Home

IP Addressing

Contents

1. P RG F4202N Fiber Optic Integrated Access Device Copyright 2010 Pirelli Broadband Solutions S p A All rights reserved This document contains Pirelli proprietary and confidential information No part of this document may be copied reprinted or reproduced in any material form or elec tronically whether wholly or in part and no information contained herein may be used or disclosed to third parties unless under a previous written agreement with Pirelli Broadband Solutions S p A setting forth relevant terms and conditions Trademarks All terms used in this document that are known to be trademarks or service marks have been noted as such Pirelli can not attest to the accuracy of this information Other product and corporate names used in this document that may be trademarks or service marks of other companies are used only for explanation and to the owner s benefit without intent to infringe Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark This publication is subject to change without notice Pirelli reserves the right to make changes to equipment design and system components as well as system documentation and literature as progress in engineering manufacturing methods or other circumstances may warrant This publication is intended solely for informational and instructional purposes Refer to the above as to its possible uses It constitutes neither a contract with the
2. 48 HBK 939800036 A 1 Security Section P RG F4202N to the Router s external IP address the gateway will forward the incoming HTTP request to your Web server With one external IP address Router s main IP address different applications can be assigned to your LAN computers however each type of application is limited to use one computer For example you can define that FTP will use ad dress X to reach computer A and Telnet will also use address X to reach com puter A but attempting to define FTP to use address X to reach both computer A and B will fail The Router therefore provides the ability to add additional pub lic IP addresses to port forwarding rules which you must first obtain from your ISP and enter into the NAT IP Addresses Pool You will then be able to define FTP to use address X to reach computer A and address Y to reach computer B Additionally port forwarding enables you to redirect traffic to a different port in stead of the one to which it was designated Lets say that you have a Web server running on your PC on port 8080 and you want to grant access to this server to anyone who accesses the Router via HTTP To accomplish this do the following e Define a port forwarding rule for the HTTP service with the PC s IP or host name e Specify 8080 in the Forward to Port field All incoming HTTP traffic will now be forwarded to the PC running the Web server on port 8080 When setting a port f
3. Speed Dial A shortcut number which you will dial to call this party Destination The entry s destination in this case a proxy server User ID Specify the remote party s user ID 4 Click OK to save the settings 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Voice over IP Section HBK 939800036 A1 59 P RG F4202N Speed Dial via Local Line To add a new local line speed dial entry 1 Click the New Entry link on the Speed Dial tab and select the Local Line option from the combo box 2 Enter the following parameters Speed Dial A shortcut number which you will dial to call this party Destination The entry s destination in this case a local line Line A combo box will display your pre defined local lines Select the des tination line 3 Click OK to save the settings Speed Dial via Direct Call To add a new direct call speed dial entry 1 Click the New Entry link on the Speed Dial tab and select the Direct Call option from the combo box 2 Enter the following parameters Speed Dial A shortcut number which you will dial to call this party Destination The entry s destination in this case a direct call User ID Specify the remote party s user ID IP Address or Host Name Specify the remote party s IP Address or host name 3 Click OK to save the settings MONITORING It is possible to access to the line m
4. ADVANCED Internet Connection Firewall Your gateway s firewall helps protect your com puter by preventing unauthorized users from gaining access to it through a net work such as the Internet The firewall can be activated per network connection To enable the firewall on this network connection select the Enabled check box 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Network Connections Section HBK 939800036 A1 35 P RG F4202N FIGURE 9 LAN Ethernet gt gt Advanced Panel AN LAN Ethernet Properties General Settings Advanced Internet Connection Firewall Enabled Internet Connection Fastpath Enabled Additional IP Addresses IP Address Subnet Mask Action New IP Address qF LAN WIRELESS 802 11N ACCESS POINT LAN WIRELESS 802 11N ACCESS POINT gt gt GENERAL Additional IP Addresses You can add alias names additional IP addresses to the gateway by clicking the New IP Address link This enables you to access the gateway using these aliases in addition to the 192 168 1 1 P RG F4202N integrates multiple layers of wireless security These include the IEEE 802 1x port based authentication protocol RADIUS client EAP MD5 EAP TLS EAP TTLS EAP PEAP Wi Fi Protected Access WPA WPA2 WPA and WPA2 mixed mode and industry leading Discus Firewall and VPN applications In addition the Router s built in authentication server
5. stands for registered jack Router A device that acts as a central hub by connecting to each computer s network interface card and managing the data traffic between the local network and the Internet Server A computer in a network that is shared by multiple end stations Servers provide end stations with access to shared network services such as computer files and printer queues SSID Service Set Identifier Some vendors of wireless products use SSID interchangeably with ESSID Subnet Address An extension of the IP addressing scheme that allows a site to use a single IP network address for multiple physical networks Subnet mask A subnet mask which may be a part of the TCP IP information provided by your ISP is a set of four numbers configured like an IP address It is used to create IP address numbers used only within a particular network as opposed to valid IP address numbers recognized by the Internet which must assigned by InterNIC Subnets A network that is a component of a larger network Switch A device that interconnects several LANs to form a single logical LAN that comprises of several LAN seg ments Switches are similar to bridges in that they connect LANs of a different type however they connect more LANs than a bridge and are generally more sophisticated TCP IP Transmission Control Protocol Internet Protocol This is the name for two of the most well known protocols developed for the interc
6. 2 Connect the other end of the Ethernet cable into the Ethernet Network card of your computer 3 Verify if the Ethernet Network card is configured as DHCP client otherwise configure it to remain in the same local network of the router interface see chapter Setting Up Your Computer 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 10 HBK 939800036 A1 Hardware Installation B ROA Db amp Ss Ll TI P RG F4202N FIGURE 1 Ethernet Cable Connection FIBER Socket Computer FIBER Cable Ethernet Cable In the case your provider will supply to you a SIP account it will be needed to properly connect the FXS In detail you must connect a maximum of two analog phones to the Phone or Phone 2 ports of the Router FXS connection FIGURE 2 FXS connections FIBER Socket FIBER Cable J Sop ogs 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Hardware Installation HBK 939800036 A1 Setting Up Your Computer ETHERNET CONNECTION ETHERNET CONNECTION gt gt TCP IP PROTOCOL INSTALLATION The Router has the ability to dynamically allocate network addresses to the computers on your network using DHCP However your computers n
7. BROADBAND SOLUTIONS P RG F4202N FIGURE 4 LAN Bridge gt gt Routing Panel LAN Bridge Properties Advanced uh Routing Mode Route Device Metric 4 E Default Route Multicast IGMP Proxy Internal IGMP Query Version IGMPv3 E Routing Information Protocol RIP Routing Table Name Destination Gateway Netmask Metric Status Action New Route OK Apply Cancel Routing Mode Select one of the following routing modes e Route Use route mode if you want your gateway to function as a router be tween two networks e NAPT Network Address and Port Translation NAPT refers to network ad dress translation involving the mapping of port numbers allowing multiple machines to share a single IP address Use NAPT if your LAN encompasses multiple devices a topology that necessitates port translation in addition to address translation Device Metric The device metric is a value used by the gateway to determine whether one route is superior to another considering parameters such as bandwidth delay and more Default Route Select this check box to define this device as a the default route Multicast IGMP Proxy Internal IGMP proxy enables the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP interfaces IGMP proxy enables the routing of multicast packets according to the IGMP requests of LAN devices asking to join multicast groups Select the M
8. Cable Disconnected Xy LAN Ethernet 2 Disabled Cable Disconnected key LAN Ethernet 3 Disabled Cable Disconnected D LAN Ethernet 4 Disabled Connected Ia LAN Ethernet 5 Disabled Connected C 3 LAN Ethernet 6 Connected S LAN Wireless 802 11n Access Point Disabled Connected C h Video amp vVoice ETHOA Down CI g Mgmt ETHoA Down Name WLANs Status a OOKO K E K e e s Ta YrY rn irl A ir ier g Bridge Filter Source MAC Filter Destination Bridge New Entry 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 32 HBK 939800036 A1 Network Connections Section P RG F4202N Select the STP check box to enable the Spanning Tree Protocol on the device You should use this to ensure that there are no loops in your network configura tion and apply these settings in case your network consists of multiple switches or other bridges apart from those created by the gateway LAN BRIDGE gt gt ADVANCED Internet Connection Firewall Your gateway s firewall helps protect your com puter by preventing unauthorized users from gaining access to it through a net work such as the Internet The firewall can be activated per network connection To enable the firewall on this network connection select the Enabled check box FIGURE 6 LAN Bridge gt gt Advanced Panel LAN Bridge Properties General Settings Routing Bridgin
9. GENERAL The General tab provides a Quality of Service wizard with which you can configure your QoS parameters according to predefined profiles with just a few clicks A chosen QoS profile will automatically define QoS rules which you can view and edit in the rest of the QoS tab screens WAN Devices Bandwidth Rx Tx Before selecting the QoS profile that mostly suits your needs select your bandwidth from this combo box If you do not see an appropriate entry select User Defined and enter your Tx and Rx band widths manually Tx Bandwidth Enter your Tx bandwidth in Kbits per second Rx Bandwidth Enter your Rx bandwidth in Kbits per second 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions QoS Section HBK 939800036 A1 70 P RG F4202N QoS Profiles Select the profile that mostly suits your bandwidth usage Each profile entry displays a quote describing what the profile is best used for and the QoS priority levels granted to each bandwidth consumer in this profile Default No QoS preferences P2P User Peer to peer and file sharing applications will receive priority Triple Play User VoIP and video streaming will receive priority Home Worker VPN and browsing will receive priority Gamer Game related traffic will receive priority Priority By Host This entry provides the option to configure which computer in your LAN will receive the highest prio
10. On the Wake Up on LAN section of your P RG F4202N have to select the Inter face you want to use and the MAC address of the PC to Wake Up FIGURE 40 Wake Up on LAN Panel Wake Up on LAN Interface to use LAN Hardware Ethernet Switch WEB SERVER P RG F4202N can operate as a Web server hosting one or more Web sites which are accessible from the LAN or the WAN The advantages of this feature are e The Web site is hosted on P RG F4202N eliminating the need to assign a station on the LAN to act as a Web server or to outsource expensive hosted services e LAN security users from the Internet can access your Web site without entering your LAN e Simple and fast configuration To configure the Web Server fill the following fields e Enabled Select or deselect this check box to enable or disable this feature e WAN Access Select this check box to allow access to your Web server over the Internet 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 127 SOLUTIONS P RG F4202N e Log Requests Select this check box to log connection requests sent to your Web server e HTTP Port The port your Web server uses for HTTP traffic e HTTPS Port The port your Web server uses for HTTPS traffic e Data Allocation Enter the file system path of the P RG F4202N folder containing your Web site s content Each user on the
11. sert them to access to Router s configuration panels 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Router Configuration HBK 939800036 A1 19 P RG F4202N At the first login the Home page will be opened as shown in Figure 0 The Home page contains a menu on the left always available in all the web pages which is the starting point for any Router s configuration The complete menu has the following main items a n NR gt eo 2 YS 10 11 Home it shows a graphical representation of your network Map View it displays the Network Map of attached or configured devices Quick Setup it allows to quickly perform the Router s connection setup Network Connections it shows the status of network connections allowing to modify them or to create new ones Security it allows to set security settings Voice over IP it allows to set VoIP accounts Parental Control it allows to set Parental Control filtering QoS it gathers all QoS parameters and settings Advanced it allows the access to the advanced configuration panels and to define Router parameters devoted to user access log management Router s time Backup Router s configuration etc System Monitoring a menu to show and run diagnostic test for trouble shooting or system behavior analysis and to access to Device Information and Statistics Logout to logout from Router s s
12. LAN Wireless 802 11n Access Point gt gt Advanced Panel LAN Wireless 802 11n Access Point Properties Internet Connection Fastpath Enabled Internet Connection Firewall _ Enabled Additional IP Addresses IP Address Subnet Mask New IP Address Additional IP Addresses You can add alias names additional IP addresses to the gateway by clicking the New IP Address link This enables you to access the gateway using these aliases in addition to the 192 168 1 1 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Network Connections Section HBK 939800036 A1 43 Security section This chapter will describe the Security Section accessible from the Home Page of the P RG F4202N Be aware that any configuration changes could compromise your connectivity The Router s gateway security suite includes comprehensive and robust secu rity services Stateful Packet Inspection Firewall user authentication protocols and password protection mechanisms These features together allow users to connect their computers to the Internet and simultaneously be protected from the security threats of the Internet The firewall has been exclusively tailored to the needs of the residential office user and has been pre configured to provide optimum security The Router s firewall provides both the security and flexibility that home and of fice users seek It provides
13. Layer 2 and or Layer 3 configurable priority field re marking tagging untagging Codecs G 711 a law u law G 729 G 726 G 723 Codecs Control RTP RTCP RFC 1889 SDP RFC 2327 RTP payload for DTMF digits RFC 2833 Voip stacks supported SIP SIPv2 MGCP H323 VoIP Qos Layer 3 QoS control ToS and DSCP for VoIP RTP Prioritization of voice over data at the network stack optional to be quoted a part 144 HBK 939800036 A1 Local and Remote Management Security Environmental Specifications Power Adapter Web GUl based HTTP server Command line Interface CLI based Telnet server FTP and TFTP RFC 1350 57 server Wizard assisted connection setup Broadband Forum TR 069 CPE Management Protocol CWMP Broadband Forum TR 098 Gateway Device v1 1 Data Model Broadband Forum TR 104 DSLHome Provisioning Parameters for VolP CPE Broadband Forum TR 111 Stateful Packet Inspection SPI Firewall IP protocol filtering Access Control Parental control Temperature Operating 0 to 40 C Non Operating 20 to 65 C Relative Humidity Operating 10 to 85 non condensing Non Operating 5 to 95 non condensing European Plug Primary nominal voltage 100V 240V 50 60 Hz Secondary 12VDC 2A HBK 939800036 A1 145 Declaration of Conformity We Pirelli BroadBand Solutions SpA Viale Sarca 222 20126 Milano www Pirelli com Italy
14. P RG F4202N Network Connections Section 25 LAN Bridge 26 LAN Bridge gt gt General 26 LAN Bridge gt gt Settings 27 LAN Bridge gt gt Routing 30 LAN Bridge gt gt Bridging 32 LAN Bridge gt gt Advanced 33 LAN Ethernet 33 LAN Ethernet gt gt General 33 LAN Ethernet gt gt Settings 34 LAN Ethernet gt gt Advanced 35 LAN Wireless 802 11n Access Point 36 LAN Wireless 802 11n Access Point gt gt General 36 LAN Wireless 802 11n Access Point gt gt Settings 37 LAN Wireless 802 11n Access Point gt gt Wireless 38 LAN Wireless 802 11n Access Point gt gt Advanced 43 security Section 44 General 45 Access Control 47 Port Forwarding 48 DMZ Host 51 Port Triggering 52 Web Site Restrictions 52 NAT 53 Connections 54 Advanced Filtering 55 Security Log 56 Voice over IP Section 58 Line Settings 58 Speed Dial 59 Monitoring 60 Advanced 61 Parental Control Section 64 general overview 65 filtering policy 66 advanced options 68 Statistics 69 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions HBK 939800036 A1 P RG F4202N QoS Section 70 General 70 Traffic Priority 72 Traffic Shaping 75 DSCP Settings 76 802 1p Settings 78 Class Statistics 79 Advanced Section 82 About P RG F4202N 83 Backup and Restore 84 Certificates 86 Configuration File 87 DDNS 88 DLNA 89 DNS Server 90 Date and Time 91 Diagnostics
15. Provide Host Name If Not Specified by Client Schedule By default the connection will always be active However you can configure scheduler rules in order to define time segments during which the connection may be active Once a scheduler rule s is defined this field changes to a combo box allowing you to choose between the available rules Network Select whether the parameters you are configuring relate to a WAN LAN or DMZ connection by selecting the connection type from the combo box Physical Address The physical address of the network card used for your network Some cards allow you to change this address MTU MTU is the Maximum Transmission Unit It specifies the largest packet size permitted for Internet transmission In the default setting Automatic the 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 28 HBK 939800036 A1 Network Connections Section P RG F4202N gateway selects the best MTU for your Internet connection Select Automatic by DHCP to have the DHCP determine the MTU In case you select Manual it is recommended to enter a value in the 1200 to 1500 range Internet Protocol Select one of the following Internet protocol options from the Internet Protocol combo box No IP Address Select No IP Address if you require that your gateway have no IP address This can be useful if you are working in an environment where
16. ensure that you use the full URL including the hitp prefix e g http 192 168 1 1 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Troubleshooting HBK 939800036 A1 135 CONNECTING TO THE INTERNET FORGOTTEN P RG F4202N Ensure that you do not have a Web proxy enabled on your computer Go to the Control Panel and click on Internet Options Select the Connections tab and click on the LAN Settings button at the bottom Make sure that the Proxy Server option is unchecked If you cannot browse to the Router use the winipcfg utility in Windows 98 ME to verify that your computer has received the correct address informa tion from the Router From the Start menu choose Run and then enter winipcfg Check that the computer has an IP address of the form 192 168 1 xxx where xxx is in the range 2 254 the subnet mask is 255 255 255 0 and the default Router is 192 168 1 1 the address of the Router If these are not correct use the Release and Renew functions to obtain a new IP address from the Router Under Windows 2000 and Win dows XP use the ipconfig command line utility to perform the same func tions lf you can browse to the Router configuration screens but cannot access sites on the Internet check the following PASSWORD AND RESET TO FACTORY DEFAULTS Confirm that the physical connection between the Router and the fiber line is OK
17. gt gt General Panel Name Device Name Status Network Underlying Device Connection Type Download Rate Upload Rate MAC Address IP Address Subnet Mask IP Address Distribution Received Packets Sent Packets Time Span LAN BRIDGE gt gt SETTINGS LAN Bridge bro Connected LAN LAN Ethernet LAN Ethernet 4 LAN Ethernet 3 LAN Ethernet 2 LAN Ethernet 1 LAN Ethernet 5 LAN Wireless 602 11in Access Point Bridge 100 Mbps 100 Mbps 00 23 8e ef 19 e0 10 0 0 138 Pe te e e e e A h DHCP Server 107386 2044 0 12 52 General This section displays the connection s general parameters It is re commended not to change the default values unless familiar with the network ing concepts they represent Since your gateway is configured to operate with the default values no parameter modification is necessary 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Network Connections Section HBK 939800036 A1 27 00 o 9 m m ZZ U 40 0 0 P RG F4202N FIGURE 3 LAN Bridge gt gt Settings Panel LAN Bridge Properties Device Name Status Schedule Network Connection Type Physical Address MTU Internet Protocol IP Address Subnet Mask Primary DNS Server Secondary DNS Server IP Address Distribution Start IP Address End IP Address Subnet Mask Lease Time in Minutes F
18. the server in the Local Host field Note that unless an additional ex ternal IP address has been added only one LAN computer can be assigned to provide a specific service or application The Protocol combo box lets you select or specify the type of protocol that will be used Selecting the Show All Services option will expand the list of available protocols Select a protocol or add a new one using the User De fined option This will commence a sequence that will add a new service representing the protocol By default the Router will forward traffic to the same port as the incoming port If you wish to redirect traffic to a different port select the Specify op tion The screen will refresh and an additional field will appear enabling you to enter the port number The Schedule combo box allows you to define the time period during which this rule will take effect By default the rule will always be active However you can configure scheduled rules by selecting User Defined Click the OK button to save your changes The Port Forwarding screen will display a summary of the rule that you just added 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 50 HBK 939800036 A 1 Security Section gt 9 m m 00 02 40 0 0 gt ZZ 00 DMZ HOST P RG F4202N The DMZ Demilitarized Host feature allows one local computer t
19. you are not connected to other networks such as the Internet Obtain an IP Address Automatically Your connection is configured by default to act as a DHCP client You should keep this configuration in case your service provider supports DHCP or if you are connecting using a dynamic IP address The server that assigns the gateway with an IP address also assigns a subnet mask You can override the dynamically assigned subnet mask by selecting the Override Subnet Mask and specifying your own mask instead You can press the Release button to release the current leased IP address Once the address has been released the button text changes to Renew Use the Renew button to renew the leased IP address Use the Following IP Address Your connection can be configured using a permanent static IP address Your service provider should provide you with such an IP address and subnet mask DNS Server Domain Name System DNS Server is the method by which Web site domain names are translated into IP addresses You can configure the connection to automatically obtain a DNS server address or specify such an address manually according to the information provided by your ISP If you have previously chosen Obtain an IP Address Automatically a combo box will appear To configure the connection to automatically obtain a DNS server address se lect Obtain DNS Server Address Automatically from the DNS Server drop down menu To
20. Advanced Section accessible from the Home Page of the P RG F4202N Be aware that any configuration changes could compromise your connectivity The Advanced panel collects many functionalities from the operating and con figuration point of view This chapter will describe one by one all icons and re lated features as shown in the following screen shot 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 82 gt 9 m m 49 0 0 ZZ 00 07 H0 HK Advanced About PRGF4202N Date and Time L2TP Server 3 RADIUS Client Scheduler Rules WINS Server FIGURE 1 Backup and Restore Diagnostics of Media Sharing O Reboot B Simple Network Management Protocol SNMP P Wake Up on LAN P RG F4202N Advanced Panel E Certificates Disk Management f E Configuration File X FTP Server S DDNS DLNA 3 amp File Server IP Address Distribution F G 2 PRGF4202N Firmware Se Network Objects Upgrade Print Server EAR 0 Remote Administration Restore Factory Settings Routing SSH System Log 3 Ura Universal Plug and Play G System Settings UMTS Web Server f A DNS Server a IPSec Protocols SSL VPN S Users ABOUT P RG F4202N The About P RG F4202N screen present
21. DHCP Ea Domain Name Servers heticnall iP Address DHCP Client ID i Ji preal Search Domains bOprionall Ethernet Address 00 05 02 36 10 38 Examele apedeceen parthink m Click Apply Now Click on the Register button to save the changes in the Control Panel Enter http 192 168 1 1 in the address bar of your browser to open the P RG F4202N Home Page 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Setting Up Your Computer HBK 939800036 A1 17 P RG F4202N WI FI CONNECTION It requires a computer with 802 11b g n Wi Fi Certified wireless adapter installed 1 Install your wireless adapter according to the manufacturer s instructions and verify that your computer is set to obtain an IP address automatically DHCP mode You will need to properly configure your adapter to communicate with the P RG F4202N according to the configuration rules 2 In the configuration window of your wireless adapter scan the wireless net work marked with the relevant SSID name present in your physical envi ronment 3 Select the SSID of the P RG F4202N 4 Complete the configuration of the wireless adapter with the same parame ters of the P RG F4202N which are e RF channel automatically detect e WEP encryption enable or disable default Disable e WEP key size WEP key used 5 To check the connection connect to the
22. Declare under our own responsibility that the product P RG F4202N P N 151046301 to which this declara tion refers conforms with the relevant standards according to the regulation in Article 3 1 a 3 1 6 and 3 2 of the R amp TTE Directive 1999 5 EEC of the European Community Standards Applied EN 55022 EN 61000 3 2 EN 61000 3 3 EN 301 489 1 EN 301 489 17 EN 300 328 EN 60950 1 National Authorities were informed according to Article 6 4 of Frequency Notification Special Requirements are considered The product is labeled with CE Marking Any unauthorized modification of the product voids this declaration This product can be used in the following countries 146 HBK 939800036 A1 WASTE ELECTRICAL AND ELECTRONIC EQUIPMENT WEEE DIRECTIVE 2002 96 EC X XK This product complies with the WEEE Directive 2002 96 EC marking requirement The affixed product label see above indicates that you must not discard this electrical electronic product in domestic household waste Product category With reference to the equipment types in the WEEE directive Annex 1 this product is clas sified as an IT and telecommunications equipment product Do not dispose in domestic household waste HBK 939800036 A1 147 Glossary 802 11b The IEEE specification for wireless Ethernet which allows speeds of up to 11 Mbps The standard provides for 1 2 5 5 and 11 Mbps data rates The rates w
23. HBK 939800036 A1 Advanced Section P RG F4202N Web Management section select both HTTPS port 443 and 8443 and click OK 4 Back in the SSL VPN screen click the Click Here to Create SSL VPN Us ers link The Users screen appears where you can define a user with the Remote Access by SSL VPN option enabled 5 Inthe SSL VPN screen click the New Shortcut link The Shortcut Wizard screen appears 6 Choose whether to select a host from a given list comprised of DHCP leases that are known to Discus or to manually enter the host s IP address and click Next If you choose From a List the following screen appears Select the host to which you would like to add a shortcut and click Next The next wizard screen appears either with the IP address of a selected host or without an IP address for manual selection 7 In the Application drop down menu select Remote Desktop RDP The screen refreshes displaying the RDP parameters 8 In this screen perform the following e Enter a name for the shortcut e Enter the IP address of the LAN computer on which the RDP will be per formed e Select the Override Default Port option if the LAN computer uses a port other than the application s well known default port An additional field appears in which you must enter the alternative port e f you choose the default setting of requiring the user to specify login in formation when c
24. However the size of the network determines the structure of this IP Address In using the Router you will probably only encounter two types of IP Address and subnet mask structures Type One In a small network the IP address of 192 168 10 8 is split into two parts e Part one 192 168 10 identifies the network on which the device resides e Part two 8 identifies the device within the network This type of IP Address operates on a subnet mask of 255 255 255 0 HBK 939800036 A1 141 Type Two In larger networks where there are more devices the IP address of 192 168 10 8 is again split into two parts but is structured differently e Part one 192 168 identifies the network on which the device resides e Part two 10 8 identifies the device within the network This type of IP Address operates on a subnet mask of 255 255 0 0 How does a Device Obtain an IP Address and Subnet Mask There are three different ways to obtain an IP address and the subnet mask These are e Dynamic Host Configuration Protocol DHCP Addressing e Static Addressing e Automatic Addressing Auto IP Addressing DHCP Addressing The Router contains a DHCP server which allows computers on your network to obtain an IP address and subnet mask automatically DHCP assigns a temporary IP address and subnet mask which gets reallocated once you disconnect from the network DHCP will work on any client Oper
25. IPSec is a series of guidelines for the protection of Internet Protocol IP communications It specifies procedures for securing pri vate information transmitted over public networks The IPSec protocols include AH Authentication Header provides packet level authentication ESP Encap sulating Security Payload provides encryption and authentication IKE Internet Key Exchange negotiates connection parameters including keys for the other two services Services supported by the IPSec protocols AH ESP include confidentiality encryption authenticity proof of sender integrity detection of data tamper ing and replay protection defense against unauthorized resending of data IPSec also specifies meth odologies for key management Internet Key Exchange IKE the IPSec key management protocol defines a series of steps to establish keys for encrypting and decrypting information it defines a common language on which communi cations between two parties is based Developed by the Internet Engineering Task Force IETF IPSec and IKE together standardize the way data protection is performed thus making it possible for security systems developed by differ ent vendors to interoperate Access this feature either from the VPN menu item under the Services tab or by clicking its icon in the Advanced screen The Internet Protocol Security IP Sec screen appears Block Unauthorized IP Select the Enabled check box to bl
26. Page Instructions 136 HBK 939800036 A1 Troubleshooting WIRELESS NETWORKING P RG F4202N Ensure that you have an 802 11b 802 11g or 802 11n wireless adapter for each wireless computer and that it is correctly installed and configured Ver ify that each Wireless computer has either Windows 98SE or higher or MAC OS 10 x or higher If you have a wired and a wireless NIC in the same computer ensure that the wired NIC is disabled Check the status of the Router Wireless LED Ensure that the TCP IP settings for all devices are correct Ensure that the Wireless Clients are using the same SSID or Service Area Name as the Router The SSID is case sensitive Ensure that the encryption method and level that you use on your clients are the same as those configured on the Router The Router cannot simultane ously support WPA and WEP encryption Ensure that you have the Wireless computer enabled in the list of allowed MAC addresses if you are using MAC Address Filtering on the Router If you are having difficulty connecting or are operating at a low speed try changing the antenna positions on the rear of the Router For more effective coverage you can try reorientating your antenna Additionally consider mov ing the wireless computer closer to the Router to confirm that the building structure or fittings are not adversely affecting the connectivity If this re solves the problem consider relocating the Wireless computer or the Rou
27. Phone Wiring Wireless PC ROUTER ADVANTAGES The advantages of the Router include e Shared Internet connection for both wired and wireless computers e High speed 802 11b g n wireless networking 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Introduction HBK 939800036 A1 5 MINIMUM SYSTEM AND COMPONENT REQUIREMENTS P RG F4202N No need for a dedicated always on computer serving as your Internet con nection Cross platform operation for compatibility with Microsoft Windows and Ap ple MAC computers see Technical description for supported platforms Easy to use Web based setup and configuration Centralization of all network address settings DHCP a Virtual server to enable remote access to Web FTP and other services on your network a Security Firewall protection against Internet hacker attacks and encryp tion to protect wireless network traffic VoIP functionalities supporting existing analog phones Communication fallback of to analog lines in case of power or hardware faults if supported by your network operator a multi language GUI Your Router requires the computer s and components in your network to be configured with at least the following A computer with the Operating Systems that support TCP IP networking pro tocols Microsoft Windows 98SE Windows ME Windows 2000 Windows XP 32bit Windows Vista Wind
28. Router s default DHCP server is the LAN bridge 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 97 P RG F4202N A client host sends out a broadcast message on the LAN requesting an IP ad dress for itself The DHCP server then checks its list of available addresses and leases a local IP address to the host for a specific period of time and simultane ously designates this IP address as taken At this point the host is configured with an IP address for the duration of the lease The host can choose to renew an expiring lease or let it expire If it chooses to renew a lease then it will also receive current information about network ser vices as it did with the original lease allowing it to update its network configura tions to reflect any changes that may have occurred since it first connected to the network If the host wishes to terminate a lease before its expiration it can send a release message to the DHCP server which will then make the IP ad dress available for use by others Your gateway s DHCP server e Displays a list of all DHCP host devices connected to the Router e Defines the range of IP addresses that can be allocated in the LAN e Defines the length of time for which dynamic IP addresses are allocated e Provides the above configurations for each LAN device and can be config ured and enabled disabled sepa
29. Underlying Device Wireless Extenders Wireless Extenders Wireless Extenders Connection Hardware Ethernet Wireless 802 11g Wireless Extenders Point Virtual A Point Virtual JA Point Virtual AP Type Bridge Switch Access Point USB Access Point AP AP Sse 54 MB 12 MB 54 MB 54 MB 54 MB 54 MB Upload Rate 54 MB 12 MB 54 MB 54 MB 54 MB 54 MB MAC Address 38 ec 1b 3f c8 93 38 ec 1b 3f c8 94 38 ec 1b 3f c8 95 38 ec 1b 3f c8 96 192 168 1 1 IP Address 1 111 Subnet Mask 255 255 255 0 IP Address DHCP Server Disabled Disabled Disabled Distribution Encryption Disabled Disabled Received packas 2009 1911 0 Sent Packets 4537 2955 872 Received Bytes 569380 566183 Sent Bytes 1268785 2368568 Receive Errors Drops Time Span Close Automatic Refresh Off Reset Statistics Refresh SYSTEM LOG The Log screen displays a list of the most recent activity that has taken place on the Router 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 132 HBK 939800036 A 1 System Monitoring Section P RG F4202N FIGURE 2 System Log Panel System Log Press the Refresh button to update the data Component New Filter Apply Filters Reset Filters Time Component Severity Details Jan 1 02 24 11 LibJutil Warning estream Cannot read from fd 48 Connection reset by peer 131 aS ae 02 21 06 LibJutil Warning estream Cannot read from fd 44 Connectio
30. be granted access to your home network Protect L2TP Connection by IPSec By default the L2TP connection is not protected by the IP Security IPSec protocol Check this option to enable this feature When enabled the following entry appears Create Default IPSec Connection When creating an L2TP Server with the connection wizard a default IPSec connection is created to protect it If you wish to disable this feature uncheck this option However note that if L2TP pro tection is enabled by IPSec see previous entry you must provide an alterna tive active IPSec connection in order for users to be able to connect When this feature is enabled the following entry appears 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 100 HBK 939800036 A1 Advanced Section P RG F4202N L2TP Server IPSec Shared Secret You may change the IPSec shared secret provided when the connection was created in this field Remote Address Range Use the Start IP Address and End IP Address fields to specify the range of IP addresses that will be granted by the L2TP server to the L2TP client FIGURE 18 IPSec Panel Layer 2 Tunneling Protocol Server L2TP Server Server Enabled Click here to create WPN users Protect L2TP Connection by IPSec Remote Address Range End IP Address Connections Name Status Action MEDIA SHARING Discus Media Sharing solution enab
31. computer s login username and password to gain RDP control If an RDP screen fails to load check that JRE is properly installed on the client computer FIGURE 31 SSL VPN Panel SSL VPN General Enable SSL VPN Portal Click here to allow incoming HTTPS access Click here to create SSL VPN users Greeting Message Welcome to Discus SSL WPN Portal Application Inactivity Timeout in Seconds Restrict Access Only to the Global Shortcuts Global Shortcuts Name Application IP Address Action New Shortcut z SCHEDULER RULES Scheduler rules are used for limiting the activation of Firewall rules to specific time periods specified in days of the week and hours To define a Rule 1 Click the Scheduler Rules icon in the Advanced screen of the Web base Management The Scheduler Rules screen will appear 2 Click the New Scheduler Entry link The Scheduler Rule Edit screen will appear 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 116 HBK 939800036 A1 Advanced Section Scheduler Rules new Rule New Entry SIMPLE NETWORK P RG F4202N 3 Specify a name for the rule in the Name field 4 Specify if the rule will be active inactive during the designated time period by selecting the appropriate Rule Activity Settings check box 5 Click the New Time Segment Entry link to define the time segment to
32. gain access to all system settings and parameters using a browser Both secure HTTPS and non secure HTTP access is available Allow Incoming WAN Access to the Telnet Server Used to create a com mand line session and gain access to all system settings and parameters using a text based terminal SSH Server Similar to Telnet this protocol is used to create a secured com mand line session and gain access to all system settings and parameters Diagnostic Tools Used for troubleshooting and remote system management by you or your Internet Service Provider The utilities that can be used are Ping and Traceroute over UDP TR 069 TR 069 is a WAN management protocol intended for communication between Customer Premise Equipment CPE and an Auto Configuration Server ACS It defines a mechanism that encompasses secure auto configura tion of a CPE and also incorporates other CPE management functions into a common framework TR 064 As residential gateways offer increasingly complex services customer premise installation and configuration increase the operators operational costs DSL Forum s LAN Side DSL CPE Configuration protocol known as TR 064 provides a zero touch solution for automating the installation and configuration of gateways from the LAN side 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 109 P
33. if the computer has disconnected from the network If it has the server may reassign this IP address to a newly connected computer This feature ensures that IP addresses that are not in use will become available for other computers on the network Provide Host Name if Not Specified by Client If the DHCP client does not have a host name the gateway will automatically assign one for him DHCP Relay Your gateway can act as a DHCP relay in case you would like to dynamically assign IP addresses from a DHCP server other than your gate way s DHCP server Note that when selecting this option you must also change Router s WAN to work in routing mode 1 After selecting DHCP Relay from the drop down menu a New IP Address link will appear Click the New IP Address link The DHCP Relay Server Address screen will appear 2 Specify the IP address of the DHCP server 3 Click OK to save the settings Disabled Select Disabled from the combo box if you would like to statically assign IP addresses to your network computers You can choose to setup your gateway to use static or dynamic routing Dy namic routing automatically adjusts how packets travel on the network whereas static routing specifies a fixed routing path to neighboring destinations 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 30 HBK 939800036 A1 Network Connections Section
34. or a Hex value by selecting the value type in the combo box pro vided Encryption Algorithm The encryption algorithm used for WPA and WPA2 is a either the Temporal Key Integrity Protocol TKIP or the Advanced Encryption Standard AES Group Key Update Interval It defines the time interval in seconds for updating a group key 802 1x WEP 802 1x WEP is a data encryption method utilizing a statically or automatically defined key for wireless clients that use 802 1x for authentication and WEP for encryption You may define up to four keys but use only one at a time Generate Keys Automatically Select this option to generate the encryption keys automatically rather than entering them manually The screen will refresh hiding the table of keys described below 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Network Connections Section HBK 939800036 A1 41 P RG F4202N Group Key Update Interval Defines the time interval in seconds for updating a group key Active Select the encryption key to be activated Encryption Key Type the encryption key until the entire field is filled The key cannot be shorter than the field s length Entry Method Select the character type for the key Hex or ASCII Key Length Select the key length in bits 40 or 104 bits Key Length Select the key length in bits 40 or 104 bits Non 802 1x WEP Non 802 1xWEP is a data enc
35. present traffic in either direction Off Wireless functionality disabled 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Introduction HBK 939800036 A1 P RG F4202N REAR PANEL The rear panel of the Router contains a reset button a power adapter socket four LAN ports two USB Host port two FXS ports Do not force the antenna beyond its mechanical stops Rotating the antenna further may cause dam age FIGURE 4 Rear Panel Ports A B Cc D F TABLE 3 Port Description PORT DESCRIPTION A Fiber connector B port Four Ethernet ports 10 100 Mbps C ports USB 2 0 Host ports D FXS E Power connector F Reset to factory default button Power button located on the side of the device 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 8 HBK 939800036 A1 Introduction Hardware Installation INTRODUCTION A This chapter will guide you through a basic installation of the Router including 1 Positioning the P RG F4202N 2 Connecting the Router to your network 3 Setting up your computer for networking with the Router Please read carefully the Safety Information in Appendix A POSITIONING THE ROUTER You should place the Router in such a location to ensure that e tis located near an electrical outlet and the fiber socket e Water or moisture cannot enter the
36. save the settings FIGURE 5 802 1p Settings Panel N 802 1p Settings i 802 1p Value Queue 0 Low koa Queue 1 Medium 0 1 2 3 4 5 6 T CLASS STATISTICS P RG F4202N provides you with accurate real time information on the traffic moving through your defined device classes For example the amount of pack ets sent dropped or delayed are just a few of the parameters that you can monitor per each shaping class 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions QoS Section HBK 939800036 A1 79 SOLUTIONS P RG F4202N To view your class statistics click Class Statistics under the QoS tab in the Services screen The following screen will appear Note that class statistics will only be available after defining at least one class otherwise the screen will not present any information FIGURE 6 Class Statistics Panel Class Statistics Packets Sent Bytes Sent Packets Dropped Packets Delayed Rate bytes s rere Glose_ _Automatic Refresh Off 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 80 HBK 939800036 A1 QoS Section P RG F4202N 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions QoS Section HBK 939800036 A1 81 Advanced section This chapter will describe the
37. screen will appear 2 Enter the local IP address of the computer that you would like to designate as a DMZ host and select the check box Note that only one LAN computer may be a DMZ host at any time 3 Click OK to save the settings 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Security Section HBK 939800036 A1 51 PORT TRIGGERING Security General ol Forwarding P RG F4202N Port triggering can be used for dynamic port forwarding configuration By setting port triggering rules you can allow inbound traffic to arrive at a specific LAN host using ports different than those used for the outbound traffic This is called port triggering since the outbound traffic triggers to which ports inbound traffic is directed For example consider a gaming server that is accessed using UDP protocol on port 2222 The gaming server responds by connecting the user using UDP on port 3333 when starting gaming sessions In such a case you must use port triggering since this scenario conflicts with the following default firewall settings e The firewall blocks inbound traffic by default e The server replies to the Router s IP and the connection is not sent back to your host since it is not part of a session In order to solve this you need to define a Port Triggering entry which allows inbound traffic on UDP port 3333 only after a LAN host ge
38. select the WPA mode encryption WPA WPA is a data encryption method for 802 11 wireless LANs Pre Shared Key Enter your encryption key in the Pre Shared Key field You can use either an ASCII or a Hex value by selecting the value type in the combo box provided ADMINISTRATOR In this section it is necessary to specify the administrator s e mail in the E mail field System alerts and notifications are sent to this address 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 24 HBK 939800036 A1 Quick Setup Section Network Connections section This chapter will describe the Network Connections Section accessible from the Home Page of the P RG F4202N Be aware that any configuration changes could compromise your connectivity This section see Figure 1 is intended to present a summary of the Router s connections such as WAN and LAN i e Ethernet Wireless interfaces P RG F4202N supports various network connections both physical and logical The Network Connections screen enables you to configure the various parame ters of your physical connections the LAN and WAN and create new connec tions using tunneling protocols over existing connections such as PPP and VPN Press the Advanced button to expand the screen and display all connection entries 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursu
39. simplicity of using a standard Web browser The unparalleled advantage of SSL VPN is its zero configuration on the client s end Remote users can simply browse to Discus from any computer in the world and run applications on its LAN computers However since SSL VPN is not a tunnel such as PPTP or IPSec only pre defined applications may be used When using this feature non administrator remote users browsing to Discus will be routed to the SSL VPN Portal This portal will present them each with their list of applications Setting up a Remote Desktop RDP application over SSL VPN in order to re motely connect and control a computer inside Discus LAN consists of two stages creating a remote desktop global shortcut and launching the applica tion from a remote computer via the SSL VPN portal To create an RDP shortcut perform the following 1 Access the Secure Socket Layer VPN SSL VPN settings either from its link under the VPN menu item of the Services screen or by clicking the SSL VPN icon in the Advanced screen 2 To enable SSL VPN select the Enabled check box and click Apply The screen refreshes adding a link to the SSL VPN Portal 3 Click the Click Here to Allow Incoming HTTPS Access link The Remote Administration screen appears In the Allow Incoming WAN Access to 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 114
40. the combo box the screen will refresh presenting the respective fields by which to enter the relevant information 4 Select a method and enter the source address accordingly 5 Click OK to save the settings PPTP SERVER P RG F4202N can act as a Point to Point Tunneling Protocol Server PPTP Server accepting PPTP client connection requests This screen enables you to configure Enabled Select or deselect this check box to enable or disable this feature Note that checking this box creates a PPTP server if not yet created with the wizard but does not define remote users Click Here to Create VPN Users Click this link to define remote users that will be granted access to your home network Remote Address Range Use the Start IP Address and End IP Address fields to specify the range of IP addresses that will be granted by the PPTP server to the PPTP client 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 103 SB ROA DP BSB A MS S Oo WW TI i Oon S P RG F4202N FIGURE 21 PPTP Server Panel Point to Point Tunneling Protocol Server PPTP Server Server Enabled Click here to create VPN users Remote Address Range Start IP Address End IP Address Connections Name P RG F4202N FIRMWARE UPGRADE id bi FF Status Action P RG F4202N offers a built in mechanism for upgrading
41. user hereof nor a warranty or guarantee with regard to any of the Pirelli products described herein nor shall it be construed to grant a license or any other rights under any proprietary rights to information or material included herein Pirelli hereby expressly disclaims any warranty or guarantee whether express or implied with regard to items described herein Any contract license or warranty between Pirelli and the user hereof is created solely by separate legal documents Manual Code HBK 939800036 A1 P RG F4202N CONTENTS Welcome 1 About this Guide 1 Naming Convention 1 Conventions 1 Introduction 3 Introduction 3 Package Contents 3 Router Advantages 5 Minimum System and Component Requirements 6 Front Panel 7 Rear Panel 8 Hardware Installation 9 Introduction 9 Positioning the Router 9 Powering up the router 10 Connecting the Router 10 setting Up Your Computer 12 Ethernet Connection 12 Ethernet Connection gt gt TCP IP Protocol Installation 12 Ethernet Connection gt gt MS Windows 98SE ME 2000 13 Ethernet Connection gt gt MS Windows XP 15 Ethernet CONNECTION gt gt Windows vista 16 Ethernet Connection gt gt MAC OS 10 X 17 Wi Fi connection 18 Router Configuration 19 Introduction 19 Quick Setup Section 23 Wireless 24 Administrator 24 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions HBK 939800036 A1
42. 00 to 1500 range Wireless Access Point Use this section to define the basic wireless access point settings SSID The SSID is the network name shared among all points in a wireless network The SSID must be identical for all points in the wireless network It is case sensitive and must not exceed 32 characters use any of the characters on the keyboard Make sure this setting is the same for all points in your wire less network For added security you should change the default SSID openrg to a unique name 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 38 HBK 939800036 A1 Network Connections Section P RG F4202N FIGURE 12 LAN Wireless 802 11n Access Point gt gt Wireless Panel ZN b LAN Wireless 802 11n Access Point Properties 9 Wireless Network SSID SSID Broadcast 802 11 Mode Data Channel Network Authentication MAC Filtering Mode 802 1in EWC Bandwidth 802 11in Rate 802 11bg Rate 802 11n Protection Support 802 11n Client Only Inter Client Privacy MAC Filtering Table New MAC Address Authentication Method Pre Shared Key Encryption Algorithm Group Key Update Interval Wireless QoS WMM Pre Shared Key lagivUn8J9geD TKIP v Seconds Enabled Ack Policy Transmit Power Frame Burst Max Number Frame Burst Burst Time Beacon Interval DTIM Interval Fragmen
43. 93 Disk Management 95 ftp server 96 File Server 96 IP Address Distribution 97 lpsec 99 I2to server 100 media sharing 101 Network Objects 102 pptp server 103 P RG F4202N Firmware Upgrade 104 Print Server 106 Protocols 106 RADIUS 107 Reboot 108 Remote Administration 108 Restore Defaults 111 Routing 111 SSH 113 ssl vpn 114 Scheduler Rules 116 Simple network management protocol 117 system log 118 system Settings 120 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions HBK 939800036 A1 lil P RG F4202N umts 123 Universal Plug and Play 123 Users 124 WINS Server 126 Wake Up on LAN 127 Web Server 127 system Monitoring Section 131 Network Connections 131 system Log 132 CPU 133 Troubleshooting 135 Basic Connection Checks 135 Browsing to the Router Configuration Screens 135 Connecting to the Internet 136 Forgotten Password and Reset to Factory Defaults 136 Wireless Networking 137 Frequently Asked Questions 138 Safety Information 139 IP Addressing 141 Technical Specifications 143 Glossary 149 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions HBK 939800036 A1 Welcome ABOUT THIS GUIDE NAMING CONVENTION CONVENTIONS This guide describes how to install and configure the P RG F4202N This guide is intended for use by those responsible for instal
44. AULTS You may sometimes wish to restore the Router s factory default settings This may happen for example when you wish to build a new network from the be ginning or when you cannot recall changes made to the network and wish to go back to the default configuration To restore default settings 1 Click the Restore Defaults icon in the Advanced screen of the Web based Management The Restore Defaults screen will appear 2 Press OK to restore Discus factory default settings FIGURE 28 Restore Defaults Panel Restore Defaults The following items will be set to default User Defined Settings Network Connections All connected DHCP clients will need to request new IP addresses Also Discus will have to reboot Are you sure you want to restore Discus manufacturer defaults OK Cancel ROUTING Access the Router s routing settings by clicking the Routing icon from the Ad vanced screen The basic Routing screen will appear Press the Advanced button to view the full routing settings Routing Table You can add edit and delete routing rules from the routing table Click the New Route link The Route Settings screen will appear When adding a routing rule you need to specify the following Name Select the network device Destination The destination is the destination host subnet address network address or default route The destination for a default route is 0 0 0 0 Netmask The
45. Control Protocol Internet Protocol TCP IP is probably the most widely known and is a combination of two of the protocols IP and TCP working together TCP IP is an internation ally adopted and supported networking standard that provides connectivity between equipment from many vendors over a wide variety of networking technologies Managing the Router over the NetworK To manage a device over the network the Router must be correctly configured with the following IP informa tion e An IP address e A Subnet Mask IP Addresses and Subnet Masks Each device on your network must have a unique IP address to operate correctly An IP address identifies the address of the device to which data is being sent and the address of the destination network IP ad dresses have the format n n n x where n is a decimal number between 0 and 255 and x is a number between 1 and 254 inclusive However an IP Address alone is not enough to make your device operate In addition to the IP address you need to set a subnet mask All networks are divided into smaller sub networks and a subnet mask is a num ber that enables a device to identify the sub network to which it is connected For your network to work correctly all devices on the network must have e The same sub network address e The same subnet mask The only value that will be different is the specific host device number This value must always be unique An example IP address is 192 168 10 8
46. DNS service enables you to alias a dynamic IP address to a static hostname allowing your computer to be more easily accessible from various locations on the Internet Typically wnen you connect to the Internet your service provider assigns an unused IP address from a pool of IP ad dresses and this address is used only for the duration of a specific connection Dynamically assigning addresses extends the usable pool of available IP ad dresses whilst maintaining a constant domain name When using the DDNS service each time the IP address provided by your ISP changes the DNS database will change accordingly to reflect the change In this way even though your IP address will change often your domain name will remain constant and accessible 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 88 HBK 939800036 A1 Advanced Section BS ROA DW Ba MI D Ss OLUTIO NS P RG F4202N FIGURE 8 DDNS Personal Domain Name Dynamic DNS Host Name Status Provider User Name Action New Dynamic DNS Entry i Press the Refresh button to update the status In order to use the DDNS feature you must first obtain a DDNS account For example you can open a free account at DLNA http www dyndns org account create html When applying for an account you will need to specify a user name and password This functionality allows you to configure your DLNA parameters DLNA allows en
47. G F4202N FIGURE 37 Universal Plug and Play Panel Universal Plug and Play Allow Other Network Users to Control Discus s Network Features Enable Automatic Cleanup of Old Unused UPnP Services WAN Connection Publication Publish Oniy the Main WAN Connection USERS You can add edit and delete users You may also group users according to your preferences To access the user settings click the Users icon in the Ad vanced screen The Users screen will appear This screen lists the users and groups defined in the Router The Administrator is a default user provided by the system FIGURE 38 Users Panel Users Full Name Permissions Pes eee Administrator Permissions rica Michosol Pik and Pinker Sharing ones New User Users New Group To add a new user click the New User link The User Settings screen will ap pear e Full Name The remote user s full name e User Name The name that a user will use to access your network 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 124 HBK 939800036 A1 Advanced Section P RG F4202N New Password The user s password Retype New Password If a new password is assigned type it again to verify its correctness Primary Group This check box will only appear after a user is defined ena bling you to select the primary group to which this user will belong Permissions Select
48. LAN can configure a private Web page which can be reached by browsing to http openrg home lt username gt This path will be mapped to a sub directory of the users home directory on P RG F4202N To set a private Web page 1 Verify that the User Home Directory option is enabled in the user s account settings screen for more information refer to Section 6 3 1 2 In the User Private Web Page section of the Web Server screen select the Enabled check box 3 Inthe Data Location field enter the user s sub directory containing the Web site s content 4 Click OK to save the settings You can configure any number of additional Web sites on the P RG F4202N Web server Each of these sites will appear to the Internet user as if they are located on separate hosts This method is referred to as Virtual Hosts In addition you can add any number of aliases to each virtual host Browsers from within the LAN will reach your Web sites directly However to provide external access to your sites you will have to register domain names These domain names must be mapped to P RG F4202N WAN IP address by the DNS To configure additional Web sites 1 In the Virtual Hosts section of the Web server screen click the New Entry link 2 Inthe Server Name field type the Web site s domain name 3 In the Data Location field type the file system path to the P RG F4202N folder containing the Web site s content 4 To add an alias to
49. Mbps 00 23 8e ef 19 e1 Disabled 6146 6123 0 37 25 General This section displays the connection s general parameters It is re commended not to change the default values unless familiar with the network ing concepts they represent Since your gateway is configured to operate with the default values no parameter modification is necessary 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 34 HBK 939800036 A1 Network Connections Section P RG F4202N FIGURE 8 LAN Ethernet gt gt Settings Panel LAN Ethernet Properties Settings Se Device Name bcmsw Status Connected Schedule Network Connection Type Ethernet Physical Address o ja ye Yer o Yer Network Select whether the parameters you are configuring relate to a WAN LAN or DMZ connection by selecting the connection type from the combo box Physical Address The physical address of the network card used for your network Some cards allow you to change this address MTU MTU is the Maximum Transmission Unit It specifies the largest packet size permitted for the transmission In the default setting Automatic the gate way selects the best MTU for your Internet connection Select Automatic by DHCP to have the DHCP determine the MTU In case you select Manual it is recommended to enter a value in the 1200 to 1500 range LAN ETHERNET gt gt
50. P RG F4202N Home Page entering http 192 168 1 1 in the address bar of your browser 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 18 HBK 939800036 A1 Setting Up Your Computer Router Configuration INTRODUCTION The Router setup program is web based which means that it is accessed through your web browser To access to Router s web server 1 Launch your web browser on the computer 2 Enter the following URL in the location or address field of your browser http 192 168 1 1 The Router comes with a default IP address 192 168 1 1 If you change it please take note of the new Router s IP address otherwise a Reset to Factory Default operation should be done to be able to access again to the Router Access to router configuration pages is controlled through user accounts The default one is the admin user with unrestricted access to change and view con figuration of the Router The default username and password are both set to admin It is recommended to change these de fault values Make sure you remember your user name and password since this is the only way you will be able to manage your Router You will be asked to choose the Router interface language between English French Russian Spanish Korean Traditional Chinese Japanese German ltalian and Simplified Chinese and to insert a User Name and a Password in
51. P RG F4202N supports SSH connection requests from LAN clients with administrative permissions When connected a secured command line session will grant a user access to all system settings and parameters This service can also be opened to WAN clients Click the SSH icon in the Advanced screen of the Web based management The SSH screen will appear Enabled Check or un check this box to enable or disable this feature Status This feature is enabled by default and its status appears as Running This status will change reflecting actions performed Host Keys Host keys are used to identify the Router to incoming SSH connec tion requests You may wish to use new keys instead of the old ones To do so 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 113 BROADBAND S Oo LWW TIion S P RG F4202N press the Recreate button The status will change to Generating Host Keys until the keys are created and saved in the Router s configuration file FIGURE 30 SSH Panel SSH F Enabled E Allow Incoming WAN Access SSH Server Port 22 Status Running Host Keys Recreate OK Apply Cancel Refresh SSL VPN Secure Socket Layer Virtual Private Network SSL VPN provides simple and secure remote access to home and office network resources It provides the se curity level of IPSec but with the
52. Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 40 HBK 939800036 A1 Network Connections Section P RG F4202N Encryption Algorithm Select between Temporal Key Integrity Protocol TKIP and Advanced Encryption Standard AES for the encryption algorithm Group Key Update Interval It defines the time interval in seconds for updating a group key WPA2 WPA2Z is an enhanced version of WPA and defines the 802 111 proto col Authentication Method Select the authentication method you would like to use You can choose between Pre Shared Key and 802 1x Pre Shared Key This entry appears only if you had selected this authentication method Enter your encryption key in the Pre Shared Key field You can use ei ther an ASCII or a Hex value by selecting the value type in the combo box pro vided Encryption Algorithm The encryption algorithm used for WPAZ2 is the Ad vanced Encryption Standard AES Group Key Update Interval It defines the time interval in seconds for updating a group key WPA and WPA2 Mixed Mode WPA and WPA2 is a mixed data encryption method Authentication Method Select the authentication method you would like to use You can choose between Pre Shared Key and 802 1x Pre Shared Key This entry appears only if you had selected this authentication method Enter your encryption key in the Pre Shared Key field You can use ei ther an ASCII
53. RG F4202N FIGURE 27 Remote Administration Panel Remote Administration A Allowing remote administration to PRGAV4202N is a security risk C Using Primary HTTP Port 80 C Using Secondary HTTP Port 8080 C Using Primary HTTPS Port 443 C Using Secondary HTTPS Port 8443 Allow Incoming WAN Access to the Telnet Server C Using Primary Telnet Port 23 C Using Secondary Telnet Port 8023 Using Secure Telnet over SSL Port 992 Enable SSH Server on Port 22 Allow Incoming WAN Access C Enabled C Allow Incoming WAN Access to SNMP C Allow Incoming WAN ICMP Echo Requests e g pings and ICMP traceroute queries C Allow Incoming WAN UDP Traceroute Queries Enabled Connection Request Port 7547 Username Password Connection Request Username Connection Request Password Connection Request URL Accept TR69 on Interface SSL Mode Enabled Additional Jnet Ports C Allow Jnet Commands From Remote Upgrade Server Remote Upgrade Server URL http www telekom at staticFiles telekom Privatkunden _downloads openRG rmt C Enable Incoming Jnet Requests to Port 7020 E Allow Incoming WAN Access to Jnet _ Enable Incoming Jnet SSL Requests to Port 7021 _ Allow Incoming WAN Access to IJnet SSL 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 110 HBK 939800036 A1 Advanced Section P RG F4202N RESTORE DEF
54. When selecting a protocol from the combo box the screen will refresh presenting the respective fields by which to enter the relevant information Select a protocol and enter the relevant information Click OK to save the settings 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 106 HBK 939800036 A1 Advanced Section FIG P RG F4202N URE 24 Protocols Panel Protocols Protocols Ports Action FTP TEP Any gt 21 amp HTTP TCP Any gt 80 amp HTTPS TCP Any gt 443 A amp IMAP TCP Any gt 143 amp L2TP UDP Any gt 1701 amp Ping ICMP Echo Request amp POPS TCP Any gt 110 amp SMTP TCP Any gt 25 amp SNMP UDP Any gt 161 amp Telnet TCP Any gt 23 amp TFTP UDP 1024 65535 gt 69 amp Traceroute UDP 32769 65535 gt 33434 33523 i i New Entry qP Close Advanced gt gt RADIUS For authentication to work the client s transmission must go through the Router and reach the back end server that performs the actual authentication The wireless client contacts the access point which in turn communicates with the Remote Authentication Dial in User Service RADIUS server The RADIUS server verifies the client s credentials to determine whether the device is author ized to connect to the LAN If the RADIUS server accepts the client the server res ponds by exchanging data with the R
55. a managed professional level of network security while enabling the safe use of interactive applications such as Internet gaming and video conferencing Additional features including surfing restrictions and access control can also be easily configured locally by the user through a user friendly Web based inter face or remotely by a service provider The Router firewall supports advanced filtering designed to allow comprehen sive control over the Firewall s behavior You can define specific input and out 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Security Section HBK 939800036 A1 44 GENERAL P RG F4202N put rules control the order of logically similar sets of rules and make a distinc tion between rules that apply to WAN and LAN network devices Use the General screen to configure the gateway s basic security settings The firewall regulates the flow of data between the home network and the Inter net Both incoming and outgoing data are inspected and then either accepted allowed to pass through the Router or rejected barred from passing through the Router according to a flexible and configurable set of rules These rules are designed to prevent unwanted intrusions from the outside while allowing home users access to the Internet services that they require The firewall rules specify what types of services available on the Internet may
56. a new term at the place where it is defined in the text e Identify menu names menu commands and software button names Examples From the Help menu select Contents Click OK 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions HBK 939800036 A1 Welcome Introduction INTRODUCTION PACKAGE CONTENTS The P RG F4202N is designed for sharing a single broadband Internet connec tion between several wired and wireless computers The Router also provides protection in the form of an electronic firewall preventing anyone outside of your network from seeing your files or damaging your computers The Router offers VoIP functionalities through 2 VoIP channels allowing you to use existing analog phones and a fallback to old telephony at loss of power WAN Internet or VoIP The P RG F4202N is an Optical Fiber router targeted to residential environ ments and SOHO customers that provides routed broadband services from a single and modular access point The P RG F4202N is the ideal solution for 1 Connecting multiple PCs and Video game consoles 2 Sharing broadband internet connections with all home computers 3 Sharing printers and peripherals 4 Performing VoIP connections Your new P RG F4202N Fiber Router kit contains the related hardware and software In it you will find 1 One P RG F4202N unit 2 One Switching Power Supply adapter 3 One Et
57. ade from WAN DNS Concurrent DNS query DNS Router Add route rules according to which dns server answer queries Domain routing Route according to domains listed on a device Dynamic DNS Email Notification HTTP Proxy Generic Proxy URL Keyword Filtering SurfControl 802 1X 802 1X MD5 Internal Authentication 802 1X TTLS Internal Authentication 802 1X TLS Internal Authentication RADIUS Client External Authentication DHCP Server DHCP Client DHCP Relay Agent Static HTML Management Web Based Management TimeZone support HTTP Server Telnet Server SysLog Command Line Interface TOD Client SNTP Server File Server SSH Print Server Microsoft Shared Printing Internet Printing Voice Over IP SIP Signalling MGCP Signalling Remote Update Management Remote Management Server Event Logging WINS Server FTP Server Web Server File System Backup and Restore OpenRG QOS support 802 ip to DSCP translate Routing over multiple WAN devices support Routing by DSCP value Load Balancing Fail over of multiple WAN interfaces IPIP and IPGRE Tunnels VPN over SSL Remote Server Logging Close The P RG F4202N backup facility allows backing user and system data to ex ternal USB disks connected to the router You may specify backups to run automatically at scheduled times Two preliminary conditions must be met before enabling the backup mecha nism e The file server feature must be activated and configured e The file server must be
58. an application server with which you wish to connect such as a security server requires that packets have a specific IP address you can define a NAT rule for that address FIGURE 7 NAT panel NAT NAT IP Addresses Pool IP Address New IP Address NAT NAPT Rule Sets Destination Rule ID Source Address Add Action Ethernet_over_ATM Rules New Entry CONNECTIONS The connection list displays all the connections that are currently open on the firewall as well as various details and statistics You can use this list to close undesired connections by clicking their Remove action icons The basic display includes the name of the protocol the different ports it uses and the direction of traffic secured Press the Advanced button to display a more detailed connection list which in cludes the connection s time to live number of kilo bytes and packets received and transmitted the device type and the routing mode 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 54 HBK 939800036 A1 Security Section iReLu B R D BAND 5 TIONS Connections Active Connections P RG F4202N Use the Connections Per Page combo box to select the number of connections to display at once The Approximate Max Connections value represents the amount of additional concurrent connections possible FIGURE 8 Connections panel Approxim
59. and that the WAN LED on the Router is GREEN on Ensure that you have entered the correct information into the Router configu ration screens as required Use the Internet Settings screen to verify this Check that the user name and password are correct Ensure that your computers are not configured to use a Web proxy On Win dows computers this can be found under Control Panel gt Internet Options gt Connections If you can browse to the Router configuration screen but cannot log on because you do not know or have forgotten the password follow the steps below to reset the Router to it s factory default configuration All your configuration changes will be lost and you will need to configure again your network before A you can re establish your Router connection to the Internet Also other computer users will lose their ient n oe P NS network connections whilst this process is taking place so choose a time when this would be conven Switch off the Router Disconnect all your computers and the telephone line from the Router Re apply power to the Router and wait for it to finish booting up Press the Reset button on the rear panel for a while The Router will restart and when the start up sequence has completed browse to http 192 168 1 1 and configure your network Reconnect your network as it was before 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover
60. ant to Cover Page Instructions Network Connections Section HBK 939800036 A1 25 P RG F4202N FIGURE 1 Network Connections Panel P l Pa Network Connections Name Status Action LAN Bridge Connected A amp kN WAN PPPoE Waiting for Underlying Connection WAN ETHoA Down w 4 Mew Connection qP LAN BRIDGE The LAN bridge connection is used to combine several LAN devices under one virtual network For example creating one network for LAN Ethernet and LAN wireless devices Please note that when a bridge is removed its formerly underlying devices in herit the bridge s DHCP settings For example the removal of a bridge that is configured as DHCP client automatically configures the LAN devices formerly constituting the bridge as DHCP clients with the exact DHCP client configura tion LAN BRIDGE gt gt GENERAL To view and edit the LAN bridge connection settings click the LAN Bridge link in the Network Connections screen The LAN Bridge Properties screen will appear displaying a detailed summary of the connection s parameters under the General tab These parameters can be edited in the rest of the screen s tabs as described in the following sections 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 26 HBK 939800036 A1 Network Connections Section FIGURE 2 L j 3 LAN Bridge Properties P RG F4202N LAN Bridge
61. ate Max Connections Connection List LAN IP Port PRG A42270G IP Port WAN IP Port Direction Action Number Protocol ADVANCED FILTERING raanei Advanced filtering is designed to allow comprehensive control over the Fire wall s behavior You can define specific input and output rules control the order of logically similar sets of rules and make a distinction between rules that apply to WAN and LAN devices To view Router s advanced filtering options click Advanced Filtering under the Firewall tab in the Services screen The Advanced Filtering screen will ap pear This screen is divided into two identical sections one for Input Rule Sets and the other for Output Rule Sets which are for configuring inbound and outbound traffic respectively Each section is comprised of subsets which can be grouped into three main subjects e Initial rules rules defined here will be applied first on all gateway devices e Network devices rules rules can be defined per each gateway device e Final rules rules defined here will be applied last on all gateway devices The order of the rules appearance represents both the order in which they were defined and the sequence by which they will be applied You may change this order after your rules are already defined without having to delete and then re add them by using the Move Up and Move Down action icons 2010 Pirelli Broadband Solutions S p A All Rights R
62. ating System Also using DHCP means that the same IP address and subnet mask will never be duplicated for devices on the network DHCP is particularly useful for networks with large numbers of users on them Static Addressing You must enter an IP Address and the subnet mask manually on every device Using a static IP and subnet mask means the address is permanently fixed Auto IP Addressing Network devices use automatic IP addressing if they are configured to acquire an address using DHCP but are unable to contact a DHCP server Automatic IP addressing is a scheme where devices allocate them selves an IP address at random from the industry standard subnet of 169 254 x x with a subnet mask of 255 255 0 0 If two devices allocate themselves the same address the conflict is detected and one of the devices allocates itself a new address Automatic IP addressing support was introduced by Microsoft in the Windows 98 operating system and is also supported in Windows 2000 and Windows XP 142 HBK 939800036 A1 Technical Specifications This section lists the technical specifications for the P RG F4202N Interfaces Standard WAN Interface N 1 Line port Optical connector supporting the following standards SC PC Connector Compliant to IEEE 802 3ah 2004 Operating data rates 100 Mbps Fiber single mode 9 125um single fiber Bidirectional A 1310nm Transmitter and 1550nm Receiver ITU T G 652 or and ITU T G 657 Lase
63. b categories Note that clicking the minus sign of a category will only be possible if all its sub categories are either checked or unchecked You can also manually specify a list of Web sites and a list of URL key words in the provided text fields to which you can either block or allow ac cess using the corresponding drop down menu Click OK to save the settings Once you have created different filtering policies you can either define a default policy that will be applied to all of your LAN computers or apply different poli cies to individual computers separately LAN Filtering Policy To select a default filtering policy for the LAN select the policy name from the Default Filtering Policy drop down menu located in the Filtering Policy screen and click Apply PC Filtering Policy To apply separate policies to individual home com puters perform the following 1 In the Filtering Policy screen see Figure 7 318 click the Add a LAN Computer link 2 Enter the name or IP address of the LAN computer to which you wish to apply a policy 3 Select the policy you wish to apply in the Policy drop down menu 4 By default the rule will always be active However you can configure scheduler rules by selecting User Defined in order to define time seg ments during which the rule may be active After more than one sched uler rule is defined the Schedule drop down menu will allow you t
64. band Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 91 SOLUTIONS P RG F4202N Start Date and time when daylight saving starts End Date and time when daylight saving ends Offset Daylight saving time offset If you want the gateway to perform an automatic time update perform the following Select the Enabled check box under the Automatic Time Update section Select the protocol to be used to perform the time update by selecting wither the Time of Day or Network Time Protocol radio button Specify how often to perform the update in the Update Every field You can define time server addresses by pressing the New Entry link on the bottom of the Automatic Time Update section 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 92 HBK 939800036 A 1 Advanced Section gt D m m 00 02 40 0 ZZ 00 P RG F4202N FIGURE 11 Date and Time Panel Date and Time Localization Local Time Jani 2008 00 24 35 Time Zone GMT GMT 00 00 w Daylight Saving Time Enabled Start Time Mar 28 End Time Oct 28 w Offset Minutes Automatic Time Update Enabled Time Of Day TOD Protocol Network Time Protocol NTP Update Every Hours Sync Now Time Server Waiting for response from server Press the Refre
65. be accessed from the home network and what types of services available in the home network may be accessed from the Internet Each request for a service that the firewall receives whether originating in the Internet or from a computer in the home network is checked against the set of firewall rules to determine whether the request should be allowed to pass through the firewall If the re quest is permitted to pass then all subsequent data associated with this request a session will also be allowed to pass regardless of its direction For example when you point your Web browser to a Web page on the Internet a request is sent out to the Internet for this page When the request reaches the Router the firewall will identify the request type and origin HTTP and a specific PC in your home network in this case Unless you have configured access con trol to block requests of this type from this computer the firewall will allow this request to pass out onto the Internet When the Web page is returned from the Web server the firewall will associate it with this session and allow it to pass regardless of whether HTTP access from the Internet to the home network is blocked or permitted The important thing to note here is that it is the origin of the request not subse quent responses to this request that determines whether a session can be es tablished or not You may choose from among three pre defined security levels for the Router Minim
66. case of the unit e tis out of direct sunlight and away from sources of heat e The cabling is away from power lines fluorescent lighting fixtures and sources of electrical noise such as radios transmitters and broadband am plifiers e It is centrally located with respect to the wireless devices that will be con nected to the Router A suitable location might be on top of a high shelf to ensure the maximum coverage for all connected devices 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Hardware Installation HBK 939800036 A1 9 POWERING UP THE ROUTER CONNECTING THE ROUTER P RG F4202N To power up the Router 1 Plug the power adapter into the power adapter port located on the rear of the Router 2 Plug the power adapter into a standard electrical wall socket 3 Press the Power button located on the side of the Router 4 Wait for the power LED to turn steady white The first step to install the router is to physically connect it to the fiber line and then to connect it to a computer by means of an Ethernet connection To connect the fiber cable 1 Connect one end of the fiber cable into the fiber port located on the rear panel of the Router 2 Connect the other end of the fiber cable into the fiber socket To connect the Ethernet cable 1 Connect one end of the Ethernet cable into one of the four Ethernet ports on the rear of the Router
67. cessing the public network High Priority Host Low Priority Host Other Note Choosing a new QoS profile will cause all previous configuration settings to be lost TRAFFIC PRIORITY Traffic Priority allows you to manage and avoid traffic congestion by defining in bound and outbound priority rules for each device on your gateway These rules 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 72 HBK 939800036 A1 QoS Section P RG F4202N determine the priority that packets traveling through the device will receive QoS parameters DSCP marking and packet priority are set per packet on an application basis You can set QoS parameters using flexible rules according to the following pa rameters e Source destination IP address MAC address or host name e Device Source destination ports Limit the rule for specific days and hours The Router supports two priority marking methods for packet prioritization e DSCP e 802 1p Priority The matching of packets by rules is connection based known as Stateful Packet Inspection SPI Once a packet matches a rule all subsequent packets with the same attributes receive the same QoS parameters both inbound and outbound A packet can match more than one rule Therefore e The first class rule has precedence over all other class rules Scanning is stopped once the first rule is reached e The fir
68. connectivity LINE SETTINGS The Line Settings tab of the VoIP screen defines the phone ports of the Router and allows you to configure them 1 Click the Voice Over IP side bar icon 2 Click the Line Settings tab the following screen will appear Before starting to make phone calls you need to configure each line s parameters You can manage which telephone is operational by marking the check box next to it 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Voice over IP Section HBK 939800036 A1 58 gt D m m 00 02 40 0 0 gt ZZ 00 P RG F4202N FIGURE 1 Line Settings Panel Line Settings Line User ID Display Name Status 1 oooo0000001 Line 1 Registration disabled 2 oooo000002 Line 2 Registration disabled 3 Click the edit action icon of each line to configure its different parameters SPEED DIAL You can assign speed dial numbers to parties you frequently call A speed dial entry must specify a destination which may be of one of three types proxy local line or direct call FIGURE 2 Speed Dial Panel Speed Dial IP Address or Host Name 2 O00000001 Line 1 Local Line New Entry Speed Dial via Proxy To add a new proxy speed dial entry 1 Click the Speed Dial tab 2 Click the New Entry link to add a new speed dial entry The Speed Dial Set tings screen will appear 3 Enter the following parameters
69. consisted of at least two disks Please note that the backup is done at the directory level meaning that it is not possible to backup a single stand alone file To backup your data 1 Access the Backup settings either from its link in the Advanced tab under the Services screen or by clicking the Backup and Restore icon in the Ad vanced screen The Backup and Restore screen will appear 2 Click the New Entry link in the Backup Schedule section In the Edit Backup screen that appears configure the following parameters a Type the source to backup For example A homes b Type the destination of the backup files For example B backups It is recommended that the destination be an external storage device c Choose between full backup incremental backup or both by scheduling 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 84 HBK 939800036 A1 Advanced Section fiReLu B R D BAND S5 TION S P RG F4202N a time for the backup operation You can choose between daily weekly or monthly backups in the Schedule combo boxes 4 Press OK to save the schedule settings Press Backup Now to run the backup operation immediately When backing up the screen will display the status and progress of the operation FIGURE 3 Backup Panel Backup Status Full Backup Done Source i Archive File 2003 Jan_01_01_51_01 f
70. cs such as the G 711 Silence Suppression The Silence Suppression feature allows optimization to be made when no speech is detected With this feature enabled the Router is able to detect the absence of audio and conserve bandwidth by preventing the transmission of silent packets over the network Echo Cancellation Echo Cancellation is the elimination of reflected signals echoes made noticeable by delay in the network his also improves the band width of the line When the delay of a voice call exceeds acceptable limits the router will protect the far end from receiving any echo generated at the local end and sent back through the network 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Voice over IP Section HBK 939800036 A1 63 Parental Control section This chapter will describe the Parental Control accessible from the Home Page of the P RG F4202N The abundance of harmful information on the Internet is posing a serious chal lenge for employers and parents alike How can regulate what my em ployee child does on the net Discus Web filtering allows parents and employ ers to regulate control and monitor Internet access By classifying and catego rizing online content it is possible to create numerous Internet access policies and easily apply them to your home network computers As a result you may keep your children from harm s way by limitin
71. ctions 134 HBK 939800036 A1 System Monitoring Section Troubleshooting BASIC CONNECTION CHECKS BROWSING TO THE ROUTER CONFIGURATION SCREENS Check that the Router is connected to your computers and to the fiber line and that all the equipment is powered on Check that the LAN Status ac cording to your connection type and WAN LEDs on the Router are illumi nated and that any corresponding LEDs on the NIC are also illuminated Ensure that the computers have completed their start up procedure and are ready for use Some network interfaces may not be correctly initialized until the start up procedure has completed If the link status LED does not illuminate for a port that is connected check that you do not have a faulty cable Try a different cable If you have connected your Router and computers together but cannot browse to the Router configuration screens check the following Confirm that the physical connection between your computer and the Router is OK and that the LAN Status LEDs on the Router and NIC are illuminated some NICs do not have status LEDs in which case a diagnostic program may be available that can give you this information Ensure that you have configured your computer as described in Setting Up Your Computer on page 19 Restart your computer while it is connected to the Router to ensure that your computer receives an IP address When entering the address of the Router into your web browser
72. d option the Edit Network Object screen will appear Specifying an address is done by creating a Network Object 4 The Protocol combo box lets you select or specify the type of protocol that will be used Selecting the Show All Services option will expand the list of available protocols Select a protocol or add a new one using the User De fined option This will commence a sequence that will add a new service representing the protocol 5 Select the Reply an HTML page to the blocked client check box to display the following message to the client Access Denied this computer is not al lowed to surf the WAN Please contact your admin When this check box is unselected the client s packets will simply be ignored and he she will not re ceive any notification 6 The Schedule combo box allows you to define the time period during which this rule will take effect By default the rule will always be active However you can configure scheduled rules by selecting User Defined 7 Click the OK button to save your changes The Access Control screen will display a summary of the rule that you just added In its default state P RG F4202N blocks all external users from connecting to or communicating with your network Therefore the system is safe from hackers who may try to intrude on the net work and damage it However you may want to expose your network to the Internet in certain limited and contro
73. e Check Now and Force Upgrade buttons indicating whether a new version is available or not If a new version is available Press the Force Upgrade button A download process will begin When downloading is completed a confirmation screen will appear asking you if you want to upgrade to the new version Click OK to confirm The upgrade process will begin and should take no longer than one minute to complete At the conclusion of the upgrade process the Router will automatically reboot The new software version will run maintaining your custom configurations and settings If a new version is not available press the Check Now button to perform an immediate check instead of waiting for the next scheduled one The screen will display a green Check in progress message FIGURE 22 P RG F4202N Firmware Upgrade Panel Current Version 4 6 3 0WVV_5 0 0 2701 Upgrade From the Internet Automatically Check for New Versions and Upgrade PRGAV4202N s Check every 24 hours at URL Next check scheduled in 22 05 hours Status An unexpected error has occurred during the download process Internet Version No new version available Upgrade From a Computer in the Network Select an updated PRGAV4202N firmware file from a computer s hard drive or CD on the network Upgrade Now Press the Refresh button to update the status 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use P
74. e default values no parameter modification is necessary FIGURE 11 Device Name Status Schedule Network Connection Type Physical Address MTU LAN Wireless 802 11n Access Point gt gt Settings Panel wilt Connected Always wt LAN ae 502 E aa E E 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Network Connections Section HBK 939800036 A1 37 LAN WIRELESS 802 11N ACCESS POINT gt gt WIRELESS P RG F4202N Schedule By default the connection will always be active However you can configure scheduler rules in order to define time segments during which the connection may be active Once a scheduler rule s is defined this field changes to a combo box allowing you to choose between the available rules Network Select whether the parameters you are configuring relate to a WAN LAN or DMZ connection by selecting the connection type from the combo box Physical Address The physical address of the network card used for your network Some cards allow you to change this address MTU MTU is the Maximum Transmission Unit It specifies the largest packet size permitted for Internet transmission In the default setting Automatic the gateway selects the best MTU for your Internet connection Select Automatic by DHCP to have the DHCP determine the MTU In case you select Manual it is recommended to enter a value in the 12
75. e rule s conditions which are the LAN computer s parameters to be matched Operation Set rule priority with Quality of Service 3 Click OK to save the settings Traffic Shaping is the solution for managing and avoiding congestion where a high speed LAN meets limited broadband bandwidth A user may have for ex ample a 100 Mbps Ethernet LAN with a 100 Mbps WAN interface router The router may communicate with the ISP using a modem with a bandwidth of 2Mbps This typical configuration makes the modem having no QoS module the bottleneck The router sends traffic as fast as it is received while its well designed QoS algorithms are left unused Traffic shaping limits the bandwidth of the router artificially forcing the router to be the bottleneck A traffic shaper is essentially a regulated queue that accepts uneven and or bursty flows of packets and transmits them in a steady predictable stream so that the network is not overwhelmed with traffic While Traffic Priority allows basic prioritization of packets Traffic Shaping pro vides more sophisticated definitions Such are e Bandwidth limit for each device e Bandwidth limit for classes of rules e Prioritization policy e TCP serialization on a device Additionally you can define QoS traffic shaping rules for a default device These rules will be used on a device that has no definitions of its own This en ables the definition of QoS rules on Default WAN for example and th
76. ecurity Log Buffer Size Remote Security Notify Level 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 122 HBK 939800036 A1 Advanced Section P RG F4202N UMTS P RG F4202N allows you to navigate using a 3G sim card you can create a new APN profile where you should fill in the information provided by your ser vice provider APN Tel User Name Password and Protocol You can also en able an automatic connection to be able to automatically connect with your UMTS according to pre defined rules FIGURE 36 UMTS Panel UMTS Status Modem not available Automatic connection APN management Profile APN Tel New Entry qP UNIVERSAL PLUG AND PLAY Universal Plug and Play is a networking architecture that provides compatibility among networking equipment software and peripherals UPnP enabled prod ucts can seamlessly connect and communicate with other Universal Plug and Play enabled devices without the need for user configuration centralized serv ers or product specific device drivers If your computer is running an operating system that supports UPnP such as Windows XP you can add the computer to your home network and access the Web based Management directly from within Windows 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 123 P R
77. ed Check or un check this box to enable or disable this feature System Data The the name of the partition intended to hold the system data User Data The the name of the partition intended to hold the user data Disks This section displays a table with your connected storage devices The Device column displays the names the Router grants connected devices Click this link to view the device s Disk Information screen If a device is partitioned 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 95 a eee P RG F4202N the Partitions column will display its partition names If the partitions are for matted their name will include a letter RAID Devices This section displays the RAID devices when configured FTP SERVER Discus can operate as a File Transfer Protocol FTP server allowing users and guests to access its internal disks to easily but securely exchange files Dis cus FTP access consists of two levels e User Access Registered users can access predefined directories which are protected by their username and password e Anonymous Access Guests can access predefined public directories This fea ture allows you FIGURE 14 FTP Server Panel FIP Server Enabled Allow WAN Access Idle Timeout Clients User s Directory 300 Seconds Welcome Message FILE SERVER The Rou
78. ed connection data P RG F4202N constantly monitors traffic within the local network and between the local network and the Internet You can view statistical information about data received from and transmitted to the Internet WAN and to computers in the local network LAN Click the Refresh button to update the display or press the Automatic Refresh On button to constantly update the displayed parameters 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions System Monitoring Section HBK 939800036 A1 131 49 9 00 a r c gt W mM D F zz m 00 P RG F4202N FIGURE 1 Network Connections Panel Network Connections cones EE LAN Wireless LAN Wireless LAN Wireless LAN Wireless LAN USB Extenders Access Extenders Access Extenders Access Extenders Access Point Point Virtual AP Point Virtual AP 2 Point Virtual AP 3 Device Name brO bem_atm0 bem1 wld usbO wlext0 wlextL wlext2 wlext3 Status Connected Up 1 Ports Connected Connected Disconnected Disconnected Disconnected Disconnected Disconnected Network LAN WAN LAN LAN LAN LAN LAN LAN LAN LAN Hardware Ethernet Switch DAN Hardware LAN Wireless LAN Wireless LAN Wireless LAN USB Ethernet Switch Extenders Access Extenders Access Extenders Access LAN Wireless 802 119 Point Point Point Access Point LAN Hardware LAN Wireless 802 11g Name LAN Bridge WAN DSL Ethernet Switch Access Point
79. eed to be configured correctly for this to take place To change the configuration of your computers to allow this follow the instructions in this chapter In case you already established a connection with your Router a first time and or you do need to set up manually a connection to your Router please fol low the instructions described in this chapter You will be guided to set up an Ethernet connection to the Router To do so first you have to verify the exis tence of a TCP IP protocol stack and then according to your Operating Sys tem to establish an Ethernet connection to it This connection will require you to enable your computer to receive from the Router its own IP Address automati cally in such a case the Router acts like the DHCP server in your local net work This procedure requires the TCP IP protocol installed on your computer Refer to the following chapters and to your Microsoft Windows or Apple MacOS 10 x operating systems manuals Microsoft Windows 98SE ME 2000 1 Putin the CD ROM drive your Windows installation CD ROM 2 Starting from Start gt Settings gt Control Panel gt Network Control Panel make a double click on the Network icon 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Setting Up Your Computer HBK 939800036 A1 12 ETHERNET CONNECTION gt gt MS WINDOWS 98SE ME 2000 P RG F4202N 3 Select Confi
80. eer 151 HTTP Warning CGI home httpd html index cgi returned 1 LibJutil Warning estream Cannot read from fd 43 Connection reset by peer 131 IGMP Information Removing multicast group 239 255 255 250 from device br port 0 IGMP Information Adding multicast group 239 255 255 250 to device br port 0 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 119 SYSTEM SETTINGS P RG F4202N The System Settings screen allows you to configure various system and man agement parameters System Configures general system parameters Discus s Hostname Specify the gateway s host name The host name is the gateway s URL address Local Domain Specify your network s local domain Discus Management Console Configure Web based management settings Automatic Refresh of System Monitoring Web Pages Select this check box to enable the automatic refresh of system monitoring web pages Warn User Before Network Configuration Changes Select this check box to activate user warnings before network configuration changes take effect Session Lifetime The duration of idle time in seconds in which the WBM session will remain active When this duration times out the user will have to re login Language Select a different language for the WBM interface Management Application Ports Configure the following management applica tion
81. eir main tenance even if the PPP or bridge device over the WAN is removed 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions QoS Section HBK 939800036 A1 15 P RG F4202N FIGURE 3 Traffic Shaping Panel Traffic Shaping Tx Bandwidth Kbits s Rx Bandwidth Kbits s TCP Serialization LAN Bridge 97656 97656 New Entry LOK Apply Cancel DSCP SETTINGS In order to understand what is Differentiated Services Code Point DSCP one must first be familiarized with the Differentiated Services model Differentiated Services Diffserv is a Class of Service CoS model that en hances best effort Internet services by differentiating traffic by users service requirements and other criteria Packets are specifically marked allowing net work nodes to provide different levels of service as appropriate for voice calls video playback or other delay sensitive applications via priority queuing or bandwidth allocation or by choosing dedicated routes for specific traffic flows 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 76 HBK 939800036 A1 QoS Section P RG F4202N Diffserv defines a field in IP packet headers referred to as DSCP Hosts or routers passing traffic to a Diffserv enabled network will typically mark each transmitted packet with an appropriate DSCP The DSCP mar
82. elf Signed Certificate Certificate Authority CA Store This store contains a list of the trusted certifi cate authorities which is used to check certificates presented by the Router cli ents FIGURE 6 Certificates gt gt CA s Panel Issuer Thawte Premium C 2A ST Western Cape L Cape Town O Thawte Consulting cc OU Certification Services Server CA Division CN Thawte Premium Server CA emailAddress premium server thawte com Upload Certificate CONFIGURATION FILE This feature is intended to provide the whole configuration of the P RG F4202N in only one step You are asked only to locate the file and begin the configura tion file loading process The configuration file is a script containing all the pa rameters you want to change and it is an alternative to the manually step by step change of the same parameters performed by means of the web screen shots 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 87 P RG F4202N FIGURE 7 Configuration File Configuration File rg conf dev brd itype bridge logical network 2 is_sync 1 enabled 1 enslaved bcm stp 1 l usb stp 1 l wld stp i l br stp 1 l route level 1 metric 4 mtu mode 1 i Gose Load Configuration File Save Configuration File DDNS The Dynamic DNS D
83. enables home SOHO users to define authorized wireless users without the need for an external RADIUS server To view and edit the LAN Wireless connection settings click the LAN Wireless 802 11n Access Point link in the Network Connections screen The LAN Wire less 802 11n Access Point Properties screen will appear displaying a detailed summary of the connection s parameters under the General tab These pa rameters can be edited in the rest of the screen s tabs as described in the fol lowing sections 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 36 HBK 939800036 A1 Network Connections Section FIGURE 10 P RG F4202N LAN Wireless 802 11n Access Point gt gt General Panel D LAN Wireless 802 11n Access Point Properties i Name Device Name Status Network Connection Type MAC Address IP Address Distribution Encryption Received Packets Sent Packets Time Span LAN WIRELESS 802 11N ACCESS POINT gt gt SETTINGS LAN Wireless 3027 11n Access Point wl Connected LAN Wireless 802 11n Access Point 00 23 8e ef 19 e7 Disabled Disabled 0 0 Orde 28 Apply Cancel General This section displays the connection s general parameters It is re commended not to change the default values unless familiar with the network ing concepts they represent Since your gateway is configured to operate with th
84. ence Suppression Enable Comfort Noise Echo Cancellation Enable Echo Cancellation 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 62 HBK 939800036 A1 Voice over IP Section P RG F4202N Signaling Protocol The signaling protocol options available in the combo box are determined by the VoIP stack on your gateway A different subset of parameters will become visible with each of the combo box choices To apply the change of protocol you must press either OK or Apply If the applied protocol is of another stack the Router will reboot after you accept the reboot warning RTP Local RTP Port Range defines the port range for Real Time Protocol RTP voice transport Quality of Service Type of Service HEX This is a part of the IP header that defines the type of routing service to be used to tag outgoing voice packets originated from the Router It is used to tell routers along the way that this packet should get specific QoS Leave this value as OXB8 default if you are unfamiliar with the differentiated Services IP protocol parameter Codecs Codecs define the method of relaying voice data Different codecs have different characteristics such as data compression and voice quality For example G 723 is a codec that uses compression so it is good for use where bandwidth is limited but its voice quality is not as good compared to other co de
85. ent tow bow fhe appeoa F pethrge eh Cobia an F ect more aba O Lige ae boig E mhii E Ohta DHS pener adien shiwusir alk Gi Ung the bolera DNS piver widere Piefeeed DHG ereer berse DA pre 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Setting Up Your Computer HBK 939800036 A1 15 P RG F4202N ETHERNET CONNECTION gt gt WINDOWS VISTA To configure TCP IP on MS Windows Vista Operating System follow these steps 4 Starting from Start gt Settings gt Control Panel gt make a double click on the Network and Sharing Center icon 5 Select Manage Network Connections gt make a click on the connection gt properties FIGURE 5 Local Area Connection Properties Windows Vista ee i Local Area Connection 2 Properties Connect using a Realtek RTL8169 8110 Family PCI Gigabit Ethemet NIC Configure This connection uses the following Rems V Client for Microsoft Networks v A QoS Packet Scheduler vj l File and Printer Sharing for Mictosolt Networks M Intemet Protocol Version 6 TCPAP v6 VEES Intemet Protocol Version 4 TCPAP 4 M Link Layer Topology Discovery Mapper 1 0 Driver v Link Layer Topology Discovery Responder Install Irirstall l Properties Description Transmission Control Protocol Internet Protocol The default wide area network protocol that pr
86. er for a device attached to a network using TCP IP The address is written as four octets separated with periods full stops and is made up of a network section an optional subnet section and a host section ISP Internet Service Provider An ISP is a business that provides connectivity to the Internet for individuals and other businesses or organizations LAN Local Area Network A network of end stations such as PCs printers servers and network devices hubs and switches that cover a relatively small geographic area usually not larger than a floor or building LANs are characterized by high transmission speeds over short distances up to 1000 metres MAC Media Access Control A protocol specified by the IEEE for determining which devices have access to a network at any one time 152 HBK 939800036 A1 MAC Address Media Access Control Address Also called the hardware or physical address A layer 2 address associated with a particular network device Most devices that connect to a LAN have a MAC address assigned to them as they are used to identify other devices in a network MAC addresses are 6 bytes long Mbps Megabits per second MDI MDIX In cable wiring the concept of transmit and receive are from the perspective of the PC which is wired as a Media Dependant Interface MDI In MDI wiring a PC transmits on pins 1 and 2 At the hub switch router or access point the perspective is reversed and the hub receives
87. es LAN Ethernet Z Rules LAN Ethernet 3 Rules LAN Ethernet 4 Rules LAN Ethernet 5 Rules LAN Ethernet 6 Rules LAN Ethernet 7 Rules Entry Entry Destination Address Operation Action New Entry New Entry New Entry New Entry New Entry New Entry New Entry New Entry New Entry LAN Wireless 602 11n Access Point Rules New Entry WAN ETHoA Rules WAN PPPoE Rules New Entry New Entry To set traffic priority rules 1 2 Click Traffic Priority under the QoS tab in the Services screen The Traffic Priority screen will appear This screen is divided into two identical sections one for QoS input rules and the other for QoS output rules which are for prioritizing inbound and outbound traffic respectively Each section lists all the gateway devices on which rules can be set You can set rules on all de vices at once using the All devices entry After choosing the traffic direction and the device on which to set the rule click the appropriate New Entry link The Add Traffic Priority Rule screen will appear 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 74 HBK 939800036 A1 QoS Section TRAFFIC SHAPING P RG F4202N This screen is divided into two main sections Matching and Operation which are for defining the operation to be executed when matching conditions apply Matching Use this section to define th
88. es of heat Avoid using your Router during an electrical storm The Router generates and uses Radio Frequency RF energy In some environments the use of RF energy is not permitted The user should seek local advice on whether or not RF energy is permitted within the area of intended use HBK 939800036 A1 139 The crossed out wheeled bin symbol on this electric or electronic equipment or on its packaging indi cates that at the end of its life it must not be disposed of as unsorted household waste Instead it must be separately collected As a consumer you must therefore use the specific collection schemes and in particular the municipal collection schemes provided for waste electrical and electronic equipment The separate collection and appropriate treatment of the equipment at the time of disposal helps to con serve natural resources and to ensure that it is recycled in a manner that protects human health and the environment from materials components and substances that can be dangerous to the environment and harmful to human health Furthermore the separate collection and appropriate treatment of the equipment at the time of disposal facilitates its possible reuse or possible materials recovery 140 HBK 939800036 A1 IP Addressing The Internet Protocol Suite The Internet protocol suite consists of a well defined set of communications protocols and several standard application protocols Transmission
89. eserved Proprietary Use Pursuant to Cover Page Instructions Security Section HBK 939800036 A1 55 vis Advanced Filtering P RG F4202N There are numerous rules automatically inserted by the firewall in order to pro vide improved security and block harmful attacks To add an advanced filtering rule first choose the traffic direction and the de vice on which to set the rule Then click the appropriate New Entry link The Add Advanced Filter screen will appear this screen is divided into two main sections Matching and Operation which are for defining the operation to be executed when matching conditions apply FIGURE 9 Advanced Filtering panel See o Input Rule Sets Rule ID Source Address Initial Rules LAN Bridge Rules LAN Ethernet Rules LAN Ethernet 2 Rules LAN Ethernet 3 Rules LAN Ethernet 4 Rules LAN Ethernet 5 Rules LAN Ethernet 6 Rules LAN Ethernet 7 Rules LAN Wireless 802 11n Access Point Rules Final Rules Output Rule Sets Rule ID Source Address Initial Rules LAN Bridge Rules LAN Ethernet Rules LAN Ethernet 2 Rules LAN Ethernet 3 Rules LAN Ethernet 4 Rules LAN Ethernet 5 Rules LAN Ethernet 6 Rules LAN Ethernet 7 Rules LAN Wireless 802 11n Access Point Rules Final Rules Destination Address Match Operation Status Action Destination Address Match Operation Status Action New Entry New Entry New Entry New Entry New Entry New Entry New Entry New En
90. ession In order to submit the changes of most of device parameters you have to click the Apply button to save permanently your changes In some case a Router s reboot is required 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 20 HBK 939800036 A1 Router Configuration P RG F4202N FIGURE 1 Router s Home Page Discus Multiplay Access Gateway s Local Network 1 Computers Connected pirelli laptop 192 168 1 2 Connected 100 0 Mbps Full Duplex Disabled e om Gar Personal Domain Name Media Sharing s Disabled No Shares Sx Software Version 4 8 3 PRGF_5 0 0 2803 Upgrade System Has Been Up For 4 hours 19 minutes FIGURE 2 MAP View Page Discus Multiplay Access Gateway a pirelli laptop Idle Idle 192 168 1 2 10101010 20202020 Line 1 Line 2 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Router Configuration HBK 939800036 A1 21 P RG F4202N In the following table a list of all available network objects and related descrip tion is shown TABLE 1 Available Network Objects Map Symbol Description a It represents the Internet It represents your Fiber Wide Area Network WAN connection Click this icon to configure the WAN interface or an Ethernet Local Area Network LAN connection Click this I
91. ets within the LAN simultaneously e Automatically appends a domain name to unqualified names e Allows new domain names to be added to the database using Router s WBM e Permits a computer to have multiple host names e Permits a host name to have multiple IPs needed if a host has multiple net work cards The DNS server does not require configuration However you may wish to view the list of computers known by the DNS edit the host name or IP address of a computer on the list or manually add a new computer to the list FIGURE 10 DNS Server Panel DNS Server Host Name IP Address Source Action iway32 192 168 1 1 DHCP amp New DNS Entry oP Close To add a new entry to the list 1 Click the New DNS Entry button The DNS Entry screen will appear 2 Enter the computer s host name and IP address 3 Click OK to save the settings DATE AND TIME To configure date time and daylight savings time settings perform the following 1 Click the Date and Time icon in the Advanced screen of the Web based Management The Date amp Time settings screen will be displayed 2 Select the local time zone from the pull down menu The Router can auto matically detect daylight saving setting for selected time zones If the day light saving settings for your time zone are not automatically detected the following fields will be displayed Enabled Select this check box to enable daylight saving time 2010 Pirelli Broad
92. field Press the Go button A traceroute will commence constantly refreshing the screen 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 94 HBK 939800036 A1 Advanced Section P RG F4202N 4 To stop the trace and view the results press Cancel DISK MANAGEMENT P RG F4202N can operate as a disk manager for external storage devices connected via USB or FireWire Your home network s LAN devices can share this storage device as a mapped network drive and exchange information with out directly accessing each other The Web based management provides disk management utilities such as partitioning and formatting An internal disk or a connected storage device will appear on the network map You can view information about the disk by clicking its icon The Disk Informa tion screen will appear For a broader view click the Shared Storage link from the Local Network tab of the Web based management The Disk Management screen will appear FIGURE 13 Disk Management Panel gt Disk Management Enabled Status No Disks Connected System Storage Area The system storage disk is not connected mounted and formatted Advanced web VoIP and mail services are disabled Automatically Create System Storage Area Status Disks Device Description Type Size Partitions Press the Refresh button to update the status Enabl
93. g Advanced Internet Connection Firewall E Enabled Additional IP Addresses IP Address Subnet Mask Action New IP Address dja OK Apply Cancel Additional IP Addresses You can add alias names additional IP addresses to the gateway by clicking the New IP Address link This enables you to access the gateway using these aliases in addition to the 192 168 1 1 LAN ETHERNET A LAN Ethernet connection connects computers to the Router using Ethernet cables LAN ETHERNET gt gt GENERAL To view and edit the LAN Ethernet connection settings click the LAN Ethernet link in the Network Connections screen The LAN Ethernet Properties screen will appear displaying a detailed summary of the connection s parameters un der the General tab These parameters can be edited in the rest of the screen s tabs as described in the following sections 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Network Connections Section HBK 939800036 A1 33 FIGURE 7 x EN LAN Ethernet Properties P RG F4202N LAN Ethernet gt gt General Panel Device Name Status Network Connection Type Download Rate Upload Rate MAC Address IP Address Distribution Received Packets Sent Packets Time Span LAN ETHERNET gt gt SETTINGS LAN Ethernet bcmsw Connected LAN Ethernet 100 Mbps 100
94. g access to adult and violent mate rial or increase employee productivity by regulating access to non work related Internet content To effectively filter Web content one must first have a good idea of the kind of information that is available on the Internet It is necessary to formulate a land scape of the accessible content categorize and classify themes and subjects that may be considered inappropriate Discus Parental Control categorization methodology provides an easy and straightforward method for fine grained content filtering The Parental Control module is constantly updated with URL based information classified according to the following categories e Child protection e Recreation and Entertainment e Personal business 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Parental Control Section HBK 939800036 A1 64 P RG F4202N Bandwidth control Advertisements Chat Remote Proxies and Hosting Sites possibly untrusted sources Other Each category can be expanded into subcategories for better content control For instance the Recreation and Entertainment category is comprised of sub categories such as GENERAL OVERVIEW Arts and Entertainment Education Games Hobbies and Recreation Discus Parental Control service is provided by Surf Control a company spe cializing in Internet content filtering Therefore you must s
95. guration gt TCP IP and then click on the Add button 4 Select Protocols click on Add button and choose Microsoft TCP IP Then click on the OK button 5 After the computer reboots you re ready to configure the TCP IP settings Configure the Network adapter to obtain automatically an IP address Microsoft Windows XP 1 Put in the CD ROM drive your Windows installation CD ROM 2 Starting from Start gt Settings gt Control Panel make a double click on the Network icon 3 Select Protocol and click on the Add button Select Microsoft and TCP IP then click on the OK button 4 Configure the Network adapter to obtain automatically an IP address Apple MacOS 10 x TCP IP is installed on a MacOS system as part of Open Transport To configure TCP IP on these Operating Systems follow these steps 1 Select Start gt Settings gt Control Panel and make a double click on the Network icon 2 Select Configuration gt TCP IP then click on Properties button FIGURE 1 Local Area Connection Properties 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Setting Up Your Computer HBK 939800036 A1 13 o g m m 00 0J 40 0 ZZ 0 P RG F4202N loca Ares Connection Properties 3 Select the P Address Tab then check to obtain an automatically IP address Click on OK button FIGURE 2 Internet Protocol TCP IP Properties Interne
96. hernet CAT5 cable with RJ 45 plug 4 A CD ROM containing the User Manual 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Introduction HBK 939800036 A1 3 P RG F4202N TABLE 1 Kit Material Quantity DESCRIPTION 1 P RG F4202N 1 Switching Power Supplier Adapter 1 Ethernet Cable 1 CD ROM O If any of the items included in the package is damaged please contact your Service Provider It implements an Optical Fiber WAN connection as well as several local con nectivity technologies on the LAN side e Four switched 10 100 Base TX Ethernet ports e Two USB 2 0 Host port for external USB peripherals e One IEEE 802 11b g n Wireless LAN access point e Two FXS ports to analog phones FIGURE 1 shows a sample network while in Figure 2 an existing SIP account case is shown your Router becomes your connection to the Internet Connec tions can be made directly to the Router expanding the number of computers you can have in your network 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions HBK 939800036 A1 Introduction P RG F4202N FIGURE1 Sample Home Network Internet FIBER Socket USB ETH Phone Wiring Wireless PC FIGURE 2 Sample Home Network existing SIP account case Internet i FIBER OARS Socket LIK S FXS mE FS em USB ETH
97. ices Telnet FTP HTTP HTTPS DNS IMAP POP3 and SMTP Typical Security Inbound Policy Reject Remote Administration settings will override the security inbound policy Outbound Policy Accept Minimum Security Inbound Policy Accept Outbound Policy Accept 7 Block IP Fragments OK Apply Cancel 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 46 HBK 939800036 A1 Security Section P RG F4202N ACCESS CONTROL You may want to block specific computers within the home network or even the whole network from accessing certain services on the Internet For example you may want to prohibit one computer from surfing the Web another computer from transferring files using FTP and the whole network from receiving incom ing e mail Access Control defines restrictions on the types of requests that may pass from the home network out to the Internet and thus may block traffic flowing in both directions It can also be used for allowing specific services when maximum se curity is configured In the e mail example given above you may prevent com puters in the home network from receiving e mail by blocking their outgoing re quests to POP3 servers on the Internet There are numerous services you should consider blocking such as popular game and file sharing servers For example if you want to make sure that your employees do not put you
98. ill switch automatically depending on range and environ ment 802 11g The IEEE specification for wireless Ethernet which allows speeds of up to 54 Mbps The standard provides for 6 12 24 36 48 and 54 Mbps data rates The rates will switch automatically depending on range and en vironment 802 11n The IEEE specification for wireless Ethernet which allows speeds of up to 100 Mbps 10BASE T The IEEE specification for 10 Mbps Ethernet over Category 3 4 or 5 twisted pair cable 100BASE TX The IEEE specification for 100 Mbps Fast Ethernet over Category 5 twisted pair cable Access Point An Access Point is a device through which wireless clients connect to other wireless clients and which acts as a bridge between wireless clients and a wired network such as Ethernet Wireless clients can be moved anywhere within the coverage area of the access point and still connect with each other If connected to an Ethernet network the access point monitors Ethernet traffic and forwards appropriate Ethernet messages to the wireless network while also monitoring wireless client radio traffic and forwarding wireless client mes sages to the Ethernet LAN Ad Hoc mode Ad Hoc mode is a configuration supported by most wireless clients It is used to connect a peer to peer net work together without the use of an access point It offers lower performance than infrastructure mode which is the mode the router uses see also Infrastructure mode Auto
99. iority marking method is a standard for prioritizing network traffic at the data link Mac sub layer 802 1p traffic is simply classified and sent to the destination with no bandwidth reservations established The 802 1p header includes a 3 bit prioritization field which allows packets to be grouped into eight levels of priority P RG F4202N maps these eight levels to three main priorities high medium and low By default values six and seven are mapped to high priority which may be assigned to network critical traffic Values four and five are mapped to medium priority which may be applied to delay sensitive applications such as interactive video and voice Values three to zero are mapped to low priority which may range from controlled load appli cations down to loss eligible traffic The zero value is normally used for best effort traffic It is the default value for traffic with unassigned priority 1 Click 802 1p Settings under the QoS tab in the Services screen The fol lowing screen will appear 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 78 HBK 939800036 A1 QoS Section 00 02 40 0 0 gt ZZ 00 gt D m m P RG F4202N 2 The eight 802 1p values are pre configured with the three priority levels high medium and low You can change these levels for each of the eight values in their respective combo box 3 Click OK to
100. ir or der of posting by the system newest on top You can sort the messages ac cording to the column titles Time Component or Severity This screen also enables you to filter the log messages by the component that generated them or by their severity providing a more refined list This ability is useful mainly for software developers debugging Discus By default the screen displays log messages with debug severity level and higher for all components You may change the severity level for this filter To add a new filter click the New Filter link or its corresponding icon The screen refreshes Using the drop down lists select the component and severity level by which to sort the log messages Click Apply Filters to display the messages in your specified criteria You can add more filters in the same way or delete filters us ing their respective action icons Defined filters override the default filter that displays all messages FIGURE 34 System Log Panel Press the Refresh button to update the data Component All New Filter Time Jan 1 02 24 11 2003 Jan 1 02 21 06 2003 Jan 1 01 00 58 2003 Jan 1 01 00 45 2003 Jan 1 01 00 29 2003 Jan 1 01 00 29 2005 Severity Action Information Apply Filters aP Reset Filters Component Severity Details LibJutil Warning estream Cannot read from fd 48 Connection reset by peer 131 LibJutil Warning estream Cannot read from fd 44 Connection reset by p
101. is group is responsible for the development of the SNMP pro tocol IGMP The Internet Group Management Protocol IGMP is an Internet protocol that provides a way for an Internet computer to report its multicast group membership to adjacent routers Multicasting allows one computer on the Internet to send content to multiple other computers that have identified themselves as interested in re ceiving the originating computer s content Multicasting can be used for such applications as updating the address books of mobile computer users in the field sending out company newsletters to a distribution list and broadcasting high bandwidth programs of streaming media to an audience that has tuned in by setting up a multicast group membership Infrastructure mode Infrastructure mode is the wireless configuration supported by the Router You will need to ensure all of your clients are set up to use infrastructure mode in order for them to communicate with the Access Point built into your Router see also Ad Hoc mode IP Internet Protocol IP is a layer 3 network protocol that is the standard for sending data through a network IP is part of the TCP IP set of protocols that describe the routing of packets to addressed devices An IP ad dress consists of 32 bits divided into two or three fields a network number and a host number or a network number a subnet number and a host number IP Address Internet Protocol Address A unique identifi
102. ite nar Connections Restrictions MAT Connections Restrict access from the LAN to websites Local Host Local Address Restricted Website Restricted IP Address Status Action Mi mark home mark home Unresolved www restrictedsite com www restrictedsite com Unresolved Resolving wW z New Entry qP NAT Press the Refresh button to update the data Ok Apply Cancel Resolve Now Refresh To block access to a web site 1 Click the Web Site Restrictions tab in the Security management screen 2 Click the New Entry link The Restricted Web Site screen will appear 3 Enter the web site address IP address or URL that you would like to make inaccessible from your home network all Web pages within the site will also be blocked If the web site address has multiple IP addresses the Router will resolve all additional addresses and automatically add them to the re strictions table 4 The Local Host combo box provides you the ability to specify the computer or group of computers for which you would like to apply the web site restric tion You can select between any a specific computer in your LAN or User Defined If you choose the User Defined option the Edit Network Object screen will appear Specifying an address is done by creating a Network Object 5 The Schedule combo box allows you to define the time period during which this rule will take effect By default the ru
103. its software image without losing any of your custom configurations and settings There are two methods for upgrading the software image 1 Upgrading from a local computer use a software image file pre downloaded to your PC s disk drive or located on the accompanying evaluation CD 2 Upgrading from the Internet also referred to as Remote Update use this method to upgrade your Firmware by remotely downloading an updated software image file Upgrading From a Local Computer To upgrade the router s software image using a locally available rmt file ac cess this feature either from the Maintenance tab under the System screen or by clicking its icon in the Advanced screen The Firmware Upgrade screen will appear Remote Update 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 104 HBK 939800036 A1 Advanced Section P RG F4202N It helps you keep your software image up to date by performing routine daily checks for newer software versions as well as letting you perform manual checks To view the automatic check utility s settings and last check result click the Firmware Upgrade icon from the Advanced screen The Firmware Upgrade screen will appear In the Upgrade From the Internet section you can select the utility s checking method and interval The result of the last performed check is displayed by the line between th
104. kings are used by Diffserv network routers to appropriately classify packets and to apply particular queue handling or scheduling behavior P RG F4202N provides a table of predefined DSCP values which are mapped to 802 1p priority marking method You can edit or delete any of the existing DSCP setting as well as add new entries 1 Click DSCP Settings under the QoS tab in the Services screen The follow ing screen will appear To edit an existing entry click its Edit action icon To add a new entry click the New Entry link In both cases the Edit DSCP Settings screen will ap pear Configure the following fields DSCP Value hex Enter a hexadecimal num ber that will serve as the DSCP value 802 1p Priority Select a 802 1p prior ity level from the combo box each priority level is mapped to low medium high priority Click OK to save the settings 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions QoS Section HBK 939800036 A1 77 DSCP Settings P RG F4202N FIGURE 4 DSCP Settings Panel DSCP Value hex 02 1p Priority Action 0 Low amp 0 Low x 4 Medium i z 4 Medium t 2 Low amp 1 Low K 3 3 Low a z 2 Low k 4 7 High i k 6 High x 7 High E d 6 High r amp 5 Medium KN k 5 Medium 5 Medium 4 5 Medium kT 4 7 High A k aP 802 1P SETTINGS The IEEE 802 1p pr
105. le will always be active However you can configure scheduled rules by selecting User Defined 6 Click OK to save the settings You will be returned to the previous screen while the Router attempts to find the site Resolving will appear in the Status column while the site is being located the URL is resolved into one or more IP addresses P RG F4202N features a configurable Network Address Translation NAT and Network Address Port Translation NAPT mechanism allowing you to control the network addresses and ports of packets routed through your gateway When enabling multiple computers on your network to access the Internet using 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Security Section HBK 939800036 A1 53 P RG F4202N a fixed number of public IP addresses you can statically define which LAN IP address will be translated to which NAT IP address and or ports By default the Router operates in NAPT routing mode However you can con trol your network translation by defining static NAT NAPT rules Such rules map LAN computers to NAT IP addresses The NAT NAPT mechanism is useful for managing Internet usage in your LAN or complying with various application demands For example you can assign your primary LAN computer with a single NAT IP address in order to assure its permanent connection to the Internet Another example is when
106. les you to share and stream media files from a storage device connected to Discus You can access the shared media files with either a networkaware Consumer Electronic CE device or from a LAN PC with an installed media rendering software Both methods utilize a Uni versal Plug and Play UPnP media renderer The Media Sharing screen con tains the following options Share Music Pictures and Video on My Local Network By default this op tion is selected To disable media sharing deselect this option Automatically Share Media in All Folders By default this option is selected causing all partitions and folders on the storage device to become shared automatically 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 101 P RG F4202N Share Only Recognized Media File Types When this option is selected only recognized media files are shared FIGURE 19 Media Sharing Panel Media Sharing W Share Music Pictures and Video on My Local Network Automatically Share Media in All Folders Share Only Recognized Media File Types Status i NETWORK OBJECTS Network Objects is a method used to abstractly define a set of LAN hosts ac cording to one or more MAC address IP address and host name Defining such a group can assist when configuring system rules For example network objects can be used when co
107. ling and setting up network equipment consequently it assumes a basic working knowledge of LANs Lo cal Area Networks and Internet Routers Throughout this guide the P RG F4202N is referred to as the Router Cate gory 5 Ethernet Cables are referred to as Ethernet Cables throughout this guide Table 1 and Table 2 list conventions that are used throughout this guide TABLE 1 Notice Icons Icon Notice Type Description tions a Information note Information that describes important features or instruc 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Welcome HBK 939800036 A1 1 A I E gt O N S P RG F4202N TABLE 1 Notice Icons Icon Notice Type Description AO Caution Information that alerts you to potential loss of data or AN potential damage to an application system or device l l Warning Information that alerts you to potential personal injury TABLE 2 Text Conventions Convention Description The words enter and When you see the word enter in this guide you must type some type thing and then press Return or Enter Do not press Return or En ter when an instruction simply says type Keyboard key names If you must press two or more keys simultaneously the key names are linked with a plus sign Example Press Ctrl Alt Del Words in italics Italics are used to e Emphasize a point e Denote
108. lled ways in order to enable some applica tions to work from the LAN game voice and chat applications for example and to enable Internet access to servers in the home network The Port For warding feature supports both of these functionalities If you are familiar with networking terminology and concepts you may have encountered this topic re ferred to as Local Servers The Port Forwarding screen lets you define the applications that require spe cial handling by the Router All you have to do is select the application s protocol and the local IP address of the computer that will be using or providing the service If required you may add new protocols in addition to the most common ones provided by the Router For example if you wanted to use a File Transfer Protocol FTP application on one of your PCs you would simply select FTP from the list and enter the local IP address or host name of the designated computer All FTP related data arriving at the Router from the Internet will henceforth be forwarded to the specified computer Similarly you can grant Internet users ac cess to servers inside your home network by identifying each service and the PC that will provide it This is useful for example if you want to host a Web server inside your home network When an Internet user points his her browser 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions
109. manually configure DNS server addresses select Use the Following DNS Server Addresses from the DNS Server drop down menu Specify up to two different DNS server address one primary another secondary IP Address Distribution The IP Address Distribution section allows you to configure the gateway s Dynamic Host Configuration Protocol DHCP server parameters The DHCP automatically assigns IP addresses to network PCs If you enable this feature make sure that you also configure your network PCs as DHCP clients Select one of the following options from the IP Address Distribu tion combo box DHCP Server Start IP Address The first IP address that may be assigned to a LAN host Since the gateway s default IP address is 192 168 1 1 this address must be 192 168 1 2 or greater 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Network Connections Section HBK 939800036 A1 29 LAN BRIDGE gt gt ROUTING P RG F4202N End IP Address The last IP address in the range that can be used to automati cally assign IP addresses to LAN hosts Subnet Mask A mask used to determine to what subnet an IP address belongs An example of a subnet mask value is 255 255 255 0 Lease Time In Minutes Each device will be assigned an IP address by the DHCP server for this amount of time when it connects to the network When the lease expires the server will determine
110. n reset by peer 131 WUS aa 01 00 58 HTTP Warning CGI home httpd html index cgi returned 1 oe TE 01 00 45 LibJutil Warning estream Cannot read from fd 43 Connection reset by peer 131 LI 1 oa T 01 00 29 IGMP Information Removing multicast group 239 255 255 250 from device br port 0 aS Jan 1 01 00 29 IGMP Information Adding multicast group 239 255 255 250 to device br0 port 0 L 1 CPU The CPU screen displays the amount of time that has passed since the system was last started and the load average In addition the screen also displays a list of all the processes currently running on the Router and their virtual memory usage The screen is automatically refreshed by default though you may change this by clicking Automatic Refresh Off 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions System Monitoring Section HBK 939800036 A1 133 00 0J 40 gt 8 m m zz 0 00 CPU System Has Been Up For FIGURE 3 Load Average 1 5 15 mins 3924 kB 11528 kB 4860 kB 7292 kB 7292 kB 7292 kB 7292 kB 7292 kB 7292 kB 7292 kB 7292 kB 5740 kB 5744 kB 7292 kB 7292 kB 2804 kB 6032 kB P RG F4202N CPU Panel 0 hours 20 minutes 0 11 0 06 0 07 Total Virtual Memory WmData Heap size VmSize 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instru
111. negotiation Some devices in the range support auto negotiation Auto negotiation is where two devices sharing a link automatically configure to use the best common speed The order of preference best first is 1OOBASE TX HBK 939800036 A1 149 full duplex 1OOBASE TX half duplex 10BASE T full duplex and 10BASE T half duplex Auto negotiation is defined in the IEEE 802 3 standard for Ethernet and is an operation that takes place in a few milliseconds Bandwidth The information capacity measured in bits per second that a channel can transmit The bandwidth of Ether net is 10 Mbps the bandwidth of Fast Ethernet is 100 Mbps The bandwidth for 802 11b wireless is 11Mbps Category 5 Cables One of five grades of Twisted Pair TP cabling defined by the EIA TIA 586 standard Category 5 can be used in Ethernet 10BASE T and Fast Ethernet networks 100BASE TX and can transmit data up to speeds of 100 Mbps Category 5 cabling is better to use for network cabling than Category 3 because it supports both Ethernet 10 Mbps and Fast Ethernet 100 Mbps speeds Channel Similar to any radio device the Wireless Cable DSL router allows you to choose different radio channels in the wireless spectrum A channel is a particular frequency within the 2 4GHz spectrum within which the Rou ter operates Client The term used to described the desktop PC that is connected to your network DHCP Dynamic Host Configuration Protocol This protocol a
112. nerated traffic to UDP port 2222 This will result in accepting the inbound traffic from the gaming server and sending it back to the LAN Host which originated the outgoing traffic to UDP port 2222 Select the Port Triggering tab in the Security management screen The Port Triggering screen will appear FIGURE 5 Port Triggering panel Security Log Advanced Filtering Connections Trigger opening of ports for incoming data Protocol Outgoing Trigger Ports Incoming Ports to Open Action M LETP Layer Two Tunneling Protocol UDF Any gt 1701 UDP Any gt Same as Initiating Ports Jt W TFTP Trivial File Transfer Protocol UDP 1024 65535 gt 69 UDP Any gt Same as Initiating Ports z I Ico UDF any gt 4000 TCP Any gt 20000 20059 4 Net2Phone K Apply Cancel WEB SITE RESTRICTIONS You may configure the Router to block specific Internet web sites so that they cannot be accessed from computers in the home network Moreover restric 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 52 HBK 939800036 A1 Security Section Security General ACCESS Caontral P RG F4202N tions can be applied to a comprehensive and automatically updated table of sites to which access is not recommended FIGURE 6 Web Site Restrictions panel Security Log Advanced Filtering P ort Forwarding Webs
113. network mask is used in conjunction with the destination to de termine when a route is used Gateway Enter the gateway s IP address 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 111 P RG F4202N Metric A measurement of the preference of a route Typically the lowest metric is the most preferred route If multiple routes have the same metric value the default route will be the first in order of appearance Routing Protocols Routing Information Protocol RIP Select this check box in order to enable connections previously defined to use RIP If this check box is not selected RIP will be disabled for all connections including those defined to use RIP Reverse Discus will advertise acquired route information with a high metric in order for other routers to disregard it Do not Advertise Direct Connected Routes the Router will not advertise the route information to the same subnet device from which it was obtained Internet Group Management Protocol IGMP the Router provides support for IGMP multicasting which allows hosts connected to a network to be updated whenever an important change occurs in the network A multicast is simply a message that is sent simultaneously to a pre defined group of recipients When you join a multicast group you will receive all messages addressed to the group much like what happe
114. nfiguring the Router s security filtering settings such as IP address filtering host name filtering or MAC address filtering You can use network objects in order to apply security rules based on host names instead of IP addresses This may be useful since IP addresses change from time to time Moreover it is possible to define network objects according to MAC addresses making rule application more persistent against network con figuration settings 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 102 HBK 939800036 A1 Advanced Section Network Objects P RG F4202N FIGURE 20 Network Objects Panel Network Object is a set of host names IP addresses or MAC addresses Security rules can be applied to a distinct LAN subset using Network Objects Network Object Items Action Global Object 192 168 1 56 amp New Entry qP Close To define a network object 1 Click the Network Objects icon in the Advanced screen of the Web based Management The Network Objects screen will appear 2 Click the New Entry link the Edit Network Object screen will appear 3 Name the network object in the Description field and click New Entry to ac tually create it The Edit Item screen will appear The source address can be entered in one of the following methods IP Address IP Subnet IP Range MAC Address and Host Name When selecting a method from
115. nge settings or help you troubleshoot functionality or communication issues from a remote location Remote access to the Router is blocked by default to ensure the security of your home network However remote access is supported by the following ser vices and you may use the Remote Administration screen to selectively en able these services if they are needed To view the Router s remote administration options click the Remote Admini stration icon in the Advanced screen of the Web based management The Remote Administration screen will appear 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 108 HBK 939800036 A1 Advanced Section P RG F4202N To allow remote access to the Router services 1 Select the services that you would like to make available to computers on the Internet The following should be taken into consideration e Although Telnet service is password protected it is not considered a se cured protocol When allowing incoming access to a Telnet server if port forwarding is configured to use port 23 select port 8023 to avoid conflicts e When allowing incoming access to the Web based management if port for warding is configured to use port 80 select port 8080 to avoid conflicts 2 Click OK to save the settings Allow Incoming WAN Access to the Web Management Used to obtain ac cess to the Web based Management and
116. ns when an e mail message is sent to a mailing list IGMP multicasting may be useful when connected to the Internet through a router When an application running on a LAN computer sends out a request to join a multicast group the Router will listen and intercept this group s messages sending them to the subscribed application Domain Routing When Router s DNS server receives a reply from an external DNS server it will add a routing entry for the IP address of the reply through the device from which it arrived This means that future packets from this IP ad dress will be routed through the device from which the reply arrived 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 112 HBK 939800036 A1 Advanced Section 00 07 ra U gt 9 m m 40 0 0 gt P RG F4202N FIGURE 29 Routing Panel Routing Routing Table Name Destination Gateway Netmask Metric Status Action LAN Bridge 192 168 1 0 0 0 0 0 AERE GMESN pplied Mew Route qP Routing Information Protocol RIP Enabled Poison Reverse Do not Advertise Direct Connected Routes Internet Group Management Protocol IGMP Enabled IGMP Fast Leave IGMP Multicast to Unicast Domain Routing Enabled Packet Streaming Engine Software Acceleration Hone SSH Secure Shell SSH is a protocol that provides encrypted connections to remote hosts or servers
117. nt to Cover Page Instructions Advanced Section HBK 939800036 A1 117 SOLUTIONS P RG F4202N Trusted Peer The IP address or subnet of addresses that identify which remote management stations are allowed to perform SNMP operations on Discus SNMP Traps Messages sent by OpenRG to a remote management station in order to notify the manager about the occurrence of important events or serious conditions Discus supports both SNMP version 1 and SNMP version 2c traps Check the Enabled check box to enable this feature The screen re freshes displaying the following fields e Version Select between version SNMP v1 and SNMP v2c e Destination The remote management station s IP address e Community Enter the community name that will be associated with the trap messages FIGURE 33 Simple Network Management Protocol Panel Simple Network Management Protocol SNMP v Enabled Tallow Incoming WAN Access to SNMP Read Only Community Name public Read Write Community Name Trusted Peer SNMP Traps Enabled Version SYSTEM LOG The System Log screen displays a list of recent activities that has taken place on Discus 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 118 HBK 939800036 A1 Advanced Section System Log Network Connections P RG F4202N By default all log messages are displayed one after another sorted by the
118. ntries The Internet is an example of a wide area network WEP Wired Equivalent Privacy A shared key encryption mechanism for wireless networking Encryption strength is 40 64 bit or 128 bit Wi Fi Wireless Fidelity This is the certification granted by WECA to products that meet their inter operability crite ria see also 802 11b WECA HBK 939800036 A1 155 Wi Fi Alliance The Wi Fi Alliance is a trade group owning the trademark to Wi Fi aiming at performing the testing certify ing interoperability of products and promoting the technology Wireless Client The term used to describe a desktop or mobile PC that is wirelessly connected to your wireless network Wireless LAN Service Area Another term for ESSID Extended Service Set Identifier Wizard A Windows application that automates a procedure such as installation or configuration WLAN Wireless Local Area Network A WLAN is a group of computers and devices connected together by wireless in a relatively small area Such as a house or Office WPA Wi Fi Protected Access A dynamically changing encryption mechanism for wireless networking Encryption strength is 256 bit 156 HBK 939800036 A1 PIRELLI Broadband Solutions Viale Sarca 222 20126 Milano Italy
119. o choose between the available rules 5 Back in the Filtering Policy screen use the check box next to the com puter name in order to enable or disable its policy 6 Click OK to save the settings 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Parental Control Section HBK 939800036 A1 67 P RG F4202N FIGURE 2 Filtering Policy Panel Filtering Policy Default Filtering Policy LAN Computer Policy LAN Computer IP Address Add a LAN Computer Filtering Policy Description Home At Home Employee Work Environment Add a Policy ADVANCED OPTIONS Click the Advanced Options link of the Parental Control menu item under the Services tab Block All Web Access on Failure to Contact Provider The filtering service provider is consulted about every site s category in order to decide whether to allow or block it If for any reason the provider cannot be consulted use this check box to determine whether to block or allow access to all sites Redirect URL When a site is blocked an OpenRG Blocked Access page is displayed specifying the requested URL and the reason it was blocked Use this field to specify an alternative page to be displayed when a site is blocked 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 68 HBK 939800036 A1 Parental Control Sec
120. o 640 Kbps when sending data known as the upstream rate ADSL requires a special ADSL modem ADSL is growing in popularity as more areas around the world gain access DSL modem DSL stands for digital subscriber line V DSL modem uses your existing phone lines to send and receive da ta at high speeds Encryption A method for providing a level of security to wireless data transmissions The Router uses two levels of en cryption 40 64 bit and 128 bit 128 bit is a more powerful level of encryption than 40 64 bit Ethernet A LAN specification developed jointly by Xerox Intel and Digital Equipment Corporation Ethernet networks use CSMA CD to transmit packets at a rate of 10 Mbps over a variety of cables Ethernet Address see MAC address Fast Ethernet An Ethernet system that is designed to operate at 100 Mbps Firewall Electronic protection that prevents anyone outside of your network from seeing your files or damaging your computers Full Duplex A system that allows packets to be transmitted and received at the same time and in effect doubles the po tential throughput of a link IEEE Institute of Electrical and Electronics Engineers This American organization was founded in 1963 and sets standards for computers and communications HBK 939800036 A1 151 IETF Internet Engineering Task Force An organization responsible for providing engineering solutions for TCP IP networks In the network management area th
121. o be exposed to the Internet Designate a DMZ host when e You wish to use a special purpose Internet service such as an on line game or video conferencing program that is not present in the Port Forwarding list and for which no port range information is available e You are not concerned with security and wish to expose one computer to all services without restriction A DMZ host is not protected by the firewall and may be vulnerable to attack Designating a DMZ host may also put other computers in the home network at risk When designating a DMZ host you must consider the security implications and protect it if necessary An incoming request for access to a service in the home network such as a Web server is handled by the Router P RG F4202N will forward this request to the DMZ host if one is designated unless the service is being provided by another PC in the home network assigned in Port Forwarding in which case that PC will receive the request instead FIGURE 4 DMZ Host panel Security Website Restrictions ance Security Filtering Log General Scess DMZ Port Host Batt init ll Connections Allow a single LAM computer to be fully exposed to the Internet Mi DMZ Host IP Address faz fies fio 43 OF Apply Cancel To designate a local computer as a DMZ Host 1 Select the DMZ Host tab in the Security management screen The DMZ Host
122. o initiate and manage your subscription Activate Enable Web Content Filtering Subscription Status Disabled 6006 22ctHeb93d5d FILTERING POLICY A filtering policy defines which sites will be blocked based on their category Discus provides four built in policies Home Blocks sites under the Child Protection category Employee Blocks sites from non work related categories Block All Blocks all access to the Internet Allow All Allows unlimited Internet access These policies can be set from the Default Filtering Policy drop down menu in the Filtering Policy screen To view or edit the Home and Employee policies click their respective links in this screen To create your own filtering policy per form the following 1 Click the Filtering Policy link under the Parental Control menu item 2 Click the Add a policy link 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 66 HBK 939800036 A1 Parental Control Section 6 P RG F4202N Enter a name and a description for the new policy Select the content filtering check boxes which represent content you would like to block Selecting a category will automatically select all its sub categories and vice versa If you would like to make a more refined selec tion of filtering options click the plus sign next to each category to dis play a list of its su
123. ock unauthorized IP packets to Discus Specify the following parameters Maximum Number of Authentication Failures The maximum number of packets to authenticate before blocking the origin s IP address e Block Period in seconds The timeframe during which Discus will drop packets from an unauthorized IP address 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 99 P RG F4202N Enable Anti Replay Protection Select this option to enable dropping of pack ets that are recognized by their sequence number as already been received Connections This section displays the list of IPSec connections FIGURE 17 IPSec Panel Internet Protocol Security IPSec Block Unauthorized IP Maximum Number of Authentication Failures Block Period in seconds Anti Replay Protection Connections Name L2TP SERVER Enabled Enabled Status Action Access this feature either from its link in the VPN tab under the Services screen or by clicking the L2TP icon in the Advanced screen This screen en ables you to configure the following Enabled Select or deselect this check box to enable or disable this feature Note that checking this box creates an L2TP server if not yet created with the wizard but does not define remote users Click Here to Create VPN Users Click this link to define remote users that will
124. ol is TCP IP Windows machines identify themselves to the WINS server so that other Win dows machines can query the server to find the IP address Since the WINS server itself is contacted by IP address which can be routed across subnets WINS allows Windows machines on one LAN segment to locate Windows ma chines on other LAN segments by name When a host connects to the LAN it is assigned an IP address by router s DHCP The WINS database is automatically updated with its NetBIOS name and the assigned IP address Router s WINS server also responds to name queries from WINS clients by returning the IP address of the name being que ried assuming the name is registered with the WINS server The Internet in the WINS name refers to the enterprise Internet LAN not the public Internet FIGURE 39 WINS Server Panel WINS Server Host Records Host Name IP Address COK eek Cancel Ce Press the Refresh button to update the status 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 126 HBK 939800036 A1 Advanced Section P RG F4202N WAKE UP ON LAN P RG F4202N Allows you to wake up your PC remotely from a software shut down state Connecting to the Router s Homepage and accessing the Wake Up on LAN section You should configure the Wake up on LAN option in windows in the network interface configuration window to enable this function
125. on pins 1 and 2 This wiring is referred to as Media Dependant Interface Crossover MDI X NAT Network Address Translation NAT enables all the computers on your network to share one IP address The NAT capability of the Router allows you to access the Internet from any computer on your home network without having to purchase more IP addresses from your ISP Network A Network is a collection of computers and other computer equipment that are connected for the purpose of exchanging information or sharing resources Networks vary in size some are within a single room others span continents Network Interface Card NIC A circuit board installed into a piece of computing equipment for example a computer that enables you to connect it to the network A NIC is also known as an adapter or adapter card Protocol A set of rules for communication between devices on a network The rules dictate format timing sequencing and error control PSTN Public Switched Telephone Network PPPoA Point to Point Protocol over ATM PPP over ATM is a protocol for connecting remote hosts to the Internet over an always on connection by simulating a dial up connection HBK 939800036 A1 153 PPPoE Point to Point Protocol over Ethernet Point to Point Protocol is a method of data transmission originally cre ated for dial up connections PPPoE is for Ethernet connections RJ 45 A standard connector used to connect Ethernet networks The RJ
126. onitoring page by selecting the Monitoring Tab panel the Registration Status and Call State for each line are shown FIGURE 3 Monitoring Panel Monitoring Line i Registration Status Registration disabled Call State Idle Line 2 Registration Status Registration disabled Call State Idle 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 60 HBK 939800036 A1 Voice over IP Section ADVANCED P RG F4202N The IP Telephony tab of the Voice over IP screen allows configuration of dialing parameters VoIP Signaling Protocol media streaming parameters and codecs The following sections describe these various parameters 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 61 Voice over IP Section HBK 939800036 A1 P RG F4202N FIGURE 4 Advanced Panel Advanced Signaling Protocol Enable transparent SIP Mode Enable Server look up Prack 100rel message Local SIP Port V Use Strict SIP Message Checking Enable Sip on Interface Local RTP Port Range Contiguous Series of 16 Ports Starting From n004 Type Of Service Hex Use MSS Clamping to Reduce Voice Delay Supported Codecs Priority G 711 64kbps 4 Law G 711 64kbps u Law G 729 8kbps v G 726 32 32kbps G 723 5 3 6 3kbps Silence Suppression Enable Sil
127. onnecting with RDP provide the username and pass word that are used to login to the LAN computer e Select the size of the screen in which the remote desktop application will be displayed 9 Select the Edit the Newly Created Shortcut check box in order to associate a user or a group with this shortcut and click Finish The Edit Shortcut screen appears 10 Click the New User link or New Group according to your preference and select a user with remote SSL VPN access permission from the drop down menu 11 Click OK The new user is added to the Users section in the Edit Shortcut screen Click OK to save the settings The new shortcut is added to the Shortcuts screen and will be available for this user when connecting to the SSL VPN portal 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 115 SOLUTIONS P RG F4202N To launch the remote desktop application from a remote computer perform the following 1 Browse to Discus from a remote computer by typing https lt Discus Internet address gt Discus Internet address can be found under the Internet Con nection tab For example https 10 71 86 21 2 Log in with the newly added user The portal screen appears Click the name of the RDP shortcut A Remote Desktop session screen opens prompting you for login details Enter the
128. onnection of networks Originally a UNIX standard TCP IP is now supported on al most all platforms and is the protocol of the Internet 154 HBK 939800036 A1 TCP It relates to the content of the data travelling through a network ensuring that the information sent arrives in one piece when it reaches its destination IP relates to the address of the end station to which data is be ing sent as well as the address of the destination network Traffic The movement of data packets on a network Universal plug and play Universal plug and play is a system which allows compatible applications to read some of their settings from the Router This allows them to automatically configure some or all of their settings and need less user con figuration URL Filter A URL Filter is a feature of a firewall that allows it to stop its clients form browsing inappropriate Web sites UTP Unshielded twisted pair is the cable used by 10BASE T and 100BASE Tx Ethernet networks VCI VCI Virtual Channel Identifier The identifier in the ATM Asynchronous Transfer Mode cell header that identifies to which virtual channel the cell belongs VPI VPI Virtual Path Identifier The field in the ATM Asynchronous Transfer Mode cell header that identifies to which VP Virtual Path the cell belongs WAN Wide Area Network A network that connects computers located in geographically separate areas for exam ple different buildings cities or cou
129. orwarding service you must ensure that the port is not al ready in use by another application which may stop functioning A common ex ample is when using SIP signaling in Voice over IP the port used by the gate way s VoIP application 5060 is the same port on which port forwarding is set for LAN SIP agents 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Security Section HBK 939800036 A1 49 B ROA YD BB AM Ss Oo WLW TI On S P RG F4202N FIGURE 3 Port Forwarding panel Security a em Port 7 i or T Di YANCeL General Eoeroedinn Beeuied ane Connections New Entry Expose services on the LAN to external Internet users Local Host Local Address Public IP Address Protocols Status Action Quakell TEP Any gt 27910 z UDP Any gt 27910 ee ae g OF Apply Cancel Resolve Now Refresh To add a new port forwarding service 1 Select the Port Forwarding tab in the Security management screen The Port Forwarding screen will appear Click the New Entry link The Add Port Forwarding Rule screen will appear 3 Select the Specify Public IP Address check box if you would like to apply this rule on a specific external IP address The screen will refresh 4 Enter the additional external IP address in the Public IP Address field 5 Enter the host name or IP address of the computer that will provide the ser vice
130. oser you are to the Router the better the speed If you are not achieving the speed you had anticipated then try moving the an tenna on the Router or moving the Wireless computer closer to the Router In an ideal network the Router should be located in the centre of the network 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Troubleshooting HBK 939800036 A1 137 SOLUTIONS P RG F4202N with Wireless computers distributed around it Applications are generally available with the computer wireless card to carry out a site survey Use this application to find the optimal siting for your wireless computer Consult your Computer Card documentation and vendor for more details FREQUENTLY ASKED QUESTIONS How do I reset the Router to Factory Defaults See How To change the administrator password How many computers on the LAN does the Router support Up to a maxi mum of 256 computers on the LAN are supported The Quality of Service QoS is related to the guaranteed level of throughput the amount of data transferred from the Router to the clients As many clients are connected as lower is the Quality as Service How many wireless clients does the Router support A maximum of 15 wireless clients are supported How are additional computers connected You can expand the number of connections available on your LAN by using hubs switches and wi
131. outer including security keys for sub sequent encrypted sessions To configure the RADIUS authentication mechanism perform the following steps 1 Click the RADIUS icon in the Advanced screen of the Web based Man agement The RADIUS screen will appear Specify the following parameters Enabled Select this check box to enable RADIUS client authentication Server IP Type in the RADIUS server s IP address Server Port Type in the RADIUS server s port Shared Secret Type in your shared secret 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 107 gt A 3a RADIUS Client a Enabled Server IP Server Port Shared Secret REBOOT Reboot REMOTE ADMINISTRATION P RG F4202N FIGURE 25 RADIUS Panel J To reboot P RG F4202N 1 Click the Reboot icon in the Advanced screen of the WBM The Reboot screen will appear 2 Press OK to reboot the Router This may take up to one minute To re enter the WBM after restarting the gateway press the browser s Refresh button FIGURE 26 Reboot Panel Are you sure you want to reboot PRGAV4202N It is possible to access and control P RG F4202N not only from within the home network but also from the Internet This allows you to view or change settings while travelling It also enables you to allow your ISP to cha
132. ovides communication across diverse interconnected networks 6 Select Pv4 then check to obtain an automatically IP address Click on OK button FIGURE 6 Internet Protocol TCP IP Properties Internet Protocol Version 4 TCP 1Pv4 Properties General ARernate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Obtain ONS server address automatically Use the following ONS server addresses Advanced Cancel 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 16 HBK 939800036 A1 Setting Up Your Computer P RG F4202N ETHERNET CONNECTION gt gt MAC OS 10 X To configure TCP IP on MAC OS 10 x follow these steps 1 Open the Apple Menu gt System Preferences and select Network 2 From the Show drop down list according to the type of connection used se lect Built in Ethernet Select the TCP IP tab select DHCP from the Configure pop up menu to have a dynamic IP ad dress FIGURE 7 Network panel on MAC OS 10 x 66 Networks ff G4 G Shorey ALE Chet plays ured Piet ence le Startup Disk Location Automatic aA a Configure Built in Ethernet a PTCA PPPoE AppleTalk Proxies Configure Using
133. ows 7 or Apple MAC 10 x An Ethernet 10Mbps or 10 100 Mbps NIC for each computer to be con nected to one of the four Ethernet ports on the rear of the Router As optional an 802 11b g n wireless NIC At least 60MB of free hard disk space At least 128 MB of RAM Supported Browsers Internet Explorer 5 5 or higher Netscape 4 7 or higher 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions HBK 939800036 A1 Introduction P RG F4202N FRONT PANEL The front panel of the Router contains seven indicator lights LEDs that help to describe the state of networking and connection operations FIGURE 3 Front Panel LEDs 1 2 3 4 TABLE 2 LED Description Ref LED LED Color LED Description 1 Power White Red Solid White Power on Solid Red Boot Loader Failure Off white and Red Power off 2 Internet White Red Solid Green WAN IP address available activit Blinking Green IP connected and IP traffic is passing through device either direction Solid Red WAN IP address not available Off Modem power off or the modem is in bridged mode or connection not pre sent 3 Phone White Red On One of the FXS port has been registered with a SIP proxy server Blinking One of the telephones connected to the FXS port is off hook Off Modem power off on phone line 1 or phone line 2 not registered 4 Wireless Blue On Wireless functionality enabled LAN Blinking Wireless LAN activity
134. ports 1 Primary secondary HTTP ports 2 Primary secondary HTTPS ports 3 Primary secondary Telnet ports 4 Secure Telnet over SSL ports Management Application SSL Authentication Options It allows to define the Client Authentication options System Logging Configure system logging parameters System Log Buffer Size Set the size of the system log buffer in Kilobytes Remote System Notify Level The remote system notification level can be one of the following None Error Warning and Information Security Logging Configure security logging parameters Security Log Buffer Size Set the size of the security log buffer in Kilobytes Remote Security Notify Level The remote security notification level can be one of the following None Error Warning and Information Outgoing Mail Server Configure outgoing mail server parameters 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 120 HBK 939800036 A1 Advanced Section P RG F4202N Server Enter the hostname of your outgoing SMTP server in the Server field From Email Address Each email requires a ffom address and some outgoing servers refuse to forward mail without a valid from address for anti spam con siderations Enter a from email address in the From Email Address field Port Enter the port that is used by your outgoing mail server Server Requires Authentication If you
135. r Class 1 IEC 60825 1 2007 Link distance up to 15Km Option 3G WAN back up LAN Interface N 4 10 100BASE T Ethernet ports RJ 45 plug compliant IEEE 802 3 with auto MDIX and auto negotiation Ports can be configured in order to be dedicated to video traffic to from a STB N 2 USB Host v 2 0 Wireless LAN Wi Fi access point solution is compliant with the following standards Interface IEEE 802 11b g IEEE 802 11n Draft 2 0 IEEE 802 11e CERTIFIED _ WPA WPA2 IEEE 802 11i WMM IEEE 802 11e N 2 infernal antennas Voice Interface N 2 FXS Phone port RJ11 Plug Routing Bridging Routing Static routing RIPv1 RIPv2 IP Multicasting IGMP v2 v3 Bridge HBK 939800036 A1 143 NAT Qos Voice Over IP WAN LAN transparent bridging Transparent bridging between LAN devices Automatic discovery of MAC addresses Spanning tree protocol NAT NAPT RFCs 3022 Static NAT Static NAPT Application Level Gateway ALGs modules IP QoS Layer 2 IEEE 802 1D priority p bits in IEEE 802 1Q VLAN header Layer 3 Diffserv DSCP codepoint Classification rules Queuing VLAN ID and the DSCP to 802 1p priority queue mapping support Multiple strict priority and Weighted Round Robin WRR priority queues Shaping per queue and aggregate output rate limiting scheduler configurable parameters selective packet dropping based on Random Early Discard RED Marking
136. r business at risk from illegally traded copyright files you may want to block several popular P2P and file sharing applications FIGURE 2 Access Control panel Security Port Triggerin Security Lo g Advanced Filtering Website Restrictions Block access to Internet services from within the LAM Connections Forwarding Local Host Local Address Protocols Status Civilization 3 TCP Any gt 6500 TCP Any gt 6667 TCP Any gt 13139 TCP Any gt 27900 Action TCP ny TCP Any Active Worlds TCP ny cerry gt 46900 gt 79900 29901 TCP Any gt 3000 gt 5670 amp Inactive TCP Ony gt FPF TCP ny gt 7000 7100 New Entry qP OF Apply Cancel Resolve Mow Refresh To allow or restrict services 1 Select the Access Control tab in the Security management screen The Access Control screen will appear 2 Click the New Entry link The Add Access Control Rule screen will appear The Address combo box provides you the ability to specify the computer or group of computers for which you would like to apply the access control rule You can select between any a specific computer in your LAN or User De 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Security Section HBK 939800036 A1 47 PORT FORWARDING P RG F4202N fined If you choose the User Define
137. r outgoing mail server requires authenti cation check the Server Requires Authentication check box and enter your user name and password in the User Name and Password fields respectively SWAP If enabled it allows to define the swap size MB HTTP Interception When no Internet connection is available the Router will display an attention screen explaining the connection s status instead of the standard The page cannot be displayed window Host Information It allows to enable disable the host services auto detection feature 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 121 P RG F4202N FIGURE 35 System Settings Panel System Settings Discus s Hostname Local Domain Automatic Refresh of System Monitoring Web Pages Warn User Before Configuration Changes Session Lifetime Management Application Ports Primary HTTP Management Port Secondary HTTP Management Port Primary HTTPS Management Port Secondary HTTPS Management Port Primary Telnet Port Secondary Telnet Port Secure Telnet over SSL Port SSH Server Management Application SSL Authentication Options Primary HTTPS Management Client Authentication Secondary HTTPS Management Client Authentication Secure Telnet over SSL Client Authentication System Logging System Log Buffer Size Remote System Notify Level S
138. rately for each LAN device e Can assign a static lease to a LAN PC so that it receives the same IP ad dress each time it connects to the network even if this IP address is within the range of addresses that the DHCP server may assign to other computers e Provides the DNS server with the host name and IP address of each PC that is connected to the LAN Additionally the Router can act as a DHCP relay escalating DHCP responsibili ties to a WAN DHCP server In this case P RG F4202N will act merely as a router while its LAN hosts will receive their IP addresses from a DHCP server on the WAN With the Router s optional Zero Configuration Technology feature the IP Auto Detection method detects statically defined IP addresses in addition to the Router s DHCP clients It learns all the IP addresses on the LAN and integrates the collected information with the database of the DHCP server This allows the DHCP server to issue valid leases thus avoiding conflicting IP addresses used by other computers in the network 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 98 HBK 939800036 A1 Advanced Section P RG F4202N FIGURE 16 IP Address Distribution Panel 40 IP Address Distribution Name Service Subnet Mask Dynamic IP Range Action LAN Bridge DHCP Server 259 259 259 i 192 168 1 1 192 168 1 2 34 w Connection List IPSEC Internet Protocol Security
139. reless ac cess points connected to the Router Wireless access points and hubs and switches provide a simple reliable means of expanding your network contact your supplier for more information or visit http www pirelli com 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 138 HBK 939800036 A1 Troubleshooting Safety Information Important Safety Information This appendix contains directions that you must follow for your personal safety Follow all directions carefully You must read the following safety information carefully before you install or remove the unit Use only the power adapter that is supplied with the unit The use of an alternative adapter can dam age the Router and invalidate the warranty Use an electrical outlet within easy distance and do not damage the power cable To avoid electrical shock do not open the Router To prevent fire or shock hazard do not expose your Router to rain or moisture liquid and toxic sub stances Particular care must be taken during installation and removal of cables and telephone line Never touch uninsulated telephone wire or terminals unless the telephone line has been disconnected at the network interface Ensure the correct ventilation to the Router Do not obstruct the air conducts and do not lean anything over Verify to place the Router out of direct sunlight and away from sourc
140. rity and which the lowest If you have additional computers they will receive medium priority High Priority Host enter the host name or IP address of the computer to which you would like to grant the highest bandwidth priority Low Priority Host enter the host name or IP address of the computer to which you would like to grant the lowest bandwidth priority 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions QoS Section HBK 939800036 A1 71 P RG F4202N FIGURE 1 General Panel General WAN Devices Bandwidth Rx Tx QoS Profiles i Default No Quality of Service preferences P2P User I use peer to peer and file sharing applications I still want to be able to use my browser without interference HTTP HTTPS Medium TCP ACKs Medium Other Low Triple Play User I use VoIP applications and video streaming I want these applications to be as fast as possible VoIP SIP H323 High Video High Medium HTTP HTTPS Medium Other Low Home Worker I work from home and want my VPN and browser to have priority over other traffic VPN IPsec L2TP PPTP Medium HTTP HTTPS Medium Other Low Gamer I play games over the Internet and want the games related traffic to be as fast as possible Games Related Traffic Medium Other Low 5 Priority By Host I want to give different hosts in my network different priorities when ac
141. ryption method utilizing a statically defined key for wireless clients that do not use 802 1x for authentica tion and WEP for encryption This method s configuration is virtually identical to the 802 1x WEP method described above excluding the automatic key genera tion and the group key update interval specification Please refer to the 802 1x WEP section above when configuring this method Remember that the static key must be defined in the wireless Windows client as well Wireless QoS WMM Wi Fi Multimedia WMM provides basic Quality of Service QoS features to IEEE 802 11 networks If your wireless card supports WMM enable this feature by checking its Enabled check box Upon enabling WMM the highest priority is given to Voice packets decreasing towards Background packets which receive the lowest priority In addition you can control the reliability of traffic flow By default the Ack Pol icy for each access category is set to Normal meaning that an acknowledge packet is returned for every packet received This provides a more reliable transmission but increases traffic load which decreases performance You may choose to cancel the acknowledgement by selecting No Ack in the combo box of each access category thus changing the Ack policy This can be useful for Voice for example where speed of transmission is important and packet loss is tolerable to a certain degree Virtual APs You can set up multiple wireless LAN
142. s on P RG F4202N limited only to the number supported by your wireless card Each wireless LAN is defined as an access point The Virtual APs section displays the Router s physical wireless access point on top of which virtual connections may be created To create a virtual connec tion click the New Virtual AP link The new connection will also be added to the network connections list and will be configurable like any other connection You can change the connection s de 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 42 HBK 939800036 A1 Network Connections Section P RG F4202N fault name by clicking its Edit action icon and changing the SSID value in the Configure LAN Wireless 802 11n Access Point Virtual AP screen Wireless WDS It enables wireless bridging of access points within its range Virtual access points are used to interact with router s WDS peers granting LAN users access to remote wireless networks When enabled a WDS List box is shown LAN WIRELESS 802 11N ACCESS POINT gt gt ADVANCED Internet Connection Firewall Your gateway s firewall helps protect your com puter by preventing unauthorized users from gaining access to it through a net work such as the Internet The firewall can be activated per network connection To enable the firewall on this network connection select the Enabled check box FIGURE 13
143. s various details about Router s soft ware version such as version number type of platform and list of features 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 83 7 About PRGF4202N Software Version Release Date Platform Tag Compilation Flags Hardware Version Hardware Serial Number Supported Features BACKUP AND RESTORE P RG F4202N FIGURE 2 About P RG F4202N Panel 4 8 3 PRGF_5 0 0 2803 Upgrade ven feb 12 13 57 28 CET 2010 Broadcom 96368 TSviluppo_Pirelli_4 8 PP68 LIC jpkg_mipseb lic CONFIG_NO_ XDSL y CONFIG _HAVE_FIBER y DIST BCM96368 111 24801X0000061 NetFilter Linux Firewall Internet Protocol Security PPTP Server L2TP Server PPP Over Ethernet PPP Over Serial PPTP Client L2TP Client ICMP ALG Port trigger TFTP ALG FTP FTPS ALG QuickTime RealAudio RealPlayer RTSP PROXY H323 ALG Netmeeting CuSeeMe SIP ALG MGCP ALG PPTP Client multiuser ALG Microsoft Network Messenger Windows Messenger ALG IPSec multiuser ALG L2TP ALG AOL Instant Messenger ALG DNS ALG DHCP ALG Bridge VLAN 802 10 bridge VLAN 802 10 interfaces management GDB Server UPnP Media Server IGMP Proxy Jungo Firewall Remote Upgrade from LAN NAT Secure HTTP SSL Permanent Storage RIP V1 V2 BGP V4 OSPF V2 Reverse NAT SNMP vi v2 SNMP v3 Universal Plug amp Play Remote Upgr
144. sh button to update the status DIAGNOSTICS The Diagnostics screen can assist you in testing network connectivity and view ing statistics such as the number of packets transmitted and received round trip time and success status 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 93 Destination Number of pings Status Destination Status Traceroute Destination Status P RG F4202N FIGURE 12 Diagnostics Panel Press the Refresh button to update the status Ping ICMP Echo To diagnose network connectivity follow these steps 1 Click the Diagnostics icon from the Advanced screen in the Web based Management The Diagnostics screen will appear Under the Ping ICMP Echo section enter the IP address or URL to be tested in the Destination field 3 Enter the number of pings you would like to perform 4 Press the Go button In a few seconds diagnostic statistics will be displayed If no new informa tion is displayed press the Refresh button ARP To perform an ARP packet test Performing a Traceroute To perform a traceroute follow these steps 1 Click the Diagnostics icon from the Advanced screen in the Web based Management The Diagnostics screen will appear Under the Traceroute section enter the IP address or URL to be tested in the Destination
145. specify the di rectory A restore dir the result will be A restore dir A homes john FIGURE 4 Restore Panel yo003_J an_01_01_51_01 fulltar Entire Archive Orginal Location ine OK Cancel P RG F4202N maintains two certificate stores P RG F4202N s Local This store contains a list of approved certificates that are used to identify the Router to its clients The list also includes certificate re quests that are pending a CA s endorsement You can obtain certificates for the Router using the following methods Requesting an X509 Certificate This method creates both a private and a matching public key The public key is then sent to the CA to be certified 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 86 HBK 939800036 A1 Advanced Section fiReLu B R D BAND S5 TIONS OpenkG Upload Certificate Name P RG F4202N e Creating a Self Signed Certificate This method is the same as requesting a certificate only the authentication of the public key does not require a CA This is mainly intended for use within small organizations e Loading a PKCS 12 Format Certificate This method loads a certificate us ing an already available and certified set of private and public keys FIGURE 5 Certificates gt gt Discus s Local Panel Issuer C US CN ORname_Jungo OpenRG Products Group Create Certificate Request Create S
146. st traffic priority classless rule has precedence over all other traffic priority rules e There is no prevention of a traffic priority rule conflicting with a class rule In this case the priority and DSCP setting of the class rule if given will take precedence Connection based QoS also allows inheriting QoS parameters by some of the applications that open subsequent connections For instance you can define QoS rules on SIP and the rules will apply to both control and data ports even if the data ports are unknown e SIP e MSN Messenger Windows Messenger e TFTP e FTP e MGCP e H 323 e Port Triggering applications e PPTP e IPSec 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions QoS Section HBK 939800036 A1 73 oN Traffic Priority General cL cin naping Traffic QoS Input Rules F P RG F4202N IGURE 2 Traffic Priority Panel OSPF Settings Destination Rule ID Source Address All Devices LAN Bridge Rules LAN Ethernet Rules LAN Ethernet 2 Rules LAN Ethernet 3 Rules LAN Ethernet 4 Rules LAN Ethernet 5 Rules LAN Ethernet 6 Rules LAN Ethernet 7 Rules Adie Operation Entry Entry Entry Entry Entry Entry Entry Entry Entry LAN Wireless 602 11n Access Point Rules Entry WAN ETHoA Rules WAN PPPoE Rules QoS Output Rules Rule ID Source Address All Devices LAN Bridge Rules LAN Ethernet Rul
147. t Proboc of i CP TP Properties 4 Asystem reboot will be required to make the changes real 5 Enter http 192 168 1 1 in the address bar of your browser to open the P RG F4202N Home Page 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 14 HBK 939800036 A1 Setting Up Your Computer gt 9 m m 00 02 40 0 0 gt Zz U P RG F4202N ETHERNET CONNECTION gt gt MS WINDOWS XP To configure TCP IP on MS Windows XP Operating System follow these steps 1 Select Start gt Settings gt Control Panel and make a double click on the Network icon 2 Select Protocols gt TCP IP then click on Properties button FIGURE 3 Local Area Connection Properties Local Area Connection 16 Properties Gene Abanced Connect uang E omn CA Intespated Fact Ethemet Contos I Dhia cgi ues Pes bolea boma Jl Ged Packet behad M Y SNIFFER Protocol Driva w lt Dibini Tibnin Conta Proiaoslinteres Pea Te aA yaje iaa nehaark peoboood thes pider bamur bion Scott dwetre mbscommnected networks me Soap ogr i nonce oles eben ponnera 3 Select the General Tab then check to obtain an automatically IP address Click on OK button FIGURE 4 Internet Protocol TCP IP Properties Internet Pioteno PORE Pineper ties Gere Alena Conigue ator Tou Gan get IF pairi erage pior ay i pou nei puppet Chee Capea Othe yt emai ll pace ak eci
148. t any configuration changes could compromise your connectivity When subscribing to a broadband service you should be aware of the method by which you are connected to the Internet Your physical WAN device can be Ethernet Fibre or both FIGURE 1 Quick Setup Panel A _ Z Quick Setup Internet Connections Wireless Enable Wireless Enabled Wireless Network SSID PirelliBS 802 11 Mode 802 11b g Mixed Security None v Administrator E Mail 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Quick Setup Section HBK 939800036 A1 23 P RG F4202N WIRELESS Click the Enabled check box to enable your wireless connection By doing that you will be asked to set the SSID the 802 11 Mode and the Security SSID The SSID is the network name shared among all points in a wireless network The SSID must be identical for all points in the wireless network It is case sensitive and must not exceed 32 characters use any of the characters on the keyboard Make sure this setting is the same for all points in your wire less network For added security you should change the default SSID openrg to a unique name 802 11 Mode Select the Wireless communication standard that is compatible with you PC s wireless card You can work in either 802 11n 802 119 or in mixed mode Security To configure your wireless security
149. t represents your Ethernet Wide Area Network WAN connection g icon to configure the WAN interface or the Ethernet LAN device It represents the gateway s Firewall The height of the wall corre es sponds to the security level currently selected Minimum Typical or Maximum Click this icon to configure security settings It represents a Wireless LAN connection Click this icon to config ure network parameters for the Wireless LAN device It represents a bridge connected in the home network Click this H icon to view the bridge s underlying devices It represents a computer host connected in the home network pi Each computer connected to the network appears below the net work symbol of the network through which it is connected Click an icon to view network information for the corresponding computer It represents a printer that is connected to the Router and is shared Net by network users Click the icon to view the printer s settings It represents a file server that is connected to the Router and is shared by network users Click the icon to view the file server con ql figuration 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 22 HBK 939800036 A1 Router Configuration Quick Setup section This chapter will describe the Quick Setup Section accessible from the Home Page of the P RG F4202N upon user authentication to the Router Be aware tha
150. tation Threshold RTS Threshold Virtual APs Normal p Name BSSID SSID Status Action gt LAN Wireless 802 11n Access Point 00 23 8e ef 19 e7 PBS EF19E0 Connected New Virtual AP oP SSID Broadcast Select this check box to enable the SSID s broadcast SSID broadcast is used in order to hide the name of the AP SSID from clients that should not be aware to its existence 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Network Connections Section HBK 939800036 A1 39 P RG F4202N 802 11 Mode Select the Wireless communication standard that is compatible with you PC s wireless card You can work in either 802 11n 802 119 or in mixed mode Country Select the applying Country from the list box Channel Select the appropriate channel from the list provided to correspond with your network settings All devices in your wireless network must broadcast on different channels in order to function correctly The channels available de pend on the Regulatory Authority stated in brackets to which your gateway conforms Network Authentication The WPA network authentication method is Open system Authentication meaning that a network key is not used for authentica tion When using the 802 1X WEP or Non 802 1X WEP security protocols this field changes to a combo box offering the Shared Key Authentication method which uses a network key for a
151. ter or trying a different channel on the Router sources of interference The 2 4GHz ISM band is used for 802 11b 802 11g and 802 11n This is generally a licence free band for low power applica tions and you may have other devices at your location that operate in this frequency band You should take care to ensure that there are no devices like microwave ovens for example close to the Router or wireless computers as this could affect receiver sensitivity and reduce the performance of your network If you are unsure try relocating both the wireless computers and the Router to establish whether this problem exists Most wireless computer Adapters will scan the channels for the wireless Router If a wireless computer has not located the Router then try initiating a search manually if the client software supports this feature or manually set the channel on your wireless computer to correspond to the Router channel number Please refer to your Wireless computer adapter documentation and vendor to do this Speed of connection The 802 11b g and 802 11n standards will automati cally choose the best speed depending on the quality of your connection As the signal quality weakens then the speed falls back to a lower speed The speeds supported by 802 11g are 54 Mbps 48 Mbps 36 Mbps 24 Mbps 18 Mbps 12 Mbps and 6 Mbps The speeds supported by 802 11b are 11 Mbps 5 5 Mbps 2 Mbps and 1 Mbps And the 802 11n supports until 100Mbps In general the cl
152. ter provides a file server utility allowing you to perform various tasks on your files such as manage file server shares and define access control lists The file server utility complements Discus disk management 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 96 HBK 939800036 A1 Advanced Section P RG F4202N Access the File Server settings either from its link in the Storage tab under the Services screen or by clicking the File Server icon in the Advanced screen The File Server screen will appear Enabled Check or un check this box to enable or disable this feature NetBIOS Workgroup Discus workgroup name that will be displayed in the Windows net work map of LAN hosts File Server Shares Define file shares on your disk partitions FIGURE 15 File Server Panel File Server Enabled NetBIOS Workgroup HOME Automatically share all partitions Allow Guest Access Read Write File Server Shares Name Path Comment Action New Entry OK Apply Cancel Refresh Press the Refresh button to update the status IP ADDRESS DISTRIBUTION Your gateway s Dynamic Host Configuration Protocol DHCP server makes it possible to easily add computers that are configured as DHCP clients to the home network It provides a mechanism for allocating IP addresses and deliver ing network configuration parameters to such hosts
153. tertainment devices within the home to share their content with each other across a home network 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 89 P RG F4202N FIGURE 9 DLNA Panel S DLNA Zen_Stone_Plus Rev USB Flash Memory Rev PMAP USB Flash Memory Rev PMAP Flash Disk Rey 5 00 Server State Enable Disable Content Tree Index Mode Manual Auto Contents From DMS Set contents of per page met the share PRI Need Save y Set the share mode share all contents Current path Parent Folder oap DNS SERVER Domain Name System DNS provides a service that translates domain names into IP addresses and vice versa The gateway s DNS server is an auto learning DNS which means that when a new computer is connected to the network the 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 90 HBK 939800036 A1 Advanced Section P RG F4202N DNS server learns its name and automatically adds it to the DNS table Other network users may immediately communicate with this computer using either its name or its IP address In addition your gateway s DNS e Shares a common database of domain names and IP addresses with the DHCP server e Supports multiple sub n
154. the user s privileges on your home network Administrator Permissions Grants permissions to remotely modify system setting via Web based management or Telnet Remote Access by SSL VPN Grants remote access to the Router using the SSL VPN protocol Mail Server Access Grants permission to use the Router s mail server When selecting this option you must also enable the user home directory and mailbox in the following sections Microsoft File and Printer Sharing Access Grants permission to use shared files and printers FTP Server Access Grants permission to use the Router s FTP server Internet Printer Access Grants permission to use an Internet Printing Proto col IPP printer Remote Access by VPN Grants remote access to the Router using the VPN protocol 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 125 WINS SERVER WINS Server Enabled WINS Server IP Address P RG F4202N The Router can operate as a Windows Internet Naming Service WINS server handling name registration requests from WINS clients and registering their names and IP addresses WINS is a name resolution software from Microsoft that converts NetBIOS names to IP addresses Windows machines that are named as PCs in a workgroup rather than in a domain use NetBIOS names which must be converted to IP addresses if the underlying transport protoc
155. the virtual host click the New Entry link in the Aliases section 5 Type an alias URL in the Alias field and click OK The new alias appears under the Aliases section 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 128 HBK 939800036 A1 Advanced Section 00 02 40 0 0 gt ZZ 00 gt D m m P RG F4202N 6 Click OK to save the settings Your site s URL and alias are added to the Virtual Hosts section of the Web server FIGURE 41 Web Server Panel Sy Web Server Enabled WAN Access Log Requests HTTP Port HTTPS Port Data Location User Private Web Page Enabled Data Location Virtual Hosts Data Location 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 129 P RG F4202N 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 130 HBK 939800036 A1 Advanced Section System Monitoring Section A This chapter will describe the System Monitoring Section accessible from the Home Page of the P RG F4202N upon user authentication to the Router Be aware that any configuration changes could compromise your connectivity NETWORK CONNECTIONS The Monitoring screen displays a table summarizing the monitor
156. tion gt D m m 00 02 40 0 ZZ 00 P RG F4202N FIGURE 3 Advanced Options Panel Advanced Options oe Advanced Options Block All Web Access on Failure to Contact Provider STATISTICS Click the Statistics link of the Parental Control menu item under the Services tab The Statistics screen monitors content filtering statistics The statistics include a record of e Access attempts e Allowed URLs e Blocked URLs e URLs that were accessed from Cache memory FIGURE 4 Statistics Panel Statistics Access attempts Allowed Blocked Cache Hits 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Parental Control Section HBK 939800036 A1 69 QoS Section This chapter will describe the QoS Quality of Service Section accessible from the Home Page of the P RG F4202N Be aware that any configuration changes could compromise your connectivity Quality of Service refers to the capability of a network device to provide better service to selected network traffic This is achieved by processing higher priority traffic before lower priority traffic As Quality of Service is dependent on the weakest link in the chain failure of a single component along the data path can easily cause a VoIP call or a Video on Demand VoD broadcast to fail miserably QoS must therefore obviously be addressed end to end
157. try New Entry New Entry New Entry New Entry New Entry New Entry New Entry New Entry New Entry New Entry New Entry New Entry New Entry New Entry SECURITY LOG OK Apply Cancel Resolve Now Refresh The Security Log displays a list of firewall related events including attempts to establish inbound and outbound connections attempts to authenticate through an administrative interface Web based management or Telnet terminal fire wall configuration and system start up To view the security log click the Security Log tab in the Security manage ment screen The Security Log screen will appear 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions 56 HBK 939800036 A1 Security Section P RG F4202N FIGURE 10 Security Log panel Security Website ACE ss aD ia j Fort NAT Connections ate i Filtering _ General Control Forwarding Host Triggering Restrictions Close Clear Log Save Log Settings Refresh Press the Refresh button to update the data Time Event Event Type Details n Ua H Firewall internal Firewall configuration succeeded is ALn a Firewall internal Starting firewall configuration Jan 1 01 34 31 WBM Login User authentication E ET 2003 SUCCESS a eee es Firewall internal Firewall configuration succeeded F a T Firewall internal Starting firewall configuration Ai nee hae Fire
158. ubscribe to this ser vice in order to use this feature You can subscribe through Discus WBM as described in the following section 1 Under the Services tab click the Parental Control menu item The Paren tal Control s General screen appears In the Activate section select the Enable Web Content Filtering check box and click Apply A Server Status section is added If you have not subscribed yet or your subscription has expired click the Click Here to Initiate and Manage your Subscription link in the Subscribe section The Web filtering subscription site will then be displayed in a new browser window Follow the instructions on the site and subscribe for a free trial You will be sent a verification email Click the link in the verification email Your sub scription will be activated soon after clicking the verification link Return to Discus WBM and click the Parental Control menu item under the Services tab The Filtering Policy screen should be displayed with sub scription expiry date at the top If this is not the case click the Advanced Options link and then the Refresh Servers button Wait a few seconds and repeat this step 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Parental Control Section HBK 939800036 A1 65 P RG F4202N FIGURE 1 General Panel General Click here t
159. ull tar Start Time Wed Jan 1 01 51 01 2003 Finish Time Wed Jan 1 01 51 01 2003 Bytes Written 10KB Destination Incremental 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 85 Restore e Restore Source Archive Restore Option Destination CERTIFICATES P RG F4202N To restore your data 1 Press the Backup and Restore icon in the Advanced screen of the Man agement Console The Backup and Restore screen will appear Press the Restore tab In the Restore screen that appears configure the following parameters a Type the source to restore in the Source Archive field For example A homes b Choose whether to restore the entire archive or only a sub directory in the Restore Option combo box If you choose sub directory a second field will appear in which you must enter the name of the sub directory relative to the source archive For example to restore A homes john type john as the sub directory c Choose a destination for which to restore the archive You can choose between the original location or any other directory If you choose the an other directory a second field will appear in which you must enter the name of the directory Note that the path of the restored directory will be created under the path of the destination directory For example if you
160. ulticast IGMP Proxy Internal check box to enable this feature IGMP Query Version If Multicast IGMP Proxy Internal is enabled this list box allows you to select all three versions of supported IGMP 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Network Connections Section HBK 939800036 A1 31 o 9 m m 00 02 49 0 0 22 00 LAN BRIDGE gt gt BRIDGING f P RG F4202N Routing Information Protocol RIP Select this check box to enable the Rout ing Information Protocol RIP RIP determines a route based on the smallest hop count between source and destination When RIP is enabled select the fol lowing e Listen to RIP messages select None RIPv1 RIPv2 or RIPv1 2 e Send RIP messages select None RIPv1 RIPv2 broadcast or RIPv2 multicast Routing Table Allows you to add or modify routes when this device is active Use the New Route button to add a route or edit existing routes This section allows you to specify the devices that you would like to join under the network bridge Click the Edit icon on the VLAN column to assign the net work connections to specific virtual LANS FIGURE 5 LAN Bridge gt gt Bridging Panel J LAN Bridge Properties Bridge Hardware Acceleration l LAN Bridge Disabled Connected Sy LAN Ethernet Disabled Connected LAN Ethernet 1 Disabled
161. um Typical and Maximum the default setting The table below summarizes the behavior of the Router for each of the three security lev els 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Security Section HBK 939800036 A1 45 TABLE 1 P RG F4202N Security Levels Security Level Maximum Security Default Typical Security Minimum Security FIGURE 1 Security Requests Originating in the WAN Incoming Traffic Blocked no access to home network from Inter net except as configured in the Port Forwarding DMZ host and Remote Access screens Blocked no access to home network from Inter net except as configured in the Port Forwarding DMZ host and Remote Access screens Unrestricted permits full access from Internet to home network all connec tion attempts permitted Security General panel Requests Originating in the LAN Outgoing Traffic Limited by default only commonly used services such as Web browsing and e mail are permitted Unrestricted all services are permitted except as configured in the Access Con trol screen Unrestricted all services are permitted except as configured in the Access Con trol screen esset Inbound Policy Reject Remote Administration settings will override the security inbound policy Outbound Policy Reject E Outbound access is allowed to the following serv
162. ursuant to Cover Page Instructions Advanced Section HBK 939800036 A1 105 P RG F4202N PRINT SERVER The P RG F4202N can act as a Print Server Through this panel user can man age and track printer server tasks FIGURE 23 Print Server Panel E e Print Server Enabled Spool to Disk Allow Guest Access LPD Support IPP Support Microsoft Shared Printing Support Printers Printer Status Jobs in Queue Jobs Printed Action Press the Refresh button to update the status PROTOCOLS The Protocols feature incorporates a list of preset and user defined applications and common port settings You can use protocols in various security features such as Access Control and Port Forwarding You may add new protocols to support new applications or edit existing ones according to your needs To view the basic protocols list click the Protocols icon in the Advanced screen Press the Advanced button at the bottom of this screen for the full list of protocols supported by the Router To define a protocol 1 Click the Protocols icon in the Advanced screen The Protocols screen will appear Click the New Entry link the Edit Service screen will appear Name the service in the Service Name field and click the New Service Ports link The Edit Service Server Ports screen will appear You may choose any of the protocols available in the combo box or add a new one by selecting Other
163. uthentication or both methods combined MAC Filtering Mode You can filter wireless users according to their MAC ad dress either allowing or denying access Choose the action to be performed by selecting it from the drop down menu MAC Filtering Table Use this section to define advanced wireless access point settings New MAC Address Click this link to define filtering of MAC addresses Enter the MAC address to be filtered and press the OK button A MAC address list will appear upon which the selected filtering action allow deny will be per formed Security To configure your wireless security enable this feature by checking its Enabled check box The screen will refresh displaying the wireless security options Use the Stations Security Type combo box to select the type of security protocol for securing your wireless network You may choose between WPA WPA2 802 1x WEP and Non 802 1x WEP The screen will refresh presenting each protocol s configuration respectively WPA WPA is a data encryption method for 802 11 wireless LANs Authentication Method Select the authentication method you would like to use You can choose between Pre Shared Key and 802 1x Pre Shared Key This entry appears only if you had selected this authentication method Enter your encryption key in the Pre Shared Key field You can use ei ther an ASCII or a Hex value by selecting the value type in the combo box pro vided 2010
164. utomatically assigns an IP address for every computer on your network Windows 95 Windows 98 and Windows NT 4 0 contain software that assigns IP addresses to workstations on a network These assignments are made by the DHCP server software that runs on Win dows NT Server and Windows 95 and Windows 98 will call the server to obtain the address Windows 98 will allocate itself an address if no DHCP server can be found DMZ DMZ Demilitarized Zone is an area outside the firewall to let remote users to have access to items on your network Web site FTP download and upload area etc DNS Server Address DNS stands for Domain Name System which allows Internet host computers to have a domain name such as pirelliicom and one or more IP addresses such as 192 168 10 8 A DNS server keeps a database of host computers and their respective domain names and IP addresses so that when a domain name is re quested as in typing pirelli com into your Internet browser the user is sent to the proper IP address The DNS server address used by the computers on your home network is the location of the DNS server your ISP has assigned 150 HBK 939800036 A1 DSL Short for digital subscriber line but is commonly used in reference to the asymmetric version of this technol ogy ADSL that allows data to be sent over existing copper telephone lines at data rates of from 1 5 to 9 Mbps when receiving data known as the downstream rate and from 16 t
165. wall internal Firewall configuration succeeded ea eae eee Firewall internal Starting firewall configuration aa Pied T Firewall internal Firewall configuration succeeded Time The time the event occurred Event There are five kinds of events e Inbound Traffic The event is a result of an incoming packet e Outbound Traffic The event is a result of outgoing packet e Firewall Setup Configuration message e WBM Login Indicates that a user has logged in to WBM e CLI Login Indicates that a user has logged in to CLI via Telnet Event Type A textual description of the event e Blocked The packet was blocked The message is colored red e Accepted The packet was accepted The message is colored green Details More details about the packet or the event such as protocol IP ad dresses ports etc To view or change the security log settings click the Settings button that ap pears at the top of the Firewall Log screen The Security Log Settings screen will appear allowing you to set the types of activities for which you would like to have a log message generated 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursuant to Cover Page Instructions Security Section HBK 939800036 A1 57 Voice over IP section This chapter will describe the Voice over IP Section accessible from the Home Page of the P RG F4202N Be aware that any configuration changes could compromise your
166. which the rule will apply The Time Segment Edit screen will appear a Select active inactive days of the week b Click the New Time Segment Entry to define an active inactive hourly range 6 Click OK to save the settings FIGURE 32 Scheduler Rules Panel Name Settings Status Action Mon between 00 00 02 00 Inactive Close Refresh MANAGEMENT PROTOCOL Simple Network Management Protocol SNMP enables network management systems to remotely configure and monitor Discus Your Internet Service Pro vider ISP may use SNMP in order to identify and resolve technical problems Technical information regarding the properties of Discus SNMP agent should be provided by your ISP To configure Discus SNMP agent perform the following 1 Access this feature either from the Management menu item under the Sys tem tab or by clicking its icon in the Advanced screen 2 Specify the SNMP parameters as provided by your Internet service pro vider Allow Incoming WAN Access to SNMP Select this check box to allow ac cess to Discus SNMP over the Internet Read only Write Community Names SNMP community strings are pass words used in SNMP messages between the management system and Dis cus A read only community allows the manager to monitor Discus A read write community allows the manager to both monitor and configure Discus 2010 Pirelli Broadband Solutions S p A All Rights Reserved Proprietary Use Pursua

Download Pdf Manuals

Related Search

Related Contents

TNC 320 - The Compact Contouring Control for  Installation and Operation Manual  BMW R 1200 CL Repair manual  Microscopio 60 – 100x 63-1133  安全上のご注意 - サンケン電気  

Copyright © All rights reserved. Failed to retrieve file