Page 2 GmbH offers no warranty whatsoever for information contained in this manu- al. bintec elmeg GmbH is not liable for any direct, indirect, collateral, consequential or any other damage connected to the delivery, supply or use of this manual.
Page 3: Table Of Contents
Installation......1 bintec RS353j, bintec RS353jw and bintec RS353j-4G ..1 1.1.1...
Page 4 Table of Contents bintec elmeg GmbH 2.1.1 IP Configuration ......2.1.2 Software update ......
Page 5 Table of Contents bintec elmeg GmbH Chapter 5 System Management ..... 53 Status ......
Page 6 Table of Contents bintec elmeg GmbH ISDN Ports ......114 6.2.1 ISDN Configuration ......115 6.2.2...
Page 7 Table of Contents bintec elmeg GmbH 9.1.1 Basic Settings ......182 9.1.2 Radio Profile ......183 9.1.3...
Page 8 Table of Contents bintec elmeg GmbH 10.1.5 Options ......234 10.2 IPv6 General Prefixes .
Page 9 Table of Contents bintec elmeg GmbH 12.1 General ......295 12.1.1 General ......296 12.2...
Page 10 Table of Contents bintec elmeg GmbH 14.1.6 Options ......387 14.2 L2TP ......391 14.2.1...
Page 11 Table of Contents bintec elmeg GmbH Chapter 16 VoIP ......16.1 SIP ....... 437 16.1.1...
Page 12 Table of Contents bintec elmeg GmbH 17.5.3 Stateful Clients ......473 17.5.4 Stateful Clients Configuration....474 17.6...
Page 13 Table of Contents bintec elmeg GmbH 17.13.3 Interface Assignment ..... . . 530 17.14 BRRP ......531 17.14.1...
Page 14 Table of Contents bintec elmeg GmbH 19.4.1 SNMP Trap Options ..... . . 561 19.4.2 SNMP Trap Hosts ......563 19.5...
Page 15 Table of Contents bintec elmeg GmbH Index ......bintec RS Series xiii...
Page 16 Table of Contents bintec elmeg GmbH bintec RS Series...
Page 17: Chapter 1 Installation
PBX cannot take any calls until an ISDN number is configured on the device. If no entry is specified, every incoming ISDN call is accepted by the ISDN Login service. bintec RS353jw is equipped with two external WLAN antennas, bintec RS353j-4G is bintec RS Series...
Page 18 When setting up and connecting, carry out the steps in the following sequence: (1) Antennas Screw the external WLAN antennas (only bintec RS353jw) supplied to the connec- tions provided for this purpose. With bintec RS353j-4G screw the two external UMTS antenna and the GPS antenna to the connections provided.
Page 19 The 19- inch cabinet installation Screw your device using the supplied brackets and screws into the cabinet. Wallmounting To attach the bintec RS353x series on the wall, use the tabs on the back side of the hous- ing. Warning Before drilling, make sure that there are no building installations where you are drilling.
Page 20: Connectors
RESET Reset button On the back of the device the mains connection and the on/off switch is located. bintec RS353j-4G has connectors for two external Wi-Fi antenna. The devices bintec RS353j-4G have a connectors for the GPS antenna and 2 ports for the LTE/UMTS antenna. The con- nectors for the LTE/UMTS antenna are located on the sides of the device.
Page 21: Leds
Rear pannel connections POWER IEC C6 power connection and on/off switch WLAN 1 / 2 Connections for the WLAN antenna (only bintec RS353jw) Connection for the GPS antenna (only bintec RS353j-4G) LTE 1 - 2 Connections for the LTE/UMTS antenna (only bintec RS353j-4G) 1.1.3 LEDs...
Page 22 1 Installation bintec elmeg GmbH Colour Status Information No Synchronisation. flickering Data transfer. WLAN (only green WLAN connection established. RS353jw) green Radio or all assigned VSS inactive green on (slowly VSS is active, no client connected flashing) green on (fast flash-...
Page 23: Scope Of Supply
1 Installation bintec elmeg GmbH Colour Status Information Mbits. The device is connected to the WAN at 10 Mbits, or no Data transfer. You can determine the status of the router in BRRP operation with the aid of the status LED.
Page 24: General Product Features
1 Installation bintec elmeg GmbH 1.1.5 General Product Features The general product features cover performance features and the technical prerequisites for installation and operation of your device. The features are summarised in the following table: General Product Features bintec RS353j...
Page 25: Reset
1 Installation bintec elmeg GmbH bintec RS353j bintec RS353jw bintec Property RS353j-4G CE symbol for all EU states SAFERNET TM Security Technology Community passwords, PAP, CHAP, MS-CHAP, MS- CHAP v.2, PPTP, PPPoE, PPPoA, Callback, Access Con- trol Lists, CLID, NAT, SIF, MPPE Encryption, PPTP En-...
Page 26: Bintec Rs123, Bintec Rs123W, Bintec Rs353A And Bintec Rs353Aw
PBX cannot take any calls until an ISDN number is configured on the device. If no entry is specified, every incoming ISDN call is accepted by the ISDN Login service. bintec RS123aw and bintec RS353aw are equipped with two external WLAN antennas. bintec RS Series...
Page 27 Fig. 5: Connection options using the example of When setting up and connecting, carry out the steps in the following sequence: (1) Antennas Screw the external WLAN antennas (only bintec 123w and bintec RS353aw) sup- plied to the connections provided for this purpose. (2) ETH1-4 Connect the first switch port (ETH1, yellow connector) your device through the sup- plied Ethernet cable to your LAN to configure the device.
Page 28 Screw your device using the supplied brackets and screws into the cabinet. Wallmounting To attach the devices bintec RS123, bintec RS123w, bintec RS353a or bintec RS353aw on the wall, use the tabs on the back side of the housing. Warning Before drilling, make sure that there are no building installations where you are drilling.
Page 29: Connectors
The devices provides five Gigabit Ethernet ports which can be independently configured for use in a LAN, WAN, or DMZ, a USB port (type A), as well as a USB console port (type B). Furthermore, the devices bintec RS123 and bintec RS123w have a SFP slot for optical fiber expansion modules.
Page 30: Leds
Function button RESET Reset button On the back of the device the mains connection and the on/off switch is located. bintec RS123w and bintec RS353aw has connectors for two external Wi-Fi antenna. The connections are arranged as follows: bintec RS123w bintec RS353aw Fig.
Page 31 1 Installation bintec elmeg GmbH Colour Status Information POWER green Power supply is connected. No power supply. STATUS green After switching on: The device has started. During operation: An error has occurred. green flashing The device is active. green During operation: An error has occurred.
Page 32: Scope Of Supply
The device is functioning as a backup - on - off) router. 1.2.4 Scope of supply Your device is supplied with the following parts: bintec RS123 and bintec RS123w bintec RS123 bintec RS123w Scope of supply Cable sets/mains unit/ other...
Page 33: General Product Features
RS123 bintec RS123w Scope of supply Workshops Workshops MIB reference MIB reference bintec RS353a and bintec RS353aw bintec RS353a bintec RS353aw Scope of supply Cable sets/mains unit/ other Ethernet cable (yellow) Ethernet cable (yellow) xDSL cable type 2 (gray)
Page 34 1 Installation bintec elmeg GmbH bintec RS123 bintec RS123w bintec RS353a Property bintec RS353aw Memory 128 MB RAM, 32 MB Flash-ROM LEDs 17 (1x Power, 1x Status, 5x2 Ethernet, 5x Function) for RS123w RS353aw devices with WLAN 16 (1x Power, 1x Status, 5x2 Ethernet, 4x Function) for...
Page 35: Reset
1 Installation bintec elmeg GmbH bintec RS123 bintec RS123w bintec RS353a bintec RS353aw Property (antennas) and 5 GHz; and 5 GHz; 2 TX, 2 RX (2x2) 2 TX, 2 RX (2x2) Channel level (2.4 Channel level (2.4 GHz / 5GHz)
Page 36: Support Information
1 Installation bintec elmeg GmbH 1.3 Support information If you have any questions about your new product, please contact a local, certified retailer for prompt technical support. Resellers have been trained by us and receive privileged sup- port. Further information on our support and service offers can be found on our web site at www.bintec-elmeg.com...
Page 37: Ethernet Interface
1 Installation bintec elmeg GmbH Note You may need a serial to USB driver for the CP210x component. You can download it from www.bintec-elmeg.com 1.5.2 Ethernet interface The devices have an Ethernet interface with integrated 4 port switch. This is used to con- nect individual PCs or other switches.
Page 38: Isdn S0 Port
1 Installation bintec elmeg GmbH Fig. 13: xDSL interface (RJ45) The pin assignment for the xDSL interface (RJ45 socket) is as follows: RJ45 socket for xDSL connection Position Not used Not used Not used Not used Not used Not used 1.5.4 ISDN S0 port...
Page 39: Usb Interface
1 Installation bintec elmeg GmbH Position Not used Transmit (+) Receive (+) Receive (-) Transmit (-) Not used Not used 1.5.5 USB interface The devices have a USB connection for connecting a UMTS stick. The interface is executed as a standard USB Type A socket.
Page 40 1 Installation bintec elmeg GmbH wards. • Close the card slot. Press the card slot downwards again. • Push the card lock in the direction of the arrow . You will hear a click as the card locks into place.
Page 41: Chapter 2 Basic Configuration
• Password: Note All bintec elmeg devices are delivered with the same username and password. As long as the password remains unchanged, they are therefore not protected against unau- thorised use. Make sure you change the passwords to prevent unauthorised access to...
Page 42: Software Update
2 Basic configuration bintec elmeg GmbH Note If you already run a DHCP server on your LAN, it is recommended that you configure the device on a separate PC that is not connected to your LAN. The following settings are transferred to a non-configured PC: •...
Page 43: Gathering Data
2 Basic configuration bintec elmeg GmbH 2.3.1 Gathering data You can gather the main data for configuration with the GUI quickly, because you do not need any information that requires in-depth knowledge of networks. In addition, you can have the device assign a valid IP configuration to all PCs, so time- consuming configuration of your LAN is not necessary.
Page 44 2 Basic configuration bintec elmeg GmbH Access data Example value Your values Provider name Protocol Encapsulation VPI (Virtual Path Identifier) VCI (Virtual Circuit Identifier) Your user name Password Some Internet Service Providers, such as T-Online, require additional information: Additional information for T-Online...
Page 45: Configuring A Pc
2 Basic configuration bintec elmeg GmbH Access data Example value Your values Password Wireless LAN (optional) You can operate your device as an access point and therefore connect individual work sta- tions (e.g. laptops, PCs with wireless card or wireless adapter) by wireless connections to your local network via WLAN (Wireless LAN) and let them communicate with each other.
Page 46: Modify System Password
Password: 2.3.3 Modify system password All bintec elmeg devices are delivered with the same username and password. As long as the password remains unchanged, they are therefore not protected against unauthorised use. Make sure you change the passwords to prevent unauthorised access to your device! Proceed as follows: (a) Go to the System Management->Global Settings->Passwords menu.
Page 47: Setting Up An Internet Connection
2.4.1 Internet connection over internal xDSL modem Apart from bintec RS123 and bintec RS123w, all devices in the RS series have an integ- rated xDSL modem for rapid Internet access set-up. To make it easier to configure an xD- SL internet connection, the GUI has a wizard to guide you through the connection set-up process simply and quickly.
Page 48: Other Internet Connections
(2) Test the internet access by entering www.bintec-elmeg.com in the internet browser. bintec elmeg GmbH's Internet site offers you the latest news, updates and document- ation. Note Incorrect configuration of the devices in your LAN may result in unwanted connections and increased charges! Monitor your device and make sure it only sets up connections at the times you want it to.
Page 49: Software Update
The range of functions of bintec elmeg devices is continuously being extended. These ex- tensions are made available to you by bintec elmeg GmbH free of charge. Checking for new software versions and the installation of updates can be carried out easily with the GUI.
Page 50 2 Basic configuration bintec elmeg GmbH The device will now connect to the bintec elmeg GmbH download server and check wheth- er an updated version of the system software is available. If so, your device will be updated automatically. When installation of the new software is complete, you will be invited to re- start the device.
Page 51: Chapter 3 Access And Configuration
3 Access and configuration bintec elmeg GmbH Chapter 3 Access and configuration This chapter describes all the access and configuration options. 3.1 Access Options The various access options are presented below. Select the procedure to suit your needs. There are various ways you can access your device to configure it: •...
Page 52 3 Access and configuration bintec elmeg GmbH You do not need any additional software on your PC to set up a Telnet connection to your device: Telnet is available on all operating systems. Proceed as follows: Windows (1) Click Run… in the Windows Start menu.
Page 53 3 Access and configuration bintec elmeg GmbH connect to the device via SSH: Note The device generates a key pair for each of the algorithms (RSA and DSA), i.e. two files must be stored in the flash for each algorithm (see example at above).
Page 54: Access Via The Console Interface
FAQs, which list the required settings. 3.1.2 Access via the Console Interface Each bintec elmeg gateway has a console interface, with which a PC can be connected dir- ectly. Access via the console interface is ideal if you are setting up an initial configuration of your device and a LAN access is not possible via the pre-configured IP address (192.168.0.254/255.255.255.0).
Page 55: Access Over Isdn
3 Access and configuration bintec elmeg GmbH - Data bits: - Parity: - Stopbits: - Flow control: Unix You will require a terminal program such as (on System V), (on BSD) or (on Linux). The settings for these programs correspond to those listed above.
Page 56: Login
Caution All bintec elmeg devices are delivered with the same username and password. As long as the password remains unchanged, they are therefore not protected against unau- thorised use. How to change the passwords is described in Passwords on page 59.
Page 57: Logging In For Configuration
3 Access and configuration bintec elmeg GmbH If you have forgotten your password, you must reset your device to the ex works state, which means your configuration will be lost. 3.2.2 Logging in for Configuration Set up a connection to the device. The access options are described in Access Options page 35.
Page 58: Gui (Graphical User Interface)
3 Access and configuration bintec elmeg GmbH Note The detailed help system of the Wizard will help you to clarify any questions you may have. Therefore the wizard will not be discussed in any greater detail in this document. The configuration options available to you depend on the type of connection to your device:...
Page 59 3 Access and configuration bintec elmeg GmbH Fig. 17: home page 3.3.1.1 Calling up GUI (1) Check whether the device is connected and switched on and that all the necessary cables are correctly connected (see on page ). (2) Check the settings of the PC from which you want to configure your device (see...
Page 60 3 Access and configuration bintec elmeg GmbH • The header • The navigation bar • The main configuration window Fig. 18: Areas of the Header Fig. 19: header GUI header Menu Position Language: In the dropdown menu, choose the language in which you want to display the GUI.
Page 61 3 Access and configuration bintec elmeg GmbH Menu Position is displayed. Logout: If you want to end the configuration, click this button to log out of your device. A window is opened offering you the fol- lowing options: • Save configuration, save previous boot configuration, then exit.
Page 62 3 Access and configuration bintec elmeg GmbH The Save configuration button is found in the navigation bar. If you save a current configuration, you can save this as the boot configuration or you can also archive the previous boot configuration as a backup.
Page 63 3 Access and configuration bintec elmeg GmbH Button Position If you do not want to save a newly configured list entry, cancel this and any settings made by pressing Cancel. Confirms the settings of a new entry and the parameter changes in a list.
Page 64 3 Access and configuration bintec elmeg GmbH Symbol Position Indicates "Dormant" status for an interface or connection. Indicates "Up" status for an interface or connection. Indicates "Down" status for an interface or connection. Indicates "Blocked" status for an interface or connection.
Page 65 3 Access and configuration bintec elmeg GmbH Menu Position ing list entry directly in the list. Fig. 22: Configuration of the update interval Fig. 23: Filter list Structure of the GUI configuration menu The menus of the GUI contain the following basic structures:...
Page 66 3 Access and configuration bintec elmeg GmbH Menu Position Enter the data. Radio buttons e.g. Select the corresponding option. Checkboxes e.g. activation by selecting checkbox Selection of several possible options Dropdown menus e.g. Click the arrow to open the list. Select the required option using the mouse.
Page 67: Snmp Shell
Base) in the form of MIB tables and MIB variables. You can read and modify these directly via the SNMP browser. Caution This configuration method assumes an in-depth system knowledge of bintec devices! 3.3.2 SNMP shell SNMP (Simple Network Management Protocol) is a protocol that defines how you can ac- cess the configuration settings.
Page 68: Chapter 4 Assistants
4 Assistants bintec elmeg GmbH Chapter 4 Assistants The Assistants menu offers step-by-step instructions for the following basic configuration tasks: • First steps • Internet Access • VPN • Wireless LAN • VoIP PBX in LAN Choose the corresponding task from the navigation bar and follow the instructions and ex- planations on the separate pages of the Wizard.
Page 69: Chapter 5 System Management
5 System Management bintec elmeg GmbH Chapter 5 System Management The System Management menu contains general system information and settings. You see a system status overview. Global system parameters such as the system name, date/time, passwords and licences are managed and the access and authentication meth- ods are configured.
Page 70 5 System Management bintec elmeg GmbH System Management Status Fig. 24: -> The menu System Management->Status consists of the following fields: Fields in the System Information menu. Field Value Uptime Displays the time past since the device was rebooted. System Date Displays the current system date and system time.
Page 71 5 System Management bintec elmeg GmbH Field Value also displayed in brackets as a percentage. ISDN Usage External Shows the number of active B channels and the maximum num- ber of available B channels for external connections. Active Sessions (SIF, Displays the total of all SIF, TDRC, and IP load balancing ses- RTP, etc...
Page 72: Global Settings
5 System Management bintec elmeg GmbH Field Value • is displayed if the SIM card is inser- ted, but the PIN has not yet been entered. • is displayed while he SIM card is initialized. • If the SIM card is operational, the Network Quality is dis- played.
Page 73 5 System Management bintec elmeg GmbH The System Management->Global Settings->System menu consists of the following fields: Fields in the menu Basic Settings Field Value System Name Enter the system name of your device. This is also used as the PPP host name.
Page 74 Only for devices with support for being managed by the Cloud dress NetManager. The address of the bintec elmeg Cloud NetManager is precon- figured. If you want to run your own management system, you need to enter the address of your server here.
Page 75: Passwords
5 System Management bintec elmeg GmbH Field Value LED mode Only for WLAN devices Select the LEDs' lighting behaviour. Possible values: • (default value): The LEDS display their default beha- viour. • : Only the status LED flashes once per second.
Page 76 -> Note All bintec elmeg devices are delivered with the same username and password. As long as the password remains unchanged, they are not protected against unauthorised use. Make sure you change the passwords to prevent unauthorised access to the device If the password is not changed, under System Management->Status there appears...
Page 77: Date And Time
5 System Management bintec elmeg GmbH Field Value munity Fields in the Global Password Options menu Field Value Show passwords and Define whether the passwords are to be displayed in clear text keys in clear text (plain text). The function is enabled with The function is disabled by default.
Page 78 5 System Management bintec elmeg GmbH System Management Global Settings Date and Time Fig. 27: -> -> You have the following options for determining the system time (local time): ISDN/Manual In devices with an ISDN interface, the system time can be updated via ISDN, i. e. the date and time are taken from the ISDN when the first outgoing call is made.
Page 79 5 System Management bintec elmeg GmbH You can obtain the system time automatically, e.g. using various time servers. To ensure that the device uses the desired current time, you should configure one or more time serv- ers. Switching from summer time to winter time (and back) must be carried out manually if the time is derived using this method by changing the value in the Time Zone field with an option UTC+ or UTC-.
Page 80 5 System Management bintec elmeg GmbH Fields in the menu Automatic Time Settings (Time Protocol) Field Description ISDN Timeserver Only for devices with an ISDN interface. Determine whether the system time is to be updated via ISDN. If a time server is configured, the time is only determined over ISDN until a successful update is received from this time server.
Page 81 5 System Management bintec elmeg GmbH Field Description • : This time server is not currently used for the time re- quest. Third Timeserver Enter the third time server, by using either a domain name or an IP address. In addition, select the protocol for the time server request.
Page 82: System Licences
5 System Management bintec elmeg GmbH Field Description Internal Time Server Select whether the internal timeserver is to be used. The function is activated by selecting . Time requests from a client will be answered with the current system time. This is given as GMT, without offset.
Page 83 5 System Management bintec elmeg GmbH port section at www.bintec-elmeg.com . Please follow the online licensing instructions. (Please also note the information on the licence card for licences at additional cost.) You will then receive an e-mail containing the following data: •...
Page 84: Interface Mode / Bridge Groups
5 System Management bintec elmeg GmbH Activating extra licences You activate extra licences by adding the received licence information in the System Man- agement->Global Settings->System Licences->New menu. The menu System Management->Global Settings->System Licences->New consists of the following fields: Fields in the Basic Settings menu.
Page 85 5 System Management bintec elmeg GmbH Bridging connects networks of the same type. In contrast to routing, bridges operate at lay- er 2 of the OSI model (data link layer), are independent of higher-level protocols and trans- mit data packets using MAC addresses. Data transmission is transparent, which means the information contained in the data packets is not interpreted.
Page 86: Interfaces
5 System Management bintec elmeg GmbH Example: (first wireless network on the first wireless module) The name of the bridge link is made up of the following parts: (a) Abbreviation for interface type (b) Number of the wireless module on which the bridge link is configured...
Page 87 5 System Management bintec elmeg GmbH System Management Interface Mode / Bridge Groups Interfaces Fig. 29: -> -> The System Management->Interface Mode / Bridge Groups->Interfaces menu consists of the following fields: Fields in the Interfaces menu. Field Description Interface Description Displays the name of the interface.
Page 88 5 System Management bintec elmeg GmbH System Management Interface Mode / Bridge Groups Interfaces Fig. 30: -> -> -> The System Management->Interface Mode / Bridge Groups->Interfaces->Add menu consists of the following fields: Fields in the Interfaces menu. Field Description Interface Select the interface whose status should be changed.
Page 89 5 System Management bintec elmeg GmbH use the MAC Bridge. The System Management->Interface Mode / Bridge Groups->Interfaces-> menu consists of the following fields: Fields in the Layer-2.5 Options menu. Field Value Interface Shows the interface that is being edited. Wildcard Mode Select the Wildcard mode you want to use on the interface.
Page 90: Administrative Access
For PABX systems only: You can also authorise your device for maintenance work from bintec elmeg's Customer Service department. To do this you enable either Service Login (ISDN Web-Access) or Service Call Ticket (SSH Web Access), depending on the ser- vice you require, and select the OK button.
Page 91: Ssh
5 System Management bintec elmeg GmbH Field Description Restore Default Set- Only when you make changes to the administrative access con- tings figuration are relevant access rules set up and activated. You can restore the default settings with the icon.
Page 92 5 System Management bintec elmeg GmbH System Management Administrative Access Fig. 34: -> -> You need an SSH client application, e.g. PuTTY, to be able to reach the SSH Daemon. If you wish to use SSH Login together with the PuTTY client, you may need to comply with some special configuration requirements, for which we have prepared FAQs.
Page 93 5 System Management bintec elmeg GmbH Field Value face. The function is activated by selecting The function is enabled by default. SSH Port Here you can enter the port via which the SSH connection is to be established. The default value is...
Page 94 5 System Management bintec elmeg GmbH Field Value RSA Key Status Shows the status of the RSA key. If an RSA key has not been generated yet, displayed in red and a link, , is provided. If you select the link, the generation process is triggered and the view is up- dated.
Page 95: Snmp
5 System Management bintec elmeg GmbH Field Value Compression Select whether data compression should be used. The function is activated by selecting The function is disabled by default. TCP Keepalives Select whether the device is to send keepalive packets. The function is activated by selecting The function is enabled by default.
Page 96 5 System Management bintec elmeg GmbH System Management Administrative Access SNMP Fig. 35: -> -> The menu System Management->Administrative Access->SNMP consists of the follow- ing fields: Fields in the Basic Settings menu. Field Value SNMP Version Select the SNMP version your device is to use to listen for ex- ternal SNMP access.
Page 97: Remote Authentication
5 System Management bintec elmeg GmbH If your SNMP Manager supports SNMPv3, you should, if possible, use this version as older versions transfer all data unencrypted. 5.5 Remote Authentication This menu contains the settings for user authentication. 5.5.1 RADIUS RADIUS (Remote Authentication Dial In User Service) is a service that enables authentica- tion and configuration information to be exchanged between your device and a RADIUS server.
Page 98 5 System Management bintec elmeg GmbH Field Value If an access request is received by your device, a request is sent to the RADIUS server if no corresponding connection part- ner has been found on your device. ACCESS_ACCEPT Server -> Client...
Page 99 5 System Management bintec elmeg GmbH System Management Remote Authentication RADIUS Fig. 36: -> -> -> The System Management->Remote Authentication->RADIUS->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Value Authentication Type Select what the RADIUS server is to be used for.
Page 100 5 System Management bintec elmeg GmbH Field Value • : The RADIUS server is used for controlling access to a wireless network. • : The RADIUS server is used for authenticating IPSec peers via XAuth. Vendor Mode Only for Authentication Type = In hotspot applications, select the mode define by the provider.
Page 101 5 System Management bintec elmeg GmbH Field Value servers for a group are queried according to Priority and the Policy . Possible values: • (default value): Enter a new group description in the text field. • : Select this entry for special applications, such as Hotspot Server configuration.
Page 102 5 System Management bintec elmeg GmbH Field Value The default value is (1 second). Alive Check Here you can activate a check of the accessibility of a RADIUS server in Status An Alive Check is carried out regularly (every 20 seconds) by sending an ACCESS_REQUEST to the IP address of the RADI- US server.
Page 103: Tacacs
Like RADIUS, TACACS+ is an AAA protocol and offers authentication, authorisation and accounting services (TACACS+ Accounting is currently not supported by bintec elmeg devices). The following TACACS+ functions are available on your device: •...
Page 104 5 System Management bintec elmeg GmbH System Management Remote Authentication TACACS+ Fig. 37: -> -> -> The System Management->Remote Authentication->TACACS+ ->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Authentication Type Displays which TACACS+ function is to be used. The value cannot be changed.
Page 105 5 System Management bintec elmeg GmbH Field Description authentication. If no response is given or access is denied (only if Policy = ), the entry with the next- highest priority is used. The available values are to , the default value is .
Page 106: Options
5 System Management bintec elmeg GmbH Field Description Block Time Enter the time in seconds for which the status of the current server shall remain blocked. When the block has ended, the server is set to the status spe- cified in the Entry active field.
Page 107: Configuration Access
5 System Management bintec elmeg GmbH Fields in the Global RADIUS Options menu. Field Description Authentication for PPP By default, the following authentication sequence is used for in- Dialin coming calls with RADIUS: First CLID, then PPP and then PPP with RADIUS.
Page 108 5 System Management bintec elmeg GmbH System Management Configuration Access Access Profiles Fig. 39: -> -> 5.6.1.1 Edit or New Choose the icon to edit existing entries. Choose the New button to create additional ac- cess profiles. To create an access profile you can use all the entries in the navigation bar of the GUI plus Save configuration and Switch to SNMP Browser.
Page 109 5 System Management bintec elmeg GmbH System Management Configuration Access Access Profiles Fig. 40: -> -> -> The menu System Management->Configuration Access->Access Profiles->New con- sists of the following fields: Fields in the menu Basic Settings Field Description Description Enter a unique name for the access profile.
Page 110 5 System Management bintec elmeg GmbH Fields in the menu Buttons Field Description Save configuration If you activate the button Save configuration the user is per- mitted to save configurations. Note Note that the passwords in the saved file can be viewed in clear text.
Page 111: Users
5 System Management bintec elmeg GmbH Field Description Menus You see all the menus from the GUI's navigation bar. Menus that contain at least one sub-menu are flagged by The icon indicates pages. When you create a new access profile, no elements are as- signed yet, i.e.
Page 112 5 System Management bintec elmeg GmbH System Management Configuration Access Users Fig. 41: -> -> You can click the button to display the details of the configured user. You can see which fields and menus are assigned to the user.
Page 113 5 System Management bintec elmeg GmbH System Management Configuration Access Users Fig. 42: -> -> -> The icon means that Read-only is permitted. If a row is flagged with the icon the information is released for reading and writing. The icon indicates blocked entries.
Page 114 5 System Management bintec elmeg GmbH System Management Configuration Access Users Fig. 43: -> -> -> The menu System Management->Configuration Access->Users->New consists of the following fields: Fields in the menu Basic Settings Field Description User Enter a unique name for the user.
Page 115: Certificates
5 System Management bintec elmeg GmbH Field Description If intersecting access profiles are assigned to a user, read and write have a higher priority than Read-only. Buttons cannot be set to the setting Read-only. 5.7 Certificates An asymmetric cryptosystem is used to encrypt data to be transported in a network, to gen- erate or check digital signatures and the authenticate users.
Page 116 5 System Management bintec elmeg GmbH 5.7.1.1 Edit Click the icon to display the content of the selected object (key, certificate, or request). System Management Certificates Certificate List Fig. 44: -> -> -> The certificates and keys themselves cannot be changed, but a few external attributes can be changed, depending on the type of the selected entry.
Page 117 5 System Management bintec elmeg GmbH Field Description Description Shows the name of the certificate, key, or request. Certificate is CA Certi- Mark the certificate as a certificate from a trustworthy certifica- ficate tion authority (CA). Certificates issued by this CA are accepted during authentica- tion.
Page 118 5 System Management bintec elmeg GmbH Caution It is extremely important for VPN security that the integrity of all certificates manually marked as trustworthy (certification authority and user certificates) is ensured. The dis- played "fingerprints" can be used to check this integrity: Compare the displayed values with the fingerprints specified by the issuer of the certificate (e.g.
Page 119 5 System Management bintec elmeg GmbH System Management Certificates Certificate List Certificate Request Fig. 45: -> -> -> The menu System Management->Certificates->Certificate List->Certificate Request consists of the following fields: Fields in the Certificate Request menu. Field Description Certificate Request De- Enter a unique description for the certificate.
Page 120 5 System Management bintec elmeg GmbH Field Description field. This file must be provided to the CA and the received certificate must then be imported manually to your device. • : The key is requested from a CA using the Simple Cer- tificate Enrolment Protocol.
Page 121 5 System Management bintec elmeg GmbH Field Description not configured on the device, the validity of certificates from this CA is not checked. • <name of an existing certificate>: If all the necessary certific- ates are already available in the system, you select these manually.
Page 122 5 System Management bintec elmeg GmbH Field Description If the field is not selected, enter the name components in Com- mon Name, E-mail, Organizational Unit, Organization, Loc- ality, State/Province and Country. The function is disabled by default. Summary Only for Custom = enabled.
Page 123 5 System Management bintec elmeg GmbH Field Description #1, #2, #3 For each entry, define the type of name and enter additional subject names. Possible values: • (default value): No additional name is entered. • : An IP address is entered.
Page 124: Crls
5 System Management bintec elmeg GmbH System Management Certificates Certificate List Import Fig. 46: -> -> -> The menu System Management->Certificates->Certificate List->Import consists of the following fields: Fields in the Import menu. Field Description External Filename Enter the file path and name of the certificate to be imported, or use Browse...
Page 125 5 System Management bintec elmeg GmbH If a key is no longer to be used, e.g. because it has fallen into the wrong hands or has been lost, the corresponding certificate is declared invalid. The certification authority revokes the certificate and publishes it on a certificate blacklist, so-called CRL. Certificate users should always check against these lists to ensure that the certificate used is currently valid.
Page 126: Certificate Servers
5 System Management bintec elmeg GmbH Field Description type of encoding. • • Password Enter the password required for the import. 5.7.3 Certificate Servers A list of certificate servers is displayed in the System Management->Certificates->Certi- ficate Servers menu. A certification authority (certification service provider, Certificate Authority, CA) issues your certificates to clients applying for a certificate via a certificate server.
Page 127: Chapter 6 Physical Interfaces
6 Physical Interfaces bintec elmeg GmbH Chapter 6 Physical Interfaces 6.1 Ethernet Ports An Ethernet interface is a physical interface for connection to the local network or external networks. The Ethernet ports ETH1 to ETH4 are assigned to a single logical Ethernet interface in ex works state.
Page 128: Port Configuration
6 Physical Interfaces bintec elmeg GmbH During operation, you cannot switch to operating the ETH5 without an SFP module. If the ETH5 port is used after adding an SFP module, the device must be rebooted. The ETH5 port can however be used during operation without first inserting the SFP module.
Page 129 6 Physical Interfaces bintec elmeg GmbH Physical Interfaces Ethernet Ports Port Configuration Fig. 49: -> -> The menu Physical Interfaces->Ethernet Ports->Port Configuration consists of the fol- lowing fields: Fields in the Switch Configuration menu. Field Description Switch Port Shows the respective switch port. The numbering corresponds to the numbering of the Ethernet ports on the back of the device.
Page 130: Isdn Ports
6 Physical Interfaces bintec elmeg GmbH Field Description • • • • • • • : The interface is created but remains inactive. Current Speed / Mode Shows the actual mode and actual speed of the interface. Possible values: •...
Page 131: Isdn Configuration
6 Physical Interfaces bintec elmeg GmbH • MSN Configuration: Here you tell your device how to react to incoming calls from the WAN. 6.2.1 ISDN Configuration Note If the ISDN protocol is not detected, it must be selected manually under Port Usage und ISDN Configuration Type .
Page 132 6 Physical Interfaces bintec elmeg GmbH Field Description Autoconfiguration on Select whether the ISDN switch type (D channel detection for Bootup switched line) is to be automatically identified. The function is enabled with The function is enabled by default. Result of Autoconfig- Shows the status of the ISDN Auto Config.
Page 133: Msn Configuration
6 Physical Interfaces bintec elmeg GmbH Field Description X.31 (X.25 in D Chan- Select whether you want to use X.31 (X.25 in the D channel) nel) e.g. for CAPI applications. The function is enabled with The function is disabled by default.
Page 134 • ISDN Login: The ISDN login service enables both incoming data connections with access to the SNMP shell of your device, and outgoing data connections to other bintec elmeg devices. As a result, your device can be remotely configured and administrated.
Page 135 6 Physical Interfaces bintec elmeg GmbH 6.2.2.1 New Set the New, button to set up a new MSN. Physical Interfaces ISDN Ports MSN Configuration Fig. 51: -> -> -> The menu Physical Interfaces->ISDN Ports->MSN Configuration->New consists of the following fields: Fields in the Basic Parameters menu.
Page 136: Dsl Modem
6 Physical Interfaces bintec elmeg GmbH Field Description Enter the number used to check the called party number. For the call to be accepted, it is sufficient for the individual numbers in the entry to agree, taking account of MSN Recognition.
Page 137 6 Physical Interfaces bintec elmeg GmbH Physical Interfaces DSL Modem DSL Configuration Fig. 52: -> -> The menu Physical Interfaces->DSL Modem->DSL Configuration consists of the follow- ing fields: Fields in the DSL Port Status menu. Field Description DSL Chipset Shows the key of the installed chipset.
Page 138 6 Physical Interfaces bintec elmeg GmbH Field Description • • • • • Fields in the Current Line Speed menu. Field Description Downstream Displays the data rate in the receive direction (direction from CO/DSLAM to CPE/router) in bits per second.
Page 139: Umts/Lte
6 Physical Interfaces bintec elmeg GmbH Field Description Possible values: • : The data rate in the send direc- tion is not reduced. • : The data rate in the send direction is reduced to a max- imum of 128,000 bps to 2,048,000 bps in defined steps.
Page 140 6 Physical Interfaces bintec elmeg GmbH Note If you are connecting to the internet via UMTS and are using the SMS alert service, the connection is briefly interrupted when an SMS is sent. Note LTE cannot currently be used for incoming connections via ISDN login.
Page 141 6 Physical Interfaces bintec elmeg GmbH Physical Interfaces UMTS/LTE UMTS/LTE Fig. 53: -> -> -> The menu Physical Interfaces->UMTS/LTE->UMTS/LTE-> consists of the following fields: Fields in the Basic Settings menu. Field Description UMTS/LTE Status Select whether the chosen UMTS/LTE modem should be en- abled or disabled.
Page 142 6 Physical Interfaces bintec elmeg GmbH Field Description Possible values: • • • • • • • • • • Network Provider Only for UMTS/LTE Status = This is only displayed if the status of the modem is "up". Displays the Network Provider currently connected.
Page 143 6 Physical Interfaces bintec elmeg GmbH Field Description • : GPRS is preferentially used; should GPRS not be available, UMTS is used. • : UMTS is preferentially used; should UMTS not be available, GPRS is used. • : Only LTE is used; should LTE be unavailable, no connection is established.
Page 144 6 Physical Interfaces bintec elmeg GmbH Field Description Note An incoming data call (PPP dialin or ISDN login via V.110) can generally only be set up via GSM. Setup for UMTS/LTE is generally only possible if the provider has activated this functionality on demand.
Page 145 6 Physical Interfaces bintec elmeg GmbH Field Description tunnel setup should be transmitted with the UMTS/LTE callback call under Transfer own IP address over ISDN/GSM . This may shorten and simplify tunnel setup. This is only displayed if the device has made three failed at- tempts to establish a connection, e.g.
Page 146 6 Physical Interfaces bintec elmeg GmbH Field Description Note Please note that the SIM card must support this function, and that not all mobile telephony providers relay voice calls over data SIM cards. APN (Access Point Only for UMTS/LTE Status =...
Page 147 6 Physical Interfaces bintec elmeg GmbH Field Description Network Provider. Close to a country border this could also be the network of a foreign roaming partner. Mobile Network Pro- Only for Roaming Mode = vider Select a Mobile Network Provider from the list.
Page 148 6 Physical Interfaces bintec elmeg GmbH Field Description Password Enter the password that has been supplied by your provider. Fixed IP Address Enter the Ip address that has been supplied by your provider. Clicking the button opens a page with detailed statistics on the current UMTS/LTE con- nection.
Page 149 6 Physical Interfaces bintec elmeg GmbH Field Description Home PLMN Displays the Home PLMN (Public Land Mobile Network), i.e. the provider the SIM card is registered at. Selected PLMN Displays the selected PLMN. If no PLMN is selected, the Home PLNM is displayed.
Page 150: Chapter 7 Lan
7 LAN bintec elmeg GmbH Chapter 7 LAN In this menu, you configure the addresses in your LAN and can structure your local network using VLANs. 7.1 IP Configuration In this menu, you can edit the IP configuration of the LAN and Ethernet interfaces of your device.
Page 151 7 LAN bintec elmeg GmbH will only be able to access your device over this IP address. The device will no longer obtain an IP configuration dynamically over DHCP. Example of subnets If your device is connected to a LAN that consists of two subnets, you should enter a second IP Address / Netmask.
Page 152 7 LAN bintec elmeg GmbH ->Interfaces->New: IPv6 Mode = , Accept Router Advertisement = and DHCP Client = 7.1.1.1 Edit or New Choose the icon to edit existing entries. Choose the New button to create virtual inter- faces. IP Configuration...
Page 153 7 LAN bintec elmeg GmbH Field Description Select the configuration mode of the interface. Possible values: • (default value): The interface is not assigned for a specific purpose. • : This option only applies for routing inter- faces. You use this option to assign the interface to a VLAN. This is done using the VLAN ID, which is displayed in this mode and can be configured.
Page 154 7 LAN bintec elmeg GmbH Field Description ted zone. You can configure exceptions for the selected setting in the Firewall on page 415 menu. Address Mode Select how an IP address is assigned to the interface. Possible values: • (default value): The interface is assigned a static IP address in IP Address / Netmask.
Page 155 7 LAN bintec elmeg GmbH Field Description You can configure exceptions for the selected setting in the Firewall on page 415 menu. IPv6 Mode Only for IPv6 = Select whether the interface is to be operated in host or in router mode.
Page 156 7 LAN bintec elmeg GmbH Field Description You can assign IPv6 Addresses to the selected interface.. Add allows you to create one or more address entries. A new windows opens that allows you to specify an IPv6 ad- dress consisting of a Link Prefix and a host identifier.
Page 157 7 LAN bintec elmeg GmbH IP Configuration Interfaces Fig. 57: -> -> -> -> Fields in the Basic Parameters menu. Field Description Advertise Only for IPv6 Mode = Here you can determine if the prefix being defined in the current window is propagated per Router Advertisement over the selec- ted interface.
Page 158 7 LAN bintec elmeg GmbH Field Description Possible values: • (default value): The Link Prefix is derived from a General Prefix. • : You can enter the link prefix. General Prefix Only for Setup Mode = Select the General Prefix the Link Prefix is to be derived from.
Page 159 7 LAN bintec elmeg GmbH Field Description You can specify the Link Prefix of an IPv6 address. This prefix must end with . Its predetermined length is Fields in the Host Address menu. Field Description Generation Mode Determine if the Host Identifier of the IPv6 address is to be automatically derived from the MAC address through EUI-64.
Page 160 7 LAN bintec elmeg GmbH Field Description The function is enabled by default. Preferred Lifetime Enter a time period in seconds. During this time, addresses de- rived from the prefix through SLAAC are preferred. The default value is seconds. Valid Lifetime Enter a time period in seconds, for which the prefix is valid.
Page 161 7 LAN bintec elmeg GmbH Field Description requests for your device. Some DHCP servers that assign IP addresses by UNICAST do not respond to DHCP requests with the set BROADCAST bit. In this case, it is necessary to send DHCP requests in which this bit is not set. In this case, disable this option.
Page 162 7 LAN bintec elmeg GmbH Field Description Note The value for the Router Lifetime should be higher than the shortest valid lifetime for a link prefix configured for this interface under Basic IPv6 Parameters. Router Preference Only for IPv6 =...
Page 163: Vlan
7 LAN bintec elmeg GmbH Field Description DNS Propagation Only for IPv6 Mode = and Transmit Router Advertisement Select if an in which way DNS server addresses are to be propagated in Router Advertisements. A maximum of two DNS server addresses is propagated.
Page 164 7 LAN bintec elmeg GmbH Fig. 58: VLAN segmenting VLAN for Bridging and VLAN for Routing In the LAN->VLAN menu, VLANs (virtual LANs) are configured with interfaces that operate in Bridging mode. Using the VLAN menu, you can make all the settings needed for this and query their status.
Page 165: Vlans
7 LAN bintec elmeg GmbH 7.2.1 VLANs In this menu, you can display all the VLANs already configured, edit your settings and cre- ate new VLANs. By default, the VLAN with VLAN Identifier = is available, to which all interfaces are assigned.
Page 166: Port Configuration
7 LAN bintec elmeg GmbH Field Description formation) or (i.e. without VLAN information). 7.2.2 Port Configuration In this menu, you can define and view the rules for receiving frames at the VLAN ports. VLANs Port Configuration Fig. 60: -> ->...
Page 167: Administration
7 LAN bintec elmeg GmbH 7.2.3 Administration In this menu, you make general settings for a VLAN. The options must be configured sep- arately for each bridge group. VLANs Administration Fig. 61: -> -> The LAN->VLANs->Administrationmenu consists of the following fields: Fields in the Bridge Group br<ID>...
Page 168: Chapter 8 Wireless Lan
8 Wireless LAN bintec elmeg GmbH Chapter 8 Wireless LAN In the case of wireless LAN or Wireless LAN (WLAN = Wireless Local Area Network), this relates to the creation of a network using wireless technology. Network functions Like a wired network, a WLAN offers all the main network functions. Access to servers, files, printers, and the e-mail system is just as reliable as company-wide Internet access.
Page 169 8 Wireless LAN bintec elmeg GmbH 8.1.1.1 -> Radio Settings In this menu, you change the settings for the wireless module. Select the icon to edit the configuration. Wireless LAN WLAN Radio Settings Operation Mode Fig. 63: -> -> ->...
Page 170 8 Wireless LAN bintec elmeg GmbH Wireless LAN WLAN Radio Settings Operation Mode Fig. 64: The Wireless LAN->WLAN->Radio Settings-> menu consists of the following fields: Fields in the menu Wireless Settings Field Description Operation Mode Define the mode in which the wireless module of your device is to operate.
Page 171 8 Wireless LAN bintec elmeg GmbH Field Description • (default value): Your device is oper- ated at 2.4 GHz inside or outside buildings. • : Your device runs in 5 GHz inside buildings. • : Your device runs in 5 GHz outside build- ings.
Page 172 8 Wireless LAN bintec elmeg GmbH Field Description Possible values are (standard value) • For Operation Band = Only the option is possible here. Access Client Mode: In the Access Client Mode no channel you can select. The used channel is shown.
Page 173 8 Wireless LAN bintec elmeg GmbH Field Description Operation Mode = and Operation Band = Possible values: • : The device operates only in accordance with 802.11g. 802.11b clients have no access. • : Your device operates only in accordance with 802.11b and forces all clients to adapt to it.
Page 174 8 Wireless LAN bintec elmeg GmbH Field Description • : Your device operates according to 802.11ac, 802.11a or 802.11n. • : Your device operates according to either 802.11ac or 802.11n. Bandwidth For Operation Mode = Not for Operation Band = Select how many channels are to be used.
Page 175 8 Wireless LAN bintec elmeg GmbH Field Description Classe "Background". The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu for operating mode = Access Point / Bridge Link Master Field Description Channel Plan Only for Operation Mode = and Channel = Select the desired channel plan.
Page 176 8 Wireless LAN bintec elmeg GmbH Field Description on/off independently of the data packet length by selecting the value (default value). Short Guard Interval Enable this function to reduce the guard interval (= time between transmission of two data symbols) from 800 ns to 400...
Page 177 8 Wireless LAN bintec elmeg GmbH Field Description • : The channel is automatically selected. • : The desired channels can therefore be defined. User Defined Channel Only for Scan channels = Plan Define the channels which the WLAN client automatically scans for available wireless networks.
Page 178 8 Wireless LAN bintec elmeg GmbH Field Description . The default value is Max. Period Active Displays the maximum active scanning time for a frequency in Scan milliseconds. The value can only be modified for Roaming Profile = . The default value is Min.
Page 179: Wireless Networks (Vss)
8 Wireless LAN bintec elmeg GmbH 8.1.2 Wireless Networks (VSS) If you are operating your device in Access Point Mode ( Wireless LAN->WLAN->Radio Settings-> ->Operation Mode = ), in the menu Wireless LAN->WLAN->Wireless Networks (VSS)-> / New you can edit the wireless networks required or set new ones up.
Page 180 8 Wireless LAN bintec elmeg GmbH 802.11 defines the security standard WEP (Wired Equivalent Privacy = encryption of data with 40 bit (Security Mode = ) or 104 bit (Security Mode = ). However, this widely used WEP has proven susceptible to failure. However, a higher degree of se- curity can only be achieved through hardware-based encryption which required additional configuration (for example 3DES or AES).
Page 181 8 Wireless LAN bintec elmeg GmbH • Change the access passwords for your device. • Change the default SSID, Network Name (SSID) = , of your access point. Set Visible = . This will exclude all WLAN clients that attempt to establish a connec-...
Page 182 8 Wireless LAN bintec elmeg GmbH Wireless LAN WLAN Wireless Networks (VSS) Fig. 66: -> -> -> -> The Wireless LAN->WLAN->Wireless Networks (VSS)-> ->New menu consists of the following fields: Fields in the menu Service Set Parameters Field Description Network Name (SSID) Enter the name of the wireless network (SSID).
Page 183 8 Wireless LAN bintec elmeg GmbH Field Description be permitted within a radio cell. The function is activated by selecting The function is enabled by default. Select whether voice or video prioritisation via WMM (Wireless Multimedia) is to be activated for the wireless network so that optimum transmission quality is always achieved for time-critical applications.
Page 184 8 Wireless LAN bintec elmeg GmbH Field Description WEP Key 1-4 Only for Security Mode = Enter the WEP key. Enter a character string with the right number of characters for the selected WEP mode. For you need a character string with 5 characters, for with 13 characters, e.
Page 185 8 Wireless LAN bintec elmeg GmbH Field Description Enter the WPA password. Enter an ASCII string with 8 - 63 characters. Note Change the default Preshared Key! If the key has not been changed, your device will not be protected against unau-...
Page 186 8 Wireless LAN bintec elmeg GmbH Field Description restriction on the number of connected clients. If this number is reached, new connection queries are initially rejected. If the cli- ent cannot find another wireless network and, therefore, repeats its query, the connection is accepted. Queries are only definit- ively rejected when the Max.
Page 187 8 Wireless LAN bintec elmeg GmbH Field Description Access Control Select whether only certain clients are to be permitted for this wireless network. The function is activated by selecting The function is disabled by default. Allowed Addresses Use Add to make entries and enter the MAC addresses (MAC Address) of the clients to be permitted.
Page 188: Client Link
8 Wireless LAN bintec elmeg GmbH Field Description (DTIM). The DTIM field is a data field in transmitted beacons that in- forms clients about the window to the next broadcast or multic- ast transmission. If clients operate in power save mode, they come alive at the right time and receive the data.
Page 189 8 Wireless LAN bintec elmeg GmbH Wireless LAN WLAN Client Link Fig. 67: -> -> -> The Wireless LAN->WLAN->Client Link-> menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Network Name (SSID) Enter the name of the wireless network (SSID).
Page 190 8 Wireless LAN bintec elmeg GmbH Field Description Enter a character string with the right number of characters for the selected WEP mode. For you need a character string with 5 characters, for with 13 characters, e.g. WPA Mode Only for Security Mode = Select whether you want to use WPA or WPA 2.
Page 191 8 Wireless LAN bintec elmeg GmbH 8.1.3.2 Client Link Scan After the desired Client Links have been configured, the icon is shown in the list. You use this icon to open the Scan menu. Wireless LAN WLAN Client Link Scan Fig.
Page 192: Bridge Links
8 Wireless LAN bintec elmeg GmbH Field Description Mode Shows the security mode (encryption and authentication) for the wireless network. Signal Displays the signal strength of the detected client link in dBm. Connected Displays the status of the link on your client.
Page 193: Administration
8 Wireless LAN bintec elmeg GmbH Field Description Bridge Link Name (ID) Depending on whether you operate the radio module as Ac- cess-Point / Bridge Link Master or as Bridge Link Client you create bridge links in master or slave mode.
Page 194: Basic Settings
8 Wireless LAN bintec elmeg GmbH 8.2.1 Basic Settings Wireless LAN Administration Basic Settings Fig. 70: -> -> The Wireless LAN->Administration->Basic Settingsmenu consists of the following fields: Fields in the WLAN Administration menu. Field Description Region Select the country in which the access point is to be run.
Page 195 8 Wireless LAN bintec elmeg GmbH Example scenario Example scenario WLAN with WPA-PSK Configuration target Configuration of an additional WLANs (Guest-WLAN) Overview of Configuration Steps Configuration Guest-WLAN Field Menu Value Network Name (SSID) Wireless LAN->WLAN->Wireless e.g. Networks (VSS)->New Visible Wireless LAN->WLAN->Wireless Enabled Networks (VSS)->New...
Page 196 8 Wireless LAN bintec elmeg GmbH Field Menu Value Networks (VSS) Assign IP pool Field Menu Value Address Mode LAN->IP Configuration->Interfaces- > vss7-11 IP Address / Netmask LAN->IP Configuration->Interfaces- e.g. > vss7-11 ->Add IP Pool Name Local Services->DHCP Server->IP e.g.
Page 197: Chapter 9 Wireless Lan Controller
AP's as well as itself. In larger WLAN networks a gateway, e.g. such as a bintec R1202, assumes the master function and manages the AP's. Provided the controller has "located" all of the APs in its system, each of these shall re- ceive a new passport and configuration in succession, i.e.
Page 198: Basic Settings
Please note: Make sure that option 138 is active when using an external DHCP server. If you wish to use a bintec elmegbintec elmeg Gateway for example as a DHCP server, click on the GUI menu for this device under Local Services->DHCP Server->DHCP Pool- >New->Advanced Settings in the DHCP Options field on the Add button.
Page 199: Radio Profile
9 Wireless LAN Controller bintec elmeg GmbH 9.1.2 Radio Profile Select which frequency band your WLAN controller shall use. If the is set then the 2.4 GHz frequency band is used. If the is set then the 5 GHz frequency band is used.
Page 200 9 Wireless LAN Controller bintec elmeg GmbH Enter an ASCII string with a maximum of 32 characters. Also select whether the Network Name (SSID) is to be transmitted. Security Mode Select the security mode (encryption and authentication) for the wireless network.
Page 201: Start Automatic Installation
9 Wireless LAN Controller bintec elmeg GmbH Note Before you continue, please ensure that all access points that the WLAN controller shall manage are correctly wired and switched on. 9.1.4 Start automatic installation You will see a list of all detected access points.
Page 202 9 Wireless LAN Controller bintec elmeg GmbH The number of channels you can select depends on the country setting. Please consult the data sheet for your device. Note Configuring the network name (SSID) in Access Point mode means that wireless net-...
Page 203: Controller Configuration
9 Wireless LAN Controller bintec elmeg GmbH Under Configure the Alert Service for WLAN surveillance, click Start to monitor your managed APs. You are taken to the External Reporting->Alert Service->Alert Recipient menu with the default setting Event = . You can specify that you wish to be notified by e-mail if the event occurs.
Page 204 Please note: Make sure that option 138 is active when using an external DHCP server. If you wish to use a bintec elmegbintec elmeg Gateway for ex- ample as a DHCP server, click on the GUI menu for this device under Local Services->DHCP Server->DHCP...
Page 205: Slave Ap Autoprofile
9 Wireless LAN Controller bintec elmeg GmbH Field Description Slave AP location Select whether the APs that the wireless LAN controller is to manage are located in the LAN or the WAN. Possible values: • (default value) • setting is useful if, for example, there is a wireless LAN controller installed at head office and its APs are distributed to different branches.
Page 206 9 Wireless LAN Controller bintec elmeg GmbH 9.2.2.1 Edit or New Wireless LAN Controller Controller Configuration Slave AP Fig. 72: -> -> Autoprofile -> The Wireless LAN Controller->Controller Configuration->Slave AP Autoprofile ->New menu consists of the following fields: Fields in the Access Point Filter menu...
Page 207: Slave Ap Configuration
9 Wireless LAN Controller bintec elmeg GmbH Field Description Location Specify the location of the AP. Description Enter a unique description for the AP. Fields in the Radio 1 or in the Radio 2 Field Description Operating Mode Wählen Sie aus, ob der Betriebsmodus vom verwendeten Funk- modulprofil bestimmt werden soll.
Page 208: Slave Access Points
9 Wireless LAN Controller bintec elmeg GmbH 9.3.1 Slave Access Points Wireless LAN Controller Slave AP configuration Slave Access Points Fig. 73: -> -> In the Wireless LAN Controller->Slave AP configuration->Slave Access Points menu a list of all APs found with the wizard is displayed.
Page 209 9 Wireless LAN Controller bintec elmeg GmbH Status Meaning Offline The AP is either administratively disabled or switched off or has its power supply cut off etc. 9.3.1.1 Edit Choose the icon to edit existing entries. You can also delete entries using the icon.
Page 210 9 Wireless LAN Controller bintec elmeg GmbH Field Description Location Displays the locality of the AP. The locations are given numbers if no location has been entered. You can enter another locality. Name Displays the name of the AP. You can change the name.
Page 211 9 Wireless LAN Controller bintec elmeg GmbH Field Description if they are operating on the same or closely adjacent wireless channels. So if you are operating two or more radio networks close to each other, it is advisable to allocate the networks to different channels.
Page 212: Radio Profiles
9 Wireless LAN Controller bintec elmeg GmbH 9.3.2 Radio Profiles Wireless LAN Controller Slave AP configuration Radio Profiles Fig. 75: -> -> An overview of all created wireless module profiles is displayed in the Wireless LAN Con- troller->Slave AP configuration->Radio Profiles menu. A profile with 2.4 GHz and a pro- file with 5 GHz are created by default;...
Page 213 9 Wireless LAN Controller bintec elmeg GmbH Wireless LAN Controller Slave AP configuration Radio Profiles / New Fig. 76: -> -> -> The Wireless LAN Controller->Slave AP configuration->Radio Profiles-> / New menu consists of the following fields: Fields in the menu Radio Profile Definition...
Page 214 9 Wireless LAN Controller bintec elmeg GmbH Field Description your network. Operation Band Select the frequency band of the wireless module profile. Possible values: • (default value): Your device is oper- ated at 2.4 GHz inside or outside buildings. •...
Page 215 9 Wireless LAN Controller bintec elmeg GmbH Field Description • : The device operates only in accordance with 802.11g. 802.11b clients have no access. • : Your device operates only in accordance with 802.11b and forces all clients to adapt to it.
Page 216 9 Wireless LAN Controller bintec elmeg GmbH Field Description Possible values: • : Three traffic flows are used. • : Two traffic flows are used. • : One traffic flow is used. Max. Transmission Select the transmission speed. Rate Possible values: •...
Page 217 9 Wireless LAN Controller bintec elmeg GmbH The menu Advanced Settings consists of the following fields: Fields in the menu Advanced Settings Field Description Channel Plan Select the desired channel plan. The channel plan makes a preselection when a channel is se- lected.
Page 218 9 Wireless LAN Controller bintec elmeg GmbH Field Description ast transmission. If clients operate in power save mode, they come alive at the right time and receive the data. Possible values are The default value is . RTS Threshold Here you can specify the data packet length threshold in bytes (1..2346) as of which the RTS/CTS mechanism is to be used.
Page 219: Wireless Networks (Vss)
9 Wireless LAN Controller bintec elmeg GmbH 9.3.3 Wireless Networks (VSS) Wireless LAN Controller Slave AP configuration Wireless Networks (VSS) Fig. 77: -> -> An overview of all created wireless networks is displayed in the Wireless LAN Controller- >Slave AP configuration->Wireless Networks (VSS) menu. A wireless network is cre- ated by default.
Page 220 9 Wireless LAN Controller bintec elmeg GmbH Wireless LAN Controller Slave AP configuration Wireless Networks Fig. 78: -> -> (VSS) -> The Wireless LAN Controller->Slave AP configuration->Wireless Networks (VSS)->New menu consists of the following fields: Fields in the menu Service Set Parameters...
Page 221 9 Wireless LAN Controller bintec elmeg GmbH Field Description be permitted within a radio cell. The function is activated by selecting The function is enabled by default. ARP Processing Select whether the ARP processing function should be enabled. The ARP data traffic is reduced in the network by the fact that ARP broadcasts that have been converted to ARP unicasts are forwarded to IP addresses that are known internally.
Page 222 9 Wireless LAN Controller bintec elmeg GmbH Field Description • : 802.11x Transmit Key Only for Security Mode = Select one of the keys configured in WEP Key as a standard key. The default value is WEP Key 1-4 Only for Security Mode = Enter the WEP key.
Page 223 9 Wireless LAN Controller bintec elmeg GmbH Field Description Select the type of encryption you want to apply to WPA2. Possible values: • (default value): AES is used. • : TKIP is used. • : AES or TKIP is used.
Page 224 9 Wireless LAN Controller bintec elmeg GmbH Field Description less module depends on the specifications of the respective WLAN module. This maximum is distrubuted across all wireless networks configured for this radio module. No more new wire- less networks can be created and a warning message will ap- pear if the maximum number of clients is reached.
Page 225 9 Wireless LAN Controller bintec elmeg GmbH Field Description value): The function is not used for this VSS. This is useful if clients are to switch between different radio cells with as little delay as possible, e. g. with Voice over WLAN.
Page 226 9 Wireless LAN Controller bintec elmeg GmbH Field Description Blacklist blocktime Enter the time for which an entry in the dynamic blacklist re- mains valid. Default value is seconds. Fields in the menu VLAN Field Description VLAN Select whether the VLAN segmentation is to be used for this wireless network.
Page 227: Monitoring
9 Wireless LAN Controller bintec elmeg GmbH 9.4 Monitoring This menu is used to monitor your WLAN infrastructure. Note In order to ensure adequate timing between the WLAN Controller and the connected Slave APs, the internal time server of the WLAN Controller should be enabled.
Page 228: Wlan Controller
9 Wireless LAN Controller bintec elmeg GmbH 9.4.1 WLAN Controller Wireless LAN Controller Monitoring WLAN Controller Fig. 79: -> -> In the Wireless LAN Controller->Monitoring->WLAN Controller menu, an overview of the most relevant Wireless LAN Controller parameters is displayed. The display is re- freshed every 30 seconds.
Page 229: Slave Access Points
9 Wireless LAN Controller bintec elmeg GmbH Status Meaning AP managed Displays the number of managed access points. WLAN Controller: VSS Displays the data traffic in receive and transmit direction in throughput bytes per second. CPU usage [%] Displays the percentaged CPU load over time.
Page 230 9 Wireless LAN Controller bintec elmeg GmbH Wireless LAN Controller Monitoring Slave Access Points Overview Fig. 81: -> -> -> Values in the Overview list Status Meaning Throughput Displays the received and transmitted data traffic per radio mod- ule over time.
Page 231: Active Clients
9 Wireless LAN Controller bintec elmeg GmbH Wireless LAN Controller Monitoring Slave Access Points Radio Fig. 82: -> -> -> Values in the Radio list Status Meaning Throughput/client Displays the received and transmitted data traffic per client over time. 9.4.3 Active Clients...
Page 232 9 Wireless LAN Controller bintec elmeg GmbH Possible values for Status Status Meaning None The client is no longer in a valid status. Logon The client is currently logging on with the WLAN. Associated The client is logged on with the WLAN.
Page 233: Wireless Networks (Vss)
9 Wireless LAN Controller bintec elmeg GmbH 9.4.4 Wireless Networks (VSS) Wireless LAN Controller Monitoring Wireless Networks (VSS) Fig. 85: -> -> In the Wireless LAN Controller->Monitoring->Wireless Networks (VSS) menu, an over- view of the currently used AP is displayed. You see which wireless module is assigned to which wireless network.
Page 234: Neighbor Monitoring
9 Wireless LAN Controller bintec elmeg GmbH 9.5 Neighbor Monitoring This menu serves the monitoring of remote access points. 9.5.1 Neighbor APs Wireless LAN Controller Neighbor Monitoring Neighbor APs Fig. 87: -> -> In the Wireless LAN Controller->Neighbor Monitoring->Neighbor APs menu, the adja- cent AP's found during the scan are displayed.
Page 235: Rogue Aps
9 Wireless LAN Controller bintec elmeg GmbH 9.5.2 Rogue APs Wireless LAN Controller Neighbor Monitoring Rogue APs Fig. 88: -> -> APs which are using an SSID from their own network but are not managed by Wireless LAN Controller are displayed in the Wireless LAN Controller->Neighbor Monitoring->Rogue APs menu.
Page 236: Rogue Clients
9 Wireless LAN Controller bintec elmeg GmbH 9.5.3 Rogue Clients Wireless LAN Controller Neighbor Monitoring Rogue Clients Fig. 89: -> -> The Wireless LAN Controller->Neighbor Monitoring->Rogue Clients menu displays the clients which have attempted to gain unauthorised access to the network and which are therefore on the blacklist.
Page 237: Maintenance
9 Wireless LAN Controller bintec elmeg GmbH 9.5.3.1 New Choose the New button to configure additional blacklist entries. Wireless LAN Controller Neighbor Monitoring Rogue Clients Fig. 90: -> -> -> The menu consists of the following fields: Fields in the New Blacklist Entry menu...
Page 238: Firmware Maintenance
9 Wireless LAN Controller bintec elmeg GmbH 9.6.1 Firmware Maintenance Wireless LAN Controller Maintenance Firmware Maintenance Fig. 91: -> -> In the Wireless LAN Controller->Maintenance->Firmware Maintenance menu, a list of all Managed Access Points is displayed. For each managed AP you will see an entry with the following parameter set: Update firm- ware, Location, Device, IP Address, LAN MAC Address, Firmware Version , Status.
Page 239 9 Wireless LAN Controller bintec elmeg GmbH Field Description Action Select the action you wish to execute. After each task, a window is displayed showing the other steps that are required. Possible values: • : You can also start an update of the system software.
Page 240: Chapter 10 Networking
10 Networking bintec elmeg GmbH Chapter 10 Networking 10.1 Routes Default Route With a default route, all data is automatically forwarded to one connection if no other suit- able route is available. If you set up access to the Internet, you must configure the route to your Internet Service Provider (ISP) as a default route.
Page 241 10 Networking bintec elmeg GmbH Network Routes IPv4 Route Configuration Route Class Fig. 92: -> -> -> with Standard If the option is selected for the Route Class, an extra configuration section opens. Network Routes IPv4 Route Configuration Route Class Fig.
Page 242 10 Networking bintec elmeg GmbH fields: Fields in the menu Basic Parameters Field Description Route Type Select the type of route. Possible values: • : Route via a specific in- terface which is to be used if no other suitable route is avail- able.
Page 243 10 Networking bintec elmeg GmbH Field Description Note When the DHCP lease expires or when the device is re- started, the routes that consist from the combination of DH- CP settings and those made here are initially deleted once more from the active routing. If the DHCP is reconfigured they are re-generated and re-activated.
Page 244 10 Networking bintec elmeg GmbH Field Description Gateway IP Address Only for Route Type = Enter the IP address of the gateway to which your device is to forward the IP packets. Metric Select the priority of the route. The lower the value, the higher the priority of the route.
Page 245 10 Networking bintec elmeg GmbH Field Description • : Enables the entry of a range of port numbers. • : Entry of privileged port numbers: 0 ... 1023. • : Entry of server port numbers: 5000 ... 32767. • : Entry of client port numbers: 1024 ... 4999.
Page 246: Ipv6 Route Configuration
10 Networking bintec elmeg GmbH Field Description according to RFC 3260 is used to signal the priority of IP packets (indicated in decimal format). • : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in hexadecimal format).
Page 247 10 Networking bintec elmeg GmbH 10.1.2.1 Edit or New Choose the icon to edit existing entries. Choose the New button to create additional routes. Routes without an icon have been created by the router automatically and cannot be edited. Network...
Page 248 10 Networking bintec elmeg GmbH Field Description • : Route via a specific gate- way which is used if no other adequate route is available. • : Route to a single host via a specific interface. • : Route to a single host via a specific gateway.
Page 249: Ipv4 Routing Table
10 Networking bintec elmeg GmbH 10.1.3 IPv4 Routing Table A list of all IPv4 routes is displayed in the Network->Routes->IPv4 Routing Table menu. The routes do not all need to be active, but can be activated at any time by relevant data traffic.
Page 250: Ipv6 Routing Table
10 Networking bintec elmeg GmbH Field Description Protocol Displays how the entry has been created , e.g. manually ( ) or via one of the available protocols. Delete You can delete entries with the symbol. 10.1.4 IPv6 Routing Table A list of all configured IPv6 routes is displayed in the Network->Routes->IPv6 Routing Ta- ble menu.
Page 251 10 Networking bintec elmeg GmbH tivated for an interface, incoming data packets are only accepted over this interface if out- going response packets are routed over the same interface. You can therefore prevent the acceptance of packets with false IP addresses - even without using filters.
Page 252: Ipv6 General Prefixes
10 Networking bintec elmeg GmbH Field Description Displays the name of the interface. Back Route Verify Only for Mode = Select whether is to be activated for the interface. The function is enabled with By default, the function is deactivated for all interfaces.
Page 253 10 Networking bintec elmeg GmbH Networking IPv6 General Prefixes General Prefix Configuration Fig. 98: -> -> -> Fields in the Basic Parameters menu. Field Description General Prefix active Select if the prefix is to be active or inactive.. With the status of the prefix will be set to active.
Page 254: Nat
10 Networking bintec elmeg GmbH Field Description Used Prefix / Length Only with Type = Enter the prefix to be used. Enter the corresponding length. This prefix must end with ::. The default value is 10.3 NAT Network Address Translation (NAT) is a function on your device for defined conversion of source and destination addresses of IP packets.
Page 255: Nat Configuration
10 Networking bintec elmeg GmbH Field Description Loopback active The NAT loopback function also enables network address trans- lation for connectors whereby NAT is not activated. This is often used in order to interpret queries from the LAN as if they were coming from the WAN.
Page 256 10 Networking bintec elmeg GmbH Networking NAT Configuration Fig. 100: -> -> -> The Networking->NAT->NAT Configuration ->New menu consists of the following fields: Fields in the menu Basic Parameters Field Description Description Enter a description for the NAT configuration. Interface Select the interface for which NAT is to be configured.
Page 257 10 Networking bintec elmeg GmbH Field Description Select the NAT method for outgoing data traffic. The starting point for choosing the NAT method is a NAT scenario in which an "internal" source host has initiated an IP connection to an "ex- ternal"...
Page 258 10 Networking bintec elmeg GmbH Field Description Select which data packets are to be excluded by NAT. Possible values: • (default value): All the data packets that match the following parameters that are to be configured (protocol, source IP address/network mask, destination IP address/net- mask, etc.) are excluded by NAT.
Page 259 10 Networking bintec elmeg GmbH Field Description • • • • • • • • • • • • • • Source IP Address/ Only for Type of traffic = Netmask Enter the source IP address and corresponding netmask of the original data packets, as the case arises.
Page 260 10 Networking bintec elmeg GmbH Field Description Original Source Port/ Only for Type of traffic = , NAT Range method = , Service = and Pro- tocol = Enter the source port of the original data packets. The default setting means that the port remains unspecified.
Page 261 10 Networking bintec elmeg GmbH Field Description dress/Netmask Enter the destination IP address and corresponding netmask to which the original destination IP address is to be translated. New Destination Port Only for Type of traffic = Service = and Protocol = Leave the destination port as it appears or enter the destination port to which the original destination port is to be translated.
Page 262: Nat - Configuration Example
10 Networking bintec elmeg GmbH Field Description count of ports is retained. 10.3.3 NAT - Configuration example Requirements • Basic configuration of the gateway • A working Internet access. For example, Company Connect with 8 IP addresses. • The Ethernet interface ETH is connected to the access router to the internet (IP address •...
Page 263 10 Networking bintec elmeg GmbH Field Menu Value Silent Deny Network->NAT->NAT Interfaces Enabled for Configured NAT enables Field Menu Value Description Network->NAT->NAT e.g. Configuration->New Interface Network->NAT->NAT Configuration->New Type of traffic Network->NAT->NAT Configuration->New Service Network->NAT->NAT Configuration->New Protocol Network->NAT->NAT Configuration->New Original Destination IP Network->NAT->NAT...
Page 264: Load Balancing
10 Networking bintec elmeg GmbH Field Menu Value New Destination Port Network->NAT->NAT Configuration->New Terminal Server Field Menu Value Description Network->NAT->NAT e.g. Configuration->New Interface Network->NAT->NAT Configuration->New Type of traffic Network->NAT->NAT Configuration->New Service Network->NAT->NAT Configuration->New Protocol Network->NAT->NAT Configuration->New Original Destination IP Network->NAT->NAT Address/Netmask Configuration->New...
Page 265 10 Networking bintec elmeg GmbH with different providers. • Session-based load balancing is achieved. • Related (dependent) sessions are always routed over the same interface. • A decision on distribution is only made for outgoing sessions. A list of all configured load balancing groups is displayed in the Networking->Load Balan- cing->Load Balancing Groups menu.
Page 266 10 Networking bintec elmeg GmbH Field Description Possible values: • (default value): A newly added session is assigned to one of the group interfaces according to the percentage assignment of sessions to the interfaces. The number of sessions is decisive.
Page 267 10 Networking bintec elmeg GmbH Networking Load Balancing Load Balancing Groups Fig. 102: -> -> -> Fields in the Basic Parameters menu. Field Description Group Description Shows the description of the interface group. Distribution Policy Displays the type of data traffic selected.
Page 268 10 Networking bintec elmeg GmbH Field Description cisive factor. The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu. Field Description Route Selector The Route Selector parameter is an additional criterion to help define a load balancing group more precisely. Here, routing in- formation is added to the "interface"...
Page 269: Special Session Handling
10 Networking bintec elmeg GmbH Field Description ancing status now varies according to the status of the assigned host surveillance entry. Select the IP address for the route to be monitored. You can choose from the IP addresses you have entered in the Local Services->Surveillance->Hosts->New menu under...
Page 270 10 Networking bintec elmeg GmbH Networking Load Balancing Special Session Handling Fig. 103: -> -> -> The Networking->Load Balancing->Special Session Handling->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Admin Status Select whether the Special Session Handling should be activ- ated.
Page 271 10 Networking bintec elmeg GmbH Field Description • • • • • The default value is Protocol Select a protocol, if required. The option (default value) matches any protocol. Destination IP Ad- Enter, if required, the destination IP address and netmask of the dress/Netmask data packets.
Page 272: Load Balancing - Configuration Example
10 Networking bintec elmeg GmbH Field Description Source Port/Range Enter, if required, a source port number or a range of source port numbers. Possible values: • (default value): The destination port is not specified. • : Enter a destination port.
Page 273 Internet accesses. Note When creating the ADSL connections, besides the public IP address, the bintec R3002 also obtains the IP addresses of the DNS servers for resolving the name of the con- figured Internet provider. Particularly when using different Internet providers, the use of the DSN servers needs to be connection-specific.
Page 274 10 Networking bintec elmeg GmbH Field Menu Value Description Assistants->Internet Access->Internet e.g. Connections->New->Next Type Assistants->Internet Access->Internet Connections->New->Next Login Name Assistants->Internet Access->Internet e.g. Connections->New->Next Password Assistants->Internet Access->Internet e.g. Connections->New->Next Note The message you get when you create the second ADSL connection may be ignored.
Page 275: Qos
10 Networking bintec elmeg GmbH Field Menu Value Distribution Mode Network->Load Balancing->Load Bal- ancing Groups->New Interface Network->Load Balancing->Load Bal- ancing Groups->New->Add Distribution Ratio Network->Load Balancing->Load Bal- ancing Groups->New->Add Interface Network->Load Balancing->Load Bal- ancing Groups->New->Add Distribution Ratio Network->Load Balancing->Load Bal- ancing Groups->New->Add...
Page 276 10 Networking bintec elmeg GmbH 10.5.1.1 New Choose the New button to define more IP filters. Networking IPv4/IPv6 Filter QoS Filter Fig. 104: -> -> -> The Networking->IPv4/IPv6 Filter->QoS Filter->New menu consists of the following fields: Fields in the Basic Parameters menu.
Page 277 10 Networking bintec elmeg GmbH Field Description Protocol Select a protocol. option (default value) matches any protocol. Type Only for Protocol = Select the type. Possible values: See RFC 792. The default value is Connection State With Protocol = , you can define a filter that takes the status of the TCP connections into account.
Page 278 10 Networking bintec elmeg GmbH Field Description fix length. Destination Port/Range Only for Protocol = Enter a destination port number or a range of destination port numbers. Possible values: • (default value): The destination port is not specified. • : Enter a destination port.
Page 279: Qos Classification
10 Networking bintec elmeg GmbH Field Description DSCP/TOS Filter Select the Type of Service (TOS). (Layer 3) Possible values: • (default value): The type of service is ignored. • : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in binary format, 6 bit).
Page 280 10 Networking bintec elmeg GmbH Networking QoS Classification Fig. 105: -> -> -> The Networking->QoS->QoS Classification->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Class map Choose the class plan you want to create or edit.
Page 281 10 Networking bintec elmeg GmbH Field Description To select a filter, at least one filter must be configured in the Networking->QoS->QoS Filter menu. Direction Select the direction of the data packets to be classified. Possible values: • : Incoming data packets are assigned to the class (Class ID) that is then to be defined.
Page 282: Qos Interfaces/Policies
10 Networking bintec elmeg GmbH Field Description • : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in decimal format). • : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in hexadecimal format).
Page 283 10 Networking bintec elmeg GmbH only for data traffic classified as outgoing and for data traffic classified in both directions. A priority is assigned to these automatic queues. The value of the priority is equal to the value of the class ID. You can change the default priority of a queue. If you add new queues, you can also use classes in other class plans via the class ID.
Page 284 10 Networking bintec elmeg GmbH Field Description • : QoS is activated on the inter- face. The available bandwidth is distributed as “fairly” as pos- sible among the (automatically detected) traffic flows in a queue. Exception: High-priority packets are always handled with priority.
Page 285 10 Networking bintec elmeg GmbH Field Description Can only be selected for IPSec interfaces: • • • • Encryption Method Only if an IPSec Peers is selected as Interface, Traffic shap- ing is and Protocol Header Size below Layer 3 is Select the encryption method used for the IPSec connection.
Page 286 10 Networking bintec elmeg GmbH Field Description the automatic detection of RTP streams. In this mode, the Real Time Jitter Control is activated as soon as an RTP stream has been detected. • : Voice data transmission is not optimised.
Page 287 10 Networking bintec elmeg GmbH Field Description Class ID Only for Prioritisation queue = Select the QoS packet class to which this queue is to apply. To do this, at least one class ID must be given in the Network- ing->QoS->QoS Classification menu.
Page 288 10 Networking bintec elmeg GmbH Field Description Speed Enter a maximum data rate for the queue in kbits. Possible values are The default value is . Overbooking allowed Only for Traffic Shaping = enabled. Enable or disable the function. The function controls the band- width limit.
Page 289: Access Rules
10 Networking bintec elmeg GmbH Field Description • : A randomly selected packet is dropped from the queue. Congestion Avoidance Enable or disable preventative deletion of data packets. (RED) Packets which have a data size of between Min. queue size and Max.
Page 290 GmbH Access lists are an effective means if, for example, sites with LANs interconnected over a bintec elmeg gateway wish to deny all incoming FTP requests or only allow Telnet sessions between certain hosts. Access filters in the gateway are based on the combination of filters and actions for filter rules (= rules) and the linking of these rules to form rule chains.
Page 291: Access Filter
10 Networking bintec elmeg GmbH If possible, access your gateway for filter configuration over the serial console (not available for all devices) interface or ISDN Login. 10.6.1 Access Filter This menu is for configuration of access filter Each filter describes a certain part of the IP traffic and defines, for example, the IP addresses, the protocol, the source port or the des- tination port.
Page 292 10 Networking bintec elmeg GmbH The Networking->Access Rules->Access Filter->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a description for the filter. Service Select one of the preconfigured services. The extensive range of services configured ex works includes the following: •...
Page 293 10 Networking bintec elmeg GmbH Field Description See RFC 792. Connection State Only if Protocol = You can define a filter that takes the status of the TCP connec- tions into account. Possible values: • (default value): All TCP packets match the filter.
Page 294 10 Networking bintec elmeg GmbH Field Description • : Enables the entry of a range of port numbers. Source IPv4 Address/ Enter the source IPv4 address of the data packets and the cor- Netmask responding netmask. Possible values: • (default value): The source IP address/netmask are not specified.
Page 295: Rule Chains
10 Networking bintec elmeg GmbH Field Description • : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in decimal format). • : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in hexadecimal format).
Page 296 10 Networking bintec elmeg GmbH Networking Access Rules Rule Chains Fig. 110: -> -> -> The Networking->Access Rules->Rule Chains->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Rule Chain Select whether to create a new rule chain or to edit an existing one.
Page 297: Interface Assignment
10 Networking bintec elmeg GmbH Field Description does not match the filter. • : Deny packet if it matches the filter. • : Deny packet if it does not match the filter. • : Use next rule. To set the rules of a rule chain in a different order select the button in the list menu for the entry to be shifted.
Page 298 10 Networking bintec elmeg GmbH Networking Access Rules Interface Assignment Fig. 112: -> -> -> The Networking->Access Rules->Interface Assignment->New menu consists of the fol- lowing fields: Fields in the Basic Parameters menu. Field Description Interface Select the interface for which a configured rule chain is to be as- signed.
Page 299: Drop In
10 Networking bintec elmeg GmbH 10.7 Drop In "Drop-in mode" allows you to split a network into smaller segments without having to divide the IP network into subnets. Several interfaces can be combined in a drop-in group and as- signed to a network to do this. All of the interfaces are then configured with the same IP ad- dress.
Page 300 10 Networking bintec elmeg GmbH Fields in the Basic Parameters menu. Field Description Group Description Enter a unique name for the Drop In group. Mode Select which mode is to be used to send the MAC addresses of network components.
Page 301 10 Networking bintec elmeg GmbH Field Description DHCP Client on Inter- Only for Network Configuration = face Here you can select an Ethernet interface on your router which is to act as the DHCP client. You need this setting, for example, if your provider's router is being used as the DHCP server.
Page 302: Chapter 11 Routing Protocols
11 Routing Protocols bintec elmeg GmbH Chapter 11 Routing Protocols 11.1 RIP The entries in the routing table can be defined statically or the routing table can be updated constantly by dynamic exchange of routing information between several devices. This ex- change is controlled by a Routing Protocol, e.g.
Page 303 11 Routing Protocols bintec elmeg GmbH Routing Protocols RIP Interfaces Fig. 115: -> -> -> The menu Networking->RIP->RIP Interfaces-> consists of the following fields: Fields in the RIP Parameters for menu. Field Description Send Version Decide whether routes are to be propagated via RIP and if so, select the RIP version for sending RIP packets over the inter- face in send direction.
Page 304: Rip Filter
11 Routing Protocols bintec elmeg GmbH Field Description • (default value): RIP is not enabled. • : Enables sending and receiving of version 1 RIP packets. • : Enables sending and receiving of version 2 RIP packets. • :Enables sending and receiving RIP packets of both version 1 and 2.
Page 305 11 Routing Protocols bintec elmeg GmbH tion. You configure a filter for a default route with the following values: • IP Address / Netmask = no entry for IP address (this corresponds to IP address 0.0.0.0), for netmask = 255.255.255.255 A list of all RIP filters is displayed in the Routing Protocols->RIP->RIP Filter menu.
Page 306 11 Routing Protocols bintec elmeg GmbH Field Description Interface Select the interface to which the rule to be configured applies. IP Address / Netmask Enter the IP address and netmask to which the rule is to be ap- plied. This address can be in the LAN or WAN.
Page 307: Rip Options
11 Routing Protocols bintec elmeg GmbH 11.1.3 RIP Options Routing Protocols RIP Options Fig. 118: -> -> The menu Routing Protocols->RIP->RIP Options consists of the following fields: Fields in the Global RIP Parameters menu. Field Description RIP UDP Port The setting option UDP Port, which is used for sending and re- ceiving RIP updates, is only for test purposes.
Page 308 11 Routing Protocols bintec elmeg GmbH Field Description (=“Network is not reachable“). The function is enabled with The function is disabled by default. RFC 2453 Variable For the timers described in RFC 2453, select whether the same Timer values that you can configure in the Timer for RIP V2 (RFC 2453) menu should be used.
Page 309 11 Routing Protocols bintec elmeg GmbH Field Description Garbage Collection Only for RFC 2453 Variable Timer = Timer The Garbage Collection Timer is started as soon as the route timeout has expired. After this timeout, the invalid route is deleted from the IPROUTETABLE if no update is carried out for the route.
Page 310: Chapter 12 Multicast
12 Multicast bintec elmeg GmbH Chapter 12 Multicast What is multicasting? Many new communication technologies are based on communication from one sender to several recipients. Therefore, modern telecommunication systems such as voice over IP or video and audio streaming (e.g. IPTV or Webradio) focus on reducing data traffic, e.g. by offering TriplePlay (voice, video, data).
Page 311: General
12 Multicast bintec elmeg GmbH dedicated host, but rather a group, i.e. during the routing of multicast packets, the decisive factor is whether a recipient is in a logged-in subnet. In the local network, all hosts are required to accept all multicast packets. For Ethernet or FDD, this is based on MAC mapping, where the group address is encoded into the destina- tion MAC address.
Page 312: General
12 Multicast bintec elmeg GmbH 12.1.1 General In the Multicast->General->General menu you can disable or enable the multicast func- tion. Multicast General General Fig. 119: -> -> The Multicast->General->General menu consists of the following fields: Fields in the Basic Settings menu.
Page 313: Igmp
12 Multicast bintec elmeg GmbH 12.2.1 IGMP In this menu, you configure the interfaces on which IGMP is to be enabled. 12.2.1.1 Edit or New Choose the icon to edit existing entries. Choose the New button to configure IGMP on other interfaces.
Page 314 12 Multicast bintec elmeg GmbH Field Description Time within which hosts must respond. The hosts randomly select a time delay from this interval before sending the response. This spreads the load in networks with several hosts, improving per- formance. Possible values are...
Page 315: Options
12 Multicast bintec elmeg GmbH IGMP Proxy enables you to simulate several locally connected interfaces as a subnet to an adjacent router. Queries coming in to the IGMP Proxy interface are forwarded to the local subnets. Local reports are forwarded on the IPGM Proxy interface.
Page 316 12 Multicast bintec elmeg GmbH Multicast IGMP Options Fig. 122: -> -> The Multicast->IGMP->Options menu consists of the following fields: Fields in the Basic Settings menu. Field Description IGMP Status Select the IGMP status. Possible values: • (default value): Multicast is activated automatically for hosts if the hosts open applications that use multicast.
Page 317: Forwarding
12 Multicast bintec elmeg GmbH Field Description sources per group. The default value is IGMP State Limit Enter the maximum permitted total number of incoming queries and messages per second. The default value is , i.e. the number of IGMP status mes- sages is not limited.
Page 318 12 Multicast bintec elmeg GmbH Field Description this, check Disable the option if you only want to forward one defined mul- ticast group to a particular interface. The option is deactivated by default. Multicast Group Ad- Only for All Multicast Groups = not active.
Page 319: Chapter 13 Wan
13 WAN bintec elmeg GmbH Chapter 13 WAN This menu offers various options for configuring accesses or connections from your LAN to the WAN. You can also optimise voice transmission here for telephone calls over the Inter- net. 13.1 Internet + Dialup In this menu, you can set up Internet access or dialup connections.
Page 320: Default Route
13 WAN bintec elmeg GmbH Field Description administratively set to down (deactivated); connection setup not possible for leased lines: Authentication When a call is received, the calling party number is always sent over the ISDN D-channel. This number enables your device to identify the caller (CLID), provided the caller is entered on your device.
Page 321: Pppoe
13 WAN bintec elmeg GmbH can answer an incoming call with a callback or request a callback from a connection part- ner. Identification can be based on the calling party number or PAP/CHAP/MS-CHAP au- thentication. Identification is made in the former case without call acceptance, as the calling party number is transferred over the ISDN D-channel, and in the latter case with call ac- ceptance.
Page 322 13 WAN bintec elmeg GmbH SL access. However, PPPoE is now offered here too by some providers. 13.1.1.1 New Choose the New button to set up new PPPoE interfaces. Internet + Dialup PPPoE Fig. 124: -> -> -> The menu WAN->Internet + Dialup->PPPoE->New consists of the following fields: Fields in the Basic Parameters menu.
Page 323 13 WAN bintec elmeg GmbH Field Description ters or umlauts must be used. PPPoE Mode Select whether you want to use a standard Internet connection over PPPoE ( ) or your Internet access is to be set up over several interfaces ( ).
Page 324 13 WAN bintec elmeg GmbH Field Description this function to be able to enter a value under VLAN ID. VLAN ID Only if VLAN is enabled. Enter the VLAN-ID that you received from your provider. Always on Select whether the interface should always be activated.
Page 325 13 WAN bintec elmeg GmbH Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically. Possible values: • (default value): Your device is dynamic- ally assigned an IP address.
Page 326 13 WAN bintec elmeg GmbH Field Description net Protocol version 6 (IPv6) for data transmission. The function is activated by selecting The function is disabled by default. Security Policy Select the security settings to be used with the interface. Possible values: •...
Page 327 13 WAN bintec elmeg GmbH The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu. Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed. The de-...
Page 328: Pptp
13 WAN bintec elmeg GmbH Field Description Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload. This function can be specially applied for asymmetrical bandwidths (ADSL). The function is enabled with The function is disabled by default.
Page 329 13 WAN bintec elmeg GmbH Internet + Dialup PPTP Fig. 125: -> -> -> The menu WAN->Internet + Dialup->PPTP->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a name for uniquely identifying the internet connection.
Page 330 13 WAN bintec elmeg GmbH Field Description When using the internal DSL modem, select here the EthoA in- terface configured in Physical Interfaces->ATM->Profiles->New, e.g. User Name Enter the user name. Password Enter the password. Always on Select whether the interface should always be activated.
Page 331 13 WAN bintec elmeg GmbH Field Description You can configure exceptions for the selected setting in the Firewall on page 415 menu. IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically.
Page 332 13 WAN bintec elmeg GmbH The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu. Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed. The de-...
Page 333: Pppoa
13 WAN bintec elmeg GmbH Field Description Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload. This function can be specially applied for asymmetrical bandwidths (ADSL). The function is enabled with The function is disabled by default.
Page 334 13 WAN bintec elmeg GmbH 13.1.3.1 New Choose the New button to set up new PPPoA interfaces. Internet + Dialup PPPoA Fig. 126: -> -> -> The menu WAN->Internet + Dialup->PPPoA->New consists of the following fields: Fields in the Basic Parameters menu.
Page 335 13 WAN bintec elmeg GmbH Field Description provider. User Name Enter the user name. Password Enter the password for the PPPoA connection. Always on Select whether the interface should always be activated. The function is enabled with The function is disabled by default.
Page 336 13 WAN bintec elmeg GmbH Field Description IP Address Mode Choose whether your device has a static IP address or is as- signed one dynamically. Possible values: • (default value): Your device is dynamic- ally assigned an IP address. •...
Page 337 13 WAN bintec elmeg GmbH Field Description Protocol version 6 (IPv6) for data transmission. The function is activated by selecting The function is disabled by default. Security Policy Select the security settings to be used with the ATM profile. Possible values: •...
Page 338 13 WAN bintec elmeg GmbH The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu. Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed. The de-...
Page 339: Isdn
13 WAN bintec elmeg GmbH Field Description Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload. This function can be specially applied for asymmetrical bandwidths (ADSL). The function is enabled with The function is disabled by default.
Page 340 13 WAN bintec elmeg GmbH Internet + Dialup ISDN Fig. 127: -> -> -> The menu WAN->Internet + Dialup->ISDN->New consists of the following fields: Fields in the Basic Parameters menu. bintec RS Series...
Page 341 13 WAN bintec elmeg GmbH Field Description Description Enter a name for uniquely identifying the connection partner. The first character in this field must not be a number No special characters or umlauts must be used. Connection Type Select which layer 1 protocol your device should use.
Page 342 13 WAN bintec elmeg GmbH Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically. Possible values: • (default value): You enter a static IP address.
Page 343 13 WAN bintec elmeg GmbH Field Description IP Assignment Pool Only if IP Address Mode = Select IP pools configured in the WAN->Internet + Dialup->IP Poolsmenu. If an IP pool has not been configured here yet, the message appears in this field.
Page 344 13 WAN bintec elmeg GmbH Field Description • : Primarily run CHAP, otherwise PAP. • : Only run MS-CHAP version 1 (PPP Microsoft Challenge Handshake Authentication Protocol). • : Primarily run CHAP, on denial then the authentication protocol required by the connection partner.
Page 345 13 WAN bintec elmeg GmbH Field Description • : Your device calls back after a period of time suggested by the Microsoft client (NT: 10 seconds, new systems: 12 seconds. It uses the call number (Entries->Call Number) with the Mode entered for the connection partner.
Page 346 13 WAN bintec elmeg GmbH Field Description • : Static channel bundling. • : Dynamic channel bundling. Fields in the Dial Numbers menu Field Description Entries Add new entries with Add. Fields in menu Dial Number Configuration (appears only for Entries = Add)
Page 347: Umts/Lte
13 WAN bintec elmeg GmbH Field Description • : OSPF is activated for this interface, i.e. routes are propagated or OSPF protocol packets sent over this interface. • : OSPF is disabled for this interface. Proxy ARP Mode Select whether and how ARP requests from your own LAN are to be responded to for the specified connection partner.
Page 348 13 WAN bintec elmeg GmbH the mobile network. 13.1.5.1 New Choose the New button to create additional connections. Internet + Dialup UMTS/LTE Fig. 128: -> -> -> The WAN->Internet + Dialup->UMTS/LTE->New menu consists of the following fields: Fields in the Basic Parameters menu.
Page 349 13 WAN bintec elmeg GmbH Field Description preselected. User Name Enter the user name. Password Enter the password. Always on Select whether the interface should always be activated. The function is enabled with The function is disabled by default. Only activate this option if you have Internet access with a flat- rate charge.
Page 350 13 WAN bintec elmeg GmbH Field Description Create NAT Policy Specify whether Network Address Translation (NAT) is to be ac- tivated. The function is enabled with The function is enabled by default. Local IP Address Only if IP Address Mode = Enter the static IP address of the connection partner.
Page 351 13 WAN bintec elmeg GmbH Field Description • (default value): Only run (PPP Password Authentic- ation Protocol); the password is transferred unencrypted. • : Only run (PPP Challenge Handshake Authentic- ation Protocol as per RFC 1994); password is transferred en- crypted.
Page 352: Ip Pools
13 WAN bintec elmeg GmbH 13.1.6 IP Pools The IP Pools menu displays a list of all IP pools. Your device can operate as a dynamic IP address server for PPP connections. You can use this function by providing one or more pools of IP addresses. These IP addresses can be assigned to dialling-in connection partners for the duration of the connection.
Page 353: Atm
13 WAN bintec elmeg GmbH Field Description DNS Server Primary: Enter the IP address of the DNS server that is to be used, preferably, by clients who draw an address from this pool. Secondary: Optionally, enter the IP address of an alternative DNS server.
Page 354: Profiles
13 WAN bintec elmeg GmbH 13.2.1 Profiles A list of all ATM profiles is displayed in the WAN->ATM->Profiles menu. If the connection for your Internet access is set up using the internal modem, the ATM con- nection parameters must be set for this. An ATM profile combines a set of parameters for a specific provider.
Page 355 13 WAN bintec elmeg GmbH Fields in the ATM Profiles Parameter menu. Field Description Provider Select one of the preconfigured ATM profiles for your provider from the list or manually define the profile using Description Only for Provider = Enter the desired description for the connection.
Page 356 13 WAN bintec elmeg GmbH Field Description tification number of the virtual channel. A virtual channel is the logical connection for the transport of ATM cells between two or more points. Note your provider's instructions. Possible values are The default value is 32.
Page 357 13 WAN bintec elmeg GmbH Field Description The function is enabled with The function is disabled by default. Address Mode Only for Type = Select how an IP address is to be assigned to the interface. Possible values: • (default value): The interface is assigned a static IP address in IP Address / Netmask.
Page 358: Service Categories
13 WAN bintec elmeg GmbH Field Description The maximum length of the entry is 45 characters. Fields in menu Routed Protocols over ATM Settings (appears only for Type = Routed Protocols over ATM) Field Description IP Address/Netmask Enter the IP addresses (IP Address) and the corresponding netmasks (Netmask) of the ATM interface.
Page 359 (traffic contract). The configuration of ATM QoS requires extensive knowledge of ATM technology and the way the bintec elmegbintec elmeg devices function. An incorrect configuration can cause considerable disruption during operation. If applicable, save the original config- uration on your PC.
Page 360 13 WAN bintec elmeg GmbH Field Description • (default value): No spe- cific data rate is guaranteed for the connection. The Peak Cell Rate (PCR) specifies the limit above which data is discarded. This category is suitable for non-critical applications.
Page 361: Oam Controlling
OAM Continuity Check (OAM CC). These can be configured independently of each other. Caution The configuration of OAM requires extensive knowledge of ATM technology and the way the bintec elmegbintec elmeg devices functions. An incorrect configuration can cause considerable disruption during operation. If applicable, save the original config- uration on your PC.
Page 362 13 WAN bintec elmeg GmbH OAM Controlling Fig. 132: -> -> -> The menu WAN->ATM->OAM Controlling->New consists of the following fields: Fields in the OAM Flow Configuration menu. Field Description OAM Flow Level Select the OAM flow level to be monitored.
Page 363 13 WAN bintec elmeg GmbH Field Description The function is enabled with The function is disabled by default. End-to-End Send Inter- Only if Loopback End-to-End is enabled. Enter the time in seconds after which a loopback cell is to be sent.
Page 364 13 WAN bintec elmeg GmbH Fields in the CC Activation menu. Field Description Continuity Check (CC) Select whether you activate the OAM-CC test for the connection End-to-End between the endpoints of the VCC or VPC. Possible values: • (default value): OAM CC requests are responded to after CC negotiation (CC activation negotiation).
Page 365: Real Time Jitter Control
13 WAN bintec elmeg GmbH Field Description There is no CC negotiation. • : The function is disabled. Also select whether the test cells of the OAM CC are to be sent or received. Possible settings: • (default value): CC data is both received and gener- ated.
Page 366 13 WAN bintec elmeg GmbH Real Time Jitter Control Controlled Interfaces Fig. 133: -> -> -> The menu WAN->Real Time Jitter Control->Controlled Interfaces->New consists of the following fields: Fields in the Basic Settings menu. Field Description Interface Define for which interfaces voice transmission is to be optim- ised.
Page 367: Chapter 14 Vpn
Internet Key Exchange (IKE) protocol. Additional IPv4 Traffic Filter bintec elmeg gateways support two different methods of setting up IPSec connections: • a method based on policies and • a method based on routing.
Page 368: Ipsec Peers
14 VPN bintec elmeg GmbH The routing-based method offers various advantages over the policy-based method, e.g., NAT/PAT within a tunnel, IPSec in combination with routing protocols and the creation of VPN backup scenarios. With the routing-based method, the configured or dynamically learned routes are used to negotiate the IPSec phase 2 SAs.
Page 369 14 VPN bintec elmeg GmbH IPSec IPSec Peers Fig. 134: -> -> Peer Monitoring The menu for monitoring a peer is called by selecting the button for the peer in the peer list. See Values in the IPSec Tunnels list on page 567.
Page 370 14 VPN bintec elmeg GmbH IPSec IPSec Peers Fig. 135: -> -> -> The menu VPN->IPSec->IPSec Peers->New consists of the following fields: Fields in the menu Peer Parameters bintec RS Series...
Page 371 14 VPN bintec elmeg GmbH Field Description Administrative Status Select the status to which you wish to set the peer after saving the peer configuration. Possible values: • (default value): The peer is available for setting up a tunnel immediately after saving the configuration.
Page 372 14 VPN bintec elmeg GmbH Field Description • : Any string • • • • : Any string On the peer device, this ID corresponds to the Local ID Value. Internet Key Exchange Select the version of the Internet Exchange Protocol to be used.
Page 373 14 VPN bintec elmeg GmbH Field Description Enter the ID of your device. For Authentication Method = the option Use Subject Name from certificate is dis- played. When you enable the option Use Subject Name from certific- ate, the first alternative subject name indicated in the certificate is used, or, if none is specified, the subject name of the certific- ate is used.
Page 374 14 VPN bintec elmeg GmbH Field Description ted that can be attributed to a connection that has been initi- ated from a trusted zone. You can configure exceptions for the selected setting in the Firewall on page 415 menu. IP Address Assign- Select the configuration mode of the interface.
Page 375 14 VPN bintec elmeg GmbH Field Description The function is disabled by default. Local IP Address Only for IP Address Assignment = Enter the WAN IP address of your IPSec tunnel. This can be the same IP address as the address configured on your router as the LAN IP address.
Page 376 . The lower the value entered for Priority, the higher the prior- ity of the route. Additional data traffic filters bintec elmeg Gateways support two different methods for establishing IPSec connections: • a method based on policies and • a method based on routing.
Page 377 14 VPN bintec elmeg GmbH The Additional IPv4 Traffic Filter parameter fixes this problem. You can filter more "finely", i. e. you can, e. g., specify the source IP address or the source port. If there is a Additional IPv4 Traffic Filter configured, it is used to negotiate the IPSec phase 2 SAs;...
Page 378 14 VPN bintec elmeg GmbH IPSec IPSec Peers Fig. 136: -> -> -> -> Fields in the menu Basic Parameters Field Description Description Enter a description for the filter. Protocol Select a protocol. The option (default value) matches all protocols.
Page 379 14 VPN bintec elmeg GmbH Field Description (= -1) means that the port remains unspecified. Destination IP Ad- Enter the destination IP address and corresponding netmask of dress/Netmask the data packets. Destination Port Only for Protocol = Enter the destination port of the data packets. The default set- ting (= -1) means that the port remains unspecified.
Page 380 14 VPN bintec elmeg GmbH Field Description XAUTH Profile Select a profile created in VPN->IPSec->XAUTH Profiles if you wish to use this IPSec peer XAuth for authentication. If XAuth is used together with IKE Config Mode, the transac- tions for XAuth are carried out before the transactions for IKE Config Mode.
Page 381 Note that MobIKE requires a current IPSec client, e. g. the cur- rent Windows 7 or Windows 8 client or the latest version of the bintec elmeg IPSec client. IPv4 Proxy ARP Select whether your device is to respond to ARP requests from...
Page 382 IPSec peer. IPSec Callback bintec elmeg devices support the DynDNS service to enable hosts without fixed IP ad- dresses to obtain a secure connection over the Internet. This service enables a peer to be identified using a host name that can be resolved by DNS.
Page 383 14 VPN bintec elmeg GmbH Note If a tunnel is to be set up to a peer, the interface over which the tunnel is to be imple- mented is activated first by the IPSec Daemon. If IPSec with DynDNS is configured on the local device, the own IP address is propagated first and then the ISDN call is sent to the remote device.
Page 384 14 VPN bintec elmeg GmbH Note The callback configuration should be the same on the two devices so that your device is able to identify the IP address information from the called peer. The following roles are possible: • One side takes on the active role, the other the passive role.
Page 385 14 VPN bintec elmeg GmbH Field Description Mode Select the Callback Mode. Possible values: • (default value): IPSec callback is deactivated. The local device neither reacts to incoming ISDN calls nor initiates ISDN calls to the remote device. • : The local device only reacts to incoming ISDN calls and, if necessary, initiates setting up an IPSec tunnel to the peer.
Page 386: Phase-1 Profiles
14 VPN bintec elmeg GmbH Field Description Possible values: • : Your device automatically de- termines the most favourable mode. It first tries all D channel modes before switching to the B channel. (Costs are incurred for using the B channel.) •...
Page 387 14 VPN bintec elmeg GmbH IPSec Phase-1 Profiles Fig. 137: -> -> In the Default column, you can mark the profile to be used as the default profile. 14.1.2.1 New Choose the New (at Create new IKEv1 Profile or Create new IKEv2 Profile ) button to create additional profiles.
Page 388 14 VPN bintec elmeg GmbH IPSec Phase-1 Profiles Fig. 138: -> -> -> The menu VPN->IPSec->Phase-1 Profiles->New consists of the following fields: Fields in the Phase-1 (IKE) Parameters menu. Field Description Description Enter a description that uniquely defines the type of rule.
Page 389 14 VPN bintec elmeg GmbH Field Description (Advanced Encryption Standard). It is rated as just as secure as Rijndael (AES), but is slower. • : Blowfish is a very secure and fast algorithm. Twofish can be regarded as the successor to Blowfish.
Page 390 The Diffie-Hellman group defines the parameter set used as the basis for the key calculation during phase 1. "MODP" as sup- ported by bintec elmeg devices stands for "modular exponenti- ation". The following groups with their corresponding bit values are available: •...
Page 391 14 VPN bintec elmeg GmbH Field Description Authentication Method Only for Phase-1 (IKE) Parameters Select the authentication method. Possible values: • (default value): If you do not use certific- ates for the authentication, you can select Preshared Keys. These are configured during peer configuration in the VPN->IPSec->IPSec Peers.
Page 392 14 VPN bintec elmeg GmbH Field Description both peers have static IP addresses if preshared keys are used for authentication. Also define whether the selected mode is used exclusively (Strict), or the peer can also propose another mode. Local ID Type Only for Phase-1 (IKE) Parameters Select the local ID type.
Page 393 14 VPN bintec elmeg GmbH check the availability of a peer. Two methods are available: Heartbeats and Dead Peer Detection. The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu. Field Description Alive Check Only for Phase-1 (IKE) Parameters Select the method to be used to check the functionality of the IPSec connection.
Page 394 14 VPN bintec elmeg GmbH Field Description Enable or disable alive check. The function is enabled by default. Block Time Define how long a peer is blocked for tunnel setups after a phase 1 tunnel setup has failed. This only affects locally initiated setup attempts.
Page 395: Phase-2 Profiles
14 VPN bintec elmeg GmbH Field Description If you enable the Trust the following CA certificates option, you can select up to three CA certificates that are accepted for this profile. This option can only be configured if certificates are loaded.
Page 396 14 VPN bintec elmeg GmbH IPSec Phase-2 Profiles Fig. 140: -> -> -> The menu VPN->IPSec->Phase-2 Profiles->New consists of the following fields: Fields in the Phase-2 (IPSEC) Parameters menu. Field Description Description Enter a description that uniquely identifies the profile.
Page 397 14 VPN bintec elmeg GmbH Field Description , a key length of 128 bits is used. • : Rijndael has been nominated as AES due to its fast key setup, low memory requirements, high level of secur- ity against attacks and general speed. Here, it is used with a key length of 128 bits.
Page 398 14 VPN bintec elmeg GmbH Field Description Depending on the hardware of your device some options may not be available. Use PFS Group As PFS (Perfect Forward Secrecy) requires another Diffie- Hellman key calculation to create new encryption material, you must select the exponentiation features.
Page 399 20 seconds, the SA is discarded as invalid. Possible values: • (default value): Automatic detection of whether the remote terminal is a bintec elmeg device. If it is, (for a remote terminal with bintec elmeg) or (for a remote terminal without bintec el- meg) is set.
Page 400: Xauth Profiles
14 VPN bintec elmeg GmbH Field Description beat from the peer, but sends one itself. • : Your device expects a heartbeat from the peer and sends one itself. Propagate PMTU Select whether the PMTU (Path Maximum Transfer Unit) is to be propagated during phase 2.
Page 401 14 VPN bintec elmeg GmbH IPSec XAUTH Profiles Fig. 141: -> -> -> The VPN->IPSec->XAUTH Profiles ->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a description for this XAuth profile. Role Select the role of the gateway for XAuth authentication.
Page 402: Ip Pools
14 VPN bintec elmeg GmbH Field Description Enter the authentication password. RADIUS Server Group Only for Role = Select the desired list in System Management->Remote Au- thentication->RADIUS configured RADIUS group. Users Only for Role = and Mode = If your gateway is configured as an XAuth server, the clients can be authenticated via a locally configured user list.
Page 403: Options
14 VPN bintec elmeg GmbH Fields in the menu Basic Parameters Field Description IP Pool Name Enter any description to uniquely identify the IP pool. IP Address Range Enter the first (first field) and last (second field) IP address of the IP address pool.
Page 404 The default val- ues are globally valid and enable your system to work correctly to other bintec elmeg devices, so that you only need to change these values if the remote terminal is a third-party product or you know special settings are necessary.
Page 405 14 VPN bintec elmeg GmbH The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu. Field Description IPSec over TCP Determine whether IPSec over TCP is to be used. IPSec over TCP is based on NCP pathfinder technology. This technology insures that data traffic (IKE, ESP, AH) between peers is integrated into a pseudo HTTPS session.
Page 406 14 VPN bintec elmeg GmbH Field Description thentication IPSec. The function is enabled with The function is disabled by default. Fields in the PKI Handling Options menu. Field Description Ignore Certificate Re- Select whether certificate requests received from the remote quest Payloads end during IKE (phase 1) are to be ignored.
Page 407: L2Tp
The layer 2 tunnel protocol (L2TP) enables PPP connections to be tunnelled via a UDP connection. Your bintec elmeg device supports the following two modes: • L2TP LNS Mode (L2TP Network Server): for incoming connections only • L2TP LAC Mode (L2TP Access Concentrator): for outgoing connections only Note the following when configuring the server and client: An L2TP tunnel profile must be created on each of the two sides (LAC and LNS).
Page 408 14 VPN bintec elmeg GmbH L2TP Tunnel Profiles Fig. 144: -> -> -> The menu VPN->L2TP->Tunnel Profiles ->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a description for the current profile. The device automatically names the profiles and numbers them, but the value can be changed.
Page 409 14 VPN bintec elmeg GmbH Field Description incoming tunnel setup message from the LAC. Enter the host name of the LNS or LAC. Remote Hostname • : Defines the value for Local Hostname of the LNS (contained in the SCCRQs received from the LNS and the SCCRPs received from the LAC).
Page 410 14 VPN bintec elmeg GmbH Field Description The available values are UDP Destination Port Enter the destination port number to be used for all calls based on this profile. The remote LNS that receives the call must mon- itor this port on L2TP connections.
Page 411: Users
14 VPN bintec elmeg GmbH Field Description send the L2TP control packet for which is received no response. The available values are , the default value is . Data Packets Se- Select whether your device is to use sequence numbers for quence Numbers data packets sent through a tunnel on the basis of this profile.
Page 412 14 VPN bintec elmeg GmbH L2TP Users Fig. 145: -> -> -> The menu VPN->L2TP->Users->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a name for uniquely identifying the L2TP partner. The first character in this field must not be a number No special characters or umlauts must be used.
Page 413 14 VPN bintec elmeg GmbH Field Description L2TP network server (LNS) or the functions of a L2TP access concentrator client (LAC client). Possible values: • (default value): If you select this option, the L2TP partner is configured so that it accepts L2TP tunnels and restores the encapsulated PPP traffic flow.
Page 414 14 VPN bintec elmeg GmbH Field Description • (default value): You enter a static IP address. • : Only for Connection Type = Your device dynamically assigns an IP address to the remote terminal. • : Only for Connection Type = .
Page 415 14 VPN bintec elmeg GmbH Fields in the Advanced Settings menu. Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed.
Page 416 14 VPN bintec elmeg GmbH Field Description checked by sending LCP echo requests or replies. This is re- commended for leased lines, PPTP and L2TP connections. The function is enabled with The function is enabled by default. Prioritize TCP ACK...
Page 417: Options
14 VPN bintec elmeg GmbH Field Description up until someone actually wants to use the route. • : Your device responds to an ARP request only if the status of the connection to the L2TP partner is (active), i.e. a connection already exists to the L2TP partner.
Page 418: Pptp
14 VPN bintec elmeg GmbH Field Description The function is disabled by default. 14.3 PPTP The Point-to-Point Tunnelling Protocol (=PPTP) can be used to set up an encrypted PPTP tunnel to provide security for data traffic over an existing IP connection.
Page 419 14 VPN bintec elmeg GmbH 14.3.1.1 New Click on New to set up further PPTP partners. PPTP PPTP Tunnels Fig. 147: -> -> -> The VPN->PPTP->PPTP Tunnels->New menu consists of the following fields: Fields in the PPTP Partner Parameters menu.
Page 420 14 VPN bintec elmeg GmbH Field Description Description Enter a unique name for the tunnel. The first character in this field must not be a number No special characters or umlauts must be used. PPTP Mode Enter the role to be assigned to the PPTP interface.
Page 421 14 VPN bintec elmeg GmbH Fields in the IP Mode and Routes menu. Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically. Possible values: •...
Page 422 14 VPN bintec elmeg GmbH Field Description • : The lower the value, the higher the priority of the route (possible values ). The default value is . IP Assignment Pool Only if PPTP Mode = , IP Address Mode = (IPCP) Select a IP pool configured in the VPN->PPTP->IP Pools...
Page 423 14 VPN bintec elmeg GmbH Field Description • (default value): Run MS-CHAP version 2 only. • : Some providers use no authentication. In this case, se- lect this option. Encryption If necessary, select the type of encryption that should be used for data traffic to the connection partner.
Page 424 14 VPN bintec elmeg GmbH Field Description Possible values: • (default value): OSPF is not activated for this inter- face, i.e. no routes are propagated or OSPF protocol packets sent over this interface. Networks reachable over this inter- face are, however, included when calculating the routing in- formation and propagated over active interfaces.
Page 425 14 VPN bintec elmeg GmbH Field Description call to go online and set up a PPTP connection. The function is enabled with The function is disabled by default. Note that you must activate the relevant option on the gateways of both partners. An ISDN connection is usually required for this function.
Page 426: Options
1 from Microsoft Windows XP. Since, in SP 1, Mi- crosoft has changed the confirmation algorithm in the GRE pro- tocol, the automatic window adaptation for GRE must be turned off for bintec elmeg devices. The function is enabled with The function is enabled by default.
Page 427: Ip Pools
14 VPN bintec elmeg GmbH 14.3.3 IP Pools The IP Pools menu displays a list of all IP pools for PPTP connections. Your device can operate as a dynamic IP address server for PPTP connections. You can use this function by providing one or more pools of IP addresses. These IP addresses can be assigned to dialling-in connection partners for the duration of the connection.
Page 428: Gre
14 VPN bintec elmeg GmbH Field Description DNS Server Primary: Enter the IP address of the DNS server that is to be used, preferably, by clients who draw an address from this pool. Secondary: Optionally, enter the IP address of an alternative DNS server.
Page 429 14 VPN bintec elmeg GmbH 14.4.1.1 New Choose the New button to set up new GRE tunnels. GRE Tunnels Fig. 150: -> -> -> The VPN->GRE->GRE Tunnels->New menu consists of the following fields: Fields in the Basic Parameters menu. Field...
Page 430 14 VPN bintec elmeg GmbH Field Description Local IP Address Here, enter the (LAN-side) IP address that is to be used as your device's source address for your own packets through the GRE tunnel. Route Entries Define other routing entries for this connection partner.
Page 431: Chapter 15 Firewall
15 Firewall bintec elmeg GmbH Chapter 15 Firewall The Stateful Inspection Firewall (SIF) provided for bintec elmeg gateways is a powerful se- curity feature. The SIF with dynamic packet filtering has a decisive advantage over static packet filtering: The decision whether or not to send a packet cannot be made solely on the basis of source and destination addresses or ports but also using dynamic packet filtering based on the state of the connection to a partner.
Page 432: Policies
15 Firewall bintec elmeg GmbH One of the basic functions of NAT is the translation of the local IP addresses of your LAN into the global IP addresses you are assigned by your ISP and vice versa. All connections initiated externally are first blocked, i.e. every packet your device cannot assign to an exist- ing connection is rejected.
Page 433 15 Firewall bintec elmeg GmbH The sequence of filter rules in the list is relevant: The filter rules are applied to each packet in succession until a rule matches. If overlapping occurs, i.e. more than one filter rule matches a packet, only the first rule is executed. This means that if the first rule denies a packet, whereas a later rule allows it, the packet is rejected.
Page 434 15 Firewall bintec elmeg GmbH 15.1.1.1 New Choose the New button to create additional parameters. Firewall Policies IPv4 Filter Rules Fig. 152: -> -> The menu Firewall->Policies+IPv4 Filter Rules->New consists of the following fields: Fields in the Basic Parameters menu.
Page 435: Ipv6 Filter Rules
15 Firewall bintec elmeg GmbH Field Description The extensive range of services configured ex works includes the following: • • • • • • • • Additional services are created in Firewall->Services->Service List. In addition, the service groups configured in Firewall->Services->Groups can be selected.
Page 436 15 Firewall bintec elmeg GmbH The security concept is based on the assumption that an infrastructure consists of trusted and untrusted zones. The security policies describe this as- sumption. They define the filter rules Trusted Interfaces and Untrusted Interfaces which are created by default and cannot be deleted.
Page 437 15 Firewall bintec elmeg GmbH Firewall Policies IPv6 Filter Rules Fig. 154: -> -> -> The menu Firewall->Policies->IPv6 Filter Rules->New consists of the following fields: Fields in the Basic Parameters menu Field Description Select one of the preconfigured aliases for the source of the Source packet.
Page 438: Options
15 Firewall bintec elmeg GmbH Field Description • Additional services are created in Firewall->Services->Service List. In addition, the service groups configured in Firewall->Services->Groups can be selected. Select the action to be applied to a filtered packet. Action Possible values: •...
Page 439 15 Firewall bintec elmeg GmbH The menu Firewall->Policies->Options consists of the following fields: Fields in the Global Firewall Options menu. Field Description IPv4 Firewall Status Enable or disable the IPv4 firewall function. The function is enabled with The function is enabled by default.
Page 440: Interfaces
15 Firewall bintec elmeg GmbH Field Description The default value is TCP Inactivity Enter the inactivity time after which a TCP session is to be re- garded as expired (in seconds). Possible values are The default value is PPTP Inactivity Enter the inactivity time after which a PPTP session is to be re- garded as expired (in seconds).
Page 441: Ipv6 Groups
15 Firewall bintec elmeg GmbH Firewall Interfaces IPv4 Groups Fig. 156: -> -> -> The menu Firewall->Interfaces->IPv4 Groups->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter the desired description of the IPv4 interface group.
Page 442: Addresses
15 Firewall bintec elmeg GmbH Firewall Interfaces IPv6 Groups Fig. 157: -> -> -> The menu Firewall->Interfaces->IPv6 Groups->New consists of the following fields Fields in the Basic Parameters menu. Field Description Description Enter the desired description of the IPv6 interface group.
Page 443 15 Firewall bintec elmeg GmbH Firewall Addresses Address List Fig. 158: -> -> -> The menu Firewall->Addresses->Address List->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter the desired description of the address. IPv4 Allows configuration of IPv4 address lists.
Page 444: Groups
15 Firewall bintec elmeg GmbH Field Description The function is enabled with The function is disabled by default. Address / Prefix Only for IPv6 = Enter IPv6 address and the related prefix. 15.3.2 Groups A list of all configured address groups is displayed in the Firewall->Addresses->Groups menu.
Page 445: Services
15 Firewall bintec elmeg GmbH Field Description • is selected by default. Selection Select the members of the group from the available Addresses. To do this, activate the Fields in the Selection column. 15.4 Services 15.4.1 Service List In the Firewall->Services->Service List menu, a list of all available services is displayed.
Page 446 15 Firewall bintec elmeg GmbH Field Description If a port number range is specified, in the second field enter the last port of the port range. By default the field does not contain an entry. If a value is displayed, this means that the previously specified port number is verified.
Page 447: Groups
15 Firewall bintec elmeg GmbH Field Description • • Code Selection options for the ICMP codes are only available for Type = Possible values: • (default value) • • • • • • • 15.4.2 Groups A list of all configured service groups is displayed in the Firewall->Services->Groups menu.
Page 448: Configuration
15 Firewall bintec elmeg GmbH Firewall Services Groups Fig. 161: -> -> -> The menu Firewall->Services->Groups->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter the desired description of the service group. Members Select the members of the group from the available service ali- ases.
Page 449 15 Firewall bintec elmeg GmbH 15.5.1 SIF - Configuration example Requirements • Internet connection • Your LAN must be connected to one of ports 1, 2, 3 or 4 on the gateway. Example scenario Configuration target • Only certain Internet services are to be available for the staff of a company (HTTP, HT- TPS, FTP, DNS).
Page 450 15 Firewall bintec elmeg GmbH Overview of Configuration Steps Aliases for IP addresses and network address Field Menu Value Description Firewall->Addresses->Ad- e.g. dress List->New Address Type Firewall->Addresses->Ad- dress List->New Address / Subnet Firewall->Addresses->Ad- e.g. dress List->New with Description Firewall->Addresses->Ad- e.g.
Page 451 15 Firewall bintec elmeg GmbH Field Menu Value Selection Firewall -> Addresses -> e.g. Groups -> New Service Sets Field Menu Value Description Firewall -> Services -> e.g. Groups -> New Members Firewall -> Services -> e.g. Groups -> New Description Firewall ->...
Page 452 15 Firewall bintec elmeg GmbH Field Menu Value Filter Rules -> New Service Firewall -> Policies -> IPv4 Filter Rules -> New Action Firewall -> Policies -> IPv4 Filter Rules -> New Filter rules 3: Deny access from outside to the Gateway...
Page 453: Chapter 16 Voip
16 VoIP bintec elmeg GmbH Chapter 16 VoIP Voice over IP (VoIP) uses the IP protocol for voice and video transmission. The main difference compared with conventional telephony is that the voice information is not transmitted over a switched connection in a telephone network, but divided into data packets by the Internet protocol and these packets are then passed to the destination over undefined paths in a network.
Page 454: Rtsp
16 VoIP bintec elmeg GmbH Field Description You must configure a proxy for each destination port to which VoIP clients from the LAN can connect. An error message ap- pears when you enter multiple ports (e.g. 5060; 5061). The ports can be provider-specific.
Page 455 16 VoIP bintec elmeg GmbH The VoIP->RTSP->RTSP Proxymenu consists of the following fields: Fields in the Basic Parameters menu. Field Description RTSP Proxy Select whether you want to permit RTSP sessions. The function is activated by selecting The function is disabled by default.
Page 456: Chapter 17 Local Services
17 Local Services bintec elmeg GmbH Chapter 17 Local Services This menu offers services for the following application areas: • Name resolution (DNS) • Configuration via web browser (HTTPS) • Locating of dynamic IP addresses using a DynDNS provider • Configuration of gateway as a DHCP server (assignment of IP addresses) •...
Page 457 17 Local Services bintec elmeg GmbH Name server Under Local Services->DNS->DNS Servers->New you enter the IP addresses of name servers that are queried if your device cannot answer requests itself or by forwarding entries. Global name servers and name servers that are attached to an interface can both be entered.
Page 458: Global Settings
17 Local Services bintec elmeg GmbH 17.1.1 Global Settings Local Services Global Settings Fig. 164: -> -> The menu Local Services->DNS->Global Settings consists of the following fields: Fields in the Basic Parameters menu Field Description Domain Name Enter the standard domain name of your device.
Page 459 17 Local Services bintec elmeg GmbH Field Description i.e. successfully resolved names and IP addresses are to be stored in the cache. The function is activated by selecting The function is enabled by default. Negative Cache Select whether the negative dynamic cache is to be activated, i.e.
Page 460: Dns Servers
17 Local Services bintec elmeg GmbH Fields in the IP address to use for DNS/WINS server assignment menu Field Description As DHCP Server Select which name server addresses are sent to the DHCP cli- ent if your device is used as DHCP server.
Page 461 17 Local Services bintec elmeg GmbH Local Services DNS Servers Fig. 165: -> -> -> The Local Services->DNS->DNS Servers->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Admin Status Select whether the DNS server should be enabled.
Page 462 17 Local Services bintec elmeg GmbH Field Description • • (default value) Interface Select the interface to which the DNS server pair is to be as- signed. For Interface Mode = A global DNS server is created with the setting...
Page 463: Static Hosts
17 Local Services bintec elmeg GmbH 17.1.3 Static Hosts A list of all configured static hosts is displayed in the Local Services->DNS->Static Hosts menu. 17.1.3.1 New Choose the New button to set up new static hosts. Local Services Static Hosts Fig.
Page 464: Domain Forwarding
17 Local Services bintec elmeg GmbH Field Description Possible values: • : A DNS request for DNS Hostname gets a negat- ive response. • (default value): A DNS request for DNS Host- name is answered with the related IP Address.
Page 465 17 Local Services bintec elmeg GmbH Field Description Forward Select whether requests for a host or domain are to be forwar- ded. Possible values: • (default value) • Host Only for Forward = Enter the name of the host for which requests are to be forwar- ded.
Page 466: Dynamic Hosts
17 Local Services bintec elmeg GmbH Field Description Primärer DNS-Server Only for Forward to = (IPv4/IPv6) Enter the IPv4/IPv6 address of the primary DNS server. Sekundärer DNS- Only for Forward to = Server (IPv4/IPv6) Enter the IPv$/IPv6 address of the secondary DNS server.
Page 467: Statistics
17 Local Services bintec elmeg GmbH A dynamic entry can be converted to a static entry by marking the entry and confirming with Make static. This corresponding entry disappears from the list and is displayed in the list in the Static Hosts menu. The TTL is transferred.
Page 468: Https
17 Local Services bintec elmeg GmbH Field Description Server Failures Shows the number of requests that were not answered by any name server (either positively or negatively). 17.2 HTTPS You can operate the user interface of your device from any PC with an up-to-date Web browser via an HTTPS connection.
Page 469: Dyndns Client
17 Local Services bintec elmeg GmbH Field Description Possible values: • (default value): Select this option if you want to use the certificate built into the device. • : Under System Management->Cer- tificates->Certificate List select entered certificate. 17.3 DynDNS Client The use of dynamic IP addresses has the disadvantage that a host in the network can no longer be found once its IP address has changed.
Page 470 17 Local Services bintec elmeg GmbH Local Services DynDNS Client DynDNS Update Fig. 172: -> -> -> The menu Local Services->DynDNS Client->DynDNS Update->New consists of the fol- lowing fields: Fields in the Basic Parameters menu. Field Description Host Name Enter the complete host name as registered with the DynDNS provider.
Page 471: Dyndns Provider
17 Local Services bintec elmeg GmbH Field Description The default value is Enable update Select whether the DynDNS entry configured here is to be activ- ated. The function is activated by selecting The function is disabled by default. The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu.
Page 472 17 Local Services bintec elmeg GmbH Local Services DynDNS Client DynDNS Provider Fig. 173: -> -> -> The menu Local Services->DynDNS Client->DynDNS Provider->New consists of the fol- lowing fields: Fields in the Basic Parameters menu. Field Description Provider Name Enter a name for this entry.
Page 473: Dhcp Server
DHCP server as a network broadcast.* The client then receives its IP address from bintec elmeg (as part of a brief exchange). You therefore do not need to allocate fixed IP addresses to PCs, which reduces the amount of configuration work in your network.
Page 474: Dhcp Configuration
17 Local Services bintec elmeg GmbH 17.4.1.1 Edit or New Choose the New button to set up new IP address pools. Choose the icon to edit exist- ing entries. Local Services DHCP Server IP Pool Configuration Fig. 174: -> ->...
Page 475 17 Local Services bintec elmeg GmbH Note In the ex works state the DHCP pool is preconfigured with the IP addresses 192.168.0.10 to 192.168.0.49 and is used if there is no other DHCP server available in the network. 17.4.2.1 Edit or New Choose the New button to set up new DHCP pools.
Page 476 17 Local Services bintec elmeg GmbH Field Description Pool Usage Select if the DHCP pool is to be used for requests from clients in a network directly connected to an Ethernet interface, or if it is to be used for DHCP requests from a remote network that are sent to your device via a DHCP relay station.
Page 477 17 Local Services bintec elmeg GmbH Field Description Possible values for Option: • (default value): Enter the IP address of the time server to be sent to the client. • : Enter the IP address of the DNS server to be sent to the client.
Page 478 17 Local Services bintec elmeg GmbH Choose the icon to edit an existing entry. In the popup menu, you configure manufac- turer-specific settings in the DHCP server for specific telephones, for example. Fields in the Basic Parameters menu Field Description...
Page 479: Ip/Mac Binding
17 Local Services bintec elmeg GmbH Field Description shall be transmitted for the DHCP server. Possible values: • (default value) • Only für Select vendor = Enter the Access Point Namen (APN) of the SIM card. Only für Select vendor = Enter the PIN of the SIM card.
Page 480: Dhcp Relay Settings
17 Local Services bintec elmeg GmbH 17.4.3.1 New Choose the New button to set up new IP/MAC bindings. Local Services DHCP Server IP/MAC Binding Fig. 176: -> -> -> The menu Local Services->DHCP Server->IP/MAC Binding->New consists of the follow- ing fields: Fields in the Basic Parameters menu.
Page 481: Dhcp - Configuration Example
17 Local Services bintec elmeg GmbH Local Services DHCP Server DHCP Relay Settings Fig. 177: -> -> The menu Local Services->DHCP Server->DHCP Relay Settings consists of the follow- ing fields: Fields in the Basic Parameters menu. Field Description Primary DHCP Server Enter the IP address of a server to which BootP or DHCP re- quests are to be forwarded.
Page 482 17 Local Services bintec elmeg GmbH Example scenario as DHCP Server Example scenario as DHCP Client bintec RS Series...
Page 483 17 Local Services bintec elmeg GmbH Example scenario as DHCP Relay Server Configuration target You can use your device as a DHCP server, DHCP client or DHCP relay agent. Overview of Configuration Steps DHCP Server Field Menu Value IP Pool Name Local Services->DHCP Server->IP...
Page 484: Dhcpv6 Server
17 Local Services bintec elmeg GmbH Field Menu Value CP Configuration->New Gateway Local Services->DHCP Server->DH- CP Configuration->New->Ad- vanced Settings Lease Time Local Services->DHCP Server->DH- e.g. CP Configuration->New->Ad- vanced Settings IP address to use for Local Services->DNS->Global Set- e.g. DNS/WINS server as- tings->Advanced Settings...
Page 485 17 Local Services bintec elmeg GmbH Note An IPv6 address pool is created by assigning an IPv6 Link Prefix (a subnet with a length of /64) to an DHCPv6 option set. The definition of a separate set of IP ad- dresses like, e.g.
Page 486: Dhcpv6 Server
17 Local Services bintec elmeg GmbH 17.5.1 DHCPv6 Server Here you can create interface-related address pools and define DHCP options inside of an DHCP Option Set. 17.5.1.1 Edit or New Use the New button in order to create an Option Set. Use the icon in order to edit an existing entry.
Page 487 17 Local Services bintec elmeg GmbH Field Description tended interface is not offered for selection, configure it accord- ing to the requirements detailed in the introduction of this sec- tion. Configuration is done on the menu LAN->IP Configura- tion->Interfaces. Address assignment...
Page 488: Dhcpv6 Global Options
Search List"). Domain names will be transmitted to the clients in the order defined by the list. The domain name (e.g. dev.bintec.de.) mast end with a dot (.). The menu Advanced Settings consist of the following fields: bintec RS Series...
Page 489: Stateful Clients
17 Local Services bintec elmeg GmbH Fields in the menu Server preference Field Description Server preference The DHCPv6 advertisements sent by the DHCPv6 server to the clients may contain the DHCPv6 option 7 "Preference". Possible values are In a network with multiple DHCPv6 servers this option controls which server takes the highest priority.
Page 490: Stateful Clients Configuration
17 Local Services bintec elmeg GmbH Local Services DHCPv6 Server Stateful Clients Fig. 180: -> -> 17.5.4 Stateful Clients Configuration During a stateful configuration of IPv6 clients not only the DHCP options, but also the IPv6 prefix is transmitted to the client.
Page 491: Web Filter
17 Local Services bintec elmeg GmbH Field Description 16 - 20 digit HEX number. You can enter them using a "-" (minus) as separator (Windows style), or you can enter them in a single block (Linux style). Accept Client FQDN...
Page 492: General
17 Local Services bintec elmeg GmbH 17.6.1 General This menu contains the configuration of basic parameters for using the Proventia Web Fil- ter. Local Services Web Filter General Fig. 182: -> -> The Local Services->Web Filter->General menu consists of the following fields: Fields in the Web Filter Options menu.
Page 493 17 Local Services bintec elmeg GmbH Field Description Press the Add button to add more interfaces. The requests from http Internet pages that reach your device via these interfaces are then monitored by web filtering. Maximum Number of Define the number of entries to be saved in the web filtering his- History Entries tory (History menu).
Page 494: Filter List
17 Local Services bintec elmeg GmbH Field Description Licence Status Shows the result of the last validity check of the licence. The validity of the licence is checked every 23 hours. License valid until This shows the expiry date of the licence (relative to the time set on your device) and cannot be edited.
Page 495 17 Local Services bintec elmeg GmbH Field Description Category Select which category of addresses/URLs the filter is to be used The options are first the standard categories of the Proventia Web Filter (default value: ). Actions can also be defined for the following special cases, e.g.: •...
Page 496: Black / White List
17 Local Services bintec elmeg GmbH Field Description • : Callup is allowed and not logged. 17.6.3 Black / White List The Local Services->Web Filter->Black / White List menu contains a list of URLs or IP addresses, as the case applies. The addresses on the White List can also be called if they had been blocked because of filter configuration and classification in the Proventia web filter.
Page 497: History
17 Local Services bintec elmeg GmbH 17.6.4 History In the Local Services->Web Filter->History menu, you can view the recorded history of the web filter. The history logs all requests that are marked for logging by a relevant filter (Action = ), likewise all rejected requests.
Page 498 17 Local Services bintec elmeg GmbH 17.7.1.1 New Choose the New button to set up new CAPI users. Local Services CAPI Server User Fig. 186: -> -> -> The menu Local Services->CAPI Server->User->New consists of the following fields: Fields in the Basic Parameters menu.
Page 499: Options
17 Local Services bintec elmeg GmbH 17.7.2 Options Local Services CAPI Server Options Fig. 187: -> -> The menu Local Services->CAPI Server->Options consists of the following fields: Fields in the Basic Parameters menu. Field Description Enable server Select whether your device is to be enabled as a CAPI server.
Page 500: Scheduling
Caution The configuration of actions that are not available as defaults requires extensive know- ledge of the method of operation of bintec elmegbintec elmeg gateways. An incorrect configuration can cause considerable disruption during operation. If applicable, save the original configuration on your PC.
Page 501 17 Local Services bintec elmeg GmbH 17.8.1.1 New Choose the New button to create more event lists. Local Services Scheduling Trigger Fig. 188: -> -> -> The menu Local Services->Scheduling->Trigger->New consists of the following fields: Fields in the menu Basic Parameters...
Page 502 17 Local Services bintec elmeg GmbH Field Description Possible values: • (default value): The operations configured and as- signed in Actions are initiated at specific points in time. • : The actions configured and assigned in Actions are initiated when the defined MIB variables assumes the as- signed values.
Page 503 17 Local Services bintec elmeg GmbH Field Description Select the GEO Zone Status. Possible values: • : The current position lies within the defined zone. • : The current position lies outside the defined zone. Monitored Variable Only for Event Type Select the MIB variable whose defined value is to be configured as initiator.
Page 504 17 Local Services bintec elmeg GmbH Field Description the intended operation. Possible values: • (default value): The function is enabled. • : The interface is disabled. Traffic Direction Only for Event Type Select the direction of the data traffic whose values should be monitored as initiating an operation.
Page 505 17 Local Services bintec elmeg GmbH Field Description Status Only for Event Type Select whether Destination IP Address must be (default value) or in order to initiate the opera- tion. Interval Only for Event Type Enter the time in Seconds after which a ping must be resent.
Page 506 17 Local Services bintec elmeg GmbH Field Description Function Button Status Only for Event Type When creating the trigger the dropdown selection Function Button Status allows you to choose which status of the func- tion button activates or deactivates the trigger. If you set the...
Page 507: Actions
17 Local Services bintec elmeg GmbH Field Description Possible values for Condition Settings in Condition Type = Start Time Enter the time from which the initiator is to be activated. Activa- tion is carried on the next scheduling interval. the default value of this interval is 55 seconds.
Page 508 17 Local Services bintec elmeg GmbH Field Description Description Enter your chosen designation for the action. Command Type Select the desired action. Possible values: • (default value): Your device is rebooted. • : The desired value is entered for a MIB variable.
Page 509 17 Local Services bintec elmeg GmbH Field Description • : The operation is initiated if a single event occurs. • : The operation is triggered if no event occurs. • : The operation is triggered if one of the events does not occur.
Page 510 17 Local Services bintec elmeg GmbH Field Description Possible values: • (default value): The value of the MIB variable is mod- ified if the initiator is active. • : The value of the MIB variable is modified if the ini- tiator is inactive.
Page 511 17 Local Services bintec elmeg GmbH Field Description Select the desired wireless network whose status shall be changed. Set status Only if Command Type = Select the status for the wireless network. Possible values: • (default value) • Source Location Only if Command Type = Select the source for the software update.
Page 512 17 Local Services bintec elmeg GmbH Field Description Enter the file name of the software version. Where Command Type = with Action = Enter the file name of the certificate file. Action For Command Type = Select which operation is to be performed on a configuration file.
Page 513 17 Local Services bintec elmeg GmbH Field Description and Action = Select whether the file is to be sent in the CSV format. The CSV format can easily be read and modified. In addition, you can view the corresponding file clearly using Microsoft Ex- cel for example.
Page 514 17 Local Services bintec elmeg GmbH Field Description Select the file to be copied. Configuration contains Only where Command Type = certificates/keys and Action = Select whether the certificates and keys contained in the config- uration are to be imported or exported.
Page 515 17 Local Services bintec elmeg GmbH Field Description Possible values: • (default value): The IP address of the interface over which the ping is sent is automatically entered as sender address. • : Enter the desired IP address in the input field.
Page 516 17 Local Services bintec elmeg GmbH Field Description Overwrite similar certi- Only where Command Type = ficate and Action = Select whether to overwrite a certificate already present on the your device with the new one. The function is disabled by default.
Page 517 17 Local Services bintec elmeg GmbH Field Description Password Only where Command Type = and Action = To obtain certificates, you may need a password from the certi- fication authority. Enter the password you received from the cer- tification authority here.
Page 518: Options
17 Local Services bintec elmeg GmbH Field Description Select the WLAN module on which to perform the frequency band scan. WLC SSID Only where Command Type = Select the wireless network administered over the WLAN con- troller whose status should be changed.
Page 519: Configuration Example - Time-Controlled Tasks (Scheduling)
17 Local Services bintec elmeg GmbH Field Description terface. The schedule interval is disabled by default. Enter the period of time in seconds after which the system checks whether configured events have occurred. Possible values are The value is recommended (5 minute accuracy).
Page 520 17 Local Services bintec elmeg GmbH • In addition, the configuration is to be backed up automatically once a month on a TFTP server. Overview of Configuration Steps Daily reboot Field Menu Value Event List Local Services->Scheduling->Trig- ger->New Description Local Services->Scheduling->Trig- e.g.
Page 521 17 Local Services bintec elmeg GmbH Field Menu Value Time Condition Local Services->Scheduling->Trig- Condition Type = ger->New , Condition Settings Start Time Local Services->Scheduling->Trig- Hour Minute ger->New Stop Time Local Services->Scheduling->Trig- Hour Minute ger->New Description Local Services->Scheduling->Ac- e.g. tions->New Command Type Local Services->Scheduling->Ac-...
Page 522: Surveillance
In this menu, you can configure an automatic availability check for hosts or interfaces and automatic ping tests. You can monitor temperature with devices from the bintec WI series. Note This function cannot be configured on your device for connections that are authentic- ated via a RADIUS server.
Page 523 17 Local Services bintec elmeg GmbH 17.9.1.1 Edit or New Choose the icon to edit existing entries. Choose the New button to create additional monitoring tasks. Local Services Surveillance Hosts Fig. 191: -> -> -> The menu Local Services->Surveillance->Hosts->New consists of the following fields:...
Page 524 17 Local Services bintec elmeg GmbH Field Description Monitored IP Address Enter the IP address of the host to be monitored. Possible values: • (default value): The default gateway is monitored. • : Enter the IP address of the host to be monitored manually in the adjacent input field.
Page 525: Interfaces
17 Local Services bintec elmeg GmbH Field Description used. Possible values are The default value is . Action to be performed Select which Action should be run. For most actions, you select an Interface to which the Action relates. All physical and virtual interfaces can be selected.
Page 526: Ping Generator
17 Local Services bintec elmeg GmbH Fields in the Basic Parameters menu. Field Description Monitored Interface Select the interface on your device that is to be monitored. Trigger Select the state or state transition of Monitored Interface that is to trigger a particular Interface Action.
Page 527 17 Local Services bintec elmeg GmbH Local Services Surveillance Ping Generator Fig. 193: -> -> -> The menu Local Services->Surveillance->Ping Generator->New consists of the follow- ing fields: Fields in the Basic Parameters menu. Field Description Destination IP Address Enter the IP address to which the ping is automatically sent.
Page 528: Isdn Theft Protection
17 Local Services bintec elmeg GmbH 17.10 ISDN Theft Protection With the ISDN theft protection function, you can prevent a thief who has stolen a gateway from gaining access to the gateway owner's LAN. (Without theft protection, he could dial in- to the LAN by ISDN if under WAN->Internet + Dialup->ISDN->...
Page 529 17 Local Services bintec elmeg GmbH Local Services ISDN Theft Protection Options Fig. 194: -> -> The menu Local Services->ISDN Theft Protection->Options consists of the following fields: Fields in the Basic Parameters menu. Field Description ISDN Theft Protection Enable or disable the ISDN theft protection function.
Page 530: Upnp
17 Local Services bintec elmeg GmbH Field Description Use Add to add a new interface. Select from the available interfaces those to which the ISDN theft protection function is to be applied. Fields in the Advanced Settings menu. Field Description...
Page 531: Interfaces
17 Local Services bintec elmeg GmbH . The ports are released internally to the gateway on demand, i.e. when an audio/video transfer is started in Messenger. When the application is closed, the ports are immediately closed again. The peer-to-peer-communication is initiated via public SIP servers with only the information from the two clients being forwarded.
Page 532: General
17 Local Services bintec elmeg GmbH Field Description Interface is UPnP con- Determine whether the NAT configuration of this interface is trolled controlled by UPnP. The function is enabled with The function is disabled by default. 17.11.2 General In this menu, you make the basic UPnP settings.
Page 533: Hotspot Gateway
Requirements To operate a Hotspot, the customer requires: • a bintec elmegbintec elmeg device as hotspot gateway with active Internet access and configured hotspot server entries for login and accounting (see menu System Manage- ment->Remote Authentication->RADIUS->New with Group Description...
Page 534 17 Local Services bintec elmeg GmbH • bintec elmegbintec elmeg Hotspot hosting (article number 5510000198) • Access data • Documentation • Software licensing Please note that you must first activate the licence. Go to www.bintec-elmeg.com then Service/Support -> Services -> Online Services.
Page 535: Hotspot Gateway
17 Local Services bintec elmeg GmbH 17.12.1 HotSpot Gateway In the HotSpot Gateway menu, you can configure the bintec elmeg gateway installed onsite for the Hotspot Solution. A list of all configured hotspot networks is displayed in the Local Services->HotSpot Gateway->HotSpot Gateway menu.
Page 536 17 Local Services bintec elmeg GmbH Local Services HotSpot Gateway HotSpot Gateway Fig. 198: -> -> -> The Local Services->HotSpot Gateway->HotSpot Gateway-> menu consists of the following fields: Fields in the menu Basic Parameters Field Description Interface Choose the interface to which the Hotspot LAN or WLAN is con- nected.
Page 537 17 Local Services bintec elmeg GmbH Field Description Domain at the HotSpot Enter the domain name that you used when setting up the Hot- Server Spot server for this customer. The domain name is required so that the Hotspot server can distinguish between the different cli- ents (customers).
Page 538 17 Local Services bintec elmeg GmbH Field Description The following languages are supported: The language can be changed on the start/login page at any time. The menu Advanced Settings consists of the following fields: Fields in the menu Advanced Settings...
Page 539: Options
17 Local Services bintec elmeg GmbH Field Description Pop-Up window for Specify whether the device uses pop-up windows to display the status indication status. The function is enabled by default. Default Idle Timeout Enable or disable the Default Idle Timeout. If a hotspot user does not trigger any data traffic for a configurable length of time, they are logged out of the hotspot.
Page 540: Wake-On-Lan
17 Local Services bintec elmeg GmbH 17.13 Wake-On-LAN With the function Wake-On-LAN you can start network devices that are switched off via an integrated network card. The network card also needs a power supply, even when the com- puter is switched off. You can use filters and rule chains to define the conditions that need to be met to send the so-called magic packet, and select the interfaces that are to be mon- itored for the defined rule chains.
Page 541 17 Local Services bintec elmeg GmbH Field Description Service Select one of the preconfigured services. The extensive range of services configured ex works includes the following: • • • • • • • • The default value is Protocol Select a protocol.
Page 542 17 Local Services bintec elmeg GmbH Field Description • (default value): The destination IP address/netmask are not specified. • : Enter the destination IP address of the host. • : Enter the destination network address and the cor- responding netmask.
Page 543 17 Local Services bintec elmeg GmbH Field Description specified. • : Enter the source IP address of the host. • : Enter the source network address and the prefix length. Source Port/Range Only for Protocol = Enter a source port number or a range of source port numbers.
Page 544: Wol Rules
17 Local Services bintec elmeg GmbH Field Description The default value is . The default value is 17.13.2 WOL Rules The menu Local Services->Wake-On-LAN->WOL Rules displays a list of all the WOL rules that have been configured. 17.13.2.1 Edit or New Choose the icon to edit existing entries.
Page 545 17 Local Services bintec elmeg GmbH Field Description setting. • : Shows a rule chain that has already been created, which you can select and edit. Description Only where Wake-On-LAN Rule Chain = Enter the name of the rule chain.
Page 546: Interface Assignment
17 Local Services bintec elmeg GmbH Field Description Enter the MAC address of the network device that is to be en- abled using WOL. Password Only where Action = If the network device that is to be enabled supports the "Se- cureOn"...
Page 547: Brrp
Note You require a licence for devices in the R23x series and RS series. BRRP (Bintec Router Redundancy Protocol) is a bintec elmegbintec elmeg-specific imple- mentation of the VRRP (Virtual Router Redundancy Protocol). A router redundancy proced- ure is used mainly to safeguard the availability of a physical gateway in a LAN or WAN.
Page 548: Virtual Routers
17 Local Services bintec elmeg GmbH Field Description VRRP Advertisement A keepalive that sends the master to the backup gateway to in- dicate his reachability. Virtual Router Master “The VRRP router that takes over forwarding the packets that have been sent to the IP addresses associated with the “virtual router”...
Page 549 17 Local Services bintec elmeg GmbH Note This interface is used to transmit the BRRP advertisement data packets and possibly to transmit keepalive monitoring data packets. Another interface must be configured in the next step to transmit the usage data.
Page 550 17 Local Services bintec elmeg GmbH events, which result in a switching of the operating status of the virtual router. Controlling the operating status of a virtual router implicitly also controls the operating status of the interface to which the virtual router is linked. If an error occurs, all interfaces on a device have to be deactivated.
Page 551 17 Local Services bintec elmeg GmbH Fields in the BRRP Advertisement Interface menu. Field Description Ethernet Interface Choose the interface via which BRRP advertisement packets are sent and expected. If you edit a Virtual Router, the Ethernet interface is displayed and cannot be changed.
Page 552 17 Local Services bintec elmeg GmbH Field Description Virtual Interface Prior- Define the transmitted BRRP priority of the interface for the vir- tual router. Higher priorities determine the master interfaces during the initialization pahse as well as with active Pre- Empt-Mode.Possible values are between...
Page 553 17 Local Services bintec elmeg GmbH Field Description the number of expected but omitted BRRP advertisements, the advertisement interval and the skew time, which adds a minimal period depending on the priority. The higher the priority, the shorter the time added. Consequently, a backup router with a higher priority responds more quickly than a router with lower priority).
Page 554: Vr Synchronisation
17 Local Services bintec elmeg GmbH 17.14.2 VR Synchronisation The watchdog daemon is configured in the Local Services->BRRP->VR Synchronisation menu, i.e. you define how state changes are handled. After opening the menu Local Services->BRRP->VR Synchronisation a list of all syn- chronisations is displayed.
Page 555: Options
17 Local Services bintec elmeg GmbH Field Description vertisements as per its configuration in the Local Services->BRRP->Virtual Routers->New->Advanced Set- tings menu.) Virtual Router ID Select a virtual router using the Virtual Router ID and define which interface is to be checked. You can choose previously defined IDs (see Virtual Router ID in the Local Services->BRRP->Virtual Router->New menu under BRRP...
Page 556 17 Local Services bintec elmeg GmbH Field Description Enable BRRP Enable or disable the BRRP function. The function is enabled with The function is disabled by default. bintec RS Series...
Page 557: Chapter 18 Maintenance
18 Maintenance bintec elmeg GmbH Chapter 18 Maintenance This menu provides you with numerous functions for maintaining your device. It firstly provides a menu for testing availability within the network. You can manage your system configuration files. If more recent system software is available, you can use this menu to in- stall it.
Page 558: Diagnostics
18 Maintenance bintec elmeg GmbH Field Description from the system when you click Logout. 18.1.1.1 Logout Options After you have confirmed your selection of connections to be terminated with Logoutyou can choose if any configuration related to the connections is to be saved before the user is actually disconnected, and in which way.
Page 559: Dns Test
18 Maintenance bintec elmeg GmbH can be reached. Fields in the Ping Test menu Field Description Test Ping Mode Select the IP version to be used for the ping test. Possible values: • • Test Ping Address Enter the IP address to be tested.
Page 560: Traceroute Test
18 Maintenance bintec elmeg GmbH 18.2.3 Traceroute Test Maintenance Diagnostics Traceroute Test Fig. 210: -> -> You use the traceroute test to display the route to a particular address (IP address or do- main name), if this can be reached.
Page 561: Options
An update of BOOTmonitor and/or Logic is recommended in a few cases. In this case, the release notes refer expressly to this fact. Only update BOOTmonitor or Logic if bintec elmeg GmbHbintec elmeg GmbH explicitly recommends this. Flash Your device saves its configuration in configuration files in the flash EEPROM (Electrically Erasable Programmable Read Only Memory).
Page 562 18 Maintenance bintec elmeg GmbH Configuration file format The file format of the configuration file allows encryption and ensures compatibility when restoring the configuration on the gateway in various system software versions. This is a CSV format, which can be read and modified easily. In addition, you can view the corres- ponding file clearly using Microsoft Excel for example.
Page 563 18 Maintenance bintec elmeg GmbH Fields in the Software and Configuration Options menu. Field Description Action Select the action you wish to execute. After each task, a window is displayed showing the other steps that are required. Possible values: •...
Page 564 18 Maintenance bintec elmeg GmbH Field Description • : You can launch an update of the system software, the ADSL logic and the BOOTmonitor. • : (Only displayed if an SD card is inserted, if supported by you device) In file name, select the file that you wish to import.
Page 565: Reboot
18 Maintenance bintec elmeg GmbH Field Description Select the source file to be copied. Destination File Name Only for Action = Enter the name of the copy. Select file Only for Action = Select the file or configuration to be renamed or deleted.
Page 566: Factory Reset
18 Maintenance bintec elmeg GmbH Note Before a reboot, make sure you confirm your configuration changes by clicking the Save configuration button, so that these are not lost when you reboot. Maintenance Reboot System Reboot Fig. 212: -> -> If you wish to restart your device, click the OK button. The device will reboot.
Page 567: Chapter 19 External Reporting
19 External Reporting bintec elmeg GmbH Chapter 19 External Reporting In this system menu, you define what system protocol messages are saved on which com- puters, and whether the system administrator should receive an e-mail for certain events. Information on IP data traffic can also be saved--depending on the individual interfaces. In addition, SNMP traps can be sent to specific hosts in case of error.
Page 568 19 External Reporting bintec elmeg GmbH A list of all configured system log servers displayed in the External Reporting->Syslog->Syslog Servers menu. 19.1.1.1 New Select the New button to set up additional syslog servers. External Reporting Syslog Syslog Servers Fig. 214: ->...
Page 569 19 External Reporting bintec elmeg GmbH Field Description • (lowest priority) Syslog messages are only sent to the host if they have a higher or identical priority to that indicated, i.e. at syslog level all messages generated are forwarded to the host.
Page 570: Ip Accounting
19 External Reporting bintec elmeg GmbH 19.2 IP Accounting In modern networks, information about the type and number of data packets sent and re- ceived over the network connections is often collected for commercial reasons. This inform- ation is extremely important for Internet Service Providers that bill their customers by data volume.
Page 571 19 External Reporting bintec elmeg GmbH External Reporting IP Accounting Options Fig. 216: -> -> In the External Reporting->IP Accounting->Options menu, you can define the Log Format of the IP accounting messages. The messages can contain character strings in any order, sequences separated by a slash, e.g.
Page 572: Alert Service
19 External Reporting bintec elmeg GmbH 19.3 Alert Service It was previously possible to send syslog messages from the router to any syslog host. De- pending on the configuration, e-mail alerts are sent to the administrator as soon as relevant syslog messages appear.
Page 573 19 External Reporting bintec elmeg GmbH Field Description Possible values: • E-mail • SMS Recipient Enter the recipient's e-mail address. The entry is limited to 40 characters. Message Compression Select whether the text in the alert E-mail is to be shortened.
Page 574 19 External Reporting bintec elmeg GmbH Field Description entered therefore usually contains wildcards. To be informed of all syslog messages of the selected level, just enter "*". Severity Select the severity level which the string configured in the Matching String field must reach to trigger an e-mail alert.
Page 575: Alert Settings
19 External Reporting bintec elmeg GmbH 19.3.2 Alert Settings External Reporting Alert Service Alert Settings Fig. 218: -> -> The menu External Reporting->Alert Service->Alert Settings consists of the following fields: Fields in the Basic Parameters menu. Field Description Alert Service Select whether the alert service is to be enabled for the inter- face.
Page 576 19 External Reporting bintec elmeg GmbH Field Description SMTP Server Enter the address (IP address or valid DNS name) of the mail server to be used for sending the mails. The entry is limited to 40 characters. SMTP Port Encryption of e-mails (SSL / TLS).
Page 577: Snmp
19 External Reporting bintec elmeg GmbH Field Description SMS Device You can receive notification of system alerts in text messages. Select the device to be used to send the text message. Maximum SMS per Day Limit the maximum number of SMS sent during a single day.
Page 578 19 External Reporting bintec elmeg GmbH External Reporting SNMP SNMP Trap Options Fig. 219: -> -> The menu External Reporting->SNMP->SNMP Trap Options consists of the following fields: Fields in the Basic Parameters menu. Field Description SNMP Trap Broadcast- Select whether the transfer of SNMP traps is to be activated.
Page 579: Snmp Trap Hosts
19 External Reporting bintec elmeg GmbH 19.4.2 SNMP Trap Hosts In this menu, you specify the IP addresses to which your device is to send the SNMP traps. In the External Reporting->SNMP->SNMP Trap Hosts menu, a list of all configured SN- MP trap hosts is displayed.
Page 580 19 External Reporting bintec elmeg GmbH External Reporting Fig. 221: -> -> bintec RS Series...
Page 581: Monitoring
20 Monitoring bintec elmeg GmbH Chapter 20 Monitoring This menu contains information that enable you to locate problems in your network and monitor activities, e.g. at your device's WAN interface. 20.1 Internal Log 20.1.1 System Messages In the Monitoring->Internal Log->System Messages menu, a list of all internally stored system messages is displayed.
Page 582: Ipsec
20 Monitoring bintec elmeg GmbH Field Description Subsystem Displays which subsystem of the device generated the mes- sage. Message Displays the message text. 20.2 IPSec 20.2.1 IPSec Tunnels A list of all configured IPSec tunnel providers is displayed in the Monitoring->IPSec->IPSec Tunnels menu.
Page 583 20 Monitoring bintec elmeg GmbH Monitoring IPSec IPSec Tunnels Fig. 224: -> -> -> Values in the IPSec Tunnels list Field Description Description Shows the description of the peer. Local IP Address Shows the WAN IP address of your device.
Page 584: Ipsec Statistics
20 Monitoring bintec elmeg GmbH Field Description Role / Algorithm / Life- time remaining / Status IPSec (Phase-2) SAs Shows the parameters of the IPSec (Phase 2) SAs. Role / Algorithm / Life- time remaining / Status Messages The system messages for this IPSec tunnel are displayed here.
Page 585: Isdn/Modem
20 Monitoring bintec elmeg GmbH Field Description Status Displays the number of IPSec tunnels by their current status. • Up: Currently active IPSec tunnels. • Going up: IPSec tunnels currently in the tunnel setup phase. • Blocked: IPSec tunnels that are blocked.
Page 586: Call History
20 Monitoring bintec elmeg GmbH Monitoring ISDN/Modem Current Calls Fig. 226: -> -> Values in the Current Calls list Field Description Service Displays the service to or from which the call is connected: Remote Number Displays the number that was dialled (in the case of outgoing calls) or from which the call was made (in the case of incoming calls).
Page 587: Interfaces
20 Monitoring bintec elmeg GmbH Monitoring ISDN/Modem Call History Fig. 227: -> -> Values in the Call History list Field Description Service Displays the service to or from which the call was connected: Remote Number Displays the number that was dialled (in the case of outgoing calls) or from which the call was made (in the case of incoming calls).
Page 588 20 Monitoring bintec elmeg GmbH Monitoring Interfaces Statistics Fig. 228: -> -> Change the status of the interface by clicking the or the button in the Action column. Values in the Statistics list Field Description Shows the serial number of the interface.
Page 589 20 Monitoring bintec elmeg GmbH Monitoring Interfaces Statistics Fig. 229: -> -> -> Values in the Statistics list Field Description Description Displays the name of the interface. MAC Address Displays the interface text. IP Address / Netmask Shows the IP address and the netmask.
Page 590: Wlan
20 Monitoring bintec elmeg GmbH 20.5 WLAN 20.5.1 WLANx In the Monitoring->WLAN->WLAN menu, current values and activities of the WLAN inter- face are displayed. The values for wireless mode 802.11n are listed separately. Monitoring WLAN WLAN Fig. 230: -> ->...
Page 591 20 Monitoring bintec elmeg GmbH Field Description Rx Packets Shows the total number of received packets for the data rate shown in mbps. You can choose the Advanced button to go to an overview of more details. Monitoring WLAN WLAN Advanced Fig.
Page 592: Vss
20 Monitoring bintec elmeg GmbH Description Meaning ceived successfully sent with a unicast address. MSDUs that could not Displays the number of MSDUs that could not be sent. be transmitted Frame transmissions Displays the number of sent framesfor which an acknowledge- without ACK received ment frame was not received.
Page 593 20 Monitoring bintec elmeg GmbH Field Description ent is logged in. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. Signal dBm (RSSI1, Shows the received signal strength in dBm. RSSI2, RSSI3) Noise dBm Shows the received noise strength in dBm.
Page 594 20 Monitoring bintec elmeg GmbH Monitoring WLAN <connected client> Fig. 233: -> -> -> -> Values in the list <Connected Client> Field Description Client MAC Address Shows the MAC address of the associated client. IP Address Shows the IP address of the client.
Page 595: Client Management
20 Monitoring bintec elmeg GmbH Field Description wireless connection. Values: • > 25 dB excellent • 15 – 25 dB good • 2 – 15 dB borderline • 0 – 2 dB bad. Data Rate mbps Shows the current transmission rate of data received by this cli- ent in mbps.
Page 596: Bridge Links
20 Monitoring bintec elmeg GmbH Field Description MAC Address Displays the MAC address being used for this VSS. Active Clients Displays the number of active clients. 2,4/5 GHz changeover Displays the number of clients who have been moved to a dif- ferent frequency band by the 2,4/5 GHz changeover function.
Page 597 20 Monitoring bintec elmeg GmbH Field Description Mbps. Rx Data Rate mbps Shows the current clock rate of data received on this bridge link in Mbps. Uptime Shows the time in hours, minutes and seconds for which the bridge link in question is active.
Page 598: Client Links
20 Monitoring bintec elmeg GmbH Field Description Bridge Link Descrip- Shows the name of the bridge link. tion Remote MAC Shows the MAC address of the bridge link partner. First seen Displays the time of the first registered attempted contact of the bridge link partner.
Page 599 20 Monitoring bintec elmeg GmbH Field Description Uptime Shows the time in hours, minutes and seconds for which the cli- ent link in question is active. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received.
Page 600 20 Monitoring bintec elmeg GmbH Monitoring WLAN Client Links Fig. 238: -> -> -> Values in the Client Links list Field Description AP MAC Address Shows the MAC address of the client link partner. Uptime Shows the time in hours, minutes and seconds for which the cli- ent link in question is active.
Page 601: Bridges
20 Monitoring bintec elmeg GmbH Field Description Packets and Rx Packets. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. 20.6 Bridges 20.6.1 br<x> In the Monitoring->Bridges-> br<x> menu, the current values of the configured bridges are shown.
Page 602: Qos
20 Monitoring bintec elmeg GmbH Monitoring HotSpot Gateway HotSpot Gateway Fig. 240: -> -> Values in the HotSpot Gateway list Field Description User Name Displays the user's name. IP Address Shows the IP address of the user. Physical Address Shows the physical address of the user.
Page 603 20 Monitoring bintec elmeg GmbH Field Description QoS Queue Shows the QoS queue, which has been configured for this inter- face. Send Shows the number of sent packets with the corresponding pack- et class. Dropped Shows the number of rejected packets with the corresponding packet class in case of overloading.
Page 604: Index
Index bintec elmeg GmbH ATM PVC Index ATM Service Category Authentication 311 , 316 , 322 , 327 , 334 , 399 , 406 Interface Authentication Method 354 , 372 Accept Client FQDN Authentication Type 83 , 88 Accept Router Advertisement...
Page 605 Index bintec elmeg GmbH Compare Condition 445 , 464 , 485 , 491 , 524 , 528 Compare Value Destination 418 , 421 Compression Destination Port/Range 241 , 254 , Config Mode 260 , 276 , 524 Configuration contains certificates/keys...
Page 606 Index bintec elmeg GmbH 260 , 276 , 524 GEO Zone Status DTIM Period 171 , 201 Group Description 83 , 249 , 251 , DUID Dynamic blacklisting Group ID E-mail Hello Intervall EAP Preauthentification 167 , 205 High Priority Class...
Page 607 Index bintec elmeg GmbH IPv4 Long Retry Limit IPv4 Address Loopback End-to-End IPv4 Back Route Verify Loopback Segment IPv4 Proxy ARP MAC Address 136 , 340 , 464 IPv4-DNS-Server Mail Exchanger (MX) IPv6 138 , 309 , 320 , 427...
Page 608 Index bintec elmeg GmbH Monitored GEO Zone Password for protected Certificate Monitored Interface Monitored IP Address Peak Cell Rate (PCR) Monitoring Mode Peer Address 312 , 413 Peer ID Multicast Group Address Phase-1 Profile Name 193 , 237 , 385 , 470...
Page 609 Index bintec elmeg GmbH Public Interface Public Interface Mode Rule Chain 280 , 282 , 530 Public Source IPv4 Address Rx Shaping 171 , 210 Query Interval Save configuration Queues/Policies Scan channels RA Encrypt Certificate Scan Interval RA Sign Certificate...
Page 610 Index bintec elmeg GmbH Source Address / Length Traffic Shaping Source Interface 228 , 254 , 301 Traffic Direction Source IP Address/Netmask 228 , Traffic shaping 241 , 254 , 362 Transfer Mode Source IP Address 485 , 491 , 507 ,...
Page 611 Index bintec elmeg GmbH Vendor Mode Alert Service Vendor Option String Alive Check Version Check Answer to client request Virtual Channel Connection (VCC) AP discovered 343 , 346 AP MAC Address 582 , 584 Virtual Channel Identifier (VCI) AP managed...
Page 612 Index bintec elmeg GmbH Garbage Collection Timer Denied Clients soft/hard Gateway Description 566 , 567 , 572 , 573 , GRE Window Adaption GRE Window Size Destination File Name Hashing Algorithms Destination IP Address Hold Down Timer Details Host for multiple locations...
Page 613 Index bintec elmeg GmbH Local Port 567 , 573 Multicast MSDUs transmitted success- Location fully Log Format Multicast MSDUs received successfully Log out immediately Logged Actions Multicast Routing Logging Level Login Grace Time NAT active Logon NAT Detection Logout Options...
Page 614 Index bintec elmeg GmbH Remote Address Set Time Remote ID Show passwords and keys in clear text Remote IP Remote IP Address Signal Remote IP Address Signal dBm Remote MAC 580 , 581 Silent Deny Remote Networks SIP Port Remote Number...
Page 615 Index bintec elmeg GmbH Throughput Access Profiles Time Actions Time Update Interval 64 , 66 Active Clients Time Update Policy Address List Time Zone Administration Timeout Alert Recipient Total Alert Settings Traceroute Address Black / White List Traceroute Mode Bridge Links...
Page 616 Index bintec elmeg GmbH Interface Assignment 281 , 530 RIP Options Interfaces 70 , 134 , 509 , 515 , 554 Rogue APs IP Pool Configuration Rogue Clients IP Pools 336 , 386 , 411 RTSP Proxy IP/MAC Binding Rule Chains...
Page 617 Index bintec elmeg GmbH Alert Service Routes RTSP Bridges Scheduling BRRP Services CAPI Server Certificates Controller Configuration Slave AP configuration DHCP Server SNMP DHCPv6 Server Software &Configuration Diagnostics Surveillance Syslog Drop In UPnP DynDNS Client VLAN Factory Reset Wake-On-LAN Forwarding...
Page 618 Index bintec elmeg GmbH Assistants Ethernet Ports Authentication Method Ethernet Interface Selection Autoconfiguration on Bootup Fallback Number Bearer Service Fixed IP Address BOSS Version Home PLMN Cell ID Cloud NetManager address Cloud NetManager communication ICC ID Configuration Access IMEI Configuration example - DHCP-Client...
Page 619 Index bintec elmeg GmbH MSN Recognition Show Manufacturer Names MSN Configuration Signal dBm (RSSI1, RSSI2, RSSI3) Multicast 576 , 578 , 580 , 581 , 582 , 584 SIM Card Uses PIN State Status Name Subscriber Number Network Provider Switch Port...
Page 620 Index bintec elmeg GmbH X.31 (X.25 in D Channel) X.31 TEI Service X.31 TEI Value bintec RS Series...

This manual is also suitable for:

Rs123w Rs353aw Rs353a

BinTec RS123 Manual

Chapter 1 Installation

Chapter 2 Basic Configuration

Chapter 3 Access and Configuration

Chapter 4 Assistants

Chapter 5 System Management

Chapter 6 Physical Interfaces

Chapter 7 LAN

Chapter 8 Wireless LAN

Chapter 9 Wireless LAN Controller

Chapter 10 Networking

Chapter 11 Routing Protocols

Chapter 12 Multicast

Chapter 13 WAN

Chapter 14 VPN

Chapter 15 Firewall

Chapter 16 Voip

Chapter 17 Local Services

Chapter 18 Maintenance

Chapter 19 External Reporting

Quick Links

Related Manuals for BinTec RS123

Summary of Contents for BinTec RS123