1. Manuals
  2. Brands
  3. Proxicast Manuals
  4. Wireless Router
  5. LAN-Cell 2
  6. User manual

Proxicast LAN-Cell 2 User Manual

3g cellular router + vpn + firewall
Hide thumbs Also See for LAN-Cell 2:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
Table of Contents

Advertisement

Quick Links

Download this manual
LAN-Cell 2
3G Cellular Router + VPN + Firewall
User's Guide
Version 4.02
November 2008
Edition 2
www.proxicast.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the LAN-Cell 2 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Proxicast LAN-Cell 2

Summary of Contents for Proxicast LAN-Cell 2

  • Page 1 LAN-Cell 2 3G Cellular Router + VPN + Firewall User’s Guide Version 4.02 November 2008 Edition 2 www.proxicast.com...

  • Page 3: Table Of Contents

    Contents Overview Contents Overview Introduction ..........................25 Getting to Know Your LAN-Cell 2 ....................27 Introducing the Web Configurator & Home Screen ..............35 Tutorials: 3G Modem Setup & VPN Wizard ................53 Network & Wireless Menus ....................75 LAN Screens ..........................77 WAN &...
  • Page 4 System Maint. Menus 8 to 10 ....................543 Remote Management ......................551 IP Policy Routing ........................555 Call Scheduling ........................563 Troubleshooting and Specifications .................. 567 Troubleshooting ........................569 Product Specifications ......................575 Appendices ........................... 581 LAN-Cell 2 User’s Guide...

  • Page 5: Table Of Contents

    Chapter 1 Getting to Know Your LAN-Cell 2 ..................27 1.1 LAN-Cell 2: 3G Cellular Router + VPN + Firewall Overview ..........27 1.2 Ways to Manage the LAN-Cell .................... 27 1.3 Good Habits for Managing the LAN-Cell ................28 1.4 Applications for the LAN-Cell ....................
  • Page 6 5.1 Overview ..........................89 5.1.1 What You Can Do in the WAN Screens ..............90 5.1.2 What You Need To Know About WAN ................ 91 5.2 WAN General Screen ......................94 5.2.1 Configuring Load Balancing ..................97 LAN-Cell 2 User’s Guide...
  • Page 7 7.6.2 MAC Address Filter ....................147 7.6.3 User Authentication ....................147 7.6.4 Encryption ........................ 148 7.6.5 Additional Installation Requirements for Using 802.1x ..........149 7.7 Internal Wi-Fi Access Point Setup ..................150 7.7.1 SSID Profile ......................152 LAN-Cell 2 User’s Guide...
  • Page 8 9.2 Firewall Rules Example ..................... 182 9.3 Firewall Default Rule ......................184 9.4 Firewall Rule Summary Screen ..................186 9.4.1 Firewall Edit Rule ....................188 9.5 Anti-Probing Screen ......................191 9.6 Threshold Screen ......................192 9.7 Service Screen ......................... 194 LAN-Cell 2 User’s Guide...
  • Page 9 11.2 My Certificates Screen ....................257 11.2.1 My Certificate Details Screen ................259 11.3 My Certificate Export Screen ..................262 11.4 My Certificate Import Screen ..................263 11.5 My Certificate Create Screen ................... 265 11.6 Trusted CAs Screen ......................269 LAN-Cell 2 User’s Guide...
  • Page 10 14.1.1 What You Can Do in the DNS Screens ..............307 14.1.2 What You Need To Know About DNS ..............307 14.2 System Screen ........................ 309 14.2.1 Adding an Address Record ...................311 14.2.2 Inserting a Name Server Record ................312 14.3 DNS Cache ........................313 LAN-Cell 2 User’s Guide...
  • Page 11 17.1.1 What You Can Do in the Policy Route Screens ............. 343 17.1.2 What You Need To Know About Policy Route ............343 17.2 Policy Route Summary Screen ..................344 17.3 Policy Route Edit Screen ....................345 Chapter 18 Bandwidth Management Screens..................349 18.1 Overview ......................... 349 LAN-Cell 2 User’s Guide...
  • Page 12 22.1.1 What You Can Do in the Maintenance Screens ............. 397 22.2 General Setup Screen ..................... 397 22.3 Password Screen ......................398 22.4 Time and Date Screen ..................... 399 22.4.1 Time Server Synchronization Example ..............402 LAN-Cell 2 User’s Guide...
  • Page 13 25.3.5 Editing Login Script ....................434 25.3.6 Remote Node Filter ....................436 25.4 3G WAN ........................... 436 25.4.1 3G Modem Setup ....................436 25.4.2 Remote Node Profile (3G WAN) ................437 Chapter 26 LAN Setup..........................441 LAN-Cell 2 User’s Guide...
  • Page 14 31.1 Introduction to WAN ISP Setup ..................465 31.2 Remote Node Setup ......................465 31.3 Remote Node Profile Setup ..................... 465 31.3.1 Ethernet Encapsulation ..................466 31.3.2 PPPoE Encapsulation .................... 467 31.3.3 PPTP Encapsulation ....................468 LAN-Cell 2 User’s Guide...
  • Page 15 35.3 Example Filter ........................508 35.4 Filter Types and NAT ....................... 510 35.5 Firewall Versus Filters ..................... 510 35.5.1 Packet Filtering: ..................... 510 35.5.2 Firewall ........................511 35.6 Applying a Filter .......................511 35.6.1 Applying LAN Filters ....................512 LAN-Cell 2 User’s Guide...
  • Page 16 38.4.1 Restore Using FTP ....................535 38.4.2 Restore Using FTP Session Example ..............536 38.4.3 Restore Via Console Port ..................536 38.5 Uploading Firmware and Configuration Files ..............537 38.5.1 Firmware File Upload ..................... 537 38.5.2 Configuration File Upload ..................538 LAN-Cell 2 User’s Guide...
  • Page 17 41.3 IP Policy Routing Example ....................559 Chapter 42 Call Scheduling ........................563 42.1 Introduction to Call Scheduling ..................563 Part VII: Troubleshooting and Specifications ........567 Chapter 43 Troubleshooting........................569 43.1 Power, Hardware Connections, and LEDs ..............569 LAN-Cell 2 User’s Guide...
  • Page 18 Appendix C IP Addresses and Subnetting ................605 Appendix D Common Services .................... 613 Appendix E Wireless LANs ....................617 Appendix F Brute-Force Password Guessing Protection ............. 633 Appendix G Legal Information....................635 Appendix H Customer Support..................... 639 Index............................641 LAN-Cell 2 User’s Guide...

  • Page 19: About This User's Guide

    About This User's Guide Intended Audience This manual is intended for people who want to configure the LAN-Cell 2 using the web configurator or System Management Terminal (SMT). You should have at least a basic knowledge of TCP/IP networking concepts and topology.

  • Page 20: Document Conventions

    Syntax Conventions • The LAN-Cell 2 may be referred to as the “LAN-Cell”, the “device” or the “system” in this User’s Guide. • The LAN-Cell’s wired Ethernet WAN interface may be referred to as “WAN”, “Wired WAN”...
  • Page 21 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The LAN-Cell icon is not an exact representation of your device. LAN-Cell Computer Notebook computer Server Wi-Fi Access Point Firewall Telephone Switch Router LAN-Cell 2 User’s Guide...

  • Page 22: Safety Warnings

    For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product. • Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device. LAN-Cell 2 User’s Guide...
  • Page 23 • Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). • If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged. This product is recyclable. Dispose of it properly. LAN-Cell 2 User’s Guide...
  • Page 24 Safety Warnings LAN-Cell 2 User’s Guide...

  • Page 25: Introduction

    Introduction Getting to Know Your LAN-Cell 2 (27) Introducing the Web Configurator & Home Screen (35) Tutorials: 3G Modem Setup & VPN Wizard (53)

  • Page 27: Getting To Know Your Lan-Cell 2

    The LAN-Cell 2 also has a built-in Wi-Fi access point that allows IEEE 802.11a, IEEE 802.11b or IEEE 802.11g compatible clients to securely communicate with the LAN-Cell and access the wired network or Internet.

  • Page 28: Good Habits For Managing The Lan-Cell

    Chapter 1 Getting to Know Your LAN-Cell 2 • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers and also provide access to some of the LAN-Cell’s more advanced features. • SNMP. The device can be monitored by an SNMP manager. See the SNMP chapter in this User’s Guide.

  • Page 29: Redundant Secure Broadband Internet Access Via Ethernet Or Cellular

    Chapter 1 Getting to Know Your LAN-Cell 2 1.4.2 Redundant Secure Broadband Internet Access via Ethernet or Cellular Connect the LAN-Cell’s Ethernet WAN port to your existing Internet access gateway (company network, or your cable or DSL modem for example). Connect computers or servers to the LAN, DMZ or WLAN ports for shared Internet access.

  • Page 30: Front Panel Indicators

    Chapter 1 Getting to Know Your LAN-Cell 2 1.5 Front Panel Indicators Figure 4 Front Panel The following table describes the LAN-Cell’s front panel indicator lights. Table 1 Front Panel Lights COLOR STATUS DESCRIPTION The LAN-Cell is turned off. Green The LAN-Cell is ready and running.

  • Page 31: Rear Panel Connections

    Chapter 1 Getting to Know Your LAN-Cell 2 1.6 Rear Panel Connections Figure 5 Rear Panel The following table describes the LAN-Cell 2’s rear panel connections. Table 2 Rear Panel Connections LABEL DESCRIPTION Connect the included 12V DC power adapter to this power jack.

  • Page 32: Card-Lock

    Chapter 1 Getting to Know Your LAN-Cell 2 1.7 Card-Lock The LAN-Cell 2's Card-Lock system provides a mechanism for securing the PC Card modem to prevent it from coming loose in mobile applications. 1 Insert a cable-tie through the two Card-Lock brackets above and below the PC-Card slot...
  • Page 33 Chapter 1 Getting to Know Your LAN-Cell 2 3 Insert the PC-Card modem into the card slot, keeping the cable-tie loop toward the front of the LAN-Cell (Figure Figure 8 Card-Lock Step 3 4 Once the PC-Card is inserted, slide the loop over the protruding end of the card and pull...
  • Page 34 Chapter 1 Getting to Know Your LAN-Cell 2 5 Bring the bottom of the cable-tie up to secure it with the cable-tie lock (Figure 10). Figure 10 Card-Lock Step 5 6 Tighten the cable-tie against the PC Card (Figure 11).

  • Page 35: Introducing The Web Configurator & Home Screen

    1 Make sure your LAN-Cell hardware is properly connected and prepare your computer/ computer network to connect to the LAN-Cell (refer to the Quick Start Guide). 2 Launch your web browser. 3 Type "192.168.1.1" as the URL. The LAN-Cell Login screen will appear Figure LAN-Cell 2 User’s Guide...
  • Page 36 If you do not replace the default certificate here or in the CERTIFICATES screen, this screen displays every time you access the web configurator. Figure 14 Replace Certificate Screen 7 You should now see the HOME screen (see Figure 16 on page 41). LAN-Cell 2 User’s Guide...

  • Page 37: Navigating The Lan-Cell Web Configurator

    As illustrated above, the main screen is divided into these parts: • A - Title Bar • B - Navigation Panel • C - Main Window • D - Status Bar 2.3.1 Title Bar The title bar contains the Help icon in the upper right corner. LAN-Cell 2 User’s Guide...

  • Page 38: Navigation Panel

    Use this screen to configure the internal Wi-Fi Access Point Configuration settings. Security Use this screen to configure the WLAN security settings. MAC Filter Use this screen to change MAC filter settings on the LAN-Cell SECURITY LAN-Cell 2 User’s Guide...
  • Page 39 Use this screen to configure the address and name server records. Cache Use this screen to configure the DNS resolution cache. DHCP Use this screen to configure LAN/DMZ/WLAN DNS information. DDNS Use this screen to set up dynamic DNS. LAN-Cell 2 User’s Guide...

  • Page 40: Main Window

    LOGOUT Click this label to exit the web configurator. 2.3.3 Main Window The main window shows the screen you select in the navigation panel. It is discussed in more detail in the rest of this document. LAN-Cell 2 User’s Guide...

  • Page 41: Home Screen

    This is the bootbase version and the date created. Firmware Version This is the ProxiOS Firmware version and the date created. ProxiOS is Proxicast's proprietary Network Operating System design. Click the field label to go to the screen where you can upload a new firmware file. Up Time This field displays how long the LAN-Cell has been running since it last started up.
  • Page 42 (configured through the SMT) for a PPP connection and Down (line is down or not connected), Idle (line (ppp) idle), Dial (starting to trigger a call) or Drop (dropping a call) if you’re using PPPoE encapsulation. IP/Netmask This shows the port’s IP address and subnet mask. LAN-Cell 2 User’s Guide...
  • Page 43 LAN-Cell takes the actions you specified in the Cellular screen. Cellular Card This displays the manufacturer of your 3G card. Manufacturer Cellular Card This displays the model name of your 3G card. Model LAN-Cell 2 User’s Guide...
  • Page 44 Enter a key to enable the internal modem on your cellular card. By default, the key is the last four digits of your phone number used to dial up the cellular connection. Otherwise, you need to get the key from your service provider. LAN-Cell 2 User’s Guide...

  • Page 45: Port Statistics

    Click Bandwidth to view the LAN-Cell’s bandwidth usage and allotments. 2.3.5 Port Statistics Click Port Statistics in the HOME screen. Read-only information here includes port status and packet specific statistics. The Poll Interval(s) field is configurable. LAN-Cell 2 User’s Guide...

  • Page 46: Show Statistics: Line Chart

    Refresh Click this button to update the screen’s statistics immediately. 2.3.6 Show Statistics: Line Chart Click the icon in the Show Statistics screen. This screen shows you a line chart of each port’s throughput statistics. LAN-Cell 2 User’s Guide...

  • Page 47: Dhcp Table Screen

    Click Show DHCP Table in the HOME screen. Read-only information here relates to your DHCP status. The DHCP table shows current DHCP client information (including IP Address, Host Name and MAC Address) of all network clients using the LAN-Cell’s DHCP server. LAN-Cell 2 User’s Guide...

  • Page 48: Vpn Status

    Click VPN in the HOME screen. This screen displays read-only information about the active VPN connections. The Poll Interval(s) field is configurable. A Security Association (SA) is the group of security settings related to a specific VPN tunnel. LAN-Cell 2 User’s Guide...

  • Page 49: Bandwidth Monitor

    Refresh Click this button to update the screen’s statistics immediately. 2.3.9 Bandwidth Monitor Click Bandwidth in the HOME screen to display the bandwidth monitor. This screen displays the device’s bandwidth usage and allotments. LAN-Cell 2 User’s Guide...

  • Page 50: Status Bar

    The Status Bar area displays system confirmation and error messages as you navigate through the Web Configurator. Whenever clicking “Apply” to save configuration parameters, be sure to wait for the Status Bar message “Configuration updated successfully” before moving to the next screen. LAN-Cell 2 User’s Guide...

  • Page 51: Resetting The Lan-Cell

    4 Continue to hold the RESET button. The SYS LED will begin to blink and flicker very quickly after about 20 seconds. This indicates that the defaults have been restored and the LAN-Cell is now restarting. Release the RESET button and wait for the LAN-Cell to finish restarting. LAN-Cell 2 User’s Guide...
  • Page 52 Chapter 2 Introducing the Web Configurator & Home Screen LAN-Cell 2 User’s Guide...

  • Page 53: Tutorials: 3G Modem Setup & Vpn Wizard

    1xRTT and EV-DO carrier networks worldwide. ExpressCard modems are supported using a PC-Card to ExpressCard adapter cradle. Refer to the firmware Release Notes or the Proxicast Support Web site for the list of 3G PC-Cards supported in your firmware version. Support for additional 3G cards is being added continuously and may require a firmware upgrade.

  • Page 54: Configuring 3G Wan Settings

    8 For WAN IP Address Assignment, select Get Automatically from ISP. This is the correct setting in most situations, even if your carrier has assigned a “static” IP address to your 3G card. 9 Click Apply. Figure 22 Tutorial: WIRELESS > Cellular (3G WAN) - CDMA Example LAN-Cell 2 User’s Guide...

  • Page 55: Checking Wan Connections

    2 In the network status table, make sure the status for Cellular is not Down and there is an IP address. If the Cellular connection is not up, make sure you have entered the correct information in the Cellular screen and the signal strength to the service provider’s base station is not too low. LAN-Cell 2 User’s Guide...
  • Page 56 Chapter 3 Tutorials: 3G Modem Setup & VPN Wizard Figure 24 Tutorial: Home LAN-Cell 2 User’s Guide...

  • Page 57: Vpn Wizard Overview

    If both WAN connections go down, the LAN-Cell uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using traffic redirect. See the chapter on WAN for details on dial backup and traffic redirect. LAN-Cell 2 User’s Guide...

  • Page 58: Vpn Wizard Network Setting

    Packets for the tunnel do not trigger the tunnel. Name Type up to 32 characters to identify this VPN network policy. You may use any character, including spaces, but the LAN-Cell drops trailing spaces. Network Policy Setting LAN-Cell 2 User’s Guide...

  • Page 59: Vpn Wizard Ike Tunnel Setting (Ike Phase)

    Click Back to return to the previous screen. Next Click Next to continue. 3.2.3 VPN Wizard IKE Tunnel Setting (IKE Phase 1) Use this screen to specify the authentication, encryption and other settings needed to negotiate a phase 1 IKE SA. LAN-Cell 2 User’s Guide...
  • Page 60 The minimum value is 180 seconds. A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys. However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. LAN-Cell 2 User’s Guide...

  • Page 61: Vpn Wizard Ipsec Setting (Ike Phase)

    (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP). IPSec Protocol Select the security protocols used for an SA. Both AH and ESP increase LAN-Cell processing requirements and communications latency (delay). LAN-Cell 2 User’s Guide...

  • Page 62: Vpn Wizard Status Summary

    Click Back to return to the previous screen. Next Click Next to continue. 3.2.5 VPN Wizard Status Summary This read-only screen shows the status of the current VPN setting. Use the summary table to check whether what you have configured is correct. LAN-Cell 2 User’s Guide...
  • Page 63 When the local network is configured for a range IP address, this is the end (static) IP address, in a range of computers on the LAN behind your LAN-Cell. When the local network is configured for a subnet, this is a subnet mask on the LAN behind your LAN-Cell. LAN-Cell 2 User’s Guide...

  • Page 64: Vpn Wizard Setup Complete

    3.2.6 VPN Wizard Setup Complete Congratulations! You have successfully set up the VPN rule for your LAN-Cell. If you already had VPN rules configured, the wizard adds the new VPN rule after the last existing VPN rule. LAN-Cell 2 User’s Guide...
  • Page 65 Chapter 3 Tutorials: 3G Modem Setup & VPN Wizard Figure 30 VPN Wizard Setup Complete LAN-Cell 2 User’s Guide...

  • Page 66: Security Settings For Vpn Traffic

    3.3.2 Configuring the VPN Rule This section shows how to configure a VPN rule on device A to let the network behind B access the FTP server. You would also have to configure a corresponding rule on device B. LAN-Cell 2 User’s Guide...
  • Page 67 1 Click Security > VPN CONFIG to open the following screen. Click the Add Gateway Policy icon. Figure 32 SECURITY > VPN CONFIG > VPN Rules (IKE) 2 Use this screen to set up the connection between the routers. Configure the fields that are circled as follows and click Apply. LAN-Cell 2 User’s Guide...
  • Page 68 Chapter 3 Tutorials: 3G Modem Setup & VPN Wizard Figure 33 SECURITY > VPN CONFIG > VPN Rules (IKE)> Add Gateway Policy 3 Click the Add Network Policy icon. LAN-Cell 2 User’s Guide...
  • Page 69 VPN network policy. • The firewall provides better security because it operates at layer 4 and checks traffic sessions. The VPN network policy only operates at layer 3 and just checks IP addresses and port numbers. LAN-Cell 2 User’s Guide...

  • Page 70: Configuring The Firewall Rules

    FTP server. You also only want FTP traffic to go to the FTP server, so you want to block all other traffic types (like chat, e-mail, web and so on). The following sections show how to configure firewall rules to enforce these restrictions. LAN-Cell 2 User’s Guide...
  • Page 71 3 Insert a new by clicking the plus sign (+) under the Modify column. Define the rule as shown in the following figure and click Apply. The source addresses are the VPN rule’s remote network and the destination address is the LAN FTP server. LAN-Cell 2 User’s Guide...
  • Page 72 Chapter 3 Tutorials: 3G Modem Setup & VPN Wizard Figure 37 SECURITY > FIREWALL > Rule Summary > Edit: Allow 4 The rule displays in the summary list of VPN to LAN firewall rules. LAN-Cell 2 User’s Guide...
  • Page 73 VPN tunnels to access the LAN. 1 Click SECURITY > FIREWALL > Default Rule. 2 Configure the screen as follows and click Apply. Figure 39 SECURITY > FIREWALL > Default Rule: Block From VPN To LAN LAN-Cell 2 User’s Guide...
  • Page 74 Chapter 3 Tutorials: 3G Modem Setup & VPN Wizard LAN-Cell 2 User’s Guide...

  • Page 75: Network & Wireless Menus

    Network & Wireless Menus LAN Screens (77) WAN & 3G Cellular Screens (89) DMZ Screens (127) Wireless LAN (WLAN) Screens (137) Wi-Fi Screens (163) The WIRELESS > CELLULAR menu option is a short-cut to the WAN > CELLULAR screen.

  • Page 77: Lan Screens

    • Use the IP Alias screen (Section 4.4 on page 84) to configure IP alias settings on the ZLAN-Cell’s LAN ports. • Use the Port Roles screen (Section 4.5 on page 86) to configure LAN ports on the LAN- Cell. LAN-Cell 2 User’s Guide...

  • Page 78: What You Need To Know About Lan

    ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses. LAN-Cell 2 User’s Guide...
  • Page 79 RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also. By default, RIP Direction is set to Both and RIP Version to RIP-1. LAN-Cell 2 User’s Guide...

  • Page 80: Lan Screen

    Click NETWORK > LAN to open the LAN screen. Use this screen to configure the LAN- Cell’s IP address and other LAN TCP/IP settings as well as the built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. LAN-Cell 2 User’s Guide...
  • Page 81 When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received. Both is the default. LAN-Cell 2 User’s Guide...
  • Page 82 LAN traffic, you also need to enable the default WAN to LAN firewall rule that forwards NetBIOS traffic. Clear this check box to block all NetBIOS packets going from the LAN to WAN and from WAN to the LAN. LAN-Cell 2 User’s Guide...

  • Page 83: Lan Static Dhcp Screen

    This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. To change your LAN-Cell’s static DHCP settings, click NETWORK > LAN > Static DHCP. The screen appears as shown. LAN-Cell 2 User’s Guide...

  • Page 84: Lan Ip Alias Screen

    Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. 4.4 LAN IP Alias Screen IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. LAN-Cell 2 User’s Guide...
  • Page 85 The following figure shows a LAN divided into subnets A, B, and C. Figure 43 Physical Network & Partitioned Logical Networks To change your LAN-Cell’s IP alias settings, click NETWORK > LAN > IP Alias. The screen appears as shown. Figure 44 NETWORK > LAN > IP Alias LAN-Cell 2 User’s Guide...

  • Page 86: Lan Port Roles Screen

    To change your LAN-Cell’s port role settings, click NETWORK > LAN > Port Roles. The screen appears as shown. The radio buttons correspond to Ethernet ports on the front panel of the LAN-Cell. On the LAN-Cell, ports 1 to 4 are all LAN ports by default. LAN-Cell 2 User’s Guide...
  • Page 87 After you change the LAN/DMZ/WLAN port roles and click Apply, please wait for few seconds until the following screen appears. Click Return to go back to the Port Roles screen. Figure 46 Port Roles Change Complete LAN-Cell 2 User’s Guide...
  • Page 88 Chapter 4 LAN Screens LAN-Cell 2 User’s Guide...

  • Page 89: Overview

    The LAN-Cell 2 has two primary WAN and two backup WAN interfaces: Figure 47 LAN-Cell 2 Primary & Backup WAN Interfaces LAN-Cell 2 User’s Guide...

  • Page 90: What You Can Do In The Wan Screens

    Internet access on the LAN-Cell. • Use the Traffic Redirect screen (Section 5.5 on page 120) to configure an alternative gateway. • Use the Dial Backup screen (Section 5.6 on page 122) to configure the backup WAN dialup connection. LAN-Cell 2 User’s Guide...

  • Page 91: What You Need To Know About Wan

    The LAN-Cell's NAT feature allows you to configure sets of rules for one WAN interface and separate sets of rules for the other WAN interface. Refer to Chapter 13 on page 289 for details. LAN-Cell 2 User’s Guide...
  • Page 92 If the Cellular route fails, the LAN-Cell tries the traffic-redirect route. In the same manner, the LAN-Cell uses the dial-backup route if the traffic-redirect route also fails. In the load balancing section, a session may refer to normal connection-oriented, UDP and SNMP2 traffic. LAN-Cell 2 User’s Guide...
  • Page 93 Ethernet WAN, Cellular WAN or Traffic Redirect ports. This feature is useful for detecting “dead-peer” situations or other conditions where the WAN interface is not forwarding traffic even though the physical status of the interface is “up”. WAN Connectivity Check is most useful for “Always-On” WAN connections. LAN-Cell 2 User’s Guide...

  • Page 94: Wan General Screen

    Chapter 5 WAN & 3G Cellular Screens 5.2 WAN General Screen Click NETWORK > WAN to open the General screen. Use this screen to configure load balancing, route priority and traffic redirect properties. Figure 48 NETWORK > WAN General LAN-Cell 2 User’s Guide...
  • Page 95 Check Period. Use a higher value in this field if your network is busy or congested. Check Fail Type how many WAN connection checks can fail (1-10) before the connection is Tolerance considered "down" (not connected). The LAN-Cell still checks a "down" connection to detect if it reconnects. LAN-Cell 2 User’s Guide...
  • Page 96 WLAN port to Cellular. Allow Trigger Dial Select this option to allow NetBIOS packets to initiate calls. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 97: Configuring Load Balancing

    If the measured inbound stream throughput for both WAN and Cellular is 1600K, the LAN-Cell calculates the average load balancing indices as shown in the table below. LAN-Cell 2 User’s Guide...
  • Page 98 Specify the direction of the traffic utilization you want the LAN-Cell to use in Index(es) calculating the load balancing index. Select Outbound Only, Inbound Only or Outbound + Inbound. Interface This field displays the name of the WAN interface (WAN and Cellular). LAN-Cell 2 User’s Guide...
  • Page 99 WAN for every one session's traffic assigned to Cellular. Figure 51 Weighted Round Robin Algorithm Example To load balance using the weighted round robin method, select Weighted Round Robin in the Load Balancing Algorithm field. LAN-Cell 2 User’s Guide...
  • Page 100 In the following example figure, the upper threshold of the primary WAN interface is set to 800K. The LAN-Cell sends network traffic of a new session that exceeds this limit to the secondary WAN interface. Figure 53 Spillover Algorithm Example LAN-Cell 2 User’s Guide...

  • Page 101: Wan Connectivity Check

    LAN-Cell’s WAN interface. This can also be used to “keep-alive” some WAN connections or applications if required. Table 19 on page 95 for details on configuring the WAN Connectivity Check feature. LAN-Cell 2 User’s Guide...
  • Page 102 WAN ISP account (including 3G). If your ISP limits the amount of traffic allowed, consider the impact of using WAN Connectivity Check on your traffic allowance or use Cell-Sentry (Section 5.4.2 on page 118) to monitor usage. LAN-Cell 2 User’s Guide...

  • Page 103: Wan Screen

    Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.proxicast.com is 63.135.115.22. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.

  • Page 104: Wan Ethernet Encapsulation

    For ISPs (such as Telstra) that send UDP heartbeat packets to verify that the customer is still online, please create a WAN-to-WAN/LAN-Cell firewall rule for those packets. Contact your ISP to find the correct port number. The screen shown next is for Ethernet encapsulation. LAN-Cell 2 User’s Guide...
  • Page 105 Type the authentication server IP address here if your ISP gave you one. Address This field is not available for Telia Login. Login Server Type the domain name of the Telia login server, for example login1.telia.com. (Telia Login only) LAN-Cell 2 User’s Guide...
  • Page 106 Enable Multicast Select this check box to turn on IGMP (Internet Group Multicast Protocol). IGMP is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. LAN-Cell 2 User’s Guide...

  • Page 107: Pppoe Encapsulation

    LAN do not need PPPoE software installed, since the LAN-Cell does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access. The screen shown next is for PPPoE encapsulation. LAN-Cell 2 User’s Guide...
  • Page 108 Use the drop-down list box to select an authentication protocol for outgoing calls. Options are: CHAP/PAP - Your LAN-Cell accepts either CHAP or PAP when requested by this remote node. CHAP - Your LAN-Cell accepts CHAP only. PAP - Your LAN-Cell accepts PAP only. LAN-Cell 2 User’s Guide...
  • Page 109 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. LAN-Cell 2 User’s Guide...

  • Page 110: Pptp Encapsulation

    Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. The screen shown next is for PPTP encapsulation. LAN-Cell 2 User’s Guide...
  • Page 111 Type the user name given to you by your ISP. Password Type the password associated with the user name above. Retype to Confirm Type your password again to make sure that you have entered it correctly. LAN-Cell 2 User’s Guide...
  • Page 112 When set to Both or In Only, the LAN-Cell will incorporate RIP information that it receives. When set to None, the LAN-Cell will not send any RIP packets and will ignore any RIP packets received. By default, RIP Direction is set to Both. LAN-Cell 2 User’s Guide...
  • Page 113 – IP you clone the MAC address prior to hooking up the WAN port. Address Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 114: Cellular (3G Wan) Screen

    The WAN and Cellular IP addresses of the LAN-Cell must be on different subnets. The WIRELESS > CELLULAR menu in the Navigation Panel is a short-cut directly to the Cellular WAN parameter screen (Figure 58 on page 115). LAN-Cell 2 User’s Guide...

  • Page 115: Configuring 3G Network Access Parameters

    Chapter 5 WAN & 3G Cellular Screens 5.4.1 Configuring 3G Network Access Parameters Figure 58 NETWORK > WAN > Cellular (3G WAN) (CDMA) Figure 59 NETWORK > WAN > Cellular (3G WAN) (GSM) LAN-Cell 2 User’s Guide...
  • Page 116 Type the user name (of up to 31 ASCII printable characters) given to you by your service provider. Password Type the password (of up to 31 ASCII printable characters) associated with the user name above. Retype to Type your password again to make sure that you have entered is correctly. Confirm LAN-Cell 2 User’s Guide...
  • Page 117 IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 118: Configuring Cell-Sentry Budget Control

    Select Upload to set a limit on the upstream traffic (from the LAN-Cell to the ISP). Select Download/Upload to set a limit on the total traffic in both directions. If you change the value after you configure and enable budget control, the LAN- Cell resets the statistics. LAN-Cell 2 User’s Guide...
  • Page 119 Click Reset to begin configuring this screen afresh. To have the LAN-Cell send you an E-Mail when Cell-Sentry detects a specified threshold, be sure to configure the LAN-Cell’s Log/Alert E-Mail feature (Section 21.3 on page 377). LAN-Cell 2 User’s Guide...

  • Page 120: Traffic Redirect Screen

    LAN (Subnet 1) to the backup gateway (Subnet 2). Figure 62 Traffic Redirect LAN Setup 5.5.1 Configuring Traffic Redirect To change your LAN-Cell’s traffic redirect settings, click NETWORK > WAN > Traffic Redirect. The screen appears as shown. LAN-Cell 2 User’s Guide...
  • Page 121 Gateway IP automatically forwards traffic to this IP address if the LAN-Cell's Internet connection Address terminates. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 122: Dial Backup Screen

    The following table describes the labels in this screen. Table 33 NETWORK > WAN > Dial Backup LABEL DESCRIPTION Dial Backup Setup Enable Dial Backup Select this check box to turn on dial backup. Basic Settings LAN-Cell 2 User’s Guide...
  • Page 123 Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also. LAN-Cell 2 User’s Guide...

  • Page 124: Advanced Modem Setup

    ATDP. For ISDN lines, there are many more protocols and operational modes. Please consult the documentation of your TA. You may need additional commands in both Dial and Init strings. LAN-Cell 2 User’s Guide...

  • Page 125: Configuring Advanced Modem Setup

    Click the Edit button in the Dial Backup screen to display the Advanced Setup screen. Consult the manual of your WAN device connected to your dial backup port for specific AT commands. Figure 65 NETWORK > WAN > Dial Backup > Edit LAN-Cell 2 User’s Guide...
  • Page 126 Type a number of seconds for the LAN-Cell to wait between dropping a callback (sec) request call and dialing the corresponding callback call. Apply Click Apply to save your changes back to the LAN-Cell. Cancel Click Cancel to exit this screen without saving. LAN-Cell 2 User’s Guide...

  • Page 127: Dmz Screens

    NAT. If you do not configure SUA NAT or any full feature NAT mapping rules for the public IP addresses on the DMZ, the LAN-Cell will route traffic to the public IP addresses on the DMZ LAN-Cell 2 User’s Guide...

  • Page 128: Dmz Public Ip Address Example

    IP addresses that are in one subnet. The DMZ port and connected servers (D through F) use public IP addresses that are in another subnet. The public IP addresses of the DMZ and WAN ports are in separate subnets. Figure 66 DMZ Public Address Example LAN-Cell 2 User’s Guide...

  • Page 129: Dmz Private And Public Ip Address Example

    DMZ uses public IP addresses, the WAN and DMZ ports must use public IP addresses that are on separate subnets. See Appendix C on page 605 for information on IP subnetting. From the main menu, click NETWORK > DMZ to open the DMZ screen. The screen appears as shown next. LAN-Cell 2 User’s Guide...
  • Page 130 When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received. Both is the default. LAN-Cell 2 User’s Guide...
  • Page 131 Select this check box to forward NetBIOS packets from the DMZ to WANand DMZ and WAN from WAN to the DMZ. Clear this check box to block all NetBIOS packets going from the DMZ to WAN and from WAN to the DMZ. LAN-Cell 2 User’s Guide...

  • Page 132: Dmz Static Dhcp Screen

    This table allows you to assign IP addresses on the DMZ to specific individual computers based on their MAC Addresses. To change your LAN-Cell’s static DHCP settings on the DMZ, click NETWORK > DMZ > Static DHCP. The screen appears as shown. LAN-Cell 2 User’s Guide...

  • Page 133: Dmz Ip Alias Screen

    The LAN-Cell has a single DMZ interface. Even though more than one of ports 1~4 may be in the DMZ port role, they are all still part of a single physical Ethernet interface and all use the same IP address. LAN-Cell 2 User’s Guide...
  • Page 134 DMZ are on separate subnets. IP Subnet Mask Your LAN-Cell will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the LAN-Cell. LAN-Cell 2 User’s Guide...

  • Page 135: Dmz Port Roles

    The radio buttons correspond to Ethernet ports on the front panel of the LAN-Cell. On the LAN-Cell, ports 1 to 4 are all LAN ports by default. Your changes are also reflected in the LAN and/or WLAN Port Roles screens. LAN-Cell 2 User’s Guide...
  • Page 136 Select a port’s WLAN radio button to use the port as part of the WLAN. The port will use the LAN-Cell’s WLAN IP address and MAC address. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 137: Wireless Lan (Wlan) Screens

    802.11 a/b/g Wi-Fi Access Point or connect an external Access Point to a LAN-Cell Ethernet port and define that port as a WLAN role. The following figure provides an example of a wireless network. Figure 72 Example of a Wireless Network LAN-Cell 2 User’s Guide...

  • Page 138: What You Can Do In The Wlan Screens

    Section 4.4 on page 84 for more information on IP alias. Port Roles Use port roles to set ports as part of the LAN, DMZ and/or WLAN interface. See Section 4.5 on page 86 for more information on port roles. LAN-Cell 2 User’s Guide...

  • Page 139: Wlan Screen

    Type the IP address of your LAN-Cell’s WLAN interface in dotted decimal notation. Alternatively, click the right mouse button to copy and/or paste the IP address. Note: Make sure the IP addresses of the LAN, WAN, WLAN and DMZ are on separate subnets. LAN-Cell 2 User’s Guide...
  • Page 140 PPPoE or PPTP, NetBIOS packets cause unwanted calls. TCP/IP) However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN. LAN-Cell 2 User’s Guide...

  • Page 141: Wlan Static Dhcp Screen

    Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:1B:39:00:00:02. To change your LAN-Cell’s WLAN static DHCP settings, click NETWORK >WLAN > Static DHCP. The screen appears as shown. LAN-Cell 2 User’s Guide...

  • Page 142: Wlan Ip Alias Screen

    Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. 7.4 WLAN IP Alias Screen IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. LAN-Cell 2 User’s Guide...
  • Page 143 Alternatively, click the right mouse button to copy and/or paste the IP address. IP Subnet Mask Your LAN-Cell will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the LAN-Cell. LAN-Cell 2 User’s Guide...

  • Page 144: Wlan Port Roles Screen

    WLAN. The WLAN includes the LAN-Cell’s own WLAN and the Ethernet ports in the WLAN port role. The following figure shows the LAN-Cell with the interanl Wi-Fi AP enabled and an external AP connected to an Ethernet port in the WLAN port role. LAN-Cell 2 User’s Guide...
  • Page 145 The radio buttons correspond to Ethernet ports on the front panel of the LAN-Cell. On the LAN-Cell, ports 1 to 4 are all LAN ports by default. Your changes are also reflected in the LAN and/or DMZ Port Roles screen. Figure 77 NETWORK > WLAN > Port Roles LAN-Cell 2 User’s Guide...
  • Page 146 After you change the LAN/DMZ/WLAN port roles and click Apply, please wait for few seconds until the following screen appears. Click Return to go back to the Port Roles screen. Figure 78 NETWORK > WLAN > Port Roles: Change Complete LAN-Cell 2 User’s Guide...

  • Page 147: Wireless Security Overview

    Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. LAN-Cell 2 User’s Guide...

  • Page 148: Encryption

    It is not possible to use WPA-PSK, WPA or stronger encryption with a local user database. In this case, it is better to set up stronger encryption with no authentication than to set up weaker encryption with the local user database. LAN-Cell 2 User’s Guide...

  • Page 149: Additional Installation Requirements For Using 802.1X

    • A computer equipped with a web browser (with JavaScript enabled) and/or Telnet. • A wireless station must be running IEEE 802.1x-compliant software. Currently, this is offered in Windows XP. • An optional network RADIUS server for remote user authentication and accounting. LAN-Cell 2 User’s Guide...

  • Page 150: Internal Wi-Fi Access Point Setup

    Apply to confirm. You must then change the wireless settings of your computer to match the LAN-Cell’s new settings. Click WIRELESS > Wi-Fi to open the Wi-Fi Configuraton screen. Figure 79 WIRELESS > Wi-Fi LAN-Cell 2 User’s Guide...
  • Page 151 Select this checkbox to enable roaming on the LAN-Cell if you have two or more LAN-Cells on the same subnet. Note: All APs on the same subnet and the wireless clients must have the same SSID to allow roaming. LAN-Cell 2 User’s Guide...

  • Page 152: Ssid Profile

    • Wi-Fi CONFIGURATION > MAC Filter (the MAC filter list, if activated in the SSID profile). Configure the fields in the above screens to use the settings in an SSID profile. In the Wi-Fi CONFIGURATION screen, click the Edit icon next to an SSID profile to display the following screen. LAN-Cell 2 User’s Guide...

  • Page 153: Configuring Wireless Security

    A security profile is a group of configuration settings which can be assigned to an SSID profile in the Wi-Fi Configuration screen. The screen changes when you configure a security profile and varies according to the security modes you select. LAN-Cell 2 User’s Guide...
  • Page 154 Security Mode This field displays the security mode this security profile uses. Action Click the Edit icon to configure security settings for that profile. Click the Reset Default icon to clear all user-entered configuration information and return the security profile to its factory defaults. LAN-Cell 2 User’s Guide...

  • Page 155: No Security

    Your LAN-Cell allows you to configure up to four 64-bit, 128-bit or 152-bit WEP keys, but only one key can be used at any one time. In order to configure and enable WEP encryption, click WIRELESS > Wi-Fi > Security > Edit. LAN-Cell 2 User’s Guide...

  • Page 156: Ieee 802.1X Only

    Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. 7.8.3 IEEE 802.1x Only Click the WIRELESS > Wi-Fi > Security > Edit. Select 8021X-Only from the Security Mode list. LAN-Cell 2 User’s Guide...

  • Page 157: Ieee 802.1X + Static Wep

    Click Cancel to exit this screen without saving. 7.8.4 IEEE 802.1x + Static WEP Click the WIRELESS > Wi-Fi > Security > Edit. Select 8021X-Static 64 or 8021X- Static128 in the Security Mode field to display the following screen. LAN-Cell 2 User’s Guide...
  • Page 158 Click RADIUS to go to the RADIUS screen where you can configure the LAN-Cell to check an external RADIUS server. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. LAN-Cell 2 User’s Guide...

  • Page 159: Wpa, Wpa2, Wpa2-Mix

    AP and the client can store (or “cache”) and use information about their previous authentication. Select Enable to allow PMK (Pairwise Master Key) caching, or Disable to switch this feature off. LAN-Cell 2 User’s Guide...

  • Page 160: Wpa-Psk, Wpa2-Psk, Wpa2-Psk-Mix

    If the wireless network is not keeping track of this information, you can usually set this value higher to reduce the number of delays caused by logging in again. Enter a time interval between 600 and 65535 seconds. LAN-Cell 2 User’s Guide...

  • Page 161: Mac Filter

    Filter. The screen appears as shown. To activate MAC filtering on a profile, select Enable from the Enable MAC Filtering drop-down list box in the Wi-Fi > Edit screen and click Apply. Figure 88 WIRELESS > Wi-Fi > MAC Filter LAN-Cell 2 User’s Guide...

  • Page 162: Country Codes

    6 Type sys countrycode [ENTER] to confirm the new country code value. 7 Return to the Wi-Fi Configuration screen and select the appropriate 802.11 channel. If you reset the LAN-Cell to its Factory Default settings, you must reset the Country Code using the procedure above. LAN-Cell 2 User’s Guide...

  • Page 163: Wi-Fi Screens

    Every wireless client has a unique identification number, called a MAC address. A MAC address is usually written using twelve hexadecimal characters ; for example, 001B39000002 or 00:1B:39:00:00:02. To get the MAC address for each wireless client, see the appropriate User’s Guide or other documentation. LAN-Cell 2 User’s Guide...

  • Page 164: User Authentication

    Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. LAN-Cell 2 User’s Guide...
  • Page 165 It is not possible to use WPA-PSK, WPA or stronger encryption with a local user database. In this case, it is better to set up stronger encryption with no authentication than to set up weaker encryption with the local user database. LAN-Cell 2 User’s Guide...

  • Page 166: Wi-Fi Configuration Screen

    Apply to confirm. You must then change the wireless settings of your computer to match the LAN-Cell’s new settings. Click WIRELESS > Wi-Fi to open the Wi-Fi Configuraton screen. Figure 89 WIRELESS > Wi-Fi LAN-Cell 2 User’s Guide...
  • Page 167 Select this checkbox to enable roaming on the LAN-Cell if you have two or more LAN-Cells on the same subnet. Note: All APs on the same subnet and the wireless clients must have the same SSID to allow roaming. LAN-Cell 2 User’s Guide...

  • Page 168: Ssid Profile

    • Wi-Fi CONFIGURATION > MAC Filter (the MAC filter list, if activated in the SSID profile). Configure the fields in the above screens to use the settings in an SSID profile. In the Wi-Fi CONFIGURATION screen, click the Edit icon next to an SSID profile to display the following screen. LAN-Cell 2 User’s Guide...

  • Page 169: Wireless Security Screen

    A security profile is a group of configuration settings which can be assigned to an SSID profile in the Wi-Fi Configuration screen. The screen changes when you configure a security profile and varies according to the security modes you select. LAN-Cell 2 User’s Guide...
  • Page 170 Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every wireless client in the wireless network must have the same key. Figure 91 WIRELESS > Wi-Fi > Security LAN-Cell 2 User’s Guide...

  • Page 171: No Security

    WEP key to encrypt and decrypt data. Your LAN-Cell allows you to configure up to four 64-bit, 128-bit or 152-bit WEP keys, but only one key can be used at any one time. LAN-Cell 2 User’s Guide...
  • Page 172 You can configure up to four keys, but only one key can be activated at any one time. The default key is key 1. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. LAN-Cell 2 User’s Guide...

  • Page 173: Ieee 802.1X Only

    Click Cancel to exit this screen without saving. 8.3.4 IEEE 802.1x + Static WEP Click the WIRELESS > Wi-Fi > Security > Edit. Select 8021X-Static 64 or 8021X- Static128 in the Security Mode field to display the following screen. LAN-Cell 2 User’s Guide...
  • Page 174 Click RADIUS to go to the RADIUS screen where you can configure the LAN-Cell to check an external RADIUS server. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. LAN-Cell 2 User’s Guide...

  • Page 175: Wpa, Wpa2, Wpa2-Mix

    AP and the client can store (or “cache”) and use information about their previous authentication. Select Enable to allow PMK (Pairwise Master Key) caching, or Disable to switch this feature off. LAN-Cell 2 User’s Guide...

  • Page 176: Wpa-Psk, Wpa2-Psk, Wpa2-Psk-Mix

    If the wireless network is not keeping track of this information, you can usually set this value higher to reduce the number of delays caused by logging in again. Enter a time interval between 600 and 65535 seconds. LAN-Cell 2 User’s Guide...

  • Page 177: Mac Filter Screen

    Filter. The screen appears as shown. To activate MAC filtering on a profile, select Enable from the Enable MAC Filtering drop-down list box in the Wi-Fi > Edit screen and click Apply. Figure 98 WIRELESS > Wi-Fi > MAC Filter LAN-Cell 2 User’s Guide...

  • Page 178: Country Codes

    6 Type sys countrycode [ENTER] to confirm the new country code value. 7 Return to the Wi-Fi Configuration screen and select the appropriate 802.11 channel. If you reset the LAN-Cell to its Factory Default settings, you must reset the Country Code using the procedure above. LAN-Cell 2 User’s Guide...

  • Page 179: Security Menu

    Security Menu Firewall Screens (181) VPN Wizard Overview (57) IPSec VPN Config Screens (209) Certificates Screens (255) Authentication Server Screens (283)

  • Page 181: Firewall Screens

    LAN-Cell checks the source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them). When the traffic matches a rule, the LAN-Cell takes the action specified in the rule. LAN-Cell 2 User’s Guide...

  • Page 182: What You Can Do In The Firewall Screens

    IRC traffic from any source IP address from going to any destination address. You do not need to specify a schedule since you need the firewall rule to always be in effect. The following figure shows the results of this rule. LAN-Cell 2 User’s Guide...
  • Page 183 CEO’s computer (192.168.1.7 for example) to go to any destination address. You do not need to specify a schedule since you want the firewall rule to always be in effect. The following figure shows the results of your two custom rules. LAN-Cell 2 User’s Guide...

  • Page 184: Firewall Default Rule

    LAN-Cell would drop it and not check any other firewall rules. 9.3 Firewall Default Rule Click SECURITY > FIREWALL to open the Default Rule screen. Use this screen to configure general firewall settings for the LAN-Cell. LAN-Cell 2 User’s Guide...
  • Page 185 LAN without passing through the LAN-Cell. A better solution is to use IP alias to put the LAN-Cell and the backup gateway on separate subnets. See Asymmetrical Routes and IP Alias on page 206 for an example. LAN-Cell 2 User’s Guide...

  • Page 186: Firewall Rule Summary Screen

    Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. 9.4 Firewall Rule Summary Screen Click SECURITY > FIREWALL > Rule Summary to open the screen. This screen displays a list of the configured firewall rules. LAN-Cell 2 User’s Guide...
  • Page 187 The following read-only fields summarize the rules you have created that apply to traffic traveling in the selected packet direction. The firewall rules that you configure (summarized below) take priority over the general firewall action settings above. LAN-Cell 2 User’s Guide...

  • Page 188: Firewall Edit Rule

    In the Rule Summary screen, click the edit icon or the insert icon to display the Firewall Edit Rule screen. Use this screen to create or edit a firewall rule. Refer to the following table for information on the labels. LAN-Cell 2 User’s Guide...
  • Page 189 Chapter 9 Firewall Screens Figure 104 SECURITY > FIREWALL > Rule Summary > Edit LAN-Cell 2 User’s Guide...
  • Page 190 (No). Go to the Log Settings page and select the Access Control logs category Matched to have the LAN-Cell record these logs. Send Alert Select the check box to have the LAN-Cell generate an alert when the rule is Message to matched. Administrator When Matched LAN-Cell 2 User’s Guide...

  • Page 191: Anti-Probing Screen

    LAN-Cell hidden from probing attempts. You can specify which of the LAN-Cell’s interfaces will respond to Ping requests and whether or not the LAN-Cell is to respond to probing for unused ports. Figure 105 SECURITY > FIREWALL > Anti-Probing LAN-Cell 2 User’s Guide...

  • Page 192: Threshold Screen

    DoS thresholds. Click SECURITY > FIREWALL > Threshold to bring up the next screen. The global values specified for the threshold and timeout apply to all TCP connections. Figure 106 SECURITY > FIREWALL > Threshold LAN-Cell 2 User’s Guide...
  • Page 193 Deny new connection requests for the number of minutes that you specify (between 1 and 256). Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 194: Service Screen

    Click SECURITY > FIREWALL > Service to open the screen as shown next. Use this screen to configure custom services for use in firewall rules or view the services that are predefined in the LAN-Cell. Figure 107 SECURITY > FIREWALL > Service LAN-Cell 2 User’s Guide...

  • Page 195: Firewall Edit Custom Service

    LAN-Cell. See Appendix D on page 613 for a list of commonly used services and port numbers. Figure 108 Firewall Edit Custom Service LAN-Cell 2 User’s Guide...

  • Page 196: My Service Firewall Rule Example

    The following Internet firewall rule example allows a hypothetical My Service connection from the Internet. 1 In the Service screen, click Add to open the Edit Custom Service screen. Figure 109 My Service Firewall Rule Example: Service 2 Configure it as follows and click Apply. LAN-Cell 2 User’s Guide...
  • Page 197 5 The Edit Rule screen displays. Enter the name of the firewall rule. 6 Select Any in the Destination Address(es) box and then click Delete. 7 Configure the destination address fields as follows and click Add. LAN-Cell 2 User’s Guide...
  • Page 198 8 In the Edit Rule screen, use the arrows between Available Services and Selected Service(s) to configure it as follows. Click Apply when you are done. Custom services show up with an * before their names in the Services list box and the Rule Summary list box. LAN-Cell 2 User’s Guide...
  • Page 199 Chapter 9 Firewall Screens Figure 113 My Service Firewall Rule Example: Rule Configuration Rule 1 allows a My Service connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. LAN-Cell 2 User’s Guide...

  • Page 200: Firewall Technical Reference

    • LAN to WAN These rules specify which computers on the LAN can access which computers or services connected to WAN or CELL interfaces. See • LAN to CELL Section 9.2 on page 182 for an example. LAN-Cell 2 User’s Guide...
  • Page 201 To VPN means traffic that comes in through the selected “from” interface and goes out through any of the LAN-Cell’s VPN tunnels. For example, From LAN To VPN specifies the traffic that is coming from the LAN and going out through any of the LAN-Cell’s VPN tunnels. LAN-Cell 2 User’s Guide...
  • Page 202 DMZ computers from going out through any of the LAN-Cell’s VPN tunnels. Figure 115 From LAN to VPN Example In order to do this, you would configure the SECURITY > FIREWALL > Default Rule screen as follows. Figure 116 Block DMZ to VPN Traffic by Default Example LAN-Cell 2 User’s Guide...
  • Page 203 VPN To LAN default firewall rule to silently block traffic from the VPN tunnels from going to the LAN computers. Figure 117 From VPN to LAN Example In order to do this, you would configure the SECURITY > FIREWALL > Default Rule screen as follows. LAN-Cell 2 User’s Guide...
  • Page 204 In the following example, the From VPN To VPN default firewall rule silently blocks the traffic that the LAN-Cell receives from any VPN tunnel (either A or B) that is destined for the other VPN tunnel or the LAN-Cell itself. VPN traffic destined for the DMZ is allowed through. LAN-Cell 2 User’s Guide...
  • Page 205 Chapter 9 Firewall Screens Figure 119 From VPN to VPN Example You would configure the SECURITY > FIREWALL > Default Rule screen as follows. Figure 120 Block VPN to VPN Traffic by Default Example LAN-Cell 2 User’s Guide...
  • Page 206 SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. LAN-Cell 2 User’s Guide...
  • Page 207 IRC is blocked, are there users that require this service? 2 Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will a rule that blocks just certain users be more effective? LAN-Cell 2 User’s Guide...
  • Page 208 For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 4 Does this rule conflict with any existing rules? LAN-Cell 2 User’s Guide...

  • Page 209: Ipsec Vpn Config Screens

    LAN-Cell’s list of VPN rules (tunnels) that use manual keys. You may want to configure a VPN rule that uses manual key management if you are having problems with IKE key management. • Use the SA Monitor screen (see Section 10.5 on page 231) to display and manage active VPN connections. LAN-Cell 2 User’s Guide...

  • Page 210: What You Need To Know About Ipsec Vpn

    • A gateway policy contains the IKE SA settings. It identifies the IPSec routers at either end of a VPN tunnel. • A network policy contains the IPSec SA settings. It specifies which devices (behind the IPSec routers) can use the VPN tunnel. LAN-Cell 2 User’s Guide...
  • Page 211 Sometimes, you might not know the IP address of the remote IPSec router (for example, telecommuters). In this case, you can still set up the IKE SA, but only the remote IPSec router can initiate an IKE SA. LAN-Cell 2 User’s Guide...

  • Page 212: Vpn Rules (Ike) Screen

    2 IPSec SA. Local This is the network behind the LAN-Cell. A network policy specifies which Network devices (behind the IPSec routers) can use the VPN tunnel. LAN-Cell 2 User’s Guide...

  • Page 213: Vpn Rules (Ike) Gateway Policy Edit Screen

    Use this screen to configure a VPN gateway policy. The gateway policy identifies the IPSec routers at either end of a VPN tunnel (My LAN-Cell and Remote Gateway) and specifies the authentication, encryption and other settings needed to negotiate a phase 1 IKE SA. LAN-Cell 2 User’s Guide...
  • Page 214 Table 77 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy LABEL DESCRIPTION Property Name Type up to 32 characters to identify this VPN gateway policy. You may use any character, including spaces, but the LAN-Cell drops trailing spaces. LAN-Cell 2 User’s Guide...
  • Page 215 SA life time. If the fall back check interval is longer than a network policy’s SA life time, the SA lifetime is used as the check interval and network policy SA life time. LAN-Cell 2 User’s Guide...
  • Page 216 VPN connection. Select Subject Name to identify the remote IPSec router by the subject name of the certificate it uses for this VPN connection. Select Any to have the LAN-Cell not check the remote IPSec router's ID. LAN-Cell 2 User’s Guide...
  • Page 217 Enter a user name for your LAN-Cell to be authenticated by the VPN peer (in server mode). The user name can be up to 31 case-sensitive ASCII characters, but spaces are not allowed. You must enter a user name and password when you select client mode. LAN-Cell 2 User’s Guide...
  • Page 218 This field displays one or a range of IP address(es) of the remote network behind the remote IPsec router. Apply Click Apply to save your changes back to the LAN-Cell. Cancel Click Cancel to exit this screen without saving. LAN-Cell 2 User’s Guide...

  • Page 219: Vpn Rules (Ike): Network Policy Edit

    A network policy identifies the devices behind the IPSec routers at either end of a VPN tunnel and specifies the authentication, encryption and other settings needed to negotiate a phase 2 IPSec SA. Figure 129 SECURITY > VPN > VPN Rules (IKE) > Edit Network Policy LAN-Cell 2 User’s Guide...
  • Page 220 If you are configuring a Many-to-One rule, click this button to go to a screen Rules where you can configure port forwarding for your VPN tunnels. The VPN network policy port forwarding rules let the LAN-Cell forward traffic coming in through the VPN tunnel to the appropriate IP address. LAN-Cell 2 User’s Guide...
  • Page 221 When the Address Type field is configured to Range Address, enter the end (static) IP address, in a range of computers on the LAN behind your LAN-Cell. When the Address Type field is configured to Subnet Address, this is a subnet mask on the LAN behind your LAN-Cell. LAN-Cell 2 User’s Guide...
  • Page 222 The minimum value is 180 seconds. A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys. However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. LAN-Cell 2 User’s Guide...

  • Page 223: Network Policy Edit: Port Forwarding Screen

    Use this screen to configure port forwarding for your VPN tunnels to let the LAN-Cell forward traffic coming in through the VPN tunnel to the appropriate IP address on the LAN. LAN-Cell 2 User’s Guide...
  • Page 224 Start Port field above. Server IP Address Type your server IP address in this field. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 225: Vpn Rules (Ike): Network Policy Move Screen

    When there is a network policy in Recycle Bin, the Recycle Bin gateway policy automatically displays in the VPN Rules (IKE) screen. Apply Click Apply to save the changes. Cancel Click Cancel to discard all changes and return to the main VPN screen. LAN-Cell 2 User’s Guide...

  • Page 226: Dialing The Vpn Tunnel Via Web Configurator

    Section 10.5 on page 231 for more information. Figure 132 VPN Rule Configured The following screen displays. Figure 133 VPN Dial This screen displays later if the IPSec routers can build the VPN tunnel. Figure 134 VPN Tunnel Established LAN-Cell 2 User’s Guide...

  • Page 227: Vpn Rules (Manual)

    Edit screen is configured to Range Address. A (static) IP address and a subnet mask are displayed when the Local Network Address Type field in the VPN - Manual Key - Edit screen is configured to Subnet Address. LAN-Cell 2 User’s Guide...

  • Page 228: Vpn Rules (Manual): Edit Screen

    Use this screen to configure VPN rules that use manual keys. Manual key management is useful if you have problems with IKE key management. Section on page 253 for more information about IPSec SAs using manual keys. LAN-Cell 2 User’s Guide...
  • Page 229 Two active SAs can have the same local or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is active at any time. LAN-Cell 2 User’s Guide...
  • Page 230 Type a unique SPI (Security Parameter Index) from one to four characters long. Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9". Encapsulation Select Tunnel mode or Transport mode from the drop-down list box. Mode LAN-Cell 2 User’s Guide...

  • Page 231: Vpn Sa Monitor Screen

    In the web configurator, click SECURITY > VPN > SA Monitor. Use this screen to display and manage active VPN connections. A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections. LAN-Cell 2 User’s Guide...

  • Page 232: Vpn Global Setting Screen

    (for example 192.168.1.8) and the receiver (for example 192.168.1.9) are in network A. Note that the remote access can still use the VPN tunnel to access computers on LAN-Cell X’s network. LAN-Cell 2 User’s Guide...
  • Page 233 VPN rule, you configure the VPN network as follows. • Local IP address start: 192.168.1.1, end: 192.168.1.254 • Remote IP address start: 10.1.2.240, end: 10.1.2.254 • IP addresses 10.1.2.240 to 10.1.2.254 overlap. Figure 139 Overlap in IP Alias and VPN Remote Networks LAN-Cell 2 User’s Guide...

  • Page 234: Configuring The Global Setting Screen

    LAN-Cell automatically disconnects the VPN tunnel. Enter the time period (between 30 and 3600 seconds) to wait before the LAN-Cell checks all of the VPN connections to remote IPSec routers. Enter 0 to disable this feature. LAN-Cell 2 User’s Guide...

  • Page 235: Mobile User Vpn/Ipsec Examples

    The following examples show how multiple mobile users can make VPN connections to a single LAN-Cell. The mobile users use IPSec routers (or IPSec client software) with dynamic WAN IP addresses. The LAN-Cell has a static public IP address. LAN-Cell 2 User’s Guide...

  • Page 236: Mobile Users Sharing One Vpn Rule Example

    Chapter 10 IPSec VPN Config Screens Remote users (or routers) must use IPSec-compliant software or hardware to establish a VPN connection with the LAN-Cell. Refer to Proxicast’s Knowledgebase and TechNotes for examples of configuring specific VPN client software packages and devices.
  • Page 237 Headquarters LAN-Cell Rule 1: Local ID Type: IP Peer ID Type: IP Local ID Content: 192.168.2.12 Peer ID Content: 192.168.2.12 Local IP Address: 192.168.2.12 Remote Gateway Address: UserA.dydns.org Remote Address 192.168.2.12 User B (UserB.dydns.org) Headquarters LAN-Cell Rule 2: LAN-Cell 2 User’s Guide...

  • Page 238: Vpn And Remote Management

    VPN tunnel to access the LAN-Cell’s LAN interface. Remote management must also be configured to allow HTTP access on the LAN-Cell’s LAN interface. Figure 143 VPN for Remote Management Example 10.9 Hub-and-spoke VPN Hub-and-spoke VPN connects VPN tunnels to form one secure network. LAN-Cell 2 User’s Guide...

  • Page 239: Hub-And-Spoke Vpn Example

    The following figure shows a basic hub-and-spoke VPN. Branch office A uses one VPN rule to access both the headquarters (HQ) network and branch office B’s network. Branch office B uses one VPN rule to access both the headquarters and branch office A’s networks. LAN-Cell 2 User’s Guide...

  • Page 240: Hub-And-Spoke Example Vpn Rule Addresses

    • Remote Gateway: 10.0.0.1 • Local IP address: 192.168.169.0/255.255.255.0 • Remote IP address: 192.168.167.0~192.168.168.255 10.9.3 Hub-and-spoke VPN Requirements and Suggestions Consider the following when implementing a hub-and-spoke VPN. The local IP addresses configured in the VPN rules cannot overlap LAN-Cell 2 User’s Guide...

  • Page 241: Vpn Troubleshooting

    View the log via the web configurator LOGS View Log screen or type from sys log disp SMT Menu 24.8. See Section on page 381 for information on the log messages. LAN-Cell 2 User’s Guide...

  • Page 242: Ipsec Debug

    Send:[ID][HASH][NOTFY:INIT_CONTACT]9C3F7DCA 10.10.1 IPSec Debug If you are having difficulty building an IPSec tunnel to a non-Proxicast IPSec router, advanced users may wish to examine the IPSec debug feature (in the commands). If any of your VPN rules have an active network policy set to nailed-up, using the IPSec debug feature may cause the LAN-Cell to continuously display new information.

  • Page 243: Lan-Cell 2 User's Guide

    ISAKMP SA created for peer <BRANCH> size<900> ISAKMP SA created for peer <BRANCH> size<900> ISAKMP SA built, ikePeer.s0 ISAKMP SA built, index = 0isadb_create_entry(): done create IKE entry doneinitiator(): find myIpAddr = 0.0.0.0, use <5.6.7.8> r LAN-Cell 2 User’s Guide...

  • Page 244: Ipsec Vpn Technical Reference

    The LAN-Cell and the remote IPSec router use a DH key exchange to establish a shared secret, which is used to generate encryption keys for IKE SA and IPSec SA. In main mode, the DH key exchange is done in steps 3 and 4, as illustrated below. LAN-Cell 2 User’s Guide...
  • Page 245 ID type and ID content that applies to the router itself, and peer ID type and ID content refers to the ID type and ID content that applies to the other router in the IKE LAN-Cell 2 User’s Guide...
  • Page 246 CAs you have set up. Alternatively, if you want to use a specific certificate to authenticate the remote IPSec router, you can use the information in the certificate to specify the peer ID type and ID content. LAN-Cell 2 User’s Guide...

  • Page 247: Extended Authentication

    Cell. It also finishes the Diffie-Hellman key exchange, authenticates the LAN-Cell, and sends its (unencrypted) identity to the LAN-Cell for authentication. Step 3: The LAN-Cell authenticates the remote IPSec router and confirms that the IKE SA is established. LAN-Cell 2 User’s Guide...

  • Page 248: Additional Ipsec Vpn Topics

    SAs have a lifetime that specifies how long the SA lasts until it times out. When an SA times out, the LAN-Cell automatically renegotiates the SA in the following situations: • There is traffic when the SA life time expires • The IPSec SA is configured on the LAN-Cell as nailed up (see below) LAN-Cell 2 User’s Guide...
  • Page 249 When setting up a IPSec high availability VPN tunnel, the remote IPSec router: • Must have multiple WAN connections • Only needs the configure one corresponding IPSec rule • Should only have IPSec high availability settings in its corresponding IPSec rule if your LAN-Cell has multiple WAN connections LAN-Cell 2 User’s Guide...

  • Page 250: Ipsec Sa Overview

    In IPSec SA, the local network, the one(s) connected to the LAN-Cell, may be called the local policy. Similarly, the remote network, the one(s) connected to the remote IPSec router, may be called the remote policy. LAN-Cell 2 User’s Guide...

  • Page 251: Virtual Address Mapping

    IP addresses 172.21.2.2 to 172.21.2.27 to access the remote network devices. Computers on network Y use IP addresses 192.168.1.2 to 192.168.1.27 to access local network devices and IP addresses 10.0.0.2 to 10.0.0.4 to access the remote network devices. LAN-Cell 2 User’s Guide...
  • Page 252 IPSec router, whichever is the destination. • Inside header: The inside IP header contains the IP address of the computer behind the LAN-Cell or remote IPSec router. The header for the active protocol (AH or ESP) appears between the IP headers. LAN-Cell 2 User’s Guide...

  • Page 253: Ipsec Sa Using Manual Keys

    The LAN-Cell and remote IPSec router must use the same encryption key and authentication key. Authentication and the Security Parameter Index (SPI) For authentication, the LAN-Cell and remote IPSec router use the SPI, instead of pre-shared keys, ID type and content. The SPI is an identification number. LAN-Cell 2 User’s Guide...
  • Page 254 Chapter 10 IPSec VPN Config Screens The LAN-Cell and remote IPSec router must use the same SPI. LAN-Cell 2 User’s Guide...

  • Page 255: Certificates Screens

    3 Tim uses his private key to encrypt the message and sends it to Jenny. 4 Jenny receives the message and uses Tim’s public key to decrypt it. 5 Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny’s public key to decrypt the message. LAN-Cell 2 User’s Guide...
  • Page 256 1 Browse to where you have the certificate saved on your computer. 2 Make sure that the certificate has a “.cer” or “.crt” file name extension. Figure 155 Certificates on Your Computer LAN-Cell 2 User’s Guide...

  • Page 257: My Certificates Screen

    11.2 My Certificates Screen Click SECURITY > CERTIFICATES > My Certificates to open the My Certificates screen. This is the LAN-Cell’s summary list of certificates and certification requests. Certificates display in black and certification requests display in gray. LAN-Cell 2 User’s Guide...
  • Page 258 This button displays when the LAN-Cell has the factory default certificate. The factory default certificate is common to all LAN-Cells that use certificates. Proxicast recommends that you use this button to replace the factory default certificate with one that uses your LAN-Cell's MAC address.

  • Page 259: My Certificate Details Screen

    You can use this screen to view in-depth certificate information and change the certificate’s name. If it is a self-signed certificate, you can also set the LAN-Cell to use the certificate to sign the imported trusted remote host certificates. LAN-Cell 2 User’s Guide...
  • Page 260 This certificates. automatically clears the check box in the details screen of the certificate that was previously set to sign the imported trusted remote host certificates. LAN-Cell 2 User’s Guide...
  • Page 261 Subject Type=CA means that this is a certification authority’s certificate and “Path Length Constraint=1” means that there can only be one certification authority in the certificate’s path. MD5 Fingerprint This is the certificate’s message digest that the LAN-Cell calculated using the MD5 algorithm. LAN-Cell 2 User’s Guide...

  • Page 262: My Certificate Export Screen

    Exporting a PKCS #12 file creates this and you must provide it to decrypt the contents when you import the file into the LAN-Cell. Figure 159 SECURITY > CERTIFICATES > My Certificates > Export LAN-Cell 2 User’s Guide...

  • Page 263: My Certificate Import Screen

    • Binary PKCS#7: This is a standard that defines the general syntax for data (including digital signatures) that may be encrypted. The LAN-Cell currently allows the importation of a PKS#7 file that contains a single certificate. LAN-Cell 2 User’s Guide...
  • Page 264 Click Apply to save the certificate on the LAN-Cell. Cancel Click Cancel to quit and return to the My Certificates screen. When you import a binary PKCS#12 format certificate, another screen displays for you to enter the password. LAN-Cell 2 User’s Guide...

  • Page 265: My Certificate Create Screen

    Click SECURITY > CERTIFICATES > My Certificates > Create to open the My Certificate Create screen. Use this screen to have the LAN-Cell create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. LAN-Cell 2 User’s Guide...
  • Page 266 LAN-Cell drops trailing spaces. Organization Type up to 127 characters to identify the company or group to which the certificate owner belongs. You may use any character, including spaces, but the LAN-Cell drops trailing spaces. LAN-Cell 2 User’s Guide...
  • Page 267 DC (domain component) - select this and enter the domain component of a domain to identify the owner of the certificate. For example, if the domain is proxicast.com, the domain component is "proxicast" or "com". You can use up to 63 characters.
  • Page 268 Fill in both the Reference Number and the Key fields if your certification authority uses CMP enrollment protocol. Just fill in the Key field if your certification authority uses the SCEP enrollment protocol. Type the key that the certification authority gave you. LAN-Cell 2 User’s Guide...

  • Page 269: Trusted Cas Screen

    LAN-Cell to accept as trusted. The LAN-Cell accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities. Figure 163 SECURITY > CERTIFICATES > Trusted CAs LAN-Cell 2 User’s Guide...

  • Page 270: Trusted Ca Details Screen

    LAN-Cell to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. LAN-Cell 2 User’s Guide...
  • Page 271 Certificate Revocation List (CRL). certificates issued Clear this check box to have the LAN-Cell not check incoming certificates that by this CA against a are issued by this certification authority against a Certificate Revocation List (CRL). LAN-Cell 2 User’s Guide...
  • Page 272 This field displays general information about the certificate. For example, Subject Type=CA means that this is a certification authority’s certificate and “Path Length Constraint=1” means that there can only be one certification authority in the certificate’s path. LAN-Cell 2 User’s Guide...

  • Page 273: Trusted Ca Import Screen

    LAN-Cell. The LAN-Cell trusts any valid certificate signed by any of the imported trusted CA certificates. You must remove any spaces from the certificate’s filename before you can import the certificate. LAN-Cell 2 User’s Guide...

  • Page 274: Trusted Remote Hosts Screen

    You do not need to add any certificate that is signed by one of the certification authorities on the Trusted CAs screen since the LAN-Cell automatically accepts any valid certificate signed by a trusted certification authority as being trustworthy. LAN-Cell 2 User’s Guide...
  • Page 275 Click Import to open a screen where you can save the certificate of a remote host (which you trust) from your computer to the LAN-Cell. Refresh Click this button to display the current validity status of the certificates. LAN-Cell 2 User’s Guide...

  • Page 276: Trusted Remote Hosts Import Screen

    Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click Browse to find the certificate file you want to upload. Apply Click Apply to save the certificate on the LAN-Cell. Cancel Click Cancel to quit and return to the Trusted Remote Hosts screen. LAN-Cell 2 User’s Guide...

  • Page 277: Trusted Remote Host Certificate Details Screen

    Remote Hosts screen. Click the details icon to open the Trusted Remote Host Details screen. You can use this screen to view in-depth information about the trusted remote host’s certificate and/or change the certificate’s name. Figure 168 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details LAN-Cell 2 User’s Guide...
  • Page 278 This field displays general information about the certificate. For example, Subject Type=CA means that this is a certification authority’s certificate and “Path Length Constraint=1” means that there can only be one certification authority in the certificate’s path. LAN-Cell 2 User’s Guide...

  • Page 279: Directory Servers Screen

    LAN-Cell first checks the server(s) listed in the CRL Distribution Points field of the incoming certificate. If the certificate does not list a server or the listed server is not available, the LAN-Cell checks the servers listed here. Figure 169 SECURITY > CERTIFICATES > Directory Servers LAN-Cell 2 User’s Guide...

  • Page 280: Directory Server Add Or Edit Screen

    Click Add (or the details icon) to open the Directory Server Add screen. Use this screen to configure information about a directory server that the LAN-Cell can access. Figure 170 SECURITY > CERTIFICATES > Directory Server > Add LAN-Cell 2 User’s Guide...
  • Page 281 Click Apply to save your changes back to the LAN-Cell. Cancel Click Cancel to quit configuring this screen and return to the Directory Servers screen. A. At the time of writing, LDAP is the only choice of directory server access protocol. LAN-Cell 2 User’s Guide...
  • Page 282 Chapter 11 Certificates Screens LAN-Cell 2 User’s Guide...

  • Page 283: Authentication Server Screens

    Determines the identity of the users. • • Accounting Keeps track of the client’s network activity. RADIUS user is a simple package exchange in which your LAN-Cell acts as a message relay between the wireless station and the network RADIUS server. LAN-Cell 2 User’s Guide...

  • Page 284: Local User Database Screen

    Enter the user name of the user profile. Password Enter a password up to 31 characters long for this user profile. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 285: Radius Screen

    Enter the IP address of the external accounting server in dotted decimal notation. Port Number The default port of the RADIUS server for accounting is 1813. You need not change this value unless your network administrator instructs you to do so with additional information. LAN-Cell 2 User’s Guide...
  • Page 286 The key is not sent over the network. This key must be the same on the external accounting server and LAN-Cell. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 287: Advanced Menu

    Advanced Menu Network Address Translation (NAT) Screens (289) DNS Screens (307) Remote Management Screens (319) Static Route Screens (339) Policy Route Screens (343) Bandwidth Management Screens (349) ALG Screens (365)

  • Page 289: Network Address Translation (Nat) Screens

    • Many to One: In Many-to-One mode, the LAN-Cell maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), Proxicast's Single User Account feature (the SUA option). • Many to Many Overload: In Many-to-Many Overload mode, the LAN-Cell maps the multiple local IP addresses to shared global IP addresses.

  • Page 290: Nat Overview Screen

    13.2 NAT Overview Screen Click ADVANCED > NAT to open the NAT Overview screen. You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN/CELL to be forwarded through the LAN-Cell. LAN-Cell 2 User’s Guide...
  • Page 291 The bar displays how many of the LAN-Cell's possible address mapping rules are configured. The first number shows how many address mapping rules are configured on the LAN-Cell. The second number shows the maximum number of address mapping rules that can be configured on the LAN-Cell. LAN-Cell 2 User’s Guide...

  • Page 292: Nat Address Mapping

    9. In the set summary screen, the new rule will be rule 7, not 9. Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. LAN-Cell 2 User’s Guide...
  • Page 293 This is the end Inside Local Address (ILA). If the rule is for all local IP addresses, then this field displays 255.255.255.255 as the Local End IP address. This field is N/A for One-to-One and Server mapping types. LAN-Cell 2 User’s Guide...

  • Page 294: Nat Address Mapping Edit

    One-to-One NAT mapping type. 2. Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), Proxicast's Single User Account feature that previous Proxicast routers supported only.

  • Page 295: Port Forwarding

    2. Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), Proxicast's Single User Account feature. 3. Many-to-Many Overload: Many-to-Many Overload mode maps multiple local IP addresses to shared global IP addresses.

  • Page 296: Configuring Servers Behind Port Forwarding (Example)

    80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. LAN-Cell 2 User’s Guide...
  • Page 297 80, but sends it to server B (IP address 192.168.1.34). In this example, anyone wanting to access server A from the Internet must use port 8080. Anyone wanting to access server B from the Internet must use port 8100. LAN-Cell 2 User’s Guide...

  • Page 298: Port Forwarding Screen

    WAN-based remote access to the LAN-Cell. The last port forwarding rule is reserved for Roadrunner services. The rule is activated only when you set the WAN Encapsulation to Ethernet and the Service Type to something other than Standard. LAN-Cell 2 User’s Guide...
  • Page 299 For a range of ports, you only need to enter the first number of the range to which you want the incoming ports translated, the LAN-Cell automatically calculates the last port of the translated port range. Server IP Enter the inside IP address of the server here. Address LAN-Cell 2 User’s Guide...

  • Page 300: Port Triggering

    5 Only Jane can connect to the Real Audio server until the connection is closed or times out. The LAN-Cell times out in three minutes with UDP (User Datagram Protocol) or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol). LAN-Cell 2 User’s Guide...
  • Page 301 End Port Type a port number or the ending port number in a range of port numbers. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 302: Nat Technical Reference

    ISP. In addition, you can designate servers (for example a web server and a telnet server) on your local network and make them accessible to the outside world. Although you can make designated servers on the LAN accessible to the outside world, it is strongly recommended LAN-Cell 2 User’s Guide...

  • Page 303: How Nat Works

    The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the LAN-Cell can communicate with three distinct WAN networks. More examples follow at the end of this chapter. LAN-Cell 2 User’s Guide...

  • Page 304: Port Restricted Cone Nat

    LAN-Cell will perform NAT on them and send them to the server at IP address 1, port A. Packets have not been sent from 1, A to 4, E or 5, so they cannot send packets to 1, A. LAN-Cell 2 User’s Guide...
  • Page 305 Chapter 13 Network Address Translation (NAT) Screens Figure 183 Port Restricted Cone NAT Example LAN-Cell 2 User’s Guide...
  • Page 306 Chapter 13 Network Address Translation (NAT) Screens LAN-Cell 2 User’s Guide...

  • Page 307: Dns Screens

    ISP. 3 You can manually enter the IP addresses of other DNS servers. These servers can be public or private. A DNS server could even be behind a remote IPSec router (see Section on page 308). LAN-Cell 2 User’s Guide...
  • Page 308 An FQDN consists of a host and domain name and includes the top-level domain. For example, www.proxicast.com is a fully qualified domain name, where “www” is the host, “proxicast” is the second-level domain, and “.com” is the top level domain.

  • Page 309: System Screen

    IP address. 14.2 System Screen Click ADVANCED > DNS to display the following screen. Use this screen to configure your LAN-Cell’s DNS address and name server records. LAN-Cell 2 User’s Guide...
  • Page 310 (FQDN) to an IP address. An FQDN consists of a host and domain name and includes the top-level domain. For example, www.proxicast.com is a fully qualified domain name, where “www” is the host, “proxicast” is the second-level domain, and “.com” is the top level domain.

  • Page 311: Adding An Address Record

    DESCRIPTION Domain Zone A domain zone is a fully qualified domain name without the host. For example, proxicast.com is the domain zone for the www.proxicast.com fully qualified domain name. From This field displays whether the IP address of a DNS server is from a WAN interface (and which it is) or specified by the user.

  • Page 312: Inserting A Name Server Record

    For example, www.proxicast.com is a fully qualified domain name, where “www” is the host, “proxicast” is the second-level domain, and “.com” is the top level domain. IP Address If this entry is for one of the WAN ports on the LAN-Cell, select WAN Interface and select WAN or CELLULAR from the drop-down list box.

  • Page 313: Dns Cache

    For example, whenever the LAN-Cell receives needs to resolve a proxicast.com domain name, it can send a query to the recorded name server IP address. Leave this field blank if all domain zones are served by the specified DNS server(s).
  • Page 314 This displays whether the response for the DNS request is positive or negative. Domain Name This is the domain name of a host. IP Address This is the (resolved) IP address of a host. This field displays 0.0.0.0 for negative DNS resolution entries. LAN-Cell 2 User’s Guide...

  • Page 315: Configuring Dns Dhcp

    The LAN-Cell passes a DNS (Domain Name System) server IP address to the Assigned by DHCP DHCP clients. Server Selected Interface Select an interface from the drop-down list box to configure the DNS servers for the specified interface. These read-only labels represent the DNS servers. LAN-Cell 2 User’s Guide...

  • Page 316: Ddns Screen

    IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. If you have a private WAN IP address, then you cannot use Dynamic DNS. LAN-Cell 2 User’s Guide...

  • Page 317: Configuring Dynamic Dns

    (and the underscore). Spaces are not allowed. My Domain Names Domain Name 1~5 Enter the host names in these fields. Enter a Fully Qualified Domain Name (FQDN) that matches the host name set up in your DynDNS account. LAN-Cell 2 User’s Guide...
  • Page 318 LAN-Cell uses the dial backup port. DDNS does not function when the LAN-Cell uses traffic redirect. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 319: Remote Management Screens

    • Use the DNS screen (Section 15.11 on page 336) to set from which IP address the LAN- Cell will accept DNS queries and on which interface it can send them your LAN-Cell’s DNS settings. LAN-Cell 2 User’s Guide...

  • Page 320: What You Need To Know About Remote Management

    The LAN-Cell automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. You can change the timeout period in the MAINTENANCE > General screen. LAN-Cell 2 User’s Guide...

  • Page 321: Remote Management Examples

    • To have the browser trust the certificates issued by a certificate authority, import the certificate authority’s certificate into your operating system as a trusted certificate. Refer to Appendix G on page 629 for details. LAN-Cell 2 User’s Guide...
  • Page 322 Figure 193 Example: Lock Denoting a Secure Connection Click Login and you then see the next screen. The factory default certificate is a common default certificate for all LAN-Cell models. LAN-Cell 2 User’s Guide...
  • Page 323 Certificates screen. You will see information similar to that shown in the following figure. Figure 195 Device-specific Certificate Click Ignore in the Replace Certificate screen to use the common LAN-Cell certificate. You will then see this information in the My Certificates screen. LAN-Cell 2 User’s Guide...

  • Page 324: Secure Telnet Using Ssh Examples

    3 A window displays prompting you to store the host key in you computer. Click Yes to continue. Figure 197 SSH Example 1: Store Host Key Enter the password to log in to the LAN-Cell. The SMT main menu displays next. LAN-Cell 2 User’s Guide...
  • Page 325 LAN-Cell for secure file transfer using SSH version 1. If this is the first time you are connecting to the LAN-Cell using SSH, a message displays prompting you to save the host information of the LAN-Cell. Type “yes” and press [ENTER]. 2 Enter the password to login to the LAN-Cell. LAN-Cell 2 User’s Guide...
  • Page 326 Read from remote host 192.168.1.1: Connection reset by peer Connection closed 15.3 WWW Click ADVANCED > REMOTE MGMT to open the WWW screen. Use this screen to configure the LAN-Cell’s HTTP and HTTPS management settings. Figure 201 ADVANCED > REMOTE MGMT > WWW LAN-Cell 2 User’s Guide...

  • Page 327: The Www (Http And Https) Screen

    (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed). LAN-Cell 2 User’s Guide...
  • Page 328 2 HTTP connection requests from a web browser go to port 80 (by default) on the LAN- Cell’s WS (web server). Figure 202 HTTPS Implementation If you disable the HTTP service in the REMOTE MGMT > WWW screen, then the LAN-Cell blocks all HTTP connection attempts. LAN-Cell 2 User’s Guide...

  • Page 329: Configuring The Www Screen

    LAN-Cell using this service. HTTP Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. LAN-Cell 2 User’s Guide...

  • Page 330: The Ssh Screen

    SMT management and file transfer on port 22. Only one SSH connection is allowed at a time. Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the LAN-Cell over SSH. LAN-Cell 2 User’s Guide...

  • Page 331: Configuring The Ssh Screen

    Click Reset to begin configuring this screen afresh. 15.8 Telnet Screen You can use Telnet to access the LAN-Cell’s SMT or command line interface. Specify which interfaces allow Telnet access and from which IP address the access can come. LAN-Cell 2 User’s Guide...

  • Page 332: Ftp Screen

    To change your LAN-Cell’s FTP settings, click ADVANCED > REMOTE MGMT > FTP. The screen appears as shown. Use this screen to specify which interfaces allow FTP access and from which IP address the access can come. LAN-Cell 2 User’s Guide...

  • Page 333: Snmp Screen

    LAN-Cell supports SNMP agent functionality, which allows a manager station to manage and monitor the LAN-Cell through the network. The LAN-Cell supports SNMP version one (SNMPv1). The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. LAN-Cell 2 User’s Guide...

  • Page 334: Supported Mibs

    • Trap - Used by the agent to inform the manager of some events. Supported MIBs The LAN-Cell supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. LAN-Cell 2 User’s Guide...

  • Page 335: Configuring The Snmp Screen

    15.10.1 Configuring the SNMP Screen To change your LAN-Cell’s SNMP settings, click ADVANCED > REMOTE MGMT > SNMP. The screen appears as shown. Figure 208 ADVANCED > REMOTE MGMT > SNMP LAN-Cell 2 User’s Guide...

  • Page 336: Dns Screen

    Click ADVANCED > REMOTE MGMT > DNS to change your LAN-Cell’s DNS settings. Use this screen to set from which IP address the LAN-Cell will accept DNS queries and on which interface it can send them your LAN-Cell’s DNS settings. Figure 209 ADVANCED > REMOTE MGMT > DNS LAN-Cell 2 User’s Guide...

  • Page 337: Remote Management Technical Reference

    The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server. LAN-Cell 2 User’s Guide...
  • Page 338 After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. LAN-Cell 2 User’s Guide...

  • Page 339: Static Route Screens

    • Use the IP Static Route Edit screen (Section 16.2.1 on page 341) to configure the required information for a static route. 16.2 IP Static Route Screen Click ADVANCED > STATIC ROUTE to open the IP Static Route screen. LAN-Cell 2 User’s Guide...
  • Page 340 This is the name that describes or identifies this route. Active This field shows whether this static route is active (Yes) or not (No). Destination This parameter specifies the IP network address of the final destination. Routing is always based on network number. LAN-Cell 2 User’s Guide...

  • Page 341: Ip Static Route Edit Screen

    1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number. LAN-Cell 2 User’s Guide...
  • Page 342 Select this check box to keep this route private and not included in RIP broadcasts. Clear this check box to propagate this route to other hosts through RIP broadcasts. Apply Click Apply to save your changes back to the LAN-Cell. Cancel Click Cancel to exit this screen without saving. LAN-Cell 2 User’s Guide...

  • Page 343: Policy Route Screens

    The inclusion of length criterion is to differentiate between interactive and bulk traffic. Interactive applications, e.g., telnet, tend to have short packets, while bulk traffic, e.g., file transfer, tends to have large packets. LAN-Cell 2 User’s Guide...

  • Page 344: Policy Route Summary Screen

    IPPR follows the existing packet filtering facility of RAS in style and in implementation. 17.2 Policy Route Summary Screen Click ADVANCED > POLICY ROUTE to open the Policy Route Summary screen. Figure 214 ADVANCED > POLICY ROUTE > Policy Route Summary LAN-Cell 2 User’s Guide...

  • Page 345: Policy Route Edit Screen

    Policy-based routing is applied to incoming packets on a per interface basis before normal routing. The LAN-Cell does not perform normal routing on packets that match any of the policy routes. LAN-Cell 2 User’s Guide...
  • Page 346 Precedence value of the incoming packet. Select a value from 0 to 7 or Any. Packet Length Type a length of packet (in bytes). The operators in the Len Compare field apply to incoming packets of this length. LAN-Cell 2 User’s Guide...
  • Page 347 Enter the destination ending port number. This field is applicable only when you select TCP or UDP in the IP Protocol field and Custom in the Application field. Action Applies to Specifies whether action should be taken on criteria Matched or Not Matched. Routing Action LAN-Cell 2 User’s Guide...
  • Page 348 Select Yes from the drop-down list box to make an entry in the system log when a policy is executed. Apply Click Apply to save your changes back to the LAN-Cell. Cancel Click Cancel to exit this screen without saving. LAN-Cell 2 User’s Guide...

  • Page 349: Bandwidth Management Screens

    • Use the Monitor screen (Section 18.4 on page 362) to view the device’s bandwidth usage and allotments. LAN-Cell 2 User’s Guide...

  • Page 350: What You Need To Know About Bandwidth Management

    Subnet-based Bandwidth Management You can create bandwidth classes based on subnets. The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 216 Subnet-based Bandwidth Management Example LAN-Cell 2 User’s Guide...

  • Page 351: Bandwidth Management Examples

    Table 131 Application and Subnet-based Bandwidth Management Example TRAFFIC TYPE FROM SUBNET A FROM SUBNET B VoIP 64 Kbps 64 Kbps 64 Kbps 64 Kbps 64 Kbps 64 Kbps E-mail 64 Kbps 64 Kbps Video 64 Kbps 64 Kbps LAN-Cell 2 User’s Guide...
  • Page 352 Suppose you try to browse the web too. In this case, VoIP, NetMeeting and FTP all have higher priority, so they get to use the bandwidth first. You can only browse the web when VoIP, NetMeeting, and FTP do not use all 1000 Kbps of available bandwidth. LAN-Cell 2 User’s Guide...
  • Page 353 • Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the unbudgeted and unused bandwidth goes to the higher priority sales and marketing classes. LAN-Cell 2 User’s Guide...

  • Page 354: Bandwidth Management Summary Screen

    (see Section on page 357). 18.2 Bandwidth Management Summary Screen Click ADVANCED > BW MGMT to open the Summary screen. Enable bandwidth management on an interface and set the maximum allowed bandwidth for that interface. LAN-Cell 2 User’s Guide...
  • Page 355 351) or you want to limit the speed of this interface (see the Speed field description). Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 356: Class Setup Screen

    Click Edit to configure the selected class. You cannot edit the root class. Delete Click Delete to delete the class and all its sub-classes. You cannot delete the root class. Statistics Click Statistics to display the status of the selected class. LAN-Cell 2 User’s Guide...

  • Page 357: Bandwidth Manager Class Configuration

    The LAN-Cell uses the scheduler to divide a parent class’s unused bandwidth among the sub-classes. Click ADVANCED > BW MGMT > Class Setup > Add Sub-Class or Edit to open the following screen. Use this screen to add a child class. LAN-Cell 2 User’s Guide...
  • Page 358 Section 18.1.3 on page 351) or you want to set the interface’s speed to match what the next device in network can handle (see the Speed field description in Table 136 on page 355). Filter Configuration LAN-Cell 2 User’s Guide...
  • Page 359 IP addresses (for example 192.168.1.10 to 192.169.1.50) or a subnet? Select Single Address, Range Address or Subnet Address. Source IP Address Enter the single IP address or the starting IP address in a range here. LAN-Cell 2 User’s Guide...
  • Page 360 SNMP trap PPTP (Point-to-Point Tunneling Protocol) 1723 18.3.1.1 Bandwidth Borrowing Example Here is an example of bandwidth management with classes configured for bandwidth borrowing. The classes are set up based on departments and individuals within certain departments. LAN-Cell 2 User’s Guide...

  • Page 361: Screen

    Root class because the Research class also has bandwidth borrowing enabled. 18.3.2 Bandwidth Management Statistics Screen Click ADVANCED > BW MGMT > Class Setup > Statistics to open the Bandwidth Management Statistics screen. This screen displays the selected bandwidth class’s bandwidth usage and allotments. LAN-Cell 2 User’s Guide...

  • Page 362: Bandwidth Manager Monitor

    Click Clear Counter to clear all of the bandwidth management statistics. 18.4 Monitor Bandwidth Manager Click ADVANCED > BW MGMT > Monitor to open the following screen. Use this screen to view the device’s bandwidth usage and allotments. LAN-Cell 2 User’s Guide...
  • Page 363 A. If you allocate all the root class’s bandwidth to the bandwidth classes, the default class still displays a budget of 2 kbps (the minimum amount of bandwidth that can be assigned to a bandwidth class). LAN-Cell 2 User’s Guide...
  • Page 364 Chapter 18 Bandwidth Management Screens LAN-Cell 2 User’s Guide...

  • Page 365: Alg Screens

    LAN-Cell determines from its inspection of the data payload of the application’s packets. The firewall rule is automatically deleted after the application’s traffic has gone through. LAN-Cell 2 User’s Guide...

  • Page 366: Alg And Multiple Wan

    • You must configure the firewall and port forwarding to allow incoming (peer-to-peer) calls from the WAN to a private IP address on the LAN, DMZ or WLAN. The following example shows H.323 signaling (1) and audio (2) sessions between H.323 devices A and LAN-Cell 2 User’s Guide...
  • Page 367 H.323 calls from LAN IP addresses B and C go out through WAN IP address 2. Even though only LAN IP address A can receive incoming calls from the Internet, LAN IP addresses B and C can still make calls out to the Internet. LAN-Cell 2 User’s Guide...
  • Page 368 • The SIP ALG allows UDP packets with a port 5060 destination to pass through. • The LAN-Cell allows SIP audio connections. The following example shows SIP signaling (1) and audio (2) sessions between SIP clients A and B and the SIP server. LAN-Cell 2 User’s Guide...

  • Page 369: Alg Screen

    Click ADVANCED > ALG to open the ALG screen. Use the ALG screen to turn individual ALGs off or on and set the SIP timeout. If the LAN-Cell provides an ALG for a service, you must enable the ALG in order to perform bandwidth management on that service’s traffic. LAN-Cell 2 User’s Guide...
  • Page 370 Cell SIP timeout (default 60 minutes), the LAN-Cell SIP ALG drops any incoming calls after the timeout period. Enter the SIP signaling session timeout value. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 371: Custom Application Screens

    This screen only specifies what port numbers the LAN-Cell checks for specific protocol traffic. Use other screens to enable or disable the monitoring of the protocol traffic. Changes in the Custom APP screen do not apply to the firewall. LAN-Cell 2 User’s Guide...
  • Page 372 Enter the ending port for the range that the LAN-Cell is to monitor for this application Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 373: Logs And Maintenance Menus

    Logs and Maintenance Menus Logs Screens (375) Maintenance Screens (397)

  • Page 375: Logs Screens

    LAN-Cell to E-mail you the log when it is full in the Log Settings screen. Click a column heading to sort the entries by the relevant attribute. A triangle indicates ascending or descending sort order. LAN-Cell 2 User’s Guide...
  • Page 376 Log Settings page (make sure that you have first filled in the E-mail Log Settings fields in Log Settings, see Section 21.3 on page 377). Refresh Click Refresh to renew the log screen. Clear Log Click Clear Log to delete all the logs. LAN-Cell 2 User’s Guide...

  • Page 377: Log Description Example

    Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full (see Log Schedule). Selecting many alert and/or log categories (especially Access Control) may result in many e-mails being sent. LAN-Cell 2 User’s Guide...
  • Page 378 Alerts can only be sent via SMTP, however, some cellular phone and pager service providers allow e-mail messages sent to specific addresses to be redirected as SMS or pager messages to mobile devices. Contact your service provider for more information. Figure 229 LOGS > Log Settings LAN-Cell 2 User’s Guide...
  • Page 379 Refer to the documentation of your syslog program for more details. Active Log and Alert Select the categories of logs that you want to record. Logs include alerts. LAN-Cell 2 User’s Guide...
  • Page 380 Specify the time interval during which the LAN-Cell merges logs with identical Period messages into one log. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 381: Logs Technical Reference

    Too large ICMP packet has been dropped An SMT management session has started. SMT Session Begin An SMT management session has ended. SMT Session End The router is saving configuration changes. Configuration Change: PC = 0x%x, Task ID = 0x%x LAN-Cell 2 User’s Guide...
  • Page 382 (or did not match) a configured firewall rule | UDP | IGMP | ESP | GRE | OSPF (denoted by its number) and was blocked or forwarded ] <Packet Direction>, <rule:%d> according to the rule. LAN-Cell 2 User’s Guide...
  • Page 383 TOS (firewall dynamic sessions) until incomplete connections < “Maximum Incomplete Low”. The router sends a TCP RST packet and generates this log if you Access block, sent TCP turn on the firewall TCP reset mechanism (via CI command: "sys firewall tcprst"). LAN-Cell 2 User’s Guide...
  • Page 384 Starting The PPP connection’s Link Control Protocol stage is opening. ppp:LCP Opening The PPP connection’s Challenge Handshake Authentication Protocol stage is ppp:CHAP Opening opening. The PPP connection’s Internet Protocol Control Protocol stage is starting. ppp:IPCP Starting LAN-Cell 2 User’s Guide...
  • Page 385 The firewall detected an ICMP traceroute attack. traceroute ICMP (type:%d, code:%d) The firewall detected a UDP port scan attack. ports scan UDP The firewall sent TCP packet in response to a DoS attack Firewall sent TCP packet in response to DoS attack LAN-Cell 2 User’s Guide...
  • Page 386 Inbound packet may have altered or tampered with the packet. authentication failed The router dropped an inbound packet for which SPI could not find a Receive IPSec packet, corresponding phase 2 SA. but no corresponding tunnel exists LAN-Cell 2 User’s Guide...
  • Page 387 Gateway Addr for rule <%d> The displayed ID information did not match between the two Peer ID: <peer id> <My remote ends of the connection. type> -<My local type> LAN-Cell 2 User’s Guide...
  • Page 388 The router was not able to use extended authentication to XAUTH fail! Username: authenticate the listed username. <Username> The listed rule’s IKE phase 1 negotiation mode did not match Rule[%d] Phase 1 negotiation between the router and the peer. mode mismatch LAN-Cell 2 User’s Guide...
  • Page 389 The listed rule’s IKE phase 1 did not match between the Rule [%d] phase 1 mismatch router and the peer. The listed rule’s IKE phase 2 did not match between the Rule [%d] phase 2 mismatch router and the peer. LAN-Cell 2 User’s Guide...
  • Page 390 LDAP server whose address and port are recorded in the Source received ca cert field. The router received a corrupted user certificate from the LDAP server Failed to decode the whose address and port are recorded in the Source field. received user cert LAN-Cell 2 User’s Guide...
  • Page 391 CRL is not valid. CRL signature was not verified correctly. CRL was not found (anywhere). CRL was not added to the cache. CRL decoding failed. CRL is not currently valid, but in the future. CRL contains duplicate serial numbers. LAN-Cell 2 User’s Guide...
  • Page 392 WLAN to WLAN/ ACL set for packets traveling from the WLAN to the LAN-Cell WLAN or the LAN-Cell. Table 163 ICMP Notes TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable LAN-Cell 2 User’s Guide...
  • Page 393 Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message LAN-Cell 2 User’s Guide...

  • Page 394: Syslog Logs

    RFC for detailed information on each type. Table 165 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY LAN-Cell 2 User’s Guide...
  • Page 395 Chapter 21 Logs Screens Table 165 RFC-2408 ISAKMP Payload Types (continued) LOG DISPLAY PAYLOAD TYPE Delete Vendor ID LAN-Cell 2 User’s Guide...
  • Page 396 Chapter 21 Logs Screens LAN-Cell 2 User’s Guide...

  • Page 397: Maintenance Screens

    Computer name field and enter it as the System Name. • In Windows XP, click Start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the LAN-Cell System Name. LAN-Cell 2 User’s Guide...

  • Page 398: Password Screen

    Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. 22.3 Password Screen Click MAINTENANCE > Password to open the following screen. Use this screen to change the LAN-Cell’s management password. LAN-Cell 2 User’s Guide...

  • Page 399: Time And Date Screen

    The LAN-Cell continues to use the NTP time server pools if you do not specify a time server or it cannot synchronize with the time server you specified. The LAN-Cell can use the NTP time server pools regardless of the time protocol you select. LAN-Cell 2 User’s Guide...
  • Page 400 Figure 232 MAINTENANCE > Time and Date The following table describes the labels in this screen. Table 168 MAINTENANCE > Time and Date LABEL DESCRIPTION Current Time and Date Current Time This field displays the LAN-Cell’s present time. LAN-Cell 2 User’s Guide...
  • Page 401 Last, Sunday, March. The time you type in the o'clock field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). LAN-Cell 2 User’s Guide...

  • Page 402: Time Server Synchronization Example

    Click the Return button to go back to the Time and Date screen after the time and date is updated successfully. Figure 234 Synchronization is Successful If the update was not successful, the following screen appears. Click Return to go back to the Time and Date screen. LAN-Cell 2 User’s Guide...

  • Page 403: F/W Upload Screen

    Figure 235 Synchronization Fail 22.5 F/W Upload Screen Find firmware at support.proxicast.com in a file that (usually) uses the firmware version number as the filename with a .bin extension, for example, "402XF1.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
  • Page 404 The LAN-Cell automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 238 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the HOME screen. LAN-Cell 2 User’s Guide...

  • Page 405: Backup And Restore Screen

    Section 38.5 on page 537 for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE > Backup & Restore. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 240 MAINTENANCE > Backup and Restore LAN-Cell 2 User’s Guide...
  • Page 406 LAN-Cell again. Figure 241 Configuration Upload Successful The LAN-Cell automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 242 Network Temporarily Disconnected LAN-Cell 2 User’s Guide...

  • Page 407: Restart Screen

    System restart allows you to reboot the LAN-Cell without turning the power off. Click MAINTENANCE > Restart. Click Restart to have the LAN-Cell reboot. Restart is different than Reset. Reset returns the device to its default configuration. LAN-Cell 2 User’s Guide...

  • Page 408: The Diagnostics Screen

    You may need to generate this file and send it to customer support during troubleshooting. Click MAINTENANCE > Diagnostics to open the following screen. The LAN-Cell sends only one diagnosis mail within five minutes (unless you click Perform Diagnostics Now). LAN-Cell 2 User’s Guide...
  • Page 409 Send Log To Diagnostic files are sent to the e-mail address specified in this field. If this field is left blank, diagnostic files will not be sent via e-mail. LAN-Cell 2 User’s Guide...
  • Page 410 Enter the time of day in 24-hour format (for example 23:00 equals 11:00 pm) to Diagnostics generate and send diagnostic files. Apply Click Apply to save your changes back to the LAN-Cell. Reset Click Reset to begin configuring this screen afresh. LAN-Cell 2 User’s Guide...

  • Page 411: System Management Terminal

    System Management Terminal Introducing the SMT (413) General Setup (421) WAN, 3G and Dial Backup Setup (427) LAN Setup (441) Ethernet WAN Internet Access (447) DMZ Setup (453) Route Setup (457) WLAN Setup (461) WAN ISP Setup (465) IP Static Route Setup (473) Network Address Translation (NAT) (477) Firewall Status (497) Filter Configuration (499)

  • Page 413: Introducing The Smt

    • No parity, 8 data bits, 1 stop bit, flow control set to none. 23.2.1 Initial Screen When you turn on your LAN-Cell, it performs several internal tests as well as line initialization. After the tests, the LAN-Cell asks you to press [ENTER] to continue, as shown next. LAN-Cell 2 User’s Guide...

  • Page 414: Entering The Password

    Chapter 23 Introducing the SMT Figure 247 Initial Screen Copyright (c) 1994 - 2007 Proxicast LLC initialize ch =0, ethernet address: 00:1B:39:01:23:45 initialize ch =1, ethernet address: 00:1B:39:01:23:46 initialize ch =2, ethernet address: 00:1B:39:01:23:47 initialize ch =3, ethernet address: 00:1B:39:01:23:48 initialize ch =4, ethernet address: 00:00:00:00:00:00 AUX port init .

  • Page 415: Main Menu

    SMT interface. 23.3.1 Main Menu After you enter the password, the SMT displays the LAN-Cell Main Menu, as shown next. Figure 249 Main Menu Copyright (c) 1994 - 2007 Proxicast LLC LAN-Cell 2 Main Menu Getting Started Advanced Management 1. General Setup 21.
  • Page 416 (if supported by the 3G card). Refer to the 3G card manufacturer’s documentation for applicable commands in this mode. Type [EXIT] to return to the SMT. Exit Use this menu to exit (necessary for remote configuration). LAN-Cell 2 User’s Guide...

  • Page 417: Smt Menus Overview

    12.1 Edit Static Route Setup 15 NAT Setup 15.1 Address Mapping Sets 15.1.x Address Mapping 15.1.x.x Address Rules Mapping Rule 15.2 NAT Server Sets 15.2.x NAT Server Setup 15.2.x.x - NAT Server Configuration 15.3 Trigger Ports 15.3.x Trigger Port Setup LAN-Cell 2 User’s Guide...

  • Page 418: Changing The System Password

    26.1 Schedule Set Setup 23.4 Changing the System Password Change the system password by following the steps shown next. 1 Enter 23 in the main menu to open Menu 23 - System Password as shown next. LAN-Cell 2 User’s Guide...

  • Page 419: Resetting The Lan-Cell

    4 Re-type your new system password for confirmation and press [ENTER]. Note that as you type a password, the screen displays an “x” for each character you type. 23.5 Resetting the LAN-Cell Section 2.4 on page 51 for directions on resetting the LAN-Cell. LAN-Cell 2 User’s Guide...
  • Page 420 Chapter 23 Introducing the SMT LAN-Cell 2 User’s Guide...

  • Page 421: General Setup

    The domain name entered by you is given priority over the ISP assigned domain name. If you want to clear this field just press [SPACE BAR] and then [ENTER]. LAN-Cell 2 User’s Guide...

  • Page 422: Configuring Dynamic Dns

    2 Press [SPACE BAR] to select Yes in the Edit Dynamic DNS field. Press [ENTER] to display Menu 1.1 - Configure Dynamic DNS. 3 Press [SPACE BAR] and then [ENTER] to select Yes in the Edit Host field. Press [ENTER] to display Menu 1.1.1 - DDNS Host Summary. LAN-Cell 2 User’s Guide...
  • Page 423 4 Select Edit in the Select Command field; type the index number of the DDNS host you want to configure in the Select Rule field and press [ENTER] to open Menu 1.1.1 - DDNS Edit Host (see the next figure). LAN-Cell 2 User’s Guide...
  • Page 424 Note: If you enable high availability, DDNS can also function when the LAN-Cell uses the dial backup port. DDNS does not function when the LAN-Cell uses traffic redirect. Refer to Section on page 317 for detailed information. LAN-Cell 2 User’s Guide...
  • Page 425 When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel. The IP address updates when you reconfigure menu 1 or perform DHCP client renewal. LAN-Cell 2 User’s Guide...
  • Page 426 Chapter 24 General Setup LAN-Cell 2 User’s Guide...

  • Page 427: Wan, 3G And Dial Backup Setup

    IP Address= N/A Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at&fs0=0 Edit Advanced Setup= No Cellular Modem Setup: Init= Configure APN APN = internet PIN code= Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...

  • Page 428: Dial Backup

    3 Menu 11.3 - Remote Node Profile (Backup ISP) Refer also to the section about traffic redirect for information on an alternate backup WAN connection. 25.3.1 Configuring Dial Backup in Menu 2 From the main menu, enter 2 to open menu 2. LAN-Cell 2 User’s Guide...

  • Page 429: Advanced Wan Setup

    When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel. 25.3.2 Advanced WAN Setup Consult the manual of your WAN device connected to your Dial Backup port for specific AT commands. LAN-Cell 2 User’s Guide...
  • Page 430 This lets the LAN-Cell capture the CLID in the AT response string that comes from the WAN device. CLID is required for CLID authentication. Called Id Enter the keyword preceding the dialed number. Speed Enter the keyword preceding the connection speed. LAN-Cell 2 User’s Guide...

  • Page 431: Remote Node Profile (Backup Isp)

    Retype to Confirm= ******** Allocated Budget(min)= 0 Authen= CHAP/PAP Period(hr)= 0 Pri Phone #= 0 Schedules= Sec Phone #= Always On= No Session Options: Edit Filter Sets= No Idle Timeout(sec)= 100 Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...
  • Page 432 PPP connection. This option only applies when the LAN-Cell initiates the call. Once you have configured this menu, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press [ESC] at any time to cancel. LAN-Cell 2 User’s Guide...

  • Page 433: Editing Tcp/Ip Options

    One-to-One, Many-to-One (SUA/PAT), Many-to-Many Overload, Many- One-to-One and Server. When you select Full Feature you must configure at least one address mapping set. Chapter 13 on page 289 for a full discussion on this feature. LAN-Cell 2 User’s Guide...

  • Page 434: Editing Login Script

    ‘Send’ string. Please note that both variables must been entered exactly as shown. No other characters may appear before or after, either, i.e., they must be used alone in response to login and password prompts. LAN-Cell 2 User’s Guide...
  • Page 435 Enter an Expect string to match. After matching the Expect string, the LAN-Cell returns Expect the string in the Send field. Set 1-6: Enter a string to send out after the Expect string is matched. Send LAN-Cell 2 User’s Guide...

  • Page 436: Remote Node Filter

    To set up a 3G connection, you need to configure 1 Menu 2 - WAN Setup, 2 Menu 11.2 - Remote Node Profile (Cellular 3G WAN) 25.4.1 3G Modem Setup From the main menu, enter 2 to open menu 2. LAN-Cell 2 User’s Guide...

  • Page 437: Remote Node Profile (3G Wan)

    25.4.2 Remote Node Profile (3G WAN) Enter 2 in Menu 11 - WAN ISP Setup to open Menu 11.2 - Remote Node Profile (Cellular 3G WAN) (shown below) and configure the setup for your 3G connection. LAN-Cell 2 User’s Guide...
  • Page 438 This field leads to a “hidden” menu. Press [SPACE BAR] to select Yes and press [ENTER] to go to Menu 11.3.2 - Remote Node Network Layer Options. See Section 25.3.4 on page 433 for more information. LAN-Cell 2 User’s Guide...
  • Page 439 LAN-Cell automatically disconnects the 3G connection. . Once you have configured this menu, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press [ESC] at any time to cancel. LAN-Cell 2 User’s Guide...
  • Page 440 Chapter 25 WAN, 3G and Dial Backup Setup LAN-Cell 2 User’s Guide...

  • Page 441: Lan Setup

    This menu allows you to specify the filter sets that you wish to apply to the LAN traffic. You seldom need to filter the LAN traffic, however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. LAN-Cell 2 User’s Guide...

  • Page 442: Tcp/Ip And Dhcp Ethernet Setup Menu

    2. TCP/IP and DHCP Setup Enter Menu Selection Number: From menu 3, select the submenu option TCP/IP and DHCP Setup and press [ENTER]. The screen now displays Menu 3.2 - TCP/IP and DHCP Ethernet Setup as shown next. LAN-Cell 2 User’s Guide...
  • Page 443 Client IP Pool: Starting Address This field specifies the first of the contiguous addresses in the IP address pool. Size of Client IP This field specifies the size, or count of the IP address pool. Pool LAN-Cell 2 User’s Guide...
  • Page 444 [SPACE BAR] to select Yes and then press [ENTER] to display menu 3.2.1 When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel. LAN-Cell 2 User’s Guide...

  • Page 445: Ip Alias Setup

    Enter the filter set(s) you wish to apply to the outgoing traffic between this node and Protocol Filters the LAN-Cell. When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel. LAN-Cell 2 User’s Guide...
  • Page 446 Chapter 26 LAN Setup LAN-Cell 2 User’s Guide...

  • Page 447: Ethernet Wan Internet Access

    Ethernet, PPTP or PPPoE Encapsulation. Contact your ISP to determine what encapsulation type you should use. This menu configures the wired WAN interface on the LAN-Cell 2. Configure the CELL interface in Menu 11.2 - Remote Node Profile or in the WIRELESS >...
  • Page 448 IP Address Enter the (fixed) IP address assigned to you by your ISP (static IP address assignment is selected in the previous field). IP Subnet Mask Enter the subnet mask associated with your static IP. LAN-Cell 2 User’s Guide...

  • Page 449: Configuring The Pptp Client

    After configuring My Login and Password for PPP connection, press [SPACE BAR] and then [ENTER] in the Encapsulation field in Menu 4 -Ethernet WAN Setup to choose PPTP as your encapsulation option. This brings up the following screen. LAN-Cell 2 User’s Guide...

  • Page 450: Configuring The Pppoe Client

    This value specifies the time, in seconds, that elapses before the LAN-Cell automatically disconnects from the PPTP server. 27.4 Configuring the PPPoE Client If you enable PPPoE in menu 4, you will see the next screen. LAN-Cell 2 User’s Guide...

  • Page 451: Basic Setup Complete

    When the firewall is activated, the default policy allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet, except for traffic to the LAN-Cell’s remote management ports. LAN-Cell 2 User’s Guide...
  • Page 452 You may deactivate the firewall in menu 21.2 or via the LAN-Cell embedded web configurator. You may also define additional firewall rules or modify existing ones but please exercise extreme caution in doing so. See the chapters on firewall for more information on the firewall. LAN-Cell 2 User’s Guide...

  • Page 453: Dmz Setup

    Figure 273 Menu 5.1: DMZ Port Filter Setup Menu 5.1 - DMZ Port Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...

  • Page 454: Tcp/Ip Setup

    The DHCP and TCP/IP setup fields are the same as the ones in Menu 3.2 - TCP/IP and DHCP Ethernet Setup. Each public server will need a unique IP address. Refer to Section 26.4 on page 442 for information on how to configure these fields. LAN-Cell 2 User’s Guide...

  • Page 455: Ip Alias Setup

    IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= N/A Outgoing protocol filters= N/A Enter here to CONFIRM or ESC to CANCEL: Refer to Table 190 on page 445 for instructions on configuring IP alias parameters. LAN-Cell 2 User’s Guide...
  • Page 456 Chapter 28 DMZ Setup LAN-Cell 2 User’s Guide...

  • Page 457: Route Setup

    Probing CELL Check Point= Yes Use Default Gateway as Check Point= Yes Check Point= N/A Probing Traffic Redirection Check Point= No Use Default Gateway as Check Point= N/A Check Point= N/A Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...

  • Page 458: Traffic Redirect

    92) The smaller the number, the higher priority the route has. When you have completed this menu, press [ENTER] at the prompt "Press ENTER to Confirm…" to save your configuration, or press [ESC] at any time to cancel. LAN-Cell 2 User’s Guide...

  • Page 459: Route Failover

    Internet before traffic is forwarded to the backup gateway. When you have completed this menu, press [ENTER] at the prompt "Press ENTER to Confirm…" to save your configuration, or press [ESC] at any time to cancel. LAN-Cell 2 User’s Guide...
  • Page 460 Chapter 29 Route Setup LAN-Cell 2 User’s Guide...

  • Page 461: Wlan Setup

    2. TCP/IP and DHCP Setup Enter Menu Selection Number: From menu 7, select the submenu option 2. TCP/IP and DHCP Setup and press [ENTER]. TCP/IP and DHCP Ethernet Setup, The screen now displays Menu 7.2 - as shown next. LAN-Cell 2 User’s Guide...

  • Page 462: Ip Alias Setup

    You must use menu 7.2 to configure the first network. Move the cursor to the Edit IP Alias field, press [SPACE BAR] to choose Yes and press [ENTER] to configure the second and third network. Pressing [ENTER] opens Menu 7.2.1 - IP Alias Setup, as shown next. LAN-Cell 2 User’s Guide...
  • Page 463 IP Alias 2= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Enter here to CONFIRM or ESC to CANCEL: Refer to Table 190 on page 445 for instructions on configuring IP alias parameters. LAN-Cell 2 User’s Guide...
  • Page 464 Chapter 30 WLAN Setup LAN-Cell 2 User’s Guide...

  • Page 465: Wan Isp Setup

    Menu 11 - WAN ISP Setup 1. WAN (ISP, SUA) 2. CELLULAR(ISP, SUA) 3. -Dial (BACKUP_ISP, SUA) Enter Node # to Edit: 31.3 Remote Node Profile Setup The following explains how to configure the remote node profile menu. LAN-Cell 2 User’s Guide...

  • Page 466: Ethernet Encapsulation

    My Password Enter the password assigned by your ISP when the LAN-Cell calls this remote node. Valid for PPPoE encapsulation only. Retype to Type your password again to make sure that you have entered it correctly. Confirm LAN-Cell 2 User’s Guide...

  • Page 467: Pppoe Encapsulation

    Outgoing: Period(hr)= 0 My Login= Schedules= My Password= ******** Always On Connection= No Retype to Confirm= ******** Authen= CHAP/PAP Session Options: Edit Filter Sets= No Idle Timeout(sec)= 100 Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...

  • Page 468: Pptp Encapsulation

    LAN-Cell automatically disconnects the PPPoE connection. This option only applies when the LAN-Cell initiates the call. 31.3.3 PPTP Encapsulation If you change the Encapsulation to PPTP in menu 11.1, then you will see the next screen. LAN-Cell 2 User’s Guide...

  • Page 469: Edit Ip

    Move the cursor to the Edit IP field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.1.2 - Remote Node Network Layer Options. Not all fields are available on all models. LAN-Cell 2 User’s Guide...
  • Page 470 One-to-One, Many-to-One (SUA/PAT), Many-to-Many Overload, Many- One-to-One and Server. When you select Full Feature you must configure at least one address mapping set. Chapter 13 on page 289 for a full discussion on this feature. LAN-Cell 2 User’s Guide...

  • Page 471: Remote Node Filter

    Note that spaces are accepted in this field. For more information on defining the filters, please refer to Chapter 35 on page 499. For PPPoE or PPTP encapsulation, you have the additional option of specifying remote node call filter sets. LAN-Cell 2 User’s Guide...
  • Page 472 Figure 290 Menu 11.1.4: Remote Node Filter (PPPoE or PPTP Encapsulation) Menu 11.1.4 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: LAN-Cell 2 User’s Guide...

  • Page 473: Ip Static Route Setup

    The default route is disabled after you change the static WAN IP address to a dynamic WAN IP address. The “-” before a route name indicates the static route is inactive. LAN-Cell 2 User’s Guide...
  • Page 474 If you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID. LAN-Cell 2 User’s Guide...
  • Page 475 If No, the route to this remote node will be propagated to other hosts through RIP broadcasts. Once you have completed filling in this menu, press [ENTER] at the message “Press ENTER to Confirm…” to save your configuration, or press [ESC] to cancel. LAN-Cell 2 User’s Guide...
  • Page 476 Chapter 32 IP Static Route Setup LAN-Cell 2 User’s Guide...

  • Page 477: Network Address Translation (Nat)

    You apply NAT via menu 4 or 11.1.2 as displayed next. The next figure shows you how to apply NAT for Internet access in menu 4. Enter 4 from the main menu to go to Menu 4 - Ethernet WAN Setup. LAN-Cell 2 User’s Guide...

  • Page 478: Network Address Translation (Nat)

    IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= Full Feature NAT Lookup Set= 1 Metric= 1 Private= N/A RIP Direction= None Version= N/A Multicast= None Enter here to CONFIRM or ESC to CANCEL: LAN-Cell 2 User’s Guide...

  • Page 479: Nat Setup

    Ethernet WAN interface and separate sets of rules for the Cellular WAN interface. Figure 295 Menu 15: NAT Setup Menu 15 - NAT Setup 1. Address Mapping Sets 2. Port Forwarding Setup 3. Trigger Port Setup Enter Menu Selection Number: LAN-Cell 2 User’s Guide...

  • Page 480: Address Mapping Sets

    Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- 0.0.0.0 255.255.255.255 0.0.0.0 0.0.0.0 Server Press ENTER to Confirm or ESC to Cancel: The following table explains the fields in this menu. LAN-Cell 2 User’s Guide...
  • Page 481 Note also that the [?] in the Set Name field means that this is a required field and you must enter a name for the set. The entire set will be deleted if you leave the Set Name field blank and press [ENTER] at the bottom of the screen. LAN-Cell 2 User’s Guide...
  • Page 482 4, old rule 6 becomes rule 5 and old rule 7 becomes rule 6. Table 204 Fields in Menu 15.1.1 FIELD DESCRIPTION Set Name Enter a name for this set of rules. This is a required field. If this field is left blank, the entire set will be deleted. LAN-Cell 2 User’s Guide...
  • Page 483 Figure 299 Menu 15.1.1.1: Editing/Configuring an Individual Rule in a Set Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= = N/A Global IP: Start= = N/A Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...

  • Page 484: Configuring A Server Behind Nat

    1. Server Set 1 2. Server Set 2 Enter Set Number to Edit: 3 Enter 1 or 2 to go to Menu 15.2.x - NAT Server Setup and configure the address mapping rules for the WAN or CELL interface. LAN-Cell 2 User’s Guide...
  • Page 485 Figure 302 15.2.x.x: NAT Server Configuration 15.2.1.2 - NAT Server Configuration Wan= 1 Index= 2 ------------------------------------------------ Name= 1 Active= Yes Start port= 21 End port= 25 IP Address= 192.168.1.33 Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...
  • Page 486 Select Command= None Select Rule= N/A Press ENTER to Confirm or ESC to Cancel: You assign the private network IP addresses. The NAT network appears as a single host on the Internet. A is the FTP/Telnet/SMTP server. LAN-Cell 2 User’s Guide...

  • Page 487: General Nat Examples

    33.4.1 Internet Access Only In the following Internet access example, you only need one rule where all your ILAs (Inside Local addresses) map to one dynamic IGA (Inside Global Address) assigned by your ISP. Figure 305 NAT Example 1 LAN-Cell 2 User’s Guide...

  • Page 488: Example 2: Internet Access With A Default Server

    Figure 307 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2.1 to specify the Default Server behind the NAT as shown in the next figure. LAN-Cell 2 User’s Guide...

  • Page 489: Example 3: Multiple Public Ip Addresses With Inside Servers

    4 You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN. The example situation looks somewhat like this: LAN-Cell 2 User’s Guide...
  • Page 490 Gateway IP Addr= N/A Network Address Translation= SUA Only Metric= 2 Private= RIP Direction= None Version= N/A Multicast= None Enter here to CONFIRM or ESC to CANCEL: The following figure shows how to configure the first rule. LAN-Cell 2 User’s Guide...
  • Page 491 Now configure the IGA3 to map to our web server and mail server on the LAN. 1 Enter 15 from the main menu. 2 Enter 2 to go to menu 15.2. 3 (Enter 1 or 2 from menu 15.2) configure the menu as shown in Figure 313 on page 492. LAN-Cell 2 User’s Guide...

  • Page 492: Example 4: Nat Unfriendly Application Programs

    Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-One-to-One mapping as port numbers do not change for Many-One-to-One (and One-to-One) NAT mapping types. The following figure illustrates this. Figure 314 NAT Example 4 LAN-Cell 2 User’s Guide...
  • Page 493 Set Name= Example4 Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- 192.168.1.10 192.168.1.12 10.132.50.1 10.132.50.3 M-1-1 Action= Edit Select Rule= Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...

  • Page 494: Trigger Port Forwarding

    Enter 3 in menu 15 to display Menu 15.3 - Trigger Ports. For a LAN-Cell with multiple WAN interfaces, enter 1 or 2 from menu 15.3 to go to Menu 15.3.1 or Menu 15.3.2 - Trigger Port Setup and configure trigger port rules for the first or second WAN interface. LAN-Cell 2 User’s Guide...
  • Page 495 Enter a port number or the ending port number in a range of port numbers. Press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press [ESC] at any time to cancel. LAN-Cell 2 User’s Guide...
  • Page 496 Chapter 33 Network Address Translation (NAT) LAN-Cell 2 User’s Guide...

  • Page 497: Firewall Status

    Enter option 2 in this menu to bring up the following screen. Press [SPACE BAR] and then [ENTER] to select Yes in the Active field to activate the firewall. The firewall must be active to protect against Denial of Service (DoS) attacks. Use the web configurator to configure firewall rules. LAN-Cell 2 User’s Guide...
  • Page 498 Active: Yes You can use the Web Configurator to configure the firewall. Press ENTER to Confirm or ESC to Cancel: Configure the firewall rules using the web configurator or CLI commands. LAN-Cell 2 User’s Guide...

  • Page 499: Filter Configuration

    Figure 320 Outgoing Packet Filtering Process For incoming packets, your LAN-Cell applies data filters only. Packets are processed depending upon whether a match is found. The following sections describe how to configure filter sets. LAN-Cell 2 User’s Guide...

  • Page 500: The Filter Structure Of The Lan-Cell

    A summary of their filter rules is shown in the figures that follow. The following figure illustrates the logic flow when executing a filter rule. See also Figure 325 on page 506 for the logic flow when executing an IP filter. LAN-Cell 2 User’s Guide...
  • Page 501 You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. LAN-Cell 2 User’s Guide...

  • Page 502: Configuring A Filter Set

    5 Press [ENTER] at the message [Press ENTER to confirm] to open Menu 21.1.x - Filter Rules Summary. This screen shows the summary of the existing rules in the filter set. The following tables contain a brief description of the abbreviations used in the previous menus. LAN-Cell 2 User’s Guide...

  • Page 503: Configuring A Filter Rule

    If you include a protocol filter set in a device filter field or vice versa, the LAN-Cell will warn you and will not allow you to save. LAN-Cell 2 User’s Guide...

  • Page 504: Configuring A Tcp/Ip Filter Rule

    Enter the IP mask to apply to the Destination: IP Addr. Port # Enter the destination port of the packets that you wish to filter. The range of this field is 0 to 65535. This field is ignored if it is 0. LAN-Cell 2 User’s Guide...
  • Page 505 ENTER to Confirm” to save your configuration, or press [ESC] to cancel. This data will now be displayed on Menu 21.1.1 - Filter Rules Summary. The following figure illustrates the logic flow of an IP filter. LAN-Cell 2 User’s Guide...

  • Page 506: Configuring A Generic Filter Rule

    This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. LAN-Cell 2 User’s Guide...
  • Page 507 If Yes, a matching packet is passed to the next filter rule before an action is taken; else the packet is disposed of according to the action fields. If More is Yes, then Action Matched and Action Not Matched will be No. LAN-Cell 2 User’s Guide...

  • Page 508: Example Filter

    5 Press [ENTER] at the message [Press ENTER to confirm] to open Menu 21.1.3 - Filter Rules Summary. 6 Enter 1 to configure the first filter rule (the only filter rule of this set). Make the entries in this menu as shown in the following figure. LAN-Cell 2 User’s Guide...
  • Page 509 M = N means an action can be taken immediately. The action is to drop the packet (m = D) if the action is matched and to forward the packet immediately (n = F) if the action is not matched no matter whether there are more rules to be checked (there aren’t in this example). LAN-Cell 2 User’s Guide...

  • Page 510: Filter Types And Nat

    • Packet filtering is a powerful tool, yet can be complex to configure and maintain, especially if you need a chain of rules to filter a service. • Packet filtering only checks the header portion of an IP packet. LAN-Cell 2 User’s Guide...

  • Page 511: Firewall

    35.6 Applying a Filter This section shows you where to apply the filter(s) after you design it (them). The LAN-Cell already has filters to prevent NetBIOS traffic from triggering calls, and block incoming telnet, FTP and HTTP connections. LAN-Cell 2 User’s Guide...

  • Page 512: Applying Lan Filters

    FTP and HTTP connections. Figure 332 Filtering DMZ Traffic Menu 5.1 - DMZ Port Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...

  • Page 513: Applying Remote Node Filters

    HTTP connections. Figure 333 Filtering Remote Node Traffic Menu 11.1.4 - Remote Node Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...
  • Page 514 Chapter 35 Filter Configuration LAN-Cell 2 User’s Guide...

  • Page 515: Snmp Configuration

    A blank (default) field means your LAN-Cell will respond to all SNMP messages it receives, regardless of source. Trap Community Type the Trap community, which is the password sent with each trap to the SNMP manager. LAN-Cell 2 User’s Guide...

  • Page 516: Snmp Traps

    (for example, download new files, CI command "sys reboot", etc.). For fatal error: A trap is sent with the message of the fatal code if the system reboots because of fatal errors. LAN-Cell 2 User’s Guide...

  • Page 517: Introduction To System Status

    To get to the System Status: 1 Enter number 24 to go to Menu 24 - System Maintenance. 2 In this menu, enter 1 to open Menu 24.1 - System Maintenance - Status. LAN-Cell 2 User’s Guide...
  • Page 518 This field shows the transmission speed in Bytes per second on this port. Rx B/s This field shows the reception speed in Bytes per second on this port. Up Time This is the total amount of time the line has been up. LAN-Cell 2 User’s Guide...

  • Page 519: System Information And Console Port Speed

    2. Console Port Speed Please enter selection: 37.3.1 System Information System Information gives you information about your system as shown below. More specifically, it gives you information on your routing protocol, Ethernet address, IP address, etc. LAN-Cell 2 User’s Guide...

  • Page 520: Console Port Speed

    System Name= xxx; Domain Name= baboo.mickey.com Name= xxx.baboo.mickey.com Routing Refers to the routing protocol used. ProxiOS F/W Refers to the version of Proxicast's Network Operating System software. Version Country Code Refers to the country code of the firmware. Ethernet Address Refers to the Ethernet MAC (Media Access Control) address of your LAN-Cell.

  • Page 521: Log And Trace

    Figure 340 Menu 24.3: System Maintenance: Log and Trace Menu 24.3 - System Maintenance - Log and Trace 1. View Error Log 2. UNIX Syslog 4. Call-Triggering Packet Please enter selection Examples of typical error and information messages are presented in the following figure. LAN-Cell 2 User’s Guide...

  • Page 522: Syslog Logging

    When finished configuring this screen, press [ENTER] to confirm or [ESC] to cancel. Your LAN-Cell sends five types of syslog messages. Some examples (not all LAN-Cell specific) of these syslog messages with their message formats are shown next: LAN-Cell 2 User’s Guide...
  • Page 523 L02 Call Terminated C02 Call Terminated Jul 19 11:19:27 192.168.102.2 Proxicast: board 0 line 0 channel 0, call 1, C01 Outgoing Call dev=2 ch=0 40002 Jul 19 11:19:32 192.168.102.2 Proxicast: board 0 line 0 channel 0, call 1, C02 OutCall Connected 64000 40002 Jul 19 11:20:06 192.168.102.2 Proxicast: board 0 line 0 channel 0, call 1, C02 Call Terminated...
  • Page 524 IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D). Src: Source Address Dst: Destination Address prot: Protocol ("TCP","UDP","ICMP") spo: Source port dpo: Destination portMar 03 10:39:43 202.132.155.97 Proxicast: GEN[fffffffffffnordff0080] }S05>R01mF Mar 03 10:41:29 202.132.155.97 Proxicast: GEN[00a0c5f502fnord010080] }S05>R01mF Mar 03 10:41:34 202.132.155.97 Proxicast: IP[Src=192.168.2.33 Dst=202.132.155.93 ICMP]}S04>R01mF Mar 03 11:59:20 202.132.155.97 Proxicast:...

  • Page 525: Call-Triggering Packet

    |IGMP<2>|default permit:<2,0>|B 37.4.3 Call-Triggering Packet Call-Triggering Packet displays information about the packet that triggered a dial-out call in an easy readable format. Equivalent information is available in menu 24.1 in hex format. An example is shown next. LAN-Cell 2 User’s Guide...

  • Page 526: Diagnostic

    Follow the procedure below to get to Menu 24.4 - System Maintenance - Diagnostic. 1 From the main menu, select option 24 to open Menu 24 - System Maintenance. 2 From this menu, select option 4. Diagnostic. This will open Menu 24.4 - System Maintenance - Diagnostic. LAN-Cell 2 User’s Guide...

  • Page 527: Wan Dhcp

    WAN IP address, subnet mask and default gateway in a fashion similar to winipcfg. Figure 345 WAN & LAN DHCP The following table describes the diagnostic tests available in menu 24.4 for your LAN-Cell and associated connections. LAN-Cell 2 User’s Guide...
  • Page 528 If you entered 1in the Enter Menu Selection Number field, then enter the IP address of the computer you want to ping in this field. Enter the number of the selection you would like to perform or press [ESC] to cancel. LAN-Cell 2 User’s Guide...

  • Page 529: Firmware And Configuration File Maintenance

    The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from Proxicast with a “rom” filename extension. Once you have customized the LAN-Cell's settings, they can be saved back to your computer under a filename of your choosing.

  • Page 530: Backup Configuration

    Please note that terms “download” and “upload” are relative to the computer. Download means to transfer from the LAN-Cell to the computer, while upload means from your computer to the LAN-Cell. 38.3.1 Backup Configuration Follow the instructions as shown in the next screen. LAN-Cell 2 User’s Guide...

  • Page 531: Using The Ftp Command From The Command Line

    230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 Proxicast.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit LAN-Cell 2 User’s Guide...

  • Page 532: Gui-Based Ftp Clients

    3 Enter command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete. LAN-Cell 2 User’s Guide...

  • Page 533: Tftp Command Example

    38.3.9 Backup Via Console Port Back up configuration via console port by following the HyperTerminal procedure shown next. Procedures using other serial communications programs should be similar. 1 Display menu 24.5 and enter “y” at the following screen. LAN-Cell 2 User’s Guide...

  • Page 534: Restore Configuration

    This section shows you how to restore a previously saved configuration. Note that this function erases the current configuration before restoring a previous back up configuration; please do not attempt to restore unless you have a backup configuration file stored on disk. LAN-Cell 2 User’s Guide...

  • Page 535: Restore Using Ftp

    7 Use “put” to transfer files from the LAN-Cell to the computer, for example, “put config.rom rom-0” transfers the configuration file “config.rom” on your computer to the LAN-Cell. See earlier in this chapter for more information on filename conventions. LAN-Cell 2 User’s Guide...

  • Page 536: Restore Using Ftp Session Example

    2 The following screen indicates that the Xmodem download has started. Figure 355 System Maintenance: Starting Xmodem Download Screen Starting XMODEM download (CRC mode) ...CCCCCCCCC 3 Run the HyperTerminal program by clicking Transfer, then Send File as shown in the following screen. LAN-Cell 2 User’s Guide...

  • Page 537: Uploading Firmware And Configuration Files

    FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the LAN-Cell, you will see the following screens for uploading firmware and the configuration file using FTP. LAN-Cell 2 User’s Guide...

  • Page 538: Configuration File Upload

    FTP client program. For details on uploading configuration file using TFTP (note that you must remain on this menu to upload configuration file using TFTP), please see your manual. Press ENTER to Exit: To upload the firmware and the configuration file, follow these examples LAN-Cell 2 User’s Guide...

  • Page 539: Ftp File Upload Command From The Dos Prompt Example

    1 Use telnet from your computer to connect to the LAN-Cell and log in. Because TFTP does not have any security checks, the LAN-Cell records the IP address of the telnet client and accepts TFTP requests only from this address. LAN-Cell 2 User’s Guide...

  • Page 540: Tftp Upload Command Example

    38.5.8 Uploading Firmware File Via Console Port 1 Select 1 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.1 - System Maintenance - Upload System Firmware, and then follow the instructions as shown in the following screen. LAN-Cell 2 User’s Guide...

  • Page 541: Example Xmodem Firmware Upload Using Hyperterminal

    38.5.10 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 - System Maintenance - Upload System Configuration File. Follow the instructions as shown in the next screen. LAN-Cell 2 User’s Guide...

  • Page 542: Example Xmodem Configuration Upload Using Hyperterminal

    3 Enter “atgo” to restart the LAN-Cell. 38.5.11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 364 Example Xmodem Upload After the configuration upload process has completed, restart the LAN-Cell by entering “atgo”. LAN-Cell 2 User’s Guide...

  • Page 543: System Maint. Menus 8 To 10

    Enter the CI from the SMT by selecting menu 24.8. Access can be by Telnet or by a serial connection to the console port, although some commands are only available with a serial connection. See the included disk or proxicast.com for more detailed information on CI commands. Enter 8 from Menu 24 - System Maintenance.

  • Page 544: Command Usage

    A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Figure 366 Valid Commands Copyright (c) 1994 - 2007 Proxicast LLC LAN-Cell> ? Valid commands are:...

  • Page 545: Call Control Support

    39.2.1 Budget Management Menu 24.9.1 shows the budget management statistics for outgoing calls. Enter 1 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu. Not all fields are available on all models. LAN-Cell 2 User’s Guide...

  • Page 546: Call History

    This is the second option in Menu 24.9 - System Maintenance - Call Control. It displays information about past incoming and outgoing calls. Enter 2 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu. LAN-Cell 2 User’s Guide...

  • Page 547: Time And Date Setting

    LAN-Cell. Menu 24.10 allows you to update the time and date settings of your LAN-Cell. The real time is then displayed in the LAN-Cell error logs and firewall logs. Select menu 24 in the main menu to open Menu 24 - System Maintenance, as shown next. LAN-Cell 2 User’s Guide...
  • Page 548 2005 - 07 - 27 New Date (yyyy-mm-dd): Time Zone= GMT Daylight Saving= No Start Date (mm-nth-week-hr): Jan. - 1st - Sun. - End Date (mm-nth-week-hr): Jan. - 1st - Sun. - Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...
  • Page 549 GMT or UTC (GMT+1). Once you have filled in this menu, press [ENTER] at the message “Press ENTER to Confirm or ESC to Cancel“ to save your configuration, or press [ESC] to cancel. LAN-Cell 2 User’s Guide...
  • Page 550 Chapter 39 System Maint. Menus 8 to 10 LAN-Cell 2 User’s Guide...

  • Page 551: Remote Management

    You can also disable a service on the LAN-Cell by not allowing access for the service/protocol through any of the LAN-Cell interfaces. To disable remote management of a service, select Disable in the corresponding Access field. Enter 11 from menu 24 to bring up Menu 24.11 - Remote Management Control. LAN-Cell 2 User’s Guide...
  • Page 552 Press [SPACE BAR] and then [ENTER] to select the certificate that the LAN-Cell will use to identify itself. The LAN-Cell is the SSL server and must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the LAN-Cell). LAN-Cell 2 User’s Guide...

  • Page 553: Remote Management Limitations

    5 There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. 6 There is a firewall rule that blocks it. LAN-Cell 2 User’s Guide...
  • Page 554 Chapter 40 Remote Management LAN-Cell 2 User’s Guide...

  • Page 555: Ip Policy Routing

    The following table describes the fields in this screen. Table 226 Menu 25: Sample IP Routing Policy Summary FIELD DESCRIPTION This is the policy index number. This displays whether a policy is active (Y) or not (N). LAN-Cell 2 User’s Guide...

  • Page 556: Ip Routing Policy Setup

    Maximum Throughput Maximum Reliability Minimum Cost 41.2 IP Routing Policy Setup To setup a routing policy, perform the following procedures: 1 Type 25 in the main menu to open Menu 25 - IP Routing Policy Summary. LAN-Cell 2 User’s Guide...
  • Page 557 Greater, Less or Equal or Greater or Equal. Source addr start / end Source IP address range from start to end. port start / end Source port number range from start to end; applicable only for TCP/UDP. Destination LAN-Cell 2 User’s Guide...

  • Page 558: Applying Policy To Packets

    To apply the policy to packets received on the selected interface(s), go to Menu 25.1: IP Routing Policy Setup and press [SPACE BAR] to select Yes in the Edit policy to packets received from field. Press [ENTER] to display Menu 25.1.1 - IP Routing Policy Setup (shown next). LAN-Cell 2 User’s Guide...

  • Page 559: Ip Policy Routing Example

    If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure. Route 1 represents the default IP route and route 2 represents the configured IP route. LAN-Cell 2 User’s Guide...
  • Page 560 Action= Matched Gateway Type= IP Address Gateway addr = 192.168.1.1 Redirect packet= N/A Type of Service= Max Thruput Log= No Precedence Edit policy to packets received from= No Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...
  • Page 561 5 Select Yes in the LAN field in menu 25.1.1 to apply the policy to packets received on the LAN port. 6 Check Menu 25 - IP Routing Policy Summary to see if the rule is added correctly. LAN-Cell 2 User’s Guide...
  • Page 562 Chapter 41 IP Policy Routing LAN-Cell 2 User’s Guide...

  • Page 563: Call Scheduling

    Set 2 will take precedence over set 3 and 4, and so on. You can design up to 12 schedule sets but you can only apply up to four schedule sets for a remote node. LAN-Cell 2 User’s Guide...
  • Page 564 Enter the start date when you wish the set to take effect in year -month-date format. Valid dates are from the present to 2036-February-5. Once: Date If you selected Once in the How Often field above, then enter the date the set should activate here in year-month-date format. Weekdays: LAN-Cell 2 User’s Guide...
  • Page 565 Edit Filter Sets= No Idle Timeout(sec)= 100 Press ENTER to Confirm or ESC to Cancel: You can apply up to four schedule sets, separated by commas, for one remote node. Change the schedule set numbers to your preference(s). LAN-Cell 2 User’s Guide...
  • Page 566 Nailed-up Connections= No Retype to Confirm= ******** Authen= CHAP/PAP PPTP: Session Options: My IP Addr= Edit Filter Sets= No My IP Mask= Idle Timeout(sec)= 100 Server IP Addr= Connection ID/Name= Press ENTER to Confirm or ESC to Cancel: LAN-Cell 2 User’s Guide...

  • Page 567: Troubleshooting And Specifications

    Troubleshooting and Specifications Troubleshooting (569) Product Specifications (575)

  • Page 569: Troubleshooting

    H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. Proxicast’s web site also contains a knowledgebase of other troubleshooting, technical support, and example configuration information. Please consult support.proxicast.com for the latest LAN-Cell support information.

  • Page 570: Lan-Cell Access And Login

    2 Enter “HTTP://192.168.1.1” (or the current LAN IP address of the LAN-Cell) into your browsers address bar. 3 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page LAN-Cell 2 User’s Guide...
  • Page 571 3 Turn the LAN-Cell off and on or disconnect and re-connect the power adaptor or cord to the LAN-Cell. 4 If this does not work, you have to reset the device to its factory defaults. See Section 2.4 on page LAN-Cell 2 User’s Guide...

  • Page 572: Internet Access

    I cannot make a 3G cellular connection. 1 Make sure that you are using a 3G PC-Card modem that is supported in your version of the LAN-Cell’s ProxiOS firmware. Check the Proxicast web site for the last firmware and 3G card support information.
  • Page 573 I cannot access the Internet anymore. I had access to the Internet (with the LAN-Cell), but my Internet connection is not available anymore. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page LAN-Cell 2 User’s Guide...
  • Page 574 • Check the settings for bandwidth management. If it is disabled, you might consider activating it. If it is enabled, you might consider changing the allocations. • Contact your cellular service provider regarding coverage and signal quality at your location. • Utilize a higher gain external antenna or amplifier. LAN-Cell 2 User’s Guide...

  • Page 575: Product Specifications

    Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 Default DHCP Pool 192.168.1.33 to 192.168.1.160 Device Management Use the web configurator to easily configure the rich range of features on the LAN-Cell. LAN-Cell 2 User’s Guide...
  • Page 576 Firewall You can configure firewall on the Proxicast Device for secure Internet access. When the firewall is on, by default, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network.

  • Page 577: Compatible 3G Cards

    IEEE 802.11g: 17 dBm at 54 Mbps OFDM Compatible 3G Cards Please see the Release Notes included on the LAN-Cell Documentation CD (or at support.proxicast.com) for the list of 3G PC-Card modems supported in each firmware release. LAN-Cell 2 User’s Guide...
  • Page 578 18 W MAX. SAFETY STANDARDS TUV (BS EN 60950-1) AUSTRALIA AND NEW ZEALAND PLUG STANDARDS AC POWER ADAPTOR MODEL PSA18R-120P (ZS)-R INPUT POWER 100-240VAC, 50/60HZ, 0.5A OUTPUT POWER 12VDC, 1.5A POWER CONSUMPTION 18 W MAX. SAFETY STANDARDS AS/NZ60950 LAN-Cell 2 User’s Guide...

  • Page 579: Cable Pin Assignments

    The pin layout for the DB-9 connector end of the cables is as follows. Figure 383 Console/Dial Backup Cable DB-9 End Pin Layout Table 235 Console Cable Pin Assignments DB-9M (MALE) PIN DEFINITION RJ-45 END Pins 2,3 and 5 are used. LAN-Cell 2 User’s Guide...
  • Page 580 1 IRD + 2 IRD - 2 OTD - 2 IRD - 2 IRD - 3 OTD 3 IRD + 3 OTD + 3 OTD 6 OTD - 6 IRD - 6 OTD - 6 OTD - LAN-Cell 2 User’s Guide...

  • Page 581: Appendices

    VIII Appendices Pop-up Windows, JavaScripts and Java Permissions (583) Setting up Your Computer’s IP Address (589) IP Addresses and Subnetting (605) Common Services (613) Wireless LANs (617) Brute-Force Password Guessing Protection (633) Legal Information (635) Customer Support (639) Index (641)

  • Page 583: Internet Explorer Pop-Up Blockers

    1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 384 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. LAN-Cell 2 User’s Guide...

  • Page 584: Appendix A Pop-Up Windows, Javascripts And Java Permissions

    Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. LAN-Cell 2 User’s Guide...
  • Page 585 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 387 Pop-up Blocker Settings LAN-Cell 2 User’s Guide...
  • Page 586 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. LAN-Cell 2 User’s Guide...
  • Page 587 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 390 Security Settings - Java LAN-Cell 2 User’s Guide...
  • Page 588 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 391 Java (Sun) LAN-Cell 2 User’s Guide...
  • Page 589 If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the LAN-Cell’s LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. LAN-Cell 2 User’s Guide...

  • Page 590: Appendix B Setting Up Your Computer's Ip Address

    2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. LAN-Cell 2 User’s Guide...
  • Page 591 • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). LAN-Cell 2 User’s Guide...
  • Page 592 3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings, Control Panel. LAN-Cell 2 User’s Guide...
  • Page 593 Figure 395 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 396 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. LAN-Cell 2 User’s Guide...
  • Page 594 • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. LAN-Cell 2 User’s Guide...
  • Page 595 To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. LAN-Cell 2 User’s Guide...
  • Page 596 • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. LAN-Cell 2 User’s Guide...
  • Page 597 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. LAN-Cell 2 User’s Guide...
  • Page 598 2 Select Ethernet built-in from the Connect via list. Figure 403 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. LAN-Cell 2 User’s Guide...

  • Page 599: Macintosh Os X

    2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. LAN-Cell 2 User’s Guide...
  • Page 600 Check your TCP/IP properties in the Network window. Linux This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version. LAN-Cell 2 User’s Guide...
  • Page 601 Figure 406 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 407 Red Hat 9.0: KDE: Ethernet Device: General LAN-Cell 2 User’s Guide...

  • Page 602: Configuration File

    Ethernet card). Open the eth0 eth0 configuration file with any plain text editor. • If you have a dynamic IP address, enter in the field. The dhcp BOOTPROTO= following figure shows an example. LAN-Cell 2 User’s Guide...
  • Page 603 Figure 413 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] LAN-Cell 2 User’s Guide...

  • Page 604: Verifying Settings

    Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# LAN-Cell 2 User’s Guide...

  • Page 605: Ip Addresses And Subnetting

    The following table shows the network number and host ID arrangement for classes A, B and Table 238 Classes of IP Addresses IP ADDRESS OCTET 1 OCTET 2 OCTET 3 OCTET 4 Class A Network number Host ID Host ID Host ID LAN-Cell 2 User’s Guide...

  • Page 606: Appendix C Ip Addresses And Subnetting

    A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID. LAN-Cell 2 User’s Guide...
  • Page 607 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used. LAN-Cell 2 User’s Guide...
  • Page 608 Lowest Host ID: 192.168.1.1 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 244 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask 255.255.255. Subnet Mask (Binary) 11111111.11111111.11111111. 10000000 LAN-Cell 2 User’s Guide...
  • Page 609 Table 246 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 LAN-Cell 2 User’s Guide...

  • Page 610: Example Eight Subnets

    ADDRESS ADDRESS ADDRESS The following table is a summary for class “C” subnet planning. Table 250 Class C Subnet Planning NO. “BORROWED” HOST NO. HOSTS PER SUBNET MASK NO. SUBNETS BITS SUBNET 255.255.255.128 (/25) 255.255.255.192 (/26) LAN-Cell 2 User’s Guide...

  • Page 611: Subnetting With Class A And Class B Networks

    255.255.224.0 (/19) 8190 255.255.240.0 (/20) 4094 255.255.248.0 (/21) 2046 255.255.252.0 (/22) 1022 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25) 255.255.255.192 (/26) 1024 255.255.255.224 (/27) 2048 255.255.255.240 (/28) 4096 255.255.255.248 (/29) 8192 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 LAN-Cell 2 User’s Guide...
  • Page 612 Appendix C IP Addresses and Subnetting LAN-Cell 2 User’s Guide...
  • Page 613 IP numbers. User-Defined The IPSEC ESP (Encapsulation Security (IPSEC_TUNNEL) Protocol) tunneling protocol uses this service. FINGER Finger is a UNIX or Internet related command that can be used to find out if a user is logged on. LAN-Cell 2 User’s Guide...

  • Page 614: Appendix D Common Services

    This is the data channel. RCMD Remote Command Service. REAL_AUDIO 7070 A streaming audio service that enables real time sound over the web. REXEC Remote Execution Daemon. RLOGIN Remote Login. LAN-Cell 2 User’s Guide...
  • Page 615 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. LAN-Cell 2 User’s Guide...
  • Page 616 Appendix D Common Services LAN-Cell 2 User’s Guide...

  • Page 617: Wireless Lans

    A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. LAN-Cell 2 User’s Guide...

  • Page 618: Appendix E Wireless Lans

    An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. LAN-Cell 2 User’s Guide...
  • Page 619 (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. LAN-Cell 2 User’s Guide...

  • Page 620: Fragmentation Threshold

    AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. LAN-Cell 2 User’s Guide...

  • Page 621: Preamble Type

    5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. LAN-Cell 2 User’s Guide...
  • Page 622 RADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks: • Authentication Determines the identity of the users. • Authorization LAN-Cell 2 User’s Guide...

  • Page 623: Types Of Eap Authentication

    EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . LAN-Cell 2 User’s Guide...
  • Page 624 However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. LAN-Cell 2 User’s Guide...

  • Page 625: Dynamic Wep Key Exchange

    If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. LAN-Cell 2 User’s Guide...
  • Page 626 AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it. LAN-Cell 2 User’s Guide...
  • Page 627 2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches. 3 The AP and wireless clients use the pre-shared key to generate a common PMK (Pairwise Master Key). LAN-Cell 2 User’s Guide...

  • Page 628: Security Parameters Summary

    Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable Roaming An AP creates its own wireless coverage area. A wireless station can associate with a particular access point only if it is within the access point’s coverage area. LAN-Cell 2 User’s Guide...

  • Page 629: Requirements For Roaming

    1 All the access points must be on the same subnet and configured with the same ESSID. 2 If IEEE 802.1x user authentication is enabled and to be done locally on the access point, the new access point must have the user profile for the wireless station. LAN-Cell 2 User’s Guide...

  • Page 630: Antenna Characteristics

    Connector The WLAN antenna connector on the LAN-Cell 2 is a reverse polarity SMA jack (SMA-RP Male). Connect only antennas with female reverse polarity SMA plugs (SMA-RP Female) to this jack.

  • Page 631: Types Of Antennas For Wlan

    The table below lists the 3 digit Country Code values for selecting the correct 802.11 radio channel frequencies for different countries/regions. See Section 7.10 on page 162 instructions on changing the LAN-Cell’s default country code (255 - U.S./North America). If your country is not listed, contact Proxicast Customer Support. Table 257 Country Codes COUNTRY COUNTRY...
  • Page 632 Hong Kong Hungary India Ireland Israel Italy Japan Malaysia Morocco Netherlands New Zealand Norway Peru Philippines Poland Portugal Romania Russia S.Africa S.Korea Singapore Slovak Slovenia Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine USA / N. America LAN-Cell 2 User’s Guide...
  • Page 633 1 to 60) minutes after the third time an incorrect password is entered. Example sys pwderrtm 5 This command sets the password protection to block all access attempts for five minutes after the third time an incorrect password is entered. LAN-Cell 2 User’s Guide...

  • Page 634: Appendix F Brute-Force Password Guessing Protection

    Appendix F Brute-Force Password Guessing Protection LAN-Cell 2 User’s Guide...

  • Page 635: Legal Information

    Published by Proxicast, LLC. All rights reserved. Disclaimer Proxicast does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.

  • Page 636: Appendix G Legal Information

    Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Proxicast Limited Warranty Proxicast warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to one year from the date of purchase.
  • Page 637 (at the discretion of Proxicast) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by Proxicast to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
  • Page 638 Appendix G Legal Information LAN-Cell 2 User’s Guide...

  • Page 639: Customer Support

    P P E N D I X Customer Support Online Web Support Please refer to support.proxicast.com for additional support documentation and access to our Knowledgebase which contains many resources such as.TechNotes, Frequently Asked Questions, sample configurations and firmware updates. E-Mail Support Support E-mail: support@proxicast.com...

  • Page 640: Appendix H Customer Support

    Appendix H Customer Support LAN-Cell 2 User’s Guide...

  • Page 641: Index

    AirCard bandwidth filter 350, 359 class configuration class setup fairness-based scheduler STUN maximize bandwidth usage 351, 355 allocated budget monitor Alltel priority-based scheduler alternative subnet mask notation proportional allocation root class Always-On connection 468, 469 LAN-Cell 2 User’s Guide...
  • Page 642 Channel Default IP Address 151, 167 Default Password channel 138, 619 default server IP address interference default settings CHAP 432, 438, 468 De-Militarized Zone. See DMZ. command interpreter mode Denial of Service. See DoS. LAN-Cell 2 User’s Guide...
  • Page 643 ECHO service incoming protocol EDGE IP filter logic flow Encapsulating Security Payload. See ESP. protocol encapsulation 448, 466, 469 remote node and active protocol structure transport mode Finger service tunnel mode firewall action for matched packets LAN-Cell 2 User’s Guide...
  • Page 644 Group Key Update Timer 161, 177 Independent Basic Service Set 53, 54, 115 See IBSS initialization vector (IV) Internet access setup 447, 448 Internet Assigned Number Authority. See IANA. Internet Protocol Security. See IPSec. IP address H.323 LAN-Cell 2 User’s Guide...
  • Page 645 MSDU. see MAC service data unit 151, 167 multicast 80, 140, 434, 444, 471 keep-alive multiple WAN Nailed-Up. See Always-On port filter setup 78, 289, 295, 297, 433, 449, 470, 471, 510 setup and VPN load balancing application LAN-Cell 2 User’s Guide...
  • Page 646 342, 434, 471, 475 Orange private IP address 78, 103 outgoing protocol filter product overview protocol filter incoming outgoing Proxicast’s Network Operating System. See ProxiOS. ProxiOS 520, 530 packet filtering Pairwise Master Key (PMK) 626, 627 432, 438, 468 parity password...
  • Page 647 RFC 1631. See NAT. SMA-RP Female 575, 630 RFC 1889. See RTP. SMA-RP Male 575, 630 RFC 2131. See DHCP. RFC 2132. See DHCP changing the password RFC 2402. See AH. entering information general setup RFC 2406. See ESP. LAN-Cell 2 User’s Guide...
  • Page 648 Trivial File Transfer Protocol. See TFTP. syslog logging Type of Service. See ToS. system information maintenance name status timeout System Management Terminal. See SMT. UMTS unicast upgrading firmware upload firmware LAN-Cell 2 User’s Guide...
  • Page 649 RADIUS application example WAN IP Address Assignment WPA2-Pre-Shared Key WAN Screen WPA2-PSK 625, 626 WAN setup 427, 437 application example warranty WPA-PSK 625, 626 note application example web configurator 326, 329 WEP key 155, 171 LAN-Cell 2 User’s Guide...
  • Page 650 Index www.dyndns.org Xmodem file upload protocol LAN-Cell 2 User’s Guide...

Table of Contents