Unified Services Router User Manual
Contents
1. IF your wireless network is already set up with Wi Fi Protected Setup manual configuration of the wireless network will destroy the existing wireless network IF you would like to configure the wireless settings of your new D Link Systems Router manually then click on the Manual Wireless Network Setup button below Manual Wireless Network Setup 4 1 1 Wireless Network Setup Wizard This wizard provides a step by step guide to create and secure a new access point on the router The network name SSID is the AP identifier that will be detected by supported clients The Wizard uses a TKIP AES cipher for WPA WPA2 security depending on support on the client side devices associate with this AP using either WPA or WPA2 security with the same pre shared key The wizard has the option to automatically generate a network key for the AP This key is the pre shared key for WPA or WPA2 type security Supported clients that have been given this PSK can associate with this AP The default auto assigned PSK is passphrase The last step in the Wizard is to click the Connect button which confirms the settings and enables this AP to broadcast its availability in the LAN 4 1 2 Add Wireless Device with WPS With WPS enabled on your router the selected access point allows supported WPS clients to join the network very easily When the Auto option for connecting a wireless device is chose you will be presented with two common WPS2. System Name Firmware Version 1 01818 Serial Number ooooo000000001 WANI Information MAC Address 00 DE 4D 20 75 01 IPy4 Address 0 0 0 0 7 0 0 0 0 IPv6 Address Wan State DOWN NAT IP 4 only Enabled IP 4 Connection Type Dynamic IP DHCP IP 6 Connection Type IPv6 is disabled IPv4 Connection State Not Yet Connected IP 6 Connection State IP v6 is disabled Link State LINK DOWN WAN Mode Use only single WAN port Secondary WAN Gateway 0 0 0 0 Primary DNS 0 0 0 0 Secondary DNS 0 0 0 0 121 Unified Services Router User Manual Figure 83 Device Status display continued WAN2 Information MAC Address AA BB CC DD EF 01 IPv4 Address 0 0 0 0 0 0 0 0 IP 6 Address Wan State DOWN NAT IP 4 only Enabled IP 4 Connection Type ThreeG IP 6 Connection Type IP v6 is disabled IPy 4 Connection State Unable To Open Communication Port IP 6 Connection State IP v6 is disabled Link State LINK DOWN WAN Mode Use only single WAN port Secondary WAN Gateway 0 0 0 0 Primary DNS 0 0 0 0 Secondary DNS 0 0 0 0 LAN Information MAC Address 00 DE 4D 20 75 00 IP Address 176 16 2 40 255 255 255 0 IP 6 Address DHCP Server Disabled DHCP Relay Disabled IPv6 is disabled DHCP 6 Server Wireless LAN Operating Frequency 2 4GHz Mode N G Mixed Channel Auto Available Access Points SECURITY WPA WPA2 ENCRYPT
3. s unable to allocate channel table func __ s unable to collect channel list from hal s cannot map channel to mode freq u flags Ox x s unable to reset channel u uMhz s unable to restart recv logic s start DFS WAIT period on channel d __func__ sc gt sc_curchan channel s cancel DFS WAIT period on channel d Tunc Sc gt sc_curchan channel Non DFS channel cancelling previous DFS wait timer channel d sc gt sc_curchan channel s unable to reset hardware hal status u DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual PPP couldn t register device s d ppp destroying ppp struct p but dead d ppp destroying undead channel p PPP removing module but units remain PPP failed to unregister PPP device JBD bad block at offset u JBD corrupted journal superblock JBD bad block at offset u JBD Failed to read block at offset u JBD error d scanning journal err JBD IO error d recovering block Logs_kernel txt 303 KERN_ERR Logs_kernel txt 304 KERN_ERR JBD recovery pass d ended at S S d BAD SESSION MAGIC S S d BAD TUNNEL MAGIC msg gt msg_namelen wrong d msg gt msg_namelen addr family wrong d usin gt sin_family
4. Internet Settings The Port Mode settings allow you to configure whether the router should use only one WAN port or both IF you are connected to only one ISP then select Use only single WAN port which is the default setting From the drop down list choose which WAN port to use For your Internet connection If you have two ISP links for Internet connectivity the router can be configured in one of the Following modes Save Settings Don t Save Settings Port Mode Auto Rollover using WAN port Load Balancing C RoundRobin gt Use only single WAN port WAN2 lt WAN Failure Detection Method None G DNS lookup using WAN DNS Servers DNS lookup using DNS Servers WANI WAN2 Ping these IP addresses Cc WANI WAN2 Retry Interval is 30 Failover after E 3 4 3 Protocol Bindings Advanced gt Routing gt Protocol Bindings Protocol bindings are required when the Load Balancing feature is in use Choosing from a list of configured services or any of the user defined services the type of traffic can be assigned to go over only one of the available WAN ports For increased flexibility the source network or machines can be specified as well as the destination network or machines For example the VOIP traffic for a set of LAN IP addresses can be assigned to one WAN and any VIOP traffic from the remaining IP addresses can be assigned to the other WAN link Protocol bindings are only
5. d nimfAdvOptSetWrap looks like we are reconnecting nimfAdvOptSetWrap Mtu Size d nimfAdvOptSetWrap NIMF table is s nimfAdvOptSetWrap WAN_MODE TRIGGER nimfAdvOptSetWrap MTU d nimfAdvOptSetWrap MacAddress s nimfAdvOptSetWrap old Mtu Flag d DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG BridgeConfig too few arguments to command s BridgeConfig too few arguments to command s sqlite3QueryResGet failed Query s ddnsDisable failed sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ddnsDisable failed failed to call ddns enable ddnsDisable failed sqlite3QueryResGet failed Query s Error in executing DB update handler sqlite3QueryResGet failed Query s Illegal invocation of ddnsView s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ddns SQL error s Illegal operation interface got deleted sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ddnsDisable failed ddns SQL error s Failed to call ddns enable ddns SQL error s sqlite3QueryResGet failed Query s Failed to call ddns enable ddns SQL error s ddnsDisable failed ddns SQL error s sqlite3QueryResGet failed Query s Failed to cal
6. DEBUG DEBUG DEBUG DEBUG User Manual umiloctl UMI_COMP_IAPP d failed Invalid IE umiloctl UMI_COMP_KDOT11_ VAP d failed umiloctl UMI_COMP_KDOT11 d d failed KDOT11_SET_PARAM IEEE80211_ OC_WME_CWMIN failed KDOT11_SET_PARAM IEEE80211_ OC_WME_CWMAxX failed KDOT11_SET_PARAM IEEE80211_ OC_WME_AIFS failed KDOT11_SET_PARAM 80211_ IOC __ WME_TXOPLIMIT failed KDOT11_SET_PARAM IEEE80211_ OC_WME_ACM failed KDOT11_SET_PARAM IEEE80211_ OC_WME failed invalid group cipher d KDOT11_SET_PARAM IEEE80211_ OC_MCASTCIPHER failed KDOT11_SET_PARAM IEEE80211_1 OC_MCASTKEYLEN failed KDOT11_SET_PARAM IEEE80211_ OC_UCASTCIPHERS failed KDOT11_SET_PARAM IEEE80211_ OC_KEYMGTALGS failed KDOT11_SET_PARAM IEEE80211_1 OC_WPA failed unknow cipher type d umiloctl UMI_COMP_IAPP dq failed invalid media value d invalid mediaOpt value d invalid mode value d dot11PnaclfCreate failed wpaPRPF failed Error generating global key counter wpaCalcMic unsupported key descriptor version integrity failed need to stop all stations couldn t find AP context for s interface dot11Malloc failed dot11Malloc failed eapolRecvKeyMsg unknown descType d ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 17
7. ICMP u u u u Source Wrong address mask u u u u from Redirect from u u u u on s about IP routing cache hash table of u buckets ldKbytes source route option u u uU u gt Yu U U U ICMP u u uU u ICMP u u u u Source Wrong address mask u uU u uU from User Manual INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO 187 Unified Services Router Failed to set AES encrypt key Failed to set AES encrypt key Failed to set AES encrypt key Failed to set DES encrypt key d i Failed to set DES decrypt key dq i Failed to set DES encrypt key dq i Failed to set DES decrypt key dq i Failed to set DES encrypt key Failed to set DES decrypt key Failed to set DES encrypt key Failed to set DES decrypt key AES Software Test AES Software Test s aesSoftTest 0 Failed Passed AES Hardware Test AES Hardware Test s aesHardTest 0 Failed Passed 3DES Software Test 3DES Software Test s des3SoftTest 0 Failed Passed 3DES Hardware Test 3DES Hardware Test s des3HardTest 0 Failed Passed DES Software Test DES Software Test s desSoftTest 0 Failed Passed DES Hardware Test DES Hardware Test s desHardTest 0 Failed Passed SHA Software Te
8. This page allows user to add a new static route Save Settings Don t Save Settings Private Destination IP Address IP Subnet Mask Power Saving Interface Dedicated WAN T lt Gateway IP Address Metric 3 6 Configurable Port WAN Option This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port If the port is selected to be a secondary WAN interface all configuration pages relating to WAN2 are enabled Setup gt Internet Settings gt WAN2 Setup WAN configuration is identical to the WANI configuration with one significant exception configuration for the 3G USB modem is available only on WAN2 42 Unified Services Router User Manual Figure 23 WAN2 configuration for 3G internet part 1 E T SS a a WAN2 SETUP LOGOUT Internet Settings This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses account information etc This information is usually provided by your ISP or network administrator NOTE If you have a PPPoE connection first create your PPPoE profile on the Internet Settings gt PPPoE Profiles page gt WAN2 PPPoE Profiles page Save Settings Don t Save Settings ISP Connection Type ISP Connection Type 3G Intemet PPPoE Profile Name pal User Name admin SCS Password ees Secret MPPE Encryption E Split Tunnel
9. Unified Services Router User Manual 4 2 3 RADIUS Authentication Setup gt Wireless Settings gt RADIUS Settings Enterprise Mode uses a RADIUS Server for WPA and or WPA2 security A RADIUS server must be configured and accessible by the router to authenticate wireless client connections to an AP enabled with a profile that uses RADIUS authentication e The Authentication IP Address is required to identify the server A secondary RADIUS server provides redundancy in the event that the primary server cannot be reached by the router when needed e Authentication Port the port for the RADIUS server connection e Secret enter the shared secret that allows this router to log into the specified RADIUS server s This key must match the shared secret on the RADIUS Server e The Timeout and Retries fields are used to either move to a secondary server if the primary cannot be reached or to give up the RADIUS authentication attempt if communication with the server is not possible 51 Unified Services Router User Manual Figure 29 RADIUS server External Authentication configuration 4 3 DSR 1000N SETUP ADVANCED TOOLS STATUS RADIUS SERVER LOGOUT This page configures the RADIUS servers to be used For authentication 4 RADIUS server maintains a database of user accounts used in larger environments IF a RADIUS server is configured in the LAN it can be used For authenticating users that want to connect to the w
10. Unified Services Router User Manual Chapter 3 Connecting to the Internet 3 1 WAN Setup This router has two WAN ports that can be used to establish a connection to the internet The following ISP connection types are supported DHCP Static PPPoE PPTP L2TP 3G Internet via USB modem It is assumed that you have arranged for internet service with your Internet Service Provider ISP Please contact your ISP or network administrator for the configuration information that will be required to setup the router Internet Setup Wizard Setup gt Wizard gt Internet The Internet Connection Setup Wizard is available for users new to networking By going through a few straightforward configuration pages you can take the information provided by your ISP to get your WAN connection up and enable internet access for your network Figure 10 Internet Connection Setup Wizard DSR 1000N a H smp ADVANCED TOOLS STATUS Wizard INTERNET CONNECTION LOGOUT This page will quide you through common configuration tasks such as changing the password timezone and internet connection type Internet Connection Setup Wizard IF you would like to utilize our easy to use Web based Wizards to assist you in connecting your new D Link Systems Router to the Internet click on the button below Internet Connection Setup Wizrd Note Before launching these wizards please make sure you have Followed all steps outlined in the Q
11. func __ DEBUG martian destination u u u u from G ADDBA send failed recipient is not a WARNIN 11n node DEBUG martian source u u u u from G WARNIN Cannot Set Rate x value DEBUG ll header G Getting Rate Series x vap WARNIN gt iv_fixed_rate series DEBUG U YU U U sent an invalid ICMP G Getting Retry Series x vap WARNIN gt iv_fixed_rate retries DEBUG dst cache overflow G WARNIN IC Name s ic gt ic_dev gt name DEBUG Neighbour table overflow G usage rtparams rt_idx lt 0 1 gt per WARNIN lt 0 100 gt probe_intval lt 0 100 gt DEBUG host u u u u if ed ignores G usage acparams ac lt 0 3 gt RTS lt 0 1 gt WARNIN aggr scaling lt 0 4 gt min mbps lt 0 250 gt DEBUG martian source u uU u u from G usage hbrparams ac lt 2 gt enable lt 0 1 gt WARNIN per_low lt 0 50 gt DEBUG Il header G WARNIN s ADDBA mode is AUTO _ func__ DEBUG martian destination u u u u from G WARNIN s Invalid TID value func__ DEBUG U U U U sent an invalid ICMP G WARNIN s ADDBA mode is AUTO _ func __ DEBUG dst cache overflow G WARNIN S Invalid TID value __func__ DEBUG Neighbour table overflow G WARNIN s Invalid TID value func__ DEBUG host u u u u if ed ignores G WARNIN Addba status IDLE DEBUG martian destination u u u u from G WARNIN s ADDBA mode is AUTO Tunc DEBUG martian source u uU u u from G WARNIN S Invalid TID value __func__ DEBUG ll h
12. in vipsecKloctlHandler cmd d cmd s Error DST Refcount value less than 1 d for s DEVICE refcnt d pDst gt dev gt name DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 184 Unified Services Router O02X C p NAT no longer support implicit source local NAT NAT packet src u u u u gt dst ou U U U SNAT multiple ranges no longer supported format args version offset_before d offset_after d correction_pos u x gt offset_before x gt offset_after x gt correction_pos ip_ct_h323 ip_ct_h323 incomplete TPKT fragmented ip_ct_h245 decoding error s ip_ct_h245 packet dropped ip_ct_q931 decoding error s ip_ct_q931 packet dropped ip_ct_ras decoding error s ip_ct_ras packet dropped ERROR registering port d ERROR registering port d ipt_connlimit d SIC U U U U d dst u uU uU U d s ipt_connlimit d SIC U U U U d dst u U uU uU d new ipt_connlimit Oops invalid ct state ipt_connlimit Hmm kmalloc failed ipt_connlimit src u u u Yu mask u uU U U _lviPPPOL2TP _ fmt args 02X ptr length 02X unsigned char m gt msg_iov i iov_base j 02X skb gt data i
13. range while the WAN port on the router is configured with a single public 37 Unified Services Router User Manual IP address Along with connection sharing NAT also hides internal IP addresses from the computers on the Internet NAT is required if your ISP has assigned only one IP address to you The computers that connect through the router will need to be assigned IP addresses from a private subnet e Transparent mode routing between the LAN and WAN does not perform NAT Broadcast and multicast packets that arrive on the LAN interface are switched to the WAN and vice versa if they do not get filtered by firewall or VPN policies If the LAN and WAN are in the same broadcast domain select Transparent mode 38 Unified Services Router User Manual Figure 21 Routing Mode is used to configure traffic routing between WAN and LAN as well as Dynamic routing RIP DSR 1000N SETUP ADVANCED TOOLS STATUS ROUTING MODE LOGOUT Internet Settings This page allows user to configure different routing modes like NAT Classical Routing and Transparent This page also allows to configure the RIP Routing Information Protocol Save Settings Don t Save Settings Routing Mode between WAN and LAN NAT ce Classical Routing C Transparent Dynamic Routing RIP RIP Direction None X RIP Version Disabled z Authentication for RIP 2B 2M Enable Authentication for RIP 2B 2M First K
14. Bad ioctl command fResetMod Failed to configure gpio pin fResetMod Failed to register interrupt handler registering char device failed unregistering char device failed proc entry delete failed proc entry initialization failed testCompHandler received s from d char plnBuf UMI proto registration failed d ret AF_UMI registration failed d ret umi initialization failed d ret kernel UMI registration failed Logs_kernel txt 447 KERN_ERR ERROR msm not found properly d len d msm ModExp returned Error ModExp returned Error Sag Ox p len u tag p unsigned int len 03d i 02x unsigned char p i mic check failed Sag Ox p len u tag p unsigned int len ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 194 Unified Services Router Radar found on channel d d MHz End of DFS wait period s error allocating beacon __func__ failed to allocate UAPSD QoS NULL tx descriptors d error failed to allocate VAPSD QoS NULL wbuf s unable to allocate channel table __func__ s unable to update h w beacon queue parameters ALREADY ACTIVATED s missed u consecutive beacons s busy times rx_clear d rx_frame d tx_frame d __ func_ rx_clear
15. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG nimfGetUpdateMacFlag unable to get Flag from MacTable nimfMacGet Updating MAC address failed sqlite3QueryResGet failed Query s error executing the command s error executing the command s error executing the command s disableLan function is failed to disable ConfigPort sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s Unable to Disable configurable port from configPortTblHandler has failed sqlite3QueryResGet failed Query s Error in executing DB update handler sqlite3QueryResGet failed Failed to execute switchConfig for port Failed to execute switchConfig for port enable Failed to execute ifconfig for port enable Failed to execute ethtool for Failed to execute switchConfig for port disable Failed to execute ifconfig for port disable sqlite3QueryResGet failed sqlite3_mprintf failed sqlite3QueryResGet failed Failed to execute switchConfig for port mirroring Usage s lt DB Name gt lt Entry Name gt lt logFile gt lt subject gt sqlite3QueryResGet failed Could not get all the required variables to email the Logs runSmtpClient failed getaddrinfo returned s file not found sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s No memory t
16. ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR User Manual Error from pnacAuthinit pnacAuthKeyTxinit failed Error from pnacAuthinit pnacReauthTimerInit failed Error from pnacAuthinit pnacBackAuthInit failed Error from pnacAuthinit pnacCtrlDirlnit failed Error from pnacAuthinit pnacKeyRecvInit failed Error from pnacSupplnit malloc failed Error from pnacSupplinit pnacPortTimersinit failed Error from pnacSupplinit pnacKeyRecvlnit failed Error from pnacSupplinit pnacSuppKeyTxinit failed Error from pnacSupplinit pnacSuppPAE Init failed Error from pnacRecvRin invalid arguments Error from pnacRecvMapi unsupported PDU received suppToACSendRin returned not OK Error from pnacBasicPktCreate malloc failed Error from pnacEAPPktCreate basic pkt create failed Error from pnacTxCannedFail eap pkt create failed Error from pnacTxCannedSuccess eap pkt create failed Error from pnacTxReqld eap pkt create failed Error from pnacTxReq eap pkt create failed Error from pnacSendRespToServer malloc failed Error from pnacSendRespToServer no AS configured Error from pnacTxStart basic pkt create failed Error from pnacTxStart basic pkt create failed Error from pnacTxRspld eap pkt create failed Error from pnacTxRspAuth eap pkt create failed Error from pnacEapPktRecord EAP packet too Error from pnacEapPktRecord from pnacBackAuthTimeout calling pn
17. IP Address fi7eie21 Subnet Mask 255 255 255 0 DHCP for DMZ Connected Computers DHCP Mode DHCP Server z Starting IP Address 7616 2100 Ending IP Address 76162254 Primary DNS Server o Secondary DNS Server ss WINS Server aa Lease Time C Relay Gateway S DMZ Setup VPN Settings USB Settings Enable DNS Proxy XW In order to configure a DMZ port the router s configurable port must be set to DMZ in the Setup gt Internet Settings gt Configurable Port page 2 4 Universal Plug and Play UPnP Advanced gt Advanced Network gt UPnP Universal Plug and Play UPnP is a feature that allows the router to discovery devices on the network that can communicate with the router and allow for auto configuration If a network device is detected by UPnP the router can open internal or external ports for the traffic protocol required by that network device Once UPnP is enabled you can configure the router to detect UPnP supporting devices on the LAN or a configured VLAN If disabled the router will not allow for automatic device configuration Configure the following settings to use UPnP 21 Unified Services Router User Manual e Advertisement Period This is the frequency that the router broadcasts UPnP information over the network A large value will minimize network traffic but cause delays in identifying new UPnP devices to the network e Advertisement Time to Live This is express
18. L MarketingAccess 0 https 0 0 0 0 portal MarketingAccess Edit Delete Set Default Add 7 5 1 Creating Portal Layouts Setup gt VPN Settings gt SSL VPN Server gt Portal Layouts The router allows you to create a custom page for remote SSL VPN users that is presented upon authentication There are various fields in the portal that are customizable for the domain and this allows the router administrator to communicate details such as login instructions available services and other usage details in the portal visible to remote users During domain setup configured portal layouts are available to select for all users authenticated by the domain X The default portal LAN IP address is https 192 168 10 1 scgi bin userPortal portal This is the same page that opens when the User Portal link is clicked on the SSL VPN menu of the router GUI The router administrator creates and edits portal layouts from the configuration pages in the SSL VPN menu The portal name title banner name and banner contents are all customizable to the intended users for this portal The portal name is appended to the SSL VPN portal URL As well the users assigned to this portal through their authentication domain can be presented with one or more of the router s supported SSL services such as the VPN Tunnel page or Port Forwarding page 99 Unified Services Router User Manual Figure 64 SSL VPN Portal configuration DSR 100
19. WPS session in progress ignoring enrolle assoc request ran query s DBUpdate event Table s opCode d rowld d sing VAPs using profile s sing VAP s ran query s sing VAP instance s VAP s set Short Preamble failed VAP s set Short Retry failed VAP s set Long Retry failed Decrypting context with key s Unknown IAPP command d received unexpected reply from d cmd d unexpected reply from d cmd d Recvied DOT11_EAPOL_KEYMSG shutting down AP s APCtx Found APCtx Not Found node not found x x x error installing unicast key for s cmd d i_type d i_val d join event for new node s wpa rsn IE id d d not supported wpa IE id d not supported leave event for node s NodeFree request for node s installing key to index d iReq i_val d plfName s iReq i_val d setting mode d Global counter wrapped re generating DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG sqlite3QueryResGet failed sqlite3QueryResGet failed VAP s set beacon interval failed VAP s set DTIM interval failed VAP s set RTS Threshold failed VAP s set Fragmentation Threshold failed VAP s set Protection Mode failed VAP s set Tx Power failed WDS Profile s not found
20. between two gateway routers or a remote PC client The following types of tunnels can be created e Gateway to gateway VPN to connect two or more routers to secure traffic between remote sites e Remote Client client to gateway VPN tunnel A remote client initiates a VPN tunnel as the IP address of the remote PC client is not known in advance The gateway in this case acts as a responder e Remote client behind a NAT router The client has a dynamic IP address and is behind a NAT Router The remote PC client at the NAT router initiates a VPN tunnel as the IP address of the remote NAT router is not known in advance The gateway WAN port acts as responder e PPTP server for LAN WAN PPTP client connections e L2TP server for LAN WAN L2TP client connections 6 1 VPN Wizard Setup gt Wizard gt VPN Wizard You can use the VPN wizard to quickly create both IKE and VPN policies Once the IKE or VPN policy is created you can modify it as required 79 Unified Services Router User Manual Figure 49 VPN Wizard launch screen DSR 1000N SETUP ADVANCED TOOLS STATUS gt tings x YPN WIZARD LOGOUT This page will guide you through common and easy steps to configure IPSec VPN policies PN Setup Wizard IF you would like to utilize our easy to use Web based Wizards to assist you in YPN Configuration click on the button below YPN Setup Wizard Manual PN Configuration Options IF you would l
21. d ERROR eapTimerCancel Currently unsupported for Peer role ERROR Invalid Sign Alg d ERROR eapTimerHandler Currently unsupported for Peer role ERROR No Memory Available ERROR pCtx is NULL ERROR ERROR Certificate Request Failed ERROR tlsGlueCtxCreate failed ERROR File Open Failed ERROR eapVars is NULL ERROR File is Empty ERROR Context NULL ERROR ERROR Memory Allocation Failed ERROR Initializing inner EAP auth ERROR ERROR File Open Failed ERROR pCtx is NULL ERROR ERROR File is Empty ERROR Memory Allocation Failed ERROR Error in executing DB update handler ERROR Facility System Admin Usage s lt DBFile gt DEBUG unable to register to UMI ERROR 158 Unified Services Router Could not open database s CPU LOG File not found MEM LOG File not found cpuMemUsageDBUpdateHandler update query s Printing the whole list after inserting s at Y d minute d hour d dayOfMonth d month adpCmdExec exited with return code d S OP d row d sqlite3_mprintf failed sqlite3QueryResGet failed query s Printing the whole list after delete s at d minute d hour d dayOfMonth d month Printing the whole list after inserting s at d minute d hour d dayOfMonth d month email logs No logging events enabled S Mail sent and the Database is reset Disabled syslog server Event logs are full sending logs to email Email logs sending failed Packing attribute s Server found s secret
22. no rates yet mode u sc User Manual G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN 189 Unified Services Router User Manual X gt sc_curmode G WARNIN REG Size 64 Bit DEBUG U U U U sent an invalid ICMP G WARNIN REG Size is not in 8 16 32 64 DEBUG dst cache overflow G Written Value x At Page x WARNIN Addr x DEBUG Neighbour table overflow G WARNIN bem_ioctl Unknown loctl Case DEBUG host u u u u if d ignores G Register Dump for Port WARNIN Number d port DEBUG martian destination u u u u from G s Read Status s WARNIN data x regName DEBUG martian source u u u u from G s Read Status s WARNIN data x regName DEBUG ll header G powerDevicelnit device registration WARNIN failed DEBUG U U U U sent an invalid ICMP G WARNIN powerDevicelnit adding device failed DEBUG _ dst cache overflow G s Error Big jump in pn number WARNIN TID d from x x to x x DEBUG Neighbour table overflow G s The MIC is corrupted Drop this WARNIN frame func__ DEBUG host u u u u if ed ignores G s The MIC is OK Still use this frame WARNIN and update PN
23. 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x d Yop Ylu Ox x Ox x Ox p Ox x Ox x Ox x Ox x 08X 08x 08x 08x 08x 08x 08X 08xX 08x 08x 08x 08x s unable to allocate device object __func__ s unable to attach hardware HAL status u Sag HAL ABI msmatch s Warning using only u entries in u key cache unable to setup a beacon xmit queue unable to setup CAB xmit queue unable to setup xmit queue for BE traffic s DFS attach failed func __ s Invalid interface id u Tunc if_id s grppoll Buf allocation failed __func__ s unable to start recv logic s Invalid interface id u Tunc if_id s unable to allocate channel table func s Tx Antenna Switch Do internal reset func __ DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual S S d BAD TUNNEL MAGIC S S d BAD SESSION MAGIC S s d BAD TUNNEL MAGIC msg gt msg_namelen wrong d msg gt msg_namelen addr family wrong d usin gt sin_family udp addr x hu usin gt sin_addr s_addr usin gt sin_port S S d BAD TUNNEL MAGIC S S d BAD TUNNEL MAGIC socki_lookup socket file changed S S d BAD TUNNEL MAGIC rebootHook null function pointer
24. 25 Unified Services Router User Manual Figure 11 Manual WAN configuration DSR 1000N SETUP VANCED TOOLS STATUS WAN1 SETUP LOGOUT Internet Settings This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses account information etc This information is usually provided by your ISP or network administrator NOTE If you have a PPPoE connection first create your PPPoE profile on the Internet Settings gt PPPoE Profiles page gt WAN1 PPPoE Profiles page Save Settings Don t Save Settings ISP Connection Type ISP Connection Type DHCP lt PPPoE Profile Name Japan ine 1 User Name Jamin SS Password Secret MPPE Encryption Split Tunnel Connectivity Type Idle Time My IP Address Server Address Gateway IP Address Internet IP Address IP Address Source IP Address lt IP Subnet Mask __ _ aan Gateway IP Address Ls Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP Primary DNS Server A Sz Get Dynamically from ISP lt Secondary DNS Server P Connection Dynamic IP Address MAC Address Source l Use Default Address z MAC Address Host Name 26 Unified Services Router User Manual 3 2 4 PPPoE Profiles Setup gt Internet Settings gt PPPoE Profiles gt WANI PPPoE Profiles Some ISP s allow for multiple
25. Cancel 2 3 Configurable Port DMZ Setup This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port A DMZ is a subnetwork that is open to the public but behind the firewall The DMZ adds an additional layer of security to the LAN as specific services ports that are exposed to the internet on the DMZ do not have to be exposed on the LAN It is recommended that hosts that must be exposed to the internet such as web or email servers be placed in the DMZ network Firewall rules can be allowed to permit access specific services ports to the DMZ from both the LAN or WAN In the event of an attack to any of the DMZ nodes the LAN is not necessarily vulnerable as well Setup gt DMZ Setup gt DMZ Setup Configuration DMZ configuration is identical to the LAN configuration There are no restrictions on the IP address or subnet assigned to the DMZ port other than the fact that it cannot be identical to the IP address given to the LAN interface of this gateway 20 Unified Services Router User Manual Figure 8 DMZ configuration DSR 1000N SETUP ADVANCED TOOLS STATUS DMZ SETUP LOGOUT Internet Settings The De Militarized Zone DMZ is a network which when compared to the LAN has fewer firewall restrictions by default This zone can be used to host servers and give public access to them Network Settings Save Settings Don t Save Settings DMZ Port Setup
26. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG AS WSWS d gt S d WS AS WS S d WS s Failed to add WDS MAC s dev gt name s Device already has WDS mac address attached s Added WDS MAC s dev gt name s WDS MAC address s is not known by this interface madwifi s Not enough space __FUNCTION__ Returning to chan d ieeeChan WEP AES AES_CCM CKIP TKIP Sag cannot map channel to mode freq u flags Ox x S s vap gt iv_dev gt name buf Sag YS S vap gt iv_dev gt name Sag s S vap gt iv_dev gt name ether_sprintf mac buf s s discard s frame s vap gt iv_dev gt name s s discard frame s vap gt iv_dev gt name s s discard s information element s s s discard information element Sag s s discard s frame S vap gt iv_dev gt name s s discard frame s vap gt iv_dev gt name ifmedia_add null ifm Adding entry for ifmedia_set no match for 0x x 0x x ifmedia_set target ifmedia_set setting to DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 178 Unified Services Router S d bad sequence number d expected d PPPIOCDETACH
27. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Unified Services Router ip_rt_bug u u u u gt WU U U YU S UDP short packet From U U U U U d d to Yu U U U U UDP bad checksum From d d d d d to d d d d d ulen d REJECT ECHOREPLY no longer supported ipt_rpc only valid for PRE_ROUTING FORWARD POST_ROUTING LOCAL_IN and or LOCAL_OUT targets ip_nat_init can t setup rules ip_nat_init can t register in hook ip_nat_init can t register out hook ip_nat_init can t register adjust in hook ip_nat_init can t register adjust out hook ip_nat_init can t register local out hook ip_nat_init can t register local in hook ipt_hook happy cracking ip_conntrack can t register pre routing defrag hook ip_conntrack can t register local_out defrag hook ip_conntrack can t register pre routing hook ip_conntrack can t register local out hook ip_conntrack can t register local in helper hook ip_conntrack can t register postrouting helper hook ip_conntrack can t register post routing hook ip_conntrack can t register local in hook ip_conntrack can t register to sysctl ip_conntrack_rtsp v IP_NF_RTSP_VERSION loading ip_conntrack_rtsp max_outstanding must be a pos
28. Failed to initalize WPS on s failed to get profile s could not initialize MGMT framework could not initialize MGMT framework dot11VapBssidUpdt SQL error s sqlite3QueryResGet failed Query s KDOT11_GET_PARAM IEEE80211_ OC_CHANNEL failed Failed to get the channel setting for s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s profile s not found sqlite3QueryResGet failed Query s Interface name and policy must be specified Interface name and policy must be specified invalid ACL type d interface name not specified interface name not specified Invalid interface s specified buffer length not specified Invalid length d specified failed created iappdLock failed to create cipher contexts unable to register to UMI iappSocklnit failed iapplnit got error unregistering it with UMI umiloctl UMI_COMP_UDOT11 d d failed umiloctl UMI_COMP_KDOT11 d d failed ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router Got PNAC_EVENT_PREAUTH_ SUCCESS event for s event for non existent node s PNAC_EVENT_EAPOL_START event received PNAC_EVENT_EAPOL_LOGOFF event received PNAC_EVENT_REAUTH event received PNAC_EVENT_AUTH_SUCCESS event rec
29. Save Settings Don t Save Settings Network Settings DMZ Setup EDS USB 1 Settings USB Settings Enable USB Device VLAN Settings Type of USB Device 3G USB Adapter Note Only DSR 1000 DSR 1000N supports two USB ports and 3G USB dongle 8 2 Authentication Certificates Advanced gt Certificates This gateway uses digital certificates for IPSec VPN authentication as well as SSL validation for HTTPS and SSL VPN authentication You can obtain a digital certificate from a well known Certificate Authority CA such as VeriSign or generate and sign your own certificate using functionality available on this gateway The gateway comes with a self signed certificate and this can be replaced by one signed by a CA as per your networking requirements A CA certificate provides strong assurance of the server s identity and is a requirement for most corporate network VPN solutions The certificates menu allows you to view a list of certificates both from a CA and self signed currently loaded on the gateway The following certificate data is displayed in the list of Trusted CA certificates CA Identity Subject Name The certificate is issued to this person or organization Issuer Name This is the CA name that issued this certificate Expiry Time The date after which this Trusted certificate becomes invalid 101 Unified Services Router User Manual A self certificate is a certificate issued by a CA identifying your device
30. _ FUNCTION _ XFRMSTRADDRi fl gt fl4_dst family s flow src s _ FUNCTION _ XFRMSTRADDRi fl gt fl4_src family DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 02x u_int8_t p i first difference at byte u i Sag t gt name FAIL ieee80211_crypto_newkey failed FAIL ieee80211_crypto_setkey failed FAIL unable to allocate skbuff FAIL ccmp encap failed FAIL encap data length mismatch FAIL FAIL encrypt data does not compare ccmp decap failed FAIL decap botch length mismatch FAIL decap botch data does not compare PASS u of u 802 111 AES CCMP test vectors passed pass total Sag Ox p len u tag p len 03d i 02x u_int8_t p i first difference at byte u i ieee80211_crypto_newkey failed ieee80211_crypto_setkey failed unable to allocate skbuff tkip enmic failed enmic botch length mismatch enmic botch tkip encap failed encrypt phase botch User Manual DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 180 Unified Services Router s flow dst s _ FUNCTION_ XFRMSTRADDR fl gt fl6_dst family s flow src s _
31. applicable when load balancing mode is enabled and more than one WAN is configured 36 Unified Services Router User Manual Figure 20 Protocol binding setup to associate a service and or LAN source to a WAN and or destination network DSR 1000N ADVANCED TOOLS STATUS PROTOCOL BINDINGS LOGOUT Website Filter Firewall Settings This page allows user to add a new protocol binding rule for the WAN interfaces Save Settings Don t Save Settings Advanced Network Routing Protocol Binding Configuration ANY lt Dedicated WAN x Radius Settings Power Saving 3 5 Routing Configuration Routing between the LAN and WAN will impact the way this router handles traffic that is received on any of its physical interfaces The routing mode of the gateway is core to the behavior of the traffic flow between the secure LAN and the internet 3 5 1 Routing Mode Setup gt Internet Settings gt Routing Mode This device supports classical routing network address translation NAT and transport mode routing e With classical routing devices on the LAN can be directly accessed from the internet by their public IP addresses assuming appropriate firewall settings If your ISP has assigned an IP address for each of the computers that you use select Classic Routing e NAT is a technique which allows several computers on a LAN to share an Internet connection The computers on the LAN use a private IP address
32. ath_dev_probe no memory for device state S no memory for device state __func__ kernel MIBCTL registration failed Bad ioctl command WpsMod Failed to configure gpio pin WpsMod Failed to register interrupt handler registering char device failed unregistering char device failed S d ERROR non NULL node pointer in p p lt s gt S d ERROR non NULL node pointer in p p lt s gt can t alloc name s name s unable to register device dev gt name failed to automatically load module s Unable to load needed module s no support for Module s is not known buf Error loading module s buf Module s failed to initialize buf ath_pci 32 bit DMA not available ath_pci cannot reserve PCI memory region ath_pci cannot remap PCI memory region ath_pci no memory for device state ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 196 Unified Services Router p buf axq_q s unable to reset hardware hal status u func _ status ASSERTION HIT MacAddr s TxBufldx d i Tid d tidno AthBuf p tid gt tx_buf i s unable to reset hardware hal status Sal s unable to reset hardware hal status Sal s unable to start recv logic fmt VA ARGS _ sample_pri
33. determined SSL VPN portal will be displayed when logging in with this user type e XAuth User This user s authentication is performed by an externally configured RADIUS or other Enterprise server It is not part of the local user database e L2TP User These are L2TP VPN tunnel LAN users that can establish a tunnel with the L2TP server on the WAN e PPTP User These are PPTP VPN tunnel LAN users that can establish a tunnel with the PPTP server on the WAN e Local User This user s authentication domain is located on the router itself Once the user type is determined you can define modify the password and idle login timeout for the user It is recommended that passwords contains no dictionary words from any language and is a mixture of letters both uppercase and lowercase numbers and symbols The password can be up to 30 characters 91 Unified Services Router User Manual Figure 56 User configuration options gt IP MAC Binding Radius Settings Power Saving ose 1000n Jf ADVANCED mas sne USERS CONFIGURATION This page allows a user to add new system users l Save Settings Don t Save Settings Users Configuration User Name First Name Last Name User Type SSLVPNUser x Select Group SSLVPN Password Confirm Password Idle Timeout Minutes 7 2 Using SSL VPN Policies Setup gt VPN Settings gt SSL VPN Server gt SSL VPN Policies SSL VPN Policies can
34. no memory fragment ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router Adding entry for ifmedia_set no match for O0x x 0x x ifmedia_set target ifmedia_set setting to ifmedia_ioctl switching s to dev gt name ifmedia_match multiple match for lt unknown type gt desc gt ifmt_string mode s desc gt ifmt_string lt unknown subtype gt s desc gt ifmt_string S S seen_option S S seen_option s seen_option gt S S dev gt name buf Sag no memory for sysctl table __func__ s failed to register sysctls vap gt iv_dev gt name Atheros HAL assertion failure s line Su WS ath_hal logging to s s ath_hal_logfile ath_hal logging disabled S S sep ath_hal_buildopts i ath_pci No devices found driver not installed d pri d qd u ad u sd u tot u amp d 02x 02x 02x SC Pushbutton Notify on s s dev gt name vap gt iv_dev gt name Could not find Board Configuration Data Could not find Radio Configuration data s No device func _ ath_ahb No devices found driver not installed PKTLOG_TAG s proc_dointvec failed FUNCTION __ PKTLOG_TAG s proc_dointvec failed __ FUNCTION __ s failed to regi
35. rh eine dene vide bev elias 131 List of current Active VPN Sessions eee eee ee 132 Unified Services Router User Manual Chapter 1 Introduction 1 1 1 2 The D Link Unified Services Routers are enterprise grade security gateway solutions with Firewall VPN and in some cases 802 11n Access Point capabilities These devices have wizards to allow for quick and easy configuration for internet access VPN tunnels and wireless networks The GUI provides all the capabilities for novice and advanced users to administer this secure and feature rich router About this User Manual This document is a high level manual to allow new D Link Unified Services Router users to configure connectivity setup VPN tunnels establish firewall rules and perform general administrative tasks Typical deployment and use case scenarios are described in each section For more detailed setup instructions and explanations of each configuration parameter refer to the online help that can be accessed from each page in the router GUI Typographical Conventions The following is a list of the various terms followed by an example of how that term is represented in this document e Product Name D Link Unified Services Router e Model numbers DSR 500 500N 1000 1000N e GUI Menu Path GUI Navigation Monitoring gt Router Status e User input Text e Important note XA Chapter 2 Configuring Your Network 2 1 LAN Setup It is assumed that
36. s Packed Auth Regest code d id d len d Sending Packet to x d Receiving Reply Packet Verified Reply Packet Integrity Generated Reply Attribute Value pairs Verified Message Authenticator Unloaded RADIUS Dictionary Adding Dictionary Attribute s Adding Dictionary Value s Loaded Dictionary s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG sqlite3QueryResGet failed radSendtoServer socket s radSendtoServer bind Failed s S radRecvfromServer recvfrom Failed S radRecvfromServer Packet too small from s d s radCheckMsgAuth Invalid Message Authenticator length in radDictLoad couldn t open dictionary S YS radBuildAndSendRea Invalid Request Code d radPairAssign bad attribute value length radPairAssign unknown attribute type d radPairNew unknown attribute d radPairGen Attribute d has invalid length radPairValue unknown attribute type d radPairValueLen unknown attribute type d radPairLocate Attribute d has invalid length radPairUnpackDefault Unknown Attribute d radConfigure can t open s s radConfigure s line d bogus format s radConfAssert No AuthServer Specified radConfAssert No Default Timeout Specified r
37. 2 4GHz 5GHz frequency 55 Unified Services Router User Manual 4 5 Advanced Wireless Settings Advanced gt Wireless Settings gt Advanced Wireless Sophisticated wireless administrators can modify the 802 11 communication parameters in this page Generally the default settings are appropriate for most networks Please refer to the GUI integrated help text for further details on the use of each configuration parameter Figure 33 Advanced Wireless communication settings DSR 1000N SETUP ADVANCED TOOLS STATUS ADVANCED WIRELESS LOGOUT This page is used to specify advanced configuration settings for the radio Save Settings Don t Save Settings Advanced Wireless Configuration Beacon Interval ho Milliseconds Dtim Interval Zz RTS Threshold 2346 Fragmentation Threshold 2346 Preamble Mode Long B Protection Mode None X Power Save Enable D Short Retry Limit fie Long Retry Limit fie 4 6 Wi Fi Protected Setup WPS Advanced gt Wireless Settings gt WPS WPS is a simplified method to add supporting wireless clients to the network WPS is only applicable for APs that employ WPA or WPA2 security To use WPS select the eligible VAPs from the dropdown list of APs that have been configured with this security and enable WPS status for this AP The WPS Current Status section outlines the security authentication and encryption settings of the selected AP These are consistent with th
38. 3 Chose the From Zone to be the source of originating traffic either the secure LAN public DMZ or insecure WAN For an inbound rule WAN should be selected as the From Zone 4 Choose the To Zone to be the destination of traffic covered by this rule If the From Zone is the WAN the To Zone can be the public DMZ or secure LAN Similarly if the From Zone is the LAN then the To Zone can be the public DMZ or insecure WAN 5 Parameters that define the firewall rule include the following 61 Unified Services Router User Manual e Service ANY means all traffic is affected by this rule For a specific service the drop down list has common services or you can select a custom defined service e Action amp Schedule Select one of the 4 actions that this rule defines BLOCK always ALLOW always BLOCK by schedule otherwise ALLOW or ALLOW by schedule otherwise BLOCK A schedule must be preconfigured in order for it to be available in the dropdown list to assign to this rule e Source amp Destination users For each relevant category select the users to which the rule applies e Any all users e Single Address enter an IP address e Address Range enter the appropriate IP address range e Log traffic that is filtered by this rule can be logged this requires configuring the router s logging feature separately e QoS Priority Outbound rules where To Zone insecure WAN only can have the traffic marked with a QoS pr
39. 4 Features with Multiple WAN UiInKS sese 34 E IE Er Ts ON ore E E TA PI ts Ets 34 34 2 Eoad R vece ieecccetevt cscs Wick cca E E T aah vireo 35 3 4 3 Protocol BINGINGS nie ne enii E A ER ERR 36 3 5 Routing Coniguraiion sees eee ee eee ee eee eee 37 3 5 1 ROUTING Mote TTT 37 3 5 2 Dynamic Routing RIP oo sese 39 3 5 3 Static Round eee e 40 3 6 Configurable Port WAN Option sees esse eee 42 32 WAN Port Setingan ie E E AS 44 Wireless Access Point Setup eee eee 46 4 1 Wireless Settings WIZard ccc eee eee eee 46 4 1 1 Wireless Network Setup Wizard sse 47 4 1 2 Add Wireless Device With WDS eee 47 4 1 3 Manual Wireless Network Setup eee eee eee 48 4 2 Wireless Profiles eee eee 48 423i WEP OEC a tot tenn ia iho a a O kes 49 4 2 2 WPA or WPA2 With PSK cccccccccscscsessesesececscsessesesesecsesssscsesececsesesaeseeeeecsenes 50 4 2 3 RADIUS Authentication sse ee eee eee eee 51 4 3 Creating and Using Access Points eee eee eee 52 4 3 1 Primary benefits of Virtual ABS 54 4 4 Tuning Radio Specific Settings ccc eee eee eee eee eee 55 4 5 Advanced Wireless Settings 56 Unified Services Router User Manual Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 4 6 Wi Fi Protected Setup WPS eee eee eee 56 Securing the Private Network eee eee eee eee eee 59 5 1 Firewall Rules eee ee 59 5 2 Defining Rule Schedules 00 0 eee eee eee 60 5 3 Configuring Firewall Rules sss esse eee ee
40. 8 Web Content Filtering The gateway offers some standard web filtering options to allow the admin to easily create internet access policies between the secure LAN and insecure WAN Instead of creating policies based on the type of traffic as is the case when using firewall rules web based content itself can be used to determine if traffic is allowed or dropped e Content Filtering Advanced gt Website Filter gt Content Filtering Content filtering must be enabled to configure and use the subsequent features list of Trusted Domains filtering on Blocked Keywords etc Proxy servers which can be used to circumvent certain firewall rules and thus a potential security gap can be blocked for all LAN devices Java applets can be prevented from being downloaded from internet sites and similarly the gateway can prevent ActiveX controls from being downloaded via Internet Explorer For added security cookies which typically contain session information can be blocked as well for all devices on the private network 72 Unified Services Router User Manual Figure 43 Content Filtering used to block access to proxy servers and prevent ActiveX controls from being downloaded DSR 1000N SETUP ADVANCED TOOLS STATUS Application Rules U Website Filter CONTENT FILTERING LOGOUT This content filtering option allow the user to block access to certain Internet sites Up to 32 key words in the site s name web site URL can be speci
41. 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3487 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3408 97 0 0 2 443 tcp TIME MATT 97 0 0 5 3493 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3431 97 0 0 2 443 tcp TIME MATT 97 0 0 5 3979 97 0 0 2Z 94943 tcp TIME_WAIT 97 0 0 5 3515 97 0 0 2 443 tcp TIME MATT 97 0 0 5 2501 97 0 0 2 443 tcp TIME MATT 97 0 0 5 3527 97 0 0 2 443 tcp CLOSE 192 168 75 100 500 97 0 0 32 500 udp none 97 0 0 5 3427 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3519 97 0 0 2 443 tcp CLOSE 97 0 0 5 3507 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3543 97 0 0 2 443 tcp CLOSE 97 0 0 5 3437 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3409 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3497 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3541 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3489 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3482 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3535 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3509 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3467 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3415 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3450 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3499 97 0 0 2 443 tcp TIME_WAIT Refresh 129 Unified Services Router User Manual 10 3 2 Wireless Clients Status gt Wireless Clients The clients connected to a particular AP can be viewed on this page Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link as well as the time connected to the corresponding AP The statistics table has auto refresh control
42. ANY AIM BGP BOOTP_CLIENT BOOTP_ SERVER CU SEEME UDP CU SEEME TCP DNS UDP DNS TCP FINGER FTP HTTP HTTPS ICMP TYPE 3 ICMP TYPE 4 ICMP TYPE 5 ICMP TYPE 6 ICMP TYPE 7 ICMP TYPE 8 ICMP TYPE 9 ICMP TYPE 10 ICMP TYPE 11 ICMP TYPE 13 ICQ IMAP2 IMAP3 PING POP3 PPTP RCMD REAL AUDIO REXEC RLOGIN RTELNET RTSP TCP RTSP UDP SFTP S SNMP TCP SNMP UDP SNMP TRAPS TCP SNMP TRAPS UDP SQL NET SSH TCP SSH UDP STRMWORKS TACACS TELNET TFTP VDOLIVE 144 Unified Services Router Appendix D Log Output Reference Facility System Networking DBUpdate event Table s opCode d rowld d networkintable txt not found sqlite3QueryResGet failed Interface is already deleted in bridge removing s from bridge s s adding s to bridge s s stopping bridge stopping bridge stopping bridge s DBUpdate event Table s opCode d rowld d Wan is not up s DBUpdate event Table s opCode d rowld d doDNS failed doDNS failed doDNS Result FAILED doDNS Result SUCCESS Write Old Entry s s s to s Write New Entry s s s to S Write Old Entry s s s to s Write New Entry s s s to S ifStaticMgmtDBUpdateHandler returning with nimfLinkStatusGet buffer nimfLinkStatusGetErr returning with status d nimfAdvOptSetWrap current Mac Option d nimfAdvOptSetWrap current Port Speed Option d nimfAdvOptSetWrap current Mtu Option
43. Address Media access control address Unique physical address identifier attached to a network adapter Internet Key Exchange Mode for securely exchanging encryption keys in ISAKMP as part of building a VPN tunnel MTU Maximum transmission unit Size in bytes of the largest packet that can be passed on The MTU for Ethernet is a 1500 byte packet NAT Network Address Translation Process of rewriting IP addresses as a packet passes through a router or firewall NAT enables multiple hosts on a LAN to access the Internet using the single public IP address of the LAN s gateway router NetBIOS Microsoft Windows protocol for file sharing printer sharing messaging authentication and name resolution NTP Network Time Protocol Protocol for synchronizing a router to a single clock on the network known as the clock master A Password Authentication Protocol Protocol for authenticating users to a remote access server or ISP 140 Unified Services Router User Manual Point to Point Protocol over Ethernet Protocol for connecting a network of hosts to an ISP without the ISP having to manage the allocation of IP addresses Point to Point Tunneling Protocol Protocol for creation of VPNs for the secure transfer of data from remote clients to private servers over the Internet Remote Authentication Dial In User Service Protocol for remote user authentication and accounting Provides centralized management of usernames and passwords
44. DEBUG DEBUG DEBUG 179 Unified Services Router s mac_del 02XK 02X 02K 02X 02K 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s mac_kick 02XK 02X 02K 02X 02XK 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s mac_undefined 02XK 02X 02K 02X 02XK 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s addr_add 02XK 02X 02K 02X 02XK 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s addr_del 02XK 02X 02K 02X 02XK 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s mac_undefined 02XK 02X 02K 02X 02XK 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s set_float d d IRQ 32 is triggered ip_finish_output2 No header cache and no neighbour a guy asks for address mask Who is it icmp v4 hw csum failure expire gt gt u d d d expire expire u d d d expire rt_cache 02x u u u u hash rt_bind_peer 0 p NET _CALLER iph ip_rt_advice redirect to ip_rt_bug u u u u gt YU U U U S udp cork app bug 2 udp cork app bug 3 udp v4 hw csum failure UDP short packet From YU U U U U d d to Yu U U U U UDP bad checksum From d d d d d to d d d d d ulen d S lookup policy list found s s called output START __ FUNCTION __ s flow dst s
45. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DOT11_RX_EAPOL_KEYMSG unknown ifname s cmd d not supported sender d inteface name passed is NULL BSSID passed is NULL inteface name passed is NULL unable to allocate memory for DOT11_CTX unable to install wme mapping on s unable to get s mac address Failed to set s SSID Failed to set SSID broadcast status Failed to set PreAuth mode unable to install key KDOT11_SET_PARAM IEEE80211_ OC_AUTHMODE failed KDOT11_SET_PARAM IEEE80211_ OC_PRIVACY failed wpalnit failed dot 1InstallProfile unable to get interface index adpHmaclnit s failed interface s not found AP not found on s keyLen gt PNAC_KEY_MAX_SIZE Invalid profile name passed Creation of WPS EAP Profile failed unsupported command d device s not found unsupported command d dot11NodeAlloc failed Getting WPA IE failed for s Getting WPS IE failed for s Srey initialize authenticator for node Failed to get the system up time while adding node s error creating PNAC port for node s dot11NodeAlloc failed Invalid arguments User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 170 Unified Services Route
46. DNS proxy firewall rule add failed for S deleting interface s from ifgroup d failed adding interface s to ifgroup d failed nimfBridgeTblHandler unable to get interfaceName nimfBridgeTblHandler nimfBridgeTblHandler unable to get Failed to s traffic from s to s to IPS Failed to s traffic from s to s to IPS failed to start IPS service Timeout in waiting for IPS service to start Usage s lt DBFile gt lt opType gt lt tbIName gt lt rowld gt xlr8NatConfig illegal invocation of s Illegal invocation of s xlr8NatMgmtTblHandler failed query S Could not open file s Rip Error Command Too Long No authentication for Ripv1 Invalid Rip Direction Invalid Rip Version Invalid Password for ist Key Invalid Time for 1st Key Invalid Password for 2nd Key Invalid Time for 2nd Key Invalid First Keyld Invalid Second Keyld Invalid Authentication Type ripDisable failed ripEnable failed ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router Facility Local0 Wireless User Manual node s setting s to val d Custom wireless event s Wireless event cmd 0x x len d New Rogue AP 02x 02x 02x 02x 02x 02x detected
47. DNS server details can be manually entered here primary secondary options An alternative is to allow the LAN DHCP client to receive the DNS server details from the ISP directly By selecting Use DNS proxy this router acts as a proxy for all DNS requests and communicate with the ISP s DNS servers a WAN configuration parameter e Primary and Secondary DNS servers If there are configured domain name system DNS servers available on the LAN enter the IP addresses here e Lease Rebind time sets the duration of the DHCPv6 lease from this router to the LAN client IPv6 Address Pools This feature allows you to define the IPv6 delegation prefix for a range of IP addresses to be served by the gateway s DHCPv6 server Using a delegation prefix you can automate the process of informing other networking equipment on the LAN of DHCP information specific for the assigned prefix Configuring IPv6 Router Advertisements Router Advertisements are analogous to IPv4 DHCP assignments for LAN clients in that the router will assign an IP address and supporting network information to devices that are configured to accept such details Router Advertisement is required in an IPv6 network is required for stateless auto configuration of the IPv6 LAN By configuring the Router Advertisement Daemon on this router the device will listen on the LAN for router solicitations and respond to these LAN hosts with router advisements 14 Unified Services
48. ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 173 Unified Services Router phyPort s pnacPortPaeDeconfig kpnacPortPaeDec onfig failed pnacPortPaeDeconfig kpnacPortPaeDec onfig failed pnacBackAuthSuccess failed to notify the destination could not initialize MGMT framework umilnit failed iapplnit failed could not initialize IAPP MGMT dot 1Malloc failed buffer length not specified Invalid length d specified Failed to get information about authorized AP list Recd IE data for non existent AP s Recd IE data for wrong AP s Received Invalid IE data from WSC Recd IE data for non existent AP s Recd WSC Start command without interface name Recd WSC start for non existent AP s Recd WSC start for wrong AP s Unable to send WSC_WLAN_CMD_PORT to WSC Failed to get the ap context for s WPS can only be applied to WPA WPA2 security profiles wpsEnable running wsccmd failed Failed to get the ap context for s WPS conf under non WPA WPA2 security setting Failed to reset the Beacon Frame IE in the driver Failed to reset the Beacon Frame IE in the driver WPS method cannot be NULL PIN value length should be a multiple of 4 Failed to initiate PIN based association PIN s WARN WARN WARN ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR
49. ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR pnacRadXlateRadPktIntegrityChk no corresponding Error from pnacRadXlateRadPktIntegrityChk no message Error from pnacRadXlateRadPktIntegrityChk From pnacRadXlateRadChalPktHandle no encapsulated eap Error from pnacRadXlateRadChalPktHandle malloc for eap Error from pnacEapDemoSuppUserInfoRegister invalid Error from pnacEapDemoSuppRecv received null EAP pkt Error from pnacEapDemoSuppRecv send ptr to pnac supplicant From pnacEapDemoSuppRecv user info not entered yet Error from pnacEapDemoSuppRecv couldn t pnacUmilnit UMI initialization failed could not start PNAC task invalid aruments pnaclfNameTolndex failed pnacPhyPortParamSet device invalid SV pnacPhyPortParamSet EIOCGADDR ioctl failed add ioctl failed pnacPhyPortParamUnset multicast addr del ioctl failed pnacPDUXmit Invalid arguments invalid pnacRecvRin dropping received packet as port is pnacSendRin Invalid arguments pnacSendRin no physical port corresponding to pnacSendRin dropping packet as port pnacAuthBuildRC4KeyDesc adpEncryptlnit RC4 failed pnacAuthBuildRC4KeyDesc adpCipherContextCtrl pnacDot1 1UserSet incorrect buffer length PNAC user component id not set MDString adpDigestlnit for md5 failed pnacPhyPortParamSet multicast addr pnacPDUXmi
50. FUNCTION _ XFRMSTRADDRi fl gt fl6_src family a guy asks for address mask Who is it icmp v4 hw csum failure expire gt gt u d d d expire expire u d d d expire rt_cache 02x u u u u hash rt_bind_peer 0 p NET _CALLER iph Ip TL advice redirect to ip_rt_bug u u u u gt WU U U U S UDP short packet From WU U YU U U d d to Yu U U U U UDP bad checksum From d d d d d to d d d d d ulen d a guy asks for address mask Who is it fib_add_ifaddr bug prim NULL fib_del_ifaddr bug prim NULL expire gt gt u d d d expire expire u d d d expire rt_cache 02x u u u u hash rt_bind_peer 0 p Ip TL advice redirect to ip_rt_bug u u u u gt WU U U YU S s lookup policy list found s s called output START __ FUNCTION __ s flow dst s _ FUNCTION_ XFRMSTRADDR fl gt fl4_dst family s flow src s _ FUNCTION _ XFRMSTRADDRi fl gt fl4_src family s flow dst s _ FUNCTION_ XFRMSTRADDR fl gt fl6_dst family s flow src s _ FUNCTION XFRMSTRADDRi fl gt fl6_src family a guy asks for address mask Who is it icmp v4 hw csum failure expire gt gt u d d d expire expire u d d d expire rt_cache 02x u u u u hash rt_bind_peer 0 p NET _CALLER iph ip_rt_advice redirect to DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DE
51. Figure 5 Adding VLAN memberships to the LAN sees eee 18 Figure 6 Port VLAN list E SAE E E E E 19 Figure 7 Configuring VLAN membership for a pO eee ee 20 Fig re 8 DMZ e a nisl aT 21 Figure 9 UPnP Configuration ceccceeessesescsesseseseeeescsesseseseseecseseeceseeeseeseseeceseacsececaeeeeaeeeeecessenenseeeeees 22 Figure 10 Internet Connection Setup WIZard sss sees ee eee ee 23 Figure 11 Manual WAN configuration sese eee eee eee eee 26 Figure 12 List of configured PPPOE profiles sese eee eee 27 Figure 13 PPPoE profile configuration sse 28 Figure 14 IPv6 WAN Setup Dade sees eee eee 29 Figure 15 Connection Status information for both WAN ports sse eee eee eee 31 Figure 16 List of Configured Bandwidth Profiles ccccesesseseseesesesenseseseseeeeecseeeseseeecseseeenseeeeees 32 Figure 17 Bandwidth Profile Configuration page sese 33 Figure 18 Traffic Selector Configuration eee eee ee 34 Figure 19 Load Balancing is available when multiple WAN ports are configured and Protocol Bindings have been denned eee 36 Figure 20 Protocol binding setup to associate a service and or LAN source to a WAN and or destination MOTWOTK T 37 Figure 21 Routing Mode is used to configure traffic routing between WAN and LAN as well as Dynamic routing RIP sse eee eee 39 Figure 22 Static route Configuration elde sss sese eee 42 Figure 23 WAN2 configuration for 3G internet Dart 1 ccc ccc ccssesecscseesececeesececseeseceesesses
52. LAN port with a VLAN ID you can associate a VLAN to a physical port Setup gt VLAN Settings gt Port VLAN VLAN membership properties for the LAN and wireless LAN are listed on this page The VLAN Port table displays the port identifier the mode setting for that port and VLAN membership information The configuration page is accessed by selecting one of the four physical ports or a configured access point and clicking Edit The edit page offers the following configuration options Mode The mode of this VLAN can be General Access or Trunk The default is access In General mode the port is a member of a user selectable set of VLANs The port sends and receives data that is tagged or untagged with a VLAN ID If the data into the port is untagged it is assigned the defined PVID In the configuration from Figure 4 Port 3 is a General port with PVID 3 so untagged data into Port 3 will be assigned PVID 3 All tagged data sent out of the port with the same PVID will be untagged This is mode is typically used with IP Phones that have dual Ethernet ports Data coming from phone to the switch port on the router will be tagged Data passing through the phone from a connected device will be untagged 18 Unified Services Router User Manual Figure 6 Port VLAN list Internet Settings Settings VLAN Settings DSR 1000N SETUP ADVANCED TOOLS STATUS PORT LANS LOGOUT This page allows user to configure the port V
53. POSSIBILITY OF SUCH DAMAGES FURTHERMORE D LINK WILL NOT BE LIABLE FOR THIRD PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES D LINK WILL IN NO EVENT BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT D LINK RECEIVED FROM THE END USER FOR THE PRODUCT Unified Services Router User Manual Table of Contents Chapter 1 Chapter 2 Chapter 3 Chapter 4 VtFOCGUCTION PAn EESE EAE E EE E TS 8 1 1 About this User Manual 8 1 2 Typographical Conventions sese ee eee eee eee eee 8 Configuring Your Network LAN Setup sss sese 9 2 1 LAN s ur ne se Sa A TEA 9 2 1 1 LAN Configuration in an IPV6 Network sese eee eee eee eee eee eee eee 11 2 1 2 Configuring IPv6 Router Advertisements sss esse eee eee eee eee eee eee 14 2 2 VLAN Configuration sse eee eee eee 17 2 2 1 Associating VLANS to DOS eee 18 2 3 Configurable Port DMZ Setup sse eee eee eee 20 2 4 Universal Plug and Play UPNP s 21 Connecting to the Internet WAN Setup sss 23 3 1 Internet Setup WIZard sse 23 3 2 WAN Contigurationi aia5 caeccnn andi nan ide chan EN 24 32 1 WAN Port IP address ic0 s 402 rieda oiean hatate nna T E ns 25 32 2 WAN RI 25 32273 IDA GP WANES TTT 25 32 4 PPPOE enl TTT 27 3 2 5 WAN Configuration in an IPV6 Network ccccccccccesscscssesscecssesececsesseceseesees 28 3 2 6 Checking WAN Status ccccccccccccccssesscscssesscscsecsececseesececseesececsecsececsesaeeeeseeaees 29 3 3 Bandwidth e cT so e A a A 32 3
54. Rivest Shamir Adleman Public key encryption algorithm Transmission Control Protocol Protocol for transmitting data over the Internet with guaranteed reliability and in order delivery User Data Protocol Protocol for transmitting data over the Internet quickly but with no guarantee of reliability or in order delivery VPN Virtual private network Network that enables IP traffic to travel securely over a public TCP IP network by encrypting all traffic from one network to another Uses tunneling to encrypt all information at the IP level Windows Internet Name Service Service for name resolution Allows clients on different IP subnets to dynamically resolve addresses register themselves and browse the network without sending broadcasts IKE Extended Authentication Method based on the IKE protocol for authenticating not just devices which IKE authenticates but also users User authentication is performed after device authentication and before IPSec negotiation 141 Appendix B Factory Default Settings nC E Connection LAN Time zone adjusted for Daylight Saving Time Firewall Inbound communications from the Internet Disabled except traffic on port 80 the HTTP port Outbound communications to the Internet Enabled all Source MAC filtering Disabled Stealth mode Enabled Unified Services Router User Manual Appendix C Standard Services Available for Port Forwarding amp Firewall Configuration
55. Router User Manual RADVD Advanced gt IPv6 gt IPv6 LAN gt Router Advertisement To support stateless IPv6 auto configuration on the LAN set the RADVD status to Enable The following settings are used to configure RADVD Advertise Mode Select Unsolicited Multicast to send router advertisements RA s to all interfaces in the multicast group To restrict RA s to well known IPv6 addresses on the LAN and thereby reduce overall network traffic select Unicast only Advertise Interval When advertisements are unsolicited multicast packets this interval sets the maximum time between advertisements from the interface The actual duration between advertisements is a random value between one third of this field and this field The default is 30 seconds RA Flags The router advertisements RA s can be sent with one or both of these flags Chose Managed to use the administered stateful protocol for address auto configuration If the Other flag is selected the host uses administered stateful protocol for non address auto configuration Router Preference this low medium high parameter determines the preference associated with the RADVD process of the router This is useful if there are other RADVD enabled devices on the LAN as it helps avoid conflicts for IPv6 clients MTU The router advertisement will set this maximum transmission unit MTU value for all nodes in the LAN that are autoconfigured by the router The default
56. STATUS SSL PN POLICY CONFIGURATION LOGOUT This page allows you to add a new SSL YPN Policy or edit the configuration of an existing SSL YPN Policy Save Settings Don t Save Settings VPN Settings USB Settings Policy For Global z Available Groups pal a Available Users SSL YPN Policy Apply Policy to l Network Resource lt Policy Name l IP Address Mask Length p Port Range Port Number Begin e End cat Service YPN Tunnel Defined Resources DocServer z Permit Permission 7 2 1 Using Network Resources Setup gt VPN Settings gt SSL VPN Server gt Resources Network resources are services or groups of LAN IP addresses that are used to easily create and configure SSL VPN policies This shortcut saves time when creating similar policies for multiple remote SSL VPN users Adding a Network Resource involves creating a unique name to identify the resource and assigning it to one or all of the supported SSL services Once this is done editing one of the created network resources allows you to configure the object type either IP address or IP range associated with the service The Network Address Mask Length and Port Range Port Number can all be defined for this resource as required 94 Unified Services Router User Manual Figure 59 List of configured resources which are available to assign to SSL VPN policies DSR 1000N
57. Users with login status and associated Group Domain ssssosssosooeos1e0000 90 User configuration Options saccades iiaii aea E AES ion ees nen ek 92 List of SSL VPN polices Global terni sese 93 SSL VPN policy CONPQUrATION senen A E E 94 List of configured resources which are available to assign to SSL VPN policies 95 List of Available Applications for SSL Port FEowardingd sss esse eee eee 96 SSL VPN client adapter and access configuration see eee eee eee eee 97 Configured client routes only apply in split tunnel mode sese ee eee 98 List of configured SSL VPN portals The configured portal can then be associated with AN authentication DOMAIN eee eee eee eee 99 Unified Services Router User Manual Figure 64 Figure 65 Figure 66 Figure 67 Figure 68 Figure 69 Figure 70 Figure 71 Figure 72 Figure 73 Figure 74 Figure 75 Figure 76 Figure 77 Figure 78 Figure 79 Figure 80 Figure 81 Figure 82 Figure 83 Figure 84 Figure 85 Figure 86 Figure 87 Figure 88 Figure 89 Figure 90 Figure 91 Figure 92 SSL VPN Portal COnfiQ uration c cc n E 100 USB device CONFIQUIFATION 00 ccc ccsccsceeseescsessesecsessesecsessesecsessesecsessesecsessesecsesseeecsesseeseass 101 Certificate summary for IPSec and HTTPS management eee eee eee eee eee 102 User Login policy configuration sse eee eee eee 103 Remote Management from the WAN 104 SNMP Users Traps and Access Control
58. a specific group of machines in the LAN having a known range of IP addresses and anyone coming in through the Network from the WAN i e all remote users Configuration 1 Setup a schedule e To setup a schedule that affects traffic on weekends only navigate to Security Schedule and name the schedule Weekend e Define weekend to mean 12 am Saturday morning to 12 am Monday morning all day Saturday amp Sunday e Inthe Scheduled days box check that you want the schedule to be active for specific days Select Saturday and Sunday e In the scheduled time of day select all day this will apply the schedule between 12 am to 11 59 pm of the selected day 66 Unified Services Router User Manual e Click apply now schedule Weekend isolates all day Saturday and Sunday from the rest of the week Figure 38 Schedule configuration for the above example DSR 1000N SETUP ADVANCED TOOLS STATUS SCHEDULE CONFIGURATION LOGOUT Date and Time This page allows user to configure schedules These schedules then can be applied to firewall rules to achieve schedule based firewall Save Settings Don t Save Settings Schedule Name Scheduled Days Do you want this schedule to be DIES active on all days or specific days Y Monday Schedules Tuesday Wednesday Thursday Friday Saturday HHH HH g Sunday Scheduled Time of Day Do you want this s
59. all but one of your PCs Many broadband ISPs restrict access by allowing traffic from the MAC address of only your broadband modem but some ISPs additionally restrict access to the MAC address of just a single PC connected to that modem If this is the case configure your firewall to clone or spoof the MAC address from the authorized PC 11 4 Restoring factory default configuration settings To restore factory default configuration settings do either of the following 1 Do you know the account password and IP address e If yes select Administration gt Settings Backup amp Upgrade and click default e Ifno do the following On the rear panel of the router press and hold the Reset button about 10 seconds until the test LED lights and then blinks Release the button and wait for the router to reboot 2 If the router does not restart automatically manually restart it to make the default settings effective 3 After a restore to factory defaults whether initiated from the configuration interface or the Reset button the following settings apply e LAN IP address 192 168 10 1 e Username admin e Password password e DHCP server on LAN enabled e WAN port configuration Get configuration via DHCP 137 Chapter 12 Credits Microsoft Windows are registered trademarks of Microsoft Corp Linux is a registered trademark of Linus Torvalds UNIX is a registered trademark of The Open Group Unified Services Rou
60. allow the nodes to support all other IPv6 routing options e SLA ID The SLA ID Site Level Aggregation Identifier is available when 6to4 Prefixes are selected This should be the interface ID of the router s LAN interface used for router advertisements e IPv6 Prefix When using Global Local ISATAP prefixes this field is used to define the IPv6 network advertised by this router 16 Unified Services Router User Manual e IPv6 Prefix Length This value indicates the number contiguous higher order bits of the IPv6 address that define up the network portion of the address Typically this is 64 e Prefix Lifetime This defines the duration in seconds that the requesting node is allowed to use the advertised prefix It is analogous to DHCP lease time in an IPv4 network Figure 4 IPv6 Advertisement Prefix settings DSR 1000N SETUP ADVANCED TOOLS STATUS lication Rules gt ADVERTISEMENT PREFIXES Description Save Settings Don t Save Settings Advertise Prefixes Configuration IPv6 Prefix Type SLA ID es IPv6 Prefix Sa IPv6 Prefix Length F secondi Prefix Lifetime VLAN Configuration The router supports virtual network isolation on the LAN with the use of VLANs LAN devices can be configured to communicate in a subnetwork defined by VLAN identifiers LAN ports can be assigned unique VLAN IDs so that traffic to and from that physical port can be isolated from the gener
61. and similar events can be captured for review by the IT administrator Traffic through each network segment LAN WAN DMZ can be tracked based on whether the packet was accepted or dropped by the firewall Accepted Packets are those that were successfully transferred through the corresponding network segment i e LAN to WAN This option is particularly useful when the Default Outbound Policy is Block Always so the IT admin can monitor traffic that is passed through the firewall 109 Unified Services Router User Manual e Example If Accept Packets from LAN to WAN is enabled and there is a firewall rule to allow SSH traffic from LAN then whenever a LAN machine tries to make an SSH connection those packets will be accepted and a message will be logged Assuming the log option is set to Allow for the SSH firewall rule Dropped Packets are packets that were intentionally blocked from being transferred through the corresponding network segment This option is useful when the Default Outbound Policy is Allow Always e Example If Drop Packets from LAN to WAN is enabled and there is a firewall rule to block ssh traffic from LAN then whenever a LAN machine tries to make an ssh connection those packets will be dropped and a message will be logged Make sure the log option is set to allow for this firewall rule XW Enabling accepted packet logging through the firewall may generate a significant volume of log messages
62. are to be used on multiple AP instances or SSIDs Wireless Settings Wizard Setup gt Wizard gt Wireless Settings The Wireless Network Setup Wizard is available for users new to networking By going through a few straightforward configuration pages you can enable a Wi Fi network on your LAN and allow supported 802 11 clients to connect to the configured Access Point 46 Unified Services Router User Manual Figure 26 Wireless Network Setup Wizards DSR 1000N SETUP ADVANCED TOOLS STATUS gt emain WIRELESS SETTINGS LOGOUT This page will guide you through common and easy steps to configure your router s wireless interface Wireless Network Setup Wizard This wizard is designed to assist you in your wireless network setup It will guide you through step by step instructions on how to set up your wireless network and how to make it secure Wireless Network Setup Wizard Note Some changes made using this Setup Wizard may require you to change some settings on your wireless client adapters so they can still connect to the D Link Router Add Wireless Device WITH WPS WI FI PROTECTED SETUP Wizard This wizard is designed to assist you in connecting your wireless device to your wireless router It will quide you through step by step instructions on how to get your wireless device connected Click the button below to begin WPS is currently disabled Manual Wireless Network Setup
63. be created on a Global Group or User level User level policies take precedence over Group level policies and Group level policies take precedence over Global policies These policies can be applied to a specific network resource IP address or ranges on the LAN or to different SSL VPN services supported by the router The List of Available Policies can be filtered based on whether it applies to a user group or all users global XW A more specific policy takes precedence over a generic policy when both are applied to the same user group global domain I e a policy for a specific IP address takes precedence over a policy for a range of addresses containing the IP address already referenced 92 Unified Services Router User Manual Figure 57 List of SSL VPN polices Global filter DSR 1000N SETUP ADVANCED TOOLS STATUS SSL PN POLICIES LOGOUT Policies are useful to permit or deny access to specific network resources IP addresses or IP networks They may be defined at the user group or global level By Default a global PERMIT policy not displayed was already configured over all addresses and over all services ports Query View List of SSL YPN Policies For l Global z Available Groups pal a Available Users Display List of SSL YPN Policies P Name Service Destination Permission P Port2525open YPN Tunnel 0 0 0 0 2525 2525 Permit Edit Delete Add To add a SSL VPN policy you must
64. c 20 9 define DEBUG_PRINTK printk bcmDevicelnit registration failed bcmDevicelnit pCdev Add failed REG Size 8 Bit Value x At Page x Addr oxX REG Size 16 Bit Value x At Page x Addr AX REG Size 32 Bit Value x At Page x Addr DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG gt natport skb len d dlen d pskb gt len t r Non linear skb End of sdp p nexthdr s unknown pairwise cipher d s unknown group cipher d s unknown SIOCSIWAUTH flag d s unknown SIOCGIWAUTH flag d s unknown algorithm d s key size d is too large try_module_get failed Sag request_irq failed dev gt name try_module_get failed try_module_get failed s unknown pairwise cipher d s unknown group cipher d s unknown SIOCSIWAUTH flag d s unknown SIOCGIWAUTH flag d s unknown algorithm d Sag key size d is too large unable to load s scan_modnames mode Failed to mkdir proc net madwifi try_module_get failed Sag request_irq failed dev gt name too many virtual ap s already got d SC gt SC_nvaps Sag request_irq failed dev gt name rix u u bad ratekops u mode u cix u u bad ratekbps u mode u s no rates for s
65. can be accessed from the internet by its aliased public IP address 7 Outbound rules can use Source NAT SNAT in order to statically map bind all LAN DMZ traffic matching the rule parameters to a specific WAN interface or external IP address usually provided by your ISP Once the new or modified rule parameters are saved it appears in the master list of firewall rules To enable or disable a rule click the checkbox next to the rule in the list of firewall rules and choose Enable or Disable XW The router applies firewall rules in the order listed As a general rule you should move the strictest rules those with the most specific services or addresses to the top of the list To reorder rules click the checkbox next to a rule and click up or down 63 Unified Services Router User Manual Figure 37 The firewall rule configuration page allows you to define the To From zone service action schedules and specify source destination IP addresses as needed DSR 1000N SETUP ADVANCED TOOLS STATUS aS gt tion Rule Website Filter p f IPV4 FIREWALL RULES LOGOUT Firewall Settings This page allows you to add a new Firewall rule or edit the configuration of an existing Firewall rule The details Wir will then be displayed in the List of Available Firewall Rules table on the Firewall Rules page Save Settings Don t Save Settings Firewall Rule Configuration From Zone SECURE LAN z To Zone INSECURE Dedi
66. connection to the new IP address and log in again Be sure the LAN host the machine used to manage the router has obtained IP address from newly assigned pool or has a static IP address in the router s LAN subnet before accessing the router via changed IP address As with an IPv4 LAN network the router has a DHCPv6 server If enabled the router assigns an IP address within the specified range plus additional specified information to any LAN PC that requests DHCP served addresses The following settings are used to configure the DHCPvV6 server 13 Unified Services Router User Manual 2 1 2 e DHCP Mode The IPv6 DHCP server is either stateless or stateful If stateless is selected an external IPv6 DHCP server is not required as the IPv6 LAN hosts are auto configured by this router In this case the router advertisement daemon RADVD must be configured on this device and ICMPv6 router discovery messages are used by the host for auto configuration There are no managed addresses to serve the LAN nodes If stateful is selected the IPv6 LAN host will rely on an external DHCPv6 server to provide required configuration settings e The domain name of the DHCPV6 server is an optional setting e Server Preference is used to indicate the preference level of this DHCP server DHCP advertise messages with the highest server preference value to a LAN host are preferred over other DHCP server advertise messages The default is 255 e The
67. connections or only 802 11n connections or both are accepted on configured APs Figure 32 Radio card configuration options DSR 1000N SETUP ADVANCED TOOLS STATUS RADIO SETTINGS LOGOUT Internet Settings Wireless Settings This page allows you to configure the hardware settings For each available radio card Save Settings Don t Save Settings VPN Settings Radio Configuration USB Settings Operating Frequency 24GHz gt Settings Mode ng X Channel Spacing 20 40MHz Control Side Band Upper lt Current Channel Auto Channel Auto X Default Transmit Power B dBm Transmit Power 15 dBm Transmission Rate l Best Automatic _ DMZ Setup The ratified 802 11n support on this radio requires selecting the appropriate broadcast NA or NG etc mode and then defining the channel spacing and control side band for 802 11n traffic The default settings are appropriate for most networks For example changing the channel spacing to 40 MHz can improve bandwidth at the expense of supporting earlier 802 11n clients The available transmission channels are governed by regulatory constraints based on the region setting of the router The maximum transmission power is similarly governed by regulatory limits you have the option to decrease from the default maximum to reduce the signal strength of traffic out of the radio Note Only DSR 1000 DSR 1000N supports configurable dual band with
68. d is a multiple of refpri d sample_pri refpri gt ft_numfilters u ft gt ft_numfilters filter d filterID d rf_numpulses u rf gt rf_minpri u rf gt rf_maxpri u rf gt rf_threshold u rf gt rf_filterlen u rf gt rf_mindur u rf gt rf_maxdur u j rf gt rf_pulseid NOL WARNING 10 minute CAC period as channel is a weather radar channel s disable detects func __ s enable detects func __ s disable FFT val Ox x _func_ val s enable FFT val Ox x ___ func__ val s debug level now 0x x _ func__ dfs_debug_level RateTable d maxvalidrate d ratemax d pRc gt rateTableSize k pRc gt rateMaxPhy s txRate value of 0x x is bad __ FUNCTION __ txRate Valid Rate Table Index d value d code x rate d flag x i int validRatelndex i RateTable d maxvalidrate d ratemax d pRc gt rateTableSize k pRc gt rateMaxPhy DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG s unable to attach hardware s HAL status u Sag HAL ABI mismatch s failed to allocate descriptors d s unable to setup a beacon xmit queuel s unable to setup CAB xmit queue s unable to setup xmit queue for s traffic s unable to register device dev gt name s aut
69. data len d flags 0x x Got start Got first fragment n Got fragment n Got last fragment Got unfragmented message Got frag ack Revd AVP Code u flags 0x x len u vendorld u MOD EAP method state from upper d decision d Got AVP len ul Should be less than 16777215 AVP length extract Error pFB is NULL Requesting message before assembly complete pFB is NULL pFB is NULL Buffer cannot hold message ERROR pFB is NULL Error pFB is NULL TLS_FB is NULL DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Error Plugin context is NULL Deriving implicit challenge Error Generating NT response Error NULL in out buffer Error Incorrect vendor id AVP code not recognized EAPAUTH_MALLOC failed Generating password hash Error Generating password hash hash Error Generating master key Error Generating first 16 bytes of session key Error n key Error n Error generating NT response characters ERROR Invalid Value Size d Error constructing response Got type d expecting d Cannot handle message opCode d EAPAUTH_MALLOC failed tlsGlueCtxCreate failed client certificate must be set in the profile received tls
70. depending on the typical network traffic This is recommended for debugging purposes only In addition to network segment logging unicast and multicast traffic can be logged Unicast packets have a single destination on the network whereas broadcast or multicast packets are sent to all possible destinations simultaneously One other useful log control is to log packets that are dropped due to configured bandwidth profiles over a particular interface This data will indicate to the admin whether the bandwidth profile has to be modified to account for the desired internet traffic of LAN users 110 Unified Services Router User Manual Figure 73 Log configuration options for traffic through router DSR 1000N ADVANCED STATUS Date and Time Log Settings 9 4 2 LOGS CONFIGURATION LOGOUT This page allows user to configure system wide log settings Save Settings Don t Save Settings Routing Logs Accepted Packets LAN to WAN WAN to LAN WAN to DMZ DMZ to WAN LAN to DMZ DMZ to LAN System Logs All Unicast Traffic All Broadcast Multicast Traffic Other Events Logs Bandwidth Limit lt Sending Logs to E mail or Syslog Tools gt Log Settings gt Remote Logging Once you have configured the type of logs that you want the router to collect they can be sent to either a Syslog server or an E Mail address For remote logg
71. eee 105 SNMP system information for this router eee ee eee eee eee eee 106 Date Time and NTP Server setup eee eee eee 107 Facility Settings for LOGGING cc cccccccscscssesscscssesecsceeseceeseesececseesececsecsececsessececsessececseeaees 109 Log configuration options for traffic through Outer sese eee eee 111 E mail configuration as a Remote Logging Opo 112 Syslog server configuration for Remote Logging continued esse eee ee eee 113 VPN logs displayed in GUI event Viewer eee eee eee 114 Restoring configuration from a saved file will result in the current configuration being OVEFWIITION ANC a repont ce eesecsssceseccesseseccersessecersessceessessessssssseeensessenersessesensesseeensenees 115 Firmware version information and Upgrade option sss 116 Dynamic DNS COnfiguration ccccccccccccssesscscssesscecseesececseesececssesececseesececsecsececsesaeceeseeaees 117 Router diagnostics tools available in the GUL 118 Sample traceroute OUIDUL ccc eee 119 Device Status display senan e E Muda thendduaninenan dates 121 Device Status display continued 122 Resource Utilization statistics sese 123 Resource Utilization data COoninuedi sss sees 125 Resource Utilization data continuedi sss 126 Physical port Statisti T 127 AP spece stas ieS iore a aa o E EE E a chee E EE a 128 List of current Active Firewall Sessiong eee eee 129 List of connected 802 11 clients per AP 130 List of LAN ROSIS elected
72. file gt f_count d PPP outbound frame not passed PPP VJ decompression error PPP inbound frame not passed PPP reconstructed packet PPP no memory for missed pkts u u s INC USE COUNT now d __ FUNCTION _ mod_use_count s DEC_USE_COUNT now d __ FUNCTION _ mod_use_count PPPOL2TP s _fmt PPPOL2TP gt s _ FUNCTION _ PPPOL2TP lt s FUNCTION s recv tunnel gt name Ss xmit session gt name s xmit session gt name s module use_count is d __FUNCTION__ mod_use_count PPPOL2TP s _ fmt PPPOL2TP gt s _ FUNCTION _ PPPOL2TP lt s _ FUNCTION _ s recv tunnel gt name s xmit session gt name s xmit session gt name PPPOL2TP s _ fmt PPPOL2TP gt s _ FUNCTION _ PPPOL2TP lt s _ FUNCTION _ s recv tunnel gt name s xmit session gt name s xmit session gt name IRQ 31 is triggered s d func LINE t R S 0x 0x 0x 08x 08x status ERROR 7 page addr uint82_t pValue gt gt 32 uint32_t pValue amp Oxffffffff t W s 0x 0x 0x 08x 08x status ERROR page addr uint32_t value gt gt 32 uint32_t value amp Oxtfffffff s mac_add 02XK 02X 02K 02X 02XK 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
73. fragment ERROR Getting message ERROR Processing TTLS message ERROR Processing TTLS message ERROR Processing TTLS message ERROR Decapsulating AVP ERROR Processing EAP receive Error AVP code not EAP Error Encapsulating AVP ERROR profile s doesnt exist profile s is in use profile s already exists EAPAUTH_MALLOC failed User not found EAP MD5 not enabled in system configuration EAP MSCHAPV2 not enabled in system configuration EAP TLS not enabled in system configuration EAP TTLS not enabled in system configuration Initializing inner non EAP auth plugin User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 156 Unified Services Router password change is not allowed for this user completed writing the policy completed writing the SA completed writing the proposal block cmdBuf s X509_DEBUG Invalid Certificate for the generated X590_ERROR Failed to create File s x509TblIHandler pCertType s pRowQueryStr s x509SelfCertTblHandler pRowQueryStr s s DBUpdate event Table s opCode d rowld d umiRegister failed eapAuthHandler Invalid data received EAPAUTH_MALLOC failed malloc failed BIO_new_mem_buf fai
74. next to an empty Syslog server field and assign the IP address or FQDN to the Name field The selected facility and severity level messages will be sent to the configured and enabled Syslog server once you save this configuration page s settings Figure 75 Syslog server configuration for Remote Logging continued SYS LOG SERVER CONFIGURATION Name SysLog Facility SysLog Severity P SysLog Server1 at Ar 2 farted P SysLog Server2 T CE m 2 L SysLog Server3 _ _ as Ar 2 B SysLog Server4 e E m 2 T SysLog Server5 E i E a 2 T SysLog Server6 F Ar 2 far F SysLog Server SS a far 2 fared i SysLog Server ot Ar 2 farts 9 4 3 Event Log Viewer in GUI Status gt Logs gt View All Logs The router GUI lets you observe configured log messages from the Status menu Whenever traffic through or to the router matches the settings determined in the Tools gt Log Settings gt Logs Facility or Tools gt Log Settings gt Logs Configuration pages the corresponding log message will be displayed in this window with a timestamp XW It is very important to have accurate system time manually set or from a NTP server in order to understand log messages Status gt Logs gt VPN Logs This page displays IPSec VPN log messages as determined by the configuration settings for facility and severity This data is useful when evaluating IPSec VPN traffic and tunnel health 113
75. selectively block and allow inbound and outbound Internet traffic You then specify how and to whom the rules apply To do so you must define the following e Services or traffic types examples web browsing VoIP other standard services and also custom services that you define e Direction for the traffic by specifying the source and destination of traffic this is done by specifying the From Zone LAN WAN DMZ and To Zone LAN WAN DMZ e Schedules as to when the router should apply rules e Any Keywords in a domain name or on a URL of a web page that the router should allow or block e Rules for allowing or blocking inbound and outbound Internet traffic for specified services on specified schedules e MAC addresses of devices that should not access the internet e Port triggers that signal the router to allow or block access to specified services as defined by port number e Reports and alerts that you want the router to send to you You can for example establish restricted access policies based on time of day web addresses and web address keywords You can block Internet access by applications and services on the LAN such as chat rooms or games You can block just certain groups of PCs on your network from being accessed by the WAN or public DMZ network Firewall Rules Advanced gt Firewall Settings gt Firewall Rules Inbound WAN to LAN DMZ rules restrict access to traffic entering your network sel
76. setup options 47 Unified Services Router User Manual e Personal Identification Number PIN The wireless device that supports WPS may have an alphanumeric PIN and if entered in this field the AP will establish a link to the client Click Connect to complete setup and connect to the client e Push Button Configuration PBC for wireless devices that support PBC press and hold down on this button and within 2 minutes click the PBC connect button The AP will detect the wireless device and establish a link to the client XW You need to enable at least one AP with WPA WPA2 security and also enable WPS in the Advanced gt Wireless Settings gt WPS page to use the WPS wizard 4 1 3 Manual Wireless Network Setup 4 2 This button on the Wizard page will link to the Setup gt Wireless Settings gt Access Points page The manual options allow you to create new APs or modify the parameters of APs created by the Wizard Wireless Profiles Setup gt Wireless Settings gt Profiles The profile allows you to assign the security type encryption and authentication to use when connecting the AP to a wireless client The default mode is open i e no security This mode is insecure as it allows any compatible wireless clients to connect to an AP configured with this security profile To create a new profile use a unique profile name to identify the combination of settings Configure a unique SSID that will be the identifie
77. summary stats for each AP on this Statistics page The poll interval the refresh rate for the statistics can be modified to view more frequent traffic and collision statistics 127 Unified Services Router User Manual Figure 88 AP specific statistics Traffic Monitor DSR 1000N SETUP ADVANCED TOOLS STATUS The page will auto refresh in 1 seconds WIRELESS STATISTICS LOGOUT Wireless traffic statistics For all configured access points are displayed in this table The receive rx and transmit tx data is shown per configured AP Wireless Statistics Packets Bytes Errors Dropped AP Name Radio Multicast Collisions tx tx rx tx re tx rx tx api 1 0 0 Da BID pun Ena En 173 Open_guests 1 0 HS PRI 202 SHS ZD Poll Interval fi 0 Seconds Start Stop 10 3 Active Connections 10 3 1 Sessions through the Router Status gt Active Sessions This table lists the active internet sessions through the router s firewall The session s protocol state local and remote IP addresses are shown 128 Unified Services Router User Manual Figure 89 List of current Active Firewall Sessions DSR 1000N SETUP ADVANCED TOOLS STATUS ACTIVE SESSIONS LOGOUT This page displays a list of active sessions on your router Active Sessions Local Internet Protocol State 97 0 0 5 3465 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3525 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3491 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3459
78. the user has a machine for management connected to the LAN to the router The LAN connection may be through the wired Ethernet ports available on the router or once the initial setup is complete the device may also be managed through its wireless interface as it is bridged with the LAN Access the router s graphical user interface GUI for management by using any web browser such as Microsoft Internet Explorer or Mozilla Firefox e Go to http 192 168 10 1 default IP address to display the router s management login screen e Default login credentials for the management GUI e Username admin e Password admin XW If the router s LAN IP address was changed use that IP address in the navigation bar of the browser to access the router s management UI LAN Configuration Setup gt Network Settings gt LAN Configuration By default the router functions as a Dynamic Host Configuration Protocol DHCP server to the hosts on the WLAN or LAN network With DHCP PCs and other LAN devices can be assigned IP addresses as well as addresses for DNS servers Windows Internet Name Service WINS servers and the default gateway With the DHCP server enabled the router s IP address serves as the gateway address for LAN and WLAN clients The PCs in the LAN are assigned IP addresses from a pool of addresses specified in this procedure Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN For most app
79. triggering for protocol UDP Enabling rule port triggering for protocol TCP Enabling rule port triggering for protocol UDP Enabling DNS proxy Restarting DNS proxy checking DNS proxy for Secure zone checking DNS proxy for Public zone Enabling Block traffic from s zone Configuring firewall session settings for Disabling DMZ Disabling WAN DMZ rules Enabling WAN DMZ rules Restarting DMZ rule having s address with s address Enabling LAN DHCP relay OneToOneNat configured successfully OneToOneNat configuration failed Deleting scheduled IPv6 rules delete from FirewallRules6 where ScheduleName s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG KIS He e e s Ne s d Disabling Port Trigger Rule for d d d d d Adding Port Trigger Rule for KIS He e e s Ne s Re s Enabling Content Filter Disabling Content Filter Enabling Content Filter Setting NAT mode for pLogicallfName s Enabling DROP for INPUT Enabling DROP for FORWARD Enabling NAT based Firewall Rules Setting transparent mode for pLogicallfName Enabling Accept for INPUT Enabling Accept for FORWARD Setting Routing mode for pLogicallfName Enabling DROP for INPUT Enabling DROP for FORWARD Disabling NAT
80. u WINDOW u ntohs th gt window DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual gt sc_dev gt name S Mac d d phy d d dev gt name 5 GHz radio d d 2 GHz radio d d radio d d ah gt ah_analog5GhzRev gt gt 4 radio d d ah gt ah_analog5GhzRev gt gt 4 Sag Use hw queue u for s traffic s Use hw queue u for CAB traffic dev gt name s Use hw queue u for beacons dev gt name Could not find Board Configuration Data Could not find Radio Configuration data ath_ahb No devices found driver not installed fmt _VA_ARGS fmt VA_ARGS xlr8NatlpFinishOutput Err skb2 NULL xlr8NatSoftCtxEnqueue Calling xlr8NatlpFinishOutput status xlr8NatSoftCtxEnqueue xlr8NatlpFinishOutput returned d status icmpExceptionHandler Exception fragExceptionHandler Exception algExceptionHandler Exception dnsExceptionHandler Exception ipsecExceptionHandler Exception ESP Packet Src x Dest x Sport d dport d secure d spi d isr p xlr8NatConntrackPreHook We found the valid context xlr8NatConntrackPreHook Not a secured packet xlr8NatConntrackPreHook isr p plsr xlr8NatConntrackPreHook secure d secure Context found for ESP p pFl
81. udp addr x hu usin gt sin_addr s_addr usin gt sin_port S S d BAD TUNNEL MAGIC S S d BAD TUNNEL MAGIC socki_lookup socket file changed S S d BAD TUNNEL MAGIC S d BAD SESSION MAGIC S S d BAD TUNNEL MAGIC msg gt msg_namelen wrong d msg gt msg_namelen addr family wrong d usin gt sin_family udp addr x hu usin gt sin_addr s_addr usin gt sin_port S S d BAD TUNNEL MAGIC S S d BAD TUNNEL MAGIC socki_lookup socket file changed ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 193 Unified Services Router s unable to start recv logic func__ s unable to start recv logic _ func __ s unable to reset hardware hal status Sal hardware error reseting rx FIFO overrun reseting s During Wow Sleep and got BMISS __func__ AC tRTS tAggr Scaling tMin Rate Kbps tHBR tPER LOW THRESHOLD BE t s t t od t 6a t t s t d BK t s t t d t 6a t t s t d VIAs t tYod t obd t t s t d VOSA STS dS Bd DIS STS lt d d p Ylu Ox x Ox x Ox p Ox x Ox x Ox x 0X X bb state 0x 08x 0x 08x bbstate sc 4ul bbstate sc 5ul 08x 08x 08x 08x 08x 08x 08x 08xX 08xX 08x 08x 08x noise floor Yd d Yd d d d Ap
82. umiloctl UMI_COMP_UDOT11 d d umiloctl UMI_COMP_KDOT11 d d umiloctl UMI_COMP_UDOT11 d d failed UDP socket is not created UDP send failed IAPP socket SOCK_STREAM failed IAPP TCP connect failed to s cmd d not supported sender d umiloctl UMI_COMP_KDOT11 d d failed IAPP CACHE NOTIFY REQUEST send to src doti 1 iapp iappLib c 131 4 ADP_ERROR BSSID value passed is NULL reserved requestld is passed interface name is NULL IP address value passed is NULL opening receive UDP socket failed enabling broadcast for UDP socket failed opening receive TCP socket for new AP failed src doti 1 iapp iappLib c 1784 ADP_ERROR src dott 1 iapp iappLib c 1794 ADP_ERROR src dot1 1 iapp iappLib c 1803 ADP_ERROR failed created dot11dLock failed initialize profile library failed to create cipher contexts unable to register to UMI could not create MIB tree unable to register to PNAC Max registration attempts by DOT11 to PNAC exceeded Creation of EAP WPS Profile Failed umiloctl UMI_COMP_IAPP d failed ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 169 Unified Services Router sending EAPOL pdu to PNAC creating pnac authenticator with valu
83. 00 As a convenience for remote users the hostname FQDN of the network server can be configured to allow for IP address resolution This host name resolution provides 95 Unified Services Router User Manual users with easy to remember FQDN s to access TCP applications instead of error prone IP addresses when using the Port Forwarding service through the SSL User Portal XW Defining the hostname is optional as minimum requirement for port forwarding is identifying the TCP application and local server IP address The local server IP address of the configured hostname must match the IP address of the configured application for port forwarding Figure 60 List of Available Applications for SSL Port Forwarding Cy ssa PORT FORWARDING LOGOUT The Port Forwarding page allows you to detect and re route data sent from remote users to the SSL YPN gateway to predefined applications running on private networks List of Configured Applications for Port Forwarding VPN Settings Local Server IP Address TCP Port Number USB Settings 97 00 64 125 Delete Add List of Configured Host Names for Port Forwarding IR Local Server IP Address Fully Qualified Domain Name P 192 168 15 25 test Delete Add 7 4 SSL VPN Client Configuration Setup gt VPN Settings gt SSL VPN Client gt SSL VPN Client An SSL VPN tunnel client provides a point to point connection between the browser side machine and this router When a
84. 02x o 1 02x s don t know what to do o 5 02x s wrong options length u fname opt_len s options rejected o 0 02x o 1 02x s wrong options length u s options rejected o 0 02x o 1 02x s don t know what to do o 5 02x New port d ntohs expinfo User Manual INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN 188 Unified Services Router md5HardTest 0 Failed Passed AES Software Test d iterations iter AES Software Test Duration d d AES Hardware Test d iterations iter AES Hardware Test Duration d d 3DES Software Test d iterations iter 3DES Software Test Duration d d 3DES Hardware Test d iterations iter 3DES Hardware Test Duration d d DES Software Test d iterations iter DES Software Test Duration d d DES Hardware Test d iterations iter DES Hardware Test Duration d d SHA Software Test d iterations iter SHA Software Test Duration d d SHA Hardware Test d iterations iter SHA Hardware Test Duration d d MD5 Software Test d iterations iter MD5 Software Test Duration d d MD5 Hardware Test d iterations iter MD5 Hardware Test Duration d d pnac src pnac linux kernel xcalibur
85. 0N SETUP ADVANCED TOOLS STATUS PORTAL LAYOUT CONFIGURATION LOGOUT Internet This page allows you to add a new portal layout or edit the configuration of an existing portal layout The details will then be displayed in the List of Portal Layouts table on the SSL YPN Server gt Portal Layouts page under the VPN menu Save Settings Don t Save Settings Portal Layout and Theme Name Portal Layout Name l Portal Site Title Optional l Banner Title Optional Banner Message Optional Display banner message r on login page HTTP meta tags for cache r control recommended ActiveX web cache cleaner D SSL PN Portal Pages to Display YPN Tunnel page Port Forwarding 100 Unified Services Router User Manual Chapter 8 Advanced Configuration Tools 8 1 USB Device Setup Setup gt USB Settings There are two USB ports on the DSR Unified Services Router The port supports a 3G modem where the USB dongle is used as a secondary WAN interface Additionally the port can be used for a USB storage device if USB Disc is type is selected The feature of USB storage sharing will be available with future firmware upgrade Figure 65 USB device configuration DSR 1000N SETUP ADVANCED TOOLS STATUS USB SETTINGS Internet Settings This page allows user to configure the device connected to the USB ports of the router These devices can be a 3G or USB storage key
86. 0x x Send resp ptr Ox x Request ptr 0x x Response ptr 0x x Revd AVP Code ul Revd AVP flags 0x 02x Revd AVP len ul Revd AVP vendor id ul tCode d tldent d tLen d tType d tOpCode d tMSID d tmsLen d tvalSize d Frag Buffer bytes left d Stripped username s digestLen d ClearText CipherText digestLen d digestLen1 d digestLen2 d DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Setting profile to glue layer ERROR _eapCtxCreate failed d authentication not enabled in the system ERROR TTLS key derive ERROR TTLS context from EAP plugin is NULL ERROR Allocating memory for TTLS Phase 2 payload ERROR TLS Encrypting response ERROR Allocating TLS read buffer is NULL ERROR Inner authentication id d unhandled innerEapRecv is NULL ERROR Decrypting TLS data ERROR Processing Phase 2 method Error Writing message to BIO ERROR TLS handshake ERROR Unexpected tlsGlueContinue return value NULL request or response PDU or NULL context Protocol version mismatch ERROR Creating receive buffer ERROR Setting first fragment ERROR Setting fragment ERROR Setting last
87. 1 Unified Services Router from pnacRecvMapi pkt body len d pktType d from pnacPDUProcess received PNAC_EAP_PACKET currentld d code d from pnacPDUProcess from pnacPDUProcess identifier d from pnacPDUProcess true setting rxResp from pnacPDUProcess code d identifier d from pnacPDUProcess received from pnacPDUProcess received from pnacPDUProcess received PNAC_EAPOL_KEY_PACKET doing pnacTxCannedFail doing pnacTxCannedSuccess doing pnacTxReqld doing pnacTxReq doing pnacTxStart doing pnacTxLogoff doing pnacTxRspld 1st cond doing pnacTxRspld entering 2nd cond from pnacTxRspld code d identifier d length d doing pnacTxRspld 2nd cond doing pnacTxRspAuth 1st cond doing pnacTxRspAuth 2nd cond message for unknown port PAE from pnacACToSuppRecvRin calling pnacEapPktRecord from pnacEapPktRecord code d identifier d from pnacEapPktRecord received success pkt from pnacEapPktRecord received failure pkt from pnacEapPktRecord received request pkt unknown EAP code d Authenticator d Auth PAE state s Auth Reauth state s Back auth state s Supplicant d Supp Pae state s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEB
88. AL R p llx 08x 08x 08x 08x 08X 08x c T p llx 08x 08x 08x 08x 08x 08x 08x 08x c s no memory for sysctl table __func__ S no memory for device name storage Tunc s failed to register sysctls sc User Manual DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 182 Unified Services Router ipt_time unloaded ip_conntrack_irc max_dcc_channels must be a positive integer ip_conntrack_irc ERROR registering port d ip_nat_h323 ip _nat_mangle_tcp_packet ip_nat_h323 ip_nat_mangle_udp_packet ip_nat_h323 out of expectations ip_nat_h323 out of RTP ports ip_nat_h323 out of TCP ports ip_nat_q931 out of TCP ports Ip nal ras out of TCP ports ip_nat_q931 out of TCP ports ip_conntrack_core Frag of proto u Broadcast packet Should beast u u u u gt U U U U Sk p ptype u ip_conntrack version s u buckets d max ERROR registering port d netfilter PSD loaded c astaro AG netfilter PSD unloaded c astaro AG s SELF s LAN s WAN TRUNCATED SRC u u u u DST u u u u LEN u TOS 0x 02X PREC 0x 02X TTL u ID u FRAG u ntohs ih gt frag_off amp IP_OFFSET TRUNCATED PROTO TCP INCOMPLETE u bytes SPT u DPT u SEQ u ACK
89. BUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Failed to commit ifStatusDBUpdate Failed to begin s SQL error s s Failed to commit nimfNetlfaceTblHandler unable to get LedPinld nimfNetlfaceTblHandler unable to get LedPinld nimfNetlfaceTblHandler unable to get LedPinld s unable to kill dhclient nimfAdvOptSetWrap unable to get current Mac Option nimfAdvOptSetWrap unable to get current Port nimfAdvOptSetWrap current MTU Option nimfAdvOptSetWrap Mac Address from nimfAdvOptSetWrap the MTU nimfAdvOptSetWrap interface advanced nimfAdvOptSetWrap MTU size nimfAdvOptSetWrap Mac Address nimfAdvOptSetWrap interface advanced nimfAdvOptSetWrap connectiontype nimfAdvOptSetWrap type is s nimfAdvOptSetWrap MTU Option nimfAdvOptSetWrap error getting MTU size nimfOldFieldValueGet failed to get old nimfOldFieldValueGet user has changed MTU size nimfAdvOptSetWrap failed to get old Port Speed nimfAdvOptSetWrap user has changed Port Speed nimfAdvOptSetWrap failed to get old Mac Address nimfAdvOptSetWrap user has changed Mac Address nimfAdvOptSetWrap unable to get Mac Address nimfAdvOptSetWrap Failed to RESET the flag nimfAdvOptSetWrap setting advanced options failed nimfAdvOptSetWrap interface advanced options applied unable to get error getting unable to get error setting error getting unable to get error setting faile
90. BUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG encrypt data length mismatch encrypt data does not compare tkip decap failed decrypt phase1 botch decrypt data does not compare decap botch length mismatch decap botch data does not compare tkip demic failed 802 11i TKIP test vectors passed s buf Atheros HAL assertion failure s line Ru S ath_hal logging to s s ath_hal_logfile ath_hal logging disabled S S sep ath_hal_buildopts i ath_pci No devices found driver not installed fmt _VA_ARGS s Warning using only u entries in u key cache Sag TX99 support enabled dev gt name s grppoll Buf allocation failed __func__ S s unable to start recv logic Sag s unable to start recv logic s no skbuff Tunc s hardware error resetting dev gt name s rx FIFO overrun resetting dev gt name s unable to reset hardware s HAL status u s unable to start recv logic dev gt name S s unable to reset hardware s HAL status u Sag s unable to start recv logic ath_mgtstart discard no xmit buf Sag 02u 7s tag ix ciphers hk gt kv_type 02x hk gt kv_valli mac s ether_sprintf mac S SC gt SC_splitmic mic rxmic 02x hk gt kv_mic i User Manual DEBUG DEBUG DEBUG DEBUG
91. BUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual Deleting schedule based firewall rules Deleting schedule based firewall rules from DB Update schedule based firewall rules in DB Restart schedule based firewall rules inter vlan routing enabled inter vlan routing disabled Disabling Content Filter for d Enabling Content Filter for d src firewall linux user firewalld c 59 u ndef ADP_DEBUG2 src firewall linux user firewalld c 61 d efine ADP_DEBUG2 printf Enabling Source MAC Filtering Disabling Source MAC Filtering Adding MAC Filter Policy for Block amp Permit Rest Adding MAC Filter Policy for Permit amp Block Rest Restarting Source MAC Address Policy Disabling Firewall Rule for DHCP Relay Protocol Enabling Firewall Rule for DHCP Relay Protocol prerouting Firewall Rule add for Relay failed prerouting Firewall Rule add for Relay failed Deleting MAC Filter Policy for Address S Adding MAC Filter Policy for Address S Disabling Firewall Rules for DMZ host Enabling Firewall Rules for DMZ host Disabling Firewall Rules for Spill Over Load Balancing Disabling Firewall Rules for Load Balancing Enabling Firewall Rules for Load Balancing Enabling Firewall Rules for Spill Over Load Balancing Ena
92. BUG Enabling Firewall Rule for IGMP Protocol DEBUG Deleting IP MAC Bind Rule for MAC address s and IP DEBUG Adding IP MAC Bind Rule for MAC address s and IP DEBUG Deleting Protocol Bind Rule for Service S DEBUG Deleting Protocol Bind Rule for Service S DEBUG Deleting Protocol Bind Rule for Service S DEBUG Adding Protocol Bind Rule for Service S DEBUG s Session Settings DEBUG Restarting IPv6 Firewall Rules DEBUG Deleting Port Trigger Rule for d d d d d DEBUG Deleting Port Trigger Rule for d d d d d DEBUG Enabling Port Trigger Rule for d d d d d DEBUG Disabling Port Trigger Rule for d d d d d DEBUG Enabling Port Trigger Rule for DEBUG Unified Services Router Internet on port d Enabling remote access management for IP address range Enabling remote access management to only this PC Disabling Management Access from Internet on port d Disabling remote access management for IP address range Disabling remote access management only to this PC MAC Filtering sabled for BLOCK and PERMIT REST MAC Filtering sabled for PERMIT and BLOCK REST Enabling Content Filtering Disabling Content Filtering Deleting rule port triggering for protocol TCP Deleting rule port triggering for protocol UDP Deleting rule port triggering for protocol TCP Deleting rule port triggering for protocol UDP Enabling rule port triggering for protocol TCP Enabling rule port
93. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG WARN WARN WARN WARN ERROR memPartAlloc for d size failed memPartAlloc for d size failed No Handler registered for this UMI context Couldn t find component with ID d id d handler x Received NULL buffer in umiBufToloctlArgs usbMgmitlnit unable to open the database file s call to printConfig failed Failed to Disable Network Storage Some error occurred while removing device Some error occurred while removing device Sqlite update failed Failed to enable printer properly Failed to mount device on system Failed to enable network storage device Failed to mount device on system Sqlite update failed USB1 Touch failed USB2 Touch failed Sqlite update failed Failed query s Failed to execute usb database update handler Usage s lt DBFile gt lt opType gt lt tbIName gt lt rowld gt Illegal invocation of snmpConfig s Invalid Community Access Type Invalid User Access Type Invalid Security Level Invalid Authentication Algorithm Invalid Privacy Algorithm Invalid Argument Failed to allocate memory for enginelD SNMP_DEBUG Failed to get host address SNMP_DEBUG FOPEN failed sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s Invalid Security Level Invalid Authentication Algorithm User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ER
94. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ifmedia_ioctl no media found for 0x x ifmedia_ioctl switching s to dev gt name ifmedia_match multiple match for lt unknown type gt desc gt ifmt_string mode s desc gt ifmt_string lt unknown subtype gt Sag desc gt ifmt_string S S seen_option S S seen_option S seen_option gt S S dev gt name buf S no memory for sysctl table __func__ S no memory for VAP namel func s failed to register sysctls vap gt iv_dev gt name Sag no memory for new proc entry s __ func__ Sag Ox p len u tag p len 03d i 02x u_int8_t p i first difference at byte u i Sag t gt name FAIL ieee80211_crypto_newkey failed FAIL ieee80211_crypto_setkey failed FAIL unable to allocate skbuff FAIL wep decap failed FAIL decap botch length mismatch FAIL decap botch data does not compare FAIL wep encap failed FAIL encap data length mismatch FAIL encrypt data does not compare PASS u of u 802 111 WEP test vectors passed pass total Sag Ox p len u tag p len 03d i User Manual DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
95. DSR 1000 osr 1000n ff ae e ADVANCED TOOLS STATUS Application Rules TRAFFIC SELECTORS LOGOUT Firewall Settings This page allows user to configure various traffic rules to which bandwidth profiles can be attached Save Settings Don t Save Settings Wireless Settings Traffic Selector Configuration Service Traffic Selector Match Type IP Address MAC Address Power Saving Port Name Interface 3 4 Features with Multiple WAN Links This router supports multiple WAN links This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable WAN connectivity on one of the ports Setup gt Internet Settings gt WAN Mode To use Auto Failover or Load Balancing WAN link failure detection must be configured This involves accessing DNS servers on the internet or ping to an internet address user defined If required you can configure the number of retry attempts when the link seems to be disconnected or the threshold of failures that determines if a WAN port is down 3 4 1 Auto Failover In this case one of your WAN ports is assigned as the primary internet link for all internet traffic The secondary WAN port is used for redundancy in case the primary link goes down for any reason Both WAN ports primary and secondary must be configured to connect to the respective ISP s before enabling this feature The sec
96. E Connectivity Type Keep Connected gt Idle Time Sz My IP Address SSS Server Address Ss Gateway IP Address 27 Cellular 3G internet access is available on WAN2 via a USB modem The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish a connection The dial Number and APN are specific to the cellular carriers Once the connection type settings are configured and saved navigate to the WAN status page Setup gt Internet Settings gt WAN Status and Enable the WAN2 link to establish the 3G connection 43 Unified Services Router User Manual Figure 24 WAN2 configuration for 3G internet part 2 Internet IP Address 3 7 IP Address Source IP Address IP Subnet Mask Gateway IP Address Get Dynamically from ISP lt Domain Name System DNS Servers DNS Server Source l Get Dynamically from ISP z Primary DNS Server Secondary DNS Seryer DHCP Connection Dynamic IP Address MAC Address Source Use Default Address MAC Address Host Name 3G Internet Connection Type Username WAP CINGULARGPR Optional Password p Dial Number aap S t C S S Authentication Protocol None lt wap cingular Optional APN WAN Port Settings Advanced gt Advanced Network gt WAN Port Setup The physical port settings for each WAN link can be defined here If your ISP account defin
97. ION TKIP CCMP AUTHENTICATION PSK 10 1 2 Resource Utilization Status gt Device Info gt Dashboard The Dashboard page presents hardware and usage statistics The CPU and Memory utilization is a function of the available hardware and current configuration and traffic through the router Interface statistics for the wired connections LAN WANI WAN2 DMZ VLANs provide indication of packets through and packets dropped by the interface Click refresh to have this page retrieve the most current statistics 122 Unified Services Router User Manual Figure 84 Resource Utilization statistics DSR 1000N SETUP ADVANCED TOOLS STATUS Device Info D Traffic Monitor d DASHBOARD LOGOUT This page displays the resources being used in the system currently This page also shows the bandwidth used in form of bar graphs Bandwidth Usage Select Interface ALL oy 1500 HTTP 0 Kbps EE HTTPS 1501 Kbps EE SMTP 0 Kbps EE mMaP2 0 Kbps E APs 0 Kbps 1000 S POPS 0 Kbps R DMS 0 Kbps MB SSH 0 Kbps in KBps GB TELNET 0 Kbps E SNMP 0 Kbps 500 NFS 0 Kbps 0 10 20 Applications Used Applications Select Interface ALL e E HTTPS 123 Unified Services Router User Manual 124 Unified Services Router User Manual Figure 85 Resource Utilization data continued CPU Utilization CPU usage by user CPU usage by kernel 11 CPU idle 62 CPU wa
98. IPv6 Prefix Length assigned to the LAN 11 Unified Services Router User Manual XW IPv4 IPv6 mode must be enabled in the Advanced gt IPv6 gt IP mode to enable IPv6 configuration options LAN Settings The default IPv6 LAN address for the router is fec0 1 You can change this 128 bit IPv6 address based on your network requirements The other field that defines the LAN settings for the router is the prefix length The IPv6 network subnet is identified by the initial bits of the address called the prefix By default this is 64 bits long All hosts in the network have common initial bits for their IPv6 address the number of common initial bits in the network s addresses is set by the prefix length field 12 Unified Services Router User Manual aan 2 IPv6 LAN and DHCPv6 a Application Rules _ iu Please Set IP Mode to IPv4 IPv6 in Routing Mode Page to configure this page IPV6 LAN CONFIG LOGOUT Firewall Settings This page allow user to IPv6 related LAN configurations Advanced Network Save Settings Don t Save Settings LAN TCP IP Setup IP MAC Binding DHCP Status Disable DHCPv6 Server Power Saving DHCP Mode Stateless Domain Name dinkcom Server Preference 255 DNS Servers Use DNS Proxy Primary DNS Server Secondary DNS Server Lease Rebind Time List of IPv6 Address Pools Delete XW If you change the IP address and click Save Settings the GUI will not respond Open a new
99. LANs 4 user can choose ports and can add them into a VLAN Port Name Mode P YID LAN Membership E Port 1 Access 1 1 IR Port 2 Access 1 1 E Port 3 Access 1 1 L Port 4 Access Wireless VLANs SSID Mode LAN Membership E DSR 1000N_1 Access 1 In Access mode the port is a member of a single VLAN and only one All data going into and out of the port is untagged Traffic through a port in access mode looks like any other Ethernet frame In Trunk mode the port is a member of a user selectable set of VLANs All data going into and out of the port is tagged Untagged coming into the port is not forwarded except for the default VLAN with PVID 1 which is untagged Trunk ports multiplex traffic for multiple VLANs over the same physical link Select PVID for the port when the General mode is selected Configured VLAN memberships will be displayed on the VLAN Membership Configuration for the port By selecting one more VLAN membership options for a General or Trunk port traffic can be routed between the selected VLAN membership IDs 19 Unified Services Router User Manual Figure 7 Configuring VLAN membership for a port DSR 1000N SETUP ADVANCED TOOLS STATUS LAN CONFIGURATION This page allows user to configure the port VLAN LAN Configuration Port Name Port 4 Mode Access v l USB Settings PYID VLAN Settings Y LAN Membership Configuration YLAN Membership Apply
100. NoPriv E dit Traps List P IP Address Community SNMP ersion E dit Delete Add Access Control List E IP Address Subnet Mask Community Access Type Edit Delete Add Tools gt Admin gt SNMP System Info The router is identified by an SNMP manager via the System Information The identifier settings The SysName set here is also used to identify the router for SysLog logging 105 Unified Services Router Figure 70 SNMP system information for this router Date and Time User Manual DSR 1000N SETUP ADVANCED TOOLS STATUS This page displays the current SNMP configuration of the router The following MIB Management Information Base fields are displayed and can be modified here Save Settings Don t Save Settings SNMP System Information SysContact l SysLocation SysName D SF_router 9 3 Configuring Time Zone and NTP Tools gt Date and Time LOGOUT You can configure your time zone whether or not to adjust for Daylight Savings Time and with which Network Time Protocol NTP server to synchronize the date and time You can choose to set Date and Time manually which will store the information on the router s real time clock RTC If the router has access to the internet the most accurate mechanism to set the router time is to enable NTP server communication XW Accurate date and time on the router is critical for firewall schedules Wi Fi power saving su
101. Policy Figure 67 User Login policy configuration DSR 1000N ADVANCED TOOLS STATUS This page allows user to add login policies for the available users Save Settings Don t Save Settings Routing User Login Policies Certificates User Name Engineering Disable Login Deny Login from WAN Interface Power Saving 9 1 1 Remote Management Both HTTPS and telnet access can be restricted to a subset of IP addresses The router administrator can define a known PC single IP address or range of IP addresses that are allowed to access the GUI with HTTPS The opened port for SSL traffic can be changed from the default of 443 at the same time as defining the allowed remote management IP address range 103 Unified Services Router User Manual Figure 68 Remote Management from the WAN DSR 1000N SETUP ADVANCED TOOLS STATUS Date and Time 9 1 2 9 2 gt REMOTE MANAGEMENT LOGOUT From this page a user can configure the remote management feature This Feature can be used to manage the box remotely From WAN side Save Settings Don t Save Settings Remote Management Enable V Access Type ANP Addresses 2 From S To lt n IP Address o Port Number Enable Remote Management CLI Access In addition to the web based GUI the gateway supports SSH and Telnet management for command line interaction The CLI login credentials are shared wi
102. Primary DNS Secondary DNS DU DE AD 20 75 01 0 0 0 0 0 0 0 0 DOWN Enabled Dynamic IP DHCP Not Yet Connected LINK DOWN Use only single WAN port Secondary WAN 0 0 0 0 0 0 0 0 0 0 0 0 Renew Release AA BB CC DD EF 01 0 0 0 0 0 0 0 0 DOWN Enabled ThreeG Unable To Open Communication Port LINK DOWN Use only single WAN port Secondary WAN 0 0 0 0 0 0 0 0 0 0 0 0 Disable The WAN status page allows you to Enable or Disable static WAN links For WAN settings that are dynamically received from the ISP you can Renew or Release the link parameters if required 31 Unified Services Router User Manual 3 3 Bandwidth Controls Advanced gt Advanced Network gt Traffic Management gt Bandwidth Profiles Bandwidth profiles allow you to regulate the traffic flow from the LAN to WAN 1 or WAN 2 This is useful to ensure that low priority LAN users like guests or HTTP service do not monopolize the available WAN s bandwidth for cost savings or bandwidth priority allocation purposes Bandwidth profiles configuration consists of enabling the bandwidth control feature from the GUI and adding a profile which defines the control parameters The profile can then be associated with a traffic selector so that bandwidth profile can be applied to the traffic matching the selectors Selectors are elements like IP addresses or services that would trigger the configured bandwidth regulation Figure 16 L
103. R 1000N if SETUP ADVANCED TOOLS STATUS Application Rules gt site Filter gt f gt j LOGOUT List of IP MAC Binding Name MAC Address IP Address Log Dropped Packets test ipmac1 AD 21 00 BC 32 25 97 0 0 8 Disabled test ipmac2 24 67 AB CD 24 12 192 168 25 49 Enabled E dit Delete Add IP MAC Binding g 5 10 Intrusion Prevention IPS Advanced gt Advanced Network gt IPS The gateway s Intrusion Prevention System IPS prevents malicious attacks from the internet from accessing the private network Static attack signatures loaded to the device allow common attacks to be detected and prevented The checks can be enabled between the WAN and DMZ or LAN and a running counter will allow the administrator to see how many malicious intrusion attempts from the WAN have been detected and prevented 76 Unified Services Router User Manual Figure 47 Intrusion Prevention features on the router DSR 1000N SETUP ADVANCED TOOLS STATUS LOGOUT This page allows user to configure Intrusion Detection System and Intrusion Preventions system on the router Save Settings Don t Save Settings Intrusion Detection Prevention Enable Enable Intrusion Detection Enable Intrusion Prevention IPS Checks Active Between LAN and WAN DMZ and WAN Number of Signatures Loaded 5 10 1 Protecting from Internet Attacks Advanced gt Advanced Network gt Attack Checks Att
104. R Error cleaning digest context ERROR method ctxCreate failed ERROR adpDigestlnit for SHA1 failed ERROR method profile set failed ERROR X509_ ERROR Query s ERROR X509_ ERROR Invalid Certificate for state machine is in invalid state ERROR the ERROR Only StandAlone authenticator supported currently ERROR invalid x509 certificate ERROR state machine is in invalid state ERROR Couldn t get the x509 cert hash ERROR BuildReq operation failed ERROR Memory allocation failed ERROR No method ops defined for current method ERROR FileName too lengthy ERROR Process operation failed ERROR Couldn t execute command ERROR state machine is in invalid state ERROR Memory allocation failed ERROR Packet length mismatch d d ERROR Memory allocation failed ERROR eapAuthTypeToType Invalid eapAuthType d ERROR invalid certificate data ERROR eapTypeToAuthType Invalid eapType d ERROR Query s ERROR unable to create method context ERROR Query s ERROR method ctxCreate failed ERROR Memory allocation failed ERROR Invalid condition methodState d X509_ ERROR Failed to validate the respMethod d ERROR certficate ERROR A EAP Ctx map already exists ERROR Memory allocation failed ERROR eapTimerCreate Currently unsupported for Peer role ERROR Query s ERROR eapTimerStart Currently unsupported for Peer role ERROR Invalid Sign Key Length d ERROR eapTimerDestroy Currently unsupported for Peer role ERROR Invalid Hash Alg
105. ROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 162 Unified Services Router User Manual cpuMemUsageDBUpdateHandler SQL error S ERROR Invalid Privacy Algorithm ERROR unable to open the DB file s ERROR Failed to Get Host Address ERROR umilnit failed ERROR Invalid version ERROR unable to register to UMI ERROR snmp v3 Trap Configuration Failed ERROR Error Reading from the Database ERROR sqlite3QueryResGet failed query s ERROR short DB update event request ERROR sqlite3QueryResGet failed Query s ERROR Failed to Open Snmp Configuration Error in executing DB update handler ERROR File ERROR adpListNodeRemove Returned with an error ERROR Failed to write access control entries ERROR command too long Try increasing ERROR Failed to write snmpv3 users entries ERROR failed to allocate memory for CRON_NODE ERROR Failed to write snmp trap entries ERROR sqlite3QueryResGet failed ERROR Failed to write system entries ERROR There was an error while reading the schedules ERROR Failed to restart snmp ERROR unable to register to UMI ERROR s failed with status ERROR short DB update event request ERROR Error in executing DB update handler ERROR malloc DB_UPDATE_NODE failed ERROR s Unable to open file s ERROR short ifDev event request ERROR RADVD start failed ERROR sqlit
106. ROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 172 Unified Services Router from pnacBackAuthFail calling pnacTxCannedFail s returned ERROR pnacUmiloctlHandler cmd s d s not configured for 802 1x could not process PDU received from the wire pnacPDUForward failed to foward the received PDU Creating PHY port with AUTH backend s SendRtn p RecvRtn p pnacUmiAuthConfig s not configured for 802 1x pnacSuppRegisterUserInfo not a valid AC pnaclfConfig autoAuth Enabled pnacSendRin no pnac port pae found for sending portStatus s d to dot11 pnacRecvASInfoMessage Rkey of length d set ASSendRin p ASToAuthRecv p adpRand failed unable to generate random unicast key using group key as unicast key Integrity check failed more than once in last 60 secs MIC failed twice in last 60 secs taking countermeasures Failed to set dot11 port status PTK state machine in NO_STATE PTK state machine in NO_STATE PMKSA refcount not 1 IV verification failednknown subtype gt pnaclfConfig overwriting previous interface pnaclfConfig overwriting previous pnaclfConfig overwriting previous username pnaclfConfig overwriting previous password s Failed to set port status s Failed to notify event to dot11 pnacLibDeinit Failed to destroy the DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG WARN WARN
107. RTIFICATES LOGOUT Digital Certificates also known as X509 Certificates are used to authenticate the identity of users and systems and are issued by Certification Authorities CA such as VeriSign Thawte and other organizations Digital Certificates are used by this router during the Internet Key Exchange IKE authentication phase to authenticate connecting YPN gateways or clients or to be authenticated by remote entities Trusted Certificates CA Certificate P CA Identity Subject Name Issuer Name Expiry Time Upload Delete Active Self Certificates T Name Subject Name Serial Number Issuer Name Expiry Time Upload Delete Self Certificate Requests E Name Status E Router_1 Active Self Certificate Not Uploaded New Self Certificate Delete 102 Unified Services Router User Manual Chapter 9 Administration amp Management 9 1 Configuration Access Control The primary means to configure this gateway via the browser independent GUI The GUI can be accessed from LAN node by using the gateway s LAN IP address and HTTP or from the WAN by using the gateway s WAN IP address and HTTPS HTTP over SSL Administrator and Guest users are permitted to login to the router s management interface The user type is set in the Advanced gt Users gt Users page The Admin or Guest user can be configured to access the router GUI from the LAN or the Internet WAN by enabling the corresponding Login
108. SETUP ADVANCED TOOLS STATUS RESOURCES LOGOUT Internet Settings Wireless Settings You can configure resources to use when configuring SSL YPN policies Resources are groups of host names IP addresses or IP networks The table lists the resources that have been added and allows several operations on the resources Network Settings DMZ Setup gt VPN Settings List of Resources VLAN Settings gt Resource Name Service DocServer PN Tunnel Delete Configure Add 7 3 Application Port Forwarding Setup gt VPN Settings gt SSL VPN Server gt Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding service Traffic from the remote user to the router is detected and re routed based on configured port forwarding rules Internal host servers or TCP applications must be specified as being made accessible to remote users Allowing access to a LAN server requires entering the local server IP address and TCP port number of the application to be tunneled The table below lists some common applications and corresponding TCP port numbers TCP Application Port Number FTP Data usually not needed FTP Control Protocol SSH Telnet SMTP send mail HTTP web POPS receive mail NTP network time protocol Citrix 1494 Terminal Services 3389 VNC virtual network computing 5900 or 58
109. SSL VPN client is launched from the user portal a network adapter with an IP address from the corporate subnet DNS and WINS settings is automatically created This allows local applications to access services on the private network without any special network configuration on the remote SSL VPN client machine It is important to ensure that the virtual PPP interface address of the VPN tunnel client does not conflict with physical devices on the LAN The IP address range for the SSL VPN virtual network adapter should be either in a different subnet or non overlapping range as the corporate LAN 96 Unified Services Router User Manual XW The IP addresses of the client s network interfaces Ethernet Wireless etc cannot be identical to the router s IP address or a server on the corporate LAN that is being accessed through the SSL VPN tunnel Figure 61 SSL VPN client adapter and access configuration se 000 JA e SN a err SSL YPN CLIENT LOGOUT An SSL YPN tunnel client provides a point to point connection between the browser side machine and this device When a SSL VPN client is launched From the user portal a network adapter with an IP address DNS and WINS settings is automatically created which allows local applications to talk to services on the private network without any special network configuration on the remote SSL YPN client machine Save Settings Don t Save Settings Client IP Address Range VPN S
110. Settings Save Settings Don t Save Settings Advanced Network Bandwidth Profile Configuration Profile Type Priority Priority Low Minimum Bandwidth Rate 1 Max Bandwidth Kbps Maximum Bandwidth Rate EE 100 1000000 Kbps WAN Interface Dedicated WAN Advanced gt Advanced Network gt Traffic Management gt Traffic Selectors Once a profile has been created it can then be associated with a traffic flow from the LAN to WAN To create a traffic selector click Add on the Traffic Selectors page Traffic selector configuration binds a bandwidth profile to a type or source of LAN traffic with the following settings e Available profiles Assign one of the defined bandwidth profiles e Service You can have the selected bandwidth regulation apply to a specific service i e FTP from the LAN If you do not see a service that you want you can configure a custom service through the Advanced gt Firewall Settings gt Custom Services page To have the profile apply to all services select ANY e Traffic Selector Match Type this defines the parameter to filter against when applying the bandwidth profile A specific machine on the LAN can be identified via IP address or MAC address or the profile can apply to a LAN port or VLAN group As well a wireless network can be selected by its BSSID for bandwidth shaping 33 Unified Services Router User Manual Figure 18 Traffic Selector Configuration
111. UG DEBUG DEBUG DEBUG DEBUG DEBUG eapolRecvKeyMsg invalid descriptor version eapolRecvKeyMsg incorrect descriptor version eapolRecvKeyMsg Ack must not be set eapolRecvKeyMsg MIC bit must be set wpaAuthRecvPTKMsg2 unexpected packet received wpaAuthRecvPTKMsg2 failed wpaAuthRecvPTKMsg2 mismatch wpaAuthRecvPTKMsg4 packet received wpaAuthRecvPTKMsg4 keyDataLength not zero wpaAuthRecvPTKMsg4 failed wpaAuthRecvGTKMsg2 packet received secureBit not set in GTK Msg2 wpaAuthRecvGTKMsg2 keyDataLength not zero wpaAuthRecvGTKMsg2 mic check failed wpaAuthRecvKeyRea unexpected packet received wpaAuthRecvKeyRea keyDataLength not zero wpaAuthRecvKeyRea mic check failed mic check rsn ie unexpected mic check unexpected invalid OUI x x x s invalid OUI x x x S d Cipher in WPA IE x s invalid OUI x x x short WPA IE length d received PTK state machine in unknown state dot11InstallKeys failed group state machine entered into WPA_AUTH_GTK_INIT dot11Malloc failed dot11Malloc failed dot11Malloc failed aesWrap failed unknown key descriptor version d dot11Malloc failed could not initialize AES128ECB could not initialize AES 128 ECB MD5 initialization failed User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ER
112. UNIFIED SERVICES ROUTER USER MANUAL DSR 500N 1000N RELEASE 1 01 User Manual Unified Services Router D Link Corporation Copyright 2010 http www dlink com Unified Services Router User Manual User Manual DSR 500N 1000N Unified Services Router Version 1 0 Copyright 2010 Copyright Notice This publication including all photographs illustrations and software is protected under international copyright laws with all rights reserved Neither this manual nor any of the material contained herein may be reproduced without written consent of the author Disclaimer The information in this document is subject to change without notice The manufacturer makes no representations or warranties with respect to the contents hereof and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose The manufacturer reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of the manufacturer to notify any person of such revision or changes Limitations of Liability UNDER NO CIRCUMSTANCES SHALL D LINK OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF ANY CHARACTER E G DAMAGES FOR LOSS OF PROFIT SOFTWARE RESTORATION WORK STOPPAGE LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE D LINK PRODUCT OR FAILURE OF THE PRODUCT EVEN IF D LINK IS INFORMED OF THE
113. Unified Services Router User Manual Figure 76 VPN logs displayed in GUI event viewer DSR 1000N SETUP ADVANCED TOOLS STATUS D YPN LOGS LOGOUT This page shows the YPN IPSEC related log Display Logs Traffic Monitor 2000 01 01 00 00 31 INFO IKE started 2000 01 01 00 01 41 INFO Adding I configuration with identifier test_policy 2000 01 01 00 01 41 INFO Adding IKE configuration with identifier test_policy 00 02 09 INFO IKE stopped 00 02 11 INFO IKE started 00 02 12 INFO identifier test_policy 2000 01 01 00 02 12 INFO identifier test_policy 00 03 03 INFO 00 03 03 INFO Configuration found for 00 03 03 INFO Initiating new phase 1 Refresh Logs Clear Logs 9 5 Backing up and Restoring Configuration Settings Tools gt System You can back up the router s custom configuration settings to restore them to a different device or the same router after some other changes During backup your settings are saved as a file on your host You can restore the router s saved settings from this file as well This page will also allow you revert to factory default settings or execute a soft reboot of the router et IMPORTANT During a restore operation do NOT try to go online turn off the router shut down the PC or do anything else to the router until the operation is complete This will take approximately 1 minute Once the LEDs are turned off wait a few more seconds before
114. WAN ports Similar to the PPPoE configuration options in the WAN configuration page you need to define the ISP logon credentials authentication type and connectivity settings for the PPPoE session This information will be provided by the ISP that offers multiple PPPoE session support 27 Unified Services Router User Manual Figure 13 PPPoE profile configuration DSR 1000N SETUP ADVANCED TOOLS STATUS PPPoE PROFILES LOGOUT Internet Settings This page allows user to configure a PPPoE profile This profile can be attached to a WAN to make a PPPoE connection with the ISP Save Settings Don t Save Settings PPPoE Profile Configuration Profile Name i tid User Name aamin Password pe Service isd Optional Authentication Type Auto negotiate lt Connectivity Type Keep Connected Idle Time s Minutes Internet IP Address IP Address Source Get Dynamically from ISP IP Address p IP Subnet Mask Domain Name System DNS Servers DNS Server Source l Get Dynamically from ISP z Primary DNS Server Secondary DNS Server 3 2 5 WAN Configuration in an IPv6 Network Setup gt IPv6 gt IPv6 WANI Config For IPv6 WAN connections this router can have a static IPv6 address or receive connection information when configured as a DHCPv6 client In the case where the ISP assigns you a fixed address to access the internet the static configuration setti
115. WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN User Manual RC4 framework initialization failed PNAC framework initialization failed ERROR option value not specified ERROR u can be used only with s ERROR user name not specified failed to enable debug s failed to convert string to MAC failed to initialize UMI pnacPhyPortParamSet invalid arguments pnacPhyPortParamSet Failed to create socket Error from pnacPhyPortParamSet s device invalid Error from pnacPhyPortParamSet s Getting MAC address pnacPhyPortParamSet Failed to add 802 1X multicast pnaclsInterfaceUp failed to create a raw socket pnaclsInterfaceUp failed to get interface flags failed to allocate buffer UMI initialization failed UMI initialization failed Error from pnacEapDemoAuthLiblnit malloc failed Error from pnacEapDemoAuthRecv received null EAP pkt Error from pnacEapDemoAuthRecv send Error from pnacRadXlateASAdd cannot open socket Error from pnacRadXlateDemoRecv received null EAP pkt From pnacRadXlateDemoRecv send Error from pnacRadXlateDemoRecv radius Error from pnacRadXlateDemoRecv radius Error from pnacRadXlateRadldRespSend send to failed Error from pnacRadXlateRadNonldRespSend send to failed Error from pnacRadXlateRadRecvProc recvfrom failed From ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR
116. WPA WPA2 is a security option that allows devices to connect to an AP using the strongest security that it supports This mode allows legacy devices that only support WPA2 keys such as an older wireless printer to connect to a secure AP where all the other wireless clients are using WPA2 Figure 27 List of Available Profiles shows the variety of options available to secure the wireless link DSR 1000N SETUP ADVANCED TOOLS STATUS PROFILES LOGOUT Internet Settings Wireless Settings 4 profile is a grouping of wireless settings which can be shared across multiple APs AP specific settings are configured on the Access Point Configuration page The profile allows for easy duplication of SSIDs security settings encryption methods client authentication etc across APs List of Profiles T Profile Name SSID Broadcast Security Encryption Authentication IR default1 admin Y WPA WPAZ TKIP CCMP PSK VLAN Settings DSR quest DSR_guest 0 OPEN NONE NONE E dit Delete Add 4 2 1 WEP Security If WEP is the chosen security option you must set a unique static key to be shared with clients that wish to access this secured wireless network This static key can be generated from an easy to remember passphrase and the selected encryption length e Authentication select between Open System or Shared Key schemes e Encryption select the encryption key size 64 bit WEP or 128 bit WEP The larger size keys provide stronger enc
117. X 3 3X 4 4Xx failed to allocate tx descriptors d error failed to allocate beacon descripotrs d error failed to allocate UAPSD descripotrs d error hal qnum u out of range max ul HAL AC u out of range max zul HAL AC u out of range max zul s unable to update hardware queue u Multicast Q p buf buf flags 0x 08x buf gt bf_flags buf status 0x 08x buf gt bf_status frames in aggr d length of aggregate d length of frame d sequence number d tidno d isdata d isaggr d isampdu d ht d isretried d isxretried d shpreamble d isbar d ispspoll d aggrburst d calcairtime d qosnulleosp d Ap 0x 08x 0x 08x Ox 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x sc_txq d i tid p pause d tid tid gt paused d p j tid gt tx_buf j DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual s unable to register device dev gt name ath_pci 32 bit DMA not available ath_pci cannot reserve PCI memory region ath_pci cannot remap PCI memory region ath_pci no memory for device state s unable to register device dev gt name
118. _lviPPPOL2TP _ fmt args 02X ptr length DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG s Got Null m p m p sa p sa p _func__ ppBufMgr s Got Deleted SA p o gt state Sag s fmt FILE _ __FUNCTION __ args Sag s fmt FILE _ __FUNCTION __ args ipt_TIME format args IPT_ACCOUNT_NAME checkeniry wrong parameters not equals existing table parameters IPT_ACCOUNT_NAME checkeniry too big netmask IPT ACCOUNT NAME checkeniry failed to allocate zu for new table s sizeof struct t_ipt_account_table info gt name IPT_ACCOUNT_NAME checkeniry wrong network netmask account Wrong netmask given by netmask parameter i Valid is 32 to 0 netmask IPT_ACCOUNT_NAME checkeniry failed to create procfs entry IPT_ACCOUNT_NAME checkeniry failed to register match failed to create procfs entry MPPE MPPC encryption compression module registered MPPE MPPC encryption compression module unregistered PPP generic driver version PPP_VERSION MPPE MPPC encryption compression module registered MPPE MPPC encryption compression module unregistered PPP generic driver version PPP_VERSION PPPoL2TP kernel driver s PPPoL2TP kernel driver s PPPoL2TP kernel driver s faile
119. acTxCannedFail hmac_md5 adpHmacContextCreate failed hmac_md5 adpHmaclnit failed pnacUmiloctlHandler invalid cmd d ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router User Manual pnacEapRadAuthSend Invalid Error in executing DB update handler ERROR arguments ERROR pnacEapRadAuthSend failed to sqlite3QueryResGet failed ERROR allocate inbuffer ERROR ERROR incomplete DB update information ERROR pnacXmit umiloctl failed d ERROR old values result does not contain 2 rows ERROR pnacPDUForward Invalid input ERROR pnacPDUForward error in getting port sqlite3QueryResGet failed ERROR pae information ERROR pnacPDUForward error allocating Error in executing DB update handler ERROR memory ERROR pnacUmilfMacAddrChange s not sqlite3QueryResGet failed Query s ERROR configured for 802 1x ERROR pnacUmilfMacAddrChange could not sqlite3QueryResGet failed Query s ERROR process PDU received ERROR pnacUmiPhyPortConfig Invalid config sqlite3QueryResGet failed Query s ERROR data ERROR pnacUmiPhyPortConfig Invalid sqlite3QueryResGet failed Query s ERROR backend name specified ERROR pnacUmiPhyPortConfig could not startStopVap failed to stop s ERROR create PNAC physical ERROR pna
120. acks can be malicious security breaches or unintentional network issues that render the router unusable Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP scans TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources Additionally certain Denial of Service DoS attacks can be blocked These attacks if uninhibited can use up processing power and bandwidth and prevent regular network services from running normally ICMP packet flooding SYN traffic flooding and Echo storm thresholds can be configured to temporarily suspect traffic from the offending source 77 Unified Services Router User Manual Figure 48 Protecting the router and LAN from internet attacks 0 JA o eS err on S gt p g ATTACK CHECKS LOGOUT This page allows you to specify whether or not to protect against common attacks From the LAN and WAN networks Save Settings Don t Save Settings WAN Security Checks Enable Stealth Mode E Block TCP flood Vv LAN Security Checks Block UDP flood Block ICMP Notification Block Fragmented Packets D Block Multicast Packets DoS Attacks SYN Flood Detect Rate max sec Echo Storm ping pkts sec fis ICMP Flood ICMP pkts sec 78 Unified Services Router User Manual Chapter 6 IPSec PPTP L2TP VPN A VPN provides a secure communication channel tunnel
121. adConfAssert No Default Retry Count Specified radExtractMppeKey Invalid MS MPPE Key Length radVendorMessage Invalid Length in Vendor Message radVendorMessage Unknown Vendor ID received d radVendorAttrGet Invalid Length in Vendor Message radVendorAttrGet Unknown Vendor ID d radVendorMessagePack Unknown Vendor ID d radGetIPByName couldn t resolve hostname s radGetHostIP couldn t get hostname radGetHostIP couldn t get host IP address radius dictionary loading failed Failed to set default timeout value User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 159 Unified Services Router Adding Dictionary Attribute s Adding Dictionary Value s Receiving attribute s Processing attribute s Processing attribute s Processing attribute s Processing attribute s radConfGet Added Server s d with Added Server s d with Default Timeout Set to d Default Retry Count Set to d Sag VS Yd Deleting Server s d with Adding Rowld d to Server s d with rowlds d d Deleting Server s d with RADIUS Deconfigured Found Option s on line d of file s Setting Option s with value s RADIUS Configured d Server s d with DBUpdate event Table s opCode d rowld d Hos
122. added manually by an administrator and allows several operations on the static routes The List of IPv4 Static Routes and List of IPv6 Static Routes share the same fields with one exception e Name Name of the route for identification and management e Active Determines whether the route is active or inactive A route can be added to the table and made inactive if not needed This allows routes to be used as needed without deleting and re adding the entry An inactive route is not broadcast if RIP is enabled e Private Determines whether the route can be shared with other routers when RIP is enabled If the route is made private then the route will not be shared in a RIP broadcast or multicast This is only applicable for IPv4 static routes e Destination the route will lead to this destination host or IP address e IP Subnet Mask This is valid for IPv4 networks only and identifies the subnet that is affected by this static route e Interface The physical network interface WANI WAN2 DMZ or LAN through which this route is accessible e Gateway IP address of the gateway through which the destination host or network can be reached e Metric Determines the priority of the route If multiple routes to the same destination exist the route with the lowest metric is chosen 41 Unified Services Router User Manual Figure 22 Static route configuration fields STATIC ROUTE CONFIGURATION LOGOUT Firewall Settings
123. al LAN VLAN filtering is particularly useful to limit broadcast packets of a device in a large network VLAN support is disabled by default in the router In the VLAN Configuration page enable VLAN support on the router and then proceed to the next section to define the virtual network Setup gt VLAN Settings gt Available VLAN The Available VLAN page shows a list of configured VLANs by name and VLAN ID A VLAN membership can be created by clicking the Add button below the List of Available VLANs A VLAN membership entry consists of a VLAN identifier and the numerical VLAN ID which is assigned to the VLAN membership The VLAN ID value can be any number from 2 to 4091 VLAN ID 1 is reserved for the default VLAN which is used for untagged frames received on the interface By enabling Inter VLAN Routing you 17 Unified Services Router User Manual will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other configured VLAN IDs that have Inter VLAN Routing enabled Figure 5 Adding VLAN memberships to the LAN Internet Settings DMZ Setup VPN Settings USB Settings VLAN Settings 2 2 1 DSR 1000N SETUP ADVANCED TOOLS STATUS AVAILABLE LANS This page allows user to enable disable VLAN support on the LAN Save Settings Don t Save Settings LAN Configuration Id Inter YLAN Routing Enable Associating VLANs to ports In order to tag all traffic through a specific
124. amically exchanges keys between two IPSec hosts The Phase 1 IKE parameters are used to define the tunnel s security association details The Phase 2 Auto policy parameters cover the security association lifetime and encryption authentication details of the phase 2 key negotiation The VPN policy is one half of the IKE VPN policy pair required to establish a Auto IPSec VPN tunnel The IP addresses of the machine or machines on the two VPN endpoints are configured here along with the policy parameters required to secure the tunnel 83 Unified Services Router User Manual Figure 51 IPSec policy configuration continued Auto policy via IKE Phase1 IKE SA Parameters Exchange Mode Direction Type Nat Traversal On O Off NAT Keep Alive Frequency in a seconds Local Identifier Type Local Wan IP lt Local Identifier a rT Remote Identifier Type Remote Wan IP lt Remote Identifier e Encryption Algorithm 3DES E Authentication Algorithm sH lt Authentication Method Pre shared key Pre shared key o Diffie Hellman DH Group Group 2 1024 bit SA Lifetime sec agan Enable Dead Peer Detection P Detection Period 10 Reconnect after failure count E Enable Extended Authentication Cr Username admin Password l E A Manual policy does not use IKE and instead relies on manual keying to exchange authentication parameters between the two IPSec hosts The incoming and outgoing sec
125. ap secrets Pap Secrets failed Error in executing DB update handler unboundMgmt unable to open the Can t kill pptpd pptpd restart failed Can t kill pptpd failed to get field value failed to get field value unboundMgmt unable to open the writing options pptpd failed pptpdStop failed writing pptod conf failed writing options pptpd failed pptpdStop failed pptpdStart failed writing Chap secrets Pap Secrets failed Error in executing DB update handler pppStatsUpdate unable to get default MTU pppoeMgmtlnit unable to open the database file s pppoeDisable unable to kill ppp daemon pppoeMultipleEnableDisable pppoe enable failed pppoeMultipleEnableDisable pppoe disable failed User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 151 Unified Services Router l2tpMgmtTblHandler l2tpMgmtTblHandler l2tpMgmtTblHandler l2tpMgmtTblHandler l2tpMgmtTblHandler specified l2tpMgmtTblHandler l2tpMgmtTblHandler configured l2tpMgmtTblHandler l2tpMgmtTblHandler l2tpMgmtTblHandler l2tpMgmtTblHandler l2tpMgmtTblHandler UserName s Password s AccountName s DomainName s Secret not Secret s dynamic Mylp Mylp s Serverlp s Staticlp
126. based Firewall Rules Enabling Firewall Rules for URL Filtering amp Adding Firewall Rule for RIP Protocol Restarting Schedule Based Firewall Rules enabling IPS checks between s and S Zones disabling IPS checks between s and S zones Stopping IPS s IPS started Route already exists Route addition failed Network Unreachable Route addition failed Network is down Route addition failed Failed to add rule in iptables Failed to delete rule from iptables fwLBSpillOverConfigure Something going wrong here fwLBSpillOverConfigure unable to get interfaceName fwLBSpillOverConfigure Could not set PREROUTING rules User Manual DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ERROR ERROR ERROR 166 Unified Services Router Update FirewallRules6 where ScheduleName s to New Dns proxy Restart failed deleting interface to ifgroup failed adding interface to ifgroup failed deleting interface pVirtlface s from ifgroup d adding interface pVirtlface s to ifgroup d failed Deleting IP address s Adding new IP address s Updating old IP address s to new IP address s Restarting Firewall For s Address Update from s s Disabling Firewall Rule for MSS packet marking Enabling Firewall Rule for MSS packet ma
127. bling Firewall Rules for Auto Failover Enabling Firewall Rules for Load Balancing Enabling Firewall Rules for Spill Over Load Balancing Enabling Firewall Rules for Auto Failover Deleting BlockSites Keyword Enabling BlockSites Keyword Disabling BlockSites Keyword DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Unified Services Router Enabling attack check for L2TP Enabling attack check for UDP Flood Enabling attack check for IPSec Enabling attack check for PPTP Enabling attack check for L2TP Enabling DoS attack check with d SyncFlood detect rate Disabling DoS attack check having d SyncFlood detect rate Enabling ICSA Notification Item for ICMP notification Enabling ICSA Notification Item for Fragmented Packets Enabling ICSA Notification Item for Multi cast Packets Disabling ICSA Notification Item for ICMP notification Disabling ICSA Notification Item for Fragmented Packets Disabling ICSA Notification Item for Multi cast Packets Adding IP MAC binding rule for s MAC address Deleting IP MAC binding rule for s MAC src firewall linux user firewalld c 60 un def ADP_DEBUG src firewall linux user firewalld c 62 def ine ADP_DEBUG printf Restarti
128. bling fragments incorrect size Error creating cipher context Error initializing cipher context Error creating digest context Error initializing digest context Error initializing DES in Klite Error initializing MD4 in Klite Error initializing RC4 in Klite Error initializing SHA in Klite Error cleaning cipher context Error destroying cipher context Error cleaning digest context Error destroying digest context Error stripping domain name Error cleaning digest context Error cleaning digest context Challenge not present in failure packet Wrong challenge length Incorrect password change version value Error generating password hash Error generating password hash Error encrypting password hash with block User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 157 Unified Services Router User Manual pEapCtx NULL or pPDU NULL ERROR Could not initialize des ecb ERROR received EAP pdu bigger than EAP_MTU_SIZE ERROR Error cleaning cipher context ERROR received EAP pdu bigger than EAP_MTU_SIZE ERROR Error cleaning cipher context ERROR state machine is in invalid state ERROR Error cleaning digest context ERROR unable to create method context ERRO
129. c tn teeta en edt a rt ead hb 122 10 2 Traffic Statistics a a RR bade edit Tn ee RR 126 10 2 1 Wired Port Statistics oo ccc cece E a EE aoa a a E naa AREER oR 126 10 2 2 Wireless Slat iOS e a a a aea a a aae aaa aa i S noh 127 10 3 Active Conneciions ee 128 10 3 1 Sessions through the Router 128 10 3 2 Wireless e En E E E E E EEEE EE EEE 130 10 3 3 CAN CIEMS ui n a a a a a a aia a 130 10 3 4 Active VPN tTI IST 131 T TOU Tene ett eee ee es Peete ea eae re ae 133 ab E HHI zanse Taz CHONG 2 Aeterna eee cast ead eaten ee 133 bN berm Y 1 Te b 0 E EE EEE ATER E E E AAT 135 11 3 Pinging to Test LAN Connectivity ccc eee eee eee eee eee eee eee 135 11 3 1 Testing the LAN path from your PC to your router oo cc ee eee ee eee eee 135 11 3 2 Testing the LAN path from your PC to a remote device sese eee e 136 11 4 Restoring factory default Configuration Settings eee eee eee eee ee eee ee ee e 137 COIS TTT 139 GIOS aN area eaa R T TH a HT RH TD 140 Factory Default Settings see eee eee eee eee 143 Standard Services Available for Port Forwarding amp Firewall Configuration 144 Log Output ReferenCe eee 145 Unified Services Router User Manual List of Figures Figure 1 Setup page for LAN TCP IP settings see eee eee eee 11 Figure 2 IPv6 LAN and DHCPV6 configuration sss sees ee eee eee 13 Figure 3 Configuring the Router Advertisement Daemon sese ee 16 Figure 4 IPv6 Advertisement Prefix settings sese eee eee ee 17
130. cUmiAuthConfig Invalid config Invalid SQLITE operation code d ERROR data ERROR src dot1 1 mgmt dot1 1Mgmt c 1177 pnacUmiAuthConfig Invalid backend ADP_ERROR ERROR name specified ERROR only delete event expected on dot11RogueAP ERROR unable to create new EAP context ERROR unable to apply s profile on the EAP sqlite3QueryResGet failed ERROR context ERROR pnacUmiAuthConfig could not unhandled database operation d ERROR configure PNAC PAE ERROR pnacUmiSuppContfig Invalid config sqlite3QueryResGet failed ERROR data ERROR pnacUmiSuppContfig Invalid backend failed to configure WPS on s ERROR name specified ERROR pnacUmiSuppConfig s not sqlite3QueryResGet failed ERROR configured for 802 1x ERROR pnacUmiSuppConfig could not PNAC sqlite3QueryResGet failed ERROR port Access ERROR pnacUmiSuppConfig Failed to register sqlite3QueryResGet failed ERROR user information ERROR pnacPortByMacDeconfig port not sqlite3QueryResGet failed ERROR found ERROR pnacPortByMacDeconfig port not sqlite3QueryResGet failed ERROR found ERROR no VAP rows returned expected one ERROR pnacUmilfDown Invalid config data ERROR multiple VAP rows returned expected one ERROR pnacUmilfDown Invalid config data ERROR Error from pnacPortDeconfig port not sqlite3QueryResGet failed ERROR configured ERROR pnacUmilfDown could not de invalid query result ncols d nrows d ERROR configure port ERROR pnacUmiPhyPortDestroy Invalid s VAP s c
131. cated WAN Configurable WAN gt Service ANY x Action AwaysBlock el Select Schedule Gets 2 Source Hosts Any x From SS To Sa Destination Hosts Any x From O To he Log l Never v QoS Priority NomalSevice Source NAT Settings External IP Address WAN Interface Address 7 Single IP Address WAN Interface Destination NAT Settings Internal IP Address Enable Port Forwarding S Translate Port Number External IP Address Other IP Address 64 Unified Services Router User Manual 5 3 1 Firewall Rule Configuration Examples Example 1 Allow inbound HTTP traffic to the DMZ Situation You host a public web server on your local DMZ network You want to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day Solution Create an inbound rule as follows Parameter Value From Zone Insecure WAN1 WAN2 To Zone Public DMZ Service HITTE Action ALLOW always Send to Local Server DNAT IP 192 168 5 2 web server IP address Destination Users Any Example 2 Allow videoconferencing from range of outside IP addresses Situation You want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses 132 177 88 2 132 177 88 254 from a branch office Solution Create an inbound rule as follows In the example CUSeeMe the video conference service us
132. chedule to be active all day or at specific times during the day l All Day X Start Time Hour Minute End Time Hour Minute 2 Since we are trying to block HTTP requests it is a service with To Zone Insecure WAN1 WAN2 that is to be blocked according to schedule Weekend 67 Unified Services Router User Manual 5 4 3 Select the Action to Block by Schedule otherwise allow This will take a predefined schedule and make sure the rule is a blocking rule during the defined dates times All other times outside the schedule will not be affected by this firewall blocking rule 4 As we defined our schedule in schedule Weekend this is available in the dropdown menu 5 We want to block the IP range assigned to the marketing group Let s say they have IP 192 168 10 20 to 192 168 10 30 On the Source Users dropdown select Address Range and add this IP range as the From and To IP addresses 6 We want to block all HTTP traffic to any services going to the insecure zone The Destination Users dropdown should be any 7 We don t need to change default QoS priority or Logging unless desired clicking apply will add this firewall rule to the list of firewall rules 8 The last step is to enable this firewall rule Select the rule and click enable below the list to make sure the firewall rule is active Security on Custom Services Advanced gt Firewall Se
133. chedules to bind to a firewall rule eee ee 61 The firewall rule configuration page allows you to define the To From zone service action schedules and specify source destination IP addresses as needed 64 Schedule configuration for the above example eee eee eee eee ee eee ee 67 List of user defined services sese 69 Available ALG Support on the router 70 Passthrough options for VPN unnels eee 71 List of Available Application Rules showing 4 unique rules sese ee eee eee 72 Content Filtering used to block access to proxy servers and prevent ActiveX controls FrOM BEING COWNIOAE D saose E raa EASE ET EEE 73 Two trusted domains added to the Approved URLs LIS 74 Two keywords added to the block St 75 The above example of IP MAC Binding binds a LAN host s MAC Address to an IP address If there is an IP MAC Binding violation the violating packet will be dropped and logs will be captured eee eee 76 Intrusion Prevention features on the router eee eee eee 77 Protecting the router and LAN from internet atacs 78 VPN Wizard launch screen on eee eeescseseseseeeecccecnenensseesssucuceararsssesssssesesssesaseseseseeacaaneneesees 80 IPSec policy configuration eee 83 IPSec policy configuration continued Auto policy via IKE oo sese 84 IPSec policy configuration continued Auto Manual Phase 21 esse 85 PPTP tunnel configuration PPTP Server 87 L2TP tunnel configuration L2TP Server eee 87 Available
134. chronized time with s Received KOD packet from s No suitable server found s Received Invalid Length packet from s Received Invalid Version packet from s Received Invalid Mode packet from s Request Timed out from s Looking Up s Timezone difference d Could not open file s Could not read data from file ntpTblHandler status d tz d DayLightsaving d pNitpControl gt ServerNames PRIMARY_SERVER ag pNitpControl gt ServerNames SECONDARY_SERVER S DS d pPriServ s pSecServ s Making request from d gt d sent request dst d lt src d using option d received request too small d bytes Received a UMI request from d sent a reply src d gt dst d umiRegister x xX x xX srcld d s gt destId d s cmd d inLen d outLen d waiting for reply Giving Up No request in the list after semTake reply timeout DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Unable to set debug for radAuth Unable to set debug level for radAuth ERROR option value not specified Unable to initialize radius Invalid username challenge or response Unable to set debug for radAuth Unable to set debug level for radAuth ERROR option value no
135. concurrent PPPoE sessions it is most common in Japan Each connection can have its own specific authentication requirements and will provide unique IP gateway and DNS address parameters to the associated WAN port The PPPoE Profiles page offers a convenient way to maintain multiple PPPoE accounts which can then be associated with one of the available WAN interfaces Once configured a PPPoE profile name can be selected on the WAN configuration page to reduce the configuration requirements for that WAN port The PPPoE profile is referenced on the WAN Configuration page The List of PPPoE profiles for a particular WAN see figure below outlines the available profile and their status and authentication type Figure 12 List of configured PPPoE profiles secon IAN o SE er PPPoE PROFILES LOGOUT Internet Settings The PPPoE Profiles page offers a convenient way to maintain multiple PPPoE accounts which can then be associated with the WAN interface The PPPoE profile is referenced on the WAN Configuration page The Profiles table lists the available PPPoE profiles and some attributes associated with each profile List of PPPoE Profiles for WAN1 IR Profile Name Status User Name Authentication Type USB Settings P Japan line 1 Disabled admin Auto negotiate P Japan line 2 Disabled admin MS CHAP 2 E dit Delete Add To create a new PPPoE profile select Add in the PPPoE Profile page Each profile is associated to one of the two
136. connectivity between this router and another device on the network connected to this router Enter an IP address and click PING The command output will appear indicating the ICMP echo request status 9 8 2 Trace Route This utility will display all the routers present between the destination IP address and this router Up to 30 hops intermediate routers between this router and the destination will be displayed 118 Unified Services Router User Manual Figure 81 Sample traceroute output DSR 1000N SETUP ADVANCED TOOLS STATUS Trace Route To www dlink com Date and Time SYSTEM CHECK LOGOUT This page displays the output of the diagnostic command which user runs Command Output Gateway Genmask Flags Metric Ref Use Iface 127 0 0 1 255 255 1 5 255 0 192 168 2 1 a 255 0 N 255 0 192 168 75 100 97 0 0 2 192 168 75 4 System Check Back 9 8 3 DNS Lookup To retrieve the IP address of a Web FTP Mail or any other server on the Internet type the Internet Name in the text box and click Lookup If the host or domain entry exists you will see a response with the IP address A message stating Unknown Host indicates that the specified Internet Name does not exist XW This feature assumes there is internet access available on the WAN link s 9 8 4 Router Options The static and dynamic routes configured on this router can be shown by clicking Display for the correspondin
137. crypted e Tunnel This mode is used for network to network IPSec tunnels where this gateway is one endpoint of the tunnel In this mode the entire IP packet including the header is encrypted and or authenticated When tunnel mode is selected you can enable NetBIOS and DHCP over IPSec DHCP over IPSec allows this router to serve IP leases to hosts on the remote LAN As well in this mode you can define the single IP address range of IPs or subnet on both the local and remote private networks that can communicate over the tunnel 82 Unified Services Router User Manual Figure 50 IPSec policy configuration DSR 1000N SETUP ADVANCED TOOLS STATUS IPSEC CONFIGURATION LOGOUT This page allows user to configure a auto VPN IPSec policy Save Settings Don t Save Settings Policy Name ooy Policy Type Auto Policy IPSec Mode TunnelMode Select Local Gateway Dedicated WAN z Remote Endpoint IP Address Enable NetBIOS E Local IP Anw x Local Start IP Address SS Local End IP Address a Local Subnet Mask Remote IP Any X Remote Start IP Address D Remote End IP Address Remote Subnet Mask Ost Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase Phase 2 negotiation to use for the tunnel This is covered in the IPSec mode setting as the policy can be Manual or Auto For Auto policies the Internet Key Exchange IKE protocol dyn
138. d ZERO const char descr krb5_keyblock k F password amp pdata test key key pre hashed key key const char descr krb5_keyblock k AES 128 bit key amp key DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Loading bridge module Unloading bridge module unsupported command d cmd Loading ifDev module Unloading ifDev module ERROR d in alloc_chrdev_region result ERROR d in cdev_add result using bcm switch s bcmswitch priviegedID d wanporttNo d priviegedID wanportNo Loading mii Unloading mii s Version 0 1 s driver unloaded dev_info wlan s backend registered be gt iab_name wlan s backend unregistered wlan s acl policy registered iac gt iac_name wlan s acl policy unregistered iac gt iac_name s tmpbuf VLAN2 VLAN3 VLAN4 lt d d gt S S dev_info version s driver unloaded dev_info Sag buf Sag s dev_info ath_hal_version s driver unloaded dev_info S S mem 0x lx irq d hw_base 0x p S S dev_info version s driver unloaded dev_info Sag S mem 0x lx irq d Sag S mem 0x lx irq d S S dev_info version s driver unloaded dev_info Sag buf Sag s dev_info ath_hal_vers
139. d to create procfs entry proc dir not created Initialzing Product Data modules De initializing by kernel UMI module loaded kernel UMI module unloaded state d _func__ plpseclnfo plpsecinf User Manual DEBUG DEBUG INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO 185 Unified Services Router 02X unsigned char m gt msg_iov i iov_base j 02X skb gt data i _lviPPPOL2TP _ fmt args 02X ptr length 02X unsigned char m gt msg_iov i iov_base j 02X skb gt data i KERN_EMERG THE value read is Sad Value KERN_EMERG Factory Reset button is pressed KERN_EMERG Returing error in INTR registration KERN_EMERG Initialzing Factory defaults modules Failed to allocate memory for pSipListNode SIPALG Memeory allocation failed for pSipNodeEntryTbl pkt err s pktInfo error pkt err s pktInfo error pkt err s pktInfo error s Len d msg len 02x uint8_t ptr i End CVM_MOD_EXP_BASE MISMATCH cmd x base x cmd op gt sizeofptr ld op gt sizeofptr opcode cmd x cmd modexp opcode received Memory Allocation failed modexpcrt opcode received kmalloc failed kmalloc failed kmalloc failed kmalloc failed kmalloc Failed kmalloc failed unknown cyrpto ioctl cmd received x cmd register_chrdev returne
140. d to get old old connection failed to get old User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 147 Unified Services Router pPrivSep s s DBUpdate event Table s opCode d rowld d Re Starting sshd daemon sshd re started successfully sshd stopped failed query s vlan disabled not applying vlan configuration failed query s failed query s no ports present in this vlanid d failed query s vlan disabled not applying vlan configuration disabling vlan enabling vian vlan disabled not applying vlan configuration no ports present in this vlanid d failed query s vlan disabled not applying vlan configuration removing s from bridge s s adding s to bridge d s restarting bridge switchConfig Ignoring event on port number d restarting bridge executing S S removing s from bridge s s adding s to bridge d s switchConfig Ignoring event on s restarting bridge switchConfig Ignoring event on port number d switchConfig executing s S restarting bridge UserName s Password s IsoName s DialNumber s Apn s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
141. ded action 1 Select Administration gt Time Zone and view the current date and time settings 2 Click to check or uncheck Automatically adjust for Daylight Savings Time then click Apply 11 3 Pinging to Test LAN Connectivity Most TCP IP terminal devices and firewalls contain a ping utility that sends an ICMP echo request packet to the designated device The device responds with an echo reply Troubleshooting a TCP IP network is made very easy by using the ping utility in your PC or workstation 11 3 1 Testing the LAN path from your PC to your router 1 From the PC s Windows toolbar select Start gt Run 2 Type ping lt IP_address gt where lt IP_address gt is the router s IP address Example ping 192 168 10 1 3 Click OK 135 Unified Services Router User Manual 4 Observe the display e Ifthe path is working you see this message sequence Pinging lt IP address gt with 32 bytes of data Reply from lt IP address gt bytes 32 time NN ms TTL xxx e Ifthe path is not working you see this message sequence Pinging lt IP address gt with 32 bytes of data Request timed out 5 Ifthe path is not working Test the physical connections between PC and router e If the LAN port LED is off go to the LED displays section on page B 1 and follow instructions for LAN or Internet port LEDs are not lit e Verify that the corresponding link LEDs are lit for your network interface card and for any hub po
142. destroy ISATAP Tunnel Could not configure ISATAP Tunnel Could not de configure ISATAP Tunnel nimfStatusUpdate updating NimfStatus failed nimfStatusUpdate updating NimfStatus failed nimfLinkStatusGet determinig link s status failed nimfLinkStatusGet opening status file failed User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 146 Unified Services Router s DBUpdate event Table s opCode d rowld d S d SIP ENABLE s sipTblHandler failed to update ifStatic sipTblHandler failed to update Configport S d SIP DISABLE s S d SIP SET CONF s Failed to open s s Failed to start sipalg Failed to stop sipalg Failed to get config info Network Mask 0x x RTP DSCP Value 0x x Need more arguments Invalid lanaddr Invalid lanmask Invalid option Failed to set config info Unknown option sshdTblHandler pPort s pProtocol s pListerAddr s pKeyBits s pRootEnable s pRsaEnable s pDsaEnable s pPassEnable s pEmptyPassEnable s pSftpEnable s pScpEnable s pSshdEnable s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DE
143. doing anything with the router For backing up configuration or restoring a previously saved configuration please follow the steps below 1 To save a copy of your current settings click the Backup button in the Save Current Settings option The browser initiates an export of the configuration file and prompts to save the file on your host 114 Unified Services Router User Manual 2 To restore your saved settings from a backup file click Browse then locate the file on the host After clicking Restore the router begins importing the file s saved configuration settings After the restore the router reboots automatically with the restored settings 3 To erase your current settings and revert to factory default settings click the Default button The router will then restore configuration settings to factory defaults and will reboot automatically See Appendix B for the factory default parameters for the router Figure 77 Restoring configuration from a saved file will result in the current configuration being overwritten and a reboot DSR 1000N SETUP ADVANCED TOOLS STATUS Date and Time SYSTEM LOGOUT Log Settings Backup Restore Settings Save Current Settings Backup Restore Saved Settings l Browse Schedules Restore Factory Default settings Default Reboot Reboot 9 6 Upgrading Router Firmware Tools gt Firmware You can upgrade to a newer software version from
144. e ifmedia_add null ifm DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual Unable to create ip_set_list Unable to create ip set hash ip_conntrack_in Frag of proto u hook u Unable to register netfilter socket option Unable to create ip_conntrack_hash Unable to create ip_conntrack slab cache Unable to create ip expect slab cache Unable to create ip_set_iptreeb slab cache Unable to create ip_set_iptreed slab cache s cannot allocate space for scompressor fname s cannot allocate space for MPPC history s cannot allocate space for MPPC history s cannot load ARC4 module fname s cannot load SHA1 module fname s CryptoAPI SHA1 digest size too small fname s cannot allocate space for SHA1 digest fname S U trying to write outside history S d trying to write outside history S d trying to write outside history S too big uncompressed packet s d encryption negotiated but not an S d error not an MPPC or MPPE frame Kernel doesn t provide ARC4 and or SHA1 algorithms PPP not interface or channel PPP no memory VJ compressor failed to register PPP device d err PPP no memory VJ comp pkt PPP no memory comp pkt ppp compressor dropped pkt PPP
145. e command string s ERROR failed ERROR dhcpcMgmtDBUpdateHandler failed 2tpDisable unable to stop I2tp session ERROR query s ERROR 2tpMgmtTblHandler unable to get dhcpcMgmtDBUpdateHandler error current MTU option ERROR in executing ERROR l2tpMgmtTblHandler unable to get the Mtu ERROR DHCPv 6 Client start failed ERROR l2tpMgmtTbliHandler dobRecordValueGet failed for s ERROR DHCPV 6 Client stop failed ERROR l2tpMgmtTblHandler 2tpEnable failed ERROR failed to create open DHCPV6 client ERROR failed to write DHCPV6 client l2tpMgmtTbiHandler disabling I2tp failed ERROR configuration file ERROR 2tpMgmtDBUpdateHandler sqlite3QueryResGet ERROR failed to restart DHCPv6 Client ERROR l2tpMgmtDBUpdateHandler error in failed to create open DHCPv6 Server executing ERROR ERROR Illegal invocation of tcpdumpConfig s ERROR Restoring old configuration ERROR DHCPV6 Server configuration update Failed to start tcpdump ERROR failed ERROR Failed to stop tcpdump ERROR DHCPV6 Server Restart failed ERROR Invalid tcodumpEnable value ERROR sqlite3QueryResGet failed Query s ERROR Facility System VPN d command not supported by eapAuth DEBUG PEAP key derive ERROR ERROR pCtx NULL DEBUG PEAP context is NULL ERROR ERROR Current cert subject name s DEBUG Constructing P2 response ERROR ERROR X509_STORE_CTX_get_ex_data failed DEBUG innerEapRecv is NULL ERROR ERROR Cannot get ci
146. e dnsResolverConfigMgmtlnit unable to open the resolverConfigDBUpateHandler sqlite3QueryResGet could not configure DNS resolver dnsResolverConfigure could not write nameserver s unboundMgmt unable to open the ioctl call Failed could not update active user Details sqlite3QueryResGet failed Query s Can t kill xl2tpd xl2tod restart failed failed to get field value failed to get field value sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s unboundMgmt unable to open the writing options xl2tpd failed User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router pppoeMgmtTblHandler NetMask s pppoeMgmtTblHandler AuthOpt d pppoeMgmtTbliHandler Satus d pppoeEnable ppp dial string s pppoeMgmtDBUpdateHandler returning with status s pptpMgmtTblHandler pptpMgmtTblHandler pptopMgmtTblHandler d pptopMgmtTblHandler d pptpMgmtTblHandler d pptpMgmtTblHandler pptpMgmtTblHandler pptpMgmtTblHandler configured pptopMgmtTblHandler pptpMgmtTblHandler pptpMgmtTblHandler pptpMgmtTblHandler pptpMgmtTblHandler MppeEncryptSupport pptopMgmtTblHandler MtuFlag d Mtu d IdleT
147. e 61 5 3 1 Firewall Rule Configuration Examples eee eee eee eee eee 65 5 4 Security ON CUSTOM Services 00 eee cccesecccsseseeccssesececsecsececseesececseesececsessececseeaees 68 5 5 ALG SUppOr onn Sadun esses nein Sates ees ech Rie aa en 69 5 6 VPN Passthrough for Firewall sees 70 57 Application RUGS ssi sie nei al ei id A seas RAA 71 5 8 Web Content Filtering ccc ccccccccseesecscsseseescsessececsecsececsecsececsessececsasseeecsenaees 72 5 9 IP MAG Binding rsisce a OL icles Ae lactate 75 5 10 Intrusion Prevention IPS sese 76 5 10 1 Protecting from Internet Attacks eee eee eee 77 IPSec PPTP E2TP VPN sorce cnn TEETH EET hes 79 6 1 AVAAN IBAN A IKO TTT 79 6 2 Configuring IPSec POlici S erren a 82 6 2 1 Extended Authentication XAUTHI sese 85 6 3 Configuring VPN cliente sese ee 85 6 4 PPT P C2TP TUNNE Sa Genetic A inen eens 86 Bidet PPTP Tunnel Support T 86 6 4 2 L2TP Tunnel SUPO conn EENEN EEN ON a 87 SOENEN TTT 89 7 1 Users Groups And Domains 89 7 1 1 Us r Types ANG PASSWONAS siisii isseire taniketsa 90 toe Using SSE VPN POCIE S saiia aae a aeii 92 7 2 1 Using Network Resources eee 94 7 3 Application Port Forwarding sss esse 95 7 4 SSL VPN Client Configuration ccc ccccscccssesececsecsecscseesececsecsececsecseceeseesees 96 7 5 User Portaler ionien en A A E E EER 98 FSA Creating Portal Layos ercran i eins hist even E EER 99 Advanced Configuration Togls sss 101 8 1 USB DeviC
148. e AP s profile There are two setup options available for WPS e Personal Identification Number PIN The wireless device that supports WPS may have an alphanumeric PIN if so add the PIN in this field The router will 56 Unified Services Router User Manual connect within 60 seconds of clicking the Configure via PIN button immediately below the PIN field There is no LED indication that a client has connected e Push Button Configuration PBC for wireless devices that support PBC press and hold down on this button and within 2 minutes click the PBC connect button The AP will detect the wireless device and establish a link to the client XW More than one AP can use WPS but only one AP can be used to establish WPS links to client at any given time Figure 34 WPS configuration for an AP with WPA WPA2 profile DSR 1000N SETUP ADVANCED TOOLS STATUS App ation Rules gt LOGOUT This page allows you to define and modify the Wi Fi Protected Setup WPS configuration parameters Save Settings Don t Save Settings WPS Configuration Select VAP apt Disabled z WPS Status WPS Current Status Security Authentication NIA Encryption WPS Setup Method Station PIN Configure via PIN Session Status NIA 57 Chapter 5 Securing the Private 5 1 Network You can secure your network by creating and applying rules that your router uses to
149. e S Ct acess hehe eet E E A S 101 8 2 Authentication Certificates 0 ce eee ee 101 Administration amp Management eee eee 103 9 1 Configuration ACCESS Controls sese eee eee 103 9 1 1 Remote Management cccssesssscrcssseccsssssescnsescescnssaseccnseasersessassrcnsnasersnsses 103 ILZ OLTACI S Eonenni N Rais Bs ahs Whe a ie 104 9 2 SNMP Configuration ccccccccccesecscseesecscssesecscssssececsecsececsecsececsecseceesesseeeesesaees 104 9 3 Configuring Time Zone and NTP sse 106 9 4 LOG CONnTIQUIALION ieissze deeds Heth eee A et incu eines HS 107 9 4 1 Defining What to Log 107 Unified Services Router User Manual Chapter 10 Chapter 11 Chapter 12 Appendix A Appendix B Appendix C Appendix D 9 4 2 Sending Logs to E mail or Syslog eee 111 9 4 3 Event Log Viewer in GUL sss sees 113 9 5 Backing up and Restoring Configuration Settings cccccccesecesseteeeeneeee 114 9 6 Upgrading Router Firmware ou ccccsccccsseseescsseseescseesesscseeseeecseeseeecseeseeeeseees 115 9 7 Dynamic DNS SetU 22sec eid lei re 116 9 8 Using Diagnostic Tools s 117 FB U PING EEE E E ontea verte entieltok se ehaecaee tee totites Sb head beesnisee toasted facet 118 9 8 2 Trace ROUL 118 9 8 3 DNS LOOKUP aana aa Ea IAR ETE AR 119 9 8 4 Router Options sss sees essen 119 Router Status and Statistics T 120 T SYStEM OVEWIEW iiss oto adn Aedes ceed hen Adin Aedes 120 10 11 Tee 120 1 0 1 2sResouree Uulizations cc
150. e3_mprintf failed ERROR RADVD stop failed ERROR failed to create open RADVD no component id matching s ERROR configuration file s ERROR umiloctl s UMI_CMD_DB_UPDATE d failed ERROR Restoring old configuration ERROR failed to write update RADVD sqlite3_mprintf failed ERROR configuration file ERROR sqlite3_mprintf failed ERROR upnpDisableFunc failed ERROR no component id matching s ERROR upnpEnableFunc failed ERROR umiloctl s UMI_CMD_IFDEV_EVENT dq failed ERROR sqlite3QueryResGet failed Query s ERROR klogctl 9 failed ERROR Error in executing DB update handler ERROR malloc failed for d bytes ERROR unable to open the DB file s ERROR klogctl 4 failed ERROR umilnit failed ERROR emailLogs Invalid Number of Arguments Exiting ERROR unable to register to UMI ERROR sqlite3QueryResGet failed ERROR short DB update event request ERROR Could not execute the smtpClient ERROR short ifDev event request ERROR Error while cleaning the database Exiting s ERROR sqlite3_mprintf failed ERROR s failed status d ERROR Facility System Firewall Enabling rule for protocol binding DEBUG Disable all NAT rules DEBUG Disabling rule for protocol binding DEBUG Enable all NAT rules DEBUG Enabling Remote SNMP on WAN DEBUG Enabling NAT URL filter rules DEBUG Disabling Remote SNMP on WAN DEBUG Restarting all NAT rules DEBUG 163 Unified Services Router wan traffic coun
151. eader G 190 Unified Services Router Error in ADD no node available s Channel capabilities do not match chan flags 0x x S cannot map channel to mode freq u flags Ox x ic_get_currentCountry not initialized yet Country ie is c c ec s wrong state transition from d to d s wrong state transition from d to d s wrong state transition from d to d s wrong state transition from d to d s wrong state transition from d to d s wrong state transition from d to d ieee80211_deliver_l2uf no buf available S s vap gt iv_dev gt name buf NB no Sag S S vap gt iv_dev gt name Sag S S vap gt iv_dev gt name ether_sprintf mac buf s s discard s frame s vap gt iv_dev gt name s s discard frame s vap gt iv_dev gt name s s discard s information element s s s discard information element Sag s s discard s frame s vap gt iv_dev gt name s s discard frame s vap gt iv_dev gt name HBR list dumpNode tAddress t t tState tTrigger tB lock Nodes informationAddress t t tBlock t tDroped VI frames Sadi 2 2X o2 2X o2 2X o2 2X o2 2X o2 2X t s t s t s o2 2X o2 2X o2 2X o2 2X o2 2X o2 2X t s t t d Y d tFunction t s j ni gt node_trace i funcp Yd tMacAddr t s j d tDescp t t s j ni gt node_trace i descp Y d tValue t t llu Ox llx j ni gt node_trace i valu
152. ecsesaees 43 Figure 24 WAN2 configuration for 3G internet part 21 44 Figure 25 Physical WAN port SettingS 0 0 0 cceecesseceseseeseseseeeseseseeceseseseeecaceeeseaeececaeeeeaeeeeecessenenateeeees 45 Figure 26 Wireless Network Setup WIZarde sees eee 47 Figure 27 List of Available Profiles shows the variety of options available to secure the wireless NTT T 49 Figure 28 Profile configuration to Set network Secure eee eee eee 50 Figure 29 RADIUS server External Authentication Configuration sese eee e 52 Figure 30 Virtual 1 Se sls 1111 T 53 Figure 31 List of configured access points Virtual APs shows one enabled access point on the radio broadcasting te SSID aiana r lations eel ten conten Giga Ra E Wat boos 54 Unified Services Router User Manual Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Figure 51 Figure 52 Figure 53 Figure 54 Figure 55 Figure 56 Figure 57 Figure 58 Figure 59 Figure 60 Figure 61 Figure 62 Figure 63 Radio Card configuration Options ccccccccseesscsceseescscesescsessesscsessesecsesesecsesesecsesseeeenes 55 Advanced Wireless communication setings sse eee eee eee 56 WPS configuration for an AP with WPA WPA2 profile see 57 List of Available Firewall HUlesS see e 60 List of Available S
153. ectively allowing only specific outside users to access specific local resources By default all access from the insecure WAN side are blocked from accessing the secure LAN except in response to requests from the LAN or DMZ To allow outside devices to access services on the secure LAN you must create an inbound firewall rule for each service If you want to allow incoming traffic you must make the router s WAN port IP address known to the public This is called exposing your host How you make your address known depends on how the WAN ports are configured for this router you Unified Services Router User Manual may use the IP address if a static address is assigned to the WAN port or if your WAN address is dynamic a DDNS Dynamic DNS name can be used Outbound LAN DMZ to WAN rules restrict access to traffic leaving your network selectively allowing only specific local users to access specific outside resources The default outbound rule is to allow access from the secure zone LAN to either the public DMZ or insecure WAN You can change this default behavior in the Firewall Settings gt Default Outbound Policy page When the default outbound policy is allow always you can to block hosts on the LAN from accessing internet services by creating an outbound firewall rule for each service Figure 35 List of Available Firewall Rules saa gt Website Filter p IPV4 FIREWALL RULES LOGOUT DSR 1000N Application Rule
154. ed connections are allowed only from a specified range of external IP addresses Parameter Value From Zone Insecure WAN1 WAN2 To Zone Secure LAN Service CU SEEME UDP Action ALLOW always Send to Local Server DNAT IP Destination Users T Enable Port Forwarding Yes enabled Example 3 Multi NAT configuration Situation You want to configure multi NAT to support multiple public IP addresses on one WAN port interface Solution Create an inbound rule that configures the firewall to host an additional public IP address Associate this address with a web server on the DMZ If you 65 Unified Services Router User Manual arrange with your ISP to have more than one public IP address for your use you can use the additional public IP addresses to map to servers on your LAN One of these public IP addresses is used as the primary IP address of the router This address is used to provide Internet access to your LAN PCs through NAT The other addresses are available to map to your DMZ servers The following addressing scheme is used to illustrate this procedure Router e WAN IP address 10 1 0 118 e LAN IP address 192 168 10 1 subnet 255 255 255 0 e Web server host in the DMZ IP address 192 168 12 222 e Access to Web server simulated public IP address 10 1 0 52 k traffic by schedule if generated from specific range of machines Use Case Block all HTTP traffic on the weekends if the request originates from
155. ed in hops for each UPnP packet This is the number of steps a packet is allowed to propagate before being discarded Small values will limit the UPnP broadcast range A default of 4 is typical for networks with few switches Figure 9 UPnP Configuration DSR 1000N SETUP ADVANCED TOOLS STATUS A ion Rules gt ion Ru LOGOUT UPnP Universal Plug and Play is a Feature that allows For automatic discovery of devices that can communicate with this security appliance Save Settings Don t Save Settings UPnP Enable Do you want to enable UPnP Vv LAN LAN Advertisement Period fi 800 In Secs a In Hops Advertisement Time To Live UPnP Port map Table Active Protocol Int Port Ext Port IP Address Refresh UPnP Port map Table The UPnP Port map Table has the details of UPnP devices that respond to the router s advertisements The following information is displayed for each detected device e Active A yes no indicating whether the port of the UPnP device that established a connection is currently active e Protocol The network protocol i e HTTP FTP etc used by the device e Int Port Internal Port The internal ports opened by UPnP if any e Ext Port External Port The external ports opened by UPnP if any e IP Address The IP address of the UPnP device detected by this router Click Refresh to refresh the portmap table and search for any new UPnP devices 22
156. ed to manage the AP from the GUI and is not the SSID that is detected by clients when the AP has broadcast enabled 52 Unified Services Router User Manual Figure 30 Virtual AP configuration DSR 1000N SETUP ADVANCED TOOLS STATUS ACCESS POINTS LOGOUT This page allows you to create a new AP or edit the configuration of an existing AP The details will then be displayed in the AP table on the Wireless gt Access Points page Save Settings Don t Save Settings Access Point Configuration AP Name l Profile Name default x Active Time D Start Time hour minute AM Stop Time l hour l minute am S WLAN Partition E A valuable power saving feature is the start and stop time control for this AP You can conserve on the radio power by disabling the AP when it is not in use For example on evenings and weekends if you know there are no wireless clients the start and stop time will enable disable the access point automatically Once the AP settings are configured you must enable the AP on the radio on the Setup gt Wireless Settings gt Access Points page The status field changes to Enabled if the AP is available to accept wireless clients If the AP is configured to broadcast its SSID a profile parameter a green check mark indicating it is broadcasting will be shown in the List of Available Access points 53 Unified Services Router User Manual Figure 31 List
157. eived PNAC_EVENT_PORT_STATUS_CHAN GED event received unsupported event d from PNAC event for non existent node s Create new node Add new node to DOT11 Node list Update dot11STA database Add PMKSA to the list eapolRecvAuthKeyMsg received key message node not found eapolRecvKeyMsg replay counter not incremented eapolRecvKeyMsg replay counter is not same processing pairwise key message 2 RSN IE matching OK processing pairwise key message 4 processing group key message 2 processing key request message from client WPA version 2x 2x not supported s group cipher 2x doesn t match s Pairwise cipher s not supported s authentication method d not supported s Auth method s pairwise cipher s IE size d WPA version 2x 2x not supported Unable to obtain IE of type d PTK state changed from s to s using PMKSA from cache PTK GK state changed from s to s GK state changed from s to s Sending PTK Msg1 Sending PTK Msg3 Sending GTK Msg1 DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual UDP failed received Length is d umiloctl UMI_COMP_KDOT11 umiloctl UMI_COMP_UDOT11 d d umiloctl UMI_COMP_KDOT11 d d No IAPP Node found for req id d
158. eout after semTake srcld d s lt destlId d s cmd d Un registerting component with Id d failed to send ioctl request dst d lt src d processed a reply dst d lt src d request with no result option dst d lt src d cmd s cmdstring is s s d Calling printerConfig binary Calling unmount for USB Calling mount for USB usbdevice is d s d Query string s sqlite3QueryResGet failed Query s s 1 usb is already disconnected for old usb type s 2 call disable for new usb type s 3 usb is already disconnected for old usb type s 4 Disabled old usb type Now usbdevice is d s d USB failed to begin transaction s USB SQL error s pSetString s USB failed to commit transaction s USB updated table s USB returning with status s s DBUpdate event Table s opCode d rowld d executing s status d executing s s returned status d s returned status d snmpd conf not found SNMP_DEBUG Fwrite Successful SNMP_DEBUG Fwrite failed radPairGen received unknown attribute d of length d radPairGen s has unknown type radPairLocate unknown attribute ld of length d radPairLocate s has unknown type Illegal invocation of couMemUsage s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
159. er acts as a broker device to allow the ISP s server to create a TCP control connection between the LAN VPN client and the VPN server PPTP Tunnel Support Setup gt VPN Settings gt PPTP gt PPTP Server A PPTP VPN can be established through this router Once enabled a PPTP server is available on the router for LAN and WAN PPTP client users to access Once the PPTP server is enabled PPTP clients that are within the range of configured IP addresses of allowed clients can reach the router s PPTP server Once authenticated by the PPTP server the tunnel endpoint PPTP clients have access to the network managed by the router 86 Unified Services Router User Manual Figure 53 PPTP tunnel configuration PPTP Server DSR 1000N SETUP ADVANCED TOOLS STATUS PPTP SERVER LOGOUT Internet Settin PPTP allows an external user to connect to your router through the internet This section allows you to enable disable PPTP server and define a range of IP addresses for clients connecting to your router The connected clients can Function as if they are on your LAN they can communicate with LAN hosts access any servers present etc Save Settings Don t Save Settings PPTP Server Configuration VLAN Settings Enable PPTP Server Enter the range of IP addresses that is allocated to PPTP Clients Starting IP Address Ending IP Address 6 4 2 L2TP Tunnel Support Setup gt VPN Settings gt L2TP
160. er menu or tab otherwise your changes are lost Click Refresh or Reload in the browser Your changes may have been made but the browser may be caching the old configuration 133 Unified Services Router User Manual Symptom Router cannot access the Internet Possible cause If you use dynamic IP addresses your router may not have requested an IP address from the ISP Recommended action 1 2 Launch your browser and go to an external site such as www google com Access the firewall s configuration main menu at http 192 168 10 1 Select Monitoring gt Router Status Ensure that an IP address is shown for the WAN port If 0 0 0 0 is shown your firewall has not obtained an IP address from your ISP See the next symptom Symptom Router cannot obtain an IP address from the ISP Recommended action T 2 Turn off power to the cable or DSL modem Turn off the router Wait 5 minutes and then reapply power to the cable or DSL modem When the modem LEDs indicate that it has resynchronized with the ISP reapply power to the router If the router still cannot obtain an ISP address see the next symptom Symptom Router still cannot obtain an IP address from the ISP Recommended action 1 Ask your ISP if it requires a login program PPP over Ethernet PPPoE or some other type of login If yes verify that your configured login name and password are correct Ask your ISP if it checks for you
161. es Sad d ag Profile s does not exist IAPP initialized Encrypting context key s for could not find access point context for S join event for existing node s failed to send PNAC_FORCE_AUTHORIZED failed to send PNAC_AUTHORIZED failed to send PNAC_VAR_KEY_AVAILABLE TRUE failed to send PNAC_VAR_KEY_TX_EN TRUE failed to send PNAC_VAR_KEY_TX_EN FALSE failed to send PNAC_FORCE_AUTHORIZED failed to send PNAC_AUTHORIZED mic verification OK pnaclfConfig Invalid supplicant Failed to process user request Failed to process user request s d pnaclfConfigUmiloctl umiloctl failed pnaclfConfigUmiloctl usrPnac returned d pnaclfConfigUmiloctl usrPnac returned d pnaclfConfigUmiloctl usrPnac returned d pnacKernNotifier invalid PAE configuration From pnacEapDemoAuthRecv unsupported response From pnacEapDemoAuthRecv invalid codes received From pnacRadxXlateDemoRecv received unknown From pnacRadXlateDemoRecv invalid codes received Error from pnacRadXlateDemoRecv malloc failed From pnacRadxXlateRadPktHandle received a non supported Only md5 authentication scheme currently supported Message from authenticator from pnacPDUXmit bufsize d pktType d pnacPDUXmit sending eap packet code d DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
162. es is redirected through the SSL VPN tunnels All other traffic is redirected using the native network interface of the hosts SSL YPN Clients For example if the SSL YPN Client wishes to access the LAN network then in SPLIT Tunnel mode you should add the LAN subnet as the Destination Network Save Settings Don t Save Settings SSL PN Client Route Configuration Destination Network Subnet Mask User Portal Setup gt VPN Settings gt SSL VPN Client gt SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel either using the Port Forwarding or VPN tunnel service they login through a user portal This portal provides the authentication fields to provide the appropriate access levels and privileges as determined by the router administrator The domain where the user account is stored must be specified and the domain determines the authentication method and portal layout screen presented to the remote user 98 Unified Services Router User Manual Figure 63 List of configured SSL VPN portals The configured portal can then be associated with an authentication domain DSR 1000N SETUP ADVANCED TOOLS STATUS PORTAL LAYOUTS LOGOUT Internet Settings The table lists the SSL portal layouts configured for this device and allows several operations on the portal layouts List of of Layouts E Layout Name Use Count Portal URL R SSLYPN 1 https 0 0 0 0 portal SSLYPN
163. es the WAN port speed or is associated with a MAC address this information is required by the router to ensure a smooth connection with the network The default MTU size supported by all ports is 1500 This is the largest packet size that can pass through the interface without fragmentation This size can be increased however large packets can introduce network lag and bring down the interface speed Note that a 1500 byte size packet is the largest allowed by the Ethernet protocol at the network layer The port speed can be sensed by the router when Auto is selected With this option the optimal port settings are determined by the router and network The duplex half or full can be defined based on the port support as well as one of three port speeds 10 Mbps 100 Mbps and 1000 Mbps i e Gbps The default setting is 100 Mbps for all ports 44 Unified Services Router User Manual The default MAC address is defined during the manufacturing process for the interfaces and can uniquely identify this router You can customize each WAN port s MAC address as needed either by letting the WAN port assume the current LAN host s MAC address or by entering a MAC address manually Figure 25 Physical WAN port settings WAN PORT SETUP LOGOUT This page allows user to configure advanced WAN options For the router Save Settings Don t Save Settings Respond to Ping WANI Port Setup MTU Size l Default Custom MTU f
164. ess for the WINS server or if present in your network the Windows NetBios server e Lease Time Enter the time in hours for which IP addresses are leased to clients 10 Unified Services Router User Manual e Enable DNS Proxy To enable the router to act as a proxy for all DNS requests and communicate with the ISP s DNS servers click the checkbox 3 Click Save Settings to apply all changes Figure 1 Setup page for LAN TCP IP settings DSR 1000N SETUP ADVANCED TOOLS STATUS LAN SETUP LOGOUT Internet Settings Wire The LAN Configuration page allows you to configure the LAN interface of the router In most cases the default settings should be sufficient Network Settings Save Settings Don t Save Settings LAN TCP IP Setup USB Setting vee Selling IP Address fi76 16 2 40 VLAN Settings Subnet Mask 255 255 255 0 DHCP Mode l None X Starting IP Address 176 16 2 200 Ending IP Address 176 16 2 254 Primary DNS Server Ot Secondary DNS Server SSS WINS Server SSF Lease Time A Relay Gateway R Enable DNS Proxy IZ Run Time User Authentication Enable Run Time User Authentication 2 1 1 LAN Configuration in an IPv6 Network Advanced gt IPv6 gt IPv6 LAN gt IPv6 LAN Config In IPv6 mode the LAN DHCP server is enabled by default similar to IPv4 mode The DHCPv6 server will serve IPv6 addresses from configured address pools with the
165. ettings USB Settings Enable Split Tunnel Support D DNS Suffix Optional a Primary DNS Server Optional P Secondary DNS Server Optional n Client Address Range Begin fisz168 2517 Client Address Range End 192 168 251 254 LCP Timeout E0 secondi The router allows full tunnel and split tunnel support Full tunnel mode just sends all traffic from the client across the VPN tunnel to the router Split tunnel mode only sends traffic to the private LAN based on pre specified client routes These client routes give the SSL client access to specific private networks thereby allowing access control over specific LAN services Setup gt VPN Settings gt SSL VPN Client gt Configured Client Routes If the SSL VPN client is assigned an IP address in a different subnet than the corporate network a client route must be added to allow access to the private LAN through the VPN tunnel As well a static route on the private LAN s firewall typically this router is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client 97 Unified Services Router User Manual Figure 62 Configured client routes only apply in split tunnel mode VPN Settings 7 5 DSR 1000N SETUP ADVANCED TOOLS STATUS SSL YPN CLIENT ROUTE CONFIGURATION LOGOUT The Configured Client Routes entries are the routing entries which will be added by the SSL VPN Client such that only traffic to these destination address
166. ey Parameters MDS Key Id MD5 Auth Key MM DD YYY HH MM ss Not Valid Before H 9 DD YYYY HH MM Not Valid After i a j 9 a 9 Second Key Parameters MD5 Key Id MDS Auth Key DD YYYY HH MIM Not Valid Before i mn i a a ra MM YYYY MM Not Valid After i i I a 3 5 2 Dynamic Routing RIP Setup gt Internet Settings gt Routing Mode 39 Unified Services Router User Manual 3 5 3 Dynamic routing using the Routing Information Protocol RIP is an Interior Gateway Protocol IGP that is common in LANs With RIP this router can exchange routing information with other supported routers in the LAN and allow for dynamic adjustment of routing tables in order to adapt to modifications in the LAN without interrupting traffic flow The RIP direction will define how this router sends and receives RIP packets Choose between e Both The router both broadcasts its routing table and also processes RIP information received from other routers This is the recommended setting in order to fully utilize RIP capabilities e Out Only The router broadcasts its routing table periodically but does not accept RIP information from other routers e In Only The router accepts RIP information from other routers but does not broadcast its routing table e None The router neither broadcasts its route table nor does it accept any RIP packets from other routers This effectively disables RIP The RIP
167. ey length __func__ s Wrong parameters func __ s Wrong Key length __func__ s Wrong parameters func __ s Wrong Key length __func__ s Wrong parameters func__ s Wrong Key Length d __ func_ des_key_len s Wrong parameters d __ func_ des_key_len s Wrong Key Length d __ func_ des_key_len s Wrong parameters func __ s Wrong Key Length func __ s Wrong parameters func __ s Wrong Key Length func __ s Wrong parameters func __ s Wrong parameters func __ s Wrong parameters func __ s Wrong parameters func __ device name s not found pReq gt ifName unable to register KIFDEV to UMI ERROR s Timeout at page 0x addr 0x ERROR s Timeout at page 0x addr 0x Invalid IOCTL 08x cmd User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 195 Unified Services Router MAX_NUM_PATTERN Pattern added to entry d i Remove wake up pattern mask p pat p maskBytes patternBytes mask x pat x U_int32_t maskBytes u_int32_t patternBytes Pattern Removed from entry d i Error Pattern not found PPM STATE ILLEGAL x x forcePpmStateCur afp gt forceState FORCE_PPM 4d 6 6x 8 8x 8 8x SAB B
168. failed pptpEnable spawning failed pptpDisable unable to kill ppp daemon pptpMgmtTbliHandler unable to get current MTU Option pptpMgmtTbliHandler unable to get the Mtu pptpMgmtTblHandler dbRecordValueGet failed for s pptpMgmtTblHandler pptp enable failed pptpMgmtTblHandler pptp disable failed pptoMgmtDBUpdateHandler sqlite3QueryResGet pptpMgmtDBUpdateHandler error in executing Illegal invocation of dhcpConfig s dhcpLiblnit unable to open the database file s sqlite3QueryResGet failed Query s dhcpcMgmtInit unable to open the database file s dhcpcReleaseLease unable to release lease dhcpcEnable unable to kill dhclient dhcpcEnable enabling dhcpc failed on s dhcpcDisable unable to kill dhclient dhcpcDisable delete failed for dhclient leases dhcpcDisable failed to reset the ip dhcpcMgmtTblHandler unable to get current Mtu Option dhcpcMgmtTblHandler unable to get the Mtu User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 152 Unified Services Router User Manual dhcpcMgmtTblHandler dhclient The Enable Command is s ERROR enable failed ERROR l2tpEnable Executing the Command dhcpcMgmtTblHandler dhcpc release failed ERROR failed ERROR dhcpcMgmtTblHandler dhcpc disable l2tpDisabl
169. fied which will block access to the site To setup URL s go to Approved URL s and Blocked URL s page Save Settings Don t Save Settings Content Filtering Configuration Enable Content Filtering Web Components Proxy Vv Java Vv Activex Vv 4 Cookies e Approved URLs Advanced gt Website Filter gt Approved URLs The Approved URLs is an acceptance list for all URL domain names Domains added to this list are allowed in any form For example if the domain yahoo is added to this list then all of the following URL s are permitted access from the LAN www yahoo com yahoo co uk etc 73 Unified Services Router User Manual Figure 44 Two trusted domains added to the Approved URLs List DSR 1000N ADVANCED TOOLS STATUS Please Turn On Content Filtering to configure Approved URLs Website Filter APPROVED URLS LOGOUT This page displays the approved URLs Firewall Settings Advanced Network Approved URLs List Edit Delete Add a5 Power Saving e Blocked Keywords Advanced gt Website Filter gt Blocked Keywords Keyword blocking allows you to block all website URL s or site content that contains the keywords in the configured list This is lower priority than the Approved URL List i e if the blocked keyword is present in a site allowed by a Trusted Domain in the Approved URL List then access to that site will be allowed 74 Unified Services R
170. first assign it to a user group or make it global i e applicable to all SSL VPN users If the policy is for a group the available configured groups are shown in a drop down menu and one must be selected Similarly for a user defined policy a SSL VPN user must be chosen from the available list of configured users The next step is to define the policy details The policy name is a unique identifier for this rule The policy can be assigned to a specific Network Resource details follow in the subsequent section IP address IP network or all devices on the LAN of the router Based on the selection of one of these four options the appropriate configuration fields are required i e choosing the network resources from a list of defined resources or defining the IP addresses For applying the policy to addresses the port range port number can be defined The final steps require the policy permission to be set to either permit or deny access to the selected addresses or network resources As well the policy can be specified for one or all of the supported SSL VPN services i e VPN tunnel Once defined the policy goes into effect immediately The policy name SSL service it applies to destination network resource or IP addresses and permission deny permit is outlined in a list of configured policies for the router 93 Unified Services Router User Manual Figure 58 SSL VPN policy configuration DSR 1000N SETUP ADVANCED TOOLS
171. g routing table Clicking the Packet Trace button will allow the router to capture and display traffic through the device between the LAN and WAN interface as well This information is often very useful in debugging traffic and routing issues 119 Unified Services Router User Manual Chapter 10 Router Status and Statistics 10 1 System Overview The Status page allows you to get a detailed overview of the system configuration The settings for the wired and wireless interfaces are displayed in the Device Status page and then the resulting hardware resource and router usage details are summarized on the router s Dashboard 10 1 1 Device Status Status gt Device Info gt Device Status The Device Status page gives a summary of the router configuration settings configured in the Setup and Advanced menus The static hardware serial number and current firmware version are presented in the General section The WAN and LAN interface information shown on this page are based on the administrator configuration parameters The radio band and channel settings are presented below along with all configured and active APs that are enabled on this router 120 Unified Services Router User Manual Figure 82 Device Status display DSR 1000N SETUP ADVANCED TOOLS STATUS Device Info gt DEVICE STATUS LOGOUT This page displays the current settings of the ports and displays a snapshot of the system information DSR_router
172. gt L2TP Server A L2TP VPN can be established through this router Once enabled a L2TP server is available on the router for LAN and WAN L2TP client users to access Once the L2TP server is enabled L2TP clients that are within the range of configured IP addresses of allowed clients can reach the router s L2TP server Once authenticated by the L2TP server the tunnel endpoint L2TP clients have access to the network managed by the router Figure 54 L2TP tunnel configuration L2TP Server E RS a a L2TP SERVER LOGOUT L2TP allows an external user to connect to your router through the internet Forming a VPN This section allows you to enable disable L2TP server and define a range of IP addresses for clients connecting to your router The connected clients can Function as if they are on your LAN they can communicate with LAN hosts access any servers present etc Save Settings Don t Save Settings L2TP Server Configuration Enable L2TP Server Enter the range of IP addresses that is allocated to L2TP Clients Starting IP Address Ending IP Address 87 Chapter 7 SSL VPN 7 1 The router provides an intrinsic SSL VPN feature as an alternate to the standard IPSec VPN SSL VPN differs from IPSec VPN mainly by removing the requirement of a pre installed VPN client on the remote host Instead users can securely login through the SSL User Portal using a standard web browser and receive access t
173. i 500 AutoSense wd Port Speed WAN2 Port Setup MTU Size Default z Custom MTU fi 500 l Auto Sense X Port Speed 45 Unified Services Router User Manual Chapter 4 Wireless Access Point 4 1 Setup This router has an integrated 802 11n radio that allows you to create an access point for wireless LAN clients The security encryption authentication options are grouped in a wireless Profile and each configured profile will be available for selection in the AP configuration menu The profile defines various parameters for the AP including the security between the wireless client and the AP and can be shared between multiple APs instances on the same device when needed Up to four unique wireless networks can be created by configuring multiple virtual APs Each such virtual AP appears as an independent AP unique SSID to supported clients in the environment but is actually running on the same physical radio integrated with this router You will need the following information to configure your wireless network e Types of devices expected to access the wireless network and their supported Wi Fi modes e The router s geographical region e The security settings to use for securing the wireless network XW Profiles may be thought of as a grouping of AP parameters that can then be applied to not just one but multiple AP instances SSIDs thus avoiding duplication if the same parameters
174. iPort was S The New Configuration of ConfiPort was s amp The user has deselected the configurable port failed query s failed query s failed query s s DBUpdate event Table s opCode d rowld d DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ddns SQL error s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ddnsDisable failed ddns SQL error s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ddnsDisable failed failed to call ddns enable ddns SQL error s ddnsDisable failed sqlite3QueryResGet failed Query s Error in executing DB update handler Failed to open the resolv conf file Exiting n Could not write to the resolv conf file Exiting Error opening the lanUptime File Error Opening the lanUptime File failed to open s failed to open s failed to query networkinterface table failed to query networkinterface table sqlite3QueryResGet failed Query s failed to enable IPv6 forwarding failed to set capabilities on the failed to enable IPv6 forwarding failed to set capabilities on the failed to disable IPv6 forwarding failed to set capabilities on the failed to open s Could not create ISATAP Tunnel Could not
175. igure the Secure Connection Remote Accessibility fields to identify the remote network e Remote LAN IP address address of the LAN behind the peer gateway e Remote LAN Subnet Mask the subnet mask of the LAN behind the peer XW Note The IP address range used on the remote LAN must be different from the IP address range used on the local LAN 4 Step4 review the settings and click Connect to establish the tunnel The Wizard will create a Auto IPSec policy with the following default values for a VPN Client or Gateway policy these can be accessed from a link on the Wizard page XW The VPN Wizard is the recommended method to set up an Auto IPSec policy Once the Wizard creates the matching IKE and VPN policies required by the Auto policy one can modify the required fields through the edit link Refer to the online help for details 81 Unified Services Router User Manual 6 2 Configuring IPSec Policies Setup gt VPN Settings gt IPSec gt IPSec Policies A IPSec policy is between this router and another gateway or this router and a IPSec client on a remote host The IPSec mode can be either tunnel or transport depending on the network being traversed between the two policy endpoints e Transport This is used for end to end communication between this router and the tunnel endpoint either another IPSec gateway or an IPSec VPN client on a host Only the data payload is encrypted and the IP header is not modified or en
176. ike to configure the VPN Policies of your new D Link Systems Router manually click on the button below Manual YPN Configuration To easily establish a VPN tunnel using VPN Wizard follow the steps below 1 Step 1 Select the VPN tunnel type to create e The tunnel can either be a gateway to gateway connection site to site or a tunnel to a host on the internet remote access e Set the Connection Name and pre shared key the connection name is used for management and the pre shared key will be required on the VPN client or gateway to establish the tunnel e Determine the local gateway for this tunnel if there is more than 1 WAN configured the tunnel can be configured for either of the gateways 2 Step 2 Configure Remote and Local WAN address for the tunnel endpoints e Remote Gateway Type identify the remote endpoint of the tunnel by FQDN or static IP address e Remote WAN IP address FQDN This field is enabled only if the peer you are trying to connect to is a Gateway For VPN Clients this IP address or Internet Name is determined when a connection request is received from a client e Local Gateway Type identify this router s endpoint of the tunnel by FQDN or static IP address 80 Unified Services Router User Manual e Local WAN IP address FQDN This field can be left blank if you are not using a different FQDN or IP address than the one specified in the WAN port s configuration 3 Step 3 Conf
177. imeOutFlag IdleTimeOutValue GetDnsFromlsp UserName s Password s dynamic Mylp Mylp s Serverlp s Staticlp s NetMask s S SplitTunnel s pptpEnable ppp dial string s pptpEnable spawning command s PID File for dhcpc found pid d pptpMgmtDBUpdateHandler query string s pptpMgmtDBUpdateHandler returning with status s dhcpcReleaseLease dhcpc release command s dhcpcMgmtTblHandler MtuFlag d dhcpcMgmtTblHandler Mtu d DHCPV6 Server started successfully DHCPV6 Server stopped successfully DHCPV 6 Client started successfully DHCPV6 Client stopped successfully DHCPV6 Client Restart successful l2tpMgmtTblHandler MtuFlag d l2tpMgmtTblHandler Mtu d l2tpMgmtTblHandler IsoName s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG xl2tpdStop failed writing xl2tpd conf failed writing options xl2tpd failed xl2tpdStop failed xl2tpdStart failed sqlite3QueryResGet failed Query s writing Chap secrets Pap Secrets failed xl2tpdStop failed xl2tpdStart failed sqlite3QueryResGet failed Query s writing Chap secrets Pap Secrets failed xl2tpdStop failed xl2tpdStart failed sqlite3QueryResGet failed Query s writing Ch
178. ing a key configuration field is the Remote Log Identifier Every logged message will contain the configured prefix of the Remote Log Identifier so that syslog servers or email addresses that receive logs from more than one router can sort for the relevant device s logs Once you enable the option to e mail logs enter the e mail server s address IP address or FQDN of the SMTP server The router will connect to this server when sending e mails out to the configured addresses The SMPT port and return e mail addresses are required fields to allow the router to package the logs and send a valid e mail that is accepted by one of the configured send to addresses Up to three e mail addresses can be configured as log recipients In order to establish a connection with the configured SMTP port and server define the server s authentication requirements The router supports Login Plain no encryption or CRAM MD5 encrypted for the username and password data to be sent to the SMTP server Authentication can be disabled if the server does not have 111 Unified Services Router User Manual this requirement In some cases the SMTP server may send out IDENT requests and this router can have this response option enabled as needed Once the e mail server and recipient details are defined you can determine when the router should send out logs E mail logs can be sent out based on a defined schedule by first choosing the unit i e the fre
179. ion s driver unloaded dev_info s driver unloaded dev_info s Version 2 0 0 User Manual INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO 186 Unified Services Router const char descr krb5_keyblock k test key key pre hashed key key const char descr krb5_keyblock k 128 bit AES key amp dk 256 bit AES key amp dk WARNING bwMonMultipathNxtHopSelect checking rates hop d dev s usableBwLimit d currBwShare d lastHopSelected d weightedHopPrefer d 1 selecting hop d lastHopSelected d_ selHop lastHopSelected 4 hop d dev s usableBwLimit d currBwShare d lastHopSelected d weightedHopPrefer d 2 selecting hop d lastHopSelected d_ selHop lastHopSelected 3 selecting hop d lastHopSelected d_ selHop lastHopSelected bwMonitor multipath selection enabled bwMonitor multipath selection disabled weightedHopPrefer set to d weightedHopPrefer bwMonitor sysctl registration failed bwMonitor sysctl registered bwMonitor sysctl not registered Unregistered bwMonitor sysctl CONFIG_SYSCTL enabled Initialized bandwidth monitor Removed bandwidth monitor Oops AES_GCM_encrypt failed keylen u key gt cvm_keylen Oops AES_GCM_decrypt fai
180. iority tag Select a priority level e Normal Service ToS 0 lowest QoS e Minimize Cost ToS 1 e Maximize Reliability ToS 2 e Maximize Throughput ToS 4 e Minimize Delay ToS 8 highest QoS 6 Inbound rules can use Destination NAT DNAT for managing traffic from the WAN Destination NAT is available when the To Zone DMZ or secure LAN e With an inbound allow rule you can enter the internal server address that is hosting the selected service e You can enable port forwarding for an incoming service specific rule From Zone WAN by selecting the appropriate checkbox This will allow the selected service traffic from the internet to reach the appropriate LAN port via a port forwarding rule e Translate Port Number With port forwarding the incoming traffic to be forwarded to the port number entered here 62 Unified Services Router User Manual e External IP address The rule can be bound to a specific WAN interface by selecting either the primary WAN or configurable port WAN as the source IP address for incoming traffic XW This router supports multi NAT and so the External IP address does not necessarily have to be the WAN address On a single WAN interface multiple public IP addresses are supported If your ISP assigns you more than one public IP address one of these can be used as your primary IP address on the WAN port and the others can be assigned to servers on the LAN or DMZ In this way the LAN DMZ server
181. irefox Netscape Navigator Google Chrome and Apple Safari Users Groups and Domains Advanced gt Users gt Users Authentication of the users IPSec SSL VPN or GUI is done by the router using either a local database on the router or external authentication servers i e LDAP or RADIUS The remote user must specify the user group and domain when logging in to the router One or more users are members of a Group One or more Groups belong to an authentication Domain Unified Services Router User Manual Figure 55 Available Users with login status and associated Group Domain DSR 1000N ADVANCED TOOLS STATUS LOGOUT This page shows a list of available users in the system A user can add delete and edit the users also This page can also be used for setting policies on users List of Users Edit Delete Add Power Saving Login Policies Policies By Browsers Policies By IP Advanced gt Users gt Domains The Domain determines the authentication method local user database external server to be used when validating the remote user s connection As well the Domain determines the portal layout presented to the remote SSL user Since the portal layout assigns access to SSL VPN tunnel and or SSL VPN Port Forwarding features the domain is essential in defining the authentication and features exposed to SSL users Advanced gt Users gt Groups Groups are used to assign access p
182. ireless network provided by this device IF the First primary RADIUS server is not accessible at any time then the device will attempt to contact the secondary RADIUS server for user authentication Save Settings Don t Save Settings Radius Server Configuration Authentication Server IP Address fei Primary 192 168 1 2 Authentication Server IP Address fei Secondary 192 168 1 3 Authentication Port 1812 Secret e Timeout fi Seconds Retries 2 Creating and Using Access Points Setup gt Wireless Settings gt Access Points Once a profile a group of security settings is created it can be assigned to an AP on the router The AP SSID can be configured to broadcast its availability to the 802 11 environment can be used to establish a WLAN network The AP configuration page allows you to create a new AP and link to it one of the available profiles This router supports multiple AP s referred to as virtual access points VAPs Each virtual AP that has a unique SSIDs appears as an independent access point to clients This valuable feature allows the router s radio to be configured in a way to optimize security and throughput for a group of clients as required by the user To create a VAP click the add button on the Setup gt Wireless Settings gt Access Points page After setting the AP name the profile dropdown menu is used to select one of the configured profiles XW The AP Name is a unique identifier us
183. is 1500 Router Lifetime This value is present in RA s and indicates the usefulness of this router as a default router for the interface The default is 3600 seconds Upon expiration of this value a new RADVD exchange must take place between the host and this router 15 Unified Services Router User Manual Figure 3 Configuring the Router Advertisement Daemon Soy onc OE Please Set IP Mode to IPv4 IPv6 in Routing Mode Page to configure this page Website Filter Firewall Settings This page allow user to configure Router Advertisement Daemon RADVD related configurations Save Settings Don t Save Settings Router Advertisement Daemon RADVD RADVD Status Advertise Mode IP MAC Binding Advertise Interval r RA Flags Managed Other Radius Settings Power Saving Router Preference MTU Router Lifetime Advertisement Prefixes Advanced gt IPv6 gt IPv6 LAN gt Advertisement Prefixes The router advertisements configured with advertisement prefixes allow this router to inform hosts how to perform stateless address auto configuration Router advertisements contain a list of subnet prefixes that allow the router to determine neighbors and whether the host is on the same link as the router The following prefix options are available for the router advertisements e IPv6 Prefix Type To ensure hosts support IPv6 to IPv4 tunnel select the 6to4 prefix type Selecting Global Local ISATAP will
184. ist of Configured Bandwidth Profiles DSR 1000N ADVANCED TOOLS STATUS BANDWIDTH PROFILES This page shows the list of configured bandwidth profiles These profiles then can be used with the traffic selectors Save Settings Don t Save Settings Bandwidth Rate Priority Low Radius Settings 1 1000000 Kbps Edit Delete Power Saving To create a new bandwidth profile click Add in the List of Bandwidth Profiles The following configuration parameters are used to define a bandwidth profile e Profile Name This identifier is used to associate the configured profile to the traffic selector e You can choose to limit the bandwidth either using priority or rate e If using priority Low High Medium can be selected If there is a low priority profile associated with traffic selector A and a high priority profile associated with traffic selector B then the WAN bandwidth allocation preference will be to traffic selector B packets 32 Unified Services Router User Manual e For finer control the Rate profile type can be used With this option the minimum and maximum bandwidth allowed by this profile can be limited e Choose the WAN interface that the profile should be associated with Figure 17 Bandwidth Profile Configuration page BANDWIDTH PROFILES Website Filter Firewall Settings This page allows user to add a new bandwidth profile Wireless
185. iting for I0 Memory Utilization 247908 KB Used Memory 172848 KB Free Memory 75060 KB Cached Memory 30840 KB 7800 KB Interface LAN Incoming Packets 49900 Outgoing Packets 5259 Dropped In Packets 0 Dropped Out Packets 0 Interface WAN1 Incoming Packets Outgoing Packets Dropped In Packets Dropped Out Packets G G G Interface DMZ WAN2 Incoming Packets Outgoing Packets 10 Dropped In Packets 0 Dropped Out Packets 125 Unified Services Router User Manual Figure 86 Resource Utilization data continued Incoming Packets Outgoing Packets Dropped In Packets Dropped Out Packets Delayed Packets ICMP Received 9 Frags Received Frag Reass OK Frag Reass fail Active VPN Tunnels 0 Active VLANs 2 Active Interfaces 6 Active Connection 10 2 Traffic Statistics 10 2 1 Wired Port Statistics Status gt Traffic Monitor gt Device Statistics Detailed transmit and receive statistics for each physical port are presented here Each interface WANT WAN2 DMZ LAN and VLANs have port specific packet level information provided for review Transmitted received packets port collisions and the cumulating bytes sec for transmit receive directions are provided for each interface along with the port up time If you suspect issues with any of the wired ports this table will help diagnose uptime or transmit level issues with the port The statistics tab
186. itive integer ip_conntrack_rtsp setup_timeout must be a positive integer ip_conntrack_rtsp ERROR registering port d ports i ip_nat_rtsp v IP_NF_RTSP_VERSION loading s Sorry Cannot find this match option FILE _ ipt_time loading DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG txmic 02x hk gt kv_txmic i s unable to update h w beacon queue parameters s stuck beacon resetting bmiss count u move data from NORMAL to XR moved d buffers from NORMAL to XR index move buffers from XR to NORMAL moved d buffers from XR to NORMAL count S d s FILE __LINE_ func S d s FILE _LINE_ func s no buffer s dev gt name func s no skbuff s dev gt name func s HAL qnum u out of range max u grppoll_start grppoll Buf allocation failed Sag HAL qnum u out of range max u s AC u out of range max u s unable to update hardware queue s bogus frame type 0x x s dev gt name ath_stoprecv rx queue 0x x link p S s unable to reset channel u u MHz s s unable to restart recv logic s unable to allocate channel table dev gt name s unable to allocate channel table dev gt name s unable to collect channel list from H
187. l ddns enable ddns SQL error s ddnsDisable failed User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 145 Unified Services Router nimfAdvOptSetWrap user has changed MTU option nimfAdvOptSetWrap MTU d nimfAdvOptSetWrap old MTU size d nimfAdvOptSetWrap old Port Speed Option d nimfAdvOptSetWrap old Mac Address Option d nimfAdvOptSetWrap MacAddress s Setting LED d d For s l2tpEnable command string s nimfAdvOptSetWrap handling reboot scenario nimfAdvOptSetWrap INDICATOR d nimfAdvOptSetWrap UpdateFlag d nimfAdvOptSetWrap returning with status s nimfGetUpdateMacFlag MacTable Flag is d nimfMacGet Mac Option changed nimfMacGet Update Flag d nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet Mac option Not changed nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet returning with status s Now in enableing LanBridge function sucessfully executed the command s Now in disableing LanBridge function sucessfully executed the command s configPortTblHandler Now we are in Sqlite Update The Old Configuration of Conf
188. le has auto refresh control which allows display of the most current port level data at each page refresh The default auto refresh for this page is 10 seconds 126 Unified Services Router User Manual Figure 87 Physical port statistics DSR 1000N SETUP ADVANCED TOOLS STATUS The page will auto refresh in 8 seconds DEVICE STATISTICS LOGOUT This page shows the Rx Tx packet and byte count for all the system interfaces It also shows the up time for all the interfaces System up Time 0 days 1 hours 11 minutes 56 seconds Port Statistics Port TxPkts RxPkts Collisions TxB s RxB s Up time Dedicated WAN 96 0 0 0 0 0 Days 01 10 22 Configurable Port WAN 8 0 0 0 Days 01 09 55 LAN 12014 10292 0 Days 01 09 55 LAN22 Not Yet Available Poll Interval fi 0 Seconds Start Stop 10 2 2 Wireless Statistics Status gt Traffic Monitor gt Wireless Statistics The Wireless Statistics tab displays the incrementing traffic statistics for each enabled access point This page will give a snapshot of how much traffic is being transmitted over each wireless link If you suspect that a radio or VAP may be down the details on this page would confirm if traffic is being sent and received through the VAP The clients connected to a particular AP can be viewed by using the Status Button on the list of APs in the Setup gt Wireless gt Access Points page Traffic statistics are shown for that individual AP as compared to the
189. led malloc failed BIO_new_mem_buf failed SSL_CTX_new TLSv1_client_method failed unable to set user configured CIPHER list s Certificate verification failed Server name match failed Got s expected SSL_CTX_use_certificate_file cert PEM failed SSL_CTX_use_PrivateKey_file failed private key does not match public key SSL_CTX_load_verify_locations failed SSL_new failed Both SSL_VERIFY_PEER and SSL_VERIFY_NONE set Error EAPAUTH_MALLOC failed EAPAUTH_MALLOC failed eapTimerCreate failed eapCtxDelete pCtx NULL eapRole EAP_ROLE_PEER or EAP_ROLE_AUTHENTICATOR DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR EAP PEAP not enabled in system configuration EAP WSC not enabled in system configuration PAP not enabled in system configuration CHAP not enabled in system configuration MSCHAP not enabled in system configuration MSCHAPV2 not enabled in system configuration PAP Token not enabled in system configuration EAP MD5 not enabled in system configuration EAP MSCHAPV2 not enabled in system config EAP TLS not enabled in system configuration EAP TTLS and EAP PEAP are not valid as inner invalid innerAuth d profile s doesnt exist Re assem
190. led keylen u key gt cvm_keylen S msg 02x s datali Failed to set AES encrypt key Failed to set AES encrypt key AES s Encrypt Test Duration d d hard Hard Soft Failed to set AES encrypt key Failed to set AES encrypt key AES s Decrypt Test Duration d d hard Hard Soft Failed to set AES encrypt key DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG s driver unloaded dev_info s driver unloaded dev_info wlan s backend registered be gt iab_name wlan s backend unregistered wlan s acl policy registered iac gt iac_name wlan s acl policy unregistered iac gt iac_name S S dev_info version s driver unloaded dev_info Sag s dev_info ath_hal_version s driver unloaded dev_info Sag S mem 0x lx irq d S S dev_info version s driver unloaded dev_info ath_pci switching rfkill capability s Unknown autocreate mode s WS KS S S S KS S S s mem 0x lx irq d s dev_info version driver unloaded dev_info s dev_info version unloaded dev_info s dev_info version unloaded dev_info s dev_info version Sag unloaded dev_info failed to create procfs entry ICMP u u uU u
191. lications the default DHCP and TCP IP settings are satisfactory If you want another PC on your network to be the DHCP server or if you are manually configuring the network settings of all of your PCs set the DHCP mode to none DHCP relay can be used to forward DHCP lease information from another LAN device that is the network s DHCP server this is particularly useful for wireless clients Instead of using a DNS server you can use a Windows Internet Naming Service WINS server A WINS server is the equivalent of a DNS server but uses the NetBIOS protocol to resolve hostnames The router includes the WINS server IP address in the DHCP configuration when acknowledging a DHCP request from a DHCP client You can also enable DNS proxy for the LAN When this is enabled the router then as a proxy for all DNS requests and communicates with the ISP s DNS servers When disabled all DHCP clients receive the DNS IP addresses of the ISP Unified Services Router User Manual To configure LAN Connectivity please follow the steps below 1 Inthe LAN Setup page enter the following information for your router e IP address factory default 192 168 10 1 XW If you change the IP address and click Save Settings the GUI will not respond Open a new connection to the new IP address and log in again Be sure the LAN host the machine used to manage the router has obtained IP address from newly assigned pool or has a static IP address in the r
192. lt IPv6 Gateway Primary DNS Server Secondary DNS Server Stateless Address Auto Configuration Stateful Address Auto Configuration 3 2 6 Checking WAN Status Setup gt Internet Settings gt WAN Status The status and summary of configured settings for both WANI and WAN2 are available on the WAN Status page You can view the following key connection status information for each WAN port Connection time Connection type dynamic IP or static IP 29 Unified Services Router User Manual e Connection state This is whether the WAN is connected or disconnected to an ISP The Link State is whether the physical WAN connection in place the Link State can be UP i e cable inserted while the WAN Connection State is down e IP address subnet mask e Gateway IP address 30 Unified Services Router User Manual Figure 15 Connection Status information for both WAN ports DSR 1000N SETUP ADVANCED TOOLS STATUS WAN STATUS LOGOUT Internet Settings The WAN Status provides the current status of the WAN interfaces WANI Information Ipy4 MAC Address IPv4 Address Wan State NAT IP 4 only IPy 4 Connection Type IP 4 Connection State Link State WAN Mode Gateway Primary DNS Secondary DNS WAN2 Information Ipv4 MAC Address IPv4 Address Wan State NAT IP 4 only IP 4 Connection Type IP 4 Connection State Link State WAN Mode Gateway
193. meral TCP UDP ports to communicate with the known ports a particular client application such as H 323 or RTSP requires without which the admin would have to open large number of ports to accomplish the same support Because the ALG understands the protocol used by the specific application that it supports it is a very secure and efficient way of introducing support for client applications through the router s firewall 69 Unified Services Router User Manual Figure 40 Available ALG support on the router DSR 1000N SETUP ADVANCED TOOLS STATUS 1 ation Rules gt Application R site Filter LOGOUT Application Level Gateway allows customized NAT traversal Filters to be plugged into the gateway to support address and port translation For certain application layer control data protocols such as TFTP SIP RTSP IPSec PPTP etc Each ALG provides special handling for a specific protocol or application A number of ALGs for common applications are enabled by default Save Settings Don t Save Settings A R rtif Enable ALGs PPTP D IPSec RTSP E SIP S H 323 M SMTP S DNS M TFTP M 5 6 VPN Passthrough for Firewall Advanced gt Firewall Settings gt VPN Passthrough This router s firewall settings can be configured to allow encrypted VPN traffic for IPSec PPTP and L2TP VPN tunnel connections between the LAN and internet A specific firewall rule or service is not appropriate
194. message length too big total frags len gt initial total tls length total frags len gt initial total tls length total data rcvd d doesnt match the initial couldnt write d data to TLS buffer invalid flags s passed to eapTlsBuildResp EAPAUTH_MALLOC failed tlsGlueCtxCreate failed Context NULL ERROR Allocating memory for outBuff ERROR Converting password to unicode Error Generating second 16 bytes of session Converting password to unicode Error Constructing failure response ERROR Error checking authenticator response Username string more than 256 ASCII Invalid MS Length Got d expected User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 155 Unified Services Router pFB gt msgBuff is NULL Error calculating binary Error calculating binary adpDigestlnit for SHA1 failed adpDigestlnit for SHA1 failed E d R d Could not initialize des ecb adpDigestInit for MD4 failed adpDigesitlnit for SHA1 failed adpDigestlnit for SHA1 failed Error converting received auth reponse to bin Gnerating challenge hash Error Generating password hash Error Generating challenge response Error Conn cipher name s ver s s Send req ptr
195. nce there is a dependency on the LAN device making an outgoing connection before incoming ports are opened Some applications require that when external devices connect to them they receive data on a specific port or range of ports in order to function properly The router must send all incoming data for that application only on the required port or range of ports The router has a list of common applications and games with corresponding outbound and inbound ports to open You can also specify a port triggering rule by defining the type of traffic TCP or UDP and the range of incoming and outgoing ports to open when enabled 71 Unified Services Router User Manual Figure 42 List of Available Application Rules showing 4 unique rules DSR 1000N SETUP ADVANCED TOOLS STATUS Ap ation Rules gt APPLICATION RULES LOGOUT The table lists all the available port triggering rules and allows several operations on the rules List of Available Application Rules Outgoing Ports Start Port End Port Start Port End Port Incoming Ports E Name Enable Protocol Interface P XBoxUDP Yes UDP LAN 88 88 88 88 F XBoxUDP2 No UDP LAN 3074 3074 3074 3074 P XBoxTCP Yes TCP LAN 3074 3074 3074 3074 L mIRC Yes TCP LAN 2024 6000 1024 5000 E dit Delete Add The application rule status page will list any active rules i e incoming ports that are being triggered based on outbound requests from a defined outgoing port 5
196. ng traffic meter with d mins d hours Updating traffic meter with d mins d hours Deleting traffic meter Disabling block traffic for traffic meter Enabling traffic meter Adding lan group s Deleting lan group s Renaming lan group from s to s Deleting host s from s group Adding host s to s group Enabling Keyword blocking for s keyword Disabling keyword Blocking for s keyword Deleting trusted domain with keyword Pag Adding s keyword to trusted domain Enabling Management Access from DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual Updating BlockSites Keyword from DEBUG Inserting BlockSites Keyword DEBUG Deleting Trusted Domain DEBUG Adding Trusted Domain DEBUG Restarting Schedule Based Firewall Rules DEBUG Enabling Remote SNMP DEBUG Disabling Remote SNMP DEBUG Enabling Remote SNMP DEBUG Disabling DOS Attacks DEBUG Enabling DOS Attacks DEBUG Enabling DOS Attacks DEBUG Restarting Firewall d d For s DEBUG restartStatus d for LogicallfName S DEBUG Deleting Lan Group s DEBUG Adding Lan Group s DEBUG Deleting lan host s from group s DEBUG Adding lan host s from group s DEBUG Disabling Firewall Rule for IGMP Protocol DE
197. ngs must be completed In addition to the IPv6 address assigned to your router the IPv6 prefix length defined by the ISP is needed The default IPv6 Gateway address is the server at the ISP that this router will connect to for accessing the internet The primary and secondary DNS servers on the ISP s IPv6 network are used for resolving internet addresses and these are provided along with the static IP address and prefix length from the ISP 28 Unified Services Router User Manual When the ISP allows you to obtain the WAN IP settings via DHCP you need to provide details for the DHCPv6 client configuration The DHCPv6 client on the gateway can be either stateless or stateful If a stateful client is selected the gateway will connect to the ISP s DHCPv6 server for a leased address For stateless DHCP there need not be a DHCPv6 server available at the ISP rather ICMPv6 discover messages will originate from this gateway and will be used for auto configuration A third option to specify the IP address and prefix length of a preferred DHCPv6 server is available as well Figure 14 IPv6 WAN Setup page Website Filter Firewall Settings Wireless Settings Radius Settings Power Saving ose 1000 H ADVANCED mas starus IPV6 WAN2 CONFIG This page allow user to IPv6 related WAN2 configurations Save Settings l Don t Save Settings Internet Address IPv6 Static IP Address IPv6 Address IPv6 Prefix Length Defau
198. nified Services Router User Manual Figure 36 List of Available Schedules to bind to a firewall rule se 00 e Te cos ET SCHEDULES LOGOUT Date and Time When you create a firewall rule you can specify a schedule when the rule applies The table lists all the Available Schedules for this device and allows several operations on the Schedules List of Available Schedules P Name Days Start Time End Time P Guests Monday Tuesday Wednesday Thursday Friday 09 00 4M 05 00 PM Schedules E Marketing Tuesday Wednesday Thursday 12 00 4AM 11 59 PM T EngineeringWeekend Sunday Saturday 12 00 AM 11 59PM E dit Delete Add 5 3 Configuring Firewall Rules Advanced gt Firewall Settings gt Firewall Rules All configured firewall rules on the router are displayed in the Firewall Rules list This list also indicates whether the rule is enabled active or not and gives a summary of the From To zone as well as the services or users that the rule affects To create a new firewall rules follow the steps below 1 View the existing rules in the List of Available Firewall Rules table 2 To edit or add an outbound or inbound services rule do the following e To edit a rule click the checkbox next to the rule and click Edit to reach that rule s configuration page e To add a new rule click Add to be taken to a new rule s configuration page Once created the new rule is automatically added to the original table
199. o allocate Failed to Open SSHD Configuration File lpaddress should be provided with accessoption 1 User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router GetDnsFromlsp s IdleTimeOutFlag s IdleTimeOutValue d AuthMetho d executing s S removing s from bridge d s adding s to bridge d s stopping bridge restarting bridge Could not configure 6to4 Tunnel Interface Could not de configure 6to4 Tunnel Interface failed to restart 6to4 tunnel interfaces BridgeConfig too few arguments to command s BridgeConfig unsupported command d BridgeConfig returned error d sqlite3QueryResGet failed Error in executing DB update handler sqlite3QueryResGet failed Failed to remove vlan Interface for vianld sqlite3QueryResGet failed Invalid oidp passed Invalid oidp passed Failed to get oid from the tree threegEnable Input to wrapper s threegEnable spawning command s threegMgmtHandler query string s threegMgmtHandler returning with status s adding to dhcprealy ifgroup failed adding to ipset fwDhcpRelay failed Disabling Firewall Rule for DHCP Relay Protocol Enabling Firewall Rule for DHCP Relay Protocol prerouting Fi
200. o configured network resources within the corporate LAN The router supports multiple concurrent sessions to allow remote users to access the LAN over an encrypted link through a customizable user portal interface and each SSL VPN user can be assigned unique privileges and network resource access levels The remote user can be provided different options for SSL service through this router e VPN Tunnel The remote user s SSL enabled browser is used in place of a VPN client on the remote host to establish a secure VPN tunnel A SSL VPN client Active X or Java based is installed in the remote host to allow the client to join the corporate LAN with pre configured access policy privileges At this point a virtual network interface is created on the user s host and this will be assigned an IP address and DNS server address from the router Once established the host machine can access allocated network resources e Port Forwarding A web based ActiveX or Java client is installed on the client machine again Note that Port Forwarding service only supports TCP connections between the remote user and the router The router administrator can define specific services or applications that are available to remote port forwarding users instead of access to the full LAN like the VPN tunnel XW ActiveX clients are used when the remote user accesses the portal using the Internet Explorer browser The Java client is used for other browsers like Mozilla F
201. o you by the ISP 24 Unified Services Router User Manual 3 2 1 3 2 2 3 2 3 Server IP Address Enter the IP address of the PPTP or L2TP server WAN Port IP address Your ISP assigns you an IP address that is either dynamic newly generated each time you log in or static permanent The IP Address Source option allows you to define whether the address is statically provided by the ISP or should be received dynamically at each login If static enter your IP address IPv4 subnet mask and the ISP gateway s IP address PPTP and L2TP ISPs also can provide a static IP address and subnet to configure however the default is to receive that information dynamically from the ISP WAN DNS Servers The IP Addresses of WAN Domain Name Servers DNS are typically provided dynamically from the ISP but in some cases you can define the static IP addresses of the DNS servers DNS servers map Internet domain names example www google com to IP addresses Click to indicate whether to get DNS server addresses automatically from your ISP or to use ISP specified addresses If the latter enter addresses for the primary and secondary DNS servers To avoid connectivity problems ensure that you enter the addresses correctly DHCP WAN For DHCP client connections you can choose the MAC address of the router to register with the ISP In some cases you may need to clone the LAN host s MAC address if the ISP is registered with that LAN host
202. ocreation of VAP failed d ath_dev_probe no memory for device state kdoti1RogueAPEnable called with NULL argument kdot11RogueAPEnable can not add more interfaces kdot1 1 RogueAPGetState called with NULL argument kdot11RogueAPDisable called with NULL argument s SKB does not exist __ FUNCTION __ s recvd invalid skb unable to register KIFDEV to UMI The system is going to factory defaults II S msg 02x data i Inside crypt_open in driver Inside crypt_release in driver Inside crypt_init module in driver TATATATA Inside crypt_cleanup module in driver E SKB is null p skb DST is null p dst DEV is null p p dev dst Packet is Fragmented d pBufMgr gt len User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L 197 Unified Services Router Can t allocate memory for ath_vap Unable to add an interface for ath_dev Sag 02u 7s tag ix ciphers hk gt kv_type 02x hk gt kv_valli mac 02x 02x 02x 02x 02x 02x mac 0 mac 1 mac 2 mac 3 mac 4 mac 5 mac 00 00 00 00 00 00 02x hk gt kv_mic i txmic 02x hk gt kv_txmic i Cannot support setting tx and rx keys individually bog
203. of configured access points Virtual APs shows one enabled access point on the radio broadcasting its SSID DSR 1000N SETUP ADVANCED TOOLS STATUS ACCESS POINTS LOGOUT Internet Settings Wireless Settings The List of Available Access Points table lists the configured Access Points AP for this device From this summary list the status of each AP over all radios can be reviwed and AP parameter configuration settings can be accessed List of Available Access Points x Profile Active Start Stop Settings T Status Virtual AP SSID Broadcast Name Time Time Time ie S T Enabled api admin Y default1 No VLAN Setti T Enabled Open_guests DSR_guest E DSR guest Yes 9 34M 12 30PM E dit Enable Disable Delete Add MAC Filter Status The clients connected to a particular AP can be viewed by using the Status Button on the List of Available Access Points Traffic statistics are shown for that individual AP as compared to the summary stats for each AP on the Statistics table Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link as well as the time connected to this particular AP Clicking the Details button next to the connected client will give the detailed send and receive traffic statistics for the wireless link between this AP and the client 4 3 1 Primary benefits of Virtual APs e Optimize throughput if 802 11b 802 11 g and 802 11n clients are expec
204. olicies to a set of SSL users within a domain Groups are domain subsets that can be seen as types of SSL users some groups require access to all available network resources and some can be provided access to a select few With groups a very secure hierarchy of SSL VPN remote access can be created for all types of users with minimal number of policies to configure XW You must create a Domain first and then a new Group can be created and assigned to the Domain The last step is to add specific SSL VPN users to an already configured Group 7 1 1 User Types and Passwords Advanced gt Users gt Users User level policies can be specified by browser IP address of the host and whether the user can login to the router s GUI in addition to the SSL VPN portal The 90 Unified Services Router User Manual following user types are assigned to a user that reaches the GUI login screen from the LAN or WAN e Administrator This is the router s super user and can manage the router use SSL VPN to access network resources and login to L2TP PPTP servers on the WAN There will always be one default administrator user for the GUI e Guest read only The guest user gains read only access to the GUI to observe and review configuration settings The guest does not have SSL VPN access e SSL VPN User This user has access to the SSL VPN services as determined by the group policies and authentication domain of which it is a member The domain
205. om pnacAuthinit wepKey length incorrect ERROR pnacPortTimerslnit failed ERROR Error from pnacAuthinit Profile s does not exist ERROR pnacAuthPAE Init failed ERROR 175 Unified Services Router Invalid Cipher type d Profile supports WEP stas Group cipher must be WEP Profile s does not exist Profile s does not exist Profile s does not exist invalid pairwise cipher type d Cipher s is already in the list Profile s does not exist Invalid Cipher type d Cipher s not found in the list Profile s does not exist Profile s does not exist Auth method s is already in the list Profile s does not exist Auth method s not found in the list Profile s does not exist Profile s does not exist Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist ERROR incomplete DB update information old values result does not contain 2 rows sqlite3QueryResGet failed ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR
206. ondary WAN port will remain unconnected until a failure is detected on the primary link either port can be assigned as the primary In the event of a failure on the primary port all internet traffic will be rolled over to the backup port When configured in Auto Failover mode the link status of the primary WAN port is checked at regular intervals as defined by the failure detection settings 34 Unified Services Router User Manual 3 4 2 Load Balancing This feature allows you to use multiple WAN links and presumably multiple ISP s simultaneously After configuring more than one WAN port the load balancing option is available to carry traffic over more than one link Protocol bindings are used to segregate and assign services over one WAN port in order to manage internet flow The configured failure detection method is used at regular intervals on all configured WAN ports when in Load Balancing mode Load balancing is particularly useful when the connection speed of one WAN port greatly differs from another In this case you can define protocol bindings to route low latency services such as VOIP over the higher speed link and let low volume background traffic such as SMPT go over the lower speed link 35 Unified Services Router User Manual Figure 19 Load Balancing is available when multiple WAN ports are configured and Protocol Bindings have been defined DSR 1000N SETUP ADVANCED TOOLS STATUS WAN MODE LOGOUT
207. or dropped pkt PPP no memory VJ comp pkt PPP no memory comp pkt PPP no memory fragment PPP VJ uncompressed error ppp_decompress_frame no memory ppp_mp_reconstruct bad seq u lt u ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 192 Unified Services Router PKTLOG_TAG s allocation failed for pl_info FUNCTION _ PKTLOG_TAG s allocation failed for pl_info FUNCTION _ PKTLOG_TAG s create_proc_entry failed for s PKTLOG_TAG s sysctl register failed for s PKTLOG_TAG s page fault out of range _ FUNCTION _ PKTLOG_TAG s page fault out of range _ FUNCTION _ PKTLOG_TAG s Log buffer unavailable _ FUNCTION _ PKTLOG_TAG Logging should be disabled before changing bufer size S allocation failed for pl_info func __ s Unable to allocate buffer func__ S allocation failed for pl_info func __ s Unable to allocate buffer func__ Atheros HAL assertion failure s line Su WS ath_hal logging to s s ath_hal_logfile ath_hal logging disabled S S sep ath_hal_buildopts i failed to allocate rx descriptors d error ath_stoprecv rx queue p link p no mpdu s Tunc Reset rx chain mask Do internal reset s Tunc OS_CANCEL_TIMER failed
208. or self signed if you don t want the identity protection of a CA The Active Self Certificate table lists the self certificates currently loaded on the gateway The following information is displayed for each uploaded self certificate Name The name you use to identify this certificate it is not displayed to IPSec VPN peers or SSL users Subject Name This is the name that will be displayed as the owner of this certificate This should be your official registered or company name as IPSec or SSL VPN peers are shown this field Serial Number The serial number is maintained by the CA and used to identify this signed certificate Issuer Name This is the CA name that issued signed this certificate Expiry Time The date after which this signed certificate becomes invalid you should renew the certificate before it expires To request a self certificate to be signed by a CA you can generate a Certificate Signing Request from the gateway by entering identification parameters and passing it along to the CA for signing Once signed the CA s Trusted Certificate and signed certificate from the CA are uploaded to activate the self certificate validating the identity of this gateway The self certificate is then used in IPSec and SSL connections with peers to validate the gateway s authenticity Figure 66 Certificate summary for IPSec and HTTPS management DSR 1000N SETUP ADVANCED TOOLS STATUS At gt Website Filter CE
209. outdev gt name MAC DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual IPSEC_ERR s d Max d No of SA Limit reached IPSEC_ERR s d time secs u ERROR Failed to add entry to ipsec sa table ERROR Failed to add entry to ipsec sa table ERROR Failed to add entry to ipsec sa table ERROR Failed to add entry to ipsec sa table ERROR Failed to add entry to ipsec sa table ERROR Failed to add entry to ipsec sa table unknown oid s varName could not find oid pointer for s varName unRegistering ipsecMib ERROR Failed to add entry to ipsec sa table ERROR Failed to add entry to ipsec sa table ERROR Failed to add entry to ipsec sa table ERROR Failed to add entry to ipsec sa table ERROR Failed to add entry to ipsec sa table ERROR Failed to add entry to ipsec sa table unknown oid s varName could not find oid pointer for s varName unRegistering ipsecMib u u u u NIPQUAD trt gt rt_dst 02Xx p u u u u NIPQUAD trt gt rt_dst 02Xx p Yu u u u NIPQUAD trt gt rt_dst 02Xx p u u u u NIPQUAD trt gt rt_dst 02Xx p unable to register vipsec kernel comp to UMI unregistering VIPSECK from UMI
210. outer s LAN subnet before accessing the router via changed IP address e Subnet mask factory default 255 255 255 0 2 Inthe DHCP section select the DHCP mode e None the router s DHCP server is disabled for the LAN e DHCP Server With this option the router assigns an IP address within the specified range plus additional specified information to any LAN device that requests DHCP served addresses e DHCP Relay With this option enabled DHCP clients on the LAN can receive IP address leases and corresponding information from a DHCP server on a different subnet Specify the Relay Gateway and when LAN clients make a DHCP request it will be passed along to the server accessible via the Relay Gateway IP address e If DHCP is being enabled enter the following DHCP server parameters e Starting and Ending IP Addresses Enter the first and last continuous addresses in the IP address pool Any new DHCP client joining the LAN is assigned an IP address in this range The default starting address is 192 168 10 2 The default ending address is 192 168 10 100 These addresses should be in the same IP address subnet as the router s LAN IP address You may wish to save part of the subnet range for devices with statically assigned IP addresses in the LAN e Primary and Secondary DNS servers If configured domain name system DNS servers are available on the LAN enter their IP addresses here e WINS Server optional Enter the IP addr
211. outer User Manual Figure 45 Two keywords added to the block list DSR 1000N SETUP ADVANCED TOOLS STATUS Ap gt S k ication Rules pai BLOCKED KEYWORDS LOGOUT You can block access to websites by entering complete URLs or keywords Keywords prevent access to websites that contain the specified characters in the URLs or the page contents The table lists all the Blocked keywords and allows several operations on the keywords Blocked Keywords Status Blocked Keyword Enabled gun Enabled E dit E nable Disable Delete Add 5 9 IP MAC Binding Advanced gt IP MAC Binding Another available security measure is to only allow outbound traffic from the LAN to WAN when the LAN node has an IP address matching the MAC address bound to it This is IP MAC Binding and by enforcing the gateway to validate the source traffic s IP address with the unique MAC Address of the configured LAN node the administrator can ensure traffic from that IP address is not spoofed In the event of a violation i e the traffic s source IP address doesn t match up with the expected MAC address having the same IP address the packets will be dropped and can be logged for diagnosis 75 Unified Services Router User Manual Figure 46 The above example of IP MAC Binding binds a LAN host s MAC Address to an IP address If there is an IP MAC Binding violation the violating packet will be dropped and logs will be captured DS
212. owEntry gt post plsr 0 xlr8NatConntrackPreHook New connection xlr8NatConntrackPostHook postSecure d postlsr p p proto d spi d lt gt proto d spi d pPktInfo gt proto pPktInfo gt spi IPSEC_INF Clock skew detected IPSEC_ERR s d Max d No of SA Limit reached DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 183 Unified Services Router RES 0x 02x u8 ntohl tcp_flag_word th amp TCP_RESERVED BITS gt gt 22 URGP u ntohs th gt urg_ptr TRUNCATED 02X opli PROTO UDP INCOMPLETE u bytes SPT u DPT u LEN u SPT u DPT u LEN u PROTO ICMP INCOMPLETE u bytes TYPE u CODE u ich gt type ich gt code INCOMPLETE u bytes ID u SEQ u PARAMETER u GATEWAY u u u u MTU u ntohs ich gt un frag mtu PROTO AH INCOMPLETE u bytes SPI 0x x ntohl ah gt spi PROTO ESP INCOMPLETE u bytes SPl 0x x ntohl eh gt spi PROTO u ih gt protocol UID u skb gt sk gt sk_socket gt file gt f_uid lt d gt sIN s OUT s loginfo gt u log level level_string SIN s OUT s s prefix NULL loginfo gt prefix prefix IN OUT PHYSIN s physindev gt name PHYSOUT s phys
213. p secrets File found pppoeMgmtTblHandler MtuFlag d pppoeMgmtTblHandler Mtu d pppoeMgmtTblHandler IdleTimeOutFlag d pppoeMgmtTblHandler IdleTimeOutValue d pppoeMgmtTblHandler UserName s pppoeMgmtTblHandler Password s pppoeMgmtTblHandler DNS specified S pppoeMgmtTbliHandler Service s pppoeMgmtTbliHandler Staticlp s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Failed to clear vlan for d Failed to set vlan entry for vlan d Failed to set vlan entries while enabling Failed to execute vlanConfig binary for port number d Failed to execute vlanConfig binary for vlanld d Failed to enable vian Failed to disable vlan Failed to set vlanPort table entries while Failed to enable vian unknown vian state threegMgmtlnit unable to open the database file s threegConnEnable failed to get the WanMode threegEnable spawning failed threegDisable unable to kill ppp daemon threegMgmtHandler Query s threegMgmtHandler error in executing database update Error in executing DB update handler are we getting invoked twice could not open s to append could not write nameserver s to s could not write nameserver s to s could not open s to truncat
214. pher no session est DEBUG Decrypting TLS data ERROR ERROR S SSL_ERROR_WANT_X509_ LOOKUP DEBUG Wrong identity size ERROR ERROR Wrong size for extensions packet err code d in s DEBUG ERROR ERROR BIO_write Error DEBUG innerEapRecv is NULL ERROR ERROR Decrypting BIO reset failed DEBUG Inner EAP processing ERROR ERROR Encrypting BIO reset ERROR DEBUG TLS handshake ERROR ERROR BIO_read Error DEBUG Sending P1 response ERROR ERROR EAP state machine changed from s to Unexpected tlsGlueContinue return S DEBUG value ERROR EAP state machine changed from s to No more fragments in message S DEBUG ERROR ERROR No phase 2 data or phase 2 data Received EAP Packet with code d DEBUG buffer NULL ERROR ERROR Allocating memory for PEAP Phase 2 Response ID d DEBUG payload ERROR ERROR Response Method d DEBUG TLS encrypting response ERROR ERROR 153 Unified Services Router User Manual Setting message in fragment buffer Created EAP PEAP context OK DEBUG ERROR ERROR Allocating TLS read buffer is NULL Deleted EAP PEAP context OK DEBUG ERROR ERROR Upper EAP sent us decision d method state d DEBUG Setting last fragment ERROR ERROR P2 decision d methodState d DEBUG Getting message ERROR ERROR Writing message to BIO ERROR DEBUG Processing PEAP message ERROR ERROR Encrypted d bytes for P2 DEBUG Setting fragment ERROR ERROR P2 sending fragment DEBUG Creating receive buffe
215. pport to disable APs at certain times of the day and accurate logging Please follow the steps below to configure the NTP server 1 2 Select the router s time zone relative to Greenwich Mean Time GMT If supported for your region click to Enable Daylight Savings custom enter the server addresses or FQDN Determine whether to use default or custom Network Time Protocol NTP servers If 106 Unified Services Router User Manual Figure 71 Date Time and NTP server setup DSR 1000N SETUP ADVANCED TOOLS STATUS DATE AND TIME LOGOUT Date and Time This page allows us to set the date time and NTP servers Network Time Protocol NTP is a protocol that is used to synchronize computer clock time in a network of computers Accurate time across a network is important for many reasons Save Settings Don t Save Settings Date and Time Current Router Time Mon Feb 1 14 44 03 GMT 2010 Time Zone GMT 08 00 Pacific Time US and Canada X Enable Daylight Saving Iv Configure NTP Servers C Set Date and Time Manually NTP Servers Configuration Default NTP Server Custom NTP Server amp Primary NTP Server 0 us pool ntp org fi us pool ntp org Secondary NTP Server Set Date And Time Year Month Day Hours Min Sec T ee lls 9 4 Log Configuration This router allows you to capture log messages for traffic through the firewall VPN and over the wirele
216. ptions Status This router also supports an automated notification to determine if a newer firmware version is available for this router By clicking the Check Now button in the notification section the router will check a D Link server to see if a newer firmware version for this router is available for download and update the Status field below 9 7 Dynamic DNS Setup Tools gt Dynamic DNS Dynamic DNS DDNS is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names To use DDNS you must setup an account with a DDNS provider such as DynDNS org D Link DDNS or Oray net Each configured WAN can have a different DDNS service if required Once configured the router will update DDNS services changes in the WAN IP address so that features that are dependent on accessing the router s WAN via FQDN will be directed to the correct IP address When you set up an account with a DDNS service the host and domain name username password and wildcard support will be provided by the account provider 116 Unified Services Router User Manual Figure 79 Dynamic DNS configuration Date and Time Dynamic DNS m Check Schedules DSR 1000N SETUP ADVANCED TOOLS STATUS DYNAMIC DNS LOGOUT Dynamic DNS DDNS is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names To use DDNS you must setup an account
217. quency of sending logs Hourly Daily or Weekly Selecting Never will disable log e mails but will preserve the e mail server settings Figure 74 E mail configuration as a Remote Logging option DSR 1000N ADVANCED TOOLS STATUS Date and Time Log Settings REMOTE LOGGING CONFIGURATION gt This page allows user to configure the remote logging options for the router Save Settings Don t Save Settings Log Options Remote Log Identifier DSR 1000N Enable E Mail Logs Enable E Mail Logs E Mail Server Address SMTP Port Return E Mail Address Send to E Mail Address 1 Send to E Mail Address 2 Send to E Mail Address 3 Authentication with SMTP Server User Name Password Respond to Identd from SMTP Server Send E mail logs by Schedule am em An external Syslog server is often used by network administrator to collect and store logs from the router This remote device typically has less memory constraints than 112 Unified Services Router User Manual the local Event Viewer on the router s GUI and thus can collect a considerable number of logs over a sustained period This is typically very useful for debugging network issues or to monitor router traffic over a long duration This router supports up to 8 concurrent Syslog servers Each can be configured to receive different log facility messages of varying severity To enable a Syslog server select the checkbox
218. r pnacRecvRin no corresponding pnac port pae found sending unicast key sending broadcast key from pnacAuthPAE Disconnected calling pnacTxCannedFail from pnacAuthPAEForceUnauth calling pnacTxCannedFail state changed from s to s PNAC user comp id not set dropping event d sending event d to d requesting keys informantion from d pnacUmiPortPaeParamSet error in getting port pae pnacUmiPortPaeParamSet invalid param d pnacRecvASInfoMessage Skey of length d set pnacRecvASInfoMessage reAuthPeriod set to d pnacRecvASInfoMessage suppTimeout set to d PORT SUCCESSFULLY DESTROYED creating physical port for s pnacAuthlnit using defualt pnacAuthParams pnacSupplnit using defualt pnacSuppParams Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc received a pdu on s pnacRecvMapi protoType 04x pPhyPort gt authToASSendRin p port not found DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
219. r ERROR ERROR P2 message size d DEBUG Setting first fragment ERROR ERROR P2 sending unfragmented message DEBUG Sending P1 response ERROR ERROR NULL request or response PDU or P1 Sending fragment DEBUG NULL context ERROR ERROR Expecting start packet got something P1 Total TLS message size d DEBUG else ERROR ERROR P1 sending unfragmented message DEBUG Protocol version mismatch ERROR ERROR peapFragFirstProcess TLS record size Processing PEAP message from to receive d DEBUG frag ERROR ERROR Setting version d DEBUG Processing PEAP message ERROR ERROR PEAP pkt rcvd data len d flags d version d DEBUG Processing PEAP message ERROR ERROR Got PEAP Start packet DEBUG Indicated length not valid ERROR ERROR Did not get Acknowledged result Got first fragment DEBUG ERROR ERROR Cannot understand AVP value Got fragment n DEBUG ERROR ERROR Got last fragment DEBUG eapExtResp is NULL ERROR ERROR eapWscCtxCreate Got unfragmented message DEBUG EAPAUTH_ MALLOC failed ERROR eapWscProcess umiloctl req to WSC Got frag ack DEBUG failed status d ERROR Ext AVP parsed flags 0x x DEBUG eapWscCheck Invalid frame ERROR Mandatory bit not set WARNING DEBUG eapWscBuildRea Invalid state d ERROR eapWscProcessWscResp Invalid data Ext AVP parsed type d DEBUG recd pData p dataLen ERROR Data received for invalid context Ext AVP parsed value d DEBUG dropping it ERROR eapWscProcessWscResp Build Got PEAPvO
220. r PC s hostname If yes select Network Configuration gt WAN Settings gt Ethernet ISP Settings and set the account name to the PC hostname of your ISP account Ask your ISP if it allows only one Ethernet MAC address to connect to the Internet and therefore checks for your PC s MAC address If yes inform your ISP that you have bought a new network device and ask them to use the firewall s MAC address Alternatively select Network Configuration gt WAN Settings gt Ethernet ISP Settings and configure your router to spoof your PC s MAC address 134 Unified Services Router User Manual Symptom Router can obtain an IP address but PC is unable to load Internet pages Recommended action 1 Ask your ISP for the addresses of its designated Domain Name System DNS servers Configure your PC to recognize those addresses For details see your operating system documentation 2 On your PC configure the router to be its TCP IP gateway 11 2 Date and time Symptom Date shown is January 1 1970 Possible cause The router has not yet successfully reached a network time server NTS Recommended action 1 Ifyou have just configured the router wait at least 5 minutes select Administration gt Time Zone and recheck the date and time 2 Verify your Internet access settings Symptom Time is off by one hour Possible cause The router does not automatically adjust for Daylight Savings Time Recommen
221. r used by the clients to communicate to the AP using this profile By choosing to broadcast the SSID compatible wireless clients within range of the AP can detect this profile s availability The AP offers all advanced 802 11 security modes including WEP WPA WPA2 and WPA WPA2 options The security of the Access point is configured by the Wireless Security Type section e Open select this option to create a public open network to allow unauthenticated devices to access this wireless gateway e WEP Wired Equivalent Privacy this option requires a static pre shared key to be shared between the AP and wireless client Note that WEP does not support 802 11n data rates is it appropriate for legacy 802 11 connections e WPA Wi Fi Protected Access For stronger wireless security than WEP choose this option The encryption for WPA will use TKIP and also CCMP if required The authentication can be a pre shared key PSK Enterprise mode with RADIUS 48 Unified Services Router User Manual server or both Note that WPA does not support 802 11n data rates is it appropriate for legacy 802 11 connections e WPA2 this security type uses CCMP encryption and the option to add TKIP encryption on either PSK pre shared key or Enterprise RADIUS Server authentication e WPA WPA2 this uses both encryption algorithms TKIP and CCMP WPA clients will use TKIP and WPA2 clients will use CCMP encryption algorithms ew
222. reate failed ERROR config data ERROR pnacUmiPhyPortDestroy Invalid sqlite3QueryResGet failed ERROR config data ERROR pnacUmiPhyPortDestroy Failed to invalid query result ncols d nrows d_ ERROR destroy the port ERROR 177 Unified Services Router Invalid config data User Manual ERROR Facility Kernel DNAT multiple ranges no longer supported DNAT Target size u wrong for u ranges DNAT wrong table s tablename DNAT hook mask 0x x bad hook_mask S od resetting MPPC MPPE compressor S d wrong offset value d d S U too big offset value d S d cannot decode offset value S d wrong length code 0x X S d short packet len d FUNCTION S d bad sequence number d expected d S d bad sequence number d expected d PPPIOCDETACH file gt f_count d PPP outbound frame not passed PPP VJ decompression error PPP inbound frame not passed PPP reconstructed packet PPP no memory for missed pkts u u S d resetting MPPC MPPE compressor S d wrong offset value d d S d too big offset value d S d cannot decode offset value S d wrong length code 0x X S d short packet len dq FUNCTION S d bad sequence number d expected d S d wrong length of match value S d wrong length of match value DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
223. rewall Rule add for Relay failed prerouting Firewall Rule add for Relay failed s SQL get query s s sqlite3QueryResGet failed Sag no result found DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Subnetaddress should be provided with accessoption 2 Failed to restart sshd unable to open the sqlite3QueryResGet failed Query s Error in executing DB update handler Error in executing DB update handler unknown vlan state Failed to execute vlanConfig binary for vlanld d sqlite3_mprintf failed Access port can be present only in single vlan Failed to execute vianConfig binary for vlanld d unknown vlan state Failed to execute vlanConfig binary for port number d Failed to clear vlan for oldPVID d Failed to execute vianConfig binary for port number d Failed to clear vlan for d Failed to set vlan entry for vlan d Failed to set vlan entries while enabling sqlite3QueryResGet failed Failed to execute vianConfig binary for port number d Failed to execute vlanConfig binary for vlanld d Failed to enable vian Failed to disable vlan Failed to set vlanPort table entries while Failed to enable vian unknown vlan state Error in executing DB update handler unknown
224. rking Enabling packet marking rule for s IDLE timer Deleted firewall rule s for service s with action s s firewall rule s for service s with action s Added firewall rule s for service s with action s Deleting inbound WAN LAN firewall rule Deleting inbound WAN DMZ firewall rule RIPng disabled RIPng enabled Disable IPv6 firewall rule Enable IPv6 firewall rule Deleting IGMP proxy rule Enable IGMP proxy rule Restarting IGMP rule Traffic meter enabled with no limit type Traffic meter enabled for only download Traffic meter enabled for both directions Deleted firewall rule s for service s with action s s firewall rule s for service s with action s Added firewall rule s for service s with action s Enabling Inter VLAN routing Updating inter VLAN routing status Deleting inter VLAN routing DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual fwLBSpillOverConfigure Could not set POSTROUTING rules fwLBSpillOverConfigure Something going wrong Here fwL2TPGenericRules c unable to open the database file fwL2TPGenericRules c inet_aton failed fwPPTPGenericRules c unable to open the database file fwPPTPGenericRules c inet_aton failed
225. rts that are connected to your workstation and firewall 6 If the path is still not up test the network configuration e Verify that the Ethernet card driver software and TCP IP software are installed and configured on the PC e Verify that the IP address for the router and PC are correct and on the same subnet 11 3 2 Testing the LAN path from your PC to a remote device 1 From the PC s Windows toolbar select Start gt Run 2 Type ping n 10 lt IP_address gt where n 10 specifies a maximum of 10 tries and lt IP address gt is the IP address of a remote device such as your ISP s DNS server Example ping n 10 10 1 1 1 3 Click OK and then observe the display see the previous procedure 4 Ifthe path is not working do the following e Check that the PC has the IP address of your firewall listed as the default gateway If the IP configuration of your PC is assigned by DHCP this information is not visible in your PC s Network Control Panel 136 Unified Services Router User Manual e Verify that the network subnet address of your PC is different from the network address of the remote device e Verify that the cable or DSL modem is connected and functioning e Ask your ISP if it assigned a hostname to your PC If yes select Network Configuration gt WAN Settings gt Ethernet ISP Settings and enter that hostname as the ISP account name e Ask your ISP if it rejects the Ethernet MAC addresses of
226. rx_frame tx_frame s unable to obtain busy times func s beacon is officially stuck Busy environment detected Inteference detected rx_clear d rx_frame d tx_frame d s resume beacon xmit after u misses s stuck beacon resetting bmiss count u EMPTY QUEUE SWRinfo seqno d isswRetry d retryCnt d wh u_int16_t amp wh gt i_seq 0 gt gt 4 0 bf gt bf_isswretry bf gt bf_swretries Buffer 08X gt Next 08X Prev 08X Last 08X bf TAILQ_NEXT bf bf_list Stas 08X flag 08X Node 08X bf gt bf_status bf gt bf_flags bf gt bf_node Descr 08X gt Next 08X Data 08X Ctlo 08X Ctl1 08X bf gt bf_daddr ds gt ds_ link ds gt ds_data ds gt ds_ctlO ds gt ds_ctl1 Ctl2 08X Ctl3 08X Sta0 08X Sta1 08X ds gt ds_hw 0 ds gt ds_hw 1 lastds gt ds_hw 2 lastds gt ds_hw 3 Error entering wow mode Wakingup due to wow signal s wowStatus Ox x _ func wowStatus Pattern added already Error All the d pattern are in use Cannot add a new pattern DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 03d i 02x unsigned char p i mic check failed s Wrong parameters func__ s Wrong Key length __func__ s Wrong parameters func __ s Wrong K
227. ryption thus making the key more difficult to crack e WEP Passphrase enter a alphanumeric phrase and click Generate Key to generate 4 unique WEP keys with length determined by the encryption key 49 Unified Services Router User Manual size Next choose one of the keys to be used for authentication The selected key must be shared with wireless clients to connect to this device Figure 28 Profile configuration to set network security DSR 1000N SETUP ADVANCED TOOLS STATUS PROFILES LOGOUT Internet Settings Wireless Settings The Profile Configuration page allows you to set or modify the network identifiers and wireless settings of a particular wireless profile Profiles can be applied to more than once access point if needed Save Settings Don t Save Settings Profile Configuration Profile Name SSID admin Network Settings Broadcast SSID Iv Security OPEN Encryption TKIP 7 Authentication PSK WPA Password SSS Enable Pre Authentication S WEP Index and Keys Open System _y Authentication Encryption 64 bit WEP v WEP Passphrase generate key WEP Key 1 SSS WEP Key 2 WEP Key 3 Ss Cc WEP Key 4 4 2 2 WPA or WPA2 with PSK A pre shared key PSK is a known passphrase configured on the AP and client both and is used to authenticate the wireless client An acceptable passphrase is between 8 to 63 characters in length 50
228. s Firewall Settings gt A firewall is a security mechanism to selectively block or allow certain types of traffic in accordance with rules specified by network administrators You can use this page to manage the firewall rules that control traffic to and from your network The List of Available Firewall Rules table includes all firewall rules for this device and allows several operations on the firewall rules Wireless Settings L Advanced Network gt Routing List of Available Firewall Rules From To Acti Source Destination Local Internet Zone Zone lt Hosts Hosts Server Destination ALLOW by 176 16 2 200 C Disabled LAN WAN ANY schedule otherwise g block 176 16 2 254 C Status Any Never ALLOW by C Disabled WAN LAN FIP schedule otherwise Any 176 16 2 155 WAN1 Never Power Savin a wer Saving C Disabled WAN DMZ DocServer ALLOW always Any 172 16 1 11 WAN1 Never 5 2 Defining Rule Schedules Tools gt Schedules Firewall rules can be enabled or disabled automatically if they are associated with a configured schedule The schedule configuration page allows you to define days of the week and the time of day for a new schedule and then this schedule can be selected in the firewall rule configuration page XW All schedules will follow the time in the routers configured time zone Refer to the section on choosing your Time Zone and configuring NTP servers for more information 60 U
229. s NetMask s SplitTunnel s needToStartHealthMonitor returning with status s l2tpEnable command string s l2tpEnable command s l2tpEnable command string s PID File for dhcpc found pid d I2tpMgmtDBUpdateHandler query string AS l2toMgmtDBUpdateHandler returning with status s RADVD started successfully RADVD stopped successfully empty update nRows d nCols d Wan is not up or in load balencing mode threegMgmtHandler no row found nRows d nCols d pppoeMgmtDBUpdateHandler empty update dhcpcEnable dhclient already running on s dhcpcDisable deleted dhclient leases l2tpMgmtlnit unable to open the database file s l2tpEnable unable to resolve address AS l2tpEnable inet_aton failed DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG WARN WARN WARN WARN WARN WARN ERROR ERROR ERROR pppoeMgmtTblHandler unable to get current Mtu Option pppoeMgmtTblHandler unable to get the Mtu pppoeMgmtTblHandler pppoe enable failed pppoeMgmtDBUpdateHandler failed query s pppoeMgmtDBUpdateHandler error in executing pptpMgmtinit unable to open the database file s pptpEnable error executing command s pptpEnable unable to resolve address s pptpEnable inet_aton failed pptpEnable inet_aton
230. severity levels available for logging are e EMERGENCY system is unusable e ALERT action must be taken immediately s CRITICAL critical conditions e ERROR error conditions e WARNING warning conditions e NOTIFICATION normal but significant condition e INFORMATION informational e DEBUGGING debug level messages 108 Unified Services Router User Manual Figure 72 Facility settings for Logging Sry J nova Log Settings gt LOGS FACILITY This page allows user to set the date and time for the router User can use the automaic or manual date and settings depending upon his choice Save Settings Don t Save Settings Logs Facility System Display System Check Schedules Display and Send Logs Display in Event Log DO D DDS S Bs The display for logging can be customized based on where the logs are sent either the Event Log viewer in the GUI the Event Log viewer is in the Status gt Logs page or a remote Syslog server for later review E mail logs discussed in a subsequent section follow the same configuration as logs configured for a Syslog server Tools gt Log Settings gt Logs Configuration This page allows you to determine the type of traffic through the router that is logged for display in Syslog E mailed logs or the Event Viewer Denial of service attacks general attack information login attempts dropped packets
231. since the tunnel was established Ifa VPN policy state is IPSec SA Not Established it can be enabled by clicking the Connect button of the corresponding policy The Active IPSec SAs table displays a list of active IPSec SAs Table fields are as follows 131 Unified Services Router User Manual Figure 92 List of current Active VPN Sessions DSR 1000N SETUP ADVANCED TOOLS STATUS The page will auto refresh in 7 seconds ACTIVE PN LOGOUT Traffic Monitor This page displays the active YPN connections IPSEC as well as SSL Active IPSec SAs Policy Name Endpoint tx KB tx Packets State Action test_policy 97 0 0 32 0 00 0 IPsec SA Not Established Connect Active VPNs test_manual_pol 97 0 0 58 0 00 0 IPsec SA Not Established Connect Active SSL YPN Connections UserName IP Address Local PPP Interface Peer PPP Interface IP Connect Status Poll Interval fi 0 Seconds Start Stop All active SSL VPN connections both for VPN tunnel and VPN Port forwarding are displayed on this page as well Table fields are as follows 132 Unified Services Router User Manual Chapter 11 Trouble Shooting 11 1 Internet connection Symptom You cannot access the router s web configuration interface from a PC on your LAN Recommended action 1 2 Check the Ethernet connection between the PC and the router Ensure that your PC s IP address is on the same subnet as the router If you are
232. ss AP As an administrator you can monitor the type of traffic that goes through the router and also be notified of potential attacks or errors when they are detected by the router The following sections describe the log configuration settings and the ways you can access these logs 9 4 1 Defining What to Log Tools gt Log Settings gt Logs Facility The Logs Facility page allows you to determine the granularity of logs to receive from the router There are three core components of the router referred to as Facilities e Kernel This refers to the Linux kernel Log messages that correspond to this facility would correspond to traffic through the firewall or network stack 107 Unified Services Router User Manual e System This refers to application and management level features available on this router including SSL VPN and administrator changes for managing the unit e Wireless This facility corresponds to the 802 11 driver used for providing AP functionality to your network For each facility the following events in order of severity can be logged Emergency Alert Critical Error Warning Notification Information Debugging When a particular severity level is selected all events with severity equal to and greater than the chosen severity are captured For example if you have configured CRITICAL level logging for the Wireless facility then 802 11 logs with severities CRITICAL ALERT and EMERGENCY are logged The
233. st SHA Software Test s shaSoftTest 0 Failed Passed SHA Hardware Test SHA Hardware Test s shaHardTest 0 Failed Passed MD5 Software Test MD5 Software Test s md5SoftTest 0 Failed Passed MD5 Hardware Test MD5 Hardware Test s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Redirect from u u u u on s about IP routing cache hash table of u buckets ldKbytes source route option u u u u gt u U U U Wrong address mask u u u uU from Redirect from u u u u on s about source route option ICMP u u uU u ICMP u u u u Source Wrong address mask u u u u from Redirect from u u u u on s about IP routing cache hash table of u buckets ldKbytes source route option u u uU u gt uU U U U IPsec device unregistering s dev gt name IPsec device down s dev gt name mark only supports 32bit mark ipt_time invalid argument ipt_time IPT_DAY didn t matched Logs_kernel txt 45 KERN_ WARNING Logs_kernel txt 59 KERN_ WARNING ipt_LOG not logging via system console s wrong options length u fname opt_len s options rejected o 0 02x o 1 02x s wrong options length u s options rejected o 0
234. ster sysctls proc_name PKTLOG_TAG s proc_mkdir failed FUNCTION __ PKTLOG_TAG s pktlog_attach failed for s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual PPP VJ uncompressed error ppp_decompress_frame no memory ppp_mp_reconstruct bad seq u lt u PPP couldn t register device s d ppp destroying ppp struct p but dead d ppp destroying undead channel p PPP removing module but units remain PPP failed to unregister PPP device s cannot allocate space for scompressor fname s cannot allocate space for MPPC history s cannot allocate space for MPPC history s cannot load ARC4 module fname s cannot load SHA1 module fname s CryptoAPI SHA1 digest size too small fname s cannot allocate space for SHA1 digest fname S d trying to write outside history S d trying to write outside history S d trying to write outside history S d too big uncompressed packet d S d encryption negotiated but not an S d error not an MPPC or MPPE frame Kernel doesn t provide ARC4 and or SHA1 algorithms PPP not interface or channel PPP no memory VJ compressor failed to register PPP device d err PPP no memory comp pkt ppp compress
235. success DEBUG Request failed ERROR eapWscProcessWscResp Invalid Got PEAPVO failure DEBUG state d ERROR eapWscProcessWscResp Message pCtx NULL DEBUG processing failed Ox X ERROR eapWscProcessWscData Invalid Authenticator response check Error DEBUG notification recd d ERROR Authenticator response check Failed DEBUG unable to initialize MD5 ERROR MS CHAP2 Response AVP size u DEBUG MDSiring adpDigestlnit for md5 failed ERROR Created EAP MS CHAP2 context OK DEBUG EAPAUTH_MALLOC failed ERROR pCtx NULL DEBUG EAPAUTH_MALLOC failed ERROR Deleted EAP MS CHAPv2 context OK DEBUG NULL context created Error ERROR Not authenticated yet DEBUG NULL context received Error ERROR Authenticator response invalid DEBUG Authenticator ident invalid ERROR EAP MS CHAPv2 password changed DEBUG Success request message invalid ERROR 154 Unified Services Router rcvd opCode d pCtx NULL TLS message len changed in the fragment ignoring no data to send while fragment ack received TLS handshake successful Created EAP TTLS context OK Deleted EAP TTLS context OK No more fragments in message ERROR Upper EAP sent us method state d decision d P2 sending fragment P2 send unfragmented message P1 sending fragment P1 sending unfragmented message tTLSMsgLen 0x x Send req ptr 0x x Send resp ptr Ox x P2 decision d methodState d Default EAP method state d decision d TTLS pkt
236. t failed to get M_BLK_ID from pnaclsInterfaceUp device s d User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 174 Unified Services Router User Manual Failed to initiate PBC based enrolle pnacKeyInfoGet failed to allocate association ERROR buffer ERROR Invalid association mode Allowed PNAC user comp id not set dropping modes PIN PBC ERROR EAPOL key pkt ERROR pnacUmiPortPaeParamSet invalid wpsEnable running wsccmd failed ERROR buffer received ERROR Failed to send QUIT command to WSC from DOT11 ERROR Error from pnacRecvASInfoMessage ERROR Failed to clear off the WPS process ERROR pnacRecvASInfoMessage ERROR pnacRecvASInfoMessage Bad info missing profile name ERROR length ERROR A profile exists with the same name ERROR Error from pnacLiblnit malloc failed ERROR Error in allocating memory for profile ERROR could not create phy ports lock ERROR missing profile name ERROR could not create nodes ports lock ERROR missing profile name ERROR port exists for iface s ERROR Profile name and interface name must be specified ERROR pnacPhyPortCreate failed ERROR Profile s does not exist ERROR kpnacPhyPortCreate failed ERROR Could not set profile s on the interface S ERROR invalid argument ERROR pnacAuthConfig maxA
237. t IP address s Adding Packet for existing cookie p Adding Packet and cookie p Releasing Packet and cookie p Releasing Packet with cookie p Received EAP ldentity from Pnac s Filling User Name s Filling State Filling EAP Message Filling Service Type d Filling Framed MTU d Received Access Challenge from Server Sending Reply EAP Packet to Pnac Error sending packet to Pnac RADIUS Authentication Failed RADIUS Authentication Successful Got Packet with cookie p Next DNS Retry after 1 min Next Synchronization after DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Failed to set default retries value ERROR incomplete DB update information old values result does not contain 2 rows sqlite3QueryResGet failed empty update nRows d nCols d Error in executing DB update handler sqlite3QueryResGet failed Invalid SQLITE operation code d sqlite3QueryResGet failed empty result nRows d nCols d sqlite3QueryResGet failed empty result nRows d nCols d RADIUS Accounting Exchange Failed Unable to set debug for radAcct Unable to set debug level for radAcct ERROR option value not specified ERROR option value not specified Unable to initialize radi
238. t specified Unable to initialize radius Invalid username or password usage s lt DB fileName gt ntpd umi initialization failed ntpd ntplnit failed ntpd ntpMgmthnit failed There was an error while getting the timeZoneChangeScript unexpected reply from d cmd d cmd d not supported caller d default reached Unable to initialize ntpControl ntpMgmt Couldn t open database s ERROR incomplete DB update information empty update nRows d nCols d Error in executing DB update handler requestNtpTime Invalid addr failed to take lock for compld d failed to convert ioctl args to buffer for request timeout dst d lt src d failed to take lock for compld d umiloctlArgsToBuf failed to allocate memory umiRecvFrom could not allocate memory adpMalloc failed context with ID d already registered Failed to allocate memory for creating UMI context Failed to create recvSem for UMI context Failed to create mutex locks for UMI context Failed to create mutex recvQLock for UMI context Invalid arguments to umiloctl could not find the destination context User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 161 Unified Services Router tim
239. ted to access the LAN via this router creating 3 VAPs will allow you to manage or shape traffic for each group of clients A unique SSID can be created for the network of 802 11b clients and another SSID can be assigned for the 802 11n clients Each can have different security parameters remember the SSID and security of the link is determined by the profile In this way legacy clients can access the network without bringing down the overall throughput of more capable 802 11n clients e Optimize security you may wish to support select legacy clients that only offer WEP security while using WPA2 security for the majority of clients for the radio By creating two VAPs configured with different SSIDs and different security parameters both types of clients can connect to the LAN Since WPA2 is more secure you may want to broadcast this SSID and not broadcast the SSID for the VAP with WEP since it is meant to be used for a few legacy devices in this scenario 54 Unified Services Router User Manual 4 4 Tuning Radio Specific Settings Setup gt Wireless Settings gt Radio Settings The Radio Settings page lets you configure the channels and power levels available for the AP s enabled on the device The router has a dual band 802 11n radio meaning either 2 4 GHz or 5 GHz frequency of operation can be selected not concurrently though Based on the selected operating frequency the mode selection will let you define whether legacy
240. ter User Manual Appendix A Glossary pane Address Resolution Protocol Broadcast protocol for mapping IP addresses to MAC addresses CHAP Challenge Handshake Authentication Protocol Protocol for authenticating users to an ISP Dynamic DNS System for updating domain names in real time Allows a domain name to be assigned to a device with a dynamic IP address DHCP Dynamic Host Configuration Protocol Protocol for allocating IP addresses dynamically so that addresses can be reused when hosts no longer need them Domain Name System Mechanism for translating H 323 IDs URLs or e mail IDs into IP addresses Also used to assist in locating remote gatekeepers and to map IP addresses to hostnames of administrative domains Fully qualified domain name Complete domain name including the host portion Example serverA companyA com File Transfer Protocol Protocol for transferring files between network nodes P HTTP Hypertext Transfer Protocol Protocol used by web browsers and web servers to transfer files T A FT IP security Suite of protocols for securing VPN tunnels by authenticating or encrypting IP packets in a data stream IPSec operates in either transport mode encrypts payload but not packet headers or tunnel mode encrypts both payload and packet headers Internet Key Exchange Security Protocol Protocol for establishing security associations and cryptographic keys on the Internet Internet service provider MAC
241. ters are restared Traffic limit has been reached Traffic meter monthly limit has been changed to d Enabling traffic meter for only dowload Enabling traffic meter for both directions Enabling traffic meter with no limit Email alert in traffic meter disabled Email alert in traffic meter enabled Traffic Meter Monthly limit d MB has been Traffic Metering Adding rule to drop all traffic Traffic Metering sabling Email traffic Disabling attack checks for IPv 6 rules Enabling attack checks for IPv6 rules Configuring one to one NAT settings with s private start IP Deleting forward one to one NAT having setting s private start Disabling attack check for Block ping to WAN interface Disabling attack check for Stealth mode for tcp Disabling attack check for Stealth mode for udp Disabling attack check for TCP Flood Disabling attack check for UDP Flood Disabling attack check for IPSec Disabling attack check for PPTP Disabling attack check for L2TP Disabling attack check for UDP Flood Disabling attack check for IPSec Disabling attack check for PPTP Disabling attack check for L2TP Enabling attack check for Block ping to WAN Enabling attack check for Stealth Mode for tcp Enabling attack check for Stealth Mode for udp Enabling attack check for TCP Flood Enabling attack check for UDP Flood Enabling attack check for IPSec Enabling attack check for PPTP DEBUG DEBUG DEBUG DEBUG DE
242. th the GUI for administrator users To access the CLI type cli in the SSH or console prompt and login with administrator user credentials SNMP Configuration Tools gt Admin gt SNMP SNMP is an additional management tool that is useful when multiple routers in a network are being managed by a central Master system When an external SNMP manager is provided with this router s Management Information Base MIB file the manager can update the router s hierarchal variables to view or update configuration parameters The router as a managed device has an SNMP agent that allows the MIB configuration variables to be accessed by the Master the SNMP manager The Access Control List on the router identifies managers in the network that have read only or read write SNMP credentials The Traps List outlines the port over which notifications from this router are provided to the SNMP community managers and also the SNMP version v1 v2c v3 for the trap 104 Unified Services Router User Manual Figure 69 SNMP Users Traps and Access Control DSR 1000N SETUP ADVANCED TOOLS STATUS LOGOUT Simple Network Management Protocol SNMP lets you monitor and manage your router From an SNMP Manager SNMP provides a remote means to monitor and control network devices and to manage configurations statistics collection performance and security SNMP 3 Users List Privilege Security level RWUSER NoAuthNoPriv ROUSER NoAuth
243. th the authentication protocol supported by the server PAP or CHAP For RADIUS PAP the router first checks in the user database to see if the user credentials are available if they are not the router connects to the RADIUS server Configuring VPN clients Remote VPN clients must be configured with the same VPN policy parameters used in the VPN tunnel that the client wishes to use encryption authentication life time and PFS key group Upon establishing these authentication parameters the VPN Client user database must also be populated with an account to give a user access to the tunnel 85 Unified 6 4 6 4 1 Services Router User Manual XW VPN client software is required to establish a VPN tunnel between the router and remote endpoint Open source software such as OpenVPN or Openswan as well as Microsoft IPSec VPN software can be configured with the required IKE policy parameters to establish an IPSec VPN tunnel Refer to the client software guide for detailed instructions on setup as well as the router s online help The user database contains the list of VPN user accounts that are authorized to use a given VPN tunnel Alternatively VPN tunnel users can be authenticated using a configured Radius database Refer to the online help to determine how to populate the user database and or configure RADIUS authentication PPTP L2TP Tunnels This router supports VPN tunnels from either PPTP or L2TP ISP servers The rout
244. the Administration web page In the Firmware Upgrade section to upgrade your firmware click Browse locate and select the firmware image on your host and click Upgrade After the new firmware image is validated the new image is written to flash and the router is automatically rebooted with the new firmware The Firmware Information and also the Status gt Device Info gt Device Status page will reflect the new firmware version 75 IMPORTANT During firmware upgrade do NOT try to go online turn off the device shut down the PC or interrupt the process in anyway until the operation is complete This should take only a minute or so including the reboot process Interrupting the upgrade process at specific points when the flash is being written to may corrupt the flash memory and render the router unusable without a low level process of restoring the flash firmware not through the web GUI 115 Unified Services Router User Manual Figure 78 Firmware version information and upgrade option oso H ron FIRMWARE LOGOUT This page allows user to upgrade downgrade the router firmware This page also show the information Firmware regarding firmware version and build time Ww e via JS Firmware via USB Firmware Information Dynamic DNS 1 01B27 Mon Feb 22 18 52 44 2010 system Check Schedules 7 Schedul Firmware Upgrade Locate amp select the upgrade file No file chosen Upgrade Firmware Upgrade Notification O
245. to introduce this passthrough support instead the appropriate check boxes in the VPN Passthrough page must be enabled 70 Unified Services Router User Manual Figure 41 Passthrough options for VPN tunnels DSR 1000N SETUP ADVANCED TOOLS STATUS cation Rules gt YPN PASSTHROUGH LOGOUT Firewall Settings 5 7 This page allows user to configure YPN IPSec PPTP and L2TP passthrough on the router Save Settings Don t Save Settings PN Passthrough Application Rules Advanced gt Application Rules gt Application Rules Application rules are also referred to as port triggering This feature allows devices on the LAN or DMZ to request one or more ports to be forwarded to them Port triggering waits for an outbound request from the LAN DMZ on one of the defined outgoing ports and then opens an incoming port for that specified type of traffic This can be thought of as a form of dynamic port forwarding while an application is transmitting data over the opened outgoing or incoming port s Port triggering application rules are more flexible than static port forwarding that is an available option when configuring firewall rules This is because a port triggering rule does not have to reference a specific LAN IP or IP range As well ports are not left open when not in use thereby providing a level of security that port forwarding does not offer XW Port triggering is not appropriate for servers on the LAN si
246. ttings gt Custom Services Custom services can be defined to add to the list of services available during firewall rule configuration While common services have known TCP UDP ICMP ports for traffic many custom or uncommon applications exist in the LAN or WAN In the custom service configuration menu you can define a range of ports and identify the traffic type TCP UDP ICMP for this service Once defined the new service will appear in the services list of the firewall rules configuration menu 68 Unified Services Router User Manual Figure 39 List of user defined services DSR 1000N SETUP ADVANCED TOOLS STATUS on S gt p g CUSTOM SERVICES LOGOUT When you create a firewall rule you can specify a service that is controlled by the rule Common types of services are available For selection and you can create your own custom services This page allows creation of custom services against which firewall rules can be defined Once defined the new service will appear in the List of Available Custom Services table List OF Available Custom Services Name ICMP Type Port Range DocServer 4554 4556 E dit Delete Add 5 5 ALG support Advanced gt Firewall Settings gt ALGs Application Level Gateways ALGs are security component that enhance the firewall and NAT support of this router to seamlessly support application layer protocols In some cases enabling the ALG will allow the firewall to use dynamic ephe
247. uick Installation Guide included in the package Manual Internet Connection Options IF you would like to configure the Internet settings of your new D Link Systems Router manually then click on the button below Manual Internet Connection Setup You can start using the Wizard by logging in with the administrator password for the router Once authenticated set the time zone that you are located in and then choose the type of ISP connection type DHCP Static PPPoE PPTP L2TP Depending on the connection type a username password may be required to register this router with the ISP In most cases the default settings can be used if the ISP did not specify that parameter The last step in the Wizard is to click the Connect button which confirms the settings by establishing a link with the ISP Once connected you can move on and configure other features in this router 23 Unified Services Router User Manual 3 2 XW 3G Internet access with a USB modem is supported on the secondary WAN port WAN2 The Internet Connection Setup Wizard assists with the primary WAN port WAN1 configuration only WAN Configuration Setup gt Internet Settings gt WANI Setup You must either allow the router to detect WAN connection type automatically or configure manually the following basic settings to enable Internet connectivity ISP Connection type Based on the ISP you have selected for the primary WAN link for this ro
248. urity parameter index SPI values must be mirrored on the remote tunnel endpoint As well the encryption and integrity algorithms and keys must match on the remote IPSec host exactly in order for the tunnel to establish successfully Note that using Auto policies with IKE are preferred as in some IPSec implementations the SPI security parameter index values require conversion at each endpoint 84 Unified Services Router User Manual Figure 52 IPSec policy configuration continued Auto Manual Phase 2 6 2 1 6 3 Phase2 Manual Policy Parameters SPI Incoming SPI Outgoing Encryption Algorithm Key Length Key In Key Out Integrity Algorithm Key In Key Out Phase2 Auto Policy Parameters SA Lifetime Seconds Encryption Algorithm 3DES z Key Length Integrity Algorithm PFS Key Group Extended Authentication XAUTH You can also configure extended authentication XAUTH Rather than configure a unique VPN policy for each user you can configure the VPN gateway router to authenticate users from a stored list of user accounts or with an external authentication server such as a RADIUS server With a user database user accounts created in the router are used to authenticate users With a configured RADIUS server the router connects to a RADIUS server and passes to it the credentials that it receives from the VPN client You can secure the connection between the router and the RADIUS server wi
249. us radEapMsgQueueAdd Invalid EAP packet length d radEapRecvTask invalid EAP code d radEapRecvTask Packet length mismatch d d No attributes received in Access Challenge message No State Attribute in Access Challenge message radEapRecvTask failed to initialize UMI umiRegister failed errno d Invalid arguments to ioctl handler radEapSendRin Invalid Arguments radEapSendRin failed to allocate buffer umiloctl failed failed to initialize EAP message queue Unable to set debug for radEap Unable to set debug level for radEap ERROR option value not specified ERROR option value not specified could not initialize MGMT framework Unable to initialize radius Unable to set debug for radEap Unable to set debug level for radEap ERROR option value not specified Unable to initialize radius Invalid username or password User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 160 Unified Services Router Next Synchronization after Next Synchronization after d Primary is not available Secondary is not available Invalid value for use default servers No server is configured Backing off for d seconds Requesting time from s Syn
250. us frame type 0x x s ERROR ieee80211_encap ret NULL ERROR ath_amsdu_attach not called S no memory for cwm attach __func__ s error acw NULL Possible attach failure Tunc s unable to abort tx dma func __ S no memory for ff attach _ func__ Failed to initiate PBC based enrolle association KERN_EMERG Returing error in INTR registration KERN_EMERG Initialzing Wps module HS d WS func __ FILE UNE DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual Marked the packet proto d sip x dip x sport d dport d spi d isr p p Yp SAV CHECK FAILED IN DECRYPTION FAST PATH Breaks on BUF CHECK FAST PATH Breaks on DST CHECK FAST PATH Breaks on MTU d d d bufMgrLen pBufMgr mtu dst_mtu p Dst gt path FAST PATH Breaks on MAX PACKET d d bufMgrLen pBufMgr IP_MAX_PAC KET SAV CHECK FAILED IN ENCRYPTION Match Found proto d spi d pPktInfo gt proto pFlowEntry gt pre spi PRE proto u srcip u u uU u sport u dstip u u u u dport u POST proto u srcip u u u u sport u dstip u u u u dport u Clearing the ISR p p PROTO d u u u u gt u u Uu U ESP DONE p p sav m ESP BAD p p sav m Bug in ip_route_input_slow Bug in ip_route_input_slow Bug in ip_route_input Bug in ip_route_input_slo
251. using the recommended addressing scheme your PC s address should be in the range 192 168 10 2 to 192 168 10 254 Check your PC s IP address If the PC cannot reach a DHCP server some versions of Windows and Mac OS generate and assign an IP address These auto generated addresses are in the range 169 254 x x If your IP address is in this range check the connection from the PC to the firewall and reboot your PC If your router s IP address has changed and you don t know what it is reset the router configuration to factory defaults this sets the firewall s IP address to 192 168 10 1 If you do not want to reset to factory default settings and lose your configuration reboot the router and use a packet sniffer such as Ethereal to capture packets sent during the reboot Look at the Address Resolution Protocol ARP packets to locate the router s LAN interface address Launch your browser and ensure that Java JavaScript or ActiveX is enabled If you are using Internet Explorer click Refresh to ensure that the Java applet is loaded Close the browser and launch it again Ensure that you are using the correct login information The factory default login name is admin and the password is password Ensure that CAPS LOCK is off when entering this information Symptom Router does not save configuration changes Recommended action ie 2 When entering configuration settings click Apply before moving to anoth
252. uter choose Static IP address DHCP client Point to Point Tunneling Protocol PPTP Point to Point Protocol over Ethernet PPPoE Layer 2 Tunneling Protocol L2TP Required fields for the selected ISP type become highlighted Enter the following information as needed and as provided by your ISP PPPoE Profile Name This menu lists configured PPPoE profiles particularly useful when configuring multiple PPPoE connections i e for Japan ISPs that have multiple PPPoE support ISP login information This is required for PPTP and L2TP ISPs e User Name e Password e Secret required for L2TP only MPPE Encryption For PPTP links your ISP may require you to enable Microsoft Point to Point Encryption MPPE Split Tunnel supported for PPTP and L2TP connection This setting allows your LAN hosts to access internet sites over this WAN link while still permitting VPN traffic to be directed to a VPN configured on this WAN port XW With split tunneling enabled users can bypass content filtering and other firewall settings Disable split tunneling on the WAN interface for highest gateway security measures Connectivity Type To keep the connection always on click Keep Connected To log out after the connection is idle for a period of time useful if your ISP costs are based on logon times click Idle Timeout and enter the time in minutes to wait before disconnecting in the Idle Time field My IP Address Enter the IP address assigned t
253. uth limit missing profile name ERROR reached ERROR Profile s does not exist ERROR pnacAuthConfig malloc failed ERROR Error from pnacAuthConfig pAsArg Profile s does not exist ERROR cannot be NULL ERROR Error from pnacAuthConfig receive SSID should not be longer than d ERROR routine hook ERROR Profile s does not exist ERROR pnacAuthConfig pnacAuthlInit failed ERROR Profile s does not exist ERROR kpnacPortPaeContfig failed ERROR Profile s does not exist ERROR Invalid arguments ERROR Error from pnacSuppConfig malloc Profile s does not exist ERROR failed ERROR Error from pnacSuppConfig receive Profile s does not exist ERROR routine hook ERROR Error from pnacSuppConfig Profile s does not exist ERROR pnacSupplnit failed ERROR SSID not set SSID is needed to generate password hash ERROR kpnacPortPaeContfig failed ERROR pnacAuthDeconfig failed pPortPae Password string too big ERROR NULL ERROR Error from pnacPhyPortDestroy port dot 1Malloc failed ERROR not configured ERROR pnacPhyPortDestroy Failed to Profile s does not exist ERROR deconfigure port ERROR Hex string should only have d hex chars ERROR pnacPhyPortParamUnset FAILED ERROR Error from pnacPhyPortCreate malloc dot11Malloc failed ERROR failed ERROR Error from pnacPhyPortCreate Profile s does not exist ERROR pnacPhyPortParamSet ERROR invalid key index d key index should error from pnacPhyPortCreate malloc be 0 3 ERROR failed ERROR Error fr
254. version is dependent on the RIP support of other routing devices in the LAN e Disabled This is the setting when RIP is disabled e RIP I is a class based routing version that does not include subnet information This is the most commonly supported version e RIP 2 includes all the functionality of RIPv1 plus it supports subnet information Though the data is sent in RIP 2 format for both RIP 2B and RIP 2M the mode in which packets are sent is different RIP 2B broadcasts data in the entire subnet while RIP 2M sends data to multicast addresses If RIP 2B or RIP 2M is the selected version authentication between this router and other routers configured with the same RIP version is required MDS authentication is used in a first second key exchange process The authentication key validity lifetimes are configurable to ensure that the routing information exchange is with current and supported routers detected on the LAN Static Routing Advanced gt Routing gt Static Routing Advanced gt IPv6 gt IPv6 Static Routing Manually adding static routes to this device allows you to define the path selection of traffic from one interface to another There is no communication between this router and other devices to account for changes in the path once configured the static route will be active and effective until the network changes 40 Unified Services Router User Manual The List of Static Routes displays all routes that have been
255. vlan state Failed to execute vianConfig binary for vlanld d sqlite3_mprintf failed Access port can be present only in single vlan Failed to execute vianConfig binary for vlanld d unknown vlan state Failed to execute vlanConfig binary for port number d Failed to clear vlan for oldPVID d Failed to execute vlanConfig binary for port number d User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 149 Unified Services Router s buffer overflow s value of s in s table is s s returning with status s dnsResolverConfigure addressFamily d dnsResolverConfigure LogicallfName S chap secrets File found PID File for xl2tpd found pid d options xl2tpd file found options xl2tpd file not found Conf File for xl2tpd found xl2tpd conf not found Chap Secrets file found Chap Secrets file not found s DBUpdate event Table s opCode d rowld d chap secrets File found PID File for pptpd found pid d PID File for pptpd interface found pid d options pptpd file found options pptpd file not found Conf File for pptpd found pptpd conf not found Chap Secrets file found Chap Secrets file not found s DBUpdate event Table s opCode d rowld d cha
256. w AH Assigning the secure flags for sav p Sav ESP Assigning the secure flags for sav p skb p src x dst x Sav Skb ip gt ip_src s_addr ip gt ip_dst s_addr s Buffer d mtu d path mtu d header d trailer Sal func__ bufMgrLen pBufMgr mtu dst_mtu pDst gt path pDst gt header_len pDst gt trailer_len CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L CRITICA L 198
257. which allows display of the most current port level data at each page refresh The default auto refresh for this page is 10 seconds Figure 90 List of connected 802 11 clients per AP DSR 1000N SETUP ADVANCED TOOLS STATUS The page will auto refresh in 4 seconds WIRELESS CLIENTS LOGOUT This list identifies the wireless clients or stations currently connected to the Access Points configured and enabled on this device Connected Clients AP Name MAC Address Radio Security Encryption Authentication Time Connected Poll Interval fio Seconds Start Stop 10 3 3 LAN Clients Status gt LAN Clients The LAN clients to the router are identified by an ARP scan through the LAN switch The NetBios name if available IP address and MAC address of discovered LAN hosts are displayed 130 Unified Services Router User Manual Figure 91 List of LAN hosts DSR 1000N SETUP ADVANCED TOOLS STATUS LAN CLIENTS LOGOUT This page displays a list of LAN clients connected to the router List of LAN Clients Name IP Address MAC Address EITHSTINTEL645 97 0 0 5 00 0F 1F 5E B6 36 10 3 4 Active VPN Tunnels Status gt Active VPNs You can view and change the status connect or drop of the router s IPSec security associations Here the active IPSec SAs security associations are listed along with the traffic details and tunnel state The traffic is a cumulative measure of transmitted received packets
258. with a DDNS provider such as DynDNS com DlinkKDDNS com or Oray net Save Settings Don t Save Settings Current WAN Mode Use only single WAN port Configurable WAN Dedicated WAN DDNS Status Select the Dynamic DNS Service None z Host and Domain Name User Name admin Password FP c Use wildcards Update every 30 days S Configurable WAN DDNS Status DDNS IS ENABLED l dyndns v Host and Domain Name ftest dyndns com _ User Name ar t S Password Select the Dynamic DNS Service Use wildcards E Update every 30 days 9 8 Using Diagnostic Tools Tools gt System Check The router has built in tools to allow an administrator to evaluate the communication status and overall network health 117 Unified Services Router User Manual Figure 80 Router diagnostics tools available in the GUI asco H ron SYSTEM CHECK LOGOUT Date and Time This page can be used for diagnostics purpose This page provide user with some diagnostic tools like ping traceroute and packet sniffer Ping or Trace an IP Address ware via USB Firmware via USB www dlink com Dynamic DNS Ping Traceroute System Check Perform a DNS Lookup Internet Name Lookup Router Options Display the IPv4 Routing Table Display Display the IPv6 Routing Table Display Capture Packets Packet Trace 9 8 1 Ping This utility can be used to test
Download Pdf Manuals
Related Search