D-Link DSR-500 User Manual
Unified services router
Hide thumbs
Also See for DSR-500:
- Manual (251 pages) ,
- User manual (213 pages) ,
- Quick installation manual (77 pages)
Related Manuals for D-Link DSR-500
Summary of Contents for D-Link DSR-500
- Page 1 Building Networks for People Unified Services Router User Manual DSR-500N/1000N Release 1.01 http://www.dlink.com...
-
Page 2: User Manual
User Manual Unified Services Router D-Link Corporation Copyright © 2010. http://www.dlink.com... - Page 3 RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE D-LINK PRODUCT OR FAILURE OF THE PRODUCT, EVEN IF D-LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHERMORE, D- LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES.
-
Page 4: Table Of Contents
Unified Services Router User Manual Table of Contents Chapter 1. Introduction ..........................8 About this User Manual .................... 8 Typographical Conventions ..................8 Chapter 2. Configuring Your Network: LAN Setup ................9 LAN Configuration ..................... 9 2.1.1 LAN Configuration in an IPv6 Network ..............11 2.1.2 Configuring IPv6 Router Advertisements ............ - Page 5 Unified Services Router User Manual Wi-Fi Protected Setup (WPS) ................56 Chapter 5. Securing the Private Network .................... 59 Firewall Rules ......................59 Defining Rule Schedules ..................60 Configuring Firewall Rules ..................61 5.3.1 Firewall Rule Configuration Examples ..............65 Security on Custom Services ................
- Page 6 Unified Services Router User Manual 9.4.2 Sending Logs to E-mail or Syslog ..............111 9.4.3 Event Log Viewer in GUI ..................113 Backing up and Restoring Configuration Settings ........... 114 Upgrading Router Firmware ................115 Dynamic DNS Setup ..................... 116 Using Diagnostic Tools ..................
- Page 7 Unified Services Router User Manual List of Figures Figure 1: Setup page for LAN TCP/IP settings ..................11 Figure 2: IPv6 LAN and DHCPv6 configuration ..................13 Figure 3: Configuring the Router Advertisement Daemon ..............16 Figure 4: IPv6 Advertisement Prefix settings ..................17 Figure 5: Adding VLAN memberships to the LAN .................
- Page 8 Unified Services Router User Manual Figure 32: Radio card configuration options ................... 55 Figure 33: Advanced Wireless communication settings ............... 56 Figure 34: WPS configuration for an AP with WPA/WPA2 profile ............57 Figure 35: List of Available Firewall Rules ....................60 Figure 36: List of Available Schedules to bind to a firewall rule ............
- Page 9 Unified Services Router User Manual Figure 64: SSL VPN Portal configuration ....................100 Figure 65: USB device configuration ..................... 101 Figure 66: Certificate summary for IPSec and HTTPS management ..........102 Figure 67: User Login policy configuration ................... 103 Figure 68: Remote Management from the WAN.................. 104 Figure 69: SNMP Users, Traps, and Access Control ................
-
Page 10: Chapter 1. Introduction
1.1 About this User Manual This document is a high level manual to allow new D-Link Unified Services Router users to configure connectivity, setup VPN tunnels, establish firewall rules and perform general administrative tasks. -
Page 11: Chapter 2. Configuring Your Network: Lan Setup
Chapter 2. Configuring Your Network: LAN Setup It is assumed that the user has a machine for management connected to the LAN to the router. The LAN connection may be through the wired Ethernet ports available on the router, or once the initial setup is complete, the device may also be managed through its wireless interface as it is bridged with the LAN. - Page 12 Unified Services Router User Manual To configure LAN Connectivity, please follow the steps below: In the LAN Setup page, enter the following information for your router: IP address (factory default: 192.168.10.1). If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again.
-
Page 13: Lan Configuration In An Ipv6 Network
Unified Services Router User Manual Enable DNS Proxy: To enable the router to act as a proxy for all DNS requests and communicate with the ISP’s DNS servers, click the checkbox. Click Save Settings to apply all changes. Figure 1: Setup page for LAN TCP/IP settings 2.1.1 LAN Configuration in an IPv6 Network Advanced >... - Page 14 Unified Services Router User Manual Advanced > IPv6 > IP mode IPv4 / IPv6 mode must be enabled in the to enable IPv6 configuration options. LAN Settings The default IPv6 LAN address for the router is fec0::1. You can change this 128 bit IPv6 address based on your network requirements.
-
Page 15: Figure 2: Ipv6 Lan And Dhcpv6 Configuration
Unified Services Router User Manual Figure 2: IPv6 LAN and DHCPv6 configuration If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again. Be sure the LAN host (the machine used to manage the router) has obtained IP address from newly assigned pool (or has a static IP address in the router’s LAN subnet) before accessing the router via changed IP address. -
Page 16: Configuring Ipv6 Router Advertisements
Unified Services Router User Manual DHCP Mode: The IPv6 DHCP server is either stateless or stateful. If stateless is selected an external IPv6 DHCP server is not required as the IPv6 LAN hosts are auto-configured by this router. In this case the router advertisement daemon (RADVD) must be configured on this device and ICMPv6 router discovery messages are used by the host for auto- configuration. - Page 17 Unified Services Router User Manual RADVD Advanced > IPv6 > IPv6 LAN > Router Advertisement To support stateless IPv6 auto configuration on the LAN, set the RADVD status to Enable. The following settings are used to configure RADVD: Advertise Mode: Select Unsolicited Multicast to send router advertisements (RA’s) to all interfaces in the multicast group.
-
Page 18: Figure 3: Configuring The Router Advertisement Daemon
Unified Services Router User Manual Figure 3: Configuring the Router Advertisement Daemon Advertisement Prefixes Advanced > IPv6 > IPv6 LAN > Advertisement Prefixes The router advertisements configured with advertisement prefixes allow this router to inform hosts how to perform stateless address auto configuration. Router advertisements contain a list of subnet prefixes that allow the router to determine neighbors and whether the host is on the same link as the router. -
Page 19: Vlan Configuration
Unified Services Router User Manual IPv6 Prefix Length: This value indicates the number contiguous, higher order bits of the IPv6 address that define up the network portion of the address. Typically this is 64. Prefix Lifetime: This defines the duration (in seconds) that the requesting node is allowed to use the advertised prefix. -
Page 20: Associating Vlans To Ports
Unified Services Router User Manual will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other configured VLAN IDs that have Inter VLAN Routing enabled. Figure 5: Adding VLAN memberships to the LAN 2.2.1 Associating VLANs to ports In order to tag all traffic through a specific LAN port with a VLAN ID, you can associate a VLAN to a physical port. -
Page 21: Figure 6: Port Vlan List
Unified Services Router User Manual Figure 6: Port VLAN list In Access mode the port is a member of a single VLAN (and only one). All data going into and out of the port is untagged. Traffic through a port in access mode looks like any other Ethernet frame. -
Page 22: Configurable Port: Dmz Setup
Unified Services Router User Manual Figure 7: Configuring VLAN membership for a port 2.3 Configurable Port: DMZ Setup This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. A DMZ is a subnetwork that is open to the public but behind the firewall. -
Page 23: Universal Plug And Play (Upnp)
Unified Services Router User Manual Figure 8: DMZ configuration In order to configure a DMZ port, the router’s configurable port must be set to Setup > Internet Settings > Configurable Port DMZ in the page. 2.4 Universal Plug and Play (UPnP) Advanced >... -
Page 24: Figure 9: Upnp Configuration
Unified Services Router User Manual Advertisement Period: This is the frequency that the router broadcasts UPnP information over the network. A large value will minimize network traffic but cause delays in identifying new UPnP devices to the network. Advertisement Time to Live: This is expressed in hops for each UPnP packet. This is the number of steps a packet is allowed to propagate before being discarded. -
Page 25: Chapter 3. Connecting To The Internet: Wan Setup
Unified Services Router User Manual Chapter 3. Connecting to the Internet: WAN Setup This router has two WAN ports that can be used to establish a connection to the internet. The following ISP connection types are supported: DHCP, Static, PPPoE, PPTP, L2TP, 3G Internet (via USB modem). -
Page 26: Wan Configuration
Unified Services Router User Manual 3G Internet access with a USB modem is supported on the secondary WAN port (WAN2). The Internet Connection Setup Wizard assists with the primary WAN port (WAN1) configuration only. 3.2 WAN Configuration Setup > Internet Settings > WAN1 Setup You must either allow the router to detect WAN connection type automatically or configure manually the following basic settings to enable Internet connectivity: ISP Connection type: Based on the ISP you have selected for the primary WAN link... -
Page 27: Wan Port Ip Address
Unified Services Router User Manual Server IP Address: Enter the IP address of the PPTP or L2TP server. 3.2.1 WAN Port IP address Your ISP assigns you an IP address that is either dynamic (newly generated each time you log in) or static (permanent). The IP Address Source option allows you to define whether the address is statically provided by the ISP or should be received dynamically at each login. -
Page 28: Figure 11: Manual Wan Configuration
Unified Services Router User Manual Figure 11: Manual WAN configuration... -
Page 29: Pppoe Profiles
Unified Services Router User Manual 3.2.4 PPPoE Profiles Setup > Internet Settings > PPPoE Profiles > WAN1 PPPoE Profiles Some ISP’s allow for multiple concurrent PPPoE sessions (it is most common in Japan). Each connection can have its own specific authentication requirements and will provide unique IP, gateway, and DNS address parameters to the associated WAN port. -
Page 30: Wan Configuration In An Ipv6 Network
Unified Services Router User Manual Figure 13: PPPoE profile configuration 3.2.5 WAN Configuration in an IPv6 Network Setup > IPv6 > IPv6 WAN1 Config For IPv6 WAN connections, this router can have a static IPv6 address or receive connection information when configured as a DHCPv6 client. In the case where the ISP assigns you a fixed address to access the internet, the static configuration settings must be completed. -
Page 31: Checking Wan Status
Unified Services Router User Manual When the ISP allows you to obtain the WAN IP settings via DHCP, you need to provide details for the DHCPv6 client configuration. The DHCPv6 client on the gateway can be either stateless or stateful. If a stateful client is selected the gateway will connect to the ISP’s DHCPv6 server for a leased address. - Page 32 Unified Services Router User Manual Connection state: This is whether the WAN is connected or disconnected to an ISP. The Link State is whether the physical WAN connection in place; the Link State can be UP (i.e. cable inserted) while the WAN Connection State is down.
-
Page 33: Figure 15: Connection Status Information For Both Wan Ports
Unified Services Router User Manual Figure 15: Connection Status information for both WAN ports The WAN status page allows you to Enable or Disable static WAN links. For WAN settings that are dynamically received from the ISP, you can Renew or Release the link parameters if required. -
Page 34: Bandwidth Controls
Unified Services Router User Manual 3.3 Bandwidth Controls Advanced > Advanced Network > Traffic Management > Bandwidth Profiles Bandwidth profiles allow you to regulate the traffic flow from the LAN to WAN 1 or WAN 2. This is useful to ensure that low priority LAN users (like guests or HTTP service) do not monopolize the available WAN’s bandwidth for cost-savings or bandwidth-priority-allocation purposes. -
Page 35: Figure 17: Bandwidth Profile Configuration Page
Unified Services Router User Manual For finer control, the Rate profile type can be used. With this option the minimum and maximum bandwidth allowed by this profile can be limited. Choose the WAN interface that the profile should be associated with Figure 17: Bandwidth Profile Configuration page Advanced >... -
Page 36: Features With Multiple Wan Links
Unified Services Router User Manual Figure 18: Traffic Selector Configuration 3.4 Features with Multiple WAN Links This router supports multiple WAN links. This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable WAN connectivity on one of the ports. -
Page 37: Load Balancing
Unified Services Router User Manual 3.4.2 Load Balancing This feature allows you to use multiple WAN links (and presumably multiple ISP’s) simultaneously. After configuring more than one WAN port, the load balancing option is available to carry traffic over more than one link. Protocol bindings are used to segregate and assign services over one WAN port in order to manage internet flow. -
Page 38: Protocol Bindings
Unified Services Router User Manual Figure 19: Load Balancing is available when multiple WAN ports are configured and Protocol Bindings have been defined 3.4.3 Protocol Bindings Advanced > Routing > Protocol Bindings Protocol bindings are required when the Load Balancing feature is in use. Choosing from a list of configured services or any of the user-defined services, the type of traffic can be assigned to go over only one of the available WAN ports. -
Page 39: Routing Configuration
Unified Services Router User Manual Figure 20: Protocol binding setup to associate a service and/or LAN source to a WAN and/or destination network 3.5 Routing Configuration Routing between the LAN and WAN will impact the way this router handles traffic that is received on any of its physical interfaces. - Page 40 Unified Services Router User Manual IP address. Along with connection sharing, NAT also hides internal IP addresses from the computers on the Internet. NAT is required if your ISP has assigned only one IP address to you. The computers that connect through the router will need to be assigned IP addresses from a private subnet.
-
Page 41: Dynamic Routing (Rip)
Unified Services Router User Manual Figure 21: Routing Mode is used to configure traffic routing between WAN and LAN, as well as Dynamic routing (RIP) 3.5.2 Dynamic Routing (RIP) Setup > Internet Settings > Routing Mode... -
Page 42: Static Routing
Unified Services Router User Manual Dynamic routing using the Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is common in LANs. With RIP this router can exchange routing information with other supported routers in the LAN and allow for dynamic adjustment of routing tables in order to adapt to modifications in the LAN without interrupting traffic flow. - Page 43 Unified Services Router User Manual The List of Static Routes displays all routes that have been added manually by an administrator and allows several operations on the static routes. The List of IPv4 Static Routes and List of IPv6 Static Routes share the same fields (with one exception): Name: Name of the route, for identification and management.
-
Page 44: Configurable Port - Wan Option
Unified Services Router User Manual Figure 22: Static route configuration fields 3.6 Configurable Port - WAN Option This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. If the port is selected to be a secondary WAN interface, all configuration pages relating to WAN2 are enabled. -
Page 45: Figure 23: Wan2 Configuration For 3G Internet (Part 1)
Unified Services Router User Manual Figure 23: WAN2 configuration for 3G internet (part 1) Cellular 3G internet access is available on WAN2 via a USB modem. The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish a connection. -
Page 46: Wan Port Settings
Unified Services Router User Manual Figure 24: WAN2 configuration for 3G internet (part 2) 3.7 WAN Port Settings Advanced > Advanced Network > WAN Port Setup The physical port settings for each WAN link can be defined here. If your ISP account defines the WAN port speed or is associated with a MAC address, this information is required by the router to ensure a smooth connection with the network. -
Page 47: Figure 25: Physical Wan Port Settings
Unified Services Router User Manual The default MAC address is defined during the manufacturing process for the interfaces, and can uniquely identify this router. You can customize each WAN port’s MAC address as needed, either by letting the WAN port assume the current LAN host’s MAC address or by entering a MAC address manually. -
Page 48: Chapter 4. Wireless Access Point Setup
Unified Services Router User Manual Chapter 4. Wireless Access Point Setup This router has an integrated 802.11n radio that allows you to create an access point for wireless LAN clients. The security/encryption/authentication options are grouped in a wireless Profile, and each configured profile will be available for selection in the AP configuration menu. -
Page 49: Wireless Network Setup Wizard
Unified Services Router User Manual Figure 26: Wireless Network Setup Wizards 4.1.1 Wireless Network Setup Wizard This wizard provides a step-by-step guide to create and secure a new access point on the router. The network name (SSID) is the AP identifier that will be detected by supported clients. -
Page 50: Manual Wireless Network Setup
Unified Services Router User Manual Personal Identification Number (PIN): The wireless device that supports WPS may have an alphanumeric PIN, and if entered in this field the AP will establish a link to the client. Click Connect to complete setup and connect to the client. -
Page 51: Wep Security
Unified Services Router User Manual server, or both. Note that WPA does not support 802.11n data rates; is it appropriate for legacy 802.11 connections. WPA2: this security type uses CCMP encryption (and the option to add TKIP encryption) on either PSK (pre-shared key) or Enterprise (RADIUS Server) authentication. -
Page 52: Wpa Or Wpa2 With Psk
Unified Services Router User Manual size. Next choose one of the keys to be used for authentication. The selected key must be shared with wireless clients to connect to this device. Figure 28: Profile configuration to set network security 4.2.2 WPA or WPA2 with PSK A pre-shared key (PSK) is a known passphrase configured on the AP and client both and is used to authenticate the wireless client. -
Page 53: Radius Authentication
Unified Services Router User Manual 4.2.3 RADIUS Authentication Setup > Wireless Settings > RADIUS Settings Enterprise Mode uses a RADIUS Server for WPA and/or WPA2 security. A RADIUS server must be configured and accessible by the router to authenticate wireless client connections to an AP enabled with a profile that uses RADIUS authentication. -
Page 54: Creating And Using Access Points
Unified Services Router User Manual Figure 29: RADIUS server (External Authentication) configuration 4.3 Creating and Using Access Points Setup > Wireless Settings > Access Points Once a profile (a group of security settings) is created, it can be assigned to an AP on the router. -
Page 55: Figure 30: Virtual Ap Configuration
Unified Services Router User Manual Figure 30: Virtual AP configuration A valuable power saving feature is the start and stop time control for this AP. You can conserve on the radio power by disabling the AP when it is not in use. For example on evenings and weekends if you know there are no wireless clients, the start and stop time will enable/disable the access point automatically. -
Page 56: Primary Benefits Of Virtual Aps
Unified Services Router User Manual Figure 31: List of configured access points (Virtual APs) shows one enabled access point on the radio, broadcasting its SSID The clients connected to a particular AP can be viewed by using the Status Button on the List of Available Access Points. -
Page 57: Tuning Radio Specific Settings
Unified Services Router User Manual 4.4 Tuning Radio Specific Settings Setup > Wireless Settings > Radio Settings The Radio Settings page lets you configure the channels and power levels available for the AP’s enabled on the device. The router has a dual band 802.11n radio, meaning either 2.4 GHz or 5 GHz frequency of operation can be selected (not concurrently though). -
Page 58: Advanced Wireless Settings
Unified Services Router User Manual 4.5 Advanced Wireless Settings Advanced > Wireless Settings > Advanced Wireless Sophisticated wireless administrators can modify the 802.11 communication parameters in this page. Generally, the default settings are appropriate for most networks. Please refer to the GUI integrated help text for further details on the use of each configuration parameter. -
Page 59: Figure 34: Wps Configuration For An Ap With Wpa/Wpa2 Profile
Unified Services Router User Manual connect within 60 seconds of clicking the “Configure via PIN” button immediately below the PIN field. There is no LED indication that a client has connected. Push Button Configuration (PBC): for wireless devices that support PBC, press and hold down on this button and within 2 minutes click the PBC connect button. -
Page 61: Chapter 5. Securing The Private Network
Chapter 5. Securing the Private Network You can secure your network by creating and applying rules that your router uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to whom the rules apply. To do so, you must define the following: Services or traffic types (examples: web browsing, VoIP, other standard services and also custom services that you define) Direction for the traffic by specifying the source and destination of traffic;... -
Page 62: Defining Rule Schedules
Unified Services Router User Manual may use the IP address if a static address is assigned to the WAN port, or if your WAN address is dynamic a DDNS (Dynamic DNS) name can be used. Outbound (LAN/DMZ to WAN) rules restrict access to traffic leaving your network, selectively allowing only specific local users to access specific outside resources. -
Page 63: Configuring Firewall Rules
Unified Services Router User Manual Figure 36: List of Available Schedules to bind to a firewall rule 5.3 Configuring Firewall Rules Advanced > Firewall Settings > Firewall Rules All configured firewall rules on the router are displayed in the Firewall Rules list. This list also indicates whether the rule is enabled (active) or not, and gives a summary of the From/To zone as well as the services or users that the rule affects. - Page 64 Unified Services Router User Manual Service: ANY means all traffic is affected by this rule. For a specific service the drop down list has common services, or you can select a custom defined service. Action & Schedule: Select one of the 4 actions that this rule defines: BLOCK always, ALLOW always, BLOCK by schedule otherwise ALLOW, or ALLOW by schedule otherwise BLOCK.
- Page 65 Unified Services Router User Manual External IP address: The rule can be bound to a specific WAN interface by selecting either the primary WAN or configurable port WAN as the source IP address for incoming traffic. This router supports multi-NAT and so the External IP address does not necessarily have to be the WAN address.
-
Page 66: Figure 37: The Firewall Rule Configuration Page Allows You To Define The To/From Zone, Service, Action, Schedules, And Specify Source/Destination Ip Addresses As Needed
Unified Services Router User Manual Figure 37: The firewall rule configuration page allows you to define the To/From zone, service, action, schedules, and specify source/destination IP addresses as needed. -
Page 67: Firewall Rule Configuration Examples
Unified Services Router User Manual 5.3.1 Firewall Rule Configuration Examples Example 1: Allow inbound HTTP traffic to the DMZ Situation: You host a public web server on your local DMZ network. You want to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day. - Page 68 Unified Services Router User Manual arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN. One of these public IP addresses is used as the primary IP address of the router. This address is used to provide Internet access to your LAN PCs through NAT.
-
Page 69: Figure 38: Schedule Configuration For The Above Example
Unified Services Router User Manual Click apply – now schedule “Weekend” isolates all day Saturday and Sunday from the rest of the week. Figure 38: Schedule configuration for the above example. Since we are trying to block HTTP requests, it is a service with To Zone: Insecure (WAN1/WAN2) that is to be blocked according to schedule “Weekend”. -
Page 70: Security On Custom Services
Unified Services Router User Manual Select the Action to “Block by Schedule, otherwise allow”. This will take a predefined schedule and make sure the rule is a blocking rule during the defined dates/times. All other times outside the schedule will not be affected by this firewall blocking rule As we defined our schedule in schedule “Weekend”, this is available in the dropdown menu We want to block the IP range assigned to the marketing group. -
Page 71: Alg Support
Unified Services Router User Manual Figure 39: List of user defined services. 5.5 ALG support Advanced > Firewall Settings > ALGs Application Level Gateways (ALGs) are security component that enhance the firewall and NAT support of this router to seamlessly support application layer protocols. In some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports a particular client application (such as H.323 or RTSP) requires, without which the admin would have to open large... -
Page 72: Vpn Passthrough For Firewall
Unified Services Router User Manual Figure 40: Available ALG support on the router. 5.6 VPN Passthrough for Firewall Advanced > Firewall Settings > VPN Passthrough This router’s firewall settings can be configured to allow encrypted VPN traffic for IPSec, PPTP, and L2TP VPN tunnel connections between the LAN and internet. A specific firewall rule or service is not appropriate to introduce this passthrough support;... -
Page 73: Application Rules
Unified Services Router User Manual Figure 41: Passthrough options for VPN tunnels 5.7 Application Rules Advanced > Application Rules > Application Rules Application rules are also referred to as port triggering. This feature allows devices on the LAN or DMZ to request one or more ports to be forwarded to them. Port triggering waits for an outbound request from the LAN/DMZ on one of the defined outgoing ports, and then opens an incoming port for that specified type of traffic. -
Page 74: Web Content Filtering
Unified Services Router User Manual Figure 42: List of Available Application Rules showing 4 unique rules The application rule status page will list any active rules, i.e. incoming ports that are being triggered based on outbound requests from a defined outgoing port. 5.8 Web Content Filtering The gateway offers some standard web filtering options to allow the admin to easily create internet access policies between the secure LAN and insecure WAN. -
Page 75: Figure 43: Content Filtering Used To Block Access To Proxy Servers And Prevent Activex Controls From Being Downloaded
Unified Services Router User Manual Figure 43: Content Filtering used to block access to proxy servers and prevent ActiveX controls from being downloaded Approved URLs Advanced > Website Filter > Approved URLs The Approved URLs is an acceptance list for all URL domain names. Domains added to this list are allowed in any form. -
Page 76: Figure 44: Two Trusted Domains Added To The Approved Urls List
Unified Services Router User Manual Figure 44: Two trusted domains added to the Approved URLs List Blocked Keywords Advanced > Website Filter > Blocked Keywords Keyword blocking allows you to block all website URL’s or site content that contains the keywords in the configured list. This is lower priority than the Approved URL List;... -
Page 77: Ip/Mac Binding
Unified Services Router User Manual Figure 45: Two keywords added to the block list 5.9 IP/MAC Binding Advanced > IP/MAC Binding Another available security measure is to only allow outbound traffic (from the LAN to WAN) when the LAN node has an IP address matching the MAC address bound to it. This is IP/MAC Binding, and by enforcing the gateway to validate the source traffic’s IP address with the unique MAC Address of the configured LAN node, the administrator can ensure traffic from that IP address is not spoofed. -
Page 78: Intrusion Prevention (Ips)
Unified Services Router User Manual Figure 46: The above example of IP/MAC Binding binds a LAN host’s MAC Address to an IP address. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured 5.10 Intrusion Prevention (IPS) Advanced >... -
Page 79: Protecting From Internet Attacks
Unified Services Router User Manual Figure 47: Intrusion Prevention features on the router 5.10.1 Protecting from Internet Attacks Advanced > Advanced Network > Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the router unusable. Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP scans. -
Page 80: Figure 48: Protecting The Router And Lan From Internet Attacks
Unified Services Router User Manual Figure 48: Protecting the router and LAN from internet attacks... -
Page 81: Chapter 6. Ipsec / Pptp / L2Tp Vpn
Unified Services Router User Manual Chapter 6. IPSec / PPTP / L2TP VPN A VPN provides a secure communication channel (“tunnel”) between two gateway routers or a remote PC client. The following types of tunnels can be created: Gateway-to-gateway VPN: to connect two or more routers to secure traffic between remote sites. -
Page 82: Figure 49: Vpn Wizard Launch Screen
Unified Services Router User Manual Figure 49: VPN Wizard launch screen To easily establish a VPN tunnel using VPN Wizard, follow the steps below: Step 1: Select the VPN tunnel type to create The tunnel can either be a gateway to gateway connection (site-to-site) or a tunnel to a host on the internet (remote access). - Page 83 Unified Services Router User Manual Local WAN IP address / FQDN: This field can be left blank if you are not using a different FQDN or IP address than the one specified in the WAN port’s configuration. Step 3: Configure the Secure Connection Remote Accessibility fields to identify the remote network: Remote LAN IP address: address of the LAN behind the peer gateway Remote LAN Subnet Mask: the subnet mask of the LAN behind the peer...
-
Page 84: Configuring Ipsec Policies
Unified Services Router User Manual 6.2 Configuring IPSec Policies Setup > VPN Settings > IPSec > IPSec Policies A IPSec policy is between this router and another gateway or this router and a IPSec client on a remote host. The IPSec mode can be either tunnel or transport depending on the network being traversed between the two policy endpoints. -
Page 85: Figure 50: Ipsec Policy Configuration
Unified Services Router User Manual Figure 50: IPSec policy configuration Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase 1 / Phase 2 negotiation to use for the tunnel. This is covered in the IPSec mode setting, as the policy can be Manual or Auto. -
Page 86: Figure 51: Ipsec Policy Configuration Continued (Auto Policy Via Ike)
Unified Services Router User Manual Figure 51: IPSec policy configuration continued (Auto policy via IKE) A Manual policy does not use IKE and instead relies on manual keying to exchange authentication parameters between the two IPSec hosts. The incoming and outgoing security parameter index (SPI) values must be mirrored on the remote tunnel endpoint. -
Page 87: Extended Authentication (Xauth)
Unified Services Router User Manual Figure 52: IPSec policy configuration continued (Auto / Manual Phase 2) 6.2.1 Extended Authentication (XAUTH) You can also configure extended authentication (XAUTH). Rather than configure a unique VPN policy for each user, you can configure the VPN gateway router to authenticate users from a stored list of user accounts or with an external authentication server such as a RADIUS server. -
Page 88: Pptp / L2Tp Tunnels
Unified Services Router User Manual VPN client software is required to establish a VPN tunnel between the router and remote endpoint. Open source software (such as OpenVPN or Openswan) as well as Microsoft IPSec VPN software can be configured with the required IKE policy parameters to establish an IPSec VPN tunnel. -
Page 89: L2Tp Tunnel Support
Unified Services Router User Manual Figure 53: PPTP tunnel configuration – PPTP Server 6.4.2 L2TP Tunnel Support Setup > VPN Settings > L2TP > L2TP Server A L2TP VPN can be established through this router. Once enabled a L2TP server is available on the router for LAN and WAN L2TP client users to access. -
Page 91: Chapter 7. Ssl Vpn
Chapter 7. SSL VPN The router provides an intrinsic SSL VPN feature as an alternate to the standard IPSec VPN. SSL VPN differs from IPSec VPN mainly by removing the requirement of a pre- installed VPN client on the remote host. Instead, users can securely login through the SSL User Portal using a standard web browser and receive access to configured network resources within the corporate LAN. -
Page 92: User Types And Passwords
Unified Services Router User Manual Figure 55: Available Users with login status and associated Group/Domain Advanced > Users > Domains The Domain determines the authentication method (local user database, external server) to be used when validating the remote user’s connection. As well the Domain determines the portal layout presented to the remote SSL user. - Page 93 Unified Services Router User Manual following user types are assigned to a user that reaches the GUI login screen from the LAN or WAN: Administrator: This is the router’s super-user, and can manage the router, use SSL VPN to access network resources, and login to L2TP/PPTP servers on the WAN. There will always be one default administrator user for the GUI.
-
Page 94: Using Ssl Vpn Policies
Unified Services Router User Manual Figure 56: User configuration options 7.2 Using SSL VPN Policies Setup > VPN Settings > SSL VPN Server > SSL VPN Policies SSL VPN Policies can be created on a Global, Group, or User level. User level policies take precedence over Group level policies and Group level policies take precedence over Global policies. -
Page 95: Figure 57: List Of Ssl Vpn Polices (Global Filter)
Unified Services Router User Manual Figure 57: List of SSL VPN polices (Global filter) To add a SSL VPN policy, you must first assign it to a user, group, or make it global (i.e. applicable to all SSL VPN users). If the policy is for a group, the available configured groups are shown in a drop down menu and one must be selected. -
Page 96: Using Network Resources
Unified Services Router User Manual Figure 58: SSL VPN policy configuration 7.2.1 Using Network Resources Setup > VPN Settings > SSL VPN Server > Resources Network resources are services or groups of LAN IP addresses that are used to easily create and configure SSL VPN policies. This shortcut saves time when creating similar policies for multiple remote SSL VPN users. -
Page 97: Application Port Forwarding
Unified Services Router User Manual Figure 59: List of configured resources, which are available to assign to SSL VPN policies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding service. -
Page 98: Ssl Vpn Client Configuration
Unified Services Router User Manual users with easy-to-remember FQDN’s to access TCP applications instead of error- prone IP addresses when using the Port Forwarding service through the SSL User Portal. Defining the hostname is optional as minimum requirement for port forwarding is identifying the TCP application and local server IP address. -
Page 99: Figure 61: Ssl Vpn Client Adapter And Access Configuration
Unified Services Router User Manual The IP addresses of the client’s network interfaces (Ethernet, Wireless, etc.) cannot be identical to the router’s IP address or a server on the corporate LAN that is being accessed through the SSL VPN tunnel. Figure 61: SSL VPN client adapter and access configuration The router allows full tunnel and split tunnel support. -
Page 100: User Portal
Unified Services Router User Manual Figure 62: Configured client routes only apply in split tunnel mode 7.5 User Portal Setup > VPN Settings > SSL VPN Client > SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel (either using the Port Forwarding or VPN tunnel service), they login through a user portal. -
Page 101: Creating Portal Layouts
Unified Services Router User Manual Figure 63: List of configured SSL VPN portals. The configured portal can then be associated with an authentication domain 7.5.1 Creating Portal Layouts Setup > VPN Settings > SSL VPN Server > Portal Layouts The router allows you to create a custom page for remote SSL VPN users that is presented upon authentication. -
Page 102: Figure 64: Ssl Vpn Portal Configuration
Unified Services Router User Manual Figure 64: SSL VPN Portal configuration... -
Page 103: Chapter 8. Advanced Configuration Tools
Unified Services Router User Manual Chapter 8. Advanced Configuration Tools 8.1 USB Device Setup Setup > USB Settings There are two USB ports on the DSR Unified Services Router. The port supports a 3G modem where the USB dongle is used as a secondary WAN interface. Additionally, the port can be used for a USB storage device if USB Disc is type is selected. -
Page 104: Figure 66: Certificate Summary For Ipsec And Https Management
Unified Services Router User Manual A self certificate is a certificate issued by a CA identifying your device (or self- signed if you don’t want the identity protection of a CA). The Active Self Certificate table lists the self certificates currently loaded on the gateway. The following information is displayed for each uploaded self certificate: Name: The name you use to identify this certificate, it is not displayed to IPSec VPN peers or SSL users. -
Page 105: Chapter 9. Administration & Management
Unified Services Router User Manual Chapter 9. Administration & Management 9.1 Configuration Access Control The primary means to configure this gateway via the browser-independent GUI. The GUI can be accessed from LAN node by using the gateway’s LAN IP address and HTTP, or from the WAN by using the gateway’s WAN IP address and HTTPS (HTTP over SSL). -
Page 106: Cli Access
Unified Services Router User Manual Figure 68: Remote Management from the WAN 9.1.2 CLI Access In addition to the web-based GUI, the gateway supports SSH and Telnet management for command-line interaction. The CLI login credentials are shared with the GUI for administrator users. To access the CLI, type “cli” in the SSH or console prompt and login with administrator user credentials. -
Page 107: Figure 69: Snmp Users, Traps, And Access Control
Unified Services Router User Manual Figure 69: SNMP Users, Traps, and Access Control Tools > Admin > SNMP System Info The router is identified by an SNMP manager via the System Information. The identifier settings The SysName set here is also used to identify the router for SysLog logging. -
Page 108: Configuring Time Zone And Ntp
Unified Services Router User Manual Figure 70: SNMP system information for this router 9.3 Configuring Time Zone and NTP Tools > Date and Time You can configure your time zone, whether or not to adjust for Daylight Savings Time, and with which Network Time Protocol (NTP) server to synchronize the date and time. -
Page 109: Log Configuration
Unified Services Router User Manual Figure 71: Date, Time, and NTP server setup 9.4 Log Configuration This router allows you to capture log messages for traffic through the firewall, VPN, and over the wireless AP. As an administrator you can monitor the type of traffic that goes through the router and also be notified of potential attacks or errors when they are detected by the router. - Page 110 Unified Services Router User Manual System: This refers to application and management level features available on this router, including SSL VPN and administrator changes for managing the unit. Wireless: This facility corresponds to the 802.11 driver used for providing AP functionality to your network. For each facility, the following events (in order of severity) can be logged: Emergency, Alert, Critical, Error, Warning, Notification, Information, Debugging.
-
Page 111: Figure 72: Facility Settings For Logging
Unified Services Router User Manual Figure 72: Facility settings for Logging The display for logging can be customized based on where the logs are sent, either Status > Logs the Event Log viewer in the GUI (the Event Log viewer is in the page) or a remote Syslog server for later review. - Page 112 Unified Services Router User Manual Example: If Accept Packets from LAN to WAN is enabled and there is a firewall rule to allow SSH traffic from LAN, then whenever a LAN machine tries to make an SSH connection, those packets will be accepted and a message will be logged.
-
Page 113: Sending Logs To E-Mail Or Syslog
Unified Services Router User Manual Figure 73: Log configuration options for traffic through router 9.4.2 Sending Logs to E-mail or Syslog Tools > Log Settings > Remote Logging Once you have configured the type of logs that you want the router to collect, they can be sent to either a Syslog server or an E-Mail address. -
Page 114: Figure 74: E-Mail Configuration As A Remote Logging Option
Unified Services Router User Manual this requirement. In some cases the SMTP server may send out IDENT requests, and this router can have this response option enabled as needed. Once the e-mail server and recipient details are defined you can determine when the router should send out logs. -
Page 115: Event Log Viewer In Gui
Unified Services Router User Manual the local Event Viewer on the router’s GUI, and thus can collect a considerable number of logs over a sustained period. This is typically very useful for debugging network issues or to monitor router traffic over a long duration. This router supports up to 8 concurrent Syslog servers. -
Page 116: Backing Up And Restoring Configuration Settings
Unified Services Router User Manual Figure 76: VPN logs displayed in GUI event viewer 9.5 Backing up and Restoring Configuration Settings Tools > System You can back up the router’s custom configuration settings to restore them to a different device or the same router after some other changes. During backup, your settings are saved as a file on your host. -
Page 117: Upgrading Router Firmware
Unified Services Router User Manual To restore your saved settings from a backup file, click Browse then locate the file on the host. After clicking Restore, the router begins importing the file’s saved configuration settings. After the restore, the router reboots automatically with the restored settings. To erase your current settings and revert to factory default settings, click the Default button. -
Page 118: Dynamic Dns Setup
By clicking the Check Now button in the notification section, the router will check a D-Link server to see if a newer firmware version for this router is available for download and update the Status field below. -
Page 119: Using Diagnostic Tools
Unified Services Router User Manual Figure 79: Dynamic DNS configuration 9.8 Using Diagnostic Tools Tools > System Check The router has built in tools to allow an administrator to evaluate the communication status and overall network health. -
Page 120: Ping
Unified Services Router User Manual Figure 80: Router diagnostics tools available in the GUI 9.8.1 Ping This utility can be used to test connectivity between this router and another device on the network connected to this router. Enter an IP address and click PING. The command output will appear indicating the ICMP echo request status. -
Page 121: Dns Lookup
Unified Services Router User Manual Figure 81: Sample traceroute output 9.8.3 DNS Lookup To retrieve the IP address of a Web, FTP, Mail or any other server on the Internet, type the Internet Name in the text box and click Lookup. If the host or domain entry exists, you will see a response with the IP address. -
Page 122: Chapter 10. Router Status And Statistics
Unified Services Router User Manual Chapter 10. Router Status and Statistics 10.1 System Overview The Status page allows you to get a detailed overview of the system configuration. The settings for the wired and wireless interfaces are displayed in the Device Status page, and then the resulting hardware resource and router usage details are summarized on the router’s Dashboard. -
Page 123: Figure 82: Device Status Display
Unified Services Router User Manual Figure 82: Device Status display... -
Page 124: Resource Utilization
Unified Services Router User Manual Figure 83: Device Status display (continued) 10.1.2 Resource Utilization Status > Device Info > Dashboard The Dashboard page presents hardware and usage statistics. The CPU and Memory utilization is a function of the available hardware and current configuration and traffic through the router. -
Page 125: Figure 84: Resource Utilization Statistics
Unified Services Router User Manual Figure 84: Resource Utilization statistics... - Page 126 Unified Services Router User Manual...
-
Page 127: Figure 85: Resource Utilization Data (Continued)
Unified Services Router User Manual Figure 85: Resource Utilization data (continued) -
Page 128: Traffic Statistics
Unified Services Router User Manual Figure 86: Resource Utilization data (continued) 10.2 Traffic Statistics 10.2.1 Wired Port Statistics Status > Traffic Monitor > Device Statistics Detailed transmit and receive statistics for each physical port are presented here. Each interface (WAN1, WAN2/DMZ, LAN, and VLANs) have port specific packet level information provided for review. -
Page 129: Wireless Statistics
Unified Services Router User Manual Figure 87: Physical port statistics 10.2.2 Wireless Statistics Status > Traffic Monitor > Wireless Statistics The Wireless Statistics tab displays the incrementing traffic statistics for each enabled access point. This page will give a snapshot of how much traffic is being transmitted over each wireless link. -
Page 130: Active Connections
Unified Services Router User Manual Figure 88: AP specific statistics 10.3 Active Connections 10.3.1 Sessions through the Router Status > Active Sessions This table lists the active internet sessions through the router’s firewall. The session’s protocol, state, local and remote IP addresses are shown. -
Page 131: Figure 89: List Of Current Active Firewall Sessions
Unified Services Router User Manual Figure 89: List of current Active Firewall Sessions... -
Page 132: Wireless Clients
Unified Services Router User Manual 10.3.2 Wireless Clients Status > Wireless Clients The clients connected to a particular AP can be viewed on this page. Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link, as well as the time connected to the corresponding AP. -
Page 133: Active Vpn Tunnels
Unified Services Router User Manual Figure 91: List of LAN hosts 10.3.4 Active VPN Tunnels Status > Active VPNs You can view and change the status (connect or drop) of the router’s IPSec security associations. Here, the active IPSec SAs (security associations) are listed along with the traffic details and tunnel state. -
Page 134: Figure 92: List Of Current Active Vpn Sessions
Unified Services Router User Manual Figure 92: List of current Active VPN Sessions All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are displayed on this page as well. Table fields are as follows. Field Description User Name The SSL VPN user that has an active tunnel or port forwarding session to this router. -
Page 135: Chapter 11. Trouble Shooting
Unified Services Router User Manual Chapter 11. Trouble Shooting 11.1 Internet connection Symptom: You cannot access the router’s web-configuration interface from a PC on your LAN. Recommended action: Check the Ethernet connection between the PC and the router. Ensure that your PC’s IP address is on the same subnet as the router. If you are using the recommended addressing scheme, your PC’s address should be in the range 192.168.10.2 to 192.168.10.254. - Page 136 Unified Services Router User Manual Symptom: Router cannot access the Internet. Possible cause: If you use dynamic IP addresses, your router may not have requested an IP address from the ISP. Recommended action: www.google.com Launch your browser and go to an external site such as http://192.168.10.1 Access the firewall’s configuration main menu at Monitoring >...
-
Page 137: Date And Time
Unified Services Router User Manual Symptom: Router can obtain an IP address, but PC is unable to load Internet pages. Recommended action: Ask your ISP for the addresses of its designated Domain Name System (DNS) servers. Configure your PC to recognize those addresses. For details, see your operating system documentation. -
Page 138: Testing The Lan Path From Your Pc To A Remote Device
Unified Services Router User Manual Observe the display: If the path is working, you see this message sequence: Pinging <IP address> with 32 bytes of data Reply from <IP address>: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message sequence: Pinging <IP address>... -
Page 139: Restoring Factory-Default Configuration Settings
Unified Services Router User Manual Verify that the network (subnet) address of your PC is different from the network address of the remote device. Verify that the cable or DSL modem is connected and functioning. Ask your ISP if it assigned a hostname to your PC. Network Configuration >... -
Page 141: Chapter 12. Credits
Chapter 12. Credits Microsoft, Windows are registered trademarks of Microsoft Corp. Linux is a registered trademark of Linus Torvalds. UNIX is a registered trademark of The Open Group. -
Page 142: Appendix A. Glossary
Unified Services Router User Manual Appendix A. Glossary Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC addresses. CHAP Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP. DDNS Dynamic DNS. System for updating domain names in real time. Allows a domain name to be assigned to a device with a dynamic IP address. - Page 143 Unified Services Router User Manual PPPoE Point-to-Point Protocol over Ethernet. Protocol for connecting a network of hosts to an ISP without the ISP having to manage the allocation of IP addresses. PPTP Point-to-Point Tunneling Protocol. Protocol for creation of VPNs for the secure transfer of data from remote clients to private servers over the Internet.
-
Page 145: Appendix B. Factory Default Settings
Appendix B. Factory Default Settings Feature Description Default Setting Device login User login URL http://192.168.10.1 User name (case sensitive) admin Login password (case sensitive) admin Internet WAN MAC address Use default address Connection WAN MTU size 1500 Port speed Autosense Local area network IP address 192.168.10.1... -
Page 146: Appendix C. Standard Services Available For Port Forwarding & Firewall Configuration
Unified Services Router User Manual Appendix C. Standard Services Available for Port Forwarding & Firewall Configuration ICMP-TYPE-8 RLOGIN ICMP-TYPE-9 RTELNET ICMP-TYPE-10 RTSP:TCP BOOTP_CLIENT ICMP-TYPE-11 RTSP:UDP BOOTP_SERVER ICMP-TYPE-13 SFTP CU-SEEME:UDP SMTP CU-SEEME:TCP IMAP2 SNMP:TCP DNS:UDP IMAP3 SNMP:UDP DNS:TCP SNMP-TRAPS:TCP FINGER NEWS SNMP-TRAPS:UDP SQL-NET HTTP... -
Page 147: Appendix D. Log Output Reference
Unified Services Router User Manual Appendix D. Log Output Reference Facility: System (Networking) Log Message Severity Log Message Severity DBUpdate event: Table: %s opCode:%d BridgeConfig: too few arguments to rowId:%d DEBUG command %s ERROR BridgeConfig: too few arguments to networkIntable.txt not found DEBUG command %s ERROR... - Page 148 Unified Services Router User Manual nimfAdvOptSetWrap: user has changed MTU option DEBUG ddns: SQL error: %s ERROR nimfAdvOptSetWrap: MTU: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR nimfAdvOptSetWrap: old MTU size: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR nimfAdvOptSetWrap: old Port Speed Option: %d DEBUG ddnsDisable failed ERROR nimfAdvOptSetWrap: old Mac Address...
- Page 149 Unified Services Router User Manual %s:DBUpdate event: Table: %s opCode:%d rowId:%d DEBUG Failed to commit ERROR %s:%d SIP ENABLE: %s DEBUG ifStatusDBUpdate: Failed to begin " ERROR sipTblHandler:failed to update ifStatic DEBUG %s: SQL error: %s ERROR sipTblHandler:failed to update Configport DEBUG %s: Failed to commit "...
- Page 150 Unified Services Router User Manual nimfGetUpdateMacFlag: unable to get pPrivSep: %s DEBUG Flag from MacTable ERROR %s:DBUpdate event: Table: %s nimfMacGet: Updating MAC address opCode:%d rowId:%d DEBUG failed ERROR Re-Starting sshd daemon..DEBUG sqlite3QueryResGet failed.Query:%s ERROR sshd re-started successfully. DEBUG error executing the command %s ERROR sshd stopped .
- Page 151 Unified Services Router User Manual Subnetaddress should be provided GetDnsFromIsp: %s DEBUG with accessoption 2 ERROR IdleTimeOutFlag: %s DEBUG Failed to restart sshd ERROR IdleTimeOutValue: %d DEBUG unable to open the " ERROR AuthMetho: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR executing %s ... %s DEBUG Error in executing DB update handler ERROR...
- Page 152 Unified Services Router User Manual %s: buffer overflow DEBUG Failed to clear vlan for %d ERROR %s: value of %s in %s table is: %s DEBUG Failed to set vlan entry for vlan %d ERROR Failed to set vlan entries, while %s: returning with status: %s DEBUG enabling \...
- Page 153 Unified Services Router User Manual pppoeMgmtTblHandler: NetMask: %s DEBUG xl2tpdStop failed ERROR pppoeMgmtTblHandler: AuthOpt: %d DEBUG writing xl2tpd.conf failed ERROR pppoeMgmtTblHandler: Satus: %d DEBUG writing options.xl2tpd failed ERROR pppoeEnable: ppp dial string: %s DEBUG xl2tpdStop failed ERROR pppoeMgmtDBUpdateHandler: returning with status: %s DEBUG xl2tpdStart failed ERROR...
- Page 154 Unified Services Router User Manual pppoeMgmtTblHandler: unable to get l2tpMgmtTblHandler: UserName: %s DEBUG current Mtu Option ERROR pppoeMgmtTblHandler: unable to get l2tpMgmtTblHandler: Password: %s DEBUG the Mtu ERROR pppoeMgmtTblHandler: pppoe enable l2tpMgmtTblHandler: AccountName: %s DEBUG failed ERROR pppoeMgmtDBUpdateHandler: failed l2tpMgmtTblHandler: DomainName: %s DEBUG query: %s ERROR...
- Page 155 Unified Services Router User Manual dhcpcMgmtTblHandler: dhclient The Enable Command is %s ERROR enable failed ERROR l2tpEnable:Executing the Command dhcpcMgmtTblHandler: dhcpc release failed ERROR failed ERROR dhcpcMgmtTblHandler: dhcpc disable l2tpDisable: command string: %s ERROR failed ERROR dhcpcMgmtDBUpdateHandler: failed l2tpDisable: unable to stop l2tp session ERROR query: %s ERROR...
- Page 156 Unified Services Router User Manual Setting message in fragment buffer: Created EAP/PEAP context: OK DEBUG ERROR ERROR Allocating TLS read buffer is NULL: Deleted EAP/PEAP context: OK DEBUG ERROR ERROR Upper EAP sent us: decision = %d method state = %d DEBUG Setting last fragment: ERROR ERROR...
- Page 157 Unified Services Router User Manual Error rcvd. opCode %d. DEBUG Plugin context is NULL ERROR pCtx NULL. DEBUG Deriving implicit challenge: Error ERROR TLS message len changed in the fragment, ignoring. DEBUG Generating NT response: Error ERROR no data to send while fragment ack received.
- Page 158 Unified Services Router User Manual pFB->msgBuff is NULL. DEBUG Setting profile to glue layer: ERROR. ERROR Error calculating binary. DEBUG _eapCtxCreate failed. ERROR %d authentication not enabled in the Error calculating binary. DEBUG system. ERROR Initializing inner non-EAP auth plugin: adpDigestInit for SHA1 failed.
- Page 159 Unified Services Router User Manual password change is not allowed for this EAP-PEAP not enabled in system user DEBUG configuration. ERROR EAP-WSC not enabled in system completed writing the policy DEBUG configuration. ERROR PAP not enabled in system completed writing the SA DEBUG configuration.
- Page 160 Unified Services Router User Manual pEapCtx == NULL or pPDU == NULL. ERROR Could not initialize des-ecb ERROR received EAP pdu bigger than EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR received EAP pdu bigger than EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR state machine is in invalid state.
- Page 161 Unified Services Router User Manual Could not open database: %s DEBUG sqlite3QueryResGet failed ERROR CPU LOG File not found DEBUG radSendtoServer: socket: %s ERROR radSendtoServer: bind() Failed: %s: MEM LOG File not found DEBUG ERROR cpuMemUsageDBUpdateHandler: radRecvfromServer: recvfrom() Failed: update query: %s DEBUG ERROR radRecvfromServer: Packet too small...
- Page 162 Unified Services Router User Manual Adding Dictionary Attribute '%s' DEBUG Failed to set default retries value ERROR ERROR: incomplete DB update Adding Dictionary Value %s DEBUG information. ERROR old values result does not contain 2 Receiving attribute: %s DEBUG rows ERROR Processing attribute: %s DEBUG...
- Page 163 Unified Services Router User Manual Next Synchronization after" DEBUG Unable to set debug for radAuth. ERROR Next Synchronization after %d \ DEBUG Unable to set debug level for radAuth. ERROR Primary is not available, " DEBUG ERROR: option value not specified ERROR Secondary is not available, "...
- Page 164 Unified Services Router User Manual timeout after semTake DEBUG memPartAlloc for %d size failed ERROR srcId=%d(%s) <-- destId=%d(%s) cmd=%d DEBUG memPartAlloc for %d size failed ERROR No Handler registered for this UMI Un-registerting component with Id %d DEBUG context ERROR failed to send ioctl request: dst(%d) <--- Couldn't find component with ID src(%d)
- Page 165 Unified Services Router User Manual cpuMemUsageDBUpdateHandler: SQL error: %s ERROR Invalid Privacy Algorithm ERROR unable to open the DB file %s ERROR Failed to Get Host Address ERROR umiInit failed ERROR Invalid version ERROR unable to register to UMI ERROR snmp v3 Trap Configuration Failed ERROR Error Reading from the Database.
- Page 166 Unified Services Router User Manual wan traffic counters are restared DEBUG Deleting schedule based firewall rules. DEBUG Deleting schedule based firewall rules Traffic limit has been reached DEBUG from DB. DEBUG Traffic meter monthly limit has been Update schedule based firewall rules in changed to %d.
- Page 167 Unified Services Router User Manual Enabling attack check for L2TP. DEBUG Updating BlockSites Keyword from \ DEBUG Enabling attack check for UDP Flood. DEBUG Inserting BlockSites Keyword \ DEBUG Enabling attack check for IPSec. DEBUG Deleting Trusted Domain \ DEBUG Enabling attack check for PPTP.
- Page 168 Unified Services Router User Manual Internet on port %d %d:%d:%d:%d:%d Enabling remote access management Disabling Port Trigger Rule for for IP address range" DEBUG %d:%d:%d:%d:%d DEBUG Enabling remote access management to Adding Port Trigger Rule for only this PC. DEBUG %d:%d:%d:%d:%d DEBUG Disabling Management Access from...
- Page 169 Unified Services Router User Manual Update FirewallRules6 where fwLBSpillOverConfigure: Could not set ScheduleName = '%s' to New " DEBUG POSTROUTING rules ERROR fwLBSpillOverConfigure: Something Dns proxy Restart failed DEBUG going wrong Here ERROR fwL2TPGenericRules.c: unable to open deleting interface to ifgroup failed DEBUG the database file "...
- Page 170 Unified Services Router User Manual Facility: Local0 (Wireless) Log Message Severity Log Message Severity (node=%s) setting %s to val = %d DEBUG sqlite3QueryResGet failed ERROR Custom wireless event: '%s' DEBUG sqlite3QueryResGet failed ERROR Wireless event: cmd=0x%x len=%d DEBUG VAP(%s) set beacon interval failed ERROR New Rogue AP (%02x:%02x:%02x:%02x:%02x:%02x)
- Page 171 Unified Services Router User Manual PNAC_EVENT_PREAUTH_SUCCESS event for : %s DEBUG UDP failed, received Length is %d ERROR event for non-existent node %s DEBUG umiIoctl(UMI_COMP_KDOT11, ERROR PNAC_EVENT_EAPOL_START event umiIoctl(UMI_COMP_UDOT11,%d,%d received DEBUG ERROR PNAC_EVENT_EAPOL_LOGOFF event umiIoctl(UMI_COMP_KDOT11,%d,%d received DEBUG ERROR PNAC_EVENT_REAUTH event received DEBUG No IAPP Node found for req id %d ERROR...
- Page 172 Unified Services Router User Manual DOT11_RX_EAPOL_KEYMSG: sending EAPOL pdu to PNAC... DEBUG unknown ifname %s ERROR creating pnac authenticator with values %d %d - %s DEBUG cmd %d not supported.sender=%d ERROR Profile %s does not exist DEBUG inteface name passed is NULL ERROR IAPP initialized.
- Page 173 Unified Services Router User Manual pnacRecvRtn: no corresponding pnac port pae found DEBUG umiIoctl(UMI_COMP_IAPP,%d) failed ERROR sending unicast key DEBUG Invalid IE. ERROR umiIoctl(UMI_COMP_KDOT11_VAP, sending broadcast key DEBUG %d ) failed ERROR from pnacAuthPAEDisconnected: calling umiIoctl(UMI_COMP_KDOT11,%d pnacTxCannedFail DEBUG ,%d) failed ERROR from pnacAuthPAEForceUnauth: calling KDOT11_SET_PARAM:IEEE80211_I...
- Page 174 Unified Services Router User Manual from pnacRecvMapi: pkt body len = %d, eapolRecvKeyMsg: invalid descriptor pktType = %d DEBUG version ERROR from pnacPDUProcess: received eapolRecvKeyMsg: incorrect PNAC_EAP_PACKET DEBUG descriptor version ERROR eapolRecvKeyMsg: Ack must not be from pnacPDUProcess: currentId = %d DEBUG ERROR from pnacPDUProcess: code = %d,...
- Page 175 Unified Services Router User Manual from pnacBackAuthFail: calling pnacTxCannedFail DEBUG RC4 framework initialization failed ERROR %s returned ERROR DEBUG PNAC framework initialization failed ERROR pnacUmiIoctlHandler: cmd: %s(%d) DEBUG ERROR: option value not specified ERROR %s not configured for 802.1x DEBUG ERROR: -u can be used only with -s ERROR could not process PDU received from the...
- Page 176 Unified Services Router User Manual phyPort:%s pnacRadXlateRadPktIntegrityChk: no corresponding " Error from pnacPortPaeDeconfig:kpnacPortPaeDec pnacRadXlateRadPktIntegrityChk: no onfig failed WARN message " ERROR pnacPortPaeDeconfig:kpnacPortPaeDec Error from onfig failed WARN pnacRadXlateRadPktIntegrityChk: " ERROR From pnacBackAuthSuccess: failed to notify pnacRadXlateRadChalPktHandle: no the destination " WARN encapsulated eap "...
- Page 177 Unified Services Router User Manual Failed to initiate PBC based enrolle pnacKeyInfoGet:failed to allocate association ERROR buffer ERROR Invalid association mode. (Allowed PNAC user comp id not set. dropping modes : PIN/PBC) ERROR EAPOL key pkt ERROR pnacUmiPortPaeParamSet: invalid wpsEnable: running wsccmd failed ERROR buffer received ERROR...
- Page 178 Unified Services Router User Manual Error from pnacAuthInit: Invalid Cipher type %d ERROR pnacAuthKeyTxInit failed ERROR Profile supports WEP stas,Group cipher Error from pnacAuthInit: must be WEP ERROR pnacReauthTimerInit failed ERROR Error from pnacAuthInit: Profile %s does not exist ERROR pnacBackAuthInit failed ERROR Error from pnacAuthInit: pnacCtrlDirInit...
- Page 179 Unified Services Router User Manual pnacEapRadAuthSend: Invalid Error in executing DB update handler ERROR arguments ERROR pnacEapRadAuthSend: failed to sqlite3QueryResGet failed ERROR allocate inbuffer ERROR ERROR: incomplete DB update information. ERROR pnacXmit : umiIoctl failed[%d] ERROR old values result does not contain 2 rows ERROR pnacPDUForward: Invalid input ERROR...
- Page 180 Unified Services Router User Manual Invalid config data ERROR Facility: Kernel Log Message Severity Log Message Severity DNAT: multiple ranges no longer supported DEBUG %s: %s%s:%d -> %s:%d %s, DEBUG DNAT: Target size %u wrong for %u ranges, DEBUG %s: %s%s:%d %s, DEBUG %s: Failed to add WDS MAC: %s, dev- DNAT: wrong table %s, tablename...
- Page 181 Unified Services Router User Manual %s%d: bad sequence number: %d, expected: %d, DEBUG ifmedia_ioctl: no media found for 0x%x, DEBUG ifmedia_ioctl: switching %s to , dev- PPPIOCDETACH file->f_count=%d, DEBUG >name DEBUG PPP: outbound frame not passed DEBUG ifmedia_match: multiple match for DEBUG PPP: VJ decompression error DEBUG...
- Page 182 Unified Services Router User Manual %s: mac_del %02X:%02X:%02X:%02X:%02X:%02X, dev->name, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5] DEBUG %02x, ((u_int8_t *)p)[i] DEBUG %s: mac_kick %02X:%02X:%02X:%02X:%02X:%02X, dev->name, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5] DEBUG first difference at byte %u, i DEBUG %s: mac_undefined %02X:%02X:%02X:%02X:%02X:%02X, dev->name, addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]...
- Page 183 Unified Services Router User Manual %s: flow dst=%s, __FUNCTION__, XFRMSTRADDR(fl->fl6_dst, family) DEBUG encrypt data length mismatch DEBUG %s: flow src=%s, __FUNCTION__, XFRMSTRADDR(fl->fl6_src, family) DEBUG encrypt data does not compare DEBUG a guy asks for address mask. Who is it? DEBUG tkip decap failed DEBUG icmp v4 hw csum failure)
- Page 184 Unified Services Router User Manual ip_rt_bug: %u.%u.%u.%u -> %u.%u.%u.%u, %s, DEBUG txmic DEBUG UDP: short packet: From %u.%u.%u.%u:%u %d/%d to %u.%u.%u.%u:%u, DEBUG %02x, hk->kv_txmic[i] DEBUG UDP: bad checksum. From %d.%d.%d.%d:%d to %d.%d.%d.%d:%d %s: unable to update h/w beacon ulen %d, DEBUG queue parameters, DEBUG...
- Page 185 Unified Services Router User Manual >sc_dev->name %s: mac %d.%d phy %d.%d, dev- ipt_time unloaded DEBUG >name, DEBUG ip_conntrack_irc: max_dcc_channels 5 GHz radio %d.%d 2 GHz radio must be a positive integer DEBUG %d.%d, DEBUG ip_conntrack_irc: ERROR registering radio %d.%d, ah->ah_analog5GhzRev port %d, DEBUG >>...
- Page 186 Unified Services Router User Manual RES=0x%02x , (u8)(ntohl(tcp_flag_word(th) & IPSEC_ERR [%s:%d]: Max (%d) No of TCP_RESERVED_BITS) >> 22) DEBUG SA Limit reached, DEBUG URGP=%u , ntohs(th->urg_ptr) DEBUG IPSEC_ERR [%s:%d]: time(secs): %u DEBUG ERROR: Failed to add entry to ipsec sa TRUNCATED DEBUG table...
- Page 187 Unified Services Router User Manual %s: Got Null m:%p *m:%p sa:%p %02x%c, *p, DEBUG *sa:%p,__func__,ppBufMgr, DEBUG %s Got Deleted SA:%p NAT: no longer support implicit source state:%d,__func__,pIpsecInfo,pIpsecInf local NAT DEBUG o->state DEBUG NAT: packet src %u.%u.%u.%u -> dst %s: %s: fmt, __FILE__, %u.%u.%u.%u, DEBUG __FUNCTION__ , ## args)
- Page 188 Unified Services Router User Manual %02X, ((unsigned char *) m- >msg_iov[i].iov_base)[j] DEBUG Loading bridge module INFO %02X, skb->data[i] DEBUG Unloading bridge module INFO _lvl PPPOL2TP: _fmt, ##args DEBUG unsupported command %d, cmd INFO %02X, ptr[length] DEBUG Loading ifDev module INFO %02X, ((unsigned char *) m- >msg_iov[i].iov_base)[j] DEBUG...
- Page 189 Unified Services Router User Manual const char *descr, krb5_keyblock *k) { DEBUG %s: driver unloaded, dev_info INFO test key, key DEBUG %s: driver unloaded, dev_info INFO wlan: %s backend registered, be- pre-hashed key, key DEBUG >iab_name INFO const char *descr, krb5_keyblock *k) { DEBUG wlan: %s backend unregistered, INFO...
- Page 190 Unified Services Router User Manual Redirect from %u.%u.%u.%u on %s Failed to set AES encrypt key DEBUG about INFO IP: routing cache hash table of %u Failed to set AES encrypt key DEBUG buckets, %ldKbytes, INFO source route option %u.%u.%u.%u -> Failed to set AES encrypt key DEBUG %u.%u.%u.%u,...
- Page 191 Unified Services Router User Manual md5HardTest(0) ? Failed : Passed >natport) WARNIN AES Software Test: %d iterations, iter DEBUG ** skb len %d, dlen %d,(*pskb)->len, WARNIN AES Software Test Duration: %d:%d, DEBUG ********** Non linear skb WARNIN AES Hardware Test: %d iterations, iter DEBUG End of sdp %p, nexthdr WARNIN...
- Page 192 Unified Services Router User Manual >sc_curmode WARNIN REG Size == 64 Bit DEBUG %u.%u.%u.%u sent an invalid ICMP WARNIN REG Size is not in 8/16/32/64 DEBUG dst cache overflow Written Value = %x ::: At Page = %x : WARNIN Addr = %x DEBUG Neighbour table overflow.
- Page 193 Unified Services Router User Manual Error in ADD- no node available DEBUG Unable to create ip_set_list ERROR %s(): Channel capabilities do not match, chan flags 0x%x, DEBUG Unable to create ip_set_hash ERROR %s: cannot map channel to mode; freq ip_conntrack_in: Frag of proto %u %u flags 0x%x, DEBUG (hook=%u),...
- Page 194 Unified Services Router User Manual Adding entry for DEBUG PPP: VJ uncompressed error ERROR ifmedia_set: no match for 0x%x/0x%x, DEBUG ppp_decompress_frame: no memory ERROR ifmedia_set: target DEBUG ppp_mp_reconstruct bad seq %u < %u, ERROR ifmedia_set: setting to DEBUG PPP: couldn't register device %s (%d), ERROR ifmedia_ioctl: switching %s to , dev- ppp: destroying ppp struct %p but...
- Page 195 Unified Services Router User Manual PKTLOG_TAG %s:allocation failed for pl_info, __FUNCTION__ DEBUG PPP: couldn't register device %s (%d), ERROR PKTLOG_TAG %s:allocation failed for ppp: destroying ppp struct %p but pl_info, __FUNCTION__ DEBUG dead=%d ERROR PKTLOG_TAG %s: create_proc_entry failed for %s, DEBUG ppp: destroying undead channel %p !, ERROR...
- Page 196 Unified Services Router User Manual %s: unable to start recv logic, __func__ DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR %s: unable to start recv logic, __func__ DEBUG %s: %s:%d: BAD SESSION MAGIC \ ERROR %s: unable to reset hardware; hal status DEBUG %s: %s:%d: BAD TUNNEL MAGIC \ ERROR...
- Page 197 Unified Services Router User Manual Radar found on channel %d (%d MHz), DEBUG %03d:, i ERROR End of DFS wait period DEBUG %02x, ((unsigned char *)p)[i] ERROR %s error allocating beacon, __func__ DEBUG mic check failed ERROR failed to allocate UAPSD QoS NULL tx descriptors: %d, error DEBUG [%s] Wrong parameters, __func__...
- Page 198 Unified Services Router User Manual MAX_NUM_PATTERN %s: unable to register device, dev- Pattern added to entry %d ,i DEBUG >name ERROR Remove wake up pattern DEBUG ath_pci: 32-bit DMA not available ERROR mask = %p pat = %p ath_pci: cannot reserve PCI memory ,maskBytes,patternBytes DEBUG region...
- Page 199 Unified Services Router User Manual %s: unable to attach hardware: '%s' %p , buf DEBUG (HAL status %u), ERROR axq_q: DEBUG %s: HAL ABI mismatch; ERROR %s: unable to reset hardware; hal status %u, __func__, status DEBUG %s: failed to allocate descriptors: %d, ERROR %s: unable to setup a beacon xmit ****ASSERTION HIT****...
- Page 200 Unified Services Router User Manual Marked the packet proto:%d sip:%x dip:%x sport:%d dport:%d CRITICA Can't allocate memory for ath_vap. DEBUG spi:%d,isr:%p:%p %p SAV CHECK FAILED IN CRITICA Unable to add an interface for ath_dev. DEBUG DECRYPTION %s: [%02u] %-7s , tag, ix, ciphers[hk- CRITICA >kv_type] DEBUG...