Configuration Guide BSG8ew and BSG12ew/aw/tw 1.0 Business Services Gateway Document Status: Standard Document Number: NN47928-500 Document Version: 02.
Copyright © 2008 Nortel Networks, All Rights Reserved All rights reserved. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks.
Contents 3 Contents How to Get Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Getting Help from the Nortel Web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Getting Help over the phone from a Nortel Solutions Center . . . . . . . . . . . . . . . . . . . . 9 Getting Help from a specialist by using an Express Routing Code . . . . . . . . . . . . . . . . 9 Getting Help through a Nortel distributor or reseller . . . .
Contents Wireless network configuration procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 SIP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Prerequisites to SIP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 VPN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Prerequisites for VPN configuration . . . .
Contents 5 Wireless LAN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Prerequisites for LAN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Wireless LAN configuration navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 WLAN settings configuration parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 SSID configuration parameters . . . . . . . . . . . . . . . . .
Contents RIP configuration navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 RIP basic settings configuration parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Adding a RIP interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 RIP interface configuration parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 RIP neighbor setting configuration parameters . . . . . . .
Contents 7 IGMP snooping timer configuration parameters . . . . . . . . . . . . . . . . . . . . . . . . . 155 IGMP snooping interface configuration parameters . . . . . . . . . . . . . . . . . . . . . . 156 IGMP snooping VLAN router ports mapping information . . . . . . . . . . . . . . . . . . 157 IGMP snooping multicast forwarding group information . . . . . . . . . . . . . . . . . . . 158 QoS advanced configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Viewing rules configuration parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Adding rules configuration parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Advanced dial plan configuration parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Provisioning users configuration parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 FXO/FXS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How to Get Help This section explains how to get help for Nortel products and services. Getting Help from the Nortel Web site The best way to get technical support for Nortel products is from the Nortel Technical Support Web site: http://www.nortel.com/support This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products.
How to Get Help Getting Help through a Nortel distributor or reseller If you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller.
Configuration fundamentals Wide area network Wide area network (WAN) configuration includes configuring Ethernet ports. For more information, see WAN configuration (page 15) and WAN advanced configuration (page 83). Local area network Local area network (LAN) configuration includes configuring the virtual interface, Ethernet LAN settings, and wireless LAN settings. For more information, see VLAN configuration (page 37) and LAN advanced configuration (page 97).
Configuration fundamentals Multicast/IGMP Multicast configuration includes configuring Dynamic Multicast and Internet Group Management Protocol (IGMP) snooping. For more information, see Multicast advanced configuration (page 153). Quality of Service Quality of Service (QoS) configuration includes configuring basic QoS settings, policy map settings, class map settings, and queue settings. For more information, see QoS configuration (page 71) and QoS advanced configuration (page 159).
Introduction This document describes how to configure the Business Service Gateway (BSG) using the Web user interface.
Introduction NN47928-500
WAN configuration This section describes the procedures to configure the Wide Area Network (WAN) setup for the Business Services Gateway (BSG) system. WAN configuration navigation The following sections provide information for configuring the WAN: • • • Ethernet (page 15) DSL (page 23) T1/E1 (page 26) Ethernet The following sections describe WAN Ethernet configuration.
WAN configuration Figure 1 Ethernet WAN configuration procedures Configuring dynamic IP address assignment Complete this procedure to configure the Ethernet WAN for dynamic IP address assignment. Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, WAN, Ethernet. The WAN Configuration pane appears. 2 From the Interface list, select the required interface. 3 From the Encapsulation Mode list, select Ethernet. 4 From the MAC Cloning list, select Enable.
WAN configuration 17 Variable definitions The following table describes the variables and values for configuring Ethernet WAN. Variable Value Interface Select an Interface to be configured. Encapsulation Mode Set the encapsulation mode to Ethernet. The WAN interface operates as a normal Ethernet interface. MAC Cloning Select the MAC cloning status. Enable - the BSG uses the configured MAC address as the source of Ethernet frames instead of the MAC address of the BSG WAN port.
WAN configuration Variable definitions The following table describes the variables and values for configuring Ethernet WAN. Variable Value Interface Select an Interface to be configured. Encapsulation Mode Set the encapsulation mode to Ethernet. The WAN interface operates as a normal Ethernet interface. WAN IP Address Type the WAN IP address, if the IP Address Assignment is manual. Subnet Mask Type the subnet mask, if the IP Address Assignment is manual.
WAN configuration 19 Variable definitions The following table describes the variables and values for configuring the uplink rate limit. Variable Value Rate Limit Status Select the rate limit status. • Enabled - enables uplink rate limiting feature • Disabled - disables uplink rate limiting feature The default value is Disabled. Uplink Rate Limit Specifies the maximum uplink rate limit over the WAN interface (in bps). The range is 100,000 to 100,000,000 bps.
WAN configuration Figure 2 PPPoE WAN configuration procedures Configuring the PPPoE WAN Complete this procedure to configure the PPPoE WAN. Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, WAN, Ethernet. The WAN Configuration pane appears. 2 From the Interface list, select the required interface. 3 From the Encapsulation Mode list, select PPPoE. 4 In the ISP Name field, type the Internet Service Provider name.
WAN configuration 21 Variable definitions The following table describes the variables and values for configuring PPPoE WAN. Variable Value Interface Select an Interface to be configured. Encapsulation Mode Set the encapsulation mode PPPoE. The WAN interface operates as a Point-to-Point Protocol (PPP). ISP Name Type the name of the Internet Service Provider. User Name Type the PPPoE user name. Password Type the PPPoE password. Host Name Type the host name.
WAN configuration NN47928-500
WAN configuration 23 DSL DSL appears under WAN configuration if you are connected to a BSG12aw. On the Digital Subscribe Line (DSL) pages you can configure and control the DSL modem that connects to the BSG. You can also configure the ATM parameters of the modem and access the DSL modem statistics. Prerequisites for DSL configuration • You must have access read/write permission to configure DSL.
WAN configuration Your service provider provides you with these values when you set up your account. 3 In the MRU field, type the value 1492. 4 Click Add. 5 Select the IP Configuration tab. The PPP Configuration pane appears. 6 In the User Name field, type the User Name provided by your service provider. 7 In the Password field, type the Password provided by your service provider. 8 Click Apply. End Variable definitions This table describes the variables to configure DSL.
WAN configuration 25 End Variable definitions The following table describes the variables and values to configure the uplink rate limit. Variable Value Rate Limit Status Select the rate limit status: • Enabled - enables uplink rate limiting feature • Disabled - disables uplink rate limiting feature The default value is Disabled. Uplink Rate Limit Specifies the maximum uplink rate limit over the WAN interface (in bps). The range is 100,000 to 100,000,000 bps.
WAN configuration T1/E1 T1/E1 appears under WAN configuration if you are connected to a BSG12tw. T1/E1 is a digital WAN carrier facility. T1 transmits DS-1 formatted data at 1.544 MB/s and E1 transmits E1 formatted data at 2.048 MB/s through the telephone e-switching network. Prerequisites for T1/E1 configuration • You must have access read/write permission to configure T1/E1. T1/E1 configuration procedures The following task flow shows the sequence of procedures to perform to configure T1/E1.
WAN configuration 27 Figure 4 T1/E1 configuration procedures Configuring the T1 interface If your BSG is located in North America, configure the T1 interface. This procedure guides you through setting up one T1 interface. Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, WAN, T1/E1.
WAN configuration The T1/E1 Configuration pane appears. 2 Select interface 1. The Interface Type field defaults to T1. 3 From the Framing list, select ESF or SF. The framing you set here must agree with the framing used by the peer. 4 From the Line Mode list, select CSU or DSU. This setting depends upon the distance between the devices on either end of the T1 line. For shorter distances, use DSU. For longer distances, use CSU. This information should be provided by your service provider.
WAN configuration 29 Variable definitions This table describes the variables used to configure the T1/E1 interface. Variable Value Interface The T1/E1 controller. Framing The Framing Type for the T1/E1 data line. Options for T1: Extended Super Frame (ESF)— 24 consecutive 193-bit frames of data. Super Frame (SF)—12 consecutive 193-bits of data. Unframed—the non signaling or unframed framing format is a simplified version of the T1 super frame. The default value is ESF. Line Mode The Line Mode.
WAN configuration Variable Value Line Length The Line Length value. Line Length refers to the length of the cable (in feet) that connects the devices on each end of a T1 line. Options: 0 - 133 134 - 266 267 - 399 400 - 533 534 - 655 The default value is 0 - 133. You can configure the line length only when the Line Mode is DSU. Transmit ClockSource The clock source. Options: Local Timing—A local clock source is used or an external clock is attached to the box containing the interface.
WAN configuration 31 This setting depends upon the distance between the devices on either end of the E1 line. For shorter distances, use DSU. For longer distances, use CSU. This information should be provided by your service provider. 9 From the Line Length list, select the line length. You can configure line length only when Line Mode is DSU. This setting depends upon the length of the cable connecting the devices on each end of a E1 line. 10 From the Transmit ClockSource list, select Loop Timing.
WAN configuration Variable Value Line Length The Line Length value. Line Length refers to the length of the cable (in feet) that connects the devices on each end of an E1 line. Options: 0 - 133 134 - 266 267 - 399 400 - 533 534 - 655 The default value is 0 - 133. You can configure the line length only when the Line Mode is DSU. Transmit ClockSource The clock source. Options: Local Timing—A local clock source is used or an external clock is attached to the box containing the interface.
WAN configuration 33 Variable definitions This table describes the variables that appear on the T1/E1 Channel Group Configuration page. Variable Value Channel Group This identifies an instance of channel grouping on a T1 or E1 interface. The format is Serialx/y where x is either 1 for port 1 or 2 for port 2 and y is the Channel Group Index. Channel Group Index The Channel Group Index. This identifies a grouping of channels on the T1 interface. The range is 1to 64.
WAN configuration End Variable definition This table describes the variables that appear on the PPP Configuration page. Variable Value Serial Interface The serial Interface on which you layer the PPP interface. Authentication Required Select whether authentication is required for the PPP interface. Options: YES—enables the Server/Client, User Name, and Password fields. NO—authentication is not required for PPP interface.
WAN configuration Field Name Description PPP Interface Read-only field. Specifies the name of the PPP interface and the serial interface over which it is layered. Bundle Specifies whether the PPP interface can be bundled to form a multilink or not. Options are Yes and No. Select Yes to bundle the PPP interface to form a multilink. Select No to unbundle a PPP interface. • When a PPP interface is bundled to form a multilink, you cannot configure the user name and password for that PPP interface.
WAN configuration 9 *In the Peer DNS field, type the DNS server IP address of the peer. Set this field if IP Address Assignment is Manual. 10 Click Apply. End Variable definitions This table describes the variables that appear on the IP Configuration page. Variable Value PPP/MP Interface The PPP/Multilink interface for which the IP address is configured. IP Address Assignment The IP address assignment mode. Options: Dynamic—obtains the IP address dynamically from the peer.
VLAN configuration This section describes the procedures for configuring the virtual local area network (VLAN) settings for the Business Service Gateway (BSG). VLAN1 is the default VLAN. The BSG provides VLAN1 as a fully functioning VLAN using all eight ports. Prerequisites to VLAN configuration • You must have SYSTEM - READ WRITE, L2 - READ WRITE, and L3 - READ WRITE permission to access the information on the VLAN configuration panels.
VLAN configuration Figure 5 VLAN configuration procedures VLAN configuration navigation • • • Creating a new VLAN (page 38) Configuring the virtual interface (page 39) Configuring DHCP pool settings (page 40) Creating a new VLAN Complete this procedure to create a new VLAN. Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, VLAN Setup, Static VLAN tab. The Static VLAN Configuration pane appears. 2 NN47928-500 In the VLAN ID field, type the VLAN ID.
VLAN configuration 39 3 In the VLAN Name field, type the VLAN name. 4 In the Member Ports field, type the numbers and/or ranges of member ports. 5 In the Untagged Ports field, type the numbers and/or ranges of untagged ports. 6 Click Add. 7 From the BSG navigation pane, select Configuration, VLAN, Setup, Port Setting tab. The VLAN Port Settings pane appears. 8 Select the port setting that you want to modify. This is the list of member ports you added to the new VLAN in step 4.
VLAN configuration 2 In the VLAN ID field, type the VLAN ID. 3 In the IP Address field, type the IP address. 4 In the Subnet Mask field, type the subnet mask address. 5 In the MTU field, type the MTU value. 6 Click Add. End Variable definitions The following table describes the variables and values for configuring the virtual interface. Variable Value VLAN ID Type the VLAN identifier. IP Address Assignment Select the IP address assignment mode.
VLAN configuration 41 6 In the Start IP Address field, type the first IP address of the range you want to use. 7 In the End IP Address field, type the last IP address of the range you want to use. 8 Click Add. 9 Select the Pool Options tab. The DHCP Pool Option Settings pane appears. 10 From the Pool Name list, select the DHCP Pool Name you configured on the Pool Settings pane. 11 From the Option list, select NetMask (IP Format). 12 In the Value field, type the client subnet mask.
VLAN configuration Variable Value Option The DHCP option. Select one of the following options: • Netmask (IP Format) – the client subnet mask (RFC 950). The code for the subnet mask is 1 and its length is 4 octets. • Default Router (IP format) – a list of IP addresses for routers on the client subnet. The code for the default router option is 3 and its length is 4 octets. The length must always be a multiple of 4.
Wireless network configuration This section describes the procedures to configure the wireless network for the Business Services Gateway (BSG) system. Prerequisites to wireless network configuration • • • You must have WIRELESS - READ WRITE permission. You must configure DHCP pool settings for the VLAN used for the wireless network. You must configure the radio port as a member port of the VLAN used for the wireless network.
Wireless network configuration 2 From the list of security settings, select the first default SSID. The first SSID is enabled. 3 From the Authentication Type list, choose an authentication type. 4 From the Pre-Authentication Status list, select Enabled or Disabled. This field is available only if Authentication Type is set to WPA, WPA2, WPA-WPA2-Mixed, or Open1x. 5 From the Pre Shared Key Type list, select HEX or ASCII.
Wireless network configuration 45 Variable definitions The following table describes the variables and values for configuring the wireless network. Variable Value Select Select the first default SSID to configure security settings. Authentication Type Specifies the method used to authenticate wireless clients. Select the Authentication Type for stations that use this SSID. Select Open if authentication is not required. Select Open1X to use 802.1x authentication. Select Shared to use a shared key.
Wireless network configuration Variable Value Cipher Suite Specifies the required pair wise cipher and is used for data encryption. It consists of an organizationally unique identifier (OUI) (the first 3 octets) and a cipher suite identifier (the last octet). Select one of the following options: • AES-CCMP • TKIP • WEP • AES-CCMP-TKIP • AES-CCMP-WEP • TKIP-WEP • AES-CCMP-TKIP-WEP. This field is used in conjunction with the Authentication Type.
SIP configuration This section describes the procedures to configure SIP for the Business Services Gateway (BSG) system. Note: You should configure the emergency number (for example, 911) before you use the SIP server. This ensures that an emergency call originating on your system reaches its destination if the SIP server becomes unavailable. To configure the emergency number, see Configuring FXO (page 52). Prerequisites to SIP configuration • • You must have VOICE - READ WRITE permission.
SIP configuration Figure 7 SIP configuration procedures SIP configuration navigation • • • • • Configuring SIP system settings (page 48) Configuring CAC (page 50) Configuring FXS/FXO global information (page 50) Variable definitions (page 51) Configuring FXO (page 52) Configuring SIP system settings Complete this procedure to configure SIP system settings.
SIP configuration 49 Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, SIP, System Configuration. The Central SIP Server Configuration pane appears. 2 In the Managed Domain Name field, type the domain name of your voice service provider. 3 In the Central SIP Server Address field, type the central SIP server IP address. 4 From the Transport list, select the transport protocol to use for the port.
SIP configuration Configuring CAC Complete this procedure to configure CAC settings. Note: If the maximum number of simultaneous SIP calls across the WAN is reached, the next SIP call attempt fails and the caller hears fast busy tone. Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, SIP, System Configuration, CAC tab. The Call Admission Control Configuration pane appears. 2 From the list of rows, select the appropriate WAN link.
SIP configuration 51 Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, SIP, FXO/FXS. The Global Configuration pane appears. 2 From the Country Code list, select the country code. 3 Click Apply. End Variable definitions The following table describes the variables and values for configuring FXS/FXO global information. Variable Value Country Code The country code. The default value is Canada/US. Configuring FXS Complete this procedure to configure FXS information.
SIP configuration Variable definitions The following table describes the variables and values for configuring FXS information. Variable Value FXS Channel Select the required FXS channel. Select one of the following options: • Line1 • Line2 Channel Enable Select this check box to enable the administrative status of the FXS channel. The default value is disabled. Channel Number Type the FXS channel number. The maximum length of the channel number is 31 digits. This field is mandatory.
SIP configuration 53 End Variable definitions The following table describes the variables and values for configuring FXO information. Variable Value FXO Channel Select the required FXO channel. Channel Enable Select this check box to enable the administrative status of the FXO channel. The channel is available for use only when it is enabled. Channel Number Type the FXO channel number. This is the number which identifies the FXO line for an incoming call.
SIP configuration NN47928-500
VPN configuration This section describes the procedures to configure the Virtual Private Network (VPN) for the Business Services Gateway (BSG) system. Note: If you are connecting two BSG units at either end of the VPN tunnel, ensure that the IP addresses are different. Prerequisites for VPN configuration • You must have VPN - READ WRITE permission.
VPN configuration Figure 8 Client tunnel configuration procedures Client tunnel configuration navigation • • • • • Configuring remote identity (client) (page 56) Configuring users (page 57) Configuring the address pool (page 58) Configuring client termination (page 59) Enabling VPN (client) (page 63) Configuring remote identity (client) Complete the following procedure to configure the remote identity.
VPN configuration 1 57 From the BSG navigation pane, select Configuration, VPN, VPN Settings. The VPN Global Settings pane appears. 2 From the Remote Identity Type list, select IPV4, FQDN, EMAIL, or KEYID. 3 In the Remote Identity Value list, type the value corresponding to the selected Remote Identity Type. 4 In the PreShared Key field, type a string of text which is the key that VPN uses to authenticate before receiving any other credentials. 5 Click Add.
VPN configuration Variable definitions The following table describes the variables and values for configuring the user database. Variable Value User Name Type the user name. The range is 1 to 31 characters. Password Type the password for the user. The range is 1 to 31 characters. Configuring the address pool Complete this procedure to configure the VPN client address pool. Prerequisites Note: The address pool cannot be in the same subnet as DHCP addresses.
VPN configuration 59 Configuring client termination Complete this procedure to configure client termination. Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, VPN, Users, Client Termination tab. The VPN Client Termination pane appears. 2 Click the Policy Action, Create check box. 3 In the Policy Name field, type the policy name. 4 From the Interface Name list, select the WAN interface. 5 From the Policy Status list, select ACTIVE.
VPN configuration 22 From the Encryption list, select an IPSec encryption. 23 From the Authentication list, select the preferred authentication method. 24 From the Preferred Forward Secrecy list, select a PFS option. 25 From the Life Time list, select the Seconds, Minutes, or Hours. 26 In the Life Time Value field, enter the life time value. 27 Click Apply. End Variable definitions The following table describes the variables and values for configuring client termination.
VPN configuration 61 Variable Value IPSec Authentication Select the preferred authentication method. Select one of the following options: • HMAC-MAC5 - the message authentication code is calculated using the MD5 cryptographic hash function. This cryptographic hash function has some additional security properties with a 128-bit hash value, which is commonly used to check the integrity of files. • HMAC-SHA1 - the message authentication code is calculated using the SHA1 algorithm.
VPN configuration Variable Value Protocol Select the traffic protocol for the source or destination address. Select one of the following options: • Any • TCP • UDP • ICMPv4 • AH • ESP When you select a protocol and apply the IPSec policy, the policy is applied on the selected protocol packets only. For example, if ICMPv4, is selected, when you ping from one host to another, only ICMP packets are encrypted or authenticated. IP Sec Phase 2 Proposal table Protocol Select the authentication protocol.
VPN configuration Variable Value Life Time Select the life time unit. Select one of seconds, minutes, or hours. Life Time Value Type the life time value. The range is 5 minutes to 8 hours. 63 Enabling VPN (client) Complete this procedure to enable VPN. Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, VPN, VPN Settings, VPN Policy tab. The VPN Policy pane appears. 2 From the VPN Status list, select Enabled. 3 Click Apply.
VPN configuration Branch office tunnel configuration procedures The following task flow shows the sequence of procedures to configure a branch office tunnel. Figure 9 Branch office tunnel configuration procedures Branch office tunnel configuration navigation • • • Configuring remote identity (branch office) (page 64) Configuring IKE (page 65) Enabling VPN (branch office) (page 69) Configuring remote identity (branch office) Complete the following procedure to configure the remote identity.
VPN configuration 65 4 In the PreShared Key field, type a string of text which is the key that VPN uses to authenticate before receiving any other credentials. 5 Click Add. End Variable definitions The following table describes the variables and values for configuring VPN global settings. Variable Value Remote Identity Type The user identity type that uniquely identifies the peer.
VPN configuration 7 In the Traffic Selector box, in the Local Address field, enter the source IP address of outbound traffic. 8 In the Local Address Mask field, enter the local network mask of outbound traffic. 9 In the Remote Address field, enter the destination network address of outbound traffic. 10 In the Remote Address Mask field, enter the destination network mask of outbound traffic. 11 From the Protocol list, select Any.
VPN configuration 67 Variable Value Interface Name Select the name of the interface for which you want to apply the policy. Policy Status Select the status of the IPsec policy. Select ACTIVE to make the policy active. The policy becomes active after you press Apply. IPSec Gateway IP Address Specifies the Security remote endpoint address. All packets are secure up to this destination. Traffic Selector table Local Address Type the Source IP address of the outbound traffic.
VPN configuration Variable Value DH Group Select the required Diffie-Hellman (DH) group. DH key exchange is used to establish preshared keys. Select Group 1 – IKE uses a 768-bit Diffie- Hellman Prime modules group for performing the new Diffie-Hellman exchange. Select Group 2 – IKE uses a 1024-bit Diffie- Hellman Prime modules group for performing the new Diffie-Hellman exchange. Select Group 5 – IKE uses a 1536-bit Diffie- Hellman Prime modules group for performing the new Diffie-Hellman exchange.
VPN configuration 69 Variable Value Authentication Select the preferred authentication method. Select None to indicates no authentication method is required. Select HMAC-MAC5, the message authentication code is calculated using the MD5 cryptographic hash function. This cryptographic hash function has some additional security properties with a 128-bit hash value, which is commonly used to check the integrity of files.
VPN configuration Variable definitions The following table describes the variables and values for viewing the existing VPN policies. Variable Value VPN Status Select the VPN status. VPN status can be Enabled or Disabled.
QoS configuration This section describes the procedures to configure Quality of Service (QoS) for the Business Services Gateway (BSG) system. QoS provides different types and levels of service for network traffic. With QoS you can assign different priorities for different types of traffic and guarantee a certain level of performance. Prerequisites for QoS configuration • • • • You must have SYSTEM - READ WRITE permission to configure QoS. QoS Status must be enabled (it is enabled by default).
QoS configuration Figure 10 QoS configuration procedures QoS configuration navigation • • • • • • Configuring the uplink rate limit (page 72) Configuring a policy map (page 73) Configuring a class map (page 74) Configuring QoS marking (page 75) Configuring port-based QoS (page 76) Configuring queue settings (page 77) Configuring the uplink rate limit Complete this procedure to configure the uplink rate limit.
QoS configuration 73 Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, WAN, Uplink Rate Limit. The Rate Limit Configuration pane appears. 2 From the Rate Limit Status list, select Enabled. 3 In the Uplink Rate Limit field, type the uplink rate limit provided by your ISP. 4 Click Apply. End Variable definitions The following table describes the variables and values for configuring the uplink rate limit.
QoS configuration 6 In the CBS (Committed frame size (bytes)) field, type the Committed Burst Size value. 7 Click Add. End Variable definitions The following table describes the variables and values for configuring policy map settings. Variable Value Police ID Type the unique ID of the policer. PIR (bytes per second) Type the PIR key value in bytes per second. The default value is 3250000. CIR (bytes per second) Type the CIR key value in bytes per second. The default value is 3000000.
QoS configuration 11 In the Incoming DSCP field, type the incoming Differentiated Service Code Point (DSCP). 12 From the IP Interface list, select the required interface. 13 Click Add. 75 End Variable definitions The following table describes the variables and values for configuring class maps. Variable Value Class Map ID Type the Class Map identifier. The value ranges from 1 to 2147483647. Policy Map ID Type the Policy Map identifier. The value ranges from 1 to 2147483647.
QoS configuration Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, QoS, Marking tab. The Marking pane appears. 2 Select the class map you want to mark. 3 From the Outgoing Priority list, select the priority. 4 In the Value field, type the DSCP marking value. 5 Select the Marking check box. 6 Click Apply. End Variable definitions The following table describes the variables and values to configure markings. Variable Value Select Select a row.
QoS configuration 4 77 Click Apply. End Variable definitions The following table describes the variables and values for configuring port-based QoS. Variable Value Select Select a row. Port Displays the port number. Port Name Displays the port name. Priority0 Select the Traffic Class value for priority 0. The values ranges from 0 to7. Priority1 Select the Traffic Class value for priority 1. The values ranges from 0 to7. Priority2 Select the Traffic Class value for priority 2.
QoS configuration Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, QoS, Queue Settings tab. The Queue Configurations pane appears. 2 From the Port No list, select the port for which you want to configure QoS queue settings. 3 In the Select field, select the queue that you want to configure. 4 In the Green Threshold Min field, type the minimum green threshold value. 5 In the Green Threshold Max field, type the maximum green threshold value.
QoS configuration Variable Value Scheduler Weight Type the queue weight. The range for queues 3 to 7 is 1 to 65535. The default weights are: • queue 0 - 0 (cannot be changed) • queue 1 - 0 (cannot be changed) • queue 2 - 0 (cannot be changed) • queue 3 - 512 (cannot be set to 0) • queue 4 - 256 (cannot be set to 0) • queue 5 - 128 (cannot be set to 0) • queue 6 - 64 (cannot be set to 0) • queue 7 - 32 (cannot be set to 0) Queueing Strategy Displays the queueing strategy.
QoS configuration NN47928-500
Advanced configuration The remaining chapters of this document give a more detailed description of the variables and values on each panel of the user interface.
Advanced configuration NN47928-500
WAN advanced configuration This section describes configuration information for the wide area network (WAN) for the Business Services Gateway (BSG) system. Prerequisites for WAN advanced configuration • You must have SYSTEM - READ WRITE permission to access the WAN configuration panel.
WAN advanced configuration Variable Value MAC Cloning Select the MAC cloning status. Enable - the BSG uses the configured MAC address as the source of Ethernet frames instead of the MAC address of the BSG WAN port. Disable - disables MAC Cloning. You can enable MAC cloning only if the Encapsulation Mode is Ethernet. The default value is Disabled. MAC Address Type the MAC address, if the MAC cloning is enabled. IP Address Assignment Select the IP Address Assignment status.
WAN advanced configuration 85 Variable definitions The following table describes the variables and values for configuring the uplink rate limit. Variable Value Rate Limit Status Select the rate limit status: • Enabled - enables uplink rate limiting feature • Disabled - disables uplink rate limiting feature The default value is Disabled. Uplink Rate Limit Specifies the maximum uplink rate limit over the WAN interface (in bps). The range is 100,000 to 100,000,000 bps.
WAN advanced configuration Variable Value Renew Click this option button to renew the DHCP lease on the specified interface. This option is enabled only when ‘Dynamic’ option is selected in the IP Address Assignment field. Release Click this option button to release the DHCP lease on the specified interface. This option is enabled only when ‘Dynamic’ option is selected in the IP Address Assignment field.
WAN advanced configuration 87 DSL DSL appears under WAN configuration if you are connected to a BSG12aw. On the Digital Subscribe Line (DSL) pages you can configure and control the DSL modem that connects to the BSG. You can also configure the ATM parameters of the modem and access the DSL modem statistics. You must have access read/write permission to configure DSL.
WAN advanced configuration Variable Value QoS The required Quality of Service (QoS) parameter. Options: Constant Bit Rate (CBR)— reserves a constant amount of bandwidth. This service supports applications such as voice, video, and circuit emulation. CBR service class is designed for ATM virtual circuits (VC) that require a static amount of bandwidth that is continuously available for the duration of the active connection.
WAN advanced configuration 89 Variable definitions This table describes the variables that appear on the PPP Configuration page. Variable Value PPP Interface The PPP interface for which you need to configure the IP address. User Name The username for the specified PPP interface, used for authentication. Password The password for the specified PPP interface, used for authentication. WAN IP Address Displays the IP address of the WAN PPP interface.
WAN advanced configuration • • • • • Alarms Status (page 92) T1/E1 Channel Group Configuration (page 92) "PPP Configuration" (page 93) "IP Configuration" (page 94) "Multilink Configuration" (page 95) T1/E1 Configuration On the T1/E1 configuration page, you can configure Framing Type, Line Coding, Line Mode, Line Buildout, Line Length and Transmit Clock Source. To access this page, select Configuration, WAN, T1/E1.
WAN advanced configuration Variable Value Framing The Framing Type for the T1/E1 data line. Options for T1: Extended Super Frame (ESF)— 24 consecutive 193-bit frames of data. Super Frame (SF)—12 consecutive 193-bits of data. Unframed—the non signaling or unframed framing format is a simplified version of the T1 super frame. The default value is ESF. Options for E1: E1—a single E1 frame consists of 256 bits, grouped into 32 octets or time slots. The timeslots are numbered 0 to 31.
WAN advanced configuration Variable Value Line Length The Line Length value. Line Length refers to the length of the cable (in feet) that connects the devices on each end of a T1 line. Options: 0 - 133 134 - 266 267 - 399 400 - 533 534 - 655 The default value is 0 - 133. You can configure the line length only when the Line Mode is DSU. Transmit ClockSource The clock source. Options: LocalTiming—A local clock source is used or an external clock is attached to the box containing the interface.
WAN advanced configuration 93 To access this page, select Configuration, WAN, T1/E1, Channel Group tab. Variable definitions This table describes the variables that appear on the T1/E1 Channel Group Configuration page. Variable Value Interface The T1/E1 interface on which you create the channel group. Options: t1e1-1 t1e1-2 Channel Group Index The Channel Group Index. The range is 1to 64. Time Slot The time slots. The range is 1to 24 for T1 and 2 to 32 for E1.
WAN advanced configuration Variable Value Server/Client Select whether the Server or Client is required for authentication. This field is available only if authentication is required. Options: Server - to authenticate the peer at the time of negotiation. Client - to be authenticated by the peer router. User Name The User Name required for the Server or Client that requires authentication. This field is available only if authentication is required. Password The password for the specified user.
WAN advanced configuration Variable Value IP Address The IP address of the PPP/Multilink interface, if IP Address Assignment is Manual. Subnet Mask The Subnet Mask for the IP address, if IP Address Assignment is Manual. Peer IP Address The Peer IP address, if IP Address Assignment is Manual. Primary DNS Server The Primary DNS server IP address, if IP Address Assignment is Manual. Secondary DNS Server The Secondary DNS server IP address, if IP Address Assignment is Manual.
WAN advanced configuration Variable Value Link Type The multilink type. Options: Public—adds the default route for the multilink interface. Private—no default route is added for the multilink interface. The default value is Private. MTU The Maximum Transmission Unit. The default value is 1500.
LAN advanced configuration This section describes the advanced configuration to configure the local area network (LAN) for the Business Services Gateway (BSG). LAN advanced configuration navigation • • • Virtual interface configuration (page 97) Ethernet LAN configuration parameters (page 100) Wireless LAN configuration (page 101) Virtual interface configuration This section describes configuration of the virtual interface.
LAN advanced configuration Variable definitions The following table describes the variables and values for configuring virtual interface. Variable Value VLAN ID Type the VLAN identifier. IP Address Assignment Select the IP address assignment mode. Select Manual to manually assign the IP address. Select Dynamic for the System to assign the IP address for the specified VLAN from Dynamic Host Configuration Protocol server configured in BSG.
LAN advanced configuration 99 Variable definitions The following table describes the variables and values for renewing or releasing the lease. Variable Value Select Select the IP address to modify. Renew Enable Renew if you want to renew the DHCP lease for this interface. Renew is available only if IP Address Assignment is set to Dynamic. Release Enable Release if you want to release the DHCP lease for this interface. Release is available only if IP Address Assignment is set to Dynamic.
LAN advanced configuration Ethernet LAN configuration parameters The following table describes the parameters for configuration of the Ethernet LAN located at Configuration, LAN, Ethernet. Prerequisites • You must have SYSTEM - READ WRITE permission to access the Ethernet LAN configuration. Variable definitions The following table describes the variables and values for configuring the basic LAN settings. Variable Description LAN IP Address Mode Select the IP address mode.
LAN advanced configuration 101 Wireless LAN configuration This section describes WLAN configuration information. Prerequisites for LAN configuration • You must have WIRELESS - READ WRITE permission to access this information.
LAN advanced configuration WLAN settings configuration parameters The following table describes the parameters for configuration of WLAN settings located at Configuration, LAN, Wireless, Basic Settings tab. Variable definitions The following table describes the variables and values for configuring the basic WLAN settings. Variable Value Access Point The Access Point represents the status of radio in the BSG. Select Enabled to activate the radio. Select Disabled to deactivate the radio.
LAN advanced configuration 103 Variable Value VLAN Identifier Type the VLAN ID to which SSID users belong. Access points use this VLAN ID to tag the packets from the specified users of the given SSID. Status When you configure an SSID, this field appears in the new row. It specifies the activation status of the WLAN SSID. The configured SSID is added with a default status of Enabled. When Enabled, the radio starts sending beacons for the SSID and allows clients to connect to it.
LAN advanced configuration Variable Value Fragment Length Type the fragmentation length. The value ranges from 256 to 2346. The default value is 2346. RTS Threshold Type the Request To Send threshold. The value ranges from 0 to 2347. The default value is 2347. Maximum Associated Client Type the maximum associated client value. The range is 0 to 63. The default value is 63. Protection Mode Specifies the Protection mode.
LAN advanced configuration 105 WLAN security configuration parameters The following section describes the parameters for advanced configuration of the WLAN radio located at Configuration, LAN, Wireless, Security tab. Variable definitions The following table describes the variables and values for configuring the WLAN security settings. Variable Value SSID Type the required SSID for which you want to configure security settings. Broadcast SSID Specifies the broadcast SSID status.
LAN advanced configuration Variable Value Cipher Suite Specifies the required pairwise cipher and is used for data encryption. It consists of an organizationally unique identifier (OUI) (the first 3 octets) and a cipher suite identifier (the last octet). Select one of the following options: • AES-CCMP • TKIP • WEP • AES-CCMP-TKIP • AES-CCMP-WEP • TKIP-WEP • AES-CCMP-TKIP-WEP. This field is used in conjunction with the Authentication Type.
LAN advanced configuration 107 Variable definitions The following table describes the variables and values for configuring the WEP settings for WLAN. Variable Value SSID Select the SSID you require to configure WEP settings. Key Index The key used for data encryption. Options: 1 2 3 4 If you want to assign the selected key index as the default value, you must select the Set this as default WEP key.
LAN advanced configuration Variable definitions The following table describes the variables and variables for configuring wireless multimedia. Variable Value WMM Status Specifies the Wireless Multimedia (WMM) status. Select Disabled to disable Quality of Service (QoS). Select Supported or Required to enable QoS. The default is Disabled. Acknowledge Policy AC0 (Best Effort) Select the status of AC0 as either Acknowledge or No Acknowledge. The default value is Acknowledge.
LAN advanced configuration Variable Value AIFSN The arbitrary inter frame sequence. The range is 1 to 15. The default values for AC0 through AC3 are 3, 7, 1, and 1. TXOP Limit The transmission opportunity of the AP in the radio. The range is 0 to 65535. The default values for AC0 through AC3 are 0, 0, 94, and 47. Admission Control The status of admission of WMM parameters. Options: Enabled Disabled The default value for AC0 through AC3 is Disabled.
LAN advanced configuration NN47928-500
VLAN advanced configuration This section describes configuration information for the virtual local Area Network (VLAN) for the Business Service Gateway (BSG). Prerequisites for VLAN advanced configuration • You must have L2 - READ WRITE permission to access VLAN configuration.
VLAN advanced configuration Variable definitions The following table describes the variables and values for configuring the basic VLAN settings. Variable Value Dynamic VLAN Learning Specifies the Dynamic VLAN learning status. Select Enable to enable the global GARP VLAN Registration Protocol (GVRP) status. Select Disable to disable the global GVRP status. If the status is disabled, then the GVRP is disabled for the current port. The default value is Enable.
VLAN advanced configuration 113 Variable Value Tunnel Status Specifies the tunnel status. Select Enable – the data packets received on the port are tunneled. Select Disable – the data packets received on the port are handled normally. The default value is Disable. To enable 802.1x tunneling on a port, 802.1x (PNAC) Port Control must be set to ForceAuthorized. See Basic port settings configuration parameters (page 197).
VLAN advanced configuration Dynamic VLAN configuration parameters The following section describes the parameters for configuration of the dynamic VLAN located at Configuration, VLAN setup, Dynamic VLAN tab. Prerequisites • Dynamic VLAN learning can take place only when the GVRP status of the port is enabled. Variable definitions The following table describes the variables and values for configuring dynamic VLAN settings. Variable Value Select Select a row. Port Displays the port number.
VLAN advanced configuration 115 Variable definitions The following table describes the variables and values for configuring the VLAN protocol group settings. Variable Value Frame Type Frame Type refers to the encapsulation format. Select the frame type for the protocol group. Select one of the following options: • Ethernet • RFC 1042 • SNAP 802.1H • SNAP Other • LLV Other The default value is Ethernet. Protocol Value Specifies the protocol value.
VLAN advanced configuration VLAN database display parameters The VLAN database displays information for a VLAN that is either configured in the device or dynamically created as a result of GVRP requests. The following section describes the display parameters for the current VLAN database located at Configuration, VLAN setup, VLAN Database tab. Variable definitions The following table describes the values and variable displayed on the VLAN database panel.
VLAN advanced configuration 117 VLAN STP configuration Spanning Tree Protocol (STP) is a link management protocol. It provides path redundancy while preventing undesirable loops in the network created by multiple active paths between stations. STP basic settings configuration parameters The following section describes the configuration parameters for the STP basic settings located at Configuration, Spanning Tree, Basic Settings tab.
VLAN advanced configuration MSTP configuration MSTP isolates link fluctuations on a particular VLAN segment and provides load balancing. Spanning tree to VLAN mapping can be configured on a per VLAN basis or multiple VLANs can be mapped to the same spanning tree. Prerequisites to MSTP configuration • You must disable RSTP and enable MSTP before configuring MSTP. See “STP basic settings configuration parameters” on page 117.
VLAN advanced configuration 119 Variable Value Default Path Cost Specifies the default path cost version used to configure the path cost as a 16-bit value or a 32-bit value. Select one of the following options: • 16 Bit – uses the 16-bit path cost from IEEE standard 802.1D 1998. The maximum value of the path cost of any port in the spanning tree is 65535. • 32 Bit – uses the 32-bit path cost from IEEE standard 802.1t 1998. The maximum value of the path cost of any port in the spanning tree is 200000.
VLAN advanced configuration Variable Value Admin Status Specifies the administrative status of the port. Select Enabled to enable the admin status of the port. Select Disabled to disable the admin status of the port. Set the admin status of the port to override the status of the port in any of the MSTI contexts. The default value is Enabled. Priority Type the port priority value. Priority refers to the 4 most significant bits of the port identifier. The value ranges from 0 to 240.
VLAN advanced configuration 121 The following section describes the parameters for configuration of MSTP VLAN mapping located at Configuration, Spanning Tree, MSTP, VLAN Mapping tab. Variable definitions The following table describes the variables and values for configuring the VLAN mapping for MSTP. Variable Value MSTP Instance ID Type the MSTP Instance ID. The Common Instance Spanning Tree (CIST) is generated by default and has instance ID number 0. The allowable values range from 1 to 16.
VLAN advanced configuration CIST port status display parameters The following section describes the display parameters for the CIST port status located at Configuration, Spanning Tree, MSTP, CIST Port Status tab. Variable definitions The following table describes the variables and values displayed on the MSTP CIST Port Status panel. Variable Value Port Displays the port number. Port Name Displays the port name.
VLAN advanced configuration 123 RSTP configuration navigation • • • • RSTP basic settings configuration parameters (page 123) RSTP timers configuration parameters (page 124) RSTP port settings configuration parameters (page 124) RSTP port status display parameters (page 125) RSTP basic settings configuration parameters The following section describes the configuration parameters for the RSTP basic settings located at Configuration, Spanning Tree, RSTP, Basic Settings tab.
VLAN advanced configuration RSTP timers configuration parameters The following section describes the configuration parameters for the RSTP timers located at Configuration, Spanning Tree, RSTP, Timers tab. Attention: To set the Maximum Age and Forward Delay Parameters, satisfy the following relation: Attention 2 * (Forward Delay - 1.0) >= Max Age To set the Hello Time and Maximum Age parameters, satisfy the following relation: Max Age >= 2 * (Hello Time + 1.
VLAN advanced configuration RSTP Status Specifies the RSTP protocol status. Select Enabled to enable the Spanning Tree on the selected port. Select Disabled to disable the Spanning Tree on the selected port. The port is set to forwarding directly at the hardware level. Priority Type the port priority value used in role selection. 125 Path Cost Type the path cost associated with the port. Protocol Migration Select this check box if you want to enable protocol migration.
VLAN advanced configuration Port Name Displays the name of the Port. Designated Root Displays the unique bridge identifier of the bridge recorded as the Root for the segment to which the port is attached. Designated Cost Displays the path cost of the designated port of the segment connected to this port.
IP routing advanced configuration This section describes how to configure routing protocols such as Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Route Redistribution (RRD), and Virtual Router Redundancy Protocol (VRRP) for the Business Service Gateway (BSG). Prerequisites to IP routing advanced configuration • You must have L3 - READ WRITE permission to access IP routing configuration.
IP routing advanced configuration Static ARP configuration parameters The following section describes the parameters for configuration of static ARP located at Configuration, IP Routing, Static ARP. Variable definitions The following table describes the variables and values for configuring Static ARP. Variable Value IP Address Type the IP address of the host whose MAC address is statically configured in the ARP cache. MAC Address Type the MAC address of the host.
IP routing advanced configuration 129 Static routes configuration parameters The following section describes the parameters for configuration of static routes located at Configuration, IP Routing, Static Routes. Variable definitions The following table describes the variables and values for adding static routes. Variable Value Destination Network Type the network address of the route. Subnet Mask Type the subnet mask for the Destination Network address.
IP routing advanced configuration RIP configuration RIP manages router information within a self-contained network such as a corporate local area network (LAN) or an interconnected group of LANs.
IP routing advanced configuration 131 Variable Value Retry Count Type the retry count value to update request and update response packet. The value ranges between 10 and 40. The default value is 36. Default Metric Type the default metric value to set the metric for redistributing routes. The value ranges between 1 and 16. The default value is 1. Adding a RIP interface Complete this procedure to add a RIP interface.
IP routing advanced configuration Variable Value RIP Status The admin status of the RIP interface. Select one of the following options: • Enabled - activates the RIP2 process. • Disabled - disables the RIP2 process. • Passive - the RIP2 process runs as a passive process. Split Horizon The operational status of Split Horizon.
IP routing advanced configuration 133 Prerequisites to adding a RIP neighbor setting • To configure Neighbor IP address, you must enable Neighbor Filter (see RIP basic settings configuration parameters (page 130)). Variable definitions The following table describes the variable and value for adding a RIP neighbor setting. Variable Value IP Address Type the IP address of the neighbor router to which the unicast update is sent.
IP routing advanced configuration OSPF configuration The Open Shortest Path First (OSPF) protocol is a link state Interior Gateway Protocol (IGP) used to distribute routing information within a single autonomous system. If a host using OSPF detects a change in the routing table or in the network, it immediately multicasts the change to all other hosts in the network so that all hosts have the same routing table information.
IP routing advanced configuration 135 Variable Value Autonomous System Border Router Specifies the Autonomous System Border Router. Select Yes to configure the router as an Autonomous System Border Router. If you select No, the router is not configured as an Autonomous System Border Router. The default value is No. RFC 1583 Compatibility Specifies the Request for Comments (RFC) 1583 compatibility for choosing the route among multiple Autonomous Systems (AS) for the same destination.
IP routing advanced configuration Variable definitions The following table describes the variables and values for adding an OSPF area. Variable Value Area ID Type the area identifier. The area ID in OSPF has the same format as an IP address but defines a summarization point for Link State Advertisements (LSAs). You may configure up to five areas. Type Select the area type for the specified area ID. Select one of the following options: • Normal – Configures the area type as Normal.
IP routing advanced configuration 137 Variable Value Priority Type the priority. This is used in the designated router (DR) election algorithm. The value ranges between 0 and 255. The value 0 signifies that the router is not eligible to become the designated router on a particular network. Passive Status Select the Passive Status to either Enable or Disable. Authentication Type Specifies the authentication type. Select one of the following options: • None – indicates authentication is not required.
IP routing advanced configuration Variable definitions The following table describes the variables and values for adding an OSPF virtual interface. Variable Value Transit Area ID Select the transit area ID. This is a list of previously configured OSPF interfaces (see OSPF area configuration parameters (page 135)). Neighbor Router ID Type the router ID of the virtual neighbor. Authentication Type Specifies the authentication type for an interface.
IP routing advanced configuration Gateway Displays the gateway of the OSPF router. Type Displays the OSPF router type. Area ID Displays the area ID of the OSPF router Cost Displays the cost of the OSPF router. Type 2 Cost Displays the type 2 cost of the OSPF router. Interface Displays the interface ID of the OSPF interface.
IP routing advanced configuration RRD configuration Route Redistribution (RRD) allows different routing protocols to exchange routing information.
IP routing advanced configuration 141 Default Metric Type the default metric value of the router. The default value is 3. Import Select a route from the following options: • Direct routes — Direct Routes are populated in the RIP routing database. • Static routes — Static routes are populated in the RIP routing database. • OSPF routes — OSPF routes are populated in the RIP routing database. • BGP routes — BGP routes are populated in the RIP routing database.
IP routing advanced configuration VRRP configuration With VRRP, you can configure several routers on a multi-access link using the same virtual IP address. VRRP configuration navigation • • VRRP basic settings configuration parameters (page 142) VRRP settings configuration parameters (page 142) VRRP basic settings configuration parameters The following section describes the parameters for configuration of the VRRP basic settings located at Configuration, IP Routing, VRRP, Basic Settings tab.
IP routing advanced configuration 143 Variable Value Primary IP Address Type the primary IP address for the virtual router. When the virtual router transitions from backup state to master state and in case more than one IP address exists for a given interface index, the primary IP address specifies the real IP address of the master router (the IP address that is listed as the source in the VRRP advertisement last received). If the primary IP address is set to 0.0.0.
IP routing advanced configuration NN47928-500
DHCP advanced configuration This section describes the advanced configuration for Dynamic Host Configuration Protocol (DHCP) server and the relay settings for Business Service Gateway (BSG). Prerequisites for DHCP advanced configuration • You must have SYSTEM - READ WRITE permission to access DHCP configuration.
DHCP advanced configuration DHCP server configuration The following sections provide configuration information for the DHCP server.
DHCP advanced configuration 147 DHCP global options configuration parameters DHCP global options provide a framework for passing configuration information to hosts on a TCP/IP network. The following section describes the parameters for configuration of DHCP global options located at Configuration, DHCP, DHCP Server, Global Options tab. Variable definitions The following table describes the variables and values for configuring DHCP global options settings. Variable Value Option The DHCP option.
DHCP advanced configuration Variable Value Network Mask Type the subnet mask of the IP address in the pool. The default value is 255.255.255.0. Start IP Address Type the first IP address in the pool. The DHCP server uses this IP address for dynamic allocation. End IP Address Type the last IP address in the pool. Lease Time Type the time interval for which the IP address is valid. The default least time is 1 hour. Utilization Threshold Enter the DHCP pool utilization threshold value.
DHCP advanced configuration Variable Value Option Code For the Enter option code manually option, you must enter the code. For all other options, this field is automatically updated. Value Type the option value. 149 DHCP host option configuration parameters The following section describes the parameters for configuration of DHCP host options located at Configuration, DHCP, DHCP Server, Host Options tab.
DHCP advanced configuration Variable definitions The following table describes the variables and values for configuring DHCP host IP settings. Variable Value Host MAC Address Type the MAC address of the host. Pool Name Select the pool name. Host IP Type the IP address of the host. Identifier Type the IP address of the identifier. The identifier is a string of maximum length 63.
DHCP advanced configuration 151 DHCP relay settings configuration parameters The following section describes the parameters for configuration of DHCP relay settings located at Configuration, DHCP, DHCP Relay. Variable definitions The following table describes the variables and values for configuring DHCP relay settings. Variable Value Service DHCP-Relay Select the Service DHCP-Relay status. Select Enabled to activate the relay agent. Select Disabled to deactivate the relay agent.
DHCP advanced configuration NN47928-500
Multicast advanced configuration Multicast is a technique for delivering a message to multiple recipients. This section describes advanced configuration for Dynamic Multicast (GMRP) and Internet Group Management Protocol (IGMP) snooping. Prerequisites for multicast advanced configuration • You must have L2 - READ WRITE permission to access multicast configuration.
Multicast advanced configuration IGMP snooping configuration A host uses IGMP to inform a router when it joins or leaves an Internet Multicast group. IGMP snooping allows the switch to “listen in” on the IGMP conversation between hosts and routers by processing the layer 3 IGMP packets sent in a multicast network. When IGMP snooping is enabled on the BSG, it analyses all the IGMP packets between hosts connected to the BSG and multicast routers in the network.
Multicast advanced configuration 155 Variable definitions The following table describes the variables and values for configuring IGMP basic settings. Variable Value IGMP Snooping Status Select the global status of IGMP Snooping in the router. Select Enable to enable IGMP Snooping in all the existing VLAN interfaces. Select Disable to disable IGMP Snooping in all the existing VLAN interfaces. The default value is Disabled. Proxy Reporting Select the Proxy Reporting status in the router.
Multicast advanced configuration Variable definitions The following table describes the variables and values for configuring IGMP snooping timer. Variable Value Router Port Purge Interval (secs) Type the time interval for which the learnt router port is purged. For each learnt router port, the timer runs for the configured port purge time interval. When the timer expires, the learnt router port entry is purged.
Multicast advanced configuration 157 Variable definitions The following table describes the variables and values for configuring the IGMP snooping interface. Variable Value VLAN ID Select the VLAN ID on which IGMP snooping is configured. IGMP Snooping Status Select the IGMP Snooping Status for the VLAN ID. Select Enabled to enable the switch to watch for IGMP messages from the host connected on the interface and build the software.
Multicast advanced configuration Variable definitions The following table describes the variables and values displayed on the IGS VLAN Router Ports dialog box. Variable Value VLAN ID Displays the VLAN ID. Port List Displays the ports on which routers are connected for the VLAN ID.
QoS advanced configuration Quality of Service (QoS) is an architecture for providing different levels of service for network traffic. This section describes the advanced configuration for QoS for Business Service Gateway (BSG). Prerequisites for QoS advanced configuration • You must have SYSTEM - READ WRITE permission to access QoS configuration.
QoS advanced configuration Variable definitions The following table describes the variables and values for configuring policy map settings. Variable Value Police ID Type the unique ID of the policer. PoliceType Select the supported police type. The only supported police algorithm is TRTCM. TRTCM indicates Two Rates Three Color Marker. This meters an IP packet stream and marks the packets based on two rates: Peak Information Rate (PIR) and Committed Information Rate (CIR).
QoS advanced configuration 161 Variable Value Destination Subnet Mask Type the destination subnet mask address for the destination IP address. Protocol Select the protocol ID to identify the packet flow. Select one of the following options: • Any – both TCP or UDP packets are classified using the class map. • TCP – only TCP packets are classified using the class map. • UDP – only UDP packets are classified using the class map. Source Port Type the source port. The value ranges from 1 to 65535.
QoS advanced configuration Variable definitions The following table describes the variables and values for configuring port based QoS. Variable Value Select Select the port you want to configure. Port Displays the port number. Port Name Displays the port name. Priority0 Select the Traffic Class value for priority 0. The value ranges from 0 to 7. Priority1 Select the Traffic Class value for priority 1. The value ranges from 0 to 7. Priority2 Select the Traffic Class value for priority 2.
QoS advanced configuration Variable Value Queue Displays the queue number. Green Threshold Min Type the minimum Green Threshold value. Green packets start to drop at the configured minimum depth. The default value is 100. Green Threshold Max Type the maximum Green Threshold value. All green packets are dropped at the configured maximum depth. The default value is 200. Amber Threshold Min Type the minimum Amber Threshold value. Amber packets start to drop at the configured minimum depth.
QoS advanced configuration NN47928-500
VPN advanced configuration This section describes advanced configuration for the Virtual Private Network (VPN) for the Business Services Gateway (BSG). VPN offers secure, encrypted communication between the local network and the remote network. Prerequisites for VPN advanced configuration • You must have VPN - READ WRITE permission to access VPN configuration.
VPN advanced configuration Variable definitions The following table describes the variables and values for configuring VPN global settings. Variable Value Remote Identity Type The user identity type that uniquely identifies the peer.
VPN advanced configuration 167 Variable definitions The following table describes the variables and values for configuring VPN IP security. Variable Value Policy Action Select this check box to create a policy action. Policy Name Type the IPsec policy name. Each policy must have a unique name. Existing Policies Select an existing policy for the IPsec policy. Interface Name Select the name of the interface for which you want to apply the policy.
VPN advanced configuration Variable Value Authentication Key Type the IPSec Authentication Key. IPSec Encryption Select the IPSec Encryption. Select one of the following options: • Data Encryption Standard (DES) – is a standard for encrypting data that uses a 64 bit key to encrypt data, but only 56 bits are usable. This standard is considered inadequate for data protection as this standard do not match the speed of computer.
VPN advanced configuration 169 Variable Value IPSec Gateway IP Address Specifies the Security remote endpoint address. All packets are secure up to this destination. Traffic Selector table Local Address Type the Source IP address of the outbound traffic. Local Address Mask Type the Network mask of the outbound traffic. Remote Address Type the Destination IP address of the outbound traffic. Remote Address Mask Type the Destination mask of the outbound traffic.
VPN advanced configuration Variable Value DH Group Select the required Diffie-Hellman (DH) group. DH key exchange is used to establish preshared keys. Select Group 1 – IKE uses a 768-bit Diffie- Hellman Prime modules group for performing the new Diffie-Hellman exchange. Select Group 2 – IKE uses a 1024-bit Diffie- Hellman Prime modules group for performing the new Diffie-Hellman exchange.
VPN advanced configuration 171 Variable Value Authentication Select the preferred authentication method. Select None to indicates no authentication method is required. Select HMAC-MAC5, the message authentication code is calculated using the MD5 cryptographic hash function. This cryptographic hash function has some additional security properties with a 128-bit hash value, which is commonly used to check the integrity of files.
VPN advanced configuration Variable definitions The following table describes the variables and values for configuring the user database. Variable Value User Name Type the user name. The range is 1 to 31 characters. Password Type the password for the user. The range is 1 to 31 characters. IP address pool configuration parameters The following section describes the parameters for the configuration of the IP address pool located at Configuration, VPN, Users, Address Pool tab.
VPN advanced configuration Variable Value Existing Policies Select an existing policy for the IPsec policy. Interface Name Select the WAN interface for which you want to apply the policy. Policy Status Select the status of the IPsec policy. Select INACTIVE to disable the policy on the specified interface. Select ACTIVE to enable the policy on the specified interface. The default is INACTIVE. Policy Type Select the policy type.
VPN advanced configuration Variable Value Peer Identity Type/Value Select the identity type to access the remote network. Select one of the following: • IPV4 - IP address • FQDN - Fully Qualified Domain Name • EMAIL - email address of the user • KEYID - uniquely identifies the peer Select the associated value from the list. The list contains the Remote Identity values added on VPN Global Settings. Local Identity Type/Value Select the identity type to access the local network.
VPN advanced configuration 175 Variable Value Encryption Select the IPSec Encryption. Select one of the following options: • null - traffic is not encrypted. • Data Encryption Standard (DES) – a standard for encrypting data that uses a 64 bit key to encrypt data, but only 56 bits are used. This standard is considered inadequate for data protection. • Triple Data Encryption Standard (3DES) – processes each block of data using a different key each time, resulting in a significantly more secure message.
VPN advanced configuration NN47928-500
SIP advanced configuration This section describes the advanced configuration of the Session Initiation Protocol (SIP) server for Business Service Gateway (BSG). SIP is responsible for routing calls between endpoints and for NAT ALG translation. Prerequisites to SIP advanced configuration • • • • You must configure the Wide Area Network (WAN) before you configure SIP. You must ensure that the WAN interface can ping the SIP server.
SIP advanced configuration SIP server management configuration parameters The following section describes the parameters for configuration of the virtual interface located at Configuration, SIP, Internal Server tab. Variable definitions The following table describes the variables and values displayed and configured on the SIP Server Management dialog box. Variable Value Status Displays the status of the SIP server. The default value is Enabled.
SIP advanced configuration 179 SIP system configuration This section provides configuration information for SIP server system configuration.
SIP advanced configuration Variable Value Poll Retries Type the poll retry value. The value ranges from 1 to 10. The default value is 2. Central SIP Server via Address(es) Displays the central SIP server via address or addresses. You can enter aliases for the Central SIP Server address. Separate each address with a comma.
SIP advanced configuration 181 Variable definitions The following table describes the variables and values for configuring SIP CDR settings. Variable Value CDR Generation Select the CDR generation status. Select Enable to enable logging of CDR information in the CDR directory. Select Disable to disable logging of CDR information in the CDR directory. The default value is Disable. TFTP server address Type the TFTP server address. Directory Path Type the directory path.
SIP advanced configuration SIP protocol configuration This section provides configuration information for the SIP protocol.
SIP advanced configuration Variable Value TCP Port Type the port number used for TCP. The value ranges from 1024 to 65535. TLS Select this check box to configure TLS. TLS Port Type the port number used for TLS. The value ranges from 1 to 65535. 183 Registrar settings configuration parameters A registrar is a server that accepts register requests. A registrar is typically co-located with a proxy or redirect server.
SIP advanced configuration Variable Value Allow Dynamic Subscriber Addition Select the Dynamic Subscriber Addition status. Select one of the following: • Enable – Registration database and the Subscriber database are updated automatically with the subscriber information when a register comes from a SIP endpoint. • Select Disable – When a subscriber makes a call, the subscriber information has to be added to the subscriber database.
SIP advanced configuration 185 Timers configuration parameters The following section describes the parameters for the configuration of the SIP timers located at Configuration, SIP, SIP Protocol, Timers tab. Variable definitions The following table describes the variables and values for configuring timer settings. Variable Value Session Timers Range Validations Select the range validation status. Select Enable to enable session timer. Select Disable to disable session timer.
SIP advanced configuration Variable Value Timer H Type the timer H value (in milliseconds). The values ranges from 1 to 2147483647. The default value is 32000 ms. Timer I Type the timer I value (in milliseconds). The value ranges from 1 to 2147483647. The default value is 5000 for UDP. Timer J Type the timer J value (in milliseconds). The value ranges from 1 to 2147483647. The default value is 32000 for UDP. Timer K Type the timer K value in (milliseconds).
SIP advanced configuration 187 Routing rules configuration This section provides configuration information for the SIP routing rules.
SIP advanced configuration Variable definitions The following table describes the variables and values for adding routing rules. Variable Value Mode of Dialplan Select the dial plan mode. Select one of the following options: • Normal Mode Outgoing – creates a dial plan that is applicable in Normal Mode. • Backup Mode – creates a dial plan that is applicable in Backup Mode. Condition Select the condition. Select one of the following options: • All - All conditions.
SIP advanced configuration 189 Variable definitions The following table describes the variables and values for configuring an advanced dial plan. Variable Value Use Web UI Dial Plan Configuration Select this option button to enable and use the Web UI Dial Plan Configuration. If you select this check box, Custom Dial Plan Scripts is disabled. This is selected by default. Use Custom Dial Plan Scripts Select this option button to enable and use the Custom Dial Plan Scripts.
SIP advanced configuration Provisioning users configuration parameters The following section describes the parameters for the configuration of SIP users located at Configuration, SIP, User Provisioning tab. Variable definitions The following table describes the variables and values for configuring subscriber information. Variable Value User Name Type the subscriber name. The maximum number of characters is 100. Domain Type the domain name of the subscriber.
SIP advanced configuration 191 FXO/FXS configuration This section provides configuration information for Foreign Exchange Office (FXO)/Foreign Exchange Subscriber (FXS) for BSG.
SIP advanced configuration Variable Value Digital Dial Timeout Type the digital dial timeout for VoIP when the pound (#) key is not pressed. The value ranges from 500 to 10000. The default value is 5000 milliseconds. NAT Traversal The default value is Disabled. STUN Server IP Type the Simple Traversal of UDP through NATs (STUN) server IP address. You can configure this IP address only when the NAT Traversal status is enabled.
SIP advanced configuration 193 Codec Displays the default codec used by all the channels in the system. One of the following value is displayed: • G.711u • G.711a • G.723 • G.726 • G.729 Preference Select the preference for the corresponding codec entry. Options are 1, 2, 3, 4, and 5. The following are the default values for the various indices: • G.711u - 1 • G.711a - 2 • G.723 - 3 • G.726 - 4 • G.729 - 5 Frame Size The Frame Size for the corresponding Codec Entry. For code G.
SIP advanced configuration Variable definitions The following table describes the variables and values for configuring FXS information. Variable Value FXS Channel Select the required FXS channel. Select one of the following options: • Line1 • Line2 Channel Enable Select this check box to enable the administrative status of the FXS channel. The default value is disabled. Channel Number Type the FXS channel number. The maximum length of the channel number is 31 digits.
SIP advanced configuration G.723 Preference Select the G.723 Preference. G.726 Frame Size Select the G.726 Frame Size. G.726 Preference Select the G.726 Preference. G.729 Frame Size Select the G.729 Frame Size. G.729 Preference Select the G.729 Preference. 195 FXO information configuration parameters The following section describes the parameters for the configuration of the FXO information located at Configuration, SIP, FXO/FXS, FXO tab.
SIP advanced configuration Procedure steps Step Action 1 From the BSG navigation pane, select Configuration, SIP, FXO/FXS, Reboot VoIP tab. The VoIP Reboot dialog box appears. 2 Click Reboot VoIP to reboot VoIP. NAT ALG display parameters The following section describes the display parameters on the NAT ALG panel located at Configuration, SIP, NAT ALG tab. Variable definitions The following table describes the variables and values for configuring NAT ALG information.
Port management advanced configuration This section describes the configuration for Ethernet ports for Business Service Gateway (BSG). • The following table describes the variables and values for configuring Ethernet port control. (page 198) Prerequisites for port management advanced configuration • You must have SYSTEM - READ WRITE permission to access port management configuration. Ethernet ports configuration The following section describes configuration of Ethernet ports.
Port management advanced configuration Variable Value Network Type This field is available only when Port Status is Down and Port Type is Router Port. Select the network type. Select LAN or WAN. Default User Priority Select the default user priority. The value ranges from 0 to 7. The default value is 0. Jumbo Frame Support This field is available only when Port Status is Down. The Maximum Transmittable Unit (MTU) of a FE Port is limited to 9000.
Port management advanced configuration Variable Value Speed Select the speed of the port. Select one of the following options: • 10 Mbps - port speed is 10Mb/s • 100 Mbps - port speed is 100Mb/s • 1Gbps - port speed is 1Gb/s. Flow Control Select the flow control status. Select one of the following options: • Disabled – flow control is turned off. • Transmit – flow control is sent to a remote device. • Receive – flow control is received from a remote device.
Port management advanced configuration NN47928-500