Manual Funkwerk Enterprise Communications GmbH Manual bintec WLAN and Industrial WLAN Reference Copyright© Version 9.
Manual Funkwerk Enterprise Communications GmbH Legal Notice Aim and purpose This document is part of the user manual for the installation and configuration of funkwerk devices. For the latest information and notes on the current software release, please also read our release notes, particularly if you are updating your software to a higher release version. You will find the latest release notes under www.funkwerk-ec.com . Liability This manual has been put together with the greatest possible care.
Table of Contents Funkwerk Enterprise Communications GmbH Table of Contents Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Chapter 2 About this guide. . . . . . . . . . . . . . . . . . . . . . . . . 3 Chapter 3 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1 Setting up and connecting . . . . . . . . . . . . . . . . . . . . . . 3.2 Cleaning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.3 Support information . . . . . . .
Table of Contents ii Funkwerk Enterprise Communications GmbH Chapter 6 Technical data . . . . . . . . . . . . . . . . . . . . . . . . 28 6.1 Scope of supply . . . . . . . . . . . . . . . . . . . . . . . . . 28 6.2 General Product Features . . . . . . . . . . . . . . . . . . . . . 30 6.3 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 6.4 Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 6.5 Antenna connectors for industrial WLAN devices with 802.
Funkwerk Enterprise Communications GmbH Table of Contents Chapter 9 System Management . . . . . . . . . . . . . . . . . . . . . 75 9.1 Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 9.2 Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 78 9.2.1 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 9.2.2 Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 9.2.3 Date and Time . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents iv Funkwerk Enterprise Communications GmbH 10.3.1 Relay Configuration . . . . . . . . . . . . . . . . . . . . . . . . 131 Chapter 11 LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.1 IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 132 11.1.1 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 11.2 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 11.2.1 VLANs . . . . . . . . . . . . . . . . . . . . . .
Funkwerk Enterprise Communications GmbH Table of Contents 13.3.1 Slave Access Points . . . . . . . . . . . . . . . . . . . . . . . 187 13.3.2 Radio Modules . . . . . . . . . . . . . . . . . . . . . . . . . . 189 13.3.3 Radio Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . 192 13.3.4 Wireless Networks (VSS) . . . . . . . . . . . . . . . . . . . . . 199 13.4 Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 13.4.1 Active Clients . . . . . . . . . . . . . . . . .
Table of Contents vi Funkwerk Enterprise Communications GmbH 14.6.3 QoS Interfaces/Policies . . . . . . . . . . . . . . . . . . . . . . 246 Chapter 15 WAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15.1 Internet + Dialup . . . . . . . . . . . . . . . . . . . . . . . . . 253 15.1.1 PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 15.1.2 PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 15.1.3 IP Pools . . . . . . . . . . . . . . . . . . . . .
Funkwerk Enterprise Communications GmbH Table of Contents 17.2 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 17.2.1 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 17.3 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 17.3.1 Address List . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 17.3.2 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 17.4 Services . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents viii Funkwerk Enterprise Communications GmbH 18.6.1 Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 18.6.2 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 18.6.3 Temperature . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 18.6.4 Ping Generator . . . . . . . . . . . . . . . . . . . . . . . . . . 354 18.7 Funkwerk Discovery . . . . . . . . . . . . . . . . . . . . . . . 355 18.7.1 Device Discovery . . . . . . . . . . . . . .
Funkwerk Enterprise Communications GmbH Table of Contents 20.4 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 20.4.1 SNMP Trap Options. . . . . . . . . . . . . . . . . . . . . . . . 384 20.4.2 SNMP Trap Hosts . . . . . . . . . . . . . . . . . . . . . . . . 385 20.5 Activity Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . 386 20.5.1 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 Chapter 21 Monitoring . . . . . . . . . . . . . . . . . . . .
Table of Contents x Funkwerk Enterprise Communications GmbH bintec WLAN and Industrial WLAN
1 Introduction Funkwerk Enterprise Communications GmbH Chapter 1 Introduction The new generation access points are manufactured in an environmentally friendly way and meet the RoHS directive. They support the latest WLAN technology and are designed for use particularly in the professional environment. Safety notices The safety precautions brochure, which is supplied with your device, tells you what you need to take into consideration when using your access point.
1 Introduction Funkwerk Enterprise Communications GmbH The devices are designed for use with WiLMA. WiLMA, the WLAN management solution from Funkwerk, offers a software application in a client/server architecture that allows you to centrally monitor, control and maintain all Funkwerk access points in medium and large wireless LANs. Dime Manager The devices are also designed for use with Dime Manager. The Dime Manager management tool can locate your bintec devices within the network quickly and easily.
2 About this guide Funkwerk Enterprise Communications GmbH Chapter 2 About this guide This document is valid for bintec devices with system software as of software version 7.9.5. The guide, which you have in front of you, contains the following chapters: User's Guide - Reference Chapter Description Introduction You see an overview of the the device: About this guide We explain the various components of this manual and how to use it.
2 About this guide Funkwerk Enterprise Communications GmbH Chapter Description Local Services Maintenance External Reporting Monitoring Glossary The glossary contains a reference to the most important technical terms used in network technology. Index The index lists all the key terms for operating the device and all the configuration options and gives page numbers so they can be found easily.
2 About this guide Funkwerk Enterprise Communications GmbH Typographical element Use bold, e.g. Windows Start menu Indicates keys, key combinations and Windows terms. bold, e.g. Licence Key Indicates fields. italic, e.g. Indicates values that you enter or that can be configured. Online: blue and italic, e.g. www.funkwerk-ec.com Indicates hyperlinks.
3 Installation Funkwerk Enterprise Communications GmbH Chapter 3 Installation Note Please read the safety notices carefully before installing and starting up your device. These are supplied with the device. Refer to chapter Technical data on page 28. 3.1 Setting up and connecting Note All you need for this are the cables and antennas supplied with the equipment. The device can be fitted with various antenna systems. External, screw-on standard antennas can be used (optional).
Funkwerk Enterprise Communications GmbH 3 Installation Fig.
3 Installation Funkwerk Enterprise Communications GmbH Fig. 3: Connection options bintec WIx040n and bintec WIx065n. When setting up and connecting, carry out the steps in the following sequence (refer to the connection diagrams for the individual devices in chapter Technical data on page 28): 8 (1) Antennas Screw the standard antennas supplied on to the connectors provided for this purpose. Put the antennas in the required position before tightening the screw nut.
Funkwerk Enterprise Communications GmbH 3 Installation used as a table-top device. Wall mounting To attach the device to the wall, use the brackets on the back of the housing. Optional wall mounting with theft protection is available. Warning Before drilling, make sure that there are no building installations where you are drilling. If gas, electricity, water or waste water lines are damaged, you may endanger your life or damage property. • Screw the mount to the wall with the 2 screws.
3 Installation Funkwerk Enterprise Communications GmbH Fig.
Funkwerk Enterprise Communications GmbH 3 Installation Fig. 6: Wall mounting of the bintec WIx065n (standard design and with theft protection) Use as a table-top device The access point can also be used as a table-top device. For this option, use the four self-adhesive feet on the bottom of the device. Place your device on a solid, level base. (3) LAN For the standard configuration of your device via Ethernet, connect port ETH1 or ETH2 of your device to your LAN using the Ethernet cable supplied.
3 Installation Funkwerk Enterprise Communications GmbH Note If the bintec WIx065n is installed outdoors, the lines laid outside the building are to be categorized as TNV1 electric circuits in accordance with EN60950, as their SELV level can also be overridden by transient overvoltage (e.g. during storms) during operation in line with the regulations.
3 Installation Funkwerk Enterprise Communications GmbH 3.3 Support information If you have questions about your product or are looking for additional information, the Funkwerk Enterprise Communications GmbH Support Centre can be reached Monday to Friday between the hours of 8.00 am and 5 pm. They can be contacted as follows: Email hotline@funkwerk-ec.com International Support Coordination Telephone: +49 911 9673 1550 End-customer Hotline 0900 1 38 65 93 (€1.
4 Basic configuration Funkwerk Enterprise Communications GmbH Chapter 4 Basic configuration You can use the Dime Manager (IP address assignment) and the Funkwerk Configuration Interface (other configuration steps) for the basic configuration of your device. The basic configuration is explained below step-by-step. A detailed online help system gives you extra support.
4 Basic configuration Funkwerk Enterprise Communications GmbH configuration (see Configuring a PC on page 18). (c) Assigning a fixed IP address You can use the Dime Manager to assign a new IP address and the required password to your device. Note Please note: If your device has obtained an IP address dynamically from a DHCP server operated in your network for the basic configuration, the fallback IP address 192.168.0.252 is deleted automatically and your device will no longer function over this address.
4 Basic configuration Funkwerk Enterprise Communications GmbH 4.2 System requirements For configuration, your PC must meet the following system requirements: • Microsoft Windows operating system Windows 2000 or higher • Internet Explorer 6 or 7, Mozilla Firefox Version 1.2 or higher • Installed network card (Ethernet) • DVD drive • TCP/IP protocol installed (see Configuring a PC on page 18) • High colour display (more than 256 colours) for correct representation of the graphics. 4.
4 Basic configuration Funkwerk Enterprise Communications GmbH and netmasks. In cases of doubt, ask your system administrator.
4 Basic configuration Funkwerk Enterprise Communications GmbH Access data Example value Preshared Key # $ MAC address of remote bridge % % % %& % ' Your values " To use the bridge link autoconfiguration function, proceed as described in the Automatic Configuration of a Bridge Link workshop and read the Wireless LAN chapter of the user's guide under WLAN -> Bridge Links -> Add. 4.3.
Funkwerk Enterprise Communications GmbH 4 Basic configuration Allocate an IP address to your PC as follows: (1) Select Internet Protocol (TCP/IP) and click on Properties. (2) Choose Use following IP address and enter a suitable IP address, the matching netmask, your default gateway and your preferred DNS server. If you run a DHCP server in your network, you can apply the default Windows setting Obtain IP address automatically and Obtain DNS server address automatically.
4 Basic configuration Funkwerk Enterprise Communications GmbH Fig. 7: Dime Manager initial screen The Dime Manager detects the devices installed in the network. (2) In the list, double click the device you want to configure. The following dialog box appears: Fig. 8: IP address assignment with the Dime Manager (3) Enter the network parameters (Device name, IP address, Netmask and Gateway) and click on OK. Note The maximum length of the Device name parameter is 32 characters.
4 Basic configuration Funkwerk Enterprise Communications GmbH The Device name parameter may contain only the letters "a"-"z", "A"-"Z", the digitss "0"-"9", dash "-" and dot "." to avoid errors by other systems during interpretation of the Device name. The first character must be a letter, and the last character cannot be a dot "." or dash "-". A single character is not permitted as a name. Your device can now be reached over the Ethernet with its IP address using a Web browser and can now be configured.
4 Basic configuration Funkwerk Enterprise Communications GmbH 4.5 Modify system password All bintec devices are delivered with the same username and password. As long as the password remains unchanged, they are therefore not protected against unauthorised use. Make sure you change the passwords to prevent unauthorised access to your device! Proceed as follows: (a) Go to System Management -> Global Settings-> Passwords (b) Enter a new password under System Admin Password .
4 Basic configuration Funkwerk Enterprise Communications GmbH (10) Click OK. (11) Save the configuration by clicking on the Save Configuration button above the menu navigation. 4.7 Setting up a bridge link If you run your device in Bridge mode, you must set up a bridge link. Bridge link autoconfiguration (1) Go to Wireless LAN -> WLAN -> Wireless Module Settings -> (2) In Operation Mode, select ( $ . (3) Leave the default settings in all other fields. (4) Click OK.
4 Basic configuration Funkwerk Enterprise Communications GmbH (6) In Preshared Key enter, for example, # $ ". (7) For Remote MAC address , enter the MAC address of the bridge to which your bridge is to set up a connection, e.g. % % % %& % '. (8) Leave the default settings in all other fields. (9) Click OK. (10) Configure a bridge link on the remote device in the same way. (11) Save the configuration by clicking on the Save Configuration button above the menu navigation.
Funkwerk Enterprise Communications GmbH 4 Basic configuration your device will be updated automatically. When installation of the new software is complete, you will be invited to restart the device. Caution Once you have clicked on GO , the update cannot be cancelled/interrupted. If an error occurs during the update, do not re-start the device and contact support.
5 Reset Funkwerk Enterprise Communications GmbH Chapter 5 Reset If the configuration is incorrect or if your device cannot be accessed, you can reset the device to the ex works standard settings using the Reset button on the bottom of the device. Practically al existing configuration data will then be ignored, only the current user passwords are retained. Configurations stored in the device are not deleted and can, if required, be reloaded when the device is rebooted.
Funkwerk Enterprise Communications GmbH 5 Reset Note If you delete the boot configuration using the Funkwerk Configuration Interface , all passwords will also be reset and the current boot configuration deleted. The next time, the device will boot with the standard ex works settings. On devices of the WI series, there is a further button - the HW reset. After pressing briefly once, the device reboots. Fig.
6 Technical data Funkwerk Enterprise Communications GmbH Chapter 6 Technical data This chapter summarises all of the hardware properties of the devices W1002n, WI1040n, WI2040n, WI1065n and WI2065n. Caution bintec WIx065n is a class A set-up. This set-up can cause interference in living areas; in this case the operator can request for appropriate measures to be taken. 6.
6 Technical data Funkwerk Enterprise Communications GmbH Cable sets/mains unit/other Software Documentation Companion DVD Quick Install Guide (printed) 2-pole screw terminal bar for relay Mounting bracket for wall mounting 1 screw pin set Blind stops for Ethernet interfaces bintec WI2040n Ethernet cable (RJ-45, STP) Serial cable (D-SUB9) 4 external standard antennas R&TTE Compliance Information (printed) User's Guide (on DVD) Self-adhesive feet to allow the device to be used as a desktop device
6 Technical data Funkwerk Enterprise Communications GmbH Cable sets/mains unit/other Software Documentation Companion DVD Quick Install Guide (printed) relay 1 screw pin set Blind stops for Ethernet interfaces 4 threaded caps for antennas bintec WI2065n Ethernet cable (RJ-45, STP) Serial cable (D-SUB9) 4 external standard antennas R&TTE Compliance Information (printed) User's Guide (on DVD) Blind stops for SFP SD slot cover with screw Safety notices 3-pole screw terminal bar for the power suppl
6 Technical data Funkwerk Enterprise Communications GmbH Property Value (W x L x H) Weight approx. 430 g LEDs 4 (1x Status, 1x WLAN, 2x Ethernet) Power consumption of the device 5-10 Watt, depending on extensions Voltage supply External switched-mode power supply 12 V DC, 1.
6 Technical data Funkwerk Enterprise Communications GmbH Property Value 2,4 GHz 802.11n 40 MHz: MSC0 -87 dBm; MSC1 -84 dBm; MCS2 -82 dBm; MCS3 -79 dBm; MCS4 -75 dBm; MSC5 -71 dBm; MCS6 -69 dBm; MCS7 -67 dBm; MCS8 -86 dBm; MCS9 -83 dBm; MCS10 -79 dBm; MCS11 -77 dBm; MCS12 -74 dBm; MCS13 -69 dBm; MCS14 -67 dBm; MCS15 -65 dBm 5 GHz 802.11a/h: 6 Mbit/s -88 dBm; 9 Mbit/s -87 dBm; 12 Mbit/s -86 dBm; 18 Mbit/s -84 dBm; 24 Mbit/s -82 dBm; 36 Mbit/s -78 dBm; 48 Mbit/s -74 dBm; 54 Mbit/s -73 dBm; 5 GHz 802.
6 Technical data Funkwerk Enterprise Communications GmbH Property Value Frequency bands 2.4 GHz Indoor/Outdoor (2412-2472 MHz) 5 GHz Indoor (5150-5350 MHz) 5 GHz Outdoor (5470-5725 MHz) 5 GHz BFWA (5755-5875 MHz) only in Germany and Great Britain (reporting obligations in Germany, licencing obligations in Great Britain).
6 Technical data Funkwerk Enterprise Communications GmbH Property Value Dimensions and weights: Equipment dimensions without cable 220 mm x 185 mm x 42 mm without feet (W x L x H) Weight LEDs approx. 1,200 g (3 WLAN modules) bintec WI1040n 6 (1x Failure, 1x Status, 3x WLAN, 2x Ethernet, 1x SFP) bintec WI2040n 7 (1x Failure, 1x Status, 3x WLAN, 2x Ethernet, 1x SFP) Power consumption of the device 5-24 Watt, depending on extensions Voltage supply Earth conductor/connection to earth 5-20W.
6 Technical data Funkwerk Enterprise Communications GmbH Property Value Serial interface V.24 9-pin Sub-D connector Relay switching contact N/O 42 V AC 1 A / 30 V DC 2 A potential-free, software configurable, switchable Ethernet interface RJ45 socket Antennas: Antenna connection RTNC socket Transmit Power (WLAN) max. 100 mW (20 dBm) EIRP Receiver sensitivity 5 GHz 802.
6 Technical data Funkwerk Enterprise Communications GmbH Property Value E1-mark (vehicle licencing) Buttons Reset and reset to ex work settings possible with two buttons (1x config reset, 1x HW reset) Security features WEP, WPA, WPA2, Access Control List, Network Name Broadcast can be deactivated WEP key length (bit) 40 (64) or 104 (128) Software supplied Dime Manager on DVD Printed documentation supplied Quick Install Guide Safety notices R&TTE Compliance Information Online documentation Use
6 Technical data Funkwerk Enterprise Communications GmbH Property Value WLAN modules Protection against theft Theft protection is available as an option Temperature sensor Temperature monitoring and software-controlled actions possible Environmental requirements: Storage temperature -40 °C to +85 °C Operating temperature -20 °C to +65 °C Relative atmospheric humidity 10 % to 100 % Available interfaces: Serial interface V.
6 Technical data Funkwerk Enterprise Communications GmbH Property Value Modulation Modulation IEEE 802.11 standards: a,h (5 GHz) b/g (2.4 GHz) Modulation types: 11, 5.5, 2 and 1 Mbit/s (DSSS) 2.4 GHz; 54, 48, 36, 24, 18, 12, 9 and 6 Mbit/s (OFDM) 2.4 and 5 GHz Channels IEEE802.11b/g: 13 channels (Europe) IEEE802.11a/h: 19 channels (Europe) Standards IEEE 802.11a,b,g,d,h,i IEEE 802.3 IEEE 802.3af IEEE 802.
6 Technical data Funkwerk Enterprise Communications GmbH the connection to earth is under the cover. Fig. 11: Connection to earth bintec WIx040n 6.3 LEDs The LEDs show the radio status, radio activity, Ethernet activity and LED states of your device. The LED states are indicated by combinations of the LEDs which are explained in detail in this chapter. The LEDs on bintec W1002n are arranged as follows: Fig.
6 Technical data Funkwerk Enterprise Communications GmbH LED Status Information ETH 1/2 off No cable or no Ethernet link on Cable plugged in and link on (flickering) Cable plugged in and link with data traffic During the heating phase the red Failure LED flashes. Once this temperature has been reached, the device continues with the start-up process. All LEDs are on during the start-up process. This means the monitor has been started and firmware is being loaded.
6 Technical data Funkwerk Enterprise Communications GmbH LED WLAN 1/2/3 (3x green) ETH 1/2 Status Information on (static) Errors on (flashing) Ready on (flashing slowly) Free on (static) At least one client is registered. on (flickering) At least one client is registered and there is data traffic.
6 Technical data Funkwerk Enterprise Communications GmbH Fig. 14: LEDs of bintec WI1065n and bintec WI2065n In operation mode, the LEDs display the following status information for your device: LED status display bintec WI1065n and bintec WI2065n LED Status Information Failure (red) on After power-up and during booting or if an error occurs. flashes During the heating phase. off If the device is at the login prompt. off The power supply is not connected. If other LEDs are on, also Error.
6 Technical data Funkwerk Enterprise Communications GmbH During the boot operation, only the red LED is on. The other LEDs then come on during booting (if the units are initialised). 6.4 Connectors All the connections are located on the underside of the device. On bintec W1002n the third antenna connection is located on the underside of the device. The connectors on industrial WLAN devices with 802.11n support are the same as the connectors on other industrial WLAN devices.
6 Technical data Funkwerk Enterprise Communications GmbH ANT2 = TX/RX2 (Connection of second option directional antenna) bintec WI1040n, and bintec WI2040n have two Ethernet connections and a serial interface. The connections are arranged as follows: Fig.
6 Technical data Funkwerk Enterprise Communications GmbH 3 HW Reset button performs restart 4 Cfg Deletes the configuration 5 SFP SFP slot for 100 Mbit/s fibre module (optional) 6 Serial Serial interface RS232 7 Relay N/O Alarm relay contact 6.5 Antenna connectors for industrial WLAN devices with 802.11n support Note The three antenna for devices bintec WI1040n, bintec WI1065n and bintec W1002n have 2 Transmit and 3 Receive functions in n operating mode MIMO 2T3R. WLAN 1 Ant.
6 Technical data Funkwerk Enterprise Communications GmbH Fig. 19: Antenna configuration for bintec WIx065n devices 6.6 Pin Assignments 6.6.1 Ethernet interface Your device has two Ethernet interfaces. These are used to connect individual PCs or other switches. The connection is made via an RJ45 socket. Fig.
Funkwerk Enterprise Communications GmbH 6 Technical data W1002n. 6.6.2 Serial interface Your device has a Serial interface for connection to a console. This supports Baud rates from 1200 to 115200 Bps. The interface is designed as a 9-pin SUB-D socket. Fig. 21: 9-pin Sub-D connector The pin assignment is as follows: Pin assignment of the Sub-D port Pin bintec W1002n function 1 Not used 2 RxD 3 TxD 4 Not used 5 GND 6 DSR 7 RTS 8 CTS 9 Not used 6.6.
6 Technical data Funkwerk Enterprise Communications GmbH Pin assignment of the connector for the power supply Pin Configuration 1 + 2 - 3 + 6.7 Frequencies and channels Different certification regulations apply around the world. ETSI standards generally apply (predominantly used in Europe). For operation in Europe, please read the notes in the R&TTE Compliance Information.
Funkwerk Enterprise Communications GmbH 6 Technical data 6.
7 Access and configuration Funkwerk Enterprise Communications GmbH Chapter 7 Access and configuration This chapter describes all the access and configuration options. 7.1 Access Options The various access options are presented below. Select the procedure to suit your needs. There are various ways you can access your device to configure it: • Via your LAN • Via the serial interface 7.1.
Funkwerk Enterprise Communications GmbH 7 Access and configuration • The fixed IP address assigned via the Dime Manager Press the Enter (Return) key . 7.1.1.2 Telnet Apart from configuration using a web browser, with a Telnet connection you can also access the SNMP shell and use other configuration options. You do not need any additional software on your PC to set up a Telnet connection to your device. Telnet is available on all operating systems.
7 Access and configuration Funkwerk Enterprise Communications GmbH device: (1) Log in to one of the types already available on your device (e.g. via Telnet - for login see Logging in on page 55). (2) Enter " for the input prompt. You are now in the Flash Management shell. (3) Call up a list of all the files saved on the device: " .
Funkwerk Enterprise Communications GmbH 7 Access and configuration If you have made sure that all the keys needed are available on the device, you have to check whether an SSH client is installed on your PC. Most UNIX and Linux distributions install a SSH client by default. Additional software, e.g. PuTTY, usually has to be installed on a Windows PC. Proceed as follows to log in on your device via SSH: UNIX (1) Enter $ $ ! in a terminal. The login prompt window appears.
7 Access and configuration Funkwerk Enterprise Communications GmbH the corresponding parameters (see below). Proceed as follows to access your device via the serial interface: (1) Click on Programs -> Accessories -> HyperTerminal in the Windows Start menu. (2) Press Return (at least once) after the HyperTerminal window opens. A window with the login prompt appears. You are now in the SNMP shell of your device. You can now log in on your device and start the configuration.
7 Access and configuration Funkwerk Enterprise Communications GmbH 7.2 Logging in With the help of certain access data, you can log in on your device and carry out different actions. The extent of the actions available depend on the authorisations of the user concerned. A login prompt appears first, regardless of how you access your device. You cannot view any information on the device or change the configuration without authentication. 7.2.
7 Access and configuration Funkwerk Enterprise Communications GmbH 7.2.2 Logging in for Configuration Set up a connection to the device. The access options are described in Access Options on page 50. Funkwerk Configuration Interface Log in via the HTML surface as follows: (1) Enter your user name in the User field of the input window. (2) Enter your password in the Password field of the input window and confirm with Return or click the Login button.
7 Access and configuration Funkwerk Enterprise Communications GmbH The configuration options available to you depend on the type of connection to your device: Types of connections and configurations Type of connection Possible types of configuration LAN Assistant, Funkwerk Configuration Interface , shell commands Serial connection Shell command Therefore, several types of configuration are available for each type of connection.
7 Access and configuration Funkwerk Enterprise Communications GmbH Fig. 24: Funkwerk Configuration Interface home page 7.3.1.1 Calling up Funkwerk Configuration Interface (1) Check whether the device is connected and switched on and that all the necessary cables are correctly connected (see Technical data on page 28). (2) Check the settings of the PC from which you want to configure your device (see Configuring a PC on page 18). (3) Open a web browser.
7 Access and configuration Funkwerk Enterprise Communications GmbH 7.3.1.2 Operating elements Funkwerk Configuration Interface window The Funkwerk Configuration Interface window is divided into three areas: • The header • The navigation bar • The main configuration window Fig. 25: Areas of the Funkwerk Configuration Interface Header Fig.
7 Access and configuration Funkwerk Enterprise Communications GmbH Function to carry out the configuration. German and English are available. View: Select the desired view from the dropdown menu. Standard and SNMP browsers can be selected. Online Help: Click this button if you want help with the menu now active. The description of the sub-menu where you are now is displayed. Logout: If you want to end the configuration, click this button to log out of your device.
Funkwerk Enterprise Communications GmbH 7 Access and configuration Fig. 28: Menus The Save Configuration button is found in the navigation bar. If you save a current configuration, you can save this as the boot configuration or you can also archive the previous boot configuration as a backup. If you click the Save configuration button in the FCI, you will be asked "Do you really want to save the current configuration as a boot configuration?" You have the following two options: • / $ " , i.e.
7 Access and configuration Funkwerk Enterprise Communications GmbH The navigation bar also contains the main configuration menus and their sub-menus. Click the main menu you require. The corresponding sub-menu then opens. If you click the sub-menu you want, the entry selected will be displayed in red. All the other sub-menus will be closed. You can see at a glance the sub-menu you are in.
7 Access and configuration Funkwerk Enterprise Communications GmbH Button Function automatic detection of all the access points available and connected by Ethernet in the network. In the System Management -> Certificates -> Certificates and the System Management -> Certificates -> CRLs menus, this button opens the sub-menus for configuring the certificates or CRL imports.
7 Access and configuration Funkwerk Enterprise Communications GmbH Icon Function Triggers a WLAN bandscan. Displays the next page in a list. Displays the previous page in a list. You can select the following operating functions in the list view: Funkwerk Configuration Interface list options Function Update Interval Here you can set the interval in which the view is to be updated. To do this, enter a period in seconds in the input field and con.
7 Access and configuration Funkwerk Enterprise Communications GmbH The menus of the Funkwerk Configuration Interface contain the following basic structures: Funkwerk Configuration Interface Menu architecture Function Basic configuration menu/list When you select a menu from the navigation bar, the menu of basic parameters is displayed first. In a sub-menu containing several pages, the menu containing the basic parameters is displayed on the first page.
7 Access and configuration Funkwerk Enterprise Communications GmbH Function Dropdown menus e.g. Click the arrow to open the list. Select the required option using the mouse. Internal lists e.g. Click . A new list entry is created. Enter the correspond- ing data. If list input fields remain empty, these are not saved when you confirm with OK. Delete the entries by clicking the icon.
7 Access and configuration Funkwerk Enterprise Communications GmbH 7.3.1.3 Funkwerk Configuration InterfaceMenus The configuration options of your device are contained in the sub-menus, which are displayed in the navigation bar in the left-hand part of the window. Note Please note that not all devices have the full range of functions. Check the software of your device on the corresponding product page under www.funkwerk-ec.com .
7 Access and configuration Funkwerk Enterprise Communications GmbH Menu Function You can also manage licences that are necessary for the use of certain functions. Interface Mode / Bridge In this menu, you define the mode in which the interfaces of Groups your device are to run (routing or bridging) and if necessary can define bridge groups. Administrative Access In this menu, you configure the access options for the individual interfaces.
7 Access and configuration Funkwerk Enterprise Communications GmbH Wireless LAN Controller Menu Function Wizard The Wizard helps you to set up a WLAN infrastructure. Controller Configuration In this menu, you make the basic wireless LAN controller settings. Slave AP Configuration In this menu, you configure the slave access points. Monitoring In this menu, you can monitor active and neighbouring clients. Maintenance In this menu, you can update access point software and save any configurations.
7 Access and configuration Funkwerk Enterprise Communications GmbH Menu Function IPSec In this menu, you configure VPN connections over IPSec. L2TP In this menu you configure the use of L2TP (Layer 2 Tunnelling Protocol). GRE This menu shows a list of all configured GRE tunnels. Firewall Menu Function Policies In this menu you configure the filter rules for the firewall. Interfaces In this menu, you can group together the interfaces to be filtered.
7 Access and configuration Funkwerk Enterprise Communications GmbH Menu Function Diagnostics In this menu you can test the accessibility of hosts, DNS servers or routing. Software & Configuration In this menu, you can manage your device's configuration files. You can save them either locally on your device or on your computer, for example. you can start an update of the system software, the ADSL logic and the BOOTmonitor. Reboot In this menu, you can initiate the rebooting of the device.
7 Access and configuration Funkwerk Enterprise Communications GmbH Menu Function WLAN This menu shows you the WLAN connections statistics. Bridges In this menu you can view the current values of the configured bridges. Hotspot Gateway This menu shows a list of all bintec Hotspot users. QoS In this menu, statistics are displayed for all interfaces for which QoS has been configured. 7.3.
Funkwerk Enterprise Communications GmbH 7 Access and configuration The BOOTmonitor is started as follows. The devices passes through various functional states when starting: • Start Mode • BOOTmonitor mode • Normal mode After some self-tests have been successfully carried out in the start mode, your device reaches the BOOTmonitor mode. The BOOTmonitor prompt is displayed if you are serially connected to your device. Fig.
8 Assistants Funkwerk Enterprise Communications GmbH Chapter 8 Assistants The Assistants menu offers step-by-step instructions for the following basic configuration tasks: • First steps • Internet access • VPN • Wireless LAN • VoIP PBX in LAN Choose the corresponding task from the navigation bar and follow the instructions and explanations on the separate pages of the Assistant.
Funkwerk Enterprise Communications GmbH 9 System Management Chapter 9 System Management The System Management menu contains general system information and settings. You see a system status overview. Global system parameters such as the system name, date/time, passwords and licences are managed and the access and authentication methods are configured. 9.1 Status If you log into the Funkwerk Configuration Interface , your device's status page is displayed, which shows the most important system information.
9 System Management Funkwerk Enterprise Communications GmbH Fig. 32: System Management -> Status The System Management -> Status menu consists of the following fields: Fields in the Status System Information menu Field Value Uptime Displays the time past since the device was rebooted. System Date Displays the current system date and system time. Serial Number Displays the device serial number. BOSS Version Displays the currently loaded version of the system software.
9 System Management Funkwerk Enterprise Communications GmbH Field Value sensor. This shows the current temperature and the maximum and minimum temperatures reached. Active Sessions (SIF, RTP, etc... ) Displays the total of all SIF, TDRC, and IP load balancing sessions. Active IPSec Tunnels Displays the number of currently active IPSec tunnels in relation to the number of configured IPSec tunnels.
9 System Management Funkwerk Enterprise Communications GmbH Field Value • Software version of the wireless card Bridge mode: • Operation Mode: Bridge or Off • The channel used on this wireless module • Number of configured bridge links • Software version of the wireless card Interface specifics for relay: • Configured Mode Recent System Logs Displays the last 10 system messages. 9.2 Global Settings The basic system parameters are managed in the Global Settings menu. 9.2.
9 System Management Funkwerk Enterprise Communications GmbH Fig. 33: System Management -> Global Settings -> System The System Management -> Global Settings -> System menu consists of the following fields: Fields in the System Basic Parameters menu Field Value System Name Enter the system name of your device. This is also used as the PPP host name. A character string of up to 255 characters is possible. The device type is entered as the default value. Location Enter the location of your device.
9 System Management Funkwerk Enterprise Communications GmbH Field Value The default value is . You can view the stored messages in Monitoring -> Internal Log. Maximum Message Level of Syslog Entries Select the priority of system messages above which a log should be created. System messages are only recorded internally if they have a higher or identical priority to that indicated, i.e. all messages generated are recorded at syslog level # $.
9 System Management Funkwerk Enterprise Communications GmbH Fig. 34: System Management -> Global Settings -> Passwords Note All bintec devices are delivered with the same username and password. As long as the password remains unchanged, they are not protected against unauthorised use.
9 System Management Funkwerk Enterprise Communications GmbH Field Value SNMP Read Community Enter the password for the user name . SNMP Write Community Enter the password for the user name 2 . Fields in the Passwords Global Password Options menu Field Value Show passwords and keys in clear text Define whether the passwords are to be displayed in clear text (plain text). The function is activated with 1 . The function is disabled by default.
Funkwerk Enterprise Communications GmbH 9 System Management Fig. 35: System Management -> Global Settings -> Date and Time You have the following options for determining the system time (local time): Manual The system time can be set manually on the device. If the correct location of the device (country/city) is set for the System Time Zone, switching from summer time to winter time (and back) is automatic. The switch occurs independently of an NTP server.
9 System Management Funkwerk Enterprise Communications GmbH Note If a method for automatically deriving the time is defined on the device, the values obtained in this way automatically have higher priority. A manually entered system time is therefore overwritten. The System Management -> Global Settings -> Date and Time menu consists of the following fields: Fields in the Date and Time Basic Settings menu Field Description Time Zone Select the time zone in which your device is installed.
9 System Management Funkwerk Enterprise Communications GmbH Field Description IP address. In addition, select the protocol for the time server request. Possible values: • 84 (default value): This server uses the simple network time protocol with UDP port 123. • 4 / 5 ,9 : This server uses the Time service with UDP port 37. • 4 / 5 4+ : This server uses the Time service with TCP port 37. • 8 : This time server is not currently used for the time request.
9 System Management Funkwerk Enterprise Communications GmbH Field Description • 4 / 5 4+ : This server uses the Time service with TCP port 37. • 8 : This time server is not currently used for the time request. Time Update Interval Enter the time interval in minutes at which the time is automatically updated. The default value is && . Time Update Policy Enter the time period after which the system attempts to contact the time server again following a failed time update.
9 System Management Funkwerk Enterprise Communications GmbH The following licence types exist: • Licences already available in the device's ex works state • Free extra licences • Extra licences at additional cost The data sheet for your device tells you which licences are available in the device's ex works state and which can also be obtained free of charge or at additional cost. You can access this data sheet at www.funkwerk-ec.com .
9 System Management Funkwerk Enterprise Communications GmbH Fig. 36: System Management -> Global Settings -> System Licenses -> New Activating extra licences You activate extra licences by adding the received licence information in the System Management -> Global Settings -> System Licenses -> New menu.
9 System Management Funkwerk Enterprise Communications GmbH Deactivating a licence Proceed as follows to deactivate a licence: (1) Go to System Management -> Global Settings -> System Licenses. (2) Press the (3) Confirm with OK. icon in the line containing the licence you want to delete. The licence is deactivated. You can reactivate your additional licence at any time by entering the valid licence key and licence serial number. 9.
9 System Management Funkwerk Enterprise Communications GmbH The names of the interfaces connected to an Ethernet port are made up of the following parts: (a) Abbreviation for interface type (b) Number of the Ethernet port (c) Number of the interface Example: (first interface on the first Ethernet port) The name of the bridge group is made up of the following parts: (a) Abbreviation for interface type (b) Number of the bridge group Example: # (first bridge group) The name of the wireless network is
9 System Management Funkwerk Enterprise Communications GmbH (c) Number of the interface connected to the Ethernet port (d) Number of the virtual interface Example: (first virtual interface based on the first interface on the first Ethernet port) 9.3.1 Interfaces You define separately whether each interface is to operate in routing or bridging mode. If you want to set bridging mode, you can either use existing bridge groups or create a new bridge group.
9 System Management Funkwerk Enterprise Communications GmbH Field Description Interface Description Displays the name of the interface. Mode / Bridge Group Configuration Interface Select whether you want to run the interface in 6 " $ ? or whether you want to assign the interface to an existing ( # , # etc.) or new bridge group ( 8 ( $ > !). If you select 8 ( $ > !, a new bridge group is created automatically when you click OK.
9 System Management Funkwerk Enterprise Communications GmbH Fig. 38: System Management -> Interface Mode / Bridge Groups -> Interfaces -> Edit You can realise bridging for devices behind access clients with the MAC Bridge function. In wildcard mode you cannot define how Unicast non-IP frames or non-ARP frames are processed. To use the MAC bridge function, you must carry out configuration steps in several menus.
9 System Management Funkwerk Enterprise Communications GmbH Field Value • 8 (default value): Wildcard mode is not used. • " " : With this setting, you must enter the MAC address of a device that is connected over IP under Wildcard MAC Address. Each packet without IP and without ARP is forwarded to this device. This occurs even when the device is no longer connected.
Funkwerk Enterprise Communications GmbH 9 System Management 9.4.1 Access In the Administrative Access -> Access menu, a list of all IP-configurable interfaces is shown. Fig. 39: System Management -> Administrative Access -> Access For the Ethernet interface you can select the access parameters 4 2 ", =, =44 , =4 4 , $ and 8? .
9 System Management Funkwerk Enterprise Communications GmbH 9.4.1.1 Add Press the Add button to configure administrative access for additional interfaces. Fig. 40: System Management -> Administrative Access -> Access -> Add The System Management -> Administrative Access -> Access -> Add menu consists of the following fields: Fields in the Access menu Field Description Interface Select the interface for which administrative access is to be configured. 9.4.
9 System Management Funkwerk Enterprise Communications GmbH Fig. 41: System Management -> Administrative Access -> SSH You need an SSH client application, e.g. PuTTY, to be able to reach the SSH Daemon. If you wish to use SSH Login together with the PuTTY client, you may need to comply with some special configuration requirements, for which we have prepared FAQs. You will find these in the Service/Support section at www.funkwerk-ec.com .
9 System Management Funkwerk Enterprise Communications GmbH Field Value The function is enabled by default. Compression Select whether data compression should be used. The function is activated by choosing 0 #2 . The function is disabled by default. TCP Keepalives Select whether the device is to send keepalive packets. The function is activated by choosing 0 #2 . The function is enabled by default. Logging Level Select the syslog level for the syslog messages generated by the SSH Daemon.
9 System Management Funkwerk Enterprise Communications GmbH Field Value Possible options: • ?9 • = • 6 ! ?9 ?9 , = and 6 ! ?9 are enabled by default. Fields in the SSH Key Status menu Field Value RSA Key Status Shows the status of the RSA key. If an RSA key has not been generated yet, 8 " > " is displayed in red and a link, > " , is provided. If you select the link, the generation process is triggered and the view is updated. The status > " $ is displayed in green.
9 System Management Funkwerk Enterprise Communications GmbH 9.4.3 SNMP SNMP (Simple Network Management Protocol) is a network protocol used to monitor and control network elements (e.g. routers, servers, switches, printers, computers etc.) from a central station. SNMP controls communication between the monitored devices and monitoring station. The protocol describes the structure of the data packets that can be transmitted, as well as the communication process.
9 System Management Funkwerk Enterprise Communications GmbH Field Value SNMP Version Select the SNMP version your device is to use to listen for external SNMP accesses. Possible values: • / : SNMP Version 1 • / : Community-Based SNMP Version 2 • /': SNMP Version 3 / , / and /' are active by default. If no option is selected, the function is deactivated. SNMP Listen UDP Port Shows the UDP port ( ) at which the device receives SNMP requests. The value cannot be changed.
9 System Management Funkwerk Enterprise Communications GmbH the RADIUS server, which then searches its database. If the user is found and can be authenticated, the RADIUS server sends corresponding confirmation to your device. This confirmation also contains parameters (called RADIUS attributes), which your device uses as WAN connection parameters. If the RADIUS server is used for accounting, your device sends an accounting message at the start of the connection and a message at the end of the connection.
9 System Management Funkwerk Enterprise Communications GmbH Field Value If a RADIUS server is used for accounting, your device sends an accounting message to the RADIUS server at the end of each connection. In the System Management -> Remote Authentication -> RADIUS menu, a list of all registered RADIUS servers is displayed. 9.5.1.1 Edit/New Choose the icon to edit existing entries. Choose the New button to add RADIUS serv- ers. Fig.
9 System Management Funkwerk Enterprise Communications GmbH Field Value Possible values: • "1 " " (default value): The RADIUS server is used for controlling access to a network. • " $: The RADIUS server is used for recording statistical call data. • . $ "1 " " : The RADIUS server is used for controlling access to the SNMP shell of your device. • 7 "1 " " : The RADIUS server is used for sending configuration data for IPSec peers to your device. • .
9 System Management Funkwerk Enterprise Communications GmbH Field Value The function is activated by choosing 0 #2 . The function is enabled by default. Group Description Define a new RADIUS group description or assign the new RADIUS entry to a predefined group. The configured RADIUS servers for a group are queried according to priority and policy. Possible values: • 8 : Enter a new group description in the text field.
9 System Management Funkwerk Enterprise Communications GmbH Field Value and response in milliseconds. After timeout, the request is repeated according to Retries or the next configured RADIUS server is requested. Possible values are whole numbers between and . The default value is (1 second). Alive Check Here you can activate a check of the reachability of a RADIUS server in Status 9 .
9 System Management Funkwerk Enterprise Communications GmbH Field Value If the function is active, you can enter the following options: • 6 2 7 " / 2 Enter the time period in seconds between the update intervals. The default entry here is i.e. an automatic reload is not carried out. • 9 2" , : Some Radius servers require a user password for each RADIUS request. Enter the password that your device sends as the default user password in the prompt for the dialout routes on the RADIUS server.
9 System Management Funkwerk Enterprise Communications GmbH Fig. 44: System Management -> Remote Authentication -> TACACS+ -> New The System Management -> Remote Authentication -> TACACS+ -> New menu consists of the following fields: Fields in the TACACS+ Basic Parameters menu Field Description Authentication Type Displays which TACACS+ function is to be used. The value cannot be changed. Possible values: • .
9 System Management Funkwerk Enterprise Communications GmbH Field Description next-highest priority is used. The available values are to , the default value is . Entry active Select whether this server is to be used for login authentication. The function is activated by choosing 0 #2 . The function is enabled by default. The Advanced Settings menu consists of the following fields: Fields in the menu Advanced Settings Field Description Policy Select the interpretation of the TACACS+ response.
9 System Management Funkwerk Enterprise Communications GmbH Field Description At the end of the block time, the server is set to the status specified in the Administrative Status field. The possible values are to ' , the default value is . The value means that the server is never set to (2 status and thus no other servers are queried. Encryption Select whether data exchange between the TACACS+ server and the NAS is to be encrypted with MD5. The function is activated by choosing 0 #2 .
9 System Management Funkwerk Enterprise Communications GmbH Fig. 45: System Management -> Remote Authentication -> Options The System Management -> Remote Authentication -> Options menu consists of the following fields: Fields in the Options Global RADIUS Options menu Field Description Authentication for PPP Dialin By default, the following authentication sequence is used for incoming calls with RADIUS: First CLID, then PPP and then PPP with RADIUS.
9 System Management Funkwerk Enterprise Communications GmbH 9.6 Certificates An asymmetric cryptosystem is used to encrypt data to be transported in a network, to generate or check digital signatures and the authenticate users. A key pair consisting of a public key and a private key is used to encrypt and decrypt the data. For encryption the sender requires the public key of the recipient. The recipient decrypts the data using his private key.
9 System Management Funkwerk Enterprise Communications GmbH Fig. 46: System Management -> Certificates -> Certificate List-> The certificates and keys themselves cannot be changed, but a few external attributes can be changed, depending on the type of the selected entry. The System Management -> Certificates -> Certificate List-> menu consists of the following fields: Fields in the menu Field Description Description Shows the name of the certificate, key, or request.
9 System Management Funkwerk Enterprise Communications GmbH Field Description Certificate Revocation List (CRL) Checking Only for Certificate is a CA certificate = 4 . Define the extent to which certificate revocation lists (CRLs) are to be included in the validation of certificates issued by the owner of this certificate. Possible settings: • 9 #2 : No checking of CRLs. • 2 - : CRLs are always checked. • < 2- +6.
9 System Management Funkwerk Enterprise Communications GmbH Registration authority certificates are used by some Certificate Authorities (CAs) to handle certain tasks (signature and encryption) during SCEP communication with separate keys, and to delegate the operation to separate registration authorities, if applicable. When a certificate is downloaded automatically, i.e. if CA Certificates = 9 2 is selected, all the certificates needed for the operation are loaded automatically.
9 System Management Funkwerk Enterprise Communications GmbH Field Description scription Mode Select the way in which you want to request the certificate. Possible settings: • ? 2 (default value): Your device generates a PKCS#10 for the key. This file can then be uploaded directly in the browser or copied in the Edit menu using the View Details field. This file must be provided to the CA and the received certificate must then be imported manually to your device.
9 System Management Funkwerk Enterprise Communications GmbH Field Description trator can provide you with the necessary data. If no CA certificates are available, the device will first download the CA certificate of the relevant CA. It then continues with the enrolment process, provided no more important parameters are missing. In this case, it returns to the Generate Certificate Request menu.
9 System Management Funkwerk Enterprise Communications GmbH Field Description Custom Select whether you want to enter the name components of the subject name individually as specified by the CA or want to enter a special subject name. If 0 #2 is selected, a subject name can be given in Summary with attributes that are not offered in the list. Example: "CN=VPNServer, DC=mydomain, DC=com, c=DE".
9 System Management Funkwerk Enterprise Communications GmbH Field Description Enter the country according to CA. The Advanced Settings menu consists of the following fields: Fields in the Advanced Settings Subject Alternative Names menu Field Description #1, #2, #3 For each entry, define the type of name and enter additional subject names. Possible values: • 8 (default value): No additional name is entered. • 7 : An IP address is entered. • 98 : A DNS name is entered.
9 System Management Funkwerk Enterprise Communications GmbH Fig. 48: System Management -> Certificates -> Certificate List -> Import The System Management -> Certificates -> Certificate List -> Import menu consists of the following fields: Fields in the Certificate List Import menu Field Description External Filename Enter the file path and name of the certificate to be imported, or use Browse... to select it from the file browser.
9 System Management Funkwerk Enterprise Communications GmbH Field Description Enter the password here. 9.6.2 CRLs In the System Management -> Certificates -> CRLs menu a list of all CRLs is shown. If a key is no longer to be used, e.g. because it has fallen into the wrong hands or has been lost, the corresponding certificate is declared invalid. The certification authority revokes the certificate and publishes it on a certificate blacklist, so-called CRL.
9 System Management Funkwerk Enterprise Communications GmbH Field Description External Filename Enter the file path and name of the CRL to be imported, or use Browse... to select it from the file browser. Local Certificate Description File Encoding Enter a unique description for the CRL. Select the type of encoding, so that your device can decode the CRL. Possible values: • " (default value) Activates automatic code recognition.
9 System Management Funkwerk Enterprise Communications GmbH Fig. 50: System Management -> Certificates -> Certificate Servers -> New The System Management -> Certificates -> Certificate Servers -> New menu consists of the following fields: Fields in the Certificate Servers Basic Parameters menu Field Description Description Enter a unique description for the certificate server. LDAP URL Path Enter the LDAP URL of the server.
10 Physical Interfaces Funkwerk Enterprise Communications GmbH Chapter 10 Physical Interfaces In this menu, you configure the physical interfaces that you have used when connecting your gateway. The configuration interface only shows the interfaces that are available on your device. In the System Management -> Status menu you can see a list of all physical interfaces and information on whether the interfaces are connected or active and whether they have already been configured. 10.
10 Physical Interfaces Funkwerk Enterprise Communications GmbH The Physical Interfaces -> Ethernet Ports -> Port Configuration menu consists of the following fields: Fields in menu Port Configuration Field Description Port Shows the respective port. The numbering corresponds to the numbering of the Ethernet ports on the back of the device. Interface Displays the interface assigned to the Ethernet port here. Configured Speed / Mode Select the mode in which the interface is to run.
10 Physical Interfaces Funkwerk Enterprise Communications GmbH 10.2 Serial Port The serial interface can be operated as a console or as a data interface. In data interface mode, the data for the serial interface can be transmitted over an IP infrastructure (Serial over IP). 10.2.1 Serial Port You can make settings for the serial interface in the Physical Interfaces -> Serial Port -> Serial Port menu. Fig.
10 Physical Interfaces Funkwerk Enterprise Communications GmbH If the 9 " " option is selected for the Port Mode, an extra configuration section opens. Fig. 53: Physical Interfaces -> Serial Port -> Serial Port with Port Mode = 9 " " Fields in the Serial Port Serial Settings menu Field Baudrate Description Select which baud rate should be used. Make sure that the remote terminal is suitable for the selected baud rate.
10 Physical Interfaces Funkwerk Enterprise Communications GmbH Field Description • (default value) • • E • Data Bits Select how many data bits should be sent in sequence for traffic data. Possible values: • (default value): Eight data bits are sent in sequence. • E: Seven data bits are sent in sequence. Parity Select whether or not a parity bit should be used to identify transmission errors. Possible values: • 8 (default value): No parity bit is used.
10 Physical Interfaces Funkwerk Enterprise Communications GmbH Field Description • 64 5+4 : The hardware handshake used controls the data flow over the RTS and CTS lines. • D<85D< : If the software handshake is used, the recipient sends special signs to the sender to control the data flow. Fields in the Serial Port IP menu Field Mode Description Select the mode in which the gateway should process IP data packets.
10 Physical Interfaces Funkwerk Enterprise Communications GmbH Field Description The function is enabled by default. Possible values: .. ' . Default value: . Inter-Byte Gap Enter the time in ms since receiving the first character, which is used as a trigger for data transmission. The function is activated with 0 #2 . The function is disabled by default. Possible values: .. ' . Default value: .
10 Physical Interfaces Funkwerk Enterprise Communications GmbH 10.3.1 Relay Configuration In this menu, you can configure the port mode. Fig. 54: Physical Interfaces -> Relay -> Relay Configuration The Physical Interfaces -> Relay -> Relay Configuration menu consists of the following fields: Fields in the Relay Configuration Basic Parameters menu Field Port Mode Description Possible values: • 7 " / (default value): The relay is manually set to always open.
11 LAN Funkwerk Enterprise Communications GmbH Chapter 11 LAN In this menu, you configure the addresses in your LAN and can structure your local network using VLANs. 11.1 IP Configuration In this menu, you can edit the IP configuration of the LAN and Ethernet interfaces of your device. 11.1.1 Interfaces In the LAN -> IP Configuration -> Interfaces menu, the available IP interfaces are listed. You can edit the IP configuration of the interfaces or create virtual interfaces for special applications.
Funkwerk Enterprise Communications GmbH 11 LAN configuration, you will only be able to access your device over this IP address. The device will no longer obtain an IP configuration dynamically over DHCP. Example of subnets If your device is connected to a LAN that consists of two subnets, you should enter a second IP Address/Netmask. The first subnet has two hosts with the IP addresses 192.168.42.1 and 192.168.42.2, for example, and the second subnet has two hosts with the IP addresses 192.168.46.
11 LAN Funkwerk Enterprise Communications GmbH Field Description Based on Ethernet Inter- This field is only displayed if you are editing a virtual routing inface terface. Select the Ethernet interface for which the virtual interface is to be configured. Address Mode Select how an IP address is assigned to the interface. Possible values: • " " (default value): A static IP address is assigned to the interface in IP Address/Netmask.
11 LAN Funkwerk Enterprise Communications GmbH Field Description VLAN ID Only if Interface Mode = 4 $$ B3. 8C This option only applies for routing interfaces. Assign the interface to a VLAN by entering the VLAN ID of the relevant VLAN. Possible values are (default value) to & &.
11 LAN Funkwerk Enterprise Communications GmbH Field Description The function is activated by choosing 0 #2 . The function is disabled by default. TCP-MSS Clamping Select whether your device is to apply MSS Clamping. To prevent IP packets fragmenting, the MSS (Maximum Segment Size) is automatically decreased by the device to the value set here. The function is activated by choosing 0 #2 . The function is disabled by default. Once enabled, the default value ' is entered in the input field. 11.
Funkwerk Enterprise Communications GmbH 11 LAN Fig. 56: VLAN segmenting VLAN for Bridging and VLAN for Routing In the LAN -> VLAN menu, VLANs (virtual LANs) are configured with interfaces that operate in bridging mode. Using the VLAN menu, you can make all the settings needed for this and query their status. Caution For interfaces that operate in Routing mode, you only assign a VLAN ID to the interface. You define this via the parameter Interface Mode = 3.
11 LAN Funkwerk Enterprise Communications GmbH 11.2.1 VLANs In this menu, you can display all the VLANs already configured, edit your settings and create new VLANs. By default, the ? $ " VLAN is available, to which all interfaces are assigned. 11.2.1.1 Edit/New Choose the icon to edit existing entries. Choose the New button to configure other VLANs. Fig.
11 LAN Funkwerk Enterprise Communications GmbH Field Description For each entry, also select whether the frames to be transmitted from this port are to be transmitted " $$ (i.e. with VLAN information) or " $$ (i.e. without VLAN information). 11.2.2 Port Configuration In this menu, you can define and view the rules for receiving frames at the VLAN ports. Fig.
11 LAN Funkwerk Enterprise Communications GmbH Field Description Drop non-members If this option is enabled, all tagged frames that are tagged with a VLAN ID to which the selected port does not belong are discarded. 11.2.3 Administration In this menu, you make general settings for a VLAN. The options must be configured separately for each bridge group. Fig.
Funkwerk Enterprise Communications GmbH 12 Wireless LAN Chapter 12 Wireless LAN In the case of wireless LAN (WLAN = Wireless Local Area Network), this relates to the creation of a network using wireless technology. Network functions Like a wired network, a WLAN offers all the main network functions. Access to servers, files, printers, and the e-mail system is just as reliable as company-wide Internet access.
12 Wireless LAN Funkwerk Enterprise Communications GmbH An amendment to the Telecommunications Act (TKG) allowed the 5.8 GHz band (5755 MHz - 5875 MHz) to be used for so-called BFWA applications (Broadband Fixed Wireless Access). This simply requires registration with the Federal Network Agency. However, the use of TPC and DFS is mandatory in this case. 12.1 WLAN In the Wireless LAN -> WLANx menu, you can configure all the WLAN modules of your device.
Funkwerk Enterprise Communications GmbH Fig.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Fig. 62: Wireless LAN WLAN Radio Settings for Operation Mode = The Wireless LAN -> WLAN -> Radio Settings Settings -> +2 " menu consists of the fol- lowing fields: Fields in the Radio Settings Wireless Settings menu Field Description Operation Mode Define the mode in which the wireless module of your device is to operate. Possible values: • < (default value) The wireless module is not active.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description ture mode, all clients communicate with each other via access points only. There is no direct communication between the individual clients. • = : In ad-hoc mode, an access client can be used as central interface between a number of terminals. In this way, devices such as computers and printers can be wirelessly interconnected. Select the channel to be used.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description 7 " " and Operation Band = & >=For >=F Possible values: • 7 < " (default value) • 7 • < " IEEE 802.11d Compliance Only for Operating Mode = +2 " Possible values: • 2 ; #2 (default value) • 8 • " " Channel The number of channels you can selected depends on the country setting. Please consult the data sheet for your device.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description • For Operation Band = >=F 7 5< " and >=F < " and >=F < " Only the " option is possible here. Access Client mode: In Access Client mode you can only select the required channel in Client Mode = = . Possible values: • For Frequency Band = & >=F 7 5< " Possible values are to ' and " (default value).
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Possible values: • (default value): Two traffic flows are used. • : One traffic flow is used. Max. Link Distance Only for Operation Mode = ( $ Enter the maximum link range. If the , 2" option is enabled, the automatically generated range is used. If this option is not enabled, enter the desired maximum value in the m field. The , Transmit Power 2" option is enabled by default.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description • #: Your device operates only in accordance with 802.11b and forces all clients to adapt to it. • ; B#5$C: Your device adapts to the client technology and operates according to either 802.11b or 802.11g. • ; 2 $ B#5$C: Your device adapts to the client technology and operates according to either 802.11b or 802.11g. Only a data rate of 1 and 2 mbps needs to be supported by all clients (basic rates).
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description automatically. • @3 2 A: Depending on the setting for Operation Band, Bandwidth, Number of spatial streams and Wireless Mode, different whole values in mbps will be available for selection. Burst Mode Activate this function to increase the transmission speed for 802.11g through frame bursting. As a result, several packets are sent one after the other without a waiting period.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Enter the time in milliseconds between the sending of two beacons. This value is transmitted in Beacon and Probe Response Frames. Possible values are to ' . The default value is msec. DTIM Period Only if Operation Mode = with Client Mode = . " or +2 " Enter the interval for the Delivery Traffic Indication Message (DTIM).
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Possible values are to . The default value is E. Long Retry Limit Enter the maximum number of attempts to send a data packet of length less than or equal to the value defined in RTS Threshold. After this many failed attempts, the packet is discarded. Possible values are to . The default value is &. Fragmentation Threshold Enter the maximum size as of which the data packets are to be fragmented (i.e.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Scan channels Choose the channels which the WLAN client automatically scans for available wireless networks. Possible values: • 22 (default value): All channels are scanned. • " : The channel is automatically selected. • , 9 defined. Roaming Profile : The desired channels can therefore be Select the roaming profile. The options available include typical roaming functions.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description 6 $. The default value is . The value disables the scan in the background. The value enables the scan of all available frequencies. Min. Time Period for Act- Indicates the minimum time in milliseconds a frequency is active Scan ively scanned. The value can only be changed for Roaming Profile = + 6 $. The default value is . Max.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Possible values are to . The default value is E. Long Retry Limit Enter the maximum number of attempts to send a data packet of length less than or equal to the value defined in RTS Threshold. After this many failed attempts, the packet is discarded. Possible values are to . The default value is &. Fragmentation Threshold Enter the maximum size as of which the data packets are to be fragmented (i.e.
12 Wireless LAN Funkwerk Enterprise Communications GmbH In contrast to a LAN set up over Ethernet, a wireless LAN does not have any cables for setting up a permanent connection between the server and clients. Access violations or faults may therefore occur with directly adjacent radio networks. To prevent this, every radio network has a parameter that uniquely identifies the network and is comparable with a domain name.
Funkwerk Enterprise Communications GmbH 12 Wireless LAN office, Home office). Therefore, all the wireless LAN subscribers must know the PSK, because it is used to generate the session key. WPA2 WPA2 is the enhancement of WPA. In WPA2, the 802.11i standard is not only implemented for the first time in full, but another encryption algorithm AES (Advanced Encryption Standard) is also used.
12 Wireless LAN Funkwerk Enterprise Communications GmbH 12.1.2.1 Virtual Service Sets ->New/ Choose the icon to edit existing entries. Choose the New button to configure other wire- less networks. Fig.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description The function is enabled by default. ARP Processing Select whether the ARP processing function should be enabled. The ARP data traffic is reduced in the network by the fact that ARP broadcasts that have been converted to ARP unicasts are forwarded to IP addresses that are known internally. Unicasts are quicker and clients with an enabled power save function are not addressed. The function is activated by choosing 0 #2 .
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description • 7 " / (default value): Neither encryption nor authentication • 0 & : WEP 40 Bit • 0 &: WEP 104 Bit • : WPA Preshared Key • 0 " ! Transmit Key : 802.11x Only if Security Mode = 0 & G 0 & Select one of the keys configured in WEP Key <1 - 4> as the default key. The default value is - . WEP Key 1-4 Only if Security Mode = 0 & , 0 & Enter the WEP key.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description • 0 : AES is used. • 0 4 7 : AES or TKIP is used. WPA2 Cipher Only for Security Mode = and 0 " ! and for WPA Mode = and Select the type of encryption you want to apply to WPA2. Possible values: • 0 (default value): AES is used. • 0 4 7 : AES or TKIP is used. Preshared Key Only if Security Mode = Enter the WPA password. Enter an ASCII string with 8 - 63 characters.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Allowed Addresses Use Add to make entries and enter the MAC addresses (MAC Address) of the clients to be permitted. 12.1.3 WDS Links If you operate your device in access point mode (Wireless LAN -> WLAN -> Wireless Module Settings-> ->Operation Mode = "), you can set up and edit the desired WDS links in the Wireless LAN -> WLAN -> WDS Links-> ->/New menu. Important The WDS link can only be configured in the 2.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Fig. 65: Wireless LAN -> WLAN -> WDS Links-> The Wireless LAN -> WLAN -> WDS Links-> ->/New ->/New menu consists of the following fields: Fields in the WDS Links Basic Parameters menu Field Description WDS Description Enter a name for the WDS link. If the , " option is activated, the generated name of the interface is automatically used. If the option is not activated, you can enter a suitable name in the input field.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description and in Transmission Key , select the default key. • 0 &: Data traffic on this WDS link is encrypted with WEP104. In WEP Key 1 - 4, enter the key for this WDS link and in Transmission Key , select the default key. • : Data traffic on this WDS link is encrypted with WPA. Enter the key for this WDS link in Preshared Key. • : Data traffic on this WDS link is encrypted with WPA.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Fields in the Remote Partner menu Field Description Remote MAC Address Enter the MAC address of the WDS partner. 12.1.4 Client Link If you operate your device in access client mode (Wireless LAN -> WLAN -> Radio Settings-> ->Operation Mode = +2 "), you can edit the available Client Links in the Wireless LAN -> WLANx -> Client Links-> -> menu. The client mode can be operated in infrastructure mode or in ad-hoc mode.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Fields in the Client Link Basic Parameters menu Field Description Network Name (SSID) Enter the name of the wireless network (SSID). Enter an ASCII string with a maximum of 32 characters. Fields in the Client Link Security Settings menu Field Description Security Mode Select the security mode (encryption and authentication) for the wireless network.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description • (default value): Only WPA is used. • : Only WPA2 is used. Preshared Key Only if Security Mode = Enter the WPA password. Enter an ASCII string with 8 - 63 characters. WPA Cipher Only for Security Mode = and WPA Mode = Select which encryption method should be used. Possible values: • 4 7 (default value): Temporal Key Integrity Protocol. • 0 : Advanced Encryption Standard.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Fig. 67: Wireless LAN -> WLAN -> Client Link->Scan After successful scanning, a selection of potential scan partners is displayed in the scan list. In the Action column, click [Select] to connect the local clients with this client. If the partners are connected with one another, the icon appears in the Connected column. The icon appears in the Connected column if the connection is active.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Signal Displays the signal strength of the detected client link in dBm. Connected Displays the status of the link on your client. Action You can change the status of the client link. The available actions are displayed in this field. 12.1.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Caution Never connect two bridges that have set up a connection to each other with radio to the same LAN segment. This leads to unavoidable overloading of your network and stops all network traffic. Some of the possible network topologies are described here to give you an overview of the options available when you use bintec bridges. Fig. 68: Point-to-point topology Fig.
Funkwerk Enterprise Communications GmbH 12 Wireless LAN Fig. 70: Wireless backbone Fig. 71: Wireless bridge with connection of wireless clients To be able to set up a wireless link to bintec bridges, an uninterrupted view must exist between the antennas at both ends. This is called a line of sight, abbreviated to LOS. The term line of sight does not just mean a straight line of vision between the two antennas, but a kind of tunnel, which must not be disturbed by obstacles.
12 Wireless LAN Funkwerk Enterprise Communications GmbH gitudinal axis. At least 60 % of the 1st Fresnel zone must remain free of obstacles. The radius (or the small semi-axis) depends on the frequency used and the distance between the antennas. Fig. 72: 1. Fresnel zone Example: Radius of 1st Fresnel zone as a function of distance from transmit antenna for antenna separation of 5 km at 2.45 GHz.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Distance from transmit an- Radius of 1st Fresnel zone Radius at 60 % of tenna (km) (m) 1st Fresnel zone (m) 4,500 7,4 5,7 4,750 5,4 4,2 Example: Radius of 1st Fresnel zone as a function of distance to the transmit antenna for a distance of 700 m at 2.45 GHz.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Fig. 73: Antenna connection A label containing details of the two antennas is located on the back of the device. The primary antenna is designated Ant 1. 12.1.5.1 Bridge Links -> New/ Choose the icon to edit existing entries. Choose the New button to configure other bridge links. Fig.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description If the option is not activated, you can enter a suitable name in the input field. The , Remote Configuration " option is enabled by default. Select whether setup of a bridge link from a remote bridge is to be permitted. Possible values: • 22 (default value): It is possible to set up a bridge link from a remote bridge. • 9 : It is not possible to set up a bridge link from a remote bridge.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Fig. 75: Wireless LAN -> WLAN -> Bridge Links -> Automatic Bridge Link Configuration After successful scanning, a selection of potential bridge partners is displayed in the scan list. In the Action column, click on [Connect] to connect the local bridge with this bridge. If the partners are connected with one another, the icon appears in the Connected column. The icon appears in the Connected column if the connection is active.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Remote Link Description Displays the name of the bridge link configured on the remote bridge. Remote Device Name Displays the name of the remote bridge. Signal dBm Displays the signal strength of the detected bridge link. Remote MAC Address Shows the MAC address of the remote bridge. Remote Link Enabled Displays the status of the link on the remote bridge. Connected Displays the status of the link on your bridge.
12 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Region Select the country in which the access point is to be run. Possible values are all the countries configured on the device's wireless module. The range of channels available for selection (Channel in the WLAN Wireless Modules menu) changes depending on the country setting. The default value is > -.
Funkwerk Enterprise Communications GmbH 13 Wireless LAN Controller Chapter 13 Wireless LAN Controller By using the wireless LAN controller, you can set up and manage a WLAN infrastructure with up to 24 access points (APs). The WLAN controller has a Wizard which assists you in the configuration of your access points. The system uses the CAPWAP protocol (Control and Provisioning of Wireless Access Points Protocol) for any communication between masters and slaves.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH The wireless LAN controller uses the following settings: Region Select the country in which the wireless controller is to be operated. Note: The range of channels that can be used varies depending on the country setting. Interface Select the interface to be used for the wireless controller. DHCP Server Select whether an external DHCP server shall assign IP addresses to the APs or if your device should be used as the DHCP server.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Click on to edit an existing entry. You can also delete entries with the aid of . With Add, you can create new entries. You can create up to eight wireless networks (VSS) for a wireless module. Note: If you wish to use the default wireless network that is set up, then you must at least change the Preshared Key parameters. Otherwise you will be prompted. 13.1.3.1 Change or add wireless networks Click on to edit an existing entry.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Depending on whether you wish to use WPA or WPA 2 or both, select for Security Mode = or 0 " ! . WPA Cipher Depending on which encryption you wish to use with WPA, select for Security Mode = or 0 " ! and for WPA Mode = or . WPA2 Cipher Depending on which encryption you wish to use with WPA2, select for Security Mode = or 0 " ! and for WPA Mode = or .
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH 13.1.4 Start automatic installation You will see a list of all detected access points. If you wish to change the settings of a detected AP, click on in the corresponding entry. You will see the settings for all selected access points. You can change these settings. The following parameters are available: Location Displays the stated locality of the AP. You can enter another locality.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Displays the transmission power in dBm. You can select another transmission power. By pressing OK you apply the settings in the Access Point Settings window. Select the access points that your WLAN controller shall manage. In the Manage column, click on the desired entries or click on Select All in order to select all entries. Click on Start in order to install the WLAN and automatically assign the frequencies.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH 13.2.1 General Fig. 77: Wireless LAN Controller -> Controller Configuration -> General The Wireless LAN Controller -> Controller Configuration -> General menu consists of the following fields: Fields in the General Basic Settings menu Field Description Region Select the country in which the wireless LAN controller is to be operated. Possible values are all the countries configured on the device's wireless module.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description and slaves. Note: Make sure that option 138 is active when using an external DHCP server. Possible values: • 9=+ / "1 #2 + !" B ' C% 0;" 2 (default value): An external DHCP server with active CAPWAP option 138 assigns the IP addresses to the APs. • 9=+ / "1 #2 + !" B ' C% 7 " 2: Your device, on which the CAPWAP option 138 is active, assigns the IP addresses to the APs.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH 13.3.1 Slave Access Points Fig. 78: Wireless LAN Controller -> Slave AP configuration -> Slave Access Points In the Wireless LAN Controller -> Slave AP configuration -> Slave Access Points menu, a list of all located APs is displayed with help from the Wizard. For each access point you will see an entry with a parameter set (Location, Device, IP Address, MAC Address, Status).
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH 13.3.1.1 Edit Choose the icon to edit existing entries. You can also delete entries with the aid of . If you have deleted APs, these will be loc- ated again but shall not be configured. Fig.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description CAPWAP Encryption Select whether communication between the master and slaves is to be encrypted. The function is activated by choosing 0 #2 . The function is enabled by default. You can override the encryption in order to view the communication for debugging purposes. Location Displays the stated locality of the AP. You can enter another locality. 13.3.2 Radio Modules Fig.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Click on the Start button under Channel Reallocation in order to reassign any assigned channels, e.g. when a new access point has been added. 13.3.2.1 Edit Choose the icon to edit existing entries. Fig.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description You can select another wireless module profile from the list if several wireless module profiles are set up. Channel Displays the channel that is assigned. You can select another channel. The number of channels you can selected depends on the country setting. Please consult the data sheet for your device.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description Possible values: • ? ; (default value): The maximum antenna power is used. • ( • ( • ( • & ( • ( Assigned Wireless Networks (VSS) Displays the wireless networks that are currently assigned. 13.3.3 Radio Profiles Fig.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH 13.3.3.1 Edit/New Choose the icon to edit existing entries. Select the Newbutton in order to create new wireless module profiles. Fig.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description Possible values: • < (default value) The wireless module profile is not active. • ": Your device is used as an access point in your network. Operation Band Select the frequency band of the wireless module profile. Possible values: • & >=F 7 5< " (default value): Your device is operated at 2.4 GHz (mode 802.11b, mode 802.11g and mode 802.11n), inside or outside buildings.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description • (default value): Two traffic flows are used. • : One traffic flow is used. Fields in the Wireless Modules Performance Settings menu Field Description Wireless Mode Select the wireless technology that the access point is to use. For Frequency Band = G& >=F 7 5< " Possible values: • #5$5 : Your device operates according to either 802.11b, 802.11g or 802.11n.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description Possible values: • 5 : Your device operates according to either 802.11a or 802.11n. • : Your device operates only according to 802.11n. • : The device operates only in accordance with 802.11a. Max. Transmission Rate Select the transmission speed. Possible values: • " (default value) The transmission speed is determined automatically.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description Possible values: • 22: All channels can be dialled when a channel is selected. • " : Depending on the region, operation band, wireless mode and bandwidth, the channels that have a distance of 4 channels are provided. • , 9 self. User Defined Channel Plan : You can select the desired channels your- Only for Channel Plan = , . The currently selected channels are displayed here.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description Short Guard Interval Enable this function to reduce the guard interval (= time between transmission of two data symbols) from 800 ns to 400 ns. Short Retry Limit Enter the maximum number of attempts to send a frame of length less than or equal to the value defined in RTS Threshold. After this many failed attempts, the packet is discarded. Possible values are to . The default value is E.
Funkwerk Enterprise Communications GmbH 13 Wireless LAN Controller 13.3.4 Wireless Networks (VSS) Fig. 84: Wireless LAN Controller -> Slave AP Configuration -> Wireless Networks (VSS) In the Wireless LAN Controller -> Slave AP Configuration -> Wireless Networks (VSS) menu, an overview of all wireless networks that have been created is displayed. A wireless network is created by default.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Fig. 85: Wireless LAN Controller -> Slave AP Configuration -> Wireless Networks (VSS) -> /New The Wireless LAN Controller -> Slave AP Configuration -> Wireless Networks (VSS) > /New menu consists of the following fields: Fields in the Virtual Service Sets Service Set Parameters menu Field Description Network Name (SSID) Enter the name of the wireless network (SSID). Enter an ASCII string with a maximum of 32 characters.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description The function is enabled by default. ARP Processing Select whether the ARP processing function should be enabled. The ARP data traffic is reduced in the network by the fact that ARP broadcasts that have been converted to ARP unicasts are forwarded to IP addresses that are known internally. Unicasts are quicker and clients with an enabled power save function are not addressed.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description • 7 " / (default value): Neither encryption nor authentication • 0 & : WEP 40 Bit • 0 &: WEP 104 Bit • : WPA Preshared Key • 0 " ! Transmit Key : 802.11x Only if Security Mode = 0 & G 0 & Select one of the keys configured in WEP Key <1 - 4> as the default key. The default value is - . WEP Key 1-4 Only if Security Mode = 0 & , 0 & Enter the WEP key.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description • 0 : AES is used. • 0 4 7 : AES or TKIP is used. WPA2 Cipher Only for Security Mode = and 0 " ! and for WPA Mode = and Select the type of encryption you want to apply to WPA2. Possible values: • 0 (default value): AES is used. • 4 7 : TKIP is used. • 0 4 7 : AES or TKIP is used. Preshared Key Only if Security Mode = Enter the WPA password.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description ACL Mode Select whether only certain clients are to be permitted for this wireless network. The function is activated by choosing 0 #2 . The function is disabled by default. Allowed Addresses Use Add to make entries and enter the MAC addresses (MAC Address) of the clients to be permitted.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH 13.4.1 Active Clients Fig. 86: Wireless LAN Controller -> Monitoring -> Active Clients In the Wireless LAN Controller -> Monitoring -> Active Clients menu, the current values of all active clients are shown. For each Active Client you will see an entry with a parameter set (Location, VSS, Client MAC, Signal (dBm), Status, Uptime). Possible values for Status Status Meaning Open The client is no longer in a valid status.
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH 13.4.2 Neighbor APs Fig. 87: Wireless LAN Controller -> Monitoring -> Neighbor APs In the Wireless LAN Controller -> Monitoring -> Neighbor APs menu, all neighbouring APs that are located during the scan are displayed. For each neighbouring AP you will see an entry with a parameter set (Detected via AP, MAC Address, SSID, Signal (dBm), Channel, Last Seen; under Detected via AP you will see the locality of the respective device).
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH 13.5.1 Firmware Maintenance Fig. 88: Wireless LAN Controller -> Maintenance -> Firmware Maintenance In the Wireless LAN Controller -> Maintenance -> Firmware Maintenance a list of all Managed Access Points is displayed. For each managed AP you will see an entry with a parameter set (Update firmware, Location, Device, IP Address, MAC Address, Firmware Version , Status).
13 Wireless LAN Controller Funkwerk Enterprise Communications GmbH Field Description that are required. Possible values: • ,! " - " " : You can also start an update of the system software. • / $ " "1 " " " : You can save a configuration which contains the AP status information. Source Location Select the source for the action. Possible values: • =44 / (default value): The file is stored respectively on a remote server specified in the URL.
Funkwerk Enterprise Communications GmbH 14 Routing Chapter 14 Routing 14.1 Routes Default Route With a default route, all data is automatically forwarded to one connection if no other suitable route is available. If you set up access to the Internet, you must configure the route to your Internet Service Provider (ISP) as a default route.
14 Routing Funkwerk Enterprise Communications GmbH Fig. 89: Routing -> Routes -> IP Routes -> New with Extended Route = 8 " " / " If the 0;" 6 " opens. option is selected for Route Class, an extra configuration section Fig.
14 Routing Funkwerk Enterprise Communications GmbH The Routing -> Routes -> IP Routes-> New menu consists of the following fields: Fields in the IP Routes Route Class menu Field Description Extended Route Select whether the route is to be defined with extended parameters.
14 Routing Funkwerk Enterprise Communications GmbH Field Description • in the WAN: You define a route without a transit network. • 7 ": • in the LAN: You define a gateway route. • in the WAN: You define a route with a transit network. Local IP Address Only for Network Type = 9 ". Enter the IP address of the gateway to which your device is to forward the IP packets. Gateway Only for Network Type = 7 ". Enter the IP address of the host to which your device is to forward the IP packets.
14 Routing Funkwerk Enterprise Communications GmbH Field Description First select the port number range. Possible values: • - (default value): The route is valid for all port numbers. • $2 : Enables the entry of a port number. • 6 $ : Enables the entry of a range of port numbers. • / 2 $ : Entry of privileged port numbers: 0 ... 1023. • / : Entry of server port numbers: 5000 ... 32767. • +2 " : Entry of client port numbers: 1024 ... 4999.
14 Routing Funkwerk Enterprise Communications GmbH Field Description Possible values: • 7$ (default value): The type of service is ignored. • 9 + : Relates to a Differentiated Services Code Point to RFC 3260. • 4< ( - 3 2 : The TOS value is specified in binary format, e.g. 00111111. • 4< 9 2 3 2 format, e.g. 63. : The TOS value is specified in decimal Enter the relevant value for 9 + , 4< ( - 3 2 4< 9 2 3 2 .
14 Routing Funkwerk Enterprise Communications GmbH Fig. 91: Routing -> Routes -> Options The Routing -> Routes -> Options menu consists of the following fields: Fields in the Options Back Route Verify menu Field Description Mode Select how the interfaces to be activated for Back Route Verify are to be specified. Possible values: • 0 #2 22 7 " ated for all interfaces.
14 Routing Funkwerk Enterprise Communications GmbH Field Description Back Route Verify Only for Mode = 0 #2 Select whether 6 " 6 " this interface. ! " +1 $ is to be enabled for The function is activated with 0 #2 . By default, the function is deactivated for all interfaces.
14 Routing Funkwerk Enterprise Communications GmbH Fig. 92: Routing -> NAT ->NAT Interfaces For each NAT interface, you can select the options 8 4 " / , 2 " 9 - and 4 "1 $1. In addition, " $ displays how many port forwarding rules were configured for this interface. Options in the menu NAT Interfaces Field Description NAT active Select whether NAT is to be activated for the interface. The function is disabled by default.
14 Routing Funkwerk Enterprise Communications GmbH Field Description Portforwardings Shows the number of portforwarding rules configured in Routing -> NAT -> Portforwarding. 14.2.2 NAT Configuration In the Routing -> NAT -> NAT Configuration menu you can exclude data from NAT in a simple and convenient manner. You can configure var- ious NAT methods. You can determine how an external host establishes a con- nection to an internal host (refer to RFC 3489). 14.2.2.
14 Routing Funkwerk Enterprise Communications GmbH Field Type of traffic Description Select the type of data traffic for which NAT is to be configured. Possible values: • $ B9 " " 8 4C (default value): The data traffic that comes from outside. • "$ $ B side. • NAT method 8 4C : The data traffic that goes out- ; 2 / B "1 " 8 4C : The data traffic that is excluded from NAT. Only for Type of traffic = "$ $ B 8 4C. Select the NAT method for outgoing data traffic.
14 Routing Funkwerk Enterprise Communications GmbH Field Description method = 22 , " " . " " or ! " Select one of the preconfigured services. Possible values: • , (default value) • @ / Protocol A For certain services only. Not for Type of traffic = "$ $ B 8 4C and NAT method = 22 , " " or ! " " " . In this case, UDP is selected automatically. Select a protocol.
14 Routing Funkwerk Enterprise Communications GmbH Field Description • -!" 2 • . 4 • < • , • 69 • 6 3 • 7 • 4+ • 4. • ,9 • 366 • D8 79 Source IP Address / NetEnter the source IP address and, if required, the corresponding mask netmask of the original data packets. Source Port Only for Type of traffic = "$ $ B 8 4C, NAT method = - " 1 and Service = , . Enter the source port of the original data pack- ets.
14 Routing Funkwerk Enterprise Communications GmbH Field Description New Destination IP Address/Netmask Only for Type of Traffic = $ B9 New Destination Port " " 8 4C. Enter the destination IP address and, if required, the corresponding netmask to which the original destination IP address is to be translated. Only for Type of Traffic = $ B9 " " 8 4C.
Funkwerk Enterprise Communications GmbH 14 Routing 14.3 RIP The entries in the routing table can be defined statically or the routing table can be updated constantly by dynamic exchange of routing information between several devices. This exchange is controlled by a Routing Protocol, e.g. RIP (Routing Information Protocol). By default, about every 30 seconds (this value can be changed in Update Timer), a device sends messages to remote networks using information from its own current routing table.
14 Routing Funkwerk Enterprise Communications GmbH 14.3.1.1 Edit For each RIP interface, you can, in the / 3 and 6 " menu, select the options 3 , 6 . Fig.
14 Routing Funkwerk Enterprise Communications GmbH Field Description • 67 3 ? 2" ": For sending RIP V2 messages over the multicast address 224.0.0.9. • 67 3 4 $$ : RIP V1 messages are sent, received and processed as per RFC 2091 (triggered RIP). • 67 3 4 $$ : RIP V2 messages are sent, received and processed as per RFC 2091 (triggered RIP).
14 Routing Funkwerk Enterprise Communications GmbH 14.3.2 RIP Filter In this menu, you can specify exactly which routes are to be exported or imported. You can use the following strategies for this: • You explicitly deactivate the import or export of certain routes. The import or export of all other routes that are not listed is still allowed. • You explicitly activate the import or export of certain routes. In this case, you must also explicitly deactivate the import or export of all other routes.
14 Routing Funkwerk Enterprise Communications GmbH lect the position to which the filter is to be moved. 14.3.2.1 New Choose the New button to set up more RIP filters. Fig. 97: Routing -> RIP -> RIP Filter -> New The Routing -> RIP -> RIP Filter -> New menu consists of the following fields: Fields in the RIP Filter Basic Parameters menu Field Description Interface Select the interface to which the rule to be configured applies.
14 Routing Funkwerk Enterprise Communications GmbH Field Description Metric Offset for Active Interfaces Select the value to be added to the route metric if the status of the interface is "up". During export, the value is added to the exported metric if the interface status is "up". Possible values are to . The default value is . Metric Offset for Inactive Select the value to be added to the route metric if the status of Interfaces the interface is "dormant".
14 Routing Funkwerk Enterprise Communications GmbH Field Description ceiving RIP updates, is only for test purposes. If the setting is changed, this can mean that your device sends and listens at a port that no other devices use. The default value 520 should be retained. Default Route Distribution Select whether the default route of your device is to be propagated via RIP updates. The function is activated with 0 #2 . The function is enabled by default.
14 Routing Funkwerk Enterprise Communications GmbH Fields in the RIP Options Timer for RIP V2 (RFC 2453) menu Field Description Update Timer Only for RFC 2453 Variable Timer = 0 #2 An RIP update is sent on expiry of this period of time. The default value is ' (seconds). Route Timeout Only for RFC 2453 Variable Timer = 0 #2 After the last update of a route, the route time is active. After timeout, the route is deactivated and the Garbage Collection Timer is started.
Funkwerk Enterprise Communications GmbH 14 Routing 14.4 Load Balancing 14.4.1 Load Balancing Groups The increasing amount of data traffic over the Internet means it is necessary to send data over different interfaces to increase the total bandwidth available.
14 Routing Funkwerk Enterprise Communications GmbH following fields: Fields in the Load Balancing Groups Basic Parameters menu Field Description Group Description Enter the desired description of the interface group. Distribution Policy Select the way the data traffic is to be distributed to the interfaces configured for the group.
14 Routing Funkwerk Enterprise Communications GmbH In the Interface Selection for Load Balancing area, you add and configure interfaces that match the current group context. You can also delete interfaces. Use Add to create entries. Fields in the Load Balancing Groups Interface Selection for Distribution menu Field Description Interface Select the interfaces that are to belong to the group from the available interfaces.
14 Routing Funkwerk Enterprise Communications GmbH Address range for multicast For, IPv4 the IP addresses 224.0.0.0 to 239.255.255.255 (224.0.0.0/4) are reserved for multicast in the class D network. An IP address from this range represents a multicast group to which several recipients can log in. The multicast router then forwards the required packets to all subnets with logged in recipients.
14 Routing Funkwerk Enterprise Communications GmbH passed. • IGMP: IGMP is used to gather information about the potential recipients in a subnet. In the case of a hop, incoming multicast data traffic can thus be selected. Tip With multicast, the focus is on excluding data traffic from unwanted multicast groups. Note that if forwarding is combined with IGMP, the packets can be forwarded to the groups specified in the forwarding request. 14.5.
14 Routing Funkwerk Enterprise Communications GmbH Field Description All Multicast Groups Select whether all multicast groups, i.e. the complete multicast address range 224.0.0.0/4, are to be forwarded from the defined Source Interface to the defined Destination Interface To do this, check Enabled Disable the option if you only want to forward one defined multicast group to a particular interface. The option is deactivated by default.
14 Routing Funkwerk Enterprise Communications GmbH 14.5.2.1 New Choose the New button to configure IGMP on other interfaces. Fig. 101: Routing -> Multicast -> IGMP -> The Routing -> Multicast -> IGMP -> /New /New menu consists of the following fields: Fields in the IGMP IGMP Settings menu Field Description Interface Select the interface on which IGMP is to be enabled, i.e. queries are sent and responses are accepted.
14 Routing Funkwerk Enterprise Communications GmbH Field Description Possible values are to . The default value is . Robustness Select the multiplier for controlling the timer values. A higher value can e.g. compensate for packet loss in a network susceptible to loss. If the value is too high, however, the time between logging off and stopping of the data traffic can be increased (leave latency). Possible values are to . The default value is .
14 Routing Funkwerk Enterprise Communications GmbH Fig. 102: IGMP Proxy The Advanced Settings menu consists of the following fields: Fields in the menu Advanced Settings Field Description IGMP Proxy Select whether your device is to forward the hosts' IGMP messages in the subnet via its defined Proxy Interface. Proxy Interface Select the interface on your device via which queries are to be received and collected. 14.5.3 Options In this menu, you can enable and disable IGMP on your system.
14 Routing Funkwerk Enterprise Communications GmbH Fig. 103: Routing -> Multicast -> Options The Routing -> Multicast -> Options menu consists of the following fields: Fields in the Options Basic Settings menu Field Description IGMP Status Select the IGMP status. Possible values: • " (default value) Multicast is activated automatically for hosts if the hosts open applications that use multicast. • " / : Multicast is always on. • 9 : Multicast is always off.
14 Routing Funkwerk Enterprise Communications GmbH Field Description ternally and in reports. Maximum Sources Enter the maximum number of sources that are specified in version 3 reports and the maximum number of internally managed sources per group. IGMP State Limit Enter the maximum permitted total number of incoming queries and messages per second. The default value is , i.e. the number of IGMP status messages is not limited. 14.
14 Routing Funkwerk Enterprise Communications GmbH Fig. 104: Routing -> QoS -> QoS Filter -> New The Routing-> QoS -> QoS Filter -> New menu consists of the following fields: Fields in the QoS Filter Basic Parameters menu Field Description Description Enter the name of the filter. Protocol Select a protocol. Possible values: 2 "!, 1, +1 , " / -, $!, !, $$!, $ , 1 !, !, $ !, 7> , $ !, 7 , ! !, !/ , 7 D 7 , 7 < 7 , -!" 2 , ! , ! , ! !, !, /!, 7 , " !, 4.
14 Routing Funkwerk Enterprise Communications GmbH Field Description The default value is - . Connection State If Protocol = " !, you can define a filter that takes the status of the TCP connections into account. Possible values: • 0 " #2 1 : All TCP packets that would not open any new TCP connection on routing over the gateway match the filter. • - (default value): All TCP packets match the filter.
14 Routing Funkwerk Enterprise Communications GmbH Field Description used to signal the priority of IP packets (indicated in binary format; currently not implemented). • 9 + 9 2 3 2 : Differentiated Services Code Point is used to signal the priority of IP packets (indicated in decimal format; possible values to '; currently not implemented). • 4< ( - 3 2 : Type of Service is used to signal the priority of IP packets (indicated in binary format).
14 Routing Funkwerk Enterprise Communications GmbH Fig. 105: Routing -> QoS -> QoS Classification -> New The Routing -> QoS -> QoS Classification -> New menu consists of the following fields: Fields in the QoS Classification Basic Parameters menu Field Description Class map Choose the class plan you want to create or edit. Possible values: • 8 (default value): You can create a new class plan with this setting.
14 Routing Funkwerk Enterprise Communications GmbH Field Description Routing -> QoS -> QoS Filter menu. Direction Select the direction of the data packets to be classified. Possible values: • 7 $ : Incoming data packets are to be classified. • < "$ $ (default value): Outgoing data packets are to be classified. • ( "1 : Incoming and outgoing data packets are to be classified. High Priority Class Enable or disable the high priority class.
14 Routing Funkwerk Enterprise Communications GmbH Packets in the high-priority class always take priority over data with class IDs 1... 254. It is possible to assign or guarantee each queue and thus each data class a certain part of the total bandwidth of the interface. In addition, you can optimise the transmission of voice data (real time data).
14 Routing Funkwerk Enterprise Communications GmbH Field Description Priorisation algorithm Select the algorithm according to which the queues are to be processed. This activates and deactivates QoS on the selected interface. Possible values: • "- I $(default value): QoS is activated on the interface. The available bandwidth is distributed strictly according to the queue priority. • $1" 6 6 # : QoS is activated on the interface.
14 Routing Funkwerk Enterprise Communications GmbH Field Description • 0"1 " (default value) • 0"1 " 3. 8 • 0 • 0 3. 8 • 7 / 0"1 " • 7 / 0"1 " 3. 8 • 7 / / 0"1 " • 7 / 0 3. 8 Real Time Jitter Control Only enabled for Transmit Shaping. Real Time Jitter Control optimises latency when forwarding real time datagrams. The function ensures that large data packets are fragmented according to the available upload bandwidth.
14 Routing Funkwerk Enterprise Communications GmbH Field Description real time data is routed. Queues/Policies Configure the desired QoS queues. For each class created from the class plan, which is associated with the selected interface, a queue is generated automatically and displayed here (only for outgoing classified data traffic and for data traffic classified in both directions). Add a new entry with Add. The Edit Queues/Policies menu opens.
14 Routing Funkwerk Enterprise Communications GmbH Field Weight Description Only if Priorisation algorithm = $1" 6 6 # or $1" I $ Choose the weight of the queue. Possible values are to &. The default value is . RTT Mode (Realtime Traffic Mode) Active or deactivate the real time transmission of the data. The function is activated with 0 #2 . The function is disabled by default. RTT Mode should be activated for QoS classes in which real time data has priority.
14 Routing Funkwerk Enterprise Communications GmbH Field Description on the interface. If Overbooking allowed is deactivated, the queue can never occupy bandwidth beyond the bandwidth limit that has been set. The function is activated with 0 #2 . The function is disabled by default. Burst size Only for Traffic Shaping = Enabled. Enter the maximum number of bytes that may still be transmitted temporarily when the data rate permitted for this queue has been reached. Possible values are to & .
15 WAN Funkwerk Enterprise Communications GmbH Chapter 15 WAN This menu offers various options for configuring accesses or connections from your LAN to the WAN. You can also optimise voice transmission here for telephone calls over the Internet. 15.1 Internet + Dialup In this menu, you can set up Internet access or dialup connections. To enable your device to set up connections to networks or hosts outside your LAN, you must configure the partners you want to connect to on your device.
15 WAN Funkwerk Enterprise Communications GmbH Default Route With a default route, all data is automatically forwarded to one connection if no other suitable route is available. Access to the Internet should always be set up as the default route to the Internet Service Provider (ISP). Further information on possible route types can be found under Routing -> Routes. Activating NAT With Network Address Translation (NAT), you conceal your whole network to the outside world behind one IP address.
Funkwerk Enterprise Communications GmbH 15 WAN 15.1.1 PPPoE In the WAN -> Internet + Dialup -> PPPoE menu, a list of all PPPoE interfaces is shown. PPP over Ethernet (PPPoE) is the use of the Point-to-Point Protocol (PPP) network protocol over an Ethernet connection. Today, PPPoE is used for ADSL connections in Germany. In Austria, the Point To Point Tunnelling Protocol (PPTP) was originally used for ADSL access. However, PPPoE is now offered here too by some providers. 15.1.1.
15 WAN Funkwerk Enterprise Communications GmbH Field Description Description Enter a name to uniquely identify the PPPoE partner. The first character in this field must not be a number and no special characters or umlauts must be used. PPPoE Mode Select whether you want to use a standard Internet connection over PPPoE ( " ) or your Internet access is to be set up over several interfaces ( ? 2" 2 ).
15 WAN Funkwerk Enterprise Communications GmbH Field Description The function is activated with 0 #2 . The function is disabled by default. Only activate this option if you have Internet access with a flatrate charge. Connection Idle Timeout Only if Always on is disabled. Enter the idle time in seconds for static short hold. The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection.
15 WAN Funkwerk Enterprise Communications GmbH Field Description The function is enabled by default. Local IP Address Only if IP Address Mode = " " Enter the static IP address of the connection partner. Route Entries Only if IP Address Mode = " " Define other routing entries for this connection partner. Add a new entry with Add. • 6 " 7 network. : IP address of the destination host or • 8 " : Netmask of Remote IP Address. If no entry is made, your device uses a default netmask.
15 WAN Funkwerk Enterprise Communications GmbH Field Description encrypted. • 5+= : Primarily run CHAP, otherwise PAP. • ? += / : Only run MS-CHAP version 1 (PPP Microsoft Challenge Handshake Authentication Protocol). • 5+= 5? += : Primarily run CHAP, on denial then the authentication protocol required by the connection partner. (MSCHAP version 1 or 2 possible.) • ? += / : Run MS-CHAP version 2 only. • 8 : Some providers use no authentication. In this case, select this option.
15 WAN Funkwerk Enterprise Communications GmbH 15.1.2.1 New Choose the New button to set up new PPTP interfaces. Fig. 108: WAN -> Internet + Dialup -> PPTP -> New The WAN -> Internet + Dialup -> PPTP -> New menu consists of the following fields: Fields in the PPTP Basic Parameters menu Field Description Description Enter a name for uniquely identifying the internet connection. The first character in this field must not be a number and no special characters or umlauts must be used.
15 WAN Funkwerk Enterprise Communications GmbH Field Description If you want to use an external DSL modem, select the Ethernet port to which the modem is connected. When using the internal DSL modem, select here the EthoA interface, e.g. "1 , configured for this connection in Physical Interfaces-> ATM-> Profiles-> New. The default value is 8 " ! . User Name Enter the user name. Password Enter the password. Always on Select whether the interface should always be activated.
15 WAN Funkwerk Enterprise Communications GmbH Field Description ally assigned a temporarily valid IP address from the provider. • " " : You enter a static IP address. Default Route Select whether the route to this connection partner is to be defined as the default route. The function is activated with 0 #2 . The function is enabled by default. Create NAT Policy Specify whether Network Address Translation (NAT) is to be activated. The function is activated with 0 #2 .
15 WAN Funkwerk Enterprise Communications GmbH Field Description Maximum Number of Di- Enter the number of unsuccessful attempts to setup a connecalup Retries tion before the interface is blocked. Possible values are to . The default value is . Authentication Select the authentication protocol for this Internet connection. Select the authentication specified by your provider.
15 WAN Funkwerk Enterprise Communications GmbH Field Description PPTP Address Mode Displays the address mode. The value cannot be changed. Possible values: • " " : The IP address of the Ethernet port selected in PPTP Interface will be used. Local PPTP IP Address Assign the PPTP interface an IP address that is used as the source address. The default value is & . Remote PPTP IP Address Enter the IP address of the PPTP partner.
15 WAN Funkwerk Enterprise Communications GmbH Fig. 109: WAN -> Internet + Dialup -> IP Pools -> Add The WAN -> Internet + Dialup -> IP Pools -> Add menu consists of the following fields: Fields in the Internet + Dialup IP Pools menu Field Description IP Pool Name Enter the name of the IP pool. IP Pool Range In the first field, enter the first IP address of the range. In the second field, enter the last IP address of the range. 15.
15 WAN Funkwerk Enterprise Communications GmbH 15.2.1.1 New Click o the New button to set up port forwarding for other interfaces. Fig. 110: WAN -> Real Time Jitter Control -> Controlled Interfaces -> New The WAN -> Real Time Jitter Control -> Controlled Interfaces -> New menu consists of the following fields: Fields in the Controlled Interfaces Basic Settings menu Field Description Interface Define for which interfaces voice transmission is to be optimised.
15 WAN Funkwerk Enterprise Communications GmbH Field Description the selected interface.
16 VPN Funkwerk Enterprise Communications GmbH Chapter 16 VPN A connection that uses the Internet as a "transport medium" but is not publicly accessible is referred to as a VPN (Virtual Private Network). Only authorised users have access to such a VPN, which is seemingly also referred to as a VPN tunnel. Normally the data transported over a VPN is encrypted. A VPN allows field staff or staff working from home offices to access data on the company's network.
16 VPN Funkwerk Enterprise Communications GmbH Fig. 111: VPN -> IPSec -> IPSec Peers Peer Monitoring The menu for monitoring a peer is called by selecting the button for the peer in the peer list. See Values in the list IPSec Tunnels on page 391. 16.1.1.1 New Choose the New button to set up more IPSec peers.
16 VPN Funkwerk Enterprise Communications GmbH Fig. 112: VPN -> IPSec -> IPSec Peers -> New The VPN -> IPSec -> IPSec Peers -> New menu consists of the following fields: Fields in the IPSec Peers Peer Parameters menu Field Description Administrative Status Select the status to which you wish to set the peer after saving the peer configuration. Possible values: • ,! (default value): The peer is available for setting up a tunnel immediately after saving the configuration.
16 VPN Funkwerk Enterprise Communications GmbH Field Description The maximum length of the entry is 255 characters. Peer Address Enter the official IP address of the peer or its resolvable host name. The entry can be omitted in certain configurations, whereby your device then cannot initiate an IPSec connection. Peer ID Select the ID type and enter the peer ID. This entry is not necessary in certain configurations. The maximum length of the entry is 255 characters.
16 VPN Funkwerk Enterprise Communications GmbH Field Description IP Assignment Pool Only if IP Address Assignment = 7 0 + $ ? / Select an IP pool configured in the VPN -> IP Pools menu. If an IP pool has not been configured here yet, the message 8 " - " appears in this field. Default Route Only for IP Address Assignment = " " Select whether the route to this IPSec peer is to be defined as the default route. The function is activated with 0 #2 .
16 VPN Funkwerk Enterprise Communications GmbH Field Description default in Phase-2 Profiles: 8 2 C. XAUTH Profile B 9 2" Select a profile created in VPN -> IPSec -> XAUTH profiles if you wish to use this IPSec peer XAuth for authentication. If XAuth is used together with IKE Config Mode, the transactions for XAuth are carried out before the transactions for IKE Config Mode. Number of Admitted Connections Choose how many users can connect using this peer profile.
16 VPN Funkwerk Enterprise Communications GmbH Field Description • ,! 9 ": Your device only responds to an ARP request if the status of the connection to the IPSec peer is ,! (active) or 9 ". In the case of 7 2 , your device only responds to the ARP request; the connection is not set up until someone actually wants to use the route. • ,! < 2-: Your device responds to an ARP request only if the status of the connection to the IPSec peer is ,! (active), i.e.
16 VPN Funkwerk Enterprise Communications GmbH Fig. 114: VPN -> IPSec ->Phase-1 Profiles -> New The VPN -> IPSec -> Phase-1 Profiles-> New menu consists of the following fields: Fields in the Phase-1 Profiles Phase-1 (IKE) Parameters menu Field Description Description Enter a description that uniquely defines the type of rule. Proposals In this field, you can select any combination of encryption and message hash algorithms for IKE phase 1 on your device.
16 VPN Funkwerk Enterprise Communications GmbH Field Description • (2 1: Blowfish is a very secure and fast algorithm. Twofish can be regarded as the successor to Blowfish. • + 4: CAST is also a very secure algorithm, marginally slower than Blowfish, but faster than 3DES. • 90 : DES is an older encryption algorithm, which is rated as weak due to its small effective length of 56 bits.
16 VPN Funkwerk Enterprise Communications GmbH Field Description DH Group The Diffie-Hellman group defines the parameter set used as the basis for the key calculation during phase 1. "MODP" as supported by bintec devices stands for "modular exponentiation". Possible values: • BE ( "C: During the Diffie-Hellman key calculation, modular exponentiation at 768 bits is used to create the encryption material.
16 VPN Funkwerk Enterprise Communications GmbH Field Description • 6 $ " : Phase 1 key calculations are authenticated using the RSA algorithm. • 6 0 -!" : In RSA encryption the ID payload is also encrypted for additional security. Local Certificate Only if Authentication Method = 9 $ " , 6 $ " or 6 0 -!" This field enables you to select one of your own certificates for authentication. It shows the index number of this certificate and the name under which it is saved.
16 VPN Funkwerk Enterprise Communications GmbH Field Description For Authentication Method = 9 $ " , 6 $ " or 6 0 -!" , the Use Subject Name from certificate option is shown. If you enable the Use Subjectname from Certificate option, the first alternative subject name indicated in the certificate is used, or, if none is specified, the subject name of the certificate is used.
16 VPN Funkwerk Enterprise Communications GmbH Field Description the mode supported by the remote terminal. • 9 : Your device sends and expects no heartbeat. Set this option if you use devices from other manufacturers. • = "# " B0;! " 2-C: Your device expects a heartbeat from the peer but does not send one itself. • = "# " B 2-C: Your device expects no heartbeat from the peer, but sends one itself.
16 VPN Funkwerk Enterprise Communications GmbH Field Description is used. The function is activated with 0 #2 . The function is enabled by default. CA Certificates Only if Authentication Method = 9 $ " , 6 $ " or 6 0 -!" If you enable the Trust the following CA certificates option, you can select up to three additional CA certificates that are accepted for this profile. This option can only be configured if certificates are loaded. 16.1.
16 VPN Funkwerk Enterprise Communications GmbH 16.1.3.1 New Choose the New button to set up new profiles. Fig. 116: VPN -> IPSec ->Phase-2 Profiles -> New The VPN -> IPSec -> Phase-2 Profiles-> New menu consists of the following fields: Fields in the Phase-2 Profiles Phase-2 (IPSEC) Parameters menu Field Description Description Enter a description that uniquely identifies the profile. The maximum length of the entry is 255 characters.
16 VPN Funkwerk Enterprise Communications GmbH Field Description fast key setup, low memory requirements, high level of security against attacks and general speed. Here, it is used with a key length of 128 bits. • 0 : Rijndael has been nominated as AES due to its fast key setup, low memory requirements, high level of security against attacks and general speed. Here, it is used with a key length of 192 bits.
16 VPN Funkwerk Enterprise Communications GmbH Field Description The field has the following options: • BE ( "C: During the Diffie-Hellman key calculation, modular exponentiation at 768 bits is used to create the encryption material. • B & ( "C (default value): During the Diffie-Hellman key calculation, modular exponentiation at 1024 bits is used to create the encryption material.
16 VPN Funkwerk Enterprise Communications GmbH Field Description The function is activated with 0 #2 . The function is disabled by default. Alive Check Select whether and how IPSec heartbeats are used. A bintec IPSec heartbeat is implemented to determine whether or not a Security Association (SA) is still valid. This function sends and receives signals every 5 seconds, depending on the configuration. If these signals are not received after 20 seconds, the SA is discarded as invalid.
16 VPN Funkwerk Enterprise Communications GmbH as a client: • As a server the gateway requires a proof of authorisation. • As a client the gateway provides proof of authorisation. In server mode multiple users can obtain authentication via XAuth, e.g. users of Apple iPhones. Authorisation is verified either on the basis of a list or via a Radius Server. If using a one time password (OTP), the password check can be carried out by a token server (e.g.
16 VPN Funkwerk Enterprise Communications GmbH Field Description Description Enter a description for this XAuth profile. Role Select the role of the gateway for XAuth authentication. Possible values: • / (default value): The gateway requires a proof of authorisation. • +2 ": The gateway provides proof of authorisation. Mode Only if Role = / Select how authentication is carried out. Possible values: • 6 97, (default value): Authentication is carried out via a Radius server.
16 VPN Funkwerk Enterprise Communications GmbH 16.1.5 IP Pools In the IP Pools menu a list of all IP pools for your configured IPSec connections is displayed. If have set IP Address Assignment 7 0 + $ ? / for an IPSec peer, you must define the IP pools from which the IP addresses are assigned. Use the Add button to set up new IP pools. Fig.
16 VPN Funkwerk Enterprise Communications GmbH 16.1.6 Options Fig. 119: VPN -> IPSec -> Options The VPN -> IPSec -> Options menu consists of the following fields: Fields in the Options Global Options menu Field Description Enable IPSec Select whether you want to activate IPSec. The function is activated with 0 #2 . The function is active as soon as an IPSec Peer is configured. Delete complete IPSec configuration If you click the icon, delete the complete IPSec configuration of your device.
16 VPN Funkwerk Enterprise Communications GmbH Field Description IPSec Debug Level Select the priority of the syslog messages of the IPSec subsystem to be recorded internally. Possible values: • 0 $ - (highest priority) • 2 " • + " 2 • 0 • $ • 8 " • 7 " • 9 # $ (default value, lowest priority) Syslog messages are only recorded internally if they have a higher or identical priority to that indicated, i.e. all messages generated are recorded at syslog level debug.
16 VPN Funkwerk Enterprise Communications GmbH Field Description The function is disabled by default. Use Zero Cookies Select whether zeroed ISAKMP Cookies are to be sent. These are equivalent to the SPI (Security Parameter Index) in IKE proposals; as they are redundant, they are normally set to the value of the negotiation currently in progress. Alternatively, your device can use zeroes for all values of the cookie. In this case choose 0 #2 . Zero Cookie Size Only if Use Zero Cookies = activated.
16 VPN Funkwerk Enterprise Communications GmbH Field Description The function is enabled by default. Deactivate this function if you do not wish to send the peer the certificates of all levels (from your level to the CA level). Send CRLs Select whether CRLs are to be sent during IKE (phase 1). The function is activated with 0 #2 . The function is disabled by default. Send Key Hash Payloads Select whether key hash payloads are to be sent during IKE (phase 1).
16 VPN Funkwerk Enterprise Communications GmbH Fig. 120: VPN -> L2TP -> Tunnel Profiles -> New The VPN -> L2TP -> Tunnel Profiles -> New menu consists of the following fields: Fields in the Tunnel Profiles Basic Parameters menu Field Description Description Enter a description for the current profile. The device automatically names the profiles . 4 and numbers them, but the value can be changed. Local Hostname Enter the host name for LNS or LAC.
16 VPN Funkwerk Enterprise Communications GmbH Field Remote Hostname Description Enter the host name of the LNS or LAC. • LAC: Defines the value for Local Host Name of the LNS (contained in the SCCRQs received from the LNS and the SCCRPs received from the LAC). The Local Hostname configured in the LAC must match the Remote Hostname configured for the intended profile in the LNS and vice versa. • LNS: Defines the Local Host Name of the LAC.
16 VPN Funkwerk Enterprise Communications GmbH Field Description UDP Destination Port Enter the destination port number to be used for all calls based on this profile. The remote LNS that receives the call must monitor this port on L2TP connections. Possible values are ... ' . The default value is E (RFC 2661).
16 VPN Funkwerk Enterprise Communications GmbH Field Description The available values are to , the default value is . Data Packets Sequence Select whether your device is to use sequence numbers for Numbers data packets sent through a tunnel on the basis of this profile. The function is not currently used. The function is activated with 0 #2 . The function is disabled by default. 16.2.2 Users In the VPN -> L2TP -> Users menu a list of all configured L2TP partners is shown. 16.2.2.
16 VPN Funkwerk Enterprise Communications GmbH Fig. 121: VPN -> L2TP -> Users -> New The VPN -> L2TP -> Users -> New menu consists of the following fields: Fields in the Users Basic Parameters menu Field Description Description Enter a name for uniquely identifying the L2TP partner. The first character in this field must not be a number and no special characters or umlauts must be used. The maximum length of the entry is 25 characters.
16 VPN Funkwerk Enterprise Communications GmbH Field Description Possible values: • .8 (default value): If you select this option, the L2TP partner is configured so that it accepts L2TP tunnels and restores the encapsulated PPP traffic flow. • . + : If you select this option, the L2TP partner is configured so that it encapsulates a PPP traffic flow in L2TP and sets up a L2TP tunnel to a remote LNS. Tunnel Profile Only for Connection Type = .
16 VPN Funkwerk Enterprise Communications GmbH Field Description Your device dynamically assigns an IP address to the remote terminal. • > " 7 : Only for Connection Type = . + Your device is dynamically assigned an IP address. Default Route Only if IP Address Mode = > " 7 and " " Select whether the route to this connection partner is to be defined as the default route. The function is activated with 0 #2 . The function is disabled by default.
16 VPN Funkwerk Enterprise Communications GmbH Field Description Block after connection failure for Enter the wait time in seconds before the device should try again after an attempt to set up a connection has failed. The default value is ' . Authentication Select the authentication protocol for this L2TP partner. Possible values: • 5+= 5? += (default value): Primarily run CHAP, on denial, the authentication protocol required by the PPTP partner. (MSCHAP version 1 or 2 possible.
16 VPN Funkwerk Enterprise Communications GmbH Field Description The function is activated with 0 #2 . The function is disabled by default. Prioritize TCP ACK Packets Select whether the TCP download is to be optimised in the event of intensive TCP upload. This function can be specially applied for asymmetrical bandwidths (ADSL). The function is activated with 0 #2 . The function is disabled by default.
16 VPN Funkwerk Enterprise Communications GmbH Field Description a connection already exists to the L2TP partner. DNS Negotiation Select whether your device receives IP addresses for Primary DNS Server, Secondary DNS Server, primary WINS and secondary WINS from the L2TP partner or sends these to the L2TP partner. The function is activated with 0 #2 . The function is enabled by default. 16.2.3 Options Fig.
16 VPN Funkwerk Enterprise Communications GmbH Field Description tion UDP destination port) as the local source port for the L2TP connection. The function is activated with ; . The function is disabled by default. 16.3 GRE Generic Routing Encapsulation (GRE) is a network protocol that encapsulates other protocols and transports them in the form of IP tunnels to the specified recipients. The specification of the GRE protocol is available in two versions: • GRE V.
16 VPN Funkwerk Enterprise Communications GmbH 16.3.1.1 New Choose the New button to set up new GRE tunnels. Fig. 123: VPN -> GRE -> GRE Tunnels The VPN -> GRE -> GRE Tunnels menu consists of the following fields: Fields in the GRE Tunnels Basic Parameters menu Field Description Description Enter a description for the GRE tunnel. Local GRE IP Address Enter the source IP address of the GRE packets to the GRE partner. If no IP address is given (this corresponds to IP address 0.0.0.
16 VPN Funkwerk Enterprise Communications GmbH Field Route Entries Description Define other routing entries for this connection partner. Add a new entry with Add. • 6 " 7 network. : IP address of the destination host or • 8 " : Netmask of Remote IP Address. If no entry is made, your device uses a default netmask. • ? " : The lower the value, the higher the priority of the route (possible values ... ). The default value is .
17 Firewall Funkwerk Enterprise Communications GmbH Chapter 17 Firewall The Stateful Inspection Firewall (SIF) provided for bintec gateways is a powerful security feature. The SIF with dynamic packet filtering has a decisive advantage over static packet filtering: The decision whether or not to send a packet cannot be made solely on the basis of source and destination addresses or ports but also using dynamic packet filtering based on the state of the connection to a partner.
Funkwerk Enterprise Communications GmbH 17 Firewall NAT One of the basic functions of NAT is the translation of the local IP addresses of your LAN into the global IP addresses you are assigned by your ISP and vice versa. All connections initiated externally are first blocked, i.e. every packet your device cannot assign to an existing connection is rejected. This means that a connection can only be set up from inside to outside. Without explicit permission, NAT rejects every access from the WAN to the LAN.
17 Firewall Funkwerk Enterprise Communications GmbH 17.1.1 Filter Rules The default behavior with Action = consists of two implicit filter rules: If an incoming packet can be assigned to an existing connection and if a suitable connection is expected (e.g. such as an affiliated connection of an existing connection), the packet is allowed. The sequence of filter rules in the list is relevant: The filter rules are applied to each packet in succession until a rule matches. If overlapping occurs, i.e.
17 Firewall Funkwerk Enterprise Communications GmbH 17.1.1.1 New Choose the New button to set up new parameters. Fig. 125: Firewall -> Policies -> Filter Rules -> New The Firewall -> Policies -> Filter Rules -> New menu consists of the following fields: Fields in the Policies Basic Parameters menu Field Description Source Select one of the preconfigured aliases for the source of the packet.
17 Firewall Funkwerk Enterprise Communications GmbH Field Description The value - means that neither the destination interface nor the destination address is checked. Service Select one of the preconfigured services to which the packet to be filtered must be assigned. The extensive range of services configured ex works includes the following: • 4 • 40.804 • ?4 • 98 • =44 • 884 • 7 " " • 8 " " $ Other services are set up in Firewall -> Services -> Service List.
17 Firewall Funkwerk Enterprise Communications GmbH Field Description If QoS is not activated for this policy, bear in mind that the data cannot be prioritised on the sender side either. A policy for which QoS has been enabled is also set for the firewall. Make sure therefore that data traffic that has not been expressly authorised if blocked by the firewall! Priority Only for Apply QoS = #2 Select the priority with which the data specified by the policy is handled on the send side.
17 Firewall Funkwerk Enterprise Communications GmbH Fig. 126: Firewall -> Policies -> QoS -> New The Firewall -> Policies -> QoS -> New menu consists of the following fields: Fields in the QoS Configure QoS Interface menu Field Description Interface Select the interface on which bandwidth management is to be carried out. Traffic Shaping Select whether you want to activate bandwidth management for the selected interface. The function is activated with 0 #2 . The function is disabled by default.
17 Firewall Funkwerk Enterprise Communications GmbH Field Description for the service specified under Services. is entered by default. • Fixed: Select whether the bandwidth defined in Bandwidth can be exceeded in the longer term. By activating this field, you specify that it cannot be exceeded. If the option is deactivated, the bandwidth can be exceeded and the excess data rate is handled in accordance with the priority defined in the firewall policy. The option is deactivated by default. 17.1.
17 Firewall Funkwerk Enterprise Communications GmbH Field Description Logged Actions Select the firewall syslog level. The messages are output together with messages from other subsystems. Possible values: • 22 (default value): All firewall activities are displayed. • 9 - : Only reject and deny events are shown, see "Action". • !" : Only accept events are shown. • 8 : Syslog messages are not generated.
17 Firewall Funkwerk Enterprise Communications GmbH 17.2 Interfaces 17.2.1 Groups In the Firewall -> Interfaces -> Groups menu, a list of all configured interface groups is shown. You can group together the interfaces of your device. This makes it easier to configure firewall rules. 17.2.1.1 New Choose the New button to set up new interface groups. Fig.
17 Firewall Funkwerk Enterprise Communications GmbH 17.3 Addresses 17.3.1 Address List In the Firewall -> Addresses -> Address List menu, a list of all configured addresses is shown. 17.3.1.1 New Choose the New button to set up new addresses. Fig.
17 Firewall Funkwerk Enterprise Communications GmbH Field Description • 6 $ : Enter an IP address range with a start and end address. Address / Subnet Only if Address Type = 5 # " Enter the IP address of the host or a network address and the related netmask. The default value is . Address Range Only if Address Type = 6 $ Enter the start and end IP address of the range. 17.3.
17 Firewall Funkwerk Enterprise Communications GmbH The Firewall -> Addresses -> Groups -> New menu consists of the following fields: Fields in the Groups Basic Parameters menu Field Description Description Enter the desired description of the address group. Selection Select the members of the group from the available Addresses. To do this, enable the field in the Selection column. 17.4 Services 17.4.
17 Firewall Funkwerk Enterprise Communications GmbH Field Description Description Enter an alias for the service you want to configure. Protocol Select the protocol on which the service is to be based. The most important protocols are available for selection. Destination Port Range Only if Protocol = 4+ , ,9 54+ or ,9 In the first field, enter the destination port via which the service is to run. If a port number range is specified, in the second field enter the last port of the port range.
17 Firewall Funkwerk Enterprise Communications GmbH Field Description • 0 1 • 4 0; • " #2 • 4 " ! • 4 " ! 6 !2- • 7 " 6 H " • 7 " 6 !2- Code • ? 6 H " • ? 6 !2- ICMP code options can only be selected if Type = 9 " , 1 #2 .
17 Firewall Funkwerk Enterprise Communications GmbH Fig. 132: Firewall -> Services ->Groups-> New The Firewall -> Services-> Groups -> New menu consists of the following fields: Fields in the Groups Basic Parameters menu Field Description Description Enter the desired description of the service group. Members Select the members of the group from the available service aliases. To do this, activate the field in the Members column.
18 Local Services Funkwerk Enterprise Communications GmbH Chapter 18 Local Services This menu offers services for the following application areas: • Name resolution (DNS) • Locating of dynamic IP addresses using a DynDNS provider • Configuration of gateway as a DHCP server (assignment of IP addresses) • Access restriction on the Internet (web filter) • Assignment of incoming and outgoing data and voice calls to authorised users (CAPI server) • Automation of tasks according to schedule (scheduling) • Alive
Funkwerk Enterprise Communications GmbH 18 Local Services For local applications, the IP address of your device or the general loopback address (127.0.0.1) can be entered as the global name server. Your device can also receive the global name servers dynamically and transfer them dynamically if necessary.
18 Local Services Funkwerk Enterprise Communications GmbH 18.1.1 Global Settings Fig. 133: Local Services -> DNS -> Global Settings The menu Local Services -> DNS -> Global Settings consists of the following fields: Fields in the Global Settings Basic Parameters menu Field Description Domain Name Enter the standard domain name of your device. DNS Server Configuration Select whether the addresses of the global name server on your device can be overwritten by transferred name server addresses.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description Secondary DNS server. WINS Server Enter the IP address of the first and, if necessary, alternative global Windows Internet Name Server (=WINS) or NetBIOS Name Server (=NBNS). Primary Secondary The Advanced Settings menu consists of the following fields: Fields in the menu Advanced Settings Field Description Positive Cache Select whether the positive dynamic cache is to be activated, i.e.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description The default value is & . Maximum TTL for Negative Cache Entries Enter the value set to which the TTL is to be set in the case of a negative dynamic entry in the cache. The default value is & . Fallback interface to get DNS server Only if DNS Server Configuration = 9- Select the interface to which a connection is set up for name server negotiation if other name resolution attempts were not successful.
18 Local Services Funkwerk Enterprise Communications GmbH 18.1.2 Static Hosts In the Local Services -> DNS -> Static Hosts menu, a list of all configured static hosts is shown. 18.1.2.1 New Choose the New button to set up new static hosts. Fig.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description Entries with spaces are not allowed. Response In this entry, select the type of response to DNS requests. Possible values: • 8 $ " / : A DNS request for Name is answered with a negative response. • " / (default value): A DNS request for Name is answered with the associated IP Address. • 8 : A DNS request is ignored; no answer is given. IP Address Only if Response = " / . Enter the IP address assigned to Name.
18 Local Services Funkwerk Enterprise Communications GmbH Fig. 135: Local Services -> DNS -> Domain Forwarding -> New The Local Services -> DNS -> Domain Forwarding -> New menu consists of the following fields: Fields in the Domain Forwarding Forwarding Parameters menu Field Description Forwarding Select whether a host or domain is to be forwarded. Possible values: • = " (default value) • 9 Host Only for Forward = = " Enter the name of the host to be forwarded.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description If a name is entered without a full stop, once you confirm with OK " . " " is added. Forward to Select the forwarding destination requests to the name defined in Host or Domain. Possible values: • 7 " (default setting) The request is forwarded to the defined Interface. • 98 / : The request is forwarded to the defined DNS server.
Funkwerk Enterprise Communications GmbH 18 Local Services Fig. 136: Local Services -> DNS -> Cache You can select individual entries using the checkbox in the corresponding line, or select them all using the Select All button. A dynamic entry can be converted to a static entry by marking the entry and confirming with Set to Static. This entry then disappears from the list and is included in the list in the Static Hosts menu. The TTL is transferred in this operation.
18 Local Services Funkwerk Enterprise Communications GmbH 18.1.5 Statistics Fig. 137: Local Services -> DNS -> Statistics In the menu Local Services -> DNS -> Statistics, the following statistical values are shown: Fields in the Statistics DNS Statistics menu 332 Field Description Received DNS Packets Shows the number of received DNS packets addressed direct to your device, including the response packets for forwarded requests.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description Server Failures Shows the number of requests that were not answered by any name server (either positively or negatively). 18.2 HTTPS You can operate the user interface of your device from any PC with an up-to-date Web browser via an HTTPS connection.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description HTTPS TCP Port Enter the port via which the HTTPS connection is to be established. Possible values are to ' . The default value is &&'. Local Certificate Select a certificate that you want to use for the HTTPS connection. Possible values: • 7 " 2 (default value): Select this option if you want to use the certificate built into the device.
18 Local Services Funkwerk Enterprise Communications GmbH 18.3.1 DynDNS Update In the Local Services -> DynDNS Client -> DynDNS Update menu, a list of all configured DynDNS registrations is shown that are to be updated. 18.3.1.1 New Choose the New button to set up further DynDNS registrations to be updated. Fig.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description Password Enter the password as registered with the DynDNS provider. Provider Select the DynDNS provider with which the above data is registered. A choice of DynDNS providers is already available in the unconfigured state and their protocols are supported. Other DynDNS providers can be configured in the Local Services -> DynDNS Client-> DynDNS Providers menu. The default value is 9- 98 .
18 Local Services Funkwerk Enterprise Communications GmbH 18.3.2.1 New Choose the New button to set up new DynDNS providers. Fig. 140: Local Services -> DynDNS Client -> DynDNS Provider -> New The Local Services -> DynDNS Client -> DynDNS Provider -> New menu consists of the following fields: Fields in the DynDNS Provider Basic Parameters menu Field Description Provider Name Enter a name for this entry.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description The default value is . Protocol Select one of the protocols implemented. Possible values: • 9- 98 (default value) • " " 9- 98 • <9 • =8 • 9M8 • > 97 =4?. • > 97 4+ • + " 9- 98 • dnsexit Update Interval Enter the minimum time (in seconds) that your device must wait before it is allowed to propagate its current IP address to the DynDNS provider again. The default value is ' seconds. 18.
18 Local Services Funkwerk Enterprise Communications GmbH 18.4.1 DHCP Pool To activate your device as a DHCP server, you must first define IP address pools from which the IP addresses are distributed to the requesting clients. In the Local Services -> DHCP Server -> DHCP Pool menu, a list of all configured IP address pools is shown. In the list, for each entry, you have the possibility under Pool of enabling or disabling the configured DHCP pools. 18.4.1.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description When a DHCP request is received over this Interface, one of the addresses from the address pool is assigned. IP Address Range Enter the first (first field) and last (second field) IP address of the IP address pool. Pool Usage Specify whether the IP pool is used for DHCP requests in the same subnet or for DHCP requests that have been forwarded to your device from another subnet.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description DHCP Options Specify which additional data is forwarded to the DHCP client. Possible values for Option: • 4 / (default value): Enter the IP address of the time server to be sent to the client. • 98 / : Enter the IP address of the DNS server to be sent to the client. • 98 9 8 : Enter the DNS domain to be sent to the client.
18 Local Services Funkwerk Enterprise Communications GmbH Fig. 142: Local Services -> DHCP Server -> IP/MAC Binding -> New The Local Services -> DHCP Server ->DHCP Binding -> New menu consists of the following fields: Fields in the IP/MAC Binding Basic Parameters menu Field Description Description Enter the name of the host to the MAC Address of which the IP Address is to be bound. A character string of up to 256 characters is possible.
18 Local Services Funkwerk Enterprise Communications GmbH Fig. 143: Local Services -> DHCP Server -> DHCP Relay Settings The Local Services -> DHCP Server -> DHCP Relay Settings menu consists of the following fields: Fields in the DHCP Relay Settings Basic Parameters menu Field Description Primary DHCP Server Enter the IP address of a server to which BootP or DHCP requests are to be forwarded. Secondary DHCP Server Enter the IP address of an alternative BootP or DHCP server. 18.
18 Local Services Funkwerk Enterprise Communications GmbH 18.5.1 Schedule In the Local Services -> Scheduling -> Time Schedule menu, a list of all scheduled tasks is shown. 18.5.1.1 New Choose the New button to set up new tasks. Fig.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description • 6 # " / (default value): Your device is rebooted. • " / " " : The interface defined in the Select Interface field is activated. • 9 " / " " : The interface defined in the Select Interface field is deactivated. • " / " . 8: The WLAN interface defined in the Select Interface field is activated. • 9 " / " . 8: The WLAN interface defined in the Select Interface field is deactivated. • 7 " " >=F .
18 Local Services Funkwerk Enterprise Communications GmbH Field Description Source = =44 / Enter the name of the HTTP server from which you wish to download a configuration file. TFTP Server Only if Select action = 4 $$ $ " # ! Enter the IP address of the TFTP server to which you wish to transfer a configuration file. TFTP File Name Only if Select action = 4 $$ $ " # ! Enter the name with which configuration file is to be transferred to the TFTP server.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description Possible values for Condition Settings with Condition Type = 9 - "1 "1: ... ' . Start Time Enter the time from which the initiator is to be activated. Activation is carried on the next scheduling interval. the default value of this interval is 55 seconds. Stop Time Not if Select Action = 6 # " / Enter the time from which the initiator is to be deactivated. Deactivation is carried on the next scheduling interval.
18 Local Services Funkwerk Enterprise Communications GmbH Fields in the Options Scheduling Options menu Field Description Schedule Interval Select whether the schedule interval is to be enabled for the interface. Enter the interval in seconds during which the system checks whether there are planned tasks. Possible values are to ' . The value ' is recommended (5 minute accuracy). Values lower than 60 are generally pointless and are an unnecessary use of system resources.
18 Local Services Funkwerk Enterprise Communications GmbH Fig. 146: Local Services -> Surveillance -> Hosts -> New The Local Services -> Surveillance -> Hosts -> New menu consists of the following fields: Fields in the Hosts Host Parameters menu Field Description Group ID Select an ID for the group of hosts whose availability is to be monitored by your device. The group IDs are automatically created from to . If an entry has not yet been created, a new group is created using the 8 79 option.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description uses as the source address of the packet sent to the host to be monitored. Possible values: • " " (default value): The IP address is determined automatically. • ! : Enter the IP address in the adjacent input field. Interval Enter the time interval (in seconds) to be used for checking the availability of hosts. Possible values are to ' . The default value is .
18 Local Services Funkwerk Enterprise Communications GmbH 18.6.2.1 Edit/New Choose the icon to edit existing entries. Choose the New button to set up monitoring for other interfaces. Fig. 147: Local Services -> Surveillance -> Interfaces -> New The Local Services -> Surveillance ->Interfaces -> New menu consists of the following fields: Fields in the Interfaces Basic Parameters menu Field Description Monitored Interface Select the interface on your device that is to be monitored.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description The action is applied to the Interface(s) selected in Interface. Possible values: • 0 #2 (default value): Activation of interface(s) • 9 #2 : Deactivation of interface(s) Interface Select the interface(s) for which the action defined in Interface Action is to be performed. All the physical and virtual interfaces and the options 22 7 " and 22 7 7 " can be selected. 18.6.
18 Local Services Funkwerk Enterprise Communications GmbH 18.6.3.1 New Click on the New button to configure new limits. Fig. 148: Local Services -> Surveillance -> Temperature -> New The Local Services -> Surveillance -> Temperature -> New menu consists of the following fields: Fields in the Temperature Basic Parameters menu Field Trigger Description Enter here the temperature limit value (min/max).
18 Local Services Funkwerk Enterprise Communications GmbH Field Description Interface Select the interface via which the action is to be carried out. Possible values: • 6 2 - (default value): The overstepping of the limit is coupled with the relay. • @7 " A: On overstepping the temperature limit, the selected interface is turned off. 18.6.4 Ping Generator In the Local Services -> Surveillance -> Ping Generator menu, a list is shown of all pings configured for automatic generation. 18.6.4.
18 Local Services Funkwerk Enterprise Communications GmbH Fields in the Ping Generator Basic Parameters menu Field Description Destination IP Address Enter the IP address to which the ping is automatically sent. Source IP Address Enter the source IP address of the outgoing ICMP echo request packets. Possible values: • " " : The IP address is determined automatically. • ! (default value): Enter the IP address in the adjacent input field e.g. to test a particular extended route.
18 Local Services Funkwerk Enterprise Communications GmbH the 22 option to query all interfaces. The current discovery status is displayed for each individual interface under Discovery Status. 8 means that discovery is not active. 9 / - is displayed when discovery is currently being carried out. This discovery function also enables your device to be discovered and configured by other access points with a discovery function. You configure this in the Options sub-menu. 18.7.1.
18 Local Services Funkwerk Enterprise Communications GmbH Fig. 151: Local Services -> Funkwerk Discovery -> Device Discovery -> The Local Services -> Funkwerk Discovery -> Device Discovery-> menu consists of the following fields: Fields in the Device Discovery Basic Parameters Field Description Interface The value of this field can only be read. Shows the interface of your device on which discovery is carried out. MAC Address The value of this field can only be read.
18 Local Services Funkwerk Enterprise Communications GmbH Field Description Authentication Password You must enter the administrator password for the access point, otherwise you cannot carry out the configuration operation. Last Write Result The value of this field can only be read. Displays the result of the last configuration operation. Possible values: • 8 0 : The access point reported a successful operation or a configuration change has not yet been made with OK.
18 Local Services Funkwerk Enterprise Communications GmbH 18.7.2 Options In this menu, you can grant permission for your device to be discovered by other bintec devices using the funkwerk Discovery protocol and to be configured by means of this. Fig.
18 Local Services Funkwerk Enterprise Communications GmbH The bintec HotSpot Solution consists of a bintec gateway installed onsite (with its own WLAN access point or additional connected WLAN device or wired LAN) and of the Hotspot server, centrally located at a computing centre. The operator account is administered on the server via an administration terminal (e.g., a hotel reception PC); this includes functions such as registration entry, generating tickets, statistical analysis, etc.
18 Local Services Funkwerk Enterprise Communications GmbH Note Activation may require 2-3 business days. Access data for gateway configuration RADIUS Server IP 62.245.165.
18 Local Services Funkwerk Enterprise Communications GmbH Fig. 153: Local Services -> Hotspot Gateway -> Hotspot Gateway -> You can use the Enabled option to enable or disable the corresponding entry. 18.8.1.1 Edit/New In the Local Services -> Hotspot Gateway -> Hotspot Gateway -> menu, you config- ure the Hotspot networks. Choose the New button to set up additional Hotspot networks.
18 Local Services Funkwerk Enterprise Communications GmbH Fig. 154: Local Services -> Hotspot Gateway -> Hotspot Gateway -> The Local Services -> Hotspot Gateway -> Hotspot Gateway -> menu consists of the following fields: Fields in the Hotspot Gateway Basic Parameters menu Field Interface Description Choose the interface to which the Hotspot LAN or WLAN is connected. When operating over LAN, enter the Ethernet interface here (e.g. en1-0).
18 Local Services Funkwerk Enterprise Communications GmbH Field Description Domain at the HotSpot Server Enter the domain name that you used when setting up the HotSpot server for this customer. The domain name is required so that the Hotspot server can distinguish between the different clients (customers). Walled Garden Enable this function if you want to define a limited and free area of websites (intranet). The function is not activated by default.
18 Local Services Funkwerk Enterprise Communications GmbH Fields in the menu Advanced Settings Field Ticket Type Description Select the ticket type. Possible values: • 3 1 : Only the user name must be entered. Define a default password in the input field. • , 5 (default value): User name and password must be entered. Allowed HotSpot Client Here you can define which type of users can log in to the Hotspot. Possible values: • 22: All clients are approved.
18 Local Services Funkwerk Enterprise Communications GmbH Fig. 155: Local Services -> Hotspot Gateway -> Options The Local Services -> Hotspot Gateway -> Options menu consists of the following fields: Fields in the Options Basic Parameters menu 366 Field Description Host for multiple locations If several locations (branches) are set up on the Hotspot server, enter the value of the NAS identifier (RADIUS server parameter) that has been registered for this location on the Hotspot server.
Funkwerk Enterprise Communications GmbH 19 Maintenance Chapter 19 Maintenance This menu provides you with numerous functions for maintaining your device. It firstly provides a menu for testing availability within the network. You can manage your system configuration files. If more recent system software is available, you can use this menu to install it. If you need other languages for the configuration interface, you can import these. You can also trigger a system reboot in this menu. 19.
19 Maintenance Funkwerk Enterprise Communications GmbH 19.1.2 DNS Test Fig. 157: Maintenance -> Diagnostics -> DNS Test The DNS test is used to check whether the domain name of a particular host is correctly resolved. The Output field shows the DNS test messages. The DNS test is started by entering the domain name to be tested in DNS Address and clicking on the Go button. 19.1.3 Traceroute Test Fig.
Funkwerk Enterprise Communications GmbH 19 Maintenance You use the traceroute test to display the route to a particular address (IP address or domain name), if this can be reached. The Output field shows the traceroute test messages. The traceroute test is started by entering the address to be tested in Traceroute Address and clicking on the Go button. 19.2 Software & Configuration 19.2.
19 Maintenance Funkwerk Enterprise Communications GmbH stored in the working memory (RAM). The contents of the RAM are lost if the device is switched off. So if you modify your configuration and want to keep these changes for the next time you start your device, you must save the modified configuration in the flash memory before switching off: Save Configuration button in the Funkwerk Configuration Interface navigation area. This configuration is then saved in the flash in a file with the name # ".
19 Maintenance Funkwerk Enterprise Communications GmbH Fig. 159: Maintenance -> Software & Configuration -> Options The Maintenance -> Software & Configuration -> Options menu consists of the following fields: Fields in the Options Current Installed Software menu Field Description BOSS Shows the current software version loaded on your device. System Logic SHDSL Logic ADSL Logic Shows the current system logic loaded on your device. Shows the current version of the SHDSL logic loaded on your device.
19 Maintenance Funkwerk Enterprise Communications GmbH Field Description • 7 ! " $ " : Under Filename select a configuration file you want to import. Note: Click Go to load the file under the name # " in the flash memory for the device. You must restart the device to enable it. Note: The files to be imported must be in CSV format! • 7 ! " 2 $ $ : You can import other language versions of the Funkwerk Configuration Interface into your device.
19 Maintenance Funkwerk Enterprise Communications GmbH Field Description field. Filename Source Location Only for Action = 7 ! " $ " , 7 ! " 2 $ $ , ,! " - " " . Enter the path and name of the file or select the file with Browse... via the explorer/finder. Only for Action = ,! " - " " Select the source for the update. Possible values: • . 2 2 (default value): The system software file is stored locally on your PC.
19 Maintenance Funkwerk Enterprise Communications GmbH Field Description tion file. 19.3 Reboot 19.3.1 System Reboot In this menu, you can trigger an immediate reboot of your device. Once your system has restarted, you must call the Funkwerk Configuration Interface again and log in. Pay attention to the LEDs on your device. For information on the meaning of the LEDs, see the Technical Data chapter of the manual.
Funkwerk Enterprise Communications GmbH 20 External Reporting Chapter 20 External Reporting In this system menu, you define what system protocol messages are saved on which computers, and whether the system administrator should receive an e-mail for certain events. Information on IP data traffic can also be saved--depending on the individual interfaces. In addition, SNMP traps can be sent to specific hosts in case of error. Moreover, you can prepare your device for monitoring with the activity monitor.
20 External Reporting Funkwerk Enterprise Communications GmbH In the External Reporting -> Syslog -> Syslog Servers menu, a list of all configured system log servers is shown. 20.1.1.1 New Choose the New button to set up new syslog servers. Fig.
20 External Reporting Funkwerk Enterprise Communications GmbH Field Description • $ • 8 " • 7 " (default value) • 9 # $ (lowest priority) Syslog messages are only sent to the host if they have a higher or identical priority to that indicated, i.e. all messages generated are recorded at syslog level 9 # $. Facility Enter the syslog facility on the host. This is only required if the Log Host is a Unix computer. Possible values: 2 2 E . The default value is 2 2 .
20 External Reporting Funkwerk Enterprise Communications GmbH 20.2 IP Accounting In modern networks, information about the type and number of data packets sent and received over the network connections is often collected for commercial reasons. This information is extremely important for Internet Service Providers that bill their customers by data volume. However, there are also non-commercial reasons for detailed network accounting.
20 External Reporting Funkwerk Enterprise Communications GmbH 20.2.2 Options In this menu, you configure general settings for IP Accounting. Fig. 163: External Reporting -> IP Accounting -> Options In the External Reporting -> IP Accounting -> Options menu you can set the Log Format of the IP accounting messages. The messages can contain character strings in any order, sequences separated by a slash, e.g. N" or N or defined tags.
20 External Reporting Funkwerk Enterprise Communications GmbH Field Description %p Packets sent %o Octets sent %P Packets received %O Octets received %s Serial Number for accounting message %% % By default, the following format instructions are entered in the Log Format field. 7804% O O"O O O %O 5O A O7%O65O O!O O O<)O * 20.3 E-mail Alert Depending on the configuration, E-mails are sent to the administrator as soon as relevant syslog messages occur. 20.3.
20 External Reporting Funkwerk Enterprise Communications GmbH Field Description Alert Service Enable or disable the function. Sender E-Mail Address Enter the mail address to be entered in the sender field of the Email. Maximum Messages per Limit the number of outgoing mails per minute. Possible values Minute are to , the default value is .
20 External Reporting Funkwerk Enterprise Communications GmbH Field Description The default value is seconds. 20.3.2 E-mail Alert Recipient In the E-mail Alert Recipient menu, a list of syslog messages is displayed. 20.3.2.1 New Choose the New button to create new e-mail alert receivers. Fig.
20 External Reporting Funkwerk Enterprise Communications GmbH Field Description entered therefore usually contains wildcards. To be informed of all syslog messages of the selected level, just enter "*". Severity Select the severity at which the string configured in the Matching String field must occur to trigger an E-mail alert.
20 External Reporting Funkwerk Enterprise Communications GmbH Every SNMP management system contains an MIB. SNMP can be used to configure, control and administrate various network components from one system. Such an SNMP tool is included on your device: the Configuration Manager. As SNMP is a standard protocol, you can use any other SNMP managers, e.g. HPOpenView. For more information on the SNMP versions, see the relevant RFCs and drafts: • SNMP V. 1: RFC 1157 • SNMP V. 2c: RFC 1901 - 1908 • SNMP V.
20 External Reporting Funkwerk Enterprise Communications GmbH Field Description SNMP Trap Broadcasting Select whether the transfer of SNMP traps is to be activated. Your device then sends SNMP traps to the LAN's broadcast address. The function is activated by choosing 0 #2 . The function is disabled by default. SNMP Trap UDP Port Only if SNMP Trap Broadcasting is enabled. Enter the number of the UDP port to which your device is to send SNMP traps. Any whole number is possible.
20 External Reporting Funkwerk Enterprise Communications GmbH Fig. 167: External Reporting -> SNMP -> SNMP Trap Hosts -> New The External Reporting -> SNMP -> SNMP Trap Hosts-> New menu consists of the following fields: Fields in the SNMP Trap Hosts Basic Parameters menu Field Description IP Address Enter the IP address of the SNMP trap host. 20.5 Activity Monitor This menu contains the settings needed to monitor your device with the Windows tool Activity Monitor (part of BRICKware for Windows).
20 External Reporting Funkwerk Enterprise Communications GmbH IP address. One packet is sent per time interval, which can be adjusted individually to values from 1 - 60 seconds. Up to 100 physical and virtual interfaces can be monitored, provided the packet size of 4096 bytes is not exceeded. The Activity Monitor on your PC receives the packets and can display the information contained in them in various ways according to the configuration.
20 External Reporting Funkwerk Enterprise Communications GmbH Field Description • 8 (default value): Deactivates the sending of information to the Activity Monitor. • 1- 2: Only information about the physical interfaces is sent. • 1- 25 853 8: Information about physical and virtual interfaces is sent Send information to Select where your device sends the UDP packets.
Funkwerk Enterprise Communications GmbH 21 Monitoring Chapter 21 Monitoring This menu contains information that enable you to locate problems in your network and monitor activities, e.g. at your device's WAN interface. 21.1 Internal Log 21.1.1 System Messages In the Monitoring -> Internal Log -> System Messages menu, a list of all internally stored system messages is shown.
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description No. Displays the serial number of the system message. Date Displays the date of the record. Time Displays the time of the record. Level Displays the hierarchy level of the message. Subsystem Displays which subsystem of the device generated the message. Message Displays the message text. 21.2 IPSec 21.2.1 IPSec Tunnels In the Monitoring -> IPSec -> IPSec Tunnel menu, a list of all configured IPSec peers is shown. Fig.
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description Remote IP Address Displays the IP address of the remote IPSec Peers. Remote Networks Displays the currently negotiated subnets of the remote terminal. Security Algorithm Displays the encryption algorithm of the IPSec tunnel. Status Displays the operating status of the IPSec tunnel. Action Enables you to change the status of the IPSec tunnel as displayed. Details Opens a detailed statistics window.
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description Remote ID Shows the ID of the peer. Negotiation Type Shows the exchange type. Authentication Method Shows the authentication method. MTU Shows the current MTU (Maximum Transfer Unit). Alive Check Shows the method for checking that the peer is reachable. NAT Detection Displays the NAT detection method. Local Port Shows the local port. Remote Port Shows the remote port.
21 Monitoring Funkwerk Enterprise Communications GmbH Fig. 172: Monitoring -> IPSec -> IPSec Statistics The Monitoring -> IPSec -> IPSec Statistics menu consists of the following fields: Field in the IPSec Statistics Licenses menu Field Description IPSec Tunnels Shows the IPSec licenses currently in use (In use) and the maximum number of licenses usable (Maximum). Field in the IPSec Statistics Peers menu Field Description Status Displays the number of IPSec tunnels by their current status.
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description the total number of phase-2 SAs (Total). Field in the IPSec Statistics Packet Statistics menu Field Description Total Shows the number of all processed incoming (Incoming) or outgoing (Outgoing) packets. Passed Shows the number of incoming (Incoming) or outgoing (Outgoing) packets forwarded in plain text. Dropped Shows the number of rejected incoming (Incoming) or outgoing (Outgoing) packets.
21 Monitoring Funkwerk Enterprise Communications GmbH Fig. 173: Monitoring -> Interfaces -> Statistics You change the state of the interface by pressing the column. Press the button or button in the Action button to display the statistical data for the individual interfaces in de- tail. Values in the list Statistics Field Description No. Shows the serial number of the interface. Description Displays the name of the interface. Type Displays the interface text.
21 Monitoring Funkwerk Enterprise Communications GmbH 21.4 WLAN 21.4.1 WLAN1 In the Monitoring -> WLAN -> WLAN1 menu, the current values and activities of the first interface are shown. Fig. 174: Monitoring -> WLAN -> WLAN1 Values in the list WLAN1 396 Field Description mbps Displays the possible data rates on this wireless module. Tx Packets Shows the total number of packets sent for the data rate shown in mbps.
21 Monitoring Funkwerk Enterprise Communications GmbH You can choose the Advanced button to go to an overview of more details. Fig. 175: Monitoring -> WLAN -> WLAN1 -> Advanced menu Values in the list Advanced Field Description # Displays the serial number of the list entry. Description Displays the description of the displayed value. Value Displays the statistical value.
21 Monitoring Funkwerk Enterprise Communications GmbH Description Meaning be transmitted Frame transmissions without ACK received Displays the number of sent frames which which an acknowledgement frame was not received. Duplicate received MSDUs Displays the number of MSDUs received in duplicate. CTS frames received in response to an RTS Displays the number of received CTS (clear to send) frames that were received as a response to RTS (request to send).
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description MAC Address Shows the MAC address of the associated client. IP Address Shows the IP Address of the client. Up Time Shows the time in hours, minutes and seconds for which the client is logged in. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. Signal dBm Shows the received signal strength in dBm. Noise dBm Shows the received noise strength in dBm.
21 Monitoring Funkwerk Enterprise Communications GmbH Fig. 177: Monitoring -> WLAN -> VSS -> -> Values in the VSS list Field Description Client MAC Address Shows the MAC Address of the associated client. IP Address Shows the IP address of the client. Up Time Shows the time in hours, minutes and seconds for which the client is logged in. Signal dBm Shows the received signal strength in dBm. Noise dBm Shows the received noise strength in dBm.
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description • 15 – 25 dB good • 2 – 15 dB borderline • 0 – 2 dB bad. Data Rate mbps Shows the current transmission rate of data received by this client in mbps. The following clock rates are possible: IEEE 802.11b: 11, 5.5, 2 and 1 mbit; IEEE 802.11g/a: 54,48,36,24,18,12,9,6 mbit. If the 5 GHz frequency band is used, the display of 11, 5.5, 2 and 1 mbit is suppressed for IEEE 802.11b.
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description WDS Description Shows the name of the WDS link. Remote MAC Shows the MAC address of the WDS link partner. Up Time Shows the time in hours, minutes and seconds for which the WDS link is active. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. Signal dBm Shows the received signal strength in dBm. Noise dBm Shows the received noise strength in dBm.
21 Monitoring Funkwerk Enterprise Communications GmbH Fig. 179: Monitoring -> WLAN -> WDS-> Values in the WDS list Field Description WDS Description Shows the name of the WDS link. Remote MAC Shows the MAC address of the WDS link partner. Up Time Shows the time in hours, minutes and seconds for which the WDS link is active. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. Signal dBm Shows the received signal strength in dBm.
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description for Tx Packets and Rx Packets. 21.4.4 Bridge Links In the Monitoring -> WLAN -> Bridge Links menu, the current values and activities of the bridge links are shown. Fig. 180: Monitoring -> WLAN -> Bridge Links Values in the list Bridge Links 404 Field Description Bridge Link Description Shows the name of the bridge link. Remote MAC Shows the MAC address of the bridge link partner.
21 Monitoring Funkwerk Enterprise Communications GmbH If required, the Test link can be used to start a link test. The link test provides all the data necessary for checking the quality of the bridge link. The link test also helps you to align the antennas. This option is only displayed if the link state is 0 #2 . Bridge link details You can use the icon to open an overview of further details of the bridge links. Fig.
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description bridge link in question is active. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. Signal dBm Shows the received signal strength in dBm. Noise dBm Shows the received noise strength in dBm. Data Rate mbps Shows the current clock rate of data received on this bridge link in mbps.
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description ent link in question is active. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. Signal dBm Shows the received signal strength in dBm. Noise dBm Shows the received noise strength in dBm. Data Rate mbps Shows the current transmission rate of data received on this client link in mbps.
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description AP MAC Address Shows the MAC address of the client link partner. Up Time Shows the time in hours, minutes and seconds for which the client link in question is active. Signal dBm Shows the received signal strength in dBm. Noise dBm Shows the received noise strength in dBm. SNR dB Shows the signal quality in dB. Data Rate mbps Shows the current transmission rate of data received on this client link in mbps.
21 Monitoring Funkwerk Enterprise Communications GmbH Field Description MAC Address Shows the MAC addresses of the associated bridge. Port Shows the port on which the bridge is active. 21.5.2 sta In the Monitoring -> Bridges -> sta menu, the current values of the bridges to the configured WLAN clients are shown. Fig. 185: Monitoring -> Bridge Values in the sta list Field Description Current Wildcard MAC Address Shows the current configured wildcard MAC address.
21 Monitoring Funkwerk Enterprise Communications GmbH 21.6 Hotspot Gateway 21.6.1 Hotspot Gateway In the Monitoring -> Hotspot Gateway -> Hotspot Gateway menu, a list of all connected hosts is shown. Fig. 186: Monitoring -> Hotspot Gateway -> Hotspot Gateway Values in the list Hotspot Gateway Field Description User Name Displays the user's name. IP Address Shows the IP address of the user. Physical Address 410 Shows the physical address of the user. Logon Shows the login time.
21 Monitoring Funkwerk Enterprise Communications GmbH 21.7 QoS In the Monitoring -> QoS menu, statistics are displayed for all interfaces for which QoS has been configured. 21.7.1 QoS In the Monitoring -> QoS -> QoS menu, a list of all interfaces is shown for which QoS has been configured. Fig. 187: Monitoring -> QoS -> QoS Values in the QoS list Field Description Interface Shows the interface for which QoS has been configured.
Index Funkwerk Enterprise Communications GmbH Index 193 # # 91 , 390 , 397 #1, #2, #3 119 A ACCESS_ACCEPT 102 ACCESS_REJECT 102 ACCESS_REQUEST 102 ACCOUNTING_START 102 ACCOUNTING_STOP 102 ACL Mode 161 , 203 Action 168 , 168 , 176 , 176 , 207 , 309 , 353 , 371 , 390 , 395 Active IPSec Tunnels 76 Active Radio Profile 190 Active Sessions (SIF, RTP, etc...
Index Funkwerk Enterprise Communications GmbH Client Mode 144 Code 318 Common Name 117 Compression 97 Configuration Encryption 371 Configuration Interface 91 Configured Speed / Mode 125 Confirm Admin Password 81 Connected 168 , 176 Connection Idle Timeout 255 , 260 , 297 Connection State 242 Connection Type 297 Consider 232 Contact 79 Control Mode 247 , 266 Controlled Interfaces 349 Corrupt Frames Received 397 COS filter (802.
Index Funkwerk Enterprise Communications GmbH Duplicate received MSDUs 397 Dynamic RADIUS Authentication 290 E E-mail 117 EAP Preauthentification 159 , 201 ED Threshold 196 Enable Discovery Server 359 Enable IPSec 289 Enable update 335 Enable VLAN 140 Encrypted 394 Encryption 109 , 299 Encryption Algorithms 98 Entry active 103 , 108 Errors 391 , 394 Extended Route 211 External Filename 120 , 121 F Facility 376 Fallback interface to get DNS server 325 File Encoding 120 , 121 Filename 371 Filter 245 Filter
Index Funkwerk Enterprise Communications GmbH IP Address Mode 257 , 261 , 298 IP Address Range 185 , 339 IP address to use for DNS/WINS server assignment 325 IP Address/Netmask 133 IP Assignment Pool 271 IP Assignment Pool (IPCP) 298 IP Compression 284 IP Pool Name 265 , 288 IP Pool Range 265 , 288 IPSec (Phase2) 393 IPSec (Phase2) SAs 391 IPSec Debug Level 289 IPSec Tunnels 393 K Key Value 304 L Language for login window 363 Last Member Query Interval 237 Last Write Result 357 Layer 4 Protocol 212 LCP
Index Funkwerk Enterprise Communications GmbH Memory Usage 76 Message 389 Message Compression 382 Message Timeout 382 Messages 391 Metric 211 Metric Offset for Active Interfaces 227 Metric Offset for Inactive Interfaces 227 Min. queue size 252 Min. Time Period for Active Scan 152 Min.
Index Funkwerk Enterprise Communications GmbH Port Number 129 Portforwardings 217 Positive Cache 325 PPPoE Ethernet Interface 255 PPPoE Interfaces for Multilink 255 PPPoE Mode 255 PPTP Address Mode 262 PPTP Inactivity 314 PPTP Interface 260 PPTP Passthrough 217 Preshared Key 159 , 163 , 166 , 175 , 201 , 270 Primary 324 , 324 Primary DHCP Server 343 Priorisation algorithm 247 Priorisation queue 250 Prioritize TCP ACK Packets 258 , 262 , 299 Priority 103 , 108 , 250 , 309 Privacy 163 , 175 Propagate PMTU 2
Index Funkwerk Enterprise Communications GmbH RTT Mode (Realtime Traffic Mode) 250 Rx Bytes 395 Rx Errors 395 Rx Packets 395 , 396 , 398 , 400 , 401 , 403 , 404 , 405 , 406 S Scan channels 152 Scan Interval 152 Scan Threshold 152 SCEP URL 115 Schedule Interval 348 Second Timeserver 84 Secondary 324 , 324 Secondary DHCP Server 343 Security Algorithm 390 Security Mode 159 , 166 , 201 Select action 344 Select file 371 Select interface 344 Select radio 344 Selected Channel 144 Selection 318 Send 411 Send Cert
Index Funkwerk Enterprise Communications GmbH System Admin Password System Date 76 System Logic 371 System Name 79 81 T TACACS+ Secret 108 TCP Inactivity 314 TCP Keepalives 97 TCP Port 109 TCP-MSS Clamping 135 Telnet 95 Temperature 76 Terms & Conditions 363 TFTP File Name 344 TFTP Server 344 Third Timeserver 84 Ticket Type 365 Time 389 Time Condition 346 Time Update Interval 84 Time Update Policy 84 Time Zone 84 Timeout 109 , 129 Timestamp 376 Total 394 Traceroute Test 368 Traffic shaping 247 , 250 , 31
Index Funkwerk Enterprise Communications GmbH W Walled Garden 363 Walled Garden URL 363 Walled Network / Netmask 363 WDS Description 163 , 401 , 403 Weight 250 WEP Key 1 - 4 163 WEP Key 1-4 159 , 166 , 201 Wildcard 336 Wildcard MAC Address 93 Wildcard Mode 93 Wireless Mode 148 , 195 WMM 158 , 200 WPA Cipher 159 , 166 , 201 WPA Mode 159 , 166 , 201 WPA2 Cipher 159 , 166 , 201 X XAUTH Profile 272 Z Zero Cookie Size 420 290 bintec WLAN and Industrial WLAN
