1. Manuals
  2. Brands
  3. Innoband Manuals
  4. Gateway
  5. 8860-C1
  6. User manual

Innoband 8860-C1 User Manual

Adsl 2+ gateway
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
ADSL 2+ Gateway
8860-C1
User's Manual
Version 5.51.r1
Last Revised: 10-10- 2007

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 8860-C1 and is the answer not in the manual?

Questions and answers

Related Manuals for Innoband 8860-C1

Summary of Contents for Innoband 8860-C1

  • Page 1 ADSL 2+ Gateway 8860-C1 User’s Manual Version 5.51.r1 Last Revised: 10-10- 2007...

  • Page 2: Table Of Contents

    CHAPTER 1: INTRODUCTION ........................5 ....................... 5 NTRODUCTION TO ATEWAY ................................ 5 EATURES CHAPTER 2: INSTALLING THE GATEWAY................... 8 ....................8 MPORTANT OTE FOR SING ATEWAY ............................8 ACKAGE ONTENTS ............................9 RONT ............................10 ANEL ................................ 11 ABLING CHAPTER 3: BASIC INSTALLATION ..................... 13 ........................
  • Page 3 ............................30 ONFIGURATION LAN (Local Area Network) ........................30 Bridge Interface ..........................30 Ethernet ............................31 IP Alias ............................31 Ethernet Client Filter ........................32 Port Setting ...........................33 DHCP Server ..........................34 WAN (Wide Area Network) ........................35 ISP ..............................35 DNS ..............................43 ADSL ............................44 System ..............................46 Time Zone ............................46 Remote Access..........................47 Firmware Upgrade ........................47...
  • Page 4 WAN I ...................... 125 ROBLEMS WITH THE NTERFACE LAN I ....................... 125 ROBLEMS WITH THE NTERFACE APPENDIX A: PRODUCT SUPPORT AND CONTACT INFORMATION ........126 APPENDIX B: WARRANTY INFORMATION..................127 Registration Card............................ 127 Table of Content...

  • Page 6: Chapter 1: Introduction

    Chapter 1: Introduction Introduction to Your Gateway Welcome to the Innoband ADSL 2+ Gateway 8860-C1. The gateway is an “all-in-one” unit, combining an ADSL 2+ gateway with four-port 10/100M auto-crossover switch and firewall. The 8860-C1 can provide everything you need and get your network connected to the Internet over your ADSL or ADSL 2/2+ broadband connection.
  • Page 7 data transfer among networked devices. With these features enabled, users can now connect to Net meeting or MSN Messenger seamlessly. Network Address Translation (NAT) Allows multi-users to access outside resources such as the Internet simultaneously with one IP address/one Internet access account. Many application layer gateways (ALG) are supported, such as Web browser, ICQ, FTP, Telnet, E-mail, News, Net2phone, Ping, NetMeeting, IP phone,and etc.
  • Page 8 Static and RIP1/2 Routing It has routing capability and supports easy static routing table or RIP1/2 routing protocol. Simple Network Management Protocol (SNMP) It is an easy way to remotely manage the gateway via SNMP. Web based GUI It supports Web based GUI for configuration and management. It is a user-friendly application and comes with the on-line help.

  • Page 9: Chapter 2: Installing The Gateway

    Only use the power adapter that comes with the package. Using a different voltage rating power adaptor may damage this gateway. Attention Package Contents 8860-C1 ADSL 2+ Gateway Product Information CD containing this manual RJ-11 ADSL cable Ethernet (CAT-5 LAN) Cable...

  • Page 10: The Front Leds

    The Front LEDs Meaning Lit green when power on. Power Lit red when POST (Power On Self Test) failure (not bootable) or device malfunctions. Lit when the LAN link is connected to an Ethernet device. LAN 1 — 4 Green for 100Mbps; Orange for 10Mbps. Blinking when data is being transmitted and/or received.

  • Page 11: The Back Panel

    The Back Panel Ethernet Port # 4 can be used as a console port. You need a special console converter that is included in the package to connect the LAN 4 console with your computers’ RJ-232 port (9-pin serial). Port Meaning Connect the supplied RJ-11 ADSL cable to this port.

  • Page 12: Cabling

    Cabling One of the most common causes of problem is bad cabling or ADSL line. Make sure that all connected devices are turned on. Verify that the LAN Link and ADSL line LEDs are lit. If they are not, verify that you are using the proper cables.

  • Page 14: Chapter 3: Basic Installation

    The default IP address of the gateway is 192.168.1.1 and the subnet mask is 255.255.255.0. Please configure your PC to obtain an IP address through 8860-C1’s DHCP server or a fixed IP address between 192.168.1.2 to 192.168.1.253. If you encounter any problem accessing the gateway’s web interface, it is advisable to disable any kind of software firewall on your PCs.
  • Page 15 Configuring PCs in Windows in Window XP Go to Start -> Control Panel (in Classic View). In the Control Panel, double-click Network Connections. Double-click Local Area Connection. (See Figure 3.1) Figure 3.1: LAN Area Connection In the LAN Area Connection Status window, click Properties.
  • Page 16 Configuring PCs in Windows 2000 Go to Start -> Settings -> Control Panel. In the Control Panel, double-click Network and Dial-up Connections. Double-click Local Area (“LAN”) Connection. (See Figure 3.5) Figure 3.5: LAN Area Connection In the LAN Area Connection Status window, click Properties.
  • Page 17 Configuring PC in Windows Vista Go to Start -> Control Panel -> Network Figure 3.9: Manage Network Connections and Internet -> Network and Sharing Center -> Manage Network Connections (see Figure 3.9) Double click on your LAN or High-Speed Internet Select Internet Protocol...

  • Page 18: Factory Default Settings

    OK to finish the configuration. Factory Default Settings Before configuring your 8860-C1, you need to know the following default settings. Web Interface Default Username and Password Username: admin Password: admin If you ever forget the username/password to login to the gateway, press and hold the RESET button for up to 6 seconds to restore the gateway back to factory default.

  • Page 19: Lan And Wan Port Addresses

    IP pool counts: 100 LAN and WAN Port Addresses The parameters of LAN and WAN ports are pre-set in the factory. The default values are shown below. LAN Port WAN Port IP address 192.168.1.1 The PPPoE function is enabled Subnet Mask 255.255.255.0 to automatically get the WAN port configuration from the ISP,...

  • Page 20: Logging Into The Gateway Using Your Web Browser

    Logging into the Gateway using Your Web Browser Open your web browser, enter the IP address of your gateway, which by default is 192.168.1.1, and click “Go”, a user name and password window will appear. The default username and password are “admin”...

  • Page 21: Chapter 4: Configuration

    Chapter 4: Configuration At the configuration homepage, the navigation pane on the left provides links to the desired perspective setup page, including: Status ARP Table Routing Table DHCP Table PPTP Status IPSec Status L2TP Status Email Status Event Log Error Log NAT Sessions Diagnostic UPnP Portmap...

  • Page 22: Status

    Status ARP Table This section displays the gateway’s ARP (Address Resolution Protocol) Table, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the gateway’s Firewall – MAC Address Filter function.

  • Page 23: Dhcp Table

    Destination: The IP address of the destination network. Netmask: The destination netmask address. Gateway: The IP address of the gateway that this route will use. Cost: The number of hops counted as the cost of the route. DHCP Table Leased: The DHCP assigned IP addresses information. IP Address: A list of IP addresses of devices on your LAN (Local Area Network).

  • Page 24: Pptp Status

    Name: The name you assigned to the Permanent configuration. IP Address: The fixed IP address for the specify client. MAC Address: The MAC Address that you want to assign the fixed IP address Maximum Lease Time: The maximum lease time interval you allow to clients PPTP Status This shows details of your configured PPTP VPN Connections.

  • Page 25: L2Tp Status

    Active: Whether the VPN Connection is currently Active. Connection State: Whether the VPN is Connected or Disconnected. Statistics: Statistics for this VPN Connection. Local Subnet: The local IP Address or Subnet used. Remote Subnet: The Subnet of the remote site. Remote Gateway: The Remote Gateway IP address.

  • Page 26: Event Log

    Event Log This page displays the gateway’s Event Log entries. Major events are logged to this window, such as when the gateway’s ADSL connection is disconnected, as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration – Firewall section of the interface. Please see the Firewall section of this manual for more details on how to enable Firewall logging.

  • Page 27: Diagnostic

    Diagnostic It tests the connection to the computers that are connected to Ethernet ports and also the WAN Internet connection. UPnP Portmap The section lists all port-mapping established using UPnP (Universal Plug and Play). Please see the Advanced section of this manual for more details on UPnP and the gateway’s UPnP configuration options. Chapter 4: Configuration...
  • Page 28 Chapter 4: Configuration...

  • Page 29: Quick Start

    Quick Start For detailed instructions on configuring your WAN settings, please see the WAN section of this manual. Your ISP should be able to supply all the information you need for the Quick Start section. Click Start to begin scanning for encapsulation types offered by your ISP. If the scan is successful you will then be presented with a list of supported encapsulation options as shown below.
  • Page 30 Select the desired option from the list and click Apply to return to the Quick Start menu to continue configuring your connection. Chapter 4: Configuration...

  • Page 31: Lan (Local Area Network)

    Configuration The Configuration section allows you to configure the following items for your ADSL gateway: LAN, WAN, System, Firewall, VPN, QoS, Virtual Server, Time Schedule and Advanced. LAN (Local Area Network) There are seven sub-items within the LAN section: Bridge Interface, Ethernet, IP Alias, Ethernet Client Filter, Wireless, Wireless Security, Wireless Client Filter, Port Setting DHCP Server.

  • Page 32: Ethernet

    Ethernet Primary IP Address IP Address: The default IP on this gateway. Subnet Mask: The default subnet mask on this gateway. RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. IP Alias This function supports the creation of multiple virtual IP interfaces on this gateway. It helps to connect two or more local networks to the service provider or to remote nodes.

  • Page 33: Ethernet Client Filter

    DMZ: Specify this IP to DMZ. There is no NAT on this interface. Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage your network control to accept traffic from specific authorized machines or can restrict unwanted machine(s) to access your LAN.

  • Page 34: Port Setting

    Active PC in LAN displays a list of individual Ethernet device’s IP Address & MAC Addresses that are connected to the gateway. Check the box right next to the IP address and click Add to add to the block or allow table (depending on which option is chosen).

  • Page 35: Dhcp Server

    DHCP Server The DHCP protocol allows your gateway to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addresses automatically. To disable the gateway’s DHCP Server, check Disabled and click Next and then Apply. When the DHCP Server is disabled you will need to manually assign a fixed IP address to each PC on your network, and set the default gateway for each PCs to the IP address of the gateway (by default this is 192.168.1.1).

  • Page 36: Wan (Wide Area Network)

    WAN (Wide Area Network) WAN refers to your Wide Area Network connection, i.e. your gateway’s connection to Internet. There are two items within the WAN section: ISP, DNS ADSL. The factory default is PPPoE. If your ISP uses this access protocol, click Edit to input other parameters. If your ISP does not use PPPoE, you can change the default WAN connection entry by clicking Change.
  • Page 37 VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing the single IP address. If users on your LAN have public IP addresses and can access the Internet directly, the NAT function can be disabled.
  • Page 38 Encapsulation method: Select the encapsulation format, this is provided by your ISP. Acceptable Frame Type: Specify what kind of traffic can through this connection, all traffic or only VLAN tagged. Filter Type: Specify the type of ethernet filtering performed by the named bridge interface. Allows all types of ethernet packets through the port.
  • Page 39 Username: Enter the username provided by your service provider. You can input up to 128 alphanumeric characters (case sensitive). Please check with your service provider on the exact string to enter here. Password: Enter the password provided by your service provider. You can input up to 128 alphanumeric characters (case sensitive).
  • Page 40 IPoA Routed Connections Description: User-definable name for the connection. VPI/VCI: Enter the information provided by your service provider. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address.
  • Page 41 PPPoE Connections Description: A user-definable name for this connection. VPI/VCI: Enter the information provided by your service provider. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single ISP account, sharing a single IP address.
  • Page 42 IP Address: specify if the Gateway can get an IP address from the service provider automatically or not. Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function, and specify the IP address manually. Authentication Protocol: Default is Chap (Auto).
  • Page 43 PPPoE with Pass-through Connections PPPoE with pass-through adapts the following method: PPPoE Routed mode + 1483 Bridge Mode. With pure PPPoE connection, the gateway can get one WAN address to the gateway. With the PPPoE and PPPoE pass-through, concurrently, it allows user to have a WAN address assigned to the gateway but also able to get another WAN IP from ISP using PPPoE dialer (e.g.

  • Page 44: Dns

    Service Name: This item is for identification purposes. If it is required, your service provider will provide you the information. Maximum input is 20 alphanumeric characters. IP Address: specify if the Gateway can get an IP address from the service provider automatically. Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function, and specify the IP address manually.

  • Page 45: Adsl

    You can obtain a Domain Name System (DNS) IP address automatically if your service provider provides it upon logo by checking the Enable box. If the Enable box is checked, please leave the configuration field blank. If your service provider provides you with their DNS IP addresses, please uncheck the Enable box and enter the DNS IP address manually.
  • Page 46 Connected: Display the current ADSL line sync status. Operational Mode: Display the current ADSL mode standard (Operational Mode) your gateway is using when ADSL line has established sync. Annex Type: ADSL Annex A: connection over a standard telephone line. Annex B: connection over an ISDN line.

  • Page 47: System

    System There are six sub-items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart User Management. Time Zone The gateway does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network.

  • Page 48: Remote Access

    Remote Access To temporarily permit remote administration of the gateway (i.e. from outside your LAN), select a time period the gateway will permit remote access for and click Enable. You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI.

  • Page 49: Backup / Restore

    Backup / Restore These functions allow you to save and backup your gateway’s current settings to a file on your PC or to restore a previously saved backup. This is useful if you wish to experiment with different settings. It is advisable to backup your gateway’s settings before making any significant changes to your gateway’s configuration.

  • Page 50: User Management

    If you wish to restart the gateway using the factory default settings, select Factory Default Settings to reset to factory default settings. You may also reset your gateway to factory settings by holding the small Reset pinhole button more than 6 seconds on the back of your gateway.

  • Page 51: Firewall And Access Control

    Firewall and Access Control Your gateway includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT (Network Address Translation. Please see the WAN configuration section for more details on NAT) the gateway acts as a “natural”...

  • Page 52: General Settings

    URL Filter: To block PCs on your local network from unwanted websites. Here are the items within the Firewall section: General Settings, Packet Filter, Intrusion Detection, URL Filter, IM/P2P Blocking Firewall Log. General Settings You can choose not to enable Firewall, to add all filter rules by yourself, or enable the Firewall using preset filter rules and modify the port filter rules as required.

  • Page 53: Packet Filter

    Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The predefined port filter rules in the Packet Filter must be modified accordingly to the level of Firewall chosen. See Table1: Predefined Port Filter for more detailed information.
  • Page 54 Example: Predefined Port Filters Rules The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1. Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself. No predefined rule is being preconfigured.
  • Page 55 Packet Filter – Add TCP/UDP Filter Rule Name: Users-defined description to identify this entry or click to select existing predefined rules. 32 characters is the maximum length. Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy.
  • Page 56 Packet Filter – Add Raw IP Filter Rule Name: User-definable description to identify this entry or click to select existing predefined rules. Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section Protocol Number: Insert the port number, i.e.
  • Page 57 Example: Configuring your firewall to allow for a publicly accessible web server on your LAN The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level. To setup a web server located on the local network when the firewall is enabled, you have to configure the Port Filters setting for HTTP.
  • Page 58 Configuring Packet Filter 1. Click Packet Filter. You will then be presented with the predefined port filter rules screen shown below if low security level is chosen. Click Delete 2. Click Delete to delete the existing HTTP rule. 3. Click Add TCP/UDP Filter. Click Add TCP/UDP Filter 4.
  • Page 59 5. The new port filter rule for HTTP is shown below: 6. Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server: Note: Go to Add Virtual Server in Virtual Server section for more details on how to configure the HTTP in Virtual Server Chapter 4: Configuration...

  • Page 60: Intrusion Detection

    Intrusion Detection The gateway’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the gateway determines to be suspicious.
  • Page 61 For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will only warn the user in the Event Log. It cannot protect against such attacks. Table 2: Hacker attack types recognized by the IDS Type of Block Intrusion Name Detect Parameter Blacklist Drop Packet Show Log...

  • Page 62: Url Filter

    URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www.innoband.com or http://www.covad.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements.
  • Page 63 Restrict URL Features: This function enhances the restriction to your URL rules. Block Java Applet: This function can block Web content that includes the Java Applet. It is to prevent someone who wants to damage your system via standard HTTP protocol. Block surfing by IP address: Preventing someone who uses the IP address as URL for skipping Domains Filtering function.

  • Page 64: Im / P2P Blocking

    Innoband’s IM and P2P blocking helps gateway administrator to restrict the use of popular IM client on LAN PCs connected to the 8860-C1. Instant Message Blocking: The default is set to Disabled.

  • Page 65: Firewall Log

    Firewall Log Firewall Log displays information of any out of the ordinary action experienced by your gateway. Check the Enable box to activate the logs. Log information can be seen in the Status – Event Log after enabling. Chapter 4: Configuration...

  • Page 66: Vpn (Virtual Private Networks)

    VPN (Virtual Private Networks) Virtual Private Networks is ways to establish secured communication tunnels to an organization’s network via the Internet. Your gateway supports three main types of VPN (Virtual Private Network), PPTP, IPSec and L2TP. PPTP (Point-to-Point Tunneling Protocol) There are two types of PPTP VPN supported;...
  • Page 67 PPTP Connection - Remote Access Connection Name: A user-defined name for the connection (e.g. “connection to the office”). Type: Check Dial Out if you want your gateway to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server. When configuring your gateway as a Client, enter the remote Server IP Address or Domain Name you wish to connection to.
  • Page 68 Idle Time: Auto-disconnect the VPN connection when there is no activity on the connection for a predetermined period of time. 0 means this connection is always on. Active as default route: Enables the default route. Click Apply button to apply your changes. Example: Configuring a Remote Access PPTP VPN Dial-out Connection A company’s office establishes a PPTP VPN connection with a file server located at a separate location.
  • Page 69 Configuring the PPTP VPN in the Office You can either input the IP address (69.1.121.33 in this case) or hostname to reach the server. Item Function Description Connection Name VPN_PPTP Given name of PPTP connection Dial out Check Dial out Server IP Address (or 69.121.1.33 An Dialed server IP...
  • Page 70 PPTP Connection - LAN to LAN Connection Name: A user-define description of the connection. Type: Check Dial Out if you want your gateway to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server. When configuring your gateway as a Client, enter the remote Server IP Address (or Hostname) you wish to connection to.
  • Page 71 Idle Time: Auto-disconnect the VPN connection when there is no activity on the connection for a predetermined period of time. 0 means this connection is always on. Click Apply button to apply your changes. Example: Configuring a PPTP LAN-to-LAN VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet.
  • Page 72 Configuring PPTP VPN in the Head Office The IP address 192.168.1.201 will be assigned to the gateway located in the branch office. Please make sure this IP is not used in the head office LAN. Function Item Description Connection Name Head Office Given a name of PPTP connection Dial in...
  • Page 73 Configuring PPTP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the gateway located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the gateway.

  • Page 74: Ipsec (Ip Security Protocol)

    IPSec (IP Security Protocol) Click Create to create a new IPSec VPN connection account. After you have created the IPSec connection, account information will be displayed. (See example above). Enable / Disable: This function activates or deactivates the IPSec connection. To wish interrupting the tunnel, check Disable radio button and click Apply button to deactivate the connection.
  • Page 75 IPSec VPN Connection Connection Name: A user-defined name for the connection (e.g. “connection to office”). Local Network: Set the IP address, subnet or address range of the local network. Single Address: The IP address of the local host. Subnet: The subnet of the local network. For example, IP: 192.168.1.0 with netmask 255.255.255.0 specifies one class C subnet starting from 192.168.1.1 (i.e.
  • Page 76 SHA1: A one-way hashing algorithm that produces a 160−bit hash. Encryption: Select the encryption method from the pull-down menu. There are several options: DES, 3DES, AES (128, 192 and 256) and NULL. NULL means it is a tunnel only with no encryption. 3DES and AES are more powerful but increase latency.
  • Page 77 Advanced Option This function is only available after completing the creation of an IPSec account. Click Advanced Option to change the following settings: IKE (Internet Key Exchange) Mode: Select IKE mode to Main mode or Aggressive mode. This IKE provides secured key generation and key management. IKE Proposal: Hash Function: It is a Message Digest algorithm which coverts any length of a message into a unique set of bits.
  • Page 78 DES: Stands for Data Encryption Standard, it uses 56 bits encryption method. 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits encryption method. AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits encryption method.
  • Page 79 Disconnection Time after no traffic: This is the No Response time clock. When no traffic is detected beyond the Disconnection time set, Gateway will automatically halt the tunnel connection and re-establish it based on the Reconnection Time set. Default setting is 1200 seconds; 180 seconds is minimum time interval for this function.
  • Page 80 Example: Configuring an IPSec LAN-to-LAN VPN Connection Table 3: Network Configuration and Security Plan Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24 Local Gateway IP 69.1.121.30 69.1.121.3 Remote Network ID 192.168.1.0/24 192.168.0.0/24 Remote Gateway IP 69.1.121.3 69.1.121.30 IKE Pre-shared Key 12345678 12345678 VPN Connection Type...
  • Page 81 Configuring IPSec VPN in the Head Office Function Item Description Connection Name IPSec_HeadOffice Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.1.0 Head office network Netmask 255.255.255.0 Secure Gateway Address IP address of the head office gateway (in WAN 69.121.1.30 (or Hostname) side)
  • Page 82 Configuring IPSec VPN in the Branch Office Function Item Description Connection Name IPSec_BranchOffice Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.0.0 Branch office network Netmask 255.255.255.0 Secure Gateway Address IP address of the head office gateway (in WAN 69.121.1.3 (or Hostname) side)
  • Page 83 Example: Configuring a IPSec Host-to-LAN VPN Connection Chapter 4: Configuration...
  • Page 84 Configuring IPSec VPN in the Office Function Item Description Connection Name IPSec Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.1.0 Head office network Netmask 255.255.255.0 Secure Gateway Address IP address of the head office gateway (in WAN 69.121.1.30 (or Hostname) side)

  • Page 85: L2Tp (Layer Two Tunneling Protocol)

    L2TP (Layer Two Tunneling Protocol) Two types of L2TP VPN are supported: Remote Access and LAN-to-LAN (please see below for more information.). Click Create to create a new VPN connection account. After you have created a L2TP connection, account status will be displayed (see example above). Enable / Disable: This function activates or deactivates the L2TP connection.
  • Page 86 L2TP Connection - Remote Access L2TP VPN Connection Connection Name: This is the user-defined name for the connection. Type: Check Dial Out if you want your gateway to operate as a client (connecting to a remote VPN server). Check Dial In if you want your gateway to operate as a VPN server. When configuring your gateway as a Client, enter the remote Server IP Address or Hostname you wish to connect to.
  • Page 87 the password before sending and also allows for challenges at different time to ensure that an intruder did not compromise the client. Idle Time: Auto-disconnect the VPN connection when there is no activity on the connection for a predetermined period of time. 0 means this connection is always on. Active as default route: Commonly used by the Dial-out connection that all packets are routed through the VPN tunnel to the Internet.
  • Page 88 Secret: The secure password length should be 16 characters that may include numbers and characters. Click Apply after changing settings. Example: Configuring a L2TP VPN - Remote Access Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included with Windows XP/2000/ME).
  • Page 89 Configuring L2TP VPN in the Office IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Function Item Description Connection Name VPN_L2TP Given a name of L2TP connection Dial in Check Dial in Private IP Address...
  • Page 90 Example: Configuring a Remote Access L2TP VPN Dial-out Connection A company’s office establishes a L2TP VPN connection with a file server located at a separate location. The gateway is installed in the office and is connected to a couple of PCs and Servers. Dial-out Chapter 4: Configuration...
  • Page 91 Configuring the L2TP VPN in the Office Function Item Description Connection Name VPN_L2TP Given name of L2TP connection Dial out Check Dial out Server IP Address (or 69.121.1.33 An Dialed server IP Hostname) Username username A given username & password Password 123456 Auth.Type...
  • Page 92 Example: Configuring your Gateway to Dial-in to the Server Microsoft Windows operation system currently does not support L2TP incoming service. Additional software may be required to setup your L2TP incoming service. L2TP Connection - LAN to LAN L2TP VPN Connection Connection Name: A user-defined description of the connection.
  • Page 93 Username: If you are a Dial-Out user (client), enter the username provided by your Host. If you are a Dial- In user (server), enter your own username. Password: If you are a Dial-Out user (client), enter the password provided by the your Host. If you are a Dial-In user (server), enter your own password.
  • Page 94 Local Host Name (Optional): Enter the hostname of the Local VPN device that has established a VPN tunnel. The Gateway’s default Hostname is home.gateway. Tunnel Authentication: This enables gateway to authenticate both the L2TP remote and L2TP host. This is only valid when L2TP remote supports this feature. Secret: The secure password length should be 16 characters that may include numbers and characters.
  • Page 95 Configuring L2TP VPN in the Head Office IP address 192.168.1.200 will be assigned to the gateway located in the branch office. Please make sure this IP is not used in the head office LAN. Function Item Description Connection Name HeadOffice Given a name of L2TP connection Dial in Check Dial in...
  • Page 96 Configuring L2TP VPN in the Branch Office IP address 69.1.121.30 is the Public IP address of the gateway located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the gateway.

  • Page 97: Qos (Quality Of Service)

    QoS (Quality of Service) QoS function helps you control your network traffic for each application from LAN (Ethernet and/or Wireless) to WAN (Internet). It lets you to control the throughput allowed for each application. The sub-items inside the QoS section are Prioritization Outbound / Inbound IP Throttling (bandwidth management).
  • Page 98 Destination Port: Destination port to be monitored. Source IP Address Range: Source IP address or IP range to be monitored. Destination IP Address Range: Destination IP address or IP range to be monitored. DSCP Marking: Differentiated Services Code Point (DSCP), it is the first 6 bits in the ToS byte. DSCP Marking allows users to classify traffic based on DSCP value and send packets to the next Gateway.

  • Page 99: Outbound Ip Throttling (Lan To Wan)

    Outbound IP Throttling (LAN to WAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. Click Clear You can click Clear to delete the existing Application. Application: A user-defined description to identify this new policy/application.

  • Page 100: Inbound Ip Throttling (Wan To Lan)

    Inbound IP Throttling (WAN to LAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. You can click Clear to delete the existing Application. Click Clear Application: A user-defined description to identify this new policy/application.
  • Page 101 Example: QoS for your Network Connection Diagram VoIP Normal PCs Restricted PC Information and Settings Upstream: 928 kbps Downstream: 8 Mbps VoIP User : 192.168.1.1 Normal Users : 192.168.1.2~192.168.1.5 Restricted User: 192.168.1.100 Chapter 4: Configuration...
  • Page 102 Throughput VoIP/VPN HIGH kbps Others NORMAL Restricted VoIP/VPN Others Restricted HIGH NORMAL Mission-critical application Mostly the VPN connection is mission-critical application for doing data exchange between head and branch offices. The mission-critical application must be sent out smoothly without any delay. Set priority level high to ensure the availability of the bandwidth.
  • Page 103 Restricted Application: 160kbps (5*32kbps) Other Applications: 448kbps (14*32kbps) 6+4+14+5=29, 29*32kbps=928kbps Sometime your customers or friends may upload their files to your FTP server and that will eat up your downstream bandwidth. The settings below help you limit bandwidth for restricted applications. Chapter 4: Configuration...

  • Page 104: Virtual Server (Port Forwarding)

    Virtual Server (Port Forwarding) In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program (usually a server) incoming traffic should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred to as “well-known ports”.
  • Page 105 Time Schedule: A self-defined time period to enable your virtual server. You may specify a time schedule or Always on for the usage of this Virtual Server Entry. For setup and detail, refer to Time Schedule section Application: Users-defined description to identify this entry or click to select existing predefined rules.
  • Page 106 has already been predefined, click Helper next to the Application. A list of predefined rules window will pop and select HTTP_Sever. Application: HTTP_Sever Time Schedule: Always On Protocol: tcp External Port: 80-80 Redirect Port: 80-80 IP Address: 192.168.1.254 Edit: Click to edit this virtual server application. Delete: Click to delete this virtual server application.

  • Page 107: Edit Dmz Host

    Edit DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host when a packet received does not use a port number used by any other Virtual Server entries.

  • Page 108: Edit One-To-One Nat (Network Address Translation)

    Edit One-to-One NAT (Network Address Translation) One-to-One NAT maps a specific private/local IP address to a global/public IP address. If you have multiple public/WAN IP addresses from you ISP, you are eligible for One-to-One NAT to utilize these IP addresses. NAT Type: Select desired NAT type.
  • Page 109 Time Schedule: A self-defined time period to enable your virtual server. You may specify a time schedule or Always on for the usage of this Virtual Server Entry. Application: User-defined description to identify this entry or click to select existing predefined rules.
  • Page 110 Example: List of some well-known and port numbers. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols. Port numbers range from 0 to 65535. However, only ports numbers 0 to 1023 are reserved for privileged services and are designated as “well-known ports” (Please refer to Table 5).

  • Page 111: Time Schedule

    Time Schedule Time Schedule supports up to 16 time slots that helps you manage your Internet connection. In each time profile, you may schedule specific day(s) to restrict or allow the usage of the Internet by users or by applications. This Time Schedule correlates closely with gateway’s time, since gateway does not have a real time clock on board;...

  • Page 112: Configuration Of Time Schedule

    Configuration of Time Schedule Edit a Time Slot Choose any Time Slot (ID 1 to ID 16) to edit, click Edit. Click Edit Note: The days you have selected will be presented in capital letter. No rule will apply to those days in lower case. Detailed settings for this Time Slot will be shown (see below).

  • Page 113: Advanced

    Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the gateway. Users who do not understand the features should not attempt to reconfigure their gateway. There are four sub-items within the Advanced section: Static Route, Dynamic DNS, Check Email, Device Management, IGMP and,...

  • Page 114: Dynamic Dns

    Dynamic DNS The Dynamic DNS function allows you to set a static hostname for a dynamic IP address. This is especially useful for hosting servers via your ADSL connection so that anyone wishing to connect to you may use your domain name rather than having to use your dynamic IP address.

  • Page 115: Check Email

    Check Email This function allows you to have the gateway check your POP3 mailbox for new Email messages. You may view the status of this function using the Status – Email Checking section of the web interface that also provides details on the number of new messages waiting. See the Status section of this manual for more information.

  • Page 116: Device Management

    Device Management The Device Management advanced configuration setting allows you to control your gateway’s security options and device monitoring features. Embedded Web Server ( 2 Management IP Accounts) HTTP Port: This is the port number the gateway’s embedded web server (for web-based configuration) will use.
  • Page 117 Expire to auto-logout: Specify a time frame for the system to auto-logout the user’s configuration session. For Example: User A changes HTTP port number to 100, specifies their own IP address of 192.168.1.55, and sets the logout time to be 100 seconds. The gateway will only allow User A access from the IP address 192.168.1.55 to logon to the Web GUI by typing: http://192.168.1.254:100 in their web browser.
  • Page 118 SNMPv3 is a strong authentication mechanism. It is authorization with fine granularity for remote monitoring. Traps supported: Cold Start, Authentication Failure. The following MIBs are supported: From RFC 1213 (MIB-II): System group Interfaces group Address Translation group IP group ICMP group TCP group UDP group EGP (not applicable)

  • Page 119: Igmp

    PPP Bridge Group From RFC1573 (IfMIB): ifMIBObjects Group From RFC1695 (atmMIB): atmMIBObjects From RFC 1907 (SNMPv2): only snmpSetSerialNo OID IGMP IGMP, known as Internet Group Management Protocol, is used to management hosts from multicast group. IGMP Forwarding: Accepting multicast packet. Default is set to Enable. IGMP Snooping: This allows switched Ethernet to check and make correct forwarding decisions.
  • Page 120 Advanced VLAN Setup Example (Triply Play) VLAN_data: Ethernet Port 1, Wireless and Wireless WDS are reserving for Internet - On Ethernet port 1 I also need VC 0/40 bridged. VLAN_Vedio Ethernet ports: 2, 3 and 4: - 0/33 Bi-directional IP - 0/34 Video - 0/35 Video - 0/36 Video Subscriber Services (EPG, EAS, etc.)
  • Page 121 From the example, 0/40 is used for data/Internet and assumes PPPoE is used; click the Edit to change the VPI/VCI to 0/40. Click Create to setup up additional WAN interface for video applications. Total of 8 VLAN is support; therefore, only 8 WAN interfaces can be created in the table. From the example, PVC 0/33 to 0/39 is assigned for video using 1483 Bridged mode.
  • Page 122 Acceptable Frame Type: Specify what kind of traffic can go through this connection. Filter Type: Specify the type of Ethernet filtering performed by the named bridge interface. Allows all types of ethernet packets through the port. Allows only IP/ARP types of ethernet packets through the port. PPPoE Allows only PPPoE types of ethernet packets through the port.
  • Page 123 Mapping the VLAN Bridge with Bridge Interface created in Step1, you will see the relationship in these two screenshots. Step 4: IGMP Snooping Enable Go Configuration Advanced IGMP. IGMP Snooping must be enabled in order to forward video stream correctly. Chapter 4: Configuration...

  • Page 124: Save Configuration To Flash

    Save Configuration to Flash After changing the gateway’s configuration settings, you must save all of the configuration parameters to FLASH to avoid them being lost after turning off or resetting your gateway. Click Save to write your new configuration to FLASH. Logout To exit the gateway’s web interface, choose Logout.

  • Page 126: Chapter 5: Troubleshooting

    Chapter 5: Troubleshooting If the gateway is not functioning properly, check this chapter first for quick troubleshoot before contacting your service provider or Innoband support. Problems starting up the gateway Problem Corrective Action None of the LEDs are on Check the connection between the power adapter and the gateway. If the problem when you turn on the persists, you may have a hardware problem.

  • Page 127: Appendix A: Product Support And Contact Information

    If you believe you are experiencing a hardware issue, please contact Innoband directly for service and support at www.innoband.com. Support questions should be directed to Innoband’s support e-mail address at support@innoband.com.

  • Page 128: Appendix B: Warranty Information

    Innoband warrants that equipment furnished will be free from defects in material and workmanship for a period of one year from the confirmed date of your purchase from Innoband or Innoband’s partners. Upon written notice of any such defect, the manufacturer will, at its option, repair or replace the defective item under the terms of this warranty, subject to the provisions and specific exclusions listed herein.

Table of Contents