Download Print this page

BinTec X1000 User Manual

BinTec X1000 User Manual

Internet access router

Hide thumbs Also See for X1000:

Quick install manual (2 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

X1000

User's Guide

Installation and Configuration

©

Copyright

2001 BinTec Communications AG, all rights reserved.

Version 1.1

Document #71000N

April 2001

X1000

User's Guide

1

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the X1000 and is the answer not in the manual?

Questions and answers

Summary of Contents for BinTec X1000

Page 1 X1000 User’s Guide Installation and Configuration © Copyright 2001 BinTec Communications AG, all rights reserved. Version 1.1 Document #71000N April 2001 X1000 User’s Guide...
Page 2 The information in this manual is subject to change without notice. Additional in- formation, including changes and release notes for X1000, can be found at www.bintec.net. As an ISDN multiprotocol router,...
Page 3 In addition to the CE directives, X1000 also meets the ISDN requirements in France and can be connected to Euro-Numeris. How to reach BinTec Communications AG BinTec Communications France Südwestpark 94 6/8 Avenue de la Grande Lande D-90449 Nürnberg F-33174 Gradignan...
Page 4 BinTec Communications AG...
Page 5: Table Of Contents
Table of Contents Table of Contents Table of Contents Welcome! What Do You Need X1000 For? Scope of Supply BinTec ISDN Companion CD BinTec Documentation System Requirements Guarantee Terms About this Manual 1.7.1 Contents 1.7.2 Meaning General Safety Precautions Getting Started...
Page 6 Receiving a Fax Overview The Basics of ISDN Speeding Things up Even More... Services and Users X1000 as DHCP Server How Does Name Resolution Work? What Are Routes and Default Routes? Filters and NetBIOS MIB and SNMP BinTec Communications AG...
Page 7 Table of Contents Connecting X1000 Connection Methods 5.1.1 Connecting Over the Serial Interface 5.1.2 Connecting Over a LAN 5.1.3 Connection Over ISDN Logging In Configuration options 5.3.1 Methods of Configuration 5.3.2 Operation and Menu Architecture of the Setup Tool Basic Configuration with the Setup Tool Basic Router Settings 6.1.1...
Page 8 Configuring the LAN Interface 7.4.3 Configuring WAN Partners Extra License Functions 7.5.1 Virtual Private Network (VPN) and Encryption 7.5.2 IPSec (Internet Protocol Security) 7.5.3 Leased Lines Security Mechanisms Activity Monitoring 8.1.1 Syslog Messages 8.1.2 Monitoring Functions in the Setup Tool BinTec Communications AG...
Page 9 VPN (with extra license) 8.3.3 IPSec (with extra license) Special Features 8.4.1 Startup Procedure 8.4.2 Auto Logout 8.4.3 Prevention of Denial-of-Service Attacks Checklist Configuration Management Administration of Configuration Files Resetting X1000 to the Ex Works State Updating Software X1000 User’s Guide...
Page 10 General Product Features 11.2 Front Panel LEDs 11.3 Rear Panel Connections 11.4 Pin Assignment 11.5 BOOT Sequence Important Commands 12.1 SNMP Shell Commands 12.2 BRICKtools for Unix Commands General Safety Precautions in 15 Different Languages Glossary Index BinTec Communications AG...
Page 11: Welcome
127, which show all the possible configurations in detail. Even if you do not have a Windows PC, you will find fast ways to configure your X1000. If you have already ...or you are familiar with configuration and you want to get started right away, configured BinTec all you really need to know is the preset user name and password.
Page 12 How to change the passwords is described in "Changing the password", page 120. Otherwise..BinTec Communications AG wishes you lots of fun with your new product. Pick-up Service However, should you have any problems with your X1000...
Page 13: What Do You Need X1000 For
What Do You Need X1000 For? What Do You Need X1000 For? Internet Router of your Internet Service Provider Network of your Internet Service Provider ISDN X1000 Router of your Company’s Head Office Your Local Area Network Network of your Company’s...
Page 14 Eurofile transfer, the same principle applies as for access to the Internet. All LAN users can use these services via BinTec’s own Remote CAPI interface while accessing a single ISDN connection over X1000. The only re- quirement is that all users have suitable application software installed to support the CAPI interface.
Page 15 This is made possible by X1000’s SAFERNET func- tions such as NAT, encryption, filters and monitoring. Configuration and A number of options are available for configuring X1000. Most of the configura- administration tion methods are independent of your computer’s operating system.
Page 16 Welcome! Simple configuration for you and remote administration by an administrator at head office. Independence from the operating system of your PC. On top of all that, you need not do without security, convenience and economy. BinTec Communications AG...
Page 17: Scope Of Supply
Scope of Supply Scope of Supply X1000 is supplied with the following parts: Cable sets/mains unit: – LAN cable (RJ45, red) for LAN connection to hub – Adapter cable (reversed) together with red LAN cable for LAN connec- tion directly to PC –...
Page 18: Bintec Isdn Companion Cd
BinTec routers in the network via a graphic interface. Here you can view and edit all SNMP tables and variables. DIME Tools are for monitoring and administration of your X1000. More detailed descriptions of all software programs can be found in our online manual BRICKware for Windows.
Page 19 The documentation in electronic form (see chapter 1.4, page A copy of the router software (in its unconfigured ex works state), if appli- cable UNIX Tools (administration) Adobe’s Acrobat Reader MIB tables X1000 User’s Guide...
Page 20: Bintec Documentation
Welcome! BinTec Documentation Together with X1000, you will have received part of the documentation in print- ed form and all of it in electronic form (PDF, HTML). The electronic versions of the different documents are included on the BinTec Companion CD. In addition to your Companion CD documentation, you can download all the very latest Bin- Tec documentation from our WWW server at www.bintec.net.
Page 21: System Requirements
400, Macintosh or Novell. For a Windows PC If you use a Windows PC to configure X1000, you need a terminal program for the serial connection, e.g. HyperTerminal. Make sure that HyperTerminal is also installed on the PC during the Windows installation.
Page 22: Guarantee Terms
The equipment will be returned to you with a current software version in an unconfigured state. The following items are excluded from this guarantee: (1) Regular maintenance and repair or replacement of parts due to normal BinTec Communications AG...
Page 23 Pick-up Service Apart from the guarantee provided, BinTec Communications AG offers you a Pick-up Service for your X1000: If problems occur in the equipment hardware within a period of one year, you can replace your X1000 free of charge.
Page 24: About This Manual
Configuration Wizard and how to install and configure other useful software. 4: "Overview" Basic information about routers and networks. 5: "Connecting X1000" A basis for working with the Setup Tool. 6: "Basic Configuration How to get X1000 working with the Setup Tool with the Setup Tool"...
Page 25 About this Manual Chapter Contents 13: "General Safety Pre- General safety precautions in various national cautions in 15 Different languages. Languages" Table 1-1: List of chapters X1000 User’s Guide...
Page 26: Meaning
Caution (indicates possible danger that, if unheeded, could cause material damage) Warning (indicates possible danger that, if unheeded, could cause bodily harm) Danger (indicates danger that, if unheeded, could lead to serious bodily harm or death) Table 1-2: List of visual aids BinTec Communications AG...
Page 27 Windows Start menu Indicates keys, key combinations and Win- dows terms. italics, e.g. Indicates values that can be entered or set in the Setup Tool or MIB variables. none Online: blue Indicates links. Table 1-3: Typographical elements X1000 User’s Guide...
Page 28 Welcome! BinTec Communications AG...
Page 29: General Safety Precautions
Make doubly sure the cabling is correct – especially the ISDN and LAN ca- bles – before you turn on X1000. X1000’s ISDN connection must not be connected to the Ethernet connection of your PC or hub, and X1000’s LAN connection should not be connected to the ISDN connection.
Page 30 Never use water to clean this equipment. Water spillage can result in seri- ous danger for the user (e.g. electric shock) and cause considerable dam- age to the equipment. Never use scouring or abrasive alkaline cleaning agents on this equipment. BinTec Communications AG...
Page 31: Getting Started
A configuration assistant, the Configuration Wizard, helps to make the configuration as easy as possible. With its help, you can configure X1000 in a matter of minutes. At the end of this chapter you will be able to: Reach X1000...
Page 32 Configuration Wizard (e.g. if you are not using a Windows operating system), read chapter 6, page 127. This chapter is designed to facilitate quick and easy initial configuration with a minimum of technical details. If, however, you want a little more background information, then read chapter 4, page BinTec Communications AG...
Page 33: Setting Up And Connecting
LAN interface (10/100 Base-T Ethernet), marked red on the equipment Serial interface Figure 3-1: X1000 rear view Alternatively, you can connect X1000 to the network card of your PC or, if you belong to a small network, to a hub. You only need to make sure you use the right cables.
Page 34 X1000 at all. Or you can check the charges for the ex- tensions you assign to X1000. Caution! The use of the wrong mains adaptor may damage your router! Use only the mains unit supplied (5 V DC).
Page 35 Connect X1000’s LAN interface to your PC. This is done by connecting the red LAN cable to the LAN interface of X1000, which is marked red (5). Plug the adaptor cable into the red cable. Connect the adaptor cable to the net- work card of your PC.
Page 36: In Advance Of Configuration
3.2.1 Gathering Information Before you start your configuration, you should have information available for the following purposes, according to what you want to do with X1000: Basic router configuration with licensing (obligatory) Internet access (optional) Connecting to a corporate network (optional) In the following table, we have included examples of possible values for the nec- essary access data.
Page 37 X1000. On the card you will find a serial number, mask and key, which you will need to activate the features of your X1000. You will also find the license number for the communications program RVS-COM Lite.
Page 38 Some ISPs also offer the option of accessing the Internet without logging in first ("Internet by call"). This means you can check immediately whether your Internet access works with X1000, even if you want to apply to another ISP for your personal access data later on.
Page 39 8, page 289. When X1000 is connected to a PABX system for which a "0" prefix is neces- sary for external line access, this "0" must be considered when entering the access number. You only need the network address and netmask of the WAN partner (head office) if you configure Internet access in addition to a LAN-LAN connection.
Page 40: What To Do In Your Windows Network
Network and DCN Connections. Double click LAN Connection. Click the General tab and then Properties. Look for Internet Protocol (TCP/IP) in the list of network components. If you can’t find the entry, install the TCP/IP protocol as explained below. BinTec Communications AG...
Page 41 If you are in an existing network, you may have to make other settings at this point. Ask your system administrator. If you are setting up a new network, click OK and Close. Follow the on-screen instructions and restart your PC when you have fin- ished. X1000 User’s Guide...
Page 42 Getting Started Finally Repeat the installation for all PCs on the network where you want to use the LAN-LAN connection, Internet access or communications programs over X1000. BinTec Communications AG...
Page 43: Installing Brickware Under Windows
Proceed as follows to install BRICKware: Click Next. Enter the directory in which BRICKware is to be installed or accept the de- fault directory. Click Next. Select your router type, i.e. the group X1000, X1200 or X4000 . Click Next. X1000 User’s Guide...
Page 44 Configuration Wizard if you want to use the Configuration Wizard for basic configuration of X1000. Click Next. A list of the components selected for the installation appears. To install these components, click Next. The files are copied. A window appears after a short time telling you that...
Page 45: Solution Scenarios
Internet ( 1234567 GoInternet MyName TopSecret ISDN Your Local Network of your Area Network X1000 Router of your Internet Service Internet Service Provider Provider Figure 3-2: X1000 and your Internet Service Provider You can quickly and easily configure Internet access for...
Page 46: Using Communications Applications
Finally test your configuration (see chapter 3.9, page 78). 3.4.2 Using Communications Applications Mailbox analog ISDN FTP server X1000 FAX server Router of your Your Local Area Network Internet Provider Datex-J server Internet Figure 3-3: X1000 with communications applications BinTec Communications AG...
Page 47: Connecting A Branch Office To Head Office
(chapter 3.8, page 71). 3.4.3 Connecting a Branch Office to Head Office Router of your Company’s Head Office ISDN X1000 Network of your Company’s Your Local Area Network Head Office Figure 3-4: X1000 in your branch office You can quickly and easily connect branch offices or home offices to the head...
Page 48: Providing Access To Head Office For Field Service Staff Without Router Access (Dial-In)
To provide field service or home office staff with access to data at their head office (dial-in), you need the Setup Tool for configuring your X1000. A PC in a home office can access the corporate network via an ISDN connec-...
Page 49 6, page 127) for this purpose. Next you must configure the person who wants to access data at head office as a WAN partner. The exact configuration is explained using an example in chapter 6.2.3, page 190. X1000 User’s Guide...
Page 50: Configuring X1000 Under Windows
X1000 Under Windows You started the Configuration Wizard chapter 3.3, page 43, which you can now use to configure X1000. X1000 must first be ready for operation. The following configuration options are available: Basic router configuration Internet access Corporate network connection An extensive online Help Assistant is available if you have any questions dur- ing configuration.
Page 51 Configuring X1000 Under Windows Starting the If the Configuration Wizard has not yet been started, proceed as follows: Configuration Wizard Select the Windows Start menu and click Program BRICKware Configuration Wizard. The start window of the Configuration Wizard opens: Figure 3-6:...
Page 52 Making a serial Click Next. connection Configuration Wizard establishes a connection to X1000. After that the router is restarted and the type of router identified: in your case, X1000. If the Configuration Wizard cannot establish a connection or an error message appears:...
Page 53: Configuring The Basic Router Configuration
Configuring X1000 Under Windows – Connection to a Corporate Network, e.g. for connecting to a head of- fice (chapter 3.5.3, page 59). The basic router settings will have to be made in every case. Click Next. A list of the selected configuration options is displayed.
Page 54 66). An already configured If your PC has a fixed IP address, the Wizard asks you in the Router IP Ad- dress window for X1000’s IP address in the LAN and the corresponding network netmask. Enter the values, e.g. 192.168.1.254 255.255.255.0...
Page 55 Configuring X1000 Under Windows Enter the extensions of your ISDN port that you want to use with X1000: Enter an extension in the Extensions field and click Add. Repeat the entry for all other extensions (cf. figure 3-8, page 55).
Page 56 You can also do the following in Expert Mode: Mode Define the software version for which you want to create the configuration. Change the system data, e.g. contact, name and location of X1000. Specify the IP address of a DNS. Configure your router as a DHCP server.
Page 57: Internet Access With X1000
Configuring X1000 Under Windows Log system messages. Monitor the utilization of X1000. State the time when charging information is to be obtained from ISDN. Configure user accounts for telecommunications applications (CAPI and/or TAPI). 3.5.2 Internet Access with X1000 Internet ( 1234567...
Page 58 You can also do the following in Expert Mode: Keep a record of IP connection data. Enable data compression. More accurately define connection clearance (dynamic and static short hold). Activate channel bundling. (this option cannot be selected for all Internet Service Providers). BinTec Communications AG...
Page 59: Connecting X1000 To A Corporate Network
Configuring X1000 Under Windows 3.5.3 Connecting X1000 to a Corporate Network Router of your Company’s Head Office ISDN X1000 ( 1234567 10.1.1.0 255.255.255.0 BigBoss LittleIndian Secret Network of your Company’s Your Local Area Network Head Office Figure 3-11: X1000 and your head office Click Next.
Page 60 If the network of your head office comprises several single networks (sub- nets) and you want access to each of these subnets, you must enter a route for each one of them (cf. figure 4-3, page 99). Click Next. BinTec Communications AG...
Page 61: Completing The Configuration
X1000 before overwriting. Click Finish to complete configuration. The Wizard logs in to X1000. An existing configuration is saved on the rout- er as old_cfg. The new configuration is transferred to X1000 and also saved on your PC under the name brick.cfg in the BRICK directory. A message appears after a while saying that the configuration is completed.
Page 62 If you know the password of the existing configuration, enter the password and click OK. The Wizard tries to log in to X1000. If you do not know the password, click Unknown and then OK. X1000 is reset to the ex works state and all the previous configurations are lost.
Page 63 Configuring X1000 Under Windows The Remote Clients Configuration window opens: Figure 3-13: Remote CAPI configuration X1000 User’s Guide...
Page 64: Remote Capi Interface On The Pc
Follow the instructions on the screen. Click OK. The Remote CAPI configuration window appears (cf. figure 3-13, page 63). 3.6.2 Configuring Remote CAPI Proceed as follows (see figure 3-13, page 63): Enter X1000’s IP address, e.g. 192.168.1.254 in the Remote CAPI tab. BinTec Communications AG...
Page 65 If no error message appears, click OK. If an error message appears after clicking Use these values, make sure that: X1000’s IP address is correct. You have entered the license data correctly. You have entered a valid user name and the correct password.
Page 66: Configuring A Pc
Double click Network. Click TCP/IP Properties. Enter a unique IP address for your PC and the netmask in the IP Address tab, e.g. 192.168.1.1 255.255.255.0. Enter X1000’s IP address, e.g. 192.168.1.254, in the Gateway tab. Click Add. BinTec Communications AG...
Page 67 Configuring a PC If you do not have your own DNS, enter X1000’s IP address in the DNS Configuration tab under DNS Server Search Order, e.g. 192.168.1.254 Windows NT Click the Windows Start button and then Settings Control Panel. Double click Network.
Page 68: Finding Pcs On Your Partner's Network
To avoid unintentional charges, it is essential that you monitor your X1000. Use the Credits Based Accounting System for this purpose (see chapter 8.1.3, page 299).
Page 69 Windows. Click the Windows Start button and then Find Computer..Type in the name of the PC, e.g. BossPC , and click Find now. The name of the PC appears after a moment. X1000 User’s Guide...
Page 70 Another possible method of setting up a network drive connection is as follows: drive Open Windows Explorer, click Tools, then Map network drive. Specify the drive and enter the path, e.g. \\BossPC Click Reconnect at logon. Click OK. BinTec Communications AG...
Page 71: Configuring Fax And Answering Machine With Rvs-Com Lite
RVS-COM Lite (version 1.63) and how to set up an answering machine facility. You have received just one single-user license for RVS-COM Lite with X1000. If you want to install RVS-COM Lite on several PCs, please contact RVS Dat- entechnik GmbH.
Page 72 Make sure your Remote CAPI configuration is configured as described in chapter 3.6.2, page To manage faxes with a Windows e-mail system instead of with the RVS inbox or to install RVS ISDN modems (also for dial-up network), select the con- figuration mode User-Defined Configuration. BinTec Communications AG...
Page 73 Configuring Fax and Answering Machine with RVS-COM Lite X1000 is connected to a main line (e.g. NTBA adaptor), click Express configuration main line. X1000 is connected to a PABX, click Express configuration PBX sys- tem. Click Next. A message appears saying you have configured RVS-COM for operation with an ISDN adaptor with a CAPI interface.
Page 74: Configuring Rvs-Com Lite
In the following section, the numbers you have also set for the CAPI service with the Wizard have to be allocated to different communications applications (fax, answering machine). The following diagram illustrates which number in our con- figuration example is to be used for a certain facility. BinTec Communications AG...
Page 75 Configuring Fax and Answering Machine with RVS-COM Lite ISDN X1000 Answering machine Figure 3-16: Scenario: 1 telephone, 1 PC with fax and answering machine It is assumed that a telephone responds to one of the numbers you have entered with the Wizard ( in example).
Page 76 Figure 3-17: Phone number configuration in RVS-COM Lite Click Apply after you have entered all the numbers. Make sure that the op- tions Use software fax for sending fax and Use software fax for receiv- ing fax are active in the Software fax tab. BinTec Communications AG...
Page 77 Click OK. Click Apply and finally OK. The following message appears in the list of connections: "ISDN: waiting for call." RVS CommCenter is ready to take calls and faxes. X1000 User’s Guide...
Page 78: Testing Your Configuration
Try contacting us by typing www.bintec.net in your browser. The home page of BinTec Communications AG appears. 3.9.2 Sending and Receiving E-Mails Open an account in the e-mail program if you have not already done so. You should have received the servers for incoming and outgoing mail from your Internet provider.
Page 79 The RVS Mail Spooler appears and informs you about the status of the fax being sent. If you have sent a fax to yourself, you should receive it right away (cf. chapter 3.9.4, page 80). This is the best way to check your fax application is working properly. X1000 User’s Guide...
Page 80: Receiving A Fax
All incoming and outgoing faxes (including mailing errors) are displayed in the RVS-COM inbox, as are voice messages you receive over your RVS-COM an- swerphone. Select the Windows Start button and then click Program RVS-COM Lite Inbox. BinTec Communications AG...
Page 81 Figure 3-19: RVS inbox Double-click the fax entry to open your received fax messages (including the test messages created by RVS-COM). The RVS Fax Viewer opens. If you have sent yourself a fax, you should find it in the inbox. X1000 User’s Guide...
Page 82 Getting Started BinTec Communications AG...
Page 83: Overview
Overview To help you understand some of X1000’s functions and connections, we will now explain some of the basic elements concerning X1000 and networking technology in general. If you asked yourself some of the questions listed below in the course of the...
Page 84: The Basics Of Isdn
D-channel is the same as the extension you have defined for the partner. This security mechanism is known as Calling Line Identification – abbreviated to CLID. Other authentication mechanisms check the user name and password of the far end terminal. BinTec Communications AG...
Page 85 ISDN connections even offer it during a call (AOCD: advice of charge during the call; you often have to request this function separately). X1000 can evaluate this information to save your costs.
Page 86 X1000 (or also RVS-COM Lite) should react, you should know these reg- istered extensions. If you do not know how your exchange forwards the exten- sions, you can find out using X1000 (see chapter 6.1.4, page 138). BinTec Communications AG...
Page 87: Speeding Things Up Even More
Mode of the Wizard. To do so, you need to use Expert Mode or the Setup Tool (cf. chapter 7.2.9, page 245). X1000 supports: Van Jacobson Header Compression (VJHC): Compression of the head of an IP packet STAC Data Compression...
Page 88: Services And Users
WAN partners via a dialup connection to your LAN. You can therefore allow partners outside your local network to access PCs in your LAN. The ISDN Login service allows incoming data and voice calls to access X1000’s SNMP shell. This is how...
Page 89 We also presumed that you can be reached at the number over a telephone connected to the same S bus as X1000. All devices connected to the same S bus and reachable under the same extension also respond to calls. This means X1000...
Page 90 More security If you want to make sure from the outset that certain data/voice calls do not ar- rive at one of the two RVS CommCenters of RVS-COM Lite, you can protect ac- BinTec Communications AG...
Page 91 You also allocate a separate extension to each user on the rout- er (e.g. fax number). Only the communications application of the PC on which the corresponding user is also entered in the CAPI configuration reacts to this extension. X1000 User’s Guide...
Page 92: X1000 As Dhcp Server
DHCP clients. All you have to do is to define a pool of IP addresses that the DHCP server may allocate to computers on the network. In addition, you must tell the PCs that they should request their IP address from the server. BinTec Communications AG...
Page 93 X1000 as DHCP Server X1000 cannot be configured as a DHCP client. It is possible, however, to assign X1000 an IP address over a BootP server (cf. chapter 5.1.2, page 109). Moreover, a network cannot contain several DHCP servers with the same address pools.
Page 94 Select the Windows Start menu and click Program Accessories Command Prompt. Type in ipconfig or ipconfig/all to request the IP address of your PC and other network information. Type in ipconfig/renew to reassign an IP address. Type in ipconfig/release to release an IP address. BinTec Communications AG...
Page 95: How Does Name Resolution Work
A DNS (in the LAN, at the ISP or in a partner’s network) X1000 as a DNS proxy server – X1000’s IP address is entered as a DNS on the PC. – X1000 is configured as a DHCP server, your PCs are configured as DHCP clients and automatically receive their IP address from X1000, which is then used for DNS requests.
Page 96 As it is not always worth the trouble setting up your own server in a small network if you only have one or two such assignments to make, there is a second alternative: BinTec Communications AG...
Page 97 "Windows NT 4.0 Connectivity Guide" by Richard Grace (ISBN 0-7645.3160-3) or the Microsoft Knowledge Base on the World Wide Web at www.support.microsoft.com/directory. X1000 User’s Guide...
Page 98: What Are Routes And Default Routes
Due to the fact that you have configured your default route to your head office, all unknown packets are sent there and your partner’s network then routes all unknown IP packets to an Internet provider, you can access the Internet via your partner’s network by arrangement with your WAN partner. BinTec Communications AG...
Page 99 Assuming X1000’s default route leads to an Internet provider, your PCs are DCHP clients and are assigned their IP addresses by X1000. In such a case, the PCs also get their IP addresses from...
Page 100 Overview are configured in such a way that X1000’s IP address is entered as the DNS and gateway.) As soon as you enter www.bintec.de , for example, in the browser, the PC sends a DNS request to X1000, as X1000 is known as a DNS proxy server.
Page 101: Filters And Netbios
CAPI filter You can also configure a CAPI filter in Expert Mode with the Wizard. Let’s as- sume that instead of X1000’s IP address, you have unintentionally entered an incorrect IP address in the CAPI configuration. Your PC would always send CAPI requests to the wrong address.
Page 102 Overview Filter mechanisms not only enable you to avoid unwanted connections. The primary function of filters is to protect your own network against external accesses (cf. chapter 8.2.8, page 317). BinTec Communications AG...
Page 103: Mib And Snmp
An object you have changed while configuring the router with the Wiz- ard could be, for example, an object containing your access authorization to X1000. Originally, the value bintec was defined as password, now your own en- try is stored there as password.
Page 104 Overview BinTec Communications AG...
Page 105: Connecting X1000
Connecting X1000 This chapter includes explanations about the different access and configuration methods. You will learn the following: How to access X1000 How to log in What methods of configuration are available How the Setup Tool is constructed X1000 User’s Guide...
Page 106: Connection Methods
Connecting X1000 Connection Methods Before you can configure your router, you must connect it. There are three ways to do this: Over the serial interface Over your Over an ISDN connection Serial Connection X1000 ISDN isdnlogin Figure 5-1: Possible connections to...
Page 107: Connecting Over The Serial Interface
Connecting Over the Serial Interface Initial configuration A serial interface connection is the most appropriate method if you are config- uring your X1000 for the first time. To connect X1000 to your PC over the serial port, proceed as explained in chapter 3.1, page...
Page 108 Connecting X1000 If the login prompt does not appear after pressing Return several times, the connection to X1000 has not been set up successfully. Check the settings of COM1 or COM2: Click File Properties. Click Configure..in the Connect To tab.
Page 109: Connecting Over A Lan
X1000 with telnet: Windows Click the Windows Start button and then Run..Type telnet <IP address of X1000>. Click OK. A window with the login prompt appears. You are now in the SNMP shell of X1000. Continue with chapter 5.2, page 111.
Page 110: Connection Over Isdn
X1000 in the home of- fice merely has to be connected to the ISDN outlet and turned on. Access over ISDN costs money. If X1000, router and PC are in the same LAN, it is cheaper to access X1000 over the LAN or the serial interface.
Page 111: Logging In
Logging In Logging In Regardless of how you access X1000, the SNMP shell X1000 with the login prompt always appears first. (Exceptions to this rule are the Configurati- on Wizard Configuration Manager under Windows.) Figure 5-2: Login prompt In order to log in, you need to know the user name and password. In its ex works...
Page 112 Your router then issues an input prompt, e.g. :>. The login was suc- cessful. Caution! To prevent unauthorized access to X1000, you should change the passwords right away, in case you did not do this during the basic configuration with the Configuration Wizard.
Page 113: Configuration Options
Setup Tool The Setup Tool is a menu-driven tool for the configuration and administration of X1000. Configuration with the Setup Tool is much easier and clearer than con- figuration with SNMP commands, although not all settings can be made with the Setup Tool.
Page 114: Operation And Menu Architecture Of The Setup Tool
5.3.2 Operation and Menu Architecture of the Setup Tool You can call up the Setup Tool once you have logged in to X1000: Type setup after the input prompt and press Return. The main menu of the Setup Tool appears.
Page 115 Tool. By way of introduction, we would first like to point out a few things you should be aware of when using the X1000 Setup Tool. Menu layout Every Setup Tool menu consists of three parts: X1000 Setup Tool BinTec Communications AG Menu Line MyX1000 Licenses System...
Page 116 Connecting X1000 The configuration window is where the actual entries are made and the respec- tive settings displayed. The field in which the cursor is currently located is also marked. The help line at the bottom of the window tells you how to move around or how to change entries in the menu currently being displayed.
Page 117 To scroll back a page in a long list. An "=" sign at the top right indicates the start of the list or a "∧" indicates more to come. Ctrl - c Leave the Setup Tool without saving. Table 5-2: Navigation in the Setup Tool X1000 User’s Guide...
Page 118 Connecting X1000 Menu commands When you start moving around in the Setup Tool, you will notice that some menus have special command options, such as DELETE, SAVE and CANCEL. The meaning of the respective commands is explained below: Menu Command Meaning To create or add an item to a list.
Page 119 Some Setup Tool menus contain lists of items, e.g. the WAN P List search function menu, ARTNER which lists all WAN partners currently configured. X1000 Setup Tool BinTec Communications AG [WAN]: WAN Partners MyX1000 Current WAN Partner Configuration Partnername Protocol State ∧...
Page 120 Connecting X1000 If the search does not work, make sure that the cursor is located in a list field. The search cannot run if the cursor is located in a command field, e.g. ADD or DELETE. Example: In the WAN P...
Page 121 "Go to the submenu WAN Numbers of an entered WAN partner to change an existing entry. Mark the relevant WAN partner in the menu WAN Partner and press Return." This is shown thus: Go to WAN P WAN N ARTNER UMBERS X1000 User’s Guide...
Page 122 Connecting X1000 Menu Architecture The menu architecture of the Setup Tool looks like this: Licences WAN Partner System Advanced Settings External Activity Monitor Ext. Interface Settings Ext. System Logging WAN Numbers Keepalive Monitoring Advanced Settings Password Settings Advanced Settings Time and Date Advanced Settings CM-100BT, Fast Ethern.
Page 123 This menu is for entering the license information printed on the license card ICENSES supplied with the equipment. This menu is also used for activating extra licenses. In this menu, you enter the basic system settings of X1000, e.g. system name YSTEM and passwords. CM-100BT, F This menu is for configuring the interface of X1000.
Page 124 IP addresses to the hosts in the LAN dynamically. SNMP is for changing the basic SNMP settings. DNS is for defining the procedure for name resolution in X1000. is for personal authentication of IP OKEN UTHENTICATION IREWALL connection partners.
Page 125 Includes the settings for BinTec’s CAPI user concept. You can use this to assign user names and passwords to users of X1000’s CAPI applications. This makes sure that only authorized users can receive incoming calls and make outgoing calls via CAPI.
Page 126 Connecting X1000 BinTec Communications AG...
Page 127: Basic Configuration With The Setup Tool
LAN-LAN connection (e.g. corporate network connection) Saving the configuration file The basic router settings are essential for the operation of X1000. Depending on your needs, you can configure Internet access and corporate network ac- cess right away or later.
Page 128 8, page 289. Use the Credits Based Accounting System (see chapter 8.1.3, page 299). This enables you to set a limit for connections to X1000 to prevent unnecessary charges accumulating as a result of mistakes made during configuration. BinTec Communications AG...
Page 129: Basic Router Settings
Basic Router Settings Basic Router Settings The configuration of the basic router settings concerns only your X1000 your local network. The relevant detail from figure 6-4, page 157 is illustrated in figure 6-1, page 129. There you will find examples of names, IP address- es, extensions, etc.
Page 130: Entering Licenses
Setup Tool with setup, as described in chapter 5.2, page 111, enter the license information. This information is printed on the license card supplied. En- tering this information activates the functions of X1000. Go to L ICENSES X1000 Setup Tool...
Page 131 Basic Router Settings Subsystems The following subsystems can be activated on your X1000: Subsystems Meaning IP routing TUNNEL Virtual Private Networking VPN (only with extra license) LEASED LINE Leased line (only with extra license) STAC STAC data compression CAPI Remote CAPI interface, permits commu- nications applications on your PC, e.g.
Page 132: Entering System Data
Basic Configuration with the Setup Tool 6.1.2 Entering System Data System name, ... Next you should enter the basic system data for identification of your X1000. Go to S YSTEM X1000 Setup Tool BinTec Communications AG [SYSTEM]: Change System Parameters...
Page 133 System Name Defines the system name of X1000, is also used as PPP host name. Appears as input prompt when logging in to X1000. If no system name is set, a warning appears on logging in with the user name admin.
Page 134 How to change the passwords is described in "Changing the pass- word", page 120. Change the passwords to prevent unauthorized access to X1000. The permission rights of the possible user names and passwords can be found chapter 5.2, page 111.
Page 135: Configuring The Lan Interface
255). 6.1.3 Configuring the LAN Interface address, The next step is to configure X1000’s LAN interface. The LAN interface is the netmask, physical interface to the local network. In the following menu, enter the address encapsulation where your router can be reached in the LAN. As long as your router does not have this entry, it cannot be recognized by other hosts in the network.
Page 136 DIME Tools. Even if you have, you should still check the entries in the following menu. Go to CM-100BT, F THERNET X1000 Setup Tool BinTec Communications AG [LAN]: Configure Ethernet Interface MyX1000 IP Configuration Local IP Number 192.168.1.254 Local Netmask 255.255.255.0...
Page 137 Basic Router Settings The following parts of the menu are relevant for this configuration step: Field Meaning Local IP Number IP address of X1000 in the LAN. Local Netmask Netmask of the network where X1000 located. Second Local IP Second IP address of X1000 in the LAN.
Page 138: Configuring The Wan Interface
Basic Configuration with the Setup Tool To do Proceed as follows to configure X1000’s LAN interface: 192.168.1.254 Enter Local IP Number of X1000, e.g. Enter Local Netmask, e.g. 255.255.255.0 If applicable, enter Second Local IP Number and Second Local Netmask.
Page 139 Basic Router Settings Autoconfiguration, First enter the settings for your ISDN connection. ISDN Switch Type, Go to CM-1BRI, ISDN S0 : X1000 Setup Tool BinTec Communications AG [WAN]: WAN Interface MyX1000 Result of Autoconfiguration: Euro ISDN, point-to-multipoint ISDN Switch Type...
Page 140 D-channel and both B- channels leased line B1 + B2 different endpoints (digital 64S with dual connection): leased line to two different endpoints The settings for leased lines appear only if you have entered a relevant license. BinTec Communications AG...
Page 141 The settings for leased lines appear only if you have entered a relevant license. Table 6-5: CM-1BRI, ISDN S0 Do not use the setting not used for dialup connections under B-Channel 1 and B-Channel 2, as this mode can cause undesirable side effects. X1000 User’s Guide...
Page 142 X1000 supports the following services: PPP (routing) service is X1000‘s general routing service. It connects in- coming data calls from WAN partners’ dialup connections to your LAN. This enables partners outside your own local network to ac- cess hosts within your LAN.
Page 143 Called Party Number (CPN) and the type of call (data or voice call). The CPN is the extension the partner has dialed to reach X1000. Then the call is forwarded to the corresponding service (see figure 6-3, page 143).
Page 144 All incoming calls that do not match an entry are passed on to the CAPI ser- vice. Assign your own numbers to the various services. Enter your own numbers under Number. Now set the entries for Incoming Call Answering: Go to CM-1BRI, ISDN S0 NCOMING NSWERING BinTec Communications AG...
Page 145 Basic Router Settings The following menu window opens: X1000 Setup Tool BinTec Communications AG [WAN][INCOMING]: Incoming Call Answering MyX1000 Item Number Mode Username CAPI 1.1 EAZ 1 Mapping right to left CAPI 1.1 EAZ 1 Mapping right to left ISDN Login...
Page 146 CAPI user name. Only necessary if you want to use the CAPI user concept (see chapter 7.1.2, page 204). Bearer Type of incoming call. Possible values: data: data call voice: voice call any: both data and voice calls CM-1BRI, ISDN S0 Table 6-7: NCOMING NSWERING BinTec Communications AG...
Page 147 Enables 64 kbps PPP data connections. PPP 56k Enables 56 kbps PPP data connections. PPP Modem Not available in X1000. PPP DOVB Data transmission Over Voice Bearer - useful in the USA, for example, where voice connections are sometimes cheaper than data connections.
Page 148 X1000 is connected to a PABX, only the PABX extension number arrives at X1000. If you are not sure which number arrives at X1000, proceed as follows: Call X1000 with a conventional telephone using one of its extension num- bers.
Page 149: Configuring X1000 As Dhcp Server
IP address pool. A PC sends out an address request and in turn receives its IP address assigned by X1000. You do not need to assign fixed IP addresses to PCs, which reduces the amount of configuration work in your network. To do...
Page 150 A detailed description of this function is given in the Software Reference. LAN (DHCP) Table 6-9: ADDRESS POOL To do Make the following entries to configure X1000 as a DHCP server: Select Interface, e.g. Enter IP Address, e.g. 192.168.1.1 BinTec Communications AG...
Page 151: Setting Filters
NetBIOS filters If you are working with Windows in your local network, you should set NetBIOS filters in order to reduce charges. This prevents X1000 setting up connections, e.g. to the Internet Service Provider ( ISP), in order to for- ward WINS requests from PCs in your network.
Page 152 Basic Configuration with the Setup Tool The following menu window opens: X1000 Setup Tool BinTec Communications AG [IP][ACCESS][FILTER][ADD]: Configure IP Access Filter MyX1000 Description wrong_dns Index Protocol Source Address Source Mask Source Port specify Specify Port Destination Address Destination Mask...
Page 153 To define rules for these filters, proceed as follows: Go to IP ADD: CCESS ISTS ULES X1000 Setup Tool BinTec Communications AG [IP][ACCESS][RULE][ADD]: Configure IP Access Rules MyX1000 Action deny M Filter...
Page 154 Basic Configuration with the Setup Tool The following menu window displays all entries saved: X1000 Setup Tool BinTec Communications AG [IP][ACCESS][RULE]: Configure IP Access Rules MyX1000 Abbreviations: RI (Rule Index) M (Action if filter matches) FI (Filter Index)!M (Action if filter does not match)
Page 155 Leave the main menu via EXIT and save the configuration you have creat- ed with Save as boot configuration and exit. The settings are then saved to the flash memory and will not be lost when X1000 is switched off (chapter 6.3, page 199).
Page 156: X1000 And The Wan
WAN partners on your X1000. This applies to outgoing connections (X1000 dials its WAN partner), incoming connections (a WAN partner dials the number of your X1000) and leased lines (see chapter 7.5.3, page 288). If you want to access the Inter-...
Page 157 X1000 and the WAN as a field service or home office employee if you don’t have a router, i.e. X1000 must be configured in the head office and what you must do on your PC. A basic scenario is illustrated in...
Page 158: Configuring Wan Partners
ISP or system admin- istrator (see chapter 3.2.1, page 36). The terms used may vary slightly from pro- vider to provider. To enter a WAN partner, proceed as follows: Go to WAN P ARTNER BinTec Communications AG...
Page 159 If you have set up one or more leased lines (see chapter 6.1.4, page 138) on configuring the WAN interface of X1000, a WAN partner for each leased line is already created automatically in the WAN Partner menu. Edit this entry to suit your requirements.
Page 160 Basic Configuration with the Setup Tool Another menu window opens: X1000 Setup Tool BinTec Communications AG [WAN][ADD]: Configure WAN Partner MyX1000 Partner Name T-Online Encapsulation Compression none Encryption none Calling Line Identification PPP > Advanced settings > WAN Numbers IP >...
Page 161 X1000 and the WAN The menu contains the following fields: Field Meaning Partner Name Enter a name for uniquely identifying the WAN partner. Encapsulation Encapsulation. Defines how the data packets are packed for transfer to the WAN partner. Possible values:...
Page 162 Basic Configuration with the Setup Tool Field Meaning Compression Defines the type of compression that should be used for data traffic to the WAN partner. Possi- ble values: STAC: only if Encapsulation = PPP MS-STAC: only if Encapsulation = PPP none BinTec Communications AG...
Page 163 X1000 and the WAN Field Meaning Encryption Defines the type of encryption that should be used for data traffic to the WAN partner. Can only be used if STAC compression is not acti- vated for the connection. Possible values: MPPE 40: MPPE version 1 with 40-bit key...
Page 164 Table 6-11: Encapsulation and compression To do Make the following entries: BigBoss Type in Partner Name, e.g. Select Encapsulation, e.g. Select Compression, e.g. none Select Encryption, e.g. none Go to submenu WAN P WAN N ARTNER UMBERS BinTec Communications AG...
Page 165 X1000 and the WAN Entering extension numbers X1000 Setup Tool BinTec Communications AG [WAN][ADD][WAN Numbers]: WAN Numbers (BigBoss) MyX1000 WAN Numbers for this partner: WAN Number Direction 0911987654321 outgoing DELETE EXIT Press <Ctrl-n>, <Ctrl-p> to scroll, <Space> tag/untag DELETE, <Return>...
Page 166 (CLID) For incoming and outgoing calls. incoming (CLID) For incoming calls, where your WAN partner dials in to your X1000. Table 6-13: Direction When X1000 is connected to a PABX system for which a "0" prefix is neces- sary for external line access, this "0"...
Page 167 X1000 and the WAN You can use the following wildcards, which have different effects for incoming and outgoing calls: Meaning Example Outgoing calls, Wildcard X1000 accepts i.e. X1000 sets Incoming calls Outgoing calls Number incoming calls, up a connection e.g. with:...
Page 168 X1000 matches the caller’s data. To set the PPP authentication for the WAN partner, proceed as follows: Go to WAN PPP : PARTNER X1000 Setup Tool BinTec Communications AG [WAN][ADD][PPP]: PPP Settings (BigBoss) MyX1000 Authentication CHAP + PAP Partner PPP ID...
Page 169 X1000 and the WAN The menu contains the following fields: Field Meaning Authentication Authentication protocol Partner PPP ID ID of WAN partner. Local PPP ID X1000’s ID PPP Password Password Keepalives Activates keepalive packets. Link Quality Monitoring PPP Link Quality Monitoring acc. to RFC 1989...
Page 170 (according to the time of day, weekend, weekday, etc.). If you enter 50%, for example, the idle timer is 60 seconds if the preceding charging unit was 120 seconds, and 300 seconds BinTec Communications AG...
Page 171 X1000 and the WAN if the preceding charging unit was 600 seconds. The connection is cleared on expiry of the idle timer and shortly before the next charging unit starts. Please note: You can only use dynamic short hold if you receive charging infor- mation during the connection (AOCD).
Page 172 Disconnected = 60 s Connected Dynamic Idle Timer Short Hold Disconnected Data = 50% 120 s 240 s 360 s Figure 6-5: Dynamic and static short hold Proceed as follows: Go to WAN P ARTNER DVANCED ETTINGS BinTec Communications AG...
Page 173 X1000 and the WAN The following menu window opens: X1000 Setup Tool BinTec Communications AG [WAN][ADD][ADVANCED]: Advanced Settings (BigBoss) MyX1000 Callback Static Short Hold (sec) Idle for Dynamic Short Hold (%) Delay after Connection Failure (sec) 300 Layer 1 Protocol...
Page 174 IP address netmask of your partner. Proceed as follows: Go to WAN P IP : ARTNER X1000 Setup Tool BinTec Communications AG [WAN][ADD][IP]: IP Configuration (BigBoss) MyX1000 IP Transit Network Local IP Address Partner’s LAN IP Address 10.1.1.0 Partner’s LAN Netmask 255.255.255.0...
Page 175 X1000 and the WAN The menu contains the following fields: Field Meaning IP Transit Network Defines whether X1000 uses a transit network to the WAN partner. Local IP Address IP address of X1000. You do not normally need to make an entry...
Page 176 DNS on the PCs of your network. Creating a Routing Entry Creating routing entry You have just entered a WAN partner in your X1000. A routing entry is created automatically in the routing table of your X1000 for every WAN partner. You can edit existing routing entries and add new ones.
Page 177 X1000 and the WAN Proceed as follows: Go to IP OUTING X1000 Setup Tool BinTec Communications AG [IP][ROUTING]: IP Routing MyX1000 The flags are: U (Up), D (Dormant), B (Blocked), G (Gateway Route), I (Interface Route) S (Subnet Route), H (Host Route), E (Extended Route)
Page 178 Basic Configuration with the Setup Tool The following menu window opens: X1000 Setup Tool BinTec Communications AG [IP][ROUTING][ADD]: IP Routing MyX1000 Route Type Network route Network WAN without transit network Destination IP Address 10.1.1.0 Netmask 255.255.255.0 Partner / Interface BigBoss...
Page 179 X1000 and the WAN The menu contains the following fields: Field Meaning Route Type Type of route. Possible values: Host route: Route to a single host Network route: Route to a network Default route: Is only used if no other suit- able route is available.
Page 180 Table 6-20: Network You can only configure one default route on your X1000. If you set up access to the Internet, you must therefore configure the route to your Internet Service Pro- vider (ISP) as a default route.
Page 181 X1000 and the WAN Press SAVE. You have returned to IP . The entries have been saved and the OUTING newly entered or modified route is listed. The corporate network can consist of several LANs with different network IP addresses and netmasks ( subnets).
Page 182 You should certainly do this for your connection to the Internet Service Provider (ISP). More information about Network Address Translation (NAT) can be found in chapter 8.2.7, page 313. Proceed as follows to activate NAT: Go to IP ETWORK DDRESS RANSLATION BinTec Communications AG...
Page 183 X1000 and the WAN X1000 Setup Tool BinTec Communications AG [IP][NAT]: NAT Configuration MyX1000 Select IP Interface to be configured for NAT Name static mappings GoInternet BigBoss en1-snap EXIT Press <Ctrl-n>, <Ctrl-p> to scroll, <Return> to edit/select Mark the interface or the WAN partner for which you want to activate NAT (e.g.
Page 184: Internet Access With X1000
Add a new entry with ADD. Enter Number (= access number), e.g. 0191011 Select Direction: outgoing . Press SAVE. The extension you use to call T-Online is now in the list. Leave WAN P WAN N with EXIT. ARTNER UMBERS BinTec Communications AG...
Page 185 X1000 and the WAN Selecting PPP Select PPP and confirm with Return. authentication Select Authentication: CHAP + PAP . Enter your Partner PPP ID (= provider name): T_Online . Enter Local PPP ID (= your user name): e.g. 000460004256091169386#0001 The T-Online user name comprises the following elements: <user account><T-Online number>#<co-user number>...
Page 186 Press SAVE. Leave IP with EXIT. OUTING Activating NAT Go to IP ETWORK DDRESS RANSLATION Select the IP Interface T_Online and press Return. Select Network Address Translation: on . Press SAVE. Leave IP with EXIT. ETWORK DDRESS RANSLATION BinTec Communications AG...
Page 187 X1000 and the WAN Leave IP with EXIT. You have returned to the main menu. Configuration of Internet access over T-Online is complete. Example 2: Compuserve If you want to access the Internet with Compuserve as provider, proceed as fol-...
Page 188 Carrying out IP Select IP and press Return. configuration Select IP Transit Network: dynamic client . Select Advanced Settings and press Return. Select RIP Send: none . Select RIP Receive: none . Deactivate Van Jacobson Header Compression: off . BinTec Communications AG...
Page 189 X1000 and the WAN Select Dynamic Name Server Negotiation: client (receive) . Deactivate IP Accounting: off . Deactivate Back Route Verify: off . Select Route Announce: up or dormant . Select Proxy Arp: off . Confirm with OK. Press SAVE.
Page 190: Dialing Into Corporate Network
6.2.1, page 158. Proceed as follows: Configuring WAN Go to WAN P ADD. ARTNER partners BigBoss Enter Partner Name (= user ID of head office), e.g. Select Encapsulation: PPP . Select Compression: STAC . Select Encryption: none . BinTec Communications AG...
Page 191 X1000 and the WAN Entering extensions Select WAN Numbers and press Return. Add a new entry with ADD. Enter the Number (= the extension of your head office’s router), e.g. 0911987654321 Select Direction: outgoing . Press SAVE. The number you use to dial your head office is now in the list.
Page 192 (see chapter 6.2.1, page 158): Make the following entries in IP ADD: OUTING – Route Type: Default route – Network: WAN without transit network BigBoss – Partner / Interface, e.g. – Metric, e.g. BinTec Communications AG...
Page 193 X1000 and the WAN If the corporate network comprises several LANs (subnets) and you do not configure a default route to head office, then you must create a separate rout- ing entry for each LAN you want to reach. See instructions in chapter 6.2.1,...
Page 194 Defining address pool Select Advanced Settings and press Return. Select RIP Send: none . Select RIP Receive: none . Deactivate Van Jacobson Header Compression: off . Deactivate Dynamic Name Server Negotiation: off . Enter IP Address Pool: 1 . BinTec Communications AG...
Page 195 X1000 and the WAN Deactivate IP Accounting: off . Deactivate Back Route Verify: off . Select Route Announce: up or dormant . Select Proxy Arp: off . Confirm with OK. Press SAVE. You have returned to the menu WAN P ADD.
Page 196 The following steps are necessary: Installing the ISDN/GSM card or modem together with the relevant data communications driver. (Refer to the documentation supplied with the card or modem and follow the instructions on the screen.) BinTec Communications AG...
Page 197 X1000 and the WAN Check whether the TCP/IP protocol is installed (in the Windows Start menu under Settings Control Panel Network) or install this protocol if necessary (see chapter 3.2.2, page 40). Check the installed card (in the Network Card tab).
Page 198 Control Panel Network, the group name and the name of the NT domain must be identical in the Iden- tification tab). Installing the client for Microsoft networks and entering the domain of the server there (e.g. BINTECDOM BinTec Communications AG...
Page 199: Saving The Configuration File
Saving the Configuration File Saving the Configuration File After creating a working configuration on your X1000, make sure you save it: In the Setup Tool main menu, select Exit and press Return. Another menu window opens: X1000 Setup Tool BinTec Communications AG...
Page 200 Basic Configuration with the Setup Tool BinTec Communications AG...
Page 201: Advanced Configuration
Advanced Configuration This chapter contains more X1000 configuration options for the advanced user. This is the right chapter if you would like to make additional settings that are not covered by the Configuration Wizard or in chapter 6, page 127.
Page 202: General Wan Settings
If a new dial-in takes place within an interval of one hour, an attempt is made to assign the same IP address assigned to this partner the last time. Configuration is made in: WAN (PPP) ADDRESS POOL WAN P ARTNER WAN P ARTNER DVANCED ETTINGS BinTec Communications AG...
Page 203 WAN (PPP) ADDRESS POOL Field Meaning IP Transit Network Defines whether a transit network is to be used between X1000 and the WAN partner. You must select dynamic server here if you assign an address pool. Table 7-2: WAN P ARTNER...
Page 204: Capi User Concept
This password ensures that only users entered with a user name and password can use X1000’s CAPI services. Example This means, for example, that an incoming fax for the user Winnetou is only passed to Winnetou and not to a user such as Old Shatterhand, who is located in the same LAN.
Page 205 CAPI service. CAPI Determines whether access to the CAPI ser- vice is allowed or denied for the user Name. Possible values: enabled: access to CAPI allowed disabled: access to CAPI denied Table 7-4: CAPI X1000 User’s Guide...
Page 206 Table 7-5: CM-1BRI, ISDN S0 NCOMING NSWERING If there is no entry in CAPI on starting X1000, a standard entry is cre- ated automatically without password (with Name = default and CAPI = enabled ). To do Proceed as follows:...
Page 207 Select Item: CAPI . If you use a communications application on your PC that is based on Remote CAPI 1.1 (current version: Remote CAPI 2.0), X1000 must translate the MSNs (= Number, multidigit) of the incoming call to EAZs (single digit) (CAPI 1.1 can only detect single-digit numbers).
Page 208: General Ppp Settings
WAN partner. If the data (password, partner PPP ID) obtained by executing the authentication protocol are the same as the data of an entered WAN partner, X1000 accepts the incoming call. BinTec Communications AG...
Page 209 , the connection statistics are stored in table biboPPPLQMTable. Table 7-6: To do Proceed as follows to define the general PPP settings: Go to PPP . CHAP + PAP + MS-CHAP Select Authentication Protocol, e.g. Select PPP Link Quality Monitoring, e.g. Press SAVE. X1000 User’s Guide...
Page 210: Tei
Default , the value of the CAPI application is ignored and the default value set here is always used. Set to Packet Switch if you want to use X.31 TEI for the X.25 router. CM-1BRI, ISDN S0 Table 7-7: DVANCED ETTINGS BinTec Communications AG...
Page 211: Settings Specific To Wan Partners
The configuration steps necessary in each case are explained in detail below. 7.2.1 Delay after Connection Failure This function enables you to set the period of time X1000 is to wait after an un- successful attempt to set up a call. X1000...
Page 212: Channel Bundling - Basic Configuration For Dialup Connections
This is based on the calculated (i.e. fictitious) throughput of the channel group after switching out one B-channel. A B-channel is dropped if the calculated value stays below 80% of the maximum permissible throughput of the remaining channels for 10 seconds. BinTec Communications AG...
Page 213 If dynamic short hold has been configured, the calculated value men- tioned above must also apply. Static In static channel bundling, you specify right from the start that X1000 is to use two B-channels for connections to the WAN partner, regardless of the amount of data transferred.
Page 214: Channel Bundling - Bandwidth On Demand (Bod) - Advanced Configuration For Ppp Connections
BOD is configured in WAN P ARTNER DVANCED ETTINGS XTENDED NTERFACE ETTINGS OPTIONAL WAN P WAN N ADD (menu description in ARTNER UMBERS chapter 6.2, page 156) WAN P PPP (menu description in chapter 6.2, ARTNER page 156) BinTec Communications AG...
Page 215 Sample (sec), Gear Up Threshold and Gear Down Threshold fields should only be changed for special applications. We recommend that you use the default values for standard applications; they correspond to those of the basic configuration (see chapter 7.2.2, page 212). X1000 User’s Guide...
Page 216 B-channels are dropped until the remaining channels have at least the remaining percent- age utilization. A B-channel is dropped if the cal- culated value is below the Gear Down Threshold of the remaining channels for 10 seconds. BinTec Communications AG...
Page 217 Total Number of Channels in the menu WAN P ARTNER DVANCED ETTINGS The value can be set here for leased lines. WAN P Table 7-11: ARTNER DVANCED ETTINGS XTENDED NTERFACE ETTINGS OPTIONAL X1000 User’s Guide...
Page 218 Callback Request: the remote terminal is requested to add a B-channel; is initiated if applicable. Link Drop Request: one communication partner wants to drop a B-channel; drop- ping is initiated or accepted if applicable. BinTec Communications AG...
Page 219 B-chan- nels on demand. Bandwidth On Demand (For leased lines only) Passive Enables BOD and defines the passive partner. This page does not activate adding and drop- ping additional channels. Table 7-12: Mode X1000 User’s Guide...
Page 220: Always On/Dynamic Isdn (Ao/Di)
Always On/Dynamic ISDN (AO/DI) uses the existing ISDN infrastructure to con- figure a new service for the user without hardware changes: AO/DI is a perma- nently available (always on) but nevertheless low-cost connection from the end customer to the Internet Service Provider. BinTec Communications AG...
Page 221 How Does AO/DI Work? AO/DI is implemented in X1000 via a special PPP interface. As soon as the in- terface is configured and ready for operation, the initial PPP connection is set up via X.31 (X.25 in the D-channel). This involves carrying out authentication of the PPP connection partner and assigning a dynamic IP address and DNS ad- dresses, if applicable (AO/DI Client Mode).
Page 222 Control BOD for IP-based applications Please note the following when carrying out X.25 configuration: Some of the X.25 parameters must be adapted to the X.25 network connected. For Datex-P, the Windowsize/Packetsize Neg. field must be deactivated using the Setup Tool. BinTec Communications AG...
Page 223 Settings Specific to WAN Partners For X1000, the X.25 software is designed as an X.25 switch. This switch must be appropriately configured for AO/DI (see "X.25 configuration", page 223). You will find all the necessary steps below for configuring X1000 for AO/DI with the Setup Tool.
Page 224 The following parts of the menu are relevant for this configuration step: Field Meaning Source Link Source interface of data packets. Destination Link Destination interface of data packets. Destination X.25 X.25 destination address Address Table 7-14: X.25 OUTING Select Source Link: local . x31d2-0-1 Select Destination Link, e.g. BinTec Communications AG...
Page 225 An asterisk appears on the screen as a place marker for each letter you en- ter for the password. Confirm with OK. To activate AO/DI on the PPP interface and enter the X.25 address, proceed as follows: Go to WAN P ARTNER DVANCED ETTINGS X1000 User’s Guide...
Page 226 Defines the maximum number of channels that Channels may be opened for dynamic channel bundling. Possible values for X1000: 1 or 2 . X.25 destination address. Appears only if AO/ Remote X.25 Address DI is selected under Layer 1 Protocol.
Page 227 Maximum number of channels that may be Dialup Channels opened. The value is defined in the Total Number of Channels field under WAN ARTNER DVANCED ETTINGS WAN P Table 7-16: ARTNER DVANCED ETTINGS EXTENDED NTERFACE ETTINGS OPTIONAL X1000 User’s Guide...
Page 228 To enter the necessary ISDN extensions for adding the B-channel, proceed as follows: Go to WAN P WAN N ARTNER UMBERS Enter the Number, e.g. 0911123456 Select Direction: outgoing . Press SAVE. Leave WAN P WAN N with Exit. ARTNER UMBERS BinTec Communications AG...
Page 229 A rule for BOD is defined in a similar way to a rule for IP packets (see chapter 8.2.8, page 317). Different rules normally consist of different filters and can be interlinked to form a rule chain. Each rule results in an action, but the X1000 User’s Guide...
Page 230 : incoming data packets outgoing : outgoing data packets both : incoming and outgoing data packets Number of Channels Number of B-channels that are to be added. Possible values for X1000: 1 or 2 . Table 7-18: (BOD) ANDWIDTH ON EMAND...
Page 231 Additional bandwidth for HTTP connections Restricting mail reception to D-channel Additional bandwidth The following example shows a special configuration of X1000 for connection for HTTP connections setup of the PC with the IP address 172.16.77.11 (TCP Port 80) to the Internet.
Page 232 B-Channel Mode ei- ther. Proceed as follows to define the relevant filter for BOD: Go to IP (BOD) ANDWIDTH ON EMAND ILTER Enter Description: mail_pop3_in . BinTec Communications AG...
Page 233: Layer 1 Protocol (Isdn B-Channel)
You can define the Layer 1 Protocol of the ISDN B-channel that X1000 is to use for connections to the WAN partner. The default setting is the protocol for 64-kbps ISDN data connections, which is the default value of the B-channel.
Page 234 For 64-kbps ISDN data connections. This is the default value. ISDN 56 kbps For 56-kbps ISDN data connections. Modem Not available in X1000. DOVB Data transmission Over Voice Bearer - useful in the USA, for example, where voice connections are sometimes cheaper than data connections.
Page 235: Ip Transit Network
Select Layer 1 Protocol. Confirm with OK. Press SAVE. 7.2.6 IP Transit Network When you enter a WAN partner in X1000, there are various options for indicat- ing the IP address of the partner or partner network: You enter the IP address netmask of the partner or part- ner network.
Page 236 Advanced Configuration Partner IP 200.200.200.2 ISDN IP ISDN IP 200.200.200.1 200.200.200.2 ISDN LAN IP LAN IP 192.168.1.254 10.1.1.1 Partner IP 200.200.200.1 Network of your WAN Partner Your Local Area Network Figure 7-1: LAN-LAN link with transit network BinTec Communications AG...
Page 237 X1000 uses a transit network to the WAN partner. Local IP Address IP address of X1000. Appears only for the following values of IP Transit Network: no, dynamic client, dynamic server . You normally do not need to make any entry here.
Page 238: Transfer Of Dns And Wins Ip Addresses To Wan Partner
Transfer of DNS and WINS IP Addresses to WAN Partner IP address = ? A Domain Name Server ( DNS) or Windows Internet Name Server (WINS) is used for converting host names and NetBIOS names into IP addresses BinTec Communications AG...
Page 239 How to configure the DNS Proxy function is described in chapter 7.3.2, page 259. When you enter a WAN partner in X1000, you can define whether X1000 sends or answers requests for WINS or DNS IP addresses. Configuration is made in:...
Page 240 X1000 receives IP addresses for Primary Domain Name Server, Secondary Domain Name Server, Primary WINS and Secondary WINS from the WAN partner or sends them to the WAN partner. WAN P Table 7-25: ARTNER DVANCED ETTINGS BinTec Communications AG...
Page 241 The Dynamic Name Server Negotiation field contains the following selection options: Possible Values Meaning X1000 does not send or answer requests for WINS or DNS IP addresses. The response is linked to the mode for issuing/ receiving an IP address (setting in WAN...
Page 242: Routing Information Protocol (Rip)
The entries in the routing table can be defined statically or the routing table can be updated constantly by a dynamic exchange of routing information between several routers. This exchange is controlled by a so-called Routing Protocol, e.g. RIP (Routing Information Protocol). BinTec Communications AG...
Page 243 LAN of the WAN partner. Receiving routing tables via the RIP is a possible security loophole, as external computers or routers can change X1000’s routing functionality. RIP packets do not set up or hold ISDN connections. Configuration is made in:...
Page 244 Proceed as follows: Go to WAN P ARTNER DVANCED ETTINGS Select RIP Send. Select RIP Receive. Confirm with OK. Press SAVE. Press SAVE. Go to CM-BNC/TP, E THERNET DVANCED ETTINGS Select RIP Send. Select RIP Receive. Press SAVE. BinTec Communications AG...
Page 245: Compression
Settings Specific to WAN Partners 7.2.9 Compression Data compression You can increase the data throughput and so reduce the connection costs by using data compression. X1000 supports several options, depending on encapsulation selected, e.g. (see chapter 6.2.1, page 158): STAC...
Page 246 Enables STAC data compression (if Encapsulation = PPP ). MS-STAC Enables STAC data compression for dialing into a Windows Remote Access Server (if Encapsulation = PPP ). MPPC Not available in X1000. Table 7-30: Compression Field Meaning Van Jacobson Header Enables VJHC.
Page 247: Proxy Arp (Address Resolution Protocol)
WAN connection, X1000 answers the ARP request with its own hardware address. This is sufficient for establishing the connection: data packets are sent to X1000, which then forwards them to the de- sired host. 192.168.1.4 MAC = ? ISDN 192.168.1.254...
Page 248 ETTINGS lowing selection options: Possible Values Meaning Disables Proxy ARP via the LAN interface. Enables Proxy ARP via the LAN interface. Table 7-34: Proxy Arp To do Proceed as follows: Go to WAN P ARTNER DVANCED ETTINGS BinTec Communications AG...
Page 249: Keepalive Monitoring
If this central server is configured such that it regularly sets up WAN connec- tions to X1000 in the LAN of the branch office, e.g. for updating data, these con- nections are superfluous (but unfortunately not free) if none of the hosts in the branch office can be reached, e.g.
Page 250 The result is that the line to the branch office appears to be busy if the central server at head office attempts to set up a connection. This means that no costs are incurred for a connection, which would have been useless anyway. BinTec Communications AG...
Page 251 The interface to the "head office" WAN partner is not activated, i.e. a connection cannot be set up to the head office, until X1000 has registered that a PC can be reached. The amount of time that expires before...
Page 252 Field Meaning Group Defines a group of hosts, whose reachability is to be monitored by X1000. Each host to be monitored is assigned to a group. A total of ten groups can be configured with up to ten hosts each.
Page 253 Field Meaning FirstIfIndex Defines the first interface of an interface range in X1000, for which the action defined under DownAction is to be executed. Possible values: 10001 ... 15000 (default value: 10001 ). Interfaces with indices from 10001 to 15000 are provided for dialup connections to WAN part- ners.
Page 254 WAN partners are deactivated. X1000 continues to check the hosts at a time interval of 300 s and X1000 activates the interfaces again as soon as at least one host is reachable again. BinTec Communications AG...
Page 255: Basic Ip Settings
Basic IP settings Basic IP settings Here you will find a number of basic settings you can define in X1000: Deriving system time Name resolution ( DNS) in X1000 port numbers BOOTP Relay Agent The necessary configuration steps are explained below.
Page 256 For Time Protocol = TIME/UDP , TIME/TCP or SNTP : Current time is checked after every Time Update Interval in seconds. For Time Protocol = ISDN: Current time is checked for each first ISDN connection after expiry of the Time Update Interval. BinTec Communications AG...
Page 257 Field Meaning Time server IP address of the time server used by X1000. Time Server is not needed if you set ISDN as Time Protocol. Table 7-36: TATIC ETTINGS The Time Protocol field contains the following selection options: Possible Values...
Page 258 PC for Time Server, make sure the time server of DIME Tools is active on your PC every time you start X1000. If your PC has no fixed IP address but is assigned its IP address dynamically DHCP, you cannot use your PC as a time server.
Page 259: Name Resolution In X1000 With Dns Proxy
Proceed as follows to enter the system time in X1000 manually: If a method for automatically deriving the time is defined in X1000, the values obtained in this way automatically have higher priority. That is, if X1000 receives a relevant time signal (e.g. from a time server), any system time entered manually is overwritten.
Page 260 If, for example, you have configured two WAN partners in X1000, your head office and your Internet Service Provider, it is advisable to have Internet names resolved by the DNS of your ISP, but names from within the corporate network by the DNS of the head office.
Page 261 DNS and this DNS answers with a DNS record, the resolved name is saved with the associated IP address as a positive dynamic entry in the DNS cache of X1000. This means that once a name has been resolved and is required again,...
Page 262 X1000 itself. In the latter case, DNS requests from the DHCP clients are sent to X1000, which either an- swers these itself or passes them on if necessary (proxy function). BinTec Communications AG...
Page 263 Client Mode (Dynamic Name Server Negotiation = client (receive) ), name server addresses can if necessary be negotiated with the WAN partner, who is the IP address server, and sent to X1000. These can be entered as global name servers in...
Page 264 Overview of Configuration The configuration and monitoring of name resolution in X1000 is set in: TATIC ETTINGS TATIC OSTS ORWARDED OMAINS YNAMIC ACHE DVANCED ETTINGS LOBAL TATISTICS WAN P ARTNER DVANCED ETTINGS BinTec Communications AG...
Page 265 IP address of another global Domain Name Name Server Server. Primary WINS IP address of X1000’s first global WINS (Win- dows Internet Name Server) or NBNS (Net- BIOS Name Server). Secondary WINS IP address of another global WINS or NBNS.
Page 266 Overwrite Global Defines whether the addresses of global name Nameservers servers in X1000 (in IP TATIC ETTINGS may be overwritten with name server addresses sent by WAN partners. Possible val- ues: yes (default value) BinTec Communications AG...
Page 267 DHCP Assignment Defines which name server addresses are sent to the DHCP client if X1000 is configured as DHCP server. Possible values: none : No name server address is sent. self (default value): The address of X1000 is sent as name server address.
Page 268 Name to Address (only relevant if Response = positive ). This value is displayed in the TTL field (Time To Live) if X1000 sends a corresponding DNS record. Default value: 86400 (= 24 h) Table 7-41: TATIC OSTS BinTec Communications AG...
Page 269 The global name servers entered in IP Global Nameservers: are displayed. TATIC ETTINGS Default Domain: The Domain Name of X1000 entered in IP is displayed. TATIC ETTINGS Name Host name that is to be resolved with this for- warding entry. May also contain wildcards (only at the start of Name, e.g.
Page 270 Maximum TTL for Neg Cache Entries is always assigned as this value. Indicates how often the entry has been refer- enced, i.e. how often a DNS request has been answered with the entry from the cache. BinTec Communications AG...
Page 271 Space bar and confirming with STATIC. The relevant entry then disappears from YNAMIC and is listed in ACHE TATIC . TTL is transferred in this operation. OSTS Table 7-43: YNAMIC ACHE X1000 User’s Guide...
Page 272 TTL if the TTL field of the DNS record has the value 0 or exceeds Maximum TTL for Pos Cache Entries. Maximum TTL for Neg Is assigned as TTL to a negative dynamic entry Cache Entries in the cache. Table 7-44: DVANCED ETTINGS BinTec Communications AG...
Page 273 Successfully Answered Displays the number of successful requests Queries (positive and negative) answered. Server Failures Displays the number of requests that could not be answered by any name server (either posi- tively or negatively). Table 7-45: LOBAL TATISTICS X1000 User’s Guide...
Page 274 WAN partner if dynamic server is selected. X1000 answers but does not send requests for name server addresses if yes or no is selected. client (receive) X1000 sends requests for name server addresses to the WAN partner. BinTec Communications AG...
Page 275 Table 7-47: Dynamic Name Server Negotiation Configuration Procedure To do Proceed as follows to configure name resolution with DNS Proxy in X1000: Name resolution in If applicable, first enter the global name servers in X1000: X1000 Go to IP...
Page 276 Proceed as follows if you would like to configure a WAN partner so that the ad- partner dress of a name server is sent by X1000 to the WAN partner or from the WAN partner to X1000, if applicable: Go to WAN P ARTNER DVANCED ETTINGS Select Dynamic Name Server Negotiation.
Page 277: Port Numbers
IP packet within the host, a port is also entered in addition to the IP address for a connection to X1000. This addresses the relevant applica- tion. Ports are only used in the TCP and UDP protocols.
Page 278: Bootp Relay Agent
Protocol). Default value: 520. The RIP can be disabled with RIP UDP Port = 0 . HTTP TCP Port Port number for HTTP Requests. Default value: 80. HTTP TCP Port = 0 disables access to X1000’s HTTP status page (see chapter 8.1.4, page 302). Table 7-48:...
Page 279 IP = ? BootP Relay Agent BootP Relay Agent BootP Server IP = 192.168.1.1 Network of your WAN Partner Your Local Area Network X1000 Figure 7-4: as BOOTP Relay Agent Configuration is made in IP TATIC ETTINGS Field Meaning BOOTP Relay Server IP address of the BOOTP server.
Page 280 Advanced Configuration If an ISDN connection is needed for the connection between the BOOTP server and BOOTP client, you must configure an appropriate WAN partner (see chapter 6.2.1, page 158). BinTec Communications AG...
Page 281: Ipx Settings
The configuration steps necessary for IPX connections are explained below: General Settings Configuring the LAN Interface Configuring WAN Partners 7.4.1 General Settings Here you will find the global parameters for IPX. These settings apply to all IPX connections of X1000. X1000 User’s Guide...
Page 282 Advanced Configuration The configuration is made in IPX : Field Meaning Local System Name IPX system name of X1000. This name may comprise upper case letters, numbers and the characters : / - Internal Network X1000’s internal network number. This value...
Page 283: Configuring The Lan Interface
7.4.2 Configuring the LAN Interface The next step is to configure X1000’s LAN interface to the IPX network. The LAN interface is the physical interface to the local network. In the next menu, you tell the router the network number of the IPX LAN to which it is connected.
Page 284: Configuring Wan Partners
Enter Local IPX NetNumber. Select Encapsulation. Press SAVE. 7.4.3 Configuring WAN Partners If the connection to one or more WAN partners is implemented with the IPX pro- tocol, you must define a number of IPX-specific settings for the WAN partner. BinTec Communications AG...
Page 285 X1000s. Send RIP/SAP Updates Defines how often (Routing Informa- tion Protocol) and SAP (Service Advertising Protocol) packets are sent by X1000 to the WAN partner. In IPX networks, RIP and SAP packets are sent broadcasts to connected networks to provide information about current routes and services.
Page 286 Cost-intensive! Table 7-54: Send RIP/SAP Updates To do Proceed as follows: Go to WAN P IP . ARTNER Select Enable IPX: yes . Enter IPX NetNumber, e.g. Select Send RIP/SAP Updates. Enter Update Time, if applicable. BinTec Communications AG...
Page 287 IPX Settings Enter Age Multiplier, if applicable. Confirm with OK. Press SAVE. X1000 User’s Guide...
Page 288: Extra License Functions
Reference Manual, which you receive together with your IPSec license, or in the Software Reference. 7.5.3 Leased Lines With an extra license, you can also use X1000’s ISDN BRI interface for leased lines and not just for dialup connections. You will find configuration instructions in chapter 6.1.4, page 138 chapter 6.2, page...
Page 289: Security Mechanisms
Security Mechanisms SAFERNET X1000 from BinTec Communications AG gives you a high degree of secu- rity for your network and connections. The security functions available (SAFER- NET) offer monitoring of activities via the router and effective access and line tapping security. The necessary configuration steps are described in this chap- ter.
Page 290: Activity Monitoring
Security Mechanisms Activity Monitoring A major requirement for a high degree of security is the possibility of monitoring all activities on and over the router. BinTec Communications AG provides a va- riety of facilities for this purpose. 8.1.1 Syslog Messages All major events on X1000’s various subsystems (...
Page 291 Activity Monitoring Settings for syslog messages are made in: YSTEM YSTEM XTERNAL YSTEM OGGING CM-BNC/TP E THERNET DVANCED ETTINGS WAN P ARTNER DVANCED ETTINGS X1000 User’s Guide...
Page 292 Syslog Output on Serial Enables the display of syslog messages on the Console PC connected to the serial interface of X1000. Use this setting only if you make a fault analy- sis, as a large output over the serial console adversely affects the throughput of the other interfaces.
Page 293 Possible values: on , off . CM-BNC/TP E Table 8-3: THERNET DVANCED ETTINGS Field Meaning IP Accounting For saving accounting messages for TCP, and ICMP sessions. Possible values: on , off . Table 8-4: WAN P ARTNER DVANCED ETTINGS X1000 User’s Guide...
Page 294 DVANCED ETTINGS Activate IP Accounting with on . IP accounting at WAN Proceed as follows to activate extended IP accounting. This saves accounting messages from TCP, UDP and ICMP sessions in X1000: Go to WAN P ARTNER DVANCED ETTINGS Activate IP Accounting with on .
Page 295: Monitoring Functions In The Setup Tool
DEB sent TRAP (linkUp,0) 115 bytes to 199.1.1.13 Port 162 EXIT RESET Press <Ctrl-n>, <Ctrl-p> to scroll Deleting syslog Select RESET to delete the syslog messages in X1000. messages For interpretation of syslog messages: see the Software Reference. 8.1.2 Monitoring Functions in the Setup Tool You can also use the Setup Tool to display other data in addition to syslog mes- sages.
Page 296 Security Mechanisms A list of the existing ISDN connections (incoming and outgoing calls) is dis- played. X1000 Setup Tool BinTec Communications AG [MONITOR][ISDN CALLS]: ISDN Monitor - Calls MyX1000 Dir Remote Name/Number Charge Duration Stack Channel State 2910 active active...
Page 297 REDITS REDITS The current status of the Credits Based Accounting System for PPPoE con- nections is displayed. Interface statistics Proceed as follows to display the current values and activities of X1000’s inter- faces: Go to M ONITORING AND EBUGGING NTERFACES X1000 User’s Guide...
Page 298 Security Mechanisms The values for two interfaces are displayed side by side. X1000 Setup Tool BinTec Communications AG [MONITOR][INTERFACE]: Interface Monitoring MyX1000 Interface Name PROVIDER Operational Status dormant total per second total per second Received Packets 5512 Received Octets 920664...
Page 299: Credits Based Accounting System
Credits Based Accounting System Credits X1000’s Credits Based Accounting System enables you to control the charges billed. This means you can keep the effects of possible configuration errors within limits. The system also enables you to define the maximum number of connections allowed in a certain period of time.
Page 300 Maximum time in seconds allowed for incoming Incoming Connections connections during the Measure Time (sec); (sec) displayed only for ISDN connections. If you activate this setting with on , you can enter the desired value in the line below. BinTec Communications AG...
Page 301 Activate Maximum Number of Outgoing Connections, if applicable, and enter the desired value. Activate Maximum Charge, if applicable, and enter the desired value. Activate Maximum Time for Incoming Connections (sec), if applicable, and enter the desired value. X1000 User’s Guide...
Page 302: Http Status Page
Every BinTec router is equipped with an internal home page, the so-called HTTP status page. You can use this together with an Internet browser (e.g. Netscape Navigator, Internet Explorer) to display the status of X1000. This en- ables all users of the...
Page 303 Enter the http://<System Name> in your browser. (You can also enter X1000’s IP address instead of the name.) The HTTP status page of the BinTec router with the system name <System Name> or with the IP address entered is displayed.
Page 304 X1000’s subsystems. Hardware interfaces This table displays the LAN and WAN interface of X1000. The third column of the table provides information on the current status of the physical inter- faces with the following possible values:...
Page 305: Activity Monitor
Click system tables to display a list with all the X1000 MIB tables. Clicking a table name lists the variables contained in the table. If you don’t want to display X1000’s HTTP status page, enter 0 as the port number of the http port: Go to IP TATIC ETTINGS Enter HTTP TCP port: 0 .
Page 306 60 (default value: 5 ). Table 8-7: YSTEM XTERNAL CTIVITY ONITOR To do Proceed as follows: Go to S YSTEM XTERNAL CTIVITY ONITOR Enter Client IP Address, e.g. the IP address of your PC. Enter Client UDP Port: 2107 . BinTec Communications AG...
Page 307 Activity Monitoring physical_virt Select Type, e.g. Enter Update Interval (sec), e.g. Press SAVE. X1000 User’s Guide...
Page 308: Access Security
How to change the passwords is described in "Changing the pass- word", page 120. Change the passwords to prevent unauthorized access to X1000. Also make sure that unauthorized persons do not have access to the X1000 power supply, serial console and Ethernet connection.
Page 309: Checking The Calling Party Number
Software Reference). A certain password and a certain action can be assigned to a user. 8.2.2 Checking the Calling Party Number CLID X1000 uses Calling Line Identification ( CLID) to check the calling party number of an incoming call. Screening indicator You can also determine whether calling party numbers have been modified by the calling parties.
Page 310: Authentication Of Ppp Connections With Pap, Chap Or Ms-Chap
You can find a detailed description of the callback mechanism in the Software Reference. This is configured in WAN P ARTNER DVANCED ETTINGS Field Meaning Callback Activates the callback function. Table 8-8: WAN P ARTNER DVANCED ETTINGS BinTec Communications AG...
Page 311 CANCEL to close the dialog box that appears. Exception: This abort option cannot be used if the WAN partner dialing in uses Windows NT and his extension number is entered in X1000. X1000 calls back immediately, if requested to by the WAN partner.
Page 312: Closed User Group
CAPI user concept By using BinTec’s CAPI user concept, you can make sure that only users authenticated by user name and password can access X1000’s Remote CAPI interface (see chapter 7.1.2, page 204). Filters You can also prevent unauthorized access by defining filters (see chapter 8.2.8,...
Page 313: Nat (Network Address Translation)
See your syslog messages for this purpose! NAT always refers to an interface. X1000’s LAN side is always referred to as "internal", the WAN partner as "external". You will find more information on NAT in the Software Reference.
Page 314 DDRESS RANSLATION Field Meaning Network Address Defines the type of NAT for the selected inter- Translation face. Possible values: off: Do not execute NAT. on: Execute Forward NAT. reverse: Execute Reverse NAT. Table 8-10: ETWORK DDRESS RANSLATION BinTec Communications AG...
Page 315 If you do not use any of the predefined services. Enter the required val- ues under Protocol and Port to define a service. Protocol Only for Service = user defined . Defines the protocol allowed. Possible values: icmp l2tp X1000 User’s Guide...
Page 316 Go to IP ETWORK DDRESS RANSLATION Add an entry with ADD or select an existing entry and confirm with Return. Select Service. Select Protocol, if applicable. Enter Port (-1 for any), if applicable. Enter Destination. Press SAVE. BinTec Communications AG...
Page 317: Filters (Access Lists)
A filter describes a certain part of the IP data traffic based on the source and/or destination IP address, netmask, protocol and source and/or destination port. If you define a filter, you are telling X1000: "Watch out for all data packets that match the following: ...". Rule...
Page 318 Next Rule = 0 Rule 3 Next Rule = 0 Rule 0 = Discard Packet Figure 8-3: Rule chains for various interfaces Configuration is made in: CCESS ISTS ILTER CCESS ISTS ULES REORG CCESS ISTS ULES CCESS ISTS NTERFACES BinTec Communications AG...
Page 319 Description Designation of the filter. Note that only the first 10 or 15 characters are visible in other menus. Index Cannot be changed here. X1000 automatically issues a number to newly defined filters. Protocol Defines a protocol. Possible values: any , icmp , ggp , ip , tcp , egp , igp , pup , chaos ,...
Page 320 (5000..32767) Port numbers: 5000 ... 32767. clients 1 (1024.0.4999) Port numbers: 1024 ... 4999. clients 2 (32768..65535) Port numbers: 32768 ... 65535. unpriv (1024..65535) Port numbers: 1024 ... 65535. Table 8-13: Source Port and Destination Port BinTec Communications AG...
Page 321 The ports are created dynamically by clients i.e. permanently servers and have no permanent meaning assigned. (with the exception of special agreements): unpriv (1024..65535) clients 1 server clients 2 priv (0..1023) (1024.0.4999) (5000..32767) (32768..65535) Table 8-14: Port number ranges X1000 User’s Guide...
Page 322 A simplified FTP connection is used as an example to illustrate how to use source and destination ports: In addition to source and destination IP address- es, the IP protocol also uses source and destination port numbers to uniquely BinTec Communications AG...
Page 323 ISDN 192.168.1.1 FTP Server Src IP = 192.168.1.1 10.1.1.2 192.168.1.2 Src Port = xyz Dest IP = 10.1.1.2 Dest Port = 21 192.168.1.3 Network of your WAN Partner Your Local Area Network Figure 8-4: Example: FTP connection X1000 User’s Guide...
Page 324 !M Allow packet if it does not match the filter. deny M Deny packet if it matches the filter. deny !M Deny packet if it does not match the filter. ignore Use next rule. Table 8-17: Action BinTec Communications AG...
Page 325 You can change the order of rules in a chain in the submenu IP CCESS REORG: ISTS ULES Field Meaning Index of Rule that gets Defines the first rule in the chain. Index 1 Table 8-18: REORG CCESS ISTS ULES X1000 User’s Guide...
Page 326 , you can define which interface starts CCESS ISTS NTERFACES with which rule and if and how the sender of a packet is to be informed if the packet is denied by X1000 due to a filter violation: BinTec Communications AG...
Page 327 The rule with Index = 1 is normally always used as the first rule for a newly cre- ated interface (e.g. to a WAN partner). Field Meaning Interface X1000 interface First Rule Defines which rule is used first for data packets that reach X1000 via the interface.
Page 328 Repeat these steps until you have defined all the desired filters. Do not forget to define a filter, if necessary, for enabling the remaining data packets (Protocol = any , Source Port = any , Destination Port = any ). BinTec Communications AG...
Page 329 Select an interface and confirm with Return if you wish to use a rule as the first rule for this interface that is not the rule displayed. Select First Rule. Select Deny Silent. Select Reporting Method. Press SAVE. X1000 User’s Guide...
Page 330: Local Filters
313) or global filters (see chapter 8.2.8, page 317). Strategy As soon as at least one entry for local filters exists in X1000, incoming requests for the corresponding local services of X1000 are only allowed if the source address is 127.0.0.1 (loopback address), or no entry exists for the corresponding service, or the incoming call is expressly allowed by at least one entry.
Page 331 The request is rejected if one or more entries for this service exist in the list, but none of these matches the request. Local filters therefore provide an additional tool that is different to handle than global filters and does not adversely affect performance in normal routing. X1000 User’s Guide...
Page 332 Verify IP Address Defines if the source IP address is to be checked when an incoming call is received for the service selected under Service. Possible values: verify don’t verify BinTec Communications AG...
Page 333 Interface (Only if Verify Interface = verify ) Defines an interface of X1000. If X1000 receives an incoming call over this interface for the service selected under Service, the con- nection is allowed. If the incoming call crosses another interface, the next entry is checked.
Page 334: Back Route Verification
Denial-of-Service and IP spoofing attacks. To do Proceed as follows to activate Back Route Verification for a WAN partner: Go to WAN P ARTNER DVANCED ETTINGS Activate Back Route Verify with on . Confirm with OK. BinTec Communications AG...
Page 335: Taf Client
You can enable this function on BinTec’s corporate access routers and config- ure the router as TAF server. You can configure the X1000 personal access router as TAF client to obtain access on a TAF server and the connected LAN (if the TAF server has been configured appropriately).
Page 336: Line Tapping Security
The DES and Blowfish encryption algorithms are only supported if a license for VPN is entered in X1000. Configuration is made in: WAN P...
Page 337 DES3 168: Triple DES with 168-bit key none: no encryption These values are only available if PPP , Async PPP over X.75 , Async PPP over X.75/T.70/ BTX or X.25_PPP has been selected under Encapsulation. WAN P Table 8-21: ARTNER X1000 User’s Guide...
Page 338 WAN partner is generated automatically or defined statically. Possible values: authentication (default value): Key is gener- ated dynamically by X1000. static : The key is defined statically and must be entered under Encryption Key (TX) and Encryption Key (RX). Encryption Key (TX)
Page 339: Vpn (With Extra License)
Press SAVE. 8.3.2 VPN (with extra license) X1000 can set up a VPN (Virtual Private Network) using the PPTP (Point-to- Point Tunneling Protocol). This provides safe (encrypted) transmission of data over WAN connections, e.g. over the Internet. It can be used, for example, by field service staff to obtain low-cost access to data in the company network via Internet and laptop (dial-in via a local Internet Service Provider).
Page 340: Special Features
The packet fragments are assembled again on passing through NAT, before the packet can pass the router. You can prevent some DoS attacks that operate with fake source IP addresses by using the Back Route Verification function (see chapter 8.2.10, page 334). BinTec Communications AG...
Page 341 Special Features You can counter DoS attacks that speculate on destroying the system by caus- ing the log files to overflow (syslog messages) by suitably positioning and limit- ing the size of these files. X1000 User’s Guide...
Page 342: Checklist
Security Mechanisms Checklist The following list indicates the most important critical security points that you should observe when configuring X1000: Have you changed all four passwords for system access (admin, read, write, http)? See chapter 6.1.2, page 132. Are the activities of your...
Page 343 Do you use the CAPI user concept? Are any additional user accounts created trouble-free? Have you prevented the interception of connections on the Ethernet by a suitable LAN infrastructure? X1000 User’s Guide...
Page 344 Security Mechanisms BinTec Communications AG...
Page 345: Configuration Management
Configuration Management In this chapter, you will find instructions on the administration of your configura- tion files and on updating the X1000 software. The following areas are covered: Administration of Configuration Files – Where are the configuration files? – What is flash and memory? –...
Page 346: Administration Of Configuration Files
X1000 is switched off. So if you modify your configuration and want to re- tain these changes for the next time you start X1000, you have to save the mod- ified configuration to the flash before switching off: Exit Save as boot configuration and exit (see chapter 6.3, page...
Page 347 Administration of Configuration Files You can perform the various operations with the help of the Setup Tool: Go to the C menu. ONFIGURATION ANAGEMENT X1000 Setup Tool BinTec Communications AG MyX1000 Operation (TFTP --> FLASH) TFTP Server IP Address 192.168.1.1 TFTP File Name brick.cf...
Page 348 <TFTP File Name>. As the configuration file is transferred to flash and not to memory, the file must then be loaded (FLASH --> MEMORY), so that the settings can take effect on X1000. BinTec Communications AG...
Page 349 If an error should occur while running get (TFTP --> FLASH) and the operation is aborted, the file to be overwritten in the flash is deleted. So if you transfer a "boot" file, X1000’s boot file will be deleted and X1000 cannot load a configura- tion on restarting.
Page 350 Setup Tool; State of last operation displays running. When the operation has been executed successfully, the operation is dis- played under Type of last operation, State of last operation assumes the value done . BinTec Communications AG...
Page 351 C:\BRICK on your PC. Your PC has the IP address 192.168.1.1. If you want to transfer brick.cf from your PC to X1000, proceed as follows: For a Windows PC: Click the Windows Start button then Program...
Page 352 . The configuration file brick.cf is saved, for example, in X1000’s flash under the name boot. To make the settings of brick.cf take immediate effect in X1000, proceed as fol- lows: Flash --> memory Reselect Operation: load (FLASH --> MEMORY) .
Page 353: Resetting X1000 To The Ex Works State
(see chapter 11.5, page 380). Observe the LEDs on the front of X1000. After running through the start mode (approximately 8 seconds; see chapter 11.2, page 373), all yellow LEDs light simultaneously. (If...
Page 354 Configuration Management If you switch the equipment off and on again, it starts with the saved boot con- figuration. BinTec Communications AG...
Page 355: Updating Software
Updating Software Updating Software As BinTec Communications AG is constantly improving the software for all its products and you certainly want to use the latest features of X1000, this chapter tells you how to update your software. www.bintec.net If you want to update your software, load new system software in X1000. Every system software includes new features, better performance and any necessary bugfixes from the previous version.
Page 356 43). Activate the TFTP server. For a Unix computer: Follow the instructions in the Software Reference. Log in to X1000, if you have not already done so. Deactivate auto logout with t 0. In the SNMP shell, type in update <IP address> <file name>. Do not enter the pointed brackets.
Page 357 The software update is executed and the new system software is loaded in the flash memory. X1000 requires a connected block of free working memory that is somewhat larger than the new system software. If insufficient memory is available on...
Page 358 Configuration Management BinTec Communications AG...
Page 359: Troubleshooting
Troubleshooting Tips If you are having problems with X1000, the following tips should help you to overcome some of the more usual stumbling blocks: Log in to X1000 and enter in the SNMP shell: debug all This makes available all the debugging information in the SNMP shell.
Page 360: Aids To Troubleshooting
These commands are entered directly in X1000’s SNMP shell: debug You can use the debug command for troubleshooting in one or more sub- systems of X1000. A detailed explanation of the syntax and options can be found in chapter 12.1, page 384.
Page 361: External Aids
Enter trace -ip next to display data packets that are to run over the next B-channel to be opened. Enter trace -x -s me -d 0:a0:f9:d:5:a 0 0 1 to output data pack- ets sent from X1000’s MAC address over the LAN to the host with the MAC address 0:a0:f9:d:5:a. 10.1.2...
Page 362: Typical Errors
The password as well as the complete configuration of X1000 are deleted. Select (1) Boot System. X1000 is restarted. Reconfigure X1000. I can’t reach X1000 in the LAN. Try to establish a serial connection: Connect your PC to X1000 over the serial interface.
Page 363: Isdn Connections
Use debug all or trace to check if a PC in the LAN is using a different netmask from the one entered on X1000. Use debug all or trace to check if a PC in the LAN is configured for Re- mote CAPI with an incorrect IP address (destination port 2662).
Page 364 (Number under WAN P ARTNER WAN N UMBERS Check if you left a trace program running over an ISDN PPP connection. This would cause packets to be sent constantly over ISDN and the connec- tion would remain permanently open. BinTec Communications AG...
Page 365 Typical Errors Outgoing calls cannot be made. Check the LEDs on the front of X1000 to determine if a connection is made (see chapter 11.2, page 373). Use isdnlogin to check if outgoing calls are possible. Check M ISDN M...
Page 366: Ipx Routing
ARTNER IPX . The settings must be compatible with the settings on the serv- ers in X1000’s LAN. Check if a router between them filters out the SAP packets. Check with isdnlogin if an ISDN connection can be made between client and server.
Page 367 Check if NetBIOS over IPX is used in the LAN (Windows for Workgroups, NT, Win 95). If necessary, select no or on LAN only under IPX for NetBIOS Broadcast replication. Check if NDS Replica Synchronization is active (for Netware 4.1 servers and higher). X1000 User’s Guide...
Page 368 Enter the command reset router on the console of the respective serv- All inactive connections between the server and X1000 are cleared. If the disconnect for the client is lost, SPX connections could remain until timeout. These connections would then be displayed in ipxAdmSpxConns until timeout. BinTec Communications AG...
Page 369: Technical Data
Technical Data This chapter presents the technical data of X1000. The following areas are cov- ered: General Product Features X1000 Front Panel and LED Displays X1000 Rear Panel and Connections Pin Assignment BOOTmonitor X1000 User’s Guide...
Page 370: General Product Features
Technical Data 11.1 General Product Features The general product features cover X1000’s performance features and the technical requirements for installation and operation. Feature Value Product name: X1000 Dimensions and weight (B x H x 141 mm x 50 mm x 145 mm...
Page 371 Lists, Allow Lists, CLID, NAT, TAF, MPPE Encryption. Required licenses: Licenses included for CAPI, IP, IPX and STAC. Extra licenses obtainable for VPN, IPSec and leased lines. Software included: RVS-COM Lite (communications application) BRICKware for Windows BRICKtools for Unix X1000 User’s Guide...
Page 372 Technical Data Feature Value Printed documentation included: User’s Guide Quick Install Guide Online documentation: BRICKware for Windows Software Reference User’s Guide Table 11-1: General product features of X1000 BinTec Communications AG...
Page 373: Front Panel Leds
There are five LEDs on the front panel for indicating the current status of your X1000. Each LED can convey different information according to which mode X1000 is in. All LEDS light for half a second after the equipment is switched on to show that they are working.
Page 374 BOOTmonitor is active (or waiting for a key- board entry). L1, L2 Blinking BOOTmonitor is compressing system soft- ware. An error has occurred during the boot opera- tion, which means X1000 cannot boot. Table 11-3: LEDs in BOOTmonitor mode BinTec Communications AG...
Page 375 Front Panel LEDs Normal Mode State Meaning Power supply connected. LAN, L1, L2 Blinking Resetting X1000 to the ex works state was (three successful. times) Data packet passing through the LAN inter- face. Blinking ISDN B1-channel: Connection is being set up.
Page 376: Rear Panel Connections
Serial interface Figure 11-2: X1000 rear panel X1000’s main board contains an Ethernet interface and an ISDN interface. These interfaces are reached via the connections on the rear panel (see chapter 11.4, page 377). Caution! The use of the wrong mains adaptor may damage your router! Use only the mains unit supplied (5 V DC).
Page 377: Pin Assignment
Serial port Figure 11-3: 8-pole mini DIN socket As console port, X1000 has a serial port with an 8-pole mini DIN socket. The equipment supports baud rates between 1200 and 115200. The pin assignment for the 8-pole mini DIN socket is as follows: Function For future applications.
Page 378 The pin assignment for the ISDN S0 BRI interface (RJ45 socket) (4) is as fol- lows: Function Not used Not used Send (+) Receive (+) Receive (-) Send (-) Not used Not used Table 11-6: Pin assignment for ISDN BRI interface BinTec Communications AG...
Page 379 Table 11-7: Pin assignment for Ethernet 10/100Base-T interface If you want to connect X1000’s LAN interface directly to the Ethernet card of your PC and not to an external hub, you need the adaptor cable in addition to the red LAN cable.
Page 380: Boot Sequence
BOOTmonitor Mode Normal Mode After several selftests have been performed successfully in Start Mode, X1000 changes to the BOOTmonitor Mode. The BOOTmonitor prompt is displayed if you are connected to X1000 via a terminal program. Figure 11-6: BOOTmonitor BinTec Communications AG...
Page 381 BOOTmonitor settings are set to the default values. (5) Default BOOTmonitor parameters: You can change the default settings of X1000’s BOOTmonitor, e.g. the baud rate for serial connections. If you change the baud rate (the preset value is 9600 bauds), make sure the terminal program used also uses this baud rate.
Page 382 Technical Data BinTec Communications AG...
Page 383: Important Commands
This chapter describes the following commands: SNMP shell commands: – telnet – ping – trace – isdnlogin – debug – ifconfig – ifstat – netstat – date – – nslookup BRICKtools for Unix commands: – bricktrace – capitrace X1000 User’s Guide...
Page 384: Snmp Shell Commands
SNMP shell are given below. Entering? displays a list of the most important commands available on X1000. Please note: Parameters shown in the command lines inside square brackets [ ] represent optional values.
Page 385 -a: asynchronous HDLC (B-channel only) – -F: fax (B-channel only) – -A: fax and AT commands (B-channel only) – -D: additional time parameter (delta) – -t: output in ASCII text (B-channel only) – -p: PPP (B-channel only) X1000 User’s Guide...
Page 386 -o: combine two or more -d filters or -s filters with a logical OR opera- tion. – specific <MAC filter>: me = X1000’s MAC address, bc = broadcast packets. You can combine a -d MAC filter and an -s MAC filter with a logical AND oper- ation by simply specifying them both.
Page 387 [show]|[[-q] all|acct|system|<subs> [<subs> ...]] Is used to selectively display debugging information originating from one of X1000’s subsystems. – show: displays all possible subsystems that can be debugged. – -q: do not print a timestamp before each debugging message.
Page 388 Important Commands – address: X1000’s IP address for the interface (ipRouteNextHop). – netmask <mask>: netmask of the interface (ipRouteMask). – up: sets the interface to the up status. – down: sets the interface to the down status. – dialup: sets the interface to the dialup status.
Page 389 [<seconds>] Is used to define the auto logout time for the current login session (a connection X1000 over telnet, ISDN login or serial interface is normally disconnected au- tomatically if no entry is made on the keyboard for 15 minutes).
Page 390 Important Commands Entering -? (e.g. netstat -?) usually provides syntax help. The update command can be found in chapter 9.3, page 355. Further SNMP commands can be found in the Software Reference. BinTec Communications AG...
Page 391: Bricktools For Unix Commands
-N: Novell IPX output (B-channel only) – -t: output in ASCII text (B-channel only) – -x: raw dump mode – -s: check X1000 for available trace channels – -T <tei>: set TEI filter (D-channel only) – -c <cref>: set callref filter (D-channel only) –...
Page 392 – Number of the tracer message (#<decimal>) – Length of the CAPI message ([<decimal>]) – Application ID (ID = <decimal>) – Number of the CAPI message (no. (<decimal>)) – Short output only: connection identifier (ident = 0x<hexadecimal>) BinTec Communications AG...
Page 393 X1000 darf nur mit dem original BinTec-Steckernetzteil (5 V DC) betrieben werden. BinTec Communications AG haftet nicht für Schäden, die durch die Ver- wendung eines anderen Steckernetzteils hervorgerufen werden. Beachten Sie beim Verkabeln die Reihenfolge, wie im Handbuch beschrie- ben. Verkabeln Sie zuerst LAN-, ISDN- und serielle Anschlüsse, schließen Sie dann die Stromversorgung an, und schalten Sie zum Schluß...
Page 394: General Safety Precautions In 15 Different Languages
General Safety Precautions in 15 Different Languages Verwenden Sie für die Verkabelung nur die beigelegten Kabel. Falls Sie an- dere Kabel verwenden, übernimmt BinTec Communications AG für auftre- tende Schäden oder Beeinträchtigung der Funktionalität keine Haftung. Verlegen Sie Leitungen so, daß sie keine Gefahrenquelle (Stolpergefahr) bilden und nicht beschädigt werden.
Page 395 Das Gerät darf auf keinen Fall naß gereinigt werden. Durch eindringendes Wasser können erhebliche Gefahren für den Benutzer (z. B. Stromschlag) und erhebliche Schäden am Gerät entstehen. Niemals Scheuermittel, alkalische Reinigungsmittel, scharfe oder scheuernde Hilfsmittel benutzen. X1000 User’s Guide...
Page 396 X1000 -laitteen LAN -li- itäntää saa yhdistää ISDN-liitäntääsi. Käytä laitteiden yhdistämiseen vain mukanatoimitettuja kaapeleita. Jos käytät muita kaapeleita, ei BinTec Communications AG vastaa tästä aiheu- tuvista vahingoista. Vedä kaapelit sellaisiin paikkoihin, että ne eivät aiheuta vaaratilanteita (ko- mpastumisia) eivätkä vahingoitu.
Page 397 Luvaton aukai- seminen ja asiantuntemattomat korjaukset saatttavat aiheuttaa käyttäjälle vakavia vaaratilanteita (esim. sähköisku). Laitteiden luvaton aukaiseminen aiheuttaa BinTec Communications AG -takuun raukeamisen sekä kaikki- naisen vastuun epäämisen. Älä missään tapauksessa puhdista laitetta runsaalla vedellä. Sen sisään tunkeutunut vesi saattaisi aiheuttaa vakavia vaaroja (esim.
Page 398 Installation et Avant de procéder à l’installation et à la mise en service de X1000, veuillez mise en service vous référer aux indications concernant les conditions d’environnement (cf.
Page 399 BinTec Communications AG décline toute responsabilité pour les dommag- es éventuels ou pour tout défaut de fonctionnement pouvant en résulter. Posez les câbles de telle sorte qu’ils ne puissent pas être à l’origine de ris- ques (risques de trébuchement) ou être endommagés.
Page 400 General Safety Precautions in 15 Different Languages garantie et décharge la société BinTec Communications AG de toute re- sponsabilité. L’appareil ne doit être en aucun cas nettoyé à l’eau. Une pénétration d’eau dans l’appareil pourrait entraîner des risques graves pour l’opérateur (ris- que d'électrocution par exemple) et des dommages importants de l’appar-...
Page 401 µε τ γνήσι φι BinTec Communications AG (5 V DC). Η BinTec Communications AG δεν ευθύνεται για ηµιέ π υ ενδέ εται να πρ κληθ ύν απ τη ρήση εν άλλ υ φι . Πρ σέ τε κατά την καλωδίωση, ώστε να τηρηθεί η σωστή σειρά π υ...
Page 402 έρ εστε σε επαφή µε τ κατάλληλ συνεργεί . Καθαρισµ και Η συσκευή επιτρέπεται να αν ι τεί µ ν ν απ ειδικά εκπαιδευµέν επισκευή τε νικ πρ σωπικ . Γι’ αυτ ν τ λ γ να επιτρέπετε τη διε αγωγή BinTec Communications AG...
Page 403 νερ ύ µπ ρεί να πρ κύψ υν σηµαντικ ί κίνδυν ι για τ ρήστη (π. . ηλεκτρ πλη ία) και σ αρέ ηµιέ στη συσκευή. Να µη ρησιµ π ιείτε π τέ συρµάτινα σφ υγγαράκια και αι µηρά ή αδρά ηθητικά µέσα καθαρισµ ύ. X1000 User’s Guide...
Page 404 ISDN. Utilizzare per il cablaggio soltanto i cavi allegati. Nel caso in cui si utilizzino cavi diversi, la BinTec Communications AG non risponde per i danni o la riduzione della funzionalità che ne derivano. Disporre i collegamenti in modo che non costituiscano fonte di pericolo (pericolo d’inciampo) e che non possano essere danneggiati.
Page 405 Utilizzazione conforme X1000 è concepito per l’impiego negli uffici. Come Router per reti multipro- alla destinazione, tocollo X1000 stabilisce collegamenti WAN in rapporto alla configurazione funzionamento del sistema. Per evitare canoni indesiderati, si consiglia di controllare asso- lutamente il prodotto.
Page 406 X1000 mag alleen met de originele BinTec Communications elektrische stekkervoeding (5 V DC) worden gebruikt. BinTec Communications AG is niet aansprakelijk voor be- schadigingen, die ontstaan door gebruik van een andere elektrische voed- ing. Let bij de aansluiting van de kabels op de volgorde, zoals in het handboek wordt beschreven.
Page 407 (bijv. elektrische schok). Onbevoegd openen van de apparaten heeft verval van de garantie en uitsluiting van de aansprakelijkheid van de BinTec Communications AG tot gevolg. Het apparaat mag in geen geval nat worden gereinigd. Door binnendrin- gend water kunnen er aanzienlijke gevaren ontstaan voor de gebruiker X1000 User’s Guide...
Page 408 General Safety Precautions in 15 Different Languages (bijv. elektrische schok) en kan er aanzienlijke schade ontstaan aan het ap- paraat. Gebruik nooit schuurmiddelen, alkalische reinigingsmiddelen, scherpe of schurende hulpmiddelen. BinTec Communications AG...
Page 409 ISDN-tilkoplingen. Bruk kun de vedlagte kablene for tilkoplingen. Dersom du bruker andre kabler, overtar BinTec Communications AG intet ansvar for skader som måtte oppstå av den grunn. Legg opp ledningene slik at de ikke kan bli skadet og at de ikke danner farekilder (fare for å...
Page 410 Apparatet må under ingen omstendighet rengjøres med vann. Dersom vann trenger inn, kan det oppstå alvorlige risikoer for brukeren (f. eks. ele- ktrisk støt) og alvorlige skader på apparatet. Bruk aldri skuremidler, alkaliske rengjøringsmidler, skarpe eller skurende hjelpemidler. BinTec Communications AG...
Page 411 Ao proceder à cablagem, respeite a sequência, tal como descrita no man- ual. Proceda primeiro à distribuição das ligações LAN, RDIS e em série, conecte depois a alimentação de corrente e, para terminar, ligue o X1000. Verifique se a cablagem, em especial da RDIS e da LAN, ficou bem feita, antes de pôr o...
Page 412 (por ex. choque eléctri- co). A abertura não autorizada do aparelho tem como consequência a per- da da garantia e da responsabilidade da BinTec Communications AG. O aparelho nunca pode ser limpo a húmido. A infiltração de água pode con- stituir perigo para o utilizador (por ex.
Page 413 X1000 można eksploatować wyłącznie w połączeniu z oryginalnym zasilaczem wtykowym produkcji firmy BinTec Communications (5 V DC). Firma BinTec Communications AG nie odpowiada za szkody wywołane stosowaniem zasilacza innego typu. Przy przyłączaniu przewodów należy przestrzegać kolejności opisanej w instrukcji obsługi. W pierwszej kolejności należy przyłączyć złącza LAN, ISDN oraz złącza seryjne, następnie włączyć...
Page 414 Otwieranie obudowy urządzenia bez upoważnienia lub jego niefachowe naprawy mogą wywoływać poważne zagrożenia dla użytkownika (np. porażenie prądem). Niedozwolone otwieranie urządzeń pociąga za sobą utratę gwarancji udzielanej przez firmę BinTec Communications AG oraz jej odpowiedzialności cywilnej za skutki użytkowania produktu. BinTec Communications AG...
Page 415 Urządzenia pod żadnym pozorem nie wolno czyścić na mokro. Dostanie się wody do wnętrza urządzenia może wywoływać poważne zagrożenia dla użytkownika (np. porażenie prądem) oraz poważne uszkodzenia produktu. Nigdy nie stosować środków do szorowania, zasadowych środków czyszczących, ostrych lub szorujących środków pomocniczych. X1000 User’s Guide...
Page 416 Colocación y Antes de la colocación y puesta en servicio de X1000, observe las instruc- puesta en servicio ciones acerca de las condiciones ambientales (ver Datos técnicos). Utilice una superficie firme y plana.
Page 417 Durante una tormenta, no enchufe ni desenchufe los conductos de trans- misión de datos, ni los toque. Utilización prevista, X1000 está concebido para ser utilizado en oficinas. Como router multipro- servicio tocolo, X1000 establece conexiones WAN dependiendo de la configu- ración del sistema.
Page 418 BinTec Communications nätenhet (5 V DC). BinTec Communications AG ansvarar inte för skador som uppstår p g a att en annan nätenhet används. Utför kabeldragningen i den ordningsföljd som anges i handboken. Anslut först kablarna för LAN- och ISDN-anslutningar samt för serieanslutningar,...
Page 419 (t ex elektriska stötar). Om apparaten öppnas utan tillstånd gäller inte längre garantiansvaret från BinTec Communications AG. Apparaten får aldrig våtrengöras. Vatten som kommer i enheten kan med- föra fara för användaren (t ex elektriska stötar) och förorsaka skador på...
Page 420 Başka kablo kullandığınız takdirde, BinTec Communications AG meydana gelen hasar veya fonksiyonlardaki olumsuz etkilerden dolayı sorumluluk üstlenmez. Kabloları, tehlike kaynağı olamayacak ve zarar görmeyecek şekilde (takılma tehlikesi) döşeyiniz. Fırtına esnasında veri iletişim hatlarını ne bağlayınız, ne çıkartınız, ne de bunlara dokununuz. BinTec Communications AG...
Page 421 Müsaade edilen işlemler dışında açılması ve uygun olmayan şekilde tamir edilmesi, kullanıcı için büyük tehlikeler doğurabilir (örneğin elektrik çarpması). ICihazın izinsiz açılması, BinTec Communications AG’nin garanti ve sorumluluk yükümlülüğünün ortadan kalkmasına neden olur. Cihazın su ile temizlenmesi kesinlikle yasaktır. Suyun cihaz içine kaçması, kullanıcı...
Page 422 Csak a mellékelt vezetékeket alkalmazza a vezetékezéshez. Amennyiben más vezetékeket alkalmaz, az emiatt fellépő károkért vagy a működésben fellépő változásokért a BinTec Communications AG nem vállal felelősséget. A vezetékeket úgy fektesse le, hogy azok ne lehessenek veszélyek forrásai (botlásveszély), azokban pedig kár ne keletkezhessen.
Page 423 Az adatátvivő vezetékeket vihar esetében ne csatlakoztassa, ne húzza le, ne érintse meg. Rendeltetésszerű X1000 irodai környezetben való alkalmazásra készült. Az X1000, mint alkalmazás, multi-protokoll-router, rendszerkonfigurációtól függően WAN- üzemeltetés összeköttetésekre épül. A nem kívánt telefondíjak elkerülése végett, a terméket feltétlenül tartsa megfigyelés alatt.
Page 424 General Safety Precautions in 15 Different Languages Sohasem szabad súrolószereket, lúgos tisztítószereket, éles vagy karcoló segédeszközöket alkalmazni. BinTec Communications AG...
Page 425 Vaši přípojku ISDN. Na propojování použijte pouze přiložené kabely. Pokud použijete jiné kabely, odmítá BinTec Communications AG ručení za vzniklé škody nebo za omezenou funkčnost. Vedení ukládejte tak, aby se nestala zdrojem nebezpečí (např. zakopnutím) a aby se nepoškodily.
Page 426 (např. zasažení elek- trickým proudem). Nedovolené otevření přístrojů má za následek zánik záruky a ručení firmy BinTec Communications AG . Přístroj se zásadně nesmí čistit mokrým způsobem. Vnikající voda může uživatele vystavit značnému ohrožení (např. zasažení elektrickým proudem) a může způsobit značné...
Page 427 X1000 må kun benyttes med den originale stiknetdel fra BinTec Communications (5 V DC). BinTec Communications AG hæfter ikke for skader, som måtte opstå som følge af brug af en anden stiknetdel. Sørg for at kablerne forbindes i den rigtige rækkefølge (se beskrivelsen i manualen).
Page 428 Uautoriseret åb- ning og ukorrekt udførte reparationer kan medføre betydelige farer for brugeren. BinTec Communications AG fraskriver sig ethvert ansvar og ga- rantien bortfalder, hvis apparatet åbnes uden tilladelse. Apparatet må under ingen omstændigheder rengøres med væske. In- dtrængende vand kan udsætte brugeren for alvorlige farer (f.eks.
Page 429 X1000 User’s Guide...
Page 430 General Safety Precautions in 15 Different Languages BinTec Communications AG...
Page 431: Glossary
This allows computers and peripheral devices to intercommunicate without being synchronized by clock signals. The beginning and end of the transmitted characters must be marked by start and stop bits – in contrast to synchronous transmission. X1000 User’s Guide...
Page 432 Data is forwarded over the entire bus and received by all devices on the bus. Called Party Number Number of the terminal called. Calling Party Number Number of the calling terminal. CAPI Common ISDN Application Programming Interface BinTec Communications AG...
Page 433 Channel bundling Channel bundling One of X1000’s features. Channel bundling is a method of increasing the data throughput. The data throughput is doubled by switching in a second channel for data transmission. Channel bundling can be either dynamic (= on demand) or static (= always).
Page 434 Glossary Configuration Manager Windows application (similar to the Windows Explorer), which uses SNMP com- mands to request and carry out the configuration of X1000. Before BRICKware Version 5.1.3, the application was named Dime Browser. Data compression A process for reducing the amount of data transmitted. This enables higher throughput to be achieved in the same transmission time.
Page 435 Dialing method for telephony systems. In this method, pressing a key on the telephone keypad generates two simultaneous tones, which are corresponding- ly evaluated by the PABX or exchange. E1/T1 E1: European variant of the 2.048 Mbps ISDN Primary Rate Inter- face, which is also called the E1 system. X1000 User’s Guide...
Page 436 WAN. HDSL High Data Rate upstream downstream data rates are: 1.554 Mbps and 2.048 Mbps over ranges up to 4 km. The main HDSL applications are: High-speed data communication over leased lines. BinTec Communications AG...
Page 437 ISDN Basic Rate Inter- An ISDN subscriber interface. The Basic Rate Interface consists of two face channels and a D-channel. Compare Primary Rate Interface. The interface to the subscriber is provided by an bus. ISDN BRI ISDN Basic Rate Interface X1000 User’s Guide...
Page 438 ISDN Basic Rate Interface, also interface. ISDN Login One of X1000’s features. X1000 can be configured and administrated remotely using ISDN Login. ISDN Login operates on routers in the ex works state as soon they are connected to an ISDN connection and therefore reachable via an ex- tension number.
Page 439 IPX, etc. Network Address Translation Used as a security mechanism in X1000. Using NAT conceals your complete network to the outside world. The IP addresses of all devices in your own net- work remain confidential, only one IP address is made known for connections to the outside.
Page 440 Ping Packet Internet Groper Command that can be used to determine the range to remote network compo- nents. Ping is also used for test purposes to determine if the remote device can actually be reached at all. BinTec Communications AG...
Page 441 Protocols are used to define the manner and means of information exchange between two systems. Protocols control and rule the course of data communi- cation at various levels (decoding, addressing, network routing, control proce- dures, etc.). Proxy ARP ARP = Address Resolution Protocol X1000 User’s Guide...
Page 442 PC parallel to old applications based on CAPI 1.1. Routing Information Protocol Routing protocol used in networks to exchange information (routing tables) be- tween routers. RJ45 Plug or socket for maximum eight wires. Connection for digital terminals. BinTec Communications AG...
Page 443 TFTP server. In such a case, the server is not necessarily a computer server. Setup Tool Menu-driven tool for the configuration of X1000. The Setup Tool can be used as soon as the router has been accessed (serial, ISDN Login, LAN).
Page 444 – in contrast to asynchronous. Spaces are bridged by a stop code. Transmission Control Protocol One of the TCP/IP suite of protocols used for the connection of Wide Area Networks ( WANs). TCP/IP Transmission Control Protocol/Internet Protocol. BinTec Communications AG...
Page 445 TCP. UDP is connectionless in contrast to TCP. Upstream Data transmission rate from the client to the Internet Service Provider. Universal/Uniform Resource Locator Address of a file on the Internet V.11 ITU-T recommendation for balanced dual-current interface lines (up to 10 Mbps). X1000 User’s Guide...
Page 446 Wide Area Network connections, e.g. over ISDN, X.25. WAN interface WAN interface WAN interfaces connect the local network to the ( WAN). This is usually done by means of analog or digital telephone lines ( switched leased lines). BinTec Communications AG...
Page 447 The X.21bis recommendation defines the DTE/ interface to V- series synchronous modems. X.25 An internationally agreed standard protocol that defines the interface between network components and a packet-switched data network. X.31 For integration of X.25-compatible DTEs in ISDN. X1000 User’s Guide...
Page 448 Glossary BinTec Communications AG...
Page 449: Index
BOOTP relay agent Branch office Callback CAPI CAPI user concept 84, 212, 214 Channel bundling Advance configuration Basic configuration 208, 310 CHAP Checking the calling party number Checking the TCP/IP protocol CLID Closed User Group Commands SNMP shell X1000 User’s Guide...
Page 450 Windows Configuration file administration Configuration options Overview Configuring a PC Configuring answering machine Configuring fax Configuring WAN partners Connection methods ISDN Serial interface Connections Corporate network connection Configuration Wizard Dial-in (without router) General example Setup Tool BinTec Communications AG...
Page 451 Extended IP routing Extensions Extra license Factory reset Field service staff 101, 151, 317, 330 Filters Flash memory General PPP settings General Safety Precautions Guarantee terms HTTP status page Incoming Call Answering Installing BRICKware Installing the TCP/IP protocol X1000 User’s Guide...
Page 452 138, 288 Leased line LEDs License card Line tapping security Local filters 111, 308 Logging in Memory Monitoring functions in the Setup Tool MPPE MS-STAC 95, 238, 259 Name resolution 182, 313 95, 101, 238 NetBIOS Netmask BinTec Communications AG...
Page 453 Receiving a fax 64, 88, 312 Remote CAPI Routing Routing entry Routing Information Protocol Rule RVS-COM Lite SAFERNET Safety Precautions Scope of supply Security mechanisms Access security Activity monitoring Checklist Line tapping security Special features Sending a fax X1000 User’s Guide...
Page 454 System time Technical data Testing your Internet access Time server Token Authentication Firewall T-Online Transit Network Troubleshooting Aids IPX routing ISDN connections System errors Update Van Jacobson Header Compression 288, 339 Virtual Private Network (VPN) 288, 339 BinTec Communications AG...
Page 455 Index WAN interface Windows networks, configuration 95, 238, 259 WINS X.31 TEI X1000 User’s Guide...
Page 456 Index BinTec Communications AG...