Download Print this page

BinTec X8500 Software Configuration Manual

Hide thumbs Also See for X8500:

Hardware installation manual (114 pages)

,

Installation manual (18 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

X8500

Software Configuration Guide

Installation and Configuration

©

Copyright

2004 BinTec Access Networks GmbH, all rights reserved.

Version 1.4

Document #71000R

October 2004

X8500

Software Configuration Guide

1

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the X8500 and is the answer not in the manual?

Questions and answers

Summary of Contents for BinTec X8500

Page 1 X8500 Software Configuration Guide Installation and Configuration © Copyright 2004 BinTec Access Networks GmbH, all rights reserved. Version 1.4 Document #71000R October 2004 X8500 Software Configuration Guide...
Page 2 The information in this manual is subject to change without notice. Additional information, including changes and release notes for X8500, can be found at www.bintec.net. As a multiprotocol router,...
Page 3 You will find further information in the "Declarations of Conformity" at www.bintec.net. How to reach BinTec BinTec Access Networks GmbH BinTec France Südwestpark 94 6/8 Avenue de la Grande Lande D-90449 Nürnberg F-33174 Gradignan Germany France Telephone: +49 911 96 73 0...
Page 4 BinTec Access Networks GmbH...
Page 5: Table Of Contents
Table of Contents Table of Contents Table of Contents Welcome! BinTec’s X8500 Documentation from BinTec About this Manual 1.3.1 Contents 1.3.2 Meaning of Symbols 1.3.3 Typographical Elements General Safety Precautions Getting Started Connection Methods 3.1.1 Connecting Over the Serial Interface 3.1.2...
Page 6 Remote CAPI Interface Configuration 4.5.3 Finding PCs on Your Partner’s Network Testing Your Configuration Advanced Configuration with the Setup Tool General WAN Settings 5.1.1 Dynamic IP Address Server 5.1.2 CAPI User Concept 5.1.3 General PPP Settings BinTec Access Networks GmbH...
Page 7 Compression 5.2.11 Proxy ARP (Address Resolution Protocol) 5.2.12 Keepalive Monitoring Basic IP Settings 5.3.1 System Time 5.3.2 Name Resolution in X8500 with DNS Proxy 5.3.3 Port Numbers 5.3.4 BOOTP Relay Agent Quality of Service 5.4.1 Defining IP Filters 5.4.2 Classification and (TOS) Signaling 5.4.3...
Page 8 Authentication of PPP Connections with PAP, CHAP or MS-CHAP 7.2.4 Callback 7.2.5 Closed User Group 7.2.6 Access to Remote CAPI 7.2.7 NAT (Network Address Translation) 7.2.8 Filters (Access Lists) 7.2.9 Local Filters 7.2.10 Back Route Verification 7.2.11 TAF Agent BinTec Access Networks GmbH...
Page 9 8.2.1 Formatting the Flash Card 8.2.2 File System and Directory Structures on the Flash Card 8.2.3 Behavior of X8500 with Flash Card in Boot Operation and Saving the Configuration 8.2.4 Configuration Management for the Flash Card 8.2.5 Command fssh in the SNMP Shell of...
Page 10 Table of Contents Typical Errors and Procedure 9.2.1 System Errors 9.2.2 ISDN Connections Important Commands 10.1 SNMP Shell Commands 10.2 BRICKtools for Unix Commands General Safety Precautions in German Glossary Index BinTec Access Networks GmbH...
Page 11: Welcome
System card The system card (X8A-SYS or X8A-SYS-VPN, for details about the system cards, see the Hardware Installation Guide) is the control unit of X8500. With its Basic Rate Interface, two or three Fast Ethernet ports, respectively, and the serial console port, the system card provides for local and remote configuration, administration and monitoring of X8500.
Page 12 The future New technologies and developments are vital for BinTec Access Networks Gm- bH. X8500’s flexible platform with eight expansion slots and a powerful proces- sor permits the immediate integration of new WAN/LAN technologies and features. This makes X8500 a future-oriented and migration-capable device.
Page 13: Bintec's X8500 Cd
Device at COM1 or Device at COM2. Configuration Manager allows you to configure and administrate all BinTec routers in the network via a graphic interface. Here you can view and edit SNMP tables and variables. Remote CAPI Client: The Remote CAPI Client allows you to use communications applications based on the standard CAPI interface.
Page 14: Documentation From Bintec
In the Release Notes Firmware Logic and BOOTmonitor Update, you will find instructions to help you upgrade BOOTmonitor and/or firmware log- ic, if applicable. BinTec Access Networks GmbH...
Page 15 Instructions for the operation of BinTec routers in Great Britain. You received this documentation together with X8500. The Hardware Installa- tion Guide manual is provided in printed form. Your BinTec Companion CD also contains the complete documentation in electronic form (PDF, HTML). In addition to your Companion CD documentation, you can download all the latest documentation free of charge from our WWW server at www.bintec.net.
Page 16: About This Manual
A brief overview of the most important com- mands" mands of the SNMP shell and BRICKtools for Unix. 11: "General Safety Pre- General safety precautions in German. cautions in German" Table 1-1: Short description of chapters BinTec Access Networks GmbH...
Page 17: Meaning Of Symbols
Warning (indicates possible danger that, if unheeded, could cause bodily harm) Danger (indicates danger that, if unheeded, could lead to serious bodily harm or death) Table 1-2: List of visual aids X8500 Software Configuration Guide...
Page 18: Typographical Elements
Windows Start menu Indicates keys/key combinations Windows terms. italics, e.g. Indicates values that can be entered or set in the Setup Tool or MIB variables. none Online:blue Indicates links. Table 1-3: Typographical elements BinTec Access Networks GmbH...
Page 19: General Safety Precautions
Electrostatic charges may cause damage to the equipment. You should therefore wear a grounded wrist strap or touch a grounded surface before you touch sockets or extension cards of X8500. Only grip extension cards at the edges and do not touch components or conductor tracks.
Page 20 Make sure you follow the correct cabling sequence, as described in the manual. Use only the cables supplied with the equipment or cables that meet the specifications in this manual. If you use other cables, BinTec Ac- cess Networks GmbH cannot accept liability for any damage occurring or for any adverse effects on operation.
Page 21 Never use water to clean this equipment. Water spillage can result in seri- ous danger for the user (e.g. electric shock) and cause considerable dam- age to the equipment. Never use scouring or abrasive alkaline cleaning agents on this equipment. X8500 Software Configuration Guide...
Page 22 General Safety Precautions BinTec Access Networks GmbH...
Page 23: Getting Started
Getting Started This chapter contains a description of the various connection and configuration methods for X8500. It also contains installation instructions for the BRICKware for Windows soft- ware. Caution! As an ISDN multiprotocol router, X8500 sets up ISDN connections in accor- dance with the system configuration.
Page 24: Connection Methods
Getting Started Connection Methods Before you can configure your X8500, you must connect X8500. There are var- ious ways of doing this: Over the serial interface Over your Over an ISDN connection Diagram of connection methods: Serial Connection X8500 ISDN...
Page 25: Connecting Over The Serial Interface
Connecting Over the Serial Interface Initial configuration Connecting over the serial interface is very suitable if you carry out an initial configuration on X8500 before you have entered an IP address and netmask. To connect X8500 to your computer over the serial interface, connect the serial...
Page 26 System V), tip (under BSD) or minicom (under Linux). The settings for these programs are the same as listed above. Example of a command line for using cu: cu -s 9600 -c/dev/ttyS1 Example of a command line for using tip: tip -9600 /dev/ttyS1 BinTec Access Networks GmbH...
Page 27: Connecting Over A Lan
X8500 with telnet: Windows Click the Windows Start button and then Run..Type telnet <IP address of X8500>. Click OK. A window with the login prompt appears. You are now in the SNMP shell of X8500. Continue with chapter 3.2, page...
Page 28: Connection Over Isdn
ISDN card in the remote LAN, using a number of X8500’s ISDN connection in your own LAN (e.g. 1234). It is thus possible for the administrator of a remote LAN to configure a X8500 which is hundreds of kilometers away.
Page 29 Log in on your router in the remote LAN in the usual way. In the SNMP shell, type in isdnlogin <number ISDN connection of X8500>, e.g. isdnlogin 1234. The login prompt will appear in the window. You are now in the SNMP shell of X8500. Continue with chapter 3.2, page...
Page 30: Logging In
This is how you log in: Type in your user name (e.g. admin) and press Return. Type in your password (e.g. bintec) and press Return. Your router then issues an input prompt, e.g. X8500:>. The login was suc- cessful. BinTec Access Networks GmbH...
Page 31 Logging In Caution! All BinTec routers are shipped with the same user names and passwords. As long as the passwords remain unchanged, the routers are not protected against unauthorized use. How to change the passwords is described in chapter 3.4.5, page Change the passwords to prevent unauthorized access to X8500.
Page 32: Configuration Options
BinTec Access Networks GmbH. You can use its interface based on Windows SNMP Managers Explorer to access all MIB tables and variables of X8500. You can also use oth- er SNMP managers, such as SNM, HP OpenView or Transview to access and modify the MIB tables and variables.
Page 33: Using The Setup Tool
An introduction to using the Setup Tool is provided in this chapter. You can call up the Setup Tool once you have logged in to X8500: To use the Setup Tool, you must log in with the user name admin! If you do not know the corresponding password, you cannot open the Setup Tool (see chapter 3.2, page...
Page 34: Menu Layout
Tool menu system you currently are. The system name of X8500 is also displayed. This is especially helpful if you are using several BinTec routers with different system names. The configuration window is where the actual entries are made and the re- spective settings are displayed.
Page 35: Menu Navigation
To scroll back a page in a long list. An "=" sign at the top right indicates the start of the list or a "∧" indicates more to come. Ctrl - c Leave the Setup Tool. Table 3-2: Navigation in the Setup Tool X8500 Software Configuration Guide...
Page 36: Menu Commands
To leave the current menu and return to the previous menu. Any entries made are lost. Table 3-3: Buttons in the Setup Tool Leave the Setup Tool with Save as boot configuration and exit to save the configuration to the flash memory. BinTec Access Networks GmbH...
Page 37: Searching Lists
Searching Lists Some Setup Tool menus contain lists of items, e.g. the WAN P menu, ARTNER which lists all WAN partners currently configured: X8500 Setup Tool BinTec Access Networks GmbH [WAN]: WAN Partners MyX8500 Current WAN Partner Configuration Partnername Protocol State ∧...
Page 38: Changing The Password
To change a password, proceed as follows: Select the password field in the appropriate menu and enter the new pass- word. The field changes to the change mode and the message Change Password appears in the help line. BinTec Access Networks GmbH...
Page 39: Convention
Explanation: Tag the WAN P menu in the main menu of the Setup ARTNER Tool and press Return. Select an existing entry there and press Return. Now tag the WAN N submenu and press Return. UMBERS X8500 Software Configuration Guide...
Page 40: Menu Structure
Getting Started 3.4.7 Menu Structure The main menu of the Setup Tool looks like this: X8500 Setup Tool BinTec Access Networks GmbH MyX8500 Licenses System Slot Card (State) Interfaces/Resource[Unit] SYS: X8A-SYS ETH[1] ETH[2] BRI[4] X8E-4PRI (R) PRI[0] PRI[1] PRI[2] PRI[3]...
Page 41 TCP/IP Figure 3-4: Setup Tool basic menu structure The menus of the Setup Tool available on X8500 in our example are illustrated figure 3-4, page 41. Depending on your expansion card setup, your Setup Tool main menu may differ from the example. BRI interfaces will be displayed as BRI[x], PRI interfaces as PRI[x], and Ethernet interfaces as ETH[x], where "x"...
Page 42 Menu Function This menu is for entering the license information and activating licenses. ICENSES In this menu, you enter the basic system settings of X8500, e.g. system YSTEM name and passwords. ETH[ This menu is for configuring the interface of X8500.
Page 43 SNMP is for changing the basic SNMP settings. RADIUS S is for configuring RADIUS servers. ERVER DNS is for defining the procedure for name resolution in X8500. is for controlling access to the OCAL ERVICES CCESS ONTROL local UDP and TCP services in X8500.
Page 44 Includes the settings for BinTec's CAPI user concept. You can use this to assign user names and passwords to users of the X8500's CAPI applica- tions. This makes sure that only authorized users can receive incoming calls and make outgoing calls via CAPI.
Page 45: In Advance Of Configuration
Gathering Information Router settings Before you start to configure your X8500, make sure you have the following in- formation about your ISDN connection and your network environment. Write down the relevant values in the table below so that you can quickly find the nec- essary information while you are performing the configuration.
Page 46: Checking The Tcp/Ip Protocol
Checking the TCP/IP Protocol To check if the TCP/IP protocol is already installed on your PC, or to install it now, proceed as follows: Unix Make sure the TCP/IP protocol is installed before you start the configura- tion. BinTec Access Networks GmbH...
Page 47 Help and Support Center or the Network Setup Wizard of Windows XP. Installing the TCP/IP Protocol Windows 95/98 Click Add in the Network dialog box. Select Protocol in the list of network components and click Add. X8500 Software Configuration Guide...
Page 48 Follow the on-screen instructions and restart your PC when you have fin- ished. Windows ME Click the Windows Start button and then Settings Control Panel. View all the control panel options. Double click Network. The Network window opens. BinTec Access Networks GmbH...
Page 49: Installing Brickware Under Windows
PCs in your LAN. Proceed as follows to install BRICKware: Close all Windows programs on your PC. Place your BinTec Companion CD in the CD-ROM drive of your PC. The start window appears automatically after a short time. X8500...
Page 50 Click Next. Select your equipment. Click Next. Select the software components you wish to install. Click Next. A list of the components selected for the installation appears. BinTec Access Networks GmbH...
Page 51 Follow the instructions on the screen. The files are copied or removed from your PC. A window appears after a short time telling you that the maintenance operations are completed. Click Finish to end the maintenance operation. X8500 Software Configuration Guide...
Page 52 Getting Started BinTec Access Networks GmbH...
Page 53: Initial Configuration With Setup Tool
X8500. Configuring the WAN interfaces (chapter 4.2, page Description of how to configure a WAN interface of X8500, including the distribution of incoming calls to subsystems and users ("Incoming Call An- swering", page 77).
Page 54 (chapter 4.3.3, page 121) – Example configurations (chapter 4.3.4, page 122) Saving the configuration (chapter 4.4, page 126) What to do in your Windows network (chapter 4.5, page 127) Testing your configuration (chapter 4.6, page 134) BinTec Access Networks GmbH...
Page 55: Basic Router Settings
Basic Router Settings Basic Router Settings The configuration of the basic router settings concerns only your X8500 your local network. You will find examples of names, addresses, ex- tensions, etc. If you are setting up a new Local Area Network (LAN) together...
Page 56: Entering License(S)
PIN and a license serial number. You received the last two items with your license. For online licensing at www.bintec.net, you enter the above license data and receive a key. You then enter this key together with your license serial number in the Setup Tool to activate the functions of your license in your router.
Page 57 Beginning May 2003 the license for STAC data compression is no longer part of the delivery status of new routers. However, you can obtain a free license from www.bintec.net. Subsystems The following subsystems are available on X8500 with appropriate licenses:...
Page 58: Entering System Data
Leave all other fields empty. Confirm with Return. The licenses of the ex works state are reactivated. 4.1.2 Entering System Data System name, ... Now you should enter the basic system data for your X8500. Go to S YSTEM BinTec Access Networks GmbH...
Page 59 Defines the system name of X8500, is also used as PPP host name. Appears as input prompt when log- ging in to X8500. If no system name is set, a warning appears on logging in with the user name admin.
Page 60 YSTEM ASSWORD SETTINGS Caution! All BinTec routers are shipped with the same user names and passwords. As long as the password remains unchanged, they are not protected against unauthorized use. How to change the passwords is described in chapter 3.4.5, page Change the passwords to prevent unauthorized access to X8500.
Page 61: Configuring The Lan Interface
Configuring the LAN Interface This chapter describes how to configure the LAN interface (10/100 Base-T Ethernet) of X8500. The LAN interface is the physical interface to the local net- work. Since the menus for all Ethernet interfaces are identical, in the following they are referred to as ETH[ ] .
Page 62 IP address 192.168.42.3, for example, and 192.168.46.3 for the second subnet. The netmasks for both subnets must also be indicated. IP address, Go to an Ethernet interface of your system card, e.g. ETH[1] . netmask, Encapsulation BinTec Access Networks GmbH...
Page 63 Basic Router Settings The following menu opens: X8500 Setup Tool BinTec Access Networks GmbH [SLOT 0 UNIT 1 ETHERNET]: Configure Ethernet Interface MyX8500 IP-Configuration Manual Local IP Number 192.168.1.254 Local Netmask 255.255.255.0 Second Local IP Number Second Local Netmask Encapsulation...
Page 64 10 MBit Full Duplex 100 MBit Half Duplex 100 MBit Full Duplex You should normally leave the default value at Auto . Table 4-5: ETH[ To do Proceed as follows to configure X8500’s LAN interface: Select Manual for IP-Configuration. BinTec Access Networks GmbH...
Page 65: Configuring X8500 As Dhcp Server
PCs in the LAN. A PC sends out an address request and in turn receives its IP address assigned by X8500. You do not need to assign fixed IP addresses to PCs, which reduces the amount of configuration work in your network.
Page 66 Initial Configuration with Setup Tool The following menu opens: X8500 Setup Tool BinTec Access Networks GmbH [IP][DHCP][ADD]: Add Range of IP Addresses MyX8500 Interface en0-1 IP Address 192.168.1.1 Number of Consecutive Addresses Lease Time (Minutes) MAC Address Gateway NetBT Node Type...
Page 67 Meaning Gateway Defines which IP address is assigned to the DHCP client as gateway. If no IP address is entered here, the IP address of X8500 is also given. NetBT Node Type Defines how and in what order the assignment of NetBIOS names to IP addresses is attempted for the hosts of an address pool.
Page 68: Setting Filters
ISTS NTERFACES EDIT: First rule = none . Go to IP ADD. CCESS ISTS ILTER The following menu window opens: X8500 Setup Tool BinTec Access Networks GmbH [IP][ACCESS][FILTER][ADD]: Configure IP Access Filter MyX8500 Description wrong_dns Index Protocol Source Address Source Mask...
Page 69 You have returned to menu IP . The entries CCESS ISTS ILTER are temporarily saved and both filters are now listed. Filter rules To define rules for these filters, proceed as follows: Go to IP ADD. CCESS ISTS ULES X8500 Software Configuration Guide...
Page 70 Initial Configuration with Setup Tool The following menu window opens: X8500 Setup Tool BinTec Access Networks GmbH [IP][ACCESS][RULE][ADD]: Configure IP Access Rules MyX8500 Action deny M Filter wrong_dns (1) SAVE CANCEL Use <Space> to select First rule Make the following entries to define a rule:...
Page 71 Basic Router Settings The entries have been saved and listed: X8500 Setup Tool BinTec Access Networks GmbH [IP][ACCESS][RULE]: Configure IP Access Rules MyX8500 Abbreviations: RI (Rule Index) (Action if filter matches) FI (Filter Index) !M (Action if filter does not match)
Page 72 You have returned to the main menu. The configuration of the basic router settings is complete. The entries are temporarily saved and activated. Leave the Setup Tool with Save as boot configuration and exit to save the configuration to the flash memory. BinTec Access Networks GmbH...
Page 73: Configuring Wan Interfaces
Configuring WAN Interfaces Configuring WAN Interfaces This chapter describes the configuration of the following WAN interfaces of X8500: ISDN BRI interface (see chapter 4.2.1, page You can also configure the second LAN interface of the system card or any other LAN interface of...
Page 74 In this example, the menu of the BRI interface of the system card is shown (SLOT 0 UNIT 4 ISDN BRI) The following menu opens: X8500 Setup Tool BinTec Access Networks GmbH [SLOT 0 UNIT 4 ISDN BRI]: Configure ISDN Basic Rate Interface MyX8500...
Page 75 Note: Tested only for Euro ISDN. D-Channel D-channel configuration. The selection can only be changed if ISDN Switch Type = leased line D+B1+B2 (TS02) . Possible values: leased dte (default value) leased dce X8500 Software Configuration Guide...
Page 76 Euro ISDN, point-to-multipoint If the ISDN protocol is not detected, it can be entered manually under ISDN Switch Type. The automatic D-channel detection is then switched off. An incorrectly set ISDN protocol prevents ISDN connections being established! BinTec Access Networks GmbH...
Page 77 X8500 supports the following services: PPP (Routing): service is X8500’s general routing service. This connects incoming data calls from WAN partners’ dialup connections to your LAN. This enables partners outside your own local network to access hosts within your LAN. This subsystem also enables outgoing data calls to be made to WAN partners outside your local network.
Page 78 Called Party Number (CPN) and the type of call (data or voice call). The CPN is the extension the partner has dialed to reach X8500. Then the call is forwarded to the corresponding service (see figure 4-4, page 78).
Page 79 CAPI subsystem. All calls to the CAPI are offered to all CAPI applications in the LAN. To distribute incoming calls for the CAPI subsystem to defined users with pass- words, you should use BinTec’s User Concept (see chapter 5.1.2, page 138).
Page 80 Initial Configuration with Setup Tool The following menu opens: X8500 Setup Tool BinTec Access Networks GmbH [SLOT 0 UNIT 4 ISDN BRI][INCOMING]: Incoming Call Answering MyX8500 Item Number Mode Username CAPI 1.1 EAZ 1 Mapping right to left CAPI 1.1 EAZ 1 Mapping...
Page 81 Number Phone number under which the service (Item) entered above can be reached. Mode Mode in which X8500 compares the digits of Number with the called party number of the incoming call: right to left (default value) left to right (DDI): Always select if X8500 connected to a point-to-point connection.
Page 82 1200 bps, 2400 bps,..., 38400 bps. PPP V.120 Enables incoming PPP connections with V.120. Pots Not available with X8500. PPP Modem Profile 1...8 (Only available if PRI expansion card or CM-PRI and resource module with digital modems is installed) Assigns incoming analog calls to the PPP rout- ing service.
Page 83 X8500! For example, if X8500 is connected to a PABX, only the PABX extension number arrives at X8500. If you are not sure which number arrives at X8500, proceed as follows: Call X8500 with a conventional telephone using one of its extension num- bers.
Page 84 You can also use ISDN BRI and ISDN PRI interfaces of X8500 for leased lines. To configure the ISDN interface for use with a leased line you will need to set the ISDN Switch Type manually: Go to the appropriate interface, e.g. BRI[4] . BinTec Access Networks GmbH...
Page 85 (DTE or DCE). You must then ensure that the far end has set the opposite value. Example of settings for leased line: X8500 Setup Tool BinTec Access Networks GmbH [SLOT 0 UNIT 4 ISDN BRI]: Configure ISDN Basic Rate Interface MyX8500...
Page 86: Broadband Internet Access (Xdsl) With X8500
Figure 4-5: Example scenario The LAN connection is handled over one Ethernet interface of X8500. The xDSL modem is connected to a second Ethernet interfaces of X8500. If you receive a special cable from Deutsche Telekom AG or another provider for connecting the xDSL modem, please use only this cable.
Page 87 Configuring WAN Interfaces Configuring the IP Proceed as follows to define the IP address of X8500: address Go to, e.g., ETH[2] . Enter your IP address in the Local IP Number field, e.g. 192.168.1.254 Enter your netmask in the Local Netmask field, e.g.
Page 88 T-Online number = telephone number (exam- ple: 091169386 co-user number = 4-digit co-user number (example: 0001 The T-Online number and the co-user number must be separated by # if the T-Online number has less than 12 digits. BinTec Access Networks GmbH...
Page 89 Meaning Layer 1 Protocol Here you can define the Layer 1 Protocol of the ISDN B-channel that X8500 is to use for con- nections to the WAN partner. PPP over Ethernet (PPPoE) must be selected here for access to T-DSL.
Page 90 Connections to the Internet appear only under a single dynamically as- signed IP address Go to IP ETWORK DDRESS RANSLATION Select the WAN interface on which you want to activate NAT, e.g. t-online and confirm with Return. Another menu window opens. BinTec Access Networks GmbH...
Page 91 Select Authentication: CHAP . Do not enter a Partner PPP ID. This field remains empty. Enter Local PPP ID (= your user name), e.g. 3909987000 Type in PPP Password. Deactivate Keepalives: off . Deactivate Link Quality Monitoring: off . X8500 Software Configuration Guide...
Page 92 ARTNER Creating routing entry Go to IP OUTING Add a new entry with ADD. Select Route Type: Default route . Select Network: WAN without transit network . Select Partner / Interface: Telekom_Austria . Enter Metric, e.g. BinTec Access Networks GmbH...
Page 93 Select Network Address Translation: on . Leave Silent Deny: no . Confirm with SAVE. Leave IP with EXIT. ETWORK DDRESS RANSLATION Leave IP with EXIT. You have returned to the main menu. The configuration of the high-speed access is complete. X8500 Software Configuration Guide...
Page 94: X8500 And The Wan
WAN partner), as well as for incoming connections (a WAN partner dials the number of your X8500) and leased lines and G.703. Consequently, if you want to access the Internet, you must set up your Internet Service Provider ( ISP) as a WAN partner.
Page 95 X8500 and the WAN sary access information that you received from your ISP or system administra- tor (see chapter 3.5.1, page 45). The terms used may vary slightly from provider to provider. Configuring WAN To enter a WAN partner, proceed as follows:...
Page 96 To make an entry in the list, proceed as follows: Use ADD to add a new entry or select an existing entry. Confirm with Return to change the entry. Another menu window opens: X8500 Setup Tool BinTec Access Networks GmbH [WAN][ADD]: Configure WAN Partner MyX8500...
Page 97 X8500 and the WAN Field Meaning Encapsulation Encapsulation. Defines how the data packets are packed for transfer to the WAN partner. Possible values: Multi-Protocol LAPB Framing Multi-Protocol HDLC Framing Async PPP over X.75 Async PPP over X.75/T.70/BTX Async PPP over V.120 (HSCSD) X.25_PPP...
Page 98 VPN license is activated) none: no encryption These values are only available if PPP , Async PPP over X.75 , Async PPP over X.75/T.70/BTX , X.25_PPP or Async PPP over V.120 (HSCSD) has been selected under Encapsulation. BinTec Access Networks GmbH...
Page 99 X8500 and the WAN Field Meaning Compression Defines the type of compression that should be used for data traffic to the WAN partner. Possi- ble values: STAC MS-STAC none These values are only available if PPP , Async PPP over X.75 , Async PPP over X.75/T.70/BTX , X.25_PPP or Async PPP over...
Page 100 Initial Configuration with Setup Tool Entering Extension Numbers This is where the currently entered extensions of the WAN partners are listed: X8500 Setup Tool BinTec Access Networks GmbH [WAN][ADD][WAN Numbers]: WAN Numbers (BigBoss) MyX8500 WAN Numbers for this partner: WAN Number...
Page 101 (CLID) For incoming and outgoing calls. incoming (CLID) For incoming calls, where your WAN partner dials in to your X8500. Table 4-21: Direction When X8500 is connected to a PABX system for which a "0" prefix is neces- sary for external line access, this "0"...
Page 102 If the calling party number of an incoming call matches both a WAN partner’s Number with wildcards and a WAN partner’s Number without wildcards, the entry without wildcards is always used. To do Make the following entries: Enter the Number, e.g. 0911987654321 Select the Direction, e.g. outgoing BinTec Access Networks GmbH...
Page 103 X8500 and the WAN Confirm with SAVE. The entries are saved and listed. Leave WAN P WAN N with EXIT. ARTNER UMBERS Defining PPP Settings for Authentication Now enter the settings of your WAN partner. These are used to au- thenticate your connection partner.
Page 104 Initial Configuration with Setup Tool The following menu opens: X8500 Setup Tool BinTec Access Networks GmbH [WAN][ADD][PPP]: PPP Settings (BigBoss) MyX8500 Authentication CHAP + PAP Partner PPP ID BigBoss Local PPP ID LittleIndian PPP Password Secret Keepalives Link Quality Monitoring CANCEL Use <Space>...
Page 105 X8500 and the WAN The Authentication field contains the following selection options: Possible Values Meaning Only run (PPP Password Authenti- cation Protocol); the password is transferred uncoded. CHAP Only run CHAP (PPP Challenge Hand- shake Authentication Protocol as per RFC 1994);...
Page 106 120 seconds, and 300 seconds if the preceding charging unit was 600 seconds. The connection is cleared on expiry of the Idle Timer for Dynamic Short Hold and shortly before the next charging unit starts. BinTec Access Networks GmbH...
Page 107 X8500 and the WAN Diagram of short hold: Connected Static Short Hold Data Disconnected Short Hold = 60 s Connected Dynamic Discon- Idle Timer Data Short Hold nected = 50% Connected Static Short Hold Short Hold Data Disconnected = 60 s...
Page 108 Proceed as follows: Go to WAN P ARTNER DVANCED ETTINGS The following menu window opens: X8500 Setup Tool BinTec Access Networks GmbH [WAN][ADD][ADVANCED]: Advanced Settings (BigBoss) MyX8500 Callback Static Short Hold (sec) Idle for Dynamic Short Hold (%) Delay after Connection Failure (sec) 300...
Page 109 X8500 and the WAN The following parts of the menu are relevant for this configuration step: Field Meaning Static Short Hold (sec) Idle time in seconds for static short hold. Example values for trunk connections: 60 , only effective if charging pulses are trans- mitted during the connection (AOCD), 20 otherwise.
Page 110 Proceed as follows: Go to WAN P IP . ARTNER The following menu opens: X8500 Setup Tool BinTec Access Networks GmbH [WAN][ADD][IP]: IP Configuration (BigBoss) MyX8500 IP Transit Network local IP Address Partner’s LAN IP Address 10.1.1.0...
Page 111 X8500 and the WAN Field Meaning local IP Address Only for the value no for IP Transit Network. IP address of X8500. You do not normally need to make an entry here, unless you wish to configure a transit net- work for one of your WAN partners (see chapter 5.2.7, page...
Page 112 WAN partner and LAN inter- face. For possible values, see table 5-28, page 182. Van Jacobson Header Reduces the size of TCP/IP packets. Compression Possible values: on : VJHC enabled. off : VJHC disabled. BinTec Access Networks GmbH...
Page 113 X8500 and the WAN Field Meaning Dynamic Name Server In the event of dynamic name server negotia- Negotiation tion, defines whether X8500 receives IP addresses for Primary Domain Name Server, Secondary Domain Name Server, Primary WINS and Secondary WINS from the WAN partner or sends them to the WAN partner.
Page 114 Confirm with SAVE. Confirm with SAVE again. You have returned to WAN P and your entries are temporarily ARTNER saved and activated. See chapter chapter 4.3.4, page 122 for example settings in the submenu WAN ARTNER DVANCED ETTINGS BinTec Access Networks GmbH...
Page 115: Creating A Routing Entry
IP address is assigned statically: Select IP Transit Network: yes. Local ISDN IP Address: X8500’s static IP address you get from your ISP (often termed your gateway or router address). Partner’s ISDN IP Address: Partner’s IP address (if known) or else X8500’s static IP address you get from your ISP.
Page 116 Initial Configuration with Setup Tool All IP routes entered are listed in the menu IP OUTING X8500 Setup Tool BinTec Access Networks GmbH [IP][ROUTING]: IP Routing MyX8500 The flags are: U (Up), D (Dormant), B (Blocked), G (Gateway Route), I (Interface Route)
Page 117 X8500 and the WAN The following menu window opens: X8500 Setup Tool BinTec Access Networks GmbH [IP][ROUTING][ADD]: IP Routing MyX8500 Route Type Network route Network WAN without transit network Destination IP Address 10.1.1.0 Netmask 255.255.255.0 Partner / Interface BigBoss Metric...
Page 118 The Network field contains the following selection options: Possible Values Meaning Route to a destination host or LAN that can be reached via X8500’s LAN interface. WAN without transit Route to a destination host or destination LAN network that can be reached via a WAN partner without considering a transit network.
Page 119 X8500 and the WAN You can only configure one default route on your X8500. If you set up access to the Internet, you must therefore configure the route to your Internet Service Pro- vider (ISP) as a default route. If you configure a corporate network connection, only enter the route to the head office as a default route if you do not configure Internet access over X8500.
Page 120 (without a default route): Select Route Type: Network route . Select Network: WAN without transit network . 10.1.2.0 Enter Destination IP Address, e.g. Enter Netmask, e.g. 255.255.255.0 Enter Partner / Interface, e.g. BigBoss Enter Metric, e.g. BinTec Access Networks GmbH...
Page 121: Activating Network Address Translation (Nat)
X8500 and the WAN Confirm with SAVE. You have returned to IP . The entries have temporarily been OUTING saved and activated. The newly entered or modified route is listed. Repeat these steps if you have to enter several routes.
Page 122: Examples
Initial Configuration with Setup Tool Another menu window opens: X8500 Setup Tool BinTec Access Networks GmbH [IP][NAT][CONFIG]: NAT Configuration (GoInternet) MyX8500 Network Address Translation Silent Deny Enter configuration for sessions: requested from OUTSIDE requested from INSIDE SAVE CANCEL Use <Space> to select...
Page 123 X8500 and the WAN How to enter the passwords is described in chapter 3.4.5, page Internet Access Over T-Online T-Online The following settings are necessary: In WAN P ADD: ARTNER Partner Name: T_ONLINE Encapsulation: PPP Compression: none Encryption: none In WAN P...
Page 124 Encapsulation: Async PPP over X.75 Compression: none Encryption: none In WAN P WAN N ADD: ARTNER UMBERS Number (= dial-in number): e.g. 010880191919 Direction: outgoing In WAN P PPP : ARTNER Authentication: none Keepalives: off Link Quality Monitoring: off BinTec Access Networks GmbH...
Page 125 X8500 and the WAN In WAN P ARTNER DVANCED ETTINGS Callback: no Static Short Hold (sec): e.g. Idle for Dynamic Short Hold (%): e.g. Delay after Connection Failure (sec): e.g. Channel Bundling: no Layer 1 Protocol: ISDN 64 kbps Special Interface Types: none...
Page 126: Saving The Configuration File
Initial Configuration with Setup Tool Saving the Configuration File After creating a working configuration on your X8500, make sure you save it: From the Setup Tool main menu, select Exit and confirm with Return. Another menu window opens: X8500 Setup Tool...
Page 127: Configuring Pcs In Your Lan
Configuring PCs in Your LAN Configuring PCs in Your LAN Additional configuration is necessary on the individual PCs in your LAN to con- nect them to X8500. Remote CAPI configuration Configuration of the CAPI interface on the PCs enables you to use commu- nication applications such as FAX software.
Page 128 Enter X8500’s IP address, e.g. 192.168.1.254 , in the Gateway tab. Click Add. If you do not have your own DNS server, enter X8500’s IP address in the DNS Configuration tab under DNS Server Search Order, e.g. 192.168.1.254 Windows NT Select the Protocols tab.
Page 129 If you do not have your own DNS server, enter the IP address of your router as DNS server address under Preferred DNS Server. Finally Confirm all entries and restart your PC (not necessary for Windows 2000 and Windows XP). Repeat the installation for all the PCs in your network. X8500 Software Configuration Guide...
Page 130: Remote Capi Interface Configuration
Enter X8500’s IP address, e.g. 192.168.1.254 in the Remote CAPI tab. Enter the user name and password as configured on X8500. The rights for these users you set here must correspond with your settings on X8500. Click Use these values.
Page 131: Finding Pcs On Your Partner's Network
You have entered a valid user name. The right port number is entered, 2662 for Remote CAPI. The port number must match the port number configured on X8500. Your PC has been configured as a DHCP client and perhaps does not yet have an IP address.
Page 132 To avoid unintentional charges, it is essential that you monitor your X8500. You can only use the following process if you have not configured extensive NetBIOS filtering.
Page 133 Network drive Alternatively, you could establish a network drive connection: mapping Open Windows Explorer, click Tools, then Map network drive. \\BossPC Specify the drive and enter the path, e.g. Click Reconnect at logon. Click OK. X8500 Software Configuration Guide...
Page 134: Testing Your Configuration
If not, you can configure filters with the Setup Tool (chapter 7.2.8, page 321). Watch the LEDs on your X8500, use the monitor function of the Setup Tool (cf. chapter 7.1, page 290) or check your settings with an SNMP Management Tool.
Page 135: Advanced Configuration With The Setup Tool
Advanced Configuration with the Setup Tool This chapter contains more X8500 configuration options for the advanced user. The following configuration steps are described: General Settings (chapter 5.1, page 136) Settings Specific to WAN Partners (chapter 5.2, page 146) Basic Settings (chapter 5.3, page...
Page 136: General Wan Settings
If a new dial-in takes place within an interval of one hour, an attempt is made to assign the same IP address assigned to this partner the last time. Configuration is made in: WAN (PPP) ADDRESS POOL WAN P EDIT ARTNER WAN P EDIT ARTNER DVANCED ETTINGS BinTec Access Networks GmbH...
Page 137 IP : ARTNER Field Meaning IP Transit Network Defines whether a transit network is to be used between X8500 and the WAN partner. You must select dynamic server here if you assign an address pool. Table 5-2: WAN P EDIT...
Page 138: Capi User Concept
The CAPI user concept is used to check access to the CAPI service. This password ensures that only users entered with a user name and password can use X8500‘s CAPI services. Example This means, for example, that an incoming fax for the user Winnetou is only...
Page 139 Number Phone number under which the service (Item) entered above can be reached. Mode Mode in which X8500 compares the digits of Number with the called party number of the incoming call: right to left: default mode. left to right (DDI): always select this mode if...
Page 140 Select an existing entry and confirm it with Return or add a new entry with ADD. Enter Name. Enter your Password. How to enter the passwords in the Setup Tool is described in chapter 3.4.5, page Select CAPI. Confirm with SAVE. Repeat these steps for every user in the LAN. BinTec Access Networks GmbH...
Page 141 Select Item, z. B. CAPI 2.0 If you use a communication application on your PC that is based on Remote CAPI 1.1 (current version: Remote CAPI 2.0), X8500 must translate the MSNs (= Number, multidigit) of the incoming call to EAZs (single digit) (CAPI 1.1 can only detect single-digit numbers).
Page 142: General Ppp Settings
WAN partner. If the data (password, partner PPP ID) obtained by executing the authentication protocol are the same as the data of an entered WAN partner, X8500 accepts the incoming call. BinTec Access Networks GmbH...
Page 143 CLID + inband : Both requests are sent to the RADIUS server (first outband request, then inband request if necessary). none : No requests are sent. For further information on RADIUS, see Soft- ware Reference. X8500 Software Configuration Guide...
Page 144: Tei (Terminal Endpoint Identifier)
X.31 TEI (Terminal Endpoint Identifier) The menu BRI[ contains settings for X.31 TEI (X.25 DVANCED ETTINGS in the D-channel). You only need to make changes here if you want to use the X.31 TEI value for CAPI applications. BinTec Access Networks GmbH...
Page 145 CAPI application is ignored and the default value set here is always used. Set to Packet Switch if you want to use X.31 TEI for the X.25 router. Table 5-7: BRI[ DVANCED ETTINGS X8500 Software Configuration Guide...
Page 146: Settings Specific To Wan Partners
The configuration steps necessary in each case are explained in detail below. 5.2.1 Delay After Connection Failure This function enables you to set the period of time X8500 is to wait after an un- successful attempt to set up a call. BinTec Access Networks GmbH...
Page 147: Channel Bundling
ARTNER DVANCED ETTINGS Field Meaning Delay after Connection Block timer. Indicates the waiting time in sec- Failure (sec) onds before X8500 tries again after an attempt to establish a connection has failed. WAN P Table 5-8: EDIT ARTNER DVANCED ETTINGS...
Page 148 Select the desired value for Channel Bundling. Enter Total Number of Channels. Confirm with OK. Confirm with SAVE. The entries are temporarily saved and activated. Refer to Bandwidth on Demand (BOD) function, see chapter 5.2.3, page 149. BinTec Access Networks GmbH...
Page 149: Channel Bundling - Bandwidth On Demand (Bod)
A B-channel is dropped if the calculated value stays below 80 % of the maximum permissible utilization of the remaining channels for 10 seconds. Second the application-controlled addition of B-channels for X8500 via filters and rules can be configured in a similar way to access lists for IP packets. You will find a description of the configuration in chapter 5.2.5, page...
Page 150 DVANCED ETTINGS The menu WAN P EDIT ARTNER DVANCED ETTINGS XTENDED ) contains the following fields: NTERFACE ETTINGS OPTIONAL Field Meaning Mode Defines which mode is used for BOD. Possible values: see table 5-12, page 156. BinTec Access Networks GmbH...
Page 151 Threshold value for the number of bytes accu- mulated in the D-channel at which the system is to change to the B-Channel Mode (see chapter 5.2.4, page 157). Possible values: 0 to 20000 (default value: 7500 ). X8500 Software Configuration Guide...
Page 152 Callback Request: the remote terminal is requested to add a B-channel; is initiated if applicable. Link Drop Request: one communication partner wants to drop a B-channel; drop- ping is initiated or accepted if applicable. BinTec Access Networks GmbH...
Page 153 BAP behaves as follows in Client Active Mode: The partner who sets up the initial call is in Active Mode (see BAP, Active Mode) and the partner who accepts the initial call is in Passive Mode (see BAP, Passive Mode) . X8500 Software Configuration Guide...
Page 154 B-channel; drop- ping is initiated if applicable. If the ISP distributes incoming calls to more than one router, this setting ensures channel bundling for clients. The system administrator of the ISP should refer to Release Notes 6.2.1. BinTec Access Networks GmbH...
Page 155 Backup connection is activated if the leased line fails. The backup connection is cleared when the leased line is available again. BOD is also available for this mode, if a value > 1 is used for Maximum Number of Dialup Channels. X8500 Software Configuration Guide...
Page 156 Select Direction = outgoing if you have set Mode = Bandwidth On Demand Active . Select Direction = incoming (CLID), if you have set Mode = Bandwidth On Demand Passive . Confirm with SAVE. Go to WAN P EDIT PPP . ARTNER Select Authentication. BinTec Access Networks GmbH...
Page 157: Always On/Dynamic Isdn (Ao/Di)
How Does AO/DI Work? AO/DI is implemented in X8500 via a special PPP interface. As soon as the in- terface is configured and ready for operation, the initial PPP connection is set up via X.31 (X.25 in the D-channel). This involves carrying out authentication of...
Page 158 – Enter X.25 destination address for initial connection setup – Check throughput-controlled bandwidth management (dynamic B- channel bundling) – Check application-controlled bandwidth management You will find all the necessary steps below for configuring X8500 for AO/DI. BinTec Access Networks GmbH...
Page 159 For Datex-P, the Windowsize/Packetsize Neg. field must be de- activated. For X8500, the X.25 software is designed as an X.25 switch. This switch must be appropriately configured for AO/DI. Proceed as follows to make the preset link settings for X.25 configuration for Datex-P: Go to X.25...
Page 160 The following parts of the menu are relevant for this configuration step: Field Meaning Source Link Source interface of data packets. Destination Link Destination interface of data packets. Destination X.25 X.25 destination address. Address Table 5-14: X.25 OUTING Select Source Link: local . BinTec Access Networks GmbH...
Page 161 The following part of the menu is relevant for this configuration step: Field Meaning Layer 1 Protocol Defines which Layer 1 Protocol X8500 is to use. There is only one meaningful setting for AO/DI: AO/DI . X8500 Software Configuration Guide...
Page 162 Weighting within the interval considered for Weighting adding and dropping B-channels. Line Utilization Sample Length of the interval over which the mean of (sec) the measured throughput data is taken and weighted with Line Utilization Weighting. BinTec Access Networks GmbH...
Page 163 Maximum number of channels that may be Dialup Channels opened. The value is defined in the Total Number of Channels field under WAN ARTNER DVANCED ETTINGS Table 5-16: WAN P ARTNER DVANCED ETTINGS EXTENDED NTERFACE ETTINGS OPTIONAL X8500 Software Configuration Guide...
Page 164 To enter the necessary ISDN extensions for adding B-channels, proceed as fol- lows: Go to WAN P WAN N ADD. ARTNER UMBERS Enter the Number, e.g. 0911123456 Select Direction: outgoing . Confirm with SAVE. Leave WAN P WAN N ADD with Exit. ARTNER UMBERS BinTec Access Networks GmbH...
Page 165: Application-Controlled Bandwidth Management (Bod)
Go to IP (BOD) ADD. ANDWIDTH ON EMAND ILTER Enter Description, e.g. mail_smtp_out Select Protocol, e.g. Enter Destination Address, e.g. 172.16.8.15 255.255.255.255 Enter Destination Mask, e.g. Select Destination Port: e.g. specify Enter Specify Port, e.g. (port for SMTP). X8500 Software Configuration Guide...
Page 166 ANDWIDTH ON EMAND ULES FOR The Action field, which indicates how a filtered data packet is to be handled, contains the following selection options: Possible values Meaning invoke M B-channels are added if the rule matches. BinTec Access Networks GmbH...
Page 167 Select the rule you wish to apply to this interface, e.g. mail_smtp_out Confirm with SAVE. Leave IP (BOD) ANDWIDTH ON EMAND ONFIGURE NTERFACES EDIT with Exit. Leave IP (BOD) ANDWIDTH ON EMAND ONFIGURE NTERFACES BOD with Exit. X8500 Software Configuration Guide...
Page 168 A list of all the previously defined filters appears. Leave IP (BOD) with Exit. ANDWIDTH ON EMAND ILTER Proceed as follows to define a rule for BOD: Go to IP (BOD) ADD. ANDWIDTH ON EMAND ULES FOR BinTec Access Networks GmbH...
Page 169 Proceed as follows to define the relevant filter for BOD: Go to IP (BOD) ADD. ANDWIDTH ON EMAND ILTER Enter Description: mail_pop3_in . Select Protocol: tcp . Select Connection State any . Enter Destination Address: 172.16.8.15 . X8500 Software Configuration Guide...
Page 170 ONFIGURE BOD with EXIT. NTERFACES FOR Leave the menu IP (BOD) with EXIT. ANDWIDTH ON EMAND Leave the menu IP with EXIT. You have returned to the main menu. The settings are temporarily saved and activated. BinTec Access Networks GmbH...
Page 171: Layer 1 Protocol (Isdn B-Channel)
You can define the Layer 1 Protocol of the ISDN B-channel that X8500 is to use for connections to the WAN partner. The default setting is the protocol for 64-kbps ISDN data connections, which is the default value of the B-channel.
Page 172 AO/DI For using Always On/Dynamic ISDN (AO/DI, chapter 5.2.4, page 157). PPP over PPTP For connections with xDSL, e.g. in Austria, see "Example 2: Telekom Austria (high-speed Inter- net access)", page Table 5-21: Layer 1 Protocol BinTec Access Networks GmbH...
Page 173: Ip Transit Network
Confirm with SAVE. The protocol you chose is configured. 5.2.7 IP Transit Network When you enter a WAN partner in X8500, there are various options for indicat- ing the IP address of the partner network: You enter the IP address...
Page 174 WAN partner. Possible values: see table 5-23, page 176. local IP Address LAN IP address of X8500. Appears only for the following value of IP Transit Network: no . You normally do not need to make any entry here.
Page 175 Settings Specific to WAN Partners Field Meaning local WAN IP Address Only for the value yes for IP Transit Network. ISDN IP address of X8500 in the transit net- work. Partner’s WAN IP Only for the value yes for IP Transit Network. Address WAN partner’s ISDN IP address in the transit...
Page 176 No transit network. This setting is adequate for most WAN partners. Table 5-23: IP Transit Network To do Proceed as follows: Go to WAN P EDIT IP . ARTNER Select the desired value for IP Transit Network. BinTec Access Networks GmbH...
Page 177: Name Server
How to configure the DNS Proxy function is described in chapter 5.3.2, page 197. When you enter a WAN partner in X8500, you can define whether X8500 sends or answers requests for WINS or DNS IP addresses. Configuration is made in:...
Page 178 IP address of another global Domain Name Name Server Server. Primary WINS IP address of X8500’s first global WINS (Win- dows Internet Name Server) or NBNS (Net- BIOS Name Server). Secondary WINS IP address of another global WINS or NBNS.
Page 179 The response is linked to the mode for issu- ing/receiving an IP address (setting in WAN EDIT IP under IP Transit ARTNER Network): X8500 sends requests for name server ad- dresses to the WAN partner if dynamic client is selected. X8500 answers requests for name server addresses from the WAN partner if dynamic server is selected.
Page 180: Routing Information Protocol (Rip)
This exchange is controlled by a so-called Routing Protocol, e.g. RIP (Routing Information Proto- col). BinTec Access Networks GmbH...
Page 181 LAN of the WAN partner. Receiving routing tables via the RIP is a possible security loophole, as external computers or routers can change X8500’s routing functionality. RIP packets do not set up or hold ISDN connections. Configuration is made in:...
Page 182 Select RIP Send. Select RIP Receive. Confirm with OK. Confirm with SAVE. Confirm with SAVE until you return to the main menu. Go to ETH[ DVANCED ETTINGS Select RIP Send. Select RIP Receive. Confirm with SAVE. BinTec Access Networks GmbH...
Page 183: Compression
5.2.10 Compression Data compression You can increase the data throughput and so reduce the connection costs by using data compression. X8500 supports several options, depending on encapsulation selected, e.g. PPP (see chapter 4.3, page 94): STAC: The industry standard STAC data compression (Check Mode 3 in RFC...
Page 184 Select the desired Compression. Confirm with SAVE. VJHC Proceed as follows to set VJHC: Go to WAN P EDIT ARTNER DVANCED ETTINGS Activate Van Jacobson Header Compression: on . Confirm with OK. Confirm with SAVE. Confirm with SAVE. BinTec Access Networks GmbH...
Page 185: Proxy Arp (Address Resolution Protocol)
ARP request with its own hardware address. This is suffi- cient for establishing the connection: The data packets are sent to X8500, which then forwards them to the desired host. Diagram of Proxy ARP: 192.168.1.4 MAC = ?
Page 186 ARP request only if the sta- tus of the connection to the WAN partner is up (active), i.e. a connection already exists to the WAN partner. Proxy Arp in WAN P Table 5-33: EDIT ARTNER DVANCED ETTINGS ETH[ DVANCED ETTINGS BinTec Access Networks GmbH...
Page 187: Keepalive Monitoring
188, a central server is frequently located in the LAN at headquarters. If this central server is configured such that it regularly sets up WAN connections X8500 in the LAN of the branch office, e.g. for updating data, these connec- tions are superfluous (but unfortunately not free) if none of the hosts in the branch office can be reached, e.g.
Page 188 X8500 in that X8500 deactivates the interface to headquarters WAN partner. This means that no costs are incurred for a connection, which would have been useless anyway. BinTec Access Networks GmbH...
Page 189 PCs to be monitored is switched on. The interface to headquarters WAN partner is not activated, i.e. a connection cannot be set up to headquarters, until X8500 has registered that a PC can be reached. The amount of time that expires before...
Page 190 FirstIfIndex Defines the first interface of an interface range in X8500, for which the action defined under DownAction is to be executed. Possible values: 10001 ... 15000 (default value: 10001 ).
Page 191 Settings Specific to WAN Partners Field Meaning Range Defines the range of interfaces in X8500, for which the action defined under DownAction is to be executed. If you set FirstIfIndex = 10001 and Range = 0 , only the interface with the index 10001 is affected.
Page 192 WAN partners are deactivated. X8500 continues to check the hosts at the time interval of 300 seconds and X8500 activates the interfaces again as soon as at least one host is reachable again. BinTec Access Networks GmbH...
Page 193: Basic Ip Settings
Basic IP Settings Basic IP Settings Here you will find a number of basic settings you can define in X8500: Deriving System Time (chapter 5.3.1, page 193) Name Resolution ( DNS) in X8500 (chapter 5.3.2, page 197) Port Numbers (chapter 5.3.3, page...
Page 194 For Time Protocol = TIME/UDP , TIME/TCP or SNTP: Current time is checked after every Time Update Interval in seconds. For Time Protocol = ISDN: Current time is checked for each first ISDN connection after expiry of the Time Update Interval. BinTec Access Networks GmbH...
Page 195 Field Meaning Time Server IP address of the time server used by X8500. Time Server is not needed if you set ISDN as Time Protocol. Table 5-36: TATIC ETTINGS The Time Protocol field contains the following selection options: Possible values...
Page 196 Tools contain a time server. If you enter the IP address of your PC for Time Server, make sure the time server of DIME Tools is active on your PC every time you start X8500. If your computer has no fixed IP address but is assigned its IP address dynam- ically via DHCP, you cannot use your computer as a time server.
Page 197: Name Resolution In X8500 With Dns Proxy
IME AND Proceed as follows to enter the system time in X8500 manually: If a method for deriving the time automatically is also defined in X8500, the val- ues obtained automatically have higher priority. That is, if X8500 receives a rel- evant time signal (e.g.
Page 198 X8500 to decide which DNS is to be used for the res- olution of certain names. If you have configured two WAN partners in X8500, your head office and your Internet Service Provider, it is advisable to have In- ternet names resolved by the DNS of your ISP, but names from within the cor- porate network by the DNS of the head office.
Page 199 DNS and this DNS answers with a DNS record, the resolved name is saved with the associated IP address as a positive dynamic entry in the DNS cache of X8500. This means that once a name has been resolved and is required again,...
Page 200 Default interface In Default Interface, you can also select a WAN partner to whom a connection is set up as standard for name server negotiation if name resolution was not successful using the methods already stated. BinTec Access Networks GmbH...
Page 201 Client Mode (Dynamic Name Server Negotiation = client (receive) ), name server addresses can if necessary be negotiated with the WAN partner, who is the IP address server, and sent to X8500. These can be entered as global name servers in...
Page 202 Overview of Configuration with the Setup Tool The configuration and monitoring of name resolution in X8500 is set in the menus: TATIC ETTINGS TATIC OSTS BinTec Access Networks GmbH...
Page 203 IP address of another global Domain Name Name Server Server. Primary WINS IP address of X8500’s first global WINS (Win- dows Internet Name Server) or NBNS (Net- BIOS Name Server). Secondary WINS IP address of another global WINS or NBNS.
Page 204 DHCP Assignment Defines which name server addresses are sent to the DHCP client if X8500 is configured as DHCP server. Possible values: none : No name server address is sent. BinTec Access Networks GmbH...
Page 205 Basic IP Settings Field Meaning Continuation of DHCP self (default value): The address of X8500 Assignment is sent as name server address. global : The addresses of the global name servers entered in X8500 are sent. IPCP Assignment Defines which name server addresses are sent...
Page 206 DNS record. Default value: 86400 (= 24 h) Table 5-41: TATIC OSTS ADD contains the following fields: ORWARDED OMAINS Field Meaning Global Nameservers: The global name servers entered in IP are displayed. TATIC ETTINGS BinTec Access Networks GmbH...
Page 207 Host name that is to be resolved with this for- warding entry. May also contain wildcards (only at the start of Name, e.g. *.bintec.de). If an incomplete name is entered without a dot, this is completed with ".Default Domain" after confirming with SAVE.
Page 208 Space bar and confirming with STATIC. The relevant entry then disappears from YNAMIC and is listed in ACHE TATIC . TTL is transferred in this operation. OSTS Table 5-43: YNAMIC ACHE BinTec Access Networks GmbH...
Page 209 Table 5-44: DVANCED ETTINGS ... contains the following fields (the menu is LOBAL TATISTICS updated every second): Field Meaning Received DNS Packets Displays the number of received DNS packets, including the answer packets for forwarded requests. X8500 Software Configuration Guide...
Page 210 IP addresses for Primary Domain Name Server, Secondary Domain Name Server, Primary WINS and Secondary WINS from the WAN partner or sends them to the WAN partner. WAN P Table 5-46: EDIT ARTNER DVANCED ETTINGS BinTec Access Networks GmbH...
Page 211 Name resolution in How to configure name resolution with DNS Proxy in X8500 is described below. X8500 To do If applicable, first enter the global name servers in X8500: Go to IP TATIC ETTINGS mycompany.com Enter Domain Name, e.g. X8500...
Page 212 Confirm with SAVE. How to create static entries: Go to IP TATIC OSTS All the existing static entries are listed here. You can create a new entry with ADD. Enter Name. Select Response. Enter Address, if applicable. BinTec Access Networks GmbH...
Page 213 Activate DNS Proceed as follows if you would like to configure a WAN partner so that the ad- negotiation dress of a name server is sent from X8500 to the WAN partner or from the WAN partner to X8500 as applicable:...
Page 214: Port Numbers
IP packet within the host, a port is also entered in addition to the IP address for a connection to X8500. This addresses the relevant service. Ports are only used in the TCP and UDP protocols.
Page 215: Bootp Relay Agent
LAN in which it is located, it is sometimes advisable to set up a BOOTP Re- lay Agent. The agent forwards all requests and responses between the client and server via a WAN connection to this server. X8500 Software Configuration Guide...
Page 216 If a WAN connection is needed for the connection between the BOOTP server and BOOTP client, you must configure an appropriate WAN partner (chapter 4.3, page 94). Go to IP TATIC ETTINGS Enter the IP address of BOOTP Relay Server. Confirm with SAVE. BinTec Access Networks GmbH...
Page 217 Basic IP Settings Leave the menu IP with EXIT. X8500 is configured as BOOTP Relay Agent. You have returned to the main menu. The settings are temporarily saved and activated. X8500 Software Configuration Guide...
Page 218: Quality Of Service
QoS depends mainly on the signaling. Advantages Quality of Service offers the following advantages: Time-critical data (e.g. VoIP) over WAN interfaces can be handled with pri- ority (high-priority class). A special algorithm reduces the latency of such BinTec Access Networks GmbH...
Page 219 (see "Congestion avoidance", page 229). Configuration Overview The configuration is set in the Q S menu: X8500 Setup Tool BinTec Access Networks GmbH [QoS]: QoS Configuration MyX8500 IP Filter IP Classification and Signaling Interfaces and Policies Exit Press <Ctrl-n>, <Ctrl-p>...
Page 220: Defining Ip Filters
NTERFACES AND EDIT OLICIES 5.4.1 Defining IP Filters Proceed as follows to define IP filters: You will find a detailed description for defining filters in chapter 7.2.8, page 321. Go to Q IP F ADD. ILTER BinTec Access Networks GmbH...
Page 221: Classification And (Tos) Signaling
The classification and (TOS) signaling are defined in the menu Q ADD or Q IP C LASSIFICATION AND IGNALING LASSIFICATION AND EDIT: IGNALING X8500 Setup Tool BinTec Access Networks GmbH [QOS][CLASS][ADD]:Configure IP QoS Classification and Signaling MyX8500 Index Filter test Direction incoming...
Page 222 IP packets must be given special handling (see table 5-53, page 224). Next Rule Appears only if an existing rule is edited. Defines the next rule to be used. IP C Table 5-50: LASSIFICATION AND IGNALING BinTec Access Networks GmbH...
Page 223 (TOS) contains the following selection options: IGNALING Field Meaning Set Type of Service (TOS) Field Defines a new value for the TOS field in the IP header for the IP packets that match the filter conditions. Possible values: 0 to 255 X8500 Software Configuration Guide...
Page 224 Select the desired value for Action. Select the desired Filter. Classification Go only to Q IP C EDIT/ADD LASSIFICATION AND IGNALING LASSIFICATION Select the desired value for Class Type. If applicable, enter a Class ID (only for Class Type normal ). BinTec Access Networks GmbH...
Page 225 If applicable, select Next Rule. Press SAVE. You have returned to the menu Q IP C LASSIFICATION AND IGNALING Repeat these steps until you have defined all the desired rules. Continue with chapter 5.4.3, page 226. X8500 Software Configuration Guide...
Page 226: Activating The Classification
Activating the Classification Define the interface on which the previously defined classification is to be per- formed in the menu Q NTERFACES AND OLICIES X8500 Setup Tool BinTec Access Networks GmbH [QoS][INTERFACES]: Enable IP QoS Classification and Policies MyX8500 Interface...
Page 227: Defining Qos Bandwidth Management Policies
At least three queues are used on the send side: one queue for the high-priority data, 1 to 255 queues for the data with normal priority and a (default) queue for X8500 Software Configuration Guide...
Page 228 "Keepalive", "RIP", etc.). Traffic shaping is es- sential for bandwidth limitation of virtual (WAN) interfaces or connections that are set up via an interface with a higher bandwidth, e.g. PPP over PPTP or also PPPoE, i.e. WAN connections implemented over Ethernet. BinTec Access Networks GmbH...
Page 229 This algorithm acts only if mainly data on a TCP basis (e.g. by FTP) are trans- mitted and the respective TCP implementations operate as standard, i.e. com- patible with this specific type of signaling. Other traffic flows, e.g. on a UDP basis (such as RTP), are not affected by this. X8500 Software Configuration Guide...
Page 230 PPP connection. This is achieved by fragmenting the packets classified as normal and above a certain size (to be configured), so that a high-priority non-fragment- ed packet can be inserted between these fragments immediately if required. BinTec Access Networks GmbH...
Page 231 Quality of Service Configuration If you have defined a WAN interface in chapter 5.4.3, page 226 that is to be classified as previously defined, the following menu opens: X8500 Setup Tool BinTec Access Networks GmbH [QoS][INTERFACES][EDIT]: Configure QoS Policies MyX8500 Interface dialup1...
Page 232 Can only be set if Specify Traffic Shaping is set to yes . Indicates the maximum bandwidth of (Bits per Second) the interface (in transmit direction). Possible values: 0 to 2048000 . Table 5-55: EDIT NTERFACES AND OLICIES CHEDULING AND HAPING BinTec Access Networks GmbH...
Page 233 Transmit Rate (Bits per Second) is greater than zero. Possible values: yes (bounded): Reserved bandwidth is also the upper limit. no (not bounded): Bandwidth not needed elsewhere can also be used by this class. X8500 Software Configuration Guide...
Page 234 Lower Queue Threshold for this queue is reached; i.e. whether these are un- conditionally placed in the queue or possibly discarded. Possible values: none : Packets are always accepted in the queue. BinTec Access Networks GmbH...
Page 235 Defines the maximum queue size. When this threshold is reached, attempts are made to stop the queue growing, depending on the defined dropping algorithm. Possible values: 0 to 256000 . Table 5-56: EDIT NTERFACES AND OLICIES LASS ASED OLICIES X8500 Software Configuration Guide...
Page 236 NTERFACES AND OLICIES EDIT. If applicable, select the classification IP QoS Classification via, as de- scribed in chapter 5.4.3, page 226. Go to Q EDIT NTERFACES AND OLICIES CHEDULING HAPING Select the desired Queuing and Scheduling Algorithm. BinTec Access Networks GmbH...
Page 237 If applicable, select weighted-random (RED) for Congestion Avoidance Algorithm if the data for transmission are routed mainly over TCP connec- tions. Select the desired Dropping Algorithm. Enter the desired value for Lower Queue Threshold (relevant for Dropping Algorithm and weighted-random (RED) ). X8500 Software Configuration Guide...
Page 238 Leave the menu Q with EXIT. NTERFACES AND OLICIES You have returned to the Q S menu. Leave the menu with EXIT. You have returned to the main menu. The entries are temporarily saved and activated. BinTec Access Networks GmbH...
Page 239: Bridging
Bridging Bridging X8500 supports the bridging function. The description of the configuration of X8500 as a bridge can be found in the Software Reference. X8500 Software Configuration Guide...
Page 240: Extra License Features
Frame Relay VPN (Virtual Private Network) TAF (Token Authentication Firewall) IPSec (IPSec system software inclusive) You can find detailed information and configuration instructions (with examples) in the Software Reference and for IPSec in your IPSec Reference Manual. BinTec Access Networks GmbH...
Page 241: Configuration Of Expansion Cards And Modules
X8500 Hardware Installa- tion Guide). For optimal performance of X8500, slots 5 to 8 should be fully equipped with expansion cards before slots 1 to 4 are used! Enter any necessary license(s) in the Setup Tool (see chapter 4.1.1, page before you start the configuration.
Page 242 Configuration of Expansion Cards and Modules Resource Modules Encryption Compression (XT-VPN) (chapter 6.7, page 286) Resource Module for X21./V.35 (chapter 6.8, page 287) BinTec Access Networks GmbH...
Page 243: Wan Interface Expansion Card For Isdn Pri And
(see Hardware Installation Guide). You can obtain licenses from your dealer. You can connect X8500’s ISDN PRI interface to a Primary Rate Interface. This is done by connecting the NT (Network Termination) adapter of your telephone provider to the IN socket of a port activated by license. In Germany, this pro- vides you with 30 B-channels and 1 D-channel, which you can use for both di- alup and leased lines over ISDN.
Page 244 The additional interfaces your expansion card offers are shown in the Setup Setup Tool Tool main menu. In the following example, X8500 is equipped with the expan- sion card X8E-4PRI in slot 5: X8500 Setup Tool BinTec Access Networks GmbH MyX8500 Licenses System Slot Card (State)
Page 245 WAN Interface Expansion Card for ISDN PRI and G.703 In this example, the menu of the first PRI interface in slot 5 (SLOT 5 UNIT 0 ISDN S2M) is shown: X8500 Setup Tool BinTec Access Networks GmbH [SLOT 5 UNIT 0 ISDN S2M]: Configure ISDN S2M Interface...
Page 246 Broken cable or wrong value for ISDN Line Framing. Status: Layer 2 Shows the state of the D-channel Layer 2 pro- tocol LAPD. Possible values: connecting : Layer 2 is not connected. established : Layer 2 is connected. BinTec Access Networks GmbH...
Page 247 1 Hyperchannel (G.703 + G.704) and leased line, G.703 (unstructured, no G.704) may be chosen. Possible values: autodetect on bootup: automatic D-channel detection (default setting). Euro ISDN S2M user profile (TE) Euro ISDN S2M network profile (NT) 1TR6 S2M user profile (TE) X8500 Software Configuration Guide...
Page 248 (no CRC) The default setting is adequate in most cases for a PRI interface. Occasionally (e.g. in Swe- den and France), the setting special (no CRC) is necessary if X8500 is connected to a PABX. BinTec Access Networks GmbH...
Page 249 (any channel) : (default setting) The (PABX) network chooses the channel to use. no channel identification : No IE (information element) channel identification is sent by X8500. The (PABX) network chooses the channel to use. submit preferred channel : X8500 chooses one channel to use and signals it to the (PABX) network.
Page 250 The menu offers the same options as BRI[ NCOMING for the distribution of incoming calls over the ISDN BRI inter- NSWERING face of the system card. For a detailed description, see "Incoming Call An- swering", page BinTec Access Networks GmbH...
Page 251 Repeat these steps until you have assigned all desired services to one of the available Numbers. You have now configured Incoming Call Answering for this ISDN PRI inter- face. X8500 distributes the incoming calls to the internal services and uses the assigned Number for outgoing calls. Leave PRI[ with EXIT.
Page 252: Wan Interface Expansion Card For E3
Hardware Installation Guide which is available from www.bintec.net. Configuration An X8E-1/2E3 is configured via the Setup Tool. The additional interfaces show there like this (the example below shows a X8E-2E3 in Slot No 7): X8500 Setup Tool BinTec Access Networks GmbH MyX8500 Licenses System...
Page 253 WAN Interface Expansion Card for E3 The E3 menu allows access to the following parameters: X8500 Setup Tool BinTec Access Networks GmbH [SLOT 7 UNIT 0 E3/DS3]: Configure E3/DS3 Interface MyX8500 Switch Type E3 no framing 34.368 MBit/s Clock Mode...
Page 254 Available values are: <= 67m > 67m. For cable lengths of 67 m and shorter the tras- mit singal level is cushioned in order to comply with the DS3 and STS-1 specifications. BinTec Access Networks GmbH...
Page 255 Rx port to the Tx port and resent. This setting can be used to test line quality. local loopback : Data sent from X8500 through the Tx port are looped to the Rx port. This setting can be used to test ma- chine integrity.
Page 256 After you have correctly configured your E3 interface and saved the configura- tion by leaving the E3 configuration menu with SAVE, a respective entry in the BinTec Access Networks GmbH...
Page 257 WAN Partner menu is automatically created (one per E3 interface). You can modify the settings of this WAN partner to meet your requirements. For informa- tion about WAN partner configuration, see chapter 4.2, page chapter 5.1, page 136 chapter 5.2, page 146. X8500 Software Configuration Guide...
Page 258: Expansion Card X8E-2Bc
ISDN BRI interfaces. You can use these interfaces for both dialup and leased lines over ISDN. Configuration with the The additional interfaces are shown in the Setup Tool main menu as in the fol- Setup Tool lowing example: X8500 Setup Tool BinTec Access Networks GmbH MyX8500 Licenses System Slot Card (State)
Page 259 4.2.1, page Incoming Call If dialup connections are to be set up over the ISDN BRI interface, first tell Answering X8500 how it is to respond to incoming calls over this interface: These settings are not possible for leased lines. X8500...
Page 260 WAN partners on your X8500 WAN P menu. This applies to outgoing connections, incom- ARTNER ing connections and leased lines. Refer to chapter 4.3, page BinTec Access Networks GmbH...
Page 261: Communication Module Cm-Pri For Isdn Pri
The communication module CM-PRI does not support G.703! Configuration with the The additional interfaces are shown in the Setup Tool main menu as in the fol- Setup Tool lowing example: X8500 Setup Tool BinTec Access Networks GmbH MyX8500 Licenses System...
Page 262: Communication Module Cm-100Bt
The configuration of an Ethernet interface for xDSL is described in chapter 4.2.2, page Configuration with the The additional interfaces are shown in the Setup Tool main menu as in the fol- Setup Tool lowing example: X8500 Setup Tool BinTec Access Networks GmbH MyX8500 Licenses System Slot Card (State)
Page 263: Serial Wan Interfaces Communication Module Cm-X21
You have returned to the main menu and the entries are temporarily saved and activated. 6.3.4 Serial WAN Interfaces Communication Module CM-X21 X8500 expansion card X8E-2BC can be equipped with up to two CM-X21 communication modules with the serial WAN interfaces of the type X.21/V.11. X8500 Software Configuration Guide...
Page 264 Configuration of Expansion Cards and Modules Configuration with the The additional interfaces are shown in the Setup Tool main menu as in the fol- Setup Tool lowing example: X8500 Setup Tool BinTec Access Networks GmbH MyX8500 Licenses System Slot Card (State)
Page 265 Expansion Card X8E-2BC In this example, the menu of the first X.21/V.11 interface in slot 8 (SLOT 8 UNIT 0 X.21) is shown: X8500 Setup Tool BinTec Access Networks GmbH [SLOT 8 UNIT 0 X.21]: Configure X21 Interface MyX8500 Layer 1 Mode...
Page 266 To do Proceed as follows to configure the serial interfaces (the example values given are necessary if you connect X8500 to Datex-P): Go to CM-X21: X21[ Select Layer 1 Mode, e.g. Select Layer 2 Mode: e.g. auto BinTec Access Networks GmbH...
Page 267 If you use a leased line, you can implement a backup solution using the Band- configuration width on Demand feature (see chapter 5.2.3, page 149). If you use this facility, a dialup connection is set up to the connection partner if the leased line fails. X8500 Software Configuration Guide...
Page 268: Expansion Card X8E-Dsp
Configuration of Expansion Cards and Modules Expansion Card X8E-DSP The expansion card X8E-DSP is designed to be equipped with up to two re- source modules. For configuration of the resource modules, see chapter 6.6, page 276 chapter 6.7, page 286. BinTec Access Networks GmbH...
Page 269: Expansion Card For
The X.21/V.35 expansion card is designed for a much higher data throughput than the CM-X21 communication module without drawing upon X8500’s re- sources. It also offers feasibility for a number of different serial interface types.
Page 270 Configuration of Expansion Cards and Modules In this example, the menu of the first X.21/V.35 port in slot 7 (SLOT 7 UNIT 0 SERIAL) is shown: X8500 Setup Tool BinTec Access Networks GmbH [SLOT 7 UNIT 0 SERIAL]: Configure Serial Interface - Unit 0...
Page 271 (autodetected) If you choose the value interface type or manual for the field Cable Detection, you must set the field Connector manually. Possible values are shown in table 6-7, page 274. X8500 Software Configuration Guide...
Page 272 You can usually accept this setting, e.g. for ac- cess to a public data network such as Datex-P. dte: The address field has the value for DTE. dce: The address field has the value for DCE. BinTec Access Networks GmbH...
Page 273 Expansion Card for X.21/V.35 Field Meaning Interface Leads Defines whether X8500 checks the status of the interface lines. The same value should be set for both connection partners. Possible values: enabled: The status of the signal line (I for X.21, CTS for V.35) is evaluated as layer-1 sig- naling of the opposite device.
Page 274 If you chose the value connector type or interface & connector type for the field Cable Detection, select Interface Type, e.g. X.21 (term) If you chose the value interface type or interface & connector type for the field Cable Detection, select Connector, e.g. BinTec Access Networks GmbH...
Page 275 If you use a leased line, you can implement a backup solution using the Band- configuration width on Demand feature (see chapter 5.2.3, page 149). If you use this facility, a dialup connection is set up to the connection partner if the leased line fails. X8500 Software Configuration Guide...
Page 276: Resource Modules With Digital Modems
For the use of modem functionality you must have installed a CM-PRI commu- nication module or a PRI ISDN expansion card. BinTec Access Networks GmbH...
Page 277 Figure 6-1: Dial-in to X8500 with digital modems Modem profiles The modems (e.g. 30 modems with an XT-L resource module) need not be in- dividually configured, as X8500 uses a flexible concept of modem profiles. Up...
Page 278 Profile 1 should be able to operate all modems. You can use the remaining seven modem profiles to define user groups, so that the dial-in connection part- ners find optimum modem settings in X8500. Example scenario A typical scenario, e.g. for an Internet Service Provider, could look like this:...
Page 279 Resource Modules with Digital Modems Setup Tool with digital X8500 is equipped with a resource module with digital modems, the menu modems MODEM appears in the Setup Tool main menu: X8500 Setup Tool BinTec Access Networks GmbH MyX8500 Licenses System Slot Card (State)
Page 280 Defines whether dynamic negotiation of modu- lation is permitted with the dial-in user. Possible values: on (default value): Free negotiation is per- mitted regardless of the modulation set. off : Only the modulation set is used. BinTec Access Networks GmbH...
Page 281 Scalable from 75 to 56000 , default value: 33600 . V.42bis Compression Defines whether V.42bis compression can be negotiated for a connection. Possible values: auto : Negotiation is allowed. off : V.42bis compression is not used. X8500 Software Configuration Guide...
Page 282 As all dial-in users that cannot be authenticated by CLID etc. are assigned modem Profile 1 for the connection, modem Profile 1 should be able to operate all modems. Go to MODEM ROFILE ONFIGURATION BinTec Access Networks GmbH...
Page 283 , add a new entry with ADD. ARTNER You will find detailed information about configuring a WAN partner in chapter 4.3, page The following settings are essential here: Enter Partner Name, e.g. homeoffice_2 Select Encapsulation, e.g. X8500 Software Configuration Guide...
Page 284 The WAN partner entry is displayed. Configure other WAN partner entries for the modem user, if applicable. A general example in table 6-10, page 285 shows how you could meaningfully use the modem profiles in X8500: Settings Profile1 Profile 2 Profile 3...
Page 285 Resource Modules with Digital Modems Settings Profile1 Profile 2 Profile 3 Profile 4 Profile 5 Profile 6 Profile 7 MNP5 auto auto auto auto auto auto auto Table 6-10: Example of modem profiles X8500 Software Configuration Guide...
Page 286: Resource Module For Encryption And Compression (Xt-Vpn)
(DSA and RSA) are supported. Configuration with the IPSec is configured in the menu IPSEC . Please, note that you need a valid IP- Setup Tool Sec license to make use of its functions. BinTec Access Networks GmbH...
Page 287: Resource Module For X.21/V.35 (Xt-2Sync)
XT-2SYNC, adding two X.21/V.35 interfaces. Configuration with the In this example, X8500 is equipped with four X.21/V.35 interfaces in slot 7: Setup Tool X8500 Setup Tool BinTec Access Networks GmbH MyX8500 Licenses System Slot Card (State)
Page 288 Configuration of Expansion Cards and Modules BinTec Access Networks GmbH...
Page 289: Configuration Of Security Functions And Firewall
Firewall SAFERNET X8500 from BinTec Access Networks GmbH gives you a high degree of se- curity for your network and connections. The security functions available (SAF- ERNET) offer monitoring of activities via the router and effective access and line tapping security.
Page 290: Activity Monitoring
Configuration of Security Functions and Firewall Activity Monitoring A major requirement for a high degree of security is the possibility of accurately monitoring all activities on and over the router. BinTec Access Networks GmbH provides a variety of facilities for this purpose: Syslog Messages (chapter 7.1.1, page...
Page 291 Syslog Output on Serial Enables the display of syslog messages on the Console PC connected to the serial interface of X8500. Use this setting only if you make a fault analy- sis, as a very large output over the serial con- sole adversely affects the throughput of the other interfaces.
Page 292 Priority of the syslog messages to be sent to Log Host. Corresponds to Message Level for Syslog Table in S YSTEM Facility Syslog facility at Log Host. Only required if the Log Host is a Unix computer. BinTec Access Networks GmbH...
Page 293 : syslog messages except accounting messages. accounting : accounting messages. Timestamp System time of X8500. Possible values: all : system time with date time : system time without date none : no system time indicated Table 7-2: YSTEM XTERNAL YSTEM...
Page 294 WAN partner from TCP, UDP and ICMP sessions: Go to WAN P EDIT ARTNER DVANCED ETTINGS Activate IP Accounting with on . Displaying syslog Proceed as follows to display syslog messages: messages Go to M ONITORING AND EBUGGING ESSAGES BinTec Access Networks GmbH...
Page 295: Monitoring Functions In The Setup Tool
Activity Monitoring This displays the syslog messages saved internally in X8500: X8500 Setup Tool BinTec Access Networks GmbH [MONITOR][MESSAGE]: Syslog Messages MyX8500 Subj Lev Message SNMP DEB sent TRAP (linkUp,0) 115 bytes to circindex 1001 Port 36880 SNMP DEB sent TRAP (linkUp,0) 115 bytes to 199.1.1.13 Port 162...
Page 296 Configuration of Security Functions and Firewall A list of the existing ISDN connections (incoming and outgoing calls) is dis- played: X8500 Setup Tool BinTec Access Networks GmbH [MONITOR][ISDN CALLS]: ISDN Monitor - Calls MyX8500 Dir Remote Name/Number Charge Duration Stack...
Page 297 REDITS PPPoE connections The current status of the Credits Based Accounting System for PPPoE con- nections is displayed. Interface statistics Proceed as follows to display the current values and activities of X8500’s inter- faces: Go to M ONITORING AND EBUGGING...
Page 298 Configuration of Security Functions and Firewall The values for two interfaces are displayed side by side: X8500 Setup Tool BinTec Access Networks GmbH [MONITOR][INTERFACE]: Interface Monitoring MyX8500 Interface Name en0-1 PROVIDER Operational Status dormant total per second total per second...
Page 299: Credits Based Accounting System
Credits Based Accounting System Charges X8500’s Credits Based Accounting System enables you to control the costs billed for charges for data connections. This means you can keep the effects of possible configuration errors within limits. For example, the system enables you to define the maximum number of connections allowed in a certain period of time.
Page 300 Maximum Charge Maximum charges allowed (amount, units) dur- ing the Measure Time (sec); displayed only for ISDN connections. If you activate this setting with on , you can enter the desired value in the line below. BinTec Access Networks GmbH...
Page 301 System for the selected Subsystem. 86400 Enter Measure Time (sec), e.g. (= 24 hours). Activate Maximum Number of Incoming Connections, if applicable, and enter the desired value. Activate Maximum Number of Outgoing Connections, if applicable, and enter the desired value. X8500 Software Configuration Guide...
Page 302: Activity Monitor
Windows users to monitor the activities of for? X8500. Important information about the status of physical interfaces (e.g. ISDN line) and virtual interfaces (e.g. WAN partner) is easily obtained with ONE tool. A permanent overview of the utilization of X8500’s interfaces is possible.
Page 303 Not all interfaces will be displayed if the maximum UDP packet size is exceeded! Activate the Activity Monitor as follows: Appropriately configure the X8500(s) to be monitored. Start and use the Windows application on your PC (see BRICKware for Windows). The configuration is made in S YSTEM...
Page 304 XTERNAL CTIVITY ONITOR The breakdown of X8500’s interfaces into physical and virtual interfaces is described in detail in the Software Reference. Note: A leased line always represents a physical interface, but a group of leased lines is displayed as both a physical and virtual interface!
Page 305: Access Security
Access Security Access Security There are several ways of restricting logging in and access to X8500 to autho- rized users only: Logging In (chapter 7.2.1, page 305) Checking the Calling Party Number (CLID) (chapter 7.2.2, page 306) Authentication of PPP Connections (chapter 7.2.3, page...
Page 306: Checking The Calling Party Number
Configuration of Security Functions and Firewall Caution! All BinTec routers are shipped with the same user names and passwords. As long as the password remains unchanged, they are not protected against unau- thorized use. How to change the passwords is described in chapter 3.4.5,...
Page 307: Authentication Of Ppp Connections With Pap, Chap Or Ms-Chap
5678 ) is displayed at the called party’s terminal, instead of the calling par- ty’s own extension number (e.g. 1234 X8500 can detect this from the screen- ing indicator in the setup message of the ISDN D-channel. The screening indicator has four possible values: user : The calling party number indicated originates from the far end and has not been checked by the network.
Page 308: Callback
Activates the callback function. Table 7-7: WAN P EDIT ARTNER DVANCED ETTINGS Callback offers the following selection options: Possible Values Meaning X8500 does not call back. expected (awaiting X8500 calls the WAN partner to initiate call- callback) back. BinTec Access Networks GmbH...
Page 309 CANCEL to close the dialog box that appears. Exception: This abort option cannot be used if the WAN partner dialing in uses Windows NT and his extension number is entered in X8500. X8500 calls back immediately, if requested to by the WAN partner.
Page 310: Closed User Group
This enables applications on computers in the LAN to use the resources of the router as if these components were installed directly in the computer. User concept By using BinTec’s user concept, you can make sure that only users authenticat- ed by user name and password can access X8500’s Remote CAPI interface (see chapter 5.1.2, page...
Page 311 Access only when explicitly inside outside allowed. 16.0.0.30 ISDN IP 16.0.0.30 ISDN 192.168.1.1 X8500 LAN IP 192.168.1.254 192.168.1.2 192.168.1.3 Network of your Your Local Area Network WAN Partner Figure 7-1: Forward NAT NAT always refers to an interface. You will find more information on NAT in the Software Reference.
Page 312 Configuration of Security Functions and Firewall Configuration Configuration is made in IP ETWORK DDRESS RANSLATION X8500 Setup Tool BinTec Access Networks GmbH [IP][NAT]: NAT Configuration MyX8500 Select IP Interface to be configured for NAT Name Static mappings Static mappings from Outside...
Page 313 RANSLATION Activate NAT for an X8500 interface in IP ETWORK DDRESS EDIT: RANSLATION X8500 Setup Tool BinTec Access Networks GmbH [IP][NAT][CONFIG]: NAT Configuration (en0-1) MyX8500 Network Address Translation Silent Deny Enter configuration for sessions: requested from OUTSIDE requested from INSIDE...
Page 314 ETWORK DDRESS EDIT contains two submenus: RANSLATION EDIT ETWORK DDRESS RANSLATION REQUESTED FROM OUTSIDE EDIT ETWORK DDRESS RANSLATION REQUESTED FROM INSIDE Add an entry with ADD or select an existing entry and confirm with Return. BinTec Access Networks GmbH...
Page 315 Access Security The following menu opens (here the submenu INSIDE REQUESTED FROM ADD): X8500 Setup Tool BinTec Access Networks GmbH [IP][NAT][CONFIG][INSIDE][ADD]:NAT-sessions from INSIDE (en0-1)MyX8500 Service user defined Protocol icmp Remote Address Remote Mask Remote Port External Address External Mask External Address...
Page 316 Service for which the address mapping defined in the menu INSIDE REQUESTED FROM EDIT/ADD is performed. Possible values: telnet smtp domain/udp domain/tcp http nntp user defined (if you do not use any of the predefined services) BinTec Access Networks GmbH...
Page 317 For incoming connections, only packets of this host/this group are accepted. Remote Mask Netmask of Remote Address at the remote site. Entering the netmask ensures that incoming connections from all hosts of the remote net- work are accepted. X8500 Software Configuration Guide...
Page 318 For an external IP network address, enter the appropriate network mask, as well. External Mask External netmask of External Address. If you use external and internal IP network addresses, ensure that the values for External Mask and Internal Mask are identical. BinTec Access Networks GmbH...
Page 319 Access Security Field Meaning External Port Only for Service = user defined . Defines port number of the service of X8500 this interface. Possible values: specify specify range (only in the menu REQUESTED OUTSIDE EDIT/ADD) FROM External Port: Port Only for the value specify for External Port.
Page 320 RANSLATION REQUESTED INSIDE to define additional address mappings for IP connections re- FROM quested from inside. Add an entry with ADD or select an existing entry and confirm with Return. Select the desired value for Service. BinTec Access Networks GmbH...
Page 321: Filters (Access Lists)
A filter describes a certain part of the IP data traffic based on the source and/or destination IP address, netmask, protocol and source and/or destination port. If you define a filter, you should therefore tell X8500: "Watch out for all data packets that match the following: ...". Rule...
Page 322 – – – Deny the rest. Combination of the two possibilities described above Several rule chains can be created, either completely or partly separated from each other. The common use of filters is possible and practicable. BinTec Access Networks GmbH...
Page 323 Access Security Interface You can also define a rule chain individually for each X8500 interface: WAN Partner 1 WAN Partner 2 Rule 1 Rule 4 Next Rule = 2 Next Rule = 2 Rule 2 Rule 5 WAN Partner 3...
Page 324 All TCP packets match the filter. Source Address Source IP address of the data packets that matches the filter. Source Mask Source netmask. The combination of Source Address and Source Mask describes a range of IP addresses that match the filter. BinTec Access Networks GmbH...
Page 325 Permits the entry of a range of port numbers under Specify Port. priv (0..1023) Port numbers: 0 ... 1023. server (5000..32767) Port numbers: 5000 ... 32767. clients 1 (1024.0.4999) Port numbers: 1024 ... 4999. X8500 Software Configuration Guide...
Page 326 File Transfer Protocol ( FTP) (data) File Transfer Protocol (FTP) (commands) Telnet Simple Mail Transfer Protocol (SMTP) TCP, UDP Domain Name Server ( DNS) Trivial File Transfer Protocol TFTP) HTTP POP3 (e-mail inquiry) Network Time Protocol TCP, UDP BinTec Access Networks GmbH...
Page 327 As destination port, the client uses the number under which the FTP server offers the FTP service, e.g. . The FTP server then an- swers with IP packets that use 21 as source port and xyz as destination port. X8500 Software Configuration Guide...
Page 328 Defines the action to be taken for a filtered data packet. Filters Filter used. Next Rule Appears only if an existing rule is edited. Defines the next rule to be used. Table 7-16: CCESS ISTS ULES BinTec Access Networks GmbH...
Page 329 You can change the order of rules in a chain in the submenu IP CCESS REORG: ISTS ULES Field Meaning Index of Rule that gets Defines the first rule in the chain. Index 1 Table 7-18: REORG CCESS ISTS ULES X8500 Software Configuration Guide...
Page 330 Rule 0 = Discard Packet Figure 7-4: Example of chain reorganization The rule with Index = 1 is normally always used as the first rule for a newly cre- ated interface (e.g. to a WAN partner). BinTec Access Networks GmbH...
Page 331 , you can define which interface starts CCESS ISTS NTERFACES with which rule and if and how the sender of a packet is to be informed if the packet is denied by X8500 due to a filter violation: Field Meaning Interface X8500...
Page 332 Enter the desired value for Specify Port, if applicable. Enter the desired value for Type of Service (TOS), if applicable. Enter the desired value for TOS Mask, if applicable. Confirm with SAVE. Repeat these steps until you have defined all desired filters. BinTec Access Networks GmbH...
Page 333 Select an interface and confirm with Return if you wish to use a rule as the first rule for this interface that is not the rule displayed. Select First Rule. Select the desired value for Deny Silent. X8500 Software Configuration Guide...
Page 334: Local Filters
310) or global filters (see chapter 7.2.8, page 321). Strategy As soon as at least one entry for local filters exists in X8500, incoming requests for the corresponding local services of X8500 are only allowed if one of the fol- lowing conditions is fulfilled: The source address is 127.0.0.1 (loopback address).
Page 335 Configuration is made in IP ADD: OCAL ERVICES CCESS ONTROL Field Meaning Service Defines the local X8500 service to which access is to be controlled with this entry. Possi- ble values: snmp(udp) rip(udp) bootps(udp) dns(udp) telnet(tcp) trace(tcp) snmp(tcp)
Page 336 IP address must match exactly. Verify Interface Defines if a check is to be made to determine which X8500 interface is used for an incoming call received for the service selected under Service. Possible values: verify don’t verify BinTec Access Networks GmbH...
Page 337: Back Route Verification
Field Meaning Interface (Only if Verify Interface = verify ) Defines an interface of X8500. If X8500 receives an incoming call over this interface for the service selected under Service, the con- nection is allowed. If the incoming call crosses another interface, the next entry is checked.
Page 338: Taf Agent
The Token Authentication Firewall (TAF) function permits personal authentica- authentication tion of IP connection partners. BinTec’s solution integrates the Token Authenti- cation mechanisms from Security Dynamics and does not allow data packets to cross the router until the associated source address has been authenticated successfully.
Page 339 ISDN dialup connection and part of the IP traffic (e.g. for telnet) to run over an X.25 link (see also the Software Reference). Configuration Configuration is made in the Setup Tool menu IP ADDEXT: OUTING X8500 Setup Tool BinTec Access Networks GmbH [IP][ROUTING][ADD]: IP Routing - Extended Route MyX8500 Route Type Network route...
Page 340 Possible values: 0..255 as bit string. TOS Mask Bitmask for Type of Service. Protocol Defines a protocol. Possible values: tcp, egp, pup, udp, hmp, xns, rdp, rsvp, gre, esp, ah, igrp, ospf, l2tp , dont ver , icmp, ggp. BinTec Access Networks GmbH...
Page 341 The Network field contains the following selection options: Possible Values Meaning Route to a destination host or LAN that can be reached via X8500’s LAN interface. WAN without transit Route to a destination host or LAN that can be network reached via a WAN partner without including any transit network available.
Page 342 2 (32768..65535) Port numbers: 32768 ... 65535. unpriv (1024..65535) Port numbers: 1024 ... 65535. Table 7-24: Source Port and Destination Port Configuration Proceed as follows to configure extended IP routing: Go to IP ADDEXT. OUTING BinTec Access Networks GmbH...
Page 343 Define the Source Port, if applicable. Define the Destination Port, if applicable. Press SAVE. Extended IP routing is configured for the interfaces entered. You will find a detailed description (including configuration using the MIB vari- ables) in the Software Reference. X8500 Software Configuration Guide...
Page 344: Line Tapping Security
The DES and Blowfish encryption algorithms are only supported if a license for VPN is entered in X8500. Configuration is made in: WAN P...
Page 345 VPN license is activated) none: No encryption These values are only available if PPP , Async PPP over X.75 , Async PPP over X.75/T.70/BTX or X.25_PPP has been selected under Encapsulation. Table 7-25: WAN P EDIT ARTNER X8500 Software Configuration Guide...
Page 346 WAN partner is generated automatically or defined statically. Possible values: authentication (default value): Key is gener- ated automatically by X8500. static : The key is defined statically and must be entered under Encryption Key (TX) and Encryption Key (RX). Encryption Key (TX)
Page 347: Vpn (With Extra License)
The PPP connection with the selected VPN partner will be encrypted. 7.3.2 VPN (with extra license) X8500 can set up a VPN (Virtual Private Network) using the PPTP (Point-to- Point Tunneling Protocol). This provides secure transmission of data over WAN connections, e.g.
Page 348 IPSec client that has been installed on the workstation. BinTec offers such a client in conjunction with the BinTec IPSec solution. If you want to implement an IPSec solution with the X8500, you need an IPSec extra license. You can obtain this from your dealer.
Page 349: Special Features
349) 7.4.1 Start-up Procedure X8500 does not start its routing activities until the complete configuration is loaded, especially the defined filters. This means it is not possible to provoke a system start to make use of an intermediate system state in which perhaps rout- ing takes place before the filters are active.
Page 350 7.2.10, page 337). You can counter DoS attacks that speculate on destroying the system by caus- ing the log files to overflow (syslog messages) by suitably positioning and limit- ing the size of these files. BinTec Access Networks GmbH...
Page 351: Checklist
Checklist Checklist The following list indicates the most important critical security points that you should observe when configuring X8500: Have you changed all three passwords for system access (admin, read, write)? See chapter 3.2, page Are the activities of your...
Page 352 180. Do you check what computers have access to the Remote CAPI interface, what applications are used on them and whether the connections used with these applications are desired? Do you use BinTec’s user concept (chapter 5.1.2, page 138)? Are any additional user accounts created trouble-free?
Page 353: Configuration Management And Flash Card
Flash Card In this chapter, you will find instructions on the administration of your configura- tion files, handling the Smart Media Flash Card (SMFC) and on updating the X8500 software. The following areas are covered: Administration of configuration files (chapter 8.1, page 354) –...
Page 354: Administration Of Configuration Files
X8500 is switched off. So if you modify your configuration and want to keep these changes for the next time you start X8500, you have to save the modified con- figuration to the internal flash EEPROM before switching off: Exit...
Page 355 You will find a detailed description of using the SMFC in chapter 8.2, page 362. Go to the C menu. ONFIGURATION ANAGEMENT The following menu opens: X8500 Setup Tool BinTec Access Networks GmbH [CONFIG]: Configuration Management MyX8500 Operation (TFTP --> FLASH) TFTP Server IP Address 192.168.1.1 TFTP File Name x8500.cf...
Page 356 Name of the configuration file to be newly cre- ated in the internal flash EEPROM. Type of last operation Type of previous operation (since the last X8500 start). State of last operation State of the last operation executed. Table 8-1: ONFIGURATION ANAGEMENT BinTec Access Networks GmbH...
Page 357 As the configuration file is transferred to flash (internal flash EEPROM or SMFC) and not to memory, the file must then be loaded ( load FLASH --> MEMORY) , so that the settings can take effect on X8500. X8500 Software Configuration Guide...
Page 358 If an error should occur while running get (TFTP --> FLASH) and the operation is aborted, the file to be overwritten in the flash (internal flash EEPROM or SMFC) is deleted. So if you transfer a "boot" file, X8500’s boot file will be deleted and X8500 cannot load a configuration on restarting.
Page 359 Setup Tool; State of last operation displays running. When the operation has been executed successfully, the operation is dis- played under Type of last operation, State of last operation assumes the value done . X8500 Software Configuration Guide...
Page 360 C:\PROGRAM FILES\BINTEC on your PC. Your PC has the IP ad- 192.168.1.1 dress . If you want to transfer X8500.cf from your PC to X8500, pro- ceed as follows: For a Windows PC: Click the Windows Start button then Program...
Page 361 . The configuration file X8500.cf is saved, for example, in X8500’s flash un- der the name boot. To make the settings of X8500.cf take immediate effect in X8500, proceed as follows: Flash --> memory Reselect Operation: load (FLASH --> MEMORY) .
Page 362: Smart Media Flash Card
Smart Media Flash Card Smart Media Flash Cards (such as obtainable from photo shops) can be used for saving configurations and different versions of X8500’s system software. Cards with 16 MB and 32 MB of memory (all 3.3 V only) are supported. The...
Page 363: Behavior Of X8500 With Flash Card In Boot Operation And Saving The Configuration
This is what to enter to copy a configuration file from the internal SMFC to the external SMFC: fssh> copy /card0/x8500/autoexec/X8500.cf /card1/x8500/autoex- ec/X8500.cf Table 8-4: Example entry to copy a configuration file from the internal SMFC to the ex-...
Page 364 X8500 uses the configuration from the internal flash EEPROM as usual. Syslog messages give you information about the configuration used for the re- start. You can view syslog messages in X8500’s Setup Tool in the M ONITORING menu. EBUGGING ESSAGES...
Page 365: Configuration Management For The Flash Card
(internal flash EEPROM or SMFC) is deleted. So if you transfer a "boot" file to the internal flash EEPROM of X8500, X8500’s boot file will be deleted. X8500 can no longer load a config- uration on booting.
Page 366 Setup Tool and State of last operation displays running . When the operation has been successfully executed, it is shown under Type of last operation. State of last operation shows the value done . BinTec Access Networks GmbH...
Page 367 ONFIGURATION ANAGEMENT Example Your SMFC contains the file "X8500.cf". You want to copy the file with the name "boot" from the SMFC to the internal flash EEPROM of X8500. The file is then available as a new configuration file when X8500 restarts.
Page 368 . The configuration file "boot" has been saved to the internal flash EEPROM of X8500. Your settings remain active and will also be loaded again on a restart even if the SMFC is not inserted. Leave C with EXIT.
Page 369: Command Fssh In The Snmp Shell Of X8500
362. 8.2.5 Command fssh in the SNMP Shell of X8500 The command fssh is available in the SNMP shell for operations with the SM- FC. With the command fssh -n0, you select the working directory of the in- ternal SMFC; with the command fssh -n1 you select the working directory of the external SMFC.
Page 370 Creates a copy of the file <file name> under the new name <new file name>. – file name: File name of the original file. – new file name: File name of the copy of the file. BinTec Access Networks GmbH...
Page 371 Example: The system software file for version 6.1.1 is overwritten by the system software file version 6.1.1 Patch 4, because both files are given the same file name on writing to the SMFC. Use the parameter local file for such cases. chattr chattr <file name> <+boot | -boot> X8500 Software Configuration Guide...
Page 372 A configuration file that is saved to the SMFC by a TFTP server using the com- mand tftpget cannot be read by the system software of X8500! tftpget <host> <remote file> <file name> Loads the file <remote file> from the PC (TFTP server) <host> and saves it under the indicated name <file name>...
Page 373 – remote file: File name of the file on the TFTP server. – file name: File name of the file on the SMFC. fsck fsck Checks the file system of the SMFC, but makes no corrections. X8500 Software Configuration Guide...
Page 374: Updating Software
Configuration Management and Flash Card Updating Software As BinTec Access Networks GmbH is constantly improving the software for all its products and you certainly want to use the latest features of X8500, this chapter tells you how to update your software. www.bintec.net...
Page 375: Boot Sequence
All configuration files are deleted and the BOOTmonitor settings are set to the default values. (5) Default BOOTmonitor parameters: You can change the default settings of X8500’s BOOTmonitor, e.g. the baud rate for serial connections. X8500...
Page 376: Updating Bootmonitor
375. Carry out the software update via TFTP (option 2) in the BOOTmonitor. You must enter the IP address of X8500, the IP address of the TFTP server and the file name of the file for the BOOTmonitor. Your choice<2 Enter local IP address [192.168.1.254]:...
Page 377: Update System Software
If no errors have occurred, confirm with y to update the BOOTmonitor. Do you want to update your bootmonitor (y or n) ? y Bootmonitor update complete After the message saying the update is finished appears, restart X8500. Caution! At this point, it is extremely important that...
Page 378 Configuration Management and Flash Card Click Downloads and choose the ftp or http link. Here you will find the latest software and documentation for BinTec prod- ucts. Click X8500. Here you will find the latest software and documentation for X8500.
Page 379: Updating Module Logic
<file name> is the name of the system software you have saved on your PC (e.g. b6101.x8a The file <file name> is first transferred to the memory of X8500. The new system software is loaded in the internal SMFC. Enter cmd=reboot and confirm with Return.
Page 380 Configuration Management and Flash Card BinTec Access Networks GmbH...
Page 381: Troubleshooting
Troubleshooting Tips If you are having problems with X8500, the following tips should help you to overcome some of the more usual stumbling blocks: Log in to X8500 and enter in the SNMP shell: debug all This makes available all the debugging information in the SNMP shell.
Page 382: Aids To Troubleshooting
These commands are entered directly in X8500’s SNMP shell: debug You can use the debug command for troubleshooting in one or more sub- systems of X8500. A detailed explanation of the syntax and options can be found in chapter 10.1, page 392.
Page 383: External Aids
B-channel to be opened. Enter trace -h2i -s me -d 0:a0:f9:d:5:a 0 0 1 to output data packets sent from X8500’s MAC address over the LAN to the host with the MAC address 0:a0:f9:d:5:a. You cancel the command with Ctrl-C.
Page 384 Troubleshooting bricktrace (Unix) The bricktrace program enables data sent over X8500’s ISDN channels to be inspected at a Unix workstation. "bricktrace" is part of BRICKtools for UNIX on your BinTec Companion CD. A detailed explanation can be found in chapter 10.2, page 399.
Page 385: Typical Errors And Procedure
The password as well as the complete configuration of X8500 are deleted. Select "(1) Boot System". X8500 is restarted. Reconfigure X8500. I can’t reach X8500 in the LAN. Try to set up a serial connection: Connect your PC to X8500 over the serial interface.
Page 386: Isdn Connections
Use debug all or trace to check if a PC in the LAN is using a different netmask from the one entered on X8500. Use debug all or trace to check if a PC in the LAN is configured for Re- mote CAPI with an incorrect IP address (destination port 2662).
Page 387 Typical Errors and Procedure Use S to check if X8500 is config- YSTEM XTERNAL YSTEM OGGING ured so that syslog messages are sent to a host outside the LAN (destina- tion port 514). Use IP to check if an IP address located outside the...
Page 388 ISDN M to see if an incom- ONITORING AND EBUGGING ONITOR ing call has been recorded. Check WAN P WAN N to see if a suitable num- ARTNER UMBERS ber for incoming calls has been entered. BinTec Access Networks GmbH...
Page 389 Check if Authentication in WAN P PPP is the same for ARTNER both connection partners. Check the settings of your PABX. Make sure your provider’s settings are correct (if in doubt, ask your provid- er). X8500 Software Configuration Guide...
Page 390 Troubleshooting BinTec Access Networks GmbH...
Page 391: Important Commands
This chapter describes the following commands: SNMP shell commands: – telnet – ping – traceroute – trace – isdnlogin – debug – ifconfig – ifstat – netstat – date – – nslookup BRICKtools for Unix commands: – bricktrace – capitrace X8500 Software Configuration Guide...
Page 392: Snmp Shell Commands
SNMP shell are given below. Entering ? displays a list of the most important commands available on X8500. Please note: Parameters shown in the command lines inside square brackets [ ] represent optional values.
Page 393 -p <port>: UDP port to use. – -q <nqueries>: queries to send – <addr>: host name or ip address. – <packetsize>: packet size. trace For WAN interfaces: trace [-h23aFADtpixX] [-T <tei>] [-c <cref>] [<channel> <unit> <slot> | next | <ifcname>] X8500 Software Configuration Guide...
Page 394 -s <source MAC filter>: set source MAC address filter (LAN only). – -o: combine two or more -d filters or -s filters with a logical OR opera- tion. – specific <MAC filter>: me = X8500’s MAC address, bc = broadcast packets. BinTec Access Networks GmbH...
Page 395 [show]|[[-q] all|acct|system|<subs> [<subs> ...]] Is used to selectively display debugging information originating from one of X8500’s subsystems. – show: displays all possible subsystems that can be debugged. – -q: no timestamp attached before each debugging message.
Page 396 – destination <destaddrs>: destination IP address of a host. This adds a host route for this host in the routing table (ipRouteDest). – address: X8500’s IP address for the interface (ipRouteNextHop). – netmask <mask>: netmask of the interface (ipRouteMask). –...
Page 397 -d <dest. IP addr.>: displays routes to the IP address entered. date date [YYMMDDHHMMSS] X8500 has a clock. Entering date displays the time set. Entering date YYMMDDHHMMSS sets the clock to the corresponding value (year, month, day, hour, minute, second).
Page 398 DNS proxy. Entering a command with -? usually provides a help text. The update command can be found in chapter 8.2.5, page 369 chapter 8.3, page 374. Further SNMP commands can be found in the Software Reference. BinTec Access Networks GmbH...
Page 399: Bricktools For Unix Commands
10.2 BRICKtools for Unix Commands The bricktrace and capitrace programs are included in BRICKtools for UNIX on the BinTec Companion CD. They are started on a Unix workstation by entering the following commands. bricktrace bricktrace [-h23aeFpitxs] [-T <tei>] [-c <cref>] [-r <cnt>] [-H <host>] [-P <port>] <channel>...
Page 400 Number of the tracer message (#<decimal>). – Length of the CAPI message ([<decimal>]). – Application ID (ID = <decimal>). – Number of the CAPI message (no. (<decimal>)). – Short output only: connection identifier (ident = 0x<hexadecimal>). BinTec Access Networks GmbH...
Page 401: General Safety Precautions In German
In den nachfolgenden Abschnitten finden Sie Sicherheitshinweise, die Sie beim Umgang mit Ihrem Gerät unbedingt beachten müssen. Transport und Transportieren und lagern Sie X8500 nur in der Originalverpackung oder in Lagerung einer anderen geeigneten Verpackung, die Schutz gegen Stoß und Schlag gewährt.
Page 402 Das Netzkabel darf nur an ein vollständig eingestecktes und verschraubtes Netzteil angeschlossen werden. Prüfen Sie, ob die örtliche Netzspannung mit den Nennspannungen des Netzteils übereinstimmt. Das X8500-Netzteil X8A-PS darf nur unter fol- genden Bedingungen betrieben werden: – 100 - 240 VAC –...
Page 403 Anforderungen. ISDN-Endgeräte, die an X8500 angeschlossen werden, müssen für das Euro-ISDN (DSS1) zugelassen sein. Bestimmungsgemäße X8500 baut in Abhängigkeit von der Systemkonfiguration WAN-Verbindun- Verwendung, Betrieb gen auf. Um ungewollte Gebühren zu vermeiden, sollten Sie das Produkt unbedingt überwachen. Die Umgebungstemperatur sollte 40˚C nicht übersteigen. Vermeiden Sie direkte Sonneneinstrahlung.
Page 404 General Safety Precautions in German BinTec Access Networks GmbH...
Page 405: Glossary
DSS1. Standard interface for analog terminals (telephone, fax group 2/3, analog mo- dems). Only for BinTec routers with integrated PABX. Access list A rule that defines a set of packets that should or should not be transmitted by the router.
Page 406 This is done by using filter functions that allow data packets to pass to certain network segments only. Some BinTec routers can be operated in Bridging Mode. Broadcast Broadcasts (data packages) are sent to all stations in a network in order to ex- change information.
Page 407 Channel bundling Channel bundling One of X8500’s features. Channel bundling is a method of increasing the data throughput. The data throughput is doubled by switching in a second channel for data transmission. Channel bundling can be either dynamic (= on demand) or static (= always).
Page 408 DIME Desktop Internetworking Management Environment DIME Tools is a collection of tools for the configuration and monitoring of rout- ers over Windows applications. They are included with all BinTec routers free of charge. DIME Browser Former name for Configuration Manager.
Page 409 A domain refers to a group of devices in a network, whose host names share a common suffix, the domain name. Thus, in the Internet, a part of a nam- ing hierarchy (e.g. bintec.de). Downstream Data transmission rate from the Internet Service Provider to the client.
Page 410 File Transfer Protocol A TCP/IP protocol used to transfer files between different hosts. Gateway Entrance and exit, transition point Component in the local network that offers access to other networks, also offers transitions between different networks, e.g. WAN. BinTec Access Networks GmbH...
Page 411 Internet Packet Exchange/Sequenced Packet Exchange Protocol suite from Novell for the transmission of data in a network. The two parts of this protocol suite are IPX (layer 3 of the OSI model) and SPX (layer 4 of the OSI model). X8500 Software Configuration Guide...
Page 412 ISDN Basic Rate Interface, also interface. ISDN Login One of X8500’s features. X8500 can be configured and administrated remotely using ISDN Login. ISDN Login operates on routers in the ex works state as soon they are connected to an ISDN connection and therefore reachable via an extension number.
Page 413 Management Information Base The MIB is a database that describes all the manageable devices and functions connected to a network. All MIBs (including the BinTec MIB) contain objects specific to the manufacturer. SNMP is based on MIB.
Page 414 IPX, etc. Network Address Translation Used as a security mechanism in X8500. Using NAT conceals your complete network to the outside world. The IP addresses of all devices in your own net- work remain confidential, only one IP address is made known for connections to the outside.
Page 415 An ISDN PABX is used to set up an internal telephone infrastructure allowing internal connections between the PABX extensions without the need to connect to the telephone service provider. Not all BinTec routers include an exchange. PABX number A point-to-point ISDN access includes a PABX number and an...
Page 416 MAC address for a host whose IP address is known. RADSL Rate-Adaptive Digital Subscriber Line The data rate is up to 640 kbps upstream and 1.5 - 9 Mbps downstream over ranges of up to 18.5 km. BinTec Access Networks GmbH...
Page 417 X8500 is supplied as standard with suitable software. BinTec’s CAPI interface is implemented as a dual-mode CAPI. CAPI 1.1 and 2.0 applications can access ISDN resources parallel to one another. This means new CAPI 2.0 applications can be used on the network or on the same PC parallel to old applications based on CAPI 1.1.
Page 418 TFTP server. In such a case, the server is not necessarily a computer server. Setup Tool Menu-driven tool for the configuration of X8500. The Setup Tool can be used as soon as the router has been accessed (serial, ISDN Login, LAN).
Page 419 (e.g. 100-Mbps and 10-Mbps net- works). Synchronous Transmission process in which the transmitter and receiver operate with exactly the same clock signals – in contrast to asynchronous. Spaces are bridged by a stop code. X8500 Software Configuration Guide...
Page 420 Windows utility or the program orgAnice, which can be found on the BinTec Companion CD. TAPI services are only supported by routers with an integrated PABX. All the users of a network can use TAPI services via BinTec’s Remote TAPI. Transmission Control Protocol One of the TCP/IP...
Page 421 (provider), as was the case with V.34 and earlier modems. This makes higher transmission rates possible. A maximum speed of 56 kbps can be achieved only under optimum conditions. VDSL Very high bit rate Digital Subscriber Line (also called VADSL or BDSL). X8500 Software Configuration Guide...
Page 422 The X.21bis recommendation defines the DTE/ interface to V- series synchronous modems. X.25 An internationally agreed standard protocol that defines the interface between network components and a packet-switched data network. X.31 For integration of X.25-compatible DTEs in ISDN. BinTec Access Networks GmbH...
Page 423: Index
Authentication CHAP MS-CHAP Auto logout Back route verification Bandwidth on Demand Basic configuration with Setup Tool Basic IP settings Basic router settings BinTec’s X8500 CD BOOT sequence BOOTmonitor update BOOTP relay agent 73, 258 BRI interface 13, 130 BRICKware Bridging...
Page 424 258, 263 CM-X21 configuration Commands BRICKtools for Unix SNMP shell Communication modules 258, 262 CM-100BT CM-2BRI CM-BRI 258, 261 CM-PRI 258, 263 CM-X21 configuration Compression MS-STAC STAC Van Jacobson Header Compression Compuserve Computers in the partner network BinTec Access Networks GmbH...
Page 425 Default route Delay after connection failure Denial-of-Service attacks DHCP server Digital modems Distribution of incoming calls DNS Proxy DNS server name resolution Documentation from BinTec Domain Name Dynamic IP address server 286, 344 Encryption X8500 Software Configuration Guide...
Page 426 Flash Card Flash memory 57, 240 FRAME RELAY G.703 General PPP settings General WAN settings Incoming calls CAPI ISDN Login routing Installing BRICKware Installing the TCP/IP protocol Instructions for initial configuration Internet access Compuserve Telekom Austria T-Online BinTec Access Networks GmbH...
Page 427 Layer 1 Protocol Leased line 73, 84 BRI interface configuring G.703 License entering features Line tapping security Local filters 30, 305 Logging in Memory Monitoring functions in the Setup Tool MPPE MS-STAC Name resolution 121, 310 X8500 Software Configuration Guide...
Page 428 86, 91, 347 PPTP configuration expansion card 94, 251 WAN partner Proxy ARP Quality of Service activating classification classification and signaling defining IP filters defining policies 77, 310 Remote CAPI configuring installation Resetting to ex works state BinTec Access Networks GmbH...
Page 429 Security functions access security activity monitoring checklist configuration line tapping security special features 214, 321 Service Setup Tool advanced configuration basic configuration menu architecture monitoring functions using it Short hold 353, 354, 362 Smart Media Flash Card X8500 Software Configuration Guide...
Page 430 T-Online Transit Network Troubleshooting aids ISDN connections system errors 57, 240, 347 TUNNELING Typographical elements Update 77, 138 User concept 269, 287 V.35 Van Jacobson Header Compression 57, 344, 347 Virtual Private Network 57, 344, 347 BinTec Access Networks GmbH...
Page 431 Compuserve computers in the partner network configuration examples Internet access T-Online WINS 177, 197 WINS 269, 287 X.21 57, 240 X8E-1/2E3 X8E-2BC X8E-2G703 X8E-2PRI X8E-4G703 X8E-4PRI X8E-DSP X8E-SYNC xDSL XIPR XT-2M XT-2SYNC XT-L XT-M XT-S XT-VPN X8500 Software Configuration Guide...
Page 432 Index BinTec Access Networks GmbH...

This manual is also suitable for:

X8500c