Broadband Network Displays whether you to allow deny multicast messages from the Internet p Large bandwidth streams like video streams have a large impact on your
174. tivity Try again later An internal error switchover from Could not install the new software active to passive build failed out of version If problem persists contact disk space occurred Try again your help desk later If the problem persists contact your help desk Speedtouch Chapter 7 Troubleshooting Jue speedTouch not detected by UPnP or IGD Control Client Adding UPnP UPnP on Windows XP Systems Check the following gt Make sure the UPnP and Internet Gateway Device Control Client Networking components are added to your Windows XP system gt Your computer doesn t support UPnP if you run an operating system other than Windows XP and Windows Millennium gt Make sure that UPnP is not disabled in the SpeedTouch Web page see 4 5 2 Game amp Application Sharing on page 59 If you are running Microsoft Windows XP it is recommended to add the UPnP component to your system Proceed as follows 1 In the Start menu click Settings gt Control Panel The Control Panel window appears 2 Click Add or Remove Programs The Add or Remove Programs window appears 3 Click Add Remove Windows Components 4 In the Windows Components Wizard select Networking Services in the Components list and click Details Windows Components Wizard Windows Components e E You can add or remove components of Windows XP To add of remove a component click the c
175. traceroute test entry 1 Click New if an entry is currently selected click Cancel first 2 Type a name for the traceroute test entry 3 Type the host name or IP address of the target to traceroute 4 Click Apply To delete a traceroute test 1 Select the traceroute test entry to delete 2 Click Delete To modify a traceroute test entry 1 Select the traceroute test entry 2 Click Modify gel 1 sceroute test Owner Target Address Status OO O BRAS modem 10 501 20 Stopped Result Status Target IP address Current hop count E Current probe count f0 Test attempts PO Test Successes OO Last good path 01 01 70 00 00 00 000000 3 Make your changes d Click Apply to apply your changes to the traceroute test entry To start stop a traceroute test 1 Select the traceroute test entry 2 Click gt Activate to start the traceroute test gt Deactivate a traceroute test that is currently running To view the results of the traceroute test 1 Select the traceroute test entry if needed 2 Click Result To overview a history of traceroute tests 1 Select the traceroute test entry 2 Click History To view a list of hops that have been reached by the traceroute request 1 Select the traceroute test entry 2 Click Hop Speedtouch Chapter 5 Expert Configuration Chapter 5 Expert Configuration 5 2 10 Add on Overview Some of the SpeedTouch s extended functionalities require a s
176. trusions you are protected against The Protected Intrusions table shows the number of times the Speed Touch actively protected your network against each intrusion since last statistics reset Speedtouch Chapter 4 Basic Configuration 4 9 12 Dynamic DNS Dynamic DNS The Dynamic DNS service allows you to assign a dynamic DNS host name for example john dyndns org to a broadband connection even if it is using a dynamic IP address As soon as the device gets a new IP address the dynamic DNS server updates its entry to the new IP address Overview Click Overview to view the different Dynamic DNS clients with their name host names interface and IP address Configure On the Configure page you can assign a Dynamic DNS host name to a broadband connection Proceed as follows 1 Create an account at the Dynamic DNS service of your choice for example gt www dyndns org gt www no ip com gt www dtdns com 2 Onthe Dynamic DNS page click Configure 3 Select the Enabled check box Dynamic DNS Service e Configuration Enabled IS Interface intemet tt sl Username Myname Password essees is Confirm password esses gt Service gnudip Host MyDomainNamel Apply 4 If necessary click the broadband connection to which you want to assign the Dynamic DNS hostname in the Interface list 5 Type the user name and password of your Dynamic DNS service account in the corresponding fields 6 In
177. ts every client gt Selected the SoeedTouch does not broadcast its SSID and accepts only those clients who have the correct Network name SSID Framebursting Allows you to enhance the performance of wireless networks by improving the efficiency between the client and the access point if you have mainly downstream traffic WMM WMM is enabled by default Clear the check box to disable WMM Allow multicast frames sent to local clients Wireless interface enabled Allows you to enable disable the wireless interface S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Network Name SSID Network Name broadcast Interoperability Mode Channel E DOC CTC 20051017 0151 v1 0 Chapter 5 Expert Configuration The WLAN s radio link is a shared medium As no physical connection exists between the SpeedTouch and wireless clients a name must be given to allow unique identification of your WLAN radio link This is done by the Network Name also known as Service Set ID SSID Wireless clients must be configured for the same Network Name in order to be able to communicate with other clients on the W LAN via the SpeedTouch wireless access point To change the Network Name SSID 1 Type a Network Name of your choice 2 Click Apply to immediately apply your changes By default the access point broadcasts its SSID and accepts every client However for security reasons you are able to configure not to broadcast
178. uments and Settings nielsenvtftp 192 168 1 254 Connected to 192 168 1 254 224 Inactivity timer 128 seconds Use site idle lt secs gt to change User 192 168 1 254 none gt gt Administrator E 331 SpeedTouch 6 HE 56 5A D9 AB gt Password requ ed Password 238 OK ftp File system structure The structure of the file system is very simple it consists of a single root directory called root and two subdirectories called active and d download gt The root directory contains gt all the necessary files for the SoeedTouch to start correctly gt the active and the dl directories gt The active directory contains the active software image gt The dl directory contains the passive software image If you made changes to the SpeedTouch configuration and saved them a user ini configuration settings file is created in the d subdirectory D ce d to UC he E DOC CTC 20051017 0151 v1 0 File system access rights Common FIP commands E DOC CTC 20051017 0151 v1 0 Chapter 1 Getting to know your SpeedTouch In the different directories you have the following rights Ee mn C Depending on the access rights you have in a directory you can use one of the following commands Use the command access another directory than the one currently open Example ftp gt cd dl list the directory files Example ftp gt dir be set the transfer mode to binary turn on the hashing opti
179. ur SpeedTouch gt Backup Configuration listing configuration backups stored on your SpeedTouch gt Wizard template listing configuration wizard templates that are currently available for the embedded Easy Setup To view the configuration of backup or delete a configuration file 1 Select the configuration file A Details pane shows some extra information on the selected configuration file 2 Click gt Backup to store the file on a location on your local disk gt Delete to remove the file from your SpeedTouch Some configuration files may be required for the o SpeedTouch s system integrity These files are protected and cannot be deleted from your SpeedTouch gt Cancel to return to the configuration file overview Your SpeedTouch is able to display its web interface embedded Easy Setup and this Help in various languages Use the Language bar to change the language in which the SpeedTouch web interface Easy Setup and this Help is displayed For more information see 4 1 2 Language Bar on page 38 o Although all language pack files stored on your SpeedTouch are listed only language pack files that match with the board name and the software version of your SpeedTouch can be actually used See System on page 105 for more information to identify your SpeedTouch Speedtouch m Chapter 5 Expert Configuration system Upgrade Upload system software switcht
180. ur wireless client s with the same settings Proceed as follows to enable WPA Encryption 1 Select Use WPA Encryption 2 In the WPA Radius IP box type the WPA Radius IP 3 Inthe WPA Radius Port box type the WPA Radius Port 4 Inthe WPA Radius Key box type the WPA Radius Key S D e d tO U C n E DOC CTC 20051017 0151 v1 0 Chapter 4 Basic Configuration 5 In the WPA Version list click the desired WPA version 4 Depending on the WPA version you choose one of the following WPA 7 encryption will be set automatically gt WPA TKIP gt WPA2 AES gt WPA WPA2 TKIP AES 6 Click Apply to immediately apply your changes D Configure your wireless client s with the same settings Access control on the The following modes are available Speediouch New stations are allowed automatically All New stations can access the SpeedTouch WLAN gt New stations are allowed via registration Only allowed stations in the Access Control List ACL have access You can add new stations via registration For more information see Allowing new wireless on page 92 gt New stations are not allowed Only allowed stations in the Access Control List ACL have access EN Speedtouch Chapter 4 Basic Configuration Allowing new wireless If you selected New stations are allowed via registration or in the New stations are not allowed list wireless clients have to be added manually
181. urced by the PPTP application from the tunnel to the virtual channel identified by the phonebook entry and vice versa At the remote end of the virtual channel the BRAS extracts the PPP frames reconstructs the encapsulated IP packets and forwards these to the Internet If at the end of a session the user disconnects the PPTP application it destroys the tunnel and the Relay subsequently releases the virtual channel Multiple users can initiate terminate tunnels towards the Relay as long as there are free ATM virtual channels on the DSL Line The maximum number of tunnels may however be restricted by DSL provider ISP provisioning rules The SpeedTouch Relayed PPPoA page allows you to overview current active relay session currently maintained by the SpeedTouch S D e d tO U C n E DOC CTC 20051017 0151 v1 0 0 4 9 Concept The Virtual LAN page Creating a new VLAN Using VLAN E DOC CTC 20051017 0151 v1 0 Virtual LAN The concept of VLAN was introduced as a way to solve many of the issues of a large Layer 2 environment It controls the traffic on a physical LAN The physical LAN is partitioned into multiple virtual LANs Each VLAN is assigned a number called the VID which identifies it uniquely within the network Traffic between these systems stays bottled up within their VLAN Although different VLANs use a common physical network the traffic of each VLAN is isolated from the other VLANs The Virtual LAN
182. ve failed Connectivity Check This page enables you to perform a connectivity check on an Internet service of your SpeedTouch Choose an Internet service and click the button ta launch the tests Internet Service ta Check Internet Check Connectivity e Test Results ma wn m ATM Ethernet PPP Internet G TT V Connectivity to Gateway 101 101 101 1 Y Connectivity to ONS Server 1 10 50 2 20 V Connectivity to ONS Server 2 10 50 2 21 Speedtouch Chapter 4 Basic Configuration 4 4 2 DSL Connection Overview Click Overview to view basic information on your DSL connection Details Click Details to view more detailed information on your DSL connection De e Link Information Uptime 4 days 4 19 08 Modulation G 992 1 Annex A Bandwidth Up Down esa cain kbps kbps 512 4 640 Data Transferred Sent Received MB MB Output Power Up Down 36 15 385 19 dBm 11 5 19 5 Line Attenuation U om i i ve enuation Up Down 14 0 25 0 SN Margin Up Down dB 19 0 19 5 Vendor ID Local Remote TMMB ALCB Loss of Framing oro Local Remote i Loss of Signal o o Local Remote i Loss of Power oro Local Remote Loss of Link Remote D Error Seconds o o Local Remote i FEC Errors Up Down 070 CRC Errors Up Down o o HEC Errors Up Down 070 mmm mmm mm mmm mm mm mem pm mm em mm Em mm em Em Em Em E pm mm mm Em Em Em Em Em mm em Em pm Em Em Em mm
183. verview The System Information page is the SoeedTouch expert start page It consists of four sections gt Diagnostics gt DSL Line Info gt Configuration gt System System Self Test LAN DSL Diagnostics Select Diagnostics to view the results of the System Self Test LAN connectivity and DSL synchronisation test a the overall status of the particular item is healthy _ an error situation has been detected for that item DSL Line Info Select DSL Line Info to view the current physical status of the ADSL line The DSL Statistics allow you to view gt Line Status this shows whether the DSL link is synchronised Enabled or not Initialising gt Bandwidth Up Down the maximum available bandwidth of the DSL link in both up and downstream direction gt Uptime The duration of the current Enabled Line Status gt kBytes Tx Rx the amount of kilobytes kBytes sent Tx and received Rx since the establishment of the DSL link In addition per configured Internet Service interface you van view gt The interface s currently assigned or configured local WAN IP address gt The interface s currently assigned or configured primary and secondary DNS server IP address es 4 In case the negotiation of IP addresses failed Unassigned or is displayed for the applicable interface Configuration Select Configuration to view the configuration currently active on the SpeedTouch See 5 2
184. via the HTTPS link in combination with the provided certificate a secure authentication mechanism 4 For security reasons remote assistance will be automatically disabled after 20 minutes of inactivity or after restarting your SpeedTouch Proceed as follows 1 Go to the SpeedTouch pages as described in 1 2 1 Access via the Web Interface on page 7 2 In the menu select Toolbox gt Remote Assistance 3 Click Disable Remote Assistance Speedtouch 13 Chapter 1 Getting to know your SpeedTouch D ce d to UC he E DOC CTC 20051017 0151 v1 0 Introduction Device settings E DOC CTC 20051017 0151 v1 0 Chapter 2 Local Network Setup Local Network Setup The SpeedTouch offers you the following local networking solutions gt Wired Ethernet gt Wireless Ethernet Once you have connected a device you can personalise its settings For more information see Configure on page 85 Speedtouch 15 Chapter 2 Local Network Setup 2 1 Local network Standard wiring procedure Ethernet link check Device settings Managed Ethernet switch Wired Ethernet The Ethernet ports on the back panel allow you to connect the SpeedTouch to an existing 10 or 100Base T Ethernet network or one or more computer s with an installed Ethernet card Using the SpeedTouch Ethernet switch you can create a local Ethernet network of up to four devices without needing extr
185. vity Refresh Per category an overall status is displayed the overall status of the particular category is healthy an error situation has been detected for that category the overall status of the category could not be determined Following action buttons are provided Expand All expand all collapsed categories Collapse All collapse all expanded categories el IP Connectivity check all connections on IP connectivity E refresh all counters and values next to a category expand the applicable category next to a category collapse the applicable category speedtouch 107 Chapter 5 Expert Configuration Chapter 5 Expert Configuration Siew Overview Messages Configuration syslog The Syslog page consists of two sections gt Messages gt Configuration Messages Configuration Message buffer view options Facility all i Severity debug stop AutoRetresh Facility E e current time System UpTime 00 02 51 leale porge xDSL linestate up downstream 2336 kbit s upstream 544 kbit s System UpTime 00 01 29 alin naice LOGIN User Administrator logged in on HTTP from 192 168 1 10 security SEET System UpTime 00 00 00 FIREWALL level changed to Disabled This section allows to overview system log and alert messages your Speed Touch generated during operation System log messages are used to provide a historical overview of events errors an
186. w configure the Routed PPP over ATM PPPoA Internet services Routed PPPol view configure the Routed PPP over ISDN PPPol Internet services Bridged Ethernet view configure the Bridged Ethernet Internet services Routed Ethernet view configure the Routed Ethernet Internet services Routed IPoA view configure the Routed IP over ATM IPoA Internet service PPTP to PPP Relay view configure the PPTP to PPP Relay Internet services Virtual LAN view configure the Speed Touch Virtual LAN functionality E DOC CTC 20051017 0151 v1 0 S D e e d tO U C h mm Chapter 5 Expert Configuration 0 4 1 Overview Phonebook Adding a phonebook entry Connection Service Name AIM The ATM page consists of following sections gt Phonebook gt QoS Book b Interfaces The SpeedTouch Phonebook is a repository for ATM connectivity information A number of pre configured entries may already reside in the SpeedTouch Phonebook Bee SEY ee TT Name dress to PE Available Le atm_pyc_O_35 0 35 Mo Mo m atm Duc H 28 6 35 No No Click Delete to remove the selected entry The Phonebook gt Allows you to use named connections gt Provides an instant overview of all possible connections gt Indicates whether hardware and software resources are actually assigned to Phonebook entries gt Resolves conflicts when adding new connectivity information To add a new Phonebook entry 1 Click New 2 In the Na
187. wireless performance gt WMM Displays whether WMM is enabled or disabled For more information about WMM see Access point settings on page 164 WMM or Wi Fi MultiMedia enhances QoS at wireless driver level It provides a mechanism to prioritise wireless data traffic to and from the associated WMM capable stations Under Security the following fields are available gt Broadcast Network Name By default the SoeedTouch broadcasts its network name allowing you to easily recognise your wireless network in the list of available networks Once you have configured your wireless clients it is recommended to disable this feature by clearing this check box gt Allow New Devices Allows you to change the access control used by the SpeedTouch gt Encryption Allows you to select an encryption level for your wireless network The following encryption methods are supported by the SpeedTouch gt The Wired Equivalent Protocol WEP gt WPA Pre Shared Key WPA PSK The default WEP key and the default WPA key are printed on the Speedlouch bottom label Before configuring the SpeedTouch encryption make sure you o know which encryption methods are supported by your wireless client gt Wi Fi Protected Access WPA Encryption Configure On the Configure page you can change the configuration details displayed on the Details page WEP The Wired Equivalent Privacy WEP algorithm protects wireless commu
Download Pdf Manuals
Related Search