WIM V1.28 User Manual
Contents
1. Another computer Browse 4 Back Cancel 205 4 Move to the lt Console gt window Then IP Security Policies on Local Machine of the Console Root is created Select the item and then right click the Create IP Security Policy menu ji Console1 Console Root IP Security Policies on Local Machine 5 x Console Window Help l D gE 181 xl Action Yiew Favorites G mlm 2 eons Tree Favorites Name Description Policy Assigned E client Respond Only Communicate normally uns No IP Security Policies on Local Machina R Secure Server Reauir For all IP traffic always req No Create IP Security Policy IP traffic always req No Manage IP filter lists and filter actions h All Tasks View New Window from Here New Taskpad View Refresh Export List Help 5 Then click the Next button on the lt IP Security Policy Wizard gt window to display the window below Enter the Name and Description and then click the Next button IP Security Policy Wizard IP Security Policy Name Name this security policy and optionally give it a brief description Mame IFSec Description IFSec 6 If Activate the default response rule is checked release the check and then click the Add button to display the window below Check Edit Properties and then click the Finish button IP Security P2. Auto lo Sis fo L S S 14 IS O JO i O L_ olfo lfolfo 4 4 is 1 2 3 4 5 6 7 8 9 oO E o S j a aS oO p b C Oo Mn lt gt siegi kegi ie O O 0 O0 O C ERR a ee ee H N J INU H D L m UI ali SUL 16 Q lt ise oO o HHH HHH PeeWee HRN HHH PetPets oO a uplink Port Configuration Parameter Description Port Column is used to lists the 16 switch ports and 1 uplink port Active Used to turn a switch port on or off Negotiation Used to set the negotiation type Auto Controls speed through negotiation Force Controls speed through enforcement Sets this item to force when setting the Duplex item to Full Nway Force It enables the port to perform link partner and auto negotiation by specifying own capability in auto negotiation Speed Dpx Used to set the speed and duplex type Speed Set 10 100 Mbps Dpx Duplex Select Full bidirectional service or Half unidirectional service 60 Parameter Flow Ctl Rate In Out Security Priority Description Used to set whether to use flow control Flow control is performed according to the value set for Rate In Out incoming rate outgoing rate On ports using Flow Control these fields set
3. Service name PolicwAgent Display name Descriptions Manages IP security policy and starts the ISAKMP ak Path to executable DAWINNTAS ystemse eats ee Startup type Automatic Service status Started Start Stop Pause Rezume You can specify the start parameters that apply when vou start the service from here Start parameters coed o 29 Verify the connection status of the firewall internal IP address through the ping command at a command prompt If responses like the window below are displayed the IP address is properly connected C gt aun oon Pinging 192 168 0 1 with 32 bytes of data Negotiating IP Security Reply from 192 168 0 1 bytes 32 time 5 ms TTL 255 Reply from 192 168 0 1 bytes 32 time 6 ms TTL 55 Reply rom 92 1 0 1 yte 32 tme 4 s TTL 55 Ping statistics for 192 1608 0 1z Packets Sent 4 Received 3 Lost 1 lt 25 loss gt Approximate round trip times in milli seconds Minimum 4 ms Maximum 6 ms Average 5 ms 216 PPTP Setting Users are allowed to configure VPN with PPTP by using the installation CD and through Windows update in Windows XP 2000 PPTP Setting in Windows XP 2000 In Windows XP 2000 This item enables to use DHCP client If VPN PPTP client is CAUTION Connected while the DHCP client is operating errors will be found To prevent this problem close the DHCP client operation on the Start
4. SPQ eS SPQ is the simplest queuing method The priority of the leaf class can be set to high SS middle or low N NOTE HTB Class Group HTB uses the concept of tokens and buckets along with the class based system and filters to allow for complex and granular control over traffic With a complex borrowing model HTB can perform a variety of sophisticated traffic control techniques One of the easiest ways to use HTB immediately is that of shaping Begin configuring the Hierchical Token Bucket by clicking the Add button in the lt HTB Class Group gt window HTB Class Group ID Class Type root inner default leaf Rate B s j When configuring HTB it is best to begin by creating the root Assign a Root ID click the root radio button and define the bandwidth allocation In the example listed below the root is defined with an allocated bandwidth of 1000 KBs HTB Class Group ID Root Class Type root inner default leaf Rate 1o00 KB s The second step in the HTB configuration is creating the Inner rule From the lt HTB Class Group List gt window click the Add button Assign an Inner ID click the inner radio button define the Parent root define the Rate parameter minimal desised speed and the Ceil parameter maximum desired speed 128 aa In the example listed below the there will only be one Inner class so 800 KBs will be used 7 9 A The remaining 2
5. OSPF Interface Basic cost 0 1 65535 Cast dead interyal az lt 1 65535 gt Seconds hello interval lt 1 65535 gt Seconds transmit delay O lt 1 65535 gt Seconds retransmit 1 65535 gt Seconds interwal Select the target interface and then enter the OSPF configuration command using the Command field or OSPF Interface Basic fields If a WAN Interface is set up to work through a VPN Tunnel then it will not be possible to WN S send routing updates through it This includes RIP OSPF and BGP NOTE 98 Help If a system administrator is unsure which OSPF commands to use then they may use the Help Command pull down menu to see all possible choices Select the Command field either ip ospf or no ip ospf and then the Argument field Once the correct OSPF command is identified then type it into the Command field and click on the OK button to submit the change Once an OSPF configuration command is successfully applied the results will be displayed in the Layer3 gt Configuration gt OSPF Interface lt Current Status gt window Current Status Router OSPF Interface ethO Ip ospf cost 5 In ospf dead interval 55 99 List Access List Access Lists are used on the WIM to control access to the network Access lists can prevent certain traffic from entering or exiting the router Select the Layer3 gt List gt Access List submenu to begin configuring the Access lis
6. Enter the IP address and the netmask information provided by the ISP The IP Alias and the Transparent proxy fields are the same as the corresponding input field displayed when selecting WAN gt Static IP After the completion of the setup click the OK button to save the information NONE NONE is selected when the corresponding interface is not going to be used Interface Type C WAN C LAN ONE Oo m Description Disable network interface 28 Setup Details for the Serial0 V 35 Connection Serial Interface Type The Network gt Serial0 V 35 submenu enables the administrator to specify the Serial Interface parameters Select the V 35 Serial Interface submenu to display the setup window shown below Interface Type 7 WAN C LAN NONE Select WAN or LAN to begin configuring the Serial Interface or select NONE if the Serial Interface will not be used Serial Basic The Serial Basic tables set the basic information for the Serial Interface Select one of the Serial Protocols in the Encapsulation field of this table to display the configuration window Serial Basic Serial Interface Name Seralo Physical Line Type Si MTL J1so0 128 1500 Default 1500 Encapsulation f Cisco HDLc PPP Frame Relay Serial Basic Parameters Serial Interface Name of the current serial port Name Physical Line Physical line type of the current serial port Type MTU Maximum Transmission Unit Leave t
7. Fri Sep 29 12 43 58 2006 Port Path Port 5 ca Port ID Port Role va Designated Root Name Cost State portl port2 ports port4 portS port6 port ports port portiO portil porti2 POREUS porti4 porti5 porti6 Ox8002 Ox8003 Ox8004 Ox8005 Ox8006 Ox8007 Ox8008 Ox8009 Ox800a Ox800b Ox800c Ox800d Ox800e Ox800f 0x8010 Ox8011 200000 200000 200000 200000 200000 200000 200000 200000 200000 200000 200000 200000 200000 200000 200000 200000 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Discarding 00000000f0121318 Discarding 0000000000000000 Discarding 0000000000000000 Discarding 0000000000000000 Designated Forwarding 80000000f0121318 Discarding 0000000000000000 Designated Forwarding 80000000f0121318 Discarding 0000000000000000 Discarding 0000000000000000 Discarding 0000000000000000 Discarding 0000000000000000 Discarding 0000000000000000 Discarding 0000000000000000 Discarding 0000000000000000 Discarding 0000000000000000 Discarding 0000000000000000 0x8012 200000 DesignatedForwarding 80000000f0121318 uplink RSTP Bridge Status Field Description Used to show the RSTP status Used to display the GPLIMT GPLIM s bridge information in hexadecimal numbers The upper four digits represent the bridge priority and the remaining lower digits is the GPLIMT GPLIM MAC address Used to display t
8. IF Protocol fal Mask Gateway default gate port Backup default gate Static Configuration Parameters Source Source IP address netmask and port number of transfer session Destination Destination IP address netmask and port number of transfer session Traffic Protocol Protocol to be applied Distribution Gateway External network interface that the corresponding traffic session passes through if the default gateway is selected the load balancing by Network Load Balance Configuration is applied Backup Backup interface to perform the failover function when any failure occurs in the external network interface line selected in the Gateway field For the application of load balancing select default gateway If 0 0 0 0 is input as the IP address and netmask then any IP address is allowed as the source and the destination IP address In addition a value of Os as the source port number means that any port number is allowed as the source port number 39 Network Load Balance Management The Network Load Balance Management window is used for starting and stopping the NLB service Network LoadBalance Management Stop Run Utility The WIM is able to do both basic ping and extended ping tests Select the Network gt Utility gt Ping submenu to access the Ping function Ping The Ping window is a table which is used to specify and execute the Ping test When
9. MGI Cards This window sets the IP Addresses of the MGI card s mounted in the system First check at the Slot Select check box Second check at the checkbox on the left side of each item Then enter the IP Address External IP Port Gateway and Sub Netmask of the MGI card s Slots Select 1 1 O 1 2 O i 3 O 1 4 6 1 5 O eae 202 ml 2 30 24 2 50 Up to ten MGI cards can be entered into this table The figures on the left side indicate the locations of the cabinet slots The Start Port means the number of the first port among the 32 external ports where the services are to be provided in the MGI card If there is no entered number the setup is autumatically made as the values increasing by 5000 from no 1000 as the orders of the cabinets or slots 179 IP Phone This defines the IP range of the IP phones that are to use the DHCP scope of the WIM Data Server The DHCP IP pool allocated in this menu sets the authentication of the ITP 5000 series IP phone and the allocation of the IP IP Phone IP MAC Host Gateway Range ID 192 168 1 50 NONE O 192 168 1 1 255 255 255 255 es 75 List E IP Phone Parameter Description IP Range The IP range of the IP phone the maximum range 120 terminals When entering one IP enter 192 168 0 20 20 Gateway The gateway information entered at the CALL Server Item Netmask The netmask information entered at the CALL Server Item MAC Host ID The cl
10. e Layer 2 802 lp Packet Priority QoS The switch extracts the priority field from the Ethernet frame configured according to the 802 lp specification standard and discriminatively processes the frame according to the priority of the specified operation The switch then maps packets to a designated queue Up to 2 output queues Low and High are supported per egress port with queuing type of Weighted Round Robin or All High before Low For devices that do not support 802 lp OS 7200 LIM can be configured to create an enforceable priority 11 Supports Virtual LAN VLAN The Virtual Local Area Network VLAN groups the related equipment by the work group according to the LAN operational policy regardless of the location of the user equipment VLAN removes the effects of unnecessary broadcasting packets and configures a stable switching subnet only for the corresponding group by separating and processing the group in the virtual LAN The VLAN can be configured based on the switch port MAC address and 802 1Q tag IGMP Snooping IGMP Snooping provides a method for intelligent forwarding of multicast packets within a layer 2 broadcast domains By snooping IGMP registration information a distribution list of work stations 1s formed that determines which end stations will receive packets with a specific multicast address 802 3x Layer 2 Flow Control Flow control is performed according to the value set for incoming rate and or outgoing
11. is changed to ASSURED Dst IP This field displays the destination IP Address Dst Port This field displays the destination IP port 138 Statistics Devices The Status gt Statistics gt Devices submenu is used to display WIM network statistics by classifying the received and transmitted part of each device Received Devices Bytes Packets Errs Drop FIFO Frame Compressed Multicast Ethernet 5451009 271173 0 0 0 0 0 0 ava 0 0 0 0 0 O o Sued rey Wee Nate bo a e 0 0 Ethernet 0 O 0 O 0 O O 3 Senao i260 8J 2 o Wan G 0 0 Transmitted Devices Bytes Packets Errs Drop FIFO Frame CompressedMulticast Ethernet 255122 15840 0 0 0 0 0 0 SerialO 1076652 89713 Devices Received and Transmittted Field Description Devices Interface type Bytes Displays the total number of bytes received or transmitted Packets Displays the total number of packets received or transmitted Errs Displays the number of packets when an error occurs Drop Displays the number of packets lost FIFO Displays the FIFO queue is full FIFO Overrun Frame Displays the ethernet header count when a frame does not meet the format Frame Alignment Error Compressed Displays the number of compressed packets Multicast Displays the number of multicast packets 139 Protocols The Status gt Statistics gt Protocols is used to display WIM network statistics of each protocol type Unit Byte Network statisics by protocols
12. Enterprise IP Solutions OfficeServ 7200 WIM v1 28 User Manual Every effort has been made to eliminate errors and ambiguities in the information contained in this guide Any questions concerning information presented here should be directed to SAMSUNG TELECOMMUNICATIONS AMERICA 1301 E Lookout Dr Richardson TX 75082 telephone 972 761 7300 SAMSUNG TELECOMMUNICATIONS AMERICA disclaims all liabilities for damages arising from the erroneous interpretation or use of information presented in this guide Samsung Telecommunications Publication Information SAMSUNG TELECOMMUNICATIONS AMERICA reserves the right without prior notice to revise information in this publication for any reason SAMSUNG TELECOMMUNICATIONS AMERICA also reserves the right without prior notice to make changes in design or components of equipment as engineering and manufacturing may warrant Copyright 2006 2007 Samsung Telecommunications America All rights reserved No part of this manual may be reproduced in any form or by any means graphic electronic or mechanical including recording taping photocopying or information retrieval systems without express written permission of the publisher of this material Trademarks Entorprise IP Sodutioes OfficeSery is a trademark of SAMSUNG Telecommunications America L P WINDOWS 95 98 XP 2000 are trademarks of Microsoft Corporation PRINTED IN USA INTRODUCTION Purpose This document introduces th
13. Interface etha 192 168 17 100 16 Reject Non oruners C ido not allow old version DVMRP neighbors Metric 1 131 RD Interface Parameter Description Interface Used to select the target L3 interface Reject Non pruners Select the Non pruners box to indicate that the neighbors only support DVMRP with an older version Metric Metric distance value to be used for multicasting routing by VIF DVMRP Interfaces This section of the submenu is used to display the configuration of the DVMRP VIF To delete a specific VIF check the check box on the left of the entry and then click the Delete button DVMRP Interfaces C 1 N A rd2 100 1 2 10 24 BLAST i a rda 100 1 3 10 24 BLAST 0 MA 112 DVMRP Interfaces Field Description Intf DVMRP VIF name Address IP address of DVMRP VIF Type DVMRP VIF type Tunnel Point to Point Broadcast Neighbor Count Number of neighbors connected to DVMRP VIF Remote Address of the other party in case of Tunnel or Point to Point Address type Peer Address PIM SM PIM SM or Protocol Independent Multicast Sparse Mode PIM SM is a protocol for efficiently routing to multicast groups that may span wide area and inter domain internets Use the IPMC gt Configuration gt PIM SM submenu to begin configuring the PIM SM on the WIM PIM SM amp Help PIM SM commands can be entered into the Command field and saved by clicking the OK button Use the Help field to find a PIM
14. Layer3 Menu to begin configuring the routing statements and routing protocols The Layer3 submenus will be displayed in the upper left side of the window as follows Layers E General gt Routes Configuration Static RIP RIP Interface OSPF ISPF Interface Route Map Key Chain Status RIP OSPF Layer3 Menu Submenu Description Menu Submenu Description General Used to display the routing table of WIM Used to start or stop RIP OSPF and BGP Configuration Used to set up a static route RIP Used to set up RIP Used to sets the RIP interface Used to set up OSPF Used to set up the OSPF interface List Used to set up Access lists Used to set up Prefix lists Used to set up Route maps Used to set up the key used for authentication of RIP v2 Status RIP Used to display RIP network information Used to display OSPF Neighbor information 89 i General This submenu is used to start and stop the routing protocols RIP OSPF and BGP and to view the routing table of the WIM Routes In order to view all static and dynamic routes select the Layer3 gt General gt Routes submenu Click the refresh button to refresh the routing table Routes Sees 0 0 0 0 0 1 0 via 216 62 86 129 etho Cae 127 0 0 0 8 Is directly connected loopback CaS 192 168 1 0 24 Is directly connected eth2 k t gt 192 168 2 0 24 via 216 62 86 129 ipsec T S 2a ie io Vee eS Is directly connected
15. gt DHCP Server gt Leases Status submenu Select the LAN that is using the DHCP server and then click the Next button DHCP Lease Status Once the Next button has been clicked the Lease Status window will open DHCP Active Lease Status 192 16s 2 20001 022007 25756 S002 02 2007 1156 50 000r cd force acd DHCP Relay Agent This function is needed when one DHCP server is used on several subnets This function enables the DHCP Client to receive the IP allocation when the DHCP Server and the DHCP Client are in mutually different networks Configuration The DHCP Relay Agent is configured by designating the interface to perform the relay and registering from the DHCP Server Designate the Interface where the relay is performed among the activated interface list by using the Add button For the designated interface its list is made the set interface can be deleted in the list by using the Delete button In the DHCP Server list enter the IP Address of the DHCP and click the Add button To delete a DHCP Server check the box to the left of the IP Address and then press the Delete button Interface List Configuration cree O araumen O ETH Server List O f O f Zz 184 Management Using the VoIP Service gt DHCP Relay Agent gt Management submenu the administrator can start or stop the DHCP Relay Agent Service Click on the Run button to start the DHCP Relay Agent and click on the Stop button to stop the DHCP
16. iiaa The administrator can view the current status of the Remote Access rules by using the Firewall gt Firewall gt Remote Access submenu The Configuration List is shown on the bottom of the window Configuration List COE mi i 12 0 0 0 8 all udp Deny 24 Hours Everyday Bi 2 22 ow ois all tcp Deny 24 Hours Everyday If a Remote Access rule must be deleted then check the box to the left of the rule and then click the delete button In order to delete all Remote Access rules click on the box on the top left of the Configuration List then click on the delete button 54 IP Filtering The WIM IP Filtering feature is very similar to the Advanced Firewall Rules The biggest difference is the rule default is set to deny These IP Filter rules are used to deny access only Select the Firewall gt Firewall gt IP Filtering submenu to begin configuring the rule Mp In the example listed below IP Address 192 168 2 15 is not allowed to exit any interface 7 days a week 24 hours a day 228 fc lt ut anaa IP Filtering Configuration Source IP fs2 fies e lhs FEAD Destination IP b lb Lp b FHI Define fa C User a Port CRange f i cmai a Protacal all Days M Everyday Time Set M Sun M Mon M Tue M Wed M Thu M Fri M Sat Time 24 Hours fo o a fo a Index Mo ia The administrator can view the current status of the IP Filtering rules by using the
17. 2 cecccceececceccecceceeceececceceecnececcecceeneceecesceceecnscaeceeeeensceseuscaeeeensenenees 15 WIM Installation ccceceececececee eee ececeeeececececeenecesesneneeeeesacneaenseeeesesaenseesesaseeaeeesesaeeeeeaesesaes 16 Cre ad its ol gt 16 eeeec enn ee nee ere ener eee nee ee ee er 18 CHAPTER 3 Using the OfficeServ 7200 WIM Data Server 20 Network Menu cass sisssecsccncedscuveccasacusisestamwacenaeancnsebaamenmaaseansn deen banwaeeeaeanensebaasemeanasmanesseeneeenenens 21 INSTI Oc ctr cncce anaszcrsimaioneenamans besnaneten teunatinsebeaesonanesnaniendmasisace tema sananen cian swesanilcnipaautntndennsiaaebeaseese 22 PB EE E EEEE E AT EAE E A I TEE EA AA 38 N ooe E scecaceeneebarae ceaneeaasaeseeesessaatenss 40 Firewall MCI ccceccccecececeecececececneneeececacneeecececaeneeeseeaseeneeesecasseeeesasasneeesesaseeneaeeusasnseesees 42 Tea E eee cae eee es onc E NA E A E A AE E A 43 EEE U EEE EATE EEE EATE EA E E A A EEE EAT 50 POM E E PE N A EN EE EPEE E E EA EE S 60 VEAN Goe e a a a tect a a 65 MAC enen a a a E cauaratie ase 71 LA VOr2 Men sanninna eai prania aaa a aada aid aaa daaa aE Aaaa 73 RST Penone a A 74 POM AGG PECAN ON seinra ra ETTE AAT EEN 78 NT corsa EAE EE ESE E A P E tec eno E T E AE E T E E E 80 IGMP S MOO DING ersin a ea a aa 83 AUNENntiCalO N ana Na 86 Layers MEN Uy sipna a Ea a a E 89 E72 a earn erent eer Re Rr a a a a ee ena ene ere eee 90 Ge a le 6 eka 0 semen te teeerenere rent tee ree a
18. 2o HTTP Local Browse Appl Server Using the System gt Appl Server submenu the administrator can control remote access to the WIM using SSH FTP and Telnet In order to secure the system from hackers Samsung recommends that these are disabled and only turned on when the administrator needs to use them for debugging and uploading or downloading files Application Server O oot O SSH Te Telnet Check the box of the access method and then click the OK button to save the change I Reboot Using the System gt Reboot submenu the administrator can reboot the WIM System Reboot Network will be disconnected Simply click the OK button and all the services will be terminated and the system will reboot The webscreen will return to the initial login window and the webscreen will not operate until the network and services are all up and running 202 My Info Menu Click the My Info icon on the upper right hand side of the WIM Web Page to open the My Info window In this window administrators can enter the admin password which is used when logging into the WIM router Enter the new admin password into the Password and Password Confirm fields and then click the Save button The password must be alpha and or numeric characters 5 Description Administrator 5 Node ID Use Port 5000 Login ID admin Login IP 63 166 115 40 TEL No 5 E Mail ID 5 SIP URL Status 5 Password
19. Confirm New Password Radius If a Radius server will be used then select the Radius box Then enter the information for the Radius authentication server Up to 5 lists can be entered Radius Es Radius Server IP Radius Server Key a 195 Taccas If Taccas will be used then select the Taccas box Enter the information for the Taccas authentication method Up to 5 lists can be entered When deleting the list of all the server IPs the corresponding secret key values are also deleted Taccast Tacctast Server Tactas Secret Key Web Time out Configuration This setting is used to lengthen or shorten the ammount of time befor the Web Management of the WIM Data Server Times out When a change is made to this parameter the system administrator will be logged out of the WIM Web Time out Configuration Time Enable feo Min 1 1440 196 Log The Log submenu is used to configure the system log by selecting specific WIM attributes to run system log reports and to download a system log report to a file Configuration The System gt Log gt Configuration submenu is used to determine which system attributes will be included in the system log Log Policy Advanced Service System on O OFF NETWORK On OFF FIREWALL ON OFF PPTP ON OFF IPsec On OFF L2TP ON OIF A ok Click the ON or OFF radio button to include or ignore the WIM attribute Th
20. Firewall gt Firewall gt IP Filtering submenu The Configuration List is shown on the bottom of the window Configuration List mino src Dest Port Proto Time Mil oi ile dies 2 ils aaoo all udp 24 Hours Everyday Mil 2 ile jes 2 ils 00 0 0 070 all tcp 24 Hours Everyday If an IP Filtering rule must be deleted then check the box to the left of the rule and then click the delete button In order to delete all IP Filtering rules click on the box on the top left of the Configuration List then click on the Delete button 55 URL Filtering Administrators can deny web access to PCs connected to the system using the Firewall gt Firewall gt URL Filtering submenu Once the Source IP and Key Word data is entered click the OK button to save URL Filtering Source IP key Word Days M Everyday Time Set M Sun M mon M Tue M wed M Thu M fri M Sat Time 24 Hours o a o z 0 a o aj In the example listed below LAN users with an IP Address 192 168 2 15 thru 20 are not allowed to view any website 7 days a week 24 hours a day with the word myspace in the website name URL Filtering Source IF is ie 2 fis z 20 key Word myspace Days M Everyday Time Set M Sun Mon M Tue M Wed M Thu M fri M Sat Time 24 Hours o a fo a o a fo a Configuration List 56 URL Filtering Parameter Description Parameter Source IP To set the originating I
21. Rate zoo KB s a Zeil 5o00 KB s Filter Apply 400 ALL gt REMOWE lt lt lt REMOVE ALL Enter the information for the All_ TCP_Leaf class and then click the OK button to save the changes HTB Class Group List O name type Parent prio Rete call fai p Root root 1000 KB s Inner Inner Root 800 KB s 800 KB s Default default 200 KB S 200 KB s Voip Leaf leaf Inner 300 KB s 800 KB s VoIP MCP_TCP Inner 200 KB s 600 KB s TCP_MCP All TCR Inner 200 KB S 500 KB s All TCP Each class group can either be modified or deleted by clicking the radio button to the left of the class group and then by clicking the Edit or Delete button 131 HTB Class Group List Parameter Description Item Class Type Parent ID Priority Rate Ceil Filter List Scheduling Parameter Description Configuration window depends on the type of the class to be set root Sets the root class inner Sets the class that connects the root with the leaf classes default Sets the default class leaf Sets the leaf class If the target class is a child class of another class set the parent class in the Parent ID item Do not set the Parent ID if the target class is the root class highest level class physically connected to the device or if the default class class including the bandwidth for traffics that do not belong to a filter If several classes compete to occupy leftover bandwidths or if all class
22. Summary by source IP Mon Sep 26 04 16 59 2005 Mon Sep 26 21 17 42 2005 192 165 0 210 med ICMP PING 192 165 0 210 med ICMP PING NIX 192 165 0 210 med ICMP PING BSDtype 192 168 0 1 med ICMP Echo Reply 192 168 0 117 WEB MISC SSL 3 Invalid Client Hello attempt 192 168 0 119 WEB MISC SSL 3 Invalid Client Hello attempt Source IP Field Description Num Number of logs detected by IDS according to the host source IP that attacks the logs Source IP Host IP that performed the attack Priority Risk level depending on the rules level of IDS high Rule level is one day the highest risk level med Rule level is 2 or 3 days mid level low Rule level is 4 days low level Description Type of log detected in IDS 163 Destination IP Log The administrator can summarize the IDS alerts by the Destination IP If the alert log is defined by Destination IP the following window will appear Summary by destination IP Mon Sep 26 04 16 59 2005 Mon Sep 26 21 21 08 2005 192 168 17 100 ICMP PING 6 192 168 17 100 med ICMP PING NIX 6 192 165 1 100 med ICMP PING BSOtype 4 192 165 1 100 med ICMP Echo Reply 4 192 168 17 100 med WEB MISC SSLyv3 invalid Clent_ Hello attempt Destination IP Field Description Num Number of logs detected by IDS according to attacked Destination IP Local host Attacked host IP of logs detected by IDS Priority Risk level depending on the rules level of IDS High Rule level is one
23. WAL ME ME HE HE GE HE GE HE HI HE NE HE HELI LAA GN ME ME HE ME GE ME DE DE HE HE HE HE SE Leea e ea corey E a oe ed a 78 Parameter Group Mode Priority Sync Description S represents a static trunk and L represents a LACP Link Aggregation Control Protocol trunk Up to eight groups can be used and up to four ports can be included in one group as members In addition a member included in one group cannot be included another group simultaneously Used to set the mode when LACP is the Group type Select either Active or Passive When a port is set as Active an LACP packet is transferred to the opposite switch first When set as Passive it responds only when receiving a packet from the opposite switch If the user system and opposite system are both set up as Active then the system that has higher priority is used as a reference Used to setsup the port priority The default is 32768 This field indicates information connected to the opposite system in ports that are configured with LACP ports If configured as a LACP member but the LACP connection is abnormal for the opposite system it is displayed as X O means that a port is properly operated as a LACP port 79 GVRP GVRP GARP VLAN Registration Protocol is a protocol that facilitates control of virtual local area networks VLANs within a network It defines a method of tagging frames with VLAN configuration data This a
24. a Console1 Console Root ey Console Window Help Mew Ctrl M Open Chrl 0 Save Chrl 5 Save AS Add Remove Snap in Ctrl M Options 1 DAWINNT systems services mse 2 DAWINNT systems2compmgmt msc 3 DW INNT systems devmgmt msc Exit 204 In the lt Add Remove Snap in gt click the Add button to display the following window Select IP security policy management in the Add Remove Snap in menu and then click the Add button Add Standalone Snap in E ajx Avalable Standalone Snap ins S5napin Vendor O Fas Service Management Microsoft Corporation L Folder FrontPage Server Extensions Ci Group Policy Microsoft Corporation Indexing Service Microsoft Corporation l EE Internet Information Services Microsoft Corporation IP Security Policy Management Link to Web Address Local Users and Groups Microsoft Corporation ay Performance Logs and Alerts Microsoft Corporation Description Internet Protocol Security IPSec Administration Manage IPSec policies for secure communication with other computers J Select Local computer in the window below and then click the Finish button Select Computer eee Select which computer this Snap in will manage F When this console is saved the location will alzo be saved eee Local computer The computer this console it running on Manage domain policy for this computer s domain Manage domain policy for another domain
25. gt PPTP gt Management submenu the system administrator can start or stop the PPTP services When the system is rebooted the PPTP service will be automatically initiated if the PPTP service is running PPTP Management Stop Local IP Remote IP 157 The administrator can also set up the IP range for the remote PPTP clients that use the dynamic IP feature Setting up IP Range The number of IPs for the Local IP range and that for the Remote IP range should be CAUTION identical For example if the number of IPs for Local IP range is 10 and that for Remote IP range is 20 only 10 calls will be set i Status In order to check the status of an IPSec tunnel go to the VPN gt STATUS gt IPsec submenu All PSec Tunnels and their status will be displayed Status L l F t ISAKMP IPSEC eee Local IP Remote IP ais Auth Protocol Subnet Subne ABBE Le oe 2B eee Ore aes esr esp Log w OOO O coments OOOO In order to check the status of L2TP or PPTP tunnels go to the VPN gt STATUS gt L2TP PPTP submenu All L2TP and PPTP Tunnels and their status will be displayed PPTP L2TP Status SEIE IE ENE o E e 2 E aera Refresh 158 IDS Menu An intrusion detection system IDS generally detects unwanted attacks to computer systems mainly through The Internet The attacks may come from skilled malicious hackers or by others using automated tools T
26. typically the gateway for WAN Interface Internal IP address range Internal subnet mask Selects the host authentication method RSA Key The Public RSA key is already defined Click the Browse button to find the Remote Key and then click on the Upload button to store the RSA key into the WIM Preshared Key Used to enter an authentication password Certificate Used to define the local authentication certificate and the CA certificate For Local settings select a certificate from the certificate list If selecting a certificate from the Local ID of Advanced is entered automatically For Remote settings enter the Remote ID It is available to check the integrity of the host certificate registered to Local Router Value Configuration If IP Address of Local settings and the network address of IP Address of Remote NOTE settings the result of Netmask for IP Address are identical enter the value of IP Address of Remote settings as the value for the Router of Local settings and enter the value of IP Address of Local settings as the value for IP Address of Remote settings 147 Advance Click the IPSec Advanced button from the lt IPsec Add gt or lt IPsec Mod gt window to display the following window Advance Key Life Time Protocal Key Life Time Dead Peer Detect Time Out Delay Action Phase 1 Phase 2 TF esp 28800 TeC
27. 5 Password Confirm Save Cancel 203 ANNEX A VPN Setting for Windows XP 2000 If IPSec or PPTP tunneling is used on a Microsoft server or PCs in order to connect to the OfficeServ 7200 WIM Data Server then the VPN needs to be configured on MS Windows This section describes how to set up the VPN on Windows XP The Windows 2000 OS is done in a similar fashion For this example we will use the following information e External IP address of the OfficeServ WIM 211 217 127 40 e Internal IP address of the OfficeServ WIM 192 168 0 1 Internal network IP address 192 168 0 0 e Internal network Netmask 255 255 255 0 e IP address of a Windows XP 2000 installed client PC 211 217 127 73 IPSec Setting IPSec and various encryption authentication algorithms can be used through the installation CD and Windows update in Windows XP 2000 Additionally LAN to VPN client can be configured through the IPSec IPSec Setting in Windows XP 2000 Windows XP Executes IPSeccmd exe in the Support Tools setup folder of the Windows XP installation CD Windows 2000 Download and install Windows 2000 Service pack 2 in the Windows update site Or execute IPSecpol exe in the Support Tools setup in the Windows 2000 installation CD Select Start gt Run and in the task bar type in mmc lt enter gt to display the window below In the console window select the File gt Add Remove Snap in
28. 7 2 1 rce1 customer 2005 9 27 Li 24 30 sampa smux accept accepted fd 10 from 127 0 0 1 32773 snmpd accepted smux peer oid SNMPy2 2005 9 27 j 3 T SMI enterprises 3317 1 2 10 descr zebos 7 2 1 7 eb05 7 2 1 sampa i rel customer 2005 9 27 A Se zl smux accept accepted fd 9 from 127 0 0 1 32772 sampa Git Frea Fre 174 etd e a 198 Download Using the System gt Log gt Download submenu the administrator can download a log report to a PC Simply press the Download button and the system log will be downloaded in the form of a compressed file Log File Management Download log file To dawnload log files Click the Download button Time Configuration Using the System gt Time Configuration submenu the system administrator can either synchronize the date and time of the WIM with a NTP server or manually set the date and time NTP Config Use the System gt Time Configuration gt NTP Config submenu to set up a NTP Time Server s to synchronize the date and time with the WIM The Current Time window indicates the current date and time of the WIM The NTP Server Status window indicates the status of NTP Server synchronization process The Time Server fields are used to enter the NTP Time Server IP Addresses Click the OK button to start or restart the NTP daemon to register the Time Server NTP Configuration 2005 Sep 26 Moni 19 13 57 MTP Server Status Status s
29. CA Certificate delete Host Add Host Certificate add Host Delete Host Certificate delete CA Certificate List CA Certificate Country 2 letter ko jp State Locality Organization Organization Unit common Email Password Contirm Password 150 CA Certificate List Parameter Description Country name Country name Two characters ex kr cn State name State name Locality name Local name Organization name Company name Organization unit name Organization division name Common name Name Email address Email Password Certificate password Confirm Password Confirming the password of certificate CA Certificate deletion a pe a CN When a CA Certificate must be deleted the administrator must sucessully enter the CA NOTE Certificate password So keep track of any CA Certificates that are created External Certificate External CA Certificate Upload CA Certificate po Bose Host Certificate Distinguish Name Common Email Password Contirm Password External CA Certificate Parameter Description CA Certificate External certificate upload 151 Host Certificate Host Certificate Parameter Description Common name Email address Password Confirm Password Name Email address Certificate password Confirming certificate password 152 Management The VPN gt IPSec gt Management submenu is used by the administrator to start and stop the IPSec servi
30. Check Session key Perfect Forward Secrecy PFS and then click the OK button Request Security Optional Properties Security Methods General Permit Block Negotiate security Security Method preference order ESP Confidential ES Add Custom lt None gt 3DES Custom lt None gt DES Edit Custom SHA1 lt None gt Custom MDS lt None gt Remove Move up gt Move down 7 Accept unsecured communication but always respond using IPSec P Allow unsecured communication with non IPSec aware computer IV Session key Perfect Forward Secrecy cancel Ano 19 Check Edit Properties and then click the Finish button to display the window creating the outbound item Click the Add button to create the inbound item IPSec Properties Rules General a s Security rules for communicating with other computers IP Security Rules N Tu outbound Request Security 0 Preshared Key O All ICMP Traffic Request Security 0 Preshared Key oO lt Dynamic gt Default Response Kerberos I 4 Edit Remove F Use Add Wizard 212 20 Click the Next button on the lt Security Rule Wizard gt window to display the window below Check The tunnel endpoint is specified by this IP address and enter the IP address of a client PC Then click the Next button Security Rule Wizard Tunnel Endpoint The tunnel endpoint is the tunneling computer closest to the IF traffic de
31. Community Network gy ml Access Read Only O Read Write Community Parameter Description New Community name Used to fill in the new community name being added Community Network Used to set up new community network Access Used to set up the access authority 191 SNMPv3 Administrator Add The following window is used to enter the SNMPv3 Administrator v3 information SNMPv3 User Add User Name User Password Authentication Encryption None Access Read Only Read Write SNMP v3 Parameter Description Administrator Name Used to enter the new administrator s name Administrator Used to enter the new administrator s password 8 Password alphanumeric characters Authentication Used to set up the authentication method Encryption Used to set up the ciphering method Access Set up access authority Trap Manager The following window is used to set up the IP address used to transmit a trap Up to five IP addresses can be entered IP Address O i Ea Community Name Trap Manager Parameter Description IP Address Used to set up a new Trap IP Address Community Name Used to set up a community to be used for transmitting to the Trap IP Address added 192 Status The Management gt SNMP gt Status submenu is used to view the SNMP System Configuration information and to delete the SNMP Community SNMPv3 User and SNMP Trap information In order to delete t
32. Count a Time to Live OO MTU Discovery Hint PING 192 168 1 1 192 168 1 1 from 192 168 1 1 56 84 bytes of data 64 bytes from 192 168 1 1 icmp _seg 1 ttl 64 time 0 129 ms 64 bytes from 192 168 1 1 icmp_segq 2 ttl 64 time 0 020 ms 64 bytes from 192 168 1 1 icmp _seg 3 ttl 64 time 0 018 ms 192 168 1 1 ping statistics 3 packets transmitted 3 received 0 loss time 1999ms rt minfavg max mdeyv 0 019 0 055 0 129 0 052 ms 41 Firewall Menu The Firewall menu is used to configure port forwarding static NAT rules and all firewall functions Select the Firewall menu and the submenus will be displayed in the upper left side of the window as follows Firewall El MAT t Management Configuration Port Forward Static WAT El Firewall Management Configuration Remote Access IP Filtering WRAL Filtering ICMP Filtering Firewall Menus Description Menu Description NAT Management Used to enable or disable the NAT function Configuration Used to set up the private IP sharing function Port Forward Used to set up the port forwarding function Static NAT Used to set up the static forwarding function Firewall Management Used to enable or disable the Firewall function Configuration Used to set up the Filtering policies Remote Access Used to permit or block the remote access to the system IP Filtering Used to block specific IP Address access URL Filtering Used to block web access to specified web sites u
33. De 100 f Ve 00 0S DU OS Sg The I Immediate Stat T Timed Stat F Forwarder installed Mroute Field Description Mroute Multicast Routing identifier Uptime Time passed after starting the operation of multicast routing entry Expires Rest time until multicast routing entry is expired Flags Multicast routing feature flag Refer to the description on the lower side Incoming Name of VIF to which multicast is sent Outgoing List of VIF where multicast is sent Management The PMC gt General gt Management submenu is used to start or stop dvmrpd and pimd IPMC protocol daemons The lt Current Status gt field of Management window shows the current status of each daemon To change the daemon status use the Action pull down menu and then click the OK button Management DMR stop PIM Stop Off IPMC Management Field Description Protocol IPMC protocol Current Status Current IPMC protocol demon status Action New status of IPMC protocol demon status 108 I Configuration IGMP The Internet Group Management Protocol is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships The IPMC gt Configuration submenu is used to display and change the WIM IGMP configuration IGMP amp Help IGMP commands can be entered into the Command field and saved by clicking the OK button Us
34. E IA ove tots A E AEEA aa evn i ce AATE T 177 DHCP Relay AGS Usa fafa ee e a Seetliaten ies Me eles teasers 184 VOIR NAPR T eenn aa a dee camse es sget antec momen eeeeeie oe 185 SIPAEG ae ar ne ee eee 187 System MONO ssis a aaa a Ri a a TR 190 ONM P enp eee ieee E ential 191 DB So a 6 oea e a N 194 AOI CON oe O E a 195 PE OG a a E A 197 MIMS CS OMLGUN ATO Naap e e a Ae AEE 199 1B 6 2 e saie a e a e A A 201 POD SEIVel eaa A E E 201 REDOO erra E ea E TO EE A T A 202 MVNO MeD Usa aaa Ar Raa 203 ANNEX A VPN Setting for Windows XP 2000 204 IPSEC SEUNG renie a ae ee cet cee cee 204 PEP Se tuning censi a a e T 217 ABBREVIATION 219 CHAPTER 1 OfficeServ 7200 VIM Overview This chapter introduces the OfficeServ 7200 system and OfficeServ 7200 WIM Data Server Introduction to the OfficeServ 7200 The OfficeServ 7200 platform delivers the convergence of voice data wired and wireless communications for small and medium sized businesses This office in a box solution offers TDM voice processing voice over IP integration wireless communications voice mail computer telephony integration data router and switching functions all in one powerful platform With the WIM and PLIM Data Modules the OfficeServ 7200 provides network functions such as routing switching Power Over Ethernet Quality of Service and network security in a single converged solution This document describes the data and routing capa
35. FCR cnt Expires ReXmit IDO TLA r Beare yb JOO 0 beer Sle Oc Ott P Pruned H Host D Holddown WS NeghiFC I Init DVMRP Prune Information Field Description Source Address Host Ip address that sends multicast packets MaskLen Mask length of DVMRP Prune Group Address Multicast group address 117 State FCR Cnt Expires ReXmit PIM SM Flags that display the DVMRP Prune status Refer to the description on the lower side DVMRP Forwarding Cache count Time passed after the DVMRP Prune information is created Left time until retransmission The IPMC gt Status gt PIM SM submenu is used to display the neighbor list of the PIM SM protocol PIM SM Neighbors Neighbor Uptime xe IBID 25 A DRI E EEE a EE PIM SM Neighbors Field Description Neighbor Intf Uptime Expires Ver DR Priority DR Neighbor IP address IP address of VIF connected with neighbor Time passed after being connected with neighbor Left time until the Neighbor connection information is expired Version of the PIM SM protocol used for the connection Designate Router DR priority of neighbor Displays whether the neighbor is Designate Router DR 118 QoS Menu Quality of Service QoS refers to the capability of a network to provide better service to selected network traffic over various IP technologies Select the QoS menu to begin configuring QoS The QoS submenus will be displayed in the u
36. ID ID number of the Key Key String Password to be used in authentication process Once the Key Chain command is successfully entered and saved then the results are directly applied to the lt Current Status gt of the Layer3 gt List gt Key Chain submenu Key Chain key Chain Name key ID key String In order to remove a Key Chain entry click the radio button to the left of the Key Chain rule and then click the Delete button Click the Delete All button to remove all Key Chain entries at the same time 105 Status RIP The Layer3 gt Status gt RIP submenu is used to display the RIP connection status and information of the WIM RIP Information R 20 0 1 0 24 30 0 1 1 300 0 1 1 rdZ 02 47 R 30 0 1 0 24 rdZ R 192 168 0 0 16 30 0 1 1 Gal rd2 02 47 RIP Status Field Descrition Network Displays the network information Next Hop Next Hop address of the RIP route that sends neighbor Metric Metric information From Displays the address being connected If Displays the interface information Time Update time OSPF The Layer3 gt Status gt OSPF submenu is used to display the OSPF connection status and information of the WIM OSPF Information OSPF Status Field Description Neighbor ID Neighbor ID of the other routers using OSPF Pri Priority State Displays the state of the router Dead Time Displays the dead time Address Address of the other party Interface Interface co
37. Layer2 Menu One PLIM LIM can be managed on the OS 7200 system through the WIM using the Port gt and Layer2 menus If you select the Layer2 menu the following submenus will be displayed on the upper left side of the window E RSTP gt Configuration Status Port Aggregation E GYRP Configuration Status IGMP Snooping Time Interval Function Forwarding Table Authentication Configuration Management Layer 2 Menu Description Menu Submenu Description RSTP Used to set the bridge and port environment used in RSTP Used to display the RSTP operation status of the switch Port Aggregation eS I Used to set Port Aggregation related values GVRP Configuration Used to set up the GVRP and Dynamic VLAN Creation services Used to display the status of each port where GVRP is set IGMP Snooping Used to set the time interval for IGMP Snooping Used to set the function related with IGMP Snooping Used to display the information for the members registered in IGMP Group Used to set whether to operate IGMP Snooping Authentication Used to set the Authentication service Used to start or stop the Authentication service 73 RSTP Configuration The Spanning Tree Protocol STP and Rapid Spanning Tree Protocols RSTP provide a loop free topology for any bridged LAN Use the Layer2 gt RSTP gt Configuration submenu to begin configuring the RSTP and STP settings Protocol Status RSTP status Current Enable
38. Outside Port Proto 192 169 1 50 my i aoni ee eee 0 0 0 0 0 S0 udp LAZ LoS a my 2 a tiad Nanas 0 0 0 0 0 eo tcp m 3 10 0 1 1 eth1 0 0 0 0 0 a af ef all If a NAT rule must be deleted then check the box to the left of the NAT rule and then click the delete button In order to delete all NAT rules click on the box on the top left of the Configuration List then click on the delete button 45 Port Forward Port Forwarding is the act of forwarding a network port from one network to another This technique can allow an external user to reach a port on a private IP address inside a LAN from the outside via a NAT enabled router Port forwarding allows remote computers e g public machines on The Internet to connect to a specific computer within a private LAN The administrator can begin to configure the port forwarding feature on the WIM by using the Firewall gt NAT gt Port Forward submenu Basic Mode a aa This window is used to configure port forwarding by using the minimum number of options In the Basic Mode example listed below the Inside IP Address is 192 168 1 149 the Outside IP is set to any and the WAN IP is set to 10 0 1 1 Config Mode Basic Mode C Advanced Mode Private Network Port Forward Inside IP 192 162 fa 149 Outside fo fo fo fo WAN IF fio Le kE le EAl Index No E This means when any external IP device tries to connect to the WAN IP 10 0 1 1 it will
39. SM command PIM SM Help clear ip pim a sparse mode bsr rp set w 113 PIM SM Basic These fields are used to set the BSR and RP of the PIM SM protocol Mark the check box to the left of each item and then enter the configuration values Click the OK button to apply the values To delete the values mark the check box to the left of the item and then click the Delete button PIM SM Basic M RP Address fisz ies i7 ioo Wo RP Candidate etha 22 Priority 0 255 M BSR Candidate etha 30 MaskLenfO 32 fioc PriorityfO 255 PIM SM Basic Parameter Description RP Address When setting static RP enter the IP address of RP RP Candidate When setting RP Candidate select VIF and enter the target priority Low value has high priority BSR Candidate When setting BSR Candidate select VIF and enter the target Mask Length and Priority High value has high priority BootStrap Information This section of the IPMC gt Configuration gt PIM SM submenu is used to display the information on the BootStrap router BootStrap Information BootStrap Information PIMy2 Bootstrap information This system is the Bootstrap Router BSR BSR address 192 168 0 99 Uptime 00 00 04 BSR Priority 100 Hash mask length 30 Expires 00 02 06 Role Candidate BSR State Pending BSR Candidate RP 192 168 0 99fetho Advertisement interval 60 seconds Next Cand RP advertisement in 00 00 58 114 RP Informatio
40. The Serial Interface Summary table briefly displays the current connection information of the serial port The following is an example when the Serial connection is defined using the Cisco HDLC protocol with an IP address of 172 16 0 2 16 SerialO Interface Summary SerialO Interface Summary Interface Serial Scope both Mode type is EXTERNAL Protocol type is Cisco HOLC Transparent is Proxyarp is pppoe mtuis 1492 popoe_ Username is Pseudo name is PPPOE client is disabled Hardware is Unknown Index 5 metric 1 mtu 1500 lt UP POINTOPOINT RUNNING NWOARP gt DHCP client is disabled WEF Binding Not bound inet 172 16 0 2 16 poaintopaint 172 16 0 1 physical line type is w 35 encapsulation protocol is Cisco HOLE keepalive interval 10 timeout 25 line protocol is up Input packets amp bytes 706 dropped 0O multicast packets O input errors O length O overrun O CRC O frame O fifo 0 missed 0 output packets 7 bytes 154 dropped 0 output errors O aborted O carrier O fifo 0 heartbeat O window O collisions O 33 DNS Select the Network gt DNS submenu in order to display the following configuration window Enter the domain name and the IP address information for the DNS server s Then click the OK button to store the domain name and the IP address information The default DNS information should be deleted In order to delete a DNS entry select the check box directly to the left of the DNS Server IP Address and then clic
41. and default is 255ms Processes preferentially when packets with lower priority are not switched to exceed the time set in this item High Priority These check boxes are used to determine which levels are Levels considered High Priority 64 VLAN VLANs are used to divide a network into smaller networks to reduce the traffic and for security purposes The Port gt VLAN submenu is used to configure VLANS Port VIDs and VLAN Classifications Configuration Using the Port gt VLAN gt Configuration submenu the administrator can configure the VLAN features VLAN Configuration VLAN Operation Mode Mode s02 19c1vI VLAN VLAN VLAN Members Select ID Name Untagged Tagged MPi MP2 WPS WP4 WPS MPIO WPii M Pi2 default VPS MP6 MP7 WPS WP13 MPi4 MP15 M P16 F uplink VLAN Operation Mode Description 802 1 Q IVL Used to set the VLAN type to Independent VLAN Learning Tag based MAC Used to set the VLAN type to MAC based VLAN Port Used to set the VLAN type to Port Based VLAN 802 1 Q SVL Used to set the VLAN type to Shared VLAN Learning Tag based 802 1 Q IVL IVL Independent VLAN Each VLAN operates while maintaining an independent MAC address table Because the security is enhanced data cannot be exchanged directly among the VLANS MAC Based VLAN The MAC based VLAN is configured with an access list mapping individual MAC addresses to VLAN membership The VLAN is configured withou
42. be redirected to 192 168 1 149 When using the Basic Mode all network or IP ports and protocols are forwarded If a specific network port or protocol needs to be defined then the Advanced Mode must be used ex If only one WAN IP is being defined use the symbol without anything in the field to the XN right of the entry NOTE 46 Basic Port Forward Parameter Description Parameter Inside IP Outside WAN IP Index No Description Used to set the Internal IP Address which will be connected to from the outside The field to the right of this entry is used to specify a different destination network or IP port Used to define the external IP addresses that will be allowed to connect to the Inside IP Used to define the WAN IP Address The symbol is used to specify a public IP Address Public network or subnet as a valid source Example 12 168 1 0 24 This allows the source to be any device within the 12 168 1 0 network The is used to specify a range of IP Address sources Example 12 168 1 50 60 The symbol is used to allow all possible external IP Addresses as the source IP Example 0 0 0 0 The symbol is used to specify a WAN IP Address or Addresses as a valid IP to perform the port forwarding Example 10 0 1 0 24 This allows the forwarding source to be all WAN Interfaces within the 10 0 1 0 network The is used to specify a range of WAN P Address port forward sour
43. connected Or use the ping command like the step 29 of IPSec Setting to check the connection status Connect irtual Private Connection iz x User name Administrator Password E Save Password Cancel Properties Help After checking the VPN connection status check if the shared directory of the internal computer connected to VPN can be accessed 218 ABBREVIATION ALG AH ARP AS BGP BPDU BSR CHAP CTI DHCP DNS DRR DSMI DVMRP ESP WIM GVRP HDLC HTTP HTB Application Level Gateway Authentication Header Address Resolution Protocol Autonomous System Border Gateway Protocol Bridge Protocol Data Unit Bootstrap Router Challenge Handshake Authentication Protocol Computer Telephony Integration Dynamic Host Configuration Protocol Domain Name Server Deficit Round Robin Data Server Module Interface Distance Vector Multicast Routing Protocol Encapsulating Security Payload Gigabit WAN Interface Module GARP VLAN Registration Protocol High level Data Link Control Hypertext Transfer Protocol Hierarchical Token Bucket 219 IDS IGMP IKE IPMC IPSec ISAKMP LAN L2TP NAT NTP RMON RP RSTP PAP PIM SM PD PoE PPTP PT PVC PVID STP SMTP SNAT SNMP SPQ TFTP Intrusion Detection System Internet Group Management Protocol Internet Key Exchange IP Multicast IP Security Protocol Internet Security Association Key Management Protocol Local Area N
44. field appears to be set automatically the system administrator must use the pull down menu to select the correct WAN interface Once the WAN interface is selected click on the Save button 174 Module Interface Parameter Description Data send to UDP port number Retry timeout Sec Max retry timeout count Hello Interval initial Hello Interval online Select VoIP WAN Interface Parameter Description This view only field shows the information on the UDP port used for the communication with Call Server and Feature Server The Call Server Feature Server and the Data Server communicate using the UDP protocol If the Data Server does not receive the requested UDP data it requests a retransmission If this field is set to 3 when a packet is lost and another is not received after its retransmission is requested the retransmission is requested three seconds afterward When that requested packet is not received for three seconds a time out occurs This parameter sets the number of the retransmission requests When the packets continue to be lost while sending and receiving the information to and from the Call Server and Feature Server For example the Retry timeout item is set as 3 and this item is set as 5 the retransmission is requested five times for three seconds If the requested packet is not received the request of the retransmission stops This parameter sets the cycle of sending the
45. gt Program gt Administrative Tools gt Services menu of the Windows PPTP client installed 1 o Double click the My Network Environment icon and select the Property item from the Windows desktop Double click Create New Connection on the upper right corner of the screen to display the window below Click Next Network Connection Wizard Welcome to the Network Connection Wizard Using this wizard you can create a connection to other computers and networks enabling applications such as e mail Web browsing file sharing and printing To continue click Next Back Next gt Cancel 2 Select Connect to the network at my workplace and click Next button to select Virtual Private Connection Click Next to display the window below Enter the Host name or IP address and click Next Enter the firewall external IP address and click Finish button Network Connection Wizard Destination Address What is the name or address of the destination Type the host name or IP address of the computer or network to which you are connecting Host name or IP address such as microsoft com or 123 45 6 78 211 217 127 72 lt Back Cancel 217 J Select Start gt Set gt Network Connections in the Windows task bar and select the host name entered in the window above to display the login window below Enter the User name and Password to check if the VPN in a client is properly
46. leaf Filter Apply TCP MEP AlL_TCP fale MLDS ae REMOVE zax REMOVE ALL Example 2 shows a SPQ leaf Class Group which was designed for MCP TCP traffic SPQ Class Group ID TCP_MCP Class Type C root leaf Filter Apply 3 400 gt gt TCP MCP 400 ALL ee REMOVE lt ai lt REMOVE ALL 126 Example 3 shows a SPQ leaf Class Group which was designed for all other TCP traffic SPQ Class Group ID Aal TEF Class Type root leaf Filter Apply 400 gt All TCP AD ALL gt gt REMOVE lt REMOVE ALL Once the SPQ Class leaf Groups are created then it is time to define the SPQ root Select the root radio button in the Class Type row to open the following window Assign the Class Group ID and then use the pull down menus to assign the High Middle and Low priorities for the leaf classes previously defined SPQ Class Group ID Root Class Type f root leaf High VoIP aj Middle Mermer Low AI TCP SPQ Class Group Parameter Description Class Type Configuration window depends on the type of the class to be set root Sets the root class leaf Sets the leaf class High Used to set the leaf class whose priority will be set to high Middle Used to set the leaf class whose priority will be set to middle low Used to set the leaf class whose priority will be set to low Filter List Used to set the filtering rule for the target traffic in the target class 127
47. manage the ARP information for each Ethernet Interface Within this submenu the administrator can view the current ARP List delete and add ARP entries and set the ARP Age Time ARP List Select the radio button of the Ethernet Interface whose ARP table needs to be managed The ARP table will be displayed in the ARP List window Use the Refresh button and the Delete button to update and delete the current ARP table ARP List Ethernet EthernetO Etherneti Ethernete Ethernets eee ee ee eee reachable 216 62 86 129 UE Ores CeO bi O reachable 216 62 86 140 T Os Fale Cloke E Ie 35 ARP List Fields Type ARP status IP IP address of device in ARP table MAC Mac address of device in ARP table Static ARP Add Use the Static ARP Add window to manually add ARP entries into the ARP table Static ARP Add Static ARP Parameters Ethernet Used to select the Ethernet Interface IP Used to enter the IP address of device for ARP table MAC Used to enter the Mac address of device for ARP table ARP Age Time The ARP Age Time window is used to setup the ARP Table cycle at Leaset 600 sec unit sec to delete the unused ARP entries from the ARP table ARP Age Time Time 600 SEC 36 ARP Refresh The ARP Refresh window is used to submit changed ARP information in the ARP table after route or a host information on the network has changed The host or the route with the destination IP the Mac with the current
48. of 4057200 System Firewall Configuration Network Configuration 1 N tw rk Status System Managerment 4 Once the Data box has been clicked then the WIM menus are displayed in the upper part of the screen Select each menu to display its submenus on the left section of the screen For more detailed information for each menu refer to Chapter 3 Using OfficeServ 7200 WIM of this document Ros igi My Inte Logout 28 Administrator Metwork Firewall Port Layer LayerS PME QoS Status VPM IDS VolP_Service System E meari Interface Type i Hot rit a LAN tf A HONE Etherneta Protocol Type T Swich PPPoE 0 DHCP Ethermaty Ethermeatz EThamatsa B r mae WAN Static IP eraai Link Ethernet Interface ARP IF Bis fez B5 ha Molwark States Metmask ass ps foes ha whan Mn s0 O Bye Configuration Management FY tHE y Gateway fats es _ fee i bee E Default Gateway Transparent Proxy a ee es O ooN ooo 5 Click the Logout button on the upper right section of the screen to close the connection to the WIM Data Module 19 CHAPTER 3 Using the OfficeServ 7200 WM Data Server This chapter describes how to use the menus of the OfficeServ 7200 WIM Data Server The menu structure of the WIM Data Server is as follows Network E Network gt EthernetO Etherneti Ethernet Ethernet3 Serial 35 DNS Network Link ARP Netw
49. out Poti None I F a Port None SSO Ports None H Porta None H Pots Eii Ports None H Port None H Ports None H Porta None H Porti10 None Portii None Porti2 None Portis None MTT Forti4 None k A Authentication Configuration Parameter Description Control Used to set the authentication mode of each port when employing the 802 1x authentication None Authentication is not performed for the port Force authorized Admits the port forcibly Force unauthorized Blocks the port forcibly Auto Allows the port through authentication from the Radius server and blocks the port Reauth Used to set the port for re authentication Reauth Period Used to set the timer for the re authentication cycle when the Reauth box is checked 1 4294967295sec default 3600 sec 87 Tx Period Used to set the cycle that sends Request regularly to supplicant 1 65535sec default 30 sec Supp Timeout Used to set the time before re sending to the user when EAP is requested 1 65535sec default 30 sec Sever Timeout Used to set the time before re sending to the device when server authentication of a server is requested 1 65535sec default 30 sec The Re authentication settings and cycle settings are applied only when the setting is changed because there is default value 88 Layer3 Menu The Layer3 Menu is used to manage static and dynamic routing for the WIM Select the
50. size of the switch If a value exceeds the value above broadcast packet is lost 63 QoS Configuration Select the Port gt QoS Configuration submenu to assign Layer 2 QoS priority according to the packets sent to the switch or process QoS by giving priority compulsorily to a specific port QoS Configuration QoS Configuration Weighted Round Robin QoS Mode Weight High Low Delay Bound Max Delay Time 1 255 C Level0 Levelt Fo Level2 I Levels High Priority Levels M Level4 M Levels MLevel6 M Level QoS Parameter Description QoS Mode Used to set the QoS mode type First Come First Service Packets are sent according to the arrival order The QoS function is not used All High before Low Packets with higher priority are sent prior to the packets with lower priority Weighted Round Robin Packets with higher priority and lower priority are sent with a certain ratio weight For example if high weight is set to 5 and low weight is set to 2 5 packets with higher priority are sent before the 2 packets with lower priority Weight When using the Weighted Rounded Robin type these fields are used to set the ratio of high weight and low weight Delay Bound When using All High before Low or Weighted Round Robin this Max Delay Time field is used to set a time limit to prevent the continuous delay of packets with lower priority The unit of Max Delay Time is ms 1 1000 sec
51. the Rate parameter minimal desised speed and the Ceil parameter maximum desired speed and then select the Filter to apply 129 In the examples listed below the there will be three Leaf configurations One for VoIP traffic one for TCP MP40 traffic and one for all other TCP traffic The Voip Group will have a priority of 1 and will have a minimum speed of 300 KBs and a maximum speed of 800KBs the TCP for the MP40 group will have a priority of 2 and will have a minimum speed of 300 KBs and a maximum speed of 600KBs and the All TCP droup will have a priority of 3 and will have a minimum speed of 200 KBs and a maximum speed of 500KBs HTB Class Group ID Woip_Leaf Class Type C root inner default leaf Parent ID Inner Priority E Rate 300 KB s aj Zeil feno KB s Filter Apply peer ADO ALL gt REMOVE lt lt 2 REMOVE ALL Enter the information for the VoIP Leaf class and then click the OK button to save the changes HTB Class Group category vate O ID MCP_TCP Class Type root inner default leaf Parent ID Inner Priority i H Rate zoo KB s Ceil fena KB s Filter Apply 400 gt all TCR 400 ALL i REMOVE lt lt lt REMOVWE ALL 130 Enter the information for the MCP _MP40_Leaf class and then click the OK button to save the changes HTB Class Group ID al _TEF Class Type C root inner default leaf Parent ID Inner Priority 3
52. the entire network Port Group Category Configuration ID MCP_Paorts Port O feooo fero Click the Add button to create another Port Group Port Group Category Configuration MGI_Ports C 30000 30031 Click the Add button to create another Port Group Port Group Category Configuration AlI TEP O fi z e5001 120 Port Group Parameter Description Name of the port group Should include both letters and numbers Group ID must start only with letters No blanks should be left in between characters Port range Enter 0 to set all ports Port Group List G MCP_Parts BOO0 6100 a Mis Ports 20000 30031 c All_ TCP 1 653001 In order to delete a Port Group List highlight the radio button to the left of the Port Group List and then click the delete button IP Group The WIM uses the IP Group submenu to define specific IP addresses for the QoS policies Select the QoS gt Group gt IP Group to retrieve set edit or delete an IP group IP Group List O ome OOOO e OOOO Click the Add button in the above window to open another window from which the IP group information can be entered In the examples listed below there are three IP Groups created One is for the MP40 at IP Address 192 168 1 200 the second is for the MGI card at IP Address 192 168 1 201 and the last is for the entire 192 168 1 0 24 network IP Group Category Configuration mer
53. uplink 66 802 1Q IVL and SVL based VLAN eo eo oe Select ID Name Untagged Tagged WPi MP2 MP3 MP4 WPS MP1 MPii M P12 il default VPS MP6 MP MP8 MPi3 MPi4 MP15 V Pi6 M uplink Pi P2 CPS PF Pi0 Pil iPi2 P5 D P6 Pi3 OPi4 OP15 P16 I uplink Pi Pe CPS fF PiO Pil P12 CPSs MP6 OPi3 OPi4 OP15 P16 TF uplink The 802 1q IVL and SVL based VLANs have two groups of boxes The top grouping in black is used to assign untagged ports and the bottom grouping in blue is used to assign tagged ports e VLAN Untagged Members Select the port s that will send the Ethernet frame that deletes the TCI Tag Control Information Connect to a terminal that does not support IEEE 802 1Q to configure tagged VLAN e VLAN Tagged Members Select a port that will send the TCI Connect to another switch port that supports IEEE 802 1Q 67 Port VID For an ethernet packet to have a VLAN ID the tag must be written by an Ethenet adapter or Switch Using the Port gt VLAN gt Port VID submenu the administrator will assign the VLAN IDs to specific ports Port VID Configuration porti 1 E m port2 ports port4 portS port port ports port portiO portil porti2 ports porti4 portiS porti6 uplink el ta eiel ede el te dee el eed ee iel oie i UR WE WA DE CE DEHE LAA AE ee ee ee et ee et et ts sss Port VID Parameter Description Port VID VLAN ID for an untagged packet When an untagged pack
54. window Interface Type O WAN LAN NONE Protocol Type Private Public LAN Private IP IF Netmask MTU fis00 Byte IP Alias O O OO OOOO nemas OOO 26 Enter the IP address and the netmask value to be assigned to the Ethernet interface The IP Alias field is the same as the corresponding input field displayed when selecting WAN gt Static IP Private LAN Parameters IP Used to enter the private IP address assigned to the LAN interface Netmask Used to enter the Subnet Mask information for the LAN interface MTU Maximum Transmission Unit Leave this field at default unless told to change by Samsung Technical Support LAN gt Private IP Programming Example In the example listed below the following information is applied to the Ethernet2 Interface The Interface type is set to Private LAN the IP Address is entered as 192 168 1 1 and the Subnet Mask is 255 255 255 0 Click the OK button on the bottom of the window to save the information Interface Type 7 WAN LAN NONE Protocol Type Private Public LAN Private IP Ethernet Interface IF ies is i Netmask 255 J255 l MTU Jiso0 Byte IP Alias O a O O OO emas OOO 27 LAN gt Public IP Select the LAN Public IP category to display the following setup window Interface Type C WAN LAN C NONE Protocol Type Private f Public LAN Public IP Ethernet Interface IP Netmask MITU fasoo Byte
55. 0 60 The symbol is used to allow all destination IP Addresses Example 0 0 0 0 Index No Location of the NAT rule 44 Advanced Mode This window is used by the administrator to select and set up the port s or protocol s that are not included in the Basic Mode configuration In this Advanced Mode example the WAN Interface field is set with an IP Address of 10 0 1 1 the Interface is being set to Ethernet1 and all Inside private IP Addresses in the defined range 192 168 1 50 thru 192 168 1 75 are being allowed out over the WAN interface to any destination over port 80 on all protocols Once the information is entered click on the OK button to apply Now users within the IP Address range of 192 168 1 50 75 are allowed out on WAN 10 0 1 1 using port 80 only Config Mode Basic Mode Advanced Mode wane of 1 etemesd Intf Fort Dynamic IP PPPo Etherne side E ko e Outside lo lo b p CDefine all E User faol Port C Range C Multi A C IOO Protacal Index Nea Advanced NAT Parameter Description Port Used to define the specific IP port s for the outside destination Protocol Select TCP UDP or all both tcp and upd protocol The administrator can view the current status of the NAT rules by using the Firewall gt NAT gt Configuration submenu The Configuration List is shown on the bottom of the window Configuration List mio WAN TP Inside
56. 00 KBs will be used for the Default class ee ae a ate ats HTB Class Group ID Inner Class Type C root inner default leaf Parent ID Root Rate s00 KB s Zeil fena KB s The third step in the HTB configuration is creating the Default class A default class is used with every HTB Queue The default Priority is 0 which causes any unclassified traffic to be dequeued at hardware speed completely bypassing any of the classes attached to the root Queue From the lt HTB Class Group List gt window click the Add button Assign a Default ID click the default radio button set the Parent ID root select a priority and define the Rate parameter minimal desised speed and the Ceil parameter maximum desired speed In the example listed below the there will only be one Default class The default Priority will be set to O so all unclassified traffic will bypass any of the classes attached to the root Queue The Parent ID will be set to Root and the rate will be set to 200 KBs and the Ceil will be set to 200 KBs as well HTB Class Group ID Default Class Type C root inner defaut leaf Parent ID Root Priority o Rate zoo KB s Cell z00 KB s The forth step in the HTB configuration is to create the Leaf rules From the lt HTB Class Group List gt window click the Add button Assign a Leaf ID click the leaf radio button set the Parent ID inner select a priority define
57. 1 LMI type of Frame Relay Time interval to check Keep Alive Cycle to request all status information The information on all status is requested at every cycle specified in the N391 field As usual only Keep Alive is exchanged 31 N392 Count of Keep Alives to estimate as the disconnection N393 Buffer size to record success failure of Keep Alive The value of N393 should be bigger than that of N392 PVC Interface Select the Frame Relay protocol to display the PVC Interface table Enter the value of each field and press the Add button to create new PVC PVC Interface DLCI fo 16 1007 of H IP Address Hm i T E Gateway esl Ha Ha E Default Gateway l The Gateway is a Default Gateway MTU fisoo 128 1500 Default 1500 PVC Interface Parameters DLCI Number of DLCI a type of network address IP Address IP Address to be used by PVC Gateway Gateway IP Address Peer Address of PVC Default Gateway Mark the check box to set this gateway to default gateway This item is displayed only if the WAN radio button is selected MTU Maximum Transmission Unit Leave this field at default unless told to change by Samsung Technical Support To delete a specific PVC mark the check box of the corresponding PVC and then click the Delete button PVC Interfaces C pycO 16 192 168 100 2 24 EE Wore JOE aL no no 1500 a pycO 1 192 168 101 2 e4 192 168 101 1 no no 1500 32 Serial Interface Summary
58. ART 0 0 OL J20 S ihe ISI 19 19 LE 19 19 19 19 19 19 19 19 19 19 19 19 19 141 COMMAND init keventd ksottirgd CPO kswapd bdflush kupdated Swapper mtdblockd kdpram jifts2_gced_mtd4 ifs2_gcd_mtd5 cavium nsm imi ripd osptd bgpd I Services This submenu is used to display the status of the Security Router and Management services provided by the WIM in a table format If a service is set to Auto Start then the service is started automatically when the system reboots If the Activity field shows that a service is Running then the service s function is being performed If the Activity field of the service shows Stop then the service is not functioning Security This window is used to display the current status of the Security services being provided by the WIM Security MAT Network Address Translation Running Firewall Running PPTP Point to Point Tunneling Protocol Stop IDS Intrusion Detection System Stop L TP Layer 2 Tunneling Protocol Stop IPSEC IP Security Stop Router This window is used to display the current status of the Router services being provided by the WIM Router RIP Routing Information Protacel Running OSPF Open Shortest Path First Running DVMRPP Distance Vector Multicast Routing Protacol PIM SM Stole Protocol Independent Multicast Sparse Stop Mode 142 Application This window is used to display the cur
59. B C D M 4 8 0 0 INTERFACE 4 Then at the command line the following command must be typed in Then click the OK button to submit the change Static Ino Ip route 100 0 0 0 24 etho 92 RIP The Routing Information Protocol RIP is one of the most commonly used routing protocols on internal networks and to a lesser extent networks connected to The Internet RIP helps routers dynamically adapt to routing changes on a network by communicating information about which networks each router within a network can reach and how far away those networks are Select the Layer3 gt Configuration gt RIP submenu to begin configuring RIP On the WIM the RIP information basic and advanced commands can be entered by using the Command field or by using the RIP Basic fields basic commands only RIP RIP Basic Version Ci 4 2 default redistribute connected static O ospf C bop network i U W W AY In the Command field and RIP Basic examples listed below the network administrator is N setting the 192 168 1 0 network for RIP version 2 RIP network 192 168 1 0 24 RIP Basic Version 2 default redistribute l connected C1 static O ospt C bop network isz ies E fo i fea 93 Enter the RIP command or enter the RIP Basic information If the entered command or RIP Basic information is correct then click on the OK button to submit the change The new RIP configuration is directly applied to l
60. Bridge Parameter Bridge Priority Default 8 0 15 Hello Time Default 21 10 Max Age Time Default 20 6 40 Forward Time Default 15 4 30 Port Parameter porti s kst 200000 Disable Shared RSTP 200000 Disable Shared RSTP 200000 Disable Shared 200000 Disable Shared 200000 Disable Point to Point iy 200000 Disable Shared 200000 Disable Point to Point iy 200000 Disable Shared 200000 Disable jw Shared 200000 Disable Shared 200000 Disable Shared 200000 Disable Shared 200000 Disable Shared 200000 Disable jw Shared 200000 Disable Shared 200000 Disable Shared 200000 Disable Point to Point w port2 ports RSTP amp 4 port4 portS RSTP RSTP E 4 port RSTP 4 we tel tel telele port coo 4 ports RSTP R RSTP E co 4 port9 portiO portil porti2 porti3 porti4 porti5 port16 RSTP RSTP 4 RSTP E 4 JAJ dhdtculcablllabaad el TUTE RSTP i RSTP i oo co 4 4 RSTP E co 4 RSTP E ITA co RSTP E uplink 74 RSTP Protocol Status Bridge Port Parameter Description Parameter Description Protocol Status Used to display the current status of the RSTP protocol Bridge Used to configure the Bridge parameters of the switch that Parameter RSTP uses Bridge Priority Used to set the priority of Bridges Hello Time Used to se
61. Configuration can be used when at leaset two of the WIM interfaces are configured as WAN For example if a T1 private line and ADSL line are selectively connected to the Ethernet 0 Interface ethO and the Ethernet 1 Interface eth1 the higher weighted value should be given to the ADSL line because its bandwidth 1s relatively bigger In this way the load balancing feature is optimized according to the performance of the external network medium The WIM also utilizes a Failover function This means if there are multiple WAN interfaces set up and using NLB if one of the interfaces go down the other WAN interface will automatically be used as the back up path e NLB Weight A relatively higher load will be distributed on the line of the external interface that has a higher numerical value The weighted value for each external interface should be the greatest common divisor minimum irreducible unit 38 Static Configuration Along with the Network Load Balance Configuration the Static Configuration window is used to pass data through a specific WAN interface by separately specifying the traffic session to satisfy a specific condition The auto failover feature is also set here In the following window the entries can be added or deleted by clicking the Add or the Delete button If an entry of 0 0 0 0 is entered for the IP address field and all Os in the port field then it will indicate all IP addresses all port numbers Static Configuration
62. Disable mode then other pages within the Layer2 gt IGMP NOTE Snooping submenu are not be displayed 85 Authentication The Authentication submenu is used to enable or disable remote authentication to review existing authentication information and to configure individual ports and their authentication methods Management Use the Layer2 gt Authentication gt Management submenu to turn authentication on or off and to define the Radius server management items Click the Run button to start the service and click the Stop button to cease the authentication service If there is the Radius server performing the 802 1x user authentication then the relevant data must be input here The host IP address host and key should be registered The default port of the Radius Host Port is 1812 port Click the OK button to save any changes Authentication Management Host IF Secret ker Host Port 86 Configuration Use the Layer2 gt Authentication gt Configuration submenu to configure the authentication method on a per port basis If the authentication service has not been started the following window will appear Authentication Configuration Once the service is started using the Layer2 gt Authentication gt Management submenu the following window will appear when using the Layer2 gt Authentication gt Configuration submenu Authentication Configuration a a period Time out Time
63. Filter ID select a priority number select a Transport Protocol define the TOS bits define the Source ans Destination IP Group and Port Group and then click the save button In the examples listed below there are three Filter Groups created One is for the VoIP Traffic the second is for theMP40 and the last is for the rest of the TCP traffic on the 192 168 1 0 24 network Filter Group ID orr Network Protocol IP Priority E Transport Protocol uP TOS DEC HEY ox Source IP Port any ha i any Z Destination IP Port MGI_IP MGI_Parts Click the Add button to create another Filter Group Filter Group ID Ter mer Network Protocol IP Priority z F Transport Frotocal TCP TOS DEC HEY ox Source IP Port any i any Destination IP Port McP_IP MCP_Parts 123 Filter Group ID Al TEF Network Protocol Priority Transport Protocol TOS C HEX ox Source IP Port any ka Destination IP Port Network aj all_TcP Filter Group Parameter Description ID Used to enter the name of the IP group Should include both letters and numbers Group ID shall start only with letters not numbers No blanks should be left in between characters Priority Queue Priority Transport Protocol TCP or UDP Protocol TOS TOS entry Source IP Port Source IP Address and Port number s Destination IP Port Destination IP Address and Port number s Filter Gro
64. Hello message The Hello is a message that is sent and received periodically in order to recognize the status of the Call Server and Feature Server This parameter sets the cycle of sending the Hello message After the initial Hello message The value of this item should be set larger than that of the Hello Interval initial item In order for VoIP Services to work correctly this parameter must be selected and saved 175 Management The Call and Feature Servers can be started or stopped by selecting the VoIP Service gt Configuration gt Management submenu If an automatic restart of the Call Feature Module service is needed upon a reboot of the OS 7200 WIM Data Server then the Auto Start box must be checked DataServer Module Interface Management Module Name Running Stopped SM Module Stopped Run Call Feature Module Stopped _ Run E SM module auto start when system boots E Call Feature module auto start when system boots SM Module The System Manager Module is a network management tool that is not KN available at this time In a future release of the OS 7200 Data Server the The NMS Network Management System will become available NOTE 176 External Server This feature will become available in a future release of the OS 7200 WIM Data Server External FS Not available until future release Feature Server in the internal network A VS The Feature Server feature will b
65. IF 18451967 15866041 34328008 ICMP 14820017 14821615 29641632 TCP 35550 35255 70805 UDP 16002 15151 31153 l Monitoring Current The Status gt Monitoring gt Current submenu is used to display the WIM network statistics in real time The data window is updated every 5 seconds Rate Bytes Sec Ethernet 0 319 ide amp 98 Ethernet 1 Ethernet 2 Ethernet 3 Serial O 140 History The Status gt Monitoring gt History submenu is used to display the CPU utilization available memory capacity and network statistics of the WIM router with an accumulation value on an hourly weekly monthly and yearly basis Accumulated Monitoring Graph Selection Check CPU Utilization Free Memory E Ethernet Interface Selection Check Ethernet 0 Ethernet 1 Ethernet 2 Ethernet 3 Process ct es e The Status gt Monitoring gt Process submenu is used to display the CPU utilization memory usage and start time of the processes running on the WIM Process PID rcPu 1 a z 0 0 a a 0 J 0 0 0 0 0 3 0 0 a a 0 J 0 0 a a 0 6 0 0 a a T z 0 0 0 0 0 a 0 0 0 0 0 7 0 0 a a 0 19 0 0 a a 0 21 0 0 0 0 0 69 0 0 a a 0 al 0 0 on ZLEE SA 0 0 I 2 Sear 105 0 0 Ol 1808 121 0 0 0a 1905 133 0 0 Ias evi oy SWAN S S S S S S SWN SWAN S mn oF od on g Le Le lz Le Lz Le lz Lg L Le lz Le L Le Iz Le CPU SoMEM RSS STAT ST
66. L2TP Tunnel ID composed of letters and numbers Password Shared tunnel password Confirm Password Re enter shared tunnel password Auto IP Allocation Used to assign dynamic IP to remote client Static IP Allocation Used to assign static IP to remote client Enter IP address 154 Edit If a L2TP Tunnel parameter needs to be modified highlight the radio button to the left of the User List needing to be changed and then click the Edit button Modify each parameter value and then click the OK button to save the VPN tunnel data changes User Mod ID Password Confirm Password Auto IP Allocation Static IP Allocation Management Using the VPN gt L2TP gt Management submenu the system administrator can start or stop the L2TP services When the system is rebooted the L2TP service will be automatically initiated if the L2TP service is running L2TP Management Stop Run Local IP i92 ies esa os Remote IP fisz fies f2sa for fos Method pap The administrator can also set up the IP range for the remote L2TP clients that use the dynamic IP feature The encryption method supports pap and chap Setting up IP Range The number of IPs for the Local IP range and that for the Remote IP range should be CAUTION identical For example if the number of IPs for Local IP range is 10 and that for Remote IP range is 20 only 10 calls will be set 155 P
67. List The administrator can register a trusted IP Address here Simply enter the IP and netmask and click the OK button to register Check the IP list that is already registered and click the Delete button to delete the list 171 VoIP Service Menu The VoIP Service Menu of the WIM Data Server is used for setting up the Auto QoS DHCP and SIP ALG Once the VoIP Service Menu is selected the submenus will be displayed on the left top of the window as follows VoIP Service El Configuration tS Interface Module Interface Management El External Server External FS DIST config El DHCP Server Configuration Management YoIP Status Leases Status El DHCP Relay Agent Configuration Management El oIP NAPT Status El SIP ALG Configuration Management VoIP Service Menu Description Configuration SM Interface Used to enable or disable items related to the future Message Data transmission for the Release communication with the system manager SM Module Used to set the environment for the Interface communication with Call Server and Feature Server Although the Select VolP WAN Interface field seems to be set the system administrator must select the correct WAN Interface and then click the save button in order for VoIP Service to work Management Start or stop the programs for the communication with SM Interface Call Server and Feature Server Set the OS 7200 WIM Data Server to automatically restart these pro
68. Menu It shows the Sub Network based on the IP Address of the Ethernet Interface Broadcast Broadcast address Address This value is set in the Network Menu It shows the Broadcast Address based on the IP Address of the Ethernet Interface Router Address Router address This value is set in the Network Menu It shows the Router Address based on the IP Address of the Ethernet Interface Default Lease Basic release allocation time of the IP address Time The IP Address release time for the overall IPs that are to be provided via DHCP Server can be set in increments of seconds An entry of 0 equals an infinite lease and the default lease time is 30 days CALL Server This field is used to set the Call Server s IP Address This is the IP Address of the MCP of the OS 7200 system When authenticated as host the Host ID is designated as SME MCP as its default value Server IP Gateway _Netmask MAC Host ID HosT E CALL 192 168 1 200 192 168 1 1 255 255 255 0 SME_MCP Call Server Parameter Description IP Call Server s IP address Gateway Gateway Information Netmask Netmask information 178 MAC Host ID Types of the client authentication NONE Execute the DHCP IP request without the authentication MAC Authenticates with MAC HOST Authenticates with HOST ID Default value SME_MCP Feature Server This feature will be supported in a future release of the OS 7200 WIM Data Server
69. P Address Description The symbol is used to specify an entire network or subnet Example 192 168 1 0 24 This denies access to any website with a defined word from any users on the 192 168 1 0 network The is used to specify a range of IP Addresses to be restricted from accessing a web site Example 192 168 1 50 60 The symbol is used to deny all LAN IP Addresses from accessing a web site Example 0 0 0 0 Keyword To enter the keyword of the site to deny Time Set To set the time to apply the filtering rule 57 ICMP Filtering Administrators can deny the Internet Control Message Protocol ICMP Reply packets Select the Firewall gt Firewall gt ICMP Filtering submenu Then select the Enable or Disable radio button for the interface and click on the OK button to apply the change If the Interface is set to Enable then it will not respond to ping requests or trace route ICMP Filtering Ethernetd Enable f Disable Etherneti Enable f Disable Ethernet2 Enable f Disable Ethernet3 Enable f Disable 58 Port Menu One PLIM LIM can be managed on the OS 7200 system through the WIM Data Module using the Port gt and Layer2 menus If you select the Port menu from OfficeServ 7200 WIM Data Server the following submenus will be displayed on the left side of the window E Port gt Configuration Configuration Port VID Classification E MAC Static Address Dynami
70. PPPoE category to display the following setup window Enter the ID and Password for the account that is assigned from the ISP Check the Option check box in the lower section of the window to display the Method MTU and DNS setup window Interface Type f WAN LAN C WONE Protocol Type Static IP PPPoE DHCP WAN PPPoE Authentication ID sarnsung 12 cam Password eves G Option Method MTL DAS PPPoE WAN Parameters Parameter ID Used to enter the User ID which is supplied by the ISP Password Used to enter the Password supplied by the ISP MTU Maximum Transmission Unit Leave this field at default unless told to change by Samsung Technical Support DNS Auto The WIM will automatically receive DNS information from ISP Manual This connection will use the manually entered DNS server IP addresses configured using the Network gt DNS submenu 25 WAN gt DHCP Select the WAN DHCP category to display the following setup window The WAN DHCP information is automatically configured without any special setup fields The OK button must be clicked in order to complete the setup Interface Type ff WAN C LAN C WONE Protocol Type gt Static IP C PPPoE DHCP WAN DHCP Click OE button to start Vendor ID DNS C Auto Manual For cable modem service that requires a more detailed setup enter a vendor ID LAN gt Private IP Select the LAN Private IP category to display the following setup
71. PTP Configuration The system administrator can begin setting up the PPTP security between a local subnet and a remote host by using the VPN gt PPTP gt Configuration submenu The administrator can create modify delete or retrieve the VPN tunnel data from here User List PPTP User List Parameter Description Add Used to create a PPTP administrator Delete Used to delete a PPTP administrator Edit Used to modify PPTP administrator information Add Click the Add button on the lt PPTP administrator list gt window to add a PPTP Tunnel ID and password Enter each parameter and then click the OK button to save the changes User Add ID Password Confirm Password f Auto IP Allocation C Static IP Allocation PPTP User Add Paramer Description ID Used to enter the ID composed of letters and numbers Password Used to enter the shared password Confirm Password Used to re enter shared password 156 Dynamic IP Used to assign dynamic IP for remote clients Static IP Used to assign static IP for remote clients Enter IP address Edit If a PPTP Tunnel parameter needs to be modified highlight the radio button to the left of the User List needing to be changed and then click the Edit button Modify each parameter value and then click the OK button to save the VPN tunnel data changes User Mod ID Password Confirm Password Auto IP Allocation Static IP Allocation Management Using the VPN
72. Port gt MISC submenu to set the mirroring function the MAC Age out timer and the Broadcast Storm Filter Mirroring Configuration Port Mirroring Configuration Mode Monitoring Port Monitored Port uplink Miscellaneous Configuration MAC Age out Time 300 765 sec 300 Broadcast Storm Filter Mode on v Auto MDI MDIX Mirroring and Miscellaneous Parameter Description Mode Used to turn the mirroring function On or Off Off The mirroring function is not used Receive The monitoring port will be sent all received packets of the mirrored port s Transmit The monitoring port will be sent all transmitted packets from the mirrored port s Both The monitoring port will be sent all packets that are sent or received to from the mirrored port s Monitoring Port Used to sets the port that performs the monitoring Generally this is a connection port of a PC doing the monitoring Monitored Port Used to set the port s that will be monitored MAC Age Out Used to set the time when the MAC address learned MAC Delay Bound address updated can be left in the address table of the switch Default is 300 seconds When the LAN port connection is released the MAC address which was previously learned is automatically deleted When the LAN port is re connected a new MAC address is learned and MAC address table is rapidly updated Broadcast Storm Used to set the value from 5 10 15 20 of the entire buffer Filter Mode
73. Relay Agent DHCP Relay Agent Management Stop Run VoIP NAPT Using the VoIP Service gt VoIP NAPT gt Status submenu the system administrator can display the NAPT items for VoIP Service Status The service connects 32 internal ports and external ports to each MGI card through one to one mapping There are also multiple IP ports forwaded to the MCP card The following table shows a basic VoIP NAPT list with 1 MGI 16 and an MCP card NAPT List for VoIP Ll 2l fe tele 1 udp Ug ae 1713 Ba Meh 2 d L7 LS 2 16 62 56 142 ee 1 20 Ug 210 192 ve L00 Lra 3S 16 62 56 142 tc Z000 s000 192 Wises LOO SOOT 4 216 62 86 142 udp s003 5003 192 16e 100 SONGS gt 16 62 56 142 Ee 2003 5003 192 16e 100 S00Z 6 216 62 86 142 tc s060 5080 192 Wisrss 2 L00 SOEI Z7 216 62 86 142 udp 206I 5080 192 Wises 2 L00 SOEI 216 62 86 144 tc 6000 6000 192 168 2 100 6004 9 216 62 86 142 udp 6000 S000 132 Wises LAO fe C 0G 10 216 62 56 142 tcp 6100 fe OIG 192 166 2 100 fea 11 216 62 86 142 udp S000 SIOIGIG 192 Wises LAO SOOT 12 216 62 86 142 udp 23000 25031 192 16 2 L0 S0000 NAPT Ports Please refer to the OS 7200 Special Applications Manual for a listing and description of NOTE all IP Ports that the OS 7200 uses 185 NAPT List for VoIP Field Description Field Public IP Public Start Port Public End Port Internal IP Internal Start Port Internal End Port Description This fiel
74. Services in the Window task bar and double click the IPSec Services item oh Services Action Yiew Services Local Sa Computer Browser Maintains a Started Automatic LocalSystem 4 DHCP Client Manages n Started Automatic LocalSystem Sy Distributed Link Tra Sends notif Started Automatic LocalSystem Sy Distributed Transac Coordinate Manual LocalSystem Resolves a Started Automatic LocalSystem Logs event Started Automatic LocalSystem Helps you Manual LocalSystem Sy FTP Publishing Service Provides F Started Automatic LocalSystem Sa gateman Started Automatic LocalSystem Ry 115 Admin Service Allows adm Started Automatic LocalSystem Indexing Service Indexes co Manual LocalSystem Sy Internet Connectio Provides n Manual LocalSystem IPSEC Policy Agent Manages I Started Automatic LocalSystem Sa Logical Disk Manager Logical Disk Started Automatic LocalSystem Logical Disk Manage Administrat Manual LocalSystem Sends and Started Automatic LocalSystem Supports p Manual LocalSystem Sy NetMeeting Remote Allows aut Manual LocalSystem Sa Network Connections Manages o Started Manual LocalSystem Sy Network DDE Provides n Manual LocalSystem 4 Network DDE DSDM Manages s Manual LocalSystem 215 28 Click Stop and click Start to restart the service in the window below VIPSEC Policy Agent Properties Local Computer i x General Log On Recovery Dependencies
75. Status El DHCP Relay Agent Configuration Management El YolP NAPT Status El SIP ALG Configuration Management E General Mroutes Management El Configuration IGMP DMEF DYMRP Intf PIM SM PIM SM Intf E Status IGMP Groups DVMRP PIM SM El SNMP Configuration Status Management DE Config Admin Config E Log Configuration Report Download E Time Configuration NTP Config Manual Config Timezone Upgrade Appl Server Reboot Network Menu The Network Menu is used to configure the WAN LAN and Serial Interfaces define the DNS server IP Address information define and modify the ARP list configure the Network Load balancing function perform ping tests and view the Network Status Simply select the Network menu of the OfficeServ 7200 Data Server The submenus will be displayed in the upper left side of the window as follows El Wetwork t EthernetoO Etherneti Ethernet2 Etherneta Serial w 35 DNS Metwork Link ARP Network Status A MLB Configuration Management O utility Ping Network Menu Description Menu Submenu Description Network Used to setup the Ethernet port P1 Used to setup the Ethernet port P2 Used to setup the Ethernet port P3 Used to setup the Ethernet port P4 Serial V 35 Used to setup the V 35 Serial port DNS Used to setup the domain name servers Network Link Used to set the speed and transfer method for the Ethernet ports ARP Used to manage the ad
76. agement is classified into the Activity displaying the current status information and the Action displaying the execution commands SIP ALG Management Parameter Description Activity Shows the current SIP ALG status Action Used to change the status of the SIP ALG server SIP ALG SIP aware ALG KN If the firewall based on NAT like the WIM board of OfficeServ 720 protects the internal NOTE network the system is safe against the external attack but is limited in the service For settling this trouble SIP aware ALG SIP ALG enables the SIP devices inside the firewall to communicate with the external equipments SIP ALG and VoIP Service VoIP Service and SIP ALG cannot run at the same time 189 System Menu The System Menu is used to configure the SNMP settings import or export the WIM database to view system logs to set time attributes to upgrade the software and to reboot the system Select the System menu and the submenus will be displayed in the upper left side of the window as follows El SNMP Configuration Status Management DB Config Admin Config E Log Configuration Report Download El Time Configuration NTP Contig Manual Contig Timezone Upgrade Appl Server Reboot System Menu Description Menu Submenu Description SNMP Used to display the configuration items of SNMP Used to display the SNMP configuration currently configured Used to start or stop the SNMP servic
77. allowed out over the WAN interface to any destination Once the information is entered click on the OK button to apply Every user on the LAN is now allowed to go out on WAN 10 0 1 1 43 Config Mode Basic Mode C Advanced Mode Private Network Configuration WAN IP Intf po fo ft fa not use C Dynamic IP PPro EE Etherneto Inside fo fo fo fo e eE b W W fe Dei Index Neo E Serial Basic NAT Parameter Description WAN IP Used to set a general IP Address Select the dynamic IP box and then use the pull down menu to select PPPoE or DHCP if the interface is acquiring a dynamic IP from an Internet Service Provider ISP Inside Used to enter the NAT The symbol is used to specify an entire network or LAN internal network subnet exiting a WAN Interface information Example 192 168 1 0 24 This allows every device within the 192 168 1 0 network to go out over the WAN interface The is used to specify a range of IP Addresses exiting a WAN Interface Example 192 168 1 50 60 The symbol is used to allow all possible LAN IP Addresses to go out over the WAN Interface Example 0 0 0 0 Outside Used to enter the NAT The symbol is used to specify a public Subnet as a valid WAN external network destination information Example 12 168 1 0 24 This allows the destination to be any device within the 12 168 1 0 network The is used to specify a range of IP Address destinations Example 12 168 1 5
78. an administrator selects this submenu the following configuration window is displayed Ping Category Configuration Destination IP Address Source Address Facket Size Retry Count Time to Live MTU Discovery Hint Ping Parameters Destination IP Used to enter the destination IP address for the Ping Address test Source Address Used to set the IP address of the interface for the Ping test Packet Size Used to set the packet size to be transmitted Retry Count Used to set the retry count If it set to 0 there is no retry Max is 3 40 Time to Live Used to set the TTL value MTU Discovery Hint None Selects the Path MTU Discovery method Do Uses PMTU but does not treat In short packet fragmentation does not occur Don t Does not use PMTU at all Since it does not set the DF field the fragmentation may occur in remote site Want Uses PMTU and treats appropriately In short if the packet size is longer than MTU the packet fragmentation occurs Enter the destination IP and any exdeted ping parameters if needed then click the Run button Only one destination IP can be tested at a time and the radio button of the IP Address to be tested must be checked The radio button of the destination IP Address on the top of the list is set by default Ping Category Configuration fies fp fp _ E ee ee isz Destination IP Address A Option Source Address ma a Packet Size Retry
79. bilities of the OfficeServ 7200 WIM Data Server Structure of OfficeServ 7200 ON For information on the structure features or specifications of the OfficeServ 7200 refer NOTE to the OfficeServ 7200 General Description 10 Introduction to the OfficeServ 7200 Data Modules RUN P2 P3 mi wl z SERIAL Sit t SERIAL PIT Pa WIM Module PLIM Module The OfficeServ 7200 WIM Data Server provides the following functionality Unmanaged Switch e The PLIM LIM switch performs the function of a layer 2 Internet switch as well as the Learning Bridge function based on the MAC address filtering and forwarding algorithm e The PLIM LIM module provides 16 LAN ports per module Each port is 10 100 Base T auto sending full duplex OS 7200 can support up to 8 unmanaged LIM PLIMs e The PLIM also offers Power over Ethernet PoE to all IEEE 801 3af compliant devices Managed Switch When the PLIM LIM is installed in slot 2 with a WIM in slot 1 it can function as a managed switch by using the LAN interface on the WIM The OfficeServ 7200 supports 1 managed PLIM LIM Managed Switch in OfficeServ 7200 There can only be one managed PLIM LIM switch in the OfficeServ 7200 system As a managed switch the following features are supported e 802 1D Spanning Tree The switch configures and processes the forwarding tree based on the spanning tree algorithm to prevent a packet forwarding loop in the switch
80. c Address Filter Address Port Menu Description Port Configuration Used to set the switch port environment Statistics Used to display the link status soeed transmission system and statistics of each switch port MISC Used to set the mirroring function to set the MAC Age out time and Broadcast Storm Filter percentage QoS Used to set the Layer 2 QoS Mode which gives priority to specific ports based on priority levels VLAN Configuration Used to configure the Virtual LAN VLAN settings Port VID Used to set the processing method for untagged packets when VLAN mode is set to Tag based VLAN Classification Used to set the VLAN based on the protocol or MAC MAC Static Address Used to save MAC addresses to the static address table of the switch Dynamic Used to retrieve the dynamic address table or to delete a Address MAC address Filter Address Used to enter the MAC address to block the frame data with the MAC address information identical with the entered value from the switch 59 Port The administrator uses the Port menu to set the port related functions and retrieve information on each port Configuration Select the Port gt Configuration submenu to set or view the parameters of each switch port Port Configuration a Flow Rate er a enti avo ar Mas erore All oO v is o o l I ry i i S fe SE S ef C S CS Auto oO Auto
81. ce When the WIM is rebooted the IPSec service will be returned to the state it was in before the reboot was performed RSA keys may be generated or downloaded from this window and the External Interface is also selected here IPSec Management Create the new RSA key Download the current RSA key M etho In the RSA window click the OK button for the Create the new RSA key item to add a new RSA public key password method key Use this submenu to add a new RSA key if the host authentication method of RSA key used After setting an External Device in the External Device window click the OK button to save the configuration L2TP Configuration The system administrator can begin setting up the L2TP security between a local subnet and a remote host by using the VPN gt L2TP gt Configuration submenu The administrator can create modify delete or retrieve the VPN tunnel data from here User List acs eat Coetete L2TP User List Field Description Add Create a PPTP administrator Delete Delete a PPTP administrator 153 Modify a PPTP administrator information Add Click the Add button on the lt L2TP administrator list gt window to add a L2TP Tunnel ID and password Enter each parameter and then click the OK button to save the changes User Add ID Password Confirm Password f Auto IP Allocation Static IP Allocation L2TP User Add Parameter Description ID Used to enter the
82. certificate has expired or is not yet valid The name on the security certificate is invalid or does not match the name of the site Do you want to proceed Yes View Certificate 2 The Administrator will now be prompted for a Login ID and Password Enter the Login ID and Password and then click on the OK button to proceed The WIM login ID is admin and the default password is admin NOTE OfficeServ 7200 is enterprise IP solutions made by samsung Electronics It provides integrated solutions for you amp Login ID admin Password J gt Save Your ID M 18 J After logging into the WIM Data Module the administrator must click on the Data box to proceed OfficeServ 7200 rome GG My info Logout Data o Administrator 0S7200 provides the optimized solution for small and medium sized offices which need more compact and powerful communication infrastructure The convergence of voice and data in OS72700 provides cost efficiencies in investment arc maintenance of communication infrastructure gt IP Convergence Key eyetom gt Wired Wireless Voice Data communication Voice over WLAN gt Router Firewall IDS Intrusion Detection System VPN Home working supported gt 10Base T 100Base Tx Ethemet Long Distance Ethemet service gt 10 Universal Slot within cabinets up bo 128 users gt Enhanced IP TOM networking Data You can manage the Data Server
83. ces Example 10 0 1 1 2 Used to set the location of the Port Forward rule 47 Advanced Mode This window is used by the administrator to select and set up Port Forwarding for a port or protocol that is not included in the Basic Mode configuration In the Advanced Mode example listed below the internal or inside IP Address destination is 192 168 1 150 the external or Outside device must come from an IP Address on the 12 2 2 0 network the WAN IP is set to 10 0 1 1 ports 6000 through 6100 are defined and protocol tcp is used Config Mode Basic Mode Advanced Mode Private Network Port Forward Inside IP Port 192 jies aol iso Outside i2 f e e i o el 24 WAN IP fo bbe fp he WE C Defne fai E CUser Pari Range eooo j e100 Multi a Protocol tcp x Index Mo fa This means when an external IP device from the 12 2 2 0 network tries to connect to the WAN IP Address 10 0 1 1 on network ports 6000 through 6100 and protocol tcp it will be redirected to 192 168 1 150 on network ports 6000 through 6100 and protocol tcp Advanced Port Forward Parameter Description Port Used to define the specific IP port s for the destination Protocol Select TCP UDP or all both tcp and upd protocol The administrator can view the current status of the Port Forwading Rules using the Firewall gt NAT gt Port Forwarding submenu The Configuration List is shown on the bottom of the wi
84. d an action of permitting or denying those packets Use the Layer3 gt List gt Route Map submenu to begin configuring Route Map Enter the target value and then click the OK button to save the change Route Map Mame test Action Permit f Deny Sequence p 102 Name Route map name Action Sets whether to apply set operation Sequence Sets the sequence No to additionally delete a route map If the Route Map command is successfully entered and saved then the results will be directly applied to the lt Current Status gt of the Layer3 gt List gt Route Map submenu Route Map Setting neme s ie test permit 10 Route Map Setting Field Description Name Route map name Entry Route map information Once a Route Map is created it can be defined Highlight the radio button to the left of the Route Map and click the edit button Match Address Use prefix list p C Wext hop Use prefix list M Metric l Set IP Next hopl i H H Metric wWeight Community Metric Type Local Preference 103 IP Address Used to set the access list or prefix list for an IP to be matched Next hop Used to set the Next hop IP to be matched Metric Used to set the Metric to be matched Route Map Set Parameter Description IP Used to set the next hop of the BGP table Metric Used to set the metric of the BGP table Weight Used to set the weight of the BGP table Commu
85. d displays the external IP Address which communicates with the external environment This field displays the port number for the external source IP to communicate with external media This field displays the last external source port number This field displays the Internal IP Address that VoIP Service uses inside the WIM firewall This field displays the IP port number for the internal IP Address that VoIP Service uses This field displays the last IP port number for the Internal IP Address that VoIP Service uses VoIP Service and SIP ALG CS l l CN VoIP Service and SIP ALG cannot run at the same time NOTE 186 SIP ALG Config Using the VoIP Service gt SIP ALG gt Configuration submenu the SIP environment can be set up by the system administrator Set the following items and then click the Save button SIP Configuration External IP Internal IP 10 0 0 1 v Dynamic Learnning on off The information on the firewall setup is displayed The External IP item and the Internal IP item are displayed on the list box so that the web manager can combine the usable information to select it If there are two external or internal networks or more the network that is to be used in the list box can be selected SIP IP Configuration External IP 152 165 22 21 Internal IP 100 0 0 10 Dynamic Learnning If the Dynamic Learning function is set to On then the Map information o
86. d to the PIM SM To delete a VIF click the check box on the left of the entry and then click the Delete button PIM SM Interfaces Address Mode pets DR Prio Hello Inty fHold 100 1 2 10 24 Sparse 100 1 2 0 30 105 a rd3 100 1 5 10 24 Sparse 100 1 3 10 30 105 IGMP Groups The IPMC gt Status gt IGMP Groups submenu is used to display the information on registered IGMP groups IGMP Group Information IGMP Groups Field Description Group Address IGMP group address Intf IGMP interface name Uptime Time passed after IGMP group Is created Expires Left time until the IGMP Group information is expired Last Reporter Client IP address that sends the last membership report 116 l Status DVMRP The IPMC gt Status gt DVMRP submenu is used to display the information on DVMRP Neighbors DVMRP Neighbors This section of the IPMC gt Status gt DVMRP submenu is used to display the information on the DVMRP neighbor whose information is exchanged with the WIM DVMRP Neighbors DVMRP Neighbors Field Description Neighbor IP address of DVMRP Neighbor Address Interface VMRP VIF name Uptime Time passed after being connected Expires Left time until the Neighbor connection information is expired DVMRP Prune Information This section of the IPMC gt Status gt DVMRP submenu is used to display the DVMRP Prune items DVMRP Prune Information Source Address MaskLen Group Address state
87. day the highest risk level Med Rule level is 2 or 3 days mid level Low Rule level is 4 days low level Description Type of logs detected by IDS Destination Port The administrator can summarize the IDS alerts by the Destination Port If the alert log is defined by Destination Port the following window will appear Summary by destination port Mon Sep 26 04 16 59 2005 Mon Sep 26 21 27 08 2005 164 Destination Port Field Description Num Numbers of detected by IDS according to port when attacked Destination IP is a network e g LAN Port Attacked host IP of logs detected by IDS Priority Risk level depending on the rules level of IDS High Rule level is one day the highest risk level Med Rule level is 2 or 3 days mid level Low Rule level is 4 days low level Description Type of logs detected by IDS Port Scan The administrator can summarize the IDS alerts by the Port Scan If the alert log is defined by Port Scan the following window will appear Port scan summary Thu Jan 1 00 00 00 1970 Tue Feb 7 10 59 50 2006 There is no alert Port Scan Field Description Ports Number of TCP and UDP ports that are scanned in logs detected by IDS Hosts Number of host that a port scanned in logs detected by IDS Remote host IP that attempts port scan 165 Search The IDS search can be narrowed down and pin pointed by the administrator by defining the Search Log Parameters IDS Logs can be fil
88. dition deletion of ARP Briefly displays the setup information on all ports NLB Used to configure the Network Load Balance function Starts and stops the NLB function Utility Used to perform ping tests 21 Network The Network menu is used to view and configure the five network interfaces that are built in to the WIM This menu is used to set the IP Address information transfer speed and transfer mode of each interface In addition this menu is used to set the DNS server IP address information and ARP tables It is recommended that the network interfaces are programmed before any of the other features or options in the WIM Data Server Ethernet Setup The Network gt EthernetX X 0 through 3 submenus enable the administrator to specify the Ethernet Interface parameters Select one of the three Ethernet Interface submenus to display the setup window shown below Interface Type WAR CLAN C NONE Protocol Type Static IP PPPoE DHCP The fields that are displayed will vary depending on the type of interface being defined The details of each interface type are as follows e WAN The following types can be selected for a WAN interface Static IP Select Static IP if your Internet service account uses a Fixed IP Static IP address assignment PPPoE Select PPPoE if your Internet service account uses a PPP over Ethernet login protocol such as in ADSL account DHCP Select DHCP if your Internet s
89. e Static paas oe rhe s ar a a M E ae Re Z In the example listed below the network administrator enters a static route of 100 0 0 0 24 going out through eth0 Click the OK button to submit the command i am DE ea beat bet he Static lip route 100 0 0 0 24 etho When the entered command is successfully executed the configuration is directly applied to the lt Current Status gt section of the Layer3 gt Configuration gt Static submenu Current Status ae 2 8 ele 1 0 via 216 52 56 129 etho SS 100 0 0 0 24 1 0 is directly connected eth The static route that was entered is redundant because the default route was already sending 100 0 0 0 24 traffic out of eth0 Current Status Parameter Description Type S Static network set by a administrator gt Whether to include activated routing table Network Network Netmask information of route Entry Route information Help If the system administrator is unsure which static route command to use then they may use the lt Help gt section to see all possible commands Select the Command choice either ip route or no ip route then use the Argument pull down menu to see the possible choices For example if the administrator wants to see whet the correct command is to remove the static route that was just entered they would selet no ip route and then select the appropriate argument Help no ip route 4
90. e Action Used to select whether to start or stop SNMP DB Contig Use the System gt DB Config submenu to export the WIM database to import the WIM database or to default the WIM to the factory defaults Configuration System DB Import Brose Esport Export the current system db e Default Change the current system db to default system db DB Config Parameter Description Import Used to restore a previously saved database Export Used to save the existing DB Default Used to restore the DB to factory defaults After the WIM is defaulted the adminstrator must use one of the default IP addresses such as 10 0 2 1 through the LAN port when using Web Management 194 Admin Config The System gt Admin Config submenu is used to set up the authentication server for logging into the WIM and for changing the Web Time out configuration The choices for authentication server are Local Radius or Taccas Check the box of the authentication method desired and then click the OK button to save the change Once the setting is applied then the selected authentication method configuration window will be displayed Login Policy Set Policy Local C Radius P Taccas Local The local password is the Admin password that is used to access the WIM router using Telnet SSH FTP and Web Management Enter the new password and then click the OK button to save the change Local Category Configuration New Password
91. e DB Config Used to manage the current configuration DB of the WIM Admin Config Used to set up the authentication of the manager Log Used to set up logging policies Used to search the current system logs Used to download the system logs Time Used to enter the NTP server info Configuration Used to manually configure time Used to set the WIM timezone Upgrade Used to upgrade the WIM software Appl Server Used to allow SSH FTP and Telnet access to the WIM Reboot Used to Reboot the WIM 190 SNMP Configuration SNMP is a set of protocols used for managing complex networks The System gt SNMP gt Configuration submenu is used by the administrator to enter SNMP System Options SNMP Community information SNMP v3 User information and Trap Manager information Once all the changes are entered then click the Save button at the bottom of the window Click the Reset button to reset the configuration System Option The following window is used to set up the SNMP System Options System Option Location Contact Name Engine ID SNMP System Option Parameter Description Location Used to enter the information for System Location Contact Used to enter the information for System Contact Name Used to enter the information for System Name Engine ID Used to enter the information for System Engine ID Community The following window is used to add new community information used in SNMP v1 2c Community New Community name PY
92. e MAC Addresses may be defined on the same port Static MAC Address Enter the MAC address and Port ID and then click the Add button to add the MAC address In order to delete an entry select the box to the left of the specific MAC address and thenclick the Delete button If the Security box is checked for a port in the Port gt Port gt Config submenu then any learning of source MAC addresses will not occur Only defined MAC addressed can access the port at this point Number of Static MAC Addresses Entered Up to 50 static MAC addresses can be entered into the Static MAC Address table NOTE 71 Dynamic Address In order to view the dynamically learned MAC addresses use the Port gt MAC gt Dynamic Address submenu Dynamic MAC Address aaa 8 118 8 mal FIEIEICICIEIEI Bebe ayaa SIEIEIEIEIEIEIEIE HEEICIE fa for 4437 44447 a gt alla alah 19499410A dH HE m m m m i i i j a Delete All Filter Address By using the Mac filtering feature on the GPLIMT GPLIM it is possible to block unwanted traffic on the network The Port gt MAC gt Filter Address submenu is used to enter MAC addresses that are to be filtered Enter the desired MAC address and VLAN ID and then click the Add button If a MAC Address filter needs to be removed check the box to the left of the filter and then click the Delete button Filter Destination MAC Address 72
93. e OfficeServ 7200 WIM Data Server an application module of the OfficeServ 7200 and describes the procedures for installing and using the software I Document Content and Organization This document consists of three chapters an abbreviation which are summarized as follows CHAPTER 1 Overview of OfficeServ 7200 WIM This chapter briefly introduces the OfficeServ 7200 WIM CHAPTER 2 Installing OfficeServ 7200 WIM This chapter describes the installation procedure and login procedure CHAPTER 3 Using OfficeServ 7200 WIM This chapter describes how to use the menus of the OfficeServ 7200 WIM ANNEX A VPN Setting in Windows XP 2000 This chapter describes how to set up a VPN on Windows XP 2000 ABBREVIATIONS Abbreviations frequently used in this document are described Conventions The following types of paragraphs contain special information that must be carefully read and thoroughly understood Such information may or may not be enclosed in a rectangular box separating it from the main text but is always preceded by an icon and or a bold title WARNING WARNING Provides information or instructions that the reader should follow in order to avoid personal injury or fatality CAUTION CAUTION Provides information or instructions that the reader should follow in order to avoid a service failure or damage to the system CHECKPOINT Provides the operator with checkpoints for stable system o
94. e choices are System NETWORK FIREWALL PPTP IPSec and L2TP Once the radio buttons are selected then click the OK button to apply the changes Click the Reset button to return the Log Policy to the previous status before applying the change Report Using the System gt Log gt Report submenu the administrator can retrieve the logs stored in the system according to attributes date and time Report Policy Advanced Service ALL SYSTEM NETWORK FIREWALL PPTP L2TP O IPSEC DE 4 Detail Search DATY Log Type Click the radio button for the desired log type and then select the date and time Then click the OK button to run the report Click the Reset button to return the log report settings to default Log Report 2005 9 27 11 00 2005 9 27 18 00 2005 9 27 17 50 40 2005 9 27 17 50 40 ROOT LOGIN on console login session opened for user toor by uid 0 login 2005 9 27 accepted smux peer oid SNMPY2 5MI enterprises 3317 1 2 2 11 24 30 descr zebos 7 2 1 2e605 7 2 1 rce1 customer 2005 9 27 Li 24 30 sampad smux accept accepted fd 12 from 127 0 0 1 32775 snmpd 2005 9 27 accepted smux peer oid SNMPy2 SMI enterprises 3317 1 2 5 11 24 30 descr zebos 7 2 1 2e6b05 7 2 1 rc1 customer 2005 9 27 1i 24 30 sampad smux accept accepted fd 11 from 127 0 0 1 32774 snmpd 2005 9 27 accepted smux peer old SNMPy2 SMI enterprises 3317 1 2 3 11 24 30 descr zebos 7 2 1 2e605
95. e the Help field to find an IGMP command IGMP Help clear ip igmp IGMP Basic Enter the new IGMP information and then click the OK button to change the default configuration of IGMP IGMP Basic Interface All c etha A 192 168 17 100 16 IGMF Query Interval 125 1 65535 Default 125 Max Response Time io 1 25 Default 10 IGMP Basic Parameter Description Interface Select the target IGMP interface and select All Then all interface configuration values are applied IGMP Query Cycle of sending IGMP Membership Query Interval 109 Max Response Time Maximum time of waiting a response after sending Membership Query IGMP Interface Information This section of the IPMC gt Configuration gt IGMP window is used to display the IGMP interfaces IGMP Interface Information uer Max Res Address Querier Address euely Interval Time 100 1 2 10 24 100 1 2 10 24 100 1 35 10 24 rd3 CULE ee 10 24 125 10 IGMP Interface Field Description Address IGMP group address Intf IGMP interface name Querier IP address of IGMP interface that sends membership query IP Address address of Designate Router DR Query Interval Cycle of sending Membership Query Max Resp Time Maximum time of waiting a response to Membership Query 110 Configuration DVMRP The Distance Vector Multicast Routing Protocol DVMRP is an Internet routing protocol that provides an efficient mechanism fo
96. ecome available in a future release of the OS 7200 NOTE Data Server DIST Config Not available until future release I DHCP Server The VoIP Service gt DHCP Server submenu is used to configure the DHCP Scope to start and stop the DHCP Server to view the VoIP Status and to view the DHCP Lease status Configuration Using the VoIP Service gt DHCP Server gt Configuration submenu the system administrator must first select the Internal Network that is to receive DHCP addresses from the WIM Data Server Select the radio button of the correct LAN Interface and then click on the Next button DHCP Server Interface Selection Internal Network TYPE ethl INT_PRIV eth2 INT_PRIV eth3 INT_PRIV The lt DHCP Server Configuration gt screen will then display the basic information on the device selected on the lt DHCP Server Interface Selection gt screen In addition the administrator can program the IP Addresses of the OfficeServ 7200 Call Server IP phones SIP phones and data terminals These devices must be on the same subnet which is defined in the DHCP scope 177 DHCP Server Configuration This field displays the general information for allocating DHCP to clients DHCP Server Configuration Inre E Sub P T petant Lease Network Time eth2 Seite eye Whee cee ere lee ae Seal fo DHCP Server Field and Parameter Description Sub Network Subnetwork information This value is set in the Network
97. ed Select the Layer2 gt Port Aggregation gt Configuration submenu to begin configuring Port Aggregation Aggregate Configuration Load balance mode Load Balance Direct MAP based DM4c amp SMAC amp SPORT IB System Priority 22768 1 65535 Default 32768 System ID 00 00 f0 01 01 04 Port Aggregate Configuration Parameter Description a Load Balance When transferring a packet to the opposite party through a trunk port then the packet is transferred to a port among members included in the trunk group Select an algorithm to select a port for transfer at this time The default is Direct MAP based DMAC amp SMAC amp SPORT ID CRC based DMAC amp SMAC Direct MAP based DMAC amp SMAC CRC based DMAC amp SMAC amp SPORT ID Direct MAP based DMAC amp SMAC amp SPORT ID System Priority A protocol setup value used in a LACP The default is 32768 System ID An identification value used in LACP This value is the same as the value of the MAC address in the system Member Configuration S Static L LACP Grp Grp Grp Grp Grp Grp Grp 1 2 3 4 5 6 Ti Priority Sync s i s s s E s E s l s E E O C Porti i Port2 Ports Port4 Port5 Port6 Port Port Ports PortiO Portii Porti2 Portis Porti4 PortlS is 5 z AA DE ME DE HE GE HE HA HE HE GE HE HE HEL CER WA GE GE DE GE GE GE HE HE GE ME HE HE HELI Lie DE GE HE HE GE HE ME HE DE HE HE BE HE
98. elect My IP address in the Source address field and then click the Add button Filter Wizard IP Traffic Source Specify the source address of the IP traffic 12 Select Specific IP Subnet in the target address and enter the internal network address 192 168 0 0 and subnet mask 255 255 255 0 Then click the Next button IP Traffic Destination Specify the destination address of the IP traffic A specific IP Subnet O 7 192 160 0 255 255 255 209 13 Select All from the protocol type selection and then click the Add button Check Edit Properties P on the lt IP Filter Wizard gt window and then click the Finish button Filter Wizard IP Protocol Type Select the IP Protocol type If this type supports IP ports you will also specify the IP port Select a protocol type lt Back Mext gt Cancel 1 4 Then click the OK button Then the outbound item is created Click the Add button to create the inbound item Security Rule Wizard IP Filter List Select the IF filter list for the type of IF traffic to which this security rule applies IF no IF filter in the following list matches your needs click Add to create a new one IF filter lists Hame Description Add AICHE Traffic Matches all ICMP packets bet ANP Traffic Matches all IP packets from t Edit oO ou thou n fal Remove lt Back Cancel 15 Enter the
99. en or Registration Fixed Used to display the Applicant mode as Normal or Active Applicant io aes a E conditions Join Used to display the interval for Join Transfer Time Leave Used to ddisplay the value of Leave Delay Time LeaveAll Used to display the value of LeaveAll Transfer Time Status The Layer2 gt GVRP gt Status submenu is used to display the information on the ports where GVRP is configured GVRP Machine Applicant State Registrar State VO MT YO MT GVRP Machine Field Description Fi Port Used to display the Port Number Applicant State Used to display the Current Status of the Applicant State Machine Register State Used to display the Current Status of the Register State Machine GVRP statistics Fim E Forti Ts 0 0 0 0 Rx 0 0 0 0 T 0 0 m 0 GVRP Statistics Field Description Port Used to display the Port Number 81 Join Empty Join In Leave Empty Leave In Empty Used to display the number of Join Empty packets Used to display the number of Join In packets Used to display the number of Leave Empty packets Used to display the number of Leave In packets Used to display the number of Empty packets 82 i IGMP Snooping The purpose of Internet Group Management Protocol IGMP snooping is to restrain multicast traffic in a switched network The Layer2 gt IGMP Snooping menu is used for the configuration of IGMP Snooping Time Interval Use
100. ervice account uses a Dynamic IP address assignment such as a Cable Modem account e LAN The following types can be selected for a LAN interface Private Select to assign the internal network numbers based on private IP address Public Select to assign the internal network numbers based on public IP address e NONE Select when the corresponding interface is not used Detailed setup information for each interface type are as follows WAN gt Static IP Select the WAN Static IP category to display the following configuration window Interface Type WAN LAN C NONE Protocol Type Static IP C PPPoE DHCP WAN Static IP Ethernet Interface IF Netmask MTU Jisoo Byte Gateway i i f Default Gateway E Static WAN Parameters IP Used to enter the public IP address assigned to the WAN interface Netmask Used to enter the Subnet Mask information for the WAN interface MTU Maximum Transmission Unit Leave this field at default unless told to change by Samsung Technical Support Gateway Used to enter the public IP address received from the Internet Service Provider ISP or the IP address of a router Default Gateway Mark the check box in the Default Gateway field to create an entry in the routing table which specifies this address as the default gateway Transparent Proxy Proxy ARP is used when hosts or networks are added in the Transparent Proxy field Up to 128 Proxy ARPs can be set in
101. es attempt to occupy excess bandwidth set the priority so that the class with the highest priority occupies the bandwidth first This is the basic minimal bandwidth needed for setting class for an assigned bandwidth Maximum value of assigned bandwidth Used to set the filtering rules for the class Used to set the bandwidth of the class based on day of the week and hour 132 Policy The QoS gt Group gt Policy submenu is used for setting the QDISC type and root class class for an interface Policy Category Configuration Device Etherneta QDISC Type f SPO HTB koot Class none aj QDISC Type Root Class Default Class Serial Seriali Ethernet Etherneti Ethernetz Save Policy Parameter Description Device Used to select an interface ethO eth1 eth2 V 35 or HSSI QDISC Type Used to select the QDISC to be applied to the interface Root Class Used to assign a Class connected to the interface Select the class group from the class group list Default Class This class defines the bandwidth for incoming traffic that is not HTB only applicable to any filtering rules Select the class group from the class group list 133 SPQ Policy In order to set up the Interface for SPQ use the Device pull down menu and select the Interface then select the radio button for SPQ select the Root Class and then click the Save button to apply the change Policy Category Configuration Device Ethern
102. es to network to connect to external DHCP servers for automatic network environment setup of IP units in the other function block of the OfficeServ 7200 system QoS Function e Performs the treatment of the priority for the second layer frame under 802 1p standards Switch function e Treats the priority queue for the third layer packet and performs the priority queue for a specified IP e Treats the priority queue for the fourth layer packet and performs the priority queue for RTP packet UDP TCP Port 13 Management Function Supports a specialist level debugging function through Telnet connection Supports configuring and verifying the functional block operations of the data server through a browser Exchanges IDS data and alarm data with the system manager Execute program upgrade through local administrator PC Program upgrade Upgrades program through TFTP Upgrades program through HTTP 14 CHAPTER 2 Installing OfficeServ 7200 VAM This chapter describes the installation and the login procedure for OfficeServ 7200 WIM Software Installation OfficeServ 7200 WIM software is pre installed The software package is composed of the following items described below Bootrom wim bootldr img vx xx Boot ROM program Package wim bootldr img vx xx sum Main Package wim pkg vx xx tar gz Upgrade package for HTTP wim os img VX XX Upgrade package of OS partition for TFTP wim firmware img vx xx Upgrade package of f
103. et is sent to the corresponding port the packet is switched to the VLAN corresponding to the Port VID Forward Only this VID If this box is checked and the received tagged packet tag is different from the Port VID then the packet is discarded When this box is not checked then the packet is re sent according to the received tag information Drop Untagged Frame If this box is checked then the port discards the untagged frame If not the untagged frame is re sent to the VLAN corresponding to the setting Port VID Port VID Input Value CN The valid PVID values on the GPLIMT GPLIM are between 1 and 255 NOTE 68 Classification Using the Port gt VLAN Classification submenu the administrator can define the VLAN Classification Rules 802 1Q IVL and SVL If an untagged frame is received it can be classified according to protocol The rule values are set to decide which VLAN ID is attached to a frame VLAN Classification Configuration Classification Mode proto Classification Rule appletalk aj Group ID 1 256 VLAN ID Classification Mode This field is defined automatically according to the VLAN mode When the mode is 802 1Q proto for protocol Is selected Classification Rule Based on Appletalk arp decnet ip ipx sna and x25 VLAN is set Group ID Used to enter a Group ID for the selected protocol Valid groups numbers are 1 256 VLAN ID Decides which VLAN ID will be assig
104. eta a ODISC Type f SPO HTB Root Class Traffic QODISC Type Root Class Default Class Serial Seriali Ethernet Traffic Etherneti Ethernet Save HTB Policy In order to set up the Interface for HTB use the Device pull down menu and select the Interface then select the radio button for HTB select the Root Class and then click the Save button to apply the change Policy Category Configuration Device Etherneta a ODISC Type SPO HTB Root Class Root Default Class Default Dei QDISC Type Root Class Default Class Serialo Sertall Ethernet Default Etherneti Ethernet Save 134 Management The QoS gt Group gt Management submenu is used to start and stop the QoS service In addition this submenu is used to start or stop the execution of the Scheduling Parameter set in the QoS gt Group gt Class Group submenu QoS Management 135 I Ingress The QoS gt Ingress gt Configuration submenu is used by the administrator to set up retrieve edit or delete the class group from the Ingress menu Ingress Configuration This page is used to retrieve set up edit or delete the TOS value for each device in the Ingress Configuration menu Ingress Configuration Category Configuration Device Etherne TOS DEC HEX Ox Device EthernetO Etherneti Ethernet2 Using the Device pull down menu select the target interface and
105. etho Routes Window Field Description Type C Network directly connected to WIM network interface S Static network set by a administrator R Path information received from another router via RIP O Path information received from another router via OSPF protocol B Path information received from another router via BGP K Path information set by system kernel gt Whether to have activated routing table Network Network Netmask information of route Entry Route information 90 Management In order to turn the WIM routing protocols on or off select the Layer3 gt General gt Management submenu Go to the Action pull down menu and select On or Off for each of the routing protocols Click the OK button to submit the change Management RIP Start on OSAR Start BGF Start Configuration In order to configure static routes and set up the routing protocols RIP OSP and BGP the system administrator will use the Layer3 gt Configuration submenu Static Route Static routes are entered into the WIM by the system administrator An entire network can be configured using static routes but this type of configuration is not fault tolerant When there is a change in the network or a failure occurs between two statically defined nodes traffic will not be rerouted Select the Layer3 gt Configuration gt Static submenu to set the static routes Static routes are set by using the Command lin
106. etwork Layer 2 Tunneling Protocol Network Address Translation Network Time Protocol Realtime Monitoring Rendezvous Pointv Rapid Spanning Tree Protocol Password Authentication Protocol Protocol Independent Multicast Sparse Mode Power Device Power Of Etnernet Point to Point Tunneling Protocol Protocol Translation Permanent Virtual Circuit Port VLAN Identification Spanning Tree Protocol Simple Mail Transfer Protocol Source Network Address Translation Simple Network Management Protocol Strict Priority Queuing Trivial File Transfer Protocol 220 VLAN Virtual Local Area Network VoIP Voice Over IP VPN Virtual Private Network 221
107. ewall rules click on the box on the top left of the Configuration List then click on the delete button Remote Access The WIM Remote Access feature is used to permit or deny remote access Select the Firewall gt Firewall gt Remote Access submenu to begin configuring the rule The first parameter is used to either enable or disable the Remote Access feature Select the Enable or Disable radio button and click on the OK button to set Remote Access Default Policy f Allow C Deny If Deny is selected then a new parameter will be displayed Enter the Administration IP information Please pay close attention when entering this IP Address because all access will be denied to the WIM unless the computer has this IP Address Remote Access Default Policy O Allow Deny Administration IP When the Allow radio button is selected then the administrator can set up the Remote Access policy If Allow is selected and a policy is not defined then everyone will have Remote Access to the WIM 53 In this example Remote Access to the WIM from any IP Address on the 12 0 0 0 8 network is denied 24 hours a day 7 days a week Remote IP Configuration ouneer j2 fo bo bo l fje Define al C User Port C Range e Multi a Protocal all Days M Everyday Time Set M Sun M Mon M Tue M Wed M Thu M Fri M Sat Time 24 Hours fo o a fo o Tarzet Deny Index Mo E
108. f a SIP phone transmitting the REGISTER message to an external SIP proxy server is learned automatically 187 Map LIST Enter the information on the SIP devices located inside the firewall ID IP ao jo Je E When there is no information on the IP or the phone on the SIP message entered outside the firewall the SIP message is converged to be sent into the IP terminal set in the default item Therefore this item should be entered The setup can be coventiently made when all traffic is considered as the calls of the digital phone by the Call Server Therefore on the default item in enter the IP Address of the Call Server MCP The input box which is placed in the back of four input boxes receiving IP addressses is used for the input of the port information In general it inputs the standard SIP port number 5060 When the Map information is added 5060 is input as the default input to this input box When adding the Map information press the Add button to insert the information When an entry needs to be deleted check the box to the left of the entry and then press the Delete button All new or deleted information will be reflected on the system after the OK button on the lower side of the setup SIP configuration is clicked 188 Management The SIP ALG service can be started or stopped using the VoIP Service gt SIP ALG gt Management submenu SIP ALG Management nett tion OOO Stop The Man
109. fault Gateway The Gateway is a Default Gateway PPP Configuration Parameters Keep Alive Interval Time interval to check Keep Alive Max Keep Alive Count Authentication IPCP Dynanmic IP Address Gateway Default Gateway Count of Keep Alives to estimate as the disconnection Information for PPP authentication Use of Dynamic IP function to support IPCP IP Address of the serial port Gateway IP Address Peer Address of the serial port Mark the check box to set this gateway to default gateway This item is displayed only if the WAN radio button is selected Frame Relay Configuration Set the Encapsulation radio button to the Frame Relay protocol in order to display the Frame Relay Configuration table Specify the value of each field and then click the OK button to store the configuration When a Serial Interface is set up as Frame Relay on the WIM it is a DTE device only A SS DCE device is needed on the other end of the connection in order for it to function It is NOTE not possible to do a WIM Frame Relay point to point with another WIM without a DCE Frame Relay Configuration LMI Type Keep Alive Interval M391 N3392 M393 ANSI cciTT None fio o 30 seconds Default 10 lf 1 255 full status polling counter Default 6 Is 1 10 LMI error threshold Default 3 ja 1 10 LMI monitored event count Default 4 Frame Relay Parameters LMI Type Keep Alive Interval N39
110. fizo Se 30 sec Advance Negotiation Count Perfect Forward Secrecy Rekey Connection fo WES Sa Y Yes Initiator IPSec Advanced Parameter Description Phase 1 Key life time 5 Key life time eo Negotiation count Used to set the IKE Duration If Key life time expires then the host authentication the phase one IKE is performed again Used to select the packet authentication protocol Authentication Header AH Allows the authentication of data transmitter Encapsulating Security Payload ESP Allows the authentication and data encryption The cycle of newly added key used for packet encryption by the repeated phase two IKE negotiation Used to select the session key transfer security Used to set whether to add a new key whether to add a new key and negotiate again in the phase 1 2 IKE Reattempt count of key exchange when key exchange is failed on the phase 1 IKE 148 Connection IPSec Connection Attempt initiator Attempting a connection response Attempt to receive a connection DPD Time out Used to set the effective time when the counter party receives a DPD packet and receive packet Delay Used to set the alive check time of the counter party Action Used to set the action after the Dead Peer Detect hold Waiting for connection clear No more connection The aggressive mode only supports the authentication methods of Pre shared key and Encryption Algor
111. grams when the WIM is rebooted 172 External Server External FS future release DIST Config future release DHCP Server Configuration VoIP Status Leases Status DHCP Configuration Relay Agent E Description Used to set or delete the IP of the Feature Server existing on the external network A public network when the NAT is used Transmits the message received via the externally designated port into the terminal designated at the internal network Used to set the internal network that operates the DHCP Server In addition used to set the IP pool for the DHCP terminals the IP pool for Call Server the Feature Server MGI information IP Phones SIP Phones and general data terminals can be set respectively Used to start or stop the DHCP Server There is also a check box which needs to be checked in order to start the DHCP server in the event of a system reboot Used to display the IP terminal information of the OfficeServ 7200 system received from Call Server or Feature Server when the program for the communication with Call Server or Feature Server is running Used to display the IP Address lease information for the DHCP clients Used to set the Interface and DHCP Server to be relayed connected for connecting mutually when DHCP Serer and the client are in the mutually different network Used to start or stop the DHCP Relay Agent Used to display the information on the Static NAPT fo
112. he Community User and Trap settings select the box to the left of the item that needs to be deleted and then click the Delete button Click the Reset button to initialize the settings SNMP Config Information System Infomation Location Seoul Korea Contact supporti Name O57400 651M Engine ID GSIM Community Name Community Net private local Read Write public anynet Read Only root Read Write a JOSIE dua tal yes 162 Status Field Description System This field displays the information set up for the System Information Options Select Used to select the information to delete Community Name This field display the community name Community Net This field displays the configured name of the Community Network Community This field displays the access authority of the configured Access community Administrator This field displays the configured administrator s name Name Access This field displays the access authority of the configured administrator Trap IP This field displays the configured Trap IP Trap Port This field displays the configured Trap Port 193 Management The Management gt SNMP gt Management submenu is used to start and stop the SNMP service Click the Run button to start the SNMP service and click the Stop button to halt the SNMP service SNMP Management SNMP Management Field Description Activity This field displays the operational condition of the SNMPservic
113. he WIM intrusion detection system is used to detect all types of malicious network traffic and computer usage that can not be detected by a conventional firewall This includes network attacks against vulnerable services data driven attacks on applications unauthorized logins and access to sensitive files and malware viruses trojan horses and worms Select the IDS menu to begin configuring the IDS feature The IDS submenus will be displayed in the upper left side of the window as follows El IDS Config gt Management Log Analysis Configuration Rule Config Mail Config Block Config IDS Menu Description Menu Description IDS Config Management Used to start or stop the IDS module and block module Log Analysis Used to classify how the IDS logs will be searched Configuration Used to set up the rule and detection level of the IDS Rule Config Used to update the IDS rule files Mail Config Used to register the email server and email address of the system manager Block Config Used to register the Trusted IP Address of the system Manager 159 IDS Config Management Using the IDS gt IDS Config gt Management submenu the system administrator can start or stop the IDS module IDS Management Stop Run Block Management IDS Management Field Parameter Description Status Running The IDS module is operational Stop The IDS module is not in operation Action Click the Run button to
114. he network root bridge Protocol Status Designated Bridge Identifier Root Bridge Identifier Root Path Cost Once the root bridge is decided this field displays the calculated cost for the path to the root switch 76 Root Port Last Topology Changed If the current equipment is not the root switch then this field indicates the ID of the port corresponding to the root port A switch can have only root port Used to display the most recent time that the RSTP network was reconfigured due to a change in the network configuration RSTP Port Status Field Description Port Name Port ID Path Cost Port Role Port State Designated Root Used to display the port number The value is combined with the value of the port priority and the ID value of the port specified in the system The highest two digits represents the value of the port priority and the lowest two digits consist of port index The value indicates the path cost of the corresponding path The value indicates the role of the port that selected via the BDPU exchange between switches The RSTP Port Role is divided into Disable Alternate Backup Designated Root roles The Port State shows the status of the corresponding port Used to display the designated root T7 Port Aggregation In order to use multiple transmission paths between network devices so there can be an increase in transmission speeds then the Port Aggregation feature can be us
115. his field at default unless told to change by Samsung Technical Support Encapsulation Cisco HDLC PPP Frame Relay 29 Cisco HDLC Configuration Set the Encapsulation radio button to Cisco HDLC in order to display the Cisco HDLC Configuration window Specify the value for each field and then click the OK button to store the information Cisco HDLC Configuration Keep Alive Interval io 1 100 Default 10 keep lve Timeout 25 1 100 Default 25 IP Address ik ia Gateway i W Default Gateway The Gateway is a Default Gateway Cisco HDLC Parameters Keep Alive Interval Time interval to check Keep Alive Keep Alive Time to estimate the failure of Keep Alive Timeout IP Address IP Address of the serial port Gateway Gateway IP Address Peer Address of the serial port Default Gateway Mark the check box to set this gateway to default gateway This item is displayed only if the WAN radio button is selected PPP Configuration Set the Encapsulation radio button to the PPP Protocol in order to display the PPP Configuration table Specify the value for each field and then click the OK button to store the configuration PPP Configuration Keep Alive Interval ho 1 100 Default 10 Max Keep Alive Count lf 1 100 Default 6 Authentication n Sei Suon Mame oer Password i IPCP Oynamic IP W fenable IP Address negotiation at IPCP layer IP Address Ha i Ha i Gateway Ha Ha Hm Zz De
116. hown in step 3 If a PLIM LIM is used then connect a PC to any open PLIM LIM port Installers will need to configure the TCP IP settings of the PC to be on the same subnet as the default IP address of the WIM interface P3 shown in step 3 3 Using Internet Explorer 6 0 or higher navigate to one of the following IP addresses to access the management interface of the WIM The default IP value of the WIM interfaces are set as follows e Port 1 10 0 0 1 24 https 10 0 0 1 e Port 2 10 0 1 1 24 https 10 0 1 1 e Port 3 10 0 2 1 24 https 10 0 2 1 e Port 4 10 0 3 1 24 https 10 0 3 1 P3 10 0 2 1 24 P2 10 0 1 1 24 P1 10 0 0 1 24 P4 10 0 2 1 24 16 Caution when using a Web Browser The version of Internet Explorer should be 6 0 or higher when logging in and performing CAUTION Maintenance on the WIM Other web browsers are not supported 17 Getting Started Start Internet Explorer and enter the IP address of the WIM Data Server interface into the address bar The Security Alert window shown below will appear Click on the Yes button to proceed Security Alert Information you exchange with this site cannot be viewed or changed by others However there is a problem with the site s security certificate The security certificate was issued by a company you have not chosen to trust View the certificate to determine whether you want to trust the certifying authority The security
117. ibutes Set Time for Sending Mail The administrator uses this window to set up when the WIM will send an email to the defined SMTP server Set Time for Sending Mail Send Mail Now Day Hour Either click the OK buton to the right of the Now category to send an email immediately or use the pull down menu to select when the email should be sent The choices are One Time Daily Weekly Monthly or Not use Define the configuration of the send category and then click the OK button to save the changes Set SMTP Server IP The administrator enters the IP Address of the SMTP server enters the subject and Source Mail Address and can enter up to 10 email addresses to receive email notifications here Click the OK button to save the changes Set SMTP Server IP Set Mail Infomation Subject Source Mail Address 170 SMTP Server IP Configuration If there is not a recorded alert in the IDS alert log then an email was not sent CAUTION Block Config Using the IDS gt IDS Config gt Block Config submenu the system administrator can view the IP Block List applied to the block module or enter a trusted IP Manage Blocked IP List Blocked IP List Manage Trusted IP List EEE ss less less Manage Blocked IP List If an IP Address is flagged as an intruder and it is blocked from accessing the system then the IP Address will be shown in the Manage Blocked IP List Manage Trusted IP
118. ient authentication type NONE Executes the DHCP IP request without the authentication MAC Click the List Button to enter the MAC address for the authentication HOST Uses the HOST ID internally specialized Authenticates the ITP 5000 series phones 180 SIP Phone This defines the IP range of the standard SIP phones that are to use the DHCP scope of the WIM Data Server SIP Phone IP MAC Host Gateway Range ID 192 168 80 NONE POOL 192 168 1 1 lass 255 255 0 foo List E SIP Phone Parameter Description IP Range The IP range of the SIP phone Maximum range 120 terminals When entering one IP enter 192 168 0 40 40 Gateway The gateway information entered at the CALL Server Item Netmask The netmask information entered at the CALL Server Item MAC Host ID The client authentication type NONE Executes the DHCP IP request without the authentication MAC Click the List Button and enter the MAC address of the SIOP phone for the authentication HOST Click the List button and enter the HOST ID because the internally specialized HOST ID is not used Terminal This defines the IP range of the standard data terminals PCs printers etc that are to use the DHCP scope of the WIM Data Server Data Terminal IP MAC Host Gateway Range ID 192 168 1 150 NONE E 192 168 1 1 255 255 255 0 md 200 List E Terminal Parameter Description IP Range The IP range of the Da
119. inbound in the Name field and click Add like step 10 The above steps 11 through 13 also apply to this procedure 210 16 Click the Add button to display the window below Then select the outbound item and click the Next button Security Rule Wizard IP Filter List Select the IP filter list for the type of IFP traffic to which this security rule applies IF na IF filter in the following list matches your needs click Add to create a new one IF filter liste Add AIICMP Traffic Matches all ICMP packets bet AIIP Traffic Matches all IP packets from t Edit O inbound Remove lt Back Cancel 1 7 Select the Request Security Optional item and then click the Edit button Security Rule Wizard 21x Filter Action a Select the filter action for this security rule If no filter actions in the following list matches your needs click Add to create a new one Select Use Add Wizard to create a filter action Filter Actions IV Use Add Wizard Add Permit unsecured IP packets t Request Security Optional Accepts unsecured communi Edit O Require Security Accepts unsecured communi Remove lt Back Cancel 211 18 Select Negotiate security and select AH Integrity None ESP Confidential 3DES ESP Integrity MD5 in the Security Method preference order Click the Move up button to move to the first row of the corresponding item
120. irmware partition for TFTP wim configdb img vx xx Upgrade package of configdb partition for TFTP wim logdb img vx xx Upgrade package of longdb partition for TFTP wim flash1 img vx xx File to copy to the first flash wim flash1 img vx xx sum memory fusing wim flash2 img vx xx File to copy to the second flash wim flash2 img vx xx sum memory fusing 15 WIM Installation 1 Insert the WIM into slot 1 of the OfficeServ 7200 cabinet If a PLIM LIM card is to be used as a managed switch then install the PLIM LIM into slot 2 To connect the WIM and PLIM LIM via the backplane On the WIM set the connections of the shunt pins 1 2 3 and 4 in the direction of the back of the OS 7200 cabinet Refer to the OfficeServ Installation Manual for more information Once this is done the P3 Ethernet port is de activated If this method is used then do not insert a cable into P3 To connect the WIM and PLIM LIM via an Ethernet cable On the WIM set the connections of the shunt pins 1 2 3 and 4 towards the front direction of the WIM then connect the P3 interface of the WIM and a port of the PLIM LIM together with an Ethernet cable 2 If a PLIM LIM is not used then connect a PC to port 1 4 of the WIM module with a cross over cable Installers will need to configure the TCP IP settings of the PC to be on the same subnet as the default IP address of the WIM interface being used The IP address information of each interface is s
121. ithm 3DES The items use defaults and it is available to modify the value of PFS or Key lifetime for the interaction with other equipments IPSec Tunnel Programming Example In the example listed below the following information is applied to an IPSec Tunnel The Connection ID is set to ToRemotel the WAN Interface being used for the tunnel is 10 0 1 1 the Router IP is the Gateway for 10 0 1 1 is 10 0 1 254 the Local Subnet is 192 168 1 0 and the local subnet is 255 255 255 0 The remote end of the tunnel is 10 0 2 1 the local subnet is 192 168 2 0 and the remote Subnet Mask is 255 255 0 This tunnel uses a Preshared key Connection Add Category Local Settings Remote Settings Connection ID TaRemote1 ip ma a CC CF Router IP io r fo p 254 Subnet IF 192 168 1 0 i92 ies 2 fo Subnet Mask 255 Jess Jess fo 255 Jess Jess fo Authentication Method 149 Certificate The VPN IPSec gt Certificate submenu is used by the administrator to verify Issue Delete Download a CA Certificate and Host certificate In addition the addition delete of an external certificate and the current certificate list is performed here CA Certificate List select Sublet caret External CA Certificate List cen O OOOO o OOOO Certificate Parameter Description Parameter sii CA Download CA Certificate download CA Delete CA Certificate delete Ex upload External CA Certificate upload Ex Delete External
122. k on the Delete button Static DNS Domain Name Name Server List 168 126 63 1 O 168 126 63 2 Ea Network Link Select the Network gt Network Link submenu to view and set up the transmission speeds and transmission modes for the Ethernet interfaces Network Link Configuration Ethernet Ethernet 0 Negotiation auto Speed Duplex Network Link Status Ethernet Type Link Negotiation Speed Duplex Mac Eth t emet 40 100TX up auto 100 full 00 00 f0 12 13 14 Ethemet s0 100TX down auto 100 full 00 00 f0 12 13 15 Ethernet 10 100TX up auto 100 full 00 00 f0 12 13 16 Ethernet 10TX up force 10 half 00 00 f0 12 13 17 34 ARP Network Link Configuration Use the Ethernet pull down menu to select the correct Ethernet connection Use the Negotiotion pull down menu to select auto or force If auto is selected the Ethenet Interface speed and duplex type will be automatically selected If force is selected the administrator can manually define the speed and duplex type Network Link Status Fields Ethernet Logical name of each Ethernet Interface Type Type of Ethernet Connection Link Status is either up or down Negotiation Shows setup as auto or force mode Speed Transmission bandwidth of the corresponding Ethernet interface Duplex Transfer mode of the corresponding Ethernet interface MAC MAC addresses of the Ethernet interface The Network gt ARP submenu is used to
123. llows network devices to dynamically exchange VLAN configuration information with other devices Select the GVRP menu to start or stop the GVRP service to modify the GVRP service for each port and to view the status of GVRP Configuration Use the Layer2 gt GVRP gt Configuration submenu to start or stop the GVRP service and the Dynamic VLAN Creation service GVRP Basic a O araumen O Dynamic WYLAN Creation Save In the lt GVRP Basic gt window specify the GVRP configuration as Enabled and then click the Save button Once GVRP is enabled the following configuration window will appear GVRP Configuration r Timers millisecond Port Status Registration Applicant Join Leave Leaveall CALL porti Disable porte gorta ollaiic m ee ee A T a lo ou a TZT T T T j J n J pork i portS Disable Wi cu SE T E porte i port Disable porte porta Disable portio portii Disable a porti2 Disable potia Disable t Lam ir ir cu cu T T S porti4 Disable v Make changes to the ports and then click the OK button to save the information Click the Refresh button to display the latest information of the port 80 GVRP Configuration Field Parameter Description Port Used to display the port Number Status Used to enable or disable GVRP per port l Used to display the Registration mode as Normal Forbidd
124. mation such as CPU utilization and memory usage on processes being run in WIM Services Used to display the service status in a table format The services are categorized into Security Router Application and Management tables 137 Connection Sessions The Status gt Connection gt Sessions submenu is used to display the IP Address and IP Port information for devices connected to WIM Session list Protocol srei report status ost Dst port UDP 163 213 110 41 1303 UNREPLIED 165 213 87 05 Has UDP 127 0 0 1 1106 ASSURED 127 0 0 1 snmp UDP 165 213 110 41 1503 UNREPLIED 192 163 0 15 S025 UDP 165 213 110 41 i503 ASSURED 203 241 132 934 goman UDP 163 213 87 161 J424 UNREPLIED 255 293 209 200 snmp TCP 127 0 0 1 1040 ASSURED 127 0 0 1 Smut TEP 127 0 0 1 1041 ASSURED 127 0 0 1 SmX TCP 127 0 0 1 1042 ASSURED 127 0 0 1 SMR TEP 163 213 797 232 3104 ASSURED 163 213 110 41 hte TCP 165 213 79 232 3105 ASSURED 165 213 110 41 http TCP 165 213 79 232 3106 ASSURED 165 213 110 41 http TCP 1635 213 79 232 3107 ASSURED 165 213 110 41 http Session List Field Description Protocol This field displays the type of protocol connected with session UDP TCP Src IP This field displays the source IP Address Src Port This field displays the source IP port Status UNREPLIED Packets that are expected to be answered are received but there is no response packet ASSURED There is no response packet UNREPLIED
125. modified Nway Force field is added Web Time out field of Admin Config is added 04 06 2007 Expanded the documentation to include comprehensive Programming examples throughout SAFETY CONCERNS For product safety and correct operation the following information must be given to the operator administrator and shall be read before the installation and operation of the OS 7200 WIM Data Server Symbols i Caution Indication of a general caution Restriction Indication for prohibiting an action for a product Instruction Indication for commanding a specifically required action AN CAUTION For Security Note that all external administrators are allowed to access the firewall when the Remote IP is set to 0 0 0 0 and Port is set to 0 When Setting an IP Range for VPN The number of IPs for the Local IP range and that for the Remote IP range should be identical when setting PPTP VPN For example if the number of IPs for Local IP range is 10 and that for Remote IP range is 20 only 10 calls will be set When Setting PPTP in Windows XP 2000 In Windows XP 2000 the administrator can use the DHCP client If the VPN PPTP client is connected while the DHCP client is operating errors will occur To prevent this problem close the DHCP client operation on the Start gt Program gt Administrative Tools gt Service
126. n This section of the IPMC gt Configuration gt PIM SM submenu is used to display the information on the RP router RP Information RP Information PIM Group to RP Mappings Groups 224 0 0 0 4 RP 192 166 0 99 Info source 192 168 099 via bootstrap priority 22 Uptime 00 00 02 expires 00 02 28 Groups 224 0 0 0 4 Static Ae 192 168 17 100 Uptime 00 00 38 PIM SM Intf The IPMC gt Configuration gt PIM SM Intf submenu is used to add or modify the PIM SM VIF Virtual Interface RD Interface This section of the IPMC gt Configuration gt PIM SM Intf submenu is used to add PIM SM VIF Select the target L3 interface from the Interface pull down menu and then enter the target values Once done click the Add button to add the PIM SM VIF RD Interface Interface etha 192 168 17 100 16 Mode Sparse DR Priority 1 O 429496 7294 Hello Interval 30 1 65535 PIM SM RD Interface Parameter Description Interface Used to select the target L3 interface to be added to PIM SM VIF Mode Used to select the target PIM SM protocol mode Sparse Passive DR Priority Used to enter the priority value used when selecting Designate Router DR High value has high priority Hello Interval Cycle of exchanging hello packets with connected PIM SM neighbors 115 PIM SM Interfaces This section of the IPMC gt Configuration gt PIM SM Intf submenu is used to display the VIFs adde
127. n rules Tho rules roc rules dos rules dns rules web cgrules web is rules web misc rules Wweb php rules ii rules nethios rules attack responses rules mysqgl rules smtp rules pop rules nntp rules web attacks rules shellcode rules porn rules Icmp into rules chat rules p2p rules Click the Default button to select the default rules 168 Rule Config Using the IDS gt IDS Config gt Rule Config submenu the system administrator can set the IDS rules to be update automatically or they can manually update the IDS rules The version of the current rule set file and the released date is displayed as well Set Time for Update Rules Mow t Update Now Nat use Not use reservation Current Rules Information Rules Information Current version v 1 144 2 8 1 Release Date 2006 10 19 16 28 12 Update the Rule set Rule Config Parameter Field Description Category Now Updates the IDS Rule Now Pull Down Menu Can select Not use One Time Daily Weekly or Monthly Configuration Will change depending on the Category Set OK button used to implement the Category operation Current version Shows current IDS File Set version Release Date Shows current Release Date of IDS File Set Update File Used to Manually browse to an IDS rule set file to update the system 169 Mail Config Using the IDS gt IDS Config gt Mail Config submenu the system administrator can set up the SMTP attr
128. ncluded in the Basic Mode configuration m i aa aa g 5 a saaa a a e se Va In this Advanced Mode example all Source IP Addresses are being denied access to IP Address 192 168 1 150 on port 80 Saturday and Sunday only os 7s o aaas Config Mode C Basic Mode Advanced Mode Firewall Configuration SoUo IF fo fo fo fo Destination IP 192 168 p l iso C Define all i ser fso Fort C Range C Multi il rE Protocal all o Days D Everyday Tit Sete M Sun C Mon Tue C Wed C Thu C Fri M Sat Time Io 24 Hours 2 a a E o Parer Deny Index Nea E Advanced Firewall Rule Parameter Description Port Used to set the network port s Protocol Used to set the protocol Time Set Used to set the time to apply the firewall rule Index No Used to set the location of the firewall rule The administrator can view the current status of the Firewall rules by using the Firewall gt Firewall gt Configuration submenu The Configuration List is shown on the bottom of the window 52 Configuration List mino src Dest Port Protofarget Time Bil aaa 192 1658 1 150 80 udp Deny 24 Hours Sun Sat Bil 2 of of 192 1658 1 150 80 tcp Deny 24 Hours Sun Sat Mil 2 Camy ae all all Deny 24 Hours Everyday If a Firewall rule must be deleted then check the box to the left of the rule and then click the delete button In order to delete all Fir
129. nd remote configurations have the same items IPSec Tunnel Mode The OfficeServ 7200 Data Server only supports the IPSec Tunnel mode The transport mode is not supported In addition if the WAN interface is SERIAL then IPSec is not supported Since a SERIAL line is a dedicated line IPSec is not required for the security VPN Programming The OfficeServ 7200 WIM Data Server comes with a built on VPN Accelerator daughterboard for VPN functionality 145 Config Use the VPN gt IPSec gt Configuration submenu to begin configuring IPSec IPSec Connection _Delete IPSec Connection Button Description Add Used to create an IPSec tunnel Used to delete an IPSec tunnel Delete Edit Used to modify the IPSec tunnel data Add Click the Add button from the lt IPSec Connection gt window to display the window shown below Enter the value of each item and then click the OK button to save the IPSec tunnel configuration Connection Add Category Local Settings Remote Settings Connection ID IP Router IF Subnet IF Subnet Mask Password Re password 146 IPSec Connection Parameter Description Parameter Connection ID IP Router IP Subnet IP Subnet Mask RSA Key Preshared Key Certificate Description Used to enter the Tunnel ID which is composed of letters and numbers Required First character must be a letter External IP address Required Router IP address
130. nd to assign the WAN Interface for the IPSec Tunnel L2TP Used to set up L2TP Used to Start or Stop the L2TP feature and to set the IP Address range for clients when they connect to the WIM with L2TP PPTP Used to set up PPTP Used to Start or Stop the PPTP feature and to set the IP Address range for client s when they connect to the WIM with PPTP STATUS Used to display the status of the IPSec tunnel Used to display the status of the L2TP and PPTP connections 144 Setting up VPN Client in Windows XP 2000 Setting up a VPN client in Microsoft Windows is required when IPSec and PPTP are set in the VPN menu in the OfficeServ 7200 Data Server For detailed information on the configuration settings and method refer to Appendix A VPN Tunnels The OfficeServ 7200 WIM Data Server can support up to 100 Tunnels IPSec The IP Security Protocol IPSec provides security services in the IP layer through implementing an Internet Key Exchange IKE The IPSec security service is categorized into two services depending the remote equipment The security tunnel can be between a local subnet and a remote subnet or between a local subnet and a remote host Even if IPSec can be set up to provide a security tunnel between a local host and a remote host the WIM board is used as a gateway not as a host Thus this service is not supported Since the IPSec setting requires two gateways for a security tunnel the local configuration a
131. ndow 48 Configuration List mio Inside 1P Outside WANIP Port Proto Bi 28 WG 12 2 2 0 24 Oa BO00 6100 tcp 2 192 168 1 149 l a 0 Ee 10 0il all all If a Port Forward rule must be deleted then check the box to the left of the rule and then click the delete button In order to delete all Port Forward rules click on the box on the top left of the Configuration List then click on the delete button Static NAT This is a type of NAT in which a private IP address is mapped directly to a public IP address where the public address is always the same IP address i e it has a static address This allows an internal host such as a Web server to have an unregistered private IP address and still be reachable over The Internet This is also referred to as 1 to 1 NAT The administrator can begin configuring the static NAT feature on the WIM by using the Firewall gt NAT gt Static NAT submenu In this example the inside internal network IP Address is 192 168 1 50 the WAN external network IP Address is 10 0 0 1 network ports 1 thru 65000 are selected for both the inside and WAN IPs and all protocols are selected Click the OK button to save the change Static NAT Configuration Inside IP Port 192 168 f s0 fa nw esoo WAN IP Port fio l lo l p l fa fa nw esoo Protocal all Index Mo E This means that when an external IP device tries to connect to the WAN IP Address 10 0 1 1 on ne
132. ned to the frame In order to delete a VLAN Classification rule simply click on the radio button to the left of the rule and then click the delete button 69 MAC Based VLAN Frames coming into a switch can be marked for a particular VLAN based on the source MAC Address VLAN Classification Configuration Classification Mode mac Classification Rule Group ID 1 256 WYLAN ID BE VLAN Classification Parameter Description Classification Mode This field is defined automatically according to the VLAN mode When the mode is MAC mac is selected Classification Rule According to the received packet via a defined MAC address the VLAN can be set Group ID Used to enter a Group ID for the selected mac Valid groups numbers are 1 256 VLAN ID Decides which VLAN ID will be assigned to the frame In order to delete a VLAN Classification rule simply click on the radio button to the left of the rule and then click the delete button 70 MAC The Port gt MAC submenu is used to assign MAC addresses to ports to view dynamic MAC address tables and to assign MAC address filtering Static Address The Port gt MAC gt Static Address submenu is used to enter a specific MAC address in the MAC address table Even if the device is not connected to the switch and the MAX Aging Time interval of MAC address table renewal is passed the corresponding MAC address is left in the address table Multipl
133. ng the load to the other lines when a line does not work 12 Data Network Security e Outbound and Inbound NAT Network Address Translation PT Protocol Translation Controls access to the internal resources through conversion between the Global IP and Private IP e Firewall Controls an access from outside by the extended access list Intrusion Detection System IDS with automatic updating Detects and notifies an access to unauthorized areas by the access list Recognizes and notifies unauthorized packets by applying the basic intrusion rule for packets Detects and blocks DoS attacks such as SYN flood e Virtual Private Network VPN Function as a VPN gateway based on PPTP Point to Point Tunneling Protocol L2TP Layer 2 Tunneling Protocol IPSec Internet Protocol Security protocol Performs privacy and integrity through VPN tunneling and data encryption Data Network Application e Functions as data network applications such as NAT PT Firewall VPN DHCP and Application Level Gateway ALG e Executed as application software that operates in the Data Server board e Application Level Gateway ALG Supports ALG for VoIP signaling and media traffic allowing flawless VoIP packets to be transferred while the security function is active e DHCP Server Automatically sets network environment for IP equipment on other functional blocks of the OfficeServ 7200 system e DHCP Relay Function Enabl
134. nity Used to set the community of the BGP table Metric Type Used to set the metric type of the BGP table Type 1 External Type 1 Type 2 External Type 2 Local Used to set the local preference from BGP attribute Preference If a Route Map entry needs to be deleted then click the radio button to the left of the Route Map and then click the Delete button When the match condition is met and the Action is set to Permit then the job corresponding to Set operation is carried out If the command is successfully entered and saved then the Route Map result is directly applied to lt Current Status gt of the Layer3 gt List gt Route Map submenu Current Status ee e match ip address test C 10 set ip next hop 1 1 1 1 Current Status Field Description Sequence Matches Sets operation Sequence No of route map Entry Matches Sets operation information of route map Click the Prev button to return to the route map window or click the Delete button to delete the selected Match Set operation 104 Key Chain The WIM uses the Key Chain window for setting up MDS Authentication for RIP Version 2 packets Select the Layer3 gt List gt Key Chain submenu to begin configuring the Key Chain information Enter the values and then click the OK button Key Chain Key Chain Name rtr Key ID 1 Key String 23 Key Chain Parameter Description Key Chain Name Used to name the Key Chain rule Key
135. nnected 106 IPMC Menu For large amounts of data IP Multicast is more efficient than normal Internet transmissions because the same data is broadcast to many recipients simultaneously Unlike traditional Internet traffic that requires separate connections for each source destination pair IP Multicasting allows many recipients to share the same source This means that just one set of packets is transmitted for all the destinations Select the IPMC menu to begin configuring IPMC The submenus will be displayed in the upper left side of the window as follows E General gt Mroutes Management Configuration IGMP DVMRP DYMRP Intf PIM SM PIM SM Intf E Status IGMP Groups DVMRP PIM SM IPMC Menu Description Menu Submenu Description General Used to display the Multicast Routing Entry Used to starts stop IPMC protocol daemons Configuration Used to display or change the IGMP configuration Used to display or change the DVMRP default configuration Used to display or change the VIF of the DVMRP Used to display or change the PIM SM default configuration Used to display or change the VIF PIM SM Status Used to displays the IGMP Group information Used to display the DVMRP neighbor and Prune information Used to display the PIM SM Neighbor information 107 General Mroutes The IPMC gt General gt Mroutes submenu is used to display the multicast routing entries Mroutes AGU GU iiaii 2241
136. olicy Wizard Completing the IP Secunty Policy Wizard You have successfully completed specifying the properties for your new P security policy To edit your IP security policy now select the Edit properties check bos and then click Finish M Edit properties To close this wizard click Finish Back Cancel 206 7 When the lt XP_OPSec Registration Information gt window is displayed the created items are displayed If the corresponding item is checked release the check and then click the Add button IPSec Properties Rulez General aa Security rules for communicating with other computers IF Security Rules IF Filter List Authentication Tu oO lt Dynamic Default Response Kerberos 4 2 Add Edit Remove I Use Add Wizard coca amp Click the Add button on the lt Security Rule Wizard gt window to display the window below Select The funnel endpoint is specified by this IP address and enter the firewall external IP address 211 217 127 40 Then click the Next button Security Rule Wizard Tunnel Endpoint The tunnel endpoint is the tunneling computer closest to the IP traffic destination as specified by the security rule s IP filter list AnlPSec tunnel allows packets to traverse a public or private internetwork with the security level of a direct private connection between two computers Specify the tunnel endpoint for the IP security rule This
137. ommand pull down menu to see all possible choices Select the Command field either ip rip or no ip rip and then the Argument field Once the correct RIP command is identified then type it into the Command field and click on the OK button to submit the change 95 RIP Interface Basic The RIP Interface Basic fields are used to set the Interface to send and or receive RIP Versions 1 and 2 After selecting each item click the OK button to submit the change The applied value will be displayed in the lt Current Status gt window RIP Interface Basic receive version Iw 4 Moa send version Wi Woo Current Status Router RIP Interface eth ip rip send version 1 2 ip rip receive version 1 2 OSPF The Open Shortest Path First OSPF protocol is a link state hierarchical routing protocol Dijkstra s algorithm which is used to calculate the shortest path tree It uses cost as its routing metric A link state database is constructed of the network topology which is identical with all routers in the OSPF area OSPF is perhaps the most widely used Routing Protocol in large networks Select the Layer3 gt Configuration gt OSPF submenu to begin configuring OSPF On the WIM the OSPF information basic and advanced commands can be entered by using the Command field or by using the OSPF Basic fields basic commands only OSPF OSPF Basic redistribute connected static C rip C bgp network Ha Ha i sd a
138. on to access list functionality the Prefix List has prefix length range specification and sequential number specification You can add or delete prefix based filters to arbitrary points of Prefix List using sequential number specification Select the Layer3 gt List gt Prefix List submenu to configure the Prefix list If no Prefix List is specified on the WIM then it acts as a permit rule If the Prefix List is defined and no match is found then a default rule of deny is applied Prefix List ID Seq Action Permit Deny Any Prefix Match r nnn hm a 101 Prefix List Parameters ID Used to set the prefix list name Seq Used to set the sequence No of the prefix list Action Allows Rejects the packets matched Prefix Match Sets the match condition Any All packets Network network range Once the Prefix List information is entered and saved then the results are directly applied to the Layer3 gt List gt Prefix List lt Current Status gt window Current Status Ss SS eas fe test seq 5 permit 100 0 0 0 24 Delete All Once a Prefix List is set in the WIM it can be removed by selecting the radio button of the Prefix List and then click the Delete button Prefix List Current Status Fields ID Prefix list name information Entry Prefix list information Route Map Route maps are similar to access lists as they both have criteria for matching the details of certain packets an
139. ooping Function Category Description Categories VLAN Pull down menu used to select the VLAN to be configured Querier Used to specify the operation as IGMP querier when the multicast router does not exist Immediate Leave Used to delete a host from the group immediately when receiving the Leave Message Cross VLAN Used to Forward multicast packets to all ports regardless of VLAN Flood DPM Used if no member exists in the IGMP group sets whether to forward multicast packets Select the VLAN and the Category to configure select Enable or Disable and then click the OK button to store the configuration The Querier and Immediate Leave values can be set for each VLAN but the Cross VLAN and Flood DPM values are set on a bridge basis 84 Forwarding Table Use the Layer2 gt IGMP Snooping gt Forwarding Table submenu to display the information on the members registered in IGMP Group Forwarding Table LAN Multicast IP Address Member Port Aging Time Click the Refresh button to update the information displayed on the web screen Management Use the Layer2 gt IGMP Snooping gt Management to specify the operation of IGMP Snooping IGMP Snooping Management Global Enable Default Enable In the Scope parameter each VLANs can be turned on or off independantly However if Global is set to Disable then all the VLANs become disabled IGMP Snooping Management KN If Global is set to
140. ority of the Intrusion Choices are all high med or low Used to filter the IDS log by Source IP Address Destination IP Used to filter the IDS log by Destination IP Address Destination Port Used to filter the IDS log by Destination IP Port Intrusion Type Log The administrator can summarize the IDS alerts by type If the alert log is defined by Intrusion Type the following window will appear Summary by intrusion type Mon Sep 26 04 16 59 2005 Mon Sep 26 20 00 37 2005 Zam 6 304 med ICMP PING oof 366 med ICMP PING NIX oof 365 med ICMP PING BSDtype 1S1 408 med ICMP Echo Reply 12 69 2522 med WEB MISC SSLyv3 invalid Client_Hello attempt Intrusion Type Field Description Rate Monitors logs detected by IDS according to type and displays logs as a percentage Num Number of logs detected by IDS according to type SID ID number for an intrusion Priority Risk level depending on the rules level of IDS high Rule level is one day the highest risk level med Rule level is 2 or 3 days mid level low Rule level is 4 days low level Description Type of logs detected by IDS 162 If the Sid number is clicked then more information on the alert will be displayed Sid 384 summary This event is generated when an generic ICMP echo request is made Source IP Log The administrator can summarize the IDS alerts by the Source IP If the alert log is defined by Source IP the following window will appear
141. ork Status E NLB Configuration Management E utility Ping E Group t Port Group IP Group Filter Group Class Group Policy Management H Ingress Configuration Management Firewall E WAT t Management Configuration Fort Forward Static MAT El Firewall Management Configuration Remote Access IP Filtering WRL Filtering ICMP Filtering Status El Connection t Sessions H Statistics Devices Protocols E Monitoring Current History Process Service El Port t Configuration Statistics MISC gos E LAN Configuration Port YIO Classification El MAC Static Address Dynamic Address Filter Address H IPSec t Configuration Certificate Management El L2TP Configuration Management El PPTP Configuration Management El STATUS IPSec L2TP PPTP El RSTP t Configuration Status Port Aggregation El G RP Configuration Status E IGMP Snooping Time Interval Function Forwarding Table Management El Authentication Configuration Management El IDS Config Management Log Analysis Configuration Rule Config Mail Config Black Config 20 E General t Routes Management El Configuration Static RIP RIP Interface OSPF OSPF Interface E List Access List Prefix List Route Map Key Chain E Status RIP OSPF VoIP Service El Configuration SM Interface Module Interface Management El External Server External FS DIST contig El DHCP Server Configuration Management VOIP Status Leases
142. outside Thus only trusted administrators should use the key When Deleting Internet Temporary Files If the WIM software package is upgraded then The Internet temporary files should be deleted Select Internet Explorer gt Tools gt Internet Options menu and click the Delete Cookies and the Delete Files buttons in Internet Temporary Files area If these files are not deleted the webscreen of Data Server may not be displayed correctly TABLE OF CONTENTS INTRODUCTION 1 POO S tenet ee ceece eee eee cnceece E E ce deaeeeeedeade ot enes 1 Document Content and OrganiZation cccccccccssseeeececeeeeeeeeeeeeeeeeseeeaeeeceeeeessaeaeeeeeeees 1 Conventions sree sacccevcatnesettetcctencstwaccdtmidedemscspegeusebieteedusnctwemedbsGeiaenceseecouelictessetenaeiteidezenave 2 Console Screen Output siisi oser en enor EE EE E OEREN Ee Or EEEE 2 PoTN Se ee E E E E E EE 3 Revision HIStO Y oeer ke sae setae ie a RNEER pIE riea i 3 SAFETY CONCERNS 4 NOE a E E eee 4 TIO a E EAA E sepa E EE E aceon senwelaeu seraeeasnneen beens 5 TABLE OF CONTENTS T CHAPTER 1 OfficeServ 7200 WIM Overview 10 Introduction to the OfficeServ 7200 a aanannnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnn 10 Introduction to the OfficeServ 7200 Data MOdules c ccecceeccecceseeeceeceeceeecesceseeeeeeees 11 CHAPTER 2 Installing OfficeServ 7200 WIM 15 Software INStallation
143. peration NOTE Indicates additional information as a reference Examples Indication that there is a programming example which should be remembered Console Screen Output The lined box with Courier New font will be used to distinguish between the main content and console output screen text Bold Courier New font will indicate the value entered by the operator on the console screen Reference OfficeServ 7200 General Description The OfficeServ 7200 General Description introduces the OfficeServ 7200 platform and presents the information necessary to understand the hardware configuration specification and system functionality OfficeServ 7200 Installation Manual The OfficeServ 7200 Installation Manual describes the installation of the system and how to inspect and operate the system OfficeServ 7200 Programming Manual The OfficeServ 7200 Call Server Programming Manual describes how to program the system using Man Machine Communication MMC entries I Revision History EDITION DATE OF ISSUE REMARKS 00 04 2004 First draft 01 04 2005 Cautions are added Port Forward Static NAPT Network DB list Filtering Service items are added Some Function names and Descriptions are modified 02 04 2006 Whole contents modification and repletion 03 11 2006 DB Change supporting BGP are deleted Ping utility IDS config SIP ALG config are
144. ports and protocols follow the allow or deny setting by default If the rule needs to be either port or protocol specific use the Advanced Mode 50 Firewall Configuration zoues IF 192 24 Destination IP Tarzet Deny Source IP Used to set the source The symbol is used to specify an IP Address entire network or subnet Example 192 168 1 0 24 This defines every device within the 192 168 1 0 network to be allowed or not allowed to reach the destination IP The is used to specify a range of IP Addresses to be allowed or not allowed to reach the destination IP Example 192 168 1 50 60 The symbol is used to allow all Source IP Addresses to be allowed or not allowed to reach the destination IP Example 0 0 0 0 Destination IP Used to set the The symbol is used to specify an destination IP Address entire network or subnet Example 192 168 1 0 24 This defines every device within the 192 168 1 0 network to be an allowed or denied destination The is used to specify a range of IP Addresses to be an allowed or denied destination Example 192 168 1 50 60 The symbol is used to allow or deny all possible IP Addresses as the destination Example 0 0 0 0 Target Allow or Deny Allow Sets the rule to allow access Deny Sets the rule to deny access 51 Advanced Mode This window is used by the administrator to select and set up port protocol and time rules that are not i
145. pper left side of the window as follows E Group gt Port Group IP Group Filter Group Class Group Policy Management E Ingress Configuration Management QoS Menu Description Menu Submenu Description Group Used to retrieve set edit or delete a Port Group Used to retrieve set edit or delete an IP Group Used to retrieve set edit or delete a Filter Group Used to retrieve set edit or delete a Class Group Policy Ls Used to set a class for a port Management Used to start or stop the QoS service and to set the WIM to start i QoS automatically when the system reboots Ingress Configuration Used to retrieve Set up Edit Delete QoS setting values of an Canal Ingress Used to execute an Ingress QoS or to stop the operation 119 Group Port Group The WIM uses the Port Group submenu to define specific IP ports or ranges of IP ports for the QoS policies Select the QoS gt Group gt Port Group submenu to retrieve set edit or delete a port group Port Group List In order to add a Port Group List click the Add button and a new Port Group window will be displayed Enter the Port Group information and then click the OK button to save the changes In the examples listed below there are three Port Groups created One is for ports 6000 through 6100 which will be used for the MP40 card the second is for ports 30000 through 30031 for the MGI card and the last is for ports 1 through 65001 for TCP on
146. r O Po lhe le leoli El fea 121 Enter the IP Group ID and then the IP address information Click the OK button to save the changes Click the Add button to add another IP Group IP Group Category Configuration MGI_IP O f2 bss le faoa li Be Network O fase fice le Iio Ii Efi Click the OK button and then click the Add button to create another IP Group IP Group Parameter Description ID Used to enter the name of the IP group Should include both letters and numbers Group ID shall start only with letters not numbers No blanks should be left in between characters IP Used to enter the IP address information of the IP Group Used for entering subnet Used for entering the range of IPs Enter 0 0 0 0 0 to set all ports IP Group List G MICP_IP 192 168 1 200 24 C MGI_IF 192 168 1 201 24 C Network 192 168 1 0 24 In order to delete a IP Group List highlight the radio button to the left of the IP Group List and then click the delete button 122 Filter Group The WIM uses the Filter Group submenu to define specific filtering rules for the QoS policies Select the QoS gt Group Filter Group submenu to retrieve set edit or delete a filter group The Filter group can be filtered by Transport Protocol TOS IP Group and Port Group Filter Group List Click the Add button in the above window to open another window from which the Filter Group List information can be entered Enter a
147. r connectionless message multicast to a group of hosts across an internetwork The IPMC gt Configuration gt DVMRP submenu is used to display and change the WIM DVMRP configuration DVMRP amp Help DVMRP commands can be entered into the Command field and saved by clicking the OK button Use the Help field to find a DVMRP command DVMRP Help clear ip dymrp route A B C D M ka DVMRP Routes This submenu is used to display the DVMRP Route items in use DYMRP Routes Direct 100 1 2 0 24 JG Poe 7 1 00 05 10 00 00 00 Connected Directly 100 1 3 0 24 IC rd3 00 05 05 00 000 Connected DVMRP Routes Field Description Source Network VIF network address to which multicast packets flow Flags DVMRP route feature flag N New D Direct Connected H Hold down Intf VIF name to which multicast packets flow Neighbor DVMRP neighbor IP address that provides information on DVMRP route Metric DVMRP route Metric distance value 111 Uptime Time passed after using the DVMRP route item Expires Left time until the DVMRFP route item is expired DVMRP Intf The IPMC gt Configuration gt DVMRP Intf submenu is used to add or set the DVMRP VIF Virtual Interface RD Interface This window is used to add L3 interfaces where an IP address is set to DVMRP VIF Select the target interface to be added to the VIF from the Interface and then enter the target value and click the Add button RD Interface
148. r the OfficeServ 7200 VoIP service This information is automatically set when the program for the communication with Call Server and Feature Server is executed The information is displayed when the setup is completed Used to set the SIP environment Used to start or stop the SIP ALG Also sets so that the execution is made when rebooting the system 173 VolP Service Configuration The VoIP Service gt Configuration submenu is used to set all the environmental parameters of the Data Server Module Interface DSMI SM Interface Not available until future release SM Interface KN The System Manager SM Interface is a network management tool that is not available NOTE at this time In a future release of the OS 7200 WIM Data Server the NMS Network Management System will become available Module Interface Using the VoIP Service gt Configuration gt Module Interface submenu the system administrator sets the VoIP WAN Interface Other environmental settings used for communication between the WIM Data Server and the Call Server are set here as well DataServer Module Interface Configuration Call Feature Module Configuration Data send to UDP port number 5025 port Retry timeout ced Max retry timeout count so o o Ea hores Sec Hello Interval initial sec Hello Interval online 0 sec Select VoIP WAN Interface etho Save Select VoIP WAN Interface Field Although this
149. r ttt ene PMR oor Meer RTE rahe een rennet oY eee ee ote ee vom 91 PIS Tid aha siacare cncawetiaeiccaice a a eau hae Aenea tiene hee 100 RECALL N EEE NEE E TE NEA EE E EEEN T E E E ly who E TE E E 106 IRMG MOI isoa a ae aaao aea a Aaaa 107 OIG e ERE EAE PE A PEAS EAA A A E E E E E E ETAT 108 CG OMI UM QU OM corneana a a tae ceaua dicen phases asitemewsteeganes 109 A Sect ad ee Crack a A A aos teetecaateus 117 QOS MW cee ices eos naaa a eaaa aa a aaa 119 GOUD a a ee PR 120 PONCY esa E E a eg eee eee ee 133 Management senccse a E 135 MOOS S aa e A 136 Status MENMU soeia en E E E a a ee 137 Go a l lei 9 tne ene ee a a Oe a eee ee 138 Se Us ks Ser eee nen et eon ee renee ee tee ere ne eee eee eRe eee ee 139 MOMONDO enemececpeeteesmts pert mere Canine man nt eect etrnepetr to mret Une ien mtn crt taint Stra Sc ener tonne Mitte weenr er 140 SENICE S tee else ia ee ek ia ies ca etic lee alee 142 VPN NRG T AU weiss vee a tiene ck cna ne ct te Seek aeaa EE Kan EEE aAA 144 IPSEC cetaceans ec a ee eet us a oval edd ae carcass ence ues aaesctaantetns 145 eA E EE EE Goce toe testinal PAAA TE E aaa neue oe end AT onan tenes E A ASE 153 A SA R A E E E ht E EE E E E E AE E E E E E E T 156 SAUS a a O 158 IDS MENU noi baa wasornlehieadia sation 159 IDS GONO eenean 160 VOIP SEIVICE Men Urii a ects 172 VoIP Service COnnguranion scsi ee iar i ee 174 EXIST all SERV EN gece aston cebtace cea a a ibatsasisbaedesteees pesieiecnetiaees 177 PE Fed FNC AEEA EOE
150. rate Limiting the rate at which a port can receive or send traffic 1s used to ease congestion on bottlenecks in the network and provide simple prioritization when the network is busy Router Functions Manages paths and performs queuing for data packets on both the external WAN and internal LAN Performs static or dynamic routing Supports RIPv1 Routing Information Protocol version RIPv2 and OSPFv2 Open Shortest Path First version2 Can function as a client using Dynamic Host Configuration Protocol DHCP Point to Point Protocol PPP and Point to Point Protocol over Ethernet PPPoE over the Ethernet WAN interface Performs High level Data Link Control HDLC PPP or frame relay encapsulation over the Serial WAN interface Supports IP multi casting Supports IGMPv1 internet Group Management Protocol versionl GMPv2 protocol Supports DVMRP Distance Vector Multicast Routing Protocol PIM SM Protocol Independent Multicast Sparse Mode multicast routing protocol LAN and WAN interfaces 3 10 100 Ethernet Ports Used for WAN or LAN interfaces 10 Base T Ethernet Port Used for WAN or LAN Interface 1 Serial LAN or WAN Port Used for a private data line by connecting a data circuit unit such as DSU and CSU supports V 35 Network Load Balance NLB Function Enables to distribute the load equally by specifying multiple Ethernet lines or Serial interfaces as WAN and raises the availability by automatically shari
151. rea ID 96 e a sie m ee a vet a e Ta ee WARA WE r e e hl a a a a Ps In the Command field and OSPF Basic examples listed below the network administrator is 7 setting the 192 168 1 0 network for OSPF with an area of 100 Click the OK button to apply the change OSPF network 192 168 1 0 24 area 100 OSPF Basic redistribute l connected O static l rip C bgp network i92 ies Al fo i fea fioc area ID Both the Command field and OSPF Basic field entries listed above produce the same configuration and will be displayed under the current status Current Status Router OSPF router aspt network 192 168 1 0 24 area 100 Help If a system administrator is unsure which OSPF command to use in the Command field then they may use the Help Command pull down menu to see all possible choices Once a command is selected the Argument pull down menu will be populated with the appropriate choices Once the correct OSPF command is identified then type it into the Command field and click on the OK button to submit the change 97 OSPF Interface The Layer3 Configuration gt OSPF Interface submenu is used to select the Interfaces which will use OSPF and to apply advanced OSPF functionality The Command field may be used to enter both basic and advance OSPF configuration commannds and the OSPF Interface Basic fields may be used to enter Basic OSPF configuration commands OSPF Interface
152. rent status of the Application services being provided by the WIM Application QoS Quality of Service Stop SIP ALG Session Initiation Protocol Stop MTP Network Time Protocol Stop DHCP Dynamic Host Configuration Protocol Stop SSH Secure Shell Running Telnet Running FTP File Transfer Protocol Stop Management This window is used to display the current status of the Management services being provided by the WIM Management Network LoadBalance Stopped Accumulated Network System Monitoring Running SNMP Simple Network Management Protocol Stopped 143 VPN Menu A VPN 1s an encryted tunnel which is used to allows remote users and other private networks to connect to other networks using secure methods VPNs are widely utilized by enterprises to create wide area networks WANs that span large geographic areas to offer site to site connections to branch offices and to allow mobile users to dial into their company LANs Select the VPN menu to begin configuring the VPNs feature The VPN submenus will be displayed in the upper left side of the window as follows IPSec gt Configuration Certificate El L2TP Configuration Management E PPTP Configuration Management E STATUS IPSec L2TP PPTP VPN Menu Description Menu Submenu Description IPSec Used to set up IPSec Used to generate or delete an IPSec certificate Used to Start or Stop the IPSec feature to generate an RSA Key a
153. rule does not specify a tunnel f The tunnel endpoint is specified by this IP address 211 217 12 A 207 Select the Local Area Network LAN on the lt Network Type gt window and then click the Add button to display the window below Select Use this string to protect the key exchange preshared key and enter the password registered with the firewall Then click the Next button IP Security Policy Wizard Authentication Method To add multiple authentication methods edit the security rule after completing the IP security rule wizard Set the initial authentication method for this security rule Windows 2000 default Kerberos W5 protocol Use a certificate from this Certificate Authority CA Browee f Use this string to protect the key exchange preshared key E Back Next gt Cancel 10 Click the Add button on the lt Security Rule Wizard gt window to display the window below Enter outbound in the Name field and then click the Add button IP Filter List An IF filter list is composed of multiple filters In this way multiple subnets IF addresses and protocols can be combined into one IP filter Mame outbound Description Add Edit Remove V Use Add Wizard Description Protocol Source Port Destination gt Cancel 4 208 17 Click the Add button on the lt IP Filer Wizard gt window to display the window below S
154. rward Secrecy Authenticate and generate a new key after every 450 minutes Authenticate and generate a new key after every i session s Protect identities vath these security methods Methods Internet Rey Exchange KE for Windows 2000 Jointly developed by Microsoft and Cisco Systems Inc cancel 25 Select Encryption 3DES Integrity MD5 Diffie Hellman Med in the window below and then click the Move up button to move the first row of the corresponding item Click OK Key Exchange Security Methods x Protect identities during authentication with these security methods Security Method preference order 214 26 Select IP Security Policies on Local Machine on the lt Console gt window Select the item newly created on the right corner of the window and right click the Assign menu Then policy assignment is changed into Yes hi Console1 Console Root IP Security Policies on Local Machine i Console Window Help Action View Favorites K gt amx eRe ata A Tree Favorites C Console Root IP Security Policies on Local Machine 2 nats G secure Server Requir For all IP traffic always req E Server Request Secu For all IP traffic always req All Tasks gt Delete Rename Properties Help Assign this policy attempt to make it active 27 Select Start gt Program gt Administrative Tools gt
155. s menu of the Windows PPTP client that is installed When Changing Network Interfaces If a network interface i e IP Address gateway and subnet mask is changed while the router is operating all the IP sessions that are being used through that interface are disconnected When Using a Web Browser Use Microsoft Internet Explorer version 6 0 or higher as the web browser for the maintenance of the WIM Other web browsers are not supported When Using Dynamic IPs of DHCP PPPoE and VDSL When a dynamic IP is used the public information of Port Forward and Static NAPT is not automatically changed Therefore Fixed IPs should be used for the VoIP related services that the setups of Port Forward and Static NAPT menus are required In addition the Fixed IP are used for the VPN services that the setups of WAN IP addresses are needed Caution Before Operating the IDS Module Intrusion alerts of the IDS Module remain in the system log as long as IDS items are set to On in the System gt Log gt Configuration If not the alert will not remain in the log and if an intrusion occurs and is detected by the Data Server it cannot be confirmed When Changing the DB If the DB is changed imported the OfficeServ 7200 WIM will restart When Using a Private Key The private key is provided with the package The private key allows accessing SSH from the
156. sing key words ICMP Filtering Used to block ICMP Reply Ping Tracert etc of the WIM Interfaces 42 NAT NAT Network Address Translation is an Internet standard that enables a local area network LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic Select the NAT gt Management submenu to begin configuring NAT When a WIM is initially installed data traffic from a LAN device will not be allowed out Y over a WAN Interface The Private Network Configuration or Static NAT must be set up NOTE to allow this functionality Management This submenu is used to either enable or disable the NAT feature Select the Enable or Disable radio button and then click on the OK button to set NAT Enable Disable f Enable Disable en NAT Parameter Description Enable Used to enable the NAT function Disable Used to disable the NAT function Configuration This submenu is used by the administrator to allow a network configured with private IPs to send data through a WAN interface A private IP Address must be transferred to The Internet through an authenticated IP Address Basic Mode This window is used to configure a network by using the minimum number of options In the following Basic Mode example the WAN Interface is being set with an IP Address of 10 0 1 1 the Interface is being set to Ethernet1 and all Inside private IP Addresses are being
157. source IP is updated into the Ethernet Mac of the OfficeServ 7200 system ARP Refresh ARP Refresh Paramenters Ethernet Used to select the Ethernet to be changed Source IP Used to select the IP address to be changed Destination IP Used to select the Host or Mac to be changed Network Status Select the Network gt Network Status submenu to display the Network Status window The window displays the network information of each Ethernet interface Network Status ESIC a TERNAL C TAMO 210 G2 20 dee oo eo ese le ee oo es Nee srame joo 25255 255 0 Ethernet iMT_fem spame 1216224 255 255 255 0 Ethernet WI ERRA C TATIC EOL EOS Toe Toe es Seral INT_PRIY SyncPPP Ne aires E Taa Dae Laa a TOTA Name Server Serwer 1 loz t26 Doa Il Server 2 162 126 Oo 2 Domain 37 NLB The WIM supports 5 external WAN interfaces It can distribute network or Internet access traffic through each WAN interface by using the NLB function For effective access and traffic balancing the system uses the Weighted Round Robin method The NLB submenu is used for the setup of the Network Load Balancing function and Failover function Configuration In order to begin configuring the NLB function select the Network gt NLB gt Configuration submenu Network Load Balance Configuration etho 1 MLB Weight eth 1 2 NAT Status Enable Network Load Balance Configuration The Network Load Balance
158. start the IDS module Click the Stop button to stop the IDS module Block time When an intrusion is detected this timer determines how long the IP address is blocked from the system The max block time is 999999999 seconds 160 Log Analysis Using the IDS gt IDS Config gt Log Analysis submenu the system administrator can view alerts detected by the IDS module In this window select the desired IDS category and then click the OK button The IDS search can be narrowed down and pin pointed by defining the Search Log Parameters IDS Logs can be filtered by Priority Source IP Destination IP and Destination port Log Analysis Intrusion Type Alert summary by intrusion type Source IP Alert summary by source IP Destination IP Alert summary by destination IP Destination Port Alert summary by destination port Port Scan Port scan summary Log Analysis Parameter Description Category Intrusion type Used to set the WIM to show IDS log by intrusion type Source IP Used to set the WIM to show IDS log by intrusion type Destination IP Used to set the WIM to show IDS log by Destination IP Destination Port Used to set the WIM to show IDS log by Destination Port Port Scan Used to set the WIM to show IDS log if information is the port scan type Search Log Priority All d LI d Source IP Destination IP Destination Part 161 Search Log Parameter Description Category Priority Used to filter the IDS log by Pri
159. stination as specified by the security rule s IP filter list An PSec tunnel allows packets to traverse a public or private intermetwork with the secunty level of a direct private connection between two computers Specify the tunnel endpoint for the IP security rule This rule does not specify a tunnel f The tunnel endpoint is specified by this IF address fll lf 127 73 lt Back Next gt Cancel 21 Select Local Area Network LAN on the lt Network type gt window and then click the Next button Select Use this string to protect the key exchange preshared key and enter the password registered with the firewall Click the Next button Refer to step 9 Ze Select the inbound item in the step 16 window and then click the Next button Follow the step 17 and 18 23 Check Edit Properties and then click the Finish button to display the window below Select the General tab and then click the Advanced button IPSec Properties a z x Fules General aa IP security policy general properties Hame IFSec Description IPSec gt Check for policy changes every f a0 minutes Kew Sadho Rear these settings Advanced 213 24 Check Master key Perfect Forward Secrecy PFS and then click the Methods button in the window below IM Master key Perfect Fo
160. t After setting the target items click the OK button Access List ID Word Action Permit Deny any sone Network fioa fo fo fo i ea Exact match On Off Access List Parameters 1 99 Standard Access List 100 199 Extended Access List 1300 1999 Standard Access List 2000 2699 Extended Access List Used to set the Access list name Word Named Access List Action Used to allow or reject the packet matched Source Match Sets the match condition Any All packets Host A host Network Network range Destination If the ID ranges from 100 to 199 or from 2000 to 2699 then the Match Destination Match can be set as well as the Source Match condition Any All packets Host A host Network Network range Exact match Available when ID is set to word and when match condition is set to Network Sets only the packets matched correctly with the prefix 100 Once the Access List command is successfully executed then the results are directly applied to the Layer3 gt List gt Access List lt Current Status gt window Current Status o fe test permit 100 0 0 0 24 exact match In order to delete an Access List select the radio button to the left of the Access List and then click the Delete button Current Status Fields ID Access list name information Entry Access list description Prefix List The Prefix List provides the most powerful prefix based filtering mechanism In additi
161. t Current Status gt of Layer3 gt Configuration gt RIP submenu Current Status Router RIP router rip network 192 168 104 Help If a system administrator is unsure which RIP commands to use in the Command field then they may use the Help Command pull down menu to see all possible choices Once a command is selected the Argument pull down menu will be populated with the appropriate choices Once the correct RIP command is identified then type it into the Command field and click on the OK button to submit the change 94 RIP Interface The Layer3 gt Configuration gt RIP Interface submenu is used to select the Interfaces which will use RIP to apply advanced RIP functionality and to select the send and receive RIP settings per Interface 5 If a WAN Interface is set up to work through a VPN Tunnel then it will not be possible to XN send routing updates through it This includes RIP OSPF and BGP NOTE Select the target interface and enter the protocol configuration command directly RIP Interface ethd If the RIP command is successfully executed then the execution result is directly applied to the lt Current Status gt of Layer3 gt Configuration gt RIP Interface submenu Current Status Router RIP Interface eth In rip send version 1 2 In rip receive version 1 2 Help If a system administrator is unsure which RIP commands to use then they may use the Help C
162. t information on the port and the 65 number of a VLAN members may change Up to 256 MAC address members can be saved either in a single VLAN or in multiple VLANs Since a MAC Based VLAN does not basically contain port information the port serves as a VLAN member by receiving packets Thus the ARP packet must be transmitted to the switch to enable members of a VLAN to exchange packets Port Based VLAN The Port based VLAN is configured with an access list specifying membership in a set of VLANSs A single port can be assigned to multiple VLANs In such cases the broadcast packets transmitted by the port is transmitted to all VLANs containing the port Ports not assigned to any VLANS serve as a single VLAN 802 1Q SVL 802 1Q SVL can be set and operate with the same method as 802 1QUVL SVL Shared VLAN All VLANs operates while maintaining a common MAC address table Because the security is not tightened and the MAC address table exists for all ports data can be exchanged among all VLANs In order to create a new VLAN simply enter the VLAN name and ID and then click the Add button LAN Name LAN ID vane E Once a VLAN is created then it is then possible to add members to the VLAN Port and MAC based VLAN Zo hws nema fogged ID Name Untagged Tagged MPi MP2 MP3 MP4 MPS MP1iO MPii MPi il default MPS MP6 MP7 MP8 WPI3 MPi4 MPi5 VW P16 M uplink Pi D P2 CPS M PiO T Pii Pi P5 D P6 Pi3 Pi4 P15 P16 T
163. t the transmission cycle of BPDU Max Age Time Used to set the Message Age time Forward Time Used to set the time that the state of each port is changed Discarding Learning Forwarding Port Parameter Priority Standard to select the port to be blocked when the switch loop is established Force Version Communication is progressed via the switch connected to the corresponding port and the BPDU that a user specifies For 0 STP BPDU is transmitted For 1 RSTP BPDU is transmitted Path Cost Used to set and display the path cost according to the bandwidth when the connection with the opponent is established Port Fast If the port is enabled for Port Fast then the port becomes an Edge port and quickly goes into a forwarding state If this function is activated then the MAC address learned in the corresponding port is not canceled even when all topologies of Bridges are changed If STP is used then the Port Fast function should be disabled Link Type Used to set and display the type of the link connected to the opponent The link is connected as point to point in RSTP 75 Status The Layer2 gt RSTP gt Status submenu is used to display the status of the switch RSTP operation Bridge Information Protocol Status Designated Bridge Identifier Root Bridge Identifier Root Path Cost Root Port Last Topology changed Port Information Enabled 80000000f0121318 80000000f0121318 0 0
164. ta terminals Maximum range 120 terminals When entering one IP enter 192 168 0 60 60 Gateway The gateway information entered at the CALL Server Item Netmask The netmask information entered at the CALL Server tem 181 MAC Host ID_ The client authentication type NONE Executes the DHCP IP request without the authentication HOST Click the List Button and enter the HOST ID MAC Click the List Button and enter the MAC address Management The DHCP Server can be started or stopped by selecting the DHCP Server gt Management submenu Check the Auto Start Item to automatically start DHCP when the system is rebooted DHCP Server Management Internal Network Current States Running Stopped eth DHCP server auto start when system boot 182 VoIP Status The DHCP Server gt VoIP Status subenu is used to display active information on the OfficeServ 7200 system When the Call Server receives the IP allocations the information is notified via the Module interface demon of the Data Server and this information can be confirmed on the screen below DHCP Server Current States RUNNING Server Status IP MAC Address CALL Connected 192 168 2 100 00 00 f0 e8 00 57 FEATURE Connected 192 168 2 101 ew ea em PP il 2 E 4 J 6 7 8 9 en 183 Leases Status The system administrator can view the DHCP lease staus on all DHCP IP devices using the VoIP Service
165. tered by Priority Source IP Destination IP and Destination port Search Log Priority Source IP Destination IP Destination Part LI d m Once the Search Log Category is selected the administrator can select the desired condition Set the condition and then click the OK button to display the desired information in the window as follows Result of Search Src IP Priority Mum Description gt Destination IP EE a IE 2 JU a lhe ara Jle JUDG 192 le Ene JUG oo UGhe ae r E WBE E e D JUG w be Toa a a IU ese ae r La G a gt She Iara 0 Ibe th 192 168 0 e Eo Ee are hg ENa aoe Ee 1 ane 0 e 12 ee ee a lhe Gaa A 192 leS urri a Ee ae e LEE ICMP PING ICMP PING NIx ICMP PING BSOtype INFO TELNET access ICMP Echo Reply INFO TELNET access WEB MISC SSLv 3 Invalid WEB MISC SSLv3 Invalid Selecting Search Condition Since the conditions are not displayed dependently the administrator cannot obtain a CHECK result that satisfies all conditions 166 Configuration Using the IDS gt IDS Config gt Configuration submenu the system administrator can configure the Interface s which will use IDS set the Detection Level and Type for IDS and choose which IDS rules to use Select Device The Select Device window is used by the administrator to set up a network for IDS monitoring The interfaces which are set up as WAN can be selected here The administrator simply selects
166. the Layer2 gt IGMP Snooping gt Time Interval submenu to configure the time related parameters of IGMP Snooping Time Interval VLAN Group Membership 170000 ms Grou Last Member Max Response LAN 5 Other Query ms Membership ms Query ms ms Default 120000 1000 10000 120000 IGMP Time Interval Category Description VLAN Pull down menu used to select the VLAN to be configured Group Membership Used to configure the time to exit from the multicast forwarding database list when new report does not exist Last Member Query Used to configure the time to wait a response report after sending a query to check if the host is the last host when multicast router receives a leave message from a host If the report is not replied until the time is elapsed the host is deleted from the group Max Response Used to configure the maximum time until its response when IGMP Snooping query is received Other Query Used to configure the time until the operation as a querier starts when a query from the multicast router doest not exist Select the VLAN and the Category to configure enter the timed value and then click the OK button to store the configuration 83 Function Use the Layer2 gt IGMP Snooping gt Function submenu to specify the functions related to IGMP Snooping Function PEE O ooaroument OOOO VLAN Defaut W Querier E Disable Cross LAN Flood DPM Default Disable Disable IGMP Sn
167. the OfficeServ 7200 system without the change of the existing network To add entries click the Add button and enter the following IP address and netmask To delete entries select the entry to be deleted and click the Delete button e IP Alias Is used to add up to 32 IP addresses To add entries click the Add button and enter the following IP address and netmask To delete entries select the entry to be deleted and then click the Delete button 23 WAN gt Static IP Programming Example In the example listed below the following information is assigned to the Ethernet Interface The Interface type is set to Static WAN the IP Address is entered as 10 1 1 2 the Subnet Mask is 255 0 0 0 the Gateway is 10 0 0 1 and the Default Gateway box is checked Click the OK button on the bottom of the window to save the information Interface Type fe WAN LAA NONE Protocol Type Static IP O PPPoE C DHCP WAN Static IP IF i10 I p p 2 Netmask MTU Gateway Default Gateway By checking the Default Gateway box a default route is entered into the routing table specifying this Gateway as the default route It is displayed in the WIM Routing Table as 0 0 0 0 1 0 via 10 0 0 1 eth1 Routes ane 00 0 0 070 1 0 via 10 0 0 1 eth1 E 10 0 0 078 is directly connected ethl E ie 127 0 0 0 8 Is directly connected loopback ree 192 168 1 0 24 Is directly connected eth2 24 WAN gt PPPoE Select the WAN
168. the Rate In Out for each port The unit is the ratio against port soeed and should be set to 0 when not using flow control when flow control item is not checked Used to allow or deny the MAC address table from being updated on a per port basis If the Security box is checked then the source MAC address table will not update when a device is connected to the port For ports using Security the MAC address information of the connecting terminal device must be entered into the Static MAC Address field in the Port gt MAC gt Static Address submenu otherwise the connecting terminal will not function at the Layer 2 If the Security box is not checked then the Static MAC address table is updated with the connecting terminal s MAC address information automatically Used to set the port priority to Low or High Once the priority is set to Low or High then the QoS Mode can be defined as First Come First Service FCFS Weighted Round Robin WRR or All High Before Low using the Port gt QoS submenu 61 Statistics Select the Port gt Statistics submenu to retrieve the link status speed transmission system and statistics of each port The numbers show the accumulated values for the period from the system boot up to date The window is automatically updated by clicking the Refresh button Click the Reset button to initialize all values to 0 Statistics en aes ee eo Packe
169. the check box of the Interace needing to be monitored and it is activated Select Device Set Detection Level amp Type The intrusion types are classified as High Medium and Low according to the risk level The administrator can set up the intrusion detection levels so an alert will be generated when an intrusion exceeding the level occurs In addition the administrator can set up the associated operations for each intrusion level For example if the Block box is checked for High then the relevant IP Address is blocked from accessing the system for a configured time If the Mail box is checked then alerts are sent to the system administrator via email Set Detection Level amp Type C Block C Block C Block Mail Mail Mail 167 IDS Rule Configuration This window is used by the administrator to select the IDS rule sets to be used by the system IDS Rule Configuration local rules exploit rules finger rules telnet rules rservices rules ddos rules ttp rules web coaldfusion rules web frontpage rules web client rules sqli rules icmp rules misc rules oracle rules snamp rules imap rules pops rules other ids rules backdoor rules policy rules Info rules WIrus rules KS Ss Se SS SS A A A SS SS a A multimedia rules experimental rules Oem Click the box of each rule set that needs to be functioning and then click on the OK button to activate the selected rule sets bad traffic rules sca
170. then select DEC 10 digits or HEX 16 digits Then enter the Tos value and click the Save button Ingress Parameter Description Device Used to select a port to set up Ingress QoS Ethernet0 Etherneti or Ethernet2 TOS When a packet is Ingress and the TOS is set up then that packet is preferentially transmitted Ingress Management The QoS gt Ingress gt Management submenu is used to start or stop the Ingress service Ingress Management Stop 136 Status Menu The Status Menu is used to view active IP sessions on the WIM to display statistics on interfaces and protocols and to view CPU utilization Select the Status menu to begin viewing the system information The submenus will be displayed in the upper left side of the window as follows Status El Connection gt Sessions El Statistics Devices Protocols El Monitoring Current History Process Service Status Menu Description Menu Description Connection Sessions Used to display the information on the IP address and IP ports connected to WIM Statistics Devices Used to display the WIM network statistics for the Tx and Rx of each interface Protocols Used to display the WIM network statistics of each protocol Monitoring Current Provides the WIM network statistics in a table format in real time History Used to display the WIM network statistics on an hourly weekly monthly yearly basis Process Used to display the infor
171. top Time Server Server 1 Server 2 199 Manual Config By using the System gt Time Configuration gt Manual Config submenu the administrator can manually set and modify the date and time of the WIM In the Date Time Configuration window enter the desired date and time and then click the OK button to save the changes The new date and time will be displayed in the Current Time window In order to synchronize the date and time of the system with the MP40 then check the Set by C S box and then click the OK button to save the change Manual Configuration 2005 Sep 26 Mon 21 36 43 2005 Sep y 26 i 21 vl 36 4 Timezone By using the System gt Time Configuration gt Timezone submenu the administrator can change Time Zones by selecting the desired timezone and then by clicking the OK button to save the change Time Configuration Time Zone 200 Upgrade Upgrading the WIM software is performed using the System gt Upgrade submenu First obtain the appropriate upgrade files Then enter the new software package version number in the Package Version field Select Package Upgraded Then select one of the three types of upgrade methods TFTP HTTP or Local If the Upgrde method is TFTP or HTTP enter the correct IP address of the server Then click the OK button to start the upgrade process Select Upgrade Method Upgrade Method Upgrade Server IP TFTP i92 ies 1
172. ts Dropped Packets Dropped Porti Off 0 0 0 0 Port2 Off Port3 Off Port4 Off PortS Off Port6 Off Port7 Off Off Off O O O QO O O O O O O QO O O G 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 So O O O O O O O O O O O O OOG O O O O O O O O OO 8 Gd cs 8 8S D O O O O O O G O OO O amp amp O O O O O O O O O O O OOOOOOQO O O O O O O O O O O O O O O O O O uw O 1D Statistic Field Description Port This column is used to lists the 16 switch ports and 1 uplink port Link This column is used to show the link status of the switch port Input Packets This column is used to show the number of packets which are successfully sent to the port Input Dropped This column is used to show the number of packets which are successfully sent to the port but not switched and dropped Input Errors This column is used to show the number of packets which are sent to the port but an error occurs Output Packets This column is used to show the number of packets which are sent out through the port Output Dropped This column is used to show the number of packets which are successfully sent out through the port but are not switched and dropped Output Errors This column is used to show the number of packets which are sent out through the port but an error occurs Collisions This column is used to show the number of cases that a collision occurs between packets received in the port and switched 62 MISC Select the
173. twork ports 1 through 65000 and any protocol it will be redirected to 192 168 1 50 on network ports 1 through 65000 and any protocol Static NAT Parameter Description Inside IP Port Used to set an inside IP Address and network ports 49 WAN IP Port Used to set the WAN IP Address and network ports Protocol Used to select the protocol type Index No Used to set the location of the Static NAT rule Firewall The WIM firewall is software based and configured to permit or deny connections from The Internet or other networks depending of the organization s security policies Select the Firewall gt Firewall gt Management submenu to begin configuring the firewall Management This submenu is used to either enable or disable the firewall feature Select the Enable or Disable radio button and click on the OK button to set Filter Enable Disable Enable Disable Firewall Parameter Description Enable Radio button used to enable the Firewall function Disable Radio button used to disable the Firewall function Configuration This submenu is used by the administrator to set firewall rules which are used to allow or deny access to and from the WIM Basic Mode This window is used to configure firewall rules by using the minimum number of options This Basic Mode example shows how to block traffic from the 192 168 1 0 network to the destination IP Address 10 0 2 1 In the Basic Mode all
174. up List ee Source IP PORT Destination IP Z PORT fe VoIP any f any MGI_IF MGI Ports TCP_MCFP tcp any f any MCP _IP MCP Ports a Tce tcp any any Network AIL TCR In order to delete a Filter Group List highlight the radio button to the left of the Filter Group List and then click the delete button 124 Class Group The QoS gt Group gt Class Group submenu is used by the administrator to retrieve set edit or delete SPQ Class Group and HTB Class Group configurations SPQ Class Group Begin configuring the Strict Policy Queuing by clicking the Add button SPQ Class Group List After the Add button is clicked the SPQ Class Group configuration window will open By default the Class Type is set to leaf Set the ID and filter of the leaf classes and then click the OK button to save the changes SPQ Class Group ID Class Type C root leaf Filter Apply 400 es TCP MCP all TOR 400 ALL oe REMOVE lt lt lt REMOVE ALL 125 In the examples listed below there are three leaf and one root SPQ Class Groups created One Be Ay leaf is for the VoIP Traffic the second is for the MP40 and the last leaf is for the rest of the TCP traffic on the 192 168 1 0 24 network The root group prioritizes the leafs into High Middle and Low Priority Groups Example 1 shows a SPQ leaf Class Group which was designed for VoIP traffic SPQ Class Group ID orr Glass ine root
Download Pdf Manuals
Related Search