Page 3
RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE D-LINK PRODUCT OR FAILURE OF THE PRODUCT, EVEN IF D-LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHERMORE, D- LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES.
Unified Services Router User Manual Table of Contents Chapter 1. Introduction ..........................8 About this User Manual .................... 8 Typographical Conventions ..................8 Chapter 2. Configuring Your Network: LAN Setup ................9 LAN Configuration ..................... 9 2.1.1 LAN Configuration in an IPv6 Network ..............11 2.1.2 Configuring IPv6 Router Advertisements ............
Page 6
Unified Services Router User Manual 9.4.2 Sending Logs to E-mail or Syslog ..............111 9.4.3 Event Log Viewer in GUI ..................113 Backing up and Restoring Configuration Settings ........... 114 Upgrading Router Firmware ................115 Dynamic DNS Setup ..................... 116 Using Diagnostic Tools ..................
Page 7
Unified Services Router User Manual List of Figures Figure 1: Setup page for LAN TCP/IP settings ..................11 Figure 2: IPv6 LAN and DHCPv6 configuration ..................13 Figure 3: Configuring the Router Advertisement Daemon ..............16 Figure 4: IPv6 Advertisement Prefix settings ..................17 Figure 5: Adding VLAN memberships to the LAN .................
Page 8
Unified Services Router User Manual Figure 32: Radio card configuration options ................... 55 Figure 33: Advanced Wireless communication settings ............... 56 Figure 34: WPS configuration for an AP with WPA/WPA2 profile ............57 Figure 35: List of Available Firewall Rules ....................60 Figure 36: List of Available Schedules to bind to a firewall rule ............
Page 9
Unified Services Router User Manual Figure 64: SSL VPN Portal configuration ....................100 Figure 65: USB device configuration ..................... 101 Figure 66: Certificate summary for IPSec and HTTPS management ..........102 Figure 67: User Login policy configuration ................... 103 Figure 68: Remote Management from the WAN.................. 104 Figure 69: SNMP Users, Traps, and Access Control ................
1.1 About this User Manual This document is a high level manual to allow new D-Link Unified Services Router users to configure connectivity, setup VPN tunnels, establish firewall rules and perform general administrative tasks.
Chapter 2. Configuring Your Network: LAN Setup It is assumed that the user has a machine for management connected to the LAN to the router. The LAN connection may be through the wired Ethernet ports available on the router, or once the initial setup is complete, the device may also be managed through its wireless interface as it is bridged with the LAN.
Page 12
Unified Services Router User Manual To configure LAN Connectivity, please follow the steps below: In the LAN Setup page, enter the following information for your router: IP address (factory default: 192.168.10.1). If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again.
Unified Services Router User Manual Enable DNS Proxy: To enable the router to act as a proxy for all DNS requests and communicate with the ISP’s DNS servers, click the checkbox. Click Save Settings to apply all changes. Figure 1: Setup page for LAN TCP/IP settings 2.1.1 LAN Configuration in an IPv6 Network Advanced >...
Page 14
Unified Services Router User Manual Advanced > IPv6 > IP mode IPv4 / IPv6 mode must be enabled in the to enable IPv6 configuration options. LAN Settings The default IPv6 LAN address for the router is fec0::1. You can change this 128 bit IPv6 address based on your network requirements.
Unified Services Router User Manual Figure 2: IPv6 LAN and DHCPv6 configuration If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again. Be sure the LAN host (the machine used to manage the router) has obtained IP address from newly assigned pool (or has a static IP address in the router’s LAN subnet) before accessing the router via changed IP address.
Unified Services Router User Manual DHCP Mode: The IPv6 DHCP server is either stateless or stateful. If stateless is selected an external IPv6 DHCP server is not required as the IPv6 LAN hosts are auto-configured by this router. In this case the router advertisement daemon (RADVD) must be configured on this device and ICMPv6 router discovery messages are used by the host for auto- configuration.
Page 17
Unified Services Router User Manual RADVD Advanced > IPv6 > IPv6 LAN > Router Advertisement To support stateless IPv6 auto configuration on the LAN, set the RADVD status to Enable. The following settings are used to configure RADVD: Advertise Mode: Select Unsolicited Multicast to send router advertisements (RA’s) to all interfaces in the multicast group.
Unified Services Router User Manual Figure 3: Configuring the Router Advertisement Daemon Advertisement Prefixes Advanced > IPv6 > IPv6 LAN > Advertisement Prefixes The router advertisements configured with advertisement prefixes allow this router to inform hosts how to perform stateless address auto configuration. Router advertisements contain a list of subnet prefixes that allow the router to determine neighbors and whether the host is on the same link as the router.
Unified Services Router User Manual IPv6 Prefix Length: This value indicates the number contiguous, higher order bits of the IPv6 address that define up the network portion of the address. Typically this is 64. Prefix Lifetime: This defines the duration (in seconds) that the requesting node is allowed to use the advertised prefix.
Unified Services Router User Manual will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other configured VLAN IDs that have Inter VLAN Routing enabled. Figure 5: Adding VLAN memberships to the LAN 2.2.1 Associating VLANs to ports In order to tag all traffic through a specific LAN port with a VLAN ID, you can associate a VLAN to a physical port.
Unified Services Router User Manual Figure 6: Port VLAN list In Access mode the port is a member of a single VLAN (and only one). All data going into and out of the port is untagged. Traffic through a port in access mode looks like any other Ethernet frame.
Unified Services Router User Manual Figure 7: Configuring VLAN membership for a port 2.3 Configurable Port: DMZ Setup This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. A DMZ is a subnetwork that is open to the public but behind the firewall.
Unified Services Router User Manual Figure 8: DMZ configuration In order to configure a DMZ port, the router’s configurable port must be set to Setup > Internet Settings > Configurable Port DMZ in the page. 2.4 Universal Plug and Play (UPnP) Advanced >...
Unified Services Router User Manual Advertisement Period: This is the frequency that the router broadcasts UPnP information over the network. A large value will minimize network traffic but cause delays in identifying new UPnP devices to the network. Advertisement Time to Live: This is expressed in hops for each UPnP packet. This is the number of steps a packet is allowed to propagate before being discarded.
Unified Services Router User Manual Chapter 3. Connecting to the Internet: WAN Setup This router has two WAN ports that can be used to establish a connection to the internet. The following ISP connection types are supported: DHCP, Static, PPPoE, PPTP, L2TP, 3G Internet (via USB modem).
Unified Services Router User Manual 3G Internet access with a USB modem is supported on the secondary WAN port (WAN2). The Internet Connection Setup Wizard assists with the primary WAN port (WAN1) configuration only. 3.2 WAN Configuration Setup > Internet Settings > WAN1 Setup You must either allow the router to detect WAN connection type automatically or configure manually the following basic settings to enable Internet connectivity: ISP Connection type: Based on the ISP you have selected for the primary WAN link...
Unified Services Router User Manual Server IP Address: Enter the IP address of the PPTP or L2TP server. 3.2.1 WAN Port IP address Your ISP assigns you an IP address that is either dynamic (newly generated each time you log in) or static (permanent). The IP Address Source option allows you to define whether the address is statically provided by the ISP or should be received dynamically at each login.
Unified Services Router User Manual 3.2.4 PPPoE Profiles Setup > Internet Settings > PPPoE Profiles > WAN1 PPPoE Profiles Some ISP’s allow for multiple concurrent PPPoE sessions (it is most common in Japan). Each connection can have its own specific authentication requirements and will provide unique IP, gateway, and DNS address parameters to the associated WAN port.
Unified Services Router User Manual Figure 13: PPPoE profile configuration 3.2.5 WAN Configuration in an IPv6 Network Setup > IPv6 > IPv6 WAN1 Config For IPv6 WAN connections, this router can have a static IPv6 address or receive connection information when configured as a DHCPv6 client. In the case where the ISP assigns you a fixed address to access the internet, the static configuration settings must be completed.
Unified Services Router User Manual When the ISP allows you to obtain the WAN IP settings via DHCP, you need to provide details for the DHCPv6 client configuration. The DHCPv6 client on the gateway can be either stateless or stateful. If a stateful client is selected the gateway will connect to the ISP’s DHCPv6 server for a leased address.
Page 32
Unified Services Router User Manual Connection state: This is whether the WAN is connected or disconnected to an ISP. The Link State is whether the physical WAN connection in place; the Link State can be UP (i.e. cable inserted) while the WAN Connection State is down.
Unified Services Router User Manual Figure 15: Connection Status information for both WAN ports The WAN status page allows you to Enable or Disable static WAN links. For WAN settings that are dynamically received from the ISP, you can Renew or Release the link parameters if required.
Unified Services Router User Manual 3.3 Bandwidth Controls Advanced > Advanced Network > Traffic Management > Bandwidth Profiles Bandwidth profiles allow you to regulate the traffic flow from the LAN to WAN 1 or WAN 2. This is useful to ensure that low priority LAN users (like guests or HTTP service) do not monopolize the available WAN’s bandwidth for cost-savings or bandwidth-priority-allocation purposes.
Unified Services Router User Manual For finer control, the Rate profile type can be used. With this option the minimum and maximum bandwidth allowed by this profile can be limited. Choose the WAN interface that the profile should be associated with Figure 17: Bandwidth Profile Configuration page Advanced >...
Unified Services Router User Manual Figure 18: Traffic Selector Configuration 3.4 Features with Multiple WAN Links This router supports multiple WAN links. This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable WAN connectivity on one of the ports.
Unified Services Router User Manual 3.4.2 Load Balancing This feature allows you to use multiple WAN links (and presumably multiple ISP’s) simultaneously. After configuring more than one WAN port, the load balancing option is available to carry traffic over more than one link. Protocol bindings are used to segregate and assign services over one WAN port in order to manage internet flow.
Unified Services Router User Manual Figure 19: Load Balancing is available when multiple WAN ports are configured and Protocol Bindings have been defined 3.4.3 Protocol Bindings Advanced > Routing > Protocol Bindings Protocol bindings are required when the Load Balancing feature is in use. Choosing from a list of configured services or any of the user-defined services, the type of traffic can be assigned to go over only one of the available WAN ports.
Unified Services Router User Manual Figure 20: Protocol binding setup to associate a service and/or LAN source to a WAN and/or destination network 3.5 Routing Configuration Routing between the LAN and WAN will impact the way this router handles traffic that is received on any of its physical interfaces.
Page 40
Unified Services Router User Manual IP address. Along with connection sharing, NAT also hides internal IP addresses from the computers on the Internet. NAT is required if your ISP has assigned only one IP address to you. The computers that connect through the router will need to be assigned IP addresses from a private subnet.
Unified Services Router User Manual Figure 21: Routing Mode is used to configure traffic routing between WAN and LAN, as well as Dynamic routing (RIP) 3.5.2 Dynamic Routing (RIP) Setup > Internet Settings > Routing Mode...
Unified Services Router User Manual Dynamic routing using the Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is common in LANs. With RIP this router can exchange routing information with other supported routers in the LAN and allow for dynamic adjustment of routing tables in order to adapt to modifications in the LAN without interrupting traffic flow.
Page 43
Unified Services Router User Manual The List of Static Routes displays all routes that have been added manually by an administrator and allows several operations on the static routes. The List of IPv4 Static Routes and List of IPv6 Static Routes share the same fields (with one exception): Name: Name of the route, for identification and management.
Unified Services Router User Manual Figure 22: Static route configuration fields 3.6 Configurable Port - WAN Option This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. If the port is selected to be a secondary WAN interface, all configuration pages relating to WAN2 are enabled.
Unified Services Router User Manual Figure 23: WAN2 configuration for 3G internet (part 1) Cellular 3G internet access is available on WAN2 via a USB modem. The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish a connection.
Unified Services Router User Manual Figure 24: WAN2 configuration for 3G internet (part 2) 3.7 WAN Port Settings Advanced > Advanced Network > WAN Port Setup The physical port settings for each WAN link can be defined here. If your ISP account defines the WAN port speed or is associated with a MAC address, this information is required by the router to ensure a smooth connection with the network.
Unified Services Router User Manual The default MAC address is defined during the manufacturing process for the interfaces, and can uniquely identify this router. You can customize each WAN port’s MAC address as needed, either by letting the WAN port assume the current LAN host’s MAC address or by entering a MAC address manually.
Unified Services Router User Manual Chapter 4. Wireless Access Point Setup This router has an integrated 802.11n radio that allows you to create an access point for wireless LAN clients. The security/encryption/authentication options are grouped in a wireless Profile, and each configured profile will be available for selection in the AP configuration menu.
Unified Services Router User Manual Figure 26: Wireless Network Setup Wizards 4.1.1 Wireless Network Setup Wizard This wizard provides a step-by-step guide to create and secure a new access point on the router. The network name (SSID) is the AP identifier that will be detected by supported clients.
Unified Services Router User Manual Personal Identification Number (PIN): The wireless device that supports WPS may have an alphanumeric PIN, and if entered in this field the AP will establish a link to the client. Click Connect to complete setup and connect to the client.
Unified Services Router User Manual server, or both. Note that WPA does not support 802.11n data rates; is it appropriate for legacy 802.11 connections. WPA2: this security type uses CCMP encryption (and the option to add TKIP encryption) on either PSK (pre-shared key) or Enterprise (RADIUS Server) authentication.
Unified Services Router User Manual size. Next choose one of the keys to be used for authentication. The selected key must be shared with wireless clients to connect to this device. Figure 28: Profile configuration to set network security 4.2.2 WPA or WPA2 with PSK A pre-shared key (PSK) is a known passphrase configured on the AP and client both and is used to authenticate the wireless client.
Unified Services Router User Manual 4.2.3 RADIUS Authentication Setup > Wireless Settings > RADIUS Settings Enterprise Mode uses a RADIUS Server for WPA and/or WPA2 security. A RADIUS server must be configured and accessible by the router to authenticate wireless client connections to an AP enabled with a profile that uses RADIUS authentication.
Unified Services Router User Manual Figure 29: RADIUS server (External Authentication) configuration 4.3 Creating and Using Access Points Setup > Wireless Settings > Access Points Once a profile (a group of security settings) is created, it can be assigned to an AP on the router.
Unified Services Router User Manual Figure 30: Virtual AP configuration A valuable power saving feature is the start and stop time control for this AP. You can conserve on the radio power by disabling the AP when it is not in use. For example on evenings and weekends if you know there are no wireless clients, the start and stop time will enable/disable the access point automatically.
Unified Services Router User Manual Figure 31: List of configured access points (Virtual APs) shows one enabled access point on the radio, broadcasting its SSID The clients connected to a particular AP can be viewed by using the Status Button on the List of Available Access Points.
Unified Services Router User Manual 4.4 Tuning Radio Specific Settings Setup > Wireless Settings > Radio Settings The Radio Settings page lets you configure the channels and power levels available for the AP’s enabled on the device. The router has a dual band 802.11n radio, meaning either 2.4 GHz or 5 GHz frequency of operation can be selected (not concurrently though).
Unified Services Router User Manual 4.5 Advanced Wireless Settings Advanced > Wireless Settings > Advanced Wireless Sophisticated wireless administrators can modify the 802.11 communication parameters in this page. Generally, the default settings are appropriate for most networks. Please refer to the GUI integrated help text for further details on the use of each configuration parameter.
Unified Services Router User Manual connect within 60 seconds of clicking the “Configure via PIN” button immediately below the PIN field. There is no LED indication that a client has connected. Push Button Configuration (PBC): for wireless devices that support PBC, press and hold down on this button and within 2 minutes click the PBC connect button.
Chapter 5. Securing the Private Network You can secure your network by creating and applying rules that your router uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to whom the rules apply. To do so, you must define the following: Services or traffic types (examples: web browsing, VoIP, other standard services and also custom services that you define) Direction for the traffic by specifying the source and destination of traffic;...
Unified Services Router User Manual may use the IP address if a static address is assigned to the WAN port, or if your WAN address is dynamic a DDNS (Dynamic DNS) name can be used. Outbound (LAN/DMZ to WAN) rules restrict access to traffic leaving your network, selectively allowing only specific local users to access specific outside resources.
Unified Services Router User Manual Figure 36: List of Available Schedules to bind to a firewall rule 5.3 Configuring Firewall Rules Advanced > Firewall Settings > Firewall Rules All configured firewall rules on the router are displayed in the Firewall Rules list. This list also indicates whether the rule is enabled (active) or not, and gives a summary of the From/To zone as well as the services or users that the rule affects.
Page 64
Unified Services Router User Manual Service: ANY means all traffic is affected by this rule. For a specific service the drop down list has common services, or you can select a custom defined service. Action & Schedule: Select one of the 4 actions that this rule defines: BLOCK always, ALLOW always, BLOCK by schedule otherwise ALLOW, or ALLOW by schedule otherwise BLOCK.
Page 65
Unified Services Router User Manual External IP address: The rule can be bound to a specific WAN interface by selecting either the primary WAN or configurable port WAN as the source IP address for incoming traffic. This router supports multi-NAT and so the External IP address does not necessarily have to be the WAN address.
Unified Services Router User Manual Figure 37: The firewall rule configuration page allows you to define the To/From zone, service, action, schedules, and specify source/destination IP addresses as needed.
Unified Services Router User Manual 5.3.1 Firewall Rule Configuration Examples Example 1: Allow inbound HTTP traffic to the DMZ Situation: You host a public web server on your local DMZ network. You want to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day.
Page 68
Unified Services Router User Manual arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN. One of these public IP addresses is used as the primary IP address of the router. This address is used to provide Internet access to your LAN PCs through NAT.
Unified Services Router User Manual Click apply – now schedule “Weekend” isolates all day Saturday and Sunday from the rest of the week. Figure 38: Schedule configuration for the above example. Since we are trying to block HTTP requests, it is a service with To Zone: Insecure (WAN1/WAN2) that is to be blocked according to schedule “Weekend”.
Unified Services Router User Manual Select the Action to “Block by Schedule, otherwise allow”. This will take a predefined schedule and make sure the rule is a blocking rule during the defined dates/times. All other times outside the schedule will not be affected by this firewall blocking rule As we defined our schedule in schedule “Weekend”, this is available in the dropdown menu We want to block the IP range assigned to the marketing group.
Unified Services Router User Manual Figure 39: List of user defined services. 5.5 ALG support Advanced > Firewall Settings > ALGs Application Level Gateways (ALGs) are security component that enhance the firewall and NAT support of this router to seamlessly support application layer protocols. In some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports a particular client application (such as H.323 or RTSP) requires, without which the admin would have to open large...
Unified Services Router User Manual Figure 40: Available ALG support on the router. 5.6 VPN Passthrough for Firewall Advanced > Firewall Settings > VPN Passthrough This router’s firewall settings can be configured to allow encrypted VPN traffic for IPSec, PPTP, and L2TP VPN tunnel connections between the LAN and internet. A specific firewall rule or service is not appropriate to introduce this passthrough support;...
Unified Services Router User Manual Figure 41: Passthrough options for VPN tunnels 5.7 Application Rules Advanced > Application Rules > Application Rules Application rules are also referred to as port triggering. This feature allows devices on the LAN or DMZ to request one or more ports to be forwarded to them. Port triggering waits for an outbound request from the LAN/DMZ on one of the defined outgoing ports, and then opens an incoming port for that specified type of traffic.
Unified Services Router User Manual Figure 42: List of Available Application Rules showing 4 unique rules The application rule status page will list any active rules, i.e. incoming ports that are being triggered based on outbound requests from a defined outgoing port. 5.8 Web Content Filtering The gateway offers some standard web filtering options to allow the admin to easily create internet access policies between the secure LAN and insecure WAN.
Unified Services Router User Manual Figure 43: Content Filtering used to block access to proxy servers and prevent ActiveX controls from being downloaded Approved URLs Advanced > Website Filter > Approved URLs The Approved URLs is an acceptance list for all URL domain names. Domains added to this list are allowed in any form.
Unified Services Router User Manual Figure 44: Two trusted domains added to the Approved URLs List Blocked Keywords Advanced > Website Filter > Blocked Keywords Keyword blocking allows you to block all website URL’s or site content that contains the keywords in the configured list. This is lower priority than the Approved URL List;...
Unified Services Router User Manual Figure 45: Two keywords added to the block list 5.9 IP/MAC Binding Advanced > IP/MAC Binding Another available security measure is to only allow outbound traffic (from the LAN to WAN) when the LAN node has an IP address matching the MAC address bound to it. This is IP/MAC Binding, and by enforcing the gateway to validate the source traffic’s IP address with the unique MAC Address of the configured LAN node, the administrator can ensure traffic from that IP address is not spoofed.
Unified Services Router User Manual Figure 46: The above example of IP/MAC Binding binds a LAN host’s MAC Address to an IP address. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured 5.10 Intrusion Prevention (IPS) Advanced >...
Unified Services Router User Manual Figure 47: Intrusion Prevention features on the router 5.10.1 Protecting from Internet Attacks Advanced > Advanced Network > Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the router unusable. Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP scans.
Unified Services Router User Manual Chapter 6. IPSec / PPTP / L2TP VPN A VPN provides a secure communication channel (“tunnel”) between two gateway routers or a remote PC client. The following types of tunnels can be created: Gateway-to-gateway VPN: to connect two or more routers to secure traffic between remote sites.
Unified Services Router User Manual Figure 49: VPN Wizard launch screen To easily establish a VPN tunnel using VPN Wizard, follow the steps below: Step 1: Select the VPN tunnel type to create The tunnel can either be a gateway to gateway connection (site-to-site) or a tunnel to a host on the internet (remote access).
Page 83
Unified Services Router User Manual Local WAN IP address / FQDN: This field can be left blank if you are not using a different FQDN or IP address than the one specified in the WAN port’s configuration. Step 3: Configure the Secure Connection Remote Accessibility fields to identify the remote network: Remote LAN IP address: address of the LAN behind the peer gateway Remote LAN Subnet Mask: the subnet mask of the LAN behind the peer...
Unified Services Router User Manual 6.2 Configuring IPSec Policies Setup > VPN Settings > IPSec > IPSec Policies A IPSec policy is between this router and another gateway or this router and a IPSec client on a remote host. The IPSec mode can be either tunnel or transport depending on the network being traversed between the two policy endpoints.
Unified Services Router User Manual Figure 50: IPSec policy configuration Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase 1 / Phase 2 negotiation to use for the tunnel. This is covered in the IPSec mode setting, as the policy can be Manual or Auto.
Unified Services Router User Manual Figure 51: IPSec policy configuration continued (Auto policy via IKE) A Manual policy does not use IKE and instead relies on manual keying to exchange authentication parameters between the two IPSec hosts. The incoming and outgoing security parameter index (SPI) values must be mirrored on the remote tunnel endpoint.
Unified Services Router User Manual Figure 52: IPSec policy configuration continued (Auto / Manual Phase 2) 6.2.1 Extended Authentication (XAUTH) You can also configure extended authentication (XAUTH). Rather than configure a unique VPN policy for each user, you can configure the VPN gateway router to authenticate users from a stored list of user accounts or with an external authentication server such as a RADIUS server.
Unified Services Router User Manual VPN client software is required to establish a VPN tunnel between the router and remote endpoint. Open source software (such as OpenVPN or Openswan) as well as Microsoft IPSec VPN software can be configured with the required IKE policy parameters to establish an IPSec VPN tunnel.
Unified Services Router User Manual Figure 53: PPTP tunnel configuration – PPTP Server 6.4.2 L2TP Tunnel Support Setup > VPN Settings > L2TP > L2TP Server A L2TP VPN can be established through this router. Once enabled a L2TP server is available on the router for LAN and WAN L2TP client users to access.
Chapter 7. SSL VPN The router provides an intrinsic SSL VPN feature as an alternate to the standard IPSec VPN. SSL VPN differs from IPSec VPN mainly by removing the requirement of a pre- installed VPN client on the remote host. Instead, users can securely login through the SSL User Portal using a standard web browser and receive access to configured network resources within the corporate LAN.
Unified Services Router User Manual Figure 55: Available Users with login status and associated Group/Domain Advanced > Users > Domains The Domain determines the authentication method (local user database, external server) to be used when validating the remote user’s connection. As well the Domain determines the portal layout presented to the remote SSL user.
Page 93
Unified Services Router User Manual following user types are assigned to a user that reaches the GUI login screen from the LAN or WAN: Administrator: This is the router’s super-user, and can manage the router, use SSL VPN to access network resources, and login to L2TP/PPTP servers on the WAN. There will always be one default administrator user for the GUI.
Unified Services Router User Manual Figure 56: User configuration options 7.2 Using SSL VPN Policies Setup > VPN Settings > SSL VPN Server > SSL VPN Policies SSL VPN Policies can be created on a Global, Group, or User level. User level policies take precedence over Group level policies and Group level policies take precedence over Global policies.
Unified Services Router User Manual Figure 57: List of SSL VPN polices (Global filter) To add a SSL VPN policy, you must first assign it to a user, group, or make it global (i.e. applicable to all SSL VPN users). If the policy is for a group, the available configured groups are shown in a drop down menu and one must be selected.
Unified Services Router User Manual Figure 58: SSL VPN policy configuration 7.2.1 Using Network Resources Setup > VPN Settings > SSL VPN Server > Resources Network resources are services or groups of LAN IP addresses that are used to easily create and configure SSL VPN policies. This shortcut saves time when creating similar policies for multiple remote SSL VPN users.
Unified Services Router User Manual Figure 59: List of configured resources, which are available to assign to SSL VPN policies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding service.
Unified Services Router User Manual users with easy-to-remember FQDN’s to access TCP applications instead of error- prone IP addresses when using the Port Forwarding service through the SSL User Portal. Defining the hostname is optional as minimum requirement for port forwarding is identifying the TCP application and local server IP address.
Unified Services Router User Manual The IP addresses of the client’s network interfaces (Ethernet, Wireless, etc.) cannot be identical to the router’s IP address or a server on the corporate LAN that is being accessed through the SSL VPN tunnel. Figure 61: SSL VPN client adapter and access configuration The router allows full tunnel and split tunnel support.
Unified Services Router User Manual Figure 62: Configured client routes only apply in split tunnel mode 7.5 User Portal Setup > VPN Settings > SSL VPN Client > SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through a user portal.
Unified Services Router User Manual Figure 63: List of configured SSL VPN portals. The configured portal can then be associated with an authentication domain 7.5.1 Creating Portal Layouts Setup > VPN Settings > SSL VPN Server > Portal Layouts The router allows you to create a custom page for remote SSL VPN users that is presented upon authentication.
Unified Services Router User Manual Chapter 8. Advanced Configuration Tools 8.1 USB Device Setup Setup > USB Settings There are two USB ports on the DSR Unified Services Router. The port supports a 3G modem where the USB dongle is used as a secondary WAN interface. Additionally, the port can be used for a USB storage device if USB Disc is type is selected.
Unified Services Router User Manual A self certificate is a certificate issued by a CA identifying your device (or self- signed if you don’t want the identity protection of a CA). The Active Self Certificate table lists the self certificates currently loaded on the gateway. The following information is displayed for each uploaded self certificate: Name: The name you use to identify this certificate, it is not displayed to IPSec VPN peers or SSL users.
Unified Services Router User Manual Chapter 9. Administration & Management 9.1 Configuration Access Control The primary means to configure this gateway via the browser-independent GUI. The GUI can be accessed from LAN node by using the gateway’s LAN IP address and HTTP, or from the WAN by using the gateway’s WAN IP address and HTTPS (HTTP over SSL).
Unified Services Router User Manual Figure 68: Remote Management from the WAN 9.1.2 CLI Access In addition to the web-based GUI, the gateway supports SSH and Telnet management for command-line interaction. The CLI login credentials are shared with the GUI for administrator users. To access the CLI, type “cli” in the SSH or console prompt and login with administrator user credentials.
Unified Services Router User Manual Figure 69: SNMP Users, Traps, and Access Control Tools > Admin > SNMP System Info The router is identified by an SNMP manager via the System Information. The identifier settings The SysName set here is also used to identify the router for SysLog logging.
Unified Services Router User Manual Figure 70: SNMP system information for this router 9.3 Configuring Time Zone and NTP Tools > Date and Time You can configure your time zone, whether or not to adjust for Daylight Savings Time, and with which Network Time Protocol (NTP) server to synchronize the date and time.
Unified Services Router User Manual Figure 71: Date, Time, and NTP server setup 9.4 Log Configuration This router allows you to capture log messages for traffic through the firewall, VPN, and over the wireless AP. As an administrator you can monitor the type of traffic that goes through the router and also be notified of potential attacks or errors when they are detected by the router.
Page 110
Unified Services Router User Manual System: This refers to application and management level features available on this router, including SSL VPN and administrator changes for managing the unit. Wireless: This facility corresponds to the 802.11 driver used for providing AP functionality to your network. For each facility, the following events (in order of severity) can be logged: Emergency, Alert, Critical, Error, Warning, Notification, Information, Debugging.
Unified Services Router User Manual Figure 72: Facility settings for Logging The display for logging can be customized based on where the logs are sent, either Status > Logs the Event Log viewer in the GUI (the Event Log viewer is in the page) or a remote Syslog server for later review.
Page 112
Unified Services Router User Manual Example: If Accept Packets from LAN to WAN is enabled and there is a firewall rule to allow SSH traffic from LAN, then whenever a LAN machine tries to make an SSH connection, those packets will be accepted and a message will be logged.
Unified Services Router User Manual Figure 73: Log configuration options for traffic through router 9.4.2 Sending Logs to E-mail or Syslog Tools > Log Settings > Remote Logging Once you have configured the type of logs that you want the router to collect, they can be sent to either a Syslog server or an E-Mail address.
Unified Services Router User Manual this requirement. In some cases the SMTP server may send out IDENT requests, and this router can have this response option enabled as needed. Once the e-mail server and recipient details are defined you can determine when the router should send out logs.
Unified Services Router User Manual the local Event Viewer on the router’s GUI, and thus can collect a considerable number of logs over a sustained period. This is typically very useful for debugging network issues or to monitor router traffic over a long duration. This router supports up to 8 concurrent Syslog servers.
Unified Services Router User Manual Figure 76: VPN logs displayed in GUI event viewer 9.5 Backing up and Restoring Configuration Settings Tools > System You can back up the router’s custom configuration settings to restore them to a different device or the same router after some other changes. During backup, your settings are saved as a file on your host.
Unified Services Router User Manual To restore your saved settings from a backup file, click Browse then locate the file on the host. After clicking Restore, the router begins importing the file’s saved configuration settings. After the restore, the router reboots automatically with the restored settings. To erase your current settings and revert to factory default settings, click the Default button.
By clicking the Check Now button in the notification section, the router will check a D-Link server to see if a newer firmware version for this router is available for download and update the Status field below.
Unified Services Router User Manual Figure 79: Dynamic DNS configuration 9.8 Using Diagnostic Tools Tools > System Check The router has built in tools to allow an administrator to evaluate the communication status and overall network health.
Unified Services Router User Manual Figure 80: Router diagnostics tools available in the GUI 9.8.1 Ping This utility can be used to test connectivity between this router and another device on the network connected to this router. Enter an IP address and click PING. The command output will appear indicating the ICMP echo request status.
Unified Services Router User Manual Figure 81: Sample traceroute output 9.8.3 DNS Lookup To retrieve the IP address of a Web, FTP, Mail or any other server on the Internet, type the Internet Name in the text box and click Lookup. If the host or domain entry exists, you will see a response with the IP address.
Unified Services Router User Manual Chapter 10. Router Status and Statistics 10.1 System Overview The Status page allows you to get a detailed overview of the system configuration. The settings for the wired and wireless interfaces are displayed in the Device Status page, and then the resulting hardware resource and router usage details are summarized on the router’s Dashboard.
Unified Services Router User Manual Figure 83: Device Status display (continued) 10.1.2 Resource Utilization Status > Device Info > Dashboard The Dashboard page presents hardware and usage statistics. The CPU and Memory utilization is a function of the available hardware and current configuration and traffic through the router.
Unified Services Router User Manual Figure 86: Resource Utilization data (continued) 10.2 Traffic Statistics 10.2.1 Wired Port Statistics Status > Traffic Monitor > Device Statistics Detailed transmit and receive statistics for each physical port are presented here. Each interface (WAN1, WAN2/DMZ, LAN, and VLANs) have port specific packet level information provided for review.
Unified Services Router User Manual Figure 87: Physical port statistics 10.2.2 Wireless Statistics Status > Traffic Monitor > Wireless Statistics The Wireless Statistics tab displays the incrementing traffic statistics for each enabled access point. This page will give a snapshot of how much traffic is being transmitted over each wireless link.
Unified Services Router User Manual Figure 88: AP specific statistics 10.3 Active Connections 10.3.1 Sessions through the Router Status > Active Sessions This table lists the active internet sessions through the router’s firewall. The session’s protocol, state, local and remote IP addresses are shown.
Unified Services Router User Manual 10.3.2 Wireless Clients Status > Wireless Clients The clients connected to a particular AP can be viewed on this page. Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link, as well as the time connected to the corresponding AP.
Unified Services Router User Manual Figure 91: List of LAN hosts 10.3.4 Active VPN Tunnels Status > Active VPNs You can view and change the status (connect or drop) of the router’s IPSec security associations. Here, the active IPSec SAs (security associations) are listed along with the traffic details and tunnel state.
Unified Services Router User Manual Figure 92: List of current Active VPN Sessions All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are displayed on this page as well. Table fields are as follows. Field Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router.
Unified Services Router User Manual Chapter 11. Trouble Shooting 11.1 Internet connection Symptom: You cannot access the router’s web-configuration interface from a PC on your LAN. Recommended action: Check the Ethernet connection between the PC and the router. Ensure that your PC’s IP address is on the same subnet as the router. If you are using the recommended addressing scheme, your PC’s address should be in the range 192.168.10.2 to 192.168.10.254.
Page 136
Unified Services Router User Manual Symptom: Router cannot access the Internet. Possible cause: If you use dynamic IP addresses, your router may not have requested an IP address from the ISP. Recommended action: www.google.com Launch your browser and go to an external site such as http://192.168.10.1 Access the firewall’s configuration main menu at Monitoring >...
Unified Services Router User Manual Symptom: Router can obtain an IP address, but PC is unable to load Internet pages. Recommended action: Ask your ISP for the addresses of its designated Domain Name System (DNS) servers. Configure your PC to recognize those addresses. For details, see your operating system documentation.
Unified Services Router User Manual Observe the display: If the path is working, you see this message sequence: Pinging <IP address> with 32 bytes of data Reply from <IP address>: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message sequence: Pinging <IP address>...
Unified Services Router User Manual Verify that the network (subnet) address of your PC is different from the network address of the remote device. Verify that the cable or DSL modem is connected and functioning. Ask your ISP if it assigned a hostname to your PC. Network Configuration >...
Chapter 12. Credits Microsoft, Windows are registered trademarks of Microsoft Corp. Linux is a registered trademark of Linus Torvalds. UNIX is a registered trademark of The Open Group.
Unified Services Router User Manual Appendix A. Glossary Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC addresses. CHAP Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP. DDNS Dynamic DNS. System for updating domain names in real time. Allows a domain name to be assigned to a device with a dynamic IP address.
Page 143
Unified Services Router User Manual PPPoE Point-to-Point Protocol over Ethernet. Protocol for connecting a network of hosts to an ISP without the ISP having to manage the allocation of IP addresses. PPTP Point-to-Point Tunneling Protocol. Protocol for creation of VPNs for the secure transfer of data from remote clients to private servers over the Internet.
Appendix B. Factory Default Settings Feature Description Default Setting Device login User login URL http://192.168.10.1 User name (case sensitive) admin Login password (case sensitive) admin Internet WAN MAC address Use default address Connection WAN MTU size 1500 Port speed Autosense Local area network IP address 192.168.10.1...
Unified Services Router User Manual Appendix D. Log Output Reference Facility: System (Networking) Log Message Severity Log Message Severity DBUpdate event: Table: %s opCode:%d BridgeConfig: too few arguments to rowId:%d DEBUG command %s ERROR BridgeConfig: too few arguments to networkIntable.txt not found DEBUG command %s ERROR...
Page 148
Unified Services Router User Manual nimfAdvOptSetWrap: user has changed MTU option DEBUG ddns: SQL error: %s ERROR nimfAdvOptSetWrap: MTU: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR nimfAdvOptSetWrap: old MTU size: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR nimfAdvOptSetWrap: old Port Speed Option: %d DEBUG ddnsDisable failed ERROR nimfAdvOptSetWrap: old Mac Address...
Page 149
Unified Services Router User Manual %s:DBUpdate event: Table: %s opCode:%d rowId:%d DEBUG Failed to commit ERROR %s:%d SIP ENABLE: %s DEBUG ifStatusDBUpdate: Failed to begin " ERROR sipTblHandler:failed to update ifStatic DEBUG %s: SQL error: %s ERROR sipTblHandler:failed to update Configport DEBUG %s: Failed to commit "...
Page 150
Unified Services Router User Manual nimfGetUpdateMacFlag: unable to get pPrivSep: %s DEBUG Flag from MacTable ERROR %s:DBUpdate event: Table: %s nimfMacGet: Updating MAC address opCode:%d rowId:%d DEBUG failed ERROR Re-Starting sshd daemon..DEBUG sqlite3QueryResGet failed.Query:%s ERROR sshd re-started successfully. DEBUG error executing the command %s ERROR sshd stopped .
Page 151
Unified Services Router User Manual Subnetaddress should be provided GetDnsFromIsp: %s DEBUG with accessoption 2 ERROR IdleTimeOutFlag: %s DEBUG Failed to restart sshd ERROR IdleTimeOutValue: %d DEBUG unable to open the " ERROR AuthMetho: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR executing %s ... %s DEBUG Error in executing DB update handler ERROR...
Page 152
Unified Services Router User Manual %s: buffer overflow DEBUG Failed to clear vlan for %d ERROR %s: value of %s in %s table is: %s DEBUG Failed to set vlan entry for vlan %d ERROR Failed to set vlan entries, while %s: returning with status: %s DEBUG enabling \...
Page 154
Unified Services Router User Manual pppoeMgmtTblHandler: unable to get l2tpMgmtTblHandler: UserName: %s DEBUG current Mtu Option ERROR pppoeMgmtTblHandler: unable to get l2tpMgmtTblHandler: Password: %s DEBUG the Mtu ERROR pppoeMgmtTblHandler: pppoe enable l2tpMgmtTblHandler: AccountName: %s DEBUG failed ERROR pppoeMgmtDBUpdateHandler: failed l2tpMgmtTblHandler: DomainName: %s DEBUG query: %s ERROR...
Page 155
Unified Services Router User Manual dhcpcMgmtTblHandler: dhclient The Enable Command is %s ERROR enable failed ERROR l2tpEnable:Executing the Command dhcpcMgmtTblHandler: dhcpc release failed ERROR failed ERROR dhcpcMgmtTblHandler: dhcpc disable l2tpDisable: command string: %s ERROR failed ERROR dhcpcMgmtDBUpdateHandler: failed l2tpDisable: unable to stop l2tp session ERROR query: %s ERROR...
Page 156
Unified Services Router User Manual Setting message in fragment buffer: Created EAP/PEAP context: OK DEBUG ERROR ERROR Allocating TLS read buffer is NULL: Deleted EAP/PEAP context: OK DEBUG ERROR ERROR Upper EAP sent us: decision = %d method state = %d DEBUG Setting last fragment: ERROR ERROR...
Page 157
Unified Services Router User Manual Error rcvd. opCode %d. DEBUG Plugin context is NULL ERROR pCtx NULL. DEBUG Deriving implicit challenge: Error ERROR TLS message len changed in the fragment, ignoring. DEBUG Generating NT response: Error ERROR no data to send while fragment ack received.
Page 158
Unified Services Router User Manual pFB->msgBuff is NULL. DEBUG Setting profile to glue layer: ERROR. ERROR Error calculating binary. DEBUG _eapCtxCreate failed. ERROR %d authentication not enabled in the Error calculating binary. DEBUG system. ERROR Initializing inner non-EAP auth plugin: adpDigestInit for SHA1 failed.
Page 159
Unified Services Router User Manual password change is not allowed for this EAP-PEAP not enabled in system user DEBUG configuration. ERROR EAP-WSC not enabled in system completed writing the policy DEBUG configuration. ERROR PAP not enabled in system completed writing the SA DEBUG configuration.
Page 160
Unified Services Router User Manual pEapCtx == NULL or pPDU == NULL. ERROR Could not initialize des-ecb ERROR received EAP pdu bigger than EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR received EAP pdu bigger than EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR state machine is in invalid state.
Page 161
Unified Services Router User Manual Could not open database: %s DEBUG sqlite3QueryResGet failed ERROR CPU LOG File not found DEBUG radSendtoServer: socket: %s ERROR radSendtoServer: bind() Failed: %s: MEM LOG File not found DEBUG ERROR cpuMemUsageDBUpdateHandler: radRecvfromServer: recvfrom() Failed: update query: %s DEBUG ERROR radRecvfromServer: Packet too small...
Page 162
Unified Services Router User Manual Adding Dictionary Attribute '%s' DEBUG Failed to set default retries value ERROR ERROR: incomplete DB update Adding Dictionary Value %s DEBUG information. ERROR old values result does not contain 2 Receiving attribute: %s DEBUG rows ERROR Processing attribute: %s DEBUG...
Page 163
Unified Services Router User Manual Next Synchronization after" DEBUG Unable to set debug for radAuth. ERROR Next Synchronization after %d \ DEBUG Unable to set debug level for radAuth. ERROR Primary is not available, " DEBUG ERROR: option value not specified ERROR Secondary is not available, "...
Page 164
Unified Services Router User Manual timeout after semTake DEBUG memPartAlloc for %d size failed ERROR srcId=%d(%s) <-- destId=%d(%s) cmd=%d DEBUG memPartAlloc for %d size failed ERROR No Handler registered for this UMI Un-registerting component with Id %d DEBUG context ERROR failed to send ioctl request: dst(%d) <--- Couldn't find component with ID src(%d)
Page 165
Unified Services Router User Manual cpuMemUsageDBUpdateHandler: SQL error: %s ERROR Invalid Privacy Algorithm ERROR unable to open the DB file %s ERROR Failed to Get Host Address ERROR umiInit failed ERROR Invalid version ERROR unable to register to UMI ERROR snmp v3 Trap Configuration Failed ERROR Error Reading from the Database.
Page 166
Unified Services Router User Manual wan traffic counters are restared DEBUG Deleting schedule based firewall rules. DEBUG Deleting schedule based firewall rules Traffic limit has been reached DEBUG from DB. DEBUG Traffic meter monthly limit has been Update schedule based firewall rules in changed to %d.
Page 167
Unified Services Router User Manual Enabling attack check for L2TP. DEBUG Updating BlockSites Keyword from \ DEBUG Enabling attack check for UDP Flood. DEBUG Inserting BlockSites Keyword \ DEBUG Enabling attack check for IPSec. DEBUG Deleting Trusted Domain \ DEBUG Enabling attack check for PPTP.
Page 168
Unified Services Router User Manual Internet on port %d %d:%d:%d:%d:%d Enabling remote access management Disabling Port Trigger Rule for for IP address range" DEBUG %d:%d:%d:%d:%d DEBUG Enabling remote access management to Adding Port Trigger Rule for only this PC. DEBUG %d:%d:%d:%d:%d DEBUG Disabling Management Access from...
Page 169
Unified Services Router User Manual Update FirewallRules6 where fwLBSpillOverConfigure: Could not set ScheduleName = '%s' to New " DEBUG POSTROUTING rules ERROR fwLBSpillOverConfigure: Something Dns proxy Restart failed DEBUG going wrong Here ERROR fwL2TPGenericRules.c: unable to open deleting interface to ifgroup failed DEBUG the database file "...
Page 170
Unified Services Router User Manual Facility: Local0 (Wireless) Log Message Severity Log Message Severity (node=%s) setting %s to val = %d DEBUG sqlite3QueryResGet failed ERROR Custom wireless event: '%s' DEBUG sqlite3QueryResGet failed ERROR Wireless event: cmd=0x%x len=%d DEBUG VAP(%s) set beacon interval failed ERROR New Rogue AP (%02x:%02x:%02x:%02x:%02x:%02x)
Page 171
Unified Services Router User Manual PNAC_EVENT_PREAUTH_SUCCESS event for : %s DEBUG UDP failed, received Length is %d ERROR event for non-existent node %s DEBUG umiIoctl(UMI_COMP_KDOT11, ERROR PNAC_EVENT_EAPOL_START event umiIoctl(UMI_COMP_UDOT11,%d,%d received DEBUG ERROR PNAC_EVENT_EAPOL_LOGOFF event umiIoctl(UMI_COMP_KDOT11,%d,%d received DEBUG ERROR PNAC_EVENT_REAUTH event received DEBUG No IAPP Node found for req id %d ERROR...
Page 172
Unified Services Router User Manual DOT11_RX_EAPOL_KEYMSG: sending EAPOL pdu to PNAC... DEBUG unknown ifname %s ERROR creating pnac authenticator with values %d %d - %s DEBUG cmd %d not supported.sender=%d ERROR Profile %s does not exist DEBUG inteface name passed is NULL ERROR IAPP initialized.
Page 173
Unified Services Router User Manual pnacRecvRtn: no corresponding pnac port pae found DEBUG umiIoctl(UMI_COMP_IAPP,%d) failed ERROR sending unicast key DEBUG Invalid IE. ERROR umiIoctl(UMI_COMP_KDOT11_VAP, sending broadcast key DEBUG %d ) failed ERROR from pnacAuthPAEDisconnected: calling umiIoctl(UMI_COMP_KDOT11,%d pnacTxCannedFail DEBUG ,%d) failed ERROR from pnacAuthPAEForceUnauth: calling KDOT11_SET_PARAM:IEEE80211_I...
Page 174
Unified Services Router User Manual from pnacRecvMapi: pkt body len = %d, eapolRecvKeyMsg: invalid descriptor pktType = %d DEBUG version ERROR from pnacPDUProcess: received eapolRecvKeyMsg: incorrect PNAC_EAP_PACKET DEBUG descriptor version ERROR eapolRecvKeyMsg: Ack must not be from pnacPDUProcess: currentId = %d DEBUG ERROR from pnacPDUProcess: code = %d,...
Page 175
Unified Services Router User Manual from pnacBackAuthFail: calling pnacTxCannedFail DEBUG RC4 framework initialization failed ERROR %s returned ERROR DEBUG PNAC framework initialization failed ERROR pnacUmiIoctlHandler: cmd: %s(%d) DEBUG ERROR: option value not specified ERROR %s not configured for 802.1x DEBUG ERROR: -u can be used only with -s ERROR could not process PDU received from the...
Page 176
Unified Services Router User Manual phyPort:%s pnacRadXlateRadPktIntegrityChk: no corresponding " Error from pnacPortPaeDeconfig:kpnacPortPaeDec pnacRadXlateRadPktIntegrityChk: no onfig failed WARN message " ERROR pnacPortPaeDeconfig:kpnacPortPaeDec Error from onfig failed WARN pnacRadXlateRadPktIntegrityChk: " ERROR From pnacBackAuthSuccess: failed to notify pnacRadXlateRadChalPktHandle: no the destination " WARN encapsulated eap "...
Page 177
Unified Services Router User Manual Failed to initiate PBC based enrolle pnacKeyInfoGet:failed to allocate association ERROR buffer ERROR Invalid association mode. (Allowed PNAC user comp id not set. dropping modes : PIN/PBC) ERROR EAPOL key pkt ERROR pnacUmiPortPaeParamSet: invalid wpsEnable: running wsccmd failed ERROR buffer received ERROR...
Page 178
Unified Services Router User Manual Error from pnacAuthInit: Invalid Cipher type %d ERROR pnacAuthKeyTxInit failed ERROR Profile supports WEP stas,Group cipher Error from pnacAuthInit: must be WEP ERROR pnacReauthTimerInit failed ERROR Error from pnacAuthInit: Profile %s does not exist ERROR pnacBackAuthInit failed ERROR Error from pnacAuthInit: pnacCtrlDirInit...
Page 179
Unified Services Router User Manual pnacEapRadAuthSend: Invalid Error in executing DB update handler ERROR arguments ERROR pnacEapRadAuthSend: failed to sqlite3QueryResGet failed ERROR allocate inbuffer ERROR ERROR: incomplete DB update information. ERROR pnacXmit : umiIoctl failed[%d] ERROR old values result does not contain 2 rows ERROR pnacPDUForward: Invalid input ERROR...
Page 181
Unified Services Router User Manual %s%d: bad sequence number: %d, expected: %d, DEBUG ifmedia_ioctl: no media found for 0x%x, DEBUG ifmedia_ioctl: switching %s to , dev- PPPIOCDETACH file->f_count=%d, DEBUG >name DEBUG PPP: outbound frame not passed DEBUG ifmedia_match: multiple match for DEBUG PPP: VJ decompression error DEBUG...
Page 190
Unified Services Router User Manual Redirect from %u.%u.%u.%u on %s Failed to set AES encrypt key DEBUG about INFO IP: routing cache hash table of %u Failed to set AES encrypt key DEBUG buckets, %ldKbytes, INFO source route option %u.%u.%u.%u -> Failed to set AES encrypt key DEBUG %u.%u.%u.%u,...
Page 191
Unified Services Router User Manual md5HardTest(0) ? Failed : Passed >natport) WARNIN AES Software Test: %d iterations, iter DEBUG ** skb len %d, dlen %d,(*pskb)->len, WARNIN AES Software Test Duration: %d:%d, DEBUG ********** Non linear skb WARNIN AES Hardware Test: %d iterations, iter DEBUG End of sdp %p, nexthdr WARNIN...
Page 192
Unified Services Router User Manual >sc_curmode WARNIN REG Size == 64 Bit DEBUG %u.%u.%u.%u sent an invalid ICMP WARNIN REG Size is not in 8/16/32/64 DEBUG dst cache overflow Written Value = %x ::: At Page = %x : WARNIN Addr = %x DEBUG Neighbour table overflow.
Page 193
Unified Services Router User Manual Error in ADD- no node available DEBUG Unable to create ip_set_list ERROR %s(): Channel capabilities do not match, chan flags 0x%x, DEBUG Unable to create ip_set_hash ERROR %s: cannot map channel to mode; freq ip_conntrack_in: Frag of proto %u %u flags 0x%x, DEBUG (hook=%u),...
Page 194
Unified Services Router User Manual Adding entry for DEBUG PPP: VJ uncompressed error ERROR ifmedia_set: no match for 0x%x/0x%x, DEBUG ppp_decompress_frame: no memory ERROR ifmedia_set: target DEBUG ppp_mp_reconstruct bad seq %u < %u, ERROR ifmedia_set: setting to DEBUG PPP: couldn't register device %s (%d), ERROR ifmedia_ioctl: switching %s to , dev- ppp: destroying ppp struct %p but...
Page 195
Unified Services Router User Manual PKTLOG_TAG %s:allocation failed for pl_info, __FUNCTION__ DEBUG PPP: couldn't register device %s (%d), ERROR PKTLOG_TAG %s:allocation failed for ppp: destroying ppp struct %p but pl_info, __FUNCTION__ DEBUG dead=%d ERROR PKTLOG_TAG %s: create_proc_entry failed for %s, DEBUG ppp: destroying undead channel %p !, ERROR...
Page 196
Unified Services Router User Manual %s: unable to start recv logic, __func__ DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR %s: unable to start recv logic, __func__ DEBUG %s: %s:%d: BAD SESSION MAGIC \ ERROR %s: unable to reset hardware; hal status DEBUG %s: %s:%d: BAD TUNNEL MAGIC \ ERROR...
Page 197
Unified Services Router User Manual Radar found on channel %d (%d MHz), DEBUG %03d:, i ERROR End of DFS wait period DEBUG %02x, ((unsigned char *)p)[i] ERROR %s error allocating beacon, __func__ DEBUG mic check failed ERROR failed to allocate UAPSD QoS NULL tx descriptors: %d, error DEBUG [%s] Wrong parameters, __func__...
Page 198
Unified Services Router User Manual MAX_NUM_PATTERN %s: unable to register device, dev- Pattern added to entry %d ,i DEBUG >name ERROR Remove wake up pattern DEBUG ath_pci: 32-bit DMA not available ERROR mask = %p pat = %p ath_pci: cannot reserve PCI memory ,maskBytes,patternBytes DEBUG region...
Page 199
Unified Services Router User Manual %s: unable to attach hardware: '%s' %p , buf DEBUG (HAL status %u), ERROR axq_q: DEBUG %s: HAL ABI mismatch; ERROR %s: unable to reset hardware; hal status %u, __func__, status DEBUG %s: failed to allocate descriptors: %d, ERROR %s: unable to setup a beacon xmit ****ASSERTION HIT****...
Page 200
Unified Services Router User Manual Marked the packet proto:%d sip:%x dip:%x sport:%d dport:%d CRITICA Can't allocate memory for ath_vap. DEBUG spi:%d,isr:%p:%p %p SAV CHECK FAILED IN CRITICA Unable to add an interface for ath_dev. DEBUG DECRYPTION %s: [%02u] %-7s , tag, ix, ciphers[hk- CRITICA >kv_type] DEBUG...