Home

Manual bintec R200-Serie

Contents

1. Radio buttons e g Address Mode static O DHCP Select the corresponding option Checkboxes e g activation by selecting checkbox Cl Enabled Selection of several possible options Encryption Algorithms v 3DES 4 Blowtish 4 AES 128 C AES 256 Hashing Algorithms IMDS5 4 SHA 1 Y RipeMD160 Dropdown menus e g Configured Speed Mode Full Autonegotieson Full Autonegotia on Full Autonegotaton E EEE Full Autonegotaton Click the arrow to open the list Select the required option using the mouse Internal lists e g Remote IP Address Netmask 255 255 255 0 i Add _ Click Add A new list entry is created Enter the correspond ing data If list input fields remain empty these are not saved bintec R200 Serie Funkwerk Enterprise Communications GmbH 7 Access and configuration when you confirm with OK Delete the entries by clicking the icon Display of options that are not available Options that are not available because they depend on the selection of other options are generally hidden If the display of these options could be helpful for a configuration de cision they are instead greyed out and cannot be selected Important Please look at the messages displayed in the sub menus These provide information on any incorrect configurations Warning symbols Icon Meaning oO This symbol appears in messages referring you to settings that were made with the Set
2. lent 0 we1002 ha 92 168 0 12 255 255 255 0 00 01 cd De 14 de No error a DynDNS Client oe th DNC Server Interface Node Name IP Address Mask T MAC Address Last rte Resut Fig 130 Local Services gt Funkwerk Discovery gt Device Discovery If access points were discovered in the network they are displayed in the list You use the E button to go to the configuration menu for the access point bintec R200 Serie bintec R200 Serie bintec R232bw DynDNS Client Web Filter CAPI Server othe i is aia Language English i jea Online Help Express Setup Wizard Device Discovery Options Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery UPnP Basic Parameters Interface MAC Address Node Name IP Address Netmask Gateway Authentication Password Last Write Result ent 0 00 01 cd 0e 14 de ma 002 192 168 0 12 255 255 255 0 192 168 0 254 No error C o N Cancel Fig 131 Local Services gt Funkwerk Discovery gt Device Discovery gt The Local Services gt Funkwerk Discovery gt Device Discovery gt g menu consists of the following fields Fields in the Funkwerk Discovery Basic Parameters menu Field Description Interface MAC address Node Name IP Address Netmask The value of this field can only be read This field specifi
3. Basic Parameters Port Name bri4 0 TE TA EA 7 1 Autoconfiguration on Bootup MeEnablea Result of Autoconfiguration Running Port Usage None Y ISDN Configuration Type Point to Multipoint Point to Point Advanced Settings X 31 0425 in D Channel M Enabled X 31 TEI Value Ha X31 TEI Service Packet Switch C oK gt C Cancel Fig 38 Physical Interfaces gt ISDN Ports gt ISDN Configuration gt The Physical Interfaces gt ISDN Ports gt ISDN Configuration gt menu consists of the following fields Fields in the ISDN Configuration Basic Parameters menu bintec R200 Serie Funkwerk Enterprise Communications GmbH 9 Physical interfaces Field Description Port Name Shows the name of the ISDN port Autoconfig on Bootup Select whether the ISDN switch type D channel detection for switched line is to be automatically identified The function is activated with Enabled The function is enabled by default Result of Autoconfigura Shows the status of the ISDN Auto Config tion Automatic D channel detection runs until a setting is found or until the ISDN protocol is selected manually under Port Usage This field cannot be edited Possible values e Euro ISDN point to point See Port Usage and ISDN Configtype e Euro ISDN point to multipoint See Port Usage and ISDN Configtype e Auto Config disabled Manual setting for Port Usage and
4. Options PPTP t r ters SST T Description J L 4 PPTP Made PNS Owindows Client Mode User Name J Password ececcece Always on DEnabled Connection Idle Timeout poo Seconds Remote PPTP IP Address AAA IP Mode and Routes E 3 IP Address Mode O static O Provide IP Address Default Route a C Enabled Create NAT Policy DEnabled Local IP Address Route Entries Advanced Settings Block after connection failure for 300 Seconds Authentication MS CHAPV2 na Encryption O None Enabled Windows compatible il LCP Alive Check El Enabled IP Options OSPF Mode Opassive O active Omactive Proxy ARP Mode O Inactive O Up or Dormant Up only DNS Negotiation El Enabled PPTP Callback 5 Callback DEnabled a ok a Cancel Fig 86 VPN gt PPTP gt PPTP Tunnel gt New The VPN gt PPTP gt PPTP tunnel gt New menu consists of the following fields Fields in the menu PPTP Tunnel PPTP Partner Parameter Field Description Description Enter a unique name for the tunnel bintec R200 Serie 14 VPN Funkwerk Enterprise Communications GmbH Field Description The first character in this field must not be a number and no special characters or umlauts must be used either PPTP Mode Enter the role to be assigned to the
5. Cl Enabled Proy ARP Inactive Up or Dormant up only Inactive C oK gt C Cancel Fig 75 VPN gt IPSec gt IPSec Peers gt New The VPN gt IPSec gt IPSec Peers gt New menu consists of the following fields bintec R200 Serie 14 VPN Funkwerk Enterprise Communications GmbH Fields in the IPSec Peers Peer Parameters menu Field Description Administrative Status Select the status to which you wish to set the peer after saving the peer configuration Possible values e Up default value The peer is available for setting up a tunnel immediately after saving the configuration e Down The peer is initially not available after the configuration has been saved Description Enter a description of the peer that identifies it The maximum length of the entry is 255 characters Peer Address Enter the official IP address of the peer or its resolvable host name The entry can be omitted in certain configurations whereby your device then cannot initiate an IPSec connection Peer ID Select the ID type and enter the peer ID This entry is not necessary in certain configurations The maximum length of the entry is 255 characters Possible ID types e Fully Qualified Domain Name FODN e E mail address e IPV4 Address e ASN 1 DN Distinguished Name On the peer device this ID corresponds to the parameter Local ID Value Preshared Key Enter the pass
6. o 95 9 2 ISDN Ports i eagle a a LN A a AR Of ex 97 9 2 1 ISDN Configuration 2 eo o 98 9 2 2 MSN Configuration 2 o e o eo 101 9 3 ADSL Modemi y coco a ir Ro a ad Ee 103 9 3 1 ADSL Configuration 2 2 eo 104 Chapter 10 A 8 de eo E de E EE EEE Bane 107 10 1 IP Configuration 2 a e eo o 107 10 1 1 Interfaces ni ic de id A N 107 10 2 VLANs io ee A e ea a ee a dE 110 10 2 1 VLANS w us s ggep a a a A a 112 10 2 2 Port Configuration s soso coore o toea s 2 toeo 113 10 2 3 Administrations gt cria op toed do a te a 114 bintec R200 Serie Chapter 11 Wireless LAN 1 2 o e es 115 11 1 WEAN aaie is ad ae ee Se eee A E 115 11 1 1 Radio SetiNgS fc teina e ek a tei e e e e k 116 11 1 2 Virtual Service Sets 2 1 ee 121 11 2 Administration oa o o o e o 127 11 2 1 Basic settings Jc ak da at Bech fe Bh ds Gt RD a ett J 127 Chapter 12 ROUNO nse Bee OP ek a Ee ed 129 12 1 Routes s y ae eee Ph a See ea a 129 12 1 1 IP TOUTOS i r te gaid See Ae de he hgh eee Ae te beta be 129 12 1 2 OPUS ma er a ts Ri A a a it NE 134 12 2 NAT enm e tal We SP og ed RE e o 136 12 2 1 NAT Interfaces o 2 e 136 12 2 2 Portforwarding 2 a a E eo 137 12 3 A O O ch ad 141 12 3 1 RIP Interfaces o o 142 12 3 2 RIP Ele 4 Let e fo 0 E Ts o le o e a hte 144 12 3 3 RIP O
7. 65535 Enter the appropriate values for the individual port or start port of a range in Port and for a range the end port in to Port DSCP TOS Value Select the Type of Service TOS Possible values e Ignore default value The type of service is ignored e DSCP Relates to a Differentiated Services Code Point to RFC 3260 e TOS Binary Value The TOS value is specified in binary format e g 00111111 e TOS Decimal Value The TOS value is specified in decimal format e g 63 Enter the relevant value for DSCP TOS Binary Value and TOS Decimal Value Mode Select when the interface defined in Route Parameters gt In terface is to be used Possible values e Dialup and wait default value The route can be used if Field Description the interface is up If the interface is dormant then dial and wait until the interface is up e Authoritative The route can always be used e Dialup and continue The route can be used if the inter face is up If the interface is dormant then select and use the alternative route rerouting until the interface is up e Never dialup The route can be used if the interface is up e Always dialup The route can be used if the interface is up If the interface is dormant then dial and wait until the interface is up In this case an alternative interface with a poorer metric is used for routing until the interface is up 12 1 2 Options Back Rout
8. Funkwerk Enterprise Communications GmbH 17 Local services Chapter 17 Local services 17 1 DNS Each device in a TCP IP network is usually located by its IP address Because host names are often used in networks to reach different devices it is necessary for the associated IP address to be known This task can be performed by a DNS server which resolves the host names into IP addresses Alternatively name resolution can also take place over the HOSTS file which is available on all PCs Your device offers the following options for name resolution DNS Proxy for forwarding DNS requests sent to your device to a suitable DNS server This also includes specific forwarding of defined domains Forwarded Domains DNS cache for saving the positive and negative results of DNS requests e Static entries Static Hosts for manually defining or preventing assignments of IP ad dresses to names e DNS monitoring for providing an overview of DNS requests on your device Global Name Server The IP addresses of global name servers that are queried if your device is unable to an swer requests itself or by forwarding entries are entered in Local Services gt DNS gt Global Settings gt Basic Parameters For local applications the IP address of your device or the general loopback address 127 0 0 1 can be entered as the global name server Your device can also receive the global name servers dynamically and transfer them dy na
9. a Select the syslog level at which the string configured in the Matching String field must occur to trigger an e mail alert Possible values Emergency default value Alert Critical Error Warn ing Notice Information Debug Message Timeout Enter how long the router must wait after a relevant event be fore it is forced to send the e mail alert Possible values are 0 to 86400 The value 0 disables the timeout Number of Messages Enter the number of syslog messages that must be reached be fore an e mail alert can be sent for this case If timeout is con figured the mail is sent when this expires even if the number of messages has not been reached Possible values are 0 to 99 the default value is 1 Message Compression Select whether the e mail alert text is to be shortened The e mail then contains the syslog message only once plus the num ber of relevant events Enable or disable the field The function is enabled by default Fields in the E mail Alert Receiver Monitored Subsystems menu Field Description Subsystem Select the subsystems to be monitored Add a new system with Add 19 4 SNMP SNMP Simple Network Management Protocol is a protocol from the IP protocol family for transporting management information about network components Every SNMP management system contains an MIB SNMP can be used to configure con trol and administrate various network components from one system Such an SNMP to
10. unkwerk Discovery UPnP Fig 124 Local Services gt Monitoring gt Hosts gt New The Local Services gt Monitoring gt Hosts gt New menu consists of the following fields Fields in the Hosts Host Parameters menu Field Description Group ID Select an ID for the group of hosts whose availability is to be monitored by your device bintec R200 Serie 17 Local services Funkwerk Enterprise Communications GmbH Field Description The group IDs are automatically created from 0 to 255 If an entry has not yet been created a new group is created using the New ID option If entries have been created you can select one from the list of created groups Each host to be monitored must be assigned to a group The action configured in Interface Action is only executed if no other group member can be reached Fields in the Hosts Trigger menu Field Description Monitored IP Address Enter the IP address of the host to be monitored Source IP Address Select how the IP address is to be determined that your device uses as the source address of the packet sent to the host to be monitored Possible values e Automatic default value The IP address is determined automatically e Specific Enter the IP address in the adjacent input field Interval Enter the time interval in seconds to be used for checking the availability of hosts Possible values are 1to 65536 The default value is 10 The smallest
11. 1232bw funkwerk Preliminaries Select language and country settings enterprise communications Notes A A To navigate in the wizard you can also use the following hot Please select the language you want to use in the wizard keys BACK hot key gt Press lt Alt b gt B ack NEXT hot key gt Press lt Alt n gt Next HELP hot key gt Press lt Alt h gt H elp Select the country of the gateway s installation location With the NEXT bution you will confirm the configuration modification and go to the next page With the BACK button you will cancel the configuration modification and go to the previous page With the HELP button additional information and examples will be displayed Germany NEXT gt CANCEL Fig 3 Express Setup Wizard Initial Screen If you have already created a configuration using the Express Setup Wizard the Express Setup Wizard can use the preset values You will be informed about this possibility during configuration Start the configuration of your gateway as follows 1 Enter http 192 168 0 254 wizardor https 192 168 0 254 wizardin your web browser s address line Follow the instructions Optional 1 On the bintec bintec Companion CD choose Installation and click the Configure Device button 2 Then follow the instructions to find a free IP address for the device Click Allocate Automatically or enter the IP
12. 14 1 1 IPSec Peers An endpoint of a communication is defined as peer in a computer network Each peer of fers its services and uses the services of other peers In the VPN gt IPSec gt IPSec Peers menu a list of all configured IPSec peers is shown ven fro E per page lt 1 Filter in None v equal Fi jj A gt gt pna PriojDescription___ Peer Address __ Peer D Phase 1 Profile Phase 2Profle Status New Fig 74 VPN gt IPSec gt IPSec Peers bintec R200 Serie Peer Monitoring The menu for monitoring a peer is called by selecting the E button for the peer in the peer list See Values in the list IPSec Tunnels on page 358 14 1 1 1 New Choose the New button to set up more IPSec peers OEE o EEE Peer Parameters Administrative Status Sup ODown Description Peer Peer Address Belii Fully Qualified Domain Name FQDN ES Preshared Key J Interface Routes IP Address Assignment O static O KE Config Mode Default Route DEnabted Local IP Address Route Entries Advanced Settings Advanced IPSec Options Phase 1 Profile PSK Multiproposal Phase 2 Profile Mult Proposal Y XAUTH Profile Selectone Usage Type O standard Multi User Dialin Only Start Mode On Demand Always up Advanced IP Options Back Route Verify
13. This performance feature requires the installation of the T ISDN Speedmanager If you are surfing the Internet and use two B chan nels for downloading you cannot be reached by telephone from out side As a further call is signalled over the D channel your PBX can depending on the setting specifically shut down a B channel so that you can take the call Alternative name for the So bus ISDN Primary Rate Interface International Standardization Organization Internet Service Provider International Telecommunication Union Stored keys can be viewed by the government The US government in particular requires key storages to prevent crimes being covered up through data encryption Local Area Network bintec R200 Serie LAPB Last access Layer 1 LCD LCP LDAP Lease Time Leased Line LLC Local exchange Loudspeaker MAC Address Man in the Middle Attack MD5 MFC MIB Microphone mute Link Access Procedure Balanced The last access by T Service is stored and displayed in the configur ation Layer 1 of the ISO OSI Model the bit transfer layer Liquid Crystal Display a screen in which special liquid crystal is used to display information Link Control Protocol Lightweight Directory Access Protocol The Lease Time is the time a computer keeps the IP address as signed to it without having to talk to the DHCP server Leased line Link Layer Control Switching node of a public local teleph
14. Trademarks funkwerk trademarks and the funkwerk logo bintec trademarks and the bintec logo artem trademarks and the artem logo elmeg trademarks and the elmeg logo are registered trademarks of Funkwerk En terprise Communications GmbH Company and product names mentioned are usually trademarks of the companies or manufacturers concerned Copyright All rights reserved No part of this manual may be reproduced or further processed in any way without the written consent of Funkwerk Enterprise Communications GmbH The documentation may not be processed and in particular translated without the consent of Funkwerk Enterprise Communications GmbH You will find information on guidelines and standards in the declarations of conformity under www funkwerk ec com How to reach Funkwerk Enterprise Communications GmbH Funkwerk Enterprise Communications GmbH Stidwestpark 94 D 90449 Nuremberg Germany Phone 49 180 300 9191 0 Fax 49 180 300 9193 0 Funkwerk Enterprise Communications France S A S 6 8 Avenue de la Grande Lande F 33174 Gradignan France Phone 33 5 57 35 63 00 Fax 33 5 56 89 14 05 Internet www funkwerk ec com Table of Contents Chapter 1 IntrOdUCtiOn gt k so fae ek SS eae ee ee RY Ge ee 1 Chapter 2 About this guide 0 o e 3 Chapter 3 Installation o o o oo e 6 3 1 Setting Up and Connecting 6 3 2 Cleaning sos ses 2 ke Ae ee A a Ye ae 8 3 3 S
15. WPA PSK WPA Preshared Key e WPA Enterprise 802 11i TKIP Only if Security Mode WEP 40 WEP 104 Select one of the keys configured in WEP Key lt 1 4 gt as the default key The default value is Key 1 Transmit Key Only if Security Mode WEP 40 WEP 104 Select one of the keys configured in WEP Key lt 1 4 gt as the default key The default value is Key 1 WEP Key 1 4 Only if Security Mode WEP 40 WEP 104 11 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description Enter the WEP key Enter a character string with the right number of characters for the selected WEP mode For WEP 40 you need a string of 5 characters WEP 104 13 characters For example hello for WEP 40 funkwerk wepl1 for WEP 104 WPA Mode Only if Security Mode WPA PSK and WPA Enterprise Select whether you want to use WPA with TKIP encryption or WPA 2 with AES encryption or both Possible values WPA and WPA 2 default value WPA and WPA 2 can be used e WPA Only WPA is used e WPA 2 Only WPA2 is used WPA Cipher Only for Security Mode wPA PSK and WPA Mode wPA and WPA and WPA2 Select the type of encryption you want to apply to WPA Possible values e TKIP default value TKIP is used e AES AES is used e ADS and TKIP AES or TKIP is used WPA2 Cipher Only for Security Mode wPA PSk and WPA Mode wPA2 and WPA and WPA2 Select the type of encryption you want to apply to WPA2 Possible va
16. e System amp Accounting default value e System e Accounting bintec R200 Serie 19 2 IP Accounting In modern networks information about the type and number of data packets sent and re ceived over the network connections is often collected for commercial reasons This inform ation is extremely important for Internet Service Providers that bill their customers by data volume However there are also non commercial reasons for detailed network accounting If for example you manage a server that provides different kinds of network services it is useful for you to know how much data is generated by the individual services Your device contains the IP Accounting function which enables you to collect a lot of useful information about the IP network traffic each individual IP session 19 2 1 Interfaces In this menu you can configure the IP Accounting function individually for each interface bintes R232bw oars Sep Waa view 20 pe per page TP Fiterin None equal ci Go IP Accounting 3 w E Select all Deselect all M1 ent 0 oO S n 12 ens 0 oOo 3 ethoas0 0 CE L L Paga 4 tems 153 q ok a Cancel Fig 141 External Reporting gt IP Accounting gt Interfaces In the External Reporting gt IP Accounting gt Interfaces menu a list of all interfaces configured on your device is shown For each en
17. 10 1 1 Interfaces In the LAN gt IP Configuration gt Interfaces menu the available IP interfaces are listed You can edit the IP configuration of the interfaces or create virtual interfaces for special ap plications Interfaces are also listed here once you have created them in the subsystems wireless networks bridge links and then set them to routing mode in the System Man agement gt Interface Mode Bridge Groups gt Interfaces menu Use the FA to edit the settings of an existing interface bridge groups Ethernet interfaces in routing mode You can use the New button to create virtual interfaces However this is only needed in special applications e g BRRP Depending on the option selected different fields and options are available All the config uration options are listed below The default setting for all existing interfaces of your device is routing mode The interface en1 0 is pre configured with IP address 192 168 0 254 and netmask 255 255 255 0 Example of subnets If your device is connected to a LAN that consists of two subnets you should enter a second IP Address Netmask The first subnet has two hosts with the IP addresses 192 168 42 1 and 192 168 42 2 for example and the second subnet has two hosts with the IP addresses 192 168 46 1 and 192 168 46 2 To be able to exchange data packets with the first subnet your device uses the IP address 192 168 42 3 for example and 192 168 46 3 for the seco
18. Description Enter a description for this XAuth profile bintec R200 Serie 14 VPN Funkwerk Enterprise Communications GmbH Field Description Role Select the role of the gateway for XAuth authentication Possible values e Server default value The gateway requires a proof of au thorisation e Client The gateway provides proof of authorisation Mode Only if Role Server Select how authentication is carried out Possible values e RADIUS default value Authentication is carried out via a Ra dius server This is configured in the System Management gt Remote Authentication gt RADIUS menu and selected in the RADIUS Server Group ID field e Local Authentication is carried out via a local list Name Only if Role Client Enter the authentication name of the client Password Only if Role Client Enter the authentication password RADIUS Server Group Only if Role Server ID Select the desired RADIUS group configured in System Man agement gt Remote Authentication gt RADIUS Users Only for Role Server and Mode Local If your gateway is configured as an XAuth server the clients can be authenticated via a locally configured user list Define the members of the user group for this XAUTH profile by enter ing the authentication name of the client Name and the au thentication password Password Add new members with Add 14 1 5 IP Pools In the IP Pools menu a list of all IP pools is displ
19. Enabled WLAN aeration Mode Select one El Administration Operation Band 24 GHz In Outdoor onam my 3 Transmit Power Max Y Performance Settings Fi E E i aE Wireless Mode 802 11 mixed Burst Mode f i Benabied i j p i Advanced Settings 7 an Period 100 i y T ie E DTM Period a RTS Threshold Tama off Em Short Retry Limit Eo F E Long Retry Limit ie Fragmentation Threshold 2346 Bytes haz Receive Lifetime 512 ms na Max Transmit MSDU Lifetime Ez 7 ms a C ok C cme D Fig 47 Wireless LAN gt WLANx gt Radio Settings gt The Wireless LAN gt WLANx gt Radio Settings gt p menu consists of the following fields Fields in the Radio Settings WLAN Settings menu Field Description Wireless module Select whether you want to enable the wireless module The function is enabled by choosing Enabled The function is disabled by default Operation Mode Define whether your device is to be run as an Access Point Operation Band Displays the operation band and usage area of the access point Possible values bintec R200 Serie 11 Wireless LAN Funkwerk Enterprise Communications GmbH Field Description e 2 4 GHz In Outdoor default value The access point is run within or outside buildings Channel Enter the channel to be used The number of channels you can selected depends on the country setting Please consult the data sheet for your device Possible v
20. Enter the name with which configuration file is to be transferred to the TFTP server Fields in the Time Schedule Select time interval menu 17 Local services Funkwerk Enterprise Communications GmbH Field Description Time Condition First select the type of time entry in Condition Type Possible values e Weekday In Condition Settings select a weekday e Periods default setting In Condition Settings select a particular period e Day of Month In Condition Settings select a particular day of the month Possible values for Condition Settings with Condition Type Weekday Monday default value Sunday Possible values for Condition Settings with Condition Type Periods e Daily The initiator becomes active daily default value e Monday Friday The initiator becomes active daily from Monday to Friday e Monday Saturday The initiator becomes active daily from Monday to Saturday e Saturday Sunday The initiator becomes active on Sat urdays and Sundays Possible values for Condition Settings with Condition Type Day of the month dare eile Start Time Enter the time from which the initiator is to be activated Activa tion is carried on the next scheduling interval the default value of this interval is 55 seconds Stop Time Not if Select Action Reboot Device Enter the time from which the initiator is to be deactivated De activation is carried on the next scheduling interval If you d
21. Start Time Duration Page 1 Fig 153 Monitoring gt ISDN Modem gt Call History Values in the list Call History Field Description Displays the serial number of the ISDN connection Service Displays the service to or from which the call was connected PPP IPSEC X 25 POTS Remote Number Displays the number that was dialled in the case of outgoing calls or from which the call was made in the case of incoming calls Interface Displays additional information for PPP connections Direction Displays the send direction Incoming Outgoing Charge Displays the costs of the connection Start Time Displays the time at which the call was made or received Duration Displays the duration of the connection 20 4 Interfaces bintec R200 Serie 20 4 1 Statistics In the Monitoring gt Interfaces gt Statistics menu the current values and activities of all device interfaces are shown bintee R2S2bw EEE Statistics Show Transfer Totals v Automatic Refresh Interval 60 Seconds Apply View 0 per page JL Fiter in None v equal xf Go Description Type Tx Packets Tx Bytes Tx Errors Rx Packets Rx Bytes RxErrors Status Unchanged for Action 1 ent 0 Ethernet 11 36K 11 78M 0 112 88K 11 52M 0 27d22h36m56s 0 2 lens 0 Ethemetlo o bo bo bo o 27o2h36m58s TB 3 ethoas0 0 Ethemet 0 lo o lo 9 lo 2
22. ample look like this 00012345678906112345678 0001 t online de Wireless LAN only bintec R230aw and bintec R232bw You can operate your device as an access point and therefore connect individual work sta tions e g laptops PCs with wireless card or wireless adapter by wireless connections to your local network via WLAN Wireless LAN and let them communicate with each other The Data for gateway configuration table shows the details that are needed to do this As data can be transmitted over the air in the WLAN this data can in theory be intercepted and read by any attacker with the appropriate resources Particular attention must therefore be paid to protecting the wireless connection Note the following e Follow the safety precautions when configuring your WLAN e Please also read Sicherheit im Funk LAN Security in Wireless LAN published by the Federal Office for Information Security see http www bsi bund de Data for the Wireless LAN configuration Access data Example value Your values Preshared key for WPA PSK without default Installation location of your system Germany Channel to be used for WLAN Hil Network name SSID for your without default WLAN Visibility of the SSID in the wireless not visible Access data Example value Your values network Security setting WPA PSK Company network connection To connect a remote network e g head office you need to know some data of the remote terminal that will
23. bintec R230aw net 1x Status 1x ADSL net 1x Status 1x ADSL net 1x WLAN 1x Status 1x ADSL Power consumption of the device 4 7 Watt 4 7 Watt 4 7 Watt Voltage supply 12 V DC 500 mA EU 12 V DC 500 mA EU 12 V DC 800 mA EU PSU PSU PSU Environmental require ments Storage temperature 20 to 70 20 to 70 20 to 70 Operating temperature 0 to 40 0 to 40 0 to 40 Relative atmospheric humidity 10 to 90 non condensing in operation 5 to 95 non condensing when stored 10 to 90 non condensing in operation 5 to 95 non condensing when stored 10 to 90 non condensing in operation 5 to 95 non condensing when stored Room classification Only use in dry rooms Only use in dry rooms Only use in dry rooms Available interfaces ADSL interface Internal ADSL modem for Annex A Internal ADSL modem for Annex B Internal ADSL modem for Annex A Serial interface V 24 Permanently installed supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Permanently installed supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Permanently installed supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Ethernet IEEE 802 3 LAN 4 port switch Permanently installed twisted pair only 10 100 mbps auto sensin
24. dresses You can search these databases to obtain information about individuals ITU T standards that define the format of the certificates and certific ate queries and their use Index Index 288 343 Mail Exchanger MX 294 76 135 356 357 364 366 1 2 3 257 A Access 309 ACCESS_ACCEPT 84 ACCESS_REJECT 84 ACCESS REQUEST 84 ACCOUNTING_START 84 ACCOUNTING_STOP 84 ACL Mode 127 Action 265 305 338 357 364 Action if Content Server not reachable 302 Action if license not registered 302 Active IPSec Tunnels 62 Active Sessions SIF RTP etc 62 Address 272 Address mode 108 189 Address Range 272 Address Type 272 Administrative Status 202 ADSL chipset 104 ADSL Logic 338 ADSL Mode 105 Alert service 348 Alive Check 87 215 221 358 All Multicast Groups 154 Allow deleting editing all routing entries 135 Allowed Addresses 127 Alternative interface to get DNS servers 284 Always Active 174 179 234 241 Funkwerk Enterprise Communications GmbH Always Active 164 169 Answer to client request 331 Apply QoS 265 ARP Processing 124 ATM PVC 174 ATM Service Category 192 Authentication 167 171 176 181 237 244 Authentication for PPP Dialin 93 Authentication Method 211 358 Authentication Password 327 Authentication Type 85 90 Autoconfig on Bootup 98 Autosave Mode 257 Back Route Verify 135 204 Based on Ethernet Interface 108 Beacon Period
25. face which is also called the E1 system Electronic Code Book mode Explicit Call Transfer This performance feature allows two external connections to be transferred without blocking the two B channels of the exchange connection Electronic mail Emergency numbers You urgently need to contact the policy fire brigade or another tele Encapsulation phone number To make things worse all the connections are busy However you have informed your PBX of the telephone numbers that need to be contactable in an emergency If you now dial one of these numbers it is recognised by the PBX and a B channel of the T ISDN is automatically freed up for your emergency call Emer gency calls are not subject to configuration restrictions If Calling with prefix plus code number is set for a a connection the internal connection is busy To make an external call first dial O and then the required emergency number Encapsulation of data packets in a certain protocol for transmitting the packets over a network that the original protocol does not dir ectly support e g NetBIOS over TCP IP Glossary Encryption Entry of external connection data ESP ESS Ethernet Ethernet connec tions Eumex Recovery Euro ISDN Eurofile transfer Exchange Exchange access right Extended redialling Extension Funkwerk Enterprise Communications GmbH Refers to the encryption of data e g MPPE In the ex works setting all ex
26. 11g enabled client If problems occur with older WLAN hardware this field should be set to disabled The Advanced Settingsmenu consists of the following fields 11 Wireless LAN Funkwerk Enterprise Communications GmbH Fields in the menu Advanced Seitings Field Description Beacon Period Enter the time in milliseconds between the sending of two beacons This value is transmitted in Beacon and Probe Response Frames Possible values are 1to 65535 The default value is 100 msec DTIM Period Enter the interval for the Delivery Traffic Indication Message DTIM The DTIM field is a data field in transmitted beacons that in forms clients about the window to the next broadcast or multic ast transmission lf clients operate in power save mode they come alive at the right time and receive the data Possible values are 1 to 255 The default value is 2 RTS Threshold Select how the RTS CTS mechanism is to be switched on off If you choose User Defined in the input field you can specify the data packet length threshold in bytes 1 2346 as of which the RTS CTS mechanism is to be used This makes sense if several clients that are not in each other s wireless range are run in one access point The mechanism can also be switched on off independently of the data packet length by selecting the value Always onor Always off default value Short Retry Limit Enter the maximum number of attempts to send a frame of length less tha
27. 12 2 2 Portforwarding In the Routing gt NAT gt Portforwarding menu a list of all NAT interfaces is shown for which portforwarding has been configured 12 2 2 1 New Choose the New button to set up portforwarding for other interfaces bintec R200 Serie yy ee ol Veer a de oe d Language English Online Help Express Setup Wizard NAT Interfaces Portforwarding Basic Parameters Interface None M Select traffic Senice User defined Y Protocol Any v Corresponding NAT entry for outgoing connection C Enabled External IP Address Auto C Oe 3 255 255 255 255 Remote Network C Enabled E ME Forward to idan hho P Address F Original m F C OK JC Cancel Destination Port Fig 54 Routing gt NAT gt Portforwarding gt New The Routing gt NAT gt Portforwarding gt New menu consists of the following fields Fields in the Portforwarding Basic Parameters menu Field Description Interface Select the interface for which portforwarding is to be configured Fields in the Portforwarding Select traffic Field Description Service Select the service for which address mapping is defined for in coming connections Possible values e User defined default value DNS UDP DNS TCP FTP HTTP HTTPS AS bintec R200 Serie Field Description INN O ROS STE ESSE e TELNET Protocol Only if Services User defined Select th
28. 19 1 Syslog 2 249 Gh ee ed A Pa Be A 342 19 1 1 Syslog Servers 2 342 19 2 IP ACCOUMTIAG t le A e las 345 19 2 1 Interfaces a 345 19 2 2 Optionsat La Wag dd as a ds SY ee de ae 346 19 3 E mailalert ve xo Sr 4 oe ae ee a a Pe a oa Pe SE 347 19 3 1 E mail Alert Server aaa ee 347 19 3 2 E mail Alert Receiver 2 2 2 a 349 19 4 SNMP aonana o hr tee ee Sta ge EE Ae acta AN IA ROR 351 19 4 1 SNMP Trap Options aoa a aa a a 351 19 4 2 SNMP TrapiHOSstss 00 ine a oh Gk ee ds re ce eS 352 19 5 Activity Monitor 6 ee ee ee ee 353 19 5 1 OPNS aii kb eke Pee Pane tA Ee ts A es 354 Chapter 20 MON itOring ca ice eek Ace ee a e EE 356 20 1 Internal OG se eS esi ap Re alc tte a EE Ae ee eo eae 356 viii bintec R200 Serie 20 1 1 System messages 356 20 2 Pa a cee te a ae eee O da anei ii 357 20 2 1 IPSec Tunnels 2 esi o a ed es la re Ge 357 20 2 2 IPSec Siatistics 4 2 5 4 Sa hae eo Bae ae Ea 359 20 3 ISDN Modem 2 1 ee a 361 20 3 1 Gutrent Galls 2 0 84 04 lesa wae ee eB ta A og 361 20 3 2 Call History 2224 hisp wee ee def on fete bo eR E 363 20 4 Interfaces Gri 2 8 els A A A ele Ses 2 363 20 4 1 Statistics aon 24 AA hls ae Sed AE A Sigh Sige See 364 20 5 WLAN in te ote cl ae ok fe a Ae oe en fe se 365 20 5 1 WIEANT oe ik ee Ok ea A Oe Oe N 365 20 5 2 VSS me ace Aone A A te Ba ee eo te 367 20 6 BROS da Bh ee Soe SS eG BE
29. 5 ETH Ethernet interface 6 ADSL ADSL interface 7 ISDN ISDN interface bintec R232bw has a 4 port Ethernet switch an ADSL interface and also a serial interface bintec R232bw also has a separate ETH DMZ port and an ISDN interface The connections are arranged as follows PWR ADSL ISDN Main ron Console 8 1 Fig 11 bintec R232bw rear panel bintec R232bw rear panel 1 Reset Reset button 2 PWR Socket for plug in power pack 3 Console Serial Interface 4 4 3 2 1 10 100 Base T Ethernet interface 5 ETH Ethernet interface 6 ADSL ADSL interface 7 ISDN ISDN interface 8 Main AUX RSMA connection 6 5 Pin Assignments 6 5 1 Serial Interface Your device has a serial interface for connection to a console This supports Baud rates from 1200 to 115200 Bps The interface is designed as a 5 pole mini USB socket Fig 12 5 pole mini USB socket The pin assignment is as follows Pin assignment of the mini USB socket Not used TxD RxD Not used GND a fF N 6 5 2 Ethernet interface The devices have an Ethernet interface with integrated 4 port switch This is used to con nect individual PCs or other switches The connection is made via an RJ45 socket bintec R232a bintec R232b and bintec R232bw also have a fifth Ethernet interface bintec R200 Serie Fig 13 Ethernet 10 100 Base T interface RJ45 socket The pin assignment for the Ethernet 10 100
30. Dynamic get DNS servers Select the interface to which a connection is set up for name server negotiation if other name resolution attempts were not successful The default value is Automatic i e a one time connection is set up to the first suitable connection partner configured in the system IP Address to use for As DHCP Server DNS WINS Server As signment Select which name server addresses are sent to the DHCP cli ent if your device is used as DHCP server Possible values e None No name server address is sent e Own IP Address default value The address of your device is transferred as the name server address e Global DNS Setting The addresses of the global name servers entered on your device are sent As IPCP Server Select which name server addresses are to be transmitted by your device in the event of dynamic server name negotiation if your device is used as the IPCP server for PPP connections Possible values e None No name server address is sent e Own IP address The address of your device is transferred Field Description as the name server address e Global DNS Setting default value The addresses of the global name servers entered on your device are sent 17 1 2 Static Hosts In the Local Services gt DNS gt Static Hosts menu a list of all configured static hosts is shown 17 1 2 1 New Choose the New button to set up new static hosts gia las al iem jE i Langu
31. Dynamic Host Configuration Protocol server Your device and each PC in your LAN requires its own IP address One option for allocat ing IP addresses in your LAN is the Dynamic Host Configuration Protocol DHCP If you configure your device as a DHCP server the device automatically assigns IP addresses to requesting PCs in the LAN from a predefined IP address pool A PC sends out an ARP re quest and in turn receives its IP address assigned by your device You therefore do not need to allocate fixed IP addresses to PCs which reduces the amount of configuration work in your network To do this you set up a pool of IP addresses from which your device assigns IP addresses to hosts in the LAN for a defined period of time A DHCP server also transfers the addresses of the domain name server entered statically or by PPP negotiation DNS NetBIOS name server WINS and default gateway 17 3 1 DHCP Pool To activate your device as a DHCP server you must first define IP address pools from which the IP addresses are distributed to the requesting clients In the Local Services gt DHCP Server gt DHCP Pool menu a list of all configured IP ad dress pools is shown In the list for each entry you have the possibility under Pool of enabling or disabling the configured DHCP pools 17 3 1 1 New Choose the New button to set up new IP address pools Choose the icon to edit exist ing entries bintec R232bw Language English On
32. Entries 64 Maximum Number of Accounting Log Entries 64 Maximum Number of Dialup Retries 167 171 176 181 Maximum number of history entries 302 Maximum number of IGMP status mes sages 156 159 Maximum number of messages per minute 348 Maximum Number of Syslog Entries 64 Maximum Response Time 156 Maximum Retries 232 Maximum sources 159 Maximum Time between Retries 232 Maximum TTL for Negative Cache Entries 284 Maximum TTL for Positive Cache Entries 284 Maximum upstream bandwidth 105 Maximum Upstream Speed 199 Mbps 365 Members 271 277 Memory Usage 62 Message 356 Message Compression 349 Message Timeout 349 Messages 358 Metric 130 Metric Offset for Active Interfaces 146 Metric Offset for Inactive Interfaces 146 Minimum Time between Retries 232 Mode 132 135 156 159 207 211 223 253 Mode Bridge Group 76 Monitored Interface 319 320 Monitored interfaces 324 354 Monitored IP Address 316 318 MSDUs that could not be transmitted 366 MSN 102 MSN Recognition 102 MTU 249 358 Multicast Group Address 154 Multicast MSDUs received successfully 366 Multicast MSDUs transmitted success fully 366 N Name 223 NAT Active 136 NAT Detection 358 NAT Traversal 215 Negative Cache 284 Netmask 130 146 189 190 235 327 Network Name SSID 124 Funkwerk Enterprise Communications GmbH Network Type 130 New Date 69 New Filename 338 New Time 69 Node Name 327
33. IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options N o ooo EAS Wireless LAN AS z Description iPSext A AAA L WAN Encryption Authentication Enabled E AES MD5 vi sec Proposals AES vl IMDS io eat AES MDs o enabled i Use PFS Gi pee Ectificate e O 1 768 Bit 2 1024 Bit O 5 1536 Bit Firewall iss gt aaa e tea cl Ne Em 7 Lifetime 7200 Seconds 0 kBytes WBa TT a Advanced Settings External Reporting y ecainaression Denabied Alive Check Autodetect Y E Propagate PMTU Menabted E L C OK __Cancel_ Fig 79 VPN gt IPSec gt Phase 2 Profiles gt New The VPN gt IPSec gt Phase 2 Profile gt New menu consists of the following fields Fields in the Phase 2 Profile Phase 2 IPSEC Parameters menu Field Description Description Enter a description that uniquely identifies the profile The maximum length of the entry is 255 characters Proposal In this field you can select any combination of encryption and message hash algorithms for IKE phase 2 on your default The combination of six encryption algorithms and two message hash algorithms gives 12 possible values in this field Encryption algorithms Encryption e 3DES default value 3DES is an extension of the DES al gorithm with an effective key length of 112 bits which is rated as secure lt is the s
34. Query Interval 156 R RA Encrypt Certificate 253 RA Sign Certificate 253 RADIUS Dialout 87 Radius Secret 85 RADIUS Server Group ID 223 Receive Version 143 Received DNS Packets 291 Received MPDU that couldn t be de crypted 366 Index Recent System Logs 63 Recipient 349 Region 128 Remote GRE IP Address 249 Remote Hostname 230 Remote ID 358 Remote IP Address 231 357 Remote IP Address Netmask 138 Remote network 138 Remote Networks 357 Remote Number 362 363 Remote Port 358 Remote PPTP IP Address 171 241 Remote User for Dialin only 179 Response 286 Response interval last member 156 Result of Autoconfiguration 98 Retransmission Timer 149 Retries 87 RFC 2091 Variable Timer 147 RFC 2453 Variable Timer 147 RIP UDP Port 147 Robustness 156 Role 223 Route Announce 143 Route Entries 166 170 175 180 202 235 242 249 Route Timeout 148 Route Type 130 RSA Key Status 81 RTS frames with no CTS received 366 RTS Threshold 120 RTSP Port 280 RTSP Proxy 280 Rx Bytes 364 Rx Errors 364 Rx Packets 364 365 367 369 S SCEP URL 253 Schedule start stop time 305 Schedule Interval 315 Secondary 283 283 Index Secondary DHCP Server 301 Secondary Time Server 69 Security Algorithm 357 Security Mode 125 Segment Pending Requests 195 Segment Send Interval 195 Select Action 312 Select File 338 Select Interface 312 Selection 273 Send Certificate Chains 2
35. Sets the status of the entry to Inactive Sets the status of the entry to Active Indicates Dormant status for an interface or connection Indicates Up status for an interface or connection Indicates Down status for an interface or connection Indicates Blocked status for an interface or connection Indicates Going up status for an interface or connection Indicates that data traffic is encrypted Triggers a WLAN bandscan Displays the next page in a list Displays the previous page in a list You can select the following operating functions in the list view Funkwerk Configuration Interface list options Update Interval Filter Here you can set the interval in which the view is to be updated To do this enter a period in seconds in the input field and con You can have the list entries filtered and displayed according to Funkwerk Enterprise Communications GmbH 7 Access and configuration certain criteria You can determine the number of entries displayed per page by entering the required number in View x per Page Use the and buttons to scroll one page forward and one page back You can filter according to certain keywords within the configur ation parameters by selecting the filter rule you want under Fil ter in x lt Option gt y and entering the search word in the input field go starts the filter operation Configuration elements Some lists contain configuration elements You can th
36. The default value is 300 Authentication Select the authentication protocol for this PPTP partner Possible values e PAP CHAP MS CHAP default value Give priority to CHAP if refused use the authentication protocol requested by the PPTP partner MSCHAP version 1 or 2 possible e PAP Only run PAP PPP Password Authentication Protocol the password is transferred unencrypted CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e MS CHAPv2 Run MS CHAP version 2 only Encryption If necessary select the type of encryption that should be used for data traffic to the connection partner This is only possible if STAC or MS STAC compression is not activated for the con nection If Encryption is set the remote terminal must also sup port it otherwise a connection cannot be set up Possible values e None MPP encryption is not used Enabled default value MPP encryption V2 with 128 bit is used to RFC 3078 e Windows compatible MPP encryption V2 with 128 bit is used as compatible with Microsoft and Cisco This setting is as a rule only needed for older Windows versions than Win dows XP LCP Alive Check Check whether the availability of the remote terminal is to be checked by sending L
37. To run the event scheduler the date configured on your device must be 1 1 2000 or later 17 6 1 Schedule In the Local Services gt Scheduling gt Schedule menu a list of all scheduled tasks is shown 17 6 1 1 New Choose the New button to set up new tasks bintec R200 Serie di j TAI A Language English E T rear Save configuration Time Schedule Options TE Basic Parameters WirelessLAN v Description A action O 6 Select action Reboot device y mo a EAE 3 Condition Type Condition Settings PR o aaa aamen Ta i O weekday Hoe a decano o n S ETE Periods A O Day of Month aily DynDNS Client F DHCP Server SJ Start Time Hour Minute erver Scheduling Surveillance C oK JA Cancel ISDH Theft Protection Funkwerk Discovery Fig 121 Local Services gt Scheduling gt Time Schedule gt New The Local Services gt Scheduling gt Schedule gt New menu consists of the following fields Fields in the Time Schedule Basic Parameters menu Field Description Description Enter the desired name for the scheduled task Fields in the Time Schedule Action menu Field Description Select Action Select the desired action Possible values e Reboot Device default value Your device is rebooted e Activate Interface The interface defined in the Select Interface field is activated e Deactivate
38. a Windows PC Proceed as follows to log in on your device via SSH UNIX 1 Enterssh lt IP address of the device gt ina terminal The login prompt window appears This is located in the SNMP shell of the device 2 Continue with Logging in on page 41 Windows 1 How an SSH connection is set up very much depends on the software used Consult the documentation for the program you are using As soon as you have connected to the device the login prompt window will appear You are now in the SNMP shell of your gateway 2 Continue with Logging in on page 41 Cz Note PuTTY requires certain settings for a connection to a bintec device The support pages of http www funkwerk ec com include FAQs which list the required settings 71 2 Access via the Serial Interface Each bintec gateway has a serial interface with which a PC can be connected directly The following chapter describes what you have to remember when setting up a serial con nection and what you can do to configure your device in this way Access via the serial interface is ideal if you are setting up an initial configuration of your device and a LAN access is not possible via the pre configured IP address 192 168 0 254 255 255 255 0 Windows To connect your device to your PC via the serial interface proceed as described in nstalla tion on page 6 The Quick Install Guide is included with your device in printed form and is also on the Companion CD If
39. bintec R200 Serie 17 72 1 Edit New Choose the pl icon to edit existing entries Choose the New button to set up monitoring for other interfaces bintes R232bw Basic Parameters Monitored interface Select one El Cra e Y Trigger Interface goesup Y Interface Action Enable S Interface i Select one al E C OK C Cancel __ DUS a mes DynDNS Cent DHCP Server __ Web Filter CAPI Server Scheduling Surveillance ISDH Theft Protection E Funkwerk Discovery UPnP Fig 126 Local Services gt Monitoring gt Interfaces gt New The Local Services gt Monitoring gt Interfaces gt New menu consists of the following fields Fields in the Interfaces Basic Parameters menu Field Description Monitored Interface Select the interface on your device that is to be monitored Trigger Select the state or state transition of Monitored Interfaces that is to trigger a particular Interface Action Possible values e Interface goes up default setting e Interface goes down Interface Action Select the action that is to follow the state or state transition bintec R200 Serie Field Description defined in Trigger The action is applied to the Interface s selected in Interface Possible values e Enable default value Activation of interface s e Disable Deactivation of interface s Interface Selec
40. bintec R232bw Ethernet IEEE 802 3 LAN 4 port switch Permanently installed twisted pair only 10 100 mbps auto Permanently installed twisted pair only 10 100 mbps auto Permanently installed twisted pair only 10 100 mbps auto sensing MDIX sensing MDIX sensing MDIX ISDN WAN SO Permanently installed Permanently installed Permanently installed ETH Additional Ethernet Additional Ethernet Additional Ethernet switch port switch port switch port WLAN interface antennas 802 11b and 802 11g with Antenna Diversity Data rates 1 2 5 5 6 9 11 12 18 24 36 48 54 mbps 1 2 5 5 6 9 11 12 18 24 36 48 54 mbps Available sockets Serial interface V 24 5 pole mini USB socket 5 pole mini USB socket 5 pole mini USB socket Ethernet interface RJ45 socket RJ45 socket RJ45 socket ISDN interface RJ45 socket RJ45 socket RJ45 socket ADSL interface RJ11 socket RJ11 socket RJ11 socket Standards amp Guidelines R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states SAFERNET TM Se curity Technology Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Call back Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP
41. 1 Profiles I A 209 Phase 2 Profiles a e 217 XAUTH Profiles e e 222 IP POOS io LN ao A a Bea lel ee Aa 225 Options ax 248 ek TA A A A A E 226 LOT gen se ee Aa ee St ts Rk nt fee te Fe ee ee tates 229 Tunnel Profiles aces 2 eye eae ts aK ok Be So a a 230 USC 2 0 o thd don ti Most tht eden o dde de M 233 Options A a a o dd 239 PREP seta A AAA E AS A A 240 PPRP UNNE Pe 40 te Us A Se Be A 240 ODplONS lt P A AAA DAS te 247 ll O ah 8 te ae as 248 GRE ATUnNeIS olaa a se ae he e SB Pee hte nad 248 Certificates 620 See A eae De ee ae OE er te eg bee 250 Certificate liSt gt 22210 le e ie rd a e be Sn nk amp 250 14 5 2 14 5 3 Chapter 15 15 1 15 1 1 15 1 2 15 1 3 15 2 15 2 1 15 3 15 3 1 15 3 2 15 4 15 4 1 15 4 2 Chapter 16 16 1 16 1 1 16 2 16 2 1 Chapter 17 171 17 1 1 17 1 2 17 1 3 17 1 4 CRES tr A ee Sie ee ens 259 Certificate Servers 1 k oaaae a p 260 Firewall les 22 48 a 58 48 ee ced a as a 262 Policies i eek ah hale Be Se By Ste BOR BS whe BO he i 263 Filterrules zs 6 05 0 047 a do OE Ae A ee a a 264 QS tii are Se BAN Sel a matali foes Mat sola al E ea 267 Options rra ae aca teen os ee Seta aa 269 Interfaces aude A aE ple Bk Ses 270 GIOUPS A Ait ie phi teeth MOIS AN 271 Addresses o ta xe A ice Ce OR a A a a a
42. 1 User names and passwords in ex works state 42 72 2 Logging in for Configuration 2 2 42 73 Configuration options 2 0 43 73 1 Express Setup Wizard for beginners 44 73 2 Funkwerk Configuration Interface for advanced users 44 73 3 SNMP SHO c roa coc aa a ee 58 74 BOOTMONIOR echo o A A 58 Chapter 8 System Management o 61 8 1 A A ae a 61 8 2 Global Settings sorae ao 4 oh a ee Maes ee Ee ee ee A 64 8 2 1 System oo a we a ek A A ita ee SES 64 8 2 2 Passwords coi fk ae ay et she en ee he ete Ge gs 66 8 2 3 Date and Time 2 a 6 2 ee ee ee 67 bintec R200 Serie 8 2 4 System Licences 2 e 72 8 3 Interface Mode Bridge Groups 2 a 74 8 3 1 Interfaces an kA atada e Re e id Gb ee ee al 75 8 4 Administrative Access o aoao 77 8 4 1 ACCESS A 49 ce 2 ake a a A A ee Bhs News ae nh A eee Sa 77 8 4 2 SSH yo u taht at Bathe BO ed 78 8 4 3 SNMP o oo o had BO tage ct a at BAP bh aa e t 82 8 5 Remote Authentication gt s lt a sea co a a ie AT as 83 8 5 1 RADIUS cee sy a OS OS lA Y a OE 83 8 5 2 TACACS ETAS fh a a tl W Ase 89 8 5 3 Options see 2 65 lts BD rt dk Rd et ts Geaa hh 92 Chapter 9 Physical interfaces o o 94 9 1 Ethernet PONS ici we On ii O do A A Ce a A e i 94 9 1 1 Port Configuration o
43. 104 Bit WEP key e For the transfer of highly security critical information Security Mode wPa Enterprise should be configured with WPA Mode WPA 2 This method contains hardware based encryption and RADIUS authentication of the client In special cases combination with IPSec is possible e Restrict WLAN access to permitted clients Enter the MAC addresses of the wireless net work cards of these clients in the Permitted Addresses list in the MAC Filter menu see Fields in the menu MAC Filter on page 127 In the Wireless LAN gt WLANx gt Wireless Networks VSS menu a list of all WLAN networks shown 11 1 2 1 Virtual Service Sets gt Edit New Choose the eo icon to edit existing entries Choose the New button to configure other wire less networks r 7 4 fers Express Setup Wizard aea stia Language English a E Online Help bintec R232bw 2 Radio Settings Virtual Service Sets Service Set Parameters Network Name SSID Funkwerk ec visible Intra cell Repeating l i Enabled z 7 ARP Processing DEnabled Security Settings Security Mode Inactive v MAC Filter ACL Mode DEnabted Allowed Addresses Mac Adress Add J 4 oK I Cancel d Fig 48 Wireless LAN gt WLANx gt Virtual Service Sets gt gt New The Wireless LAN gt WLANXx gt Virtual Service Sets gt 1p gt New menu consists of the following fields Fields in the Virtual Servic
44. 13 WAN Funkwerk Enterprise Communications GmbH Field Description The function is enabled by default Local IP Address Only if IP Address Mode Static Enter the static IP address you received from your provider Route Entries Only if IP Address Mode Static Define other routing entries for this connection partner Add a new entry with Add e Remote IP Address IP address of the destination host or LAN e Netmask Netmask of Remote IP Address e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Block after Connection Enter the wait time in seconds before the device should try Failure for again after an attempt to set up a connection has failed The de fault value is 60 Maximum Number of Di Enter the number of unsuccessful attempts to setup a connec alup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Authentication Select the authentication protocol for this Internet connection Select the authentication specified by your provider Possible values e PAP default value Only run PAP PPP Password Authentica tion Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 the password is transferr
45. 17 7 1 Hosts In the Local Services gt Monitoring gt Hosts menu a list of all monitored hosts is shown bintes R232bw EPPS Hosts Interfaces l Ping Generator Group ID Monitored IP Address status _ Interface Action Interface are 00 0 0 0 0 0 Disable ethoa50 0 ma L A Al __ ISDN Theft Protection Funkwerk Discovery Fig 123 Local Services gt Surveillance gt Hosts Values in the list Hosts bintec R200 Serie Field Description Group ID Shows the chosen group ID Monitored IP Address Shows the IP address to be monitored State Displays the operating state of the monitored IP address Interface Action Shows the chosen interface action Interface Shows the interface to which the chosen interface action should be applied 17 71 1 Edit New Choose the pl icon to edit existing entries Choose the New button to set up new surveil lance tasks servers oma leila 4 t F a ey Language English Online Help Express Setup Wizard Fal bintec R232bw h Save configuration dl Hosts Interfaces Ping Generator Host Parameters Group ID 0 Trigger Monitored IP Address pooo Source IP Address Automatic interval ho Seconds Trials a J DynDNS Client Interface Interface Action E DHCP Server______ Controlled Interfaces ethoa50 0 Mi Disable Y Add oK Cancel ISDH Theft Protection
46. 8 bintec R230a bintec R230b rear panel bintec R200 Serie Funkwerk Enterprise Communications GmbH 6 Technical data bintec R230a bintec R230b rear panel Reset button Socket for plug in power pack Serial Interface 10 100 Base T Ethernet interface 1 Reset 2 PWR 3 Console 4 4 3 2 1 6 ADSL ADSL interface bintec R230aw has a 4 port Ethernet switch an ADSL interface and also a serial interface The connections are arranged as follows PWR ADSL 4 3 2 1 Main AUX Reset Console O 8 1 2 3 4 4 4 4 6 8 Fig 9 bintec R230aw rear pane bintec R230aw rear panel 1 Reset Reset button 2 PWR Socket for plug in power pack 3 Console Serial Interface 4 4 3 2 1 10 100 Base T Ethernet interface 6 ADSL ADSL interface 8 Main AUX RSMA connection bintec R232a and bintec R232b have a 4 port Ethernet switch an ADSL interface and also a serial interface bintec R232a and bintec R232b also have a separate ETH DMZ port and an ISDN interface The connections are arranged as follows 6 Technical data Funkwerk Enterprise Communications GmbH PWR ADSL ISDN eel A 4 4 4 4 5 6 7 Fig 10 bintec R232a bintec R232b rear panel bintec R232a bintec R232b rear panel 1 Reset Reset button 2 PWR Socket for plug in power pack 3 Console Serial Interface 4 4 3 2 1 10 100 Base T Ethernet interface
47. BF ee g 370 20 6 1 MOS ea eda an A we a ae TREY ee 8 370 Glossary i a e S a a a a M 371 index co ee Seca ee ee iia 412 bintec R200 Serie X bintec R200 Serie Funkwerk Enterprise Communications GmbH 1 Introduction Chapter 1 Introduction The powerful gateways bintec R230a bintec R230b bintec R230aw bintec R232a bintec R232b and bintec R232bw enable you to connect small networks and your indi vidual workstation or small company to the Internet and other partner networks e g to a corporate network at low cost Safety notices The safety precautions which are supplied with your device tell you what you need to take into consideration when using your bintec gateway Installation How to connect your device is shown in Setting Up and Connecting on page 6 This chapter also tells you what preliminary tasks are necessary for configuration Configuration How to get your device running is explained in Basic configuration on page 9 There we show you how to start up your device within a few minutes from a Windows PC with the help of a Configuration Wizard and how to install other useful online assistants At the end of the chapter you will be in a position to surf the Internet send or receive e mails and set up a connection to a partner network to access data at your company head office for ex ample Password If you are already familiar with configuring bintec devices and want to get started right away all you
48. Ethernet Interface 100 mbps or 10 mbps ETH on The device is connected to the Ethernet flashing Data traffic via the Ethernet interface ADSL on ADSL connection is active ISDN on One B channel is in use flashing Both B channels are in use The LEDs on bintec R232bw are arranged as follows 12 3 4 Power O lt se ee ee ee ee ADSL Status O 10BT0 0 0 6 ETH O ISDN O Fig 7 LEDs of bintec R232bw In operation mode the LEDs on bintec R232bw display the following status information for your device LED status display LED State Information Power on The power supply is connected 1 D State Information State on The device has started flashing The device is active 1to4 on The device is connected to the Ethernet 100 mbps or 10 mbps flashing Data traffic via the Ethernet Interface 100 mbps or 10 mbps WLAN on The WLAN module is active flashing Data traffic via the WLAN interface ETH on The device is connected to the Ethernet flashing Data traffic via the Ethernet interface ADSL on ADSL connection is active ISDN on One B channel is in use flashing Both B channels are in use 6 4 Connections All the connections are located on the back of the device bintec R230a and bintec R230b have a 4 port Ethernet switch an ADSL interface and also a serial interface The connections are arranged as follows PWR 4 3 2 1 ADSL a O y lo l 2 3 4 4 4 4 6 1 Fig
49. GMT without offset The function is disabled by default Time requests from a client are not answered 8 2 4 System Licences This chapter describes how to activate the functions of the software licences you have pur chased The following licence types exist e Licences already available in the device s ex works state e Free extra licences e Extra licences at additional cost The data sheet for your device tells you which licences are available in the device s ex works state and which can also be obtained free of charge or at additional cost You can access this data sheet at www funkwerk ec com Entering licence data You can obtain the licence data for extra licences via the online licensing pages in the sup port section at www funkwerk ec com Please follow the online licensing instructions Please also note the information on the licence card for licences at additional cost You will then receive an e mail containing the following data e License Key and e Licence Serial Number You enter this data in the System Management gt Global Settings gt System Licenses gt New menu In the System Management gt Global Settings gt System Licenses menu a list of all re gistered licenses is shown Description License Type License Serial Number Status Possible values for Status Licence Meaning OK Subsystem is activated Not OK Subsystem is not activated Not Supported You have entered a licence for a subs
50. GmbH IP Address Assignment 202 IP Address Mode 166 170 175 180 235 242 IP Address Range 297 IP Address to use for DNS WINS Server Assignment 284 IP Assignment Pool 180 202 IP Assignment Pool IPCP 235 242 IP Compression 221 IP pool name 186 225 IP pool range 186 225 IPSec Phase 2 SAs 358 IPSec Phase2 360 IPSec Debug Level 226 IPSec Tunnels 360 ISDN Configtype 98 ISDN external use 62 ISDN Login 77 ISDN Port 102 ISDN Theft Protection Service 324 K Key Value 249 L Last Write Result 327 Layer 4 Protocol 132 LCP Alive Check 167 171 176 237 244 LDAP URL Path 260 Lease Time 298 Level 343 356 Licence Key 73 303 Licence Serial Number 73 License Status 303 License valid until 303 Lifetime 211 219 Local Certificate 211 Local Certificate Description 258 259 Local GRE IP Address 249 Local Hostname 230 LocalID 358 Index Local ID Type 211 Local ID Value 211 LocalIP 130 Local IP Address 166 170 175 180 202 232 235 242 249 358 Local Port 358 Local PPTP IP Address 171 Locality 64 255 Logged Actions 269 Logging Level 79 Long Retry Limit 120 Loopback End to End 195 Loopback Segment 195 MAC address 108 189 300 327 367 370 Management VID 114 Map to host 141 Matching String 349 Max Receive Lifetime 120 Max Transmit MSDU Lifetime 120 Max Clients 117 Maximum burst size MBS 192 Maximum groups 159 Maximum Message Level of Syslog
51. IP address or whether it should be assigned this dynamically Possible values e Get IP Address default value Your device is automatic ally assigned a temporarily valid IP address from the provider e Static You enter a static IP address Funkwerk Enterprise Communications GmbH 13 WAN Field Description Standard Route Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is enabled by default Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is activated with Enabled The function is enabled by default Local IP Address Only for IP Address Mode Static Assign an IP address from your LAN to the PPT interface which is to be used as your device s internal source address Route Entries Only if IP Address Mode Static Define other routing entries for this PPTP partner Add a new entry with Add e Remote IP Address IP address of the destination host or destination network e Netmask Netmask of Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced Settingsmenu consists of the following fields Fields in the menu Advanced Seitings Field Description Block after Connection Enter the wait time in seconds before the dev
52. ISDN Configtype e Running Detection is still running Port Usage Only if Automatic Configuration on Startup is disabled Select the protocol that you want to use for the ISDN port Possible values e None The ISDN connection is not used e Dialup Euro ISDN e Leased line ISDN Configtype Only if Autoconfig on Bootup is disabled and if Port Usage Dialup Euro ISDN Select the ISDN connection type Possible values e Point to Multipoint default value Point to multipoint connection Field Description e Point to point Point to point ISDN access The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description X 31 X 25 in D Chan nel X 31 TEI Value X 31 TEI Service Select whether you want to use X 31 X 25 in the D channel e g for CAPI applications The function is activated with Enabled The function is disabled by default Only if X 31 X 25 in D channel is enabled With the ISDN autoconfiguration the X 31 TEl is detected auto matically If the autoconfiguration has not detected TEI you can manually enter the value assigned by the exchange Possible values are 0 to 63 The default value is 1 for automatic detection Only if X 31 X 25 in D channel is enabled Select the service for which you want to use X 31 TEI Possible values e CAPI e CAPT Default e Packet Switch default value CAPI and CAPI Default are for using X 31 T
53. Interface The interface defined in the Se lect Interface field is deactivated e Activate WLAN The WLAN interface defined in the Select Interface field is activated bintec R200 Serie Funkwerk Enterprise Communications GmbH 17 Local services Field Description e Deactivate WLAN The WLAN interface defined in the Se lect Interface field is deactivated e Trigger software update A software update is initiated e Trigger configuration backup The backup of the device configuration to a TFTP server is initiated Select Interface Only if Select Action Activate Interface or Deactiv ate Interface or if Select Action Activate WLAN or Deactivate WLAN Select which interface is to be activated or deactivated Source Only if Select Action Trigger software update Select the desired source Possible values e Current software from Funkwerk server The latest software will be downloaded from the Funkwerk server e HTTP server The latest software will be downloaded from an HTTP server that you define in Update URL Update URL Only if Select Action Trigger software update and Source HTTP server Enter the name of the HTTP server from which you wish to download a configuration file TFTP server Only if Select Action Trigger Configuration Backup Enter the IP address of the TFTP server to which you wish to transfer a configuration file TFTP File Name Only if Select Action Trigger Configuration Backup
54. List gt p menu consists of the following fields Fields in the menu Field Description Description Name of the certificate key or request Certificate is CA Certific Mark the certificate as a certificate from a trustworthy certifica ate tion authority CA Certificates issued by this CA are accepted during authentica tion unless specified otherwise under Phase 1 Profiles The function is activated with True The function is disabled by default Certificate Revocation Only for Certificate is a CA certificate True List CRL Checking Define the extent to which certificate revocation lists CRLs are bintec R200 Serie 14 VPN Funkwerk Enterprise Communications GmbH Field Description to be included in the validation of certificates issued by the own er of this certificate Possible settings e Disabled No checking of CRLs e Always CRLs are always checked e Only if a CRL Distribution Point is present default value A check is only carried out if a CRL Distribu tion Point entry is included in the certificate This can be de termined under View Details in the certificate content e Use Settings from superior certificate The set tings of the higher level certificate are used if one exists It is does not the same procedure is used as that described under Only if a CRL Distribution Point is present Force Certificate to be Define that this certificate is to be accepted as the user certif
55. Noise dBm 367 369 Number Called 324 Number of dial attempts 325 Number of Messages 349 O OAM Flow Level 195 Operation Band 117 Operation Mode 117 Organisation 255 Organisational Unit 255 OSPF Mode 184 238 245 Other Inactivity 270 Outgoing ISDN Number 207 246 P packets 358 Passed 361 Password 164 169 174 179 223 230 234 241 253 258 259 293 309 338 348 354 Peak Cell Rate PCR 192 Peer Address 202 Peer ID 202 Phase 1 Profile 203 Phase 2 Profile 203 Physical connection 104 Physical Interface Interface Specifics Link 63 Ping 77 Ping Test 334 Poisoned Reverse 147 Policy 87 91 Pool Usage 297 POP3 Server 348 POP3 Timeout 348 Port 138 295 370 Port Name 98 Funkwerk Enterprise Communications GmbH Port Usage 98 Port VLAN Identifier PVID 113 Portforwardings 136 Positive Cache 284 PPPoE Ethernet Interface 164 PPPoE Interfaces for Multilink 164 PPPoE Mode 164 PPTP Address Mode 171 PPTP Inactivity 270 PPTP Interface 169 PPTP Mode 241 PPTP Passthrough 136 Preshared Key 125 202 Primary 283 283 Primary DHCP Server 301 Primary Time Server 69 Prioritize SIP Calls 278 Prioritize TCP ACK Packets 167 171 176 190 237 Priority 85 90 Propagate PMTU 221 Proposal 219 Proposals 211 Protocol 138 274 295 343 Provider 187 293 Provider Name 295 Proxy ARP 109 184 204 Proxy ARP Mode 238 245 Proxy Interface 158 Q
56. PPTP interface Possible values e PNS default value this assigns the PPTP interface the role of PPTP server e Windows Client Mode this assigns the PPTP interface the role of PPTP client User name Enter the user name Password Enter the password Always Active Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Connection Idle Timeout Only if Always Active Flatrate mode is disabled Enter the idle interval in seconds This determines how many seconds should pass between sending the last traffic data pack et and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the timeout The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Remote PPTP IP Ad Enter the IP address of the PPTP partner dress Fields in the menu PPTP Tunnel IP Mode and Routes Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values Funkwerk Enterprise Communications GmbH 14 VPN Field Description e Static default value You enter a static IP address e Provide IP Address Only if PPTP Mode PNSYour device dynamically assigns an IP address to the remote ter minal e Get IP Address Only if PPTP Mode Windows Client ModeYour device is dyn
57. Por fo Protocol DynDNS Y Update Interval Foo Seconds C oK gt C cancel Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery UPnP Fig 111 Local Services gt DynDNS Client gt DynDNS Providers gt New The Local Services gt DynDNS Client gt DynDNS Provider gt New menu consists of the following fields Fields in the DynDNS Provider Basic Parameters menu Field Description Provider Name Enter a name for this entry Server Enter the host name or IP address of the server on which the provider s DynDNS service runs Update Path Enter enter the path on the provider s server that contains the script for managing the IP address of your device Ask your provider for the path to be used Port Enter the port at which your device is to reach your provider s server Ask your provider for the relevant port The default value is 80 bintec R200 Serie 17 Local services Funkwerk Enterprise Communications GmbH Field Description Protocol Select one of the protocols implemented Possible values e DynDNS default value e Static DynDNS TOPs SEREN e DYNS e Gnudip HTML eGnudip TEP e Custom DynDNS Update Interval Enter the minimum time in seconds that your device must wait before it is allowed to propagate its current IP address to the DynDNS provider again The default value is 300 seconds 17 3 DHCP Server You can configure your device as a DHCP
58. RIP Load Balancing In this menu you configure application controlled bandwidth management Multicast In this menu you configure the use of multimedia streaming protocols for e g voice over IP or video and audio streaming e g IPTV or Webradio or TriplePlay voice video data Z Internet Dialup In this menu you define the Internet connections for the various connection protocols or dialup connections ATM In this menu you carry out configuration of the ATM profiles that are needed for all the ADSL connections and also connection monitoring OAM and ATM QoS Real Time Jitter Con In this menu you can optimise the low bandwidth transmission trol of voice data packets VPN IPSec In this menu you configure VPN connections over IPSec L2TP In this menu you configure the use of L2TP Layer 2 Tunnelling Protocol PPTP In this menu you configure the an encrypted PPTP tunnel GRE This menu shows a list of all configured GRE tunnels Certificates In this menu you can generate and import keys and have them certified Firewall Policies In this menu you configure the filter rules for the firewall Interfaces In this menu you can group together the interfaces to be filtered Addresses In this menu you can create the address aliases to be filtered Services In this menu you can create the service aliases to be filtered v SIP In this menu you configure a network transition between vari ous telecommu
59. Request E Certificate Request Description Mode 7 o Manual O scep o Generate Private key RSA m 1024 Bits E Subject Name Custom ClEnablea o Common Name L Emai AAA Organizational Unit MAS Organization i A Locality g l Tr State Province ASS Country T e SSS SSS ll Advanced Settings Subject Alternative Names m None A gt _ SS B e None xf z A g E 7 Options autosave Mode Zlenabtea e on F C ok X 3 Cancel i Fig 90 VPN gt Certificates gt Certificate List gt Request The VPN gt Certificates gt Certificate List gt Request menu consists of the following fields Fields in the Certificate List Certificate Request menu Field Description Certificate Request De Enter a unique description for the certificate scription bintec R200 Serie 14 VPN Funkwerk Enterprise Communications GmbH Field Description Mode Select the way in which you want to request the certificate Possible settings e Manual default value Your device generates a PKCS 10 for the key This file can then be uploaded directly in the browser or copied in the Edit menu using the View Details field This file must be provided to the CA and the received certificate must then be imported manually to your device e SCEP The key is requested from a CA using the Simple Cer tificate Enrolment Protocol Generate Private Key Only if Mode Manual Select an algorithm for
60. SMS with an SMS enabled terminal the telephone number 0193010 of the SMS server must be prefixed to the recipient num ber This telephone number is already stored in your PBX so manu al input of the server telephone is not necessary and does not need to be sent from the telephone To receive an SMS with your SMS enabled fixed network telephone you must register once with the Deutsche Telekom SMS Service Charges are made for sending SMSs There are no costs for receiving SMSs Simple Network Management Protocol Input level for SNMP commands All ISDN sockets and the NTBA of an ISDN point to multipoint con nection All So buses consist of a four wire cable The lines transmit digital ISDN signals The So bus is terminated with a terminating resistor after the last ISDN socket The So bus starts at the NTBA and can be up to 150 m long Any ISDN devices can be operated on this bus However only two devices can use the So bus at any one time as only two B channels are available See ISDN Basic Rate Interface Internationally standardised interface for ISDN systems This inter face is provided on the network side by the NTBA On the user Funkwerk Enterprise Communications GmbH SOHO SPD Special features Special features connection Specify own tele phone number for next call Speeddial number SPID Splitter Spoofing Glossary side the interface is intended for connecting a PBX point to point connection an
61. The interface is created but remains inactive Current Speed Mode Shows the actual mode and actual speed of the interface Possible values e 100 mbps Full Duplex e 100 mbps Half Duplex e 10 mbps Full Duplex e 10 mbps Half Duplex e Inactive 9 2 ISDN Ports You can use the ISDN BRI interface of your device for both dialup and leased lines over ISDN Proceed as follows to configure the ISDN BRI interface e Enter the settings for your ISDN connection Here you set the most important parameters of your ISDN connection e MSN Configuration Here you tell your device how to react to incoming calls from the WAN bintec R200 Serie 9 2 1 ISDN Configuration In this menu you configure the ISDN interface of your device Here you enter data such as the type of ISDN connection to which your device is connected Eg Note If the ISDN protocol is not detected it must be selected manually under Port Usage and ISDN Configtype The automatic D channel detection is then switched off An in correctly set ISDN protocol prevents ISDN connections being set up In the Physical Interfaces gt ISDN Ports gt ISDN Configuration menu a list of all ISDN ports and their configurations is shown 9 2 1 1 Working with Choose the jg button to edit the configuration of the ISDN port bintec R232bw Language English Y Express Setup Wizard MSN Configuration
62. Users IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values 14 VPN Funkwerk Enterprise Communications GmbH Field Description e Static default value You enter a static IP address e Provide IP Address Only for Connection Type LNS Your device dynamically assigns an IP address to the remote terminal e Get IP Address Only for Connection Type LAC Your device is dynamically assigned an IP address Standard Route Only if IP Address Mode Get IP Address and Static Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is disabled by default Create NAT Policy Only if IP Address Mode Get IP Address and Static Specify whether Network Address Translation NAT is to be ac tivated for this connection The function is activated with Enabled The function is disabled by default IP Assignment Pool Only if IP Address Mode Provide IP Address IPCP Select an IP pool configured in the WAN gt Internet Dialup gt IP Pools menu Local IP Address Only for IP Address Mode Static Enter the WAN IP address of your device Route Entries Only for IP Address Mode Static Enter the Remote IP Address and Netmask of the L2TP part ner LAN and the corresponding Metric Add new entries wi
63. Your device calls back immediately when re Funkwerk Enterprise Communications GmbH 13 WAN Field Description quested to do so by the connection partner e Windows Server Mode Your device calls back after a period of time proposed by the Microsoft client NT 10 seconds new systems 12 seconds It uses the subscriber number Entries gt Number MSN with the Mode outgo ing or Both that has been entered for the other party If no number is entered the required number can be reported by the caller in a PPP negotiation This setting should be avoided where possible for security reasons Currently can not be avoided for the connection of mobile Microsoft clients via DCN e Delayed CLID only Your device calls back after ap prox four seconds if your device is requested to do so by the connection partner Only makes sense for CLID e Windows Server Mode Callback optional Like Windows Server Mode but with the option of aborting This setting should be avoided for security reasons The Mi crosoft client also has the option of aborting callback and maintaining the initial connection to your device without call back This only applies if no fixed outgoing number has been configured for the connection partner This is done by pressing CANCEL to close the dialog box that appears Field in the Advanced Settings Options for On demand Bandwidth menu Field Description Channel Bundling Select whether channel bundling is to be used for
64. address and network mask you have defined 3 Start the configuration withComplete You can carry out the configuration in Quick or Advanced mode If you are not very famili ar with networking technologies choose Quick Your device is ready for operation when you have completed the configuration You can select from the following configuration items bintec R200 Serie 4 Basic configuration Funkwerk Enterprise Communications GmbH e Basic configuration e Internet connection WLAN settings e Corporate network connection LAN LAN coupling The basic configuration is essential if your device is still in the ex works state as it integ rates the gateway into your local network 1 Select the desired items and follow the instructions on the screen 2 To be able to use your device in your local network it may be necessary to make a few more settings on the PCs connected in the network after completing the configur ation You can set up Internet access over your device for all PCs in the same network as your device To do this you should set up these PCs as DHCP clients Otherwise you have to allocate a fixed IP address to each PC and enter your device as a default gateway and as a DNS server see Configuring a PC on page 14 The configuration of the gateway and its integration into your network are now completed 4 5 Testing the Configuration You have completed the configuration of your device and can now test the
65. address of the TFTP server to be sent to the client Several entries are possible Add new entries with the Add but ton 17 3 2 IP MAC Binding In the Local Services gt DHCP Server gt IP MAC Binding menu a list is shown of all cli ents that have received an IP address from your device via DHCP You can now allocate an IP address from a defined IP address pool to specific MAC ad dresses You can do this by selecting the Static Binding option in the list to convert a list entry as a fixed binding or you manually create a fixed IP MAC binding by configuring this in the New sub menu er Note You can only create new static IP MAC bindings if IP address ranges have been con figured in Local Services gt DHCP Server gt DHCP Pool 17 3 2 1 New Choose the New button to set up new IP MAC bindings bintec R200 Serie Online Help Express Setup Wizard DHCP Poo IPIMAC Binding DHCP Relay Settings bintec R232bw English Basic Parameters Description IP Address MAC Address q oK M Cancel CAPI Server Scheduling Surveillance __ ISDN Theft Protection Funkwerk Discovery UPnP Fig 113 Local Services gt DHCP Server gt IP MAC Binding gt New The Local Services gt DHCP Server gt DHCP Binding gt New menu consists of the fol lowing fields Fields in the IP MAC Binding Basic Parameters menu Field Description Description Enter the name
66. also available to you in printed form The detailed help system of the Express Setup Wizard will help you to clarify any ques tions you may have As a result a detailed description of the Express Setup Wizard is not provided here 7 3 2 Funkwerk Configuration Interface for advanced users The Funkwerk Configuration Interface is a web based graphic user surface that you can use from any PC with an up to date web browser via an HTTP or HTTPS connection You can use the Funkwerk Configuration Interface to carry out all configuration tasks easily lt is integrated in your device and is available in English If required other languages can be downloaded from the download area of www funkwerk ec com and installed on your device To do this proceed as described in Options on page 336 The settings you make with the Funkwerk Configuration Interface are applied with the OK or Apply button of the menu and you do not have to restart the device If you finish the configuration and want to save your settings so that they are loaded as the boot configuration when you reboot your device save these by clicking the Save configur ation button You can also use the Funkwerk Configuration Interface to monitor the most important function parameters of your device bintec R232bw Language English Express Setup Wizard E Automatic Refresh Interval B0 Seconds ae ee Interface Mode Bridge A Groups
67. an alternative BootP or DHCP server er bintec R200 Serie 17 4 Web Filter In the Local Services gt Web Filters menu you can configure a URL based Web filter service which accesses the Proventia Web Filter from the company Internet Security Sys tems www iss net and checks how a requested Internet page is categorised by the Proventia Web Filter The action resulting from the classification is configured on your device 174 1 Global Settings This menu contains the configuration of basic parameters for using the Proventia Web Fil ter bintes RZ32bw t Black White List Hi Web Filter Options Web Filter Status E MAA le Filtered Input Interface s Maximum Number of History Entries sa URL Path Depth 1 Mm Action if server not reachable Allow alt OBlock all OLog all a Action iflicense not registered O Allow alt O Block all O Log all I o a 5 DHCP Server License Information y GAD SaNi Licence Key BIBT Activate 30 days demo licence 1 Survetance PE Scheduling ISDH Theft Protection Funkwerk Discovery License valid until Not activated i Fig 115 Local Services gt Web Filters gt Global Settings The menu Local Services gt Web Filters gt Global Settings consists of the following fields Fields in the Global Settings Web Filter Options menu bintec R200 Seri
68. analogue terminals such as telephone fax and answering machine Terminals that transmit voice and other information analogously e g telephone fax machine answering machine and modem To transmit voice via the telephone acoustic oscillations are conver ted to continuous electrical signals which are transmitted via a net work of lines digital voice transmission You configure an analogue answering machine under Terminal Type Funkwerk Enterprise Communications GmbH AOC D AOC D E AOC E ARP Assignment Asynchronous ATM Attention tone Authentication Authorisation Automatic callback Automatic callback on busy Automatic callback on busy CCBS Glossary Display during and at end of connection Advice of charge during end Display only at end of connection Address Resolution Protocol An external call can be signalled to internal subscribers The entries in the Day option and Night option can be different A method of data transmission in which the time intervals between transmitted characters can vary in length This allows computers and peripheral devices to intercommunicate without being synchron ised by clock signals The beginning and end of the transmitted characters must be marked by start and stop bits in contrast to synchronous transmission Asynchronous transfer mode Superimposing of an acoustic signal during a telephone call e g for call waiting Check on the user s id
69. ate bintec R200 Serie Funkwerk Enterprise Communications GmbH 11 Wireless LAN Chapter 11 Wireless LAN In the case of wireless LAN WLAN Wireless Local Area Network this relates to the cre ation of a network using wireless technology Network functions Like a wired network a WLAN offers all the main network functions Access to servers files printers and the e mail system is just as reliable as company wide Internet access Because the devices do not require any cables the great advantage of WLAN is that there are no building related restrictions i e the device location does not depend on the position and number of connections Currently applicable standard IEEE 802 11 In the case of 802 11 WLANs all the functions of a wired network are possible WLAN transmits inside and outside buildings with a maximum of 100 mW IEEE 802 11g is currently the most widespread standard for wireless LANs and offers a maximum data transmission rate of 54 mbps This procedure operates in the radio fre quency range of 2 4 GHz which ensures that parts of the building are penetrated as effect ively as possible with a low transmission power that poses no health risks A 802 11g compatible standard is 802 11b which operates in the 2 4 GHz range 2400 MHz 2485 MHz and offers a maximum data transmission rate of 11 mbps 802 11b and 802 11g WLAN systems involve no charge or login With 802 11a bandwidths of up to 54 mbps can be used
70. bintec R200 Serie Cable sets mains unit Software Documentation other R232b DSL cable User s Guide on CD ISDN cable Release Notes if required Serial connecting cable Safety notices Mains unit bintec Ethernet cable bintec Companion CD Quick Install Guide printed R232bw DSL cable User s Guide on CD ISDN cable Release Notes if required Serial connecting cable Mains unit 2 standard antennas 6 2 General Product Features Safety notices The general product features cover performance features and the technical prerequisites for installation and operation of your device The features are summarised in the following table General Product Features bintec R230a bintec R230b bintec R230aw Product name bintec R230a bintec R230b bintec R230aw Dimensions and weights Equipment dimensions 158 mm x 25 7 mm x 158 mm x 25 7 mm x 158 mm x 25 7 mm x without cable B x Hx 123 1 mm 123 1 mm 123 1 mm D Weight approx 550 g approx 550 g approx 550 g Transport weight incl documentation cables packaging approx 1 2 kg approx 1 2 kg approx 1 2 kg Memory 32 MB SDRAM 32 MB SDRAM 32 MB SDRAM 8 MB flash ROM 8 MB flash ROM 8 MB flash ROM LEDs 11 1x Power 4x2 Ether 11 1x Power 4x2 Ether 12 1x Power 4x2 Ether bintec R200 Serie Funkwerk Enterprise Communications GmbH 6 Technical data Product name bintec R230a bintec R230b
71. bridge is active bintec R200 Serie Funkwerk Enterprise Communications GmbH Glossary Glossary Announcement If you want to call your employees or family members to a meeting or the dinner table you could call each one of them individually or simply use the announcement function With just one call you reach all the announcement enabled telephones without the subscribers having to pick up the receiver Announcement func Performance feature of a PBX On suitable telephones e g system tion telephones announcements can be made as on an intercom Bit Binary digit Smallest unit of information in computer technology Signals are represented in the logical states 0 and 1 Bundle The external connections of larger PBXs can be grouped into bundles When an external call is initiated by the exchange code or in the event of automatic external line access a bundle released for this subscriber is used to establish the connection If a subscriber has authorisation for several bundles the connection is established using the first released bundle If one bundle is occupied the next released bundle is used If all the released bundles are occupied the subscriber hears the engaged tone Busy On Busy Call to engaged team subscriber If one subscriber in a team has taken the receiver off the hook or is on the telephone you can de cide whether other calls are to be signalled for this team The setting for reaching a subscriber can be togg
72. can be changed bintec R200 Serie Funkwerk Enterprise Communications GmbH 14 VPN Field Description Enter the host name for LNS or LAC Local Hostname e LAC The Local Hostname is used in outgoing tunnel setup messages to identify this device and is associated with the Remote Hostname of a tunnel profile configured on the LNS These tunnel setup messages are SCCRQs Start Control Connection Request sent from the LAC and SCCRPs Start Control Connection Reply sent from the LNS e LNS Is the same as the value for Remote Hostname of the incoming tunnel setup message from the LAC Enter the host name of the LNS or LAC Remote Hostname e LAC Defines the value for Local Hostname of the LNS contained in the SCCRQs received from the LNS and the SCCRPs received from the LAC The Local Hostname con figured in the LAC must match the Remote Hostname con figured for the intended profile in the LNS and vice versa e LNS Defines the Local Hostname of the LAC If the Remote Hostname field remains empty on the LNS the related profile qualifies as the standard entry and is used for all incoming calls for which a profile with a matching Remote Hostname can be found Password Enter the password to be used for tunnel authentication Au thentication between LAC and LNS takes place in both direc tions i e the LNS checks the Local Hostname and the Pass word contained in the SCCRQ of the LAC and compares them with those specified in
73. configuring the server and client An L2TP tunnel profile must be created on each of the two sides LAC and LNS The corresponding L2TP tunnel profile is used on the initiator side LAC to set up the connection The L2TP tunnel profile is needed on the responder side LNS to accept the connection 14 2 1 Tunnel Profiles In the VPN gt L2TP gt Tunnel Profiles menu a list of all configured tunnel profiles is shown 14 2 1 1 New Choose the New button to set up new tunnel profiles bintec R232bw Language English Express Setup Wizard Basic Parameters Description O Local aars j m a o Remote Hostname E Password lem a LAC Mode PAARE n fh Remote IP Address C s UDP Source Pot Did gt P UDP Destination Port fi 701 Advanced Settings Local IP Address F Hello Intervall BO seconds i Minimum Time between Retries mz seconds o 7 Maximum Time between Retes fi Seconds i 7 Maximum Retries E Data Packets Sequence Numbers C Enabled K OK pie Cancel 5 Fig 83 VPN gt L2TP gt Tunnel Profiles gt New The VPN gt L2TP gt Tunnel Profiles gt New menu consists of the following fields Fields in the Tunnel Profiles Basic Parameters menu Field Description Description Enter a description for the current profile The device automatically names the profiles L2 TP and numbers them but the value
74. default value is 30 15 2 Interfaces bintec R200 Serie 15 2 1 Groups In the Firewall gt Interfaces gt Groups menu a list of all configured interface groups is shown You can group together the interfaces of your device This makes it easier to configure fire wall rules 15 2 1 1 New Choose the New button to set up new interface groups Online Help Express Setup Wizard bintee R232bw _ _ A Basic Parameters Description Members ILAN_ETHOAS0 0 O E OK yc Cancel Y Fig 98 Firewall gt Interfaces gt Groups gt New The Firewall gt Interfaces gt Groups gt New menu consists of the following fields Fields in the Groups Basic Parameters menu Field Description Description Enter the desired description of the interface group Members Select the members of the group from the available interfaces To do this enable the field in the Members column 15 3 Addresses bintec R200 Serie 15 3 1 Address list In the Firewall gt Addresses gt Address List menu a list of all configured addresses is shown 15 3 1 1 New Choose the New button to set up new addresses Online Help Express Setup Wizard Address List Groups bintec R232bw Bss Parona z Description Address Type O Address Subnet Address Range Address Subnet i C ok C Cancel _ Add
75. device answers an APR request only if the status of the connection to the PPTP partner is Active i e if a connection to the PPTP partner has already been es tablished DNS Negotiation Select whether your device should obtain IP addresses for Primary DNS client Secondary DNS client from the PPTP partner or should send these to the PPTP partner Field Description The function is activated with Enabled The function is enabled by default Fields in the Advanced Settings PPTP Callback menu Field Description Callback Enables a PPTP tunnel through the Internet to be set up with a PPTP partner even if the partner is currently inaccessible As a rule the PPTP partner will be requested by means of an ISDN call to go online and set up a PPTP connection The function is activated with Enabled The function is disabled by default Note that you must activate the relevant option on the gateways of both partners An ISDN connection is usually required for this function Without ISDN callback is only to be activated in spe cial applications Incoming ISDN Number Only if Callback is enabled Enter the ISDN number from which the remote device calls the local device calling party number Outgoing ISDN Number Only if Callback is enabled Enter the ISDN number with which the local device calls the re mote device calls called party number bintec R200 Serie 14 3 2 Options In this menu you can make general settings
76. e a connection already exists to the connection partner DNS Negotiation Select whether your device receives IP addresses for primary DNS server secondary DNS server primary WINS and sec ondary WINS from the connection partner or sends these to the connection partner The function is activated with Enabled The function is enabled by default 13 1 5 IP Pools In the IP Pools menu a list of all IP pools is displayed Your device can operate as a dynamic IP address server for PPP connections You can use this function by providing one or more pools of IP addresses These IP addresses can be assigned to dialling in connection partners for the duration of the connection Any host routes entered always have priority over IP addresses from the address pools This means if an incoming call has been authenticated your device first checks whether a host route is entered in the routing table for this caller If not your device can allocate an IP address from an address pool if available If address pools have more than one IP ad dress you cannot specify which connection partner receives which address The ad dresses are initially assigned in order If a new dial in takes place within an interval of one hour an attempt is made to allocate the same IP address assigned to this partner the last time Use the Add button to set up new IP pools bintec R232bw Online Help Express Setup Wizard PPPoE PPTP PPPoA ISD
77. e Password funkwerk a Note All bintec devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthor ized use Make sure you change the passwords to prevent unauthorized access to your device see Access and configuration on page 36 4 1 2 Software update Your device contains the version of the system software available at the time of production More recent versions may have since been released bintec R200 Serie 9 4 Basic configuration Funkwerk Enterprise Communications GmbH 4 2 System requirements For configuration your PC must meet the following system requirements e Windows 95 Windows 98 Windows ME or Windows NT 4 0 or Windows 2000 or Win dows XP The instructions for testing installing the TCP IP protocol and setting up the PC apply to Windows 2000 or Windows XP Installed network card Ethernet CD ROM drive e Microsoft TCP IP protocol installed see Configuring a PC on page 14 e High colour display more than 256 colours for correct representation of the graphics 4 3 Preparations To prepare for configuration you need to e have the data for the basic configuration and the Internet connection to hand and also gather the data needed for connecting the required WLAN clients e check whether the PC from which you want to perform the configuration meets the ne cessary requirements You can also e inst
78. easily Use a damp cloth or antistatic cloth Do not use solvents Never use a dry cloth the electrostatic charge could cause electronic faults Make sure that no moisture can enter the device and cause damage 3 3 Support Information If you have any questions on your new product or would like more information you can reach the Support Center of Funkwerk Enterprise Communications GmbH under the follow ing call number or via the E mail Hotline 49 911 9673 1550 hotline funkwerk ec com For detailed information on our support services contact www funkwerk ec com Chapter 4 Basic configuration Your bintec gateway contains extensive features for encrypted data transfer and Internet access for both individual users and companies The basic configuration of your device is carried out using the Express Setup Wizard The way to obtain the basic configuration is explained below step by step Detailed know ledge of networks is not necessary A detailed online help system gives you extra support The Companion CD also supplied includes all the tools that you need for the configuration and management of your device The BRICKware contains useful applications for managing your device 4 1 Presettings 4 1 1 Preconfigured data Your device is shipped with a pre defined IP configuration e IP Address 192 168 0 254 e Netmask 255 255 255 0 Use the following access data to configure your device as delivered e User Name admin
79. following data e System status e Your device s activities Resource utilisation active sessions and tunnels e Status and basic configuration of the LAN WAN ISDN WLAN and ADSL interfaces e The last 10 system messages You can customise the update interval of the status page by entering the desired period in seconds as Automatic Update Interval and clicking on the Apply button N Caution Under Automatic Refresh Interval do not enter a value of less than 5 seconds other wise the refresh interval of the screen will be too short to make further changes bintec R200 Serie anes 3 ETE ic bintec R23 bw Language English Online Online Help gt Bz i ae Save co Save configuration _ Status Automatic Refresh Interval po Seconds C Apply pply Global Settings Tw zE P notci a0 Interface Mode Bridge BA a ae A Grows System Information Administrative Access Uptime 0 Day s 1 Hour s 0 Minute s Remote Authentication System Date Thu Jan 01 01 00 28 1970 Blymicalinterieren ac Serial Number X6100505340097 BOSS Version V 7 8Rev7 IPSec from 2009 04 30 00 00 00 WirelessLAN Ressource Information AAA CPU Usage 0 AE Memory Usage 16 9 31 9 MB 51 A ISDN Usage External 0 2B Channels HUMO A Active Sessions SIF RTP etc 0 EDI Active IPSec Tunnels 0 0 ESE isi Physical Interface Interface Specifics Link Maintenance sent 0 192 168 0 254 255 255 255 0 o External Reporting y en
80. for ADSL ITU T G 992 1 Annex A Data transmission recommendation for ADSL ITU T G 992 1 Annex B See G 991 2 bintec R200 Serie Funkwerk Enterprise Communications GmbH Gateway Half duplex Handheld unit Hands free Hashing HDLC HDSL HDSL2 Headset HMAC HMAC MD5 HMAC SHA1 Holding a call Holding in the PBX Glossary Entrance and exit transition point Bidirectional communication method in which it is only possible to either send or receive at a particular point in time Also known as Simplex Mobile component of wireless telephone units In the event of digital transmission it is also possible to make telephone calls between the handheld units DECT If the telephone has a microphone and speaker installed you can conduct a call without using your hands As a result other people in the room can also participate in the call The process of deriving a number hash from a character string A hash is generally far shorter than the text flow it was derived from The hashing algorithm is designed so that there is a relatively low probability of generating a hash that is the same as another hash generated from a text sequence with a different meaning Encryption methods use hashing to make sure that intruders cannot change transmitted messages High Level Data Link Control High Bit Rate DSL High Bit Rate DSL version 2 Combination of headphones and microphone as a useful aid for anyone who m
81. form a local network star shaped ISDN connection unit ISDN connection socket Internet Control Message Protocol Integrity Check Value You have to request this performance feature from T Com The company will provide you with further information on the procedure If you enter code 77 during a call or after the caller has ended a call you hear the engaged tone from the exchange the caller s tele phone number is stored in the exchange ISDN telephones can also use separate functions for this performance feature For more in formation on this function please see your user s guide The Institute of Electrical and Electronics Engineers IEEE A large global association of engineers which continuously works on stand ards in order to ensure different devices can work together Internet Engineering Task Force The index from 0 9 is fixed Every external multiple subscriber number entered is assigned to an index You need this index when configuring performance features using the telephone s codes e g configuring Call forwarding in the exchange or Define telephone number for the next external call A network in infrastructure mode is a network that contains at least one access point as the central point of communication and control In a network in infrastructure mode all clients communicate with Inquiry Internal call tone Internal calls Internal telephone numbers Internet each other via access points only The
82. icon delete the complete IPSec configuration of your device bintec R200 Serie Funkwerk Enterprise Communications GmbH 14 VPN Field Description This cancels all settings made during the IPSec configuration Once the configuration is deleted you can start with a com pletely new IPSec configuration You can only delete the configuration if Enable IPSec Not activated IPSec Debug Level Select the priority of the syslog messages of the IPSec subsys tem to be recorded internally Possible values e Emergency highest priority e Alert O Cres eal Geil O TRETO Warning e Alert e Information e Debug default value lowest priority Syslog messages are only recorded internally if they have a higher or identical priority to that indicated i e all messages generated are recorded at syslog level debug The Advanced Settings menu is for adapting certain functions and features to the special requirements of your environment i e mostly interoperability flags are set The default val ues are globally valid and enable your system to work correctly to other bintec devices so that you only need to change these values if the remote terminal is a third party product or you know special settings are necessary These may be needed for example if the remote end operates with older IPSec implementations The Advanced Settingsmenu consists of the following fields Fields in the Options Advanced Settings menu Field Des
83. in the Groups Basic Parameters menu bintec R200 Serie Field Description Description Enter the desired description of the address group Selection Select the members of the group from the available Addresses To do this enable the field in the Selection column 15 4 Services 15 4 1 Service list In the Firewall gt Services gt Service List menu a list of all available services is shown 15 4 1 1 New Choose the New button to set up new services y ica ZE Service List Groups ana i 4 Language English Online Help bintec R232bw E i H Basic Parameters Description ects 4 e Protocol Any oK gt C cancel Fig 101 Firewall gt Services gt Service List gt New The Firewall gt Services gt Service List gt New menu consists of the following fields Fields in the Service List Basic Parameters menu Field Description Description Enter an alias for the service you want to configure bintec R200 Serie Funkwerk Enterprise Communications GmbH 15 Firewall Field Description Protocol Select the protocol on which the service is to be based The most important protocols are available for selection Destination Port Range Only if Protocol TCP UDP TCP or UDP In the first field enter the destination port via which the service is to run If a port number range is specified in the second field enter the last po
84. in which Back Route Verify is only enabled for specific interfaces e Disable for all Interfaces Back Route Verify is dis abled for all interfaces Only for Mode Enable for specific interfaces Displays the serial number of the list entry Interface Only for Mode Enable for specific interfaces Displays the name of the interface Back Route Verify Only for Mode Enable for specific interfaces Select whether Return Route Checking is to be enabled for this interface The function is activated with Enabled By default the function is deactivated for all interfaces Fields in the Options General menu Field Description Allow deleting editing all Define whether all the routes entered on your device can be ed routing entries ited and deleted in the Routing gt Routes gt Routes menu The function is activated with Enabled By default the function is deactivated for all interfaces 12 2 NAT 12 2 1 NAT Interfaces Network Address Translation NAT is a function on your device for defined conversion of source and destination addresses of IP packets If NAT is activated IP connections are still only allowed by default in one direction outgoing forward protective function Excep tions to the rule can be configured in Portforwarding on page 137 In the Routing gt NAT gt NAT Interfaces menu a list of all NAT interfaces is shown bintec Beara Language English English Online Help Express Set
85. is to re main in blocked status At the end of the block time the server is set to the status spe cified in the Administrative Status field The possible values are 0 to 3600 the default value is 60 The value 0 means that the server is never set to Blocked status and thus no other servers are queried Encryption Select whether data exchange between the TACACS server and the NAS is to be encrypted with MD5 The function is enabled by choosing Enabled The function is enabled by default If the function is not enabled the packets and all related inform ation are transferred unencrypted Unencrypted transfer is not recommended as a default setting and should only be used for debugging 8 5 3 Options This setting possible here causes your device to carry out authentication negotiation for in coming calls if it cannot identify the calling party number e g because the remote terminal does not signal the calling party number If the data password partner PPP ID obtained by executing the authentication protocol is the same as the data of a listed remote terminal or RADIUS user your device accepts the incoming call bintec R200 Serie See 4 last at bintec R232bw Language English x Online Help Express Setup Wizard b AAA RADIUS TACACS Options Global RADIUS Options Interface Mode Bridge maar A A Groups Authentication for PPP Dialin inband Administrative Access m E ounan H
86. messages and messages per second The default value is 0 i e the number of IGMP status mes sages is not limited bintec R200 Serie Chapter 13 WAN 13 1 Internet Dialup In this menu you can set up Internet access or dialup connections To enable your device to set up connections to networks or hosts outside your LAN you must configure the partners you want to connect to on your device This applies to outgoing connections your device dials its WAN partner and incoming connections a remote part ner dials the number of your device If you want to set up Internet access you must set up a connection to your Internet Service Provider ISP For broadband Internet access your device provides the PPP over Ethernet PPPoE PPP over PPTP and PPP over ATM PPPoA protocols You can also configure Internet access over ISDN gt Note Note your provider s instructions Dialin connections over ISDN are used to establish a connection to networks or hosts out side your LANs All the entered connections are displayed in the corresponding list which contains the De scription the User Name the Authentication and the current Status The Status field can take the following values Possible values for Status Field Description o connected a not connected dialup connection connection setup possible a not connected e g because of an error during setup of an out going connection a renewed attempt is only possib
87. more com mon protocol is DSS1 See DES Specified data rates of 54 48 36 24 18 12 9 and 6 mbps anda working frequency in the range of 5 GHz for IEEE802 11a or 2 4 GHz for IEEE802 11g IEEE802 11 g can be configured to run in compliance with 11b or 11b and 11 as well One of the IEEE standards for wireless network hardware Products that meet the same IEEE standard can communicate with each oth er even if they come from different hardware manufacturers The IEEE802 11b standard specifies the data rates of 1 2 5 5 and 11 mbps a working frequency in the range of 2 4 to 2 4835 GHz and WEP encryption IEEE802 11 wireless networks are also known as Wi Fi networks The A subscriber is the caller For connection of an analogue terminal In the case of an ISDN ter minal terminal adapter with a b interface the connected analogue terminal is able to use the supported T ISDN performance features Authentication Authorisation Accounting PIN or password A rule that defines a set of packets that should or should not be transmitted by the device An active component of a network consisting of wireless parts and Glossary Access protection Accounting Active probing Ad hoc network ADSL AH Alphanumeric dis play Analogue connec tions Analogue terminals Analogue voice transmission Answering machine Funkwerk Enterprise Communications GmbH optionally also of wired parts Several WLAN clients te
88. number of received CTS clear to send frames response to an RTS that were received as a response to RTS request to send Received MPDU that Displays the number of received MSDUs that could not be en couldn t be decrypted crypted One reason for this could be that a suitable key was not entered RTS frames with no CTS Displays the number of RTS frames for which no CTS was re received ceived Invalid packets received Displays the number of frames received incompletely or with er rors 20 5 2 VSS In the Monitoring gt WLAN gt VSS menu the current values and activities of the con figured wireless networks are shown Sad Online Help Express Setup Wizard aha Hia Language English WLAN1 VSS pe ia gt ob Refresh Interval 60 Seconds Appl Client Node Table Routing o o ov MAC Address IP Address Up Time Tx Packets Rx Packets Signal dBm Noise dBm Data Rate mbps yN 00 0c 84 02 a9 8b 0 0 0 0 0 Day s 0 0 4 0 0 0 0 0 fA Save co Internal Log ISDN Modem Interfaces Fig 157 Monitoring gt WLAN gt VSS Values in the list VSS bintec R200 Serie Field Description MAC address Shows the MAC address of the associated client IP Address Shows the IP address of the client Uptime Shows the time in hours minutes and seconds for which the cli ent is logged in Tx Packets Shows the total number of packets sent Rx Packets Shows the total numbe
89. of the host to the MAC Address of which the IP Address is to be bound A character string of up to 256 characters is possible IP Address Enter the IP address to be assigned to the MAC address spe cified in MAC Address MAC address Enter the MAC address to which the IP address specified in IP Address is to be assigned bintec R200 Serie 173 3 DHCP Relay Setting If your device for the local network does not distribute any IP addresses to the clients by DHCP it can still forward the DHCP requests on behalf of the local network to a remote DHCP server The DHCP server then assigns the your device an IP address from its pool which in turn sends this to the client in the local network bintee R232bw Language English Express Setup Wizard DHCP Pool IP MAC Binding DHCP Relay Settings Basic Parameters Primary DHCP Server 0 0 0 0 Secondary DHCP Server 0 0 0 0 C oK ys Cancel J DHCP Server Web Filter CAPI Server Scheduling o Surveillance ISDH Theft Protection El Funkwerk Discovery UPnP Fig 114 Local Services gt DHCP Server gt DHCP Relay Settings The Local Services gt DHCP Server gt DHCP Relay Settings menu consists of the fol lowing fields Fields in the DHCP Relay SettingsBasic Parameters menu Field Description Primary DHCP Server Enter the IP address of a server to which BootP or DHCP re quests are to be forwarded Secondary DHCP Serv Enter the IP address of
90. one network to the other The RSA algorithm named after its inventors Rivest Shamir Adle man is based on the problem of factoring large integers It therefore takes a large amount of data processing capacity and time to derive a RSA key Real Time Streaming Protocol See Primary Rate Interface The SAD Security Association Database contains information on security agreements such as AH or ESP algorithms and keys se quence numbers protocol modes and SA life For outgoing IPSec connections an SPD entry refers to an entry in the SAD i e the SPD defines which SA is to be applied For incoming IPSec connec tions the SAD is queried to determine how the packet is to be pro cessed Symmetric Digital Subscriber Line A server offers services used by clients Often refers to a certain computer in the LAN e g DHCP server Funkwerk Enterprise Communications GmbH ServerPass Service 0190 Service 0700 Service 0900 Glossary Part of the T Com certification services for the Internet Digital pass for a company With the ServerPass T Com confirms that a server on the Internet belongs to a particular company and that this was verified through the presentation of an excerpt from the business re gister Additional voice service from T Com for the commercial distribution of private information services The T Com services are limited to providing the technical infrastructure and collection processing for the information pro
91. or IPSec Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Call back Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Call back Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Software supplied BRICKware for Windows BRICKtools for Unix BRICKware for Windows BRICKtools for Unix BRICKware for Windows BRICKtools for Unix Funkwerk Enterprise Communications GmbH 6 Technical data Product name bintec R232a bintec R232b bintec R232bw Printed documentation Quick Reference Quick Reference Quick Reference supplied Online documentation User s Guide User s Guide User s Guide BRICKware for Windows BRICKware for Windows BRICKware for Windows Software Reference Software Reference Software Reference 6 3 LEDs The device LEDs provide information on certain activities and statuses of the device The LEDs on bintec R230a bintec R230b are arranged as follows Status O Fig 4 LEDs of bintec R230a bintec R230b In operation mode the LEDs on bintec R230a bintec R230b display the following status information for your device LED status display LED State Information Power on The power supply is connected State on The device has started flashing The device is active 1to4 on T
92. or device NAT T enables these kinds of tunnels without conflicts with NAT device activated NAT is automatically detected by the IPSec Daemon and NAT T is used The function is activated with Enabled The function is enabled by default CA Certificates Only if Authentication Method DSA Signature RSA Sig nature or RSA Encryption If you enable the Trust following CA certificates op tion you can select up to three additional CA certificates that are accepted for this profile This option can only be configured if certificates are loaded 14 13 Phase 2 Profiles You can define profiles for phase 2 of the tunnel setup just as for phase 1 In the VPN gt IPSec gt Phase 2 Profiles menu a list of all configured IPSec phase 2 pro files is shown bintec R200 Serie bintec R232bw ETE IPSec Peers ll Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Lifetime En wa WE C New DC OK J cancel Fig 78 VPN gt IPSec gt Phase 2 Profiles In the Standard column you can mark the profile to be used as the default profile 14 1 3 1 New Choose the New button to set up new profiles bintec R200 Serie bintec R200 Serie Online Help a z be ity 4 3 3 c ie bintec R232bw_ Language English v Express Setup Wizard Logout funkwerki Ss AS a E Save configuration J
93. peer Possible values e Autodetect Best Mode Your device automatically de Funkwerk Enterprise Communications GmbH 14 VPN Field Description termines the most favourable mode It first tries all D channel modes before switching to the B channel Costs are incurred for using the B channel e Autodetect only D Channel Modes Your device auto matically determines the most favourable D channel mode The use of the B channel is excluded e Use specific D Channel Mode Your device tries to transfer the IP address in the mode set in the D Channel Mode field e Try specific D Channel Mode fall back to B Channel Your device tries to transfer the IP address in the mode set in the D Channel Mode field If this does not suc ceed the IP address is transferred in the B channel This in curs costs e Use only B Channel Mode Your device transfers the IP address in the B channel This incurs costs D Channel Mode Only if Transfer Mode Use specific D Channel Mode or Try specific D Channel Mode Fallback to B Channel Select the D channel mode in which your device tries to transfer the IP address Possible values e LLC default value The IP address is transferred in the LLC information elements of the D channel e SUBADDR The IP address is transferred in the subaddress in formation elements of the D channel e LLC and SUBADDR The IP address is transferred in both the LLC and subaddress information element
94. point and provides this via separate connections Euro ISDN contains service indicates with defined names Some of these have only historical meaning In general you should choose the Telephony service for real telephone calls If this selection does not work depends on network operator you can try speech audio 3k1Hz or telephony 3k1Hz The same applies for faxing Here too there is the collective term Fax plus a couple of more specific cases From a purely technical point of view the services are bits in a data word evaluated by means of a mask If you include several bits in the mask all these services are approved for activa tion while in the case of just one bit it is just the one selected ser Funkwerk Enterprise Communications GmbH Three party confer ence 10 Base 2 100Base T 10Base T 1TR6 3DES Triple DES 802 11a g 802 11 b g A subscriber a b interface AAA Access code Access list Access point Glossary vice A three way telephone call Performance feature in T Net T ISDN and your PBX Thin Ethernet connection Network connection for 10 mbps net works with BNC connector T connectors are used for the connec tion of equipment with BNC sockets Twisted pair connection Fast Ethernet Network connection for 100 mbps networks Twisted pair connection Network connection for 10 mbps networks with RJ45 connector D channel protocol used in the German ISDN Today the
95. really need to know is the factory default user name and password User Name admin Password funkwerk N Caution Remember to change the password immediately when you log in to the device for the first time All bintec devices are supplied with the same password which means they are not protected against unauthorised access until you change the password How to change the passwords is described in chapter Passwords on page 66 Workshops Step by step instructions for the most important configuration tasks can be found in the separate FEC Application Workshop guide for each application which can be down loaded from the www funkwerk ec com website from the Product menu under Solutions Dime Manager The devices are also designed for use with Dime Manager The Dime Manager manage ment tool can locate your Funkwerk devices within the network quickly and easily The Net based application which is designed for up to 50 devices offers easy to use functions and a comprehensive overview of devices their parameters and files By using SNMP multicast all of the devices in your local network can be located irrespect ive of their current IP address A new IP address and password and other parameters can also be assigned A configuration can then be initiated over HTTP or TELNET If using HT TP the Dime Manager automatically logs into the devices on your behalf System software files and configuration files can be managed individually as re
96. replaced Can be used for brokering Possible in T Net T ISDN and PBXs The ter minal must have MFC and the R key Private Branch Exchange The features offered by a PBX are manufacturer specific and enable operation of exchanges free internal calls callback on busy and conference calls among other things PBXs are used e g for office communication voice text and data transfer Private Branch Exchange PBX Private Automatic Branch Exchange A point to point ISDN access includes a PBX number and an exten sion numbers range The PBX number is used to reach the PBX A certain terminal of the PBX is then dialled via one of the extension Funkwerk Enterprise Communications GmbH PCMCIA PDM PGP PH Phone book PIN Ping PKCS Point to multipoint Point to multipoint Point to multipoint Point to multipoint connection for the PBX Point to point Glossary numbers of the extension numbers range The PCMCIA Personal Computer Memory Card International Asso ciation is an industry association founded in 1989 that represents credit card sized I O cards such as WLAN cards Abbreviation for pulse dialling method Conventional dialling proced ure in the telephone network Dialled numbers are represented by a defined number of dc impulses The pulse dialling method is being replaced by the multifrequency code method MFC Pretty Good Privacy Packet handler The PBX has an internal phone book You can store
97. scuo C Ok C Cancel _ Fig 36 System Administration gt Remote Authentication gt Options The System Management gt Remote Authentication gt Options menu consists of the fol lowing fields Fields in the Options Global RADIUS options menu Field Description Authentication for PPP By default the following authentication sequence is used for in Dialin coming calls with RADIUS First CLID then PPP and then PPP with RADIUS Options e Inband Only inband RADIUS requests PAP CHAP MS CHAP V1 8 V2 i e PPP requests without CLID are sent to the RADIUS server defined in Server IP Address e Outband CLID Only outband RADIUS requests i e re quests for calling line identification CLID are sent to the RA DIUS server Inband is activated by default bintec R200 Serie Chapter 9 Physical interfaces 9 1 Ethernet Ports An Ethernet interface is a physical interface for connection to the local network or external networks ETH1 ETH4 If the switch ports ETH1 ETH4 are separated from each other each separated port is assigned the desired Ethernet interface in the Ethernet Interface Selection field of the Port Configuration menu For each assigned Ethernet interface another interface is dis played in the list in the Port Configuration menu and a completely independent configura tion of the interface is possible ETH5 DMZ By default the Ethernet interface en5 0 is assigned to the ETH5 DMZ
98. take your call The remote terminal must also know your details You have to agree this data between you Your device and the device at your head office check before every connection to see if they should take the call from the partner To protect the network against unauthorised access the call is accepted only after correct authentication This authentication is based on a com mon password and two codes that you and your partner use for the connection Data for connection to a company network Access data Example value Your values Partner name BigBoss Key of company head office Dial in number 0911987654321 Call number of the company head office s device Local name LittleIndian Your own code Your partner the head office must enter this name as the partner name on its device Password Secret Common password for this con nection entered on both devices Network address es of the com 10 1 1 0 pany head office Netmask s of the company head 255 255 255 0 office bintec R200 Serie 4 3 2 Configuring a PC In order to reach your device via the network and to be able to carry out configuration using the Express Setup Wizard the PC used for the configuration has to satisfy some pre requisites Make sure that the TCP IP protocol is installed on the PC e Assign fixed IP address to your PC Checking the TCP IP protocol Proceed as follows to check whether you have installed the protocol 1 Cl
99. the default value is 6 Fields in the E mail Alert ServerSNMP Settings menu Field Description SMTP Server Enter the address IP address or valid DNS name of the mail server to be used for sending the mails The entry is limited to 40 characters SMTP Authentication Forward the incoming E mails Possible values e None default value The E mails are not forwarded e ESMTP The E mails are forwarded to the destination over SMTP e SMTP after POP The E mails are collected by the provider with POP and are forwarded to the destination over SMTP User name Only if SMTP Authentication ESMTP or SMTP after POP Enter the user name of the user Password Only if SMTP Authentication ESMTP or SMTP after POP Enter the password of the user POP3 Server Only if SMTP Authentication SMTP after POP Enter the address of the server from which the mails are to be retrieved Appropriate POP3 server software must be installed so that the Field Description mailserver can answer the requests via POP3 POP3 Timeout Only if SMTP Authentication SMTP after POP Enter how long the router must wait after a relevant event be fore it is forced to send the alert mail The default value is 600 seconds 19 3 2 E mail Alert Receiver In the E mail Alert Receiver menu a list of syslog messages is displayed 19 3 2 1 New Choose the New button to create new e mail alert receivers SMT Ts Online Help Expre
100. the device the validity of certificates from this CA is not checked e lt name of an existing certificate gt If all the necessary certific ates are already available in the system you select these manually Only if Mode SCEP Only if CA Certificates is not Download Select a certificate for signing SCEP communication The default value is Use CA Certificate i e the CA cer tificate is used Only if Mode SCEP Only if RA Sign Certificate is not Use CA Certificate If you use one of your own certificates to sign communication with the RA you can select another one here to encrypt com munication The default value is Use RA Sign Certificate i e the same certificate is used as for signing Only if Mode SCEP You may need a password from the certification authority to ob tain certificates for your keys Enter the password you received from the certification authority here Fields in the Certificate List Subject Name menu Field Description User defined Select whether you want to enter the name components of the subject name individually as specified by the CA or want to enter a special subject name 14 VPN Funkwerk Enterprise Communications GmbH Field Description If Enabled is selected a subject name can be given in Con densed with attributes that are not offered in the list Example CN VPNServer DC mydomain DC com c DE If the field is not marked enter the name components in Ge
101. the device will boot with the standard ex works settings You can now configure your device again as described from Basic configuration on page 9 bintec R200 Serie Chapter 6 Technical data This chapter summarises all the hardware characteristics of the bintec R230a bintec R230b bintec R230aw bintec R232a bintec R232b and bintec R232bw devices 6 1 Scope of supply Your device is supplied with the following parts Cable sets mains unit other Software Documentation bintec R230a Ethernet cable DSL cable Serial connecting cable Mains unit bintec Companion CD Quick Install Guide printed User s Guide on CD Release Notes if required Safety notices bintec R230b Ethernet cable DSL cable Serial connecting cable Mains unit bintec Companion CD Quick Install Guide printed User s Guide on CD Release Notes if required Safety notices bintec R230aw Ethernet cable DSL cable Serial connecting cable Mains unit 2 standard antennas bintec Companion CD Quick Install Guide printed User s Guide on CD Release Notes if required Safety notices bintec R232a Ethernet cable DSL cable ISDN cable Serial connecting cable Mains unit bintec Companion CD Quick Install Guide printed User s Guide on CD Release Notes if required Safety notices bintec Ethernet cable bintec Companion CD Quick Install Guide printed
102. tion to be reconnected to another ISDN socket during the telephone call Recording telephone Performance feature of an answering machine Enables a conversa calls tion to be recorded during the telephone call Remote Remote as opposed to local Remote access Opposite to local access see Remote Remote CAPI bintec s own interface for CAPI Remote diagnosis re Some terminals and PBXs are supported and maintained by T mote maintenance Service support offices over the telephone line which often means a service engineer does not have to visit the site Remote query Answering machine function Involves listening to messages re motely usually in connection with other options such as deleting messages or changing recorded messages Repeater A device that transmits electrical signals from one cable connection to another without making routing decisions or carrying out packet filtering See Bridge and Router Reset Resetting the PBX enables you to return your system to a pre defined initial state This may be necessary if you have made incor rect configuration settings or the PBX is to be reprogrammed RFC Specifications proposals ideas and guidelines relating to the Inter net are published in the form of RFCs request for comments Rijndael AES Rijndael AES was selected as AES due to its fast key generation low memory requirements and high level of security against attacks For more information on AES see ht tp csrc nist
103. to be optim ised Control Mode Select the mode for the optimisation Possible values e Only Controlled RTP Streams default value By means of the data routed via the media gateway the system detects voice data traffic and optimises the voice transmis sion e All RTP Streams All RTP streams are optimised e Down Voice data transmission is not optimised e Always Voice data transmission is always optimised Maximum Upstream Enter the maximum available upstream bandwidth in kbps for Speed the selected interface bintec R200 Serie Chapter 14 VPN 14 1 IPSec IPSec enables secure connections to be set up between two locations VPN This enables sensitive business data to be transferred via an unsecure medium such as the Internet The devices use function here as the endpoints of the VPN tunnel IPSec involves a num ber of Internet Internet Engineering Task Force IETF standards which specify mechan isms for the protection and authentication of IP packets IPSec offers mechanisms for en crypting and decrypting the data transferred in the IP packets The IPSec implementation can also be smoothly integrated in a Public Key Infrastructure PKI The bintec IPSec im plementation achieves this firstly by using the Authentication Header AH protocol and En capsulated Security Payload ESP protocol and secondly through the use of cryptograph ic key key administration mechanisms like the Internet Key Exchange IKE protocol
104. to the caller when you take a call Example You have set up call diversion to another terminal If this terminal has activ ated suppression of the B telephone number the calling party does not see a telephone number on the terminal display If an analogue terminal connection of the PBX is set up as a multi functional port for combination devices all calls are received re gardless of the service In the case of trunk prefixes using codes the service ID Analogue Telephony or Telefax Group 3 can also be transmitted regardless of the configuration of the analogue con nection If 0 is dialled the service ID Analogue Telephony is also transmitted Performance feature of a PBX Several internal subscribers can telephone simultaneously Three party conferences are also pos sible with external subscribers Windows application similar to the Windows Explorer which uses SNMP commands to request and carry out the settings of your gate way The application was called the DIME Browser before BRICK ware version 5 1 3 One important prerequisite for the transfer of your configuration to the PBX is that you have set up a connection between the PC and PBX You can do this using the LAN Ethernet connection With some restrictions you can also program your PBX using the telephone For information on programming your PBX using the tele phone please see the accompanying user s guide The performance features for analogue terminals ca
105. up to 300 tele phone numbers and the associated names You can access the PBX s phone book with the funkwerk devices for example CS 410 You add entries to the phone book using the configuration interface Personal identification number Packet Internet Groper Public Key Cryptography Standards Point to multipoint connection Basic connection in T ISDN with three telephone numbers and two lines as standard The ISDN terminals are connected directly on the network termination NTBA or ISDN internet connection of a PBX Point to multipoint You enter the multiple subscriber numbers received from T Com with the order confirmation in the table fields defined for them in the configuration As a rule you receive three multiple subscriber num bers but can apply for up to 10 telephone numbers for each con nection When you enter the telephone numbers they are assigned to an index and also to a team Note that initially all telephone numbers are assigned to team 00 The internal telephone numbers 10 11 and 20 are entered in team 00 ex works External calls are therefore signalled with the internal telephone numbers 10 11 and 20 for the connections entered in team 00 Point to point Point to point ISDN access Polling Port POTS PPP PPP authentication PPPoA PPPoE PRI Primary Rate Inter face PRI Protocol Proxy ARP PSN PSTN PVID R key RADIUS RADSL RAS Point to point Fax machine function that f
106. use this menu to in stall it If you need other languages for the configuration interface you can import these You can also trigger a system reboot in this menu 18 1 Diagnostics In the Maintenance gt Diagnosis menu you can test the accessibility of individual hosts the resolution of domain names and certain routes 18 1 1 Ping Test Online Help Express Setup Wizard Ping Test DNS Test Traceroute Test bintec R232bw el English Ping Test Test Ping Address Output Fig 135 Maintenance gt Diagnosis gt Ping Test You can use the ping test to check whether a certain host in the LAN or an internet address can be reached The Output field shows the ping test messages The ping test is started by entering the IP address to be tested in Send Ping Request to Address and clicking on the Go button bintec R200 Serie 18 1 2 DNS Test bintee R232bw FETE Ping Test DNS Test Traceroute Test DNS Test DNS Address Output Software amp Configuration Reboot Fig 136 Maintenance gt Diagnosis gt DNS Test The DNS test is used to check whether the domain name of a particular host is correctly re solved The Output Results field shows the DNS test messages The DNS test is started by entering the domain name to be tested in DNS Address and clicking o
107. values are 0 to 999 The default value is 5 End to End Pending Re Only if Loopback End to End is enabled quests Enter the number of directly consecutive loopback cells that may fail to materialise before the connection is regarded as in terrupted down Possible values are 1 to 99 The default value is 5 Loopback Segment Select whether you want to activate the loopback test for the segment connection segment connection of the local end point to the next connection point of the VCC or VPC The function is activated with Enabled The function is disabled by default Segment Send Interval Only if Loopback Segment is enabled Enter the time in seconds after which a loopback cell is sent Possible values are 0 to 999 The default value is 5 Segment Pending Re Only if Loopback Segment is enabled quests Enter the number of directly consecutive loopback cells that may fail to materialise before the connection is regarded as in terrupted down Funkwerk Enterprise Communications GmbH 13 WAN Field Description Possible values are 1 to 99 The default value is 5 Fields in the OAM Control CC Activation Field Description Continuity Check CC Select whether you activate the OAM CC test for the connection End to End between the endpoints of the VCC or VPC Possible values e Passive default value OAM CC requests are responded to after CC negotiation CC activation negotiation e Active OAM CC r
108. whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Static default value You enter a static IP address e Provide IP Address Your device dynamically assigns an IP address to the remote terminal e Get IP Address Your device is dynamically assigned an IP address Standard Route Only if IP Address Mode Static and Get IP Address Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is disabled by default Create NAT Policy Only if IP Address Mode Static and Get IP Address When you configure an ISDN connection specify whether Net work Address Translation NAT is to be enabled The function is activated with Enabled The function is disabled by default Local IP Address Only if IP Address Mode Static Assign the IP address from your LAN to the ISDN interface which is to be used as your device s internal source address Route Entries Only if IP Address Mode Static Define routing entries for this connection partner e Remote IP Address IP address of the destination host or LAN Funkwerk Enterprise Communications GmbH 13 WAN Field Description e Netmask Netmask of Remote IP Address e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 1 IP Assignment Pool Only if IP Add
109. which the rule is to be ap plied This address can be in the LAN or WAN The rules for incoming and outgoing RIP packets import or ex port for the same IP address must be separately configured You can enter individual host addresses or network addresses Direction Select whether the filter applies to the export or import of routes Possible values e Import default value ESO Metric Offset for Active Select the value to be added to the route metric if the status of Interfaces the interface is up During export the value is added to the ex ported metric if the interface status is up Possible values are 16 to 16 bintec R200 Serie Field Description The default value is 0 Metric Offset for Inactive Select the value to be added to the route metric if the status of Interfaces the interface is dormant During export the value is added to the exported metric if the interface status is dormant Possible values are 16 to 16 The default value is 0 12 3 3 RIP Options e ran x Online Help Express Setup Wizard Save Configuration i RIP Interfaces RIP Filter RIP Options LAN dad Global RIP Parameters OOO E A Default Route Distribution Y Enabled Routes a r Poisoned Reverse Enabled RIP RFC 2453 Variable Timer Y Enabled Load Balancing o Mut RFC 2091 Variable Timer Enabled WAN r Timer for RIP V2 RFC 2453 i Vesta Timer 30 Sco
110. with the next highest priority is used The available values are 0 to 9 the default value is 0 Entry Active Select whether this server is to be used for login authentication The function is enabled by choosing Enabled The function is enabled by default The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Policy Select the interpretation of the TACACS response Possible values e Non authoritative default value The TACACS serv ers are queried in order of their priority see Priority until a positive response is received or a negative response is re ceived from an authoritative server e Authoritative A negative response to a request is ac cepted i e a request is not sent to another TACACS server The device s internal user administration is is not turned off by TACACS It is checked after all TACACS servers have been queried TCP Port Shows the default TCP port 49 used for the TACACS pro tocol The value cannot be changed Timeout Enter time in seconds for which the NAS is to wait for a re sponse from TACACS If a response is not received during the wait time the next con figured TACACS server is queried only if Policy Non authoritative and the current server is set to status Blocked The possible values are 1 to 60 the default value is 3 Field Description Blocktime Enter the time in seconds for which the current server
111. without you having to do anything Terminal Adapter Telephony Application Program Interface Funkwerk Enterprise Communications GmbH TAPI configuration TCP TCP IP TCU TE TEI Telefax Telematics Telnet Terminal adapter TFTP Tiger 192 TLS Tone dialling Transfer internal code Glossary You can use the TAPI configuration to modify the TAPI driver in line with the program that uses this driver You can check which MSN is to be assigned to a terminal define a line name and configure the dialling parameters First configure your PBX You must then config ure the TAPI interface Use the TAPI Configuration program Transmission Control Protocol Transmission Control Protocol Internet Protocol Telecommunication connection unit Terminal equipment Terminal Endpoint Identifier Term that describes the remote copying for transmitting texts graphics and documents true to the original over the telephone net work Telematics is a combination of telecommunication and computer technology and describes data communication between systems and devices Protocol from the TCP IP protocol family Telnet enables communic ation with a remote device in the network Device for interface adaptation It enables different equipment to be connected to T ISDN The terminal adapter a b is used to connect analogue terminals to the So interface of the ISDN Basic Rate Inter face Existing analogue terminals can still be operat
112. your device 4 Continue with Logging in for Configuration on page 42 Unix You can also set up a Telnet connection on UNIX and Linux without any problem 1 Entertelnet lt IP address of your device gt in a terminal A window with the login prompt appears You are now in the SNMP shell of your device 2 Continue with Logging in for Configuration on page 42 7 1 1 3 SSH In addition to the unencrypted and potentially viewable Telnet session you can also con nect to your device via an SSH connection This is encrypted so all the remote mainten ance options can be carried out securely The following preconditions must be met in order to connect to the device via SSH e The encryption keys needed for the process must be available on the device e An SSH client must be installed on your PC Encryption keys First of all make sure that the keys for encrypting the connection are available on your device 1 Log in to one of the types already available on your device e g via Telnet for login bintec R200 Serie 7 Access and configuration Funkwerk Enterprise Communications GmbH see Logging in on page 41 2 Enter update i for the input prompt You are now in the Flash Management shell 3 Call up a list of all the files saved on the device 1s al If you see a display like the one below the keys needed are already there and you can connect to the device via SSH Flash Sh gt ls al Flags Version L
113. 00 Serie 17 4 2 1 New Choose the New button to set up new filters bint RZ32bw Global Settings Filter List Black White List History Filter Parameters Category Anonymous Proxies v Day i ii E v i Schedule Start Stop Time From 00 00 to 00 00 Action Allow O allow and Log Block and Log C _OK _ M Cancel J Web Filter CAPI Server Scheduling E Surveillance _ ISDN Theft Protection 5 Funkwerk Discovery UPnP _ Fig 116 Local Services gt Web Filters gt Filter List gt New The Local Services gt Web Filter gt Filter List gt New menu consists of the following fields Fields in the Filter List Filter Parameters menu Field Description Category Select which category of addresses URLs the filter is to be used on The options are first the standard categories of the Proventia Web Filter default value Pornography Nudity Actions can also be defined for the following special cases e g e Default behaviour This category applies to all Internet addresses e Other Category Some addresses are already known to the Proventia Web Filter but not yet classified The action as sociated with this category is used for such addresses bintec R200 Serie 17 Local services Funkwerk Enterprise Communications GmbH Field Description e Unknown URL lf an address is not known to the Proventia Web Filter the action associated
114. 02 11 defines the WEP security standard Wired Equivalent Privacy encryption of data with 40 bits Security Mode WEP 40 or 104 bits Security Mode WEP 104 However this widely used WEP has proven susceptible to failure However a higher degree of se curity can only be achieved through hardware based encryption which required additional configuration for example 3DES or AES This permits even sensitive data from being transferred via a radio path without fear of it being stolen IEEE 802 11 Standard IEEE 802 11i for wireless systems contains basic security specifications for wire less networks in particular with regard to encryption It replaces the insecure WEP Wired Equivalent Privacy with WPA Wi Fi Protected Access It also includes the use of the ad vanced encryption standard AES to encrypt data WPA WPA Wi Fi Protected Access offers additional protection by means of dynamic keys based on the Temporal Key Integrity Protocol TKIP and offers PSK preshared keys or Extensible Authentication Protocol EAP via 802 1x e g RADIUS for user authentication Authentication using EAP is usually used in large wireless LAN installations as an authen tication instance in the form of a server e g a RADIUS server is used in these cases PSK preshared keys are usually used in smaller networks such as those seen in SoHo Small office Home office Therefore all the wireless LAN subscribers must know the PSK be cause it
115. 1 Secure Hash Algorithm 1 is a hash al gorithm developed by the NSA United States National Secur ity Association It is rated as secure but is slower than MD5 It is used with a 96 bit digest length for IPSec Note that RipeMD 160 and Tiger 192 are not available for mes sage hashing in phase 2 Use PFS Group As PFS Perfect Forward Secrecy requires another Diffie Hellman key calculation to create new encryption material you must select the exponentiation features If you enable PFS Enabled the options are the same as for the configuration in Phase 1 Group PFS is used to protect the keys of a renewed phase 2 SA even if the keys of the phase 1 SA have become known The field has the following options Funkwerk Enterprise Communications GmbH 14 VPN Field Description e 1 768 bit During the Diffie Hellman key calculation modular exponentiation at 768 bits is used to create the en cryption material e 2 1024 Bit default value During the Diffie Hellman key calculation modular exponentiation at 1024 bits is used to create the encryption material e 5 1536 bit During the Diffie Hellman key calculation modular exponentiation at 1536 bits is used to create the en cryption material Lifetime Define how the lifetime is defined that will expire before phase 2 SAs need to be renewed The new SAs are negotiated shortly before expiry of the current SAs As for RFC 2407 the default value is eight hours which
116. 1 2 G 992 1 G 992 1 Annex A G 992 1 Annex B G SHDSL Describes the last part of a name on the Internet For www t com de the first level domain is de and in this case stands for Germany The flash key on a telephone is the R button R stands for Ruckfrage inquiry The key interrupts the line briefly to start certain functions such as inquiries via the PBX Performance feature of a PBX for diverting calls on the destination telephone Process by which an IP datagram is divided into small parts in order to meet the requirements of a physical network The reverse pro cess is known as reassembly Unit of information sent via a data connection A packet switching method that contains smaller packets and fewer error checks than traditional packet switching methods such as X 25 Because of its properties frame relay is used for fast WAN connections with a high density of traffic Telephone number Previous service 0130 These telephone num bers have been switched to freecall 0800 since January 1 1998 File Transfer Protocol Operating mode in which both communication partners can commu nicate bidirectionally at the same time Keys on the telephone that can be assigned telephone numbers or network functions Data transmission recommendation for HDSL Data transmission recommendation for SHDSL Data transmission recommendation for ADSL See also G 992 1 An nex A and G 992 1 Annex B Data transmission recommendation
117. 120 Block after Connection Failure for 167 171 176 181 237 244 Blocked 161 Blocktime 91 215 BOSS 338 BOSS Version 62 Burst Mode 119 Bytes 358 Cc CA Certificate 253 CA Certificates 215 Cache Hitrate 291 Cache Hits 291 Cache Size 284 Callback 246 Callback Mode 181 CAPI Server TCP Port 310 Category 305 Certificate is CA Certificate 251 Certificate Request Description 253 Certificate Revocation List CRL Checking 251 Channel 117 362 Funkwerk Enterprise Communications GmbH Channel Bundling 183 Charge 362 363 Client MAC Address 369 Client Type 191 Code 274 Common Name 255 Compression 79 Configuration interface 76 Configured Speed Mode 95 96 Confirm system administrator password 67 Connection Idle Timeout 164 169 174 179 234 241 Connection Type 179 234 Consider 150 Contact 64 Continuity Check CC End to End 197 Continuity Check CC Segment 197 Control Mode 199 Controlled interfaces 318 Corresponding NAT entry for outgoing connection 138 Country 255 CPU Usage 62 Create NAT Policy 166 170 175 180 235 242 CTS frames received in response to an RTS 366 Current File Name in Flash 338 Current Speed Mode 95 96 Current System Time 69 D D Channel Mode 207 Data Packets Sequence Numbers 232 Data Rate Mbps 367 369 Data Traffic Priority 265 Date 356 Day 305 Default Ethernet for PPPoE Interfaces 189 Default Route Distribution 147 I
118. 1x ISDN net 1x ETH 1x Status 1x ADSL 1x ISDN net 1x ETH 1x WLAN 1x Status 1x ADSL 1x ISDN Power consumption of the device 4 7 Watt 4 7 Watt 4 7 Watt Voltage supply 12 V DC 800 mA EU 12 V DC 800 mA EU 12 V DC 800 mA EU PSU PSU PSU Environmental require ments Storage temperature 20 to 70 20 to 70 20 to 70 Operating temperature 0 to 40 0 to 40 0 to 40 Relative atmospheric humidity 10 to 90 non condensing in operation 5 to 95 non condensing when stored 10 to 90 non condensing in operation 5 to 95 non condensing when stored 10 to 90 non condensing in operation 5 to 95 non condensing when stored Room classification Only use in dry rooms Only use in dry rooms Only use in dry rooms Available interfaces ADSL interface Internal ADSL modem for Annex A Internal ADSL modem for Annex B Internal ADSL modem for Annex B Serial interface V 24 Permanently installed supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Permanently installed supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud Permanently installed supports Baud rates 1200 2400 4800 9600 19200 38400 57600 115200 Baud 6 Technical data Funkwerk Enterprise Communications GmbH Product name bintec R232a bintec R232b
119. 271 Address list io coo ik ee Ok a Oe aa ee 272 GTOUPS eno ae A ce ee a A de pe 273 Services e lt a E A a e E Be es 274 Service list i sf ed oh ow RR E A a G 274 GUPS s BSS ee he ee E pod ee he ett ig 276 ATLET carne mo eet rier eer any eaten aU eee PO an re ee 278 SIP sei os Ot a AR ie oats a col ats tt ras Bett wu o 278 Options e ni a GUS Sah ee Ape A eed 278 RSR ays AS A AAA AA a A 279 RTSP Proxy 4 or o a A A 280 Local Services a nii matia oP eG 281 DNS e dt A Ye ee tn a O 281 Global Settings s s s s moros o o 283 Static Hosts e a i eaa de BAR at lr hy a o dd 286 Domain Forwarding 2 a 2 o e o 287 Cache To cata it a a e di 289 bintec R200 Serie 17 1 5 Statistics o 4 iia Gack a ek a ee a a 291 17 2 DynDNS Client 2 2 ee 292 17 2 1 DynDNS Update 2 2 2 ee 292 17 2 2 DynDNS Provider 2 2 ee 294 173 DHCP Server i ait a Ge ae Pe ee o a 296 173 1 DHCP Pooli cae ale ao ehh Path eat eet ada a BA faa 296 173 2 IP MAC Binding e sasono a ee ne a ee 299 173 3 DHCP Relay Setting 2 2 o 301 174 Web Flo eti e ta a a A A te 302 17 4 1 Global Settings 2 2 o o 302 174 2 Filter List 425 rice tro e ah gat A Bah oh da gd 304 17 4 3 Black White lists o oa a a a ee 306 17 4 4 HISIORY AD A E Ge E Bh eee PE ww SE i A E 308 175 CAPI Server o a 308 17 5 1 User ah rol ts eae det wtp de EAA el ath A
120. 28 Send Certificate Request Payloads 228 SendCRLs 228 Send Information to 354 Send Initial Contact Message 227 Send Key Hash Payloads 228 Send Version 143 Sender s E mail Address 348 Serial number 62 Server 295 Server Failures 291 Server IP Address 85 90 Server Timeout 87 Service 102 138 265 362 363 Service attribute 102 Severity 349 Short Retry Limit 120 Show Passwords and Keys in Clear Text 67 Signal dBm 367 369 Silent Deny 136 SIP Port 278 SIP Proxy 278 SMTP Authentication 348 SMTP Server 348 SNMP 77 SNMP Lists UDP Port 82 SNMP Read Community 67 SNMP Trap Broadcasting 352 SNMP Trap Community 352 SNMP Trap UDP Port 352 SNMP Version 82 SNMP Write Community 67 Funkwerk Enterprise Communications GmbH SNRdB 369 Source 265 312 338 Source Filename 338 Source Interface 132 154 Source IP Address 132 318 321 322 Source Port 132 Source Port Range 274 Specify Bandwidth 268 SSH 77 SSH Service Active 79 Stack 362 Standard Route 166 170 175 180 202 235 242 249 Start mode 203 Start Time 313 363 State 316 319 321 357 360 362 364 State Province 255 Stop Time 313 Subnet 272 Subsystem 350 356 Successfully Answered Queries 291 Summary 255 Sustained Cell Rate SCR 192 Switch Port 95 Sync SAs with ISP Interface Status 227 System Admin Password 67 System Date 62 System Logic 338 System Name 64 T TACACS Secret 90 TCP Ina
121. 47483647 The default value is 0 The standard value as per RFC is used 0 seconds and 0 Kbytes are entered Authentication Method Select the authentication method Possible values e Preshared Keys default value If you do not use certific ates for the authentication you can select Preshared Keys 14 VPN Funkwerk Enterprise Communications GmbH Field Description These are configured during peer configuration in the IPSec Peers menu The preshared key is the shared password e DSA Signature Phase 1 key calculations are authenticated using the DSA algorithm e RSA Signature Phase 1 key calculations are authenticated using the RSA algorithm e RSA Encryption In RSA encryption the ID payload is also encrypted for additional security Local Certificate Only if Authentication Method DSA Signature RSA Sig nature 0r RSA Encryption This field enables you to select one of your own certificates for authentication It shows the index number of this certificate and the name under which it is saved This field is only shown for authentication settings based on certificates and indicates that a certificate is essential Mode Select the phase 1 mode Possible values e Aggressive default value The Aggressive Mode is neces sary if one of the peers does not have a static IP address and preshared keys are used for authentication it requires only three messages for configuring a secure channel e Main Mode ID Protect T
122. 55 255 255 255 In the Routing gt RIP gt RIP Filters menu a list of all RIP filters is shown bintee R232bw FETTE z r n RIP Interfaces R New gt OK J C Cancel Di Fig 57 Routing gt RIP gt RIP Filters You can use the button to insert another filter above the list entry The configuration menu for creating a new window opens You can use the button to move the list entry A dialog box opens in which you can se lect the position to which the filter is to be moved 12 3 2 1 New Choose the New button to set up more RIP filters bintec R200 Serie 4 PT eee Y CES Language English Online Help Express Setup Wizard bintec R232bw Save configuration ___ RIP Interfaces RIP Filter RIP Options AN basic Parameters WirelessLAN OO ov Interface None Ms Z IP Address Netmask el MAT Direction O import O Export l 2 5 Metric Offset for Active Interfaces 0 amp I rc o 2 w e i 3 e i Metric Offset for Inactive Interfaces O C oK C Cancel _ Fig 58 Routing gt RIP gt RIP Filters gt New The Routing gt RIP gt RIP Filter gt New menu consists of the following fields Fields in the RIP Filter Basic Parameters menu Field Description Interface Select the interface to which the rule to be configured applies IP Address Netmask Enter the IP address and netmask to
123. 7022h36ms7s FIE Page 1 tems 1 3 Fig 154 Monitoring gt Interfaces gt Statistics You change the state of the interface by pressing the e button or button in the Action column Press the Fe button to display the statistical data for the individual interfaces in de tail Values in the list Statistics Field Description Shows the serial number of the interface Description Displays the name of the interface Type Displays the interface text Tx Packets Shows the total number of packets sent Tx Bytes Displays the total number of octets sent Tx Errors Shows the total number of errors sent Rx Packets Shows the total number of packets received Rx Bytes Displays the total number of bytes received Rx Errors Shows the total number of errors received bintec R200 Serie Field Description State Shows the operating status of the selected interface Unchanged for Shows the length of time for which the operating state of the in terface has not changed Action Enables you to change the status of the interface as displayed 20 5 WLAN 20 5 1 WLAN1 In the Monitoring gt WLAN gt WLAN1 menu the current values and activities of the first interface are shown TESTTE kesi ES bintec R232bw li Language English Online Help Express Setup Wizard p ja zm WLAN1 vss a Automatic Refresh Interval feo Seconds Apply E WLANI Statistics Routing tps Tx Pa
124. AH OSPF L2TP ANY The default value is ANY Source Port Only if Layer 4 Protocol TCP or UDP Enter the source port First select the port number range Possible values e Any default value The route is valid for all port numbers e Single Enables the entry of a port number e Range Enables the entry of a range of port numbers e Privileged Entry of privileged port numbers 0 1023 e Server Entry of server port numbers 5000 32767 e Clients 1 Entry of client port numbers 1024 4999 e Clients 2 Entry of client port numbers 32768 65535 e Not privileged Entry of unprivileged port numbers 1024 65535 Enter the appropriate values for the individual port or start port of a range in Port and for a range the end port in to Port Funkwerk Enterprise Communications GmbH 12 Routing Field Description Destination Port Only if Layer 4 Protocol TCP or UDP Enter the destination port First select the port number range Possible values e Any default value The route is valid for all port numbers e Single Enables the entry of a port number e Range Enables the entry of a range of port numbers e Privileged Entry of privileged port numbers 0 1023 e Server Entry of server port numbers 5000 32767 e Clients 1 Entry of client port numbers 1024 4999 e Clients 2 Entry of client port numbers 32768 65535 e Not privileged Entry of unprivileged port numbers 1024
125. Add Use the Add button to add further URLs or IP addresses to the list bintes R232bw Global Settings Filter List Black White List History URL IP Address Blacklisted Whitelisted a o m Add 2 E OK Cancel __ Fig 117 Local Services gt Web Filter gt Black White List gt Add The Local Services gt Web Filter gt Black White List gt Add menu consists of the fol lowing fields Fields in the Black White List menu Field Description URL IP Address You enter a URL or IP address The length of the entry is limited to 60 characters Blacklisted You can select whether a URL or IP address can always in the White List ornever in the Black List be Whitelisted downloaded By default in the White List is enabled Addresses listed in the White List are allowed automatically It is not necessary to configure a suitable filter bintec R200 Serie 17 4 4 History In the Local Services gt Web Filter gt History menu you can view the recorded history of the web filter The history logs all requests that are marked for logging by a relevant filter Action Log likewise all rejected requests bintec R232bw Language English Online Help Express Setup Wizard DynDNS Client ISDH Theft Protection Funkwerk Discovery Fig 118 Local Services gt Web Filters gt History 17 5 CAPI Server You can use the CA
126. Address Translation NAT is to be ac tivated The function is activated with Enabled The function is enabled by default Local IP Address Only if IP Address Mode Static Enter the static IP address of the connection partner Funkwerk Enterprise Communications GmbH 13 WAN Field Description Route Entries Only if IP Address Mode Static Define other routing entries for this connection partner Add a new entry with Add e Remote IP Address IP address of the destination host or network e Netmask Netmask of Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced Settingsmenu consists of the following fields Fields in the menu Advanced Settings Field Description Block after Connection Enter the wait time in seconds before the device should try Failure for again after an attempt to set up a connection has failed The de fault value is 60 Maximum Number of Di Enter the number of unsuccessful attempts to setup a connec alup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Authentication Select the authentication protocol for this connection partner Select the authentication specified by your provider Possible values e PAP default value Only run PAP PPP Password Authentica tion Protocol the passw
127. As DHCP Sewer None Own IP Address O Global DNS Setting IP address to use for DNSMWINS server assignment 1 AS IPCP Server None Own IP Address Global DNS Setting 4 OK C Cancel _ Fig 105 Local Services gt DNS gt Global Settings The Local Services gt UPnP gt Global Settings menu consists of the following fields Fields in the Global Settings Basic Parameters menu Field Description Domain Name Enter the standard domain name of your device DNS Server Configura Select whether the addresses of the global name server on your tion device can be overwritten by transferred name server ad dresses Possible values e Dynamic default value The name server addresses can be automatically overwritten e Static The name server addresses are not overwritten bintec R200 Serie 17 Local services Funkwerk Enterprise Communications GmbH Field Description DNS Server Only for DNS Server Configuration Static Primary Enter the IP address of the first and if necessary second global DNS server Secondary WINS Server Enter the IP address of the first and if necessary alternative i global Windows Internet Name Server WINS or NetBIOS Primary Name Server NBNS Secondary The Advanced Settingsmenu consists of the following fields Fields in the menu Advanced Settings Field Description Positive Cache Select whether the positive dynamic cache is to be activated e success
128. Base T interface RJ45 socket is as follows RJ45 socket for LAN connection TD TD RD Not used Not used RD Not used 0 N Oa A ON Not used The Ethernet 10 100 BASE T interface does not have an Auto MDI X function 6 5 3 ADSL interface The ADSL interface is connected via an RJ11 plug The cable supplied connects the RJ11 plug needed for the device to an RJ11 plug needed for most ADSL splitters Only the two inner pins are used for the ADSL connection 1234 Fig 14 ADSL interface RJ11 The pin assignment for the ADSL interface RJ11 socket is as follows RJ11 socket for ADSL connection bintec R200 Serie Not used a b Not used A U N 6 5 4 ISDN SO port bintec R232a bintec R232b and bintec R232bw have an additional ISDN SO interface which can be used for backup functions for example The connection is made via an RJ45 socket Fig 15 ISDN SO BRI interface RJ45 socket The pin assignment for the ISDN SO BRI interface RJ45 socket is as follows RJ45 socket for ISDN connection 1 Not used 2 3 4 5 6 7 8 Not used Transmit Receive Receive Transmit Not used Not used bintec R200 Serie Chapter 7 Access and configuration This chapter describes all the access and configuration options 71 Access Options The various access options are presented below Select the procedure to suit your needs There are various ways you c
129. CP echo requests or replies This is re Funkwerk Enterprise Communications GmbH 14 VPN Field Description commended for leased lines PPTP and L2TP connections The function is activated with Enabled The function is enabled by default Fields in the Advanced Settings IP Options menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF protocol packets are to be sent Possible values e Passive default value OSPF is not activated for this inter face i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this inter face are however included when calculating the routing in formation and propagated over active interfaces e Active OSPF is activated for this interface i e routes are propagated or OSPF protocol packets sent over this interface e Down OSPF is disabled for this interface Proxy ARP Mode Select whether your device is to answer APR requests from your LAN on behalf of the specific PPTP partner Possible values e Inactive default value Disables Proxy ARP Address Resolution Protocol for this PPTP partner e Up or Dormant Your device answers an APR request only if the status of the connection to the PPTP partner is Active or Idle In the case of Dormant your device only responds to the ARP request the connection is not set up until someone actually wants to use the route e Active Only Your
130. DN Login service To avoid this you should make the necessary entries here As soon as an entry exists the incoming calls not assigned to any entry are forwarded to the CAPI service In the Physical Interfaces gt ISDN Ports gt MSN Configuration menu a list of all MSNs is shown 9 2 2 1 New Choose the New button to edit MSNs dal Jas PET Online Help Express Setup Wizard ISDN Configuration MSN Configuration ek AVI A Language 4 A ea English Basic Parameters ISDN Port bri4 0 Service ISDN Login MSN AAA 7 MSN Recognition ORightto Left OLeftto Right DDI Bearer Service Data Voice O Data O voice oK x Cancel Fig 39 Physical Interfaces gt ISDN Ports gt MSN Configuration gt New The Physical Interfaces gt ISDN Ports gt MSN Configuration gt New menu consists of the following fields Fields in the MSN Configuration Basic Parameters menu Field Description ISDN Port Select the ISDN port for which the MSN is to be configured Service Select the service to which a call is to be assigned on the MSN below Possible values bintec R200 Serie Funkwerk Enterprise Communications GmbH 9 Physical interfaces Field Description e ISDN Login default value Enables logging in with TSDN Login e PPP Routing Default setting for PPP routing Contains the automatic detection of the PPP connections stated below except PPP
131. DOVB e IPSec Enables a number to be defined for IPSec callback e Other PPP Other services can be selected PPP 64k enables 64 kbps PPP data connections PPP 56k enables 56 kbps PPP data connections PPP V 110 9600 14400 19200 38400 enables PPP connections with V 110 and bit rates of 9600 bps 14400 bps 19200 bps 38400 bps PPP V 120 enables incoming PPP connections with V 120 MSN Enter the number used to check the called party number For the call to be accepted it is sufficient for the individual numbers in the entry to agree taking account of MSN Recognition MSN Recognition Select the mode your device is to use for the number comparis on of MSN with the called party number of the incoming call Possible values e Right to Left default value e Left to Right DDI Always select if your device is con nected to a point to point connection Service attribute Select the type of incoming call service detection Possible values e Data Voice default value Both data and voice calls e Data Data call e Voice Voice call modem voice analogue fax 9 3 ADSL Modem 9 3 1 ADSL Configuration In this menu you make the basic settings for your ADSL connection ER les plas od Language English di 5S Online Help Express Setup Wizard ADSL Configuration bintec R232bw p Automatic Refresh Interval 50 Seconds Apply ADSL Port Status ADSL Chipse
132. Delete configuration or De lete file Select the file or configuration to be renamed or deleted New Filename Only for Action Rename Enter the new name of the configur ation file 18 3 Reboot 18 3 1 System Reboot In this menu you can trigger an immediate reboot of your device Once your system has restarted you must call the Funkwerk Configuration Interface again and log in Pay attention to the LEDs on your device For information on the meaning of the LEDs see the Technical Data chapter of the manual S Note Before a reboot make sure you confirm your configuration changes by clicking the Save Configuration button so that these are not lost when you reboot bintes R220 PETER onfigurati Syst Do you really want ta reboot the system now Software 3 Configuration E Robot Fig 139 Maintenance gt Reboot gt System Reboot If you wish to reboot your device click on OK in response to the question Are you sure you want to reboot the system now bintec R200 Serie 19 External Reporting Funkwerk Enterprise Communications GmbH Chapter 19 External Reporting 19 1 Syslog Events in various subsystems of your device e g PPP are logged in the form of syslog messages system logging messages The number of messages visible depends on the level set eight levels from Emergency and Information to Debug In addition to the data logged internally on your device all informat
133. Description Mode Bridge Group 1 jent 0 Routing Mode 2 len5 0 Routing Mode Y 3 ethoas0 0 Routing Mode v Configuration Interface Selectone Y L OK z a Cancel pi Fig 29 System Administration gt Interface Mode Bridge Groups gt Interfaces The System Management gt Interface Mode Bridge Groups gt Interfaces menu con sists of the following fields Fields in the Interfaces menu Field Description Shows the serial number of the interface Interface Description Displays the name of the interface Mode Bridge Group Select whether you want to run the interface in Routing Mode or whether you want to assign the interface to an existing bro br1 etc or new bridge group New Bridge Group If you select New Bridge Group a new bridge group is created automatically when you click OK Configuration interface Select the interface via which the configuration is to be carried out bintec R200 Serie Field Description Possible values e Select one default value Ex works setting The right con figuration interface must be selected from the other options e Ignore No interface is defined as configuration interface e lt Interface name gt Select the interface to be used for con figuration If this interface is in a bridge group it is assigned the group s IP address when it is taken out of the group 8 4 Administrative Access In this menu you can configure the administrative
134. Description Remote IP Remote Networks Security Algorithm Status Action Mi 1 Peer 1 Dormant ele P MON rege 1 teme 1 1 2 ae Sree 3 E ISDNModem Interfaces WLAN est Fig 149 Monitoring gt IPSec gt IPSec Tunnel Values in the list IPSec Tunnels Field Description Displays the serial number of the IPSec connection Description Displays the name of the IPSec connection bintec R200 Serie Field Description Remote IP Address Displays the IP address of the remote IPSec peer Remote Networks Displays the currently negotiated subnets of the remote termin al Security Algorithm Displays the encryption algorithm of the IPSec connection State Displays the operating state of the IPSec connection Action Enables you to change the status of the IPSec tunnel by press ing the t button or the button Details Opens a detailed statistics window You change the status of the IPSec tunnel by pressing the a button or button in the Action column By pressing the A button you display detailed statistics on the IPSec connection bintec R232bw Language English E Save configuration IPSec Tunnels IPSec Statistics s m gt Phsicalinterfaces 7 E IA Automatic Refresh interval 50 seconds __ Apply WirelessLAN o7 conn E OO cc Description Peer 1 i wat Local IP Address 0 0 0 0 Me Remote IP Address 0 0 0 0 Firewall T TCI AAPP Remote ID Local Seca id Negotiation T
135. EI for CAPI ap plications For CAPT the TEI value set in the CAPI application is used For CAPI Default the value of the CAPI application is ignored and the default value set here is always used Set Packet Switch if you wish to use X 31 TEI for the X 25 device bintec R200 Serie Funkwerk Enterprise Communications GmbH 9 Physical interfaces 9 2 2 MSN Configuration In this menu you can assign the available ISDN numbers to the required services e g PPP routing ISDN login If you use the ISDN interface for outgoing and incoming dialup connections your own num bers for this interface can be entered in this menu these settings are not possible for leased lines Your device distributes the incoming calls to the internal services according to the settings in this menu Your own number is included as the calling party number for outgoing calls The device supports the following services PPP routing The PPP routing service is your device s general routing service This enables ISDN remote terminals to establish data connections with your LAN among oth er things This enables partners outside your own local network to access hosts within your LAN It is also possible to establish outgoing data connections to ISDN remote ter minals e ISDN Login The ISDN login service enables both incoming data connections with access to the SNMP shell of your device and outgoing data connections to other bintec devices As a resul
136. Field Description Other DynDNS providers can be configured in the Local Ser vices gt DynDNS Client gt DynDNS Providers menu The default value is DynDNS Enable Update Select whether the DynDNS entry configured here is to be activ ated The function is enabled by choosing Enabled The function is disabled by default The Advanced Settings menu consists of the following fields Fields in the menu Advanced Settings Field Description Mail Exchanger MX Enter the full host name of a mail server to which e mails are to be forwarded if the host currently configured is not to receive mail Ask your provider about this forwarding service and make sure e mails can be received from the host entered as MX Wildcard Select whether the forwarding of all subdomains of the Host Name are to be enabled for the current IP address of the Inter face advanced name resolution The function is enabled by choosing Enabled The function is disabled by default 17 2 2 DynDNS Provider In the Local Services gt DynDNS Client gt DynDNS Providers menu a list of all con figured DynDNS providers is shown 17 2 2 1 New Choose the New button to set up new DynDNS providers bintec R200 Serie pineal iss Bia prod et Language English Online Help Express Setup Wizard DynDNS Update DynDNS Provider bintec R232bw Basic Parameters Provider Name WMA Server a Update Path ir ry
137. ISDN connec tions with the connection partner and if so what type Your device supports dynamic and static channel bundling for dialup connections Only one B channel is initially opened when a connection is set up Dynamic channel bundling means that your device connects other ISDN B channels to increase the throughput for connections if this is required e g for large data rates If the amount of data traffic drops the additional B channels are closed again In static channel bundling you spe cify right from the start how many B channels your device is to use regardless of the transferred data rate Possible values e None default value No channel bundling only one B 13 WAN Funkwerk Enterprise Communications GmbH Field Description channel is ever available for connections e Static Static channel bundling e Dynamic Dynamic channel bundling Fields in the Advanced Settings Dial Numbers menu Field Description Entries Enter the connection partner s numbers e Mode Select whether Subscriber Number is to be used for incoming or outgoing calls or for both Possible values e Both default value For incoming and outgoing calls e Incoming For incoming calls where your connection partner dials in to your device e Outgoing For outgoing calls where you dial your connec tion partner The calling party number of the incoming call is compared with the number entered under Subscriber Number e Su
138. Interval of the group members is used within a group Trials Enter the number of pings that must remain unanswered for the host to be regarded as unavailable Possible values are 1 to 65536 The default value is 3 Controlled interfaces Select the interface s for which the action defined in Interface Action is to be performed Field Description All the physical and virtual interfaces and the options 411 PPP Interfaces and A11 IPSec Interfaces Can be selected Each interface select whether each interface is to be activated Enable or deactivated Disable default value 17 7 2 Interfaces In the Local Services gt Monitoring gt Interfaces menu a list of all monitored Interfaces is shown Mia Gs aay k ti pa a bintes RZ32bw Hosts Interfaces Ping Generator Monitored Interface Status Trigger Interface Action Interface en1 0 o Interface goes up Enable All PPP Interfaces E el New CAPI Server Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery Fig 125 Local Services gt Surveillance gt Interfaces Values in the list Interfaces Field Description Monitored Interface Shows the interface to be monitored State Shows the operating status of the selected interface Trigger Displays the chosen state transition Interface Action Shows the interface action Interface Shows the interface to which the chosen interface action should be applied
139. Mode Access Point you can set up and edit the desired wireless networks in the Wireless LAN gt WLANx gt Wireless Networks VSS gt o gt New menu Setting network names In contrast to a LAN set up over Ethernet a wireless LAN does not have any cables for set ting up a permanent connection between the server and clients Access violations or faults may therefore occur with directly adjacent radio networks To prevent this every radio net 11 Wireless LAN Funkwerk Enterprise Communications GmbH work has a parameter that uniquely identifies the network and is comparable with a domain name Only clients with a network configuration that matches that of your device can com municate in this WLAN The corresponding parameter is called the network name In the network environment it is sometimes also referred to as the SSID Protection of wireless networks As data can be transmitted over the air in the WLAN this data can in theory be intercepted and read by any attacker with the appropriate resources Particular attention must therefore be paid to protecting the wireless connection There are three security modes WEP WPA PSK and WPA Enterprise WPA Enterprise of fers the highest level of security but this security mode is only really suitable for compan ies because it requires a central authentication server Private users should choose WEP or preferably WPA PSK with higher security as their security mode WEP 8
140. Monitored interfaces Select the type of information to be sent in the UDP packets to the Windows application bintec R200 Serie Field Description Possible values None default value Deactivates the sending of information to the Activity Monitor e Physical Only information about the physical interfaces is sent e Physical WAN VPN Information about physical and virtual interfaces is sent Send Information to Select where your device sends the UDP packets Possible values e All IP Addresses broadcast default value The de fault value 255 255 255 255 means that the broadcast ad dress of the first LAN interface is used e Single Host The UDP packets are sent to the IP address entered in the adjacent input field Update Interval Enter the update interval in seconds Possible values are 0 to 60 The default value is 5 UDP Destination Port Enter the port number for the Windows application Activity Monitor The default value is 2107 registered by IANA Internet As signed Numbers Authority Password Enter the password for the Activity Monitor bintec R200 Serie Chapter 20 Monitoring This menu includes information that enable you to locate problems in your network and monitor activities e g at your device s WAN interface 20 1 Internal Log 20 1 1 System messages In the Monitoring gt Internal Log gt System Messages menu a list of all internally stored system messages is shown Ab
141. N IP Pools lriterin None equal Y Go View 20 per page lol IP Pool Name Pool Range Po pasa a Page 4 items 1 1 ATM Cada C OK _ _ Cancel Real Time Jitter Control _ 7 F ky Fig 69 WAN gt Internet Dialup gt IP Pools gt Add The WAN gt Internet Dialup gt IP Pools gt Add menu consists of the following fields Fields in the IP Pools menu Field Description IP pool name Enter the name of the IP pool IP pool range In the first field enter the first IP address of the range In the second field enter the last IP address of the range 13 2 ATM 13 2 1 Profiles In the WAN gt ATM gt Profiles menu a list of all ATM profiles is shown If the connection for your Internet access is set up using the internal modem the ATM con nection parameters must be set for this By default an ATM profile with the description AUTO CREATED is preconfigured Its values VPI 1 and VCI 32 are suitable for a Telekom ATM connection for example bintec R200 Serie En Note The ATM encapsulations are described in RFCs 1483 and 2684 You will find the RFCs on the relevant pages of the IETF www ietf org rfc html 13 2 1 1 New Choose the New button to set up new ATM profiles bintes R232bw _ Profiles Service Categories OAM Controlling _ ATM Profiles Parameter Pr
142. N1 gt Advanced Values in the list Advanced Online Help Express Setup Wizard Logout fu nkwerk EY Value 413620 D 413620 D 490913 Field Description Displays the serial number of the list entry Description Displays the description of the displayed value Value Displays the statistical value Meaning of the list entries Description Meaning Unicast MSDUs trans Displays the number of MSDUs successfully sent to unicast ad mitted successfully for each of these packets dresses since the last reset An acknowledgement was received Multicast MSDUs trans Displays the number of MSDUs successfully sent to multicast mitted successfully Transmitted MPDUs Multicast MSDUs re ceived successfully Unicast MPDUs re ceived successfully sent with a multicast address sent with a unicast address addresses including the broadcast MAC address Displays the number of MPDUs received successfully Displays the number of successfully received MSDUs that were Displays the number of successfully received MSDUs that were MSDUs that could not Displays the number of MSDUS that could not be sent be transmitted bintec R200 Serie Description Meaning Frame transmissions Displays the number of sent frames which which an acknow without ACK received ledgement frame was not received Duplicate received MS Displays the number of MSDUs received in duplicate DUs CTS frames received in Displays the
143. O HTTP e NNTP O Imceraeic e Netmeeting Other services are set up in Firewall gt Services gt Service List In addition the service groups configured in Firewall gt Ser vices gt Groups can be selected Action Select the action to be applied to a filtered packet Possible values e Access default value The packets are forwarded on the basis of the entries e Deny The packets are rejected e Reject The packets are rejected An error message is is sued to the sender of the packet Apply QoS Only for Action Access Select whether you want to enable QoS for this policy with the priority selected in Data Traffic Priority The function is activated with Enabled Field Description The option is deactivated by default If QoS is not activated for this policy bear in mind that the data cannot be prioritised on the sender side either A policy for which QoS has been enabled is also set for the fire wall Make sure therefore that data traffic that has not been ex pressly authorised if blocked by the firewall Data Traffic Priority Only for Apply QoS enabled Select the priority with which the data specified by the policy is handled on the send side Possible values None default value No priority e Low Latency Low Latency Transmission LTT i e hand ling of data with the lowest possible latency e g suitable for VoIP data e High e Medium e Low 15 1 2 QoS More and more a
144. P Accounting In this menu you configure the host to which the data logged in ternally on the device is forwarded for saving and further pro cessing In this menu you decide for which interfaces accounting mes 7 Access and configuration Funkwerk Enterprise Communications GmbH sages are to be generated E mail alert Depending on the configuration in this menu e mails are sent to the administrator as soon as relevant syslog messages occur SNMP In this menu you configure whether the device is to listen for external SNMP accesses and send SNMP traps Activity Monitor In this menu you configure the surveillance of your device with the Windows Tool Activity Monitor component of BRICKware for Windows Monitoring Internal Log In this menu the system messages are displayed IPSec In this menu the IPSec connections and connection statistics that are currently active are displayed ISDN Modem In this menu the ISDN connections are displayed Interfaces In this menu connection statistics and status of all interfaces are displayed WLAN This menu shows you the WLAN connections statistics Bridges In this menu you can view the current values of the configured bridges 7 3 3 SNMP shell SNMP Simple Network Management Protocol is a protocol that defines how you can ac cess the configuration settings All configuration settings are stored in the MIB Management Information Base in the form of MIB tables and MIB varia
145. P Calls The function is activated with Enabled The function is disabled by default 16 2 RTSP In this menu you configure the use of the RealTime Streaming protocol RTSP RTSP is a network protocol for controlling multimedia traffic flows in IP based networks Payload data is not transferred using RTSP Rather it is used to control a multimedia ses sion between sender and recipient If you want to use RTSP the firewall and NAT must be configured accordingly In the VoIP gt RTSP you can enable the RTSP proxy to enable requested RTSP sessions over the defined port if required bintec R200 Serie 16 2 1 RTSP Proxy In the VoIP gt RTSP gt RTSP Proxy menu you configure the use of the RealTime Stream ing protocol RTSP bintec R232bw Language English x Online Help Express Setup Wizard RTSP Proxy Basie Settings RTSP Proxy ClEnablea RTSP Port psa 4 Ok C Cancel 5 Fig 104 VolP gt RTSP gt RTSP Proxy The VoIP gt RTSP gt RTSP Proxy menu consists of the following fields Fields in the RTSP ProxyBasic Parameters menu Field Description RTSP Proxy Select whether you want to permit RTSP sessions The function is enabled by choosing Enabled The function is disabled by default RTSP Port Select the port over which the RTSP messages are to come in and go out Possible values are 0 to 65535 The default value is 554 bintec R200 Serie
146. P v 2 PPTP PPPoE PPPoA Call back Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Software supplied BRICKware for Windows BRICKtools for Unix BRICKware for Windows BRICKtools for Unix BRICKware for Windows BRICKtools for Unix Printed documentation supplied Quick Reference Quick Reference Quick Reference Online documentation User s Guide BRICKware for Windows Software Reference User s Guide BRICKware for Windows Software Reference User s Guide BRICKware for Windows Software Reference General Product Features bintec bintec R232a bintec R232b bintec R232bw Product name bintec R232a bintec R232b bintec R232bw Dimensions and weights Equipment dimensions without cable B x H x D 189 2 mm x 27 mm x 123 1 mm 189 2 mm x 27 mm x 123 1 mm 189 2 mm x 27 mm x 123 1 mm Funkwerk Enterprise Communications GmbH 6 Technical data Product name bintec R232a bintec R232b bintec R232bw Weight approx 550 g approx 550 g approx 550 g Transport weight incl documentation cables packaging approx 1 2 kg approx 1 2 kg approx 1 2 kg Memory 32 MB SDRAM 32 MB SDRAM 32 MB SDRAM 8 MB flash ROM 8 MB flash ROM 8 MB flash ROM LEDs 13 1x Power 4x2 Ether 13 1x Power 4x2 Ether 14 1x Power 4x2 Ether net 1x ETH 1x Status 1x ADSL
147. PI Server function to assign user names and passwords to users of the CAPI applications on your device This makes sure that only authorised users can receive incoming calls and make outgoing calls via CAPI The CAPI service allows connection of incoming and outgoing data and voice calls to com munications applications on hosts in the LAN that access the Remote CAPI interface of your device This enables for example hosts connected to your device to receive and send faxes bintec R200 Serie En Note Ex works a user with the user name default and no password is always entered for the CAPI subsystem All calls to the CAPI are offered to all CAPI applications in the LAN Use the Settings menu to distribute incoming calls for the CAPI subsystem to defined users with password You should then delete the user default without password 175 1 User In the Local Services gt CAPI Server gt Users menu a list of all configured CAPI users is shown 17 5 1 1 New Choose the New button to set up new CAPI users User Name Password Jocececee Access Menablea 4 oK D a Cancel ISDN Theft Protection E Funkwerk Discovery Fig 119 Local Services gt CAPI Server gt Users gt New The Local Services gt CAPI Server gt Users gt New menu consists of the following fields Fields in the Users Basic Parameters menu bintec R200 Serie Field Description User name E
148. Saving of the configuration on the PC TFTP server e Time synchronisation of the device with the server Time serv er e Saving of messages and data for accounting sent from the device Syslog Daemon e The processes can be logged if there are problems with the data communications ISDN Tracer Tool Description e Assignment of IP addresses and loading of configurations BootP server To install the software proceed as follows 1 Close all Windows programs on your PC 2 Place your bintec Companion CD in the CD ROM drive of your PC The Start win dow will appear automatically after a short time If the Start window does not open automatically click your CD ROM drive in Windows Explorer and double click setup exe For Unix computers Open the index htm file in your standard browser 3 In Add Ons click BRICKware A screen will then appear via which you can start the installation or display the descriptions of the BRICKware components Click the but ton to start the Setup program 4 Specify the directory in which the BRICKware is to be installed 5 Select your device 6 Select the software components you wish to install The installed programs are available for use immediately after the installation of the BRICKware it is not usually necessary to reboot the PC bintec R200 Serie 4 4 Configuring the Gateway Your gateway can be configured quickly and easily with the Express Setup Wizard Express Setup Wizard
149. Segment Denabled CC Activation Passive Continuity Check CC End to End Direction Both Passive Y Continuity Check CC Segment Direction Both b oK C cancel Fig 72 WAN gt ATM gt OAM Control gt New The WAN gt ATM gt OAM Control gt New menu consists of the following fields Fields in the OAM Control OAM Flow Configuration Field Description OAM Flow Level Select the OAM flow level to be monitored Possible values e 5 virtual channel level The OAM settings are used for the virtual channel default value e 4 virtual path level The OAM settings are used for the vir tual path Virtual Channel Connec Only for OAM Flow Level 5 tion VCC Select the already configured ATM connection to be monitored displayed by the combination of VPI and VCI Virtual Path Connection Only for OAM Flow Level 4 VPC Select the already configured virtual path connection to be mon itored displayed by the VPI Fields in the OAM Control Loopback bintec R200 Serie 13 WAN Funkwerk Enterprise Communications GmbH Field Description Loopback End to End Select whether you activate the loopback test for the connection between the endpoints of the VCC or VPC The function is activated with Enabled The function is disabled by default End to End Send Inter Only if Loopback End to End is enabled val Enter the time in seconds after which a loopback cell is to be sent Possible
150. System Information 7 i Administrative Access Uptime 0 Day s 1 Hour s 0 Minute s Remote Authentication System Date Thu Jan 01 01 00 28 1970 Serial Number SX6 100505340097 BOSS Version i V 7 8 Rev7 IPSec from 2009 04 30 00 00 00 _ Ressource Information J CPU Usage 0 Memory Usage 16 9 31 9 MB 51 ISDN Usage External 0 2B Channels Active Sessions SIF RTP etc 0 Active IPSec Tunnels 0 0 Interface Specifics f physical interiece e E lent 0 192 168 0 254 255 255 255 0 o ens 0 Not configured Not configured o WLANT omo o i o brid 0 __ Not configured o ADSL lo kbps Downstream o kbps Upstream Recent System Logs Time Level Subsystem Message 4 90 00 05 Information Configuration system 1232bw started at Thu Jan 1 0 00 05 1970 00 00 05 Information INET sshd pid 44 listening on 0 0 0 0 port 22 00 00 05 Information IPSec init starting 00 00 05 Information IPSec BinTec ipsecd version 3 0 Copyright c 1996 2008 by Funkwerk Enterprise Communications GmbH L 4 E AH 00 00 05 Information IPSec init running _ 00 00 00 Debug ATM loading dspfile XEY ADSLixey gt failed reason 1 sfile not found gt q q 00 00 00 Debug ATM unable to get fw image 00 00 00 Debug ATM w Error PTIDSL pointer invalid 00 00 00 Information Configuration boot configuration loaded Fig 16 Fun
151. System Management Funkwerk Enterprise Communications GmbH Field VENTO server in Status Down An Alive Check is carried out regularly every 20 seconds by sending an ACCESS_REQUEST to the IP address of the RADI US server If the server is reachable Status is set to alive again If the RADIUS server is only reachable over a switched line dialup connection this can cause additional costs if the server is down for a long time The function is enabled by choosing Enabled The function is enabled by default Retries Enter the number of retries for cases when there is no response to a request If an answer has still not been received after these attempts the Status is set to down If the Active Check En ableayour device tries to reach the server every 20 seconds If the server answers the Status is set back to alive Possible values are whole numbers between 0 and 10 The default value is 1 To prevent Status being set to down set this value to 0 RADIUS Dialout Only for Authentication Type Authentication and IPSec Authentication Select whether your device receives requests from RADIUS server dialout routes This enables temporary interfaces to be configured automatically and your device can initiate outgoing connections that are not configured permanently The function is enabled by choosing Enabled The function is disabled by default If the function is active you can enter the following options e Reload Interva
152. The configuration options are the same as those for the Ethernet switch ports Cz Note The Ethernet ports of the four port switches are assigned to a single Ethernet interface in ex works state The Ethernet interface en1 0 is pre configured with the IP Address 192 168 0 254 and Netmask 255 255 255 0 To ensure your device can be reached when splitting ports make sure that Ethernet inter face en1 0 is assigned with the preconfigured IP address and netmask to a port that can be reached via Ethernet If in doubt carry out the configuration using a serial connec tion via the console interface VLANs for Routing Interfaces Configure VLANs to separate individual network segments from each other for example e g individual departments of a company or to reserve bandwidth for individual VLANs when managed switches are used with the QoS function bintec R200 Serie 9 1 1 Port Configuration Port Separation Your device makes it possible to run the four switch ports as one interface or to logically separate these from each other and to configure them as independent Ethernet interfaces By default the same configuration applies for all switch ports During configuration please note the following The splitting of the switch ports into several Ethernet interfaces merely logically separates these from each other The available total bandwidth of 100 mbps full duplex for all resulting interfaces remains the same For ex ample
153. The function is disabled by default Primary Time Server Enter the primary time server using either a domain name or an IP address In addition select the protocol for the time server request Possible values e SNTP default value This server uses the simple network time protocol with UDP port 123 e Time Service UDP This server uses the Time service with UDP port 37 e Time Service TCP This server uses the Time service with TCP port 37 e None This time server is not currently used for the time re quest Secondary Time Server Enter the secondary time server using either a domain name or an IP address In addition select the protocol for the time server request Possible values e SNTP default value This server uses the simple network time protocol with UDP port 123 e Time Service UDP This server uses the Time service with UDP port 37 e Time Service TCP This server uses the Time service with TCP port 37 e None This time server is not currently used for the time re quest Tertiary Time Server Enter the tertiary time server using either a domain name or an IP address In addition select the protocol for the time server request Possible values Funkwerk Enterprise Communications GmbH 8 System Management Field Description e SNTP default value This server uses the simple network time protocol with UDP port 123 e Time Service UDP This server uses the Time service with UDP
154. Time System Licences System Password System Admin Password Jecceceee Confirm Admin Password ecccccce SNMP Communities SNMP Read Community eoceceee SNMP Write Community eccccsce Global Password Options Show passwords and keys in cleartext Show C oK C Cancel _ Fig 26 System Administration gt Global Settings gt Passwords a Note All bintec devices are delivered with the same username and password As long as the password remains unchanged they are not protected against unauthorised use Make sure you change the passwords to prevent unauthorised access to the device If the password is not changed under System Administration gt Status appears the warning System password not changed The System Management gt Global Settings gt Passwords menu consists of the follow bintec R200 Serie ing fields Fields in the Passwords System Password menu Field Value System Admin Pass Enter the password for the user name admin word This password is also used with SNMPv3 for authentication MD5 and encryption DES Confirm system adminis Confirm the password by entering it again trator password Fields in the Passwords SNMP Communities menu Field Value SNMP Read Community Enter the password for the user name read SNMP Write Community Enter the password for the user name write Fields in the Passwords Global Password Options menu Field Value Show Passwords and Define whethe
155. Windows based operating systems to take control of other devices with UPnP functionality on the local network These include gateways access points and print servers No special device drivers are needed as known common protocols are used such as TCP IP HTTP and XML Your gateway makes it possible to use the subsystem of the Internet Gateway Device IGD from the UPnP function range In a network behind a NAT enabled gateway the UPnP configured computers act as LAN UPnP clients To do this the UPnP function on the PC must be enabled The pre configured port used for UPnP communication between LAN UPnP clients and the gateway is 5678 The LAN UPnP client acts as a so called service control point i e it re cognizes and controls the UPnP devices on the network The ports assigned dynamically by for example MSN Messenger lie in the range from 5004 to 65535 The ports are released internally to the gateway on demand i e when an audio video transfer is started in Messenger When the application is closed the ports are immediately closed again The peer to peer communication is initiated via public SIP servers with only the information from the two clients being forwarded The clients then communicate directly with one an other For further information about UPnP see www upnp org 17 10 1 Interfaces In this menu you configure the UPnP settings individually for each interface of your gate way You can determine whether UPnP r
156. a do te a Se A 309 17 5 2 Options 8p e ve ct Ai a RR 310 176 Scheduling sini Gate k a ke ob Elk ean a es Se 311 17 6 1 Schedule 2 5 2 30 2 eee Meee Be A ed 311 17 6 2 OPTIONS sn 24k eee Be heed A e ha 315 17 7 Surveillance e s ai Sige ee ace dP ee ee Oe a es ced da 316 17 71 HOSTS hot 3 sah dr de RE BR he GD A ds ai 316 17 72 Interfaces a a a Rae A a ae i od 319 17 7 3 Ping Generators anii o a an BB te ee te A ee Mad 321 178 ISDN Theft Protection 2 2 0 eo o o o 323 17 8 1 OPONE e Geren ae tee ae ee Sina eke on e 323 179 Funkwerk Discovery 2 2 ee o 325 17 9 1 Device discovery sand den oo a ot erg not BA a aes 325 17 9 2 OPTIONS ho Flo er heli ad oh th ote de hc a 329 17 10 IPRs 003070 Be Al aA ir a gua A ales dd oe ee OE A 330 17 10 1 Interfaces M tdri a a ahe A A atala 330 bintec R200 Serie 1710 2 Global Settings 2 o 332 Chapter 18 Maintenance o e e 334 18 1 Diagnostics rd a a o ck dy Ghee teh ee hee kok 334 18 1 1 Ping Test 2 6 se rec ah oh eal we OUD Added an oh gto des 334 18 1 2 DNS TOSE 2 sic cof te an thd GE ce rd oe A te dee G 335 18 1 3 TracerouteTest i ro fai Ba aed Sethe da 336 18 2 Software amp Configuration 2 336 18 2 1 Options Ta t i E e wheel yen BAL ed 336 18 3 Rabot uiae e a ee Po A A A 340 18 3 1 System Reboot o 341 Chapter 19 External Reporting e 342
157. a number and no special characters or umlauts must be used either The maxim um length of the entry is 25 characters Connection Type Select whether the L2TP partner is to take on the role of the bintec R200 Serie Funkwerk Enterprise Communications GmbH 14 VPN Field Description L2TP network server LNS or the functions of a L2TP access concentrator client LAC client Possible values e LNS default value If you select this option the L2TP partner is configured so that it accepts L2TP tunnels and restores the encapsulated PPP traffic flow e LAC If you select this option the L2TP partner is configured so that it encapsulates a PPP traffic flow in L2TP and sets up a L2TP tunnel to a remote LNS Tunnel Profile Only for Connection Type LAC Select a profile created in the Tunnel Profiles menu for the connection to this L2TP partner User name Enter the code of your device Password Enter the password Always Active Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Connection Idle Timeout Only if Always on is disabled Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 300 Fields in the
158. able in two versions e GRE V 1 for use in PPTP connections RFC 2637 configuration in the PPTP menu GRE V 0 RFC 2784 for general encapsulation using GRE In this menu you can configure a virtual interface for using GRE V O The data traffic routed over this interface is then encapsulated using GRE and sent to the specified recipient 14 4 1 GRE Tunnels In the VPN gt GRE gt GRE Tunnels menu a list of all configured GRE tunnels is shown 14 4 1 1 New Choose the New button to set up new GRE tunnels bintec R232bw Language English Express Setup Wizard GRE Tunnels Basic Parameters Description eee Local GRE IP Address i Remote GRE IP Address ss aaa is Default Route eras Local IP Midas E f Route Entries Fig 88 VPN gt GRE gt GRE Tunnels bintec R200 Serie Funkwerk Enterprise Communications GmbH 14 VPN The VPN gt GRE gt GRE Tunnels menu consists of the following fields Fields in the GRE Tunnels Basic Parameters menu Field Description Description Enter a description for the GRE tunnel Local GRE IP Address Enter the source IP address of the GRE packets to the GRE partner If no IP address is given this corresponds to IP address 0 0 0 0 the source IP address of the GRE packets is selected automatically from one of the addresses of the interface via which the GRE partner is reached Remote GRE IP Ad Specify the destination IP address of
159. able length up to 448 bits Bluetooth is a wireless transfer technology that can connect up dif ferent devices Bluetooth replaces cables to connect various devices e g Notebook PC PDA etc Thanks to Bluetooth these devices can exchange data with each other without a fixed connection For example PCs notebooks or a PDA can access the Internet or a loc al network The appointments on a PDA can be synchronised with the appointments on the PC without the need for a cable connec tion Because of the many different application areas for the Bluetooth technology the different types of connections between the devices are divided into profiles A profile determines the service function that the individual Bluetooth clients can use among each other Bandwidth on Demand Bootstrap protocol Bits per second A unit of measure for the transmission rate In a PBX the option of breaking in to an existing call This is sig nalled acoustically by an attention tone Basic Rate Interface Network component for connecting homogeneous networks As op posed to a gateway bridges operate at layer 2 of the OSI model are independent of higher level protocols and transmit data packets using MAC addresses Data transmission is transparent which means the information contained in the data packets is not inter Glossary Broadcast Brokering Browser Bus CA Calendar Call allocation Call costs account Call diversion Call fil
160. access to the device 8 4 1 Access In the Administrative Access gt Access menu a list of all physical interfaces is shown Language English Online Help Express Setup Wizard Access SSH SNMP tornos Interface Tenet ssh HTTP HTTPS Png SNMP ISON Login E or en1 0 m e Y E E 4 enso a Ja ja ja m jm E pm Remote Authentication bri4 0 a r ia J ia rai Add y OK W Cancel Fig 30 System Management gt Administrative Access gt Access For the Ethernet interface you can select the access parameters Telnet SSH HTTP HT TPS Ping SNMP and for the ISDN interfaces you can select ISDN Login bintec R200 Serie 8 4 1 1 Add Click the Add button to add more interfaces bintes R232bw Ergo one es seue ro aos Save configuration _ cess SSH SNMP Interface Mode Bridge Interface Select one Groups y 3 0K Cancel _ Remote Authentication Fig 31 System Management gt Administrative Access gt Access gt Add The System Management gt Administrative Access gt Access gt Add menu consists of the following fields Fields in the Access menu Field Description Interface Select the interface for which administrative access is to be con figured 8 4 2 SSH Your devices offers encrypted access to the shell You can enable
161. ace header Language English Language selection From the dropdown menu select the lan bintec R200 Serie Online Help Logout Navigation bar guage in which the Funkwerk Configuration Interface is to be displayed Here you can select the language in which you want to carry out the configuration German and English are avail able Online Help Click this button if you want help with the menu now active The description of the sub menu where you are now is displayed Express Setup Wizard Click this button if you want to activate the configuration wizard The configuration assistant is opened in a new window and takes you step by step through the basic configuration of your device and alternatively also through the configuration of an Internet access a wireless LAN connection and a VPN connection Logout If you want to end the configuration click this button to log out of your device A window is opened offering you the fol lowing options e Continue with the configuration e Save the configuration and close the window e Exit the configuration without saving Save Configuration Fig 19 Save Configuration button bintec R200 Serie Global Settings Interface Mode Bridge _ Groups Administrative Access Remote Authentication Fig 20 Menus The Save Configuration button is found in the navigation bar Click the Save Configura tion button to save all configuration changes so that
162. adcasting is enabled Enter a new SNMP code This must be sent by the SNMP Man ager with every SNMP request so that this is accepted by your device A character string of between 0 and 255 characters is possible here The default value is SNMP Trap 19 4 2 SNMP Trap Hosts In this menu you specify the IP addresses to which your device is to send the SNMP traps In the External Reporting gt SNMP gt SNMP Trap Hosts menu a list of all configured SNMP trap hosts is shown 19 4 2 1 New Choose the New button to set up new SNMP trap hosts bintec R232bw Language English Online Help Express Setup Wizard some Trap omo She TB HO Basic Parameters IP Address C oK cancel Fig 146 External Reporting gt SNMP gt SNMP Trap Hosts gt New The External Reporting gt SNMP gt SNMP Trap Hosts gt New menu consists of the fol lowing fields Fields in the SNMP Trap Hosts Basic Parameters menu Field Description IP Address Enter the IP address of the SNMP trap host 19 5 Activity Monitor This menu contains the settings needed to monitor your device with the Windows tool Activity Monitor part of BRICKware for Windows Purpose The Activity Monitor enables Windows users to monitor the activities of your device Im portant information about the status of physical interfaces e g ISDN line and virtual inter faces is easily obtained with one tool A permanent ove
163. age English Online Help Express Setup Wizard Global Settings Static Hosts Domain Forwarding Cache Statistics bintec R232bw Basic Parameters Description I Response Postive A IP Address poo j m 6400 Seconds C oK C Cancel _ unkwerk Discovery UPnP Fig 106 Local Services gt DNS gt Static Hosts gt New The Local Services gt DNS gt Static Hosts gt New menu consists of the following fields Fields in the Static Hosts Basic Parameters menu Field Description Description Enter the host name to which the IP Address defined in this menu is to be assigned if a positive response is received to a bintec R200 Serie Field Description DNS request If a negative response is received to a DNS re quest no address is specified The entry can also start with the wildcard e g funkwerk de If a name is entered without a dot this is completed with lt Name gt after confirming with OK is added Response In this entry select the type of response to DNS requests Possible values e Negative A DNS request for Name is answered with a negative response e Positive default value A DNS request for Name is answered with the associated IP address e None A DNS request is ignored no answer is given IP Address Only if Response Positive Enter the IP address assigned to Name TTL Enter the the time for which the assignment of Name to IP Ad dress
164. ains a list of all configured firewall policies for which QoS was enabled Apply QoS Enabled The follow ing options are available for each list entry e Use Select whether this entry should be assigned to the QoS interface The option is deactivated by default e Bandwidth Enter the maximum available bandwidth in Bps bintec R200 Serie Field Description for the service specified under Services 0 is entered by de fault e Fixed Select whether the bandwidth defined in Bandwidth can be exceeded in the longer term By activating this field you specify that it cannot be exceeded If the option is deac tivated the bandwidth can be exceeded and the excess data rate is handled in accordance with the priority defined in the firewall policy The option is deactivated by default 15 1 3 Options Tt ee TT PO TT A cid OO bintec R232bw Language English v Online Help Express Setup Wizard Logout a i Sees me Save configuration __ Filter Rules QoS Options Syston Management tS LAN lob al Firewall Options WirelessLAN oy Firewall Status Menabiea AAA Loaded actions A E e ean a Session Timer i UDP Inactivity 180 Seconds Policies TCP Inactivity 3600 Seconds Interfaces Addresses PPTP Inactivity 86400 Seconds Services Par Other Inactivity 30 Seconds po E A Local SOCOS cc Y oK C Ccancel_ Fig 97 Firewall gt Policies gt Options Th
165. akes a lot of telephone calls and wants to keep hands free for making notes Hashed Message Authentication Code Hashed Message Authentication Code uses Message Digest Al gorithm Version 5 Hashed Message Authentication Code uses Secure Hash Al gorithm Version 1 A telephone call is put on hold without breaking the connection inquiry brokering Both B channels of the ISDN connection are needed for the per formance features Call another person during a call and Speak al ternately with two people brokering As a result you cannot be reached from outside or make external calls via your PBX s second Glossary Hook flash Host name HTTP Hub IAE ICMP ICV Identify malicious callers intercept IEEE IETF Index Infrastructure mode Funkwerk Enterprise Communications GmbH B channel With this setting an external caller put on hold hears the PBX s on hold music The use of the inquiry brokerage and three party conference spe cial features in T Net and certain performance features of some PBXs is only possible with the hook flash function long flash of the signal key on the telephone On modern telephones this key is in dicated with an R A name used in IP networks instead of the corresponding address A host name consists of an ASCII string that uniquely identifies the host computer HyperText Transfer Protocol Network component used to connect several network components together to
166. all the BRICKware software which provides more tools for working with your device This installation is optional and not essential for the configuration or operation of the device 4 3 1 Gathering data You can gather the main data for basic configuration with the Express Setup Wizard quickly as you do not require any information that needs in depth network knowledge If necessary you can use the example values Before you start the configuration you should gather the data for the following purposes e Basic configuration obligatory if your device is in the ex works state e Internet access optional e Wireless LAN optional only for bintec R230aw and bintec R232bw e Company network connection optional The following tables show examples of possible values for the necessary data You can enter your personal data in the Your values column so that you can refer to these values later when needed If you configure a new network you can use the given example values for IP addresses and netmasks In cases of doubt ask your system administrator Basic configuration For a basic configuration of your gateway you need information that relates to your net work environment Basic information Access data Example value Your values IP address of your gateway 192 168 0 254 Netmask of your gateway 255 255 255 40 Internet access If you want to set up Internet access you need an Internet Service Provider ISP You also rece
167. allowed DNS Server Configuration Dynamic a connection is set up in some cases at extra cost that is configured to enable DNS server addresses to be requested from DNS servers DNS Negotiation Enabled if this has not been attempted previously If name server negotiation is successful these are entered as global name servers and are therefore available for further requests Otherwise the initial request is answered with a server error If one of the DNS servers answers with non existent domain the initial request is im mediately answered accordingly and a corresponding negative entry is made in the DNS cache of your device 17 1 1 Global Settings Online Help Express Setup Wizard Global Settings Static Hosts Domain Forwarding Cache Statistics bintee R232bw E English Basic Parameters Domain Name DNS Server Configuration Dynamic Ostatic Primary 0 0 0 0 WINS Server L Secondary fooo0 Ml Advanced Settings 3 Positive Cache Menabled DHCP Server Web Filter Negative Cache Menablea Se Cache Size fi 00 Entries Scheduling Fritas o oe at adas Surveillance Maximum TTL for Positive Cache Entries e6400 Seconds ISDN Theft Protection PQ q ae Funkwerk Discovery Maximum TTL for Negative Cache Entries e6400 Seconds f Mala Fallback interface to get DNS server Automatic Y e i
168. ally used to monitor computer systems Telephone that belongs to a modern PBX which depending on the PBX has a number of special features and keys e g the T Concept PX722 Product name used by Deutsche Telekom AG for its DSL services and products Product name for T Com fax machines Telephony faxing data transfer and online services from one net work and a single connection T ISDN offers exciting services with numerous benefits for example a point to multipoint connection the ideal solution for families or small businesses This connection option which can be used with the existing telephone cable costs less than two telephone connections but offers far greater quality and ease of use Two independent lines so that you can still make a Glossary T Net T NetBox T NetBox telephone number T Online T Online software T Service T Service access TA TAPI Funkwerk Enterprise Communications GmbH phone call receive a fax or surf the Internet when another family member is making a long call on the other line Three or more tele phone numbers which you can assign individually to your devices and distribute differently if needed through simple programming steps Most ISDN telephones can manage several telephone num bers so you can set up a central telephone in your household for example to allow you to react to calls to all ISDN telephone num bers with this telephone The fax and telephone in yo
169. alues are 1 to 13 and Auto The default value is Auto Configuring the network name SSID in Access Point mode means that wireless networks can be logically separated from each other but they can still physically interfere with each other if they are operating on the same or closely adjacent wireless channels So if you are operating two or more radio networks close to each other it is advisable to allocate the networks to different channels Each of these should be spaced at least four channels apart as a network also partially occupies the adja cent channels In the case of manual channel selection please make sure first that the clients actually support these channels Transmit Power Select the maximum value for the radiated antenna power The actually radiated antenna power may be lower than the maxim um value set depending on the data rate transmitted The max imum value for Transmit Power is country dependent Possible values e 32 mW 15 dBm default value e 4 mW 6 dBm e 8 mW 9 dBm e 16 mW 12 dBm e 63 mW 18 dBm Max Clients Enter the maximum number of clients that can be connected to this wireless network SSID The maximum number of clients that can register with a wire less module depends on the specifications of the respective WLAN module This number can be shared across all con Funkwerk Enterprise Communications GmbH 11 Wireless LAN Field Description figured wireless networks If the maximum number o
170. alup connections both B channels may be occupied If channel bundling is used you cannot be reached for the duration of this con nection Abbreviation of telefax In a FHSS system the frequency spread is achieved through con stantly changing frequencies based on certain hopping patterns In contrast to DSSS systems hopping patterns are configured not the frequency The frequency changes very frequently in one second Data transmission from one computer to another e g based on the Eurofile transfer standard A filter comprises a number of criteria e g protocol port number source and destination address These criteria can be used to se lect a packet from the traffic flow Such a packet can then be handled in a specific way For this purpose a certain action is asso ciated with the filter which creates a filter rule Describes the whole range of mechanisms to protect the local net work against external access Your gateway provides protection mechanisms such as NAT CLID PAP CHAP access lists etc Software code containing all a device s functions This code is writ ten to a PROM programmable read only memory and is retained there even after the device is switched off Firmware can be up dated by the user when a new software version is available firmware upgrade First level domain Flash key Follow me Fragmentation Frame Frame relay Freecall FTP Full duplex Function keys G 991 1 G 99
171. amically assigned an IP address Standard Route Only if IP Address Mode Static Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is disabled by default Create NAT Policy Only if IP Address Mode Static The function is activated with Enabled The function is disabled by default Local IP Address Only for IP Address Mode Static Assign the IP address from your LAN that is to be used as in ternal source address to the PPTP interface Route Entries Only if IP Address Mode Static Define routing entries for this connection partner e Remote IP Address IP address of the destination host or LAN e Netmask Netmask of Remote IP Address e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 1 IP Assignment Pool IPCP Only if IP Address Mode Provide IP Address Select an IP pool configured in the WAN gt Internet Dialup gt IP Pools menu If an IP pool has not been configured here yet the message Not yet defined appears in this field The Advanced Settingsmenu consists of the following fields 14 VPN Funkwerk Enterprise Communications GmbH Fields in the menu Advanced Settings Field Description Block after Connection Failure for Enter the wait time in seconds before the device should try again after an attempt to set up a connection has failed
172. an access your device to configure it e Via your LAN e Via the serial interface e Via an ISDN connection only bintec R232a bintec R232b and bintec R232bw 7 1 1 Access via LAN Access via one of the Ethernet interfaces of your device allows you to to open the Express Setup Wizard and Funkwerk Configuration Interface in a web browser for configuration purposes and to access your device via Telnet or SSH 7 1 1 1 HTTP HTTPS With a current web browser you can use the HTML interfaces to configure your device Configuration with the Express Setup Wizard is particularly easy An extended configura tion can be set up using the Funkwerk Configuration Interface For this enter the follow ing in your web browser s address field e Express Setup Wizard http 192 168 0 254 wizard or https 192 168 0 254 wizard e Funkwerk Configuration Interface http 192 168 0 254 or https 192 168 0 254 bintec R200 Serie 7 1 1 2 Telnet Apart from configuration using a web browser with a Telnet connection you can also ac cess the SNMP shell and use other configuration options You do not need any additional software on your PC to set up a Telnet connection to your device Telnet is available on all operating systems Proceed as follows Windows 1 Click Run in the Windows Start menu 2 Entertelnet lt IP address of your device gt 3 Click OK A window with the login prompt appears You are now in the SNMP shell of
173. an intercom call is not taking place Dotted Decimal The syntactic representation of a 32 bit whole number written in Notation four 8 bit numbers in decimal form and subdivided by a point It is used to represent IP addresses on the Internet e g 192 67 67 20 Downstream Data transmission rate from the ISP to the customer DSA DSS Digital Signature Algorithm Digital Signature Standard Funkwerk Enterprise Communications GmbH DSL xDSL DSS1 DSSS DTE DTMF Dynamic IP address E1 T1 ECB ECT Email Glossary Digital Subscriber Line Digital Subscriber Signalling System Direct Sequence Spread Spectrum is a wireless technology that was originally developed for the military and offers a high level of protec tion against faults because the wanted signal is spread over a wide area The signal is spread by means of a spread sequence or chip ping code consisting of 11 chips across 22 MHz Even if there is a fault on one or more of the chips during transfer the information can still be obtained reliably from the remaining chips Data Terminal Equipment Dual Tone Multi Frequency tone dialling system In contrast to a static IP address a dynamic IP address is assigned temporarily by DHCP Network components such as the web server or printer usually have static IP address while clients such as note books or workstations usually have dynamic IP addresses E1 European variant of the 2 048 mbps ISDN Primary Rate Inter
174. and audio streaming e g IPTV or Webradio focus on reducing data traffic e g by offering TriplePlay voice video data Multicast is a cost effective solution for effective use of bandwidth because the sender of the data packet which can be received by several re cipients only needs to send the packet once The packet is sent to a virtual address defined as a multicast group Interested recipients log in to these groups Other areas of use One classic area in which multicast is used is for conferences audio video with several re cipients The most well known are probably the MBone Multimedia Audio Tool VAT Video Conferencing Tool VIC and Whiteboard WB VAT can be used to hold audio con ferences All participants are displayed in a window and the speaker s are indicated by a black box Other areas of use are of particular interest to companies Here multicasting makes it possible to synchronise the databases of several servers which is valuable for multinationals or even companies with just a few locations Address range for multicast Funkwerk Enterprise Communications GmbH 12 Routing For IPv4 the IP addresses 224 0 0 0 to 239 255 255 255 224 0 0 0 4 are reserved for multicast in the class D network An IP address from this range represents a multicast group to which several recipients can log in The multicast router then forwards the re quired packets to all subnets with logged in recipients Multicast basics Mult
175. anges in a list Go Immediately starts the configured action New Calls the the sub menu to create a new entry IATA Inserts an entry in an internal list i Add Funkwerk Configuration Interface buttons for special functions Button Function Discover In the Access Point Search menu you use this button to start automatic detection of all the access points available and con nected by Ethernet in the network In the VPN gt Certificates gt Certificates and the VPN gt Cer tificates gt CRLs menus this button opens the sub menus for configuring the certificates or CRL imports Import In the VPN gt Certificates gt Certificates menu this button opens the sub menu for the configuration of the certificate re quest Request Release Call gt In the Surveillance gt ISDN Modem gt Current Calls menu z clicking on this button ends the active calls selected in the column mh Various icons indicate the following possible actions or statuses Funkwerk Configuration Interface icons 7 Access and configuration Funkwerk Enterprise Communications GmbH at P AMADOPSOCORAE m Burma Deletes the list entry Displays the menu for changing the settings of an entry Displays the details for an entry Moves an entry A combo box opens in which you can choose the list entry that selected entry is to be be placed in front of after Creates another list entry first and opens the configuration menu
176. annel Connec Select the already configured ATM connection displayed by the tion VCC combination of VPI and VCI for which the service category is to be defined ATM Service Category Select how the data traffic of the ATM connection is to be con trolled When you select the ATM service category a priority is implicitly assigned from CBR highest priority through VBR 1 VBR 3 to VBR lowest priority Possible settings e Unspecified Bit Rate UBR default value Unspecified Bit Rate A particular data rate is not guaranteed for the connection The Peak Cell Rate PCR defines the lim it above which data is discarded This category is suitable for non critical applications e Constant Bit Rate CBR Constant Bit Rate The con nection is assigned a guaranteed data rate determined by the Peak Cell Rate PCR This category is suitable for critical real time applications that require a guaranteed data rate bintec R200 Serie Funkwerk Enterprise Communications GmbH 13 WAN Field Description Peak Cell Rate PCR Sustained Cell Rate SCR Maximum burst size MBS e Variable Bit Rate V 1 VBR 1 Variable Bit Rate The connection is assigned a guaranteed data rate Sus tained Cell Rate SCR This may be exceeded by the volume configured in Maximum Burst Size Any additional ATM traffic is discarded The Peak Cell Rate PCR repres ents the maximum possible data rate This category is suit able for no
177. ansmitted over a switched connection in a telephone network but divided into data packets by the Internet protocol and these packets are then passed to the destination over undefined paths in a network This technology uses the existing network infrastructure for voice transmission and shares this with other communication services 16 1 SIP SIP serves as a translation instance between different telecommunications networks e g between the plain old phone network and the next generation networks IP networks 16 1 1 Options In the VoIP gt SIP gt Options menu you can make global settings for the SIP bintes R232bw ESS Basic Parameters peee SIP Proxy Denabiea SIP Port 5060 Prioritize SIP Calls Denabiea 4 OK D4 Cancel__ Fig 103 VoIP gt SIP gt Options The VoIP gt SIP gt Options menu consists of the following fields Fields in the Options Basic Parameters menu Field Description SIP Proxy Select whether you want to activate the SIP proxy bintec R200 Serie Field Description The function is activated with Enabled The function is disabled by default SIP Port Enter the port to be supervised by the proxy or each destination port to which VoIP clients from the LAN can connect you must configure a proxy The ports can be provider specific The default value is 5060 Prioritize SIP Calls Select whether you want to activate Prioritize SI
178. are administratively set to down when the gateway boots The gateway then calls itself by ISDN and checks its location If the configured ISDN call numbers differ from the numbers dialled the interfaces remain disabled If the numbers agree the device assumes that it is at the original location and the inter faces are administratively set to up To reduce cost the function uses the ISDN D channel a Note Note that the ISDN theft protection function is not available for Ethernet interfaces bintec R200 Serie eine Aia Ys t Ei Li bintec R232bw 0 Language English Online Help Express Setup Wizard gt i Ex b Save configuration o Options Basic Parameters ISDN Theft Protection Service Menabled Dialling Number Incoming Number Outgoing Number mA Interface Monitored Interfaces Ad DHCP Server Advanced Settings Web Filter CAPI Server Number of Dialling Retries 3 Scheduling E Surveillance i Timeout 5 Seconds ISDH Theft Protection Funkwerk Discovery oK C Cancel UPnP Fig 129 Local Services gt ISDN Theft Protection gt Options The Local Services gt ISDN Theft Protection gt Options menu consists of the following fields Fields in the Options Basic Parameters menu Field Description ISDN Theft Protection Here you can enable or disable the ISDN theft protection func Service tion The function is activated with Enabled The function is d
179. are to be ignored The function is activated with Enabled The function is disabled by default Send Certificate Re Select whether certificate requests are to be sent during IKE quest Payloads phase 1 Funkwerk Enterprise Communications GmbH 14 VPN Field Description The function is activated with Enabled The function is enabled by default Send Certificate Chains Select whether complete certificate chains are to be sent during IKE phase 1 The function is activated with Enabled The function is enabled by default Deactivate this function if you do not wish to send the peer the certificates of all levels from your level to the CA level Send CRLs Select whether CRLs are to be sent during IKE phase 1 The function is activated with Enabled The function is disabled by default Send Key Hash Pay Select whether key hash payloads are to be sent during IKE loads phase 1 In the default setting the public key hash of the remote end is sent together with the other authentication data Only applies for RSA encryption activate this function with Enabled to sup press this behaviour 14 2 L2TP The layer 2 tunnel protocol L2TP enables PPP connections to be tunnelled via a UDP connection Your bintec device supports the following two modes e L2TP LNS Mode L2TP Network Server for incoming connections only e L2TP LAC Mode L2TP Access Concentrator for outgoing connections only Note the following when
180. arry out the initial gateway configuration steps first see Configuring the Gateway on page 17 You can determine a free IP ad dress in your network automatically Enter this IP address here 2 Enter the IP address of your device under Use next DNS server address 3 Click OK 4 Close the status window with OK The computer now has an IP configuration and can access the Internet via the gateway 4 3 3 Installing BRICKware BRICKware contains a number of programs to help you when working with your device The installation is optional You only need the Companion CD supplied with your device for the installation Your PC should also meet the prerequisites stated in System requirements on page 10 Elements of BRICKware Tool Description Activity Monitor The Activity Monitor ensures permanent monitoring of the data transmitted on your device lt also allows the administrator of the device to control under password protection individual in terfaces and connections specifically using certain commands e g establishing and clearing connections or changing pre configured Internet providers SNMP Manager The SNMP Manager provides you with complete access to your device s configuration With this application you can monitor im portant device events at the same time SNMP traps Dime Tools The Dime Tools application provides a number of services Tasks of the individual services e Updating of the system software TFTP server e
181. at your device can decode the certificate Possible values e auto default value Activates automatic code recognition If downloading the certificate in auto mode fails try with a cer tain type of encoding e Base64 e Binary Password You may need a password to obtain certificates for your keys Enter the password here bintec R200 Serie 14 5 2 CRLs In the VPN gt Certificates gt CRLs menu a list of all CRLs is shown 14 5 2 1 Import Choose the Import button to import other CRLs bniscrzioa PE Certificate List CRLs Certificate Servers CRL Import External Filename Browse Local Certiteate Description File Encoding Auto a 7 Password AAA K OK JK Cancel Fig 92 VPN gt Certificates gt CRLs gt Import The VPN gt Certificates gt CRLs gt Import menu consists of the following fields Fields in the CRLs CRL Import menu Field Description External Filename Enter the file path and name of the CRL to be imported or use Browse to select it from the file browser Enter a unique description for the CRL Local Certificate De scription File Encoding Select the type of encoding so that your device can decode the CRL Possible values e auto default value Activates automatic code recognition If bintec R200 Serie Field Description downloading the CRL in auto mode fails try with a certai
182. ation of your device via Ethernet connect the first switch port 1 of your device to your LAN using the Ethernet cable supplied The device automatically detects whether it is connected to a switch or directly to a PC 4 ADSL Connect the ADSL interface ADSL of your device to the DSL output of the bintec R200 Serie i 3 Installation Funkwerk Enterprise Communications GmbH splitter using the DSL cable supplied 5 Mains connection Connect the device to a mains socket using the mains adaptor sup plied Optional connections e ISDN Connect the ISDN interface ISDN of the device to your ISDN socket using the ISDN cable provided only bintec R232a bintec R232b and bintec R232bw DMZ Connect the WAN interface ETH of your device to the Ethernet connection of your DMZ using another Ethernet cable only bintec R232a bintec R232b and bintec R232bw e Other LANs WANs Connect any other terminals in your network to the remaining switch ports 2 3 or 4 of your device using other Ethernet cables e Setting up a serial connection For alternative configuration possibilities connect the seri al interface of your PC COM1 or COM2 to the serial interface of the gateway console Use only the serial cable supplied with the equipment However configuration via the serial interface is not provided by default The device is now prepared for configuration using the Express Setup Wizard 3 2 Cleaning You can clean your device
183. ayed Your device can operate as a dynamic IP address server for PPP connections You can use this function by providing one or more pools of IP addresses These IP addresses can be assigned to dialling in connection partners for the duration of the connection Any host routes entered always have priority over IP addresses from the address pools This means if an incoming call has been authenticated your device first checks whether a host route is entered in the routing table for this caller If not your device can allocate an IP address from an address pool if available If address pools have more than one IP ad dress you cannot specify which connection partner receives which address The ad dresses are initially assigned in order If a new dial in takes place within an interval of one hour an attempt is made to allocate the same IP address assigned to this partner the last time Use the Add button to set up new IP pools bintec R232bw Language English Online Help Express Setup Wizard IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options E View feo per page KP Filter in None i vlequal xf Go i IP Pool Name IP Pool Range Page 1 items 1 1 El pe C ada JC OK Cancel Fig 81 VPN gt IPSec gt IP Pools gt Add The VPN gt IPSec gt IP Pools gt Add menu consists of the following fields Fields in the Options IP Pools menu F
184. bH 18 Maintenance Field Description of the Funkwerk Configuration Interface into your device You can download the files to your PC from the download area at www funkwerk ec com and from there import them to your device e Update system software you can start an update of the system software the ADSL logic and the BOOTmonitor e Export configuration The configuration file Current fi lename in flash memory is transferred to your local host If you click on the Go button a dialog box is shown in which you can select the storage location on your PC and enter the desired file name e Export Status Information The active configuration from the RAM is transferred to your local host If you click on the Go button a dialog box is shown in which you can select the storage location on your PC and enter the desired file name e Copy The configuration file in the Source File Name field is saved as Destination file name e Rename The configuration file in the Select File field is re named as New Filename e Delete Configuration The configuration file in the Se lect File field is deleted e Delete File The file in the Select File field is deleted Encryption of the Config uration Only for Action Import configuration Export con ah Gi sHelialO Meet Oia Canca Ancla SESNCUS a formation Define whether the data of the selected Action are to be encrypted The function is enabled by choosing Enabled The function is di
185. be au thenticated the RADIUS server sends corresponding confirmation to your device This con firmation also contains parameters called RADIUS attributes which your device uses as WAN connection parameters If the RADIUS server is used for accounting your device sends an accounting message at the start of the connection and a message at the end of the connection These start and end messages also contain statistical information about the connection IP address user name throughput costs RADIUS packets The following types of packets are sent between the RADIUS server and your device client Packet types Field VENTO ACCESS_REQUEST Client gt Server If an access request is received by your device a request is sent to the RADIUS server if no corresponding connection part ner has been found on your device ACCESS_ACCEPT Server gt Client If the RADIUS server has authenticated the information con tained in the ACCESS_REQUEST it sends an AC CESS_ACCEPT to your device together with the parameters used for setting up the connection ACCESS_REJECT Server gt Client If the information contained in the ACCESS_REQUEST does not correspond to the information in the user database of the RADIUS server it sends an ACCESS_ REJECT to reject the connection ACCOUNTING_START Client gt Server If a RADIUS server is used for accounting your device sends an accounting message to the RADIUS server at the start of ea
186. bles You can access these directly from the SNMP shell via SNMP commands This type of configuration requires a detailed knowledge of our devices 74 BOOTmonitor The BOOTmonitor is only available over a serial connection to the device Funkwerk Enterprise Communications GmbH 7 Access and configuration The BOOTmonitor provides the following functions which you select by entering the cor responding number 1 Boot System reboot the system The device loads the compressed boot file from the flash memory to the working memory This happens automatically on starting 2 Software Update via TFTP The devices performs a software update via a TFTP server 3 Software Update via XMODEM The device performs a software update via a serial interface with XMODEM 4 Delete configuration The device is reset to the ex works state All configuration files are deleted and the BOOT monitor settings are set to the default values 5 Default BOOTmonitor Parameters You can change the default settings of the BOOTmonitor of the device e g the baud rate for serial connections 6 Show System Information Shows useful information about your device e g serial number MAC address and software versions The BOOTmonitor is started as follows The devices passes through various functional states when starting e Start mode BOOTmonitor mode e Normal mode After some self tests have been successfully carried out in the start mode your
187. bscriber Number Enter the connection partner s number Fields in the Advanced Settings IP Options menu Field Description OSPF Mode Proxy ARP Select whether and how routes are propagated via the interface and or OSPF protocol packets are sent Possible values e Passive default value OSPF is not activated for this inter face i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this inter face are however included when calculating the routing in formation and propagated over active interfaces e Active OSPF is activated for this interface i e routes are propagated or OSPF protocol packets sent over this interface e Down OSPF is disabled for this interface Select whether and how ARP requests from your own LAN are Funkwerk Enterprise Communications GmbH 13 WAN Field Description to be responded to for the specified connection partner Possible values e Inactive default value Deactivates Proxy ARP for this connection partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the connection partner is Up or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up un til someone actually wants to use the route e Active Only Your device responds to an ARP request only if the status of the connection to the connection partner is Up active i
188. callback is deactivated The local device neither reacts to incoming ISDN calls nor initiates ISDN calls to the remote device e Passive The local device only reacts to incoming ISDN calls and if necessary initiates setting up an IPSec tunnel to the peer No ISDN calls are sent to the remote device to cause this to set up an IPSec tunnel e Active The local device sends an ISDN call to the remote device to cause this to set up an IPSec tunnel The device does not react to incoming ISDN calls e Both Your device can react to incoming ISDN calls and send ISDN calls to the remote device The setting up of an IPSec tunnel is executed after an incoming ISDN call and initiated by an outgoing ISDN call Incoming ISDN Number Only for Mode Passive or Both Enter the ISDN number from which the remote device calls the local device calling party number Wildcards may also be used Outgoing ISDN Number Only for Mode Active or Both Enter the ISDN number with which the local device calls the re mote device calls called party number Wildcards may also be used Transfer Own IP Ad Select whether the IP address of your own device is to be trans dress over ISDN ferred over ISDN for IPSec callback The function is activated with Enabled The function is disabled by default Transfer Mode Only if Transfer Own IP Address over ISDN activated Select the mode in which your device is to attempt to transfer its IP address to the
189. ccount each time a call is ended Also known as call forwarding An incoming call is diverted to a spe cified telephone Internet or wireless connection Performance feature e g of the T Concept PX722 system tele phone special feature telephones or answering machines The call is only signalled in the case of certain previously defined telephone numbers You can only use the options of call forwarding in the exchange via the keypad if certain services are activated for your connection You can receive more information on this from your T Com advisor The exchange connects the calling subscriber with an external sub scriber you have specified Funkwerk Enterprise Communications GmbH Call forwarding in the PBX Glossary The call forwarding CF performance feature of the PBX enables you to be reached even if you are not in the vicinity of your tele phone You achieve this by automatically forwarding your calls to the required internal or external telephone number You can use the configuration program to define whether call forwarding should be carried out in the PBX or the exchange You should use call for warding in the exchange if certain services are activated for your connection You can receive more information on this from your T Com advisor Call option day night Option of changing the call allocation on a PBX using a calendar Call pickup Call pickup Call Relay on Busy Call Through Call to engaged sub scr
190. ch connection ACCOUNTING_STOP Client gt Server Field Value If a RADIUS server is used for accounting your device sends an accounting message to the RADIUS server at the end of each connection In the System Administration gt Remote Authentication gt RADIUS menu a list of all registered RADIUS servers is displayed 8 5 1 1 Edit New Choose the o icon to edit existing entries Choose the New button to add RADIUS serv ers RADIUS TACACS Options Basic Parameters Authentication Type Authentication v E AAA p E Administrative Access Server IP Address Remote Authentication H a RADIUS Secret P2000000 Priority 04 Entry active MEnabled Group Description None v New i o _ d Advanced Settings Policy Authoritative UDP Port 1812 Server Timeout 1000 Milliseconds Alive Check Enabled Retries h F j Denabied a Reload Interval RADIUS Dialout i fo Seconda J Default User e j Password z oK Cancel D Fig 34 System Administration gt Remote Authentication gt RADIUS gt New The System Management gt Remote Authentication gt RADIUS gt New menu consists of the following fields Fields in the RADIUS Basic Parameters menu bintec R200 Serie 8 System Management Funkwerk Enterprise Communications GmbH Field Value Authentication Type Se
191. ckets Rx Packets N 54 0 0 A e ig jo eya 36 o 0 A 5 e 18 0 0 Localserices tj 0 0 Maintenance r n p p 9 0 o oring 6 fo o 55 0 0 2 o 0 1 0 0 Total o 0 Advanced Fig 155 Monitoring gt WLAN gt WLAN1 Values in the list WLAN1 Field Description Mbps Displays the possible data rates on this wireless module Tx Packets Shows the total number of packets sent for the data rate shown in Mbps Rx Packets Shows the total number of packets received for the data rate shown in Mbps bintec R200 Serie You can choose the Advanced button to go to an overview of more details Por ee TOS Language English i Save configuration A WLAN1 vss este Management AA A TS Automatic Refresh Interval 60 Seconds Apply _ WirelessLAN v Description Routing v 1 Unicast MSDUs transmitted successfully E A 3 2 Multicast MSDUS transmitted successfully VPN sA 3 Transmitted MPDUS Firewall 5 4 Multicast MSDUs received successfully 5 Unicast MPDUs received successfully E WE e amma 6 MSDUs that could not be transmitted oo nd 7 Frame transmissions without ACK received Maintenance Tk Duplicate received MSDUs External Reporting v 9 CTS frames received in response to an RTS a 10 Received MPDUs that couldn t be decrypted Internal Log 11 RTS frames with no CTS received o 12 Corrupt Frames Received ISDN Modem Interfaces C Back WLAN Fig 156 Monitoring gt WLAN gt WLA
192. col PPP network pro tocol over an Ethernet connection Today PPPoE is used for ADSL connections in Ger many In Austria the Point to Point Tunneling Protocol PPTP was originally used for AD SL access However PPPoE is now offered here too by some providers 13 1 1 1 New Choose the New button to set up new PPPoE interfaces bintes R232bw EPPS gt PPOE PPTP PPPoA ISDN IP Pools E EA Description PPPoE Mode Standard O Muttitink PPPoE Ethernet Interface Select one E T Mmmm N Real Time Jitter Control i weer ome L TN Password eesse Always on Enabled Connection Idle Timeout 300 Seconds IP Mode and Routes IP Address Mode Ostatic Get IP Address DefaultRoute enabled Create NAT Policy Enabled Advanced Settings Block after connection failure for eo Seconds Maximum Number of Dialup Ret es E Authentication PAP xi DNS Negotiation Menablea i Prioritize TCP ACK Packets o Enabled o LCP Alive Check i Clenabtea C oK T Cancel Fig 65 WAN gt Internet Dialup gt PPPoE gt New The WAN gt Internet Dialup gt PPPoE gt New menu consists of the following fields Fields in the PPPoE Basic Parameters menu Field Description Description Enter a name to uniquely identify the PPPoE partner The first character in this field must not be a number and no special characters o
193. com puters A group of computers wirelessly connected to each other wireless LAN Wireless multimedia Wi Fi protected access Concentrates primarily on the needs of companies and offers secure encryption and authentication Uses 802 1x and the Extensible Au thentication Protocol EAP and thus offers an effective means of user authentication Intended for private users or small businesses that do not run a central authentication server PSK stands for Pre Shared Key and means that AP and client use a fixed character string 8 to 63 char acters known to all subscribers as the basis for key calculation for wireless traffic World Wide Web The X 21 recommendation defines the physical interface between two network components in packet switched data networks e g Da tex P The X 21bis recommendation defines the DTE DCE interface to V series synchronous modems An internationally agreed standard protocol that defines the interface between network components and a packet switched data network ITU T recommendation on the integration of X 25 compatible DTEs in ISDN D channel ITU T standards that cover user directory services see LDAP Ex ample The phone book is the directory in which you find people on bintec R200 Serie X 509 the basis of their name agreement with the telephone directory The Internet supports several databases with information on users such as e mail addresses telephone numbers and postal ad
194. connection in your LAN and to the Internet Carry out the following steps to test your device 1 Remove the serial cable from your device if this was connected and you no longer need the serial connection 2 Test the connection to your device Click Run in the Start menu and enter ping fol lowed by a space and the IP address of your device e g 192 168 0 254 A win dow appears with the response Reply from 3 Test Internet access by entering www funkwerk ec com in the Internet browser Funk werk Enterprise Communications GmbH s Internet site offers you the latest news up dates and documentation Note Incorrect configuration of the devices in your LAN may result in unwanted connections and increased charges Monitor your device and make sure it only sets up connections at the times you want it to Watch the LEDs on your device LED ISDN ADSL and Eth ernet interfaces to which you have connected one or more WANs for an explanation of the displays see Technical data on page 21 or use the Activity Monitor see BRICKware for Windows Funkwerk Enterprise Communications GmbH 5 Reset Chapter 5 Reset If the configuration is incorrect or if your device cannot be accessed you can reset the device to the ex works standard settings using the Reset button on the back of the device Practically al existing configuration data will then be ignored only the current user pass words are retained Configurations stored in the de
195. connection over ISDN e Remote Mobile Dialin Use of the ISDN Callback function 13 1 4 1 New Choose the New button to set up new ISDN interfaces Basic Parameters Description lt Connection Type ISDN 64 kbps Y User Name f k cm Remote User forDialinonyy D Password ececeeee 4 Always on ClEnablea oo Connection Idle Timeout feo Seconds IP Mode and Routes IP Address Mode O static O Provide IP Address Get IP Address Default Route Cl Enabled Create NAT Policy Local IP Address Route Entries Advanced Settings foo Seconds 5 O standard Dialin only Multi User Dialin only PAP CHAP MS CHAP Block after connection failure for Maximum Number of Dialup Retries Usage Type Authentication Callback Mode Bandwith on Demand Options Channel Bundling OSPF Mode OPassive O Active O Inactive Proxy ARP Mode O Inactive O Up or Dormant O Up only DNS Negotiation MEnabled C OK Cancel Fig 68 WAN gt Internet Dialup gt ISDN gt New bintec R200 Serie Funkwerk Enterprise Communications GmbH 13 WAN The WAN gt Internet Dialup gt ISDN gt New menu consists of the following fields Fields in the ISDN Basic Parameters menu Field Description Description Enter a name for uniquely identifying the connection partner The fir
196. connections PVC Per manent Virtual Circuit already configured with specific assigned data traffic parameters is shown Your device supports QoS Quality of Service for ATM interfaces N Caution ATM QoS should only be used if your provider specifies a list of data traffic parameters traffic contract The configuration of ATM QoS requires extensive knowledge of ATM technology and the way the bintec devices function An incorrect configuration can cause consider able disruption during operation If applicable save the original configuration on your PC 13 2 2 1 New Choose the New button to set up new categories bintec R200 Serie i a E POSES Temmi AA bintec R232bw Language English Online Help Express Setup Wizard e EE save configuration d Profiles Service Categories OAM Controlling System Management v ey Basic Parameters WirelessLAN v Virtual Channel Connection voc VPIT VCI32 Y r ATM Service Category Select one vi ernet Dialup Peak Cell Rate PCR 0 bps ATM Real Time Jitter Control Sustained Cell Rate SCR 0 bps A e A Maximum Burst Size MBS 0 bps E JE A Ti P VO a EEK CCaneel_ ERA AA AAA EAS Fig 71 WAN gt ATM gt Service Categories gt New The WAN gt ATM gt Service Categories gt New menu consists of the following fields Fields in the Service Categories Basic Parameters menu Field Description Virtual Ch
197. counting OK Bie Cancel Fig 140 External Reporting gt Syslog gt Syslog Servers gt New The External Reporting gt Syslog gt Syslog Servers gt New menu consists of the follow ing fields Fields in the Syslog Servers Basic Parameters menu Field Description IP Address Enter the IP address of the host to which syslog messages are passed Level Select the priority of the syslog messages that are to be sent to the host Possible values e Emergency highest priority e Alert O Ceted al ERETON e Warning e Alert e Information default value Debug lowest priority bintec R200 Serie Field Description Syslog messages are only sent to the host if they have a higher or identical priority to that indicated e all messages generated are recorded at syslog level Debug Facility Enter the syslog facility on the host This is only required if the Log Host is a Unix computer Possible values loca10 7 The default value is 10ca10 Time Stamp Select the format of the time stamp in the syslog Possible values e None default value No system time indicated e Time System time without date e Date amp Time System time with date Protocol Select the protocol for the transfer of syslog messages Note that the syslog server must support the protocol Possible values e UDP default value TCP Type of Messages Select the message type Possible values
198. cription Send Initial Contact Select whether IKE Initial Contact messages are to be sent dur Message ing IKE phase 1 if no SAs with a peer exist The function is activated with Enabled 14 VPN Funkwerk Enterprise Communications GmbH Field Description The function is enabled by default Sync SAs with ISP Inter Select whether all SAs are to be deleted whose data traffic was face Status routed via an interface on which the status has changed from Upto Down Dormant Or Blocked The function is activated with Enabled The function is disabled by default Use Zero Cookies Select whether zeroed ISAKMP Cookies are to be sent These are equivalent to the SPI Security Parameter Index in IKE proposals as they are redundant they are normally set to the value of the negotiation currently in progress Alternatively your device can use zeroes for all values of the cookie In this case choose Enabled Zero Cookie Size Only if Use Zero Cookies activated Enter the length in bytes of the zeroed SPI used in IKE propos als The default value is 32 Dynamic RADIUS Au Select whether RADIUS authentication is to be activated via thentication IPSec The function is activated with Enabled The function is disabled by default Fields in the Advanced Settings PKI Editing Options menu Field Description Ignore Certificate Re Select whether certificate requests received from the remote quest Payloads end during IKE phase 1
199. ctivity 270 TCP Keepalives 79 TCP Port 91 TCP MSS Clamping 109 Telnet 77 Tertiary Time Server 69 TFTP File Name 312 TFTP server 312 Time 356 Funkwerk Enterprise Communications GmbH Time Condition 313 Time Offset from GMT 69 Time Stamp 343 Time Update Interval 69 Time Update Policy 69 Timeout 91 325 Total 361 Traceroute Test 336 Traffic Shaping 268 Transfer Mode 207 Transfer Own IP Address over ISDN 207 Transmit Key 125 Transmit Power 117 Transmit Shaping 105 Transmitted MPDUs 366 Trials 318 Trigger 319 320 TTL 286 Tunnel Profile 234 Tx Bytes 364 Tx Errors 364 Tx Packets 364 365 367 369 Type 187 274 364 Type of Messages 343 U UDP Destination Port 231 239 354 UDP Inactivity 270 UDP Port 87 UDP Source Port 231 UDP Source Port Selection 239 Unchanged for 364 Unicast MPDUs received successfully 366 Unicast MSDUs transmitted successfully 366 Up 161 Update Interval 295 354 Update Path 295 Update System Time from ISDN 69 Update Timer 148 Update URL 312 UPnP Status 332 Index UPnP TCP Port 332 Upstream 105 Uptime 62 367 369 URL 338 URL path length 302 URL IP Address 307 Usage Type 181 203 Use Key 249 Use PFS Group 219 Use Zero Cookies 227 Username 164 169 174 179 234 241 293 309 348 User defined 255 Users 223 V Value 366 Virtual Channel Connection VCC 192 195 Virtual Channel Identifier VCI 187 Virtual Path Co
200. d e Enabled MPP encryption V2 with 128 bit is used to RFC 3078 e Windows compatible MPP encryption V2 with 128 bit is used as compatible with Microsoft and Cisco LCP Alive Check Check whether the availability of the remote terminal is to be checked by sending LCP echo requests or replies This is re commended for leased lines PPTP and L2TP connections 14 VPN Funkwerk Enterprise Communications GmbH Field Description The function is activated with Enabled The function is disabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default Fields in the Advanced Settings IP Options menu Field Description OSPF Mode Select whether and how routes are propagated via the interface and or OSPF protocol packets are to be sent Possible values e Passive default value OSPF is not activated for this inter face i e no routes are propagated or OSPF protocol packets sent over this interface Networks reachable over this inter face are however included when calculating the routing in formation and propagated over active interfaces e Active OSPF is activated for this interface i e routes are propagated or OSPF protocol packets sent over this interface e Down OSPF is disabled for this inter
201. d for connecting up to eight ISDN terminals point to multipoint connection Small Offices and Home Offices The SPD Security Policy Database defines the security services available for IP traffic These security services are dependent on parameters such as the source and destination of the packet etc Performance features of the T Net and T ISDN networks such as display of the caller s number callback on busy call forwarding changeable connection lock changeable telephone number lock connection without dialling and transmission of charge information Availability depends on the standard of the connected terminals T ISDN Basic Rate Interface with an extensive range of services call waiting call forwarding third party conference display of call costs at the end of a connection inquiry brokering telephone num ber transmission In the special features connection three multiple subscriber numbers are included as standard If you want to make a business call late in the evening from your private sphere say the living room for example you can define your business telephone number as the outgoing multiple subscriber number MSN for this call The advantages of this are that the costs for the connection are recorded for the selected MSN and the per son you are calling can identify you by the transferred MSN Before you call an external number you can define which of your telephone numbers is to be sent to the exchange and call
202. d passwords in ex works state User name Password Authorisations admin funkwerk Read and change system variables save configurations use Express Setup Wizard Funkwerk Configuration Interface write public Read and write system variables except passwords changes are lost when you switch off your device read public Read system variables except passwords It is only possible to change and save configurations if you log in with the user name ad min Access information user names and passwords can also only be changed if you log in with the user name admin For security reasons passwords are normally shown on the Setup Tool screen not in plain text but only as asterisks The user names on the other hand are displayed as plain text The security concept of your device enables you to read all the other configuration settings with the user name read but not the access information It is therefore impossible to log in with read read the password of the admin user and subsequently log in with admin and make changes to the configuration Caution All bintec devices are delivered with the same username and password As long as the password remains unchanged they are therefore not protected against unauthor ized use How to change the passwords is described in on page Make sure you change the passwords to prevent unauthorized access to your device If you have forgotten your password you must reset your device to the ex wo
203. d seconds for which the cli ent is logged in Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm SNR dB Signal to Noise Ratio in dB is an indicator of the quality of the wireless connection Values e gt 25 dB excellent e 15 25 dB good e 2 15 dB borderline e 0 2 dB bad Data Rate Mbps Shows the current transmission rate of data received by this cli ent in Mbps The following transmission rates are possible IEEE 802 11b 11 5 5 2 and 1 mbps IEEE 802 11g a 54 48 bintec R200 Serie Field Description 36 24 18 12 9 6 Mbps If the 5 GHz frequency band is used the indication of 11 5 5 2 and 1 Mbps is suppressed for IEEE 802 11b Rate Displays the possible data rates on this wireless module Tx Packets Shows the number of sent packets for the data rate Rx Packets Shows the number of received packets for the data rate 20 6 Bridges 20 6 1 br lt x gt In the Monitoring gt Bridges gt br lt x gt menu the current values of the configured bridges are shown MT PE Online Help Express Setup Wizard bro ake 3 hes Language English vw Automatic Refresh Interval feo Seconds C Apply MAC Address Port ISDN Modem Interfaces Fig 159 Monitoring gt Bridge Values in the br lt x gt list Field Description MAC address Shows the MAC addresses of the associated bridge Port Shows the port on which the
204. ddress Sessie Y Interval o Seconds q OK C Cancer __ DynDHS Client DHCP Server Web Filter CAPI Server Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery UPnP Fig 128 Local Services gt Monitoring gt Ping Generator gt New The Local Services gt Monitoring gt Ping Generator gt New menu consists of the follow ing fields Fields in the Ping Generator Basic Parameters menu Field Description Destination IP Address Enter the IP address to which the ping is automatically sent bintec R200 Serie Field Description Source IP Address Enter the source IP address of the outgoing ICMP echo request packets Possible values e Automatic default value The IP address is determined automatically e Specific Enter the IP address in the adjacent input field e g to test a particular extended route Interval Enter the interval is seconds during which the ping is to be sent to the target IP address specified in Target IP Address Possible values are 1 to 65536 The default value is 10 17 8 ISDN Theft Protection With the ISDN theft protection function you can prevent a thief who has stolen a gateway from gaining access to the gateway owner s LAN Without theft protection he could dial in to the LAN by ISDN if under WAN gt Internet Dialup gt New the field Always On is en abled 17 8 1 Options All interfaces for which the theft protection is enabled
205. ddress of an ISDN device that consists of an ISDN number fol lowed by further numbers that relate to a specific terminal e g 47117 bintec R200 Serie Glossary ISDN Basic Rate In terface ISDN card ISDN Login ISDN number ISDN router ISDN BRI ISDN Dynamic ISDN Intern al External ISDN PRI ISO ISP ITU Key Escrow LAN Funkwerk Enterprise Communications GmbH ISDN subscriber connection The Basic Rate Interface consists of two B channels and one D channel In addition to the Basic Rate In terface there is the Primary Rate Interface The interface to the sub scriber is provided by an So bus Adapter for connecting a PC to the ISDN Basic Rate Interface From a technical perspective we differentiate between active and passive cards Active ISDN cards have their own processor which handles communication operations independently of the PC processor and therefore does not require any resources A passive ISDN card on the other hand uses the PC s resources Function of your gateway Your gateway can be configured and ad ministrated remotely using ISDN Login ISDN Login operates on gateways in the ex works state as soon they are connected to an ISDN connection and therefore reachable via an extension number The network address of the ISDN interface e g 4711 A router that does not have network connections but provides the same functions between PC ISDN and the Internet ISDN Basic Rate Interface
206. ded in the list in the Stat ic Hosts menu The TTL is transferred in this operation bintec R200 Serie 17 1 5 Statistics aea aia SES jess Language English Online Help Express Setup Wizard Global Settings Static Hosts Domain Forwarding Cache Statistics bintec R232bw Automatic Refresh Interval 50 Seconds C Apply DNS Statistics Received DNS Packets Invalid DNS Packets DNS Requests i Cache Hits Forwarded Requests Cache Hitrate Successfully Answered Queries ejojojojeojojoje Server Failures Fig 109 Local Services gt DNS gt Statistics In the Local Services gt DNS gt Statistics menu the following statistical values are shown Fields in the Statistics DNS Statistics menu Field Description Received DNS Packets Shows the number of received DNS packets addressed direct to your device including the response packets for forwarded re quests Invalid DNS Packets Shows the number of invalid DNS packets received and ad dressed direct to your device DNS Requests Shows the number of valid DNS requests received and ad dressed direct to your device Cache Hits Shows the number of requests that were answered with static or dynamic entries from the cache Forwarded Requests Shows the number of requests forwarded to other name serv ers Cache Hitrate Displays the number of Cache Hits per DNS Request in bintec R200 Serie Field Descriptio
207. dentifier Only for Provider User defined VPI Enter the VPI value of the ATM connection The VPI is the iden tification number of the virtual path to be used Note your pro vider s instructions Possible values are 0 to 255 The default value is 8 Virtual Channel Identifier Only for Provider User defined VCl Enter the VCI value of the ATM connection The VCI is the iden tification number of the virtual channel A virtual channel is the logical connection for the transport of ATM cells between two or more points Note your provider s instructions Possible values are 32 to 65535 The default value is 32 Encapsulation Only for Provider User defined Select the encapsulation to be used Note your provider s in structions Possible values in accordance with RFC 2684 e LLC Bridged no FCS default value for Ethernet over ATM Only shown for Type Ethernet over ATM Funkwerk Enterprise Communications GmbH 13 WAN Field Description Bridged Ethernet with LLC SNAP encapsulation without Frame Check Sequence checksums e LLC Bridged FCS Only shown for Type Ethernet over ATM Bridged Ethernet with LLC SNAP encapsulation with Frame Check Sequence checksums non ISO default value for Routed Protocols over ATM Only shown for Type Routed Protocols over ATM Encapsulation with LLC SNAP header suitable for IP routing e LLC Only shown for Type PPP over ATM Encapsulation wi
208. destination connection ends When the connection is free this is signalled to the caller As soon as the caller lifts the receiver the connection is Glossary Funkwerk Enterprise Communications GmbH set up automatically However Callback must first be activated by the caller on his or her terminal Callback on no reply You call a subscriber who does not pick up With Callback on no reply this is not a problem for you because with this special fea ture you can set up the connection without having to redial If you are not on the telephone yourself a new connection with the sub scriber is set up for a maximum of 180 minutes Called party number Number of the terminal called Caller list Special feature telephones such as the T Concept PX722 system telephone enable call requests to be stored during absence Calling party number Number of the calling terminal CAPI CAST CBC CCITT CD Call Deflection Central speeddial memory Certificate Channel Bundling CHAP Checksum field CLID Common ISDN Application Programming Interface A 128 bit encryption algorithm with similar functionality to DES See Block Cipher Modes Cipher Block Chaining Consultative Committee for International Telegraphy and Telephony The forwarding of calls This performance feature enables you to forward a call without having to take it yourself If you forward a call to an external subscriber you bear any connection costs fr
209. device reaches the BOOTmonitor mode The BOOTmonitor prompt is displayed if you are serially connected to your device Press lt sp gt for boot monitor or any other key to boot system R232aw Bootmonitor Y 7 2 Rev 4 from 2005 09 06 00 00 00 Copyright c 1996 2005 by Funkwerk Enterprise Communications GmbH 1 Boot System 2 Software Update via TFTP 3 Software Update via XMODEM 4 Delete Configuration 5 Default Bootmonitor Parameters 6 Show System Information Your Choice gt _ After display of the BOOTmonitor prompt press the space bar within four seconds to use the functions of the BOOTmonitor If you do not make an entry within four seconds the device changes back to normal operating mode En Note If you change the baud rate the preset value is 9600 baud make sure the terminal program used also uses this baud rate If this is not the case you will not be able to establish a serial connection to the device bintec R200 Serie Chapter 8 System Management The System Management menu contains general system information and settings You see a system status overview Global system parameters such as the system name date time passwords and licences are managed and the access and authentication meth ods are configured 8 1 State If you log into the Funkwerk Configuration Interface your device s status page is dis played which shows the most important system information You see an overview of the
210. e Funkwerk Enterprise Communications GmbH 17 Local services Field Description Enable Web Filter Here you can activate the filter The function is enabled by choosing Enabled The function is disabled by default Filtered input interface s Select for which of the existing Ethernet interfaces web filtering is to be activated Press the Add button to add more interfaces The requests from http Internet pages that reach your device via these interfaces are then monitored by web filtering Maximum number of his Define the number of entries to be saved in the web filtering his tory entries tory History menu Possible values are 1 to 512 The default value is 64 URL path length Select the path length to which a URL is to be checked by the Cobion Orange Filter Action if Content Server Select which is to be done with URL requests if the web filtering not reachable server cannot be reached Possible values e Allow all default value The download is permitted e Block all The download of the requested page is blocked e Log all The download is permitted but logged Action if license not re Select what is to be done with URL requests if the licence key gistered status is Not Valid Possible values e Allow all default value The download is permitted e Block all The download of the requested page is blocked e Log all The download is permitted but logged The License Information menu consists of the fo
211. e make sure you consider the corresponding re lease notes These describe the changes implemented in the new system software The result of an interrupted update e g power failure during the update could be that your gateway no longer boots Do not turn your device off during the update An update of BOOTmonitor and or Logic is recommended in a few cases In this case the release notes refer expressly to this fact Only update BOOTmonitor or Logic if Funkwerk Enterprise Communications GmbH explicitly recommends this Flash Your device saves its configuration in configuration files in the flash EEPROM Electrically Erasable Programmable Read Only Memory The data even remains stored in the flash when your device is switched off RAM The current configuration and all changes you set on your device during operation are stored in the working memory RAM The contents of the RAM are lost if the device is switched off So if you modify your configuration and want to keep these changes for the next time you start your device you must save the modified configuration in the flash memory before switching off Save Configuration button in the Funkwerk Configuration Interface navigation area This configuration is then saved in the flash in a file with the name boot When you start your device the boot configuration file is used by default Operations The files in the flash memory can be copied moved erased and newly created It is al
212. e Firewall gt Policies gt Options menu consists of the following fields Fields in the Options Global Firewall Options menu Field Description Firewall Status Here you can activate and deactivate the firewall function The function is activated with Enabled The function is enabled by default Logged Actions Select the firewall syslog level bintec R200 Serie Field Description The messages are output together with messages from other subsystems Possible values e All default value All firewall activities are displayed e Deny Only reject and deny events are shown see Action e Accept Only accept events are shown None Syslog messages are not generated Fields in the Options Session Timer menu Field Description UDP Inactivity Enter the inactivity time after which a UDP session is to be re garded as expired in seconds Possible values are 30 to 86400 The default value is 180 TCP Inactivity Enter the inactivity time after which a TCP session is to be re garded as expired in seconds Possible values are 30 to 86400 The default value is 3600 PPTP Inactivity Enter the inactivity time after which a PPTP session is to be re garded as expired in seconds Possible values are 30 to 86400 The default value is 86400 Other Inactivity Enter the inactivity time after which a session of another type is to be regarded as expired in seconds Possible values are 30 to 86400 The
213. e Internet access over your device If for example you configure both Internet access and a corporate network connection enter a default route to the ISP and a network route to the head office You can enter several default routes on your device but only one default route can be active at any one time If you enter several default routes you should make sure the values for Metric are different Activating NAT With Network Address Translation NAT you conceal your whole network to the outside world behind one IP address You should certainly do this for your connection to the Inter net Service Provider ISP Only outgoing sessions are allowed initially if NAT is activated To allow certain connec tions from outside to hosts within the LAN these must be explicitly defined and admitted Callback The callback mechanism can be used for every connection to obtain additional security re garding the connection partner or to clearly allocate the costs of connections A connection is not set up until the calling party has been clearly identified by calling back Your device can answer an incoming call with a callback or request a callback from a connection part ner Identification can be based on the calling party number or PAP CHAP MS CHAP au thentication Identification is made in the former case without call acceptance as the calling party number is transferred over the ISDN D channel and in the latter case with call ac Funkwerk Enterp
214. e Sets Service Set Parameters menu Field Description Network Name SSID Enter the name of the wireless network SSID Enter an ASCII string with a maximum of 32 characters Also select whether the Network Name SSID is to be trans mitted The network name is shown by choosing Visible It is visible by default Intra cell Repeating Select whether communication between the WLAN clients is to be permitted within a radio cell The function is enabled by choosing Enabled The function is enabled by default bintec R200 Serie Funkwerk Enterprise Communications GmbH 11 Wireless LAN Field Description ARP Processing Select whether the ARP processing function should be enabled The ARP data traffic is reduced in the network by the fact that ARP broadcasts that have been converted to ARP unicasts are forwarded to IP addresses that are known internally Unicasts are quicker and clients with an enabled power save function are not addressed The function is enabled by choosing Enabled The function is disabled by default Make sure that ARP processing cannot be applied in conjunc tion with the MAC bridge function Fields in the Virtual Service Sets Security Settings menu Field Description Security Mode Select the security mode encryption and authentication for the wireless network Possible values e Inactive default value Neither encryption nor authentica tion e WEP 40 WEP 40 Bit e WEP 104 WEP 104 Bit
215. e Verify The term Back Route Verify describes a very simple but powerful function If a check is ac tivated for an interface incoming data packets are only accepted over this interface if out going response packets are routed over the same interface You can therefore prevent the acceptance of packets with false IP addresses even without using filters ana EEEF z of e rea bint RZ32bw _ 2 et we a IP Routes Options Back Route Verify O Enable for all interfaces Mode Enable for specific interfaces O Disable for all interfaces view fo per page L Fitter in None viequl sf Go lta Interface Back Route Verify ent 0 Enabled 2 ens 0 Enabled 3 bro Enabled 4 ethoa50 0 C Enabled Page 1 Items 1 4 General Allow deleting editing all routing entries ClEnabled 4 OK C Cancel __ Fig 52 Routing gt Routes gt Options bintec R200 Serie Funkwerk Enterprise Communications GmbH 12 Routing The Routing gt Routes gt Options menu consists of the following fields Fields in the Options Return Route Checking menu Field Description Mode Select how the interfaces to be activated for Back Route Verify are to be specified Possible values e Enable for all Interfaces Back Route Verify is activ ated for all interfaces e Enable for Specific Interfaces default value A list of all interfaces is displayed
216. e peer already exists 14 VPN Funkwerk Enterprise Communications GmbH En Note If a tunnel is to be set up to a peer the interface over which the tunnel is to be imple mented is activated first by the IPSec Daemon If IPSec with DynDNS is configured on the local device the own IP address is propagated first and then the ISDN call is sent to the remote device This ensures that the remote device can actually reach the local device if it initiates the tunnel setup Transfer of IP Address over ISDN Transferring the IP address of a device over ISDN in the D channel and or B channel opens up new possibilities for the configuration of IPSec VPNs This enables restrictions that occur in IPSec configuration with dynamic IP addresses to be avoided Note To use the IP address transfer over ISDN function you must obtain a free of charge extra licence You can obtain the licence data for extra licences via the online licensing pages in the support section at www funkwerk ec com Please follow the online licensing instruc tions Before System Software Release 7 1 4 IPSec ISDN callback only supported tunnel setup if the current IP address of the initiator could be determined by indirect means e g via DynDNS However DynDNS has serious disadvantages such as the latency until the IP address is actually updated in the database This can mean that the IP address propagated via DynDNS is not correct This problem is avoided by transferring
217. e protocol Possible values e ANY default value O CMR SENS TDR ADE e IPv6 SER SVE SECRE AMES e AH STE O Sige e Kryptolan PESOS bintec R200 Serie 12 Routing Funkwerk Enterprise Communications GmbH Field Description O IGRI MOST O TIRIM O FUP alin IEP O WARIS STATE Corresponding NAT Specify whether a NAT entry is to be created for outgoing con entry for outgoing con nections for portforwarding nection The function is activated with Enabled The function is activated by default External IP address Select the external host or network IP address of the selected interface In default scenarios only one external IP address is available In this case select the Auto option The Auto option is disabled by default so that you can enter the IP address manually Port Only if Service User defined First select whether all connections are to be permitted or whether a certain port or port range is to be defined Possible values e Ali default value No port mapping is carried out In this case the value 1 is entered in the input fields e Specify Port Enables a port number to be entered e Specify Port Range Enables a port number range to be entered Now enter the original destination port or destination port range to of the incoming IP connection Remote network Select whether IP packets are to be forwarded to a remote net work Funkwerk En
218. ect v Block Time fo Seconds NAT Traversal Enabled C ok C Cancel _ Fig 77 VPN gt IPSec gt Phase 1 Profiles gt New The VPN gt IPSec gt Phase 1 Profile gt New menu consists of the following fields Fields in the Phase 1 IKE Parameters menu Field Description Description Enter a description that uniquely defines the type of rule Proposals In this field you can select any combination of encryption and message hash algorithms for IKE phase 1 on your device The combination of six encryption algorithms and four message hash algorithms gives 24 possible values in this field At least one proposal must exist Therefore the first line of the table can not be deactivated Encryption algorithms Encryption e 3DES default value 3DES is an extension of the DES al gorithm with an effective key length of 112 bits which is rated as secure lt is the slowest algorithm currently supported e Twofish Twofish was a final candidate for the AES 14 VPN Funkwerk Enterprise Communications GmbH Field Description Advanced Encryption Standard It is rated as just as secure as Rijndael AES but is slower e Blowfish Blowfish is a very secure and fast algorithm Twofish can be regarded as the successor to Blowfish e CAST CAST is also a very secure algorithm marginally slower than Blowfish but faster than 3DES e DES DES is an older encryption algorithm which is rated as weak due to its small
219. ed encrypted Funkwerk Enterprise Communications GmbH 13 WAN Field Description e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e PAP CHAP MS CHAP Primarily run CHAP on denial the au thentication protocol required by the PPTP partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only DNS Negotiation Select whether your device receives IP addresses for primary domain name server and secondary domain name server from the connection partner or sends these to the connection partner The function is activated with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default LCP Alive Check Check whether the availability of the remote terminal is to be checked by sending LCP echo requests or replies This is re commended for leased lines PPTP and L2TP connections The function is activated with Enabled The function is disabled by default 13 1 4 ISDN In the WAN gt Internet Dialup gt ISDN menu a list of all ISDN interfaces is shown In this menu you configure the following ISDN connections e Internet access over ISDN LAN to LAN
220. ed IP Options menu Field Description Back Route Verify Select whether a check on the back route should be activated for the interface to the connection partner The function is activated with Enabled The function is disabled by default Proxy ARP Select whether your device is to respond to ARP requests from its own LAN on behalf of the specific connection partner Funkwerk Enterprise Communications GmbH 14 VPN Field Description Possible values e off default value Deactivates Proxy ARP for this IPSec peer e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the IPSec peer is Up active or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up until someone actually wants to use the route e Active Only Your device responds to an ARP request only if the status of the connection to the IPSec peer is Up active i e a connection already exists to the IPSec peer IPSec Callback bintec devices support the DynDNS service to enable hosts without fixed IP addresses to obtain a secure connection over the Internet This service enables a peer to be identified using a host name that can be resolved by DNS You do not need to configure the IP ad dress of the peer The DynDNS service does not signal whether a peer is actually online and cannot cause a peer to set up an Internet connection to enable an IPSec tunnel over the Intern
221. ed Route 130 External Filename 258 259 External IP address 138 F Facility 343 File Encoding 258 259 Filename 338 Filter rules 268 Filtered input interface s 302 Firewall Status 269 Force Certificate to be trusted 251 Forward to 288 Forwarded Requests 291 Forwarding 288 Fragmentation Threshold 120 Frame transmissions without ACK re ceived 366 G Garbage Collection Timer 148 Gateway 130 298 327 Funkwerk Enterprise Communications GmbH Generate Private Key 253 GRE Window Adaption 247 GRE Window Size 247 Group Description 150 Group ID 316 317 H Hashing Algorithms 80 Hello Interval 232 Hold Down Timer 149 Host 288 Host Name 293 HTTP 77 HTTPS 77 IGMP Proxy 158 IGMP Status 159 Ignore Certificate Request Payloads 228 IKE Phase 1 SAs 358 IKE Phase1 360 Include Certificates and Keys 338 Incoming ISDN Number 207 246 Incoming Number 324 Interface 78 96 113 130 135 138 146 152 156 199 268 288 293 297 316 319 320 327 331 362 363 Interface Action 316 319 320 Interface Description 76 Interface is UPnP controlled 331 Interface Mode 108 Internal Time Server 69 Interval 318 321 322 Intra cell Repeating 124 Invalid DNS Packets 291 Invalid packets received 366 IP Netmask 108 IP Accounting 345 IP accounting message format 346 IP Address 146 189 190 286 300 327 343 353 367 369 Funkwerk Enterprise Communications
222. ed party You make the selection using the telephone number index A speeddial index 000 299 can be assigned to each of the 300 telephone numbers in the telephone book You then dial this speed dial index instead of the long telephone number Note that telephone numbers dialled using the speeddial function must also comply with the dialrule Service Profile Identifier The splitter separates data and voice signals on the DSL connec tion Technique for reducing data traffic and thus saving costs espe cially in WANs Glossary SSID SSL STAC Funkwerk Enterprise Communications GmbH The Service Set Identifier SSID or Network Name refers to the wireless network code based on IEEE 802 11 Secure Sockets Layer A technology now standard developed by Netscape which is generally used to secure HTTP traffic between a web browser and a web server Data compression procedure Standard connection T ISDN Basic Rate Interface with the performance features Inquiry Static IP address Station guarding Subaddressing Subnet Subnet mask Subscriber Name Suppress A telephone number CLIR Suppress B tele phone number COLR Brokering and Telephone Number Transmission The standard con nection contains three multiple subscriber numbers A fixed IP address in contrast to a dynamic IP address Deactivation of acoustic call signalling do not disturb In addition to the transmission of ISDN telephone nu
223. ed with tone di alling Trivial File Transfer Protocol Tiger 192 is a relatively new and very fast hash algorithm Transport Layer Security Multifrequency code method MFC If you receive an internal call e g from the subscriber with internal telephone number 22 while you are away this subscriber s internal telephone number is stored in your telephone s caller list However because your connection is automatically set to Automatic Outside Line as a result of the ex works settings you would first have to dial for a callback in order to obtain the internal dialling tone and then Glossary Transmission speed TSD TTL Twofish U ADSL UDP Update Upload UPnP Upstream URL USB User guidance UUS1 User to User Signalling 1 V 11 Funkwerk Enterprise Communications GmbH 22 If Transfer Internal Code is active is placed before the 22 and the callback can be made directly from the caller list The number of bits per second transmitted in T Net or T ISDN from the PC or fax machine Fax machines achieve up to 14 4 kbps mo dems 56 kbps In the ISDN data and fax exchange with 64 kbps is possible With T DSL up to 8 mbps can be received and up to 768 kbps sent Terminal Selection Digit TTL stands for Time to Live and describes the time during which a data packet is sent between the individual servers before it is dis carded Twofish was a possible candidate for the AES Advanced Encryp ti
224. eers may become unavail able e g due to routing problems or a reboot However this can only be detected when the end of the lifetime of the security connection is reached Up until this point the data packets are lost These are various methods of performing an alive check to prevent this happening In the Alive Check field you can specify whether a method should be used to check the availability of a peer Two methods are available Heartbeats and Dead Peer Detection The Advanced Settingsmenu consists of the following fields Fields in the menu Advanced Settings Field Description Alive Check Select the method to be used to check the functionality of the IPSec connection In addition to the default method Dead Peer Detection DPD the proprietary Heartbeat method is implemented This sends and receives signals every 5 seconds depending on the config uration If these signals are not received after 20 seconds the 14 VPN Funkwerk Enterprise Communications GmbH Field Description SA is discarded as invalid Possible values e Autodetect default value Your device detects and uses the mode supported by the remote terminal e Down Your device sends and expects no heartbeat Set this option if you use devices from other manufacturers e Heartbeats Expect only Your device expects a heartbeat from the peer but does not send one itself e Heartbeats Send only Your device expects no heart beat from the peer but send
225. effective length of 56 bits e AES Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of security against attacks and general speed e AES 128 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 128 bits e AES 192 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 192 bits e AES 256 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 256 bits Hash algorithms Authentication e MD5 default value MD 5 Message Digest 5 is an older hash algorithm It is used with a 96 bit digest length for IPSec e SHA1 SHA1 Secure Hash Algorithm 1 is a hash algorithm developed by the NSA United States National Security Asso ciation It is rated as secure but is slower than MD5 It is used with a 96 bit digest length for IPSec e RipeMD 160 RipeMD 160 is a 160 bit hash algorithm It is used as a secure replacement for MD5 and RipeMD e Tiger 92 Tiger 192 is a relatively new and very fast al gorithm Please note that the description of the encryption and authentic ation or the hash algo
226. el in the Wireless LAN gt WLANx gt Radio Settings menu changes de pending on the country setting The default value is Germany bintec R200 Serie Chapter 12 Routing 12 1 Routes 12 1 1 IP routes In the Routing gt Routes gt IP Routes menu a list of all configured routes is shown 12 1 1 1 Edit New Choose the i icon to edit existing entries Choose the New button to create routes bintec R232bw Language English Online Help Express Setup Wizard IP Routes Options Route Class Extended Route DEnabled Route Parameters Route Type Network Route Destination IP Address Netmask L MOOO Interface None y Network Type ji Direct Local IP Address pooo Metric 1 M 4 OK JC Cancel Fig 50 Routing gt Routes gt IP Routes gt New with Extended Route Not activated If the Extended Route option is selected for Route Class an extra configuration section opens bintec R200 Serie ae _Save configuration _ Routes HAT RIP Load Balancing Mutticast ull 1 Ha a bintec R232bw TEE Language English Route Class Extended Route Route Parameters Route Type Destination IP Address Netmask Interface Network Type Local IP Address Metric Extended Route Parameters Source Interface Source IP Address Layer 4 Protocol Source Port Destination P
227. eld bintec R200 Serie Funkwerk Enterprise Communications GmbH 8 System Management e You can set the system time manually on the device 8a Note If a method for automatically deriving the time is defined on the device the values ob tained in this way automatically have higher priority A manually entered system time is therefore overwritten The System Management gt Global Settings gt Date and Time menu consists of the fol lowing fields Field in the Date and Time System Time menu Field Description Current System Time The current date and current system time are shown here The entry cannot be changed Fields in the Date and Time Manual Time Settings menu Field Description New Date Enter a new date Format Day dd e Month mm e Year yyyy New Time Enter a new time Format e Hour hh e Minute mm Fields in the Date and Time Automatic Time Settings network time protocol menu Field Description Update System Time Define whether the time information received at an incoming from ISDN ISDN connection is used to update the system time If a time server is configured the time is only determined over ISDN until a successful update is received from this time server Updating over ISDN is deactivated for the period in which the time is de termined by means of a time server 8 System Management Funkwerk Enterprise Communications GmbH Field Description The function is activated with Enabled
228. eld Description UDP Destination Port Enter the port to be monitored by the LNS on incoming L2TP tunnel connections Available values are all whole numbers from 1 to 65535 the default value is 1701 as specified in RFC 2661 bintec R200 Serie Field Description UDP Source Port Selec Select whether the LNS should only use the monitored port tion UDP destination port as the local source port for the L2TP connection The function is activated with Fixed The function is disabled by default 14 3 PPTP The Point to Point Tunnelling Protocol PPTP can be used to set up an encrypted PPTP tunnel to provide security for data traffic over an existing IP connection First a connection to an ISP Internet Service Provider is set up at both sites Once these connections are available a tunnel is set up to the PPTP partner over the Internet using PPTP The PPTP subsystem sets up a control connection between the endpoints of the tunnel This is used to send control data to set up keep alive and terminate the connection between the two PPTP tunnel end points As soon as this control connection is set up the PPTP transfers the traffic data packed in GRE packets GRE Generic Routing Encapsu lation 14 3 1 PPTP Tunnel In the PPTP Tunnel menu a list of all PPTP tunnels is shown bintec R200 Serie 14 3 1 1 New Click on New to set up further PPTP partners bintec R232bw Language English Express Setup Wizard
229. enabled default value or disable this access in the System Administration gt Administrative Access gt SSH menu and have access to the options for configuration of the SSH login bintec R200 Serie bintec R200 Serie bintec R232bw ave Configuration Status f _ Global Settings Interface Mode Bridge Language English x y glish 1 SSH Secure Shell Parameters SSH Service Active Compression TCP Keepalives Logging Level Authentication and Encryption Parameters Encryption Algorithms Hashing Algorithms Key Status RSA Key Status DSA Key Status E fray i Online Help Express Setup Wizard Access SSH SNMP a Enabled DEnabled Enabled information 3DES Y Blowfish Y AES 128 L AES 256 g E Mos sHa 1 MRipemp 160 Generated Generated Ok C Cancel _ Fig 32 System Management gt Administrative Access gt SSH You need an SSH client application e g PUTTY to be able to reach the SSH Daemon If you wish to use SSH Login together with the PuTTY client you may need to comply with some special configuration requirements for which we have prepared FAQs You will find these in the Service Support section at www funkwerk ec com To be able to reach the shell of your device via an SSH client make sure the settings for the SSH Daemon and SSH client are the same Note If configuration of an SSH c
230. ength Date Name Vr xpbc B 7 1 04 2994754 2004 09 02 14 11 48 box150 srel ppc860 Vrw pl f 0 0 350 2004 09 07 10 44 14 sshd host _rsa key pub Vrw pl f 0 0 1011 2004 09 07 10 44 12 sshd host_rsa_key Vrw p1 f 0 0 01 730 2004 09 07 10 42 17 sshd host _dsa key pub Vrw pl f 0 0 01 796 2004 09 07 10 42 16 sshd host_dsa key Flash Sh gt Note The device generates a key pair for each of the algorithms RSA and DSA i e two files must be stored in the flash for each algorithm see example at above If no keys are available you have to generate these first Proceed as follows 1 Leave the Flash Management shell with exit 2 Call up the Setup tool setup and navigate to the Security gt SSH Daemon gt Cer tification Management menu 3 To have the keys generated by the device mark one of the two entries with the cursor and confirm with Enter The device then generates the key and stores it in the FlashROM 4 Make sure that both keys have been successfully generated To do this repeat the procedure described above Login via SSH Proceed as follows to log in on your device via SSH If you have made sure that all the keys needed are available on the device you have to check whether an SSH client is installed on your PC Most UNIX and Linux distributions in stall a SSH client by default Additional software e g PUTTY usually has to be installed on Funkwerk Enterprise Communications GmbH 7 Access and configuration
231. entify Based on the identity authentication the user can access certain services and resources Special feature on telephones By pressing a key or code the caller requests a call back from the engaged terminal If the subscriber you want is not at their desk or cannot take the call they are auto matically connected with the caller as soon as they have used the telephone again and replaced the receiver This function can only be used on telephones that permit suffix dial ling An automatic callback from an inquiry connection is not pos sible You urgently need to contact a business partner or internal sub scriber However when you call you always hear the engaged tone If you were to receive notification that the subscriber had ended the call your chance of reaching them would be very good With Call back on Busy you can reach the engaged subscriber once they have replaced the receiver at the end of the call Your telephone rings When you lift the receiver a connection to the required sub scriber is set up automatically An internal Callback on Busy is de leted automatically after 30 minutes The external Callback on Glossary Automatic callback on no reply CCBS Automatic clearing of Internet connec tion ShortHold Automatic outside line Automatic redialling B channel B channel BACP BAP Base station Basic Rate Interface Funkwerk Enterprise Communications GmbH Busy is deleted after a
232. eporting Monitoring Glossary The glossary contains a reference to the most important tech nical terms used in network technology Index The index lists all the key terms for operating the device and all the configuration options and gives page numbers so they can be found easily To help you locate information easily this user s guide uses the following visual aids List of visual aids Indicates practical information Indicates general and important points Indicates a warning of risk level Attention points out possible dangers that may cause damage to property if not observed Indicates a warning of risk level Warning points out possible dangers that may cause physical injury or even death if not ob served gt gt i e The following typographical elements are used to help you find and interpret the informa tion in this user s guide Typographical elements Typographical element Use Indicates lists Menu gt Submenu Indicates menus and sub menus File gt Open 4 bintec R200 Serie Typographical element Use non proportional Indicates commands that you must enter as written Courier e g ping LOA MS LAA bold e g Windows Indicates keys key combinations and Windows terms Start menu bold e g biboAdmLo Indicates fields ginTable italic e g none Indicates values that you enter or that can be configured Online blue and italic Indicates hyperlinks e g www funkwerk ec c
233. equests are sent after CC negotiation CC activation negotiation e Both OAM CC requests are sent and answered after CC ne gotiation CC activation negotiation e No negotiation Depending on the setting in the Direction field OAM CC requests are either sent and or responded to There is no CC negotiation e None The function is disabled Also select whether the test cells of the OAM CC are to be sent or received Possible values e Both default value CC data is both received and generated e Destination CC data is received e Source CC data is generated Continuity Check CC Select whether you want to activate the OAM CC test for the Segment segment connection segment connection of the local end point to the next connection point of the VCC or VPC Possible values e Passive default value OAM CC requests are responded to after CC negotiation CC activation negotiation e Active OAM CC requests are sent after CC negotiation CC activation negotiation Field Description e Both OAM CC requests are sent and answered after CC ne gotiation CC activation negotiation e No negotiation Depending on the setting in the Direction field OAM CC requests are either sent and or responded to There is no CC negotiation None The function is disabled Also select whether the test cells of the OAM CC are to be sent or received Possible settings e Both default value CC data is both received a
234. equests from clients are accepted by each interface for requests from the local network and or whether the interface can be controlled via UPnP requests bintec R232bw Language English Online Help Express Setup Wizard intertaces ctopal settings Surveillance FA A A ISDH Theft Protection z E 2 E i lt EE A A Page 4 tems 1 3 Vew 20 per page Tern Go Interface Answer to client request Interface is UPnP controlled ent 0 enabled pE Enana ens 0 Denabied P Enabled ethoa50 0 Enabled Menabled 4 OK D Cancel Fig 133 Local Services gt UPnP gt Interfaces The Local Services gt UPnP gt Interfaces menu consists of the following fields Fields in the UPnP Interfaces menu Field Description Interface Answer to client request Interface is UPnP con trolled Shows the name of the interface for which the UPnP settings are to be made The entry cannot be changed Determine whether UPnP requests from clients are to be answered via the particular interface from the local network The function is activated with Enabled The function is disabled by default Determine whether the NAT configuration of this interface is controlled by UPnP The function is activated with Enabled The function is enabled by default bintec R200 Serie 1710 2 Global Settings In this menu you
235. er Only for RFC 2091 Variable Timer Enabled The hold down timer is activated as soon as your device re ceives an unreachable route metric 16 The route may deleted once this period has elapsed The default value is 120 seconds Retransmission Timer Only for RFC 2091 Variable Timer Enabled After this timeout update request or update response packets are sent again until an update flush or update acknowledge packet arrives The default value is 5 seconds 12 4 Load Balancing 12 4 1 Load Balancing Groups The increasing amount of data traffic over the Internet means it is necessary to send data over different interfaces to increase the total bandwidth available IP load balancing en ables the controlled distribution of traffic within a particular group of interfaces according to the following principles e In contrast to Multilink PPP based solutions load balancing also functions with accounts with different providers e Session based load balancing is achieved e Related dependent sessions are always routed over the same interface e A decision on distribution is only made for outgoing sessions In the Routing gt Load Balancing gt Load Balancing Groups menu a list of all con figured load balancing groups is shown 12 4 1 1 New Choose the New button to set up new groups bintee R232bw Bores evo Wa Basic Parameters gt Gr
236. erefore change the configuration of the correspond ing list entry directly in the list Automatic Refresh Interval 60 Seconds _ Apply Fig 21 Configuration of the update interval View 20 per page gt Fiter in None equal Y Go Fig 22 Filter list Structure of the Funkwerk Configuration Interface configuration menus The menus of the Funkwerk Configuration Interface contain the following basic struc tures Funkwerk Configuration Interface menu structure Basic configuration When you select a menu from the navigation bar the menu of menu list basic parameters is displayed first In a sub menu containing several pages the menu containing the basic parameters is dis played on the first page The menu contains either a list of all the configured entries or the basic settings for the function concerned Sub menu The New button is available in each menu in which a list of all e s the configured entries is displayed Click the button to display the configuration menu for creating a new list entry New Sub menu Click this button to process the existing list entry You go to the ra configuration menu Menu Click this tab to display extended configuration options Advanced Settings The following options are available for the configuration Funkwerk Configuration Interface configuration elements Input fields e g empty text field Text field with hidden input 0 0 0 0 Enter the data
237. erface Example en1 0 first interface on the first Ethernet port The name of the bridge group is made up of the following parts a Abbreviation for interface type b Number of the bridge group Example bro first bridge group The name of the wireless network is made up of the following parts a Abbreviation for interface type b Number of the wireless module c Number of the interface Example vss1 0 first wireless network on the first wireless module The names of the virtual interfaces connected to an Ethernet port are made up of the fol lowing parts a Abbreviation for interface type b Number of the Ethernet port c Number of the interface connected to the Ethernet port d Number of the virtual interface Example en1 0 1 first virtual interface based on the first interface on the first Ethernet port 8 3 1 Interfaces You define separately whether each interface is to operate in routing or bridging mode bintec R200 Serie If you want to set bridging mode you can either use existing bridge groups or create a new bridge group The default setting for all existing interfaces is routing mode If the option New Bridge Group is selected for Mode Bridge Group a bridge group br0 br1 etc is automatically set up ER 214 s i La 7 bintec R232bw Language English Online Help Express Setup Wizard z es Save configuration Interfaces Interface
238. erface is used In the case of physical interfaces the current MAC address is entered by de 10 LAN Funkwerk Enterprise Communications GmbH Field Description fault If you disable Use Built In you enter an MAC address for the virtual interface e g 00 e1 f9 06 bf 03 Some providers use hardware independent MAC addresses to allocate their clients IP addresses dynamically If your provider has assigned you an MAC address enter this here DHCP Hostname Only if Address Mode DHCP Enter the host name requested by the provider The maximum length of the entry is 45 characters Proxy ARP Select whether your device is to respond to ARP requests from its own LAN on behalf of defined remote terminals The function is enabled by choosing Enabled The function is disabled by default TCP MSS Clamping Select whether your device is to apply MSS Clamping To pre vent IP packets fragmenting the MSS Maximum Segment Size is automatically decreased by the device to the value set here The function is enabled by choosing Enabled The function is disabled by default Once enabled the default value 1350 is entered in the input field 10 2 VLAN By implementing VLAN segmentation in accordance with 802 1Q you can configure VLANs on your device The wireless ports of an access point in particular are able to re move the VLAN tag of a frame sent to the clients and to tag received frames with a pre defined VLAN ID This functionali
239. es gt New with Client Type On demand 13 1 3 1 New Choose the New button to set up new PPPoA interfaces bintec R200 Serie Pe 4 bintec R232bw Language English Online Help Express Setup Wizard PPPoE PPTP PPPOA ISDN IP Pools Basic Parameters Description ATM PVC Selectone j User Name Password escesces Always on DEnabled Connection Idle Timeout 300 Seconds IP Mode and Routes IP Address Mode Ostatic Get IP Address Default Route Enabled ES Create NAT Policy MEnabled Advanced Settings Block after connection failure for e0 Seconds Maximum Number ofDialupRetries 5 Authentication PAP x DNS Negotiation E Enabled Prioritize TCP ACK Packets E Enabled LCP alive Check ClEnabled C OK C Cancel Fig 67 WAN gt Internet Dialup gt PPPoA gt New The WAN gt Internet Dialup gt PPPoA gt New menu consists of the following fields Fields in the PPPoA Basic Parameters menu Field Description Description ATM PVC User name Password Always Active Enter a name for uniquely identifying the connection partner The first character in this field must not be a number and no special characters or umlauts must be used either Select an ATM profile created in the ATM gt Profiles menu in dicated by the global identifiers VPI and VCI specified by the provider Enter the user
240. es the interface of your device on which discov ery is carried out The value of this field can only be read This field specifies the MAC address of the discovered access point You can change the name of the discovered access point here You can change the IP address of the discovered access point here You can change the related netmask here Field Description Gateway You can change the gateway address of the discovered access point here Authentication Password You must enter the administrator password for the access point here otherwise you cannot carry out the configuration opera tion Last Write Result The value of this field can only be read This field displays the result of the last configuration operation Possible values e No Error The access point reported a successful operation or a configuration change has not yet been made with OK e No Response The access point has not responded e Access Denied The access point reported an authorisation error Check the authentication password e Invalid IP Parameters There is a problem with the in tended IP parameters IP address netmask or gateway ad dress e Destination Unreachable The access point cannot be reached for internal reasons e g the interface to which the access point is connected is down A configuration request cannot be sent to the access point e Other AP Error The access point responds to the config uration request with an
241. essed as per RFC 2091 triggered RIP e RIP V2 Triggered RIP V2 messages are sent received and processed as per RFC 2091 triggered RIP Route Announce Select this option if you want to set the time at which any activ ated routing protocols e g RIP are to propagate the IP routes defined for this interface Note This setting does not affect the interface specific RIP con figuration mentioned above Possible values e Up Only default value Routes are only propagated if the interface status is up e Always Routes are always propagated independent of oper ational status 12 3 2 RIP Filter In this menu you can specify exactly which routes are to be exported or imported You can use the following strategies for this e You explicitly deactivate the import or export of certain routes The import or export of all other routes that are not listed is still allowed e You explicitly activate the import or export of certain routes In this case you must also explicitly deactivate the import or export of all other routes You can do this using a filter for IP Address no entry this corresponds to the IP address 0 0 0 0 with Netmask no entry this corresponds to the netmask 0 0 0 0 To make sure this filter is used last it must be placed at the lowest position You configure a filter for a default route with the following values e IP Address no entry this corresponds to the IP address 0 0 0 0 with Netmask 2
242. et This pos sibility is created with IPSec callback Using a direct ISDN call to a peer you can signal that you are online and waiting for the peer to set up an IPSec tunnel over the Internet If the called peer currently has no connection to the Internet the ISDN call causes a connec tion to be set up This ISDN call costs nothing depending on country as it does not have to be accepted by your device The identification of the caller from his or her ISDN number is enough information to initiate setting up a tunnel Before you can configure this service you must first configure a number for IPSec callback on the passive page in the Physical Interfaces gt ISDN Ports gt MSN Configuration gt New menu The value IPSec is available for this purpose in the Service field This entry ensures that incoming calls for this number are routed to the IPSec service If callback is active the peer is caused to initiate setting up an IPSec tunnel by an ISDN call as soon as this tunnel is required With passive callback the set up of a tunnel to the peer is always initiated if an ISDN call to the corresponding number MSN in the Physical Interfaces gt ISDN Ports gt MSN Configuration gt New for Service IPSec menu is re ceived This ensures that both peers are reachable and that the connection can be set up over the Internet The only case in which callback is not executed is if SAs Security Asso ciations already exist i e the tunnel to th
243. etches documents provided by other fax machines or fax databases Input output Plain Old Telephone System Point to Point Protocol Security mechanism A method of authentication using passwords in PPP Point to Point Protocol over ATM Point to Point Protocol over Ethernet Primary Rate Interface ISDN subscriber connection The PRI consists of one D channel and 30 B channels in Europe In America 23 B channels and one D channel There is also the ISDN Basic Rate Interface Protocols are used to define the manner and means of information exchange between two systems Protocols control and rule the course of data communication at various levels decoding address ing network routing control procedures etc ARP Address Resolution Protocol Packet Switched Network Public Switched Telephone Network Port VLAN ID Telephones that have a R key inquiry key can also be connected to a PBX In modern telephones the R key triggers the hook flash function This is required for use of performance features in T Net such as inquiry brokering and three party conference Remote Authentication Dial In User Service Rate Adaptive Digital Subscriber Line Remote access service bintec R200 Serie Real Time Clock Hardware clock with buffer battery RTC Receiver volume Function for controlling the volume in the telephone receiver Reconnection on the For a point to multipoint connection enables the terminal connec bus parking
244. ettingsmenu consists of the following fields Fields in the Advanced Settings Advanced IPSec Options menu Field Description Phase 1 Profile For phase 1 select a profile already configured in the Phase 1 Profiles menu You can also select the profile marked as the 14 VPN Funkwerk Enterprise Communications GmbH Field Description default in Phase 1 Profiles Default Profile Phase 2 Profile For phase 2 select a profile already configured in the Phase 2 Profiles menu You can also select the profile marked as the default in Phase 2 Profiles Default Profile XAUTH Profile Select a profile created in VPN gt IPSec gt XAUTH Profiles if you wish to use this IPSec peer XAuth for authentication If XAuth is used together with IKE Config Mode the transac tions for XAuth are carried out before the transactions for IKE Config Mode Usage Type Select how to use this peer entry Possible values e Standard default value Only one peer can connect with the data defined in this peer profile e Multi User Dialin Only Several peers can connect with the data defined in this peer profile For each connection request with the data of this profile the peer entry is duplic ated Start mode Select how the peer is to be switched to the active state Possible values e On demand default value The peer is switched to the active state by a trigger e Always on The peer is always active Fields in the Advanced Settings Advanc
245. f clients is reached no more new wireless networks can be created and a warning message will appear Fields in the Radio Settings Performance Settings menu Field Description Wireless Mode Select the wireless technology that the access point is to use Possible values e 802 11g The device operates only in accordance with 802 11g 802 11b clients have no access e 802 11b Your device operates only in accordance with 802 11b and forces all clients to adapt to it e 802 11 mixed b g default value 802 11 mixed short b g Your device adapts to the client technology The following applies for mixed short The data rates 5 5 and 11 mbps must be supported by all clients basic rates e 802 11 mixed long b g Your device adapts to the cli ent technology Only a data rate of 1 and 2 mbps needs to be supported by all clients basic rates This mode is also needed for Centrino clients if connection problems occur Burst Mode This performance feature increases the maximum burst time for transmission to a connected client and therefore increases the data throughput in slower WLANs Several wireless data packets are transmitted directly one after the other burst The CTS packet required for administration is only sent once The function is enabled by choosing Enabled The function is enabled by default The burst functionality complies with the 802 11 standards which means burst mode can result in improvements with every
246. f the working memory in MByte in relation to the available total working memory in MByte The usage is also displayed in brackets as a percentage ISDN Usage External Displays the current number of ISDN B channels used in rela tion to the total number of ISDN B channels available Active Sessions SIF Displays the total of all SIF TDRC and IP load balancing ses RTP etc sions Active IPSec Tunnels Displays the number of currently active IPSec tunnels in relation to the number of configured IPSec tunnels Other fields in the Status menu Field Value Physical Interface In The physical interfaces are listed here and their most important terface Specifics Link settings are shown The system also displays whether the inter face is connected or active Interface specifics for Ethernet interfaces e IP Address e Netmask Interface specifics for ISDN interfaces e Configured e Not configured Interface specifics for xDSL interfaces e Downstream Upstream Line Speed Interface Specifics for WLAN Interfaces Access Point Mode e Operation Mode Access Point or Off e The channel used on this wireless module e Number of connected clients e Number of WDS links e Software version of the wireless card Recent System Logs Displays the last 10 system messages 8 2 Global Settings The basic system parameters are managed in the Global Settings menu 8 2 1 System The System Management gt Global Settings gt Sy
247. face Proxy ARP Mode Select whether your device is to respond to ARP requests from its own LAN on behalf of the specific L2TP partner Possible values e Inactive default value Deactivates Proxy ARP for this L2TP partner e Up or Dormant Your device only responds to an ARP re quest if the status of the connection to the L2TP partner is Up active or Dormant In the case of Dormant your device only responds to the ARP request the connection is not set up until someone actually wants to use the route e Active Only Your device responds to an ARP request only if the status of the connection to the L2TP partner is Up Field Description active i e a connection already exists to the L2TP partner DNS Negotiation Select whether your device receives IP addresses for primary DNS server secondary DNS server primary WINS and sec ondary WINS from the L2TP partner or sends these to the L2TP partner The function is activated with Enabled The function is enabled by default 14 2 3 Options ETES a E i Online Help Express Setup Wizard bintec R232bw Fine English v 4 oat Tunnel Profiles Users Options A Global Options UDP Destination Port 1701 UDP Source Port Selection DFixed oK C Cancel Fig 85 VPN gt L2TP gt Options The VPN gt L2TP gt Options menu consists of the following fields Fields in the Options Global Options menu Fi
248. fully resolved names and IP addresses are to be stored in the cache The function is enabled by choosing Enabled The function is enabled by default Negative Cache Select whether the negative dynamic cache is to be activated i e whether queried names for which a DNS server has sent a negative response are stored as negative entries in the cache The function is enabled by choosing Enabled The function is enabled by default Cache Size Enter the maximum total number of static and dynamic entries Once this value is reached the dynamic entry not requested for the longest period of time is deleted when a new entry is added If the Cache Size is reduced by the user dynamic entries are deleted if necessary Static entries are not deleted Cache Size cannot be set to smaller than the current number of static entries Possible values 0 1000 The default value is 100 Funkwerk Enterprise Communications GmbH 17 Local services Field Description Maximum TTL for Posit Enter the value to which the TTL is to be set for a positive dy ive Cache Entries namic DNS entry in the cache if its TTL is 0 or its TTL exceeds the value for Maximum TTL for Positive Cache Entries The default value is 86400 Maximum TTL for Neg Enter the value set to which the TTL is to be set in the case of a ative Cache Entries negative dynamic entry in the cache The default value is 36400 Alternative interface to Only if DNS Server Configuration
249. funkwerk enterprise communications Manual bintec R200 Serie Reference Copyright Version 7 1 2009 Funkwerk Enterprise Communications GmbH bintec R200 Serie 1 Manual Funkwerk Enterprise Communications GmbH Legal Notice Aim and purpose This document is part of the user manual for the installation and configuration of funkwerk devices For the latest information and notes on the current software release please also read our release notes particularly if you are updating your software to a higher release version You will find the latest release notes under www funkwerk ec com Liability This manual has been put together with the greatest possible care However the information con tained in this manual is not a guarantee of the properties of your product Funkwerk Enterprise Com munications GmbH is only liable within the terms of its conditions of sale and supply and accepts no li ability for technical inaccuracies and or omissions The information in this manual can be changed without notice You will find additional information and also release notes for funkwerk devices under www funkwerk ec com Funkwerk devices make WAN connections as a possible function of the system configuration You must monitor the product in order to avoid unwanted charges Funkwerk Enterprise Communications GmbH accepts no responsibility for data loss unwanted connection costs and damage caused by un intended operation of the product
250. g MDIX Permanently installed twisted pair only 10 100 mbps auto sensing MDIX Permanently installed twisted pair only 10 100 mbps auto sensing MDIX WLAN interface antennas 802 11b and 802 11g with Antenna Diversity Data rates 1 2 5 5 6 9 11 12 18 24 36 48 54 mbps 1 2 5 5 6 9 11 12 18 24 6 Technical data Funkwerk Enterprise Communications GmbH Product name bintec R230a bintec R230b bintec R230aw 36 48 54 mbps Available sockets Serial interface V 24 5 pole mini USB socket 5 pole mini USB socket 5 pole mini USB socket Ethernet interface RJ45 socket RJ45 socket RJ45 socket ADSL interface RJ11 socket RJ11 socket RJ11 socket Standards amp Guidelines R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states R amp TTE Directive 1999 5 EC CE symbol for all EU states SAFERNET TM Se curity Technology Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Call back Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Community passwords PAP CHAP MS CHAP MS CHAP v 2 PPTP PPPoE PPPoA Call back Access Control Lists CLID NAT SIF MPPE Encryption PPTP Encryption VPN with PPTP or IPSec Community passwords PAP CHAP MS CHAP MS CHA
251. g the internet connection The first character in this field must not be a number and no special characters or umlauts must be used either Select the IP interface over which packets are to be transported to the remote PPTP terminal If you want to use an external DSL modem select the Ethernet port to which the modem is connected 13 WAN Funkwerk Enterprise Communications GmbH Field Description When using the internal DSL modem select here the EthoA in terface e g ethoa50 0 configured for this connection in Physical Interfaces gt ATM gt Profiles gt New The default value is Not specified User name Enter the user name Password Enter the password Always Active Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Only if Always on is disabled Enter the idle interval in seconds This determines how many seconds should pass between sending the last traffic data pack et and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the timeout The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Fields in the PPTP IP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static
252. gov encryption aes RIP Routing Information Protocol RipeMD 160 RipeMD 160 is a cryptographic hash function with 160 bits It is re garded as a secure replacement for MD5 and RipeMD bintec R200 Serie Glossary RJ45 Roaming Room monitoring acoustic Room monitoring from external tele phones Room monitoring from internal tele phones Router RSA RTSP S2M interface SAD SDSL Server Funkwerk Enterprise Communications GmbH Plug or socket for maximum eight wires Connection for digital ter minals In a multicell WLAN clients can move freely and log off from one ac cess point and log on to another when moving through cells without the user noticing this This is known as roaming To use the Room Monitoring performance feature the telephone must be activated in the room to be monitored by means of a code and the receiver must be lifted or Hands free switched on If you replace the telephone receiver or turn off Hands free room mon itored ends and the performance feature is switched off This function can be used to monitor rooms from an external tele phone You can acoustically monitor a room from an internal telephone in your PBX This is set up using the telephone procedures described in the user s guide Please read the information on the described functions in the user s guide A device that connects different networks at layer 3 of the OSI mod el and routes information from
253. gs gt System Licenses 2 Press the icon in the line containing the licence you want to delete 3 Confirm with OK The licence is deactivated You can reactivate your additional licence at any time by enter ing the valid licence key and licence serial number 8 3 Interface Mode Bridge Groups In this menu you define the operation mode for your device s interfaces Routing versus bridging Bridging connects networks of the same type In contrast to routing bridges operate at lay er 2 of the OSI model data link layer are independent of higher level protocols and trans mit data packets using MAC addresses Data transmission is transparent which means the information contained in the data packets is not interpreted With routing different networks are connected at layer 3 network layer of the OSI model and information is routed from one network to the other Conventions for port interface names The names of wireless ports in the user interface of your device are made up of the follow ing parts a WLAN b Number of the physical port 1 or 2 Example wLAN1 bintec R200 Serie The name of the Ethernet port is made up of the following parts a ETH where en stands for Ethernet b Number of the port Example ETH1 The names of the interfaces connected to an Ethernet port are made up of the following parts a Abbreviation for interface type b Number of the Ethernet port c Number of the int
254. gt Administrative Ac cess gt Access These rules can also be edited here bintes R232bw EEPE tiros options JP Fer m None equal x ali P S A A s p Page 1 Show administrative access rules Fi bs _ _ Destination Service Action Tratti P i 150 pl 4 New C OK IK Cancel Fig 94 Firewall gt Policies gt Filter Rules You can use the H button to insert another policy above the list entry The configuration menu for creating a new policy opens You can use the button to move the list entry A dialog box opens in which you can se lect the position to which the policy is to be moved Moreover the overview provides the option to show the firewall rules of the underlying set tings made in the System Management gt Administrative Access gt Access menu To do bintec R200 Serie this enable the Show administrative access rules option 15 1 1 1 New Choose the New button to set up new parameters ieee he gf FS CET ST P t E bintec R232bw Language English v Online Help Logout funkwe rima Y s Save Configuration gt Filter Rules QoS Options Saen Management RA _ Basic Parameters Wireless LAN a Source INTERFACE ALIASES v pS A A Destination INTERFACE ALIASES v Tonics seves x we Action Access 8 Eoscies Apply Qos i Enab
255. gured on the access point provided you know the administrator password 3 Note Any bintec access points that exist are determined by means of a multicast The IP address of the access point is therefore irrelevant Please note that the discovered bintec access points are not stored in the flash which bintec R200 Serie means discovery must be repeated after you reboot your device In the Local Services gt Funkwerk Discovery gt Device Discovery menu under Res ults a list is shown of all access points found on the network In the Interface field select the interface of your device via which access point discovery is to be carried out You use the A11 option to query all interfaces The current discovery status is displayed for each individual Ethernet interface under Dis covery Status None means that discovery is not active Discovery is displayed when dis covery is currently being carried out This discovery function also enables your device to be discovered and configured by other access points with a discovery function You configure this in the Options sub menu 17 9 1 1 Discover Click the Discover button to start access point discovery u i bintec R232bw Language English Y Express Setup Wizard f Automatic Refresh Interval 50 Seconds C Apply _ Discovery Status eS Interface Sts ent 0 a o Discovery Initiate Funkwerk Discovery Interface Al mi Results l 1
256. he Routing gt Multicast gt IGMP gt p New menu consists of the following fields Fields in the IGMP IGMP Settings menu Field Description Interface Select the interface on which IGMP is to be enabled i e queries are sent and responses are accepted Query Interval Enter the interval in seconds in which IGMP queries are to be sent Possible values are 0 to 600 The default value is 125 Maximum Response For the sending of queries enter the time interval in seconds Time within which hosts must respond The hosts randomly select a time delay from this interval before sending the response This spreads the load in networks with several hosts improving per formance bintec R200 Serie Funkwerk Enterprise Communications GmbH 12 Routing Field Description Possible values are 0 to 100 The default value is 100 Robustness Select the multiplier for controlling the timer values A higher value can e g compensate for packet loss in a network suscept ible to loss If the value is too high however the time between logging off and stopping of the data traffic can be increased leave latency Possible values are 2 to 8 The default value is 2 Response interval last Define the time after a query for which the router waits for an member answer If you shorten the interval it will be more quickly detected that the last member has left a group so that no more packets for this group should be forwarded to this i
257. he device is connected to the Ethernet 100 mbps or 10 mbps flashing Data traffic via the Ethernet Interface 100 mbps or 10 mbps ADSL on ADSL connection is active 6 Technical data Funkwerk Enterprise Communications GmbH The LEDs on bintec R230aw are arranged as follows Status O Fig 5 LEDs of bintec R230aw In operation mode the LEDs on bintec R230aw display the following status information for your device LED status display LED State Information Power on The power supply is connected State on The device has started flashing The device is active 1to4 on The device is connected to the Ethernet 100 mbps or 10 mbps flashing Data traffic via the Ethernet Interface 100 mbps or 10 mbps WLAN on The WLAN module is active flashing Data traffic via the WLAN interface ADSL on ADSL connection is active The LEDs on bintec R232a bintec R232b are arranged as follows bh Zs dads SA Power esse on A O Status O ess A A A ETH Fig 6 LEDs of bintec R232a bintec R232b Funkwerk Enterprise Communications GmbH 6 Technical data In operation mode the LEDs on bintec R232a bintec R232b display the following status information for your device LED status display 1 D State Information Power on The power supply is connected State on The device has started flashing The device is active 1to4 on The device is connected to the Ethernet 100 mbps or 10 mbps flashing Data traffic via the
258. he function is activated with Enabled The function is enabled by default If you deactivate the function the times defined in RFC are re tained for the timeouts RFC 2091 Variable For the timers described in RFC 2091 select whether the same Timer values that you can configure in the Timer for Triggered RIP RFC 2091 menu The function is activated with Enabled The function is disabled by default If the function is not activated the times defined in RFC are re tained for the timeouts Fields in the RIP Options Timer for RIP V2 RFC 2453 menu Field Description Update Timer Only for RFC 2453 Variable Timer Enabled Funkwerk Enterprise Communications GmbH 12 Routing Field Description An RIP update is sent on expiry of this period of time The default value is 30 seconds Route Timeout Only for RFC 2453 Variable Timer Enabled After the last update of a route the route time is active After timeout the route is deactivated and the Garbage Collec tion Timer is started The default value is 180 seconds Garbage Collection Only for RFC 2453 Variable Timer Enabled Timer The Garbage Collection Timer is started as soon as the route timeout has expired After this timeout the invalid route is deleted from the IPROUTETABLE if no update is carried out for the route The default value is 120 seconds Fields in the RIP Options Timer for Triggered RIP RFC 2091 menu Field Description Hold Down Tim
259. his mode also designated Main Mode requires six messages for a Diffie Hellman key calculation and thus for configuring a secure channel over which the IPSec SAs can be negotiated A condition is that both peers have static IP addresses if preshared keys are used for authentication Also define whether the selected mode is used exclusively Strict or the peer can also propose another mode Local ID Type Select the local ID type Possible values e Fully Qualified Domain Name FQDN e E mail address Funkwerk Enterprise Communications GmbH 14 VPN Field Description e IPV4 Address e ASN 1 DN Distinguished Name Local ID Value Enter the ID of your device For Authentication Method DSA Signature RSA Signa ture RSA Encryption the Use Subject Name from Certificate option is shown If you enable the Use Subject Name from certificate option the first alternative subject name indicated in the certific ate is used or if none is specified the subject name of the cer tificate is used Note If you use certificates for authentication and your certific ate contains alternative subject names see Certificates on page 250 you must make sure your device selects the first al ternative subject name by default Make sure you and your peer both use the same name i e that your local ID and the peer ID your partner configures for you are identical Alive Check During communication between two IPSec peers one of the p
260. iber Call waiting Call waiting protec tion Callback on Busy Calls received after office hours are forwarded to a telephone still manned or to the answering machine or fax Performance feature of a PBX Calls can be received on an internal terminal that is not part of active call allocation An external call is only signalled for your colleague As you belong to several different teams this is not surprising You can now form various groups of subscribers in which call pickup is possible A call can only be picked up by subscribers terminals in the same pickup group The assignment of subscribers in pickup groups is not de pendent on the settings in the Day and Night team call assignment Reject Call Through is a dial in via an external connection to the PBX with the call put through from the PBX via another external connection Busy on busy The Call Waiting performance feature means that other people can contact you during a telephone call If another subscriber calls while you are on the telephone you hear your telephone s call waiting tone You can then decide whether to continue with your first call or speak to the person whose call is waiting If you do not want to use the call waiting feature you switch on call waiting protection If you are taking a call a second caller hears the engaged tone Performance feature in T ISDN PBXs and T Net A connection is set up automatically as soon as the Busy status on the
261. ic trusted ate without further checks during authentication The function is activated with True The function is disabled by default i Caution It is extremely important for VPN security that the integrity of all certificates manually marked as trustworthy certification authority and user certificates is ensured The dis played fingerprints can be used to check this integrity Compare the displayed values with the fingerprints specified by the issuer of the certificate e g on the Internet It is sufficient to check one of the two values 14 5 1 2 Request Registration authority certificates in SCEP If SCEP is used your device also supports separate registration authority certificates Registration authority certificates are used by some Certificate Authorities CAs to handle certain tasks signature and encryption during SCEP communication with separate keys and to delegate the operation to separate registration authorities if applicable When a certificate is downloaded automatically i e if CA Certificates Download is selected all the certificates needed for the operation are loaded automatically If all the necessary certificates are already available in the system these can also be selec ted manually Select the Request button to request or import more certificates bintes R732bw OPTEN Certificate
262. ical Interfaces y TACACS Secret ooceceee E A Priority 0 v i Pent A Advanced Settings E Fire Policy Non authoritative E cr Pot aa Mi int Timeout E Seconds _ EddemnalReporting Z BiockTime so Seconds A EA enabled C OK C Cancel __ Fig 35 System Management gt Remote Authentication gt TACACS gt New The System Management gt Remote Authentication gt TACACS gt New menu con sists of the following fields Fields in the TACACS Basic Parameters menu Field Description Authentication Type Displays which TACACS function is to be used The value cannot be changed Possible values e Login Authentication Here you can define whether the current TACACS server is to be used for login authentication to your device Server IP Address Enter the IP address of the TACACS server that is to be re quested for login authentication TACACS Secret Enter the password to be used to authenticate and if applic able encrypt data exchange between the TACACS server and the network access server your device The maximum length of the entry is 32 characters Priority Assign a priority to the current TACACS server The server with the lowest value is the one used first for TACACS login bintec R200 Serie Funkwerk Enterprise Communications GmbH 8 System Management Field Description authentication If this does not respond or access is denied only if Policy Non authoritative the entry
263. icast is connectionless which means that any trouble shooting or flow control needs to be guaranteed at application level At transport level UDP is used almost exclusively as in contrast to TCP it is not based on a point to point connection At IP level the main difference is therefore that the destination address does not address a dedicated host but rather a group i e during the routing of multicast packets the decisive factor is whether a recipient is in a logged in subnet In the local network all hosts are required to accept all multicast packets For Ethernet or FDD this is based on MAC mapping where the group address is encoded into the destina tion MAC address For routing between several networks the routers first need to make themselves known to all potential recipients in the subnet This is achieved by means of Membership Management protocols such as IGMP for IPv4 and MLP for IPv6 Membership Management protocol In IPv4 IGMP Internet Group Management Protocol is a protocol that hosts can use to provide the router with multicast membership information IP addresses of the class D ad dress range are used for addressing An IP address in this class represents a group A sender e g Internet radio sends data to this group The addresses IP of the various senders within a group are called the source addresses Several senders with different IP addresses can therefore transmit to the same multicast group leading t
264. icates is shown 14 5 1 1 Edit Click the icon to display the content of the selected object key certificate or request bintec R200 Serie 7 a ashe ot Ca t t A bintec R232bw Ma Language English Online Help Express Setup Wizard n ea a az Save configuration d Certificate List CRLs Certificate Servers Edit parameters Description View details Certificate Request A SerialNumber 0 SubjectName lt gt PublicKeyInfo Algorithm name X 509 rsaEncryption Modulus n 1024 bits 163432467515703516731799514617571768403 100583 1816861602797911033568972594 47254738713 62 184130044495796030476471892 647150296686056979761407532240968 86833 703013042 60493844893 74643 165083 759829172391739084975182 7452972782165 5544552220145360874094979997918388547381986577452816628902368529617138743 351284414049559709811 Exponent e 17 bits 65537 Extensions Available subject alternative names A SubjectAlternativeNames Following names detected DNS domain name server name IP ip address Viewing specific name types IP 10 0 0 211 DNS r232bw End of Certificate Request vw C OK gt C Cancel _ Fig 89 VPN gt Certificates gt Certificate List gt g The certificates and keys themselves cannot be changed but a few external attributes can be changed depending on the type of the selected entry The VPN gt Certificates gt Certificate
265. ice should try Failure for again after an attempt to set up a connection has failed The de fault value is 60 Maximum Number of Di Enter the number of unsuccessful attempts to setup a connec alup Retries tion before the interface is blocked 13 WAN Funkwerk Enterprise Communications GmbH Field Description Possible values are 0 to 100 The default value is 5 Authentication Select the authentication protocol for this Internet connection Select the authentication specified by your provider Possible values e PAP default value Only run PAP PPP Password Authentica tion Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e PAP CHAP MS CHAP Run primarily CHAP if denied then the authentication protocol required by the PPTP partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only DNS Negotiation Select whether your device receives IP addresses for primary DNS server and secondary DNS server from the connection partner or sends these to the connection partner The function is activated with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Pac
266. ick the Windows Start button and then Settings gt Network and Dial up Connec tions Windows 2000 or Settings gt Network Connections Windows XP 2 Click on LAN Connection 3 Click on Properties in the status window 4 Look for the Internet Protocol TCP IP entry in the list of network components Installing the TCP IP protocol If you cannot find the Internet Protocol TCP IP entry install the TCP IP protocol as fol lows 1 First click Properties then Install in the status window of the LAN Connection 2 Select the Protocol entry 3 Click Add 4 Select Internet Protocol TCP IP and click on OK 5 Follow the on screen instructions and restart your PC when you have finished Allocating PC IP address Allocate an IP address to your PC as follows 1 Select Internet Protocol TCP IP and click on Properties 2 Choose Use next IP address and enter a suitable IP address Your PC should now meet all the prerequisites for the configuration of your device Entering the gateway IP address in your PC Then continue by entering the IP address of the gateway in the configuration of your PC as follows bintec R200 Serie Funkwerk Enterprise Communications GmbH 4 Basic configuration 1 In Internet Protocol TCP IP gt Properties under Default gateway enter the IP ad dress of your gateway If you do not use the pre configured IP address of the gateway or have not yet defined an IP address for it c
267. idered Options e Download Only the data rate in the receive direction is con sidered e Upload Only the data rate in the send direction is con sidered The Download and Upload are deactivated by default Distribution Mode Select the state the interfaces in the group may have if they are to be included in load balancing Possible values e Always default value Also includes idle interfaces e Only use active interfaces Only interfaces in the up state are included In the Interface Selection for Load Balancing area you add and configure interfaces that match the current group context You can also delete interfaces 12 Routing Funkwerk Enterprise Communications GmbH Use Add to create entries Fields in the Load Balancing Groups Interface Selection for Distribution menu Field Description Interface Select the interfaces that are to belong to the group from the available interfaces Distribution Ratio Enter the percentage of the data traffic to be assigned to an in terface The meaning differs according to the Distribution Policy used e Based on the number of sessions to be distributed for Ses sion Round Robin e For Bandwidth Load Dependent the data rate is the de cisive factor 12 5 Multicast What is multicasting Many new communication technologies are based on communication from one sender to several recipients Therefore modern telecommunication systems such as voice over IP or video
268. ield Description IP pool name Enter the name of the IP pool bintec R200 Serie Field Description IP pool range In the first field enter the first IP address of the range In the second field enter the last IP address of the range 14 1 6 Options bintec R232bw ET TPED Temi pd t 4 Language English Online Help Express Setup Wizard q a IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Global Options Enable IPSec DEnabled Delete complete IPSec configuration IPSec Debug Level Debug Y Advanced Settings Send Initial Contact Message Menabled Sync SAs with ISP interface state o Enabled Use Zero Cookies Denabied Dynamic RADIUS Authentication Enabled PKI Handling Options Ignore Certificate Request Payloads C Enabled Send Gerticate RequestPayioace EJenabied Send Certificate Chains m a Enabled Send CRLs Enabled o Send Key Hash Payloads Menabtea C OK I Cancel Fig 82 VPN gt IPSec gt Options The VPN gt IPSec gt Options menu consists of the following fields Fields in the Options Global Options menu Field Description Enable IPSec Delete complete IPsec configuration Select whether you want to activate IPSec The function is activated with Enabled The function is active as soon as an IPSec Peer is configured If you click the 5
269. if Address Mode Static With Add add a new address entry and enter the IP Address and corresponding Netmask Interface Mode Only for physical interfaces in routing mode Select the configuration mode of the interface Possible values e Manual default value The interface is not assigned for a specific purpose e VLAN This option only applies for routing interfaces You use this option to assign the interface to a VLAN This is done using the VLAN ID which is displayed in this mode and can be configured In this mode the definition of a MAC ad dress in MAC Address is optional MAC address Only for virtual interfaces and if Interface Mode Manual Enter the MAC address associated with the interface For virtual interfaces you can use the MAC address of the physical inter face under which the virtual interface was created but this is not necessary You can also allocate a virtual MAC address The first 6 characters of the MAC are preset but can be changed VLAN ID Only if Interface Mode VLAN This option only applies for routing interfaces Assign the inter face to a VLAN by entering the VLAN ID of the relevant VLAN Possible values are 1 default value to 4094 The Advanced Settingsmenu consists of the following fields Fields in the menu Advanced Settings Field Description DHCP MAC Address Only if Address Mode DHCP If Use Built In is activated default setting the hardware MAC address of the Ethernet int
270. if you split all the switch ports from each other each of the resulting interfaces only uses a part of the total bandwidth If you group together several switch ports into one inter face the full bandwidth of 100 mbps full duplex is available for all the ports together aks E Sem ita Language English v Online Help Express Setup Wizard bintec R232bw Automatic Refresh Interval 60 Seconds Apply Switch Configuration Switch Port Ethernet Interface Selection Configured Speed Mode Current Speed Mode 4 en1 0 le Full Autonegotiation E 100 mbps Full Duplex 2 ent 0 v Full Autonegotiation se Down 3 en1 0 v Full Autonegotiation se Down en1 0 x Full Autonegotiation Down Port Configuration Interface Configured Speed Mode Current Speed Mode ens 0 Il Full Autonegotiation iy Down d Ok Cancel Fig 37 Physical Interfaces gt Ethernet Ports gt Port Configuration The Physical Interfaces gt Ethernet Ports gt Port Configuration menu consists of the following fields Fields in the Port Configuration Switch Configuration menu Field Description Switch Port Shows the respective switch port The numbering corresponds to the numbering of the Ethernet ports on the back of the device bintec R200 Serie Field Description Ethernet Interface Selec Assign an Ethernet interface to the switch port tion You ca
271. implex function If you call an ISDN telephone with a simplex function this automatically activates the Loudspeaker function so that a conversation can take place immediately Please see the information on the telephone user s guide on the simplex operation function Glossary SIP SMS SMS receipt SMS server tele phone numbers SNMP SNMP shell So bus So connection So interface Funkwerk Enterprise Communications GmbH Session Initiation Protocol Short Message Service If you have connected an SMS enabled terminal you can decide whether SMS receipt is to be permitted for the connection The ex works setting is no SMS receipt To receive an SMS with your SMS enabled terminal you must register once with the T Com SMS Ser vice One time registration is free You simply send an SMS contain ing ANMELD to the destination call number 8888 You then receive a free of charge confirmation of registration from the T Com SMS Service You can deregister your device or telephone number by sending an SMS containing ABMELD to the destination number 8888 Incoming SMS are then read out Information on which tele phones are SMS enabled can be obtained from T Punkt our cus tomer hotline 0800 330 1000 or on the Internet at ht tp www t com de You can connect SMS enabled telephones to your PBX and thus use the SMS performance feature in the T Com fixed network SMSs are forwarded to the recipient via the T Com SMS server To send an
272. in the 5150 GHz to 5725 MHz range With the higher frequency range 19 non overlapping frequencies are available in Germany This frequency range can also be used without a licence in Germany In Europe transmission power of not just 30 mW but 1000 mW can be used with 802 11h but only if TPC TX Power Control method for controlling transmission power in wireless sys tems to reduce interferences and DFS Dynamic Frequency Selection are used The pur pose of TPC and DFS is to ensure that satellite connections and radar devices are not in terfered with 11 1 WLANx In the Wireless LAN gt WLANx menu you can configure all the WLAN modules of your device Depending on the model one or two WLAN modules WLAN1 and in certain models WLANZ2 available 11 1 1 Radio Settings In the Wireless LAN gt WLANx gt Radio Settings menu an overview of all the configura tion options for the WLAN module is shown bintee R232bw tangos MAC Address Operation Mode D0 a0 19 09 68 b7 Access Point Fig 46 Wireless LAN gt WLANx gt Radio Settings 11 1 1 1 Radio Settings gt Edit In this menu you change the settings for the wireless module Choose the button to edit the configuration bintec R200 Serie bintec R232bw Language English Online Help Express Setup Wizard pore Radio
273. information flow concerns the virtual path VP and the F5 information flow the virtual channel VC The VP is defined by the VPI value the VC by VPI and VCI Note Generally monitoring is not carried out by the terminal but is initiated by the ISP Your device then only needs to react correctly to the signals received This is ensured without a specific OAM configuration for both flow level 4 and flow level 5 Two mechanisms are available for monitoring the ATM connection Loopback Tests and OAM Continuity Check OAM CC These can be configured independently of each other Caution The configuration of OAM requires extensive knowledge of ATM technology and the way the bintec devices functions An incorrect configuration can cause considerable disruption during operation If applicable save the original configuration on your PC In the WAN gt ATM gt OAM Control menu a list of all monitored OAM flow levels is shown 13 2 3 1 New Choose the New button to set up monitoring for other flow levels Ph Sab t t ye 3 1 bintec R232bw 2 Language English v Online Help Express Setup Wizard Logout es Save configuration nation Profiles Service Categories OAM Controlling OAM Flow Configuration OAM Flow Level F5 5 Virtual Channel Connection CC YPI1 VCI32 vw Loopback Loopback End to End DEnabled Loopback
274. information sent by other devices enables new routes and shorter paths for existing routes to be saved in the routing table As intermediate routes between networks can become unreachable RIP removes routes that are older than 5 minutes i e routes not verified in the last 300 seconds Garbage Collection Timer Route Timeout Routes learnt with triggered RIP are not deleted Your device supports both version 1 and version 2 of RIP either individually or together 12 3 1 RIP Interfaces In the Routing gt RIP gt RIP Interfaces menu a list of all RIP interfaces is shown RIP interfaces RIP Filter RIP Options 1 jent 0 None Up only None Up only Receive Version Route Announce None e only 2 ens 0 Fig 55 Routing gt RIP gt RIP Interfaces 12 3 1 1 Edit For each RIP interface you can in the menu select the options Send Version Re ceive Versionand Route Announce bintec R200 Serie sisi bintec R232bw RIP Parameters for en1 0 Send Version Receive Version Route Announce RIP Load Balancing Multicast Ll ETS a i Sf a t Language English x Online Help Express Setup Wizard RIP Interfaces RIP Filter RIP Options None None m Up Only ye 4 Ok C Cancel __ Fig 56 Routing gt RIP gt RIP Interfaces gt g The Routing gt RIP gt RIP Interfaces gt menu consists of the follow
275. ing fields Fields in the RIP Parameters for lt Interface gt menu Field Description Send Version Decide whether routes are to be propagated via RIP and if so select the RIP version for sending RIP packets over the inter face in send direction Possible values e None default value RIP is not enabled e RIP V1 Enables sending and receiving of version 1 RIP packets e RIP V2 Enables sending and receiving of version 2 RIP packets e RIP V1 V2 Enables sending and receiving of both version 1 and version 2 RIP packets e RIP V2 Multicast For sending RIP V2 messages over the multicast address 224 0 0 9 e RIP V1 Triggered RIP V1 messages are sent received and processed as per RFC 2091 triggered RIP e RIP V2 Triggered RIP V2 messages are sent received and processed as per RFC 2091 triggered RIP bintec R200 Serie 12 Routing Funkwerk Enterprise Communications GmbH Field Description Receive Version Decide whether routes are to be imported via RIP and if so se lect the RIP version for receiving RIP packets over the interface in receive direction Possible values e None default value RIP is not enabled e RIP V1 Enables sending and receiving of version 1 RIP packets e RIP V2 Enables sending and receiving of version 2 RIP packets e RIP V1 V2 Enables sending and receiving of both version 1 and version 2 RIP packets e RIP V1 Triggered RIP V1 messages are sent received and proc
276. ing the system time e Depending on the configuration the system time can be updated via ISDN i e the date and time are taken from the ISDN when the first outgoing call is made Switching from summer time to winter time and back is automatic if the time is derived using this method This is independent of the exchange time or the ntp server time Sum mer time starts on the last Sunday in March by switching from 2 a m to 3 a m The calen dar related switches that are scheduled for the missing hour are then carried out Winter time starts on the last Sunday in October by switching from 3 a m to 2 a m The calen dar related switches that are scheduled for the extra hour are then carried out Switches already initiated are carried out again when the set time is reached If an external call is made during the switching time the device compares the time transferred from the ex change with its own time During the switching period the device prevents switching between the times The time of the system telephones connected to the device is auto matically changed by the device centrally e You can determine the system time automatically e g using various time servers To en sure that the device uses the desired current time you should configure one or more time servers Switching from summer time to winter time and back must be carried out manually if the time is derived using this method by changing the value in the Time Off set from GMT fi
277. inistratively Prohibited e Communication with Destination Host is Admin istratively Prohibited 15 4 2 Groups In the Firewall gt Services gt Groups menu a list of all configured service groups is shown You can group together services This makes it easier to configure firewall rules 15 4 2 1 New Choose the New button to set up new service groups bintec R200 Serie Service List Grou a Basic Parameters j Description KaZaA o activity o a lo Pones JEn mentes O f E Addresses chargen Services AA clients_1 E clents2 O daytime lo Members dhep O discard ml E jme E echo O exec oO finger ley ftp la up fal a uucp path o who El whois ON wins m x400 Fl 4 Ok yd Cancel 2 Fig 102 Firewall gt Services gt Groups gt New The Firewall gt Services gt Groups gt New menu consists of the following fields Fields in the Groups Basic Parameters menu Field Description Description Enter the desired description of the service group Members Select the members of the group from the available service ali ases To do this enable the field in the Members column bintec R200 Serie Chapter 16 VoIP Voice over IP VoIP uses the IP protocol for voice and video transmission The main difference compared with conventional telephony is that the voice information is not tr
278. ion can and should also be passed to one or more external PCs for storage and processing e g to the system ad ministrator s PC The syslog messages saved internally on your device are lost when you reboot Warning Make sure you only pass syslog messages to a safe computer Check the data regu larly and ensure that there is always enough spare capacity available on the hard disk of your PC Syslog Daemon All Unix operating systems support the recording of syslog messages For Windows PCs the Syslog Demon included in the DIME Tools can record the data and distribute to various files depending on the contents see BRICKware for Windows 19 1 1 Syslog Servers Configure your device as a syslog server so that defined system messages can be sent to suitable hosts in the LAN In this menu you define which messages are sent to which hosts and with which condi tions In the External Reporting gt System Log gt Syslog Servers menu a list of all configured system log servers is shown 19 1 1 1 New Choose the New button to set up new syslog servers bintec R232bw Language English v Online Help Express Setup Wizard syslog Servers Basic Parameters o IP Address M1 Level ul Inanna on y i Facility Tiocal v FA Timestamp none O Time date amp Time Protocol upp OtTcP SS 5 a Type of Messages O System Accounting System amp Ac
279. is to be valid in seconds only relevant if Response Positive that is transferred to requesting hosts The default value is 86400 24 h 17 1 3 Domain Forwarding In the Local Services gt DNS gt Domain Forwarding menu a list of all configured for warding for defined domains is shown 17 1 3 1 New Choose the New button to set up new forwardings bintec R200 Serie ES LA y Language English x Global Settings Static Hosts Domain Forwarding Cache Statistics Forwarding Parameters Fonward Host O Domain Host Forward to interface DNS Server Interface Automatic C Ok cancel Fig 107 Local Services gt DNS gt Domain Forwarding gt New The Local Services gt DNS gt Domain Forwarding gt New menu consists of the following fields Fields in the Domain Forwarding Forwarding Parameters menu Field Description Forwarding Select whether a host or domain is to be forwarded Possible values e Host default value e Domain Host Only for Forward Host Enter the name of the host to be forwarded The entry can also start with the wildcard e g funkwerk com If a name is entered without a full stop once you confirm with OK lt Default Domain is added Domain Only for Forward Domain bintec R200 Serie Field Description Enter the name of the domain to be forwarded The entry can also start with the wildcard e g funk
280. is used to generate the session key Funkwerk Enterprise Communications GmbH 11 Wireless LAN WPA2 WPA2 is the enhancement of WPA In WPA2 the 802 11i standard is not only implemen ted for the first time in full but another encryption algorithm AES Advanced Encryption Standard is also used Access control You can control which clients can access your wireless LAN via your device by creating an Access control list ACL Mode or MAC Filter In the Access Control List you enter the MAC addresses of the clients that may access your wireless LAN All other clients have no access Security measures To protect the data transferred on the WLAN you may need to carry out the following con figuration steps in the Wireless LAN gt WLANx gt Wireless Networks VSS gt New gt menu e Change the access passwords for your device e Change the default SSID Network Name SSID Funkwerk ec of your access point Set Visible Enabled This will exclude all WLAN clients that attempt to establish a connection with the general value for Network Name SSID Any and do not know the SSID settings e Use the available encryption methods To do this select Security Mode WEP 40 WEP 104 WPA PSK Or WPA Enterprise or both and enter the relevant key in the access point under WEP Key1 4 or Preshared Key and in the WLAN clients e The WEP key should be changed regularly To do this change the Data Transfer Key Select the longer
281. isabled by default Dialling Number Only if ISDN theft protection service is enabled Enter the subscriber number that the gateway dials to call itself Incoming Number Only if ISDN theft protection service is enabled Enter the subscriber number to be compared with the current calling party number Number Called Only if ISDN theft protection service is enabled bintec R200 Serie Field Description Enter the subscriber number to be set as calling party number Monitored interfaces Only if ISDN theft protection service is enabled Use Add to add a new interface to the list Select from the available interfaces those to which the ISDN theft protection function is to be applied Fields in the Options Advanced Settings menu Field Description Number of dial attempts Enter the number of dial attempts that the gateway is to make to call itself by ISDN after a reboot Possible values are 1 to 255 The default value is 3 Timeout Enter the time in seconds that the gateway is to wait before try ing again after an unsuccessful attempt to call itself Possible values are 2 to 20 The default value is 5 17 9 Funkwerk Discovery 179 1 Device discovery The funkwerk Discovery protocol is used to identify and configure bintec access points that are in the same wired network as your device Once an access point has been discovered certain basic parameters node name IP address netmask and device address can be confi
282. ive your personal access data from your ISP The terms used for the required access data may vary from provider to provider However the type of information you need for dial in in is basically the same The following table lists the access data that your device also needs for a DSL connection to the Internet Data for Internet access Access data Example value Your values Provider name GoInternet Protocol PPP over Ethernet PPPoE Encapsulation bridged no fcs VPI Virtual Path Identifier 1 VCI Virtual Circuit Identifier 32 Your user name MyName Password TopSecret Some Internet Service Providers such as T Online require additional information Additional information for T Online bintec R200 Serie ald 4 Basic configuration Funkwerk Enterprise Communications GmbH Access data Example value Your values User account 12 digits 000123456789 T Online number usually 12 digits 06112345678 Joint user account 0001 83 Note To configure T Online Internet access in the Username field enter the following suc cession of numbers without intervening spaces User account 12 digits T Online number usually 12 digits co user number for the main user always 0001 If your T Online number is less than 12 digits long a character is required between the T Online number and the co user number If you use T DSL you must add the character string t online de at the end of this string of numbers You username could for ex
283. k host in a LAN with fake requests so that it is completely overloaded This means the system or a certain service can no longer be run DES Data Encryption Standard Destination number Speeddial memory memory DHCP Dynamic Host Configuration Protocol Dial preparation On some telephones with a display you can first enter a telephone check it first and then dial it Dial in parameters Define the dial in parameters i e you enter the provider s dial in number and specify Dialling control In the configuration for certain terminals you can define restrictions for external dialling Dialup connection A connection is set up when required by dialling an extension num ber in contrast to a leased line DIME Desktop Internetworking Management Environment DIME Browser Old name for Configuration Manager Direct dial in Performance feature of larger PBXs at the point to point connection The extensions can be called directly from outside Direct dialling range See Extension numbers range Display and output In the configuration it is possible to define storage of data records of connection data for specific terminals or all terminals In the ex works setting all in bintec R200 Serie Glossary Funkwerk Enterprise Communications GmbH coming external connections and all external calls you make are stored Display of caller s A suitable telephone is a prerequisite for this feature Transmission number of the telephone number mu
284. kets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default PPTP Address Mode Displays the address mode The value cannot be changed Possible values e Static The IP address of the Ethernet port selected in Field Description PPTP Interface will be used Local PPTP IP Address Assign the PPTP interface an IP address that is used as the source address The default value is 10 0 0 140 Remote PPTP IP Ad Enter the IP address of the PPTP partner dress The default value is 10 0 0 138 LCP Alive Check Check whether the availability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a backup connection more quickly in the event of line faults The function is activated with Enabled The function is disabled by default 13 1 3 PPPoA In the WAN gt Internet Dialup gt PPPoA menu a list of all PPPoA interfaces is shown In this menu you configure a xDSL connection used to set up PPPoA connections With PPPoA the connection is configured so that the PPP data flow is transported directly over an ATM network RFC 2364 This is required by some providers Note your provider s spe cifications When using the internal DSL modem select here a PPPoA interface must be configured for this connection in WAN gt ATM gt Profil
285. key creation RSA default value and DSA are available Also select the length of the key to be created Possible values 512 768 1024 1536 2048 4096 Please note that a key with a length of 512 bits could be rated as unsecure whereas a key of 4096 bits not only needs a lot of time to create but also occupies a major share of the resources during IPSec processing A value of 768 or more is however recommended and the default value is 1024 bits SCEP URL Only if Mode SCEP Enter the URL of the SCEP server e g ht tp scep funkwerk de 8080 scep scep dll Your CA administrator can provide you with the necessary data CA Certificate Only if Mode SCEP e Download In CA Name enter the name of the CA certific ate of the certification authority CA from which you wish to request your certificate e g cawindows Your CA adminis trator can provide you with the necessary data If no CA certificates are available the device will first down load the CA certificate of the relevant CA It then continues with the enrolment process provided no more important para Funkwerk Enterprise Communications GmbH 14 VPN Field Description RA Sign Certificate RA Encrypt Certificate Password meters are missing In this case it returns to the Generate Certificate Request menu Ifthe CA certificate does not contain a CRL distribution point Certificate Revocation List CRL and a certificate server is not configured on
286. kwerk Configuration Interface nitial Screen 7 3 2 1 Calling the Funkwerk Configuration Interface 1 Check whether the device is connected and switched on and that all the necessary cables are correctly connected see Setting Up and Connecting on page 6 2 Check the settings of the PC from which you want to configure your device see Con figuring a PC on page 14 3 Open a web browser 4 Enter http 192 168 0 254 in the address field of the web browser 5 Enter admin in the User field and funkwerk in the Password field and click LOGIN bintec R200 Serie You are not in the status menu of your device s Funkwerk Configuration Interface see State on page 61 7 3 2 2 Operating elements Funkwerk Configuration Interface window The Funkwerk Configuration Interface window is divided into three areas e The header e The navigation bar e The main configuration window Header bintee R232bw ETE Basic Parameters interface Mode Bridge Groups System Name Remote Authentication Location Main configuration Contact window Maximum Message Level of Syslog Entries Information x Maximum Number of Accounting Log Entries 20 ok X Cancel E Fig 17 Areas of the Funkwerk Configuration Interface Header Adresse http 192 168 0 254 bintec R2s2bw PRN Fig 18 Funkwerk Configuration Interface header Funkwerk Configuration Interf
287. l Enter the time period in seconds between the update intervals The default entry here is 0 i e an automatic reload is not car ried out e Default User Password This is the shared password used for communication between the RADIUS server and Field Value your device 8 5 2 TACACS TACACS permits access control for your device network access servers NAS and other network components via one or more central servers Like RADIUS TACACS is an AAA protocol and offers authentication authorisation and accounting services TACACS Accounting is currently not supported by bintec devices The following TACACS functions are available on your device e Authentication for login shell e Command authorisation on the shell e g telnet setup show TACACS uses TCP port 49 and establishes a secure and encrypted connection In the System Management gt Remote Authentication gt TACACS menu a list of all registered TACACS servers is displayed 8 5 2 1 Edit New Choose the pl icon to edit existing entries Choose the New button to add TACACS serv ers bintec R200 Serie Malla sia 2 01 tato ee de E bintec R232bw Language English v Online Help i if Save configuration d RADIUS TACACS Options f Status Global Settings Interface Mode Bridge ESTAS Groups Authentication Type Login Authentication Administrative Access ai Server IP Address E Phys
288. le after a specified number of seconds o administratively set to down deactivated connection setup not possible for leased lines bintec R200 Serie 13 WAN Funkwerk Enterprise Communications GmbH Authentication When a call is received the calling party number is always sent over the ISDN D channel This number enables your device to identify the caller CLID provided the caller is entered on your device After identification with CLID your device can additionally carry out PPP authentication with the connection partner before it accepts the call Your device needs the necessary data for this which you should enter here First establish the type of authentica tion process that should be performed then enter a common password and two codes You get this information for example from your Internet Service Provider ISP or the system administrator at your head office If the data you entered on your device is the same as the caller s data the call is accepted The call is rejected if the data is not the same Default Route With a default route all data is automatically forwarded to one connection if no other suit able route is available If you set up access to the Internet you must configure the route to your Internet Service Provider ISP as a default route If for example you configure a cor porate network connection only enter the route to the head office or branch office as a de fault route if you do not configur
289. lect what the RADIUS server is to be used for Possible values e Authentication default value The RADIUS server is used for controlling access to a network e PPP Accounting The RADIUS server is used for recording statistical call data e Login Authentication The RADIUS server is used for controlling access to the SNMP shell of your device e IPSec Authentication The RADIUS server is used for sending configuration data for IPSec peers to your device e WLAN 802 1X The RADIUS server is used for controlling access to a wireless network e XAUTH The RADIUS server is used for authenticating IPSec peers via XAuth Server IP Address Enter the IP address of the RADIUS server Radius Secret Enter the shared password used for communication between the RADIUS server and your device Priority If a number of RADIUS server entries were created the server with the highest priority is used first If this server does not an swer the server with the next highest priority is used Possible values from 0 highest priority to 7 lowest priority The default value is 0 See also Policy in the Advanced Settings Entry Active Select whether the RADIUS server configured in this entry is to be used The function is enabled by choosing Enabled The function is enabled by default Group Description Define a new RADIUS group description or assign the new RA DIUS entry to a predefined group The configured RADIUS servers for a gr
290. led BLS MED Ok C Cancel _ l we AAA Extra opor ic A A lt Fig 95 Firewall gt Policies gt Filter Rules gt New The Firewall gt Policies gt Filter Rules gt New menu consists of the following fields Fields in the Policies Basic Parameters menu Field Description Source Select one of the preconfigured aliases for the source of the packet The list includes all WAN LAN interfaces interface groups see Firewall gt Interfaces gt Groups addresses see Firewall gt Addresses gt Address List and address groups see Firewall gt Addresses gt Groups for selection The value Any means that neither the source interface nor the source address is checked Destination Select one of the preconfigured aliases for the destination of the packet The list includes all WAN LAN interfaces interface groups see Firewall gt Interfaces gt Groups addresses see Firewall gt Addresses gt Address List and address groups see Firewall bintec R200 Serie 15 Firewall Funkwerk Enterprise Communications GmbH Field Description gt Addresses gt Groups for selection The value Any means that neither the destination interface nor the destination address is checked Service Select one of the preconfigured services to which the packet to be filtered must be assigned The extensive range of services configured ex works includes the following e FTP e TELNET e SMTP e DNS
291. led between Standard and Busy On Busy In the basic configuration it is set to Standard If Busy on Busy is set for a team other callers hear the engaged tone DECT Digital European Cordless Telecommunication European standard for wireless telephones and wireless PBXs Internal calls can be made free of charge between several handheld units Another ad vantage is the higher degree of interception protection GAP Digital exchange Allows computer controlled crossbar switches to set up a connection quickly and special features such as inquiries call waiting three party conference and call forwarding to be activated All T Com ex changes have been digital since January 1998 Digital voice trans As a result of the internationally standardised Pulse Code Modula mission tion PCM analogue voice signals are converted to a digital pulse flow of 64 kbps Advantages Better voice quality and less suscept ibility to faults during analogue voice transmission Glossary Direct Call DISA Download DSL and ISDN con nections DSL modem DSL splitter Services Funkwerk Enterprise Communications GmbH You are not at home However there is someone at home who needs to be able to reach you quickly and easily by telephone if ne cessary e g children or grandparents As you can set up the Direct Call function for one or more telephones the receiver of the tele phone simply needs to be lifted After five seconds the PBX au
292. line Help Express Setup Wizard DHCP Pool IP MAC Binding DHCP Relay Settings SSS Se Basic Parameters Interface Selectone Y IP Address Range gt O Pool Usage Local w i i q Advanced Settings 5 Gateway Use router as gateway Y Lease Time fi 20 Minutes ds fi E Option Value Ji sks C aa Cas 4 oK cancel ISDH Theft Protection Funkwerk Discovery Fig 112 Local Services gt DHCP Server gt DHCP Pool gt New The Local Services gt DHCP Server gt DHCP Pool gt New menu consists of the following fields Fields in the DHCP PoolBasic Parameters menu Field Description Interface Select the interface over which the addresses defined in IP Range are to be assigned to DHCP clients When a DHCP request is received over this Interface one of the addresses from the address pool is assigned IP Address Range Enter the first first field and last second field IP address of bintec R200 Serie 17 Local services Funkwerk Enterprise Communications GmbH Field Description the IP address pool Pool Usage Specify whether the IP pool is used for DHCP requests in the same subnet or for DHCP requests that have been forwarded to your device from another subnet In this case it is possible to define IP addresses from another network Possible values e Local default value The DHCP pool is o
293. llowing fields Fields in the Global SettingsLicense Information menu Field Description Licence Key Enter the number of your Proventia Web Filter licence The pre set code assigned by ISS designates the device type In the ex works state you can activate a 30 day demo version of the Proventia Web Filter Click here on the link Activate 30 day demo license Licence Status Shows the result of the last validity check of the licence The validity of the licence is checked every 23 hours License valid until This shows the expiry date of the licence relative to the time set on your device and cannot be edited 174 2 Filter List In the Local Services gt Web Filters gt Filter List menu configure which categories of In ternet pages are to be handled and how You configure the relevant filters for this purpose A list of filters already configured is dis played There are basically different approaches for configuring the filters e First a filter list can be created that only contains entries for those addresses that are to be blocked In this case it is necessary to make an entry at the end of the filter list that al lows all accesses that do not match a filter Setting for this Category Default Be haviour Action Permit or Permit and Log e If you only create entries for those addresses that are to be allowed or logged it is not necessary to change the default behaviour all other calls are blocked bintec R2
294. lowest algorithm currently supported e ALL All options can be used e AES 128 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a 14 VPN Funkwerk Enterprise Communications GmbH Field Description key length of 128 bits e AES 192 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 192 bits e AES 256 Rijndael has been nominated as AES due to its fast key setup low memory requirements high level of secur ity against attacks and general speed Here it is used with a key length of 256 bits e Twofish Twofish was a final candidate for the AES Advanced Encryption Standard It is rated as just as secure as Rijndael AES but is slower e Blowfish Blowfish is a very secure and fast algorithm Twofish can be regarded as the successor to Blowfish e CAST CAST is also a very secure algorithm marginally slower than Blowfish but faster than 3DES e DES DES is an older encryption algorithm which is rated as weak due to its small effective length of 56 bits Hash algorithms Authentication e MD 5 default value MD 5 Message Digest 5 is an older hash algorithm It is used with a 96 bit digest length for IPSec e ALL All options can be used e SHA 1 SHA
295. lt the following format instructions are entered in the Log Format field INET 2ditiarc 1 r 3f gt 1 3R 3F3p30 P30 s 19 3 E mail alert It was previously possible to send syslog messages from the router to any syslog host De pending on the configuration E mails are sent to the administrator as soon as relevant sys log messages occur 19 3 1 E mail Alert Server The E mail Alert Server menu consists of the following fields bintec R232bw Language English Online Help Express Setup Wizard Elma Alert Server E mail Alert Recipient Basic Parameters Alert Service Enable senderEMalAddess SSS Maximum Messages per Minute i 6 M SMTP Settings a SMTP Server MA __ l O U SMTP Authentication Onone OESMTP O SMTP after POP Cc o K JC Cancel Fig 143 External Reporting gt E mail Alert gt E mail Alert Server bintec R200 Serie 19 External Reporting Funkwerk Enterprise Communications GmbH The External Reporting gt E mail Alert gt E mail Alert Server menu consists of the fol lowing fields Fields in the E mail Alert Server Basic Parameters menu Field Description Alert service Enable or disable the function Sender s E mail Address Enter the mail address to be entered in the sender field of the E mail Maximum number of messages per minute Limit the number of outgoing mails per minute Possible values are 1 to 15
296. lues e AES default value AES is used e TKIP TKIP is used e ADS and TKIP AES or TKIP is used Preshared Key Only if Security Mode WPA PSK Field Description Enter the WPA password Enter an ASCII string with 8 63 characters Fields in the menu MAC Filter Field Description ACL Mode Select whether only certain clients are to be permitted for this wireless network The function is enabled by choosing Enabled The function is disabled by default Allowed Addresses Use Add to make entries and enter the MAC addresses MAC Address of the clients to be permitted 11 2 Administration The Wireless LAN gt Administration menu contains basic settings for running your gate way as an access point AP 11 2 1 Basic settings Yas peat gt i F Online Help Express Setup Wizard Maa ca Language English bintec R232bw WLAN Administration Region Germany vj Ok Cancel Fig 49 Wireless LAN gt Administration gt Basic Settings bintec R200 Serie The Wireless LAN gt Administration gt Basic Settings menu consists of the following fields Field in the Basic Settings WLAN Administration menu Field Description Region Select the country in which the access point is to be run Possible values are all the countries configured on the gate way s wireless module The range of channels available for selection Chann
297. m CPE router to CO DSLAM in bits per second The value cannot be changed Fields in the ADSL Configuration ADSL Parameters menu Field Description ADSL Mode Select the ADSL mode Possible values e Automatic Mode default value The ADSL mode is auto matically adapted for the remote terminal e ADSL1 ADSL1 G DMT is used e ADSL2 ADSL2 G 992 3 is used e ADSL2 Plus ADSL2 Plus G 992 5 is used e Down The ADSL interface is not active Transmit Shaping Select whether the data rate in the send direction is to be re duced This is only needed in a few cases for special DSLAMs Possible values e Default Line Speed The data rate in the send direc tion is not reduced e 128 000 bpsto 2 048 000 bps The data rate in the send direction is reduced to a maximum of 128 000 bps to 2 048 000 bps in defined steps Field Description e User Defined The data rate is reduced to the value entered in Maximum Upstream Bandwidth The default value is Default Line Speed Maximum upstream Only if Transmit Shaping User defined bandwidth Enter the maximum data rate in the send direction in bits per second bintec R200 Serie Funkwerk Enterprise Communications GmbH 10 LAN Chapter 10 LAN In this menu you configure the addresses in your LAN and can structure your local network using VLANs 10 1 IP Configuration In this menu you can edit the IP configuration of the LAN and Ethernet interfaces of your device
298. make the basic UPnP settings bintes RZ32bw Interfaces Global Settings Basic Parameters UPnP Status Enabled UPnP TCP Port 5678 C oK JC cancel _ DHCP Server Web Filter H CAPI Server El Scheduling Surveillance ISDH Theft Protection i Funkwerk Discovery El UPnP Fig 134 Local Services gt UPnP gt Global Settings The Local Services gt UPnP gt Global Settings menu consists of the following fields Fields in the Global Settings Basic Parameters menu Field Description UPnP Status Decide how the gateway processes UPnP requests from the LAN The function is activated with Enabled The gateway proceeds with UPnP releases in accordance with the parameters con tained in the request from the LAN UPnP client independently of the IP address of the requesting LAN UPnP client The function is disabled by default The gateway rejects UPnP requests NAT releases are not made UPnP TCP Port Enter the number of the port on which the gateway listens for UPnP requests bintec R200 Serie Field Description The possible values are 1 to 65535 the default value is 5678 bintec R200 Serie Chapter 18 Maintenance This menu provides you with numerous functions for maintaining your device It firstly provides a menu for testing availability within the network You can manage your system configuration files If more recent system software is available you can
299. mber See SSID Maximum Transmission Unit A specific form of broadcast in which a message is simultaneously transmitted to a defined user group Multiple subscriber number A gateway that can route several protocols e g IP X 25 etc Music on hold MoH Your PBX has two internal music on hold melodies On delivery in ternal melody 1 is active You can choose between melody 1 or 2 or deactivate the music on hold Music on hold MoH Performance feature of a PBX During an inquiry or call forwarding MWI NAT NDIS WAN a melody is played that the waiting subscriber hears On your PBX you can choose between two internal melodies Transmission of a voice message from a mailbox e g T NetBox or MailBox to a terminal The receipt of the message on the terminal is signalled e g by a LED Network Address Translation NDIS WAN is a Microsoft enhancement of this standards in relation to wide area networking WAN The NDIS WAN CAPI driver per bintec R200 Serie Funkwerk Enterprise Communications GmbH Net surfing NetBIOS Netmask Network Network address Network termination NTBA Neiz Direkt keypad functions NMS Notebook function NT NTBA NTP OAM Offline Online Online banking Glossary mits the use of the ISDN controller as a WAN card The NDIS WAN driver enables the use of a DCN network on Windows NDIS is the abbreviation for Network Device Interface Specification and is a s
300. mbers addition al information in the form of a subaddress can be transmitted from the caller to the called party over the D channel when the connec tion is set up Addressing that goes beyond the pure MSN which can be used e g specifically to locate several ISDN terminals that can be reached on one telephone number for a particular service In the called terminal e g a PC various applications can also be ad dressed and in some cases executed Costs are charged for the performance feature and it must be requested separately from the network operator A network scheme that divides individual logical networks into smal ler physical units to simplify routing A method of splitting several IP networks into a series of subgroups or subnetworks The mask is a binary pattern that must match the IP addresses in the network 255 255 255 0 is the default subnet mask In this case 254 different IP addresses can occur in a subnet from X X X 1 tO X X X 254 To distinguish between connections more easily you can assign a subscriber name for each internal subscriber CLIP CLIR Calling line identification presentation calling line identi fication restriction COLP COLR Connected line identification presentation connected line identification restriction Activate suppress transmission of called party s telephone number to caller This performance feature Funkwerk Enterprise Communications GmbH Suppress own tele phone number Suppres
301. means the key must be renewed once eight hours have elapsed The following options are available for defining the lifetime Entry in Seconds Enter the lifetime for phase 2 key in seconds The value can be a whole number from 0 to 2147483647 The default value is 7200 Entry in kBytes Enter the lifetime for phase 2 keys as amount of data processed in Kbytes The value can be a whole number from 0 to 2147483647 The default value is 0 The Advanced Settingsmenu consists of the following fields Fields in the menu Advanced Settings Field Description IP Compression Select whether compression is to be activated before data en cryption If data is compressed effectively this can result in higher performance and a lower volume of data to be trans ferred In the case of fast lines or data that cannot be com pressed you are advised against using this option as the per formance can be significantly affected by the increased effort during compression The function is activated with Enabled The function is disabled by default 14 VPN Funkwerk Enterprise Communications GmbH Field Description Alive Check Select whether and how IPSec heartbeats are used A bintec IPSec heartbeat is implemented to determine whether or not a Security Association SA is still valid This function sends and receives signals every 5 seconds depending on the configuration If these signals are not received after 20 seconds the SA is discarded as in
302. mically if necessary Strategy for name resolution on your device A DNS request is handled by your device as follows 1 If possible the request is answered directly from the static or dynamic cache with IP address or negative response 2 Otherwise if a suitable forwarding entry exists the relevant DNS server is asked de pending on the configuration of the Internet or dialin connections if necessary by set ting up a WAN connection at extra cost If the DNS server can resolve the name the 17 Local services 3 4 5 6 Funkwerk Enterprise Communications GmbH information is forwarded and a dynamic entry created in the cache Otherwise if global name servers are entered the primary DNS server then the sec ondary DNS server are asked If the IP address of your device or the loopback ad dress is entered for local applications these are ignored here If one of the DNS serv ers can resolve the name the information is forwarded and a dynamic entry created in the cache Otherwise if a suitable Internet or dialin connection is selected as the standard inter face the relevant DNS server is asked depending on the configuration of the Internet or dialin connections if necessary by setting up a WAN connection at extra cost If one of the DNS servers can resolve the name the information is forwarded and a dy namic entry created in the cache Otherwise if overwriting the addresses of the global name servers is
303. n Successfully Answered Shows the number of successfully answered requests positive Queries and negative Server Failures Shows the number of requests that were not answered by any name server either positively or negatively 17 2 DynDNS Client The use of dynamic IP addresses has the disadvantage that a host in the network can no longer be found once its IP address has changed DynDNS ensures that your device can still be reached after a change to the IP address The following configuration steps are necessary e Registration of a host name at a DynDNS provider e Configuration of your device Enrolment The registration of a host name means that you define an individual user name for the DynDNS service e g dyn_client The service providers offer various domain names for this so that a unique host name results for your device e g dyn_client provider com The DynDNS provider relieves you of the task of answer ing all DNS requests concerning the host dyn_client provider com with the dynamic IP address of your device To ensure that the provider always knows the current IP address of your device your device contacts the provider when setting up a new connection and propagates its present IP address 17 2 1 DynDNS Update In the Local Services gt DynDNS Client gt DynDNS Update menu a list of all configured DynDNS registrations is shown that are to be updated 17 2 1 1 New Choose the New button to set up further D
304. n type of encoding e Base64 e Binary Password Enter the password to be used for the import 14 5 3 Certificate Servers In the VPN gt Certificates gt Certificate Servers menu a list of all certificate servers is shown 14 5 3 1 New Choose the New button to set up new certificate servers bintec R232bw Language English Online Help Express Setup Wizard Basic Parameters Description LDAP URL Path idap L L o 4 OK C Caneel J Fig 93 VPN gt Certificates gt Certificate Servers gt New The VPN gt Certificates gt Certificate Servers gt New menu consists of the following fields Fields in the Certificate Servers Basic Parameters menu bintec R200 Serie Field Description Description Enter a unique description for the certificate server LDAP URL Path Enter the LDAP URL of the server bintec R200 Serie 15 Firewall Funkwerk Enterprise Communications GmbH Chapter 15 Firewall The Stateful Inspection Firewall SIF provided for bintec gateways is a powerful security feature The SIF with dynamic packet filtering has a decisive advantage over static packet filtering The decision whether or not to send a packet cannot be made solely on the basis of source and destination addresses or ports but also using dynamic packet filtering based on the state of the connection to a partner This means packets that belong to an already active connectio
305. n can also be forwarded The SIF also accepts packets that belong to an affiliated connection The negotiation of an FTP connection takes place over port 21 for example but the actual data exchange can take place over a completely different port SIF and other security features bintec s Stateful Inspection Firewall fits into the existing security architecture of bintec device very well due to its simple configuration The configuration work for the SIF is com paratively straightforward with systems like Network Address Translation NAT and IP Ac cess Lists IPAL As SIF NAT and IPAL are active in the system simultaneously attention must be given to possible interaction If any packet is rejected by one of the security instances this is done immediately This is irrelevant whether another instance would accept it or not Your need for security features should therefore be accurately analysed The essential difference between SIF and NAT IPAL is that the rules for the SIF are gener ally applied globally i e not restricted to one interface In principle the same filter criteria are applied to the data traffic as those used in NAT and IPAL e Source and destination address of the packet with an associated netmask e Service preconfigured e g Echo FTP HTTP e Protocol e Port number s To illustrate the differences in packet filtering a list of the individual security instances and their method of operation is given belo
306. n critical applications with burst data traffic e Variable Bit Rate V 3 VBR 3 Variable Bit Rate The connection is assigned a guaranteed data rate Sus tained Cell Rate SCR This may be exceeded by the volume configured in Maximum Burst Size MBS Additional ATM traffic is marked and handled with low priority based on the utilisation of the destination network i e is discarded if ne cessary The Peak Cell Rate PCR represents the maximum possible data rate This category is suitable for critical applica tions with burst data traffic Enter a value for the maximum data rate in bits per second Possible values 0 to 10000000 The default value is 0 Only for ATM Service Category Variable Bit Rate V 1 VBR 1 Or Variable Bit Rate V 3 VBR 3 Enter a value for the minimum available guaranteed data rate in bits per second Possible values 0 to 10000000 The default value is 0 Only for ATM Service Category Variable Bit Rate V 1 VBR 1 Or Variable Bit Rate V 3 VBR 3 Enter a value for the maximum number of bits per second by which the PCR can be exceeded briefly Possible values 0 to 100000 The default value is 0 13 WAN Funkwerk Enterprise Communications GmbH 13 2 3 OAM Controlling OAM is a service for monitoring ATM connections A total of five hierarchies flow level F1 to F5 are defined for OAM information flow The most important information flows for an ATM connection are F4 and F5 The F4
307. n only be used with terminals that use the MFC dialling method and that have an R Glossary Connection of ISDN terminals CRC CTI D channel Data compression Data Link Layer Data packet Data transmission rate Datagram Datex J Day Night option Funkwerk Enterprise Communications GmbH or flash key The internal telephone number of the connection and not the ex ternal number multiple subscriber number must be entered as the MSN in the ISDN terminal connected to the internal ISDN bus See the user s guide for the ISDN terminals Enter MSN Please note that not all the ISDN terminals available on the market can use the performance features provided by the PBX via their key interface Cyclic Redundancy Check Computer Telephony Integration Term for connection between a PBX and server CTI enables PBX functions to be controlled and evaluated by a PC Control and signalling channel of an ISDN Basic Rate Interface or Primary Rate Interface The D channel has a data transmission rate of 16 kbps In addition to the D channel each ISDN BRI has two B channels A process for reducing the amount of data transmitted This enables higher throughput to be achieved in the same transmission time Ex amples of this technique include STAC VJHC and MPPC DLL A data packet is used for information transfer Each data packet contains a prescribed number of characters information and control characters The data t
308. n or equal to the value defined in RTS Threshold After this many failed attempts the packet is dis carded Possible values are 1 to 255 The default value is 7 Long Retry Limit Enter the maximum number of attempts to send a data packet of length less than or equal to the value defined in RTS Funkwerk Enterprise Communications GmbH 11 Wireless LAN Field Description Threshold After this many failed attempts the packet is dis carded Possible values are 1 to 255 The default value is 4 Fragmentation Enter the maximum size as of which the data packets are to be Threshold fragmented i e split into smaller units A low value is recom mended for this field in areas with poor reception and in the event of radio interference Possible values are 256 to 2346 The default value is 2346 bytes Max Receive Lifetime Enter the time from receipt of the first fragment of a data packet as of which no further attempts are made The data packet is discarded Possible values are 1 to 4294967295 The default value is 512 msec Max Transmit MSDU Enter the time from sending of the first fragment of a data pack Lifetime et as of which no further send attempts are made The data packet is discarded Possible values are 1 to 4294967295 The default value is 512 msec 11 1 2 Virtual Service Sets If you operate your device in access point mode Wireless LAN gt WLANx gt Wireless Module Settings gt gt gt Operating
309. n select from four interfaces en1 0 to en1 3 In the basic setting interface en 1 0 is assigned to all switch ports Configured Speed Select the mode in which the interface is to run Mode Possible values e Full Autonegotiation default value e Auto 100 mbps only e Auto 10 mbps only e Auto 100 mbps Full Duplex e Auto 100 mbps Half Duplex e Auto 10 mbps Full Duplex e Auto 10 mbps Half Duplex e Fixed 100 mbps Full Duplex e Fixed 100 mbps Half Duplex e Fixed 10 mbps Full Duplex e Fixed 10 mbps Half Duplex e Disabled The interface is created but remains inactive Current Speed Mode Shows the actual mode and actual speed of the interface Possible values e 100 mbps Full Duplex e 100 mbps Half Duplex e 10 mbps Full Duplex e 10 mbps Half Duplex e Inactive Fields in the Port Configuration Port Configuration menu Field Description Interface Shows the interface name of the separate Ethernet port ETH Configured Speed Select the mode in which the interface is to run Mode bintec R200 Serie Field Description Possible values e Full Autonegotiation default value e Auto 100 mbps only e Auto 10 mbps only e Auto 100 mbps only e Auto 100 mbps Full Duplex e Auto 100 mbps Half Duplex e Auto 10 mbps Full Duplex e Auto 10 mbps Half Duplex e Fixed 100 mbps Full Duplex e Fixed 100 mbps Half Duplex e Fixed 10 mbps Full Duplex e Fixed 10 mbps Half Duplex e Disabled
310. n the Advanced Settings Options menu Field Description Autosave Mode Select whether your device automatically stores the various steps of the enrolment internally This is an advantage if enrol ment cannot be concluded immediately If the status has not been saved the incomplete registration cannot be completed As soon as the enrolment is completed and the certificate has been downloaded from the CA server it is automatically saved in the device configuration The function is activated with Enabled The function is enabled by default 14 5 1 3 Import Choose the Import button to import other certificates bintec R200 Serie eee Sata E i t EEN Language English Online Help Express Setup Wizard Certificate List CRLs Certificate Servers Import External Filename Browse Local certtcate Description ERA File Encoding fi Auto v Password ee C OK I Cancel Fig 91 VPN gt Certificates gt Certificate List gt Import The VPN gt Certificates gt Certificate List gt Import menu consists of the following fields Fields in the Certificate List Import menu Field Description External Filename Enter the file path and name of the certificate to be imported or use Browse to select it from the file browser Local Certificate De Enter a unique description for the certificate scription File Encoding Select the type of coding so th
311. n the Go button bintec R200 Serie 18 1 3 Traceroute Test bintec R232bw Language English v Online Help Express Setup Wizard Ping Test Traceroute Test Traceroute Address i Output Software amp Configuration Diagnostics Fig 137 Maintenance gt Diagnosis gt Traceroute Test You use the traceroute test to display the route to a particular address IP address or do main name if this can be reached The Output field shows the traceroute test messages The traceroute test is started by entering the address to be tested in Traceroute Address and clicking on the Go button 18 2 Software amp Configuration 18 2 1 Options You can use this menu to manage the software version of your device your configuration files and the language of the Funkwerk Configuration Interface Your device contains the version of the system software available at the time of production More recent versions may have since been released You may therefore need to carry out a software update Every new system software includes new features better performance and any necessary bugfixes from the previous version You can find the current system software at www funkwerk ec com The current documentation is also available here bintec R200 Serie Funkwerk Enterprise Communications GmbH 18 Maintenance Important If you want to update your softwar
312. n two PCs Term for electronic banking e g using T Online Glossary Online Pass Online services OSI model OSPF Outgoing extension number signal Outgoing telephone number Packet switching PAP Parking PBX PBX PBX PBX PBX number Funkwerk Enterprise Communications GmbH Part of the T Com certification services for the Internet Digital pass for the Internet With the Online Pass an Internet user can be au thenticated as a customer in a company Services available around the clock via communication services such as T Online and the Internet OSI Open Systems Interconnection Open Shortest Path First The outgoing extension number signal is intended for internal con nections on the point to point to which an explicit extension number was not assigned When an external call is made the extension number entered under Outgoing Extension Number Signal is also transmitted If you have not suppressed transmission of your telephone number and the telephone of the person you are calling supports the CLIP function the person you are calling can see the telephone number of the connection you are calling from on their telephone display This telephone number transmitted during an external call is called the outgoing telephone number Packet switching Password Authentication Protocol The call is held temporarily in the exchange The main difference to on hold The call is interrupted the receiver can be
313. nabied E Multicast Group Address KL pee Source Interface None se pe Destination Interface None se Load Balancing _ ya i MN C Ok pie Cancel J Fig 61 Routing gt Multicast gt Forwarding gt p New The Routing gt Multicast gt Forward gt New menu consists of the following fields Fields in the Forward Basic Parameters menu Field Description All Multicast Groups Select whether all multicast groups e the complete multicast address range 224 0 0 0 4 are to be forwarded from the defined bintec R200 Serie Funkwerk Enterprise Communications GmbH 12 Routing Field Description Source Interface to the defined Destination Interface To do this check Enabled Disable the option if you only want to forward one defined mul ticast group to a particular interface The option is deactivated by default Multicast Group Address Only for All Multicast Groups disabled Enter here the address of the multicast group you want to for ward from a defined Source Interface to a defined Destination Interface Source Interface Select the interface on your device to which the selected multic ast group is sent Destination Interface Select the interface on your device to which the selected multic ast group is to be forwarded 12 5 2 IGMP IGMP Internet Group Management Protocol see RFC 3376 is used to signal the informa tion about group membership in a subnet As a resul
314. name Enter the password for the PPPoA connection Select whether the interface should always be activated bintec R200 Serie Funkwerk Enterprise Communications GmbH 13 WAN Field Description The function is activated with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Only if Always on is disabled Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Fields in the PPPoA IP Mode and Routes menu Field Description IP Address Mode Choose whether your device has a static IP address or is as signed one dynamically Possible values e Get IP Address default value Your device is dynamic ally assigned an IP address e Static You enter a static IP address Standard Route Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is enabled by default Create NAT Policy Specify whether Network Address Translation NAT is to be ac tivated The function is activated with Enabled
315. nd generated e Destination CC data is received e Source CC data is generated 13 3 Real Time Jitter Control When telephoning over the Internet voice data packets normally have the highest priority Nevertheless if the upstream bandwidth is low noticeable delays in voice transmission can occur when other packets are routed at the same time The real time jitter control function solves this problem So that the line is not blocked for too long for the voice data packets the size of the other packets can be reduced if re quired during a telephone call 13 3 1 Controlled interfaces In the WAN gt Real Time Jitter Control gt Regulated Interfaces menu a list of all inter faces is shown for which the real time jitter control has been configured 13 3 1 1 New Click o the New button to set up portforwarding for other interfaces bintec R200 Serie t fta 4 Controlled Interfaces ial 1 pa Language English Basic Settings Interface None Y Control Mode Controlled ATP Streams only x Maximum Upload Speed kbps Fig 73 WAN gt Real Time Jitter Control gt Regulated Interfaces gt New The WAN gt Real Time Jitter Control gt Regulated Interfaces gt New menu consists of the following fields Fields in the Regulated InterfacesBasic Settings menu Field Description Interface Define for which interfaces voice transmission is
316. nd subnet The netmasks for both subnets must also be indicated 10 1 1 1 Edit New Choose the eo icon to edit existing entries Choose the New button to create virtual inter faces ah k y das Language English Online Help Express Setup Wizard bintec R232bw amp Interfaces Basic Parameters Based on Ethernet Interface Selectone Address Mode Ostatic O DHCP P Address Netmask IP Address Netmask E F Cada Interface Mode Manual VLAN MAC Address o0 a0 19 VLAN ID fi Advanced Settings Proy ARP DEnabled TCP MSS Clamping L Enabled C OK C Cancel Fig 41 LAN gt IP Configuration gt Interfaces gt Edit New The LAN gt IP Configuration gt Interfaces gt Edit New menu consists of the following fields Fields in the Interfaces Basic Parameters menu Field Description Based on Ethernet Inter This field is only displayed if you are editing a virtual routing in face terface Select the Ethernet interface for which the virtual interface is to be configured Address mode Select how an IP address is assigned to the interface Possible values e Static default value A static IP address is assigned to the interface in IP Address Netmask DHCP An IP address is assigned to the interface dynamically via DHCP bintec R200 Serie Funkwerk Enterprise Communications GmbH 10 LAN Field Description IP Netmask Only
317. ndex Delete complete IPsec configuration 226 Description 164 169 174 179 187 202 211 219 223 230 234 241 249 251 260 271 272 273 274 277 286 300 312 357 358 364 366 Destination 265 Destination Filename 338 Destination Interface 154 Destination IP Address 130 321 322 358 Destination Port 132 141 Destination Port Range 274 Details 357 DH Group 211 DHCP Hostname 109 189 DHCP MAC Address 109 189 DHCP Options 298 Dialling Number 324 Direction 146 362 363 Distribution Mode 150 Distribution Policy 150 Distribution Ratio 152 DNS Negotiation 167 171 176 184 238 245 DNS Requests 291 DNS Server 288 DNS Server Configuration 283 DNS Test 335 Domain 288 Domain Name 283 Dormant 161 Down 161 Downstream 105 Drop non members 113 Drop untagged frames 113 Dropped 361 DSA Key Status 81 DSCP TOS Value 132 DTIM Period 120 Duplicate received MSDUs 366 Duration 362 363 Dynamic RADIUS Authentication 227 Index E Email 255 Enable Discovery Server 329 Enable IPSec 226 Enable Server 310 Enable Update 293 Enable VLAN 114 Enable Web Filter 302 Encapsulation 187 Encrypted 361 Encryption 91 181 237 244 Encryption Algorithms 80 Encryption of the Configuration 338 End to End Pending Requests 195 End to End Send Interval 195 Entries 184 Entry Active 85 90 Error 358 361 Ethernet Interface Selection 95 Exchange Type 358 Extend
318. nections e Configured Configured IPSec connections Field in the IPSec Statistics SAs menu Field Description IKE Phase1 Shows the number of active phase 1 SAs Established from the total number of phase 1 SAs Total bintec R200 Serie Field Description IPSec Phase2 Shows the number of active phase 2 SAs Established from the total number of phase 2 SAs Total Field in the IPSec Statistics Packet Statistics menu Field Description Total Shows the number of all processed incoming Incoming or outgoing Outgoing packets Passed Shows the number of incoming Incoming or outgoing Outgo ing packets forwarded in plain text Dropped Shows the number of rejected incoming Incoming or outgoing Outgoing packets Encrypted Shows the number of IPSec protected incoming Incoming or outgoing Outgoing packets Error Shows the number of incoming Incoming or outgoing Outgo ing packets for which the processing led to errors 20 3 ISDN Modem 20 3 1 Current Calls In the Monitoring gt ISDN Modem gt Current Calls menu a list of the existing ISDN con nections incoming and outgoing is shown bintec R200 Serie eka ic z ee EER Language English Online Help Express Setup Wizard Current Calls Call History Automatic Refresh Interval 60 Seconds Apply View 20 per page Fiter in None equal Go Service Remote Number Interface Direction Cha
319. ner al name e mail Organisational Unit Organisation Locality State Province and Country The function is disabled by default Summary Only for User Defined enabled Enter a subject name with attributes not offered in the list Example CN VPNServer DC mydomain DC com c DE Common Name Only for User Defined disabled Enter the name according to CA Email Only for User Defined disabled Enter the e mail address according to CA Organisational Unit Only for User Defined disabled Enter the organisational unit according to CA Organisation Only for User Defined disabled Enter the organisation according to CA Locality Only for User Defined disabled Enter the location according to CA State Province Only for User Defined disabled Enter the state province according to CA Country Only for User Defined disabled Enter the country according to CA The Advanced Settingsmenu consists of the following fields Fields in the Advanced Settings Alternative Subject Name menu Field Description 1 2 3 For each entry define the type of name and enter additional subject names Possible values e None default value No additional name is entered e TP An IP address is entered e DNS A DNS name is entered e Email An e mail address is entered e URI A uniform resource identifier is entered e DN A distinguished name DN name is entered e RID A registered identity RID is entered Field i
320. nes A Route Timeout 180 Seconds w Garbage Collection Timer 120 Seconds exert annan Ok J C Cancel Fig 59 Routing gt RIP gt RIP Options The Routing gt RIP gt RIP Options menu consists of the following fields Fields in the RIP Options Global RIP Parameters menu Field Description RIP UDP Port The setting option UDP port which is used for sending and re ceiving RIP updates is only for test purposes If the setting is changed this can mean that your device sends and listens at a port that no other devices use The default value 520 should be retained bintec R200 Serie 12 Routing Funkwerk Enterprise Communications GmbH Field Description Default Route Distribu Select whether the default route of your device is to be propag tion ated via RIP updates The function is activated with Enabled The function is enabled by default Poisoned Reverse Select the procedure for preventing routing loops With standard RIP the routes learnt are propagated over all in terfaces with RIP SEND activated With Poisoned Reverse however your device propagates over the interface over which it learnt the routes with the metric Next Hop Count 16 Network is not reachable The function is activated with Enabled The function is disabled by default RFC 2453 Variable For the timers described in RFC 2453 select whether the same Timer values that you can configure in the Timer for RIP V2 RFC 2453 menu T
321. nication networks RTSP In this menu you configure the use of the RealTime Streaming protocol Local services bintec R200 Serie DNS In this menu you configure the name resolution Funkwerk Enterprise Communications GmbH 7 Access and configuration DynDNS Client DHCP Server Web Filter CAPI Server Scheduling Surveillance ISDN Theft Protection Funkwerk Discovery UPnP Maintenance In this menu you configure the dynamic name resolution In this menu you configure your device as a DHCP server In this menu you configure the use of the URL based Proventia Web Filter from ISS www iss net In this menu you configure your device as a CAPI server In this menu you configure time dependent standard actions of your devices In this menu you configure the surveillance of interfaces or hosts in the network In this menu you can configure the ISDN theft protection func tion for each interface In this menu you can configure management functions for bintec Access Point In this menu you configure the UPnP settings individually for each interface of your gateway Diagnostics Software amp Configura tion Reboot External Reporting In this menu you can test the accessibility of hosts DNS servers or routing In this menu you manage your device s software version con figuration files and interface language In this menu you can initiate the rebooting of the device Syslog I
322. nly used for DHCP requests in the same subnet Local Relay The DHCP pool is used for DHCP requests in the same subnet and from other subnets e Relay The DHCP pool is only used for DHCP requests for warded from other subnets The Advanced Settingsmenu consists of the following fields Fields in the menu Advanced Settings Field Description Gateway Select which IP address is to be transferred to the DHCP client as gateway Possible values e No gateway default value No IP address is sent e Use router as gateway The IP address defined for the Interface is transferred e Specify Enter the corresponding IP address Lease Time Enter the length of time in minutes for which an address from the pool is to be assigned to a host After the Lease Time Minutes expires the address can be re assigned by the server The default value is 120 DHCP Options Specify which additional data is forwarded to the DHCP client Possible values for Option e Time Server default value Enter the IP address of the Field Description time server to be sent to the client e DNS Server Enter the IP address of the DNS server to be sent to the client DNS Domain Name Enter the DNS domain to be sent to the client WINS NBNS Server Enter the IP address of the WINS NBNS server to be sent to the client e WINS NBT Node Type Enter the type of the WINS NBT node to be sent to the client e TFTP Server Enter the IP
323. nnection VPC 195 Virtual Path Identifier VPI 187 VLAN ID 108 VLAN Identifier 112 VLAN Members 112 VLAN Name 112 Ww WEP Key 1 4 125 Wildcard 294 Wireless Mode 119 Wireless module 117 WPA Cipher 125 WPA Mode 125 WPA2 Cipher 125 X X 31 X 25 in D Channel 100 X 31 TEI Service 100 X 31 TEI Value 100 XAUTH Profile 203 Z Zero Cookie Size 227 bintec R200 Serie
324. nnections based on this profile If this field is left empty your device uses the IP address of the interface used to reach Remote IP Address by the L2TP tun nel Hello Interval Enter the interval in seconds between the sending of two L2TP HELLO messages These messages are used to keep the tun nel open The available values are 0 to 255 the default value is 30 The value 0 means that no L2TP HELLO messages are sent Minimum Time between Enter the minimum time in seconds that your device waits be Retries fore resending a L2TP control packet for which it received no re sponse The wait time is dynamically extended until it reaches the Max Field Description imum Time between Retries The available values are 1 to 255 the default value is 1 Maximum Time between Enter the maximum time in seconds that your device waits be Retries fore resending a L2TP control packet for which it received no re sponse The available values are 8 to 255 the default value is 1 6 Maximum Retries Enter the maximum number of times your device is to try to re send the L2TP control packet for which is received no response The available values are 8 to 255 the default value is 5 Data Packets Sequence Select whether your device is to use sequence numbers for Numbers data packets sent through a tunnel on the basis of this profile The function is not currently used The function is activated with Enabled The function is disabled b
325. nter the user name for which access to the CAPI service is to be allowed or denied Password Enter the password with which the user User Name has to use for identification purposes to gain access to the CAPI service Access Select whether access to the CAPI service is to be permitted or denied for the user The function is enabled by choosing Enabled The function is enabled by default 175 2 Options bintec R232bw Language English Express Setup Wizard ser Options Basic Parameters Enable Server El Enabled CAPI Server TCP Port 2662 C Ok D Cancel CAPI Server Scheduling Surveillance ISDH Theft Protection Funkwerk Discovery Fig 120 Local Services gt CAPI Server gt Options The Local Services gt CAPI Server gt Options menu consists of the following fields Fields in the Options Basic Parameters menu bintec R200 Serie Field Description Enable Server Select whether your device is to be enabled as a CAPI server The function is enabled by choosing Enabled The function is enabled by default CAPI Server TCP Port The field can only be edited if Enable Server is enabled Enter the TCP port number for remote CAPI connections The default value is 2662 176 Scheduling Your device has a event scheduler which enables certain standard actions activation or deactivation of interfaces to be carried out on a time dependent basis Note
326. nterface Possible values are 0 to 255 The default value is 10 Maximum number of IG Limit the number of reports queries per second for the selected MP status messages interface Mode Specify whether the interface defined here only works in host mode or in both host mode and routing mode Possible values e Host and Routing default value The interface is oper ated in routing mode and in host mode e Host only The interface is only operated in host mode IGMP Proxy IGMP Proxy enables you to simulate several locally connected interfaces as a subnet to an adjacent router Queries coming in to the IGMP Proxy interface are forwarded to the local subnets Local reports are forwarded on the IPGM Proxy interface Multicast Sender bintec r232bw bintec r232bw o Multicast Receiver C m IGMP Proxy Interface Multicast Receiver Fig 63 IGMP Proxy The Advanced Settingsmenu consists of the following fields Fields in the menu Advanced Settings Field Description IGMP Proxy Select whether your device is to forward the hosts IGMP mes sages in the subnet via its defined Proxy Interface Proxy Interface Only for IGMP Proxy enabled Select the interface on your device via which queries are to be received and collected bintec R200 Serie 12 5 3 Options In this menu you can enable and disable IGMP on your system You can also define whether IGMP is to be used in compatibility mode or only IGMP V3 hos
327. ntly for each subscriber in the configura tion A selected telephone number is parked in the telephone s memory It can be redialled later even if you have called other numbers in the meantime For PBXs describes the terminal e g telephone connected to the exchange Each extension can access PBX services and commu nicate with other extensions Funkwerk Enterprise Communications GmbH Extension number Extension numbers range Fall Back Priority of the Internet provider entries Fax FHSS Frequency Hopping Spread Spectrum File transfer Filter Firewall Firmware Glossary An extension is an internal number for a terminal or subsystem In point to point ISDN accesses the extension is usually a number from the extension numbers range assigned by the telephone pro vider In point to multipoint connections it can be the MSN or a part of the MSN direct dialling range The priority of the Internet provider entries is defined by the se quence in which they are entered in the list The first entry of a DSL connection is the standard access If a connection cannot be set up via the standard access after a predefined number of attempts setup is attempted using the second entry then subsequent entries If the final entry in the list does not enable a connection to be set up successfully the operation is terminated until a new request is made When fall back occurs and all other ISPs can only be reached by di
328. o a 1 to n rela tionship between groups and source addresses This information is forwarded to the router by means of reports In the case of incoming multicast data traffic a router can use this in formation to decide whether a host in its subnet wants to receive it Your device supports the current version IGMP V3 which is upwardly compatible which means that both V3 and V1 V2 hosts can be managed Your device supports the following multicast mechanisms e Forwarding This relates to static forwarding i e incoming data traffic for a group is for warded in all cases This is a useful option if multicast data traffic is to be permanently forwarded e IGMP IGMP is used to gather information about the potential recipients in a subnet In the case of a hop incoming multicast data traffic can thus be selected Tip a With multicast the focus is on excluding data traffic from unwanted multicast groups Note that if forwarding is combined with IGMP the packets can be forwarded to the groups specified in the forwarding request 12 5 1 Forwarding In this menu you specify which multicast groups are always forwarded between the inter faces of your device 12 5 1 1 New Choose the New button to create forwarding rules for new multicast groups bintec R232bw Language English x Express Setup Wizard Forwarding IGMP Options 2 E Basic Parameters WirelessLAN OOO v All Multicast Groups ClE
329. o not enter a Stop Time or set Stop Time Start Time the initiator is activated and deactivated after 10 seconds 176 2 Options In the Local Services gt Scheduling gt Options menu you configure the schedule inter val So long as under Local Services gt Scheduling gt Schedule no tasks are configured Of f is shown in this field bintes R232bw Time Schedule Options Scheduling Options Schedule Interval off C oK C Cancel CAPI Server Scheduling Surveillance _ ISDN Theft Protection E Funkwerk Discovery UPnP Fig 122 Local Services gt Scheduling gt Options The Local Services gt Scheduling gt Options menu consists of the following fields Fields in the Options Scheduling Options menu Field Description Schedule Interval Enter the interval in seconds during which the system checks whether there are planned tasks Possible values are 0 to 65535 The value 300 is recommended 5 minute accuracy Values lower than 60 are generally pointless and are an unnecessary use of system resources bintec R200 Serie Field Description If Off is displayed in this field the scheduler is deactivated 17 7 Surveillance In this menu you can configure an automatic availability check for hosts or interfaces and automatic ping tests 3 Note This function cannot be configured on your device for connections that are authentic ated via a RADIUS server
330. of the global PPTP profile T j r GTA thid poe jabs bintee IO camara onire nep eres seun vo apor PPTP Tunnels Options Global Options GRE Window Adaption Enabled GRE Window Size fo C OK Cancel Fig 87 VPN gt PPTP gt Options The menu VPN gt PPTP gt Options consists of the following fields Fields in the Options Global Options menu Field Description GRE Window Adaption Select whether the GRE Window Adaptation is to be enabled This adaptation only becomes necessary if you have down loaded service pack 1 from the Microsoft Windows XP page and installed it Since in SP 1 Microsoft has changed the confirma tion algorithm in the GRE protocol the automatic window adapt ation for GRE must be turned off on the bintec side The function is activated with Enabled The function is enabled by default GRE Window Size Enter the maximum number of GRE packets that can be sent without confirmation Windows XP uses a higher initial reception window in the GRE which is why the maximum send window size on the bintec side bintec R200 Serie Field Description must be adjusted here via the value GRE Window Size Pos sible values are O to 256 14 4 GRE Generic Routing Encapsulation GRE is a network protocol that encapsulates other proto cols and transports them in the form of IP tunnels to the specified recipients The specification of the GRE protocol is avail
331. og messages that are stored internally in the device Possible values are 0 to 1000 The default value is 50 You can view the stored messages in Monitoring gt Internal Log Select the priority of system messages above which a log should be created System messages are only recorded internally if they have a higher or identical priority to that indicated i e all messages generated are recorded at syslog level debug Possible values Emergency Only messages with emergency priority are re corded Alert Messages with emergency and alert priority are recor ded Critical Messages with emergency alert and critical prior ity are recorded Errors Messages with emergency alert critical and error priority are recorded Warning Messages with emergency alert critical error and warning priority are recorded Notice Messages with emergency alert critical error warning and notice priority are recorded Information default value Messages with emergency alert critical error warning notice and information priority are recorded Debug All messages are recorded Field VENTO Maximum Number of Ac Enter the maximum number of accounting entries that are counting Log Entries stored internally in the device Possible values are 0 to 1000 The default value is 20 8 2 2 Passwords Setting the passwords is another basic system setting fee AE bintes R232bW System Passwords Date and
332. ol is included on your device the Configuration Manager As SNMP is a standard protocol you can use any other SNMP managers e g HPOpenView For more information on the SNMP versions see the relevant RFCs and drafts e SNMP V 1 RFC 1157 e SNMP V 2c RFC 1901 1908 e SNMP V 3 RFC 3410 3418 19 4 1 SNMP Trap Options In the event of errors a message known as a trap packet is sent unrequested to monitor the system In the External Reporting gt SNMP gt SNMP Trap Options menu you can configure the sending of traps Basic Parameters SNMP Trap Broadcasting DEnabled ox JC cancel JS Fig 145 External Reporting gt SNMP gt SNMP Trap Options bintec R200 Serie 19 External Reporting Funkwerk Enterprise Communications GmbH The External Reporting gt SNMP gt SNMP Trap Options menu consists of the following fields Fields in the SNMP Trap Options Basic Parameters menu Field Description SNMP Trap Broadcast Select whether the transfer of SNMP traps is to be activated ing Your device then sends SNMP traps to the LAN s broadcast ad dress The function is enabled by choosing Enabled The function is disabled by default SNMP Trap UDP Port Only if SNMP Trap Broadcasting is enabled Enter the number of the UDP port to which your device is to send SNMP traps Any whole number is possible The default value is 162 SNMP Trap Community Only if SNMP Trap Bro
333. om bintec R200 Serie 5 Chapter 3 Installation A Caution Please read the safety notices carefully before installing and starting up your device These are supplied with the device 3 1 Setting Up and Connecting a Note All you need for this are the cables and antennas supplied with the equipment f Caution The use of the wrong mains adapter may damage your device Only use the mains ad aptor supplied with the equipment If you require foreign adapters mains units please contact our funkwerk service Incorrect cabling of the ISDN and ETH interfaces may also damage your device Con nect only the ETH interface of the device to the LAN interface of the computer hub or a WAN interface if available and the ISDN interface of the device only to the ISDN con nection 6 bintec R200 Serie Wireless LAN ADSL ISDN GE o 0 008 e e 2 Power supply i Serial connect to PC DSL Splitter ISDN outgoing line Switch Server Fig 2 Connection options using the example of bintec R232bw When setting up and connecting carry out the steps in the following sequence refer to the connection diagrams for the individual devices in chapter Technical data on page 21 1 Antennas Screw the two external standard antennas supplied to the RSMA connec tions provided for this purpose only bintec R230aw and bintec R232bw 2 Place your device on a solid level base 3 LAN For the standard configur
334. om your connection to the destination of the forwarded call This feature can therefore be used by system telephones and ISDN telephones that support this function see user s guide for terminals For more in formation on using this performance feature with the telephone please see the user s guide Performance feature of a PBX Telephone numbers are stored ina PBX and can be called from every connected telephone using a key combination Certificate Channel bundling Challenge Handshake Authentication Protocol Frame Check Sequence FCS Calling Line Identification Funkwerk Enterprise Communications GmbH Client CLIP CLIR COLR Combination device Conference call Configuration Man ager Configuration of the PBX with the PC Configuration of the PBX with the tele phone Connection of ana logue terminals Glossary A client uses the services provided by a server Clients are usually workstations Abbreviation for Calling Line Identification Presentation Telephone number display of calling party Abbreviation for Calling Line Identification Restriction Temporary suppression of the transmission of the calling party s telephone number Connected Line Identification Restriction suppress B telephone number This performance feature permits or suppresses the dis play of the called subscriber s telephone number If display of the B telephone number is suppressed your telephone number is not transmitted
335. on Interface shell commands Serial connection Shell command Therefore several types of configuration are available for each type of connection bintec R200 7 Access and configuration Funkwerk Enterprise Communications GmbH En Note To change the device configuration you must log in with the user name admin If you do not know the password you cannot make any configuration settings This applies to all types of configuration 7 3 1 Express Setup Wizard for beginners You have already learnt about configuration with the Express Setup Wizard in the Quick Install Guide It is used to perform the basic configuration of your device quickly and can also be used if you can address the device with its preset IP configuration from your LAN This usually covers most standard configurations However if you would like to make further settings you can use the other configuration methods mentioned above You can first configure your device with the Express Setup Wizard and subsequently extend or change this initial configuration with one of the other tools In many cases configuration using the Express Setup Wizard alone will be suffi cient The Express Setup Wizard guides you through the configuration Once you have exited the Express Setup Wizard your device is ready for use The information you need for configuration with the Express Setup Wizard and the prerequisites for this can be found in the Installation on page 6 which is
336. on Standard It is regarded as just as secure as Rijndael AES but is slower Universal Asymmetric Digital Subscriber Line User Datagram Protocol Update to a software program PBX firmware An update is the up dated version of an existing software product and is indicated by a new version number Data transfer during online connections where files are transferred from the user s PC to another PC or to a data network server Universal Plug and Play Data transmission rate from the client to the ISP Universal Uniform Resource Locator Universal Serial Bus Electronic user guidance that takes the user through the required functions of a terminal such as a telephone answering machine or fax machine step by step menu guided operation This function is only possible for system telephones and ISDN tele phones ITU T recommendation for balanced dual current interface lines up to 10 mbps bintec R200 Serie V 24 V 28 V 35 V 36 V 42bis V 90 Vanity VDSL VID VJHC VLAN VoIP VPN VSS WAN WAN interface WAN partner Web server Webmail CCITT and ITU T recommendation that defines the interface between a PC or terminal as Data Terminal Equipment DTE and a modem as Data Circuit terminating Equipment DCE ITU T recommendation for unbalanced dual current interface line ITU T recommendation for data transmission at 48kbps in the range from 60 to 108kHz Modem for V 35 Data compression p
337. one network that supports the connection of end systems Function on telephones with an integrated loudspeaker You can press a button so that the people present in the room can also hear the telephone call Every device in the network is defined by a fixed hardware address MAC address The network card of a device defines this interna tionally unique address Encryption using public keys requires the public keys to be ex changed first During this exchange the unprotected keys can be in tercepted easily making a man in the middle attack possible The attacker can set a key at an early stage so that a key known to the man in the middle is used instead of the intended key from the real communication partner See HMAC MD5 Multifrequency code dialling method Management Information Base Switch for turning off the microphone The subscriber on the tele phone cannot hear the discussions in the room Mixed mode MLPPP Modem MPDU MPPC MPPE MSDU MSN MSSID MTU Multicast Multiple subscriber number Multiprotocol gate way The access point accepts WPA and WPA2 Multilink PPP Modulator Demodulator MAC Protocol Data Unit every information packet exchanged on the wireless medium includes management frames and fragmented MSDUs Microsoft Point to Point Compression Microsoft Point to Point Encryption MAC Service Data Unit a data packet that ignores fragmentation in the WLAN Multiple subscriber nu
338. onnection is not possible restart the device to initialise the SSH Daemon correctly The System Management gt Administrative Access gt SSH menu consists of the follow ing fields Fields in the SSH SSH Parameters secure shell menu Field VENTO SSH Service Active Select whether the SSH Daemon is to be enabled for the inter face The function is enabled by choosing Enabled 8 System Management Funkwerk Enterprise Communications GmbH Field VENTO The function is enabled by default Compression Select whether data compression should be used The function is enabled by choosing Enabled The function is disabled by default TCP Keepalives Select whether the device is to send keepalive packets The function is enabled by choosing Enabled The function is enabled by default Logging Level Select the syslog level for the syslog messages generated by the SSH Daemon Possible settings e Information default value Fatal and simple errors of the SSH Daemon and information messages are recorded e Fatal Only fatal errors of the SSH Daemon are recorded e Errors Fatal and simple errors of the SSH Daemon are re corded e Debug All messages are recorded Fields in the SSH Authentication and Encryption Parameters menu Field Value Encryption Algorithms Select the algorithms that are to be used to encrypt the SSH connection Possible options e 3DES e Blowfish e AES 128 e AES 256 3DES Blo
339. ord is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol PAP CHAP MS CHAP Primarily run CHAP on denial then 13 WAN Funkwerk Enterprise Communications GmbH Field Description the authentication protocol required by the connection partner MSCHAP version 1 or 2 possible e MS CHAPv2 Run MS CHAP version 2 only DNS Negotiation Select whether your device receives IP addresses for primary DNS server and secondary DNS server from the connection partner or sends these to the connection partner The function is activated with Enabled The function is enabled by default Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled The function is disabled by default LCP Alive Check Check whether the availability of the remote terminal is to be checked by sending LCP echo requests or replies This makes it possible to switch to a backup connection more quickly in the event of line faults The function is activated with Enabled The function is disabled by default 13 1 2 PPTP In the WAN gt In
340. ort DSCP TOS Value Mode Ignore y IP Routes Options Enabled Network Route Y is None lt j Direct 0 0 0 0 1 None v 0 0 0 0 j 0 0 0 0 ha Any s Port z to Port Any Port F to Port Dialup and wait v C OK C Cancel Fig 51 Routing gt Routes gt IP Routes gt New with Extended Route Activated The Routing gt Routes gt IP Routes gt New menu consists of the following fields Fields in the IP Routes Route Class menu Field Description Extended Route Select whether the route is to be defined with extended para meters If the function is active a route is created with extended routing parameters such as source interface and source IP ad dress as well as protocol source and destination port type of service TOS and the status of the device interface The function is enabled by choosing Enabled The function is disabled by default Fields in the IP Routes Route Parameters menu Field Description Route Type Select the type of route bintec R200 Serie Funkwerk Enterprise Communications GmbH 12 Routing Field Description Possible values e Network Route default value Route to a network e Default Route ls used if no other suitable route is avail able e Host Route Route to a single host Destination IP Address Only if Route Type Host Route or Network Route Netmask Enter the IP address of
341. otely for example a Note If you connect an unconfigured device to an ISDN connection in parallel to a PBX the PBX cannot take any calls until an ISDN number is configured on the device Access over ISDN costs money If your device and your computer are in the LAN it is cheaper to access your device via the LAN or via the serial interface Your device in your LAN merely needs to be connected to the ISDN connection and switched on To reach your device over ISDN Login proceed as follows 1 Connect your device to the ISDN 2 Log in as administrator on your device in the remote LAN in the usual way 3 In the SNMP shell type in isdnlogin lt number of the ISDN connection of your device gt 9 isdnlogin 1234 4 The login prompt appears You are now in the SNMP shell of your device Continue with Logging in for Configuration on page 42 7 2 Logging in With certain access data you can log in on your device and carry out different actions The extent of the actions available depend on the authorisations of the user concerned 7 Access and configuration Funkwerk Enterprise Communications GmbH A login prompt appears first regardless of how you access your device You cannot view any information on the device or change the configuration without authentication 7 2 1 User names and passwords in ex works state In its ex works state your device is provided with the following user names and passwords User names an
342. oup Description Distribution Policy Session Round Robin w Y Distribution Mode Always Only use active interfaces Interface Selection for Distribution Vege re i ee Interface Distribution Ratio A None wl fo Cada is i C OK M cancel Back J Fig 60 Routing gt Load Sharing gt Load Sharing Groups gt New The Routing gt Load Balancing gt Load Balancing Groups gt New menu consists of the following fields Fields in the Load Balancing GroupsBasic Parameters menu bintec R200 Serie Funkwerk Enterprise Communications GmbH 12 Routing Field Description Group Description Enter the desired description of the interface group Distribution Policy Select the way the data traffic is to be distributed to the inter faces configured for the group Possible values e Session Round Robin default value A newly added session is assigned to one of the group interfaces according to the percentage assignment of sessions to the interfaces The number of sessions is decisive e Load dependent Bandwidth A newly added session is assigned to one of the group interfaces according to the share of the total data rate handled by the interfaces The current data rate based on the data traffic is decisive in both the send and receive direction Consider Only for Load Balancing Policy Bandwidth load dependent Choose the direction in which the current data rate is to be con s
343. oup are queried according to priority and Funkwerk Enterprise Communications GmbH 8 System Management Field Value Possible values e New default value Enter a new group description in the text field e lt Group Name gt Select a predefined group from the list The Advanced Settingsmenu consists of the following fields Fields in the menu Advanced Settings Field Value Policy Select how your device is to react if a negative answer to a re quest is received Possible values e Authoritative default value A negative answer to a re quest is accepted e Non authoritative A negative answer to a request is not accepted A request is sent to the next RADIUS server until your device receives an answer from a server configured as authoritative UDP Port Enter the UDP port to be used for RADIUS data RFC 2138 defines the default ports 1812 for authentication 1645 in older RFCs and 1813 for accounting 4 180 84 cm older RFCs You can obtain the port to be used from the docu mentation for your RADIUS server The default value is 1812 Server Timeout Enter the maximum wait time between ACCESS REQUEST and response in milliseconds After timeout the request is repeated according to Retries or the next configured RADIUS server is requested Possible values are whole numbers between 50 and 50000 The default value is 1000 1 second Alive Check Here you can activate a check of the reachability of a RADIUS 8
344. ove the table you will find the configured Maximum Num ber of Syslog Entries and the configured Maximum Message Level of Syslog Entries These values can be changed in the System Management gt Global Settings gt System menu bintec R232bw Language English Y Express Setup Wizard f autos Refresh interval feo Seconds Apply Maximum Number of Syslog Entries 50 Maximum Message Level of Syslog Entries Information per page lt P gt Filter in ae Time Level Subsystem J 4 1970 01 01 23 51 12 Information INET APDISCD 3 access points found on interface 1000 12 1970 01 01 23 51 02 Information INET APDISCD discovery initiated on interface 1000 i E 1970 01 01 23 46 25 Information INET ALIVED interface 50000 set down 4 1970 01 01 23 45 54 Information INET ALIVED interface 50000 set up 5 1970 01 01 23 39 49 Information INET ALIVED interface 50000 set down l6 1970 01 011 04 02 2611 Information IPSec SPD created private key index 1 7 1870 01 01 04 02 23 1 Information IPSec CertMigmt 1 Using Key index 1 for enrollment iPsee 8 1970 01 01 00 00 05 Information Configuration system r232bw started at Thu Jan 1 0 00 05 1970 ISD Modem El 1970 01 01 1 00 00 05 Information INET sshd pid 44 listening on 0 0 0 0 port 22 Interfaces 10 1970 01 01 00 01 00 05 Information IPSec init starting
345. ovider User defined Desorption E i E E Type Ethernet over ATM kd virtual Path identifier OPI 3 Virtual Channel Identifier CH ae Encapsulation LLC Bridged no FCS Ethernet aver ATM Settings E ID Default Ethernet for PPPoE Interfaces Enabled Address Mode static ODHcP ga 3 Mrs Netmask ress Netmask C Add MAC Address ER Muse buit in C OK cancel Fig 70 WAN gt ATM gt Profiles gt New The WAN gt ATM gt Profile gt New menu consists of the following fields Fields in the Profile ATM Profiles Parameter menu Field Description Provider Select one of the preconfigured ATM profiles for your provider from the list or manually define the profile using User Specified Description Only for Provider User defined Enter the desired description for the connection bintec R200 Serie 13 WAN Funkwerk Enterprise Communications GmbH Field Description Type Only for Provider User defined Select the protocol for the ATM connection Possible values e Ethernet over ATM default value Ethernet over ATM EthoA is used for the ATM connection Permanent Virtual Circuit PVC e Routed Protocols over ATM Routed Protocols over ATM RPoA is used for the ATM connection Permanent Vir tual Circuit PVC e PPP over ATM PPP over ATM PPPoA is used for the ATM connection Permanent Virtual Circuit PVC Virtual Path I
346. owing fields Fields in menu Port Configuration Field Description Interface Shows the port for which you define the PVID and processing rules PVID Assign the selected port the required PVID Port VLAN Identifi er If a packet without a VLAN tag reaches this port it is assigned this PVID Drop untagged frames If this option is enabled untagged frames are discarded If the option is disabled untagged frames are tagged with the PVID defined in this menu bintec R200 Serie Field Description Drop non members If this option is enabled all tagged frames that are tagged with a VLAN ID to which the selected port does not belong are dis carded 10 2 3 Administration In this menu you make general settings for a VLAN The options must be configured sep arately for each bridge group Paps bintec R232bw VLANs Port Configuration Administration Bridge Group br VLAN Options Enable VLAN Enabled Management VID 1 Management x d Ok J C cancel _ Fig 45 LAN gt VLAN gt Administration The LAN gt VLAN gt Administration menu consists of the following fields Fields in the menu Bridge Group br lt ID gt VLAN Options Field Description Enable VLAN Enable or disable the specified bridge group for VLAN The function is activated with Enabled The function is not activated by default Management VID Enter the VLAN ID of the VLAN in which your device is to oper
347. penea 4 11 1970 01 01 00 00 05 Information IPSec BinTec ipsecd version 3 o Copyright 1996 2008 by Funkwerk His SE A _ Enterprise Communications GmbH 112 1970 01 01 00 00 0 00 05 Information IPSec ae running 13 1970 01 01 00 00 00 Debug ATM loading dspfile lt XEY ADSLixey gt failed reason 1 file not found gt la 19 1970 01 01 00 00 00 Debug ATM unable to get fw i image ls 1970 01 01 00 00 00 Debug ATM Error PTIDSL pointer invalid 116 1970 01 01 00 00 00 Information Configuration boot configuration loaded Page 1 tems 1 16 Fig 148 Monitoring gt Internal Log gt System Messages Values in the list System Messages bintec R200 Serie Field Description Displays the serial number of the system message Date Displays the date of the record Time Displays the time of the record Level Displays the hierarchy level of the message Subsystem Displays which subsystem of the device generated the mes sage Message Displays the message text 20 2 IPSec 20 2 1 IPSec Tunnels In the Monitoring gt IPSec gt IPSec Tunnel menu a list of all configured IPSec peers is shown Tee 17 jah Language English Online Help Express Setup Wizard ps a bintec R232bw IPSec Tunnels IPSec Statistics E Bl cc Automatic Retresh Interval 60 Seconds Apply 7 S View 20 per page Filter in None Y equal y Go
348. period specified by the exchange approx 45 minutes Manual deletion before this period has elapsed is also possible You urgently need to contact a business partner or internal sub scriber When you call them you always hear the ringing tone but your business partner is not close to the telephone and does not pick up With Callback on no reply you can reach the subscriber as soon as they have completed a call or lifted and replaced the re ceiver of their telephone Your telephone rings When you lift the re ceiver a connection to the required subscriber is established auto matically You can activate ShortHold When you do so you define the time after which an existing connection is cleared if data transfer is no longer taking place If you enter a time of 0 ShortHold is deactiv ated After the receiver of a telephone is lifted the telephone number of the external subscriber can be dialled immediately Performance feature of a terminal If the line is busy several redial attempts are made Corresponds to a telephone line in T Net In T ISDN the basic con nection contains two B channels each with a data transmission rate of 64 kbps Bearer channel of an ISDN Basic Rate Interface or a Primary Rate Interface for the transmission of traffic voice data An ISDN Basic Rate Interface consists of two B channels and one D channel AB channel has a data transmission rate of 64 kbps The data transmis sion rate of an ISDN Ba
349. port 37 e Time Service TCP This server uses the Time service with TCP port 37 e None This time server is not currently used for the time re quest Time Offset from GMT Select the offset in hours between the system time and the time received from the time server usually GMT Possible values are 12to 13 The default value is 0 Time Update Interval Enter the time interval in minutes at which the time is automatic ally updated The default value is 1440 Time Update Policy Enter the time period after which the system attempts to contact the time server again following a failed time update Possible values e Normal default value The system attempts to contact the time server after 1 2 4 8 and 16 minutes e Aggressive For ten minutes the system attempts to con tact the time server after 1 2 4 8 seconds and then every 10 seconds e Endless For an unlimited period the system attempts to contact the time server after 1 2 4 8 seconds and then every 10 seconds If certificates are used to encrypt data traffic in a VPN it is ex tremely important that the correct time is set on the device To ensure this is the case for Time Update Policy select the value Endless Internal Time Server Select whether the internal time server is to be used The function is enabled by choosing Enabled Time requests Field Description from a client will be answered with the current system time This is given as
350. pplications need increasingly larger bandwidths which are not always available Quality of Service QoS makes it possible to distribute the available bandwidths effectively and intelligently Certain applications can be given preference and bandwidth re served for them In the Firewall gt Policies gt QoS menu a list of all QoS rules is shown 15 1 2 1 New Choose the New button to set up new QoS rules bintec R200 Serie tear f Wn a a J Online Help Express Setup Wizard Filter Rules QoS Options ape 1s Mas 2 Language English A bintec R232bw Configure QoS Interface a Interface Select one v Traffic Shaping ClEnabled Filter Rules Source Destination Service Traffic Priority Use Bandwidth Bit s Bounded 4 oK Cancel Fig 96 Firewall gt Policies gt QoS gt New The Firewall gt Policies gt QoS gt New menu consists of the following fields Fields in the QoS Configure QoS Interface menu Field Description Interface Select the interface on which bandwidth management is to be carried out Traffic Shaping Select whether you want to activate bandwidth management for the selected interface The function is activated with Enabled The function is disabled by default Specify Bandwidth Only for Traffic Shaping Enabled Enter the maximum available bandwidth in kbps for the selected interface Filter rules This field cont
351. ptions a EET anl A a A B 147 12 4 Load Balancing sue r4 u 68 Wo BOD a Pes a 149 12 4 1 Load Balancing Groups 2 2 een 150 12 5 MulticaS tooo a a int chp ade ee ie ee aden ips O ay Becher Map ge yet ed Es 152 12 5 1 Forwarding o s cerdas i Bee OE Gd es ewe ee ee a A in G 154 12 5 2 IGMP E at ip Ba AD es Wt ke Bes A AP A 155 12 5 3 OPONSE ie ee Sera Hee PO Bae Dea AA Bai 159 Chapter 13 WANG Say a Me BAe Ae a aa ee a 161 13 1 Internet Dialup 1 ee ee ee ee 161 13 1 1 PRPO0E to a Web WS e OR a a eh ate elas ae Be 163 bintec R200 Serie 13 1 2 13 1 3 13 1 4 13 1 5 13 2 13 2 1 13 2 2 13 2 3 13 3 13 3 1 Chapter 14 14 1 14 1 1 14 1 2 14 1 3 14 1 4 14 1 5 14 1 6 14 2 14 2 1 14 2 2 14 2 3 14 3 14 3 1 14 3 2 14 4 14 4 1 14 5 14 5 1 bintec R200 Serie V PPTP A ons ol o a Bi ee ee lov feat a BTS ese tends 168 PPROAS ir 3 5 040503 Ge ies i Ole WOR eh yh Ue th a He Flay Oa oes 173 ISDN Loe be bP A a tt 177 IPAPOOINS s ox ei ats e ee he On A ee ew a A 185 ATM cti A nae hl A ee SRL ead eee We E E 186 Profiles o e dd Ad ee Ph ER PE eS 186 Service Categories 2 0 o o eo 191 OAM Controlling 2 2 o e eo 194 Real Time Jitter Control 2 2 198 Controlled interfaces 2 2 a 198 VPN uvas ol ria E ai die a 200 IRSE E E A A A E o tas 200 IPSeEC Peers Neta po dd OM pt Da E Ge 200 Phase
352. quired or in logical groups for devices of the same type 2 bintec R200 Serie Funkwerk Enterprise Communications GmbH 2 About this guide Chapter 2 About this guide This document is valid for bintec devices with system software as of software version 7 8 7 The guide which you have in front of you contains the following chapters User s Guide Reference Chapter Description Introduction You see an overview of the the device About this guide We explain the various components of this manual and how to use it Installation This contains instructions for how to set up and connect your device Basic configuration This chapter provides a step by step guide to the basic func tions on your device Reset This chapter explains how to reset your device to the ex works state Technical data This section contains a description of all the device s technical properties Access and configura This includes explanations about the different access and con tion figuration methods System Management These chapters describe all configuration options of the Funk werk Configuration Interface The chapters are arranged in the same sequence as the navigation menus in the Funkwerk Configuration Interface Physical interfaces LAN The individual chapters also contain general explanations on the subsystem in question Wireless LAN Routing WAN VPN Firewall VoIP Chapter Description Local services Maintenance External R
353. r of packets received Signal dBm Shows the received signal strength in dBm Noise dBm Shows the received noise strength in dBm Data Rate Mbps Shows the current transmission rate of data received by this cli ent in Mbps The following transmission rates are possible IEEE 802 11b 11 5 5 2 and 1 mbps IEEE 802 11g a 54 48 36 24 18 12 9 6 mbps If the 5 GHz frequency band is used the indication of 11 5 5 2 and 1 Mbps is suppressed for IEEE 802 11b VSS Details for Connected Clients In the Monitoring gt WLAN gt VSS gt lt Connected client gt gt 0 menu the current values and activities of a connected client are shown bintec R200 Serie GT Haid TEF jea Language English Online Help Express Setup Wizard WLAN1 VSS Automatic Refresh Interval feo Seconds Apply Client MAC Address IP Address Up Time Signal dBm Noise dBm SNRdB Data Rate mbps 00 0 84 02 a9 8b 0 0 0 0 0 Day s 0 1 59 0 0 0 oO Rate Tx Packets Rx Packets 154 0 o 48 oO 0 36 0 0 24 0 0 18 10 0 112 0 10 11 0 0 9 0 0 16 0 0 55 o 0 2 o 0 1 oO 0 Total 0 0 C Back Fig 158 Monitoring gt WLAN gt VSS gt lt Connected client gt gt Values in the list VSS lt Connected client gt Field Description Client MAC Address Shows the MAC address of the associated client IP Address Shows the IP address of the client Uptime Shows the time in hours minutes an
354. r the passwords are to be displayed in clear text Keys in Clear Text plain text The function is activated with Display The function is disabled by default If you activate the function all passwords and keys in all menus are displayed and can be edited in plain text The WLAN and IPSec keys are one exception here They can only be entered in plain text If you press OK or call the menu again they are displayed as asterisks 8 2 3 Date and Time You need the system time for tasks such as correct timestamps for system messages ac counting or IPSec certificates bintec R200 Serie bintee Rz32bw KETTE gt Interface Mode Bridge SE 7 Groups Current System Time Thu Jan 01 00 50 21 1970 Administrative Access Manual Time Stings Remote Authentication BIE Day Month Year ew Date LJ az Hour Minute New Time E Automat ome ic Time Settings Time Protocol E gt Update system time from ISDN C Enabled Primary Timeserver SNTP a Secondary Timeserver Pq SNTP KA Vi Third Timeserver A SNTP v Time Offset from GMT oY Hous i Time Update Interval fi440 Ss Minutes j Time Update Policy Normal E E Internal Time Server Enabled 4 oK IK Cancel Fig 27 System Administration gt Global Settings gt Date and Time You have the following options for determin
355. r umlauts must be used either PPPoE Mode Select whether you want to use a standard Internet connection over PPPoE Standard or your Internet access is to be set up over several interfaces Multilink If you choose Mul bintec R200 Serie Funkwerk Enterprise Communications GmbH 13 WAN Field Description tilink you can connect several DSL connections from a pro vider over PPP as a static bundle in order to obtain more band width Each of these DSL connections should use a separate Ethernet connection for this At the moment many providers are still in the process of preparing the PPPoE Multilink function For PPPoE Multilink we recommend using your device s Ether net switch in Split Port mode and to use a separate Ethernet in terface e g en1 1 en1 2 for each PPPoE connection If you also want to use an external modem for PPPoE Multilink you must run your device s Ethernet switch in Split Port mode PPPoE Ethernet Inter Only if PPPoE Mode Standard face Select the Ethernet interface specified for a standard PPPoE connection If you want to use an external DSL modem select the Ethernet port to which the modem is connected When using the internal DSL modem select here the EthoA in terface configured in Physical Interfaces gt ATM gt Profiles gt New The default value is Not specified PPPoE Interfaces for Only if PPPoE Mode Multilink Multilink Select the interfaces you want to use for your Inte
356. ransmission rate specifies the number of information units for each time interval transferred between sender and recipient A self contained data packet that is forwarded in the network with minimum protocol overhead and without an acknowledgement mechanism Abbreviation for Data Exchange Jedermann the T Online access platform Local dial in node in every local network Some German cities offer additional high speed access over T Net T Net ISDN If you want to transfer important calls made after office hours to your home office to an answering machine so that you are not disturbed you can use call assignment You can allocate each subscriber two different call allocations call assignment Day and call assignment Night With call assignments it is also possible to forward the call to an external subscriber so that you can be contacted at all times With call assignment Day Night therefore you define which internal terminals are to ring in the event of an external call Call assignment Day Night is achieved using a table in which all the incoming calls are assigned to internal subscribers Day Night Calendar You define switching of call variant Day Night DCE Data Circuit Terminating Equipment DCN Data communications network Default gateway Describes the address of the gateway to which all traffic not destined for its own network is sent Denial Of Service At A Denial of Service DoS attack is an attempt to flood a gateway or tac
357. rated Not Generated and the Generate link are displayed again You can then repeat generation If the status Unknown is displayed generation of a key is not possible for example because there is not enough space in the FlashROM 8 4 3 SNMP SNMP Simple Network Management Protocol is a network protocol used to monitor and control network elements e g routers servers switches printers computers etc from a central station SNMP controls communication between the monitored devices and monit oring station The protocol describes the structure of the data packets that can be transmit ted as well as the communication process The data objects queried via SNMP are structured in tables and variables and defined in the MIB Management Information Base This contains all the configuration and status variables of the device SNMP can be used to perform the following network management tasks e Surveillance of network components e Remote controlling and configuration of network components e Error detection and notification You use this menu to configure the use of SNMP Language English v Online Help Express Setup Wizard Access SSH SNMP f Basic Parameters SNMP Version vi vee vs SNMP Listen UDP Port 161 C ok K Cancel gt Fig 33 System Management gt Administrative Access gt SNMP The System Management gt Administrative Access gt SNMP menu consists of
358. re is no direct communication between the individual clients A network of this kind is also known as a BSS basic service set and a network that consists of several BSS is known as an ESS extended service set Most wireless net works operate in infrastructure mode to establish a connection with the wired network Makes it possible to put the first call on hold in the event of a call waiting and take a new call Special signal on a PBX to differentiate between internal and extern al calls Free of charge connection between terminals in a PBX Your PBX has a fixed internal telephone number plan The Internet consists of a number of regional local and university networks The IP protocol is used for data transmission on the Inter net Internet time sharing Allows several users to surf the Internet simultaneously over an Intranet IP IP Address IPComP IPCONFIG IPoA ISDN ISDN address ISDN connection The information is requested by the individual computers with a time delay Local computer network within a company based on Internet techno logy providing the same Internet services e g homepages and sending email Internet Protocol The first part of the address by which a device is identified in an IP network e g 192 168 1 254 See also netmask IP payload compression A tool used on Windows computers to check or change its own IP settings IP over ATM Integrated Services Digital Network The a
359. ress Mode Provide IP Address Select an IP pool configured in the WAN gt Internet Dialup gt IP Pools menu If an IP pool has not been configured here yet the message Not yet defined appears in this field The Advanced Settingsmenu consists of the following fields Fields in the menu Advanced Settings Field Description Block after Connection Enter the wait time in seconds before the device should try Failure for again after an attempt to set up a connection has failed The default value is 60 Maximum Number of Di Enter the number of unsuccessful attempts to setup a connec alup Retries tion before the interface is blocked Possible values are 0 to 100 The default value is 5 Usage Type If necessary select a special interface use Possible values e Standard default value No special type is selected e Dialin only The interface is used for incoming dialup connections and callbacks initiated externally e Multi User Dialin only The interface is defined as multi user connection partner i e several clients dial in with the same user name and password Authentication Select the authentication protocol for this PPTP partner Possible values PAP CHAP MS CHAP default value Primarily run CHAP on denial the authentication protocol required by the PPTP part 13 WAN Funkwerk Enterprise Communications GmbH Field Description ner MSCHAP version 1 or 2 possible e PAP Only run PAP PPP Password A
360. resses Fig 99 Firewall gt Addresses gt Address List gt New The Firewall gt Addresses gt Address List gt New menu consists of the following fields Fields in the Address List Basic Parameters menu Field Description Description Enter the desired description of the address Address Type Select the type of address you want to specify Possible values e Address Subnet default value Enter an IP address with subnet mask e Address Range Enter an IP address range with a start and end address bintec R200 Serie Field Description Address Subnet Only if Address Type Address Enter the IP address of the host or a network address and the related netmask The default value is 0 0 0 0 Address Range Only if Address Type Range Enter the start and end IP address of the range 15 3 2 Groups In the Firewall gt Addresses gt Groups menu a list of all configured address groups is shown You can group together addresses This makes it easier to configure firewall rules 15 3 2 1 New Choose the New button to set up new address groups Online Help Express Setup Wizard Address List Groups bintec R232bw Basic Parameters Description A Addresses Selection Selection ANY o CO ok C cancel Fig 100 Firewall gt Addresses gt Groups gt New The Firewall gt Addresses gt Groups gt New menu consists of the following fields Fields
361. rge Duration Stack Channel Status Page 1 Interfaces WLAN Fig 152 Monitoring gt ISDN Modem gt Current Calls Values in the list Current Calls Field Description Displays the serial number of the ISDN connection entry Service Displays the service to or from which the call is connected PPP PSC X25 ROWS Remote Number Displays the number that was dialled in the case of outgoing calls or from which the call was made in the case of incoming calls Interface Displays additional information for PPP connections Direction Displays the send direction Incoming Outgoing Charge Displays the costs of the current connection Duration Displays the duration of the current connection Stack Displays the related ISDN port STACK Channel Displays the number of the ISDN B channel State Displays the state of the connection null c initiated ovl send oc procd c deliverd c present c recvd ic procd up discon reg discon ind suspd req re sum req ovl recv bintec R200 Serie 20 3 2 Call History In the Monitoring gt ISDN Modem gt Call History menu a list of the last 20 ISDN con nections incoming and outgoing made since the last system boot is shown aps ds a z t wa Tt Current Calls Call History Automatic Refresh Interval 60 seconds Apply View 20 per page Fitter in None xi equal mi Go Service Remote Number Interface Direction Charge
362. rise Communications GmbH 13 WAN ceptance Connection Idle Timeout The connection idle timeout is determined in order to clear the connection automatically if it is not being used i e if data is no longer being sent to help you save costs Block after Connection Failure You use this function to set up a waiting time for outgoing connection attempts after which your device s connection attempt is regarded as having failed Channel Bundling Your device supports dynamic and static channel bundling for dialup connections Only one B channel is initially opened when a connection is set up Dynamic Dynamic channel bundling means that your device connects other ISDN B channels to in crease the throughput for connections if this is required e g for large data rates If the amount of data traffic drops the additional B channels are closed again Static In static channel bundling you specify right from the start how many B channels your device is to use for connections regardless of the transferred data rate Channel bundling can only be used for ISDN connections for a bandwidth increase or as a backup If devices from other manufacturers are to be used at the far end ensure that these support dynamic channel bundling for a bandwidth increase or as a backup 13 1 1 PPPoE In the WAN gt Internet Dialup gt PPPoE menu a list of all PPPoE interfaces is shown PPP over Ethernet PPPoE is the use of the Point to Point Proto
363. rithms is based on the author s knowledge and opinion at the time of creating this User Guide In particular Funkwerk Enterprise Communications GmbH 14 VPN Field Description the quality of the algorithms is subject to relative aspects and may change due to mathematical or cryptographic develop ments DH Group The Diffie Hellman group defines the parameter set used as the basis for the key calculation during phase 1 MODP as sup ported by bintec devices stands for modular exponentiation Possible values e 1 768 bit During the Diffie Hellman key calculation modular exponentiation at 768 bits is used to create the en cryption material e 2 1024 bit During the Diffie Hellman key calculation modular exponentiation at 1024 bits is used to create the en cryption material e 5 1536 bit During the Diffie Hellman key calculation modular exponentiation at 1536 bits is used to create the en cryption material Lifetime Create a lifetime for phase 1 keys As for RFC 2407 the default value is eight hours which means the key must be renewed once eight hours have elapsed The following options are available for defining the lifetime Entry in Seconds Enter the lifetime for phase 1 key in seconds The value can be a whole number from 0 to 2147483647 The default value is 14400 Entry in kBytes Enter the lifetime for phase 1 keys as amount of data processed in kBytes The value can be a whole number from 0 to 21
364. rks state which means your configuration will be lost 7 2 2 Logging in for Configuration Set up a connection to the device The access options are described in Access Options on page 36 Funkwerk Configuration Interface Log in via the HTML surface as follows 1 Enter your user name in the User field of the input window 2 Enter your password in the Password field of the input window and confirm with Re turn or click the Login button The status page of the Funkwerk Configuration Interface opens in the browser SNMP shell Log into the SNMP shell as follows 1 Enter your user name e g admin and confirm with Return 2 Enter your user password e g funkwerk and confirm with Return Your device logs in with the input prompt e g r232bw gt The login was successful You are now in the SNMP shell To leave the SNMP shell after completing the configuration enter exit and press Return 7 3 Configuration options This chapter first offers an overview of the various tools you can use for configuration of your device You can configure your device in the following ways e Express Setup Wizard for beginners e Funkwerk Configuration Interface for advanced users e SNMP shell commands The configuration options available to you depend on the type of connection to your device Types of connections and configurations Type of connection Possible types of configuration LAN Express Setup Wizard Funkwerk Configurati
365. rminals can log in to an access point AP and communicate via the AP data If the optional wired Ethernet is connected the signals between the two physical media the wireless interface and wired interface are bridged bridging Filters can be used to prevent external persons from accessing the data on the computers in your LAN These filters are a basic func tion of a firewall Recording of connection data e g date time connection duration charging information and number of data packets transferred Active probing takes advantage of the fact that as standard access points are to respond to client requests Clients therefore send probe requests on all channels and wait for responses from an ac cess point in the vicinity The response packet then contains the SSID of the wireless LAN and information on whether WEP encryp tion is used An ad hoc network refers to a number of computers that form an in dependent 802 11 WLAN each with a wireless adapter Ad hoc net works work independently without an access point on a peer to peer basis Ad hoc mode is also known as IBSS mode Independent Ba sic Service Set and makes sense for the smallest networks e g if two notebooks are to be linked to each other without an access point Asymmetric digital subscriber line Authentication header Display unit e g for T Concept PX722 system telephone able to display letters and other characters as well as digits For the connection of
366. rnet 2 Your device creates a token with a limited validity and saves it together with the cur rent IP address in the MIB entry belonging to peer B 3 Your device sends the initial ISDN call to peer B which transfers the IP address of peer A and the token as per the callback configuration 4 Peer B extracts the IP address of peer A and the token from the ISDN call and as signs them to peer A based on the calling party number configured the ISDN number used by peer A to send the initial call to peer B 5 The IPSec Daemon at peer B s device can use the transferred IP address to initiate phase 1 negotiation with peer A Here the token is returned to peer A in part of the payload in IKE negotiation 6 Peer A is now able to compare the token returned by peer B with the entries in the MIB and so identify the peer without knowing its IP address As peer A and peer B can now mutually identify each other negotiations can also be con ducted in the ID Protect mode using preshared keys a Note In some countries e g Switzerland the call in the D channel can also incur costs An incorrect configuration at the called side can mean that the called side opens the B channel the calling side incurs costs Fields in the Advanced Settings IPSec Callback menu Field Description Mode Select the Callback Mode 14 VPN Funkwerk Enterprise Communications GmbH Field Description Possible values e Inactive default value IPSec
367. rnet connec tion Click the Add button to create new entries User name Enter the user name Password Enter the password Always Active Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge 13 WAN Funkwerk Enterprise Communications GmbH Field Description Connection Idle Timeout Only if Always on is disabled Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 0 to 3600 seconds 0 deactivates the short hold The default value is 300 Example 10 for FTP transmission 20 for LAN to LAN transmis sion 90 for Internet connections Fields in the PPPoEIP Mode and Routes menu Field Description IP Address Mode Select whether your device is to be assigned a static IP address or whether it should be assigned this dynamically Possible values e Get IP Address default value Your device is dynamic ally assigned an IP address e Static You enter a static IP address Standard Route Select whether the route to this connection partner is to be defined as the default route The function is activated with Enabled The function is enabled by default Create NAT Policy Specify whether Network
368. rocedure ITU standard for 56 kbps analogue modems In contrast to older V 34 modems data is sent in digital form to the client when the V 90 standard is used and does not need to be first converted from digital to analogue on one side of the modem provider as was the case with V 34 and earlier modems This makes higher transmission rates possible A maximum speed of 56 kbps can be achieved only under optimum conditions Letter dialling Very high bit rate digital subscriber line also called VADSL or BD SL VLAN ID Van Jacobson Header Compression Virtual LAN Voice over IP Virtual Private Network Virtual Service Set Wide Area Network WAN interface Remote station that is reached over a WAN e g ISDN Server that provides documents in HTML format for access over the Internet WWW T Online service with which e mails can be sent and received world Glossary WEP Western plug WINIPCFG WLAN WMM WPA WPA Enterprise WPA PSK WWW X 21 X 21bis X 25 X 31 X 500 Funkwerk Enterprise Communications GmbH wide on the Internet by means of a browser Wired Equivalent Privacy also known as RJ 45 plug Plug used for ISDN terminals with eight contacts Developed by the US telephone company Western Bell Western plugs for analogue telephones have four or six contacts A graphical tool on Windows 95 98 and Millennium that uses Win32 API to view and configure the IP address configuration of
369. rol None 3 Enter the values and click OK 4 Make the following settings in the Settings tab Emulation V7100 5 Click OK The changes to the terminal program settings do not take effect until you disconnect the connection to your device and then make the connection again If you use HyperTerminal there may be problems with displaying umlauts and other special characters If necessary therefore set HyperTerminal to Autodetection instead of VT 100 Unix You will require a terminal program such as cu on System V tip on BSD or minicom on Linux The settings for these programs correspond to those listed above Funkwerk Enterprise Communications GmbH 7 Access and configuration Example of a command line for using cu cu s 9600 c dev ttySl Example of a command line for using tip tip 9600 dev ttySl 71 3 Access over ISDN All devices that have an ISDN interface can be accessed and configured from another device via an ISDN call Access over ISDN with ISDN Login is especially recommended if your device is to be re motely configured or maintained This is also possible even if your device is still in the ex works state Access is then obtained with the aid of a device that is already configured or a PC with an ISDN card in the remote LAN The device to be configured in your own LAN is reached via a number of the ISDN connection e g 1234 This enables the administrator in the Remote LAN to configure your device rem
370. rt of the port range By default the field does not contain an entry If a value is displayed this means that the previously specified port number is verified If a port range is to be checked enter the upper limit here Possible values are 1 to 65535 Source Port Range Only if Protocol TCP UDP TCP or UDP In the first field enter the source port to be checked if applic able If a port number range is specified in the second field enter the last port of the port range By default the field does not contain an entry If a value is displayed this means that the previously specified port number is verified If a port range is to be checked enter the upper limit here Possible values are 1 to 65535 Type Only if Protocol TCMP The Type field shows the class of ICMP messages the Code field specifies the type of message in greater detail Possible values e Any default value e Echo Replay e Destination Unreachable e Source Quench e Redirect e Echo e Time Exceeded Field Description e Parameter Problem e Timestamp e Timestamp Reply e Information Request e Information Reply e Address Mask Request e Address Mask Reply Code ICMP code options can only be selected if Type Destina tion Unreachable Possible values e Any default value e Net Unreachable e Host Unreachable e Protocol Unreachable e Port Unreachable e Fragmentation Needed e Communication with Destination Network is Ad m
371. rview of the utilisation of your device is possible Method of operation bintec R200 Serie A Status Daemon collects information about your device and transfers it as UDP packets to the broadcast address of the first LAN interface default setting or to an explicitly entered IP address One packet is sent per time interval which can be adjusted individually to val ues from 1 60 seconds Up to 100 physical and virtual interfaces can be monitored provided the packet size of 4096 bytes is not exceeded The Activity Monitor on your PC receives the packets and can display the information contained in them in various ways ac cording to the configuration Activate the Activity Monitor as follows e configure the relevant device s to be monitored e Start and configure the Windows application on your PC see BRICKware for Windows 19 5 1 Options bintec R232bw Language English Express Setup Wizard Options Basic Parameters Monitored Interfaces None Physical O Physical WANVPN Send information to AIl IP Addresses Broadcast Y Update Interval 5 Seconds UDP Destination Port 2107 ia Password eeccccee oK C cancel _ E E mail Alert SNMP Hi Monitor ii Fig 147 External Reporting gt Activity Monitor gt Options The External Reporting gt Activity Monitor gt Options menu consists of the following fields Fields in the Options Basic Parameters menu Field Description
372. s 14 1 2 Phase 1 Profiles In the VPN gt IPSec gt Phase 1 Profiles menu a list of all configured IPSec phase 1 pro files is shown esec esr Nas Fania nace rns AUT rotos ot otero View 20 per page gt Filter in None equal Default Description Proposals Authentication Mode DH Group Lifetime O PSK Multiproposal AES MDS Preshared Keys Aggressive 2 1024Bit OKB 4h E Page 1 Items 1 1 C New C OK Cancel Fig 76 VPN gt IPSec gt Phase 1 Profiles In the Standard column you can mark the profile to be used as the default profile 14 1 2 1 New Choose the New button to set up new profiles bintec R200 Serie bintec R200 Serie eT aad E5 nes Language English Online Help Express Setup Wizard Ei E bintec R232bw IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Phase 1 IKE Parameters e Description IKEA wae 7 1 Encryption Authentication AES MD5 Proposals AES MDs AES MD5 DH Group O 11768 Bit 2 1024 Bit O 5 1536 Bit Lifetime fi 4400 seconds 0 kBytes Authentication Method Preshared Keys cr eae Ye A E Mode O Main Mode ID Protect Aggressive C strict Local ID Type Fully Qualified Domain Name FQDN Local ID Value r232bw Advanced Settings Alive Check Autodet
373. s IPSec tunnel are displayed here 20 2 2 IPSec Statistics In the Monitoring gt IPSec gt IPSec Statistics menu statistical values for all IPSec con nections are shown bintec R200 Serie Misi 2 TS English Online Help D MB lt Save configuration IPSec Tunnels IPSec Statistics Sman Manpaoment ii pa o PA AS Automatic Refresh Interval 60 Seconds __ Apply po 0 Licences In Use Maximum Routing x IPSec Tunnels 0 5 WAN Peers Up Going up Blocked Dormant Configured VPN ai Status 0 0 0 1 1 SAs Established Total A Phase 1 0 0 e teem IPSec Phase 2 0 0 Local Selvices A Packet Statistics in out Maintenance Sy Total 56 129 External Reporting Passed 56 129 P Dropped 0 0 Internal Log Encrypted 0 0 IPSec Errors 0 0 ISDI Modem Interfaces WLAN Fig 151 Monitoring gt IPSec gt IPSec Statistics The Monitoring gt IPSec gt IPSec Statistics menu consists of the following fields Field in the IPSec Statistics Licenses menu Field Description IPSec Tunnels Shows the IPSec licenses currently in use In use and the maximum number of licenses usable Maximum Field in the IPSec Statistics Peers menu Field Description State Displays the number of IPSec connections by their current status e Active Currently active IPSec connections e Enable IPSec connections currently in the tunnel setup phase e Blocked IPSec connections that are blocked Dormant Currently inactive IPSec con
374. s one itself e Heartbeats send amp expect Your device expects a heartbeat from the peer and sends one itself Dead Peer Detection Use DPD dead peer detection in accordance with RFC 3706 DPD uses a request reply pro tocol to check the availability of the remote terminal and can be configured independently on both sides This option only checks the availability of the peer if data is to be sent to it e Dead Peer Detection Idle Use DPD dead peer de tection in accordance with RFC 3706 DPD uses a request reply protocol to check the availability of the remote terminal and can be configured independently on both sides This op tion is used to carry out a check at certain intervals depending on forthcoming data transfers Blocktime Define how long a peer is blocked for tunnel setups after a phase 1 tunnel setup has failed This only affects locally initiated setup attempts Possible values are 1 to 86400 seconds 1 means the value in the default profile is used and 0 means that the peer is never blocked The default value is 30 NAT Traversal NAT Traversal NAT T also enables IPSec tunnels to be opened via one or more devices on which network address translation NAT is activated Without NAT T incompatibilities may arise between IPSec and NAT see RFC 3715 section 2 These primarily prevent the Field Description setup of an IPSec tunnel from a host within a LANs and behind a NAT device to another host
375. s5 0 Not configured Not configured o TS a E o brid 0 Not configured o ADSL 0 kbps Downstream o 0 Kbps Upstream Recent System Logs Time Level Subsystem Message 00 00 05 Information Configuration system r232bw started at Thu Jan 1 0 00 05 1970 00 00 05 Information INET sshd pid 44 listening on 0 0 0 0 port 22 00 00 05 Information IPSec linit starting 00 00 05 Information IPSec BinTec ipsecd version 3 0 Copyright c 1996 2008 by Funkwerk Enterprise a Communications GmbH 00 00 05 Information IPSec init running 00 00 00 Debug ATM loading dspfile lt XEY ADSLixey gt failed reason 1 lt file not found gt 00 00 00 Debug ATM unable to get fw image 00 00 00 Debug ATM Error PTIDSL pointer invalid 00 00 00 Information Configuration boot configuration loaded Fig 24 System Management gt Status The System Management gt Status menu consists of the following fields Fields in the Status System Information menu Field VENTO Uptime Displays the time past since the device was rebooted System Date Displays the current system date and system time Serial number Displays the device serial number BOSS Version Displays the currently loaded version of the system software Fields in the Status Resource Information menu Field VENTO CPU Usage Displays the CPU usage as a percentage bintec R200 Serie Funkwerk Enterprise Communications GmbH 8 System Management Field Value Memory Usage Displays the usage o
376. sabled by default If the function is active you can enter the Password in the text field Filename Only for Action Import configuration Import lan guage Update system software Enter the path and name of the file or select the file with Browse via the explorer finder Source Only for Action Update system software 18 Maintenance Funkwerk Enterprise Communications GmbH Field Description Select the source for the update Possible values e Local File default value The system software file is stored locally on your PC e HTTP server The file is stored on a remote server specified in the URL e Current software from Funkwerk server The file is on the official Funkwerk update server URL Only for Source HTTP server Enter the URL of the update server from which the system soft ware file is loaded Current File Name in Flash For Action Export configuration The configuration file Current filename in flash memory is exported Include Certificates and Keys For Action Export configuration Export configur ation with status information Define whether the se lected Action should also be applied for certificates and keys The function is enabled by choosing Enabled The function is enabled by default Source Filename Only for Action Copy Select the source file to be copied Destination Filename Only for Action Copy Enter the name of the copy Select File Only if Action Rename
377. sic Rate Interface with your gateway can be increased to up to 128 kbps using channel bundling Bandwidth Allocation Control Protocols BACP BAP in accordance with RFC 2125 Central unit of wireless telephone devices There are two different types The simple base station is used to charge the handheld unit For special feature telephones the base station can also be used as a telephone the handheld unit is charged using separate charging stations ISDN connection that includes two basic channels B channels each with 64 kbps and one control and signalling channel D chan Funkwerk Enterprise Communications GmbH Blacklist dialling ranges Block Cipher Modes Blowfish Bluetooth BOD BootP Bps Break in BRI Bridge Glossary nel with 16 kbps The two basic channels can be used independ ently of each other for each service offered in the T ISDN You can therefore telephone and fax at the same time T Com offers the Ba sic Rate Interface as a point to multipoint or point to point connec tion You can define a restriction on external dialling for individual sub scribers The telephone numbers entered in the blacklist table can not be called by the terminals subject to dialling control e g entry 0190 would block all connections to expensive service providers Block based encryption algorithm An algorithm developed by Bruce Schneier It relates to a block cipher with a block size of 64 bit and a key of vari
378. sion of the telephone number Switch Switchable dialling method Synchronous Syslog System telephones T DSL TFax T ISDN Glossary suppresses the display of the called subscriber s telephone number If display of the B telephone number is suppressed your telephone number is not transmitted to the caller when you take a call Temporary deactivation of the transmission of your own telephone number Performance feature of a PBX The display of the telephone number can be deactivated on an individual basis LAN switches are network components with a similar function to bridges or even gateways They switch data packets between the in put and output port In contrast to bridges switches have several in put and output ports This increases the bandwidth in the network Switches can also be used for conversion between networks with different speeds e g 100 mbps and 10 mbps networks Option of switching between the pulse dialling method and MFC method by means of a switch or key input on the terminal such as the telephone or fax machine Transmission process in which the sender and receiver operate with exactly the same clock signals in contrast to asynchronous trans mission Spaces are bridged by a stop code Syslog is used as the de facto standard for transmitting log mes sages in an IP network Syslog messages are sent as unencrypted text messages over the UDP port 514 and collected centrally They are usu
379. so possible to transfer configuration files between your device and a host via HTTP NU A ee eee bintec R232bw Language English lt Save configuration Danes Physical Interfaces y Currently Installed Software ie poss V 7 8 Rev 7 IPSec from 2009 04 30 00 00 00 po LAM ds System Logic 1 1 ADSL Logic A Software and Configuration Options EN action No Action v ME E 1 Diagnostics Software amp Configuration boot Fig 138 Maintenance gt Software amp Configuration gt Options The Maintenance gt Software amp Configuration gt Options menu consists of the following fields Fields in the Options Currently Installed Software menu Field Description BOSS Shows the current software version loaded on your device Shows the current system logic loaded on your device System Logic ADSL Logic Shows the current version of the ADSL logic loaded on your device Fields in the Options Software and Configuration Options menu Field Description Action Select the action you wish to execute Possible values e No action default value e Import configuration Under Filename select a config uration file you want to import Note Click Go to load the file under the name boot in the flash memory for the device You must restart the device to enable it e Import language You can import other language versions bintec R200 Serie Funkwerk Enterprise Communications Gm
380. ss Rule Delete embers qq P Add C_oK W Cancel _ Fig 43 LAN gt VLAN gt VLANs gt Edit New The LAN gt VLAN gt VLANs gt Edit New menu consists of the following fields Fields in the VLANs Configure VLAN menu Field Description VLAN Identifier Enter the number that identifies the VLAN In the Edit menu you can no longer change this value Possible values are 1 to 4094 VLAN Name Enter a unique name for the VLAN A character string of up to 32 characters is possible VLAN Members Select the ports that are to belong to this VLAN You can use the Add button to add members For each entry also select whether the frames to be transmitted bintec R200 Serie Field Description from this port are to be transmitted tagged i e with VLAN in formation or untagged i e without VLAN information 10 2 2 Port Configuration In this menu you can define and view the rules for receiving frames at the VLAN ports aR Sr as bintec R232bw Language English Save configuration VLANs Port Configuration Administration e es ec Fitern None equa MJ Go om a Drop untagge Trames Drop non menibers ontigur n en1 0 z VLAN Ei p 1 Management E B _ Monagement Y o o Page 1 tems 1 2 Gonti aa WN OK W cancel Fig 44 LAN gt VLAN gt Port Configuration The LAN gt VLAN gt Port Configuration menu consists of the foll
381. ss Setup Wizard it i y carpa o Save confi _ E mail Alert Server E mail Alert Recipient PAN Add Et E mail Alert Recipient WirelessLAN oy Recipient es Matching String cia allowed f o mae Emergency il E VolP 7 Message Timeout 60 Local Services v Number of Messages fi A Message Compression Y Enable A tora Suvaystome _ Syslog IP Accounting Subsystem E mail Alert Add y SHMP E Activity Monitor oK C Cancel _ Fig 144 External Reporting gt E mail Alert gt E mail Alert Receiver The External Reporting gt E mail Alert gt E mail Alert Receiver menu consists of the fol lowing fields Fields in the E mail Alert Receiver Add Edit E mail Alert Receiver menu Field Description Recipient Enter the recipient s e mail address The entry is limited to 40 characters bintec R200 Serie 19 External Reporting Funkwerk Enterprise Communications GmbH Field Description Matching String You must enter a Matching String This must occur in a syslog message as a necessary condition for triggering an alert The entry is limited to 55 characters Bear in mind that without the use of wildcards e g only those strings that correspond exactly to the entry fulfil the condition The Matching String entered therefore usually contains wildcards To be informed of all syslog messages of the selected level just enter
382. ssword OTP the password check can be carried out by a token server e g SecOVID from Kobil which is installed behind the Radius Server If a company s headquarters is connected to several branches via IPSec several peers can be configured A specific user can then use the IPSec tunnel over various peers depending on the assign ment of various profiles This is useful for example if an employee works alternately in dif ferent branches if each peer represents a branch and if the employee wishes to have on site access to the tunnel XAuth is carried out once IPSec IKE Phase 1 has been completed successfully and be fore IKE Phase 2 begins If XAuth is used together with IKE Config Mode the transactions for XAuth are carried out before the transactions for IKE Config Mode 14 1 4 1 New Choose the New button to set up new profiles i je l Express Setup Wizard TE 4 bintse R7S2bw Larne Eran eS IPSec Peers Phase 1 Profiles Phase 2 Profiles XAUTH Profiles IP Pools Options Physical Interfaces y Rig Description E A MAN er Role o server Y Mode radius Y z RADIUS Server Group ID No Radius Server configured for XAUTH oK C cancel _ Certificates ROL Ba Fig 80 VPN gt IPSec gt XAUTH Profiles gt New The VPN gt IPSec gt XAUTH Profiles gt New menu consists of the following fields Fields in the XAUTH Profiles Basic Parameters menu Field Description
383. st be permitted by the caller DLCI In a Frame Relay network a DLCI uniquely describes a virtual con nection Note that a DLCI is only relevant for the local end of the point to point connection DMZ Demilitarised Zone DNS Domain Name System Do not disturb Station guarding DOI Domain of Interpretation Domain A domain refers to a logical group of devices in a network On the Internet this is part of a naming hierarchy e g bintec de Door intercom Door intercom device It can be connected to various PBXs A tele phone can be used to take an intercom call and open the door Door intercom on An analogue connection can be set up for connected of function analogue connection module MO6 to connect a DoorLine intercom system Door terminal ad The function module can be installed on an analogue connection of apter your PBX If a door intercom DoorLine is connected to your PBX via a function module you can speak with a visitor at the door via every authorised telephone You can assign particular telephones to each ring button These phones then ring if the ring button is pressed On analogue telephones the signal on the telephone matches the intercom call In place of the internal telephones an ex ternal telephone can also be configured as the call destination for the ring button Your door intercom can have up to 4 ring buttons The door opener can be pressed during an intercom call It is not possible activate the door opener if
384. st character in this field must not be a number and no special characters or umlauts must be used either Connection Type Select which layer 1 protocol your device should use This setting applies for outgoing connections to the connection partner and only for incoming connections from the connection partner if they could be identified on the basis of the calling party number Possible values e ISDN 64kbps For 64 kbps ISDN data connections e ISDN 56kbps For 56 kbps ISDN data connections User name Enter your device code local PPP user name Remote User for Dialin Enter the code of the remote terminal remote PPP user name only Password Enter the password Always Active Select whether the interface should always be activated The function is activated with Enabled The function is disabled by default Only activate this option if you have Internet access with a flat rate charge Connection Idle Timeout Enter the idle time in seconds for static short hold The static short hold setting determines how many seconds should pass between sending the last traffic data packet and clearing the connection Possible values are 1 to 3600 seconds A value of 1 means that the connection is set up again immediately after disconnec tion and 0 deactivates short hold The default value is 20 13 WAN Funkwerk Enterprise Communications GmbH Fields in the ISDN IP Mode and Routes menu Field Description IP Address Mode Select
385. stem menu is used for entering the basic system data of your device bintec R232bw Language English Online Help Express Setup Wizard System Passwords Date and Time System Licences Interface Mode Bridge 2 Ree E Groups System Name fr232bw _ Administrative Access Remote Authentication Location ee L E Contact BINTEC Maximum Number of Syslog Entries 50 Maximum Message Level of Syslog Entries Information Maximum Number of Accounting Log Entries zo a ok 3 Cancel Fig 25 System Management gt Global Settings gt System The System Management gt Global Settings gt System menu consists of the following fields Fields in the System Basic Parameters menu Field Value System Name Enter the system name of your device This is also used as the PPP host name A character string of up to 255 characters is possible The device type is entered as the default value Locality Enter the location of your device bintec R200 Serie Funkwerk Enterprise Communications GmbH 8 System Management Field Value Contact Maximum Number of Syslog Entries Maximum Message Level of Syslog Entries Enter the relevant contact person Here you can enter the e mail address of the system administrator for example A character string of up to 255 characters is possible The default value is BINTEC Enter the maximum number of sysl
386. t only the packets explicitly wanted by a host enter the subnet Special mechanisms ensure that the requirements of the individual clients are taken into consideration At the moment there are three versions of IGMP V1 V3 most current systems use V3 and less often V2 Two packet types play a central role in IGMP queries and reports Queries are only transmitted from a router If several IGMP routers exist in a network the router with the lowest IP address is sent the querier We differentiate here between a general query sent to 224 0 0 1 a group specific query sent to a group address and the group and source specific query sent to a specific group address Reports are only sent by hosts to respond to queries In this menu you configure the interfaces on which IGMP is to be enabled 12 5 2 1 New Choose the New button to configure IGMP on other interfaces Ma ci amp ax I i bintec R232bw 2 Language English v Online Help Express Setup Wizard Save configuration Forwarding IGMP Options IGMP Settings Interface None idune ha seconds Maximum Resda Time OMS Soconts Robustness i 20 LastMemberQueryintowal fi seconds IGMP State Limit AA Messages aap Secor NS Mode O Host only Host and Routing Advanced Settings IGMP Proxy Enabled C oK C Cancel __ Fig 62 Routing gt Multicast gt IGMP gt p New T
387. t your device can be remotely configured and administrated e IPSec bintec devices support the DynDNS service to enable hosts without fixed IP ad dresses to obtain a secure connection over the Internet With the IPSec Callback function and using a direct ISDN call to an IPSec peer with a dynamic IP address you can signal to this IPSec peer that you are online and waiting for the setup of an IPSec tunnel over the Internet If the called peer currently has no connection to the Internet the ISDN call causes a connection to be set up The identification of the caller from his or her ISDN number is enough information to initiate setting up a tunnel e X 25 PAD X 25 PAD is used to provide a protocol converter which converts non packet oriented protocols to packet oriented communication protocols and vice versa Data terminal equipment sending or receiving data on a non data packet oriented basis can this be adapted in line with Datex P public data packet network based on the prin ciple of a packet switching exchange When a call comes in your device first uses the entries in this menu to check the type of call data or voice call and the called party number whereby only part of the called party number reaches the device which is forwarded from the local exchange or if available the PBX The call is then assigned to the corresponding service En Note If no entry is specified ex works state every incoming ISDN call is accepted by the IS
388. t TIAR7 Physical Connection Unknown Current Line Speed aa Downstream 0 bps Upstream mi 0 bps E ADSL Parameters ADSL Mode Automode Y Transmit Shaping Default Line Speed 4 OK Jak Cancel p Fig 40 Physical Interfaces gt ADSL Modem gt ADSL Configuration The Physical Interfaces gt ADSL Modem gt ADSL Configuration menu consists of the following fields Fields in the ADSL Configuration ADSL Port Status menu Field Description ADSL chipset Shows the key of the installed chipset Physical connection Shows the current ADSL operation mode The value cannot be changed Possible values e Unknown The ADSL link is not active e ANSI T1 413 ANSI T1 413 e ADSL1 ADSL classic G DMT ITU G 992 1 e G Lite Splitterless ADSL ITU G 992 2 e ADSL2 G DMT Bis ITU G 992 3 e ADSL2 DELT ADSL2 Double Ended Line Test e ADSL2 Plus ADSL2 Plus ITU G 992 5 bintec R200 Serie Funkwerk Enterprise Communications GmbH 9 Physical interfaces Field Description e ADSL2 Plus DELT ADSL2 Plus Double Ended Line Test READSL2 Reach Extended ADSL2 e READSL2 DELT Reach Extended ADSL2 Double Ended Line Test Fields in the ADSL Configuration Current Line Speed menu Field Description Downstream Displays the data rate in the receive direction direction from CO DSLAM to CPE router in bits per second The value cannot be changed Upstream Displays the data rate in the send direction direction fro
389. t the interface s for which the action defined in Interface Action is to be performed All the physical and virtual interfaces and the options 411 PPP Interfaces and All IPSec Interfaces Can be selected 17 73 Ping Generator In the Local Services gt Monitoring gt Ping Generator menu a list is shown of all pings configured for automatic generation Online Help Express Setup Wizard Hosts lineerraces MO bintec R232bw Destination IP Address Source IP Address Interval Status j 1192 168 0 254 0 0 0 0 110 io MEN New Scheduling _ Surveillance ISDH Theft Protection Funkwerk Discovery Fig 127 Local Services gt Surveillance gt Ping Generator Values in the Ping Generator list bintec R200 Serie Field Description Destination IP Address Shows the IP address to which the ping is automatically sent Source IP Address Shows the source IP address of the outgoing ICMP echo re quest packets Interval Shows the interval in seconds during which the ping is sent to the specified address State Displays the operating state of the destination IP address 17 73 1 Edit New Choose the pl icon to edit existing entries Choose the New button to set up further pings amg ENa or keeg El Language English Online Help Express Setup Wizard a 3 Hosts Interfaces Ping Generator Basic Parameters Destination IP Address E Source IP A
390. tandard for the connection of network cards hardware to network protocols software A journey of discovery for interesting information in wide ranging data networks such as T Online Known mainly from the Internet Network Basic Input Output System The second part of an address in an IP network used for identifica tion of a device e g 255 255 255 0 See also IP address Your PBX has a DSL router so that one or more PCs can surf the In ternet and download information A network address designates the address of a complete local net work In telecommunications the network termination is the point at which access to a communication network is provided to the terminal You can use the Netz Direkt keypad function automatic external line access to enter a key sequence from your ISDN or analogue telephone to use current T ISDN functions For more information on this consult your T Com client advisor and request the necessary codes e g call forwarding in the exchange Network Management Station During a telephone call a telephone number can be entered in the telephone s buffer so that it can be dialled at a later point in time Network Termination Network Termination for Basic Access Network Time Protocol Operation and Maintenance Without connection Connectionless operating state e g of the PCs With connection For example the state of a connection between a PC and data network or for data exchange betwee
391. ter Call forwarding in the exchange Funkwerk Enterprise Communications GmbH preted Broadcasts data packages are sent to all devices in a network in order to exchange information Generally there is a certain address broadcast address in the network that allows all devices to inter pret a message as a broadcast Brokering makes it possible to switch between two external or in ternal subscribers without the waiting subscriber being able to hear the other conversation Program for displaying content on the Internet or World Wide Web A data transmission medium for use by all the devices connected to a network Data is forwarded over the entire bus and received by all devices on the bus Certificate Authority By allocating a calendar you switch between Day and Night call as signment For each day of the week you can select any day night switching time A calendar has four switch times which can be spe cifically assigned to each individual day of the week In a PBX calls can be assigned to certain terminals You can set up a call costs account for a subscriber here The maximum available number of units in the form of a limit can be as signed to each subscriber on their personal call costs account The cost limit is to be activated so that units can be booked Once the units have been used up no further external calls are possible In ternal calls can still be made at any time The units are booked to the a
392. ternal connections made and received via your PBX are recorded and stored in the form of connection data records Encapsulating Security Payload The Extended Service Set describes several BSS several access points that form a single logical wireless network A local network that connects all devices in the network PC print ers etc via a twisted pair or coaxial cable The 4 connections are led equally through an internal switch Net work clients can be directly connected to the connection sockets The ports are designed as 100 BaseT full duplex autosensing auto MDIX upwardly compatible to 10 Base T Up to 4 SIP telephones or IP softclients with SIP standard can be directly connected to PCs with a network card If the power supply to the PBX cuts out while new firmware is being loaded the PBX functions are deleted Harmonised ISDN standardised within Europe based on signalling protocol DSS1 the introduction of which network operators in over 20 European countries have committed to Euro ISDN has been in troduced in Germany replacing the previous national system 1 TR6 Communication protocol for the exchange of files between two PCs over ISDN using an ISDN card file transfer or telephones or PBXs configured for this Node in the public telecommunication network We differentiate between local exchanges and remote exchanges PBXs differentiate between the following exchange access rights These can be set up differe
393. ternet Dialup gt PPTP menu a list of all PPTP interfaces is shown In this menu you configure an Internet connection that uses the Point Tunnelling Protocol PPTP to set up a connection e g required in Austria 13 1 2 1 New Choose the New button to set up new PPTP interfaces bintec R232bw Internet Dialup Real Time Jitter Control Language English Y Online Help Express Setup Wizard Basic Parameters Description PPTP Interface T Select one El User Name Password eecccces Always on o i Dienabied Connection Idle Timeout 300 Seconds IP Mode snd Routes x IP Address Mode O static Get IP Address Default Route BlEnabie Create NAT Policy E Enabled Authentication Block after connection failure for Advanced Settings feo Seconds Maximum Number of Dialup Retries E PAP E DNS Negotiation MEnablea E a Prioritize TCP ACK Packets Enabled PPTP Address Mode Static i 7 Local PPTP IP Address fi0 0 0 140 Remote PPTP IP Address fi 0 0 0 138 Ler Alive Check T Cenabtea C OK C Cancel Fig 66 WAN gt Internet Dialup gt PPTP gt New The WAN gt Internet Dialup gt PPTP gt New menu consists of the following fields Fields in the PPTP Basic Parameters menu Field Description Description PPTP Interface bintec R200 Serie Enter a name for uniquely identifyin
394. terprise Communications GmbH 12 Routing Field Description The function is disabled by default The function is activated with Enabled Remote IP Address Only if Remote Network Enabled Netmask Now enter the remote IP address and netmask for the remote network Fields in the Portforwarding Forward to menu Field Description Map to host Enter the IP address of the internal host or network You can also select the Local option in which case the port is mapped to your device Destination Port Enter the new destination port of the incoming IP connection Select whether the source port is to be used by enabling the Original option In this case enter the value 1 in the port number input field Or disable the Original option and enter a port number 12 3 RIP The entries in the routing table can be defined statically or the routing table can be updated constantly by dynamic exchange of routing information between several devices This ex change is controlled by a Routing Protocol e g RIP Routing Information Protocol By de fault about every 30 seconds this value can be changed in Update Timer a device sends messages to remote networks using information from its own current routing table The complete routing table is always exchanged in this process If triggered RIP is used in formation is only exchanged if the routing information has changed In this case only the changed information is sent Observing the
395. th Add The Advanced Settingsmenu consists of the following fields Funkwerk Enterprise Communications GmbH 14 VPN Fields in the menu Advanced Settings Field Description Block after Connection Enter the wait time in seconds before the device should try Failure for again after an attempt to set up a connection has failed The de fault value is 300 Authentication Select the authentication protocol for this L2TP partner Possible values PAP CHAP MS CHAP default value Primarily run CHAP on denial the authentication protocol required by the PPTP part ner MSCHAP version 1 or 2 possible e PAP Only run PAP PPP Password Authentication Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e MS CHAPv2 Run MS CHAP version 2 only Encryption Only for PPP Authentication MS CHAPvV2 If necessary select the type of encryption that should be used for data traffic to the L2TP partner This is only possible if STAC or MS STAC compression is not activated for the connection If Encryption is set the remote terminal must also support it oth erwise a connection cannot be set up Possible values None default value MPP encryption is not use
396. th LLC header e VC Multiplexing default value for PPP over ATM Bridged Ethernet without additional encapsulation Null En capsulation with Frame Check Sequence checksums Fields in the Settings for Ethernet over ATM menu only shown for Type Ethernet over ATM Field Description Default Ethernet for PPPOE Interfaces Address mode IP Address Netmask Only for Type Ethernet over ATM Select whether this Ethernet over ATM interface is to be used for all PPPoE connections The function is activated with Enabled The function is disabled by default Only for Type Ethernet over ATM Select how an IP address is to be assigned to the interface Possible values e Static default value A static IP address is assigned to the interface in IP Address Netmask e DHCP An IP address is assigned to the interface dynamically via DHCP Only if Address Mode Static 13 WAN Funkwerk Enterprise Communications GmbH Field Description Enter the IP addresses IP Address and the corresponding netmasks Netmask of the ATM interfaces Add new entries with Add MAC address Enter a MAC address for the internal router interface of ATM connection e g 00 a0 9 06 bf 03 An entry is only re quired in special cases For Internet connections it is sufficient to select the Use Pre configured option default setting in which case the MAC address of en1 0 is used DHCP MAC Address Only if Address Mode DHCP Enter
397. the IP address over ISDN This type of transfer of dynamic IP addresses also enables the more secure ID Pro tect mode main mode to be used for tunnel setup Method of operation Various modes are available for transferring your own IP address to the peer The address can be transferred free in the D channel or in the B channel but here the call must be accepted by the remote station and therefore incurs costs If a peer whose IP address has been assigned dynamically wants to arrange for another peer to set up an IPSec tunnel it can transfer its own IP address as per the settings described in Fields in the Advanced Settings IPSec Callback menu on page 207 Not all transfer modes are supported by all telephone companies If you are not sure automatic selection by the device can be used to ensure that all the available possibilities can be used Funkwerk Enterprise Communications GmbH 14 VPN En Note The callback configuration on the two devices should be the same so your device of the called peer can identify the IP address information The following roles are possible e One side takes on the active role the other the passive role e Both sides can take on both roles both The IP address transfer and the start of IKE phase 1 negotiation take place in the following steps 1 Peer A the callback initiator sets up a connection to the Internet in order to be as signed a dynamic IP address and be reachable for peer B over the Inte
398. the MAC address of the internal router interface of ATM connection e g 00 e1 f9 06 bf 03 If your provider has assigned you an MAC address for DHCP enter this here You can select the Use Pre configured option default set ting in which case the MAC address of en1 0 is used DHCP Hostname Only if Address Mode DHCP If necessary enter the host name registered with the provider to be used by your device for DHCP requests The maximum length of the entry is 45 characters Fields in the Settings for Routed Protocols over ATM menu only shown for Type Routed Protocols over ATM Field Description IP Address Netmask Enter the IP addresses IP Address and the corresponding netmasks Netmask of the ATM interface Add new entries with Add Prioritize TCP ACK Select whether the TCP download is to be optimised in the Packets event of intensive TCP upload This function can be specially applied for asymmetrical bandwidths ADSL The function is activated with Enabled Field Description The function is disabled by default Fields in the Settings for PPP over ATM menu only shown for Type PPP over ATM Field Description Client Type Select whether the PPPoA connection is to be set up perman ently or on demand Possible values e On demand default value The PPPoA is only set up on de mand e g for Internet access 13 2 2 Service Categories In the WAN gt ATM gt Service Categories menu a list of ATM
399. the destination host If Route Type Network Route also enter the netmask in the second field If no entry is made your device uses a default net mask Interface If necessary enter the interface to be used for this route Network Type Not for Route Type Standard Route Also select the network type Possible values e Direct default value e in the LAN You define another IP address for the interface e in the WAN You define a route without a transit network e Indirect e in the LAN You define a gateway route e in the WAN You define a route with a transit network Local IP Address Only for Network Type Direct Enter the IP address of the gateway to which your device is to forward the IP packets Gateway Only for Network Type Indirect Enter the IP address of the host to which your device is to for ward the IP packets Metric Select the priority of the route 12 Routing Funkwerk Enterprise Communications GmbH Field Description The lower the value the higher the priority of the route Value range from 0 to 15 The default value is 1 Fields in the IP Routes Extended Route Parameters menu Field Description Source Interface Select the interface over which the data packets are to reach the device The default value is None Source IP Address Enter the IP address and netmask of the source host or source network Layer 4 Protocol Select a protocol Possible values ICMP TCP UDP GRE ESP
400. the fol lowing fields Fields in the SNMP Base Parameters menu bintec R200 Serie Field Value SNMP Version Select the SNMP version your device is to use to listen for ex ternal SNMP accesses Possible values e v1 SNMP Version 1 e v2c Community Based SNMP Version 2 e v3 SNMP Version 3 v1 v2c and v3 are active by default If no option is selected the function is deactivated SNMP Lists UDP Port Shows the UDP port 161 at which the device receives SNMP requests The value cannot be changed Tip If your SNMP Manager supports SNMPv3 you should if possible use this version as older versions transfer all data unencrypted 8 5 Remote Authentication This menu contains the settings for user authentication 8 5 1 RADIUS RADIUS Remote Authentication Dial In User Service is a service that enables authentica tion and configuration information to be exchanged between your device and a RADIUS server The RADIUS server administrates a database with information about user authen tication and configuration and for statistical recording of connection data RADIUS can be used for e Authentication e Accounting Exchange of configuration data For an incoming connection your device sends a request with user name and password to bintec R200 Serie 8 System Management Funkwerk Enterprise Communications GmbH the RADIUS server which then searches its database If the user is found and can
401. the host or network to dress which the packets are to be sent through the GRE tunnel Standard Route If you enable the Default Route all data is automatically routed to one connection The function is disabled by default Local IP Address Enter the IP address to be used as the source address for this GRE connection Route Entries Define other routing entries for this connection partner Add a new entry with Add e Remote IP Address IP address of the destination host or network e Netmask Netmask of Remote IP Address If no entry is made your device uses a default netmask e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 MTU Enter the maximum packet size Maximum Transfer Unit MTU in bytes that is allowed for the GRE connection between the partners Possible values are 1 to 8192 The default value is 1500 Use Key Enable the key input for the GRE connection which makes it Field Description possible to distinguish between several parallel GRE connec tions between two GRE partners see RFC 1701 The key is activated with Enable The function is disabled by default Key Value Only if Use Key is enabled Enter the GRE connection key Possible values are 0 to 2147483647 The default value is 0 14 5 Certificates 14 5 1 Certificate list In the VPN gt Certificates gt Certificate List menu a list of all available certif
402. the relevant profile The LAC does the same with the fields of the SCCRP of the LNS If this field remains empty authentication data in the tunnel setup messages are not sent and are ignored Fields in the Tunnel Profiles LAC Mode Parameters menu Field Description Remote IP Address Enter the fixed IP address of the LNS used as the destination address for connections based on this profile The destination must be a device that can behave like an LNS UDP Source Port Enter how the port number to be used as the source port for all outgoing L2TP connections based on this profile is to be be de 14 VPN Funkwerk Enterprise Communications GmbH Field Description termined By default the Fixed option is disabled which means that ports are dynamically assigned to the connections that use this profile If you want to enter a fixed port enable the Fixed option Se lect this option if you encounter problems with the firewall or NAT The available values are 0 to 65535 UDP Destination Port Enter the destination port number to be used for all calls based on this profile The remote LNS that receives the call must mon itor this port on L2TP connections Possible values are 0 65535 The default value is 1701 RFC 2661 The Advanced Settingsmenu consists of the following fields Fields in the menu Advanced Settings Field Description Local IP Address Enter the IP address to be used as the source address for all L2TP co
403. they are loaded as the boot configura tion the next time you start the device The navigation bar also contains the main configuration menus and their sub menus Click the main menu you require The corresponding sub menu then opens If you click the sub menu you want the entry selected will be displayed in red All the other sub menus will be closed You can see at a glance the sub menu you are in Siatus page If you call the Funkwerk Configuration Interface after you log in the status page of your device is displayed The most important data of your device can be seen on this at a glance Main configuration window The sub menus generally contain several pages These are called using the buttons at the top of the main window If you click a button the window is opened with the basic paramet bintec R200 Serie Funkwerk Enterprise Communications GmbH 7 Access and configuration ers You can extend this by clicking the Advanced Settings tab which displays the addi tional options Configuration elements The various actions that you can perform when configuring your device in the Funkwerk Configuration are triggered by means of the following buttons Funkwerk Configuration Interface buttons Button Function Updates the view Apply Cancel If you do not want to save a newly configured list entry cancel f this and any settings made by pressing Cancel A Y Confirms the settings of a new entry and the parameter ch
404. to matically calls the defined direct call number if you do not start dial ling another number first You can enter up to 12 destination num bers when you configure Direct Call A direct call number can only be used by one subscriber If you want to change an entered direct call number you can simply enter the new direct call number without having to delete the old direct call number The old number is auto matically overwritten when the new configuration is transferred to the PBX Direct Inward System Access Data transfer during online connections where files are loaded from a PC or data network server to the user s own PC PBX or ter minal so that they can be used there Data is transferred between the Internet and your PBX over ISDN or T DSL The PBX determines the remote terminal to which a data packet is to be sent For a connection to be selected and set up parameters must be defined for all the required connections These parameters are stored in lists which together permit the right con nection to be set up The PBX uses the PPP Point to Point Pro tocol for ISDN access and PPPoE Point to Point Protocol over Ethernet for access over T DSL The traffic on these two Internet connections is monitored separately by the PBX Special modem for data transmission using DSL access technology A DSL splitter is a device that splits the data or frequencies of vari ous applications that run via a subscriber line or distribution
405. try you can activate IP Accounting by set ting the checkmark In the IP Accounting column you do not need to click each entry indi vidually Using the options Select All and Disable All you can enable or disable the IP ac counting function for all interfaces simultaneously bintec R200 Serie 19 2 2 Options In this menu you configure general settings for IP Accounting bintes R232bw EPPS Interfaces Options Log Format INET d t a c i 1 t gt ALGAR p 0 P 0 s 4 OK I Cancel E mail Alert SNMP Activity Monitor Fig 142 External Reporting gt IP Accounting gt Options In the External Reporting gt IP Accounting gt Options menu you can set the Log Format of the IP accounting messages The messages can contain character strings in any order sequences separated by a slash e g t or n or defined tags Possible format tags Format tags for IP accounting messages Field Description d Date of the session start in the format DD MM YY t Time of the session start in the format HH MM SS a Duration of the session in seconds C Protocol i Source IP Address r Source Port f Source interface index l Destination IP Address R Destination Port bintec R200 Serie Field Description Yor Destination interface index p Packets sent 0 Octets sent P Packets received O Octets received S Sequential number for accounting message A By defau
406. ts are to be accep ted Language English Online Help Express Setup Wizard Forwarding IGMP Options Basic Settings IGMP Status Oup Odown auto Mode Compatibility Mode Version 3 only Maximum Groups fea Maximum Sources 5 IGMP State Limit lo Messages per Second C OK C Cancel _ Fig 64 Routing gt Multicast gt Options The Routing gt Multicast gt Options menu consists of the following fields Fields in the Options Basic Settings menu IGMP Status Select the IGMP status Possible values e auto default value Multicast is activated automatically for hosts if the hosts open applications that use multicast e Active Multicast is always on e Down Multicast is always off Mode Only for IGMP Status Active or Auto Select Multicast Mode Possible values bintec R200 Serie Field Description e Compatibility Mode default value The router uses IG MP version 3 If it notices a lower version in the network it uses the lowest version it could detect e Version 3 only Only IGMP version 3 is used Maximum groups Enter the maximum number of groups to be permitted both in ternally and in reports Maximum sources Enter the maximum number of sources that are specified in ver sion 3 reports and the maximum number of internally managed sources per group Maximum number of IG Enter the maximum permitted total number of incoming queries MP status
407. ty makes an access point nothing less than a VLAN aware switch with the enhancement of grouping clients into VLAN groups In general VLAN segmenting can be configured with all interfaces Standard LAN VLAN Segmentation a E o 0 ire le ss VLAN Se gme ntation A o LA Th aE es GEER GEE EE GH VLAN VLAN VLAN Manage Develop Public ment ment Wireless LAN 1 Wireless LAN 2 Fig 42 VLAN segmenting VLAN for Bridging and VLAN for Routing In the LAN gt VLAN menu VLANs virtual LANs are configured with interfaces that oper ate in bridging mode Using the VLAN menu you can make all the settings needed for this and query their status i Caution For interfaces that operate in Routing mode you only assign a VLAN ID to the inter face You define this via the parameter Interface Mode VLAN and the VLAN ID field in the LAN gt IP Configuration gt Interfaces gt New menu bintec R200 Serie 10 2 1 VLANs In this menu you can display all the VLANs already configured edit your settings and cre ate new VLANs By default the Management VLAN is available to which all interfaces are assigned 10 2 1 1 Edit New Choose the o icon to edit existing entries Choose the New button to configure other VLANs bintec R232bw Language English Online Help Express Setup Wizard Configure VLAN VLANs Port Configuration Administration VLAN Identifier E VLAN Name quae Interface Egre
408. ule matches the packet the packet is discarded without sending an error message to the sender of the packet if a reject rule matches the packet is discarded and an ICMP Host Unreachable message sent to the sender of the packet The packet is only forwarded if an accept rule matches e All packets without matching rules are rejected without sending an error message to the sender when all the existing rules have been checked default behaviour 15 1 Policies 15 1 1 Filter rules The default behavior with Action Access consists of two implicit filter rules If an incom ing packet can be assigned to an existing connection and if a suitable connection is expec ted e g such as an affiliated connection of an existing connection the packet is allowed The sequence of filter rules in the list is relevant The filter rules are applied to each packet in succession until a rule matches If overlapping occurs i e more than one filter rule matches a packet only the first rule is executed This means that if the first rule denies a packet whereas a later rule allows it the packet is rejected A deny rule also has no effect if a relevant packet has previously been allowed by another filter rule In the Firewall gt Policies gt Filter Rules menu a list of all configured filter rules is shown Select the show administrative access rules option to display existing filter rules for administrative access to your device see System Management
409. unexpected or non specific error e Internal Error An internal device problem prevented the configuration option from being carried out bintec R200 Serie 179 2 Options In this menu you can grant permission for your device to be discovered by other bintec devices using the funkwerk Discovery protocol and to be configured by means of this bintec R232bw Language English Online Help Express Setup Wizard Device Discovery Options Discovery Server Options Enable Discovery Server C Enabled Sa d gt 1 C oK x Cancel p DHCP Server Web Filter CAPI Server Scheduling Surveillance ISDN Theft Protection Funkwerk Discovery Fig 132 Local Services gt Funkwerk Discovery gt Options The Local Services gt Funkwerk Discovery gt Options menu consists of the following fields Fields in the Options Discovery Server Options menu Field Description Enable Discovery Server Select whether your device is to be discovered and configured by other bintec devices in the network The function is activated with Enabled The function is disabled by default bintec R200 Serie 17 Local services Funkwerk Enterprise Communications GmbH 17 10 UPnP Universal Plug and Play UPnP makes it possible to use current messenger services e g real time video audio conferencing as peer to peer communication where one of the peers lies behind a NAT enabled gateway UPnP enables mostly
410. up Tool A This symbol appears in messages referring you to the fact that values were entered or selected incorrectly Pay particular attention to the following message Warning changes not supported by the Setup Tool If you makes these changes with the Funkwerk Configuration Interface this can cause inconsistencies or mal functions Therefore it is recommended that the configuration is continued with the Setup Tool 7 3 2 3 Funkwerk Configuration Interface menus The configuration options of your device are contained in the sub menus which are dis played in the navigation bar in the left hand part of the window er Note Please note that not all devices have the full range of functions Check the software of your device on the corresponding product page under www funkwerk ec com The Funkwerk Configuration Interface contains the following menus 7 Access and configuration System Management Funkwerk Enterprise Communications GmbH State Global Settings Interface Mode Bridge Groups Administrative Access Remote Authentication Physical interfaces In this menu general information on your device is displayed at a glance This information includes serial number software version cur rent memory and processor use status of the physical inter faces and the last 10 system messages In this menu you enter the basic system settings of your device such as for example system name system date s
411. up Wizard s Portforwarding View feo per page se Fiterin None n q Y Go Interface z NAT active Silent Deny PPTP Passthrough Portforwardings LANL EN1 0 B io io 0 LANL ENEO lo lo fa lo AN ETHOAS0 0 o o a 0 Page 1 items 1 3 ee C ok J C canei _ Fig 53 Routing gt NAT gt NAT Interfaces For each NAT interface you can select the options NAT Active Silent Deny and PPTP Passthrough In addition Port forwardings displays how many portforwarding rules were configured for this interface Options in the menu NAT Interfaces Field Description NAT Active Select whether NAT is to be activated for the interface The function is disabled by default bintec R200 Serie Field Description Silent Deny Select whether IP packets are to be silently denied by NAT If this function is deactivated the sender of the denied IP packet is informed by means of an ICMP or TCP RST message The function is disabled by default PPTP Passthrough Select whether the setup and operation of several simultan eous outgoing PPTP connections from hosts in the network are also to be permitted if NAT is activated The function is disabled by default lf PPTP Passthrough is enabled the device itself cannot be configured as a tunnel endpoint Portforwardings Shows the number of portforwarding rules configured in Rout ing gt NAT gt Portforwarding
412. upport Information 2 a a a a o 8 Chapter 4 Basic configuration o o 00000 9 4 1 Prosettings syi sp A BI A Ue ae ge 9 4 1 1 Preconfigured data 9 4 1 2 Software update aooaa a e 9 4 2 System requirements 2 2 ee ee 10 4 3 Preparations s 56 steve Wee ale Ow Aha E amp 10 4 3 1 Gathering datas xo ad 4 rr Boa o A oe a dee 10 4 3 2 ConfiguringaPC s sco sos en 14 4 3 3 Installing BRICKware 2 aoa oaa a 15 4 4 Configuring the Gateway 2 2 2 0 17 4 5 Testing the Configuration 2 2 18 Chapter 5 Reset o 19 Chapter 6 Technical data o 21 6 1 Scope of supply 2 2 ee 21 bintec R200 Serie i 6 2 General Product Features 2 0 ee ee 22 6 3 LEDS td e Br Ge a ey Bo Ae See ge Lal aad YO 27 6 4 Connections oa a ada aa oe 30 6 5 PiN Assignments aa a a a SP Ee AP a 33 6 5 1 Serial Interfata 0 arica Kee AACR Sar o E OR 33 6 5 2 Ethernet interface a a oaoa 2 a a a a 33 6 5 3 ADSL interface ooa a 34 6 5 4 ISDN SO Porto A345 a DA Wee ee er a 35 Chapter 7 Access and configuration ooo a 36 71 Access Options 2 24 A eles ad 36 7 1 1 Access via LAN g 8 4 a o ee ee RE nt 36 7 1 2 Access via the Serial Interface 2 2 ee ee 39 7 1 3 Access over ISDN aaa a 41 7 2 HOGGING HIM ar Soe em ad SE EAL aaa aed la e a 41 72
413. ur home office can also each be assigned a number as can your son or daughter s phone As a result each family member can be contacted with a separate number helping to eliminate day to day friction And as far as the costs are concerned on request you can have your bill broken down to show which units have been charged for the indi vidual ISDN telephone numbers The digital telephone network of T Com for connecting analogue ter minals The answering machine in T Net and T ISDN The T NetBox can store up to 30 messages Enter the current T NetBox telephone number here if it differs from the 08003302424 entered ex works As soon as your T NetBox re ceives a voice or fax message notification is sent to your PBX Umbrella term the T Com online platform Offers services such as e mail and Internet access T Com software decoder for all conventional computer systems that enables access to T Online Supports all functions such as KIT e mail and the Internet with a browser T Online users receive this software free of charge T Service carries out all installation work and configurations for the PBX at the customer s request The service ensures optimum voice and data transmission at all times thanks to maintenance work T Service access enables you to have your PBX configured by T Service Give T Service a call Get advice and provide information on your configuration requirements T Service will then configure your PBX remotely
414. uthentication Protocol the password is transferred unencrypted e CHAP Only run CHAP PPP Challenge Handshake Authentic ation Protocol as per RFC 1994 the password is transferred encrypted e PAP CHAP Primarily run CHAP otherwise PAP e MS CHAPv1 Only run MS CHAP version 1 PPP Microsoft Challenge Handshake Authentication Protocol e MS CHAPv2 Run MS CHAP version 2 only Encryption Only if Authentication MS CHAPvV2 If necessary select the type of encryption that should be used for data traffic to the connection partner This is only possible if STAC or MS STAC compression is not activated for the con nection If Encryption is set the remote terminal must also sup port it otherwise a connection cannot be set up Possible values e None default value MPP encryption is not used e Enabled MPP encryption V2 with 128 bit is used to RFC 3078 e Windows compatible MPP encryption V2 with 128 bit is used as compatible with Microsoft and Cisco Callback Mode Select the Callback Mode function Possible values None default value Your device does not call back e Active Select one of the following options e No PPP Negotiation Your device calls the connection partner to request a callback e Windows Client Mode Your device calls the connection partner to request a callback via CBCP Callback Control Protocol Needed for Windows clients e Passive Select one of the following options e Enabled
415. valid Possible values e Down Your device sends and expects no heartbeat Set this option if you use devices from other manufacturers e Heartbeats Expect only Your device expects a heartbeat from the peer but does not send one itself e Heartbeats Send only Your device expects no heart beat from the peer but sends one itself e Heartbeats send amp expect Your device expects a heartbeat from the peer and sends one itself e Autodetect Automatic detection of whether the remote ter minal is a bintec device If it is Heartbeat Both for a remote terminal with bintec or None for a remote terminal without bintec is set Propagate PMTU Select whether the PMTU Path Maximum Transfer Unit is to be propagated during phase 2 The function is activated with Enabled The function is enabled by default 14 1 4 XAUTH Profiles In the XAUTH Profiles menu a list of all XAUTH profiles is displayed Extended Authentication for IPSec XAuth is an additional authentication method for IPSec tunnel users The gateway can take on two different roles when using XAuth as it can act as a server or as a Client e As a server the gateway requires a proof of authorisation e Asa client the gateway provides proof of authorisation In server mode multiple users can obtain authentication via XAuth e g users of Apple iPhones Authorisation is verified either on the basis of a list or via a Radius Server If using a one time pa
416. vice are not deleted and can if required be reloaded when the device is rebooted Proceed as follows 1 Switch off your device 2 Press the Reset button on your device 3 Keep the Reset button on your device pressed down and switch the device back on 4 Look at the LEDs The Power and Status LEDs come on first The Ethernet LEDs 1 to 4 for the ports connected to the Ethernet then flash The device runs through the boot sequence After the Status LED has flashed five times release the Reset button Proceed as follows if you also want to reset all the user passwords to the ex works state and delete stored configurations when resetting the device e Set up a serial connection to your device Reboot your device and monitor the boot se quence Start the BOOTmonitor and choose 4 Delete Configuration and following the instructions or e First carry out the reset procedure with the Reset button described above Then set up a serial or telnet connection telnet use the IP address in ex works state to your device Enter erase bootconfig as Login at the login prompt in the command line Leave the password empty and press the Return key The device runs through the boot sequence again a Note If you delete the boot configuration using the Funkwerk Configuration Interface menu Maintenance gt Software amp Configuration all passwords will also be reset and the current boot configuration deleted The next time
417. viders The provided information is accessed us ing the telephone number 0190 which is uniform across Germany plus a 6 digit telephone number Information offering Entertainment weather finance sport health support and service hotlines Additional voice service from T Com Allows calls to be received via a location independent telephone number uniform across Germany starting with the numbers 0700 Free of charge routing to national fixed network Enhancement with Vanity possible Additional voice service from T Com Replaces Service 0190 Service number 0180 Additional voice service 0180call from T Com to receive calls from a Setup Tool SHA1 SHDSL Short hold Signalling Simplex operation ISDN subscribers only location dependent telephone number uniform across Germany starting with the numbers 0180 Menu driven tool for the configuration of your gateway The Setup Tool can be used as soon as the gateway has been accessed serial ISDN Login LAN See HMAC SHA Single Pair High Speed Is the defined amount of time after which a connection is cleared if no more data is transmitted Short hold can be set to static fixed amount of time or dynamic according to charging information Simultaneous signalling All assigned terminals are called simultan eously If a telephone is busy call waiting can be used This connection can only be used for an ISDN telephone only T Concept PX722 system telephones with a s
418. w Funkwerk Enterprise Communications GmbH 15 Firewall NAT One of the basic functions of NAT is the translation of the local IP addresses of your LAN into the global IP addresses you are assigned by your ISP and vice versa All connections initiated externally are first blocked i e every packet your device cannot assign to an exist ing connection is rejected This means that a connection can only be set up from inside to outside Without explicit permission NAT rejects every access from the WAN to the LAN IP Access Lists Here packets are permitted or rejected exclusively on the basis of the criteria listed above i e the state of the connection is not considered except where Services tcp SIF The SIF sorts out all packets that are not explicitly or implicitly allowed The result can be a deny in which case no error message is sent to the sender of the rejected packet or a reject where the sender is informed of the packet rejection The incoming packets are processed as follows e The SIF first checks if an incoming packet can be assigned to an existing connection If so it is forwarded If the packet cannot be assigned to an existing connection a check is made to see if a suitable connection is expected e g as affiliated connection of an exist ing connection If so the packet is also accepted e If the packet cannot be assigned to any existing or expected connection the SIF filter rules are applied If a deny r
419. werk com If a name is entered without a full stop once you confirm with OK lt Default Domain gt is added Forward to Select the forwarding destination requests to the name defined in Host or Domain Possible values e Interface default setting The request is forwarded to the defined Interface DNS Server The request is forwarded to the defined DNS server Interface Only for Forward to Interface Select the interface via which the requests for the defined Do main are to be received and forwarded to the DNS server DNS Server Only for Forward to DNS server Enter the IP address of the primary and secondary DNS server 17 1 4 Cache In the Local Services gt DNS gt Cache menu a list of all available cache entries is shown bintec R200 Serie bintee R232bw PEPEE Global Settings Static Hosts Domain Forwarding Cache statistics Automatic Refresh Interval 60 Seconds C Apply Reference Courter Select all Deselect all Mil 4 OK C Cancel ISDN Theft Protection Funkwerk Discovery Fig 108 Local Services gt DNS gt Cache You can select individual entries using the checkbox in the corresponding line or select them all using the Select All button A dynamic entry can be converted to a static entry by marking the entry and confirming with Set to Static This entry then disappears from the list and is inclu
420. wfish and AES 128 and are enabled by default Hashing Algorithms Select the algorithms that are to be available for message au thentication of the SSH connection Funkwerk Enterprise Communications GmbH 8 System Management Field VENTO Possible options O MIDS e SHAI e RipeMD160 MD5 SHA 1 and RipeMD1 60 are enabled by default Fields in the SSH Key Status menu Field Value RSA Key Status Shows the status of the RSA key If an RSA key has not been generated yet Not Generatedis displayed in red and a link Generate is provided If you select the link the generation process is triggered and the view is up dated The status Generating is displayed in green When generation has been completed successfully the status changes from Generating to Generated If an error occurs during generated Not Generated and the Generate link are displayed again You can then repeat generation If the status Unknown is displayed generation of a key is not possible for example because there is not enough space in the FlashROM DSA Key Status Shows the status of the DSA key If a DSA key has not been generated yet Not Generatedis displayed in red and a link Generate is provided If you select the link the generation process is triggered and the view is up dated The status Generating is displayed in green When generation has been completed successfully the status changes from Generating to Generated If an error occurs during gene
421. with this category is used Day Select the days on which the filter is to be active Possible settings e Daily default value The filter is used every day of the week e lt Weekday gt The filter is used on a certain day of the week Only one day can be selected per filter several filters must be configured if several individual days are to be covered e Monday Friday The filter is used from Monday to Friday The default value is Daily Schedule start stop In from enter from which time the the filter is to be activated time The time is entered in the form hh mm The default value is 00 00 In to enter the time at which the filter is to be deactiv ated The time is entered in the form hh mm The default value is 00 00 Action Select the action to be executed if the filter matches a call Possible values e Block and Log default value The call of the requested page is prevented and logged e Allow and Log The download is permitted but logged The events log can be viewed in the Local Services gt Web Filters gt Filter List menu e Allow The call is allowed and not logged 17 4 3 Black White lists The Local Services gt Web Filters gt Black White Lists menu contains a list of URLs and IP addresses that can be downloaded even if they were blocked as a result of the filter configuration and classification in the Proventia Web Filter no entries are contained in the default configuration 17 4 3 1
422. word agreed with the peer The maximum length of the entry is 50 characters All charac ters are possible except for 0x at the start of the entry Fields in the IPSec Peers Interface Routes menu Funkwerk Enterprise Communications GmbH 14 VPN Field Description IP Address Assignment Select the configuration mode of the interface Possible values e Static default value You enter a static IP address e IKE Config Mode Choose an IP address from the con figured IP pool IP Assignment Pool Only if IP Address Assignment IKE Config Mode Select an IP pool configured in the VPN gt IP Pools menu If an IP pool has not been configured here yet the message Not yet defined appears in this field Standard Route Only for IP Address Assignment Static Select whether the route to this IPSec peer is to be defined as the default route The function is activated with Enabled The function is disabled by default Local IP Address Only if Standard Route is not enabled Enter the WAN IP address of your IPSec tunnel This can be the same IP address as the address configured on your router as the LAN IP address Route Entries Define routing entries for this connection partner e Remote IP Address IP address of the destination host or LAN e Netmask Netmask for Destination IP Address e Metric The lower the value the higher the priority of the route possible values 0 15 The default value is 7 The Advanced S
423. y default 14 2 2 User In the VPN gt L2TP gt Users menu a list of all configured L2TP partners is shown 14 2 2 1 New Choose the New button to set up new L2TP partners bintec R200 Serie bintse R2S2bw IEPS su sers Options Basic Parameters o Description connection Type Ons OLac User Name J Password ecceceee Always on Enabled i i Connection Idle Timeout 300 Seconds P Mode and Routes y E Ty IP Address Mode static O Provide IP Address Defautt Route Enabled i Create NAT Policy if Dienabiea F Local IP Address J i L dh Route Entries Advanced Settings Block after connection failure for foo Seconds Authentication MS CHAPV2 x 5 i Encryption O None Enabled Windows compatible LCP Alive Check Pa Ea T Prioritize TOP ACK Packets if DEnabled g IP Options qa OSPF Mode OPassive O Active O Inactive Proxy ARP Mode O Inactive up or Dormant Up only DNS Negotiation ElEnabiea i C OK K Cancel p Fig 84 VPN gt L2TP gt Users gt New The VPN gt L2TP gt Users gt New menu consists of the following fields Fields in the Users Basic Parameters menu Field Description Description Enter a name for uniquely identifying the L2TP partner The first character in this field must not be
424. ynDNS registrations to be updated bintec R200 Serie bintec R232bw DHCP Server TENTAR E get e Language English Online Help Express Setup Wizard Es E i Web Filter CAPI Server Scheduling Surveillance ISDN Theft Protection Funkwerk Discovery t tas DynDNS Update DynDNs Provider Basic Parameters Host Name Selectone eeccseece dyndns v CEnabled Interface User Name Password Provider Enable update Advanced Settings Mail Exchanger Mx Wildcard ClEnabled 0 OK C Cancel Fig 110 Local Services gt DynDNS Client gt DynDNS Update gt New The Local Services gt DynDNS Client gt DynDNS Update gt New menu consists of the following fields Fields in the DynDNS Update Basic Parameters menu Field Description Host Name Interface User name Password Provider Enter the complete host name as registered with the DynDNS provider Select the WAN interface whose IP address is to be propagated over the DynDNS service e g the interface of the Internet Ser vice Provider Enter the user name as registered with the DynDNS provider Enter the password as registered with the DynDNS provider Select the DynDNS provider with which the above data is re gistered A choice of DynDNS providers is already available in the uncon figured state and their protocols are supported bintec R200 Serie
425. you are using a Windows PC you need a terminal program for the serial connection e g HyperTerminal Make sure that HyperTerminal was also installed on the PC with the Win dows installation However you can also use any other terminal program that can be set to the corresponding parameters see below 7 Access and configuration Funkwerk Enterprise Communications GmbH If you have installed the BRICKware as described in the Quick Install Guide two links are provided in the Windows Start menu If you use these you do not have to make any other settings for the serial connection to your device Proceed as follows to access your device via the serial interface 1 In the Windows Start menu click on Programs gt BRICKware gt Device on COM1 or Device on COM2 if you use the COM2 port of your PC to start HyperTerminal 2 Press Return at least once after the HyperTerminal window opens A window with the login prompt appears You are now in the SNMP shell of your device You can now log in on your device and start the configuration Check If the login prompt does not appear after you press Return several times the connection to your device has not been set up successfully Therefore check the COM1 or COM2 settings on your PC 1 Click on File gt Properties 2 Click Configure in the Connect to tab The following settings are necessary Bits per second 9600 Data bits 8 Parity None Stopbits 1 Flow cont
426. ype Maintenance v Authentication Method External Reporting ssai MTU 1418 E oring r Alive Check Saas r 04 IPsec Packets 0 ISDIlModem les A Ialoter aces Errors 0 yet Messages 0 Fig 150 Monitoring gt IPSec gt IPSec Tunnel gt 0 Values in the list IPSec Tunnels Field Description Description Shows the description of the peer Local IP Address Shows the WAN IP address of your device Destination IP Address Shows the WAN IP address of the connection partner Local ID Shows the ID of your device for this IPSec tunnel bintec R200 Serie Field Description Remote ID Shows the ID of the peer Exchange Type Shows the exchange type Authentication Method Shows the authentication method MTU Shows the current MTU Maximum Transfer Unit Alive Check Shows the method for checking that the peer is reachable NAT Detection Displays the NAT detection method Local Port Shows the local port Remote Port Shows the remote port packets Shows the total number of incoming and outgoing packets Bytes Shows the total number of incoming and outgoing bytes Error Shows the total number of errors IKE Phase 1 SAs x The parameters of the IKE Phase 1 SAs are displayed here Role Algorithm Life time remaining State IPSec Phase 2 SAs x Shows the parameters of the IPSec Phase 2 SAs Role Algorithm Local Remote Lifetime re maining State Messages The system messages for thi
427. ystem time and passwords You can also manage licences that are necessary for the use of certain functions In this menu you define the mode in which the interfaces of your device are to run routing or bridging and if necessary can define bridge groups In this menu you configure the access options for the individual interfaces In this menu you configure the authentication via a RADIUS server or TACAS server Ethernet Ports ISDN Ports ADSL Modem LAN In this menu you configure the Ethernet interfaces of your device To do this you select the speed and type of interface for example In this menu you configure the ISDN interface of your device Here you enter data such as the type of ISDN connection to which your device is connected In this menu you make the basic settings for your ADSL con nection Funkwerk Enterprise Communications GmbH 7 Access and configuration IP Configuration In this menu you carry out the IP configuration of the LAN inter faces for your device VLAN In this menu you configure the VLANs Wireless LAN WLAN1 In this menu you configure your wireless modules as an access point or bridge Administration In this menu you make the basic WLAN settings Routing Routes In this menu you enter additional routes NAT In this menu you configure the NAT firewall NAT Network Ad dress Translation RIP In this menu you configure the dynamic updating of the routing table via
428. ystem your device does not support bintec R200 Serie Gay In addition above the list is shown the System License ID required for on line licensing 8 2 4 1 Edit New Choose the o icon to edit existing entries Choose the New button to add licences System Passwords Date and Time System Lice e Basic Parameters Licence Serial Number Licence Key J Fig 28 System Management gt Global Settings gt System Licenses gt New Activating extra licences You activate extra licences by adding the received licence information in the System Man agement gt Global Settings gt System Licenses gt New menu The System Management gt Global Settings gt System Licences gt New menu con sists of the following fields Fields in the System LicencesBasic Parameters menu Field Value Licence Serial Number Enter the licence serial number you received when you bought the licence Licence Key Enter the licence key you received by e mail Note If Not OKis displayed as the status bintec R200 Serie e Enter the licence data again e Check your hardware serial number If Not Supported is displayed as the status you have entered a license for a sub system that your device does not support This means you cannot use the functions of this licence Deactivating a licence Proceed as follows to deactivate a licence 1 Goto System Management gt Global Settin

Download Pdf Manuals

Related Search

Related Contents

Sony Model HT-K215 User's Manual  Manual do Equipamento - Kit Frigor  Cables Direct USB2-023K USB cable  Podium View 2.0 Visual Presenter Bildsoftware  Chapitre 15 Identifier les problèmes de comportement  Thermal Imager User Manual  トップ プレート  ELECTROSIERRA  Audiovox D705PK User's Manual  Siesta -C RX - Sutecal.com  

Copyright © All rights reserved. Failed to retrieve file