BinTec RV120-4G User Manual
  1. Manuals
  2. Brands
  3. BinTec Manuals
  4. Network Router
  5. RV120-4G
  6. User manual

BinTec RV120-4G User Manual

Rv series
Hide thumbs
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
Table of Contents

Advertisement

Quick Links

Manual
bintec elmeg GmbH
Manual
bintec RV Series
Copyright© Version 1.1, 2013 bintec elmeg GmbH
bintec RV Series
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RV120-4G and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for BinTec RV120-4G

Summary of Contents for BinTec RV120-4G

  • Page 1 Manual bintec elmeg GmbH Manual bintec RV Series Copyright© Version 1.1, 2013 bintec elmeg GmbH bintec RV Series...

  • Page 2: Legal Notice

    Betrieb des Produkts entstanden sind. Marken bintec elmeg und das bintec elmeg-Logo, bintec und das bintec-Logo, elmeg und das elmeg-Logo sind eingetragene Warenzeichen der bintec elmeg GmbH. Erwähnte Firmen- und Produktnamen sind in der Regel Warenzeichen der entsprechenden Firmen bzw.

  • Page 3: Table Of Contents

    Table of Contents bintec elmeg GmbH Table of Contents Chapter 1 Introduction ......1 Chapter 2 About this guide.
  • Page 4 Table of Contents bintec elmeg GmbH Chapter 6 Basic configuration ..... . 22 Presettings ......
  • Page 5 Table of Contents bintec elmeg GmbH Chapter 8 Assistants ......51 Chapter 9 System Management ..... 52 Status .
  • Page 6 Table of Contents bintec elmeg GmbH 10.1 AUX ......109 10.1.1 AUX .
  • Page 7 Table of Contents bintec elmeg GmbH Chapter 13 Wireless LAN Controller ....13.1 Wizard ......173 13.1.1...
  • Page 8 Table of Contents bintec elmeg GmbH 14.2.2 NAT Configuration ......218 14.3 Load Balancing ......225 14.3.1...
  • Page 9 Table of Contents bintec elmeg GmbH 16.2.1 IGMP ......277 16.2.2 Options .
  • Page 10 Table of Contents bintec elmeg GmbH 18.2.1 Tunnel Profiles ......361 18.2.2 Users ......364 18.2.3...
  • Page 11 Table of Contents bintec elmeg GmbH Chapter 21 Local Services ..... . . 21.1 DNS ......401 21.1.1...
  • Page 12 Table of Contents bintec elmeg GmbH 21.7.2 Interfaces ......451 21.7.3 Ping Generator ......453 21.8...
  • Page 13 Table of Contents bintec elmeg GmbH 23.1.1 Syslog Servers ......488 23.2 IP Accounting ......491 23.2.1...
  • Page 14 Table of Contents bintec elmeg GmbH 24.8.1 Status ......515 24.8.2 Statistics ......518 24.9...

  • Page 15: Chapter 1 Introduction

    (e. g. speed), im- age data (e. g. security cameras) and positioning signals (GPS). Safety notices The safety precautions supplied with your bintec router tell you what you need to consider when using your device. Installation...

  • Page 16: Chapter 2 About This Guide

    GmbH Chapter 2 About this guide This document is valid for bintec devices whose system software is version 9.1.7 and later. The guide, which you have in front of you, contains the following chapters: User's Guide - Reference...
  • Page 17 2 About this guide bintec elmeg GmbH Chapter Description Firewall VoIP Local Services Maintenance External Reporting Monitoring Glossary The glossary contains a reference to the most important tech- nical terms used in network technology. Index The index lists all the key terms for operating the device and all the configuration options and gives page numbers so they can be found easily.
  • Page 18 2 About this guide bintec elmeg GmbH Typographical element Use File->Open Indicates commands that you must enter as written. bold, e.g. Windows Indicates keys, key combinations and Windows terms. Start menu bold, e. g. Licence Key Indicates fields. italic, e.g.

  • Page 19: Chapter 3 Installation

    3 Installation bintec elmeg GmbH Chapter 3 Installation Caution Please read the safety notices carefully before installing and starting up your device. These are supplied with the device. The device should only be installed by a qualified person, or it could get damaged or work incorrectly.
  • Page 20 (4) Antennas Screw the external antennae onto the connections provided for this purpose. Wi-Fi (bintec RV120w-4G , bintec RV120w and bintec RV130w-4G): Screw the WLAN antennae onto the Wi-Fi connectors to provide passengers with wireless In- ternet access.
  • Page 21 3 Installation bintec elmeg GmbH tion to the wireless network. GPS: Screw the GPS antenna onto the GPS connector to receive the GPS frequen- cies. You can set up further connections as required: • Other LANs/WANs Connect any other terminals in your network to the remaining switch ports (2, 3 or 4) on your device using other Ethernet cables.

  • Page 22: Cleaning

    If you have any questions about your new product or are looking for additional information, the bintec elmeg GmbH Support Centre can be reached Monday to Friday between the hours of 9 am and 5 pm. They can be contacted as follows:...

  • Page 23: Chapter 4 Reset

    4 Reset bintec elmeg GmbH Chapter 4 Reset If the configuration is incorrect or if your device cannot be accessed, you can reset the device to the ex works standard settings using the Reset button on the back of the device.

  • Page 24: Chapter 5 Technical Data

    5 Technical data bintec elmeg GmbH Chapter 5 Technical data This chapter summarises all of the device's hardware characteristics. 5.1 Scope of supply Your device is supplied with the following parts: Product name Cable sets/mains unit/ Software Documentation other bintec RV-...
  • Page 25 Software supplied DIME Manager Documentation included Safety advice, installation poster Online documentation User Guide on DVD Available interfaces bintec RV bintec RV 120w bintec RV bintec RV 120-4G 120w-4G 130w-4G Ethernet IEEE Permanently in- Permanently in- Permanently in- Permanently in- 802.3 LAN (4-port...

  • Page 26: Leds

    5 Technical data bintec elmeg GmbH bintec RV bintec RV 120w bintec RV bintec RV 120-4G 120w-4G 130w-4G 9-pin Sub-D con- 9-pin Sub-D con- 9-pin Sub-D con- 9-pin Sub-D con- nector DB-9F nector DB-9F nector DB-9F nector DB-9F SMA-F jack...

  • Page 27: Connectors

    5.4 Connectors All the connections are located on the back of the device. The bintec RV-Serie devices have a 4-port Ethernet switch, an AUX interface, a GPS jack and connectors for external Wi-Fi and GSM antennas. The connections are arranged as follows: bintec RV-Serie Fig.

  • Page 28: Antenna Connectors

    5.5 Antenna connectors The devices have connectors for a 3G/GPS antenna and a 3G/GSM antenna connector (bintec RV120-4G and bintec RV120w-4G). The bintec RV130w-4G has two 3G/GSM antenna connectors. bintec RV120w-4G, bintec RV120w and bintec RV130w-4G have one Wi-Fi antenna connector.

  • Page 29: Pin Assignments

    The pin assignment for the 10/100 Base-T Ethernet interface (RJ45 connector) is as fol- lows: RJ45 socket for LAN connection Function Tx+ (input) Tx- (input) Rx+ (output) Rx- (output) 5.6.2 AUX interface The bintec RV-Serie devices have a DB9 jack for connecting to external devices or for the serial connection. bintec RV Series...

  • Page 30: Wi-Fi Connector And Cell Connector

    5 Technical data bintec elmeg GmbH Fig. 8: DB9 jack The pin assignment is as follows: DB9 jack Function RxD (Receive Data) TxD (Transmit Data) GND (Ground) 5.6.3 Wi-Fi connector and CELL connector The device has 4 RF SMA connectors (Wi-Fi and CELL connector).

  • Page 31: Power Supply

    5 Technical data bintec elmeg GmbH 5.6.4 Power supply The device has a connector for the power supply. Fig. 10: 12-24 V/DC jack The jack is arranged as follows: 12-24 V/DC jack Battery 5.7 Inserting the SIM card The devices have two card slots for SIM cards. Both card slots are inside the device. The card slots are labelled as SK1 (connector 1) and SK2 (connector 2).
  • Page 32 5 Technical data bintec elmeg GmbH Fig. 11: Card slots SK1 and SK2 Caution Disconnect the device from the power supply before you open the housing lid. When starting the device, always connect the data cable first and then the power supply.
  • Page 33 5 Technical data bintec elmeg GmbH Fig. 12: Unscrew the housing lid (Figure 1) Figure 2 • Open the card slot. To do this, push the card lock in the direction of the arrow (OPEN) and lift the card slot slightly.

  • Page 34: Weee Information

    5 Technical data bintec elmeg GmbH Fig. 13: Insert the SIM card (Figure 2) bintec RV Series...
  • Page 35 5 Technical data bintec elmeg GmbH 5.8 WEEE information bintec RV Series...

  • Page 36: Chapter 6 Basic Configuration

    • Password: Note All bintec devices are delivered with the same username and password. As long as the password remains unchanged, they are therefore not protected against unauthorised use. Make sure you change the passwords to prevent unauthorised access to your...

  • Page 37: Software Update

    6 Basic configuration bintec elmeg GmbH 6.1.2 Software update Your device contains the version of the system software available at the time of production. More recent versions may have since been released. You can easily perform an update with the GUI using the Maintenance->Software &Configuration menu.
  • Page 38 6 Basic configuration bintec elmeg GmbH • Basic configuration (obligatory if your device is in the ex works state) • Internet access (optional) • Wireless LAN (optional) with an independently configurable operating mode (Access Point or Access Client) The following tables show examples of possible values for the necessary data. You can enter your personal data in the "Your values"...

  • Page 39: Configuring A Pc

    6 Basic configuration bintec elmeg GmbH Access data Example value Your values Network Name (SSID) Security mode Preshared key 6.3.2 Configuring a PC In order to reach your device via the network and to be able to carry out configuration, the PC used for the configuration has to satisfy some prerequisites.

  • Page 40: Modify System Password

    Your PC should now meet all the prerequisites for configuring your device. 6.3.3 Modify system password All bintec devices are delivered with the same username and password. As long as the password remains unchanged, they are therefore not protected against unauthorised use.

  • Page 41: Other Internet Connections

    (2) Test the Internet access by entering www.bintec-elmeg.com in the Internet browser. You will find news, updates and other documentation on the bintec elmeg GmbH web- site. Note Incorrect configuration of the devices in your LAN may result in unwanted connections and increased charges! Monitor your device and make sure it only sets up connections at the times you want it to.

  • Page 42: Setting Up Wireless Lan

    6 Basic configuration bintec elmeg GmbH 6.5 Setting up wireless LAN Proceed as follows to use your device as an access point: (1) In the GUI, go to the menu Assistants->Wireless LAN->Wireless LAN. (2) Click Change to enable the WLAN.

  • Page 43: Software Update

    Source Location, (3) Confirm with Go. The device will now connect to the bintec elmeg GmbH download server and check wheth- er an updated version of the system software is available. If so, your device will be updated automatically.

  • Page 44: Chapter 7 Access And Configuration

    7 Access and configuration bintec elmeg GmbH Chapter 7 Access and configuration This chapter describes all the access and configuration options. 7.1 Access Options The various access options are presented below. Select the procedure to suit your needs. There are various ways you can access your device to configure it: •...
  • Page 45 7 Access and configuration bintec elmeg GmbH You do not need any additional software on your PC to set up a Telnet connection to your device: Telnet is available on all operating systems. Proceed as follows: Windows (1) Click Run… in the Windows Start menu.
  • Page 46 7 Access and configuration bintec elmeg GmbH connect to the device via SSH: Note The device generates a key pair for each of the algorithms (RSA and DSA), i.e. two files must be stored in the flash for each algorithm (see example at above).

  • Page 47: Access Via The Serial Interface

    FAQs, which list the required settings. 7.1.2 Access via the Serial Interface Each bintec elmeg gateway has a serial interface, with which a PC can be connected dir- ectly. The following chapter describes what you have to remember when setting up a serial connection and what you can do to configure your device in this way.
  • Page 48 7 Access and configuration bintec elmeg GmbH of your PC) to start HyperTerminal. (2) Press Return (at least once) after the HyperTerminal window opens. A window with the login prompt appears. You are now in the SNMP shell of your device.

  • Page 49: Access Over Isdn

    7 Access and configuration bintec elmeg GmbH 7.1.3 Access over ISDN All devices that have an ISDN interface can be accessed and configured from another device via an ISDN call. Access over ISDN with ISDN Login is especially recommended if your device is to be re- motely configured or maintained.

  • Page 50: User Names And Passwords In Ex Works State

    Caution All bintec elmeg devices are delivered with the same username and password. As long as the password remains unchanged, they are therefore not protected against unau- thorised use. How to change the passwords is described in Passwords on page 58.

  • Page 51: Configuration Options

    7 Access and configuration bintec elmeg GmbH Log in via the HTML surface as follows: (1) Enter your user name in the User field of the input window. (2) Enter your password in the Password field of the input window and confirm with Re- turn or click the Login button.

  • Page 52: Gui (Graphical User Interface)

    7 Access and configuration bintec elmeg GmbH The following chapters describe the configuration based on GUI. Note To change the device configuration, you must log in with the user name . If you do not know the password, you cannot make any configuration settings. This applies to all types of configuration.
  • Page 53 7 Access and configuration bintec elmeg GmbH Fig. 15: home page 7.3.1.1 Calling up GUI (1) Check whether the device is connected and switched on and that all the necessary cables are correctly connected (see on page ). (2) Check the settings of the PC from which you want to configure your device (see...
  • Page 54 7 Access and configuration bintec elmeg GmbH Fig. 16: Areas of the Header Fig. 17: header GUI header Menu Position Language: In the dropdown menu, choose the language in which you want to display the GUI. Here you can choose the language in which you perform the configuration.
  • Page 55 7 Access and configuration bintec elmeg GmbH Menu Position log out of your device. A window is opened offering you the fol- lowing options: • Save configuration, save previous boot configuration, then exit. • Save configuration, then exit. • Exit without saving.
  • Page 56 7 Access and configuration bintec elmeg GmbH Fig. 19: Menus The Save configuration button is found in the navigation bar. If you save a current configuration, you can save this as the boot configuration or you can also archive the previous boot configuration as a backup.
  • Page 57 7 Access and configuration bintec elmeg GmbH If you want to load the archived boot configuration into your device, go to the Maintenance->Software &Configuration menu, select Action = and click on Go. The archived backup is used as the current boot configuration.
  • Page 58 7 Access and configuration bintec elmeg GmbH Button Position In the System Management->Certificates->Certificate List menu and the System Management->Certificates->CRLs menu, this button activates the sub-menus for configuration of the certificate or CRL imports. In the System Management->Certificates->Certificate List menu, this button activates the sub-menu for the configuration of the certificate request.
  • Page 59 7 Access and configuration bintec elmeg GmbH Symbol Position Displays the previous page in a list. You can select the following operating functions in the list view: GUI list options Menu Position Update Interval Here you can set the interval in which the view is to be updated.
  • Page 60 7 Access and configuration bintec elmeg GmbH Menu Position Basic configuration When you select a menu from the navigation bar, the menu of menu/list basic parameters is displayed first. In a sub-menu containing several pages, the menu containing the basic parameters is dis- played on the first page.
  • Page 61 7 Access and configuration bintec elmeg GmbH Menu Position Click the arrow to open the list. Select the required option using the mouse. Internal lists e.g. Click . A new list entry is created. Enter the correspond- ing data. If list input fields remain empty, these are not saved when you confirm with OK.

  • Page 62: Snmp Shell

    Base) in the form of MIB tables and MIB variables. You can read and modify these directly via the SNMP browser. Caution This configuration method assumes an in-depth system knowledge of bintec devices! 7.3.2 SNMP shell SNMP (Simple Network Management Protocol) is a protocol that defines how you can ac- cess the configuration settings.
  • Page 63 7 Access and configuration bintec elmeg GmbH (1) Boot System (reboot the system): The device loads the compressed boot file from the flash memory to the working memory. This happens automatically on starting. (2) Software Update via TFTP: The devices performs a software update via a TFTP server.
  • Page 64 7 Access and configuration bintec elmeg GmbH the functions of the BOOTmonitor. If you do not make an entry within four seconds, the device changes back to normal operating mode. Note If you change the baudrate (the preset value is 9600 baud), make sure the terminal program used also uses this baudrate.

  • Page 65: Chapter 8 Assistants

    8 Assistants bintec elmeg GmbH Chapter 8 Assistants The Assistants menu offers step-by-step instructions for the following basic configuration tasks: • First steps • Internet Access • VPN • Wireless LAN • VoIP PBX in LAN Choose the corresponding task from the navigation bar and follow the instructions and ex- planations on the separate pages of the Wizard.

  • Page 66: Chapter 9 System Management

    9 System Management bintec elmeg GmbH Chapter 9 System Management The System Management menu contains general system information and settings. You see a system status overview. Global system parameters such as the system name, date/time, passwords and licences are managed and the access and authentication meth- ods are configured.
  • Page 67 9 System Management bintec elmeg GmbH System Management Status Fig. 23: -> The menu System Management->Status consists of the following fields: Fields in the System Information menu Field Value Uptime Displays the time past since the device was rebooted. System Date Displays the current system date and system time.
  • Page 68 9 System Management bintec elmeg GmbH Field Value to the number of configured IPSec tunnels. Fields in the Physical Interfaces menu Field Value Interface - Connection The physical interfaces are listed here and their most important Information - Link settings are shown. The system also displays whether the inter- face is connected or active.

  • Page 69: Global Settings

    9 System Management bintec elmeg GmbH Field Value Description - Connec- All the WAN interfaces are listed here and their most important tion Information - Link settings are shown. The system also displays whether the inter- face is active. 9.2 Global Settings The basic system parameters are managed in the Global Settings menu.
  • Page 70 9 System Management bintec elmeg GmbH Field Value A character string with a maximum of 255 characters is pos- sible. The device type is entered as the default value. Location Enter the location of your device. Contact Enter the relevant contact person. Here you can enter the e- mail address of the system administrator, for example.
  • Page 71 Enter the IP address of the WLAN controller. The value can only be modified it the WLAN controller function is enabled. LED mode This function is only available for bintec W1003n, bintec W2003n, bintec W2003n-ext and bintec W2004n. Select the LEDs' lighting behaviour. Possible values: •...

  • Page 72: Passwords

    -> Note All bintec elmeg devices are delivered with the same username and password. As long as the password remains unchanged, they are not protected against unauthorised use. Make sure you change the passwords to prevent unauthorised access to the device If the password is not changed, under System Management->Status there appears...

  • Page 73: Date And Time

    9 System Management bintec elmeg GmbH Field Value SNMP Read Com- Enter the password for the user name munity SNMP Write Com- Enter the password for the user name munity Fields in the Global Password Options menu Field Value Show passwords and...
  • Page 74 9 System Management bintec elmeg GmbH System Management Global Settings Date and Time Fig. 26: -> -> You have the following options for determining the system time (local time): ISDN/Manual In devices with an ISDN interface, the system time can be updated via ISDN, i. e. the date and time are taken from the ISDN when the first outgoing call is made.
  • Page 75 9 System Management bintec elmeg GmbH You can obtain the system time automatically, e.g. using various time servers. To ensure that the device uses the desired current time, you should configure one or more time serv- ers. Switching from summer time to winter time (and back) must be carried out manually if the time is derived using this method by changing the value in the Time Zone field with an option UTC+ or UTC-.
  • Page 76 9 System Management bintec elmeg GmbH Fields in the menu Automatic Time Settings (Time Protocol) Field Description ISDN Timeserver Only for devices with an ISDN interface. Determine whether the system time is to be updated via ISDN. If a time server is configured, the time is only determined over ISDN until a successful update is received from this time server.
  • Page 77 9 System Management bintec elmeg GmbH Field Description • : This time server is not currently used for the time re- quest. Third Timeserver Enter the third time server, by using either a domain name or an IP address. In addition, select the protocol for the time server request.

  • Page 78: System Licences

    9 System Management bintec elmeg GmbH Field Description Internal Time Server Select whether the internal timeserver is to be used. The function is activated by selecting . Time requests from a client will be answered with the current system time. This is given as GMT, without offset.
  • Page 79 9 System Management bintec elmeg GmbH port section at www.bintec-elmeg.com . Please follow the online licensing instructions. (Please also note the information on the licence card for licences at additional cost.) You will then receive an e-mail containing the following data: •...

  • Page 80: Interface Mode / Bridge Groups

    9 System Management bintec elmeg GmbH Activating extra licences You activate extra licences by adding the received licence information in the System Man- agement->Global Settings->System Licences->New menu. The menu System Management->Global Settings->System Licences->New consists of the following fields: Fields in the Basic Settings menu.
  • Page 81 9 System Management bintec elmeg GmbH Bridging connects networks of the same type. In contrast to routing, bridges operate at lay- er 2 of the OSI model (data link layer), are independent of higher-level protocols and trans- mit data packets using MAC addresses. Data transmission is transparent, which means the information contained in the data packets is not interpreted.

  • Page 82: Interfaces

    9 System Management bintec elmeg GmbH Example: (first wireless network on the first wireless module) The name of the WDS link or bridge link is made up of the following parts: (a) Abbreviation for interface type (b) Number of the wireless module on which the WDS link or bridge link is configured...
  • Page 83 9 System Management bintec elmeg GmbH System Management Interface Mode / Bridge Groups Interfaces Fig. 28: -> -> The System Management->Interface Mode / Bridge Groups->Interfacesmenu consists of the following fields: Fields in the Interfaces menu. Field Description Interface Description Displays the name of the interface.
  • Page 84 9 System Management bintec elmeg GmbH System Management Interface Mode / Bridge Groups Interfaces Fig. 29: -> -> -> The System Management->Interface Mode / Bridge Groups->Interfaces->Addmenu consists of the following fields: Fields in the Interfaces menu. Field Description Interface Select the interface whose status should be changed.
  • Page 85 9 System Management bintec elmeg GmbH The System Management->Interface Mode / Bridge Groups->Interfaces-> menu consists of the following fields: Fields in the Layer-2.5 Options menu. Field Value Interface Shows the interface that is being edited. Wildcard Mode Select the Wildcard mode you want to use on the interface.

  • Page 86: Administrative Access

    Only for hybird devices: You can also authorise your device for maintenance work from bintec elmeg's Customer Service department. You do this you enable either Service Login (ISDN Web-Access) or Service Call Ticket (SSH Web Access), depending on the ser- vice you require, and select the OK button.

  • Page 87: Ssh

    9 System Management bintec elmeg GmbH Field Description can restore the default settings with the icon. 9.4.1.1 Add Select the Add button to configure administrative access for additional interfaces. System Management Administrative Access Access Fig. 32: -> -> -> The System Management->Administrative Access->Access->Add menu consists of the...
  • Page 88 9 System Management bintec elmeg GmbH System Management Administrative Access Fig. 33: -> -> You need an SSH client application, e.g. PuTTY, to be able to reach the SSH Daemon. If you wish to use SSH Login together with the PuTTY client, you may need to comply with some special configuration requirements, for which we have prepared FAQs.
  • Page 89 9 System Management bintec elmeg GmbH Field Value face. The function is activated by selecting The function is enabled by default. SSH Port Here you can enter the port via which the SSH connection is to be established. The default value is...
  • Page 90 9 System Management bintec elmeg GmbH Field Value RSA Key Status Shows the status of the RSA key. If an RSA key has not been generated yet, displayed in red and a link, , is provided. If you select the link, the generation process is triggered and the view is up- dated.

  • Page 91: Snmp

    9 System Management bintec elmeg GmbH Field Value The function is disabled by default. TCP Keepalives Select whether the device is to send keepalive packets. The function is activated by selecting The function is enabled by default. Logging Level Select the syslog level for the syslog messages generated by the SSH Daemon.

  • Page 92: Remote Authentication

    9 System Management bintec elmeg GmbH System Management Administrative Access SNMP Fig. 34: -> -> The menu System Management->Administrative Access->SNMP consists of the follow- ing fields: Fields in the Basic Settings menu. Field Value SNMP Version Select the SNMP version your device is to use to listen for ex- ternal SNMP access.

  • Page 93: Radius

    9 System Management bintec elmeg GmbH 9.5.1 RADIUS RADIUS (Remote Authentication Dial In User Service) is a service that enables authentica- tion and configuration information to be exchanged between your device and a RADIUS server. The RADIUS server administrates a database with information about user authen- tication and configuration and for statistical recording of connection data.
  • Page 94 9 System Management bintec elmeg GmbH Field Value ACCESS_REJECT Server -> Client If the information contained in the ACCESS_REQUEST does not correspond to the information in the user database of the RADIUS server, it sends an ACCESS_REJECT to reject the connection.
  • Page 95 9 System Management bintec elmeg GmbH System Management Remote Authentication RADIUS Fig. 35: -> -> -> The System Management->Remote Authentication->RADIUS->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Value Authentication Type Select what the RADIUS server is to be used for.
  • Page 96 9 System Management bintec elmeg GmbH Field Value • : The RADIUS server is used for controlling access to a wireless network. • : The RADIUS server is used for authenticating IPSec peers via XAuth. Vendor Mode Only for Authentication Type = In hotspot applications, select the mode define by the provider.
  • Page 97 9 System Management bintec elmeg GmbH Field Value servers for a group are queried according to Priority and the Policy . Possible values: • (default value): Enter a new group description in the text field. • : Select this entry for special applications, such as Hotspot Server configuration.
  • Page 98 9 System Management bintec elmeg GmbH Field Value The default value is (1 second). Alive Check Here you can activate a check of the accessibility of a RADIUS server in Status An Alive Check is carried out regularly (every 20 seconds) by sending an ACCESS_REQUEST to the IP address of the RADI- US server.

  • Page 99: Tacacs

    Like RADIUS, TACACS+ is an AAA protocol and offers authentication, authorisation and accounting services (TACACS+ Accounting is currently not supported by bintec elmeg devices). The following TACACS+ functions are available on your device: •...
  • Page 100 9 System Management bintec elmeg GmbH System Management Remote Authentication TACACS+ Fig. 36: -> -> -> The System Management->Remote Authentication->TACACS+ ->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Description Authentication Type Displays which TACACS+ function is to be used. The value cannot be changed.
  • Page 101 9 System Management bintec elmeg GmbH Field Description authentication. If no response is given or access is denied (only if Policy = ), the entry with the next- highest priority is used. The available values are to , the default value is .

  • Page 102: Options

    9 System Management bintec elmeg GmbH Field Description Block Time Enter the time in seconds for which the status of the current server shall remain blocked. When the block has ended, the server is set to the status spe- cified in the Entry active field.

  • Page 103: Configuration Access

    9 System Management bintec elmeg GmbH Fields in the Global RADIUS Options menu. Field Description Authentication for PPP By default, the following authentication sequence is used for in- Dialin coming calls with RADIUS: First CLID, then PPP and then PPP with RADIUS.
  • Page 104 9 System Management bintec elmeg GmbH System Management Configuration Access Access Profiles Fig. 38: -> -> 9.6.1.1 Edit or New Choose the icon to edit existing entries. Choose the New button to create additional ac- cess profiles. To create an access profile you can use all the entries in the navigation bar of the GUI plus Save configuration and Switch to SNMP Browser.
  • Page 105 9 System Management bintec elmeg GmbH System Management Configuration Access Access Profiles Fig. 39: -> -> -> The menu System Management->Configuration Access->Access Profiles->New con- sists of the following fields: Fields in the menu Basic Settings Field Description Description Enter a unique name for the access profile.
  • Page 106 9 System Management bintec elmeg GmbH Fields in the menu Buttons Field Description Save configuration If you activate the button Save configuration the user is per- mitted to save configurations. Note Note that the passwords in the saved file can be viewed in clear text.

  • Page 107: Users

    9 System Management bintec elmeg GmbH Field Description Menus You see all the menus from the GUI's navigation bar. Menus that contain at least one sub-menu are flagged by The icon indicates pages. When you create a new access profile, no elements are as- signed yet, i.e.
  • Page 108 9 System Management bintec elmeg GmbH System Management Configuration Access Users Fig. 40: -> -> You can click the button to display the details of the configured user. You can see which fields and menus are assigned to the user.
  • Page 109 9 System Management bintec elmeg GmbH System Management Configuration Access Users Fig. 41: -> -> -> The icon means that Read-only is permitted. If a row is flagged with the icon the informa- tion is released for reading and writing. The icon indicates blocked entries.
  • Page 110 9 System Management bintec elmeg GmbH System Management Configuration Access Users Fig. 42: -> -> -> The menu System Management->Configuration Access->Users->New consists of the following fields: Fields in the menu Basic Settings Field Description User Enter a unique name for the user.

  • Page 111: Certificates

    9 System Management bintec elmeg GmbH Field Description If intersecting access profiles are assigned to a user, read and write have a higher priority than Read-only. Buttons cannot be set to the setting Read-only. 9.7 Certificates An asymmetric cryptosystem is used to encrypt data to be transported in a network, to gen- erate or check digital signatures and the authenticate users.
  • Page 112 9 System Management bintec elmeg GmbH 9.7.1.1 Edit Click the icon to display the content of the selected object (key, certificate, or request). System Management Certificates Certificate List Fig. 43: -> -> -> The certificates and keys themselves cannot be changed, but a few external attributes can be changed, depending on the type of the selected entry.
  • Page 113 9 System Management bintec elmeg GmbH Field Description Description Shows the name of the certificate, key, or request. Certificate is CA Certi- Mark the certificate as a certificate from a trustworthy certifica- ficate tion authority (CA). Certificates issued by this CA are accepted during authentica- tion.
  • Page 114 9 System Management bintec elmeg GmbH Caution It is extremely important for VPN security that the integrity of all certificates manually marked as trustworthy (certification authority and user certificates) is ensured. The dis- played "fingerprints" can be used to check this integrity: Compare the displayed values with the fingerprints specified by the issuer of the certificate (e.g.
  • Page 115 9 System Management bintec elmeg GmbH System Management Certificates Certificate List Certificate Request Fig. 44: -> -> -> The menu System Management->Certificates->Certificate List->Certificate Request consists of the following fields: Fields in the Certificate Request menu. Field Description Certificate Request De- Enter a unique description for the certificate.
  • Page 116 9 System Management bintec elmeg GmbH Field Description field. This file must be provided to the CA and the received certificate must then be imported manually to your device. • : The key is requested from a CA using the Simple Cer- tificate Enrolment Protocol.
  • Page 117 9 System Management bintec elmeg GmbH Field Description not configured on the device, the validity of certificates from this CA is not checked. • <name of an existing certificate>: If all the necessary certific- ates are already available in the system, you select these manually.
  • Page 118 9 System Management bintec elmeg GmbH Field Description If the field is not selected, enter the name components in Com- mon Name, E-mail, Organizational Unit, Organization, Loc- ality, State/Province and Country. The function is disabled by default. Summary Only for Custom = enabled.
  • Page 119 9 System Management bintec elmeg GmbH Field Description #1, #2, #3 For each entry, define the type of name and enter additional subject names. Possible values: • (default value): No additional name is entered. • : An IP address is entered.

  • Page 120: Crls

    9 System Management bintec elmeg GmbH System Management Certificates Certificate List Import Fig. 45: -> -> -> The menu System Management->Certificates->Certificate List->Import consists of the following fields: Fields in the Import menu. Field Description External Filename Enter the file path and name of the certificate to be imported, or use Browse...
  • Page 121 9 System Management bintec elmeg GmbH If a key is no longer to be used, e.g. because it has fallen into the wrong hands or has been lost, the corresponding certificate is declared invalid. The certification authority revokes the certificate and publishes it on a certificate blacklist, so-called CRL. Certificate users should always check against these lists to ensure that the certificate used is currently valid.

  • Page 122: Certificate Servers

    9 System Management bintec elmeg GmbH Field Description type of encoding. • • Password Enter the password required for the import. 9.7.3 Certificate Servers A list of certificate servers is displayed in the System Management->Certificates->Certi- ficate Servers menu. A certification authority (certification service provider, Certificate Authority, CA) issues your certificates to clients applying for a certificate via a certificate server.

  • Page 123: Chapter 10 Physical Interfaces

    10.1 AUX You require a special cable for the console port of your gateway (e.g. AUX Backup cable) to connect an external analogue modem to the AUX port on a bintec elmeg gateway. 10.1.1 AUX With an analogue/GSM interface, the gateway also supports connections for analogue and GSM modems (e.g.
  • Page 124 10 Physical Interfaces bintec elmeg GmbH Fields in the Basic Settings menu Field Description AUX Port Status Select whether the AUX port should be enabled or disabled. The port is enabled by choosing . The port is disabled by default.

  • Page 125: Ethernet Ports

    10 Physical Interfaces bintec elmeg GmbH Field Description asks for it. Entering a wrong PIN blocks communication with the modem until the entry in the profile is corrected. Modem Escape Char- Only for AUX Port Status = enabled acter The value for this field is set by default to . It should only be changed if the escape character of the modem is different.
  • Page 126 10 Physical Interfaces bintec elmeg GmbH figured. Note To ensure your device can be reached, when splitting ports make sure that Ethernet interface is assigned - with the preconfigured IP address and netmask - to a port that can be reached via Ethernet. If in doubt, carry out the configuration using a serial connection via the Console interface.

  • Page 127: Port Configuration

    10 Physical Interfaces bintec elmeg GmbH VLANs for Routing Interfaces Configure VLANs to separate individual network segments from each other, for example (e.g. individual departments of a company) or to reserve bandwidth for individual VLANs when managed switches are used with the QoS function.
  • Page 128 10 Physical Interfaces bintec elmeg GmbH Field Description to the numbering of the Ethernet ports on the back of the device. Switch-Port 5: Port ETH5 is configured here. Ethernet Interface Se- Assign a logical Ethernet interface to the switch port.

  • Page 129: Serial Port

    10 Physical Interfaces bintec elmeg GmbH Field Description • Flow Control Select whether a flow control should be conducted on the cor- responding interface. Possible values: • (default value): No flow control is performed. • : Flow control is performed.
  • Page 130 10 Physical Interfaces bintec elmeg GmbH Field Description • : The serial interface is operated as a data inter- face, Serial over IP is used. If the option is selected for Port Mode, an extra configuration section opens. Physical Interfaces...
  • Page 131 10 Physical Interfaces bintec elmeg GmbH Field Description • • • • • • (default value) • • • Data Bits Select how many data bits should be sent in sequence for traffic data. Possible values: • (default value): Eight Data Bits are sent in sequence.
  • Page 132 10 Physical Interfaces bintec elmeg GmbH Field Description Possible values: • (default value): The recipient is unable to continue the data transmission. • : The hardware handshake used controls the data flow over the RTS and CTS lines. • : If the software handshake is used, the recipient sends special signs to the sender to control the data flow.

  • Page 133: Umts/Lte

    10 Physical Interfaces bintec elmeg GmbH Field Description Timeout Enter the time in ms since receiving the last character, which is used as a trigger for data transmission. The function is enabled with The function is enabled by default. Possible values: .
  • Page 134 10 Physical Interfaces bintec elmeg GmbH Note LTE cannot currently be used for incoming connections via ISDN login. LTE cannot currently be used together with the SMS alert service. 10.4.1.1 Edit Click the icon to edit the respective entry for the integrated modem or a plugged UMTS/ LTE USB stick.
  • Page 135 10 Physical Interfaces bintec elmeg GmbH Physical Interfaces UMTS/LTE UMTS/LTE Fig. 52: -> -> -> The menu Physical Interfaces->UMTS/LTE->UMTS/LTE-> consists of the following fields: Fields in the Basic Settings menu. Field Description UMTS/LTE Status Select whether the chosen UMTS/LTE modem should be en- abled or disabled.
  • Page 136 10 Physical Interfaces bintec elmeg GmbH Field Description • • • • • • • • • • Network Provider Only for UMTS/LTE Status = This is only displayed if the status of the modem is "up". Displays the Network Provider currently connected.
  • Page 137 10 Physical Interfaces bintec elmeg GmbH Field Description • : UMTS is preferentially used; should UMTS not be available, GPRS is used. • : Only LTE is used; should LTE be unavailable, no connection is established. • : LTE is prefer- ably used;...
  • Page 138 10 Physical Interfaces bintec elmeg GmbH Field Description Note An incoming data call (PPP dialin or ISDN login via V.110) can generally only be set up via GSM. Setup for UMTS/LTE is generally only possible if the provider has activated this functionality on demand.
  • Page 139 10 Physical Interfaces bintec elmeg GmbH Field Description call under Transfer own IP address over ISDN/GSM . This may shorten and simplify tunnel setup. This is only displayed if the device has made three failed at- tempts to establish a connection, e.g. if the PIN for the SIM card (see the SIM Card Uses PIN field) has been entered incorrectly three times.
  • Page 140 10 Physical Interfaces bintec elmeg GmbH Field Description Note Please note that the SIM card must support this function, and that not all mobile telephony providers relay voice calls over data SIM cards. APN (Access Point Only for UMTS/LTE Status =...
  • Page 141 10 Physical Interfaces bintec elmeg GmbH Field Description If the field Local Environment is not you can use Roaming Mode = to choose a Region and a Country inside of this Region. Within the Country, you can specify a Mobile Network Provider.
  • Page 142 10 Physical Interfaces bintec elmeg GmbH Field Description Select only an authentication method that has been specified by your provider. Possible values: • : Some providers do not use authentication. Select this option if your provider is among them. •...
  • Page 143 10 Physical Interfaces bintec elmeg GmbH Physical Interfaces UMTS/LTE Fig. 53: -> -> Values in the list Mobile Device Status Field Description Device Displays the description of the internal modem port. Modem Model Displays the modem model description. IMEI The IMEI (International Mobile Station Equipment Identity) dis- plays the 15 digit serial number of the modem.

  • Page 144: Gps

    State Displays the registration status. 10.5 GPS Your bintec device gives you a Global Positioning System (GPS) with Google Maps integ- rated, i.e. you can determine your position and display the position found on a map. 10.5.1 GPS Configuration In the Physical Interfaces->GPS->GPS Configuration menu, you can make the settings for the GPS.
  • Page 145 10 Physical Interfaces bintec elmeg GmbH Fields in the menu Basic Settings Field Description GPS Port Status Select whether GPS is to be used. GPS is enabled with GPS Port Status = By default, GPS is not enabled. Name Only for GPS Port Status = The system automatically issues and displays a name.

  • Page 146: Geo Zones

    The function is disabled by default. 10.5.2 GEO Zones The software on your bintec device uses rectangular GEO zones. The coordinates of the diagonally opposed corners in the top left and bottom right are used to define each GEO zone.
  • Page 147 10 Physical Interfaces bintec elmeg GmbH Physical Interfaces GEO Zones Fig. 55: -> -> -> The Physical Interfaces->GPS->GEO Zones->New menu consists of the following fields: Fields in the menu Basic Parameters Field Description Description Enter a unique name for the GEO zone.
  • Page 148 10 Physical Interfaces bintec elmeg GmbH Field Description Select whether the coordinates or the cursor positions are to be used to configure the GEO zone on the map. Possible values: • : The coordinates will be used to configure the GEO zone.
  • Page 149 10 Physical Interfaces bintec elmeg GmbH Field Description the marked position. You can change the position by dragging with the mouse. Latitude Only for Use = Enter a new latitude (in degrees) and the orientation (north/south). The latitude can have a value from 0° (at the equator) to ±...
  • Page 150 10 Physical Interfaces bintec elmeg GmbH Field Description • (default setting): The zone's status is False. • : The zone's status is True. It changes to False if no GPS signal is received in the time specified under Zone Initial State Time.
  • Page 151 10 Physical Interfaces bintec elmeg GmbH Field Description • : The zone's status remains unchanged. It changes to True if a GPS signal of adequate strength is not received in the time specified under Zone Coverage Fail State Time. Zone Coverage Fail...

  • Page 152: Chapter 11 Lan

    11 LAN bintec elmeg GmbH Chapter 11 LAN In this menu, you configure the addresses in your LAN and can structure your local network using VLANs. 11.1 IP Configuration In this menu, you can edit the IP configuration of the LAN and Ethernet interfaces of your device.
  • Page 153 11 LAN bintec elmeg GmbH Example of subnets If your device is connected to a LAN that consists of two subnets, you should enter a second IP Address / Netmask. The first subnet has two hosts with the IP addresses 192.168.42.1 and 192.168.42.2, for example, and the second subnet has two hosts with the IP addresses 192.168.46.1 and...
  • Page 154 11 LAN bintec elmeg GmbH Field Description Select the Ethernet interface for which the virtual interface is to be configured. Address Mode Select how an IP address is assigned to the interface. Possible values: • (default value): The interface is assigned a static IP address in IP Address / Netmask.
  • Page 155 11 LAN bintec elmeg GmbH Field Description face to a VLAN by entering the VLAN ID of the relevant VLAN. Possible values are (default value) to The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu.

  • Page 156: Vlan

    11 LAN bintec elmeg GmbH Field Description The function is disabled by default. TCP-MSS Clamping Select whether your device is to apply MSS Clamping. To pre- vent IP packets fragmenting, the MSS (Maximum Segment Size) is automatically decreased by the device to the value set here.
  • Page 157 11 LAN bintec elmeg GmbH Fig. 57: VLAN segmenting VLAN for Bridging and VLAN for Routing In the LAN->VLAN menu, VLANs (virtual LANs) are configured with interfaces that operate in Bridging mode. Using the VLAN menu, you can make all the settings needed for this and query their status.

  • Page 158: Vlans

    11 LAN bintec elmeg GmbH 11.2.1 VLANs In this menu, you can display all the VLANs already configured, edit your settings and cre- ate new VLANs. By default, the VLAN is available, to which all interfaces are assigned. 11.2.1.1 Edit or New Choose the icon to edit existing entries.

  • Page 159: Port Configuration

    11 LAN bintec elmeg GmbH 11.2.2 Port Configuration In this menu, you can define and view the rules for receiving frames at the VLAN ports. VLANs Port Configuration Fig. 59: -> -> The LAN->VLANs->Port Configurationmenu consists of the following fields: Fields in the Port Configuration menu.
  • Page 160 11 LAN bintec elmeg GmbH VLANs Administration Fig. 60: -> -> The LAN->VLANs->Administrationmenu consists of the following fields: Fields in the Bridge Group br<ID> VLAN Options menu Field Description Enable VLAN Enable or disable the specified bridge group for VLAN.

  • Page 161: Chapter 12 Wireless Lan

    12 Wireless LAN bintec elmeg GmbH Chapter 12 Wireless LAN In the case of wireless LAN or Wireless LAN (WLAN = Wireless Local Area Network), this relates to the creation of a network using wireless technology. Network functions Like a wired network, a WLAN offers all the main network functions. Access to servers, files, printers, and the e-mail system is just as reliable as company-wide Internet access.

  • Page 162: Wlan

    12 Wireless LAN bintec elmeg GmbH An amendment to the Telecommunications Act (TKG) allowed the 5.8 GHz band (5755 MHz - 5875 MHz) to be used for so-called BFWA applications (Broadband Fixed Wireless Access). This simply requires registration with the Federal Network Agency. However, the use of TPC and DFS is mandatory in this case.
  • Page 163 12 Wireless LAN bintec elmeg GmbH Wireless LAN WLAN Radio Settings Operation Mode Fig. 62: -> -> -> Wireless LAN WLAN Radio Settings Operation Mode Fig. 63: The Wireless LAN->WLAN->Radio Settings-> menu consists of the following fields: bintec RV Series...
  • Page 164 • : Your device is used as an wireless bridge link in your network (available only for the devices of the bintec W1003n, W2003n, W2003n-ext und W2004n series) . Operation Band Select the operation band and, where applicable, the usage area of the wireless module.
  • Page 165 12 Wireless LAN bintec elmeg GmbH Field Description Channel The number of channels you can select depends on the country setting. Please consult the data sheet for your device. Access Point Mode / Bridge Mode: Configuring the network name (SSID) in Access Point mode...
  • Page 166 12 Wireless LAN bintec elmeg GmbH Field Description Not for Wireless Mode = Select how many channels are to be used. Possible values: • (default value): One channel with 20 MHz bandwidth is used. • : Two channels each with 20 MHz bandwidth are used.
  • Page 167 12 Wireless LAN bintec elmeg GmbH Field Description Possible values: • : The device operates only in accordance with 802.11g. 802.11b clients have no access. • : Your device operates only in accordance with 802.11b and forces all clients to adapt to it.
  • Page 168 12 Wireless LAN bintec elmeg GmbH Field Description client (e. g. a 802.11a client) is treated in the same way when apportioning. The function is enabled with The function is disabled by default. This fuction is only applied to unprioritized frames of the WMM Classe "Background".
  • Page 169 12 Wireless LAN bintec elmeg GmbH Field Description If you choose , you can specify in the input field the data packet length threshold in bytes (1 - 2346) as of which the RTS/CTS mechanism is to be used. This makes sense if several clients that are not in each other's wireless range are run in one access point.
  • Page 170 12 Wireless LAN bintec elmeg GmbH Field Description Scan channels Choose the channels which the WLAN client automatically scans for available wireless networks. Possible values: • (default value): All channels are scanned. • : The channel is automatically selected. •...
  • Page 171 12 Wireless LAN bintec elmeg GmbH Field Description . The default value is Min. Period Active Displays the minimum active scanning time for a frequency in Scan milliseconds. The value can only be modified for Roaming Profile = . The default value is Max.

  • Page 172: Wireless Networks (Vss)

    12 Wireless LAN bintec elmeg GmbH 12.1.2 Wireless Networks (VSS) If you are operating your device in Access Point Mode ( Wireless LAN->WLAN->Radio Settings-> ->Operation Mode = ), in the menu Wireless LAN->WLAN- >Wireless Networks (VSS)-> / New you can edit the wireless networks required or set new ones up.
  • Page 173 12 Wireless LAN bintec elmeg GmbH 802.11 defines the security standard WEP (Wired Equivalent Privacy = encryption of data with 40 bit (Security Mode = ) or 104 bit (Security Mode = ). However, this widely used WEP has proven susceptible to failure. However, a higher degree of se- curity can only be achieved through hardware-based encryption which required additional configuration (for example 3DES or AES).
  • Page 174 12 Wireless LAN bintec elmeg GmbH • Change the access passwords for your device. • Change the default SSID, Network Name (SSID) = , of your access point. Set Visible = . This will exclude all WLAN clients that attempt to establish a connec-...
  • Page 175 12 Wireless LAN bintec elmeg GmbH Wireless LAN WLAN Wireless Networks (VSS) Fig. 65: -> -> -> -> The Wireless LAN->WLAN->Wireless Networks (VSS)-> ->New menu consists of the following fields: Fields in the menu Service Set Parameters Field Description Network Name (SSID) Enter the name of the wireless network (SSID).
  • Page 176 12 Wireless LAN bintec elmeg GmbH Field Description The function is enabled by default. U-APSD Select whether the Unscheduled Automatic Power Save Deliv- ery (U-APSD) mode is to be enabled. The function is activated by selecting The function is enabled by default.
  • Page 177 12 Wireless LAN bintec elmeg GmbH Field Description WPA 2 (with AES encryption), or both. Possible values: • (default value): WPA and WPA 2 can be applied. • : Only WPA is applied. • : Only WPA 2 is applied.
  • Page 178 12 Wireless LAN bintec elmeg GmbH Field Description EAP Preauthentifica- Only for Security Mode = tion Select whether the EAP preauthentification function is to be ac- tivated. This function tells your device that WLAN clients, which are already connected to another access point, can first carry out 802.1x authentication as soon as they are within range.
  • Page 179 12 Wireless LAN bintec elmeg GmbH Field Description You can disable this function if you set Max. number of clients - soft limit and Max. number of clients - hard limit to identical values. Client Band select Not all devices support this function.

  • Page 180: Client Link

    12 Wireless LAN bintec elmeg GmbH Field Description Beacon Period Enter the time in milliseconds between the sending of two beacons. This value is transmitted in Beacon and Probe Response Frames. Possible values are The default value is DTIM Period Enter the interval for the Delivery Traffic Indication Message (DTIM).
  • Page 181 12 Wireless LAN bintec elmeg GmbH Wireless LAN WLAN Client Link Fig. 66: -> -> -> The Wireless LAN->WLAN->Client Link-> menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Network Name (SSID) Enter the name of the wireless network (SSID).
  • Page 182 12 Wireless LAN bintec elmeg GmbH Field Description Enter a character string with the right number of characters for the selected WEP mode. For you need a character string with 5 characters, for with 13 characters, e.g. WPA Mode Only for Security Mode = Select whether you want to use WPA or WPA 2.
  • Page 183 12 Wireless LAN bintec elmeg GmbH 12.1.3.2 Client Link Scan After the desired Client Links have been configured, the icon is shown in the list. You use this icon to open the Scan menu. Wireless LAN WLAN Client Link Scan Fig.

  • Page 184: Bridge Links

    You can change the status of the client link. The available ac- tions are displayed in this field. 12.1.4 Bridge Links Available only for the devices of the bintec W1003n, W2003n, W2003n-ext und W2004n series. Bridge Links allow you to create a dedicated connection between WLAN devices. A radio module operating as a slave exclusively connects to the bridge link master and does not establish or accept any other WLAN connections.

  • Page 185: Administration

    12 Wireless LAN bintec elmeg GmbH Field Description Bridge Link Name (ID) Depending on whether you operate the radio module as access point or as wireless bridge link, you create a bridge link in mas- ter or in slave mode.
  • Page 186 12 Wireless LAN bintec elmeg GmbH Field Description Possible values are all the countries configured on the device's wireless module. The range of channels available for selection (Channel in the Wireless LAN->WLAN->Radio Settings menu) changes de- pending on the country setting.

  • Page 187: Chapter 13 Wireless Lan Controller

    13 Wireless LAN Controller bintec elmeg GmbH Chapter 13 Wireless LAN Controller By using the wireless LAN controller, you can set up and manage a WLAN infrastructure with multiple access points (APs). The WLAN controller has a Wizard which assists you in the configuration of your access points.

  • Page 188: Basic Settings

    Please note: Make sure that option 138 is active when using an external DHCP server. If you wish to use a bintec elmeg Gateway for example as a DHCP server, click on the GUI menu for this device under Local Services->DHCP Server->DHCP Pool->New->Ad- vanced Settings in the DHCP Options field on the Add button.

  • Page 189: Radio Profile

    13 Wireless LAN Controller bintec elmeg GmbH 13.1.2 Radio Profile Select which frequency band your WLAN controller shall use. If the is set then the 2.4 GHz frequency band is used. If the is set then the 5 GHz frequency band is used.
  • Page 190 13 Wireless LAN Controller bintec elmeg GmbH Enter an ASCII string with a maximum of 32 characters. Also select whether the Network Name (SSID) is to be transmitted. Security Mode Select the security mode (encryption and authentication) for the wireless network.

  • Page 191: Start Automatic Installation

    13 Wireless LAN Controller bintec elmeg GmbH Note Before you continue, please ensure that all access points that the WLAN controller shall manage are correctly wired and switched on. 13.1.4 Start automatic installation You will see a list of all detected access points.
  • Page 192 13 Wireless LAN Controller bintec elmeg GmbH The number of channels you can select depends on the country setting. Please consult the data sheet for your device. Note Configuring the network name (SSID) in Access Point mode means that wireless net-...

  • Page 193: Controller Configuration

    13 Wireless LAN Controller bintec elmeg GmbH Under Configure the Alert Service for WLAN surveillance, click Start to monitor your managed APs. You are taken to the External Reporting->Alert Service->Alert Recipient menu with the default setting Event = . You can specify that you wish to be notified by e-mail if the event occurs.
  • Page 194 Please note: Make sure that option 138 is active when using an external DHCP server. If you wish to use a bintec elmeg Gateway for example as a DHCP server, click on the GUI menu for this device under Loc- al Services->DHCP Server->DHCP Pool->New->Advanced...

  • Page 195: Slave Ap Configuration

    13 Wireless LAN Controller bintec elmeg GmbH Field Description Slave AP location Select whether the APs that the wireless LAN controller is to manage are located in the LAN or the WAN. Possible values: • (default value) • setting is useful if, for example, there is a wireless LAN controller installed at head office and its APs are distributed to different branches.

  • Page 196: Slave Access Points

    13 Wireless LAN Controller bintec elmeg GmbH 13.3.1 Slave Access Points Wireless LAN Controller Slave AP configuration Slave Access Points Fig. 71: -> -> In the Wireless LAN Controller->Slave AP configuration->Slave Access Points menu a list of all APs found with the wizard is displayed.
  • Page 197 13 Wireless LAN Controller bintec elmeg GmbH 13.3.1.1 Edit Choose the icon to edit existing entries. You can also delete entries using the icon. If you have deleted APs, these will be loc- ated again but shall not be configured.
  • Page 198 13 Wireless LAN Controller bintec elmeg GmbH Field Description Name Displays the name of the AP. You can change the name. Description Enter a unique description for the AP. CAPWAP Encryption Select whether communication between the master and slaves is to be encrypted.
  • Page 199 13 Wireless LAN Controller bintec elmeg GmbH Field Description different channels. Each of these should be spaced at least four channels apart, as a network also partially occupies the adja- cent channels. In the case of manual channel selection, please make sure first that the APs actually support these channels.

  • Page 200: Radio Profiles

    13 Wireless LAN Controller bintec elmeg GmbH 13.3.2 Radio Profiles Wireless LAN Controller Slave AP configuration Radio Profiles Fig. 73: -> -> An overview of all created wireless module profiles is displayed in the Wireless LAN Con- troller->Slave AP configuration->Radio Profiles menu. A profile with 2.4 GHz and a pro- file with 5 GHz are created by default;...
  • Page 201 13 Wireless LAN Controller bintec elmeg GmbH Wireless LAN Controller Slave AP configuration Radio Profiles / New Fig. 74: -> -> -> The Wireless LAN Controller->Slave AP configuration->Radio Profiles-> / New menu consists of the following fields: Fields in the menu Radio Profile Definition...
  • Page 202 13 Wireless LAN Controller bintec elmeg GmbH Field Description your network. Operation Band Select the frequency band of the wireless module profile. Possible values: • (default value): Your device is oper- ated at 2.4 GHz (mode 802.11b, mode 802.11g and mode 802.11n), inside or outside buildings.
  • Page 203 13 Wireless LAN Controller bintec elmeg GmbH Fields in the menu Performance Settings Field Description Wireless Mode Select the wireless technology that the access point is to use. For Operation Band = Possible values: • : The device operates only in accordance with 802.11g.
  • Page 204 13 Wireless LAN Controller bintec elmeg GmbH Field Description Max. Transmission Select the transmission speed. Rate Possible values: • (default value): The transmission speed is determined automatically. • : According to setting for Operation Band, Band- width, Number of Spatial Streams and Wireless Mode vari- ous fixed values in mbps are available.
  • Page 205 13 Wireless LAN Controller bintec elmeg GmbH Field Description lected. This ensures that no channels overlap, i.e. a distance of four channels is maintained between the channels used. This is useful if more access points are used with overlapping radio cells.
  • Page 206 13 Wireless LAN Controller bintec elmeg GmbH Field Description RTS Threshold Here you can specify the data packet length threshold in bytes (1..2346) as of which the RTS/CTS mechanism is to be used. This makes sense if several clients that are not in each other's wireless range are run in one access point.

  • Page 207: Wireless Networks (Vss)

    13 Wireless LAN Controller bintec elmeg GmbH Field Description The function is enabled with The function is not activated by default. 13.3.3 Wireless Networks (VSS) Wireless LAN Controller Slave AP configuration Wireless Networks (VSS) Fig. 75: -> -> An overview of all created wireless networks is displayed in the Wireless LAN Controller- >Slave AP configuration->Wireless Networks (VSS) menu.
  • Page 208 13 Wireless LAN Controller bintec elmeg GmbH Wireless LAN Controller Slave AP configuration Wireless Networks Fig. 76: -> -> (VSS) -> The Wireless LAN Controller->Slave AP configuration->Wireless Networks (VSS)->New menu consists of the following fields: Fields in the menu Service Set Parameters...
  • Page 209 13 Wireless LAN Controller bintec elmeg GmbH Field Description The function is activated by selecting The function is enabled by default. ARP Processing Select whether the ARP processing function should be enabled. The ARP data traffic is reduced in the network by the fact that ARP broadcasts that have been converted to ARP unicasts are forwarded to IP addresses that are known internally.
  • Page 210 13 Wireless LAN Controller bintec elmeg GmbH Field Description Transmit Key Only for Security Mode = Select one of the keys configured in WEP Key as a standard key. The default value is WEP Key 1-4 Only for Security Mode = Enter the WEP key.
  • Page 211 13 Wireless LAN Controller bintec elmeg GmbH Field Description Possible values: • (default value): AES is used. • : TKIP is used. • : AES or TKIP is used. Preshared Key Only for Security Mode = Enter the WPA password.
  • Page 212 13 Wireless LAN Controller bintec elmeg GmbH Field Description networks configured for this radio module. No more new wire- less networks can be created and a warning message will ap- pear if the maximum number of clients is reached. Possible values are whole numbers between The default value is Max.
  • Page 213 13 Wireless LAN Controller bintec elmeg GmbH Field Description delay as possible, e. g. with Voice over WLAN. • : Preference is given to accept- ing clients in the 2.4 GHz band. • : Preference is given to accepting clients in the 5 GHz band.

  • Page 214: Monitoring

    13 Wireless LAN Controller bintec elmeg GmbH Field Description Default value is seconds. Fields in the menu VLAN Field Description VLAN Select whether the VLAN segmentation is to be used for this wireless network. The function is activated by selecting The function is disabled by default.

  • Page 215: Wireless Networks (Vss)

    13 Wireless LAN Controller bintec elmeg GmbH Status Meaning None The client is no longer in a valid status. Logon The client is currently logging on with the WLAN. Associated The client is logged on with the WLAN. Authenticate The client is in the process of being authenticated.

  • Page 216: Neighbor Aps

    13 Wireless LAN Controller bintec elmeg GmbH 13.4.4 Neighbor APs Wireless LAN Controller Monitoring Neighbor APs Fig. 80: -> -> In the Wireless LAN Controller->Monitoring->Neighbor APs menu, the adjacent AP's found during the scan are displayed. Rogue APs, i.e. APs which are not managed by the WLAN controller but are using an SSID managed by the WLAN controller are highlighted in red.

  • Page 217: Rogue Aps

    13 Wireless LAN Controller bintec elmeg GmbH 13.4.5 Rogue APs Wireless LAN Controller Monitoring Rogue APs Fig. 81: -> -> APs which are using an SSID from their own network but are not managed by Wireless LAN Controller are displayed in the Wireless LAN Controller->Monitoring->Rogue APs menu.

  • Page 218: Rogue Clients

    13 Wireless LAN Controller bintec elmeg GmbH 13.4.6 Rogue Clients Wireless LAN Controller Monitoring Rogue Clients Fig. 82: -> -> The Wireless LAN Controller->Monitoring->Rogue Clients menu displays the clients which have attempted to gain unauthorised access to the network and which are therefore on the blacklist.

  • Page 219: Maintenance

    13 Wireless LAN Controller bintec elmeg GmbH Wireless LAN Controller Monitoring Rogue Clients Fig. 83: -> -> -> The menu consists of the following fields: Fields in the New Blacklist Entry menu. Field Description Rogue Client MAC Ad- Enter the MAC address of the client you intend to include in the dress static blacklist.
  • Page 220 13 Wireless LAN Controller bintec elmeg GmbH all Managed Access Points is displayed. For each managed AP you will see an entry with the following parameter set: Update firm- ware, Location, Device, IP Address, LAN MAC Address, Firmware Version , Status.
  • Page 221 13 Wireless LAN Controller bintec elmeg GmbH Field Description • : The file is stored respectively on a TFTP server specified in the URL. Only for Source Location = Enter the URL of the update server from which the system soft- ware file is loaded or on which the configuration file is saved.

  • Page 222: Chapter 14 Networking

    14 Networking bintec elmeg GmbH Chapter 14 Networking 14.1 Routes Default Route With a default route, all data is automatically forwarded to one connection if no other suit- able route is available. If you set up access to the Internet, you must configure the route to your Internet Service Provider (ISP) as a default route.
  • Page 223 14 Networking bintec elmeg GmbH Network Routes IPv4 Route Configuration Extended Route Fig. 85: -> -> -> with Standard. If the option is selected for the Route Class, an extra configuration section opens. Network Routes IPv4 Route Configuration Extended Fig. 86: ->...
  • Page 224 14 Networking bintec elmeg GmbH fields: Fields in the menu Basic Parameters Field Description Route Type Select the type of route. Possible values: • : Route via a specific in- terface which is to be used if no other suitable route is avail- able.
  • Page 225 14 Networking bintec elmeg GmbH Field Description ceived by DHCP are supplemented by routing information about a particular network. Note When the DHCP lease expires or when the device is re- started, the routes that consist from the combination of DH- CP settings and those made here are initially deleted once more from the active routing.
  • Page 226 14 Networking bintec elmeg GmbH Field Description When Route Type = Also enter the relevant netmask in the second field. Gateway IP Address Only for Route Type = Enter the IP address of the gateway to which your device is to forward the IP packets.
  • Page 227 14 Networking bintec elmeg GmbH Field Description • : Enables the entry of a port number. • : Enables the entry of a range of port numbers. • : Entry of privileged port numbers: 0 ... 1023. • : Entry of server port numbers: 5000 ... 32767.
  • Page 228 14 Networking bintec elmeg GmbH Field Description • : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in decimal format). • : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in hexadecimal format).

  • Page 229: Ipv4 Routing Table

    14 Networking bintec elmeg GmbH 14.1.2 IPv4 Routing Table A list of all IPv4 routes is displayed in the Network->Routes->IPv4 Routing Table menu. The routes do not all need to be active, but can be activated at any time by relevant data traffic.

  • Page 230: Options

    14 Networking bintec elmeg GmbH 14.1.3 Options Back Route Verify The term Back Route Verify describes a very simple but powerful function. If a check is ac- tivated for an interface, incoming data packets are only accepted over this interface if out- going response packets are routed over the same interface.

  • Page 231: Nat

    14 Networking bintec elmeg GmbH Field Description Displays the serial number of the list entry. Interface Only for Mode = Displays the name of the interface. Back Route Verify Only for Mode = Select whether is to be activated for the interface.

  • Page 232: Nat Configuration

    14 Networking bintec elmeg GmbH for this interface. Options in the menu NAT Interfaces Field Description NAT active Select whether NAT is to be activated for the interface. The function is disabled by default. Loopback active The NAT loopback function also enables network address trans- lation for connectors whereby NAT is not activated.
  • Page 233 14 Networking bintec elmeg GmbH 14.2.2.1 New Choose the New button to set up NAT. Networking NAT Configuration Fig. 90: -> -> -> The Networking->NAT->NAT Configuration ->New menu consists of the following fields: Fields in the menu Basic Parameters Field...
  • Page 234 14 Networking bintec elmeg GmbH Field Description • : Data traffic excluded from NAT. NAT method Only for Type of traffic = Select the NAT method for outgoing data traffic. The starting point for choosing the NAT method is a NAT scenario in which an "internal"...
  • Page 235 14 Networking bintec elmeg GmbH Field Description • Action Only for Type of traffic = Select which data packets are to be excluded by NAT. Possible values: • (default value): All the data packets that match the follow- ing parameters that are to be configured (protocol, source IP address/network mask, destination IP address/netmask, etc.)
  • Page 236 14 Networking bintec elmeg GmbH Field Description • • • • • • • • • • • • • • • • Source IP Address/ Only for Type of traffic = Netmask Enter the source IP address and corresponding netmask of the original data packets, as the case arises.
  • Page 237 14 Networking bintec elmeg GmbH Field Description Original Source Port/ Only for Type of traffic = , NAT Range method = , Service = and Pro- tocol = Enter the source port of the original data packets. The default setting means that the port remains unspecified.
  • Page 238 14 Networking bintec elmeg GmbH Field Description dress/Netmask Enter the destination IP address and corresponding netmask to which the original destination IP address is to be translated. New Destination Port Only for Type of traffic = Service = and Protocol = Leave the destination port as it appears or enter the destination port to which the original destination port is to be translated.

  • Page 239: Load Balancing

    14 Networking bintec elmeg GmbH 14.3 Load Balancing The increasing amount of data traffic over the Internet means it is necessary to send data over different interfaces to increase the total bandwidth available. IP load balancing en- ables the distribution of data traffic within a certain group of interfaces to be controlled.
  • Page 240 14 Networking bintec elmeg GmbH Networking Load Balancing Load Balancing Groups Fig. 91: -> -> -> The menu Networking->Load Balancing->Load Balancing Groups->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Group Description Enter the desired description of the interface group.
  • Page 241 14 Networking bintec elmeg GmbH Field Description • : Only the data rate in the send direction is con- sidered. By default, the options are disabled. Distribution Mode Select the state the interfaces in the group may have if they are to be included in load balancing.
  • Page 242 14 Networking bintec elmeg GmbH Field Description Distribution Policy Displays the type of data traffic selected. Fields in the Interface Selection for Distribution menu. Field Description Interface Select the interfaces that are to belong to the group from the available interfaces.

  • Page 243: Special Session Handling

    14 Networking bintec elmeg GmbH Field Description You can choose between all routes and all extended routes. Tracking IP Address You can use the Tracking IP Address parameter to have a particular route monitored. The load balancing status of the interface and the status of the routes connected to the interface can be influenced using this parameter.
  • Page 244 14 Networking bintec elmeg GmbH less detail. The first data packet which the properties configured here match specifies the route for particular subsequent data packets. Which data packets are subsequently routed via this route is configured in the Networking- >Load Balancing->Special Session Handling->New->Advanced Settings menu.
  • Page 245 14 Networking bintec elmeg GmbH The Networking->Load Balancing->Special Session Handling->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Admin Status Select whether the Special Session Handling should be activ- ated. The function is activated by selecting The function is enabled by default.
  • Page 246 14 Networking bintec elmeg GmbH Field Description Destination Port/Range Enter, if required, a destination port number or a range of des- tination port numbers. Possible values: • (default value): The destination port is not specified. • : Enter a destination port.

  • Page 247: Qos

    14 Networking bintec elmeg GmbH Field Description the subsequent data packets must be routed via the same Des- tination Port to the same Destination Address. The two parameters Destination Address and Destination Port are enabled by default. If you leave the default setting...
  • Page 248 14 Networking bintec elmeg GmbH Networking QoS Filter Fig. 94: -> -> -> The Networking->QoS->QoS Filter->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter the name of the filter. Service Select one of the preconfigured services. The extensive range of services configured ex works includes the following: •...
  • Page 249 14 Networking bintec elmeg GmbH Field Description Select the type. Possible values: See RFC 792. The default value is Connection State With Protocol = , you can define a filter that takes the status of the TCP connections into account.

  • Page 250: Qos Classification

    14 Networking bintec elmeg GmbH Field Description DSCP/TOS Filter Select the Type of Service (TOS). (Layer 3) Possible values: • (default value): The type of service is ignored. • : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in binary format, 6 bit).
  • Page 251 14 Networking bintec elmeg GmbH Networking QoS Classification Fig. 95: -> -> -> The Networking->QoS->QoS Classification->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Class map Choose the class plan you want to create or edit.
  • Page 252 14 Networking bintec elmeg GmbH Field Description To select a filter, at least one filter must be configured in the Networking->QoS->QoS Filter menu. Direction Select the direction of the data packets to be classified. Possible values: • : Incoming data packets are assigned to the class (Class ID) that is then to be defined.

  • Page 253: Qos Interfaces/Policies

    14 Networking bintec elmeg GmbH Field Description • : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in decimal format). • : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in hexadecimal format).
  • Page 254 14 Networking bintec elmeg GmbH Depending on the respective interface, a queue is created automatically for each class, but only for data traffic classified as outgoing and for data traffic classified in both directions. A priority is assigned to these automatic queues. The value of the priority is equal to the value of the class ID.
  • Page 255 14 Networking bintec elmeg GmbH Field Description ets are always handled with priority. • : QoS is activated on the inter- face. The available bandwidth is distributed as “fairly” as pos- sible among the (automatically detected) traffic flows in a queue.
  • Page 256 14 Networking bintec elmeg GmbH Field Description • Can only be selected for IPSec interfaces: • • • • Encryption Method Only if an IPSec Peers is selected as Interface, Traffic shap- ing is and Protocol Header Size below Layer 3 is not Select the encryption method used for the IPSec connection.
  • Page 257 14 Networking bintec elmeg GmbH Field Description • : All RTP streams are optimised. The function activates the RTP stream detection mechanism for the automatic detection of RTP streams. In this mode, the Real Time Jitter Control is activated as soon as an RTP stream has been detected.
  • Page 258 14 Networking bintec elmeg GmbH Field Description • : Queue for data that has not been classified or data of a class for which no queue has been configured. Class ID Only for Prioritisation queue = Select the QoS packet class to which this queue is to apply.
  • Page 259 14 Networking bintec elmeg GmbH Field Description The function is disabled by default. Maximum Upload Only for Traffic Shaping = enabled. Speed Enter a maximum data rate for the queue in kbits. Possible values are The default value is .

  • Page 260: Access Rules

    14 Networking bintec elmeg GmbH Field Description • (default value): The newest packet received is dropped. • : The oldest packet in the queue is dropped. • : A randomly selected packet is dropped from the queue. Congestion Avoidance Enable or disable preventative deletion of data packets.
  • Page 261 • source and/or destination port (port ranges are supported) Access lists are an effective means if, for example, sites with LANs interconnected over a bintec elmeg gateway wish to deny all incoming FTP requests or only allow Telnet sessions between certain hosts.

  • Page 262: Access Filter

    14 Networking bintec elmeg GmbH Caution Make sure you don’t lock yourself out when configuring filters: If possible, access your gateway for filter configuration over the serial console interface or ISDN Login. 14.5.1 Access Filter This menu is for configuration of access filter Each filter describes a certain part of the IP traffic and defines, for example, the IP addresses, the protocol, the source port or the des- tination port.
  • Page 263 14 Networking bintec elmeg GmbH Networking Access Rules Access Filter Fig. 98: -> -> -> The Networking->Access Rules->Access Filter->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a description for the filter. Service Select one of the preconfigured services.
  • Page 264 14 Networking bintec elmeg GmbH Field Description Possible values: • • • • • • • • • The default value is See RFC 792. Connection State Only if Protocol = You can define a filter that takes the status of the TCP connec- tions into account.
  • Page 265 14 Networking bintec elmeg GmbH Field Description Possible values: • (default value): The filter is valid for all port numbers • : Enables the entry of a port number. • : Enables the entry of a range of port numbers.

  • Page 266: Rule Chains

    14 Networking bintec elmeg GmbH Field Description COS Filter Enter the service class of the IP packets (Class of Service, (802.1p/Layer 2) CoS). Possible values are whole numbers between and . The default value is 14.5.2 Rule Chains Rules for IP filters are configured in the Rule Chains menu. These can be created separ- ately or incorporated in rule chains.
  • Page 267 14 Networking bintec elmeg GmbH fields: Fields in the Basic Parameters menu. Field Description Rule Chain Select whether to create a new rule chain or to edit an existing one. Possible values: • (default value): You can create a new rule chain with this setting.

  • Page 268: Interface Assignment

    14 Networking bintec elmeg GmbH 14.5.3 Interface Assignment In this menu, the configured rule chains are assigned to the individual interfaces and the gateway’s behavior is defined for denying IP packets. A list of all configured interface assignments is displayed in the Networking->Access Rules->Interface Assignment menu.

  • Page 269: Drop In

    14 Networking bintec elmeg GmbH Field Description Rule Chain Select a rule chain. Silent Deny Define whether the sender is to be informed if an IP packet is denied. • (default value): The sender is not informed. • : The sender receives an ICMP message.
  • Page 270 14 Networking bintec elmeg GmbH Networking Drop In Drop In Groups Fig. 103: -> -> -> The Networking->Drop In->Drop In Groups->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Description Group Description Enter a unique name for the Drop In group.
  • Page 271 14 Networking bintec elmeg GmbH Field Description The function is disabled by default. Network Configuration Select how an IP address / netmask is assigned to the Drop In network. Possible values: • (default value) • Network Address Only for Network Configuration = Enter the network address of the Drop In network.
  • Page 272 14 Networking bintec elmeg GmbH Field Description • Interface Selection Select all the ports which are to be included in the Drop In group (in the network). Add new entries with Add. bintec RV Series...

  • Page 273: Chapter 15 Routing Protocols

    15 Routing Protocols bintec elmeg GmbH Chapter 15 Routing Protocols 15.1 RIP The entries in the routing table can be defined statically or the routing table can be updated constantly by dynamic exchange of routing information between several devices. This ex- change is controlled by a Routing Protocol, e.g.
  • Page 274 15 Routing Protocols bintec elmeg GmbH Routing Protocols RIP Interfaces Fig. 105: -> -> -> The menu Networking->RIP->RIP Interfaces-> consists of the following fields: Fields in the RIP Parameters for menu. Field Description Send Version Decide whether routes are to be propagated via RIP and if so, select the RIP version for sending RIP packets over the inter- face in send direction.

  • Page 275: Rip Filter

    15 Routing Protocols bintec elmeg GmbH Field Description • (default value): RIP is not enabled. • : Enables sending and receiving of version 1 RIP packets. • : Enables sending and receiving of version 2 RIP packets. • :Enables sending and receiving RIP packets of both version 1 and 2.
  • Page 276 15 Routing Protocols bintec elmeg GmbH tion. You configure a filter for a default route with the following values: • IP Address / Netmask = no entry for IP address (this corresponds to IP address 0.0.0.0), for netmask = 255.255.255.255 A list of all RIP filters is displayed in the Routing Protocols->RIP->RIP Filter menu.
  • Page 277 15 Routing Protocols bintec elmeg GmbH Field Description Interface Select the interface to which the rule to be configured applies. IP Address / Netmask Enter the IP address and netmask to which the rule is to be ap- plied. This address can be in the LAN or WAN.

  • Page 278: Rip Options

    15 Routing Protocols bintec elmeg GmbH 15.1.3 RIP Options Routing Protocols RIP Options Fig. 108: -> -> The menu Routing Protocols->RIP->RIP Options consists of the following fields: Fields in the Global RIP Parameters menu. Field Description RIP UDP Port The setting option UDP Port, which is used for sending and re- ceiving RIP updates, is only for test purposes.
  • Page 279 15 Routing Protocols bintec elmeg GmbH Field Description (=“Network is not reachable“). The function is enabled with The function is disabled by default. RFC 2453 Variable For the timers described in RFC 2453, select whether the same Timer values that you can configure in the Timer for RIP V2 (RFC 2453) menu should be used.

  • Page 280: Ospf

    15 Routing Protocols bintec elmeg GmbH Field Description Garbage Collection Only for RFC 2453 Variable Timer = Timer The Garbage Collection Timer is started as soon as the route timeout has expired. After this timeout, the invalid route is deleted from the IPROUTETABLE if no update is carried out for the route.
  • Page 281 15 Routing Protocols bintec elmeg GmbH • Connection costs: OSPF differs from RIP in that the connection costs are not calculated from the number of next hops, but from the bandwidth of the respective transport medi- • No limitation of the number of hops: The limitation of the maximum number of 16 hops for RIP does not exist for OSPF.

  • Page 282: Areas

    15 Routing Protocols bintec elmeg GmbH Certain areas can be defined as stub areas in OSPF. This prevents external networks, e.g. those propagated from other protocols by redistribution in OSPF, being propagated into the stub area. Externally routing of such areas is propagated with a default route. The configur- ation of a stub area reduces the database size in the area and reduces the amount of stor- age space needed on the gateways incorporated in the area.
  • Page 283 15 Routing Protocols bintec elmeg GmbH Field Description Area ID Enter the ID to identify the OSPF aea. The backbone area is Import external routes Specifies whether the gateway routing information generated from external autonomous systems (not areas) is to be impor- ted.

  • Page 284: Interfaces

    15 Routing Protocols bintec elmeg GmbH 15.2.2 Interfaces In the Routing Protocols->OSPF->Interfaces menu, a list of all interfaces is displayed. Routing Protocols OSPF Interfaces Fig. 111: -> -> Caution If your interfaces are not only to be assigned to Backbone Area 0.0.0.0, you must first define OSPF areas in the Routing Protocols->OSPF->Areas menu.
  • Page 285 15 Routing Protocols bintec elmeg GmbH Field Description Possible values: • : OSPF is activated for this interface, i.e. routes are propagated or OSPF protocol packets sent over this interface. • : OSPF is not activated for this interface, i.e. no routes are propagated or OSPF protocol packets sent over this interface.

  • Page 286: Global Settings

    15 Routing Protocols bintec elmeg GmbH Field Description hash, which is sent with each packet Authentication Key Enter a text string to be used in combination with the defined Authentication Type. Export indirect static If this value is set to (default), only direct routes (i.e.
  • Page 287 15 Routing Protocols bintec elmeg GmbH Field Description Generate default route If this option is activated, the gateway propagates a default for the AS route over all active OSPF interfaces. The function is disabled by default. Propagate routes The logical interfaces REFUSE and IGNORE have the following...

  • Page 288: Chapter 16 Multicast

    16 Multicast bintec elmeg GmbH Chapter 16 Multicast What is multicasting? Many new communication technologies are based on communication from one sender to several recipients. Therefore, modern telecommunication systems such as voice over IP or video and audio streaming (e.g. IPTV or Webradio) focus on reducing data traffic, e.g. by offering TriplePlay (voice, video, data).

  • Page 289: General

    16 Multicast bintec elmeg GmbH dedicated host, but rather a group, i.e. during the routing of multicast packets, the decisive factor is whether a recipient is in a logged-in subnet. In the local network, all hosts are required to accept all multicast packets. For Ethernet or FDD, this is based on MAC mapping, where the group address is encoded into the destina- tion MAC address.

  • Page 290: General

    16 Multicast bintec elmeg GmbH 16.1.1 General In the Multicast->General->Generalmenu you can disable or enable the multicast func- tion. Multicast General General Fig. 114: -> -> The Multicast->General->Generalmenu consists of the following fields: Fields in the Basic Settings menu. Field...

  • Page 291: Igmp

    16 Multicast bintec elmeg GmbH 16.2.1 IGMP In this menu, you configure the interfaces on which IGMP is to be enabled. 16.2.1.1 Edit or New Choose the icon to edit existing entries. Choose the New button to configure IGMP on other interfaces.
  • Page 292 16 Multicast bintec elmeg GmbH Field Description Time within which hosts must respond. The hosts randomly select a time delay from this interval before sending the response. This spreads the load in networks with several hosts, improving per- formance. Possible values are...

  • Page 293: Options

    16 Multicast bintec elmeg GmbH IGMP Proxy enables you to simulate several locally connected interfaces as a subnet to an adjacent router. Queries coming in to the IGMP Proxy interface are forwarded to the local subnets. Local reports are forwarded on the IPGM Proxy interface.
  • Page 294 16 Multicast bintec elmeg GmbH Multicast IGMP Options Fig. 117: -> -> The Multicast->IGMP->Options menu consists of the following fields: Fields in the Basic Settings menu. Field Description IGMP Status Select the IGMP status. Possible values: • (default value): Multicast is activated automatically for hosts if the hosts open applications that use multicast.

  • Page 295: Forwarding

    16 Multicast bintec elmeg GmbH Field Description IGMP State Limit Enter the maximum permitted total number of incoming queries and messages per second. The default value is , i.e. the number of IGMP status mes- sages is not limited. 16.3 Forwarding 16.3.1 Forwarding...

  • Page 296: Pim

    16 Multicast bintec elmeg GmbH Field Description The option is deactivated by default. Multicast Group Ad- Only for All Multicast Groups = not active. dress Enter here the address of the multicast group you want to for- ward from a defined Source Interface to a defined Destination Interface.
  • Page 297 16 Multicast bintec elmeg GmbH 16.4.1.1 Edit or New Choose the icon to edit existing entries. To configure PIM lists, select the New button. Multicast PIM Interfaces Fig. 120: -> -> -> The Multicast->PIM->PIM Interfaces->New menu consists of the following fields: Fields in the PIM Interface Settings menu.
  • Page 298 16 Multicast bintec elmeg GmbH Field Description are released. Designated Router Pri- Define the value of the designated router priority entered in the ority Designated Router Priority option. The higher the value, the greater the probability that the corres- ponding router will be used as the designated router.
  • Page 299 16 Multicast bintec elmeg GmbH Field Description Join/Prune Interval Define the frequency at which the PIM Join/Prune messages are sent on the interface. The value means that no periodic PIM Join/Prune messages are sent on this interface. Possible values: seconds.

  • Page 300: Pim Rendezvous Points

    16 Multicast bintec elmeg GmbH 16.4.2 PIM Rendezvous Points In menu Multicast->PIM->PIM Rendezvous Points you determine which Rendezvous Point is responsible for which group. A list of all PIM Rendezvous Points is displayed. Multicast PIM Rendezvous Points Fig. 121: ->...

  • Page 301: Pim Options

    16 Multicast bintec elmeg GmbH Field Description Here you enter the IP address of the multicast network seg- ment. Multicast Group Prefix Only if Multicast Group Range = Length Here you enter the network mask length of the multicast net- work segment.
  • Page 302 16 Multicast bintec elmeg GmbH The Multicast->PIM->PIM Options menu consists of the following fields: Fields in the Basic Settings menu. Field Description PIM Status Select whether PIM should be activated. The function is activ- ated by selecting The function is disabled by default.

  • Page 303: Chapter 17 Wan

    17 WAN bintec elmeg GmbH Chapter 17 WAN This menu offers various options for configuring accesses or connections from your LAN to the WAN. You can also optimise voice transmission here for telephone calls over the Inter- net. 17.1 Internet + Dialup In this menu, you can set up Internet access or dialup connections.

  • Page 304: Default Route

    17 WAN bintec elmeg GmbH Field Description specified number of seconds) administratively set to down (deactivated); connection setup not possible for leased lines: Default Route With a default route, all data is automatically forwarded to one connection if no other suit- able route is available.

  • Page 305: Pppoe

    17 WAN bintec elmeg GmbH enter a common password and two codes. You get this information, for example, from your Internet Service Provider (ISP) or the system administrator at your head office. If the data you entered on your device is the same as the caller's data, the call is accepted. The call is rejected if the data is not the same.
  • Page 306 17 WAN bintec elmeg GmbH 17.1.1.1 New Choose the New button to set up new PPPoE interfaces. Internet + Dialup PPPoE Fig. 124: -> -> -> The menu WAN->Internet + Dialup->PPPoE->New consists of the following fields: Fields in the Basic Parameters menu.
  • Page 307 17 WAN bintec elmeg GmbH Field Description up over several interfaces ( ). If you choose , you can connect several DSL connections from a pro- vider over PPP as a static bundle in order to obtain more band- width. Each of these DSL connections should use a separate Ethernet connection for this.
  • Page 308 17 WAN bintec elmeg GmbH Field Description Only activate this option if you have Internet access with a flat- rate charge. Connection Idle Only if Always on is disabled. Timeout Enter the idle time in seconds for static short hold. The static...
  • Page 309 17 WAN bintec elmeg GmbH Field Description Local IP Address Only if IP Address Mode = Enter the static IP address of the connection partner. Route Entries Only if IP Address Mode = Define other routing entries for this connection partner.
  • Page 310 17 WAN bintec elmeg GmbH Field Description • : Primarily run CHAP, otherwise PAP. • : Only run MS-CHAP version 1 (PPP Microsoft Challenge Handshake Authentication Protocol). • : Primarily run CHAP, on denial then the authentication protocol required by the connection partner.

  • Page 311: Pptp

    17 WAN bintec elmeg GmbH Field Description The default value is . 17.1.2 PPTP A list of all PPTP interfaces is displayed in the WAN->Internet + Dialup->PPTP menu. In this menu, you configure an Internet connection that uses the Point Tunnelling Protocol (PPTP) to set up a connection.
  • Page 312 17 WAN bintec elmeg GmbH The menu WAN->Internet + Dialup->PPTP->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a name for uniquely identifying the internet connection. The first character in this field must not be a number No special characters or umlauts must be used.
  • Page 313 17 WAN bintec elmeg GmbH Fields in the IP Mode and Routes menu. Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically. Possible values: •...
  • Page 314 17 WAN bintec elmeg GmbH Fields in the Advanced Settings menu. Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed. The de-...

  • Page 315: Umts/Lte

    17 WAN bintec elmeg GmbH Field Description Packets event of intensive TCP upload. This function can be specially applied for asymmetrical bandwidths (ADSL). The function is enabled with The function is disabled by default. PPTP Address Mode Displays the address mode. The value cannot be changed.
  • Page 316 17 WAN bintec elmeg GmbH With mobile standards GPRS, UMTS and LTE, you can establish an internet connection via the mobile network. 17.1.3.1 New Choose the New button to create additional connections. Internet + Dialup UMTS/LTE Fig. 126: -> ->...
  • Page 317 17 WAN bintec elmeg GmbH Field Description optional plug-in UMTS/LTE stick the USB port of the device is preselected. User Name Enter the user name. Password Enter the password. Always on Select whether the interface should always be activated. The function is enabled with The function is disabled by default.
  • Page 318 17 WAN bintec elmeg GmbH Field Description Create NAT Policy Specify whether Network Address Translation (NAT) is to be ac- tivated. The function is enabled with The function is enabled by default. Local IP Address Only if IP Address Mode = Enter the static IP address of the connection partner.
  • Page 319 17 WAN bintec elmeg GmbH Field Description • (default value): Only run (PPP Password Authentica- tion Protocol); the password is transferred unencrypted. • : Only run (PPP Challenge Handshake Authentica- tion Protocol as per RFC 1994); password is transferred en- crypted.

  • Page 320: Aux

    You can define various settings for communication between the gateway and modem in this menu. You require a special cable for the console port of your gateway (e.g. AUX Backup cable) to connect an external analogue modem to the AUX port on a bintec elmeg gateway.
  • Page 321 17 WAN bintec elmeg GmbH 17.1.4.1 New Choose the Newbutton to set up new AUX interfaces. Internet + Dialup Fig. 127: -> -> -> The WAN->Internet + Dialup->AUX->New menu consists of the following fields: Fields in the Basic Parameters menu.
  • Page 322 17 WAN bintec elmeg GmbH Field Description User Name Enter the user name. Password Enter the password. Always on Select whether the interface should always be activated. The function is enabled with The function is disabled by default. Only activate this option if you have Internet access with a flat- rate charge.
  • Page 323 17 WAN bintec elmeg GmbH Field Description The function is enabled by default. Create NAT Policy Specify whether Network Address Translation (NAT) is to be ac- tivated. The function is enabled with The function is enabled by default. Local IP Address Only if IP Address Mode = Enter the static IP address of the connection partner.
  • Page 324 17 WAN bintec elmeg GmbH Field Description Possible values are The default value is . Usage Type If necessary, select a special interface use. Possible values: • (default value): No special type is selected. • : The interface is used for incoming dialup con- nections and callbacks initiated externally.
  • Page 325 17 WAN bintec elmeg GmbH Field Description Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload. This function can be specially applied for asymmetrical bandwidths (ADSL). The function is enabled with The function is disabled by default.
  • Page 326 17 WAN bintec elmeg GmbH Field Description prox. four seconds if your device is requested to do so by the connection partner. Only makes sense for CLID. • : like with the option of termination. This setting should be avoided for security reasons. The Mi-...

  • Page 327: Ip Pools

    17 WAN bintec elmeg GmbH Field Description connection partner. • : Your device only responds to an ARP re- quest if the status of the connection to the connection partner . In the case of , your device only re- sponds to the ARP request;...

  • Page 328: Leased Line

    17 WAN bintec elmeg GmbH Internet + Dialup IP Pools Fig. 128: -> -> -> Fields in the menu Basic Parameters Field Description IP Pool Name Enter any description to uniquely identify the IP pool. IP Address Range Enter the first (first field) and last (second field) IP address of the IP address pool.

  • Page 329: Interfaces

    17 WAN bintec elmeg GmbH 17.2.1 Interfaces In the WAN->Leased Line->Interfaces menu, a list of all is displayed. Automatic genera- tion requires the corresponding ISDN interface to be configured. Leased Line Interfaces Fig. 129: -> -> bintec RV Series...
  • Page 330 17 WAN bintec elmeg GmbH 17.2.1.1 Edit Choose the button to edit the configuration of the corresponding leased line for a BRI interface. Leased Line Interfaces Autogenerated from BRI (ISDN-S0) Fig. 130: -> -> -> -> The WAN->Leased Line->Interfaces->Autogenerated from BRI (ISDN-S0)->...
  • Page 331 17 WAN bintec elmeg GmbH Field Description Local IP Address Enter the IP address you received from your network operator. Route Entries Define other routing entries for this connection class. Add new entries with Add. The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu.
  • Page 332 17 WAN bintec elmeg GmbH Field Description • (default value): OSPF is not activated for this inter- face, i.e. no OSPF protocol packets sent over this interface. Networks reachable over this interface are, however, included when calculating the routing information and propagated over active interfaces.
  • Page 333 17 WAN bintec elmeg GmbH Leased Line Interfaces Autogenerated from PRI (ISDN-S2M) Fig. 131: -> -> -> -> The WAN->Leased Line->Interfaces->Autogenerated from PRI (ISDN-S2M)-> menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter the desired description for the connection.
  • Page 334 17 WAN bintec elmeg GmbH The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu. Field Description LCP Alive Check Select whether the reachability of the remote terminal is to be checked. The function is enabled with The function is enabled by default.

  • Page 335: Real Time Jitter Control

    17 WAN bintec elmeg GmbH Field Description protocol packets sent over this interface. • : OSPF is disabled for this interface. Proxy ARP Mode Select whether and how ARP requests are to be responded to for the specified connection partner.
  • Page 336 17 WAN bintec elmeg GmbH Real Time Jitter Control Controlled Interfaces Fig. 132: -> -> -> The menu WAN->Real Time Jitter Control->Controlled Interfaces->New consists of the following fields: Fields in the Basic Settings menu. Field Description Interface Define for which interfaces voice transmission is to be optim- ised.

  • Page 337: Chapter 18 Vpn

    Encapsulated Security Payload (ESP) protocol and secondly through the use of crypto- graphic key administration mechanisms like the Internet Key Exchange (IKE) protocol. Additional Traffic Filter bintec elmeg gateways support two different methods of setting up IPSec connections: • a method based on policies and • a method based on routing.

  • Page 338: Ipsec Peers

    18 VPN bintec elmeg GmbH The routing-based method offers various advantages over the policy-based method, e.g., NAT/PAT within a tunnel, IPSec in combination with routing protocols and the creation of VPN backup scenarios. With the routing-based method, the configured or dynamically learned routes are used to negotiate the IPSec phase 2 SAs.
  • Page 339 18 VPN bintec elmeg GmbH IPSec IPSec Peers Fig. 133: -> -> Peer Monitoring The menu for monitoring a peer is called by selecting the button for the peer in the peer list. See Values in the IPSec Tunnels list on page 503.
  • Page 340 18 VPN bintec elmeg GmbH IPSec IPSec Peers Fig. 134: -> -> -> The menu VPN->IPSec->IPSec Peers->New consists of the following fields: Fields in the menu Peer Parameters bintec RV Series...
  • Page 341 18 VPN bintec elmeg GmbH Field Description Administrative Status Select the status to which you wish to set the peer after saving the peer configuration. Possible values: • (default value): The peer is available for setting up a tunnel immediately after saving the configuration.
  • Page 342 18 VPN bintec elmeg GmbH Field Description sion 1 • : Internet Kex Exchange Protocol Version 2 Authentication Method Only for Internet Key Exchange = Select the authentication method. Possible values: • (default value): If you do not use certific- ates for the authentication, you can select Preshared Keys.
  • Page 343 18 VPN bintec elmeg GmbH Field Description ternative subject name by default. Make sure you and your peer both use the same name, i.e. that your local ID and the peer ID your partner configures for you are identical. Preshared Key Enter the password agreed with the peer.
  • Page 344 18 VPN bintec elmeg GmbH Field Description Select whether the route to this IPSec peer is to be defined as the default route. The function is enabled with The function is disabled by default. Local IP Address Only for IP Address Assignment = Enter the WAN IP address of your IPSec tunnel.
  • Page 345 18 VPN bintec elmeg GmbH bintec elmeg Gateways support two different methods for establishing IPSec connections: • a method based on policies and • a method based on routing. The policy-based method uses data traffic filters to negotiate the IPSec phase 2 SAs. This enables the filtering of the IP packets to be very "fine grained"...
  • Page 346 18 VPN bintec elmeg GmbH IPSec IPSec Peers Fig. 135: -> -> -> -> Fields in the menu Basic Parameters Field Description Description Enter a description for the filter. Protocol Select a protocol. The option (default value) matches all protocols.
  • Page 347 18 VPN bintec elmeg GmbH Field Description (= -1) means that the port remains unspecified. Destination IP Ad- Enter the destination IP address and corresponding netmask of dress/Netmask the data packets. Destination Port Only for Protocol = Enter the destination port of the data packets. The default set- ting (= -1) means that the port remains unspecified.
  • Page 348 18 VPN bintec elmeg GmbH Field Description XAUTH Profile Select a profile created in VPN->IPSec->XAUTH Profiles if you wish to use this IPSec peer XAuth for authentication. If XAuth is used together with IKE Config Mode, the transac- tions for XAuth are carried out before the transactions for IKE Config Mode.
  • Page 349 Note that MobIKE requires a current IPSec client, e. g. the cur- rent Windows 7 or Windows 8 client or the latest version of the bintec elmeg IPSec client. Proxy ARP Select whether your device is to respond to ARP requests from its own LAN on behalf of the specific connection partner.
  • Page 350 IPSec peer. IPSec Callback bintec elmeg devices support the DynDNS service to enable hosts without fixed IP ad- dresses to obtain a secure connection over the Internet. This service enables a peer to be identified using a host name that can be resolved by DNS. You do not need to configure the IP address of the peer.
  • Page 351 18 VPN bintec elmeg GmbH Note If a tunnel is to be set up to a peer, the interface over which the tunnel is to be imple- mented is activated first by the IPSec Daemon. If IPSec with DynDNS is configured on the local device, the own IP address is propagated first and then the ISDN call is sent to the remote device.
  • Page 352 18 VPN bintec elmeg GmbH Note The callback configuration should be the same on the two devices so that your device is able to identify the IP address information from the called peer. The following roles are possible: • One side takes on the active role, the other the passive role.
  • Page 353 18 VPN bintec elmeg GmbH Field Description Mode Select the Callback Mode. Possible values: • (default value): IPSec callback is deactivated. The local device neither reacts to incoming ISDN calls nor initiates ISDN calls to the remote device. • : The local device only reacts to incoming ISDN calls and, if necessary, initiates setting up an IPSec tunnel to the peer.

  • Page 354: Phase-1 Profiles

    18 VPN bintec elmeg GmbH Field Description Possible values: • : Your device automatically de- termines the most favourable mode. It first tries all D channel modes before switching to the B channel. (Costs are incurred for using the B channel.) •...
  • Page 355 18 VPN bintec elmeg GmbH IPSec Phase-1 Profiles Fig. 136: -> -> In the Default column, you can mark the profile to be used as the default profile. 18.1.2.1 New Choose the New (at Create new IKEv1 Profile or Create new IKEv2 Profile ) button to create additional profiles.
  • Page 356 18 VPN bintec elmeg GmbH IPSec Phase-1 Profiles Fig. 137: -> -> -> The menu VPN->IPSec->Phase-1 Profiles->New consists of the following fields: Fields in the Phase-1 (IKE) Parameters menu. Field Description Description Enter a description that uniquely defines the type of rule.
  • Page 357 18 VPN bintec elmeg GmbH Field Description (Advanced Encryption Standard). It is rated as just as secure as Rijndael (AES), but is slower. • : Blowfish is a very secure and fast algorithm. Twofish can be regarded as the successor to Blowfish.
  • Page 358 DH Group Only for Phase-1 (IKE) Parameters The Diffie-Hellman group defines the parameter set used as the basis for the key calculation during phase 1. "MODP" as sup- ported by bintec elmeg devices stands for "modular exponenti- ation". Possible values: •...
  • Page 359 18 VPN bintec elmeg GmbH Field Description • (default value): If you do not use certific- ates for the authentication, you can select Preshared Keys. These are configured during peer configuration in the VPN->IPSec->IPSec Peers. The preshared key is the shared password.
  • Page 360 18 VPN bintec elmeg GmbH Field Description Local ID Type Only for Phase-1 (IKE) Parameters Select the local ID type. Possible values: • • • • Local ID Value Only for Phase-1 (IKE) Parameters Enter the ID of your device.
  • Page 361 18 VPN bintec elmeg GmbH Fields in the Advanced Settings menu. Field Description Alive Check Only for Phase-1 (IKE) Parameters Select the method to be used to check the functionality of the IPSec connection. In addition to the default method Dead Peer Detection (DPD), the (proprietary) Heartbeat method is implemented.
  • Page 362 18 VPN bintec elmeg GmbH Field Description Block Time Define how long a peer is blocked for tunnel setups after a phase 1 tunnel setup has failed. This only affects locally initiated setup attempts. Possible values are (seconds); means the...

  • Page 363: Phase-2 Profiles

    18 VPN bintec elmeg GmbH Field Description This option can only be configured if certificates are loaded. 18.1.3 Phase-2 Profiles You can define profiles for phase 2 of the tunnel setup just as for phase 1. In the VPN->IPSec->Phase-2 Profiles menu, a list of all configured IPSec phase 2 profiles is displayed.
  • Page 364 18 VPN bintec elmeg GmbH IPSec Phase-2 Profiles Fig. 139: -> -> -> The menu VPN->IPSec->Phase-2 Profiles->New consists of the following fields: Fields in the Phase-2 (IPSEC) Parameters menu. Field Description Description Enter a description that uniquely identifies the profile.
  • Page 365 18 VPN bintec elmeg GmbH Field Description , a key length of 128 bits is used. • : Rijndael has been nominated as AES due to its fast key setup, low memory requirements, high level of secur- ity against attacks and general speed. Here, it is used with a key length of 128 bits.
  • Page 366 18 VPN bintec elmeg GmbH Field Description used to protect the keys of a renewed phase 2 SA, even if the keys of the phase 1 SA have become known. The field has the following options: • : During the Diffie-Hellman key calculation, mod- ular exponentiation at 768 bits is used to create the encryption material.
  • Page 367 20 seconds, the SA is discarded as invalid. Possible values: • (default value): Automatic detection of whether the remote terminal is a bintec elmeg device. If it is, (for a remote terminal with bintec elmeg) or (for a remote terminal without bintec el- meg) is set.

  • Page 368: Xauth Profiles

    18 VPN bintec elmeg GmbH 18.1.4 XAUTH Profiles In the XAUTH Profiles menu a list of all XAUTH profiles is displayed. Extended Authentication for IPSec (XAuth) is an additional authentication method for IPSec tunnel users. The gateway can take on two different roles when using XAuth as it can act as a server or as a client: •...
  • Page 369 18 VPN bintec elmeg GmbH The VPN->IPSec->XAUTH Profiles ->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a description for this XAuth profile. Role Select the role of the gateway for XAuth authentication.

  • Page 370: Ip Pools

    18 VPN bintec elmeg GmbH Field Description entering the authentication name of the client (Name)) and the authentication password (Password). Add new members with Add. 18.1.5 IP Pools In the IP Pools menu a list of all IP pools for your configured IPSec connections is dis- played.

  • Page 371: Options

    18 VPN bintec elmeg GmbH Field Description DNS server. 18.1.6 Options IPSec Options Fig. 142: -> -> The menu VPN->IPSec->Options consists of the following fields: Fields in the Global Options menu. Field Description Enable IPSec Select whether you want to activate IPSec.
  • Page 372 The default val- ues are globally valid and enable your system to work correctly to other bintec elmeg devices, so that you only need to change these values if the remote terminal is a third-party product or you know special settings are necessary.
  • Page 373 18 VPN bintec elmeg GmbH Field Description The function is enabled with The function is disabled by default. Send Initial Contact Select whether IKE Initial Contact messages are to be sent dur- Message ing IKE (phase 1) if no SAs with a peer exist.

  • Page 374: L2Tp

    RSA encryption. Activate this function with to sup- press this behaviour. 18.2 L2TP The layer 2 tunnel protocol (L2TP) enables PPP connections to be tunnelled via a UDP connection. Your bintec elmeg device supports the following two modes: bintec RV Series...

  • Page 375: Tunnel Profiles

    18 VPN bintec elmeg GmbH • L2TP LNS Mode (L2TP Network Server): for incoming connections only • L2TP LAC Mode (L2TP Access Concentrator): for outgoing connections only Note the following when configuring the server and client: An L2TP tunnel profile must be created on each of the two sides (LAC and LNS).
  • Page 376 18 VPN bintec elmeg GmbH Fields in the Basic Parameters menu. Field Description Description Enter a description for the current profile. The device automatically names the profiles and numbers them, but the value can be changed. Enter the host name for LNS or LAC.
  • Page 377 18 VPN bintec elmeg GmbH Field Description Remote IP Address Enter the fixed IP address of the LNS used as the destination address for connections based on this profile. The destination must be a device that can behave like an LNS.

  • Page 378: Users

    18 VPN bintec elmeg GmbH Field Description value means that no L2TP HELLO messages are sent. Minimum Time Enter the minimum time (in seconds) that your device waits be- between Retries fore resending a L2TP control packet for which it received no re- sponse.
  • Page 379 18 VPN bintec elmeg GmbH L2TP Users Fig. 144: -> -> -> The menu VPN->L2TP->Users->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a name for uniquely identifying the L2TP partner. The first character in this field must not be a number No special characters or umlauts must be used.
  • Page 380 18 VPN bintec elmeg GmbH Field Description L2TP network server (LNS) or the functions of a L2TP access concentrator client (LAC client). Possible values: • (default value): If you select this option, the L2TP partner is configured so that it accepts L2TP tunnels and restores the encapsulated PPP traffic flow.
  • Page 381 18 VPN bintec elmeg GmbH Field Description • (default value): You enter a static IP address. • : Only for Connection Type = Your device dynamically assigns an IP address to the remote terminal. • : Only for Connection Type = .
  • Page 382 18 VPN bintec elmeg GmbH Fields in the Advanced Settings menu. Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed.
  • Page 383 18 VPN bintec elmeg GmbH Field Description checked by sending LCP echo requests or replies. This is re- commended for leased lines, PPTP and L2TP connections. The function is enabled with The function is enabled by default. Prioritize TCP ACK...

  • Page 384: Options

    18 VPN bintec elmeg GmbH Field Description til someone actually wants to use the route. • : Your device responds to an ARP request only if the status of the connection to the L2TP partner is (active), i.e. a connection already exists to the L2TP partner.

  • Page 385: Pptp

    18 VPN bintec elmeg GmbH Field Description The function is disabled by default. 18.3 PPTP The Point-to-Point Tunnelling Protocol (=PPTP) can be used to set up an encrypted PPTP tunnel to provide security for data traffic over an existing IP connection.
  • Page 386 18 VPN bintec elmeg GmbH 18.3.1.1 New Click on New to set up further PPTP partners. PPTP PPTP Tunnels Fig. 146: -> -> -> The VPN->PPTP->PPTP Tunnels->New menu consists of the following fields: Fields in the PPTP Partner Parameters menu.
  • Page 387 18 VPN bintec elmeg GmbH Field Description Description Enter a unique name for the tunnel. The first character in this field must not be a number No special characters or umlauts must be used. PPTP Mode Enter the role to be assigned to the PPTP interface.
  • Page 388 18 VPN bintec elmeg GmbH Fields in the IP Mode and Routes menu. Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically. Possible values: •...
  • Page 389 18 VPN bintec elmeg GmbH Field Description • : The lower the value, the higher the priority of the route (possible values ). The default value is . IP Assignment Pool Only if PPTP Mode = , IP Address Mode = (IPCP) Select a IP pool configured in the VPN->PPTP->IP Pools...
  • Page 390 18 VPN bintec elmeg GmbH Field Description Possible values: • : MPP encryption is not used. • (default value): MPP encryption V2 with 128 bit is used to RFC 3078. • : MPP encryption V2 with 128 bit is used as compatible with Microsoft and Cisco.
  • Page 391 18 VPN bintec elmeg GmbH Field Description propagated or OSPF protocol packets sent over this interface. • : OSPF is disabled for this interface. Proxy ARP Mode Select whether your device is to answer APR requests from your LAN on behalf of the specific PPTP partner.

  • Page 392: Options

    18 VPN bintec elmeg GmbH Field Description cial applications. Incoming ISDN Num- Only if Callback is enabled. Enter the ISDN number from which the remote device calls the local device (calling party number). Outgoing ISDN Num- Only if Callback is enabled.

  • Page 393: Ip Pools

    1 from Microsoft Windows XP. Since, in SP 1, Mi- crosoft has changed the confirmation algorithm in the GRE pro- tocol, the automatic window adaptation for GRE must be turned off for bintec elmeg devices. The function is enabled with The function is enabled by default.

  • Page 394: Gre

    18 VPN bintec elmeg GmbH 18.3.3.1 Edit or New Choose theNew button to set up new IP address pools. Choose the icon to edit existing entries. PPTP IP Pools Fig. 148: -> -> -> Fields in the menu Basic Parameters...

  • Page 395: Gre Tunnels

    18 VPN bintec elmeg GmbH over this interface is then encapsulated using GRE and sent to the specified recipient. 18.4.1 GRE Tunnels A list of all configured GRE tunnels is displayed in the VPN->GRE->GRE Tunnels menu. 18.4.1.1 New Choose the New button to set up new GRE tunnels.
  • Page 396 18 VPN bintec elmeg GmbH Field Description Default Route If you enable the Default Route, all data is automatically routed to one connection. The function is disabled by default. Local IP Address Here, enter the (LAN-side) IP address that is to be used as your device's source address for your own packets through the GRE tunnel.

  • Page 397: Chapter 19 Firewall

    19 Firewall bintec elmeg GmbH Chapter 19 Firewall The Stateful Inspection Firewall (SIF) provided for bintec elmeg gateways is a powerful se- curity feature. The SIF with dynamic packet filtering has a decisive advantage over static packet filtering: The decision whether or not to send a packet cannot be made solely on the basis of source and destination addresses or ports but also using dynamic packet filtering based on the state of the connection to a partner.

  • Page 398: Policies

    19 Firewall bintec elmeg GmbH One of the basic functions of NAT is the translation of the local IP addresses of your LAN into the global IP addresses you are assigned by your ISP and vice versa. All connections initiated externally are first blocked, i.e. every packet your device cannot assign to an exist- ing connection is rejected.
  • Page 399 19 Firewall bintec elmeg GmbH in succession until a rule matches. If overlapping occurs, i.e. more than one filter rule matches a packet, only the first rule is executed. This means that if the first rule denies a packet, whereas a later rule allows it, the packet is rejected. A deny rule also has no effect if a relevant packet has previously been allowed by another filter rule.
  • Page 400 19 Firewall bintec elmeg GmbH Field Description Source Select one of the preconfigured aliases for the source of the packet. In the list, all WAN/LAN interfaces, interface groups (see Fire- wall->Interfaces->Groups), addresses (see Firewall->Ad- dresses->Address List) and address groups (see Firewall->Addresses->Groups) are available.
  • Page 401 19 Firewall bintec elmeg GmbH Field Description Action Select the action to be applied to a filtered packet. Possible values: • (default value): The packets are forwarded on the basis of the entries. • : The packets are rejected. •...

  • Page 402: Qos

    19 Firewall bintec elmeg GmbH 19.1.2 QoS More and more applications need increasingly larger bandwidths, which are not always available. Quality of Service (QoS) makes it possible to distribute the available bandwidths effectively and intelligently. Certain applications can be given preference and bandwidth re- served for them.

  • Page 403: Options

    19 Firewall bintec elmeg GmbH Field Description Filter Rules This field contains a list of all configured firewall policies for which QoS was activated (Apply QoS = ). The follow- ing options are available for each list entry: • Use: Select whether this entry should be assigned to the QoS interface.
  • Page 404 19 Firewall bintec elmeg GmbH Field Description Firewall Status Enable or disable the firewall function. The function is enabled with The function is enabled by default. Logged Actions Select the firewall syslog level. The messages are output together with messages from other subsystems.

  • Page 405: Interfaces

    19 Firewall bintec elmeg GmbH Field Description The default value is Other Inactivity Enter the inactivity time after which a session of another type is to be regarded as expired (in seconds). Possible values are The default value is 19.2 Interfaces 19.2.1 Groups...

  • Page 406: Addresses

    19 Firewall bintec elmeg GmbH Field Description Description Enter the desired description of the interface group. Members Select the members of the group from the available interfaces. To do this, activate the field in the Selection column. 19.3 Addresses 19.3.1 Address List A list of all configured addresses is displayed in the Firewall->Addresses->Address List...

  • Page 407: Groups

    19 Firewall bintec elmeg GmbH Field Description • : Enter an IP address range with a start and end address. Address / Subnet Only for Address Type = Enter the IP address of the host or a network address and the related netmask.

  • Page 408: Services

    19 Firewall bintec elmeg GmbH Field Description Selection Select the members of the group from the available Addresses. To do this, activate the Fields in the Selection column. 19.4 Services 19.4.1 Service List In the Firewall->Services->Service List menu, a list of all available services is displayed.
  • Page 409 19 Firewall bintec elmeg GmbH Field Description specified port number is verified. If a port range is to be checked, enter the upper limit here. Possible values are Source Port Range Only for Protocol = In the first field, enter the source port to be checked, if applic- able.

  • Page 410: Groups

    19 Firewall bintec elmeg GmbH Field Description Code Selection options for the ICMP codes are only available for Type = Possible values: • (default value) • • • • • • • 19.4.2 Groups A list of all configured service groups is displayed in the Firewall->Services->Groups menu.
  • Page 411 19 Firewall bintec elmeg GmbH Firewall Services Groups Fig. 158: -> -> -> The menu Firewall->Services->Groups->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter the desired description of the service group. Members Select the members of the group from the available service ali- ases.

  • Page 412: Chapter 20 Voip

    20 VoIP bintec elmeg GmbH Chapter 20 VoIP Voice over IP (VoIP) uses the IP protocol for voice and video transmission. The main difference compared with conventional telephony is that the voice information is not transmitted over a switched connection in a telephone network, but divided into data packets by the Internet protocol and these packets are then passed to the destination over undefined paths in a network.

  • Page 413: Rtsp

    20 VoIP bintec elmeg GmbH Field Description The function is disabled by default. SIP Port Enter the port to be supervised by the proxy. You must configure a proxy for each destination port to which VoIP clients from the LAN can connect.
  • Page 414 20 VoIP bintec elmeg GmbH The VoIP->RTSP->RTSP Proxymenu consists of the following fields: Fields in the Basic Parameters menu. Field Description RTSP Proxy Select whether you want to permit RTSP sessions. The function is activated by selecting The function is disabled by default.

  • Page 415: Chapter 21 Local Services

    21 Local Services bintec elmeg GmbH Chapter 21 Local Services This menu offers services for the following application areas: • Name resolution (DNS) • Configuration via web browser (HTTPS) • Locating of dynamic IP addresses using a DynDNS provider • Configuration of gateway as a DHCP server (assignment of IP addresses) •...
  • Page 416 21 Local Services bintec elmeg GmbH Your device can also receive the global name servers dynamically via PPP or DHCP and transfer them dynamically if necessary. Strategy for name resolution on your device A DNS request is handled by your device as follows: (1) If possible, the request is answered directly from the static or dynamic cache with IP address or negative response.

  • Page 417: Global Settings

    21 Local Services bintec elmeg GmbH 21.1.1 Global Settings Local Services Global Settings Fig. 161: -> -> The menu Local Services->DNS->Global Settings consists of the following fields: Fields in the Basic Parameters menu. Field Description Domain Name Enter the standard domain name of your device.
  • Page 418 21 Local Services bintec elmeg GmbH Field Description i.e. successfully resolved names and IP addresses are to be stored in the cache. The function is activated by selecting The function is enabled by default. Negative Cache Select whether the negative dynamic cache is to be activated, i.e.

  • Page 419: Dns Servers

    21 Local Services bintec elmeg GmbH Fields in the IP address to use for DNS/WINS server assignment menu. Field Description As DHCP Server Select which name server addresses are sent to the DHCP cli- ent if your device is used as DHCP server.
  • Page 420 21 Local Services bintec elmeg GmbH Local Services DNS Servers Fig. 162: -> -> -> The Local Services->DNS->DNS Servers->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Description Admin Status Select whether the DNS server should be enabled.

  • Page 421: Static Hosts

    21 Local Services bintec elmeg GmbH Field Description • (default value) Interface Select the interface to which the DNS server pair is to be as- signed. For Interface Mode = A global DNS server is created with the setting For Interface Mode = A DNS server is configured for all interfaces with the setting.

  • Page 422: Domain Forwarding

    21 Local Services bintec elmeg GmbH The menu Local Services->DNS->Static Hosts->New consists of the following fields: Fields in the Basic Parameters menu. Field Description DNS Hostname Enter the host name to which the IP Address defined in this menu is to be assigned if a positive response is received to a DNS request.
  • Page 423 Enter the name of the host to be forwarded. The entry can also start with the wildcard *, e.g. *.bintec-elmeg.com. If a name is entered without a full stop, you complete with OK " <Default Domain>. " " is added.

  • Page 424: Cache

    21 Local Services bintec elmeg GmbH Field Description Forward to Select the forwarding destination requests to the name defined in Host or Domain. Possible values: • (default value): The request is forwarded to the defined Interface. • : The request is forwarded to the defined DNS Server.

  • Page 425: Statistics

    21 Local Services bintec elmeg GmbH 21.1.6 Statistics Local Services Statistics Fig. 166: -> -> In the Local Services->DNS->Statisticsmenu, the following statistical values are dis- played: Fields in the DNS Statistics menu. Field Description Received DNS Packets Shows the number of received DNS packets addressed direct to your device, including the response packets for forwarded re- quests.

  • Page 426: Https

    21 Local Services bintec elmeg GmbH 21.2 HTTPS You can operate the user interface of your device from any PC with an up-to-date Web browser via an HTTPS connection. HTTPS (HyperText Transfer Protocol Secure) is the procedure used to establish an en- crypted and authenticated connection by SSL between the browser used for configuration and the device.

  • Page 427: Dyndns Client

    21 Local Services bintec elmeg GmbH Field Description • : Under System Management->Cer- tificates->Certificate List select entered certificate. 21.3 DynDNS Client The use of dynamic IP addresses has the disadvantage that a host in the network can no longer be found once its IP address has changed. DynDNS ensures that your device can still be reached after a change to the IP address.
  • Page 428 21 Local Services bintec elmeg GmbH Local Services DynDNS Client DynDNS Update Fig. 168: -> -> -> The menu Local Services->DynDNS Client->DynDNS Update->New consists of the fol- lowing fields: Fields in the Basic Parameters menu. Field Description Host Name Enter the complete host name as registered with the DynDNS provider.

  • Page 429: Dyndns Provider

    21 Local Services bintec elmeg GmbH Field Description The default value is Enable update Select whether the DynDNS entry configured here is to be activ- ated. The function is activated by selecting The function is disabled by default. The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu.
  • Page 430 21 Local Services bintec elmeg GmbH Local Services DynDNS Client DynDNS Provider Fig. 169: -> -> -> The menu Local Services->DynDNS Client->DynDNS Provider->New consists of the fol- lowing fields: Fields in the Basic Parameters menu. Field Description Provider Name Enter a name for this entry.

  • Page 431: Dhcp Server

    DHCP server as a network broadcast.* The client then receives its IP address from bintec elmeg (as part of a brief exchange). You therefore do not need to allocate fixed IP addresses to PCs, which reduces the amount of configuration work in your network.

  • Page 432: Dhcp Configuration

    21 Local Services bintec elmeg GmbH 21.4.1.1 Edit or New Choose the New button to set up new IP address pools. Choose the icon to edit exist- ing entries. Local Services DHCP Server IP Pool Configuration Fig. 170: -> ->...
  • Page 433 21 Local Services bintec elmeg GmbH Note In the ex works state the DHCP pool is preconfigured with the IP addresses 192.168.0.10 to 192.168.0.49 and is used if there is no other DHCP server available in the network. 21.4.2.1 Edit or New Choose the New button to set up new IP address pools.
  • Page 434 21 Local Services bintec elmeg GmbH Field Description Pool Usage Specify whether the IP pool is used for DHCP requests in the same subnet or for DHCP requests that have been forwarded to your device from another subnet. In this case it is possible to define IP addresses from another network.
  • Page 435 21 Local Services bintec elmeg GmbH Field Description • : Enter the IP address of the DNS server to be sent to the client. • : Enter the DNS domain to be sent to the client. • : Enter the IP address of the WINS/ NBNS server to be sent to the client.

  • Page 436: Ip/Mac Binding

    21 Local Services bintec elmeg GmbH Field Description Possible values: • (default value) • Provisioning Server Only für Select vendor = Enter which manufacturer value shall be transmitted. For the setting Select vendor = , the default value is displayed.

  • Page 437: Dhcp Relay Settings

    21 Local Services bintec elmeg GmbH 21.4.3.1 New Choose the New button to set up new IP/MAC bindings. Local Services DHCP Server IP/MAC Binding Fig. 172: -> -> -> The menu Local Services->DHCP Server->IP/MAC Binding->New consists of the follow- ing fields: Fields in the Basic Parameters menu.

  • Page 438: Web Filter

    21 Local Services bintec elmeg GmbH Local Services DHCP Server DHCP Relay Settings Fig. 173: -> -> The menu Local Services->DHCP Server->DHCP Relay Settings consists of the follow- ing fields: Fields in the Basic Parameters menu. Field Description Primary DHCP Server Enter the IP address of a server to which BootP or DHCP re- quests are to be forwarded.

  • Page 439: General

    21 Local Services bintec elmeg GmbH 21.5.1 General This menu contains the configuration of basic parameters for using the Proventia Web Fil- ter. Local Services Web Filter General Fig. 174: -> -> The Local Services->Web Filter->Generalmenu consists of the following fields: Fields in the Web Filter Options menu.
  • Page 440 21 Local Services bintec elmeg GmbH Field Description Press the Add button to add more interfaces. The requests from http Internet pages that reach your device via these interfaces are then monitored by web filtering. Maximum Number of Define the number of entries to be saved in the web filtering his- History Entries tory (History menu).

  • Page 441: Filter List

    21 Local Services bintec elmeg GmbH Field Description Licence Status Shows the result of the last validity check of the licence. The validity of the licence is checked every 23 hours. License valid until This shows the expiry date of the licence (relative to the time set on your device) and cannot be edited.
  • Page 442 21 Local Services bintec elmeg GmbH Field Description Category Select which category of addresses/URLs the filter is to be used The options are first the standard categories of the Proventia Web Filter (default value: ). Actions can also be defined for the following special cases, e.g.: •...

  • Page 443: Black / White List

    21 Local Services bintec elmeg GmbH Field Description • : Callup is allowed and not logged. 21.5.3 Black / White List The Local Services->Web Filter->Black / White List menu contains a list of URLs or IP addresses, as the case applies. The addresses on the White List can also be called if they had been blocked because of filter configuration and classification in the Proventia web filter.

  • Page 444: History

    Caution The configuration of actions that are not available as defaults requires extensive know- ledge of the method of operation of bintec elmeg gateways. An incorrect configuration can cause considerable disruption during operation. If applicable, save the original configuration on your PC.

  • Page 445: Trigger

    21 Local Services bintec elmeg GmbH Note To run the event scheduler, the date configured on your device must be 1.1.2000 or later. 21.6.1 Trigger The Local Services->Scheduling->Trigger menu displays all the event lists that have been configured. Every event list contains at least one event which is intended to be the ini- tiator for an action.
  • Page 446 21 Local Services bintec elmeg GmbH Field Description If you want to add to an existing event list, select the event list you want and add at least one more event to it. You can use event lists to create complex conditions for initiat- ing an action.
  • Page 447 21 Local Services bintec elmeg GmbH Field Description Select the GEO Zone Status. Possible values: • : The current position lies within the defined zone. • : The current position lies outside the defined zone. Monitored Variable Only for Event Type Select the MIB variable whose defined value is to be configured as initiator.
  • Page 448 21 Local Services bintec elmeg GmbH Field Description the intended operation. Possible values: • (default value): The function is enabled. • : The interface is disabled. Traffic Direction Only for Event Type Select the direction of the data traffic whose values should be monitored as initiating an operation.
  • Page 449 21 Local Services bintec elmeg GmbH Field Description Status Only for Event Type Select whether Destination IP Address must be (default value) or in order to initiate the opera- tion. Interval Only for Event Type Enter the time in Seconds after which a ping must be resent.

  • Page 450: Actions

    21 Local Services bintec elmeg GmbH Field Description (default value) ... Possible values for Condition Settings in Condition Type = • : The initiator becomes active daily (default value). • : The initiator becomes active daily from Monday to Friday.
  • Page 451 21 Local Services bintec elmeg GmbH Local Services Scheduling Actions Fig. 179: -> -> -> The menu Local Services->Scheduling->Actions->New consists of the following fields: Fields in the menu Basic Parameters Field Description Description Enter your chosen designation for the action.
  • Page 452 21 Local Services bintec elmeg GmbH Field Description controlled by the WLAN controller. • : Only for devices with a WLAN controller. The status of a wireless network is modified. • : The operating mode of a WLAN radio module is modified.
  • Page 453 21 Local Services bintec elmeg GmbH Field Description • : A new entry shall be created. Index Variables Only if Command Type = Where required, select MIB variables to uniquely identify a spe- cific data set in MIB Table, e.g.
  • Page 454 21 Local Services bintec elmeg GmbH Field Description Interface Only if Command Type = Select the interface whose status should be changed. Set interface status Only if Command Type = Select the status to be set for the interface. Possible values: •...
  • Page 455 21 Local Services bintec elmeg GmbH Field Description Server URL Where Command Type = if Source Loca- tion not Enter the URL of the server from which the desired software version is to be retrieved. Where Command Type = with...
  • Page 456 21 Local Services bintec elmeg GmbH Field Description • Protocol Only for Command Type = if Action = Select the protocol for the data transfer. Possible values: • (default value) • • CSV File Format Only where Command Type = and Action = Select whether the file is to be sent in the CSV format.
  • Page 457 21 Local Services bintec elmeg GmbH Field Description File Name in Flash Where Command Type = Action = Select the file to be exported. Where Command Type = Action = Select the file to be renamed. Where Command Type = Action = Select the file to be deleted.
  • Page 458 21 Local Services bintec elmeg GmbH Field Description and Action = Select whether, when importing a configuration file, to check on the server for the presence of a more current version of the already loaded configuration. If not, the file import is interrupted.
  • Page 459 21 Local Services bintec elmeg GmbH Field Description Enter a description for the certificate under which to save it on the device. Where Command Type = Action = Select the certificate to be deleted. Password for protec- Only where Command Type =...
  • Page 460 21 Local Services bintec elmeg GmbH Field Description Subject Name Only where Command Type = and Action = Enter a subject name with attributes. Example: CA Name Only where Command Type = and Action = Enter the name of the CA certificate of the certification authority (CA) from which you wish to request your certificate, e.g.
  • Page 461 21 Local Services bintec elmeg GmbH Field Description Define the extent to which certificate revocation lists (CRLs) are to be included in the validation of certificates issued by the own- er of this certificate. Possible values: • (default value): In case there is an entry for a CDP, CRL distribution point this should be evaluated in addition to the CRLs globally configured in the device.

  • Page 462: Options

    The value is recommended (5 minute accuracy). 21.7 Surveillance In this menu, you can configure an automatic availability check for hosts or interfaces and automatic ping tests. You can monitor temperature with devices from the bintec WI series. bintec RV Series...

  • Page 463: Hosts

    21 Local Services bintec elmeg GmbH Note This function cannot be configured on your device for connections that are authentic- ated via a RADIUS server. 21.7.1 Hosts A list of all monitored hosts is displayed in the Local Services->Surveillance->Hosts menu.
  • Page 464 21 Local Services bintec elmeg GmbH Field Description The group IDs are automatically created from . If an entry has not yet been created, a new group is created using option. If entries have been created, you can select one from the list of created groups.

  • Page 465: Interfaces

    21 Local Services bintec elmeg GmbH Field Description You can use this setting to specify, for example, when a host is deemed to be accessible once more, and used again, instead of a backup device. Possible values are The default value is .
  • Page 466 21 Local Services bintec elmeg GmbH Local Services Surveillance Interfaces Fig. 182: -> -> -> The menu Local Services->Surveillance->Interfaces->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Monitored Interface Select the interface on your device that is to be monitored.

  • Page 467: Ping Generator

    21 Local Services bintec elmeg GmbH 21.7.3 Ping Generator In the Local Services->Surveillance->Ping Generator menu, a list of all configured, auto- matically generated pings is displayed. 21.7.3.1 Edit or New Choose the icon to edit existing entries. Choose the New button to create additional pings.

  • Page 468: Upnp

    21 Local Services bintec elmeg GmbH Field Description The default value is Trials Enter the number of ping tests to be performed until Destina- tion IP Address as applies. The default value is . 21.8 UPnP Universal Plug and Play (UPnP) makes it possible to use current messenger services (e.g.

  • Page 469: General

    21 Local Services bintec elmeg GmbH You can determine whether UPnP requests from clients are accepted by each interface (for requests from the local network) and/or whether the interface can be controlled via UPnP requests. Local Services UPnP Interfaces Fig. 184: ->...

  • Page 470: Hotspot Gateway

    Ethernet). The solution is adapted to setup of smaller and larger Hotspot solutions for cafes, hotels, companies, communal residences, campgrounds, etc. The HotSpot Solution consists of a bintec elmeg gateway installed onsite (with its own WLAN access point or additional connected WLAN device or wired LAN) and of the Hot- spot server, centrally located at a computing centre.
  • Page 471 Requirements To operate a Hotspot, the customer requires: • a bintec elmeg device as hotspot gateway with active Internet access and configured hot- spot server entries for login and accounting (see menu System Management->Remote Authentication->RADIUS->New with Group Description •...

  • Page 472: Hotspot Gateway

    Also refer to the WLAN Hotspot Workshop that is available to download from www.bintec-elmeg.com 21.9.1 HotSpot Gateway In the HotSpot Gateway menu, you can configure the bintec elmeg gateway installed onsite for the Hotspot Solution. A list of all configured hotspot networks is displayed in the Local Services->HotSpot Gateway->HotSpot Gateway menu.
  • Page 473 21 Local Services bintec elmeg GmbH 21.9.1.1 Edit or New You configure the hotspot networks in the Local Services->HotSpot Gateway->HotSpot Gateway-> menu. Choose the New button to set up additional Hotspot networks. Local Services HotSpot Gateway HotSpot Gateway Fig. 187: ->...
  • Page 474 21 Local Services bintec elmeg GmbH Field Description If you select the interface over which the current configura- tion session is running, the current connection will be lost. You must then log in again over a reachable interface that is not configured for the Hotspot to configure your device.
  • Page 475 21 Local Services bintec elmeg GmbH Field Description dresses. Language for login Here you can choose the language for the start/login page. window The following languages are supported: The language can be changed on the start/login page at any time.

  • Page 476: Options

    21 Local Services bintec elmeg GmbH Field Description The function is enabled by default. Pop-Up window for Specify whether the device uses pop-up windows to display the status indication status. The function is enabled by default. Default Idle Timeout Enable or disable the Default Idle Timeout. If a hotspot user does not trigger any data traffic for a configurable length of time, they are logged out of the hotspot.

  • Page 477: Wake-On-Lan

    21 Local Services bintec elmeg GmbH 21.10 Wake-On-LAN With the function Wake-On-LAN (WOL) you can start network devices that are switched off via an integrated network card. The network card also needs a power supply, even when the computer is switched off. You can use filters and rule chains to define the conditions that need to be met to send the so-called magic packet, and select the interfaces that are to be monitored for the defined rule chains.
  • Page 478 21 Local Services bintec elmeg GmbH Field Description Service Select one of the preconfigured services. The extensive range of services configured ex works includes the following: • • • • • • • • The default value is Protocol Select a protocol.
  • Page 479 21 Local Services bintec elmeg GmbH Field Description Destination Port/Range Only for Protocol = Enter a destination port number or a range of destination port numbers. Possible values: • (default value): The destination port is not specified. • : Enter a destination port.

  • Page 480: Wol Rules

    21 Local Services bintec elmeg GmbH Field Description • : The TOS value is specified in hexadecimal format, e.g. 3F. COS Filter Enter the service class of the IP packets (Class of Service, (802.1p/Layer 2) CoS). Possible values are whole numbers between and .
  • Page 481 21 Local Services bintec elmeg GmbH Field Description Wake-On-LAN Rule Select whether to create a new rule chain or to edit an existing Chain one. Possible values: • (default value): You can create a new rule chain with this setting.

  • Page 482: Interface Assignment

    21 Local Services bintec elmeg GmbH Field Description Send WOL packet over Select the interface which is to be used to send the Wake on Interface LAN magic packet. Target MAC-Address Only where Action = Enter the MAC address of the network device that is to be en- abled using WOL.

  • Page 483: Brrp

    Note You require a licence for devices in the R23x series and RS series. BRRP (Bintec Router Redundancy Protocol) is a bintec elmeg-specific implementation of the VRRP (Virtual Router Redundancy Protocol). A router redundancy procedure is used mainly to safeguard the availability of a physical gateway in a LAN or WAN.

  • Page 484: Virtual Routers

    21 Local Services bintec elmeg GmbH Field Description first address. VRRP advertisements are always sent with the primary IP address as source of the IP packet.” VRRP Advertisement A keepalive that sends the master to the backup gateway to in- dicate his reachability.
  • Page 485 21 Local Services bintec elmeg GmbH Note This interface is used to transmit the BRRP advertisement data packets and possibly to transmit keepalive monitoring data packets. Another interface must be configured in the next step to transmit the usage data.
  • Page 486 21 Local Services bintec elmeg GmbH events, which result in a switching of the operating status of the virtual router. Controlling the operating status of a virtual router implicitly also controls the operating status of the interface to which the virtual router is linked. If an error occurs, all interfaces on a device have to be deactivated.
  • Page 487 21 Local Services bintec elmeg GmbH Fields in the BRRP Advertisement Interface menu. Field Description Ethernet Interface Choose the interface via which BRRP advertisement packets are sent and expected. If you edit a Virtual Router, the Ethernet interface is displayed and cannot be changed.
  • Page 488 21 Local Services bintec elmeg GmbH Field Description Virtual Interface Prior- Define the transmitted BRRP priority of the interface for the vir- tual router. Higher priorities determine the master interfaces during the initialization pahse as well as with active Pre- Empt-Mode.Possible values are between...
  • Page 489 21 Local Services bintec elmeg GmbH Field Description um period depending on the priority. The higher the priority, the shorter the time added. Consequently, a backup router with a higher priority responds more quickly than a router with lower priority).

  • Page 490: Vr Synchronisation

    21 Local Services bintec elmeg GmbH 21.11.2 VR Synchronisation The watchdog daemon is configured in the Local Services->BRRP->VR Synchronisation menu, i.e. you define how state changes are handled. After opening the menu Local Services->BRRP->VR Synchronisation a list of all syn- chronisations is displayed.

  • Page 491: Options

    21 Local Services bintec elmeg GmbH Field Description vertisements as per its configuration in the Local Services->BRRP->Virtual Routers->New->Advanced Set- tings menu.) Virtual Router ID Select a virtual router using the Virtual Router ID and define which interface is to be checked. You can choose previously defined IDs (see Virtual Router ID in the Local Services->BRRP->Virtual Router->New menu under BRRP...
  • Page 492 21 Local Services bintec elmeg GmbH Field Description Enable BRRP Enable or disable the BRRP function. The function is enabled with The function is disabled by default. bintec RV Series...

  • Page 493: Chapter 22 Maintenance

    22 Maintenance bintec elmeg GmbH Chapter 22 Maintenance This menu provides you with numerous functions for maintaining your device. It firstly provides a menu for testing availability within the network. You can manage your system configuration files. If more recent system software is available, you can use this menu to in- stall it.

  • Page 494: Dns Test

    22 Maintenance bintec elmeg GmbH 22.1.2 DNS Test Maintenance Diagnostics DNS Test Fig. 196: -> -> The DNS test is used to check whether the domain name of a particular host is correctly re- solved. The Outputfield displays the DSN test messages. The ping test is launched by en- tering the domain name to be tested in DNS Address and clicking the Go button.

  • Page 495: Software &Configuration

    An update of BOOTmonitor and/or Logic is recommended in a few cases. In this case, the release notes refer expressly to this fact. Only update BOOTmonitor or Logic if bintec elmeg GmbH explicitly recommends this. Flash Your device saves its configuration in configuration files in the flash EEPROM (Electrically Erasable Programmable Read Only Memory).
  • Page 496 22 Maintenance bintec elmeg GmbH stored in the working memory (RAM). The contents of the RAM are lost if the device is switched off. So if you modify your configuration and want to keep these changes for the next time you start your device, you must save the modified configuration in the flash memory before switching off: The Save configuration button over the navigation area of the GUI.
  • Page 497 22 Maintenance bintec elmeg GmbH The Maintenance->Software &Configuration ->Optionsmenu consists of the following fields: Fields in the Currently Installed Software menu. Field Description BOSS Shows the current software version loaded on your device. Shows the current system logic loaded on your device.
  • Page 498 22 Maintenance bintec elmeg GmbH Field Description the current configuration was saved as boot configuration and the previ- ous boot configuration was also archived. You can load back the archived boot configuration. • : The file in the Select file field is deleted.
  • Page 499 22 Maintenance bintec elmeg GmbH Field Description • : You can launch an update of the system software, the ADSL logic and the BOOTmonitor. • : The configuration file Current File Name in Flash is transferred to your local host. If you...
  • Page 500 22 Maintenance bintec elmeg GmbH Field Description Enter the path and name of the file or select the file with Browse... via the explorer/finder. Source Location Only for Action = Select the source of the update. Possible values: • (default value): The system software file is stored locally on your PC.

  • Page 501: Reboot

    22 Maintenance bintec elmeg GmbH Field Description Select the file or configuration to be renamed or deleted. New File Name Only for Action = Enter the new name of the configuration file. 22.3 Reboot 22.3.1 System Reboot In this menu, you can trigger an immediate reboot of your device. Once your system has restarted, you must call the GUI again and log in.

  • Page 502: Chapter 23 External Reporting

    23 External Reporting bintec elmeg GmbH Chapter 23 External Reporting In this system menu, you define what system protocol messages are saved on which com- puters, and whether the system administrator should receive an e-mail for certain events. Information on IP data traffic can also be saved--depending on the individual interfaces. In addition, SNMP traps can be sent to specific hosts in case of error.
  • Page 503 23 External Reporting bintec elmeg GmbH A list of all configured system log servers displayed in the External Reporting->Syslog->Syslog Servers menu. 23.1.1.1 New Select the New button to set up additional syslog servers. External Reporting Syslog Syslog Servers Fig. 200: ->...
  • Page 504 23 External Reporting bintec elmeg GmbH Field Description • (lowest priority) Syslog messages are only sent to the host if they have a higher or identical priority to that indicated, i.e. at syslog level all messages generated are forwarded to the host.

  • Page 505: Ip Accounting

    23 External Reporting bintec elmeg GmbH 23.2 IP Accounting In modern networks, information about the type and number of data packets sent and re- ceived over the network connections is often collected for commercial reasons. This inform- ation is extremely important for Internet Service Providers that bill their customers by data volume.
  • Page 506 23 External Reporting bintec elmeg GmbH External Reporting IP Accounting Options Fig. 202: -> -> In the External Reporting->IP Accounting->Options menu, you can define the Log Format of the IP accounting messages. The messages can contain character strings in any order, sequences separated by a slash, e.g.

  • Page 507: Alert Service

    23 External Reporting bintec elmeg GmbH 23.3 Alert Service It was previously possible to send syslog messages from the router to any syslog host. De- pending on the configuration, e-mail alerts are sent to the administrator as soon as relevant syslog messages appear.
  • Page 508 23 External Reporting bintec elmeg GmbH Field Description Possible values: • E-mail • SMS Recipient Enter the recipient's e-mail address. The entry is limited to 40 characters. Message Compression Select whether the text in the alert E-mail is to be shortened.
  • Page 509 23 External Reporting bintec elmeg GmbH Field Description entered therefore usually contains wildcards. To be informed of all syslog messages of the selected level, just enter "*". Severity Select the severity level which the string configured in the Matching String field must reach to trigger an e-mail alert.

  • Page 510: Alert Settings

    23 External Reporting bintec elmeg GmbH 23.3.2 Alert Settings External Reporting Alert Service Alert Settings Fig. 204: -> -> The menu External Reporting->Alert Service->Alert Settings consists of the following fields: Fields in the Basic Parameters menu. Field Description Alert Service Select whether the alert service is to be enabled for the inter- face.
  • Page 511 23 External Reporting bintec elmeg GmbH Field Description Possible values: • (default value): The server accepts and send emails without further authentication. • : The server only accepts e-mails if the router logs in with the correct user name and password.

  • Page 512: Snmp

    23 External Reporting bintec elmeg GmbH 23.4 SNMP SNMP (Simple Network Management Protocol) is a protocol from the IP protocol family for transporting management information about network components. Every SNMP management system contains an MIB. SNMP can be used to configure, con- trol and administrate various network components from one system.

  • Page 513: Snmp Trap Hosts

    23 External Reporting bintec elmeg GmbH Field Description Your device then sends SNMP traps to the LAN's broadcast ad- dress. The function is activated by selecting The function is disabled by default. SNMP Trap UDP Port Only if SNMP Trap Broadcasting is enabled.
  • Page 514 23 External Reporting bintec elmeg GmbH External Reporting SNMP SNMP Trap Hosts Fig. 206: -> -> -> The menu External Reporting->SNMP->SNMP Trap Hosts->New consists of the follow- ing fields: Fields in the Basic Parameters menu. Field Description IP Address Enter the IP address of the SNMP trap host.

  • Page 515: Chapter 24 Monitoring

    24 Monitoring bintec elmeg GmbH Chapter 24 Monitoring This menu contains information that enable you to locate problems in your network and monitor activities, e.g. at your device's WAN interface. 24.1 Internal Log 24.1.1 System Messages In the Monitoring->Internal Log->System Messages menu, a list of all internally stored system messages is displayed.

  • Page 516: Ipsec

    24 Monitoring bintec elmeg GmbH Field Description Subsystem Displays which subsystem of the device generated the mes- sage. Message Displays the message text. 24.2 IPSec 24.2.1 IPSec Tunnels A list of all configured IPSec tunnel providers is displayed in the Monitoring->IPSec->IPSec Tunnels menu.
  • Page 517 24 Monitoring bintec elmeg GmbH Monitoring IPSec IPSec Tunnels Fig. 209: -> -> -> Values in the IPSec Tunnels list Field Description Description Shows the description of the peer. Local IP Address Shows the WAN IP address of your device.

  • Page 518: Ipsec Statistics

    24 Monitoring bintec elmeg GmbH Field Description Role / Algorithm / Life- time remaining / Status IPSec (Phase-2) SAs Shows the parameters of the IPSec (Phase 2) SAs. Role / Algorithm / Life- time remaining / Status Messages The system messages for this IPSec tunnel are displayed here.

  • Page 519: Interfaces

    24 Monitoring bintec elmeg GmbH Field Description Status Displays the number of IPSec tunnels by their current status. • Up: Currently active IPSec tunnels. • Going up: IPSec tunnels currently in the tunnel setup phase. • Blocked: IPSec tunnels that are blocked.
  • Page 520 24 Monitoring bintec elmeg GmbH Monitoring Interfaces Statistics Fig. 211: -> -> Change the status of the interface by clicking the or the button in the Action column. Values in the Statistics list Field Description Shows the serial number of the interface.
  • Page 521 24 Monitoring bintec elmeg GmbH Monitoring Interfaces Statistics Fig. 212: -> -> -> Values in the Statistics list Field Description Description Displays the name of the interface. MAC Address Displays the interface text. IP Address / Netmask Shows the IP address and the netmask.

  • Page 522: Wlan

    24 Monitoring bintec elmeg GmbH 24.4 WLAN 24.4.1 WLANx In the Monitoring->WLAN->WLAN menu, current values and activities of the WLAN inter- face are displayed. The values for wireless mode 802.11n are listed separately. Monitoring WLAN WLAN Fig. 213: -> ->...
  • Page 523 24 Monitoring bintec elmeg GmbH Field Description in mbps. Rx Packets Shows the total number of received packets for the data rate shown in mbps. You can choose the Advanced button to go to an overview of more details. Monitoring...

  • Page 524: Vss

    24 Monitoring bintec elmeg GmbH Description Meaning Unicast MPDUs re- Displays the number of successfully received MSDUs that were ceived successfully sent with a unicast address. MSDUs that could not Displays the number of MSDUs that could not be sent.
  • Page 525 24 Monitoring bintec elmeg GmbH Field Description ent is logged in. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. Signal dBm(RSSI1, Shows the received signal strength in dBm. RSSI2, RSSI3) Noise dBm Shows the received noise strength in dBm.
  • Page 526 24 Monitoring bintec elmeg GmbH Monitoring WLAN <connected client> Fig. 216: -> -> -> -> Values in the list <Connected Client> Field Description Client MAC Address Shows the MAC address of the associated client. IP Address Shows the IP address of the client.

  • Page 527: Bridges

    24 Monitoring bintec elmeg GmbH Field Description wireless connection. Values: • > 25 dB excellent • 15 – 25 dB good • 2 – 15 dB borderline • 0 – 2 dB bad. Data Rate mbps Shows the current transmission rate of data received by this cli- ent in mbps.

  • Page 528: Hotspot Gateway

    24 Monitoring bintec elmeg GmbH Field Description Port Shows the port on which the bridge is active. 24.6 HotSpot Gateway 24.6.1 HotSpot Gateway A list of all linked hotspot users is displayed in the Monitoring->HotSpot Gateway->Hot- Spot Gateway menu. Monitoring...

  • Page 529: Ospf

    24 Monitoring bintec elmeg GmbH Monitoring Fig. 219: -> -> Values in the QoS list Field Description Interface Shows the interface for which QoS has been configured. QoS Queue Shows the QoS queue, which has been configured for this inter- face.
  • Page 530 24 Monitoring bintec elmeg GmbH Monitoring OSPF Status Fig. 220: -> -> Values in the Status list Field Description View Select the desired view from the dropdown menu. Are available: In the OSPF Interfaces area all enabled OSPF interfaces are listed:...
  • Page 531 24 Monitoring bintec elmeg GmbH Field Description State The OSPF status of the interface displayed here can take on the following values: • : OSPF is not running on this interface. • : The initial phase of the OSPF, in which the DR and BDR are determined.

  • Page 532: Statistics

    24 Monitoring bintec elmeg GmbH Field Description • : The gateway now exchanges Link State Advertise- ments with the neighbor. • : The Link State Databases of the gateway and its neighbor are now synchronized. The headers of all Link State Advertisements (LSA) are listed in the section for the Link State Database.

  • Page 533: Pim

    24 Monitoring bintec elmeg GmbH Values in the Statistics list Field Description Received Hello Mes- Displays the number of Hello packets received. sages Sent Hello Messages Displays the number of Hello packets sent. Received Database De- Displays the number of received databank entries.
  • Page 534 24 Monitoring bintec elmeg GmbH Monitoring Global Status Fig. 222: -> -> Values in the Global Status list Field Description View Select the desired view from the dropdown menu. Are available: Values in the PIM Interfaces list Field Description Interface Displays the name of the PIM interface.

  • Page 535: Not Interface-Specific Status

    24 Monitoring bintec elmeg GmbH Field Description Expiry Timer Indicates when the PIM Neighbor is no longer entered as neigh- bor. If the value is displayed, the PIM Neighbor always re- mains entered as neighbor. Values in the Multicast Group / RP Mappings list...
  • Page 536 24 Monitoring bintec elmeg GmbH Field Description View Select the desired view from the dropdown menu. Are available: Values in the (*,*,RP) States list Field Description Rendezvous Point IP Displays the IP address of the Rendezvous Point (RP) for the Address group.
  • Page 537 24 Monitoring bintec elmeg GmbH Field Description next periodic (*,G) Join message on pimStarGRPFIfIndex. In the PIM-SM specification, this address is named (*,G) Upstream Join Timer. If the timer is deactivated, it has the value . Values in the (S,G) States list...

  • Page 538: Interface-Specific States

    24 Monitoring bintec elmeg GmbH Field Description Upstream Override Indicates the remaining time until the local router sends out the Timer next Triggered (S,G, rpt) Join message on pimSGRPFIfIndex. In the PIM-SM specification, this timer is named (S,G, rpt) Up- stream Override Join Timer.
  • Page 539 24 Monitoring bintec elmeg GmbH Field Description Join/Prune State Indicates the status that results from the (*,G) Join/Prune mes- sages received on this interface. This corresponds to the status of the Downstream Per-Interface (*,G) State Machine in the PIM-SM specification.
  • Page 540 24 Monitoring bintec elmeg GmbH Field Description has the value . The value 'FFFFFFFF'h stands for infinite. In the PIM-DM specification, this timer is named (S,G) Prune Timer. Assert State Displays the (S,G) Assert State for this interface. This corres- ponds to the status of the Per-Interface (S,G) Assert State Ma- chine in der PIM-SM Specification See "I-D.ietf-pim-sm-v2-new...

  • Page 541: Glossary

    Glossary bintec elmeg GmbH Glossary See GSM. 3DES See DES. See UMTS. See LTE. 802.11 The 802.11 norm describes wireless LAN (WLAN). There are a vari- ety of amendments: 802.11a: Gross data transfer rates: 54 Mbit/s, frequency band: 5 GHz, 802.11b/g: Gross data transfer rates: 11 Mbit/s, frequency band: 2.4 GHz, 802.11g: Gross data transfer...
  • Page 542 Glossary bintec elmeg GmbH key length is 128, 192 or 256 bits. AES is a very fast and secure al- gorithm. Aggressive mode When an IPSec connection is being established, aggressive mode is used to implement a phase 1 exchange. Aggressive mode offers no identity protection for negotiating nodes, since they have to transmit their identity before they can establish a secure channel.
  • Page 543 Glossary bintec elmeg GmbH AUX is a signal input for external devices, e. g. analogue or GSM modems. B channel See Basic Rate Interface and Primary Rate Interface. Back Route Verify If a Back Route Verify is activated for an interface, incoming data packets are only accepted over this interface if outgoing response packets are routed over the same interface.
  • Page 544 Glossary bintec elmeg GmbH and reduces the load. Broadcast In a broadcast, data packets are sent from one point to all the sub- scribers in a network, e. g. if the recipient is not yet known. Ex- amples of this are the ARP and DHCP protocols. The communica- tion is via broadcast addresses: MAC networks: FF:FF:FF:FF:FF:FF, IPv4 networks: 255.255.255.255, IPv6 net-...
  • Page 545 Glossary bintec elmeg GmbH Channel bundling When channels are bundled, the B channels in an ISDN connection are combined to increase data throughput. CHAP The Challenge Handshake Authentication Protocol (CHAP) is an au- thentication protocol for PPP connections. As well as the standard CHAP, Microsoft also has the variants MS-CHAPv1 and MS- CHAPv2.
  • Page 546 Glossary bintec elmeg GmbH Datagram A datagram is a self-contained data entity with user and control data. It generally stands for the terms data frame, data packet and data segment. DCN stands for data communication network. Dead Peer Detection In IPSec, Dead Peer Detection is used to identify IKE peers that can no longer be accessed.
  • Page 547 Glossary bintec elmeg GmbH to-point. It is used to connect a PBX. A main phone number and a number block are issued. Each of the numbers in the number block is called a direct dial exception. (Example: Main number 1234, num- ber block: 1 - 99, numbers of the individual extensions: 1234-1, 1234-2, 1234-3, …)
  • Page 548 Glossary bintec elmeg GmbH Encryption Refers to the encryption of data, e.g. using MPPE. Encapsulating Security Payload (ESP) is a protocol for IPSec. It uses protocol number 50 and supports data encryption and authen- tication. Ethernet Ethernet is a specification for cable data networks. Ethernet works on the first and second layer of the OSI model.
  • Page 549 Glossary bintec elmeg GmbH G.992.1 Data transmission recommendation for ADSL. There are two coun- try-specific versions: G.992.1 Annex A and G.992.1 Annex B. Data transfer rates: 12 Mbit/s (downstream), 1.3 Mbit/s (upstream) G.992.2 Data transmission recommendation for ADSL (G.LITE / ADSL-Lite).
  • Page 550 Glossary bintec elmeg GmbH capsulating other protocols so that they can be transported via the Internet Protocol (IP) in the form of a tunnel (VPN). GRE uses pro- tocol number 47. The Global System for Mobile Communications (GSM), also known as 2G, is a mobile communications standard.
  • Page 551 Glossary bintec elmeg GmbH it uses port 80. HTTPS The HyperText Transfer Protocol Secure (HTTPS) is a protocol which protects against eavesdropping when transmitting HTML pages (web pages) between server and client. HTTPS is schematic- ally identical to HTTP. SSL / TLS is used for additional data encryp- tion.
  • Page 552 Glossary bintec elmeg GmbH IPCP The Internet Protocol Control Protocol (IPCP) is used, in a similar way to DHCP, to configure a host with an IP address, gateway and DNS server, when a PPP network connection is being used. With the extension Robust Header Compression over PPP, the header can be compressed for faster data transmission.
  • Page 553 Glossary bintec elmeg GmbH L2TP The Layer 2 Tunneling Protocol (L2TP) is a network protocol for en- capsulating other protocols so that they can be transported via the Internet Protocol (IP) in the form of a tunnel (VPN). By default, L2TP uses protocol number 1701.
  • Page 554 Glossary bintec elmeg GmbH Loopback In a loopback switch the sender and recipient are identical. Long Term Evolution (LTE), also known as 4G, is a mobile commu- nications standard with a standardised maximum data transmission rate of 300 Mbit/s. MAC address...
  • Page 555 Glossary bintec elmeg GmbH MPPE Microsoft Point-To-Point Encryption (MPPE) is used to encrypt data transmitted via PPP. It was developed by Microsoft and Cisco and specified as RFC 3078. MS-CHAP The Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is a method of authentication. MS-CHAPv1 is intended for authenticating DCN connections and is largely the same as the standard CHAP.
  • Page 556 Glossary bintec elmeg GmbH NBNS Like DNS, NetBIOS Name Service (NBSN) is used in centralised name resolution. See also WINS and DNS. Netmask With IPv4 in connection with the IP address, the netmask, also net- work mask and subnet mask, defines the network by dividing the IP address into network and device parts and thus determining which addresses need to be routed.
  • Page 557 Glossary bintec elmeg GmbH Peer A peer is the endpoint of a communication in the network. Phase 1/2 See IKE. The Protocol Independent Multicast (PIM) enables the dynamic rout- ing of multicast packets on the Internet. Ping Ping is a diagnostic tool that can be used to check whether a partic- ular host in an IP network can be contacted.
  • Page 558 Glossary bintec elmeg GmbH POP3 The Post Office Protocol Version 3 (POP3) is a transmission pro- tocol which controls how a client accesses emails from an email server. Port The port number is used to decide the service (telnet, FTP, ...) to which an incoming data packet should be sent.
  • Page 559 Glossary bintec elmeg GmbH Proposal When an IPSec connection is being established, the initiator of the connection makes proposals with relation to the authentication and encryption methods to be used. Protocol Protocols regulate the flow of a data communication on different levels of the OSI model.
  • Page 560 Glossary bintec elmeg GmbH Reset This returns the device to its unconfigured state. A Request For Comments (RFC) is a document that describes the standards and guidelines for the Internet. Rijndael See AES. The Routing Information Protocol (RIP) is a routing protocol. It is re- stricted to small networks.
  • Page 561 Glossary bintec elmeg GmbH RTSP The Real-Time Streaming Protocol (RTSP) controls the transmis- sion of audio and video data (streams) via IP-based networks. While the Real-Time Transport Protocol (RTP) is used to transmit user data, the main function of RTSP lies in controlling the data streams.
  • Page 562 Glossary bintec elmeg GmbH SHA1 Secure Hash Algorithm version 1 (SHA1) is a hash function that generates a 160 bit hash value (checksum). See also Hash. SHDSL Symmetrical High-bit-rate Digital Subscriber Line. See DSL. Shell The shell is an input interface (e. g. command line or graphic user interface) between computer and user.
  • Page 563 Glossary bintec elmeg GmbH the Real-Time Transport Protocol (RTP) that is encrypted using AES. Secure Shell (SSH) is a network protocol that can be used to estab- lish an encrypted connection to a device's shell. SSID The Service Set Identifier (SSID) defines a wireless network that is based on IEEE 802.11.
  • Page 564 Glossary bintec elmeg GmbH sible IP addresses). Switch A switch is a network component that connects individual network segments to one another. On the one hand, a switch can be oper- ated as a bridge to the data link layer in the OSI model. Unlike the bridge, however, a switch has more than one input and output.
  • Page 565 Glossary bintec elmeg GmbH an ISDN terminal. See also NT. Telnet Telecommunication Network (Telnet) is a network protocol. It en- ables communication with another, remote device in the network, e. g. PCs, routers, etc. TFTP The Trivial File Transfer Protocol (TFTP) regulates the transmission of files.
  • Page 566 Glossary bintec elmeg GmbH control must take place in the application layer. Conversely, UDP is faster than connection-oriented protocols. Unique Local Addresses (ULA) are IPv6 addresses that are not routed. They can be used in private networks (e. g. a LAN). ULAs begin with the prefix fd.
  • Page 567 Glossary bintec elmeg GmbH also refers to a tunnel that is established between the private net- works of the two connected parties. VPN protocols are IPSec, PPTP, L2TP and GRE. The Virtual Service Set (VSS) refers to a prefix for wireless LAN in- terfaces.
  • Page 568 Glossary bintec elmeg GmbH WPA-PSK With WPA 1 / 2, WPA-PSK enables subscribers to be authenticated using pre-shared keys. The access point and the client use the same string for the key calculation in the WLAN. This string needs to be configured by the users.
  • Page 569 Index bintec elmeg GmbH Address Mode Index Address Range Address Type Address List Address / Subnet Addresses Admin Status 231 , 270 Vendor Description Admin Status ISDN Timeserver Administration 145 , 171 Modem Init Sequence Administrative Status 326 , 406...
  • Page 570 Index bintec elmeg GmbH Authentication 295 , 300 , 304 , 309 , Cache Hits 368 , 375 Cache Size Authentication Key Call Number Authentication Method 127 , 326 , Callback Callback Mode Authentication Type 81 , 86 , 270...
  • Page 571 Index bintec elmeg GmbH Connected Delete 204 , 215 Connection State 234 , 249 , 463 Delete complete IPSec configuration Connection Type Connection Idle Timeout 292 , 298 , Demand Circuit Options 302 , 307 , 365 , 372 Description...
  • Page 572 Index bintec elmeg GmbH Distribution Ratio Enabled Encrypt configuration DNS Hostname Encrypted DNS Negotiation 295 , 300 , 304 , Encryption 87 , 368 , 375 309 , 369 , 376 Encryption Algorithms DNS Server 314 , 356 , 380 , 409 ,...
  • Page 573 Index bintec elmeg GmbH Force certificate to be trusted High Priority Class Forward History Forward to Hold Down Timer Forwarded Requests Home PLNM Forwarding Horizontal Dilution Of Precision Fragmentation Threshold 154 , 190 (HDOP) Frame transmissions without ACK re- Host...
  • Page 574 Index bintec elmeg GmbH 520 , 520 , 524 , 525 , 526 IPSec (Phase-2) Interface Action IPSec Tunnels Interface Mode 139 , 406 IPSec Statistics Interface Status IPSec Tunnels Interface Traffic Condition IPSec (Phase-2) SAs Interface Description IPSec Debug Level...
  • Page 575 Index bintec elmeg GmbH Licence Status Mail Exchanger (MX) Licence Key Maintenance 205 , 479 Licence Serial Number Management VID License valid until Manual WLAN Controller IP Address Lifetime 342 , 350 Line Speed Marker Position (Latitude, Longitude) Link State ID...
  • Page 576 Index bintec elmeg GmbH Maximum Upload Speed 240 , 243 , Multicast Routing Multicast Group Address 281 , 286 mbps Multicast Group Range Members 391 , 397 Multicast Group Address 521 , 522 , Memory Usage 523 , 523 , 524 , 525 , 526...
  • Page 577 Index bintec elmeg GmbH PIM Mode PIM Status PIM Interfaces Oper Status PIM Options Operation Band 150 , 187 PIM Rendezvous Points Operation Mode 150 , 184 , 187 Ping Operation Mode (Active) Ping Generator Operation Mode (Inactive) Ping Test...
  • Page 578 Index bintec elmeg GmbH Prioritize TCP ACK Packets 295 , 300 RADIUS Server Group ID , 304 , 309 , 317 , 320 , 368 , 375 Real Time Jitter Control Priority 81 , 86 , 243 , 385 , 406...
  • Page 579 Index bintec elmeg GmbH Retries Rx Errors Reverse-Path-Forwarding (RPF) Rx Packets 506 , 507 , 508 , 510 , , 523 RFC 2091 Variable Timer RFC 2453 Variable Timer Save configuration RIP Filter Scan channels RIP Interfaces Scan Interval RIP Options...
  • Page 580 Index bintec elmeg GmbH Serial Port 115 , 115 SNMP Trap Community Server SNMP Trap Hosts Server Address SNMP Trap Options Server Timeout SNMP Trap UDP Port Server URL SNMP Write Community Server Failures SNR dB Server IP Address 81 , 86 Software &Configuration...
  • Page 581 Index bintec elmeg GmbH Subsystem Transfer Mode Successful Trials Transfer own IP address over ISDN/ Successfully Answered Queries Summary Transferred Traffic Surveillance Transmit Key 162 , 167 , 195 Switch Port Transmit Power 150 , 184 Switch to SNMP Browser...
  • Page 582 Index bintec elmeg GmbH Update Timer Virtual Router Master UPnP VLAN 142 , 200 , 292 UPnP Status VLAN Identifier UPnP TCP Port VLAN Members Upstream Join State 522 , 522 , 523 VLAN ID 139 , 200 , 292...
  • Page 583 Index bintec elmeg GmbH Write certificate in configuration XAUTH Profile XAUTH Profiles Zero Cookie Size Zone Coverage Fail State Time Zone Valid Zone Coverage Fail State Zone Initial State Zone Initial State Time Zone Time To False Zone Time To True...

This manual is also suitable for:

Rv130w-4gRv120w-4gRv120w

Table of Contents