Unified Services Router User Manual - D-Link
Contents
1. eccecceceesceseeeseecceseeseesececeeseesecaeceeeeaeeseeseceeeseeaeeeeeeees 41 Figure 22 Load Balancing is available when multiple WAN ports are configured and Protocol Bindings have been defined 0 0 eeecesesceeccecceseeseeeeceseeseeseeseeeseeseceeceeeaeeaeceeeeeeeseeareeeeess 43 Figure 23 Protocol binding setup to associate a service and or LAN source to a WAN and or Cestination NetWork eisnses nen e E E E EE E ONS 44 Figure 24 Routing Mode is used to configure traffic routing between WAN and LAN as well as Dynamic routing RIP eseseeceeseeseeseeeecesceseesecececeeaecaeseeeeaeeaeceeceeeeaesaesaeseeeeaeeaeeeeenees 46 Figure 25 Static route Configuration fields cceeeceeccesceeceesceseeseeeeeeceeseesecsececesecaeeseceeeeaeeseereeeeess 49 Figure 26 WAN2 configuration for 3G internet part 1 eee eeeeeeceeseeseceeeeeeeseeseeseeeeeeseeaeeeeeeeees 50 Figure 27 WAN2 configuration for 3G internet Part 2 oo ee eceseeeeceeseeseeeeeeeceseesecseeeeeseeaeeaeeneeees 51 Figure 28 Physical WAN port SettingS eccecceeseeseesceseeseceeeeseeseceeeeceeseesecaeseeeaesaeceeeeeseeaeeseeeneess 52 Figure 29 Wireless Network Setup Wizards 0 eeeceeceesceeseeceeseeseeseeeceeseesecsecseeeaeesecaeceeeeaeeaeeeeeeees 54 Figure 30 List of Available Profiles shows the options available to secure the wireless link 56 Figure 31 Profile configuration to set network security ececeeeeseeseeseeeeceecese2. 4 3 DSR 1000N SETUP ADVANCED TOOLS STATUS RADIUS SERVER LOGOUT This page configures the RADIUS servers to be used for authentication A RADIUS server maintains a database of user accounts used in larger environments IF a RADIUS server is configured in the LAN it can be used for authenticating users that want to connect to the wireless network provided by this device IF the first primary RADIUS server is not accessible at any time then the device will attempt to contact the secondary RADIUS server For user authentication Save Settings Don t Save Settings Radius Server Configuration Authentication Server IP Address fiszieai2 Primary 192 168 1 2 Authentication Server IP Address fisziesia Secondary 192 168 1 3 Authentication Port 1812 Secret fee Timeout fi Seconds Retries 2 Creating and Using Access Points Setup gt Wireless Settings gt Access Points Once a profile a group of security settings is created it can be assigned to an AP on the router The AP SSID can be configured to broadcast its availability to the 802 11 environment can be used to establish a WLAN network The AP configuration page allows you to create a new AP and link to it one of the available profiles This router supports multiple AP s referred to as virtual access points VAPs Each virtual AP that has a unique SSIDs appears as an independent access point to clients This valuable feature allows the router s r
3. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG encrypt data length mismatch encrypt data does not compare tkip decap failed decrypt phase1 botch decrypt data does not compare decap botch length mismatch decap botch data does not compare tkip demic failed 802 11i TKIP test vectors passed s buf Atheros HAL assertion failure s line Ku WS ath_hal logging to s s ath_hal_logfile ath_hal logging disabled S s sep ath_hal_buildopts i ath_pci No devices found driver not installed fmt _VA_ARGS s Warning using only u entries in u key cache s TX99 support enabled dev gt name S grppoll Buf allocation failed __func__ S s unable to start recv logic S s unable to start recv logic s no skbuff func__ s hardware error resetting dev gt name s rx FIFO overrun resetting dev gt name s unable to reset hardware s HAL status u s unable to start recv logic dev gt name s s unable to reset hardware s HAL status u S s unable to start recv logic ath_mgtstart discard no xmit buf S 02u 7s tag ix ciphers hk gt kv_type 02x hk gt kv_valli mac s ether_sprintf mac S SC gt SC_splitmic mi
4. 93 Unified Services Router User Manual Figure 58 IPsec policy configuration continued Auto Manual Phase 2 Phase2 Manual Policy Parameters SPI Incoming SPI Outgoing Encryption Algorithm Key Length Key In Key Out Integrity Algorithm Key In Key Out Phase2 Auto Policy Parameters SA Lifetime Seconds x Encryption Algorithm 3DES z Key Length Integrity Algorithm PFS Key Group 6 2 1 Extended Authentication XAUTH You can also configure extended authentication XAUTH Rather than configure a unique VPN policy for each user you can configure the VPN gateway router to authenticate users from a stored list of user accounts or with an external authentication server such as a RADIUS server With a user database user accounts created in the router are used to authenticate users With a configured RADIUS server the router connects to a RADIUS server and passes to it the credentials that it receives from the VPN client You can secure the connection between the router and the RADIUS server with the authentication protocol supported by the server PAP or CHAP For RADIUS PAP the router first checks in the user database to see if the user credentials are available if they are not the router connects to the RADIUS server 6 2 2 Internet over IPSec tunnel In this feature all the traffic will pass through the VPN Tunnel and from the Remote Gateway the packet will be routed to Internet
5. s flow dst s _ FUNCTION __ XFRMSTRADDR fl gt fl6_dst family s flow src s _ FUNCTION XFRMSTRADDR fl gt fl6_src family a guy asks for address mask Who is it icmp v4 hw csum failure expire gt gt u d d d expire expire u d d d expire rt_cache 02x u u u u hash rt_bind_peer 0 p NET _CALLER iph ip_rt_advice redirect to ip_rt_bug u u u u gt RuU U U YU S UDP short packet From U U U U U d d to u u VU U U UDP bad checksum From d d d d d to Hd d d d d ulen d a guy asks for address mask Who is it fib_add_ifaddr bug prim NULL fib_del_ifaddr bug prim NULL expire gt gt u d d d expire expire Yu d d d expire rt_cache 02x u u u u hash rt_bind_peer 0 p ip_rt_advice redirect to ip_rt_bug u u u u gt U U YU U S s lookup policy list found s s called output START FUNCTION _ s flow dst s _ FUNCTION XFRMSTRADDR fl gt fl4_dst family s flow src s FUNCTION _ XFRMSTRADDR fl gt fl4_src family s flow dst s _ FUNCTION XFRMSTRADDR fl gt fl6_dst family s flow src s FUNCTION _ XFRMSTRADDR fl gt fl6_src family a guy asks for address mask Who is it icmp v4 hw csum failure expire gt gt u d d d expire expire u d d d expire rt_cache 02x u u u u hash rt_bind_peer 0 p NET _CALLER iph ip_rt_advice redirect to
6. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DOT11_RX_EAPOL_KEYMSG unknown ifname s cmd d not supported sender d inteface name passed is NULL BSSID passed is NULL inteface name passed is NULL unable to allocate memory for DOT11_CTX unable to install wme mapping on s unable to get s mac address Failed to set s SSID Failed to set SSID broadcast status Failed to set PreAuth mode unable to install key KDOT11_SET_PARAM IEEE80211_ OC_AUTHMODE failed KDOT11_SET_PARAM IEEE80211_ OC_PRIVACY failed wpalnit failed dot11InstallProfile unable to get interface index adpHmaclnit s failed interface s not found AP not found on s keyLen gt PNAC_KEY_MAX_SIZE Invalid profile name passed Creation of WPS EAP Profile failed unsupported command d device s not found unsupported command d dot11NodeAlloc failed Getting WPA IE failed for s Getting WPS IE failed for s ee initialize authenticator for node Failed to get the system up time while adding node s error creating PNAC port for node s dot11NodeAlloc failed Invalid arguments User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 184
7. plsr xlr8NatConntrackPreHook secure d secure Context found for ESP p pFlowEntry gt post plsr 0 xlr8NatConntrackPreHook New connection xlr8NatConntrackPostHook postSecure d postlsr Yop p proto d spi d lt gt proto d spi d pPktInfo gt proto pPktInfo gt spi IPSEC_INF Clock skew detected User Manual DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 197 Unified Services Router WINDOW u ntohs th gt window RES 0x 02x u8 ntohl tcp_flag_word th amp TCP_RESERVED BITS gt gt 22 URGP u ntohs th gt urg_ptr TRUNCATED 02X opfi PROTO UDP INCOMPLETE u bytes SPT u DPT u LEN u SPT u DPT u LEN u y PROTO ICMP INCOMPLETE u bytes TYPE u CODE u ich gt type ich gt code INCOMPLETE u bytes ID u SEQ u PARAMETER u GATEWAY u uU u U MTU u ntohs ich gt un frag mtu PROTO AH INCOMPLETE u bytes SPI 0x x ntohl ah gt spi PROTO ESP INCOMPLETE u bytes SPI 0x x ntohl eh gt spi PROTO u ih gt protocol UID u skb gt sk gt sk_socket gt file gt f_uid lt d gt sIN s OUT s loginfo gt u log level level_string SIN S OUT S y s prefix NULL loginfo gt pref
8. 02x o 1 02x s don t know what to do o 5 02x S wrong options length u fname opt_len s options rejected o 0 02x o 1 02x S wrong options length u User Manual INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G 202 Unified Services Router MD5 Software Test s md5SoftTest 0 Failed Passed MD5 Hardware Test MD5 Hardware Test s md5HardTest 0 Failed Passed AES Software Test d iterations iter AES Software Test Duration d d AES Hardware Test d iterations iter AES Hardware Test Duration d d 3DES Software Test d iterations iter 3DES Software Test Duration d d 3DES Hardware Test d iterations iter 3DES Hardware Test Duration d d DES Software Test d iterations iter DES Software Test Duration d d DES Hardware Test d iterations iter DES Hardware Test Duration d d SHA Software Test d iterations iter SHA Software Test Duration d d SHA Hardware Test d iterations iter SHA Hardware Test Duration d d MD5 Software Test d iterations iter MD5 Software Test Duration d d MD5 Hardware Test d iterations iter MD5 Hardware Test Duration d d pnac src pnac linux kernel xcalibur c 2 09 define DEBUG_PRINT
9. 26 Unified Services Router User Manual IP Address The IP address of the UPnP device detected by this router Click Refresh to refresh the portmap table and search for any new UPnP devices 2 5 Captive Portal XW DSR 250N does not have support for the Captive Portal feature LAN users can gain internet access via web portal authentication with the DSR Also referred to as Run Time Authentication a Captive Portal is ideal for a web caf scenario where users initiate HTTP connection requests for web access but are not interested in accessing any LAN services Firewall policies underneath will define which users require authentication for HTTP access and when a matching user request is made the DSR will intercept the request and prompt for a username password The login credentials are compared against the RunTimeAuth users in user database prior to granting HTTP access XW Captive Portal is available for LAN users only and not for DMZ hosts Status gt Active RunTime Sessions The Active Runtime internet sessions through the router s firewall are listed in the below table These users are present in the local or external user database and have had their login credentials approved for internet access A Disconnect button allows the DSR admin to selectively drop an authenticated user Figure 10 Active Runtime sessions Active RunTime Sessions LAN Clients Active VPNs DSR 1000N ADVANCED TOOLS STATUS Traff
10. 71 Figure 42 Schedule configuration for the above example 00 0 ceeeceeseeseeeeeeceeseeeeeeeeeeeseeaeeeessenes 75 Figure 43 List of user defined SCrViCES 0 2 0 ce ceceeeeseeceeseeeeeeseeseeseceeesceeseesecseceecesesaecseeeeeeseeaeereneeass 77 Figure 44 Available ALG support on the router ecceeseecceseeseeeceeceeseeseceeeeeeeseeaeeaeeeeeseeaeeeeeeenes 78 Figure 45 Passthrough options for VPN tunnels 0 0 0 0 ceeeeceeseeseeeeeeceeseesecseceeeeseeaeeseeeeeaeeaeeseentenss 79 Figure 46 List of Available Application Rules showing 4 unique ruleS eceeeeeeseeseeseeeeeeeeees 80 Figure 47 Content Filtering used to block access to proxy servers and prevent ActiveX controls from being GOWNlOAMEM ee eeeeseesceseesscecceseeseeseeeeeeceesecaecseeesessecaeceeseaeeaecaeeeeeseeaeeteeeenes 81 Figure 48 Two trusted domains added to the Approved URLS List e ee ceceeeeseeeeeseeseeeeeeeeees 82 Figure 49 Two keywords added to the block list ee eeeesseesceeceeeeesseeseeecessesseeeceesesaeeaeereeeeaes 83 Figure 50 The following example binds a LAN host s MAC Address to an IP address served by DSR If there is an IP MAC Binding violation the violating packet will be dropped and logs Will be captured ennenen erae eE E eit iaa 84 Figure 51 Intrusion Prevention features on the router s s sssesssesesesesersrsrsrsrsrersrsrstststserrrsrsrsrsrsrst 85 Figure 52 Protecting the router and LAN from internet at
11. DEBUG DEBUG DEBUG DEBUG DEBUG WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN WARN User Manual RC4 framework initialization failed PNAC framework initialization failed ERROR option value not specified ERROR u can be used only with s ERROR user name not specified failed to enable debug s failed to convert string to MAC failed to initialize UMI pnacPhyPortParamSet invalid arguments pnacPhyPortParamSet Failed to create socket Error from pnacPhyPortParamSet s device invalid Error from pnacPhyPortParamSet s Getting MAC address pnacPhyPortParamSet Failed to add 802 1X multicast pnaclsInterfaceUp failed to create a raw socket pnaclsinterfaceUp failed to get interface flags failed to allocate buffer UMI initialization failed UMI initialization failed Error from pnacEapDemoAuthLiblnit malloc failed Error from pnacEapDemoAuthRecv received null EAP pkt Error from pnacEapDemoAuthRecv send Error from pnacRadXlateASAdd cannot open socket Error from pnacRadXlateDemoRecv received null EAP pkt From pnacRadXlateDemoRecv send Error from pnacRadXlateDemoRecv radius Error from pnacRadXlateDemoRecv radius Error from pnacRadXlateRadidRespSend send to failed Error from pnacRadXlateRadNonldRespSend send to failed Error from pnacRadXlateRadRecvProc recvfrom failed From ERROR ERROR ERROR E
12. ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 160 Unified Services Router s DBUpdate event Table s opCode d rowld d S d SIP ENABLE s sipTblHandler failed to update ifStatic sipTblHandler failed to update Configport S d SIP DISABLE s S od SIP SET CONF s Failed to open s s Failed to start sipalg Failed to stop sipalg Failed to get config info Network Mask 0x x RTP DSCP Value 0x x Need more arguments Invalid lanaddr Invalid lanmask Invalid option Failed to set config info Unknown option sshdTblHandler pPort s pProtocol s pListerAddr s pKeyBits s pRootEnable s pRsaEnable s pDsaEnable s pPassEnable s pEmptyPassEnable s pSftpEnable s pScpEnable s pSshdEnable s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Failed to commit ifStatusDBUpdate Failed to begin s SQL error S s Failed to commit nimfNetlfaceTblHandler unable to get LedPinld nimfNetlfaceTblHandler unable to get LedPinld nimfNetlfaceTblHandler unable to get LedPinld s unable to kill dhclient nimfAdvOptSetWrap una
13. Figure 67 Figure 68 Figure 69 Figure 70 Figure 71 Figure 72 Figure 73 Figure 74 Figure 75 Figure 76 Figure 77 Figure 78 Figure 79 Figure 80 Figure 81 Figure 82 Figure 83 Figure 84 Figure 85 Figure 86 Figure 87 Figure 88 Figure 89 Figure 90 Figure 91 Figure 92 Figure 93 Figure 94 Figure 95 Figure 96 Figure 97 List of SSL VPN polices Global filter 0 0 0 ec ceceeceeseeseeeceeseeseeseeeeeeceesecaeeeeeeaeeaeeaeeeeenes 103 SSL VPN policy GONMMIQUIALION 243 cFe0tevseeke tes tavecdesttue dagstoetin a o 104 List of configured resources which are available to assign to SSL VPN policies 106 List of Available Applications for SSL Port Forwarding cceccesceseeeeeeseeseeeeeeeeees 108 SSL VPN client adapter and access COnfiguratiOn e cesceeceeceeseeseeeeeeeeeseeseeneeneees 109 Configured client routes only apply in split tunnel MOdE eee ee eeeeeeeeeteeteeeeeeeees 110 List of configured SSL VPN portals The configured portal can then be associated with AN authentication COMAIN ccecceseeceeseesceseeeseeseeseesecseeseesecsecseesseeaecaecseeesesseseereeees 111 SSL VPN Portal COnfiQSuration iese einer eienenn aean 112 USB DeViCe Detection siers oiis se a a a a E Ea ae dave na AS 114 Certificate summary for IPsec and HTTPS management ecesceeeeeeteeseeereeeees 116 Advanced Switch Settings cccecceceescesessceseeseceeceeceseese
14. pptpMgmtDBUpdateHandler returning with status s dhcpcReleaseLease dhcpc release command s dhcpcMgmtTblHandler MtuFlag d dhcpcMgmtTblHandler Mtu d DHCPVv6 Server started successfully DHCPV6 Server stopped successfully DHCPV 6 Client started successfully DHCPV 6 Client stopped successfully DHCPVv 6 Client Restart successful I2tpMgmtTblHandler MtuFlag d I2tpMgmtTblHandler Mtu d I2tpMgmtTblHandler IspName s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG xl2tpdStop failed writing xl2tpd conf failed writing options xl2tpd failed xl2tpdStop failed xl2tpdStart failed sqlite3QueryResGet failed Query s writing Chap secrets Pap Secrets failed xl2tpdStop failed xl2tpdStart failed sqlite3QueryResGet failed Query s writing Chap secrets Pap Secrets failed xl2tpdStop failed xl2tpdStart failed sqlite3QueryResGet failed Query s writing Chap secrets Pap Secrets failed Error in executing DB update handler unboundMgmt unable to open the Can t kill pptpd pptpd restart failed Can t kill pptpd failed to get field value failed to get field value unboundMgmt unable to open the writing options pptpd failed pptpdStop failed writing pp
15. s DBUpdate event Table s opCode d rowld d Re Starting sshd daemon sshd re started successfully sshd stopped failed query s vlan disabled not applying vlan configuration failed query s failed query s no ports present in this vianld d failed query s vlan disabled not applying vlan configuration disabling vlan enabling vlan vlan disabled not applying vlan configuration no ports present in this vianld d failed query s vlan disabled not applying vlan configuration removing s from bridge s s adding s to bridge d s restarting bridge switchConfig Ignoring event on port number d restarting bridge executing sS S removing s from bridge s s adding s to bridge d s switchConfig Ignoring event on s restarting bridge switchConfig Ignoring event on port number d switchConfig executing s s restarting bridge UserName s Password s IsoName s DialNumber s Apn s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG nimfGetUpdateMacFlag unable to get Flag from MacTable nimfMacGet Updating MAC address failed sqlite3QueryResGet failed Query s error executing the command s
16. 192 Unified Services Router S d bad sequence number d expected d PPPIOCDETACH file gt f_count d PPP outbound frame not passed PPP VJ decompression error PPP inbound frame not passed PPP reconstructed packet PPP no memory for missed pkts u u s INC_USE_COUNT now d __ FUNCTION __ mod_use_ count s DEC_USE_COUNT now d __ FUNCTION __ mod_use count PPPOL2TP s _fmt PPPOL2TP gt s _ FUNCTION_ PPPOL2TP lt s _ FUNCTION _ s recv tunnel gt name s xmit session gt name s xmit session gt name s module use_count is d __ FUNCTION _ mod_use_ count PPPOL2TP s _ fmt PPPOL2TP gt s _ FUNCTION _ PPPOL2TP lt s _ FUNCTION _ s recv tunnel gt name s xmit session gt name s xmit session gt name PPPOL2TP s _ fmt PPPOL2TP gt s _ FUNCTION _ PPPOL2TP lt s _ FUNCTION _ s recv tunnel gt name s xmit session gt name s xmit session gt name IRQ 31 is triggered s d func _LINE_ t R s 0x 0x 0x 08x 08x status ERROR page addr uint32_t pValue gt gt 32 uint32_t pValue amp Oxffffffff t W s 0x 0x 0x 08x 08X status ERROR page addr uint32_t value gt gt 32 uint32_t value amp Oxffffffff s Mac_add 02XK 02X 02X 02K 02X 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 DEBUG DEBUG D
17. BAD SESSION MAGIC S S d BAD TUNNEL MAGIC msg gt msg_namelen wrong d msg gt msg_namelen addr family wrong d usin gt sin_family udp addr x hu usin gt sin_addr s_addr usin gt sin_port S S d BAD TUNNEL MAGIC S YS d BAD TUNNEL MAGIC socki_lookup socket file changed S S d BAD TUNNEL MAGIC S 8 d BAD SESSION MAGIC S S d BAD TUNNEL MAGIC msg gt msg_namelen wrong d msg gt msg_namelen addr family wrong d usin gt sin_family udp addr x hu usin gt sin_addr s_addr usin gt sin_port User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 207 Unified Services Router s cancel DFS WAIT period on channel d __ func__ Sc gt sc_curchan channel Non DFS channel cancelling previous DFS wait timer channel d sc gt sc_curchan channel s unable to reset hardware hal status u s unable to start recv logic _ func__ s unable to start recv logic func__ s unable to reset hardware hal status u hardware error reseting rx FIFO overrun reseting s During Wow Sleep and got BMISS func __ AC tRTS tAggr Scaling tMin Rate Kbps tHBR tPER LOW THRESHOLD BE t s t tVod t 6alt t s t od BK t s t tVod t 6
18. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual umiloctl UMI_COMP_IAPP d failed Invalid IE umiloctl UMI_COMP_KDOT11_VAP d failed umiloctl UMI_COMP_KDOT11 d d failed KDOT11_SET_PARAM IEEE80211_ OC_WME_CWMIN failed KDOT11_SET_PARAM IEEE80211_ OC_WME_CWMAX failed KDOT11_SET_PARAM IEEE80211_ OC_WME_AIFS failed KDOT11_SET_PARAM 80211_ IOC __ WME_TXOPLIMIT failed KDOT11_SET_PARAM IEEE80211_ OC_WME_ACM failed KDOT11_SET_PARAM IEEE80211_ OC_WME failed invalid group cipher d KDOT11_SET_PARAM IEEE80211_ OC_MCASTCIPHER failed KDOT11_SET_PARAM IEEE80211_1 OC_MCASTKEYLEN failed KDOT11_SET_PARAM IEEE80211_ OC_UCASTCIPHERS failed KDOT11_SET_PARAM IEEE80211_ OC_KEYMGTALGS failed KDOT11_SET_PARAM IEEE80211_1 OC_WPA failed unknow cipher type d umiloctl UMI_COMP_IAPP d failed invalid media value d invalid mediaOpt value d invalid mode value d dot11PnaclfCreate failed wpaPRF failed Error generating global key counter wpaCalcMic unsupported key descriptor version integrity failed need to stop all stations couldn t find AP context for s interface dot11Malloc failed dot11Malloc failed eapolRecvKeyMsg unknown descType d ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR E
19. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Subnetaddress should be provided with accessoption 2 Failed to restart sshd unable to open the sqlite3QueryResGet failed Query s Error in executing DB update handler Error in executing DB update handler unknown vlan state Failed to execute vilanConfig binary for vlanld d sqlite3_mprintf failed Access port can be present only in single vlan Failed to execute vlanConfig binary for vlanld d unknown vlan state Failed to execute vlanConfig binary for port number d Failed to clear vlan for oldPVID d Failed to execute vilanConfig binary for port number d Failed to clear vlan for d Failed to set vlan entry for vlan d Failed to set vlan entries while enabling sqlite3QueryResGet failed Failed to execute vianConfig binary for port number d Failed to execute vilanConfig binary for vlanld d Failed to enable vian Failed to disable vlan Failed to set vlanPort table entries while Failed to enable vlan unknown vlan state Error in executing DB update handler unknown vlan state Failed to execute vlanConfig binary for vlanld d sqlite3_mprintf failed Access port can be present only in single vian Failed to execute vianConfig binary for vlanld d unknown vlan state Failed to execute vianConfig binary for port number d Failed to clear vlan for oldPVID d Failed to execute vlanConfig binary f
20. Dynamic IP Address MAC Address Source Use Default Address MAC Address Host Name 3G Internet Connection Type Username Password p Dial Number Fa 0Ot S Authentication Protocol None v wap cingular Optional APN 3 7 WAN Port Settings Advanced gt Advanced Network gt WAN Port Setup The physical port settings for each WAN link can be defined here If your ISP account defines the WAN port speed or is associated with a MAC address this information is required by the router to ensure a smooth connection with the network The default MTU size supported by all ports is 1500 This is the largest packet size that can pass through the interface without fragmentation This size can be increased however large packets can introduce network lag and bring down the interface speed Note that a 1500 byte size packet is the largest allowed by the Ethernet protocol at the network layer The port speed can be sensed by the router when Auto is selected With this option the optimal port settings are determined by the router and network The duplex half or full can be defined based on the port support as well as one of three port speeds 10 Mbps 100 Mbps and 1000 Mbps i e 1 Gbps The default setting is 100 Mbps for all ports 51 Unified Services Router User Manual The default MAC address is defined during the manufacturing process for the interfaces and can uniquely ident
21. Encryption 64 bit WEP WEP Passphrase generate key WEP Key 1 WEP Key 2 WEP Key 3 WEP Key 4 4 2 2 WPA or WPA2 with PSK A pre shared key PSK is a known passphrase configured on the AP and client both and is used to authenticate the wireless client An acceptable passphrase is between 8 to 63 characters in length 57 Unified Services Router User Manual 4 2 3 RADIUS Authentication Setup gt Wireless Settings gt RADIUS Settings Enterprise Mode uses a RADIUS Server for WPA and or WPA2 security A RADIUS server must be configured and accessible by the router to authenticate wireless client connections to an AP enabled with a profile that uses RADIUS authentication e The Authentication IP Address is required to identify the server A secondary RADIUS server provides redundancy in the event that the primary server cannot be reached by the router when needed e Authentication Port the port for the RADIUS server connection e Secret enter the shared secret that allows this router to log into the specified RADIUS server s This key must match the shared secret on the RADIUS Server e The Timeout and Retries fields are used to either move to a secondary server if the primary cannot be reached or to give up the RADIUS authentication attempt if communication with the server is not possible 58 Unified Services Router User Manual Figure 32 RADIUS server External Authentication configuration
22. IPsec PPTP L2TP VPN A VPN provides a secure communication channel tunnel between two gateway routers or a remote PC client The following types of tunnels can be created Gateway to gateway VPN to connect two or more routers to secure traffic between remote sites Remote Client client to gateway VPN tunnel A remote client initiates a VPN tunnel as the IP address of the remote PC client is not known in advance The gateway in this case acts as a responder Remote client behind a NAT router The client has a dynamic IP address and is behind a NAT Router The remote PC client at the NAT router initiates a VPN tunnel as the IP address of the remote NAT router is not known in advance The gateway WAN port acts as responder PPTP server for LAN WAN PPTP client connections L2TP server for LAN WAN L2TP client connections Figure 53 Example of Gateway to Gateway IPsec VPN tunnel using two Site A Printer DSR routers connected to the Internet CER ci N i TA Internet Ne P Outside Outside 209 165 200 226 209 165 200 236 Site B DSR DSR Inside Inside 10 10 10 0 10 20 20 0 Personal computers Personal computers ssssssossssosssssssossoessssossos 87 Unified Services Router User Manual Figure 54 Example of three IPsec client connections to the internal network through the DSR IPsec gateway DNS Server 10 10 10 163 Personal Computer Using VPN Software
23. are available to map to your DMZ servers The following addressing scheme is used to illustrate this procedure WAN IP address 10 1 0 118 LAN IP address 192 168 10 1 subnet 255 255 255 0 Web server host in the DMZ IP address 192 168 12 222 Access to Web server simulated public IP address 10 1 0 52 Example 4 Block traffic by schedule if generated from specific range of machines Use Case Block all HTTP traffic on the weekends if the request originates from a specific group of machines in the LAN having a known range of IP addresses and anyone coming in through the Network from the WAN i e all remote users Configuration 1 Setup a schedule To setup a schedule that affects traffic on weekends only navigate to Security Schedule and name the schedule Weekend Define weekend to mean 12 am Saturday morning to 12 am Monday morning all day Saturday amp Sunday 73 Unified Services Router User Manual In the Scheduled days box check that you want the schedule to be active for specific days Select Saturday and Sunday In the scheduled time of day select all day this will apply the schedule between 12 am to 11 59 pm of the selected day Click apply now schedule Weekend isolates all day Saturday and Sunday from the rest of the week 74 Unified Services Router User Manual Figure 42 Schedule configuration for the above e
24. information in a conspicuous location This device has been designed to operate with the antennas listed below and having a maximum gain of 1 8 dB Antennas not included in this list or having a gain greater than 1 8 dB are strictly prohibited for use with this device The required antenna impedance is 50 ohms RSS GEN 7 1 5 To reduce potential radio interference to other users the antenna type and its gain should be so chosen that the equivalent isotropically radiated power e i r p is not more than that permitted for successful communication Le pr sent appareil est conforme aux CNR d Industrie Canada applicables aux appareils radio exempts de licence L exploitation est autoris e aux deux conditions suivantes 1 l appareil ne doit pas produire de brouillage et 2 l utilisateur de l appareil doit accepter tout brouillage radio lectrique subi m me si le brouillage est susceptible d en compromettre le fonctionnement C 09840 Is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximation of the Laws of the Member States relating to Electromagnetic Compatibility 2004 108 EC Low voltage Directive 2006 95 EC the procedures given in European Council Directive 99 5 EC and 2004 104 EC The equipment was passed The test was performed according to the following European standards EN 300 328 V 1 7 1 EN 301 489 1 V 1 8 1 EN 301 489 17 V 2 1 1 EN 62311 EN 60950 1 218
25. s s ath_hal_logfile ath_hal logging disabled S s sep ath_hal_buildopts i failed to allocate rx descriptors d error ath_stoprecv rx queue p link p no mpdu s func __ Reset rx chain mask Do internal reset s _ func__ OS_CANCEL_TIMER failed s unable to allocate channel table func __ s unable to collect channel list from hal s cannot map channel to mode freq u flags Ox x s unable to reset channel u uMhz s unable to restart recv logic s start DFS WAIT period on channel d _func__ sc gt sc_curchan channel DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG PPP VJ uncompressed error ppp_decompress_ frame no memory ppp_mp_reconstruct bad seq u lt Uu PPP couldn t register device s d ppp destroying ppp struct p but dead d ppp destroying undead channel p PPP removing module but units remain PPP failed to unregister PPP device JBD bad block at offset u JBD corrupted journal superblock JBD bad block at offset u JBD Failed to read block at offset u JBD error d scanning journal err JBD IO error d recovering block Logs_kernel txt 303 KERN_ERR Logs_kernel txt 304 KERN_ERR JBD recovery pass d ended at S S d
26. service action schedules and specify source destination IP addresses as needed ation Rules gt Website Filter IPV4 FIREWALL RULES Firewall Settings DSR 1000N SETUP ADVANCED TOOLS STATUS LOGOUT This page allows you to add a new Firewall rule or edit the configuration of an existing Firewall rule The details will then be displayed in the List of Available Firewall Rules table on the Firewall Rules page Save Settings Don t Save Settings Firewall Rule Configuration From Zone To Zone Service Action Select Schedule Source Hosts From To Destination Hosts From To Log QoS Priority Source NAT Settings External IP Address Single IP Address WAN Interface Destination NAT Settings Internal IP Address Enable Port Forwarding Translate Port Number External IP Address Other IP Address SECURE TAN INSECURE Dedicated WAN Configurable WAN gt ANY x Any x Never v Normal Service z WAN Interface Address v Unified Services Router User Manual 5 3 1 Firewall Rule Configuration Examples Example 1 Allow inbound HTTP traffic to the DMZ Situation You host a public web server on your local DMZ network You want to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day Solution Create an inbound rule as follows Parameter Value From Zone Insecure WAN1 WAN2 To Zone Public DMZ
27. u vendorld Y u MOD EAP method state from upper d decision d Got AVP len ul Should be less than 16777215 AVP length extract Error pFB is NULL Requesting message before assembly complete pFB is NULL pFB is NULL Buffer cannot hold message ERROR pFB is NULL Error pFB is NULL TLS_FB is NULL DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Error Plugin context is NULL Deriving implicit challenge Error Generating NT response Error NULL in out buffer Error Incorrect vendor id AVP code not recognized EAPAUTH_MALLOC failed Generating password hash Error Generating password hash hash Error Generating master key Error Generating first 16 bytes of session key Error n key Error n Error generating NT response characters ERROR Invalid Value Size 9 Error constructing response Got type d expecting d Cannot handle message opCode d EAPAUTH_MALLOC failed tlsGlueCtxCreate failed client certificate must be set in the profile received tls message length too big total frags len gt initial total tls length total frags len gt initial total tls length total data rcvd d doesnt match the initial couldnt write d
28. 2 443 tcp TIME_WAIT 97 0 0 5 3519 97 0 0 2 443 tcp CLOSE 97 0 0 5 3507 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3543 97 0 0 2 443 tcp CLOSE 97 0 0 5 3437 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3409 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3497 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3541 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3489 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3482 97 0 0 2 443 tcp TIME_ WAIT 97 0 0 5 3535 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3509 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3467 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3415 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3450 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3499 97 0 0 2 443 tcp TIME_WAIT Refresh 143 Unified Services Router User Manual 10 3 2 Wireless Clients Status gt Wireless Clients The clients connected to a particular AP can be viewed on this page Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link as well as the time connected to the corresponding AP The statistics table has auto refresh control which allows display of the most current port level data at each page refresh The default auto refresh for this page is 10 seconds Figure 98 List of connected 802 11 clients per AP DSR 1000N SETUP ADVANCED TOOLS STATUS The page will auto refresh in 4 seconds WIRELESS CLIENTS LOGOUT This list identifies the wireless clients or stations currently connected to the Access Points configured and enabled o
29. Client m ie Es n Inside Outside lt lt kiamat senses network ne TOD Personal Computer Using VPN Software Client WINS Server 10 10 10 133 Personal Computer Using VPN Software Client 6 1 VPN Wizard Setup gt Wizard gt VPN Wizard You can use the VPN wizard to quickly create both IKE and VPN policies Once the IKE or VPN policy is created you can modify it as required 88 Unified Services Router User Manual Figure 55 VPN Wizard launch screen DSR 1000N SETUP ADVANCED TOOLS STATUS Wizard gt VPN WIZARD LOGOUT This page will guide you through common and easy steps to configure IPSec YPN policies YPN Setup Wizard IF you would like to utilize our easy to use Web based Wizards to assist you in YPN Configuration click on the button below VPN Setup Wizard Manual PN Configuration Options IF you would like to configure the YPN Policies of your new D Link Systems Router manually click on the button below Manual YPN Configuration To easily establish a VPN tunnel using VPN Wizard follow the steps below 1 Select the VPN tunnel type to create e The tunnel can either be a gateway to gateway connection site to site or a tunnel to a host on the internet remote access e Set the Connection Name and pre shared key the connection name is used for management and the pre shared key will be required on the VPN client or gateway to establish the tunnel e
30. DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG BridgeConfig too few arguments to command s BridgeConfig too few arguments to command s sqlite3QueryResGet failed Query s ddnsDisable failed sqlite8QueryResGet failed Query s sqlite3QueryResGet failed Query s ddnsDisable failed failed to call ddns enable ddnsDisable failed sqlite3QueryResGet failed Query s Error in executing DB update handler sqlite3QueryResGet failed Query s Illegal invocation of ddnsView s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ddns SQL error s Illegal operation interface got deleted sqlite8QueryResGet failed Query s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ddnsDisable failed ddns SQL error s Failed to call ddns enable ddns SQL error s sqlite3QueryResGet failed Query s Failed to call ddns enable ddns SQL error s ddnsDisable failed ddns SQL error s sqlite3QueryResGet failed Query s Failed to call ddns enable ddns SQL error s ddnsDisable failed User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 159 Unified Services Router nimfAdvOptSetWrap user has changed M
31. Determine the local gateway for this tunnel if there is more than 1 WAN configured the tunnel can be configured for either of the gateways 2 Configure Remote and Local WAN address for the tunnel endpoints e Remote Gateway Type identify the remote endpoint of the tunnel by FQDN or static IP address e Remote WAN IP address FQDN This field is enabled only if the peer you are trying to connect to is a Gateway For VPN Clients this IP address or Internet Name is determined when a connection request is received from a client e Local Gateway Type identify this router s endpoint of the tunnel by FQDN or static IP address 89 Unified Services Router User Manual e Local WAN IP address FQDN This field can be left blank if you are not using a different FQDN or IP address than the one specified in the WAN port s configuration 3 Configure the Secure Connection Remote Accessibility fields to identify the remote network e Remote LAN IP address address of the LAN behind the peer gateway e Remote LAN Subnet Mask the subnet mask of the LAN behind the peer xW Note The IP address range used on the remote LAN must be different from the IP address range used on the local LAN 4 Review the settings and click Connect to establish the tunnel The Wizard will create a Auto IPsec policy with the following default values for a VPN Client or Gateway policy these can be accessed from a link on the Wizard page XW The
32. ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR User Manual Error from pnacAuthinit pnacAuthKeyTxinit failed Error from pnacAuthlinit pnacReauthTimerlnit failed Error from pnacAuthlnit pnacBackAuthlInit failed Error from pnacAuthlnit pnacCtrlDirInit failed Error from pnacAuthinit pnacKeyRecvlnit failed Error from pnacSupplnit malloc failed Error from pnacSupplnit pnacPortTimerslnit failed Error from pnacSupplnit pnacKeyRecvlnit failed Error from pnacSupplnit pnacSuppKeyTxinit failed Error from pnacSuppinit pnacSuppPAE Init failed Error from pnacRecvRin invalid arguments Error from pnacRecvMapi unsupported PDU received suppToACSendRin returned not OK Error from pnacBasicPktCreate malloc failed Error from pnacEAPPktCreate basic pkt create failed Error from pnacTxCannedFail eap pkt create failed Error from pnacTxCannedSuccess eap pkt create failed Error from pnacTxReqld eap pkt create failed Error from pnacTxReq eap pkt create failed Error from pnacSendRespToServer malloc failed Error from pnacSendRespToServer no AS configured Error from pnacTxStart basic pkt create failed Error from pnacTxStart basic pkt create failed Error from pnacTxRspld eap pkt create failed Error from pnacTxRspAuth eap pkt create failed Error from pnacEapPktReco
33. ERROR memPartAlloc for d size failed memPartAlloc for d size failed No Handler registered for this UMI context Couldn t find component with ID d id d handler x Received NULL buffer in umiBufToloctlArgs usbMgmtlnit unable to open the database file s call to printConfig failed Failed to Disable Network Storage Some error occurred while removing device Some error occurred while removing device Sqlite update failed Failed to enable printer properly Failed to mount device on system Failed to enable network storage device Failed to mount device on system Sqlite update failed USB1 Touch failed USB2 Touch failed Sqlite update failed Failed query s Failed to execute usb database update handler Usage s lt DBFile gt lt opType gt lt tbIName gt lt rowld gt Illegal invocation of snmpConfig s Invalid Community Access Type Invalid User Access Type Invalid Security Level Invalid Authentication Algorithm Invalid Privacy Algorithm Invalid Argument Failed to allocate memory for enginelD SNMP_DEBUG Failed to get host address SNMP_DEBUG FOPEN failed sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s Invalid Security Level Invalid Authentication Algorithm User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR
34. ERROR No Memory Available ERROR pCtx is NULL ERROR ERROR Certificate Request Failed ERROR tlsGlueCtxCreate failed ERROR File Open Failed ERROR eapVars is NULL ERROR File is Empty ERROR Context NULL ERROR ERROR Memory Allocation Failed ERROR Initializing inner EAP auth ERROR ERROR File Open Failed ERROR pCtx is NULL ERROR ERROR File is Empty ERROR Memory Allocation Failed ERROR Error in executing DB update handler ERROR Facility System Admin Usage s lt DBFile gt DEBUG unable to register to UMI ERROR 172 Unified Services Router Could not open database s CPU LOG File not found MEM LOG File not found cpuMemUsageDBUpdateHandler update query s Printing the whole list after inserting s at d minute d hour d dayOfMonth d month adopCmdExec exited with return code d S Op d row d sqlite3_mprintf failed sqlite3QueryResGet failed query s Printing the whole list after delete s at d minute Y d hour d dayOfMonth d month Printing the whole list after inserting s at d minute d hour d dayOfMonth d month email logs No logging events enabled S Mail sent and the Database is reset Disabled syslog server Event logs are full sending logs to email Email logs sending failed Packing attribute s Server found s secret s Packed Auth Regest code d id d len d Sending Packet to x d Receiving Reply Packet Verified Reply Packet Integrity Gen
35. G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN 204 Unified Services Router s ADDBA mode is AUTO _ func __ s Invalid TID value func __ Error in ADD no node available s Channel capabilities do not match chan flags 0x x s cannot map channel to mode freq u flags Ox x ic_get_currentCountry not initialized yet Country ie is c c c s wrong State transition from d to d s wrong state transition from d to d s wrong State transition from d to d s wrong state transition from d to d s wrong state transition from d to d s wrong State transition from d to d ieee80211_ deliver _l2uf no buf available S S vap gt iv_dev gt name buf NB no S S S vap gt iv_dev gt name S S S vap gt iv_dev gt name ether_sprintf mac buf s s discard s frame s vap gt iv_dev gt name s s discard frame s vap gt iv_dev gt name s s discard s information element s s s discard information element S s s discard s frame s vap gt iv_dev gt name s s discard frame s vap gt iv_dev gt name HBR list dumpNode tAddress t t tState tTrigger t Block Nodes informationAddress t t tBlock t tDroped VI frames d t 2 2X 2 2X o
36. IP Addresses Account Information etc This information is usually provided by your lt Setti Angr eta ISP or network administrator DMZ Setup Save Settings a Don t Save Settings VPN Settings PPPoE Profile Configuration USB Settings VLAN Settings ISP Connection Type PPPoE Usemame Password v Address Mode Dynamic IP Static IP IP Address 0 0 0 0 IP Subnet Mask boso oo User Name dlink Password eeece Service Optional Authentication Type Auto negotiate w Reconnect Mode AlwaysOn On Demand Maximum Idle Time 5 Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP w Most PPPoE ISP s use a single control and data connection and require username password credentials to login and authenticate the DSR with the ISP The ISP connection type for this case is PPPoE Username Password The GUI will prompt you for authentication service and connection settings in order to establish the PPPoE link For some ISP s most popular in Japan the use of Japanese Multiple PPPoE is required in order to establish concurrent primary and secondary PPPoE connections between the DSR and the ISP The Primary connection is used for the bulk of data and internet traffic and the Secondary PPPoE connection carries ISP specific i e control traffic between the DSR and the ISP 32 Unified Services Router User Manual Figure 14 WAN configuration for Japanese Mu
37. LAN has fewer Firewall restrictions by default This zone can be used to host servers and give public access to them Save Settings Don t Save Settings DMZ Port Setup IP Address 17616 21 Subnet Mask 255 255 255 0 DHCP for DMZ Connected Computers DHCP Mode DHCP Server z Starting IP Address 176 16 2 100 Ending IP Address 176 16 2 254 Primary DNS Seryer Secondary DNS Server WINS Server Lease Time Relay Gateway DMZ Proxy Enable DNS Proxy XW In order to configure a DMZ port the router s configurable port must be set to DMZ in the Setup gt Internet Settings gt Configurable Port page 2 4 Universal Plug and Play UPnP Advanced gt Advanced Network gt UPnP Universal Plug and Play UPnP is a feature that allows the router to discovery devices on the network that can communicate with the router and allow for auto configuration If a network device is detected by UPnP the router can open internal or external ports for the traffic protocol required by that network device 25 Unified Services Router User Manual Once UPnP is enabled you can configure the router to detect UPnP supporting devices on the LAN or a configured VLAN If disabled the router will not allow for automatic device configuration Configure the following settings to use UPnP e Advertisement Period This is the frequency that the router broadcasts UPnP information over the network A large value will minimi
38. Master the SNMP manager The Access Control List on the router identifies managers in the network that have read only or read write SNMP credentials The Traps List outlines the port over which notifications from this router are provided to the SNMP community managers and also the SNMP version v1 v2c v3 for the trap 119 Unified Services Router User Manual Figure 77 SNMP Users Traps and Access Control DSR 1000N SETUP ADVANCED TOOLS STATUS LOGOUT Simple Network Management Protocol 5NMP lets you monitor and manage your router from an SNMP manager SNMP provides a remote means to monitor and control network devices and to manage configurations statistics collection performance and security SNMP 3 Users List Privilege Security level RWUSER NoAuthNoPriv ROUSER NoAuthNoPriv E dit Traps List L IP Address Community SNMP ersion E dit Delete Add Access Control List E IP Address Subnet Mask Community Access Type E dit Delete Add Tools gt Admin gt SNMP System Info The router is identified by an SNMP manager via the System Information The identifier settings The SysName set here is also used to identify the router for SysLog logging 120 Unified Services Router Figure 78 SNMP system information for this router This page displays the current SNMP configuration of the router The Following MIB Management Information Base fields are displaye
39. Play UPNP ceceecesceeseeceeceeseeeceeeeseeseseeeeeeseeseeeeeeens 25 2 9 Captive Portales esis neia o a e a e a R e a a e a aS 27 Connecting to the Internet WAN Setup ceeeceeseeseeeseeseeseeeeeeceeeeseeseeeeeeeeaeeseeneeees 28 3 1 Internet Setup WIZard eee eeeeceeeseeseeeeeecceseeseeeeeeecesecaeeeeeeaeeaeceeeeseaeeaeeereeree 28 3 2 WAN Configuration 20 eececeeceeseeseeseeeeeeseeseesececceseesecseceeeeseeaecaeseeeeseeaeeeeeneess 29 3 2 1 WAN Port IP address E eaaa 30 3 2 2 WAN DNS S rmefsi asne naen a A NNA 30 3 2 9 DACR WAN aerae a EA A ete ANE 30 32 4 PPPOE inea en a E a a T a A E E R TN ae oR e E ES 31 3 2 5 Russia L2TP and PPTP WAN nienie N 34 3 2 6 WAN Configuration in an IPv6 Network ceceeccesceeceeceeseeeeeeeeeeeseeaeeeeeeeees 35 3 2 7 Checking WAN Status ce eceeceescesseeeeeseeseeseceeceseeaecaeesseeseeaeceeeeeeseeaeeeeeeees 37 3 3 Bandwidth Controls vz cns stn dceirt sie detatunin duduehvini dete aE 39 3 4 Features with Multiple WAN LinkS 00 0 eceeeeeeeeeeseeeececeeseeseeeeeeeeseeaeeeeeeees 41 3 4 1 Auto Failover senan E E EA a O EA E EST 41 3 4 2 Load Balancing 0 eee eeeceescesceeceeseeseeseeeecceesecseceecseeaecseceeeaeeaececeseeseeaesereeeeees 42 3 4 3 Protocol Bindings eeseseeseesesesseseserseserseseesrstestsrerrsesrsestesrstesestssesesrrsesesestsst 43 3 5 Routing Configuration seessseeseseseeseseeseseeststsstsestrsesteststrsestrstsessrsesrsrsrsestest 44
40. RADIUS authentication then the authentication secret is required and this has to match the secret configured on the RADIUS server 99 Unified Services Router User Manual e Timeout The timeout period for reaching the authentication server e Retries The number of retries to authenticate with the authentication server after which the DSR stops trying to reach the server e Workgroup This is required is for NT domain authentication If there are multiple workgroups user can enter the details for upto two workgroups e LDAP Base DN This is the base domain name for the LDAP authentication server If there are multiple LDAP authentication servers user can enter the details for upto two LDAP Base DN e Active Directory Domain If the domain uses the Active Directory authentication the Active Directory domain name is required Users configured in the Active Directory database are given access to the SSL VPN portal with their Active Directory username and password If there are multiple Active Directory domains user can enter the details for upto two authentication domains Once the domain is configured the DSR will display a list of all configured domains Advanced gt Users gt Groups Groups are used to assign access policies to a set of SSL users within a domain Groups are domain subsets that can be seen as types of SSL users some groups require access to all available network resources and some can be provided access to
41. Secondary DNS Server A Lease Rebind Time 386400 Seconds Power Saving List of IPv6 Address Pools Edit Delete Add XW If you change the IP address and click Save Settings the GUI will not respond Open a new connection to the new IP address and log in again Be sure the LAN host the machine used to manage the router has obtained IP address from newly assigned pool or has a static IP address in the router s LAN subnet before accessing the router via changed IP address As with an IPv4 LAN network the router has a DHCPv6 server If enabled the router assigns an IP address within the specified range plus additional specified information to any LAN PC that requests DHCP served addresses The following settings are used to configure the DHCPv6 server 17 Unified Services Router User Manual 2 1 2 e DHCP Mode The IPv6 DHCP server is either stateless or stateful If stateless is selected an external IPv6 DHCP server is not required as the IPv6 LAN hosts are auto configured by this router In this case the router advertisement daemon RADVD must be configured on this device and ICMPv6 router discovery messages are used by the host for auto configuration There are no managed addresses to serve the LAN nodes If stateful is selected the IPv6 LAN host will rely on an external DHCPV6 server to provide required configuration settings e The domain name of the DHCPvV6 server is an optional setting e Server Prefer
42. Service HTTP Action ALLOW always Send to Local Server DNAT IP 192 168 5 2 web server IP address Destination Users Any Example 2 Allow videoconferencing from range of outside IP addresses Situation You want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses 132 177 88 2 132 177 88 254 from a branch office Solution Create an inbound rule as follows In the example CUSeeMe the video conference service used connections are allowed only from a specified range of external IP addresses Parameter Value From Zone Insecure WAN1 WAN2 To Zone Secure LAN Service CU SEEME UDP Action ALLOW always Send to Local Server DNAT IP Destination Users T Enable Port Forwarding Yes enabled 72 Unified Services Router User Manual Example 3 Multi NAT configuration Situation You want to configure multi NAT to support multiple public IP addresses on one WAN port interface Solution Create an inbound rule that configures the firewall to host an additional public IP address Associate this address with a web server on the DMZ If you arrange with your ISP to have more than one public IP address for your use you can use the additional public IP addresses to map to servers on your LAN One of these public IP addresses is used as the primary IP address of the router This address is used to provide Internet access to your LAN PCs through NAT The other addresses
43. Subject Name Serial Number Issuer Name Expiry Time Upload Delete Self Certificate Requests E Name Status E Router_1 Active Self Certificate Not Uploaded New Self Certificate Delete 8 3 Advanced Switch Configuration The DSR allows you to adjust the power consumption of the hardware based on your actual usage The two green options available for your LAN switch are Power Saving by Link Status and Length Detection State With Power Saving by Link Status option enabled the total power consumption by the LAN switch is dependent function of on the number of connected ports The overall current draw when a single port is connected is less than when all the ports are connected With Length Detection State option enabled the overall current supplied to a LAN port is reduced when a smaller cable length is connected on a LAN port Jumbo Frames support can be configured as an advanced switch configuration Jumbo frames are Ethernet frames with more than 1500 bytes of payload When this option is enabled the LAN devices can exchange information at Jumbo frames rate 116 Unified Services Router User Manual Figure 74 Advanced Switch Settings SETUP ADVANCED TOOLS STATUS SWITCH SETTINGS LOGOUT This page allows user to enable disable power saving jumbo frames in the router Save Settings Don t Save Settings Power Saying Options Power Saving by Link Status Power Saving by Cable Length Jumbo
44. TACACS ICMP TYPE 5 RCMD TELNET ICMP TYPE 6 REAL AUDIO TFTP ICMP TYPE 7 REXEC VDOLIVE 158 Unified Services Router Appendix D Log Output Reference Facility System Networking DBUpdate event Table s opCode d rowld d networkIntable txt not found sqlite3QueryResGet failed Interface is already deleted in bridge removing s from bridge s S adding s to bridge s s stopping bridge stopping bridge stopping bridge s DBUpdate event Table s opCode d rowld d Wan is not up s DBUpdate event Table s opCode d rowld d doDNS failed doDNS failed doDNS Result FAILED doDNS Result SUCCESS Write Old Entry s s s to s Write New Entry s s s to s Write Old Entry s s s to s Write New Entry s s s to s ifStaticMgmtDBUpdateHandler returning with nimfLinkStatusGet buffer nimfLinkStatusGetErr returning with status d nimfAdvOptSetWrap current Mac Option d nimfAdvOptSetWrap current Port Speed Option d nimfAdvOptSetWrap current Mtu Option d nimfAdvOptSetWrap looks like we are reconnecting nimfAdvOptSetWrap Mtu Size d nimfAdvOptSetWrap NIMF table is s nimfAdvOptSetWrap WAN_MODE TRIGGER nimfAdvOptSetWrap MTU d nimfAdvOptSetWrap MacAddress s nimfAdvOptSetWrap old Mtu Flag d DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
45. Unified Services Router pnacRecvRin no corresponding pnac port pae found sending unicast key sending broadcast key from pnacAuthPAEDisconnected calling pnacTxCannedFail from pnacAuthPAEForceUnauth calling pnacTxCannedFail state changed from s to s PNAC user comp id not set dropping event d sending event d to d requesting keys informantion from d pnacUmiPortPaeParamSet error in getting port pae pnacUmiPortPaeParamSet invalid param d pnacRecvASInfoMessage Skey of length d set pnacRecvASInfoMessage reAuthPeriod set to d pnacRecvASInfoMessage suppTimeout set to d PORT SUCCESSFULLY DESTROYED creating physical port for s pnacAuthlinit using defualt pnacAuthParams pnacSupplnit using defualt pnacSuppParams Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc received a pdu on s pnacRecvMapi protoType 04x pPhyPort gt authToASSendRtn p port not found DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
46. User This user has access to the SSL VPN services as determined by the group policies and authentication domain of which it is a member The domain determined SSL VPN portal will be displayed when logging in with this user type e XAuth User This user s authentication is performed by an externally configured RADIUS or other Enterprise server It is not part of the local user database e L2TP User These are L2TP VPN tunnel LAN users that can establish a tunnel with the L2TP server on the WAN e PPTP User These are PPTP VPN tunnel LAN users that can establish a tunnel with the PPTP server on the WAN e Local User This user s authentication domain is located on the router itself Once the user type is determined you can define modify the password and idle login timeout for the user It is recommended that passwords contains no dictionary words from any language and is a mixture of letters both uppercase and lowercase numbers and symbols The password can be up to 30 characters 101 Unified Services Router User Manual Figure 63 User configuration options Radius Settings Power Saving DSR 1000N ADVANCED TOOLS STATUS USERS CONFIGURATION This page allows a user to add new system users Save Settings Don t Save Settings Users Configuration User Name First Name Last Name User Type SSLVPNUser x Select Group SSLVPN Confirm Password Idle Timeout Minutes 7 2 Using
47. a select few With groups a very secure hierarchy of SSL VPN remote access can be created for all types of users with minimal number of policies to configure To configure a group in the DSR enter the following information e Name This is a unique identifier for a group name e Domain This is the authenticating domain the group is attached to e Idle timeout This is the log in timeout period for users of this group Once the group is defined the DSR will display a list of all configured groups XW You must create a Domain first and then a new Group can be created and assigned 7 1 1 to the Domain The last step is to add specific SSL VPN users to an already configured Group User Types and Passwords Advanced gt Users gt Users User level policies can be specified by browser IP address of the host and whether the user can login to the router s GUI in addition to the SSL VPN portal The following user types are assigned to a user that reaches the GUI login screen from the LAN or WAN Administrator This is the router s super user and can manage the router use SSL VPN to access network resources and login to L2TP PPTP servers on the WAN There will always be one default administrator user for the GUI 100 Unified Services Router User Manual e Guest read only The guest user gains read only access to the GUI to observe and review configuration settings The guest does not have SSL VPN access e SSL VPN
48. addresses can be reused when hosts no longer need them Domain Name System Mechanism for translating H 323 IDs URLs or e mail IDs into IP addresses Also used to assist in locating remote gatekeepers and to map IP addresses to hostnames of administrative domains Fully qualified domain name Complete domain name including the host portion Example serverA companyA com FTP File Transfer Protocol Protocol for transferring files between network nodes HTTP Hypertext Transfer Protocol Protocol used by web browsers and web servers to transfer files Internet Key Exchange Mode for securely exchanging encryption keys in ISAKMP as part of building a VPN tunnel IP security Suite of protocols for securing VPN tunnels by authenticating or encrypting IP packets in a data stream IPsec operates in either transport mode encrypts payload but not packet headers or tunnel mode encrypts both payload and packet headers cryptographic keys on the Internet Internet service provider Media access control address Unique physical address identifier attached to a network adapter MAC Address jvc Internet Key Exchange Security Protocol Protocol for establishing security associations and TU Maximum transmission unit Size in bytes of the largest packet that can be passed on The MTU for Ethernet is a 1500 byte packet Network Address Translation Process of rewriting IP addresses as a packet passes through a AT router or firewall NAT ena
49. an IPv6 Network Advanced gt IPv6 gt IPv6 LAN gt IPv6 LAN Config In IPv6 mode the LAN DHCP server is enabled by default similar to IPv4 mode The DHCPv6 server will serve IPv6 addresses from configured address pools with the IPv6 Prefix Length assigned to the LAN ws Pv4 IPv6 mode must be enabled in the Advanced gt IPv6 gt IP mode to enable IPv6 configuration options LAN Settings The default IPv6 LAN address for the router is fec0 1 You can change this 128 bit IPv6 address based on your network requirements The other field that defines the LAN settings for the router is the prefix length The IPv6 network subnet is identified by the initial bits of the address called the prefix By default this is 64 bits long All hosts in the network have common initial bits for their IPv6 address the number of common initial bits in the network s addresses is set by the prefix length field 16 Unified Services Router User Manual Figure 2 IPv6 LAN and DHCPv6 configuration ose 10000 Jf ADVANCED starus Please Set IP Mode to IPv4 IPv6 in Routing Mode Page to configure this page site Filter IPV6 LAN CONFIG Firewall Settings This page allow user to IPv6 related LAN configurations Save Settings Don t Save Settings LAN TCP IP Setup IPv6 Prefix Length 64 DHCP Status Disable DHCPv6 Server DHCP Mode Domain Name fanken Server Preference Bs o DNS Servers Primary DNS Server T
50. an encrypted link through a customizable user portal interface and each SSL VPN user can be assigned unique privileges and network resource access levels The remote user can be provided different options for SSL service through this router VPN Tunnel The remote user s SSL enabled browser is used in place of a VPN client on the remote host to establish a secure VPN tunnel A SSL VPN client Active X or Java based is installed in the remote host to allow the client to join the corporate LAN with pre configured access policy privileges At this point a virtual network interface is created on the user s host and this will be assigned an IP address and DNS server address from the router Once established the host machine can access allocated network resources Port Forwarding A web based ActiveX or Java client is installed on the client machine again Note that Port Forwarding service only supports TCP connections between the remote user and the router The router administrator can define specific services or applications that are available to remote port forwarding users instead of access to the full LAN like the VPN tunnel ActiveX clients are used when the remote user accesses the portal using the Internet Explorer browser The Java client is used for other browsers like Mozilla Firefox Netscape Navigator Google Chrome and Apple Safari Unified Services Router User Manual Figure 61 Example of clientless SSL VPN connection
51. and Theme Name Portal Layout Name Portal Site Title Optional Banner Title Optional Banner Message Optional Display banner message on login page HTTP meta tags for cache control recommended Activex web cache cleaner SSL PN Portal Pages to Display YPN Tunnel page Port Forwarding 112 Unified Services Router User Manual Chapter 8 Advanced Configuration Tools 8 1 USB Device Setup Setup gt USB Settings The DSR Unified Services Router has a USB interface for printer access file sharing and on the DSR 1000 DSR 1000N models 3G modem support There is no configuration on the GUI to enable USB device support Upon inserting your USB storage device printer cable or 3G modem the DSR router will automatically detect the type of connected peripheral e USB Mass Storage also refered to as a share port files on a USB disk connected to the DSR can be accessed by LAN users as a network drive e USB Printer The DSR can provide the LAN with access to printers connected through the USB The printer driver will have to be installed on the LAN host and traffic will be routed through the DSR between the LAN and printer e USB 3G modem A 3G modem dongle can be plugged in and used as a secondary WAN Load balancing auto failover or primary WAN access can be configured through the 3G interface To configure printer on a Windows machine follow below given steps e Click Start on the deskt
52. authentication can be a pre shared key PSK Enterprise mode with RADIUS 55 Unified Services Router User Manual server or both Note that WPA does not support 802 11n data rates is it appropriate for legacy 802 11 connections e WPA2 this security type uses CCMP encryption and the option to add TKIP encryption on either PSK pre shared key or Enterprise RADIUS Server authentication e WPA WPA2 this uses both encryption algorithms TKIP and CCMP WPA clients will use TKIP and WPA2 clients will use CCMP encryption algorithms xw WPA WPA2 is a security option that allows devices to connect to an AP using the strongest security that it supports This mode allows legacy devices that only support WPA2 keys such as an older wireless printer to connect to a secure AP where all the other wireless clients are using WPA2 Figure 30 List of Available Profiles shows the options available to secure the wireless link DSR 1000N SETUP ADVANCED TOOLS STATUS PROFILES LOGOUT 4 profile is a grouping of wireless settings which can be shared across multiple APs AP specific settings are configured on the Access Point Configuration page The profile allows for easy duplication of SSIDs security settings encryption methods client authentication etc across APs List of Profiles I Profile Name SSID Broadcast Security Encryption Authentication L default1 admin Y WPA WPAZ TKIP CCMP PSK E DSR guest DSR_guest 5
53. client users to access Once the L2TP server is enabled L2TP clients that are within the range of configured IP addresses of allowed clients can reach the router s L2TP server Once authenticated by the L2TP server the tunnel endpoint L2TP clients have access to the network managed by the router Figure 60 L2TP tunnel configuration L2TP Server seo JA e rr rere Internet Settings L2TP SERVER LOGOUT L2TP allows an external user to connect to your router through the internet Forming a VPN This section allows you to enable disable L2TP server and define a range of IP addresses For clients connecting to your router The connected clients can function as if they are on your LAN they can communicate with LAN hosts access any servers present etc Save Settings Don t Save Settings L2TP Server Configuration Enable L2TP Server Enter the range of IP addresses that is allocated to L2TP Clients Starting IP Address Ending IP Address 96 Chapter 7 SSL VPN The router provides an intrinsic SSL VPN feature as an alternate to the standard IPsec VPN SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre installed VPN client on the remote host Instead users can securely login through the SSL User Portal using a standard web browser and receive access to configured network resources within the corporate LAN The router supports multiple concurrent sessions to allow remote users to access the LAN over
54. data to TLS buffer invalid flags s passed to eapTIsBuildResp EAPAUTH_MALLOC failed tlsGlueCtxCreate failed Context NULL ERROR Allocating memory for outBuff ERROR Converting password to unicode Error Generating second 16 bytes of session Converting password to unicode Error Constructing failure response ERROR Error checking authenticator response Username string more than 256 ASCII Invalid MS Length Got d expected User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 169 Unified Services Router pFB gt msgBuff is NULL Error calculating binary Error calculating binary adpDigestInit for SHA1 failed adpDigestInit for SHA1 failed E d R d Could not initialize des ecb adpDigestlnit for MD4 failed adpDigestlnit for SHA1 failed adpDigestlnit for SHA1 failed Error converting received auth reponse to bin Gnerating challenge hash Error Generating password hash Error Generating challenge response Error Conn cipher name s ver s S Send req ptr 0x x Send resp pir Ox x Request ptr 0x x Response ptr 0x x Revd AVP Code ul Revd AVP flags 0x 02x Revd AVP len ul Revd AVP vendor id ul tCode d
55. e Banner title The banner title that is displayed to SSL VPN clients prior to login This field is optional 111 Unified Services Router User Manual e Banner message The banner message that is displayed to SSL VPN clients prior to login This field is optional Display banner message on the login page The user has the option to either display or hide the banner message in the login page HTTP meta tags for cache control This security feature prevents expired web pages and data from being stored in the client s web browser cache It is recommended that the user selects this option ActiveX web cache cleaner An ActiveX cache control web cleaner can be pushed from the gateway to the client browser whenever users login to this SSL VPN portal SSL VPN portal page to display The User can either enable VPN tunnel page or Port Forwarding or both depending on the SSL services to display on this portal Once the portal settings are configured the newly configured portal is added to the list of portal layouts Figure 71 SSL VPN Portal configuration DSR 1000N SETUP ADVANCED TOOLS STATUS PORTAL LAYOUT CONFIGURATION LOGOUT This page allows you to add a new portal layout or edit the configuration of an existing portal layout The details will then be displayed in the List of Portal Layouts table on the SSL VPN Server gt Portal Layouts page under the YPN menu Save Settings Don t Save Settings Portal Layout
56. firewall s MAC address Alternatively select Network Configuration gt WAN Settings gt Ethernet ISP Settings and configure your router to spoof your PC s MAC address 148 Unified Services Router User Manual Symptom Router can obtain an IP address but PC is unable to load Internet pages Recommended action 1 Ask your ISP for the addresses of its designated Domain Name System DNS servers Configure your PC to recognize those addresses For details see your operating system documentation 2 On your PC configure the router to be its TCP IP gateway 11 2 Date and time Symptom Date shown is January 1 1970 Possible cause The router has not yet successfully reached a network time server NTS Recommended action 1 If you have just configured the router wait at least 5 minutes select Administration gt Time Zone and recheck the date and time 2 Verify your Internet access settings Symptom Time is off by one hour Possible cause The router does not automatically adjust for Daylight Savings Time Recommended action 1 Select Administration gt Time Zone and view the current date and time settings 2 Click to check or uncheck Automatically adjust for Daylight Savings Time then click Apply 11 3 Pinging to Test LAN Connectivity Most TCP IP terminal devices and firewalls contain a ping utility that sends an ICMP echo request packet to the designated device The DSR responds with an e
57. from a private subnet Transparent routing between the LAN and WAN does not perform NAT Broadcast and multicast packets that arrive on the LAN interface are switched to the WAN and vice versa if they do not get filtered by firewall or VPN policies To maintain the LAN and WAN in the same broadcast domain select Transparent mode which allows bridging of traffic from LAN to WAN and vice versa except for router terminated traffic and other management traffic All DSR features such as 3G modem support are supported in transparent mode assuming the LAN and WAN are configured to be in the same broadcast domain XW NAT routing has a feature called NAT Hair pinning that allows internal network users on the LAN and DMZ to access internal servers eg an internal FTP server using their externally known domain name This is also referred to as NAT loopback since LAN generated traffic is redirected through the firewall to reach LAN servers by their external name 45 Unified Services Router User Manual Figure 24 Routing Mode is used to configure traffic routing between WAN and LAN as well as Dynamic routing RIP DSR 1000N SETUP ADVANCED TOOLS STATUS ROUTING MODE LOGOUT Internet Settings This page allows user to configure different routing modes like NAT Classical Routing and Transparent This page also allows to configure the RIP Routing Information Protocol Save Settings Don t Save Settings Rout
58. index should error from pnacPhyPortCreate malloc be 0 3 ERROR failed ERROR Error from pnacAuthlinit wepKey length incorrect ERROR pnacPortTimerslnit failed ERROR Error from pnacAuthlinit Profile s does not exist ERROR pnacAuthPAE Init failed ERROR 189 Unified Services Router Invalid Cipher type d Profile supports WEP stas Group cipher must be WEP Profile s does not exist Profile s does not exist Profile s does not exist invalid pairwise cipher type d Cipher s is already in the list Profile s does not exist Invalid Cipher type d Cipher s not found in the list Profile s does not exist Profile s does not exist Auth method s is already in the list Profile s does not exist Auth method s not found in the list Profile s does not exist Profile s does not exist Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist ERROR incomplete DB update information old values result does not contain 2 rows sqlite3QueryResGet failed ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR
59. is 1 Kbps and the load tolerance is set to 70 Now everytime a new connection is established the bandwidth increases After a certain number of connections say bandwidth reached 70 of 1Kbps the new connections will be spilled over to secondary WAN The maximum value of load tolerance is 80 and the least is 20 Protocol Bindings Refer Section 3 4 3 for details 42 Unified Services Router User Manual Load balancing is particularly useful when the connection speed of one WAN port greatly differs from another In this case you can define protocol bindings to route low latency services such as VOIP over the higher speed link and let low volume background traffic such as SMTP go over the lower speed link Figure 22 Load Balancing is available when multiple WAN ports are configured and Protocol Bindings have been defined DSR 1000N SETUP ADVANCED TOOLS STATUS WAN MODE LOGOUT Internet Settings The Port Mode settings allow you to configure whether the router should use only one WAN port or both If you are connected to only one ISP then select Use only single WAN port which is the default setting From the drop down list choose which WAN port to use for your Internet connection IF you have two ISP links for Internet connectivity the router can be configured in one of the Following modes Save Settings Don t Save Settings Port Mode Auto Rollover using WAN port Load Balancing Round Robin 7 Use only s
60. name match failed Got s expected SSL_CTX_use_certificate_file cert PEM failed SSL_CTX_use_PrivateKey_file failed private key does not match public key SSL_CTX_load_verify_locations failed SSL_new failed Both SSL_VERIFY_PEER and SSL_VERIFY_NONE set Error EAPAUTH_MALLOC failed EAPAUTH_MALLOC failed eap TimerCreate failed eapCtxDelete pCtx NULL eapRole EAP_ROLE_PEER or EAP_ROLE_AUTHENTICATOR DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR EAP PEAP not enabled in system configuration EAP WSC not enabled in system configuration PAP not enabled in system configuration CHAP not enabled in system configuration MSCHAP not enabled in system configuration MSCHAPV2 not enabled in system configuration PAP Token not enabled in system configuration EAP MD5 not enabled in system configuration EAP MSCHAPV2 not enabled in system config EAP TLS not enabled in system configuration EAP TTLS and EAP PEAP are not valid as inner invalid innerAuth d profile s doesnt exist Re assembling fragments incorrect size Error creating cipher context Error initializing cipher context Error creating digest context Error initializing digest context Error initial
61. not accept RIP information from other routers e In Only The router accepts RIP information from other routers but does not broadcast its routing table e None The router neither broadcasts its route table nor does it accept any RIP packets from other routers This effectively disables RIP e The RIP version is dependent on the RIP support of other routing devices in the LAN e Disabled This is the setting when RIP is disabled e RIP 1 is a class based routing version that does not include subnet information This is the most commonly supported version e RIP 2 includes all the functionality of RIPvl plus it supports subnet information Though the data is sent in RIP 2 format for both RIP 2B and RIP 2M the mode in which packets are sent is different RIP 2B broadcasts data in the entire subnet while RIP 2M sends data to multicast addresses If RIP 2B or RIP 2M is the selected version authentication between this router and other routers configured with the same RIP version is required MD5 authentication is used in a first second key exchange process The authentication key validity lifetimes are configurable to ensure that the routing information exchange is with current and supported routers detected on the LAN Static Routing Advanced gt Routing gt Static Routing Advanced gt IPv6 gt IPv6 Static Routing Manually adding static routes to this device allows you to define the path selection of traffic from one inter
62. radVendorMessage Unknown Vendor ID received d radVendorAttrGet Invalid Length in Vendor Message radVendorAttrGet Unknown Vendor ID d radVendorMessagePack Unknown Vendor ID d radGetIPByName couldn t resolve hostname s radGetHostIP couldn t get hostname radGetHostIP couldn t get host IP address radius dictionary loading failed Failed to set default timeout value User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 173 Unified Services Router Adding Dictionary Attribute s Adding Dictionary Value s Receiving attribute s Processing attribute s Processing attribute s Processing attribute s Processing attribute s radConfGet Added Server s d with Added Server s d with Default Timeout Set to d Default Retry Count Set to d WS VS d Deleting Server s d with Adding Rowld d to Server s d with rowlds d d Deleting Server s d with RADIUS Deconfigured Found Option s on line d of file s Setting Option s with value s RADIUS Configured d Server s d with DBUpdate event Table s opCode d rowld d Host IP address s Adding Packet for existing cookie p Adding Packet and cookie p Releasing Packet and co
63. resource as required A network resource can be defined by configuring the following in the GUI e Resource name A unique identifier name for the resource e Service The SSL VPN service corresponding to the resource VPN tunnel Port Forwarding or All 105 Unified Services Router User Manual Figure 66 List of configured resources which are available to assign to SSL VPN policies DSR 1000N SETUP ADVANCED TOOLS STATUS RESOURCES LOGOUT Internet Settings Wireles Network Settings gt DMZ Setup d You can configure resources to use when configuring SSL YPN policies Resources are groups of hast names IP addresses or IP networks The table lists the resources that have been added and allows several operations on the resources VPN Settings D List of Resources USB Settings Resource Name Service VLAN Settings DocServer VPN Tunnel Delete Configure Add 7 3 Application Port Forwarding Setup gt VPN Settings gt SSL VPN Server gt Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding service Traffic from the remote user to the router is detected and re routed based on configured port forwarding rules Internal host servers or TCP applications must be specified as being made accessible to remote users Allowing access to a LAN server requires entering the loc
64. server enabled the router s IP address serves as the gateway address for LAN and WLAN clients The PCs in the LAN are assigned IP addresses from a pool of addresses specified in this procedure Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN For most applications the default DHCP and TCP IP settings are satisfactory If you want another PC on your network to be the DHCP server or if you are manually configuring the network settings of all of your PCs set the DHCP mode to none DHCP relay can be used to forward DHCP lease information from another LAN device that is the network s DHCP server this is particularly useful for wireless clients Instead of using a DNS server you can use a Windows Internet Naming Service WINS server A WINS server is the equivalent of a DNS server but uses the NetBIOS protocol to resolve hostnames The router includes the WINS server IP address in the DHCP configuration when acknowledging a DHCP request from a DHCP client You can also enable DNS proxy for the LAN When this is enabled the router then as a proxy for all DNS requests and communicates with the ISP s DNS servers When disabled all DHCP clients receive the DNS IP addresses of the ISP Unified Services Router User Manual To configure LAN Connectivity please follow the steps below 1 Inthe LAN Setup page enter the following information for your router e JP address factory default 192 16
65. sign your own certificate using functionality available on this gateway The gateway comes with a self signed certificate and this can be replaced by one signed by a CA as per your networking requirements A CA certificate provides strong assurance of the server s identity and is a requirement for most corporate network VPN solutions The certificates menu allows you to view a list of certificates both from a CA and self signed currently loaded on the gateway The following certificate data is displayed in the list of Trusted CA certificates CA Identity Subject Name The certificate is issued to this person or or ganization Issuer Name This is the CA name that issued this certificate Expiry Time The date after which this Trusted certificate becomes invalid 114 Unified Services Router User Manual A self certificate is a certificate issued by a CA identifying your device or self signed if you don t want the identity protection of a CA The Active Self Certificate table lists the self certificates currently loaded on the gateway The following information is displayed for each uploaded self certificate Name The name you use to identify this certificate it is not displayed to IPsec VPN peers or SSL users Subject Name This is the name that will be displayed as the owner of this certificate This should be your official registered or company name as IPsec or SSL VPN peers are shown this field Serial Number The ser
66. t kill xl2tpd xl2tpd restart failed failed to get field value failed to get field value sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s unboundMgmt unable to open the writing options xl2tpd failed User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router pppoeMgmtTblHandler NetMask s pppoeMgmtTblHandler AuthOpt d pppoeMgmtTblHandler Satus d pppoeEnable ppp dial string s pppoeMgmtDBUpdateHandler returning with status s pptpMgmtTblHandler pptopMgmtTblHandler pptpMgmtTblHandler d pptpMgmtTblHandler d pptpMgmtTblHandler d pptpMgmtTblHandler pptpMgmtTblHandler pptpMgmtTbliHandler configured pptpMgmtTbiHandler pptopMgmtTblHandler pptpMgmtTblHandler pptopMgmtTblHandler pptpMgmtTblHandler MppeEncryptSupport pptpMgmtTblHandler MtuFlag d Mtu d IdleTimeOutFlag IdleTimeOutValue GetDnsFromlsp UserName s Password s dynamic Mylp Mylp s Serverlp s Staticlp s NetMask s S SplitTunnel s pptpEnable ppp dial string s pptpEnable spawning command s PID File for dhcpc found pid d pptpMgmtDBUpdateHandler query string s
67. the PC s Windows toolbar select Start gt Run 2 Type ping n 10 lt IP_address gt where n 10 specifies a maximum of 10 tries and lt IP address gt is the IP address of a remote device such as your ISP s DNS server Example ping n 10 10 1 1 1 3 Click OK and then observe the display see the previous procedure 4 If the path is not working do the following e Check that the PC has the IP address of your firewall listed as the default gateway If the IP configuration of your PC is assigned by DHCP this information is not visible in your PC s Network Control Panel 150 Unified Services Router User Manual e Verify that the network subnet address of your PC is different from the network address of the remote device e Verify that the cable or DSL modem is connected and functioning e Ask your ISP if it assigned a hostname to your PC If yes select Network Configuration gt WAN Settings gt Ethernet ISP Settings and enter that hostname as the ISP account name e Ask your ISP if it rejects the Ethernet MAC addresses of all but one of your PCs Many broadband ISPs restrict access by allowing traffic from the MAC address of only your broadband modem but some ISPs additionally restrict access to the MAC address of just a single PC connected to that modem If this is the case configure your firewall to clone or spoof the MAC address from the authorized PC 11 4 Restoring factory default configuration set
68. the configured addresses The SMTP port and return e mail addresses are required fields to allow the router to package the logs and send a valid e mail that is accepted by one of the configured send to addresses Up to three e mail addresses can be configured as log recipients In order to establish a connection with the configured SMTP port and server define the server s authentication requirements The router supports Login Plain no encryption or CRAM MDS encrypted for the username and password data to be sent to the SMTP server Authentication can be disabled if the server does not have 126 Unified Services Router User Manual this requirement In some cases the SMTP server may send out IDENT requests and this router can have this response option enabled as needed Once the e mail server and recipient details are defined you can determine when the router should send out logs E mail logs can be sent out based on a defined schedule by first choosing the unit i e the frequency of sending logs Hourly Daily or Weekly Selecting Never will disable log e mails but will preserve the e mail server settings Figure 82 E mail configuration as a Remote Logging option Date and Time Log Settings Schedules oom Il nova REMOTE LOGGING CONFIGURATION LOGOUT This page allows user to configure the remote logging options for the router Save Settings Don t Save Settings Log Options R
69. the private network without any special network configuration on the remote SSL VPN client machine It is important to ensure that the virtual PPP interface address of the VPN tunnel client does not conflict with physical devices on the LAN The IP address range for the SSL VPN virtual network adapter should be either in a different subnet or non overlapping range as the corporate LAN XW The IP addresses of the client s network interfaces Ethernet Wireless etc cannot be identical to the router s IP address or a server on the corporate LAN that is being accessed through the SSL VPN tunnel 108 Unified Services Router User Manual Figure 68 SSL VPN client adapter and access configuration seco JA sor ES rr SSL YPN CLIENT LOGOUT An SSL YPN tunnel client provides a point to point connection between the browser side machine and this device When a SSL YPN client is launched From the user portal a network adapter with an IP address DNS and WINS settings is automatically created which allows local applications to talk to services on the private network without any special network configuration on the remote SSL YPN client machine Save Settings Don t Save Settings Client IP Address Range VPN Settings USB Settings Enable Split Tunnel Support DNS Suffix Optional Primary DNS Server Optional Secondary DNS Server Optional Client Address Range Begin 192 168 251 1 Client Address Rang
70. tldent d tLen d tType d tOpCode d tMSID d tmsLen d tvalSize d Frag Buffer bytes left d Stripped username s digestLen d ClearText CipherText digestLen d digestLen1 d digestLen2 d DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Setting profile to glue layer ERROR _eapCtxCreate failed d authentication not enabled in the system ERROR TTLS key derive ERROR TTLS context from EAP plugin is NULL ERROR Allocating memory for TTLS Phase 2 payload ERROR TLS Encrypting response ERROR Allocating TLS read buffer is NULL ERROR Inner authentication id d unhandled innerEapRecv is NULL ERROR Decrypting TLS data ERROR Processing Phase 2 method Error Writing message to BIO ERROR TLS handshake ERROR Unexpected tlsGlueContinue return value NULL request or response PDU or NULL context Protocol version mismatch ERROR Creating receive buffer ERROR Setting first fragment ERROR Setting fragment ERROR Setting last fragment ERROR Getting message ERROR Processing TTLS message ERROR Processing TTLS message ERROR Processing TTLS message ERROR Decapsulating AVP ERROR Processing EAP recei
71. values d d S Profile s does not exist IAPP initialized Encrypting context key s for could not find access point context for S join event for existing node s failed to send PNAC_FORCE_AUTHORIZED failed to send PNAC_AUTHORIZED failed to send PNAC_VAR_KEY_AVAILABLE TRUE failed to send PNAC_VAR_KEY_TX_EN TRUE failed to send PNAC_VAR_KEY_TX_EN FALSE failed to send PNAC_FORCE_AUTHORIZED failed to send PNAC_AUTHORIZED mic verification OK pnaclfConfig Invalid supplicant Failed to process user request Failed to process user request s d pnaclfConfigUmiloctl umiloctl failed pnaclfConfigUmiloctl usrPnac returned d pnaclfConfigUmiloctl usrPnac returned d pnaclfConfigUmiloctl usrPnac returned d pnacKernNotifier invalid PAE configuration From pnacEapDemoAuthRecv unsupported response From pnacEapDemoAuthRecv invalid codes received From pnacRadXlateDemoRecv received unknown From pnacRadXlateDemoRecv invalid codes received Error from pnacRadXlateDemoRecv malloc failed From pnacRadXlateRadPktHandle received a non supported Only md5 authentication scheme currently supported Message from authenticator from pnacPDUXmit bufsize d pktType d pnacPDUXmit sending eap packet code d DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
72. 0 days 9 8 Using Diagnostic Tools Tools gt System Check The router has built in tools to allow an administrator to evaluate the communication status and overall network health 132 Unified Services Router User Manual Figure 88 Router diagnostics tools available in the GUI DSR 1000N ADVANCED TOOLS STATUS SYSTEM CHECK LOGOUT This page can be used for diagnostics purpose This page provide user with some diagnostic tools like ping traceroute and packet sniffer Ping or Trace an IP Address Firmware via USB IP Address Domain Name www dlink com Dynamic DNS Ping Traceroute System Check Perform a DNS Lookup Lookup Router Options Display the IPv4 Routing Table Display Display the IPv6 Routing Table Display Packet Trace Capture Packets 9 8 1 Ping This utility can be used to test connectivity between this router and another device on the network connected to this router Enter an IP address and click PING The command output will appear indicating the ICMP echo request status 9 8 2 Trace Route This utility will display all the routers present between the destination IP address and this router Up to 30 hops intermediate routers between this router and the destination will be displayed 133 Unified Services Router User Manual Figure 89 Sample traceroute output DSR 1000N SETUP ADVANCED TOOLS STATUS Trace Route To www dli
73. 074 mIRC TCP LAN 2024 6000 E dit Delete Add The application rule status page will list any active rules i e incoming ports that are being triggered based on outbound requests from a defined outgoing port Web Content Filtering The gateway offers some standard web filtering options to allow the admin to easily create internet access policies between the secure LAN and insecure WAN Instead of creating policies based on the type of traffic as is the case when using firewall rules web based content itself can be used to determine if traffic is allowed or dropped Content Filtering Advanced gt Website Filter gt Content Filtering Content filtering must be enabled to configure and use the subsequent features list of Trusted Domains filtering on Blocked Keywords etc Proxy servers which can be used to circumvent certain firewall rules and thus a potential security gap can be blocked for all LAN devices Java applets can be prevented from being downloaded from internet sites and similarly the gateway can prevent ActiveX controls from being downloaded via Internet Explorer For added security cookies which typically contain session information can be blocked as well for all devices on the private network 80 Unified Services Router User Manual Figure 47 Content Filtering used to block access to proxy servers and prevent ActiveX controls from being downloaded DSR 1000N SETUP ADVANCED TOOLS STATUS gt A
74. 2 2X 2 2X 2 2X o2 2 X t s t s t s o2 2X 2 2X o2 2X 2 2X 2 2X o2 2 x t s t t d Y d tFunction t s j ni gt node_trace i funcp DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG from martian source u u u u from Il header Unable to create ip_set_list Unable to create ip_set_hash ip_conntrack_in Frag of proto u hook u Unable to register netfilter socket option Unable to create ip_conntrack_hash Unable to create ip_conntrack slab cache Unable to create ip expect slab cache Unable to create ip_set_iptreeb slab cache Unable to create ip_set_iptreed slab cache s cannot allocate space for scompressor fname s cannot allocate space for MPPC history s cannot allocate space for MPPC history s cannot load ARC4 module fname s cannot load SHA1 module fname s CryptoAPI SHA1 digest size too small fname s cannot allocate space for SHA1 digest fname S d trying to write outside history S d trying to write outside history SVU SV d SVU an trying to write outside history too big uncompressed packet encryption negotiated but not S d frame error not an MPPC or MPPE Kernel doesn t provide ARC4 and or SHA1 algorithms PPP not interface or channel PPP no m
75. 2tpMgmtTblHandler unable to get the Mtu ERROR DHCPv 6 Client start failed ERROR l2tpMgmtTblHandler dbRecordValueGet failed for s ERROR DHCPVv 6 Client stop failed ERROR I2toMgmtTblHandler 2tpEnable failed ERROR _ failed to create ooen DHCPv6 client ERROR failed to write DHCPV 6 client I2tpMgmtTblHandler disabling l2tp failed ERROR configuration file ERROR I2toMgmtDBUpdateHandler sqlite3QueryResGet ERROR _ failed to restart DHCPVv6 Client ERROR l2toMgmtDBUpdateHandler error in failed to create open DHCPv6 Server executing ERROR i ERROR Illegal invocation of tecpdumpConfig s ERROR Restoring old configuration ERROR DHCPV6 Server configuration update Failed to start tcpdump ERROR _ failed ERROR Failed to stop tcpdump ERROR DHCPV6 Server Restart failed ERROR Invalid tcpdumpEnable value ERROR sqlite3QueryResGet failed Query s ERROR Facility System VPN Log Message Severity Log Message Severity d command not supported by eapAuth DEBUG PEAP key derive ERROR ERROR pCtx NULL DEBUG PEAP context is NULL ERROR ERROR Current cert subject name s DEBUG Constructing P2 response ERROR ERROR X509_STORE_CTX_get_ex_data failed DEBUG innerEapRecv is NULL ERROR ERROR Cannot get cipher no session est DEBUG Decrypting TLS data ERROR ERROR S SSL_ERROR_WANT_X509_ LOOKUP DEBUG Wrong identity size ERROR ERROR Wrong size for extensions packet err code d i
76. 3 5 1 a oUa Moo AEE A A E E EEE 44 3 5 2 Dynamic Routing RIP sseessseesesessesesersssesrssesesessrsessesesresestssesessesesrrsesresesesse 46 35 3 Static ROUNO meropes oe neee ee rae sa EES ae otatadaenseoivedeesbetentenivegesseveesteeys 47 3 6 Configurable Port WAN Option sssessssesseseesesessrsessrsesesrsrsseseesesesrrsesresesesse 49 Sel WAN POI Senn gS soy sdsusscoavcensyisnpitederscersenrectsderveensyninquitdetssnyticnibicdh dessa eanyhinasn 51 Wireless Access Point Setup ccceceeseeseesseeeceseeseeseceeeseeseeseeeeeeaeeaeeaeeeeeseeaeereeeeess 53 4 1 Wireless Settings Wizard 00 eee eceeeeseeceeseeceecceeeeseeseeeceeseesecseceeeaeeaeereeeeess 53 4 1 1 Wireless Network Setup Wizard 0 ee ececceeceeceeseeeeeeeeeeeseeaecsececeeseeaeeeeeeeess 54 4 1 2 Add Wireless Device with WPS ce eeeecesceeceeceeceeseeeeeeceeseesecseeeeeeseeaeeseeeeeees 54 4 1 3 Manual Wireless Network Setup cccescesceeeeeeseeeeeeseeseeseceeeeeeseeaeeereeeees 55 4 2 Wireless Profiles 0 2 ececceeeeseeseeseescesseeseesecseessesseesecseesseaeeaecseessenaesaeeeensenes 55 4 21 WEP S6CUIILY coe cise uilite Oh eels eel ets ec ee ace 56 4 2 2 WPA or WPA2 with PSK 7 00 eee ecceeceecceseeseeseeeeeeceeaeeaeeeceeseeaeeaeeeeeseeaeeaeeeeeees 57 4 2 3 RADIUS Authentication eee ecceeecceeeseeeeeeeceseesecseceeeseeaeceeeeeeseeaeeeeeeeees 58 4 3 Creating and Using Access Points ccceeceeseeseeseeeeeeceeseeseeeeee
77. 38 List of Available Firewall Rules IPV4 FIREWALL RULES Website Filter Firewall Settings gt A firewall is a security mechanism to selectively block or allow certain types of traffic in accordance with rules specified by network administrators You can use this page to manage the firewall rules that control traffic to and from your network The List of Available Firewall Rules table includes all firewall rules for this device and allows several operations on the firewall rules Wireless Settings gt Advanced Network List of Available Firewall Rules From To x z Source Destination Local Internet 0 E Zone Zone SEN ts DE Hosts Hosts Server Destination at ALLOW by 176 16 2 200 C Disabled LAN WAN ANY _ schedule otherwise Any Never block 176 16 2 254 ALLOW by Fi Disabled WAN LAN FTP schedule otherwise Any 176 16 2 155 WAN1 Never block C Disabled WAN DMZ DocServer ALLOW always Any 172 16 1 11 WAN1 Never 5 2 Defining Rule Schedules Tools gt Schedules Firewall rules can be enabled or disabled automatically if they are associated with a configured schedule The schedule configuration page allows you to define days of the week and the time of day for a new schedule and then this schedule can be selected in the firewall rule configuration page XW All schedules will follow the time in the routers configured time zone Refer to the section on choosing your Time Zone and configuring NTP servers for mo
78. 5250pen YPN Tunnel 0 0 0 0 2525 2525 Permit E dit Delete Add To add a SSL VPN policy you must first assign it to a user group or make it global i e applicable to all SSL VPN users If the policy is for a group the available configured groups are shown in a drop down menu and one must be selected Similarly for a user defined policy a SSL VPN user must be chosen from the available list of configured users The next step is to define the policy details The policy name is a unique identifier for this rule The policy can be assigned to a specific Network Resource details follow in the subsequent section IP address IP network or all devices on the LAN of the router Based on the selection of one of these four options the appropriate configuration fields are required i e choosing the network resources from a list of defined resources or defining the IP addresses For applying the policy to addresses the port range port number can be defined The final steps require the policy permission to be set to either permit or deny access to the selected addresses or network resources As well the policy can be specified for one or all of the supported SSL VPN services i e VPN tunnel Once defined the policy goes into effect immediately The policy name SSL service it applies to destination network resource or IP addresses and permission deny permit is outlined in a list of configured policies for the router 103 Unifie
79. 8 10 1 XW If you change the IP address and click Save Settings the GUI will not respond Open a new connection to the new IP address and log in again Be sure the LAN host the machine used to manage the router has obtained IP address from newly assigned pool or has a static IP address in the router s LAN subnet before accessing the router via changed IP address e Subnet mask factory default 255 255 255 0 2 Inthe DHCP section select the DHCP mode e None the router s DHCP server is disabled for the LAN e DHCP Server With this option the router assigns an IP address within the specified range plus additional specified information to any LAN device that requests DHCP served addresses e DHCP Relay With this option enabled DHCP clients on the LAN can receive IP address leases and corresponding information from a DHCP server on a different subnet Specify the Relay Gateway and when LAN clients make a DHCP request it will be passed along to the server accessible via the Relay Gateway IP address e If DHCP is being enabled enter the following DHCP server parameters e Starting and Ending IP Addresses Enter the first and last continuous addresses in the IP address pool Any new DHCP client joining the LAN is assigned an IP address in this range The default starting address is 192 168 10 2 The default ending address is 192 168 10 100 These addresses should be in the same IP address subnet as the router s LAN IP addre
80. ALGs r r r Vv qI II 5 6 VPN Passthrough for Firewall Advanced gt Firewall Settings gt VPN Passthrough This router s firewall settings can be configured to allow encrypted VPN traffic for IPsec PPTP and L2TP VPN tunnel connections between the LAN and internet A specific firewall rule or service is not appropriate to introduce this passthrough support instead the appropriate check boxes in the VPN Passthrough page must be enabled 78 Unified Services Router User Manual Figure 45 Passthrough options for VPN tunnels DSR 1000N SETUP ADVANCED TOOLS STATUS Ap d Website Filter PN PASSTHROUGH LOGOUT Firewall Settings This page allows user to configure YPN IPSec PPTP and L2TP passthrough on the router Save Settings Don t Save Settings YPN Passthrough 5 7 Application Rules Advanced gt Application Rules gt Application Rules Application rules are also referred to as port triggering This feature allows devices on the LAN or DMZ to request one or more ports to be forwarded to them Port triggering waits for an outbound request from the LAN DMZ on one of the defined outgoing ports and then opens an incoming port for that specified type of traffic This can be thought of as a form of dynamic port forwarding while an application is transmitting data over the opened outgoing or incoming port s Port triggering application rules are more flexible than static port forwarding that is an
81. AN LAN Configuration Port Name Port 4 Mode Access v USB Settings VLAN Settings ev LAN Membership Apply Cancel 2 3 Configurable Port DMZ Setup XW DSR 250N does not have a configurable port there is no DMZ support This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port A DMZ is a subnetwork that is open to the public but behind the firewall The DMZ adds an additional layer of security to the LAN as specific services ports that are exposed to the internet on the DMZ do not have to be exposed on the LAN It is recommended that hosts that must be exposed to the internet such as web or email servers be placed in the DMZ network Firewall rules can be allowed to permit access specific services ports to the DMZ from both the LAN or WAN In the event of an attack to any of the DMZ nodes the LAN is not necessarily vulnerable as well Setup gt DMZ Setup gt DMZ Setup Configuration DMZ configuration is identical to the LAN configuration There are no restrictions on the IP address or subnet assigned to the DMZ port other than the fact that it cannot be identical to the IP address given to the LAN interface of this gateway 24 Unified Services Router User Manual Figure 8 DMZ configuration DSR 1000N SETUP ADVANCED TOOLS STATUS DMZ SETUP LOGOUT The De Militarized Zone DMZ is a network which when compared to the
82. AuthBuildRC4KeyDesc adpCipherContextCtrl pnacDot11UserSet incorrect buffer length PNAC user component id not set User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router User Manual Failed to initiate PBC based enrolle pnacKeyInfoGet failed to allocate association ERROR buffer ERROR Invalid association mode Allowed PNAC user comp id not set dropping modes PIN PBC ERROR EAPOL key pkt ERROR pnacUmiPortPaeParamSet invalid wpsEnable running wsccmd failed ERROR buffer received ERROR Failed to send QUIT command to WSC from DOT11 ERROR Error from pnacRecvASInfoMessage ERROR Failed to clear off the WPS process ERROR pnacRecvASInfoMessage ERROR pnacRecvASInfoMessage Bad info missing profile name ERROR length ERROR A profile exists with the same name ERROR Error from pnacLiblnit malloc failed ERROR Error in allocating memory for profile ERROR could not create phy ports lock ERROR missing profile name ERROR could not create nodes ports lock ERROR missing profile name ERROR port exists for iface s ERROR Profile name and interface name must be specified ERROR pnacPhyPortCreate failed ERROR Profile s does not exist ERROR kpnacPhyPortCreate failed ERROR Could not set profil
83. BUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG A S WSWS Wd gt S d S HS WSVS d S s Failed to add WDS MAC s dev gt name s Device already has WDS mac address attached s Added WDS MAC s dev gt name s WDS MAC address s is not known by this interface madwifi s Not enough space _ FUNCTION __ Returning to chan d ieeeChan WEP AES AES_CCM CKIP TKIP s cannot map channel to mode freq u flags Ox x S S vap gt iv_dev gt name buf s Ys s vap gt iv_dev gt name s Ys s vap gt iv_dev gt name ether_sprintf mac buf s s discard s frame s vap gt iv_dev gt name s s discard frame s vap gt iv_dev gt name s s discard s information element s s s discard information element HS s s discard s frame s vap gt iv_dev gt name s s discard frame s vap gt iv_dev gt name ifmedia_add null ifm Adding entry for ifmedia_set no match for Ox x O0x x ifmedia_set target ifmedia_set setting to DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
84. BUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 193 Unified Services Router s mac_del 02K 02XK 02K 02X 02K 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s mac_kick 02K 02X 02K 02X 02K 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s Mac_undefined 02K 02XK 02K 02X 02X 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s addr_add 02K 02XK 02K 02X 02K 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s addr_del 02K 02XK 02K 02X 02K 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s mac_undefined 02XK 02XK 02K 02X 02K 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s set_float d d IRQ 32 is triggered ip_finish_output2 No header cache and no neighbour a guy asks for address mask Who is it icmp v4 hw csum failure expire gt gt u d d d expire expire Yu d d d expire rt_cache 02x u u u u hash rt_bind_peer 0 p NET _CALLER iph ip_rt_advice redirect to ip_rt_bug u u u u gt RU U U U S udp cork app bug 2 udp cork app bug 3 udp v4 hw csum failure UDP short packet From U U U U U d d to RU YuU U U U UDP bad checksum From d d d d d to Hd d d d d ulen
85. BUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual Deleting schedule based firewall rules Deleting schedule based firewall rules from DB Update schedule based firewall rules in DB Restart schedule based firewall rules inter vlan routing enabled inter vlan routing disabled Disabling Content Filter for d Enabling Content Filter for d src firewall linux user firewalld c 59 u ndef ADP_DEBUG2 sre firewall linux user firewalld c 61 d efine ADP_DEBUG2 printf Enabling Source MAC Filtering Disabling Source MAC Filtering Adding MAC Filter Policy for Block amp Permit Rest Adding MAC Filter Policy for Permit amp Block Rest Restarting Source MAC Address Policy Disabling Firewall Rule for DHCP Relay Protocol Enabling Firewall Rule for DHCP Relay Protocol prerouting Firewall Rule add for Relay failed prerouting Firewall Rule add for Relay failed Deleting MAC Filter Policy for Address S Adding MAC Filter Policy for Address S Disabling Firewall Rules for DMZ host Enabling Firewall Rules for DMZ host Disabling Firewall Rules for Spill Over Load Balancing Disabling Firewall Rules for Load Balancing Enabling Firewall Rules for Load Balancing Enabling Firewall Rules for Spill Over Load Balancing Enabling F
86. Content Filtering e E e a A EaR 80 5 8 2 Approved URES AA bl AE 81 5 8 3 Blocked KeyWords e eA A E EE ERNEA 82 5 9 IP MAG Binding ccecceceeseesceeseeceeseeseeeeeceeseeseceeeceesecseeeeeeaeeseseseeeeaeeaeereesees 83 5 10 Intrusion Prevention IPSs zes sestian an a a e ee a R e an 84 5 11 Protecting from Internet Attacks e seeeeesesseseeseseesesessesesrrsesrrsesessrsesseseserses 85 IPsec PPTP 7 LTP VEN eera a R E E A E E T EE E 87 6 1 AAN IKTA s Tao PES AE E A EAE E E E E E 88 6 2 Configuring IPsec Policies siennes iee T N E 91 6 2 1 Extended Authentication XAUTH s ssssesesessssessesessesessrsessrsrsresesessrsessrseserses 94 6 2 2 Internet over IPSec tUNNel ee ee eceeeceeceeceeseesececeeseeseeseceeesecaeeeeeeseeaeeeeeeenss 94 6 3 Configuring VPN CIIiONts ce ececceeseeceeceeseesececeeeeeseeseceeeeeeeaecaeeseeeseeaeeeeeeeess 95 6 4 PPTP L2TP TUNNEIS nesr e E ES 95 6 4 1 PPTP Tunnel Support ee eeeeeecceseesseeseeseesecsececeeseeseceeeeeeaecseeeeeeeeaeeeeeeeess 95 6 4 2 L2TP Tunnel Support ee eceeeesceseeseeeseesceseeseceeeseeaeeeecceesecseseeeeseeaeeneeereess 96 SSL VPN Aid 25 Sela eS hes ee oe a ell eo a 97 7 1 Users Groups ANd DOMAINS ce cceccesscesseeseceeesseceseceseesseceseesssesseeeseenseees 98 7 1 1 User Types and Passwords ccccecceseeseeseeeseeceeseeseceececeesecaeseeeeeeeaeeaeeeeeeees 100 7 2 Using SSL VPN PolicieS ceccescesseeseeseeseeeseeseeseessesseesesa
87. EBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG eapolRecvKeyMsg invalid descriptor version eapolRecvKeyMsg incorrect descriptor version eapolRecvKeyMsg Ack must not be set eapolRecvKeyMsg MIC bit must be set wpaAuthRecvPTKMsg2 packet received wpaAuthRecvPTKMsg2 failed wpaAuthRecvPTKMsg2 mismatch wpaAuthRecvPTKMsg4 packet received wpaAuthRecvPTKMsg4 keyDataLength not zero wpaAuthRecvPTKMsg4 failed wpaAuthRecvGTKMsg2 unexpected packet received secureBit not set in GTK Msg2 wpaAuthRecvGTKMsg2 keyDataLength not zero wpaAuthRecvGTKMsg2 mic check failed wpaAuthRecvKeyReg unexpected packet received wpaAuthRecvKeyReg keyDataLength not zero wpaAuthRecvKeyReq mic check failed unexpected mic check rsnie unexpected mic check invalid OUI x x x s invalid OUI x x x S d Cipher in WPA IE x s invalid OUI x x x short WPA IE length d received PTK state machine in unknown state dot 1InstallKeys failed group state machine entered into WPA_AUTH_GTK_INIT dot11Malloc failed dot1 1Malloc failed dot11Malloc failed aesWrap failed unknown key descriptor version d dot11Malloc failed could not initialize AES128ECB could not initialize AES 128 ECB MD5 initialization failed User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERRO
88. EBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ifmedia_ioctl no media found for Ox x ifmedia_ioctl switching s to dev gt name ifmedia_match multiple match for lt unknown type gt desc gt ifmt_string mode s desc gt ifmt_string lt unknown subtype gt s desc gt ifmt_string S S seen_option S S seen_option s seen_option gt S s dev gt name buf s no memory for sysctl tablel __ func __ s no memory for VAP name __ func __ s failed to register sysctls vap gt iv_dev gt name S NO memory for new proc entry s __func_ Ss Ox p len u tag p len 03d i 02x u_int8_t p i first difference at byte u i S t gt name FAIL ieee80211_crypto_newkey failed FAIL ieee80211_crypto_setkey failed FAIL unable to allocate skbuff FAIL wep decap failed FAIL decap botch length mismatch FAIL decap botch data does not compare FAIL wep encap failed FAIL encap data length mismatch FAIL encrypt data does not compare PASS u of u 802 111 WEP test vectors passed pass total S Ox p len u tag p len 03d i User Manual DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DE
89. ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 176 Unified Services Router cpuMemUsageDBUpdateHandler SQL error S ERROR unable to open the DB file s ERROR umilnit failed ERROR unable to register to UMI ERROR Error Reading from the Database ERROR short DB update event request ERROR Error in executing DB update handler ERROR adpListNodeRemove Returned with an error ERROR command too long Try increasing ERROR failed to allocate memory for CRON_NODE ERROR sqlite3QueryResGet failed ERROR There was an error while reading the schedules ERROR unable to register to UMI ERROR short DB update event request ERROR malloc DB_UPDATE_NODE failed ERROR short ifDev event request ERROR sqlite3_mprintf failed ERROR no component id matching s ERROR umiloctl s UMI_CMD_DB_UPDATE d failed ERROR sqlite3_mprintf failed ERROR sqlite3_mprintf failed ERROR no component id matching s ERROR umiloctl s UMI_CMD_IFDEV_EVENT d failed ERROR klogctl 9 failed ERROR malloc failed for d bytes ERROR klogctl 4 failed ERROR emailLogs Invalid Number of Arguments Exiting ERROR sqlite3QueryResGet failed ERROR Could not execute the smtpClient ERROR Error while cleaning the database Exiting s ERROR Invalid Privacy Algorithm Failed to Get Host Address Invalid version snmp v3 Trap Configuration Failed sqlite8QueryResGet failed query s sqlit
90. FCC regulations Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment Canadian Department of Communications Industry Canada IC Notice This Class B digital apparatus complies with Canadian ICES 003 and RSS 210 Cet appareil num rique de la classe B est conforme ala norme NMB 003 et CNR 210 du Canada Industry Canada Statement This device complies with RSS 210 of the Industry Canada Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation 216 Unified Services Router User Manual IMPORTANT NOTE Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment End users must follow the specific operating instructions for satisfying RF exposure compliance To maintain compliance with IC RF exposure compliance requirements please follow operation instruction as documented in this manual 217 Unified Services Router User Manual 3 DSR 250N Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against ha
91. Frames Option Enable Jumbo Frames 117 Unified Services Router User Manual Chapter 9 Administration amp Management 9 1 Configuration Access Control The primary means to configure this gateway via the browser independent GUI The GUI can be accessed from LAN node by using the gateway s LAN IP address and HTTP or from the WAN by using the gateway s WAN IP address and HTTPS HTTP over SSL Administrator and Guest users are permitted to login to the router s management interface The user type is set in the Advanced gt Users gt Users page The Admin or Guest user can be configured to access the router GUI from the LAN or the Internet WAN by enabling the corresponding Login Policy Figure 75 User Login policy configuration DSR 1000N ADVANCED TOOLS STATUS Application Rules gt Website Filter gt gt Firewall Settings This page allows user to add login policies for the available users Wireless Settings gt Save Settings Don t Save Settings Advanced Network Certificates User Login Policies User Name Engineering Disable Login Deny Login from WAN Interface v IP MAC Binding Radius Settings Power Saving 9 1 1 Remote Management Both HTTPS and telnet access can be restricted to a subset of IP addresses The router administrator can define a known PC single IP address or range of IP addresses that are allowed to access the GUI with HTT
92. INK DOWN Use only single WAN port Secondary WAN 0 0 0 0 0 0 0 0 0 0 0 0 Renew Release 4A BB CC DD EF 01 0 0 0 0 0 0 0 0 DOWN Enabled ThreeG Unable To Open Communication Port LINK DOWN Use only single WAN port Secondary WAN 0 0 0 0 0 0 0 0 0 0 0 0 Dis able The WAN status page allows you to Enable or Disable static WAN links For WAN settings that are dynamically received from the ISP you can Renew or Release the link parameters if required 38 Unified Services Router User Manual 3 3 Bandwidth Controls Advanced gt Advanced Network gt Traffic Management gt Bandwidth Profiles Bandwidth profiles allow you to regulate the traffic flow from the LAN to WAN 1 or WAN 2 This is useful to ensure that low priority LAN users like guests or HTTP service do not monopolize the available WAN s bandwidth for cost savings or bandwidth priority allocation purposes Bandwidth profiles configuration consists of enabling the bandwidth control feature from the GUI and adding a profile which defines the control parameters The profile can then be associated with a traffic selector so that bandwidth profile can be applied to the traffic matching the selectors Selectors are elements like IP addresses or services that would trigger the configured bandwidth regulation Figure 19 List of Configured Bandwidth Profiles o TE status Application Rules te Filter BANDWIDTH PROFILES Firew
93. IPS Status Number of Signatures Loaded 5 11 Protecting from Internet Attacks Advanced gt Advanced Network gt Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the router unusable Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP scans TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources Additionally certain Denial of Service DoS attacks can be blocked These attacks if uninhibited can use up processing power and bandwidth and prevent regular network services from running normally ICMP packet flooding SYN traffic flooding and Echo storm thresholds can be configured to temporarily suspect traffic from the offending source 85 Unified Services Router User Manual Figure 52 Protecting the router and LAN from internet attacks ATTACK CHECKS LOGOUT This page allows you to specify whether or not to protect against common attacks From the LAN and WAN networks Save Settings Don t Save Settings WAN Security Checks Enable Stealth Mode Block TCP flood LAN Security Checks Block UDP flood Vv ICSA Settings Block ICMP Notification Block Fragmented Packets Block Multicast Packets DoS Attacks SYN Flood Detect Rate max sec Echo Storm ping pkts sec ICMP Flood ICMP pkts sec 86 Unified Services Router User Manual Chapter 6
94. K printk bcmDevicelnit registration failed bcmDevicelnit pCdev Add failed REG Size 8 Bit Value x At Page x Addr AX REG Size 16 Bit DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG s options rejected o 0 02x o 1 02x s don t know what to do o 5 02x New port d ntohs expinfo gt natport skb len d dlen d pskb gt len weeeee Non linear skb End of sdp p nexthdr S unknown pairwise cipher d S unknown group cipher d s unknown SIOCSIWAUTH flag d s unknown SIOCGIWAUTH flag d s unknown algorithm d s key size d is too large try_module_get failed s request_irq failed dev gt name try_module_get failed try_module_get failed s unknown pairwise cipher d s unknown group cipher d s unknown SIOCSIWAUTH flag d s unknown SIOCGIWAUTH flag d s unknown algorithm d s key size d is too large unable to load s scan_modnames mode Failed to mkdir proc net madwifi try_module_get failed s request_irq failed dev gt name too many virtual ap s already got d Sc gt SC_nvaps s request_irq failed dev gt name rix u Yu bad ratekbps u mode u User Manual WARNIN G WARNIN G WARNIN G WAR
95. NIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G 203 Unified Services Router Value x At Page x Addr X REG Size 32 Bit Value x At Page x Addr X REG Size 64 Bit REG Size is not in 8 16 32 64 Written Value x At Page x Addr x bcm_ioctl Unknown loctl Case Register Dump for Port Number d port s Read Status s data x regNamejj s Read Status s data x regNamejj powerDevicelnit device registration failed powerDevicelnit adding device failed s Error Big jump in pn number TID d from x x to x x s The MIC is corrupted Drop this frame func __ s The MIC is OK Still use this frame and update PN func __ ADDBA send failed recipient is not a 11n node Cannot Set Rate x value Getting Rate Series x vap gt iv_fixed_rate series Getting Retry Series x vap gt iv_fixed_rate retries IC Name s ic gt ic_dev gt name usage rtparams rt_idx lt 0 1 gt per lt 0 100 gt probe_intval lt 0 100 gt usage acparams ac lt 0 3 gt RTS lt 0 1 gt aggr scaling lt 0 4 gt min mbps lt 0 250 gt usage hbrparams ac lt 2 gt enable lt 0 1 gt per_low l
96. O INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO 200 Unified Services Router test key key pre hashed key key const char descr krb5_keyblock k AES 128 bit key amp key const char descr krb5_keyblock k test key key pre hashed key key const char descr krb5_keyblock k 128 bit AES key amp dk 256 bit AES key amp dk WARNING bwMonMultipathNxtHopSelect checking rates hop d dev s usableBwLimit d currBwShare d lastHopSelected d weightedHopPrefer d 1 selecting hop d lastHopSelected d selHop lastHopSelected 4 hop d dev s usableBwLimit d currBwShare d lastHopSelected d weightedHopPrefer d 2 selecting hop d lastHopSelected d selHop lastHopSelected 3 selecting hop d lastHopSelected d selHop lastHopSelected bwMonitor multipath selection enabled bwMonitor multipath selection disabled weightedHopPrefer set to d weightedHopPrefer bwMonitor sysctl registration failed bwMonitor sysctl registered bwMonitor sysctl not registered Unregistered bwMonitor sysctl CONFIG_SYSCTL enabled Initialized bandwidth monitor Removed bandwidth monitor Oops AES_GCM_encrypt failed keylen u key gt cvm_keylen Oops AES_GCM_decrypt failed ke
97. OGS FACILITY This page allows user to set the date and time for the router User can use the automaic or manual date and settings depending upon his choice Save Settings Don t Save Settings Logs Facility Facility System Display and Send Logs Display in Event Log Send i HOoGBOaASBSs Bs SSS S8SS8SB8 SB BS Sg The display for logging can be customized based on where the logs are sent either the Event Log viewer in the GUI the Event Log viewer is in the Status gt Logs page or a remote Syslog server for later review E mail logs discussed in a subsequent section follow the same configuration as logs configured for a Syslog server Tools gt Log Settings gt Logs Configuration This page allows you to determine the type of traffic through the router that is logged for display in Syslog E mailed logs or the Event Viewer Denial of service attacks general attack information login attempts dropped packets and similar events can be captured for review by the IT administrator Traffic through each network segment LAN WAN DMZ can be tracked based on whether the packet was accepted or dropped by the firewall Accepted Packets are those that were successfully transferred through the corresponding network segment i e LAN to WAN This option is particularly useful when the Default Outbound Policy is Block Always so the IT admin can monitor traffic that is passed through the f
98. OLS STATUS The page will auto refresh in 7 seconds ACTIVE YPN LOGOUT Traffic Monitor This page displays the active YPN connections IPSEC as well as SSL Active IPSec SAs Policy Name Endpoint tx KB tx Packets State Action test_policy 97 0 0 32 0 00 0 IPsec SA Not Established Connect Active VPNs test_manual_pol 97 0 0 58 0 00 0 IPsec SA Not Established Connect Active SSL YPN Connections UserName IP Address Local PPP Interface Peer PPP Interface IP Connect Status Poll Interval fio Seconds Start Stop All active SSL VPN connections both for VPN tunnel and VPN Port forwarding are displayed on this page as well Table fields are as follows 146 Unified Services Router User Manual Chapter 11 Trouble Shooting 11 1 Internet connection Symptom You cannot access the router s web configuration interface from a PC on your LAN Recommended action 1 2 Check the Ethernet connection between the PC and the router Ensure that your PC s IP address is on the same subnet as the router If you are using the recommended addressing scheme your PC s address should be in the range 192 168 10 2 to 192 168 10 254 Check your PC s IP address If the PC cannot reach a DHCP server some versions of Windows and Mac OS generate and assign an IP address These auto generated addresses are in the range 169 254 x x If your IP address is in this range check the connection from the PC to the fir
99. OPEN NONE NONE E dit Delete Add 4 2 1 WEP Security If WEP is the chosen security option you must set a unique static key to be shared with clients that wish to access this secured wireless network This static key can be generated from an easy to remember passphrase and the selected encryption length e Authentication select between Open System or Shared Key schemes e Encryption select the encryption key size 64 bit WEP or 128 bit WEP The larger size keys provide stronger encryption thus making the key more difficult to crack e WEP Passphrase enter a alphanumeric phrase and click Generate Key to generate 4 unique WEP keys with length determined by the encryption key 56 Unified Services Router User Manual size Next choose one of the keys to be used for authentication The selected key must be shared with wireless clients to connect to this device Figure 31 Profile configuration to set network security DSR 1000N SETUP ADVANCED TOOLS STATUS PROFILES LOGOUT The Profile Configuration page allows you to set or modify the network identifiers and wireless settings of a particular wireless profile Profiles can be applied to more than once access point if needed Save Settings Don t Save Settings Profile Configuration Profile Name SSID Broadcast SSID Security Encryption Authentication WPA Password Enable Pre Authentication WEP Index and Keys Authentication Open System 7
100. On the remote gateway side the outgoing packet will be SNAT ed 94 Unified Services Router User Manual 6 3 6 4 6 4 1 Configuring VPN clients Remote VPN clients must be configured with the same VPN policy parameters used in the VPN tunnel that the client wishes to use encryption authentication life time and PFS key group Upon establishing these authentication parameters the VPN Client user database must also be populated with an account to give a user access to the tunnel XW VPN client software is required to establish a VPN tunnel between the router and remote endpoint Open source software such as OpenVPN or Openswan as well as Microsoft IPsec VPN software can be configured with the required IKE policy parameters to establish an IPsec VPN tunnel Refer to the client software guide for detailed instructions on setup as well as the router s online help The user database contains the list of VPN user accounts that are authorized to use a given VPN tunnel Alternatively VPN tunnel users can be authenticated using a configured Radius database Refer to the online help to determine how to populate the user database and or configure RADIUS authentication PPTP L2TP Tunnels This router supports VPN tunnels from either PPTP or L2TP ISP servers The router acts as a broker device to allow the ISP s server to create a TCP control connection between the LAN VPN client and the VPN server PPTP Tunnel Support Setup
101. PPPoE connection 33 Unified Services Router User Manual When Japanese multiple PPPoE is configured and secondary connection is up some predefined routes are added on that interface These routes are needed to access the internal domain of the ISP where he hosts various services These routes can even be configured through the static routing page as well Figure 15 WAN configuration for Multiple PPPoE part 2 Secondary PPPoE Profile Configuration Address Mode Dynamic IP Static IP IP Address 0 0 0 0 IP Subnet Mask 0 0 0 0 User Name dlink Password oreo Service Optional Authentication Type Auto negotiate x Reconnect Mode AlwaysOn On Demand Maximum Idle Time 5 Secondary PPPoE Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP Primary DNS Server 0 0 0 0 0 0 0 0 Secondary DNS Server Mac Address MAC Address Source Use Default Address MAC Address 00 00 00 00 00 00 3 2 5 Russia L2ZTP and PPTP WAN For Russia L2TP WAN connections you can choose the address mode of the connection to get an IP address from the ISP or configure a static IP address provided by the ISP For DHCP client connections you can choose the MAC address of the router to register with the ISP In some cases you may need to clone the LAN host s MAC address if the ISP is registered with that LAN host 34 Unified Services Ro
102. PPoL2TP kernel driver s PPPoL2TP kernel driver s failed to create procfs entry proc dir not created Initialzing Product Data modules User Manual DEBUG DEBUG DEBUG DEBUG INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO 199 Unified Services Router gt msg_iov i iov_base j 02X skb gt data i _lvi PPPOL2TP _fmt args 02X ptr length 02X unsigned char m gt msg_iov i iov_base j 02X skb gt datali _lvi PPPOL2TP _fmt args 02X ptr length 02X unsigned char m gt msg_iov i iov_base j 02X skb gt data i KERN_EMERG THE value read is d value KERN _EMERG Factory Reset button is pressed KERN_EMERG Returing error in INTR registration KERN_EMERG Initialzing Factory defaults modules Failed to allocate memory for pSipListNode SIPALG Memeory allocation failed for pSipNodeEntryTbl pkt err s pktInfo error pkt err s pktInfo error pkt err s pktInfo error s Len d msg len 02x uint8_t ptr i End CVM_MOD_EXP_BASE MISMATCH cmd x base x cmd op gt sizeofptr ld op gt sizeofptr opcode cmd x cmd modexp opcode received Memory Allocation failed modexpcrt opcode received kmalloc failed kmalloc failed kmalloc failed kmalloc failed kmalloc Failed kmalloc failed unknown cyrpto ioctl cmd re
103. PS The opened port for SSL traffic can be changed from the default of 443 at the same time as defining the allowed remote management IP address range 118 Unified Services Router User Manual Figure 76 Remote Management from the WAN 9 1 2 9 2 DSR 1000N SETUP ADVANCED TOOLS STATUS gt REMOTE MANAGEMENT LOGOUT From this page 4 user can configure the remote management Feature This feature can be used to manage the box remotely from WAN side Save Settings Don t Save Settings Remote Management Enable Enable Remote Management Vv Access Type all IP Addresses z From To IP Address Port Number CLI Access In addition to the web based GUI the gateway supports SSH and Telnet management for command line interaction The CLI login credentials are shared with the GUI for administrator users To access the CLI type cli in the SSH or console prompt and login with administrator user credentials SNMP Configuration Tools gt Admin gt SNMP SNMP is an additional management tool that is useful when multiple routers in a network are being managed by a central Master system When an external SNMP manager is provided with this router s Management Information Base MIB file the manager can update the router s hierarchal variables to view or update configuration parameters The router as a managed device has an SNMP agent that allows the MIB configuration variables to be accessed by the
104. PhyPortConfig could not startStopVap failed to stop s ERROR create PNAC physical ERROR pnacUmiAuthConfig Invalid config Invalid SQLITE operation code d ERROR data ERROR src dot1 1 mgmt dot11Mgmt c 1177 pnacUmiAuthConfig Invalid backend ADP_ERROR ERROR name specified ERROR only delete event expected on dot11RogueAP ERROR unable to create new EAP context ERROR unable to apply s profile on the EAP sqlite3QueryResGet failed ERROR context ERROR pnacUmiAuthConfig could not unhandled database operation d ERROR configure PNAC PAE ERROR pnacUmiSuppConfig Invalid config sqlite3QueryResGet failed ERROR data ERROR pnacUmiSuppConfig Invalid backend failed to configure WPS on s ERROR name specified ERROR pnacUmiSuppConfig s not sqlite3QueryResGet failed ERROR configured for 802 1x ERROR pnacUmiSuppConfig could not PNAC sqlite3QueryResGet failed ERROR port Access ERROR pnacUmiSuppConfig Failed to register sqlite3QueryResGet failed ERROR user information ERROR pnacPortByMacDeconfig port not sqlite3QueryResGet failed ERROR found ERROR pnacPortByMacDeconfig port not sqlite3QueryResGet failed ERROR found ERROR no VAP rows returned expected one ERROR pnacUmilfDown Invalid config data ERROR multiple VAP rows returned expected one ERROR pnacUmilfDown Invalid config data ERROR Error from pnacPortDeconfig port not sqlite3QueryResGet failed ERROR configured ERROR pnacUmilfDown could not de invalid query re
105. R ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR pnacRadXlateRadPktIntegrityChk no corresponding Error from pnacRadXlateRadPktIntegrityChk no message Error from pnacRadXlateRadPktIntegrityChk From pnacRadXlateRadChalPktHandle no encapsulated eap Error from pnacRadXlateRadChalPktHandle malloc for eap Error from pnacEapDemoSuppUserInfoRegister invalid Error from pnacEapDemoSuppRecv received null EAP pkt Error from pnacEapDemoSuppRecv send pir to pnac supplicant From pnacEapDemoSuppRecv user info not entered yet Error from pnacEapDemoSuppRecv couldn t MDString adpDigestInit for md5 failed pnacUmilnit UMI initialization failed could not start PNAC task invalid aruments pnaclfNameTolndex failed pnacPhyPortParamSet device invalid oS A pnacPhyPortParamSet EIOCGADDR ioctl failed pnacPhyPortParamSet multicast addr add ioctl failed pnacPhyPortParamUnset multicast addr del ioctl failed pnacPDUXmit Invalid arguments pnacPDUXmit failed to get M_BLK_ID from pnaclsinterfaceUp device s d invalid pnacRecvRin dropping received packet as port is pnacSendRin Invalid arguments pnacSendRin no physical port corresponding to pnacSendRin dropping packet as port pnacAuthBuildRC4KeyDesc adpEncryptlnit RC4 failed pnac
106. R ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 186 Unified Services Router from pnacBackAuthFail calling pnacTxCannedFail s returned ERROR pnacUmiloctlHandler cmd s d s not configured for 802 1x could not process PDU received from the wire pnacPDUForward failed to foward the received PDU Creating PHY port with AUTH backend s SendRtn p RecvRtn p pnacUmiAuthConfig s not configured for 802 1x pnacSuppRegisterUserInfo not a valid AC pnaclfConfig autoAuth Enabled pnacSendRin no pnac port pae found for sending portStatus s d to dot11 pnacRecvASInfoMessage Rkey of length d set ASSendRin p ASToAuthRecv p adpRand failed unable to generate random unicast key using group key as unicast key Integrity check failed more than once in last 60 secs MIC failed twice in last 60 secs taking countermeasures Failed to set dot11 port status PTK state machine in NO_STATE PTK state machine in NO_STATE PMKSA refcount not 1 IV verification failednknown subtype gt pnaclfConfig overwriting previous interface pnaclfConfig overwriting previous pnaclfConfig overwriting previous username pnaclfConfig overwriting previous password s Failed to set port status s Failed to notify event to dot11 pnacLibDeinit Failed to destroy the DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
107. R ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router GetDnsFromlsp s IdleTimeOutFlag s IdleTimeOutValue d AuthMetho d executing sS S removing s from bridge d s adding s to bridge d s stopping bridge restarting bridge Could not configure 6to4 Tunnel Interface Could not de configure 6to4 Tunnel Interface failed to restart 6to4 tunnel interfaces BridgeConfig too few arguments to command s BridgeConfig unsupported command d BridgeConfig returned error d sqlite3QueryResGet failed Error in executing DB update handler sqlite3QueryResGet failed Failed to remove vlan Interface for vianld sqlite3QueryResGet failed Invalid oidp passed Invalid oidp passed Failed to get oid from the tree threegEnable Input to wrapper s threegEnable spawning command s threegMgmtHandler query string s threegMgmtHandler returning with status s adding to dhcprealy ifgroup failed adding to ipset fwDhcpRelay failed Disabling Firewall Rule for DHCP Relay Protocol Enabling Firewall Rule for DHCP Relay Protocol prerouting Firewall Rule add for Relay failed prerouting Firewall Rule add for Relay failed s SQL get query s s sqlite3QueryResGet failed s no result found DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG
108. RROR ERROR 185 Unified Services Router from pnacRecvMapi pkt body len d pktType d from pnacPDUProcess received PNAC_EAP_PACKET currentld d code d from pnacPDUProcess from pnacPDUProcess identifier d from pnacPDUProcess true from pnacPDUProcess identifier d setting rxResp code d from pnacPDUProcess received from pnacPDUProcess received from pnacPDUProcess received PNAC_EAPOL_KEY_PACKET doing pnacTxCannedFail doing pnacTxCannedSuccess doing pnacTxReqld doing pnacTxReq doing pnacTxStart doing pnacTxLogoff doing pnacTxRspld 1st cond doing pnacTxRspld entering 2nd cond from pnacTxRspld code d identifier d length d doing pnacTxRspld 2nd cond doing pnacTxRspAuth 1st cond doing pnacTxRspAuth 2nd cond message for unknown port PAE from pnacACToSuppRecvRin calling pnacEapPktRecord from pnacEapPktRecord code d identifier d from pnacEapPktRecord received success pkt from pnacEapPktRecord received failure kt fol pnacEapPktRecord received request pkt unknown EAP code d Authenticator d Auth PAE state s Auth Reauth state s Back auth state s Supplicant d Supp Pae state s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG D
109. RROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 187 Unified Services Router phyPort s pnacPortPaeDeconfig kpnacPortPaeDec onfig failed pnacPortPaeDeconfig kpnacPortPaeDec onfig failed pnacBackAuthSuccess failed to notify the destination could not initialize MGMT framework umilnit failed iapplnit failed could not initialize IAPP MGMT dot11Malloc failed buffer length not specified Invalid length d specified Failed to get information about authorized AP list Recd IE data for non existent AP s Recd IE data for wrong AP s Received Invalid IE data from WSC Recd IE data for non existent AP s Recd WSC Start command without interface name Recd WSC start for non existent AP s Recd WSC start for wrong AP s Unable to send WSC_WLAN_CMD_ PORT to WSC Failed to get the ap context for s WPS can only be applied to WPA WPA2 security profiles wpsEnable running wsccmd failed Failed to get the ap context for s WPS conf under non WPA WPA2 security setting Failed to reset the Beacon Frame IE in the driver Failed to reset the Beacon Frame IE in the driver WPS method cannot be NULL PIN value length should be a multiple of 4 Failed to initiate PIN based association PIN s WARN WARN WARN ERRO
110. Radio Configuration data s No device func __ ath_ahb No devices found driver not installed PKTLOG_TAG s proc_dointvec failed __ FUNCTION __ PKTLOG_TAG s proc_dointvec failed DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG PPP no memory VJ comp pkt PPP no memory comp pkt ppp compressor dropped pkt PPP no memory fragment PPP VJ uncompressed error ppp_decompress_ frame no memory ppp_mp_reconstruct bad seq u lt u PPP couldn t register device s d ppp destroying ppp struct p but dead d ppp destroying undead channel p PPP removing module but units remain PPP failed to unregister PPP device s cannot allocate space for scompressor fname s cannot allocate space for MPPC history s cannot allocate space for MPPC history s cannot load ARC4 module fname s cannot load SHA1 module fname s CryptoAPI SHA1 digest size too small fname s cannot allocate space for SHA1 digest fname S d trying to write outside history S d trying to write outside history S d trying to write outside history S d too big uncompressed packet d S d encryption negotiated but not an S d error not an MPPC or MPPE frame Kernel doesn t prov
111. SSL VPN Policies Setup gt VPN Settings gt SSL VPN Server gt SSL VPN Policies SSL VPN Policies can be created on a Global Group or User level User level policies take precedence over Group level policies and Group level policies take precedence over Global policies These policies can be applied to a specific network resource IP address or ranges on the LAN or to different SSL VPN services supported by the router The List of Available Policies can be filtered based on whether it applies to a user group or all users global XW A more specific policy takes precedence over a generic policy when both are applied to the same user group global domain I e a policy for a specific IP address takes precedence over a policy for a range of addresses containing the IP address already referenced 102 Unified Services Router User Manual Figure 64 List of SSL VPN polices Global filter DSR 1000N SETUP ADVANCED TOOLS STATUS SSL YPN POLICIES LOGOUT Policies are useful to permit or deny access to specific network resources IP addresses or IP networks They may be defined at the user group or global level By Default a global PERMIT policy not displayed was already configured over all addresses and over all services ports View List of SSL PN Policies For Global Available Users Available Groups pal IE Display List of SSL PN Policies L Name Service Destination Permission E Port2
112. Settings Save Settings Don t Save Settings SSL PN Client Route Configuration USB Settings Destination Network Subnet Mask 7 5 User Portal Setup gt VPN Settings gt SSL VPN Client gt SSL VPN Client Portal When remote users want to access the private network through an SSL tunnel either using the Port Forwarding or VPN tunnel service they login through a user portal This portal provides the authentication fields to provide the appropriate access levels and privileges as determined by the router administrator The domain where the user account is stored must be specified and the domain determines the authentication method and portal layout screen presented to the remote user 110 Unified Services Router User Manual Figure 70 List of configured SSL VPN portals The configured portal can then be associated with an authentication domain DSR 1000N SETUP ADVANCED TOOLS STATUS PORTAL LAYOUTS LOGOUT Internet Settings The table lists the SSL portal layouts configured for this device and allows several operations on the portal layouts DMZ Setup List of of Layouts VPN Settings D Layout Name Use Count Portal URL E SSLYPN 1 https 0 0 0 0 portal 5SLYPN MarketingAccess 0 https 0 0 0 0 portal MarketingAccess Edit Delete Set Default Add 7 5 1 Creating Portal Layouts Setup gt VPN Settings gt SSL VPN Server gt Portal Layouts The router allows you to create a custo
113. TU option nimfAdvOptSetWrap MTU d nimfAdvOptSetWrap old MTU size d nimfAdvOptSetWrap old Port Speed Option d nimfAdvOptSetWrap old Mac Address Option d nimfAdvOptSetWrap MacAddress s Setting LED d d For s I2tpEnable command string s nimfAdvOptSetWrap handling reboot scenario nimfAdvOptSetWrap INDICATOR d nimfAdvOptSetWrap UpdateFlag d nimfAdvOptSetWrap returning with status s nimfGetUpdateMacFlag MacTable Flag is d nimfMacGet Mac Option changed nimfMacGet Update Flag d nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet Mac option Not changed nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet returning with status s Now in enableing LanBridge function sucessfully executed the command s Now in disableing LanBridge function sucessfully executed the command s configPortTblHandler Now we are in Sqlite Update The Old Configuration of ConfiPort was sS The New Configuration of ConfiPort was S The user has deselected the configurable port failed query s failed query s failed query s s DBUpdate event Table s opCode d rowld d DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEB
114. UG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG s Error DST Refcount value less than 1 d for s DEVICE refcnt d pDst gt dev gt name s Got Null m p m p sa p sa p __func__ ppBufMgr s Got Deleted SA p state d __func__ plPseclInfo plPsecin fo gt state S s fmt FILE _ __ FUNCTION __ args s s fmt FILE_ __FUNCTION __ args ipt_TIME format args IPT_ACCOUNT_NAME checkentry wrong parameters not equals existing table parameters IPT_ACCOUNT_NAME checkentry too big netmask IPT_ACCOUNT_NAME checkentry failed to allocate zu for new table s sizeof struct t_ipt_account_table info gt name IPT_ACCOUNT_NAME checkentry wrong network netmask account Wrong netmask given by netmask parameter i Valid is 32 to 0 netmask IPT_ACCOUNT_NAME checkentry failed to create procfs entry IPT_ACCOUNT_NAME checkenitry failed to register match failed to create procfs entry MPPE MPPC encryption compression module registered MPPE MPPC encryption compression module unregistered PPP generic driver version PPP_VERSION MPPE MPPC encryption compression module registered MPPE MPPC encryption compression module unregistered PPP generic driver version PPP_VERSION PPPoL2TP kernel driver s P
115. UG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ddns SQL error s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ddnsDisable failed ddns SQL error s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ddnsDisable failed failed to call ddns enable ddns SQL error s ddnsDisable failed sqlite3QueryResGet failed Query s Error in executing DB update handler Failed to open the resolv conf file Exiting n Could not write to the resolv conf file Exiting Error opening the lanUptime File Error Opening the lanUptime File failed to open s failed to open s failed to query networklnterface table failed to query networklnterface table sqlite3QueryResGet failed Query s failed to enable IPv6 forwarding failed to set capabilities on the failed to enable IPv6 forwarding failed to set capabilities on the failed to disable IPv6 forwarding failed to set capabilities on the failed to open s Could not create ISATAP Tunnel Could not destroy ISATAP Tunnel Could not configure ISATAP Tunnel Could not de configure ISATAP Tunnel nimfStatusUpdate updating NimfStatus failed nimfStatusUpdate updating NimfStatus failed nimfLinkStatusGet determinig link s status failed nimfLinkStatusGet opening status file failed User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR
116. UG Enabling Firewall Rule for IGMP Protocol DEBUG Deleting IP MAC Bind Rule for MAC address s and IP DEBUG Adding IP MAC Bind Rule for MAC address s and IP DEBUG Deleting Protocol Bind Rule for Service S DEBUG Deleting Protocol Bind Rule for Service S DEBUG Deleting Protocol Bind Rule for Service S DEBUG Adding Protocol Bind Rule for Service S DEBUG s Session Settings DEBUG Restarting IPv6 Firewall Rules DEBUG Deleting Port Trigger Rule for d d d d d DEBUG Deleting Port Trigger Rule for d d d d d DEBUG Enabling Port Trigger Rule for d d d d d DEBUG Disabling Port Trigger Rule for d d d d d DEBUG Enabling Port Trigger Rule for DEBUG 179 Unified Services Router Internet on port d Enabling remote access management for IP address range Enabling remote access management to only this PC Disabling Management Access from Internet on port d Disabling remote access management for IP address range Disabling remote access management only to this PC MAC Filtering sabled for BLOCK and PERMIT REST MAC Filtering sabled for PERMIT and BLOCK REST Enabling Content Filtering Disabling Content Filtering Deleting rule port triggering for protocol TCP Deleting rule port triggering for protocol UDP Deleting rule port triggering for protocol TCP Deleting rule port triggering for protocol UDP Enabling rule port triggering for protocol TCP Enabling rule
117. UNIFIED SERVICES ROUTER USER MANUAL DSR 250N 500 500N 1000 1000N di wa M _ SMALL BUSINESS GATEWAY SOLUTION User Manual Unified Services Router D Link Corporation Copyright 2011 http www dlink com Unified Services Router User Manual User Manual DSR 250N DSR 500 500N 1000 1000N Unified Services Router Version 1 03 Copyright 2011 Copyright Notice This publication including all photographs illustrations and software is protected under international copyright laws with all rights reserved Neither this manual nor any of the material contained herein may be reproduced without written consent of the author Disclaimer The information in this document is subject to change without notice The manufacturer makes no representations or warranties with respect to the contents hereof and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose The manufacturer reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of the manufacturer to notify any person of such revision or changes Limitations of Liability UNDER NO CIRCUMSTANCES SHALL D LINK OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF ANY CHARACTER E G DAMAGES FOR LOSS OF PROFIT SOFTWARE RESTORATION WORK STOPPAGE LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES RESULTING FROM THE APPLICATION OR IMPROPER
118. USE OF THE D LINK PRODUCT OR FAILURE OF THE PRODUCT EVEN IF D LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES FURTHERMORE D LINK WILL NOT BE LIABLE FOR THIRD PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES D LINK WILL IN NO EVENT BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT D LINK RECEIVED FROM THE END USER FOR THE PRODUCT Unified Services Router User Manual Table of Contents Chapter 1 Chapter 2 Chapter 3 Chapter 4 MTOGUICUIOING sensen atest sts cotta a E e s olasten tia onan ete 10 1 1 About this User Manual ceccececceeceecceceeseeseeeceeeesecseeeeeeseeaecaeeeeeeeeaeereeeeess 11 1 2 Typographical Conventions cecceceeseeseesseeeeecceseeseeeceeeeseeseeeeeeeeaeeateneeerees 11 Configuring Your Network LAN Setup cccceeseesesseeseeeseeseeseeeeeeeeeseeseeeeeseeaeeeeeeenes 13 2 1 LAN Configuration nean E E E E E sanders 13 2 1 1 LAN Configuration in an IPv6 NetworkK e ssesseseesesessrssersssssrseesrsesrrsesersesesse 16 2 1 2 Configuring IPv6 Router Advertisements csceeceeseeseeseeeeeeeeeseeeeereeeeees 18 2 2 VLAN Configuration sesseseeseseesesessesesstseserstsrststsststssrststrststrsesteseseesesessesesteses 21 2 2 1 Associating VLANS to portS e sesseseseeseseeseseesesessrsesrrsesresestssesessrsesrrsestrsesesse 22 2 3 Configurable Port DMZ Setup ececeecesceeceeseeseeseeeeeeeeseeseeseeeeeeseeaeeseeereeaes 24 2 4 Universal Plug and
119. Unified Services Router User Manual e System This refers to application and management level features available on this router including SSL VPN and administrator changes for managing the unit e Wireless This facility corresponds to the 802 11 driver used for providing AP functionality to your network e Locall UTM This facitlity corresponds to IPS Intrusion Prevension System which helps in detecting malicious intrusion attempts from the WAN For each facility the following events in order of severity can be logged Emergency Alert Critical Error Warning Notification Information Debugging When a particular severity level is selected all events with severity equal to and greater than the chosen severity are captured For example if you have configured CRITICAL level logging for the Wireless facility then 802 11 logs with severities CRITICAL ALERT and EMERGENCY are logged The severity levels available for logging are EMERGENCY system is unusable ALERT action must be taken immediately CRITICAL critical conditions ERROR error conditions WARNING warning conditions NOTIFICATION normal but significant condition INFORMATION informational DEBUGGING debug level messages 123 Unified Services Router User Manual Figure 80 Facility settings for Logging Date and Time Log Settings Firmware Firmware via USB Dynamic DNS System Check Schedules DSR 1000N ADVANCED TOOLS STATUS L
120. Unified Services Router User Manual Regulatory statement R amp TTE European standards dictate maximum radiated transmit power of 100mW EIRP and frequency range 2 400 2 4835GHz In France the equipment must be restricted to the 2 4465 2 4835GHz frequency range and must be restricted to indoor use Operation of this device is subjected to the following National regulations and may be prohibited to use if certain restriction should be applied D 0 020m is the minimum safety distance between the EUT and human body when the E Field strength is 61V m 219
121. User Manual e Port range If the policy governs a type of traffic this field is used for defining TCP or UDP port number s corresponding to the governed traffic Leaving the starting and ending port range blank corresponds to all UDP and TCP traffic e Service This is the SSL VPN service made available by this policy The services offered are VPN tunnel port forwarding or both e Defined resources This policy can provide access to specific network resources Network resources must be configured in advance of creating the policy to make them available for selection as a defined resource Network resources are created with the following information e Permission The assigned resources defined by this policy can be explicitly permitted or denied 7 2 1 Using Network Resources Setup gt VPN Settings gt SSL VPN Server gt Resources Network resources are services or groups of LAN IP addresses that are used to easily create and configure SSL VPN policies This shortcut saves time when creating similar policies for multiple remote SSL VPN users Adding a Network Resource involves creating a unique name to identify the resource and assigning it to one or all of the supported SSL services Once this is done editing one of the created network resources allows you to configure the object type either IP address or IP range associated with the service The Network Address Mask Length and Port Range Port Number can all be defined for this
122. VPN Wizard is the recommended method to set up an Auto IPsec policy Once the Wizard creates the matching IKE and VPN policies required by the Auto policy one can modify the required fields through the edit link Refer to the online help for details 90 Unified Services Router User Manual 6 2 Configuring IPsec Policies Setup gt VPN Settings gt IPsec gt IPsec Policies An IPsec policy is between this router and another gateway or this router and a IPsec client on a remote host The IPsec mode can be either tunnel or transport depending on the network being traversed between the two policy endpoints e Transport This is used for end to end communication between this router and the tunnel endpoint either another IPsec gateway or an IPsec VPN client on a host Only the data payload is encrypted and the IP header is not modified or encrypted e Tunnel This mode is used for network to network IPsec tunnels where this gateway is one endpoint of the tunnel In this mode the entire IP packet including the header is encrypted and or authenticated When tunnel mode is selected you can enable NetBIOS and DHCP over IPsec DHCP over IPsec allows this router to serve IP leases to hosts on the remote LAN As well in this mode you can define the single IP address range of IPs or subnet on both the local and remote private networks that can communicate over the tunnel 91 Unified Services Router User Manual Figure 56 IPsec poli
123. WAN2 DMZ VLANs provide indication of packets through and packets dropped by the interface Click refresh to have this page retrieve the most current statistics Unified Services Router User Manual Figure 92 Resource Utilization statistics DSR 1000N SETUP ADVANCED TOOLS STATUS Device Info gt Traffic Monitor gt DASHBOARD LOGOUT This page displays the resources being used in the system currently This page also shows the bandwidth used in form of bar graphs Bandwidth Usage Select Interface ALL 1500 HTTP 0 Kbps E HTTPS 1501 Kbps E SMTP 0 Kbps E IMAP2 0 Kbps E iAP 0 Kbps 1000 E POPS 0 Kbps MB DNS 0 Kbps E SSH 0 Kbps in KBps EE TELNET 0 Kbps E SNMP 0 Kbps 500 NFS 0 Kbps 0 10 20 Applications Used Applications Select Interface ALL e E HTTPS 138 Unified Services Router User Manual Figure 93 Resource Utilization data continued CPU Utilization CPU usage by user CPU usage by kernel 11 CPU idle 62 CPU waiting for IO Memory Utilization 247908 KB Used Memory 172848 KB Free Memory 75060 KB Cached Memory 30840 KB 7800 KB Interface LAN Incoming Packets Outgoing Packets 5259 Dropped In Packets 0 Dropped Out Packets Interface WAN1 Incoming Packets 0 Outgoing Packets 8 Dropped In Packets 0 Dropped Out Packets 0 Interface DMZ WAN2 Incoming Packets Outgoing Pa
124. WPA2 type security Supported clients that have been given this PSK can associate with this AP The default auto assigned PSK is passphrase The last step in the Wizard is to click the Connect button which confirms the settings and enables this AP to broadcast its availability in the LAN 4 1 2 Add Wireless Device with WPS With WPS enabled on your router the selected access point allows supported WPS clients to join the network very easily When the Auto option for connecting a wireless device is chose you will be presented with two common WPS setup options 54 Unified Services Router User Manual e Personal Identification Number PIN The wireless device that supports WPS may have an alphanumeric PIN and if entered in this field the AP will establish a link to the client Click Connect to complete setup and connect to the client e Push Button Configuration PBC for wireless devices that support PBC press and hold down on this button and within 2 minutes click the PBC connect button The AP will detect the wireless device and establish a link to the client XW You need to enable at least one AP with WPA WPA2 security and also enable WPS in the Advanced gt Wireless Settings gt WPS page to use the WPS wizard 4 1 3 Manual Wireless Network Setup 4 2 This button on the Wizard page will link to the Setup gt Wireless Settings gt Access Points page The manual options allow you to create new APs or modify t
125. able to register vIPsec kernel comp to UMI unregistering VIPSECK from UMI in vIPsecKloctlHandler cmd d cmd User Manual DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 198 Unified Services Router PHYSOUT s physoutdev gt name MAC V2X C p NAT no longer support implicit source local NAT NAT packet src u u u u gt dst U U U U SNAT multiple ranges no longer supported format args version offset_before d offset_after d correction_pos u x gt offset_before x gt offset_after x gt correction_pos ip_ct_h323 ip_ct_h323 incomplete TPKT fragmented ip_ct_h245 decoding error s ip_ct_h245 packet dropped ip_ct_q931 decoding error s ip_ct_q931 packet dropped ip_ct_ras decoding error s ip_ct_ras packet dropped ERROR registering port d ERROR registering port d ipt_connlimit d SIC Y U U U U d dst u u u u d s ipt_connlimit d SIC U U U U d dst u uU uU uU d new ipt_connlimit Oops invalid ct state ipt_connlimit Hmm kmalloc failed ipt_connlimit src Y u Y u u u mask u u U U _lvi PPPOL2TP _ fmt args 02X ptr length 02X unsigned char m DEBUG DEBUG DEB
126. adio to be configured in a way to optimize security and throughput for a group of clients as required by the user To create a VAP click the add button on the Setup gt Wireless Settings gt Access Points page After setting the AP name the profile dropdown menu is used to select one of the configured profiles XW The AP Name is a unique identifier used to manage the AP from the GUI and is not the SSID that is detected by clients when the AP has broadcast enabled 59 Unified Services Router User Manual Figure 33 Virtual AP configuration DSR 1000N SETUP ADVANCED TOOLS STATUS ACCESS POINTS LOGOUT This page allows you to create a new AP or edit the configuration of an existing AP The details will then be displayed in the AP table on the Wireless gt Access Points page Save Settings Don t Save Settings Access Point Configuration AP Name Profile Name default z Active Time O Start Time hour minute am Stop Time hour minute am vl WLAN Partition O A valuable power saving feature is the start and stop time control for this AP You can conserve on the radio power by disabling the AP when it is not in use For example on evenings and weekends if you know there are no wireless clients the start and stop time will enable disable the access point automatically Once the AP settings are configured you must enable the AP on the radio on the Setup gt Wireless Settings gt A
127. al server IP address and TCP port number of the application to be tunneled The table below lists some common applications and corresponding TCP port numbers TCP Application Port Number SSH Telnet SMTP send mail HTTP web POP3 receive mail NTP network time protocol 123 Citrix 1494 Terminal Services 3389 VNC virtual network computing 5900 or 5800 106 Unified Services Router User Manual As a convenience for remote users the hostname FQDN of the network server can be configured to allow for IP address resolution This host name resolution provides users with easy to remember FQDN s to access TCP applications instead of error prone IP addresses when using the Port Forwarding service through the SSL User Portal To configure port forwarding following are required e Local Server IP address The IP address of the local server which is hosting the application e TCP port The TCP port of the application Once the new application is defined it is displayed in a list of configured applications for port forwarding allow users to access the private network servers by using a hostname instead of an IP address the FQDN corresponding to the IP address is defined in the port forwarding host configuration section e Local server IP address The IP address of the local server hosting the application The application should be configured in advance e Fully qualified domain name The domain name of the inter
128. all Settings iisti This page shows the list of configured bandwidth profiles These profiles then can be used with the traffic selectors s Settings gt Advanced Network Save Settings Don t Save Settings Enable Bandwidth Profiles T List of Bandwidth Profiles Bandwidth Rate Priority Low Radius Settings 1 1000000 Kbps Edit Delete Power Saving To create a new bandwidth profile click Add in the List of Bandwidth Profiles The following configuration parameters are used to define a bandwidth profile e Profile Name This identifier is used to associate the configured profile to the traffic selector e You can choose to limit the bandwidth either using priority or rate e If using priority Low High Medium can be selected If there is a low priority profile associated with traffic selector A and a high priority profile associated with traffic selector B then the WAN bandwidth allocation preference will be to traffic selector B packets 39 Unified Services Router User Manual e For finer control the Rate profile type can be used With this option the minimum and maximum bandwidth allowed by this profile can be limited e Choose the WAN interface that the profile should be associated with Figure 20 Bandwidth Profile Configuration page BANDWIDTH PROFILES Website Filter Firewall Settings This page allows user to add a new bandwidth
129. alt t s t d VIt s tt d t 6d tt s t d VOt sS i t dt 6d t t s t d d Yop lu 0x x Ox x Ox p Ox x Ox x Ox x Ox x bb state 0x 08x 0x 08x bbstate sc 4ul bbstate sc 5ul 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x noise floor Yd d d d d d Ap 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x d Yop lu 0x x Ox x Ox p Ox x Ox x Ox x Ox x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x s unable to allocate device object func _ s unable to attach hardware HAL status u s HAL ABI msmatch s Warning using only u entries in u key cache unable to setup a beacon xmit queue unable to setup CAB xmit queue unable to setup xmit queue for BE traffic s DFS attach failed func__ s Invalid interface id u __ func_ if_id s grppoll Buf allocation failed DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG S S d BAD TUNNEL MAGIC S S d BAD TUNNEL MAGIC socki_lookup socket file changed S S d BAD TUNNEL MAGIC S S d BAD SESSION MAGIC S YS d BAD TUNNEL MAGIC msg gt msg_namelen wrong d msg gt msg_namelen addr family wrong d usin gt sin_family udp addr x hu usin gt sin_addr
130. amp IP_OFFSET TRUNCATED PROTO TCP INCOMPLETE u bytes SPT u DPT u SEQ u ACK u DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG s failed to register sysctls sc gt sc_dev gt name S Mac d d phy d d dev gt name 5 GHz radio d d 2 GHz radio d d radio d d ah gt ah_analog5GhzRev gt gt 4 radio d d ah gt ah_analog5GhzRev gt gt 4 s Use hw queue u for s traffic s Use hw queue u for CAB traffic dev gt name s Use hw queue u for beacons dev gt name Could not find Board Configuration Data Could not find Radio Configuration data ath_ahb No devices found driver not installed fmt _VA_ARGS fmt VA_ARGS xlr8NatlpFinishOutput Err skb2 NULL xlr8NatSoftCtxEnqueue Calling xlr8NatlpFinishOutput status xlr8NatSoftCtxEnqueue xlr8NatlpFinishOutput returned d status icmpExceptionHandler Exception fragExceptionHandler Exception algExceptionHandler Exception dnsExceptionHandler Exception IPsecExceptionHandler Exception ESP Packet Src x Dest x Sport d dport d secure d spi d isr p xlr8NatConntrackPreHook We found the valid context xlr8NatConntrackPreHook Not a secured packet xlr8NatConntrackPreHook isr p
131. ature The secondary WAN port will remain unconnected until a failure is detected on the primary link either port can be assigned as the primary In the event of a failure on the primary port all internet traffic will be rolled over to the backup port When configured in Auto Failover mode the link status of the primary WAN port is checked at regular intervals as defined by the failure detection settings Note that both WANI and WAN can be configured as the primary internet link 41 Unified Services Router User Manual 3 4 2 e Auto Rollover using WAN port WAN1 WAN1 is the primary internet link e Auto Rollover using WAN port WAN2 WAN2 is the primary internet link Failover Detection Settings To check connectivity of the primary internet link one of the following failure detection methods can be selected e DNS lookup using WAN DNS Servers DNS Lookup of the DNS Servers of the primary link are used to detect primary WAN connectivity e DNS lookup using DNS Servers DNS Lookup of the custom DNS Servers can be specified to check the connectivity of the primary link e Ping these IP addresses These IP s will be pinged at regular intervals to check the connectivity of the primary link e Retry Interval is The number tells the router how often it should run the above configured failure detection method e Failover after This sets the number of retries after which failover is initiated Load Balancing This feature allo
132. atus for this AP The WPS Current Status section outlines the security authentication and encryption settings of the selected AP These are consistent with the AP s profile There are two setup options available for WPS e Personal Identification Number PIN The wireless device that supports WPS may have an alphanumeric PIN if so add the PIN in this field The router will 63 Unified Services Router User Manual connect within 60 seconds of clicking the Configure via PIN button immediately below the PIN field There is no LED indication that a client has connected e Push Button Configuration PBC for wireless devices that support PBC press and hold down on this button and within 2 minutes click the PBC connect button The AP will detect the wireless device and establish a link to the client XW More than one AP can use WPS but only one AP can be used to establish WPS links to client at any given time Figure 37 WPS configuration for an AP with WPA WPA2 profile DSR 1000N SETUP ADVANCED TOOLS STATUS Ap gt ation Rules App LOGOUT This page allows you to define and modify the Wi Fi Protected Setup WPS configuration parameters Save Settings Don t Save Settings WPS Configuration Select VAP apt WPS Status Disabled z WPS Current Status Security Authentication Encryption WPS Setup Method Station PIN Configure via PIN Session Status N A 64 C
133. available option when configuring firewall rules This is because a port triggering rule does not have to reference a specific LAN IP or IP range As well ports are not left open when not in use thereby providing a level of security that port forwarding does not offer XW Port triggering is not appropriate for servers on the LAN since there is a dependency on the LAN device making an outgoing connection before incoming ports are opened Some applications require that when external devices connect to them they receive data on a specific port or range of ports in order to function properly The router must send all incoming data for that application only on the required port or range of ports The router has a list of common applications and games with corresponding outbound and inbound ports to open You can also specify a port triggering rule by defining the type of traffic TCP or UDP and the range of incoming and outgoing ports to open when enabled 79 Unified Services Router User Manual Figure 46 List of Available Application Rules showing 4 unique rules 5 8 5 8 1 APPLICATION RULES LOGOUT The table lists all the available port triggering rules and allows several operations on the rules List of Available Application Rules Outgoing Ports Incoming Ports Start Port EndPort Start Port End Port Name Enable Protocol Interface 7 XBoxUDP UDP LAN 83 88 88 88 7 XBoxUDP2 UDP LAN 3074 3074 T XBoxTCP TCP LAN 3074 3
134. ave Settings DMZ Setup VPN Settings LAN Configuration USB Settings VLAN Settings Id Inter LAN Routing Enable 2 2 1 Associating VLANs to ports In order to tag all traffic through a specific LAN port with a VLAN ID you can associate a VLAN to a physical port Setup gt VLAN Settings gt Port VLAN VLAN membership properties for the LAN and wireless LAN are listed on this page The VLAN Port table displays the port identifier the mode setting for that port and VLAN membership information The configuration page is accessed by selecting one of the four physical ports or a configured access point and clicking Edit The edit page offers the following configuration options e Mode The mode of this VLAN can be General Access or Trunk The default is access e In General mode the port is a member of a user selectable set of VLANs The port sends and receives data that is tagged or untagged with a VLAN ID If the data into the port is untagged it is assigned the defined PVID In the configuration from Figure 4 Port 3 is a General port with PVID 3 so untagged data into Port 3 will be assigned PVID 3 All tagged data sent out of the port with the same PVID will be untagged This is mode is typically used with IP Phones that have dual Ethernet ports Data coming from phone to the switch port on the router will be tagged Data passing through the phone from a connected device will be untagged 22 Unified Services Rou
135. ave the traffic marked with a QoS priority tag Select a priority level e Normal Service ToS 0 lowest QoS e Minimize Cost ToS 1 e Maximize Reliability ToS 2 e Maximize Throughput ToS 4 Minimize Delay ToS 8 highest QoS 6 Inbound rules can use Destination NAT DNAT for managing traffic from the WAN Destination NAT is available when the To Zone DMZ or secure LAN With an inbound allow rule you can enter the internal server address that is hosting the selected service You can enable port forwarding for an incoming service specific rule From Zone WAN by selecting the appropriate checkbox This will allow the selected service traffic from the internet to reach the appropriate LAN port via a port forwarding rule Translate Port Number With port forwarding the incoming traffic to be forwarded to the port number entered here 68 Unified Services Router User Manual External IP address The rule can be bound to a specific WAN interface by selecting either the primary WAN or configurable port WAN as the source IP address for incoming traffic XW This router supports multi NAT and so the External IP address does not necessarily have to be the WAN address On a single WAN interface multiple public IP addresses are supported If your ISP assigns you more than one public IP address one of these can be used as your primary IP address on the WAN port and the others can be assigned to servers on the LAN o
136. blHandler Staticlp s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Failed to clear vlan for d Failed to set vlan entry for vlan d Failed to set vlan entries while enabling Failed to execute vianConfig binary for port number d Failed to execute vlanConfig binary for vlanld d Failed to enable vian Failed to disable vlan Failed to set vlanPort table entries while Failed to enable vlan unknown vlan state threegMgmtlnit unable to open the database file s threegConnEnable failed to get the WanMode threegEnable spawning failed threegDisable unable to kill ppp daemon threegMgmtHandler Query s threegMgmtHandler error in executing database update Error in executing DB update handler are we getting invoked twice could not open s to append could not write nameserver s to s could not write nameserver s to s could not open s to truncate dnsResolverConfigMgmtlnit unable to open the resolverConfigDBUpateHandler sqlite3QueryResGet could not configure DNS resolver dnsResolverConfigure could not write nameserver s unboundMgmt unable to open the ioctl call Failed could not update active user Details sqlite3QueryResGet failed Query s Can
137. ble failed pptpMgmtDBUpdateHandler sqlite3QueryResGet pptpMgmtDBUpdateHandler error in executing Illegal invocation of dhcpConfig s dhcpLiblInit unable to open the database file s sqlite3QueryResGet failed Query s dhcpcMgmitnit unable to open the database file s dhcpcReleaseLease unable to release lease dhcpcEnable unable to kill dhclient dhcpcEnable enabling dhcpc failed on s dhcpcDisable unable to kill dhclient dhcpcDisable delete failed for dhclient leases dhcpcDisable failed to reset the ip dhcpcMgmtTblHandler unable to get current Mtu Option dhcpcMgmtTblHandler unable to get the Mtu User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 166 Unified Services Router User Manual dhcpcMgmtTblHandler dhclient The Enable Command is s ERROR enable failed ERROR I2tpEnable Executing the Command dhcpcMgmitTblHandler dhcpc release failed ERROR failed ERROR dhcpcMgmtTblHandler dhcpc disable I2tpDisable command string s ERROR _ failed ERROR dhcpcMgmtDBUpdateHandler failed I2tpDisable unable to stop I2tp session ERROR query s ERROR I2toMgmtTblHandler unable to get dhcpcMgmtDBUpdateHandler error current MTU option ERROR in executing ERROR I
138. ble to get current Mac Option nimfAdvOptSetWrap unable to get current Port nimfAdvOptSetWrap current MTU Option nimfAdvOptSetWrap Mac Address from nimfAdvOptSetWrap the MTU nimfAdvOptSetWrap interface advanced nimfAdvOptSetWrap MTU size nimfAdvOptSetWrap Mac Address nimfAdvOptSetWrap interface advanced nimfAdvOptSetWrap connectiontype nimfAdvOptSetWrap type is s nimfAdvOptSetWrap MTU Option nimfAdvOptSetWrap MTU size nimfOldFieldValueGet failed to get old nimfOldFieldValueGet user has changed MTU size nimfAdvOptSetWrap failed to get old Port Speed nimfAdvOptSetWrap user has changed Port Speed nimfAdvOptSetWrap failed to get old Mac Address nimfAdvOptSetWrap user has changed Mac Address nimfAdvOptSetWrap unable to get Mac Address nimfAdvOptSetWrap Failed to RESET the flag nimfAdvOptSetWrap setting advanced options failed nimfAdvOptSetWrap interface advanced options applied unable to get error getting unable to get error setting error getting unable to get error setting failed to get old old connection failed to get old error getting User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 161 Unified Services Router pPrivSep s
139. bles multiple hosts on a LAN to access the Internet using the single public IP address of the LAN s gateway router NetBIOS Microsoft Windows protocol for file sharing printer sharing messaging authentication and name resolution NTP Network Time Protocol Protocol for synchronizing a router to a single clock on the network known as the clock master m Password Authentication Protocol Protocol for authenticating users to a remote access server or ISP M N 154 Unified Services Router User Manual Point to Point Protocol over Ethernet Protocol for connecting a network of hosts to an ISP without the ISP having to manage the allocation of IP addresses Point to Point Tunneling Protocol Protocol for creation of VPNs for the secure transfer of data from remote clients to private servers over the Internet Remote Authentication Dial In User Service Protocol for remote user authentication and accounting Provides centralized management of usernames and passwords Rivest Shamir Adleman Public key encryption algorithm Transmission Control Protocol Protocol for transmitting data over the Internet with guaranteed reliability and in order delivery User Data Protocol Protocol for transmitting data over the Internet quickly but with no guarantee of reliability or in order delivery Virtual private network Network that enables IP traffic to travel securely over a public TCP IP VPN network by encrypting all traffic from one n
140. c rxmic 02x hk gt kv_mic i User Manual DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 195 Unified Services Router ip_rt_bug u u u u gt RU U U YU S UDP short packet From Ru Yu uU U uU d d to RU U U U U UDP bad checksum From d d d d d to Hd d d d d ulen d REJECT ECHOREPLY no longer supported ipt_rpc only valid for PRE_ROUTING FORWARD POST_ROUTING LOCAL_IN and or LOCAL_OUT targets ip_nat_init can t setup rules ip_nat_init can t register in hook ip_nat_init can t register out hook ip_nat_init can t register adjust in hook ip_nat_init can t register adjust out hook ip_nat_init can t register local out hook ip_nat_init can t register local in hook ipt_hook happy cracking ip_conntrack can t register pre routing defrag hook ip_conntrack can t register local_out defrag hook ip_conntrack can t register pre routing hook ip_conntrack can t register local out hook ip_conntrack can t register local in helper hook ip_conntrack can t register postrouting helper hook ip_conntrack can t register post routing hook ip_conntrack can t register local in hook ip_conntrack can t register to sysctl ip_connt
141. cally or configure manually the following basic settings to enable Internet connectivity e ISP Connection type Based on the ISP you have selected for the primary WAN link for this router choose Static IP address DHCP client Point to Point Tunneling Protocol PPTP Point to Point Protocol over Ethernet PPPoE Layer 2 Tunneling Protocol L2TP Required fields for the selected ISP type become highlighted Enter the following information as needed and as provided by your ISP e PPPoE Profile Name This menu lists configured PPPoE profiles particularly useful when configuring multiple PPPoE connections i e for Japan ISPs that have multiple PPPoE support e ISP login information This is required for PPTP and L2TP ISPs e User Name e Password e Secret required for L2TP only e MPPE Encryption For PPTP links your ISP may require you to enable Microsoft Point to Point Encryption MPPE e Split Tunnel supported for PPTP and L2TP connection This setting allows your LAN hosts to access internet sites over this WAN link while still permitting VPN traffic to be directed to a VPN configured on this WAN port XW If split tunnel is enabled DSR won t expect a default route from the ISP server In such case user has to take care of routing manually by configuting the routing from Static Routing page e Connectivity Type To keep the connection always on click Keep Connected To log out after the connection is idle for a period of t
142. ccess Points page The status field changes to Enabled if the AP is available to accept wireless clients If the AP is configured to broadcast its SSID a profile parameter a green check mark indicating it is broadcasting will be shown in the List of Available Access points 60 Unified Services Router User Manual Figure 34 List of configured access points Virtual APs shows one enabled access point on the radio broadcasting its SSID DSR 1000N SETUP ADVANCED TOOLS STATUS ACCESS POINTS LOGOUT Internet Settings Wireless Settings The List of Available Access Points table lists the configured Access Points AP For this device From this summary list the status of each AP over all radios can be reviwed and AP parameter configuration settings can be accessed List of Available Access Points Profile Active Start I Status irtualAP SSID Broadcast AE Time Time VLAN Settings I Enabled api admin Y default1 No T Enabled Open_guests DSR_guest 2 DSR quest Yes 12 30 PM E dit Enable Disable Delete Add MAC Filter Status The clients connected to a particular AP can be viewed by using the Status Button on the List of Available Access Points Traffic statistics are shown for that individual AP as compared to the summary stats for each AP on the Statistics table Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link as well as t
143. ce that may cause undesired operation 214 Unified Services Router User Manual IMPORTANT NOTE Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment End users must follow the specific operating instructions for satisfying RF exposure compliance To maintain compliance with IC RF exposure compliance requirements please follow operation instruction as documented in this manual This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range 215 Unified Services Router User Manual 2 DSR 500N Federal Communications Commission FCC Compliance Notice Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following
144. ceeeeessecseceeeeseeaeseeeeeeaeeaeeeeees 117 User Login policy CONfiQUratiOn ececeecesceseeeseesceseeseeeeceseesecseceeeeeeeseeseeseseeeeseeeeneeeas 118 Remote Management from the WAN ceceeseeceeseesseeeceseeseeseceeeeeeeaeeaeeeeeeeeeaeeaeeteeees 119 SNMP Users Traps and ACCESS Control ccccccecccesseseeessecseeeseeeeeceeeneeeseeeseeeeeenes 120 SNMP system information for this router ceceeceeseeeceeceeceeseeeeeeeseeseceeeeeeeseeseeeeeees 121 Date Time and NTP Server setup cee eeccescesscessceseceseeeseeeseeeseeeseceseceseesseeeseeeseeesees 122 Facility settings for Logging rasen n n n A S a a E e 124 Log configuration options for traffic through router ssesseseesesessesesersssersesersrsessrsee 126 E mail configuration as a Remote Logging option s ssseesesessesessesessesessrsesrrseserseseese 127 Syslog server configuration for Remote Logging continued sseesseeseseeseseeeeee 128 VPN logs displayed in GUI event VieWwel cceceeccescesceeseeceeseeeceeeeseeseteeeeeeseeeeresees 129 Restoring configuration from a saved file will result in the current configuration being overwritten and a FEDOOL ee ceeeccescesceeceecceseeseeeecceeseesecseceeesecseceeeeeeaeeaeceseseeseeesereenees 130 Firmware version information and Upgrade Option ccsceeceeceeseeseeeeeeeeeeeeseeneeeeeeees 131 Dynamic DNS configurati Ma Sias e s Ee ea e T S RE ESE aeS 132 Route
145. ceived x cmd register_chrdev returned ZERO const char descr krb5_keyblock k F password amp pdata DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG De initializing by kernel UMI module loaded kernel UMI module unloaded Loading bridge module Unloading bridge module unsupported command d cmd Loading ifDev module Unloading ifDev module ERROR d in alloc_chrdev_region result ERROR d in cdev_add result using bcm switch s bcmswitch priviegedID d wanporttNo d priviegedID wanportNo Loading mii Unloading mii s Version 0 1 s driver unloaded dev_info wlan s backend registered be gt iab_name wlan s backend unregistered wlan s acl policy registered iac gt iac_name wlan s acl policy unregistered iac gt iac_name s tmpbuf VLAN2 VLAN3 VLAN4 lt d d gt S S dev_info version s driver unloaded dev_info s buf S s dev_info ath_hal_version s driver unloaded dev_info S YS Mem 0x lx irq d hw_base 0x p S S dev_info version s driver unloaded dev_info S YS Mem O0x lx irq d S YS Mem O0x lx irq d S S dev_info version s driver unloaded dev_info s buf User Manual INFO INFO INF
146. cho reply Troubleshooting a TCP IP network is made very easy by using the ping utility in your PC or workstation 11 3 1 Testing the LAN path from your PC to your router 1 From the PC s Windows toolbar select Start gt Run 2 Type ping lt IP_address gt where lt IP_address gt is the router s IP address Example ping 192 168 10 1 3 Click OK 149 Unified Services Router User Manual 4 Observe the display e If the path is working you see this message sequence Pinging lt IP address gt with 32 bytes of data Reply from lt IP address gt bytes 32 time NN ms TTL xxx e Ifthe path is not working you see this message sequence Pinging lt IP address gt with 32 bytes of data Request timed out 5 If the path is not working Test the physical connections between PC and router e Ifthe LAN port LED is off go to the LED displays section on page B 1 and follow instructions for LAN or Internet port LEDs are not lit e Verify that the corresponding link LEDs are lit for your network interface card and for any hub ports that are connected to your workstation and firewall 6 If the path is still not up test the network configuration e Verify that the Ethernet card driver software and TCP IP software are installed and configured on the PC e Verify that the IP address for the router and PC are correct and on the same subnet 11 3 2 Testing the LAN path from your PC to a remote device 1 From
147. ckets 10 Dropped In Packets 0 Dropped Out Packets 139 Unified Services Router User Manual Figure 94 Resource Utilization data continued Interface VLAN Incoming Packets Outgoing Packets Dropped In Packets Dropped Out Packets Delayed Packets ICMP Received 9 Frags Received Frag Reass OK Frag Reass fail Active VPN Tunnels 0 Active VLANs 2 Active Interfaces 6 Active Connection 10 2 Traffic Statistics 10 2 1 Wired Port Statistics Status gt Traffic Monitor gt Device Statistics Detailed transmit and receive statistics for each physical port are presented here Each interface WANI WAN2 DMZ LAN and VLANs have port specific packet level information provided for review Transmitted received packets port collisions and the cumulating bytes sec for transmit receive directions are provided for each interface along with the port up time If you suspect issues with any of the wired ports this table will help diagnose uptime or transmit level issues with the port The statistics table has auto refresh control which allows display of the most current port level data at each page refresh The default auto refresh for this page is 10 seconds 140 Unified Services Router User Manual Figure 95 Physical port statistics DSR 1000N SETUP ADVANCED TOOLS STATUS The page will auto refresh in 8 seconds DEVICE STATISTICS LOGOUT This page shows the Rx Tx packet and byte c
148. ctor ite Filter TRAFFIC SELECTORS LOGOUT Firewall Settings Advanced Network This page allows user to configure various traffic rules to which bandwidth profiles can be attached Save Settings Don t Save Settings Traffic Selector Configuration Certifica Binding Radius Settings Power Saving 3 4 3 4 1 Available Profiles Service Traffic Selector Match Type IP Address MAC Address Port Name Interface Features with Multiple WAN Links This router supports multiple WAN links This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable WAN connectivity on one of the ports Setup gt Internet Settings gt WAN Mode To use Auto Failover or Load Balancing WAN link failure detection must be configured This involves accessing DNS servers on the internet or ping to an internet address user defined If required you can configure the number of retry attempts when the link seems to be disconnected or the threshold of failures that determines if a WAN port is down Auto Failover In this case one of your WAN ports is assigned as the primary internet link for all internet traffic The secondary WAN port is used for redundancy in case the primary link goes down for any reason Both WAN ports primary and secondary must be configured to connect to the respective ISP s before enabling this fe
149. cy configuration DSR 1000N SETUP ADVANCED TOOLS STATUS IPSEC CONFIGURATION LOGOUT Internet Settings This page allows user to configure a auto VPN IPSec policy Save Settings Don t Save Settings General Policy Name o Policy Type Auto Policy IPSec Mode TunnelMode Select Local Gateway Dedicated WAN z Remote Endpoint IP Address Enable NetBIOS Local IP Local Start IP Address Local End IP Address Local Subnet Mask Remote IP Remote Start IP Address Remote End IP Address Remote Subnet Mask Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase Phase 2 negotiation to use for the tunnel This is covered in the IPsec mode setting as the policy can be Manual or Auto For Auto policies the Internet Key Exchange IKE protocol dynamically exchanges keys between two IPsec hosts The Phase 1 IKE parameters are used to define the tunnel s security association details The Phase 2 Auto policy parameters cover the security association lifetime and encryption authentication details of the phase 2 key negotiation The VPN policy is one half of the IKE VPN policy pair required to establish an Auto IPsec VPN tunnel The IP addresses of the machine or machines on the two VPN endpoints are configured here along with the policy parameters required to secure the tunnel 92 Unified Services Router User Manual Figure 57 IPsec policy configuration conti
150. d s lookup policy list found s s called output START FUNCTION _ s flow dst s _ FUNCTION __ XFRMSTRADDR fl gt fl4_dst family s flow src s _ FUNCTION XFRMSTRADDR fl gt fl4_src family DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 02x u_int8_t p i first difference at byte u i S t gt name FAIL ieee80211_crypto_newkey failed FAIL ieee80211_crypto_setkey failed FAIL unable to allocate skbuff FAIL ccmp encap failed FAIL encap data length mismatch FAIL FAIL encrypt data does not compare ccmp decap failed FAIL decap botch length mismatch FAIL decap botch data does not compare PASS u of u 802 111 AES CCMP test vectors passed pass total S Ox p len u tag p len 03d i 02x u_int8_t p i first difference at byte u i ieee80211_crypto_newkey failed ieee80211_crypto_setkey failed unable to allocate skbuff tkip enmic failed enmic botch length mismatch enmic botch tkip encap failed encrypt phase1 botch User Manual DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 194 Unified Services Router
151. d d umiloctl UMI_COMP_UDOT11 d d umiloctl UMI_COMP_KDOT11 d d umiloctl UMI_COMP_UDOT11 d d failed UDP socket is not created UDP send failed IAPP socket SOCK_STREAWM failed IAPP TCP connect failed to s cmd d not supported sender d umiloctl UMI_COMP_KDOT11 d d failed IAPP CACHE NOTIFY REQUEST send to src dot1 1 iapp iappLib c 131 4 ADP_ERROR BSSID value passed is NULL reserved requestld is passed interface name is NULL IP address value passed is NULL opening receive UDP socket failed enabling broadcast for UDP socket failed opening receive TCP socket for new AP failed src dot1 1 iapp iappLib c 1784 ADP_ERROR src dot1 1 iapp iappLib c 1794 ADP_ERROR src dot1 1 iapp iappLib c 1803 ADP_ERROR failed created dot11dLock failed initialize profile library failed to create cipher contexts unable to register to UMI could not create MIB tree unable to register to PNAC Max registration attempts by DOT11 to PNAC exceeded Creation of EAP WPS Profile Failed umiloctl UMI_COMP_IAPP d failed ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 183 Unified Services Router sending EAPOL pdu to PNAC creating pnac authenticator with
152. d failed to send ioctl request dst d lt src d processed a reply dst d lt src d request with no result option dst d lt src d cmd s cmdsitring is s s d Calling printerConfig binary Calling unmount for USB Calling mount for USB usbdevice is d s d Query string s sqlite3QueryResGet failed Query s s 1 usb is already disconnected for old usb type s 2 call disable for new usb type s 3 usb is already disconnected for old usb type s 4 Disabled old usb type Now usbdevice is d s d USB failed to begin transaction s USB SQL error s pSetSiring s USB failed to commit transaction s USB updated table s USB returning with status s s DBUpdate event Table s opCode d rowld d executing s status d executing s s returned status Y d s returned status Y od snmpd conf not found SNMP_DEBUG Fwrite Successful SNMP_DEBUG Fwrite failed radPairGen received unknown attribute d of length d radPairGen s has unknown type radPairLocate unknown attribute ld of length d radPairLocate s has unknown type Illegal invocation of couMemUsage s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG WARN WARN WARN WARN
153. d Services Router User Manual Figure 65 SSL VPN policy configuration DSR 1000N SETUP ADVANCED TOOLS STATUS SSL YPN POLICY CONFIGURATION LOGOUT This page allows you to add a new SSL YPN Policy or edit the configuration of an existing SSL YPN Policy Save Settings Don t Save Settings Policy For Policy For Global z Available Groups a Available Users SSL PN Policy Apply Policy to Network Resource Policy Name IP Address Mask Length Port Range Port Number Begin End Service YPN Tunnel Defined Resources DocServer x Permission Permit To configure a policy for a single user or group of users enter the following information e Policy for The policy can be assigned to a group of users a single user or all users making it a global policy To customize the policy for specific users or groups the user can select from the Available Groups and Available Users drop down e Apply policy to This refers to the LAN resources managed by the DSR and the policy can provide or prevent access to network resources IP address IP network etc e Policy name This field is a unique name for identifying the policy IP address Required when the governed resource is identified by its IP address or range of addresses e Mask Length Required when the governed resource is identified by a range of addresses within a subnet 104 Unified Services Router
154. d and can be modified here Save Settings Don t Save Settings SNMP System Information SysContact SysLocation SysName DSR_router 9 3 Configuring Time Zone and NTP Tools gt Date and Time User Manual DSR 1000N SETUP ADVANCED TOOLS STATUS LOGOUT You can configure your time zone whether or not to adjust for Daylight Savings Time and with which Network Time Protocol NTP server to synchronize the date and time You can choose to set Date and Time manually which will store the information on the router s real time clock RTC If the router has access to the internet the most accurate mechanism to set the router time is to enable NTP server communication XW Accurate date and time on the router is critical for firewall schedules Wi Fi power saving support to disable APs at certain times of the day and accurate logging Please follow the steps below to configure the NTP server 1 2 Select the router s time zone relative to Greenwich Mean Time GMT If supported for your region click to Enable Daylight Savings custom enter the server addresses or FQDN Determine whether to use default or custom Network Time Protocol NTP servers If 121 Unified Services Router User Manual Figure 79 Date Time and NTP server setup DSR 1000N SETUP ADVANCED TOOLS STATUS DATE AND TIME LOGOUT Date and Time This page allows us to set the date time and NTP servers Network T
155. d using Internet domain names To use DDNS you must setup an account with a DDNS provider such as DynDNS org D Link DDNS or Oray net Each configured WAN can have a different DDNS service if required Once configured the router will update DDNS services changes in the WAN IP address so that features that are dependent on accessing the router s WAN via FQDN will be directed to the correct IP address When you set up an account with a DDNS service the host and domain name username password and wildcard support will be provided by the account provider 131 Unified Services Router User Manual Figure 87 Dynamic DNS configuration DSR 1000N SETUP ADVANCED TOOLS STATUS DYNAMIC DNS LOGOUT Date and Time Dynamic DNS DDNS is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names To use DDNS you must setup an account with a DDNS provider such as DynDNS com DlinkDDNS com or Oray net Save Settings Don t Save Settings WAN Mode Current WAN Mode Use only single WAN port Configurable WAN Dedicated WAN DDNS Status Select the Dynamic DNS Service None Host and Domain Name User Name fadmin Password Use wildcards Update every 30 days Configurable WAN DDNS Status DDNS IS ENABLED Select the Dynamic DNS Service dyndns z Host and Domain Name test dyndns com User Name dsr Password Use wildcards Update every 3
156. device dev gt name ath_pci 32 bit DMA not available ath_pci cannot reserve PCI memory region ath_pci cannot remap PCI memory region ath_pci no memory for device state s unable to register device dev gt name ath_dev_probe no memory for device state s no memory for device state __ func __ kernel MIBCTL registration failed Bad ioctl command WpsMod Failed to configure gpio pin WpsMod Failed to register interrupt handler registering char device failed unregistering char device failed S d ERROR non NULL node pointer in p p lt s gt S d ERROR non NULL node pointer in p p lt s gt can t alloc name s name s unable to register device dev gt name failed to automatically load module s Unable to load needed module s no support for Module s is not known buf Error loading module s buf Module s failed to initialize buf User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 210 Unified Services Router Ox 08x 0x 08x Ox 08x 0x 08x 0x 08x 0x 08x sc_txq d i tid p pause d tid tid gt paused d p j tid gt tx_buffj p buf axq_q s unable to reset hardware hal status u func __ status ASSERTION HIT MacAd
157. dr s TxBufldx d i Tid d tidno AthBuf p tid gt tx_buf i s unable to reset hardware hal status u s unable to reset hardware hal status u s unable to start recv logic fmt VA ARGS _ sample_pri d is a multiple of refpri d sample_pri refpri gt ft_numfilters u ft gt ft_numfilters filter od filterID d rf_ numpulses u rf gt rf_minpri You rf gt rf_maxpri u rf gt rf_threshold u rf gt rf_filterlen u rf gt rf_mindur u rf gt rf_maxdur u j rf gt rf_pulseid NOL WARNING 10 minute CAC period as channel is a weather radar channel s disable detects func__ s enable detects func __ s disable FFT val Ox x _ func_ val s enable FFT val Ox x func val s debug level now 0x x __ func__ dfs_debug_level RateTable d maxvalidrate d ratemax d pRc gt rateTableSize k pRc gt rateMaxPhy s txRate value of 0x x is bad FUNCTION txRate Valid Rate Table DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ath_pci 32 bit DMA not available ath_pci cannot reserve PCI memory region ath_pci cannot remap PCI memory region ath_pci no memory for device state s unable to attach hardware s HAL status u s HAL ABI mismatc
158. dropped and can be logged for diagnosis 83 Unified Services Router User Manual Figure 50 The following example binds a LAN host s MAC Address to an IP address served by DSR If there is an IP MAC Binding violation the violating packet will be dropped and logs will be captured IP MAC BINDING LOGOUT List of IP MAC Binding Name MAC Address IP Address Log Dropped Packets test ipmac1 AD 21 00 BC 32 25 97 0 0 8 Disabled test ipmac2 24 67 4B CD 24 12 192 168 25 49 Enabled E dit Delete Add IP MAC Binding g 5 10 Intrusion Prevention IPS Advanced gt Advanced Network gt IPS The gateway s Intrusion Prevention System IPS prevents malicious attacks from the internet from accessing the private network Static attack signatures loaded to the DSR allow common attacks to be detected and prevented The checks can be enabled between the WAN and DMZ or LAN and a running counter will allow the administrator to see how many malicious intrusion attempts from the WAN have been detected and prevented 84 Unified Services Router User Manual Figure 51 Intrusion Prevention features on the router LOGOUT This page allows user to configure Intrusion Detection System and Intrusion Preventions system on the router Save Settings Don t Save Settings Intrusion Detection Prevention Enable Enable Intrusion Detection Enable Intrusion Prevention IPS Checks Active Between LAN and WAN DMZ and WAN
159. e Wrong address mask u uU u U from Redirect from u u u uU on s about IP routing cache hash table of u buckets ldKbytes source route option u u u u gt u uU U OU User Manual INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO 201 Unified Services Router Failed to set AES encrypt key AES s Decrypt Test Duration d d hard Hard Soft Failed to set AES encrypt key Failed to set AES encrypt key Failed to set AES encrypt key Failed to set AES encrypt key Failed to set DES encrypt key d i Failed to set DES decrypt key d i Failed to set DES encrypt key d i Failed to set DES decrypt key d i Failed to set DES encrypt key Failed to set DES decrypt key Failed to set DES encrypt key Failed to set DES decrypt key AES Software Test AES Software Test s aesSoftTest 0 Failed Passed AES Hardware Test AES Hardware Test s aesHardTest 0 Failed Passed 3DES Software Test 3DES Software Test s des3SoftTest 0 Failed Passed 3DES Hardware Test 3DES Hardware Test s des3HardTest 0 Failed Passed DES Software Test DES Software Test s desSoftTest 0 Failed Passed DES Hardware Test DES Hardware Test s desHardTest 0 Failed Passed SHA S
160. e s on the interface S ERROR invalid argument ERROR pnacAuthConfig maxAuth limit missing profile name ERROR reached ERROR Profile s does not exist ERROR pnacAuthConfig malloc failed ERROR Error from pnacAuthConfig pAsArg Profile s does not exist ERROR cannot be NULL ERROR Error from pnacAuthConfig receive SSID should not be longer than d ERROR routine hook ERROR Profile s does not exist ERROR pnacAuthConfig pnacAuthInit failed ERROR Profile s does not exist ERROR kpnacPortPaeContfig failed ERROR Profile s does not exist ERROR Invalid arguments ERROR Error from pnacSuppConfig malloc Profile s does not exist ERROR failed ERROR Error from pnacSuppConfig receive Profile s does not exist ERROR routine hook ERROR Error from pnacSuppConfig Profile s does not exist ERROR pnacSupplnit failed ERROR SSID not set SSID is needed to generate password hash ERROR kpnacPortPaeContfig failed ERROR pnacAuthDecontfig failed pPortPae Password string too big ERROR NULL ERROR Error from pnacPhyPortDestroy port dot11Malloc failed ERROR not configured ERROR pnacPhyPortDestroy Failed to Profile s does not exist ERROR deconfigure port ERROR Hex string should only have d hex chars ERROR pnacPhyPortParamUnset FAILED ERROR Error from pnacPhyPortCreate malloc dot11Malloc failed ERROR failed ERROR Error from pnacPhyPortCreate Profile s does not exist ERROR pnacPhyPortParamSet ERROR invalid key index d key
161. e End 192 168 251 254 LCP Timeout feo Seconds The router allows full tunnel and split tunnel support Full tunnel mode just sends all traffic from the client across the VPN tunnel to the router Split tunnel mode only sends traffic to the private LAN based on pre specified client routes These client routes give the SSL client access to specific private networks thereby allowing access control over specific LAN services Client level configuration supports the following e Enable Split Tunnel Support With a split tunnel only resources which are referenced by client routes can be accessed over the VPN tunnel With full tunnel support if the split tunnel option is disabled the DSR acts in full tunnel mode all addresses on the private network are accessible over the VPN tunnel Client routes are not required DNS Suffix The DNS suffix name which will be given to the SSL VPN client This configuration is optional Primary DNS Server DNS server IP address to set on the network adaptor created on the client host This configuration is optional Secondary DNS Server Secondary DNS server IP address to set on the network adaptor created on the client host This configuration is optional Client Address Range Begin Clients who connect to the tunnel get a DHCP served IP address assigned to the network adaptor from the range of addresses beginning with this IP address Client Address Range End The ending IP address of the DHCP range
162. e admin whether the bandwidth profile has to be modified to account for the desired internet traffic of LAN users 125 Unified Services Router User Manual Figure 81 Log configuration options for traffic through router DSR 1000N ADVANCED STATUS Log Settings gt LOGS CONFIGURATION LOGOUT This page allows user to configure system wide log settings Save Settings Don t Save Settings Routing Logs Accepted Packets Dropped Packets LAN to WAN F WAN to LAN VI WAN to DMZ FI DMZ to WAN F F LAN to DMZ F DMZ to LAN W System Logs All Unicast Traffic All Broadcast Multicast Traffic Other Events Logs Bandwidth Limit 4 9 4 2 Sending Logs to E mail or Syslog Tools gt Log Settings gt Remote Logging Once you have configured the type of logs that you want the router to collect they can be sent to either a Syslog server or an E Mail address For remote logging a key configuration field is the Remote Log Identifier Every logged message will contain the configured prefix of the Remote Log Identifier so that syslog servers or email addresses that receive logs from more than one router can sort for the relevant device s logs Once you enable the option to e mail logs enter the e mail server s address IP address or FQDN of the SMTP server The router will connect to this server when sending e mails out to
163. e it secure Wireless Network Setup Wizard Note Some changes made using this Setup Wizard may require you to change some settings on your wireless client adapters so they can still connect to the D Link Router Add Wireless Device WITH WPS WI FI PROTECTED SETUP Wizard This wizard is designed to assist you in connecting your wireless device to your wireless router It will guide you through step by step instructions on how to get your wireless device connected Click the button below to begin WPS is currently disabled Manual Wireless Network Setup If your wireless network is already set up with Wi Fi Protected Setup manual configuration of the wireless network will destroy the existing wireless network IF you would like to configure the wireless settings of your new D Link Systems Router manually then click on the Manual Wireless Network Setup button below Manual Wireless Network Setup 4 1 1 Wireless Network Setup Wizard This wizard provides a step by step guide to create and secure a new access point on the router The network name SSID is the AP identifier that will be detected by supported clients The Wizard uses a TKIP AES cipher for WPA WPA2 security depending on support on the client side devices associate with this AP using either WPA or WPA2 security with the same pre shared key The wizard has the option to automatically generate a network key for the AP This key is the pre shared key for WPA or
164. e lets you configure the channels and power levels available for the AP s enabled on the DSR The router has a dual band 802 11n radio meaning either 2 4 GHz or 5 GHz frequency of operation can be selected not concurrently though Based on the selected operating frequency the mode selection will let you define whether legacy connections or only 802 11n connections or both are accepted on configured APs Figure 35 Radio card configuration options DSR 1000N SETUP ADVANCED TOOLS STATUS VLAN Settings RADIO SETTINGS LOGOUT This page allows you to configure the hardware settings for each available radio card Save Settings Don t Save Settings Radio Configuration Operating Frequency Mode Channel Spacing 20 40MHz z Control Side Band Upper Current Channel Auto Channel Auto X Default Transmit Power j dBm Transmit Power 15 dBm Transmission Rate Best 4utomatic v The ratified 802 11n support on this radio requires selecting the appropriate broadcast NA or NG etc mode and then defining the channel spacing and control side band for 802 11n traffic The default settings are appropriate for most networks For example changing the channel spacing to 40 MHz can improve bandwidth at the expense of supporting earlier 802 1 1n clients The available transmission channels are governed by regulatory constraints based on the region setting of the router The maximum transmission po
165. e may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation This transmitter must not be co located or operating in conjunction with any other antenna or transmitter The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm from all persons and must not be co located or operating in conjunction with any other antenna or transmitter This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range Non modification Statement Use only the integral antenna supplied by the manufacturer when operating this device Unauthorized antennas modifications or attachments could damage the TI Navigator access point and violate FCC regulations Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment Canadian Department of Communications Industry Canada IC Notice This Class B digital apparatus complies with Canadian ICES 003 and RSS 210 Cet appareil num rique de la classe Best conforme a la norme NMB 003 et CNR 210 du Canada Industry Canada Statement This device complies with RSS 210 of the Industry Canada Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interferen
166. e3QueryResGet failed Query s Failed to Open Snmp Configuration File Failed to write access control entries Failed to write snmpv3 users entries Failed to write snmp trap entries Failed to write system entries Failed to restart snmp s failed with status Error in executing DB update handler s Unable to open file s RADVD start failed RADVD stop failed failed to create open RADVD configuration file s Restoring old configuration failed to write update RADVD configuration file upnpDisableFunc failed upnpEnableFunc failed sqlite3QueryResGet failed Query s Error in executing DB update handler unable to open the DB file s umilnit failed unable to register to UMI short DB update event request short ifDev event request sqlite3_mprintf failed s failed status Yod User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Facility System Firewall Enabling rule for protocol binding DEBUG Disabling rule for protocol binding DEBUG Enabling Remote SNMP on WAN DEBUG Disabling Remote SNMP on WAN DEBUG Disable all NAT rules Enable all NAT rules Enabling NAT URL filter rules Restarting all NAT rules DEBUG DEBUG DEBUG DEBUG 177 Unified Services Router wan traffic counters a
167. eapWscProcessWscData Invalid Authenticator response check Error DEBUG notification recd d ERROR Authenticator response check Failed DEBUG unable to initialize MD5 ERROR MS CHAP2 Response AVP size u DEBUG MDString adpDigestlnit for md5 failed ERROR Created EAP MS CHAP2 context OK DEBUG EAPAUTH_MALLOC failed ERROR pCtx NULL DEBUG EAPAUTH_MALLOC failed ERROR Deleted EAP MS CHAPv2 context OK DEBUG NULL context created Error ERROR Not authenticated yet DEBUG NULL context received Error ERROR Authenticator response invalid DEBUG Authenticator ident invalid ERROR EAP MS CHAPv2 password changed DEBUG Success request message invalid ERROR 168 Unified Services Router rcvd opCode d pCtx NULL TLS message len changed in the fragment ignoring no data to send while fragment ack received TLS handshake successful Created EAP TTLS context OK Deleted EAP TTLS context OK No more fragments in message ERROR Upper EAP sent us method state d decision d P2 sending fragment P2 send unfragmented message P1 sending fragment P1 sending unfragmented message tTLSMsgLen 0x x Send req ptr 0x x Send resp pir Ox x P2 decision d methodState d Default EAP method state d decision d TTLS pkt data len d flags 0x x Got start Got first fragment n Got fragment n Got last fragment Got unfragmented message Got frag ack Revd AVP Code u flags 0x x len
168. ecsecaeeeaeeaecaeceeeeeeaeeaeeeeeeas 157 Standard Services Available for Port Forwarding amp Firewall Configuration 158 LOG Output Reference asino e E E T R E G a t 159 RUJ 45 SE E E E A 213 Unified Services Router User Manual Appendix F Product Statement cccecceseescssseesesseeseeseesecceesecaecseeeseeaeeaecseeeeeaecaesseeesesaeeaeeesensees 214 Unified Services Router User Manual List of Figures Figure 1 Setup page for LAN TCP IP settings cececceeseeeeseeseeeseeceeseeseceeceeeeeeaeeseeeeeneeeaeeeeesenes 15 Figure 2 IPv6 LAN and DHCPV6 Configuration eccecceeseeceesceseeeeeeceeseeseeeeeeeeeseeaeeaeeeeenseeaeeaeeneenes 17 Figure 3 Configuring the Router Advertisement Daemon cceccecceseesseeseeceeseeseeeeeseeaeeaeeaeeneenes 20 Figure 4 IPv6 Advertisement Prefix settings ceceecesceeseesceseeeeeeeceeseesecseceeceseeaeeseeeeeseeaeereeeenss 21 Figure 5 Adding VLAN memberships to the LAN ccceseescesceseeeseeseeseeseeeceeceseeaeeaeeeeeeseeaeereeeeess 22 Figure 6 Port VLAN OT e hed Mc kca kana Gdciin Auhatdink static n ahaha aan eens 23 Figure 7 Configuring VLAN membership for a port eceeceescesceeceeceeseeseeeeeceseeaeeseeeeeeeeaeeeeeeenes 24 Figure 8 DMZ CONfIQUratiOn cecceccesceeceecceseeseeseceeeeceeseeseesecseesecsecsceeseesecseceeeeaeeaeeaecereeaeeaeeaeeneeess 25 Figure 9 UPNP Configuration ccesccssessssssss
169. ecssesesnesseesessees 102 7 2 1 Using Network RESOUICES cceeeceeseeseeseeeceeseeseeseeeeeeesecseeeeeeeseseeaeenseeees 105 7 3 Application Port Forwarding ccecceccesceseecceceeseeeeceeceeeeseeaeeeceeeeaeeeeeeeeeees 106 7 4 SSL VPN Client Configuration ececceceeeeceeseeseeeeeeseeseeaeeeeeeeeseeeeeeeeees 108 7 5 WSO Portals ies AE ES S oteartierienersetat edisesenatecctees 110 7 5 1 Creating Portal Layouts ee eceeeeeeceeseeseeecceseeseeseeseceeeesecaeeeeeeeeeaeeaeeeeeeees 111 Advanced Configuration Tools ccccescesseseesceseesseeeeesceseeseeececeeseeaeeeeeeeeeaeeeeeeeees 113 8 1 USB Device Setup cece eeceeeeccesceseeseeeeeeseesecseceeesecseceeceeeeaecaeceeeeeeseeeeeeenes 113 8 2 Authentication Certificates ec cececeeseeseeeseeseeseeeeeeceeeesecseeeeeeeeeseeeeneeenees 114 8 3 Advanced Switch Configuration ce ecceeeeceeseeseeeeeeseeeeeseeeeeeeeseeseeneeeeeeeees 116 Administration amp Management cecceseseeceeseeseeeeeeceeeeseeseceeeseeseeseceeeeseeaeeseeereeaes 118 Unified Services Router User Manual Chapter 10 Chapter 11 Chapter 12 Appendix A Appendix B Appendix C Appendix D Appendix E 9 1 Configuration Access Control ceceeceeseesseeceeceeseeseeeceeeeseeseeeeeeeeeseeaeeeeeees 118 9 1 1 Remote Management ecececceseeseeceeseeececceseeseeseceececeeaecaeeeeeeeeaeeaeeereeeees 118 O12 SCL ACCOSS E E oR teces te he decease E ieee 119 9 2 SNMP C
170. ed devices on the LAN as it helps avoid conflicts for IPv6 clients MTU The router advertisement will set this maximum transmission unit MTU value for all nodes in the LAN that are autoconfigured by the router The default is 1500 Router Lifetime This value is present in RA s and indicates the usefulness of this router as a default router for the interface The default is 3600 seconds Upon expiration of this value a new RADVD exchange must take place between the host and this router 19 Unified Services Router User Manual Figure 3 Configuring the Router Advertisement Daemon site Filter Firewall Settings IP MAC Binding gt IPv6 Power Saving osr 1000n Jf ADVANCED sratus Please Set IP Mode to IPv4 IPv6 in Routing Mode Page to configure this page LOGOUT This page allow user to configure Router Advertisement Daemon RADVD related configurations Save Settings Don t Save Settings Router Advertisement Daemon RADVD RADVD Status Advertise Mode Unsolicited Multicast Advertise Interval RA Flags Managed Router Lifetime Advertisement Prefixes Advanced gt IPv6 gt IPv6 LAN gt Advertisement Prefixes The router advertisements configured with advertisement prefixes allow this router to inform hosts how to perform stateless address auto configuration Router advertisements contain a list of subnet prefixes that allow the router to determine neighbors and whether t
171. eeeeeeceeseeaeeeeeseeaeeaeerenees 146 Unified Services Router User Manual Chapter 1 Introduction D Link Unified Services Routers offer a secure high performance networking solution to address the growing needs of small and medium businesses Integrated high speed IEEE 802 11n and 3G wireless technologies offer comparable performance to traditional wired networks but with fewer limitations Optimal network security is provided via features such as virtual private network VPN tunnels IP Security IPsec Point to Point Tunneling Protocol PPTP Layer 2 Tunneling Protocol L2TP and Secure Sockets Layer SSL Empower your road warriors with clientless remote access anywhere and anytime using SSL VPN tunnels With the D Link Unified Services Router you are able to experience a diverse set of benefits e Comprehensive Management Capabilities The DSR 500 DSR 500N DSR 1000 and DSR 1000N include dual WAN Gigabit Ethernet which provides policy based service management ensuring maximum productivity for your business operations The failover feature maintains data traffic without disconnecting when a landline connection is lost The Outbound Load Balancing feature adjusts outgoing traffic across two WAN interfaces and optimizes the system performance resulting in high availability The second WAN port can be configured as a DMZ port allowing you to isolate servers from your LAN XW DSR 250N has a single WAN interface and thus it does no
172. eeeeeeeeseeaeceeceeessecseeeeeeseeaeeeeeeeees 137 10 2 Traffic Statistics n ereere aeoea e ere ape E osano Eees 140 10 2 T Wired Port Statisties awisan cna neler R ANNT 140 10 2 2 Wireless Statiste Sennan E E A AAA 141 10 3 Active C nnectionS oeenn e E extent E E E AS 142 10 3 1 Sessions through the Router eeseeseseesesessesesersessesesessesessrsessrseserseseeseseese 142 103 2 Wireless Chens nennen a E T A hagas TREAT a 144 10 3 3 LAN Che tS nenna eer r e i e S 144 10 3 4 Active VPN TUNMEeS ec ecceceeccesceseeeceeseeseeseeseceeeeseeaeeseceseesecseceeeeseeaeeateeeeeas 145 Trouble Shooting hee nepenek eee eras rene seeaeteteeaceusetuenitedetervunrtantatedeeereuusoins s 147 11 1 Internet connection e sseeeeseseeseseeseseesesessrsesersesttsestesesessrsesrseseseseeseseeseseeee 147 EPA BEETA O Mila a a EE E EE E 149 11 3 Pinging to Test LAN Connectivity s seeseseeseseseeseseesesesstseesrsesrrsesrrseserseseese 149 11 3 1 Testing the LAN path from your PC to your router eceeeeeeseeseeseeeeeeeeees 149 11 3 2 Testing the LAN path from your PC to a remote device ee ceeeeteeeeee 150 11 4 Restoring factory default configuration settings ececeeeeeeteeteeeeeeeeees 151 Gredisans esther ce thoredthed ont iedad tee ont hitak ROM cea ade eM eee eM ewan cites 153 GIOSSANY hte son dena None vanndoun Ach TT 154 Factory Default Settings cee ececeeceeccesceeeeececeeseeseeseceeees
173. eeseeaeeaeeeeeees 59 4 3 1 Primary benefits of Virtual APS 00 ce ececeeeecceceeeeeeeeeeeseeaeeaeeeeesesaeeaeeeeeees 61 Unified Services Router User Manual Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 4 4 Tuning Radio Specific Settings ee ecesceeeeceeeeseeeeeeseeseeseeeceeeeseeseeneeeeeees 62 4 5 Advanced Wireless Settings ccecceceeseesseeseecceseeseceeeeeeeseeaesaeeeeeeseeaeereeeees 63 4 6 Wi Fi Protected Setup WPS 0 eee ececeescceeeeeceseeseeeeeeeeseeaeceeeeeeeseeaeeeeeeeees 63 Securing the Private Ne twork cccceeceecceseeseeeseeseeseeeeceeseeaecseceeesesseeeeeeseeaeeaeeeeeess 65 5 1 Firewall RUES aa a a E A a R 65 5 2 Defining Rule Schedules ce cecescesceeceeceeseeeeeeeseesecseeeeeseeaecaeeeeeseeseeeeeee 66 5 3 Configuring Firewall Rules ccceeeseesceseeeeceeceseeseeseeeeeeeeaeeseeseeeseeaeeeeeenees 67 5 3 1 Firewall Rule Configuration Examples ccccecceseesceeseeceeseeeeeeeeeseeaeenreneeees 72 5 4 Security ON Custom Service ee eeceeeceeeeseeeeceseeseeseeeeeeeeseeseceeeeseeaeenreeeees 76 5 5 ALG SUPPOMt ie N E aeons 77 5 6 VPN Passthrough for Firewall cceceeceeseeseeseeeceeseeeeeeeeeeeseeaeeeeeeeeeaeeneeeeenes 78 5 7 Application Rules 20 0 ee eeceeceesceeseecceseeseeeeeeseesecsececeeaeeseceeceeeaeeseeeeeeseeaeeeeeeenes 79 5 8 Web Content Filtering eee eeceeceeseeseeeceeseesecseeeeeeseeseceeceeeeaeeaeceeeeseeaeeaeeeeeees 80 5 8 1
174. efined Once defined the new service will appear in the List of Available Custom Services table List OF Available Custom Services Name ICMP Type Port Range DocServer 4554 4556 Edit Delete Add 5 5 ALG support Advanced gt Firewall Settings gt ALGs Application Level Gateways ALGs are security component that enhance the firewall and NAT support of this router to seamlessly support application layer protocols In some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP UDP ports to communicate with the known ports a particular client application such as H 323 or RTSP requires without which the admin would have to open large number of ports to accomplish the same support Because the ALG understands the protocol used by the specific application that it supports it is a very secure and efficient way of introducing support for client applications through the router s firewall 77 Unified Services Router User Manual Figure 44 Available ALG support on the router LOGOUT Application Level Gateway allows customized NAT traversal Filters to be plugged into the gateway to support address and port translation for certain application layer control data protocols such as TFTP SIP RTSP IPSec PPTP etc Each ALG provides special handling For a specific protocol or application A number of ALGs for common applications are enabled by default Save Settings Don t Save Settings Enable
175. emory VJ compressor failed to register PPP device q err User Manual G WARNIN G WARNIN G ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 205 Unified Services Router d tMacAddr t s j d tDescp t t s j ni gt node_trace i descp Yod tValue t t llu Ox llx j ni gt node_trace i value ifmedia_add null ifm Adding entry for ifmedia_set no match for 0x x Ox x ifmedia_set target ifmedia_set setting to ifmedia_ioctl switching s to dev gt name ifmedia_match multiple match for lt unknown type gt desc gt ifmt_string mode s desc gt ifmt_string lt unknown subtype gt s desc gt ifmt_string S S seen_option S S seen_option s seen_option gt S S dev gt name buf s no memory for sysctl table func __ s failed to register sysctls vap gt iv_dev gt name Atheros HAL assertion failure s line SU WS ath_hal logging to s s ath_hal_logfile ath_hal logging disabled S s sep ath_hal_buildopts i ath_pci No devices found driver not installed d pri d qd u ad u sd u tot u amp d 02x 02x 02x SC Pushbutton Notify on s s dev gt name vap gt iv_dev gt name Could not find Board Configuration Data Could not find
176. emote Log Identifier DSR 1000N Enable E Mail Logs Enable E Mail Logs E Mail Server Address E SMTP Port Bo Return E Mail Address E Send to E Mail Address 1 E Send to E Mail Address 2 opioa Send to E Mail Address 3 M opioa Authentication with SMTP Server User Name admin Password ee Respond to Identd from SMTP Server Send E mail logs by Schedule Day Time 1 00 am PM An external Syslog server is often used by network administrator to collect and store logs from the router This remote device typically has less memory constraints than 127 Unified Services Router User Manual the local Event Viewer on the router s GUI and thus can collect a considerable number of logs over a sustained period This is typically very useful for debugging network issues or to monitor router traffic over a long duration This router supports up to 8 concurrent Syslog servers Each can be configured to receive different log facility messages of varying severity To enable a Syslog server select the checkbox next to an empty Syslog server field and assign the IP address or FQDN to the Name field The selected facility and severity level messages will be sent to the configured and enabled Syslog server once you save this configuration page s settings Figure 83 Syslog server configuration for Remote Logging continued SYS LOG SERVER CONFIGURATION SysLog Facility SysLo
177. ence is used to indicate the preference level of this DHCP server DHCP advertise messages with the highest server preference value to a LAN host are preferred over other DHCP server advertise messages The default is 253 e The DNS server details can be manually entered here primary secondary options An alternative is to allow the LAN DHCP client to receive the DNS server details from the ISP directly By selecting Use DNS proxy this router acts as a proxy for all DNS requests and communicates with the ISP s DNS servers a WAN configuration parameter e Primary and Secondary DNS servers If there are configured domain name system DNS servers available on the LAN enter the IP addresses here e Lease Rebind time sets the duration of the DHCPv6 lease from this router to the LAN client IPv6 Address Pools This feature allows you to define the IPv6 delegation prefix for a range of IP addresses to be served by the gateway s DHCPv6 server Using a delegation prefix you can automate the process of informing other networking equipment on the LAN of DHCP information specific for the assigned prefix Configuring IPv6 Router Advertisements Router Advertisements are analogous to IPv4 DHCP assignments for LAN clients in that the router will assign an IP address and supporting network information to devices that are configured to accept such details Router Advertisement is required in an IPv6 network is required for stateless auto con
178. ency Notice This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This devic
179. ended action al 2 Launch your browser and go to an external site such as www google com Access the firewall s configuration main menu at http 192 168 10 1 Select Monitoring gt Router Status Ensure that an IP address is shown for the WAN port If 0 0 0 0 is shown your firewall has not obtained an IP address from your ISP See the next symptom Symptom Router cannot obtain an IP address from the ISP Recommended action 1 2 Turn off power to the cable or DSL modem Turn off the router Wait 5 minutes and then reapply power to the cable or DSL modem When the modem LEDs indicate that it has resynchronized with the ISP reapply power to the router If the router still cannot obtain an ISP address see the next symptom Symptom Router still cannot obtain an IP address from the ISP Recommended action 1 Ask your ISP if it requires a login program PPP over Ethernet PPPoE or some other type of login If yes verify that your configured login name and password are correct Ask your ISP if it checks for your PC s hostname If yes select Network Configuration gt WAN Settings gt Ethernet ISP Settings and set the account name to the PC hostname of your ISP account Ask your ISP if it allows only one Ethernet MAC address to connect to the Internet and therefore checks for your PC s MAC address If yes inform your ISP that you have bought a new network device and ask them to use the
180. erated Reply Attribute Value pairs Verified Message Authenticator Unloaded RADIUS Dictionary Adding Dictionary Attribute s Adding Dictionary Value s Loaded Dictionary s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG sqlite3QueryResGet failed radSendtoServer socket s radSendtoServer bind Failed s S radRecvfromServer recvfrom Failed S radRecvfromServer Packet too small from s d s radCheckMsgAuth Invalid Message Authenticator length in radDictLoad couldn t open dictionary S YS radBuildAndSendRea Invalid Request Code d radPairAssign bad attribute value length radPairAssign unknown attribute type d radPairNew unknown attribute d radPairGen Attribute d has invalid length radPairValue unknown attribute type d radPairValueLen unknown attribute type d radPairLocate Attribute d has invalid length radPairUnpackDefault Unknown Attribute d radConfigure can t open s s radConfigure s line d bogus format s radConfAssert No AuthServer Specified radConfAssert No Default Timeout Specified radConfAssert No Default Retry Count Specified radExtractMppeKey Invalid MS MPPE Key Length radVendorMessage Invalid Length in Vendor Message
181. error executing the command s error executing the command s disableLan function is failed to disable ConfigPort sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s Unable to Disable configurable port from configPortTblHandler has failed sqlite3QueryResGet failed Query s Error in executing DB update handler sqlite3QueryResGet failed Failed to execute switchConfig for port Failed to execute switchConfig for port enable Failed to execute ifconfig for port enable Failed to execute ethtool for Failed to execute switchConfig for port disable Failed to execute ifconfig for port disable sqlite3QueryResGet failed sqlite3_mprintf failed sqlite3QueryResGet failed Failed to execute switchConfig for port mirroring Usage s lt DB Name gt lt Entry Name gt lt logFile gt lt subject gt sqlite3QueryResGet failed Could not get all the required variables to email the Logs runSmtpClient failed getaddrinfo returned s file not found sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s No memory to allocate Failed to Open SSHD Configuration File lpaddress should be provided with accessoption 1 User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERRO
182. es Enabling Firewall Rules for URL Filtering amp Adding Firewall Rule for RIP Protocol Restarting Schedule Based Firewall Rules enabling IPS checks between s and s zones disabling IPS checks between s and S zones Stopping IPS s IPS started Route already exists Route addition failed Network Unreachable Route addition failed Network is down Route addition failed Failed to add rule in iptables Failed to delete rule from iptables fwLBSpillOverConfigure Something going wrong here fwLBSpillOverConfigure unable to get interfaceName fwLBSpillOverConfigure Could not set PREROUTING rules User Manual DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ERROR ERROR ERROR 180 Unified Services Router Update FirewallRules6 where ScheduleName s to New Dns proxy Restart failed deleting interface to ifgroup failed adding interface to ifgroup failed deleting interface pVirtlface s from ifgroup d adding interface pVirtlface s to ifgroup d failed Deleting IP address s Adding new IP address s Updating old IP address s to new IP address s Restarting Firewall For s Address Update from s s Disabling Firewall Rule for MSS packet marking Enabling Firewall Rule for MSS pack
183. eseeseeeeeeseeaeeseeeeenes 57 Figure 32 RADIUS server External Authentication Configuration c eceseseeeeeeteeseeereeeeees 59 Unified Services Router User Manual Figure 33 Virtual AP configuration ee eeeecceseeseeeceeseeceeseeseeseeceesecsecsceseesecaecseseaeeaeeseceeeaeeaeereneeass 60 Figure 34 List of configured access points Virtual APs shows one enabled access point on the radio broadcasting its SSID oo ccc ccsccssceseceseceseceseeesecesecesecesecesecssecesecesecsseeeseeesees 61 Figure 35 Radio card Configuration Options cecceceseeceesceseeseeeeeeceeseeseceeeeeceseesecseeecenseeaeereeeees 62 Figure 36 Advanced Wireless communication settings 0 0 0 0 cee eeeesesseeeeeeeessesseeeceeeesseeaeeeeeeenes 63 Figure 37 WPS configuration for an AP with WPA WPAZ2 profile cceceeceeseeseeeeeeceeseeseeeeeeeeees 64 Figure 38 List of Available Firewall Rules 0 ccceeceeceescesseeceeseesecseeceeseesecaeceeeeseeaeeaeeeeeaeeaeeaeeenenes 66 Figure 39 List of Available Schedules to bind to a firewall rule 0 ee eeeeseeteeeceeeeeeeeeeeeeeeeaes 67 Figure 40 Example where an outbound SNAT rule is used to map an external IP address 209 156 200 225 to a private DMZ IP address 10 30 30 30 occ eceeeseeeseeseeeeteens 70 Figure 41 The firewall rule configuration page allows you to define the To From zone service action schedules and specify source destination IP addresses as needed
184. et marking Enabling packet marking rule for s IDLE timer Deleted firewall rule s for service s with action s s firewall rule s for service s with action s Added firewall rule s for service s with action s Deleting inbound WAN LAN firewall rule Deleting inbound WAN DMZ firewall rule RIPng disabled RIPng enabled Disable IPv6 firewall rule Enable IPv6 firewall rule Deleting IGMP proxy rule Enable IGMP proxy rule Restarting IGMP rule Traffic meter enabled with no limit type Traffic meter enabled for only download Traffic meter enabled for both directions Deleted firewall rule s for service s with action s s firewall rule s for service s with action s Added firewall rule s for service s with action s Enabling Inter VLAN routing Updating inter VLAN routing status Deleting inter VLAN routing DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual fwLBSpillOverConfigure Could not set POSTROUTING rules fwLBSpillOverConfigure Something going wrong Here fwL2TPGenericRules c unable to open the database file fwL2TPGenericRules c inet_aton failed fwPPTPGenericRules c unable to open the database file fwPPTPGenericRules c inet_aton fa
185. etwork to another Uses tunneling to encrypt all information at the IP level Windows Internet Name Service Service for name resolution Allows clients on different IP subnets to dynamically resolve addresses register themselves and browse the network without sending broadcasts IKE Extended Authentication Method based on the IKE protocol for authenticating not just devices which IKE authenticates but also users User authentication is performed after device authentication and before IPsec negotiation 155 Appendix B Factory Default Settings e e e User login URL http 192 168 10 1 Device login User name case sensitive admin CES ce Local area network LAN C maaan a C eem p Inbound communications from the Internet Disabled except traffic on port 80 the HTTP port Outbound communications to the Internet Enabled all Firewall Source MAC filtering Disabled Stealth mode Enabled Unified Services Router User Manual Appendix C Standard Services Available for Port Forwarding amp Firewall Configuration ANY ICMP TYPE 8 RLOGIN AIM ICMP TYPE 9 RTELNET BGP ICMP TYPE 10 RTSP TCP BOOTP_CLIENT ICMP TYPE 11 RTSP UDP BOOTP_SERVER ICMP TYPE 13 SFTP CU SEEME UDP ICQ SMTP CU SEEME TCP IMAP2 SNMP TCP DNS UDP IMAP3 SNMP UDP DNS TCP IRC SNMP TRAPS TCP FINGER NEWS SNMP TRAPS UDP FTP NFS SQL NET HTTP NNTP SSH TCP HTTPS PING SSH UDP ICMP TYPE 3 POP3 STRMWORKS ICMP TYPE 4 PPTP
186. ew of the system configuration The settings for the wired and wireless interfaces are displayed in the DSR Status page and then the resulting hardware resource and router usage details are summarized on the router s Dashboard 10 1 1 Device Status Status gt Device Info gt Device Status The DSR Status page gives a summary of the router configuration settings configured in the Setup and Advanced menus The static hardware serial number and current firmware version are presented in the General section The WAN and LAN interface information shown on this page are based on the administrator configuration parameters The radio band and channel settings are presented below along with all configured and active APs that are enabled on this router 135 Unified Services Router User Manual Figure 90 Device Status display DSR 1000N SETUP ADVANCED TOOLS STATUS Device Info gt DEVICE STATUS LOGOUT This page displays the current settings of the ports and displays a snapshot of the system information System Name Firmware Version Serial Number DSR_router 1 01818 oooo000000001 WAN1 Information MAC Address IPv4 Address IPv6 Address Wan State NAT IP 4 only IP 4 Connection Type IP 6 Connection Type IP 4 Connection State IP 6 Connection State Link State WAN Mode Gateway Primary DNS Secondary DNS 00 DE 4D 20 75 01 0 0 0 0 0 0 0 0 DOWN Enabled Dynam
187. ewall and reboot your PC If your router s IP address has changed and you don t know what it is reset the router configuration to factory defaults this sets the firewall s IP address to 192 168 10 1 If you do not want to reset to factory default settings and lose your configuration reboot the router and use a packet sniffer such as Ethereal to capture packets sent during the reboot Look at the Address Resolution Protocol ARP packets to locate the router s LAN interface address Launch your browser and ensure that Java JavaScript or ActiveX is enabled If you are using Internet Explorer click Refresh to ensure that the Java applet is loaded Close the browser and launch it again Ensure that you are using the correct login information The factory default login name is admin and the password is password Ensure that CAPS LOCK is off when entering this information Symptom Router does not save configuration changes Recommended action ie 2 When entering configuration settings click Apply before moving to another menu or tab otherwise your changes are lost Click Refresh or Reload in the browser Your changes may have been made but the browser may be caching the old configuration 147 Unified Services Router User Manual Symptom Router cannot access the Internet Possible cause If you use dynamic IP addresses your router may not have requested an IP address from the ISP Recomm
188. f VLANs LAN devices can be configured to communicate in a subnetwork defined by VLAN identifiers LAN ports can be assigned unique VLAN IDs so that traffic to and from that physical port can be isolated from the general LAN VLAN filtering is particularly useful to limit broadcast packets of a device in a large network VLAN support is disabled by default in the router In the VLAN Configuration page enable VLAN support on the router and then proceed to the next section to define the virtual network Setup gt VLAN Settings gt Available VLAN The Available VLAN page shows a list of configured VLANs by name and VLAN ID A VLAN membership can be created by clicking the Add button below the List of Available VLANs A VLAN membership entry consists of a VLAN identifier and the numerical VLAN ID which is assigned to the VLAN membership The VLAN ID value can be any number from 2 to 4091 VLAN ID 1 is reserved for the default VLAN which is used for untagged frames received on the interface By enabling Inter VLAN Routing you 21 Unified Services Router User Manual will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other configured VLAN IDs that have Inter VLAN Routing enabled Figure 5 Adding VLAN memberships to the LAN DSR 1000N SETUP ADVANCED TOOLS STATUS AVAILABLE VLANS LOGOUT Internet Settings This page allows user to enable disable VLAN support on the LAN Save Settings Don t S
189. face to another There is no communication between this 47 Unified Services Router User Manual router and other devices to account for changes in the path once configured the static route will be active and effective until the network changes The List of Static Routes displays all routes that have been added manually by an administrator and allows several operations on the static routes The List of IPv4 Static Routes and List of IPv6 Static Routes share the same fields with one exception Name Name of the route for identification and management Active Determines whether the route is active or inactive A route can be added to the table and made inactive if not needed This allows routes to be used as needed without deleting and re adding the entry An inactive route is not broadcast if RIP is enabled Private Determines whether the route can be shared with other routers when RIP is enabled If the route is made private then the route will not be shared in a RIP broadcast or multicast This is only applicable for IPv4 static routes Destination the route will lead to this destination host or IP address IP Subnet Mask This is valid for IPv4 networks only and identifies the subnet that is affected by this static route Interface The physical network interface WANI1 WAN2 DMZ or LAN through which this route is accessible Gateway IP address of the gateway through which the destination host or network ca
190. ffice connectivity through encrypted virtual links The DSR 250N DSR 500 N and DSR 1000 N support 25 35 and 75 simultaneous IPSec VPN tunnels respectively Efficient D Link Green Technology As a concerned member of the global community D Link is devoted to providing eco friendly products D Link Green WiFi and D Link Green Ethernet save power and prevent waste The D Link Green WLAN scheduler reduces wireless power automatically during off peak hours Likewise the D Link Green Ethernet program adjusts power usage based on the detected cable length and link status In addition compliance with RoHS Restriction of Hazardous Substances and WEEE Waste Electrical and Electronic Equipment directives make D Link Green certified devices the environmentally responsible choice XW Support for the 3G wireless WAN USB dongle is only available for DSR 1000 and DSR 1000N About this User Manual This document is a high level manual to allow new D Link Unified Services Router users to configure connectivity setup VPN tunnels establish firewall rules and perform general administrative tasks Typical deployment and use case scenarios are described in each section For more detailed setup instructions and explanations of each configuration parameter refer to the online help that can be accessed from each page in the router GUI Typographical Conventions The following is a list of the various terms followed by an example of how that term is rep
191. figuration of the IPv6 LAN By configuring the Router Advertisement Daemon on this router the DSR will listen on the LAN for router solicitations and respond to these LAN hosts with router advisements 18 Unified Services Router User Manual RADVD Advanced gt IPv6 gt IPv6 LAN gt Router Advertisement To support stateless IPv6 auto configuration on the LAN set the RADVD status to Enable The following settings are used to configure RADVD Advertise Mode Select Unsolicited Multicast to send router advertisements RA s to all interfaces in the multicast group To restrict RA s to well known IPv6 addresses on the LAN and thereby reduce overall network traffic select Unicast only Advertise Interval When advertisements are unsolicited multicast packets this interval sets the maximum time between advertisements from the interface The actual duration between advertisements is a random value between one third of this field and this field The default is 30 seconds RA Flags The router advertisements RA s can be sent with one or both of these flags Chose Managed to use the administered stateful protocol for address auto configuration If the Other flag is selected the host uses administered stateful protocol for non address auto configuration Router Preference this low medium high parameter determines the preference associated with the RADVD process of the router This is useful if there are other RADVD enabl
192. found Failed to initalize WPS on s failed to get profile s could not initialize MGMT framework could not initialize MGMT framework dot11VapBssidUpdt SQL error s sqlite3QueryResGet failed Query s KDOT11_GET_PARAM IEEE80211_ OC_CHANNEL failed Failed to get the channel setting for s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s profile s not found sqlite3QueryResGet failed Query s Interface name and policy must be specified Interface name and policy must be specified invalid ACL type d interface name not specified interface name not specified Invalid interface s specified buffer length not specified Invalid length d specified failed created iappdLock failed to create cipher contexts unable to register to UMI iappSocklnit failed iapplnit got error unregistering it with UMI umiloctl UMI_COMP_UDOT11 d d failed umiloctl UMI_COMP_KDOT11 d d failed ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router Got PNAC_EVENT_PREAUTH_SUCCESS event for s event for non existent node s PNAC_EVENT_EAPOL_START event received PNAC_EVENT_EAPOL_LOGOFF event received PNAC_EVENT_REAUTH event received PNAC_EVENT_AUTH_ SUCCESS event
193. ful Address Auto Configuration 3 2 7 Checking WAN Status Setup gt Internet Settings gt WAN Status The status and summary of configured settings for both WAN1 and WAN2 are available on the WAN Status page You can view the following key connection status information for each WAN port Connection time The connection uptime Connection type Dynamic IP or Static IP Connection state This is whether the WAN is connected or disconnected to an ISP The Link State is whether the physical WAN connection in place the Link State can be UP i e cable inserted while the WAN Connection State is down IP address subnet mask IP Address assigned Gateway IP address WAN Gateway Address 37 Unified Services Router User Manual Figure 18 Connection Status information for both WAN ports DSR 1000N SETUP ADVANCED TOOLS STATUS Internet Settings WAN STATUS The WAN Status provides the current status of the WAN interfaces WANI Information Ipy4 MAC Address IP 4 Address Wan State NAT IP 4 only IP 4 Connection Type IP 4 Connection State Link State WAN Mode Gateway Primary DNS Secondary DNS WAN2 Information Ipv4 MAC Address IPy 4 Address Wan State NAT IP 4 only IPy 4 Connection Type IPv4 Connection State Link State WAN Mode Gateway Primary DNS Secondary DNS 00 DE 4D 20 75 01 0 0 0 0 0 0 0 0 DOWN Enabled Dynamic IP DHCP Not Yet Connected L
194. g Severity SysLog Server1 SysLog Server2 SysLog Server3 SysLog Server4 SysLog Server5 SysLog Server6 SysLog Server F SysLog Servers 9 4 3 Event Log Viewer in GUI Status gt Logs gt View All Logs The router GUI lets you observe configured log messages from the Status menu Whenever traffic through or to the router matches the settings determined in the Tools gt Log Settings gt Logs Facility or Tools gt Log Settings gt Logs Configuration pages the corresponding log message will be displayed in this window with a timestamp XW It is very important to have accurate system time manually set or from a NTP server in order to understand log messages Status gt Logs gt VPN Logs This page displays IPsec VPN log messages as determined by the configuration settings for facility and severity This data is useful when evaluating IPsec VPN traffic and tunnel health 128 Unified Services Router User Manual Figure 84 VPN logs displayed in GUI event viewer oe 00 A TT roos E gt YPN LOGS LOGOUT This page shows the YPN IPSEC related log Display Logs Traffic Monitor 2000 01 01 00 00 31 INFO IKE started 2000 01 01 00 01 41 INFO identifier test_policy 2000 01 01 00 01 41 INFO Adding IKE configuration with identifier test_policy 2000 01 01 00 02 09 INFO IKE stopped 2000 01 01 00 02 11 INFO IKE started 00 02 12 INFO test _polic
195. gt VPN Settings gt PPTP gt PPTP Server A PPTP VPN can be established through this router Once enabled a PPTP server is available on the router for LAN and WAN PPTP client users to access Once the PPTP server is enabled PPTP clients that are within the range of configured IP addresses of allowed clients can reach the router s PPTP server Once authenticated by the PPTP server the tunnel endpoint PPTP clients have access to the network managed by the router 95 Unified Services Router User Manual Figure 59 PPTP tunnel configuration PPTP Server DSR 1000N SETUP ADVANCED TOOLS STATUS PPTP SERVER LOGOUT Internet Settings PPTP allows an external user to connect to your router through the internet This section allows you to enable disable PPTP server and define a range of IP addresses for clients connecting to your router The connected clients can Function as if they are on your LAN they can communicate with LAN hosts access any ttings servers present etc Save Settings Don t Save Settings PPTP Server Configuration YPN Settings USB Settings Enable PPTP Server CT Enter the range of IP addresses that is allocated to PPTP Clients Starting IP Address Ending IP Address 6 4 2 L2TP Tunnel Support Setup gt VPN Settings gt L2TP gt L2TP Server A L2TP VPN can be established through this router Once enabled a L2TP server is available on the router for LAN and WAN L2TP
196. guration settings After the restore the router reboots automatically with the restored settings 3 To erase your current settings and revert to factory default settings click the Default button The router will then restore configuration settings to factory defaults and will reboot automatically See Appendix B for the factory default parameters for the router Figure 85 Restoring configuration from a saved file will result in the current configuration being overwritten and a reboot DSR 1000N SETUP ADYANCED TOOLS STATUS Date and Time SYSTEM LOGOUT Backup Restore Settings Saye Current Settings Backup Restore Saved Settings Browse Restore Factory Default settings Default Reboot Reboot Schedules 9 6 Upgrading Router Firmware Tools gt Firmware You can upgrade to a newer software version from the Administration web page In the Firmware Upgrade section to upgrade your firmware click Browse locate and select the firmware image on your host and click Upgrade After the new firmware image is validated the new image is written to flash and the router is automatically rebooted with the new firmware The Firmware Information and also the Status gt Device Info gt Device Status page will reflect the new firmware version x IMPORTANT During firmware upgrade do NOT try to go online turn off the DSR shut down the PC or interrupt the process in anyway until the operation is c
197. h s failed to allocate descriptors d s unable to setup a beacon xmit queue s unable to setup CAB xmit queue s unable to setup xmit queue for s traffic s unable to register device dev gt name s autocreation of VAP failed d ath_dev_probe no memory for device state kdot11RogueAPEnable called with NULL argument kdot1 1 RogueAPEnable can not add more interfaces kdot1 1 RogueAPGetState called with NULL argument kdot1 1RogueAPDisable called with NULL argument s SKB does not exist _ FUNCTION __ s recvd invalid skb unable to register KIFDEV to UMI The system is going to factory defaullts I S MSY 02x data i Inside crypt_open in driver Inside crypt_release in driver Inside crypt_init module in driver C E E EE Inside crypt_cleanup module in driver C E E EE SKB is null p skb DST is null p dst User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL 211 Unified Services Router Index d value d code x rate d flag x i int validRatelndex i RateTable d maxvalidrate d ratemax d pRc gt rateTableSize k pRc gt rateMaxPhy Can t allocate memory for ath_vap Unable to add a
198. hapter 5 Securing the Private 5 1 Network You can secure your network by creating and applying rules that your router uses to selectively block and allow inbound and outbound Internet traffic You then specify how and to whom the rules apply To do so you must define the following e Services or traffic types examples web browsing VoIP other standard services and also custom services that you define e Direction for the traffic by specifying the source and destination of traffic this is done by specifying the From Zone LAN WAN DMZ and To Zone LAN WAN DMZ e Schedules as to when the router should apply rules e Any Keywords in a domain name or on a URL of a web page that the router should allow or block e Rules for allowing or blocking inbound and outbound Internet traffic for specified services on specified schedules e MAC addresses of devices that should not access the internet e Port triggers that signal the router to allow or block access to specified services as defined by port number e Reports and alerts that you want the router to send to you You can for example establish restricted access policies based on time of day web addresses and web address keywords You can block Internet access by applications and services on the LAN such as chat rooms or games You can block just certain groups of PCs on your network from being accessed by the WAN or public DMZ network Firewall Rules Adva
199. he parameters of APs created by the Wizard Wireless Profiles Setup gt Wireless Settings gt Profiles The profile allows you to assign the security type encryption and authentication to use when connecting the AP to a wireless client The default mode is open i e no security This mode is insecure as it allows any compatible wireless clients to connect to an AP configured with this security profile To create a new profile use a unique profile name to identify the combination of settings Configure a unique SSID that will be the identifier used by the clients to communicate to the AP using this profile By choosing to broadcast the SSID compatible wireless clients within range of the AP can detect this profile s availability The AP offers all advanced 802 11 security modes including WEP WPA WPA2 and WPA WPA2 options The security of the Access point is configured by the Wireless Security Type section e Open select this option to create a public open network to allow unauthenticated devices to access this wireless gateway e WEP Wired Equivalent Privacy this option requires a static pre shared key to be shared between the AP and wireless client Note that WEP does not support 802 1 1n data rates is it appropriate for legacy 802 11 connections e WPA Wi Fi Protected Access For stronger wireless security than WEP choose this option The encryption for WPA will use TKIP and also CCMP if required The
200. he host is on the same link as the router The following prefix options are available for the router advertisements IPv6 Prefix Type To ensure hosts support IPv6 to IPv4 tunnel select the 6to4 prefix type Selecting Global Local ISATAP will allow the nodes to support all other IPv6 routing options SLA ID The SLA ID Site Level Aggregation Identifier is available when 6to4 Prefixes are selected This should be the interface ID of the router s LAN interface used for router advertisements IPv6 Prefix When using Global Local ISATAP prefixes this field is used to define the IPv6 network advertised by this router 20 Unified Services Router User Manual e IPv6 Prefix Length This value indicates the number contiguous higher order bits of the IPv6 address that define up the network portion of the address Typically this is 64 e Prefix Lifetime This defines the duration in seconds that the requesting node is allowed to use the advertised prefix It is analogous to DHCP lease time in an IPv4 network Figure 4 IPv6 Advertisement Prefix settings DSR 1000N SETUP ADVANCED TOOLS STATUS lication Rules ADVERTISEMENT PREFIXES LOGOUT Description Save Settings Don t Save Settings Advertise Prefixes Configuration IPv6 Prefix Type SLA ID IPv6 Prefix IPv6 Prefix Length Prefix Lifetime Seconds VLAN Configuration The router supports virtual network isolation on the LAN with the use o
201. he time connected to this particular AP Clicking the Details button next to the connected client will give the detailed send and receive traffic statistics for the wireless link between this AP and the client 4 3 1 Primary benefits of Virtual APs e Optimize throughput if 802 11b 802 11 g and 802 11n clients are expected to access the LAN via this router creating 3 VAPs will allow you to manage or shape traffic for each group of clients A unique SSID can be created for the network of 802 11b clients and another SSID can be assigned for the 802 11n clients Each can have different security parameters remember the SSID and security of the link is determined by the profile In this way legacy clients can access the network without bringing down the overall throughput of more capable 802 11n clients e Optimize security you may wish to support select legacy clients that only offer WEP security while using WPA2 security for the majority of clients for the radio By creating two VAPs configured with different SSIDs and different security parameters both types of clients can connect to the LAN Since WPA2 is more secure you may want to broadcast this SSID and not 61 Unified Services Router User Manual 4 4 broadcast the SSID for the VAP with WEP since it is meant to be used for a few legacy devices in this scenario Tuning Radio Specific Settings Setup gt Wireless Settings gt Radio Settings The Radio Settings pag
202. ial number is maintained by the CA and used to identify this signed certificate Issuer Name This is the CA name that issued signed this certificate Expiry Time The date after which this signed certificate becomes invalid you should renew the certificate before it expires To request a self certificate to be signed by a CA you can generate a Certificate Signing Request from the gateway by entering identification parameters and passing it along to the CA for signing Once signed the CA s Trusted Certificate and signed certificate from the CA are uploaded to activate the self certificate validating the identity of this gateway The self certificate is then used in IPsec and SSL connections with peers to validate the gateway s authenticity 115 Unified Services Router User Manual Figure 73 Certificate summary for IPsec and HTTPS management CERTIFICATES LOGOUT Digital Certificates also known as X509 Certificates are used to authenticate the identity of users and systems and are issued by Certification Authorities CA such as VeriSign Thawte and other organizations Digital Certificates are used by this router during the Internet Key Exchange IKE authentication phase to authenticate connecting PN gateways or clients or to be authenticated by remote entities Trusted Certificates CA Certificate i CA Identity Subject Name Issuer Name Expiry Time Upload Delete Active Self Certificates M Name
203. ic IP DHCP IP v6 is disabled Not Yet Connected IPv6 is disabled LINK DOWN Use only single WAN port Secondary WAN 0 0 0 0 0 0 0 0 0 0 0 0 136 Unified Services Router User Manual Figure 91 Device Status display continued WAN2 Information MAC Address IPv4 Address IP 6 Address Wan State NAT IP 4 only IP 4 Connection Type IP 6 Connection Type Link State WAN Mode Gateway Primary DNS Secondary DNS IP 4 Connection State IP 6 Connection State AA BB CC DD EF 01 0 0 0 0 0 0 0 0 DOWN Enabled ThreeG IPv6 is disabled Unable To Open Communication Port IPv6 is disabled LINK DOWN Use only single WAN port Secondary WAN 0 0 0 0 0 0 0 0 0 0 0 0 LAN Information MAC Address IP Address IP 6 Address DHCP Server DHCP Relay DHCPy 6 Server Wireless LAN Operating Frequency Mode Channel 00 DE 4D 20 75 00 176 16 2 40 255 255 255 0 Disabled Disabled IPv6 is disabled 2 4GHz N G Mixed Auto Available Access Points 10 1 2 Resource Utilization Status gt Device Info gt Dashboard SSID SECURITY admin WPA WPAZ ENCRYPTION AUTHENTICATION TKIP CCMP PSK The Dashboard page presents hardware and usage statistics The CPU and Memory utilization is a function of the available hardware and current configuration and traffic through the router Interface statistics for the wired connections LAN WANI
204. ic Monitor gt ACTIVE RUNTIME SESSIONS LOGOUT This page displays a list of active run time sessions on your router UserName IP Adress 27 Unified Services Router User Manual Chapter 3 Connecting to the Internet WAN Setup This router has two WAN ports that can be used to establish a connection to the internet The following ISP connection types are supported DHCP Static PPPoE PPTP L2TP 3G Internet via USB modem It is assumed that you have arranged for internet service with your Internet Service Provider ISP Please contact your ISP or network administrator for the configuration information that will be required to setup the router 3 1 Internet Setup Wizard Setup gt Wizard gt Internet The Internet Connection Setup Wizard is available for users new to networking By going through a few straightforward configuration pages you can take the information provided by your ISP to get your WAN connection up and enable internet access for your network Figure 11 Internet Connection Setup Wizard DSR 1000N oncom I setup ADVANCED TOOLS STATUS INTERNET CONNECTION LOGOUT Internet Settings This page will guide you through common configuration tasks such as changing the password timezone and internet connection type Internet Connection Setup Wizard IF you would like to utilize our easy to use Web based Wizards to assist you in connecting your new D Link VPN Settings Systems Router to
205. ically added to the original table 3 Chose the From Zone to be the source of originating traffic either the secure LAN public DMZ or insecure WAN For an inbound rule WAN should be selected as the From Zone 4 Choose the To Zone to be the destination of traffic covered by this rule If the From Zone is the WAN the To Zone can be the public DMZ or secure LAN Similarly if the From Zone is the LAN then the To Zone can be the public DMZ or insecure WAN 5 Parameters that define the firewall rule include the following 67 Unified Services Router User Manual e Service ANY means all traffic is affected by this rule For a specific service the drop down list has common services or you can select a custom defined service e Action amp Schedule Select one of the 4 actions that this rule defines BLOCK always ALLOW always BLOCK by schedule otherwise ALLOW or ALLOW by schedule otherwise BLOCK A schedule must be preconfigured in order for it to be available in the dropdown list to assign to this rule Source amp Destination users For each relevant category select the users to which the rule applies e Any all users e Single Address enter an IP address e Address Range enter the appropriate IP address range Log traffic that is filtered by this rule can be logged this requires configuring the router s logging feature separately QoS Priority Outbound rules where To Zone insecure WAN only can h
206. id Length packet from s Received Invalid Version packet from s Received Invalid Mode packet from s Request Timed out from s Looking Up s Timezone difference d Could not open file s Could not read data from file ntpTblHandler status d tz d DayLightsaving d pNtpControl gt ServerNames PRIMARY_SERVER S pNtpControl gt ServerNames SECONDARY_SERVER 1 S DS d pPriServ s pSecServ s Making request from d gt d sent request dst d lt src d using option d received request too small Y d bytes Received a UMI request from d sent a reply src d gt dst d umiRegister x x x x srcld d s gt destld d s cmd d inLen d outLen d waiting for reply Giving Up No request in the list after semTake reply timeout DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Unable to set debug for radAuth Unable to set debug level for radAuth ERROR option value not specified Unable to initialize radius Invalid username challenge or response Unable to set debug for radAuth Unable to set debug level for radAuth ERROR option value not specified Unable to initialize radius Invalid username or password usage s lt DB fileName gt
207. ide ARC4 and or SHA1 algorithms PPP not interface or channel PPP no memory VJ compressor failed to register PPP device q err PPP no memory comp pkt ppp compressor dropped pkt PPP no memory VJ comp pkt PPP no memory comp pkt PPP no memory fragment User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 206 Unified Services Router __FUNCTION__ s failed to register sysctls proc_name PKTLOG_TAG s proc_mkdir failed _ FUNCTION _ PKTLOG_TAG s pktlog_attach failed for s PKTLOG_TAG s allocation failed for pl_info FUNCTION _ PKTLOG_TAG s allocation failed for pl_info FUNCTION _ PKTLOG_TAG s create_proc_entry failed for s PKTLOG_TAG s sysctl register failed for s PKTLOG_TAG s page fault out of range _ FUNCTION _ PKTLOG_TAG s page fault out of range _ FUNCTION _ PKTLOG_TAG s Log buffer unavailable _ FUNCTION __ PKTLOG_TAG Logging should be disabled before changing bufer size S allocation failed for pl_info func __ s Unable to allocate buffer func__ s allocation failed for pl_info func _ s Unable to allocate buffer func__ Atheros HAL assertion failure s line SU WS ath_hal logging to
208. ify this router You can customize each WAN port s MAC address as needed either by letting the WAN port assume the current LAN host s MAC address or by entering a MAC address manually Figure 28 Physical WAN port settings DSR 1000N SETUP ADVANCED TOOLS STATUS on 2S gt ule gt g WAN PORT SETUP This page allows user to configure advanced WAN options for the router Save Settings Don t Save Settings Advanced Network D MTU Size Default Custom MTU fi 500 WAN2 Port Setup MTU Size Default Custom MTU fi 500 Port Speed Auto Sense Port Speed Auto Sense LOGOUT 32 Unified Services Router User Manual Chapter 4 Wireless Access Point 4 1 Setup This router has an integrated 802 1 1n radio that allows you to create an access point for wireless LAN clients The security encryption authentication options are grouped in a wireless Profile and each configured profile will be available for selection in the AP configuration menu The profile defines various parameters for the AP including the security between the wireless client and the AP and can be shared between multiple APs instances on the same device when needed XW The content in this section is applicable to the DSR 500N and DSR 1000N products Up to four unique wireless networks can be created by configuring multiple virtual APs Each such virtual AP appears as an independent AP unique SSID to
209. iled DNS proxy firewall rule add failed for S deleting interface s from ifgroup d failed adding interface s to ifgroup d failed nimfBridgeTblHandler unable to get interfaceName nimfBridgeTblHandler nimfBridgeTblHandler unable to get Failed to s traffic from s to s to IPS Failed to s traffic from s to s to IPS failed to start IPS service Timeout in waiting for IPS service to start Usage s lt DBFile gt lt opType gt lt tbIName gt lt rowld gt xlr8NatConfig illegal invocation of s Illegal invocation of s xlr8NatMgmtTblHandler failed query S Could not open file s Rip Error Command Too Long No authentication for Ripv1 Invalid Rip Direction Invalid Rip Version Invalid Password for 1st Key Invalid Time for 1st Key Invalid Password for 2nd Key Invalid Time for 2nd Key Invalid First Keyld Invalid Second Keyld Invalid Authentication Type ripDisable failed ripEnable failed ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router Facility Local0 Wireless User Manual node s setting s to val d Custom wireless event s Wireless event cmd 0x x len d New Rogue AP 02x 02x 02x 02x 02x 02x de
210. ime useful if your ISP costs are based on logon times click Idle Timeout and enter the time in minutes to wait before disconnecting in the Idle Time field 29 Unified Services Router User Manual 3 2 1 3 2 2 3 2 3 My IP Address Enter the IP address assigned to you by the ISP Server IP Address Enter the IP address of the PPTP or L2TP server XW DSR 250N doesn t have a dual WAN support WAN Port IP address Your ISP assigns you an IP address that is either dynamic newly generated each time you log in or static permanent The IP Address Source option allows you to define whether the address is statically provided by the ISP or should be received dynamically at each login If static enter your IP address IPv4 subnet mask and the ISP gateway s IP address PPTP and L2TP ISPs also can provide a static IP address and subnet to configure however the default is to receive that information dynamically from the ISP WAN DNS Servers The IP Addresses of WAN Domain Name Servers DNS are typically provided dynamically from the ISP but in some cases you can define the static IP addresses of the DNS servers DNS servers map Internet domain names example www google com to IP addresses Click to indicate whether to get DNS server addresses automatically from your ISP or to use ISP specified addresses If its latter enter addresses for the primary and secondary DNS servers To avoid connectivity problems ensure that yo
211. ime Protocol NTP is a protocol that is used to synchronize computer clock time in a network of computers Accurate time across a network is important for many reasons Save Settings Don t Save Settings Date and Time Current Router Time Mon Feb 1 14 44 03 GMT 2010 Time Zone GMT 08 00 Pacific Time US and Canada Enable Daylight Saving Vv Configure NTP Servers Set Date and Time Manually NTP Servers Configuration Default NTP Server Custom NTP Server Primary NTP Server O us pool ntp org Secondary NTP Server fi us pool ntp org Set Date And Time Year Month Day Hours Min Sec LL L 9 1 9 4 Log Configuration This router allows you to capture log messages for traffic through the firewall VPN and over the wireless AP As an administrator you can monitor the type of traffic that goes through the router and also be notified of potential attacks or errors when they are detected by the router The following sections describe the log configuration settings and the ways you can access these logs 9 4 1 Defining What to Log Tools gt Log Settings gt Logs Facility The Logs Facility page allows you to determine the granularity of logs to receive from the router There are three core components of the router referred to as Facilities e Kernel This refers to the Linux kernel Log messages that correspond to this facility would correspond to traffic through the firewall or network stack 122
212. ing Mode between WAN and LAN NAT LAN Settings Classical Routing Transparent Dynamic Routing RIP RIP Direction None z RIP Version Disabled z Authentication for RIP 2B 2M Enable Authentication for RIP 2B 2M First Key Parameters MD5 Key Id MD5 Auth Key MM DD YYYY HH MM 5S Not alid Before N pea j a _ YryyY Not Valid After i E 7 Second Key Parameters MDS Key Id MD5 Auth Key DD YYYY HH MIM Not Valid Before A o a J MM DD YYYY HH Not Valid After at i oF 3 5 2 Dynamic Routing RIP W DSR 250N does not support RIP 46 Unified Services Router User Manual 3 5 3 Setup gt Internet Settings gt Routing Mode Dynamic routing using the Routing Information Protocol RIP is an Interior Gateway Protocol IGP that is common in LANs With RIP this router can exchange routing information with other supported routers in the LAN and allow for dynamic adjustment of routing tables in order to adapt to modifications in the LAN without interrupting traffic flow The RIP direction will define how this router sends and receives RIP packets Choose between e Both The router both broadcasts its routing table and also processes RIP information received from other routers This is the recommended setting in order to fully utilize RIP capabilities e Out Only The router broadcasts its routing table periodically but does
213. ingle WAN port WAN2 z WAN Failure Detection Method None DNS lookup using WAN DNS Servers DNS lookup using DNS Servers WANI WAN2 Ping these IP addresses WANI WAN2 Retry Interval is Failover after 3 4 3 Protocol Bindings Advanced gt Routing gt Protocol Bindings Protocol bindings are required when the Load Balancing feature is in use Choosing from a list of configured services or any of the user defined services the type of traffic can be assigned to go over only one of the available WAN ports For increased flexibility the source network or machines can be specified as well as the destination network or machines For example the VOIP traffic for a set of LAN IP addresses can be assigned to one WAN and any VOIP traffic from the remaining IP 43 Unified Services Router User Manual addresses can be assigned to the other WAN link Protocol bindings are only applicable when load balancing mode is enabled and more than one WAN is configured Figure 23 Protocol binding setup to associate a service and or LAN source to a WAN and or destination network ADVANCED TOOLS STATUS PROTOCOL BINDINGS LOGOUT sation Rules gt site Filter Firewall Settings This page allows user to add a new protocol binding rule for the WAN interfaces Wireless Settings Save Settings Don t Save Settings Advanced Network Routing Protocol Binding Configuration Certificates Service ANY Local Ga
214. irewall 124 Unified Services Router User Manual e Example If Accept Packets from LAN to WAN is enabled and there is a firewall rule to allow SSH traffic from LAN then whenever a LAN machine tries to make an SSH connection those packets will be accepted and a message will be logged Assuming the log option is set to Allow for the SSH firewall rule Dropped Packets are packets that were intentionally blocked from being transferred through the corresponding network segment This option is useful when the Default Outbound Policy is Allow Always e Example If Drop Packets from LAN to WAN is enabled and there is a firewall rule to block ssh traffic from LAN then whenever a LAN machine tries to make an ssh connection those packets will be dropped and a message will be logged Make sure the log option is set to allow for this firewall rule XW Enabling accepted packet logging through the firewall may generate a significant volume of log messages depending on the typical network traffic This is recommended for debugging purposes only In addition to network segment logging unicast and multicast traffic can be logged Unicast packets have a single destination on the network whereas broadcast or multicast packets are sent to all possible destinations simultaneously One other useful log control is to log packets that are dropped due to configured bandwidth profiles over a particular interface This data will indicate to th
215. irewall Rules for Auto Failover Enabling Firewall Rules for Load Balancing Enabling Firewall Rules for Spill Over Load Balancing Enabling Firewall Rules for Auto Failover Deleting BlockSites Keyword Enabling BlockSites Keyword Disabling BlockSites Keyword DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 178 Unified Services Router Enabling attack check for L2TP Enabling attack check for UDP Flood Enabling attack check for IPsec Enabling attack check for PPTP Enabling attack check for L2TP Enabling DoS attack check with d SyncFlood detect rate Disabling DoS attack check having d SyncFlood detect rate Enabling ICSA Notification Item for ICMP notification Enabling ICSA Notification Item for Fragmented Packets Enabling ICSA Notification Item for Multi cast Packets Disabling ICSA Notification Item for ICMP notification Disabling ICSA Notification Item for Fragmented Packets Disabling ICSA Notification Item for Multi cast Packets Adding IP MAC binding rule for s MAC address Deleting IP MAC binding rule for s MAC src firewall linux user firewalld c 60 un def ADP_DEBUG src firewall linux user firewalld c 62 def ine ADP_DEBUG printf Restarti
216. ix prefix IN OUT PHYSIN s physindev gt name DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG IPSEC_ERR s d Max d No of SA Limit reached IPSEC_ERR s d Max d No of SA Limit reached IPSEC_ERR s d time secs u ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table unknown oid s varName could not find oid pointer for s varName unRegistering IPsecMib ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table unknown oid s varName could not find oid pointer for s varName unRegistering IPsecMib Yu ou u u NIPQUAD trt gt rt_dst 02x p YuU ou u u NIPQUAD trt gt rt_dst 02x p YU ou u u NIPQUAD trt gt rt_dst 02x p u ou u u NIPQUAD trt gt rt_dst 02x p un
217. izing DES in Klite Error initializing MD4 in Klite Error initializing RC4 in Klite Error initializing SHA in Klite Error cleaning cipher context Error destroying cipher context Error cleaning digest context Error destroying digest context Error stripping domain name Error cleaning digest context Error cleaning digest context Challenge not present in failure packet Wrong challenge length Incorrect password change version value Error generating password hash Error generating password hash Error encrypting password hash with block User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 171 Unified Services Router User Manual pEapCtx NULL or pPDU NULL ERROR Could not initialize des ecb ERROR received EAP pdu bigger than EAP_MTU_SIZE ERROR Error cleaning cipher context ERROR received EAP pdu bigger than EAP_MTU_SIZE ERROR Error cleaning cipher context ERROR state machine is in invalid state ERROR Error cleaning digest context ERROR unable to create method context ERROR Error cleaning digest context ERROR method ctxCreate failed ERROR adpDigesitlnit for SHA1 failed ERROR method profile set failed ERROR X509_ERROR Quer
218. k Packet length mismatch d d No attributes received in Access Challenge message No State Attribute in Access Challenge message radEapRecvTask failed to initialize UMI umiRegister failed errno d Invalid arguments to ioctl handler radEapSendRin Invalid Arguments radEapSendRin failed to allocate buffer umiloctl failed failed to initialize EAP message queue Unable to set debug for radEap Unable to set debug level for radEap ERROR option value not specified ERROR option value not specified could not initialize MGMT framework Unable to initialize radius Unable to set debug for radEap Unable to set debug level for radEap ERROR option value not specified Unable to initialize radius Invalid username or password User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 174 Unified Services Router Next Synchronization after Next Synchronization after d Primary is not available Secondary is not available Invalid value for use default servers No server is configured Backing off for d seconds Requesting time from s Synchronized time with s Received KOD packet from s No suitable server found s Received Inval
219. le Users with login status and associated Group Domain DSR 1000N ADVANCED TOOLS STATUS This page shows a list of available users in the system A user can add delete and edit the users also This page can also be used for setting policies on users List of Users Login Policies Policies By Browsers Policies By IP Advanced gt Users gt Domains The Domain determines the authentication method local user database external server to be used when validating the remote user s connection As well the Domain determines the portal layout presented to the remote SSL user Since the portal layout assigns access to SSL VPN tunnel and or SSL VPN Port Forwarding features the domain is essential in defining the authentication and features exposed to SSL users The following information is used to configure a domain e Domain Name The unique identifier of the domain e Authentication Type The authentication type can be one of the following Local User Database Radius PAP Radius CHAP Radius MSCHAP Radius MSCHAPv2 NT Domain Active Directory and LDAP e Authentication Server If the SSL VPN connection will use an authentication method other than the Local User Database such as a RADIUS server then the sever access details are needed If there are multiple authentication servers user can enter the details for upto three authentication servers e Authentication Secret If the domain uses
220. ltiple PPPoE part 1 WAN1 SETUP LOGOUT Internet Settings D Wireless Settings gt Primary PPPoE Profile Configuration EEL sr connection Type Japanese mutipe PPPOE x Address Mode Dynamic IP Static IP IP Address 0 0 0 0 IP Subnet Mask 0 0 0 0 This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses Account Information etc This information is usually provided by your ISP or network administrator l Save Settings Don t Save Settings User Name dlink Password coves Service Optional Authentication Type Auto negotiate Reconnect Mode AlwaysOn On Demand Maximum Idle Time 5 Primary PPPoE Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP e Primary DNS Server 0 0 0 0 0 0 0 0 Secondary DNS Server There are a few key elements of a multiple PPPoE connection e Primary and secondary connections are concurrent e Each session has a DNS server source for domain name lookup this can be assigned by the ISP or configured through the GUI e The DSR acts as a DNS proxy for LAN users e Only HTTP requests that specifically identify the secondary connection s domain name for example flets will use the secondary profile to access the content available through this secondary PPPoE terminal All other HTTP HTTPS requests go through the primary
221. m page for remote SSL VPN users that is presented upon authentication There are various fields in the portal that are customizable for the domain and this allows the router administrator to communicate details such as login instructions available services and other usage details in the portal visible to remote users During domain setup configured portal layouts are available to select for all users authenticated by the domain XW The default portal LAN IP address is https 192 168 10 1 scgi bin userPortal portal This is the same page that opens when the User Portal link is clicked on the SSL VPN menu of the router GUI The router administrator creates and edits portal layouts from the configuration pages in the SSL VPN menu The portal name title banner name and banner contents are all customizable to the intended users for this portal The portal name is appended to the SSL VPN portal URL As well the users assigned to this portal through their authentication domain can be presented with one or more of the router s supported SSL services such as the VPN Tunnel page or Port Forwarding page To configure a portal layout and theme following information is needed e Portal layout name A descriptive name for the custom portal that is being configured It is used as part of the SSL portal URL e Portal site title The portal web browser window title that appears when the client accesses this portal This field is optional
222. measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation This transmitter must not be co located or operating in conjunction with any other antenna or transmitter The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm from all persons and must not be co located or operating in conjunction with any other antenna or transmitter This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range Non modification Statement Use only the integral antenna supplied by the manufacturer when operating this device Unauthorized antennas modifications or attachments could damage the TI Navigator access point and violate
223. n s DEBUG ERROR ERROR BIO_write Error DEBUG innerEapRecv is NULL ERROR ERROR Decrypting BIO reset failed DEBUG Inner EAP processing ERROR ERROR Encrypting BIO reset ERROR DEBUG TLS handshake ERROR ERROR BIO_read Error DEBUG Sending P1 response ERROR ERROR EAP state machine changed from s to Unexpected tlsGlueContinue return S DEBUG value ERROR EAP state machine changed from s to No more fragments in message S DEBUG ERROR ERROR No phase 2 data or phase 2 data Received EAP Packet with code d DEBUG buffer NULL ERROR ERROR Allocating memory for PEAP Phase 2 Response ID d DEBUG payload ERROR ERROR Response Method d DEBUG TLS encrypting response ERROR ERROR 167 Unified Services Router User Manual Setting message in fragment buffer Created EAP PEAP context OK DEBUG ERROR ERROR Allocating TLS read buffer is NULL Deleted EAP PEAP context OK DEBUG ERROR ERROR Upper EAP sent us decision d method state d DEBUG Setting last fragment ERROR ERROR P2 decision d methodState d DEBUG Getting message ERROR ERROR Writing message to BIO ERROR DEBUG Processing PEAP message ERROR ERROR Encrypted d bytes for P2 DEBUG Setting fragment ERROR ERROR P2 sending fragment DEBUG Creating receive buffer ERROR ERROR P2 message size d DEBUG Setting first fragment ERROR ERROR P2 sending unfragmented message DEBUG Sending P1 response ERROR ERROR NULL request or response PDU o
224. n be reached Metric Determines the priority of the route If multiple routes to the same destination exist the route with the lowest metric is chosen 48 Unified Services Router User Manual Figure 25 Static route configuration fields DSR 1000N ADVANCED TOOLS STATUS Application Rules STATIC ROUTE CONFIGURATION This page allows user to add a new static route Save Settings Don t Save Settings Active Private Destination IP Address IP Subnet Mask Power Saving Interface Gateway IP Address Metric 3 6 Configurable Port WAN Option This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port If the port is selected to be a secondary WAN interface all configuration pages relating to WAN2 are enabled Setup gt Internet Settings gt WAN2 Setup WAN configuration is identical to the WANI configuration with one significant exception configuration for the 3G USB modem is available only on WAN2 w 3G WAN support is available on the dual WAN products DSR 1000 and DSR 1000N 49 Unified Services Router User Manual Figure 26 WAN2 configuration for 3G internet part 1 DSR 1000N SETUP ADVANCED TOOLS STATUS WAN2 SETUP LOGOUT Internet Settings This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses accou
225. n interface for ath_dev S 02u 7s tag ix ciphers hk gt kv_type 02x hk gt kv_valli mac 02x 02x 02x 02x 02x 02x mac 0 mac 1 mac 2 mac 3 mac 4 mac 5 mac 00 00 00 00 00 00 02x hk gt kv_mic i txmic 02x hk gt kv_txmicfi Cannot support setting tx and rx keys individually bogus frame type 0x x s ERROR ieee80211_encap ret NULL ERROR ath_amsdu_attach not called S no memory for cwm attach func __ s error acw NULL Possible attach failure func__ s unable to abort tx dma func __ S no memory for ff attach func __ Failed to initiate PBC based enrolle association KERN_EMERG Returing error in INTR registration KERN_EMERG Initialzing Wps module S d S func FILE_ __LINE_ DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEV is null p p dev dst Packet is Fragmented d pBufMgr gt len Marked the packet proto d sip x dip x sport d dport d spi d isr p p p SAV CHECK FAILED IN DECRYPTION FAST PATH Breaks on BUF CHECK FAST PATH Breaks on DST CHECK FAST PATH Breaks on MTU d d d bufMgrLen pBufMgr mtu dst_mtu pDst gt path FAST PATH Breaks on MAX PACKET d d bufMgrLen pBufMgr IP_MAX_PA CKET SAV CHECK FAILED IN ENCRYPTION Match Found proto d spi d pPktInfo gt prot
226. n this device Connected Clients AP Name MAC Address Radio Security Encryption Authentication Time Connected Poll Interval fi 0 Seconds Start Stop 10 3 3 LAN Clients Status gt LAN Clients The LAN clients to the router are identified by an ARP scan through the LAN switch The NetBios name if available IP address and MAC address of discovered LAN hosts are displayed 144 Unified Services Router User Manual Figure 99 List of LAN hosts DSR 1000N SETUP ADYANCED TOOLS STATUS LAN CLIENTS LOGOUT This page displays a list of LAN clients connected to the router List of LAN Clients Name IP Address MAC Address EITHSTINTEL645 97 0 0 5 00 0F 1F 8E B6 36 LAN Clients Active VPNs 10 3 4 Active VPN Tunnels Status gt Active VPNs You can view and change the status connect or drop of the router s IPsec security associations Here the active IPsec SAs security associations are listed along with the traffic details and tunnel state The traffic is a cumulative measure of transmitted received packets since the tunnel was established If a VPN policy state is IPsec SA Not Established it can be enabled by clicking the Connect button of the corresponding policy The Active IPsec SAs table displays a list of active IPsec SAs Table fields are as follows 145 Unified Services Router User Manual Figure 100 List of current Active VPN Sessions DSR 1000N SETUP ADVANCED TO
227. nable to allocate channel table dev gt name s unable to collect channel list from HAL R p llx 08x 08x 08x 08x 08x 08x c T p llx 08x 08x 08x 08x 08xX 08x 08x 08x c s no memory for sysctl tablel func __ S no memory for device name storage func __ User Manual DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 196 Unified Services Router ipt_time loading ipt_time unloaded ip_conntrack_irc max_dcc_channels must be a positive integer ip_conntrack_irc ERROR registering port d ip_nat_h323 ip_nat_mangle_tcp_packet ip_nat_h323 ip_nat_mangle_udp_ packet ip_nat_h323 out of expectations ip_nat_h323 out of RTP ports ip_nat_h323 out of TCP ports ip_nat_q931 out of TCP ports ip_nat_ras out of TCP ports ip_nat_q931 out of TCP ports ip_conntrack_core Frag of proto u Broadcast packet Should beast u u u Y u gt uU U U U sk p ptype u ip_conntrack version s u buckets d max ERROR registering port d netfilter PSD loaded c astaro AG netfilter PSD unloaded c astaro AG s SELF s LAN s WAN TRUNCATED SRC u u u ou DST u uU U U LEN u TOS 0x 02X PREC 0x 02X TTL u ID u FRAG u ntohs ih gt frag_off
228. nal server is to be specified Once the new FQDN is configured it is displayed in a list of configured hosts for port forwarding XW Defining the hostname is optional as minimum requirement for port forwarding is identifying the TCP application and local server IP address The local server IP address of the configured hostname must match the IP address of the configured application for port forwarding 107 Unified Services Router User Manual Figure 67 List of Available Applications for SSL Port Forwarding Cy Sc O roos sas PORT FORWARDING LOGOUT The Port Forwarding page allows you to detect and re route data sent from remote users to the SSL YPN gateway to predefined applications running on private networks List of Configured Applications for Port Forwarding L Local Server IP Address TCP Port Number L 97 0 0 64 125 Delete Add List of Configured Host Names for Port Forwarding E Local Server IP Address Fully Qualified Domain Name E 192 168 15 25 test Delete Add 7 4 SSL VPN Client Configuration Setup gt VPN Settings gt SSL VPN Client gt SSL VPN Client An SSL VPN tunnel client provides a point to point connection between the browser side machine and this router When a SSL VPN client is launched from the user portal a network adapter with an IP address from the corporate subnet DNS and WINS settings is automatically created This allows local applications to access services on
229. nced gt Firewall Settings gt Firewall Rules Inbound WAN to LAN DMZ rules restrict access to traffic entering your network selectively allowing only specific outside users to access specific local resources By default all access from the insecure WAN side are blocked from accessing the secure LAN except in response to requests from the LAN or DMZ To allow outside devices to access services on the secure LAN you must create an inbound firewall rule for each service If you want to allow incoming traffic you must make the router s WAN port IP address known to the public This is called exposing your host How you make your address known depends on how the WAN ports are configured for this router you Unified Services Router User Manual may use the IP address if a static address is assigned to the WAN port or if your WAN address is dynamic a DDNS Dynamic DNS name can be used Outbound LAN DMZ to WAN rules restrict access to traffic leaving your network selectively allowing only specific local users to access specific outside resources The default outbound rule is to allow access from the secure zone LAN to either the public DMZ or insecure WAN You can change this default behavior in the Firewall Settings gt Default Outbound Policy page When the default outbound policy is allow always you can to block hosts on the LAN from accessing internet services by creating an outbound firewall rule for each service Figure
230. ng traffic meter with d mins d hours Updating traffic meter with d mins d hours Deleting traffic meter Disabling block traffic for traffic meter Enabling traffic meter Adding lan group s Deleting lan group s Renaming lan group from s to s Deleting host s from s group Adding host s to s group Enabling Keyword blocking for s keyword Disabling keyword Blocking for s keyword Deleting trusted domain with keyword HS Adding s keyword to trusted domain Enabling Management Access from DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual Updating BlockSites Keyword from DEBUG Inserting BlockSites Keyword DEBUG Deleting Trusted Domain DEBUG Adding Trusted Domain DEBUG Restarting Schedule Based Firewall Rules DEBUG Enabling Remote SNMP DEBUG Disabling Remote SNMP DEBUG Enabling Remote SNMP DEBUG Disabling DOS Attacks DEBUG Enabling DOS Attacks DEBUG Enabling DOS Attacks DEBUG Restarting Firewall d d For s DEBUG restartStatus d for LogicallfName S DEBUG Deleting Lan Group s DEBUG Adding Lan Group s DEBUG Deleting lan host s from group s DEBUG Adding lan host s from group s DEBUG Disabling Firewall Rule for IGMP Protocol DEB
231. nk com Date and Time SYSTEM CHECK LOGOUT This page displays the output of the diagnostic command which user runs Command Output Gateway Flags Metric Ref Use Dynamic DNS 127 0 0 1 255 255 255 255 UGH 1 0 0 lo 255 255 255 0 U o D 0 bdg22 System Check 192 168 2 1 255 255 255 0 UG 1 o 0 bdg22 255 255 255 0 U o i 0 ethl 192 168 75 100 255 255 255 0 UG 1 D 0 ethl 255 0 0 0 U o D 0 bdgl 97 0 0 2 255 0 0 0 uel o 0 bdgl 192 168 75 4 0 0 0 0 UG o0 i 0 ethl BACE 9 8 3 DNS Lookup To retrieve the IP address of a Web FTP Mail or any other server on the Internet type the Internet Name in the text box and click Lookup If the host or domain entry exists you will see a response with the IP address A message stating Unknown Host indicates that the specified Internet Name does not exist XW This feature assumes there is internet access available on the WAN link s 9 8 4 Router Options The static and dynamic routes configured on this router can be shown by clicking Display for the corresponding routing table Clicking the Packet Trace button will allow the router to capture and display traffic through the DSR between the LAN and WAN interface as well This information is often very useful in debugging traffic and routing issues 134 Unified Services Router User Manual Chapter 10 Router Status and Statistics 10 1 System Overview The Status page allows you to get a detailed overvi
232. nt information etc This information is usually provided by your ISP or network administrator NOTE If you have a PPPoE connection first create your PPPoE profile on the Internet Settings gt PPPoE Profiles page gt WANZ PPPoE Profiles page Save Settings Don t Save Settings ISP Connection Type ISP Connection Type 3G Internet PPPoE Profile Name z User Name admin Password 5 Secret MPPE Encryption fai Split Tunnel E Connectivity Type Keep Connected z Idle Time My IP Address Server Address Gateway IP Address Cellular 3G internet access is available on WAN2 via a 3G USB modem for DSR 1000 and DSR 1000N The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish a connection The dial Number and APN are specific to the cellular carriers Once the connection type settings are configured and saved navigate to the WAN status page Setup gt Internet Settings gt WAN Status and Enable the WAN2 link to establish the 3G connection 50 Unified Services Router User Manual Figure 27 WAN2 configuration for 3G internet part 2 Internet IP Address IP Address Source IP Address IP Subnet Mask Gateway IP Address Get Dynamically from ISP x Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP z Primary DNS Seryer Secondary DNS Server DHCP Connection
233. ntpd umi initialization failed ntpd ntplnit failed ntpd ntpMgmilnit failed There was an error while getting the timeZoneChangeScript unexpected reply from d cmd d cmd d not supported caller d default reached Unable to initialize ntpControl ntpMgmt Couldn t open database s ERROR incomplete DB update information empty update nRows d nCols d Error in executing DB update handler requestNtpTime Invalid addr failed to take lock for compld d failed to convert ioctl args to buffer for request timeout dst Y d lt src d failed to take lock for compld d umiloctlArgsToBuf failed to allocate memory umiRecvFrom could not allocate memory adpMalloc failed context with ID d already registered Failed to allocate memory for creating UMI context Failed to create recvSem for UMI context Failed to create mutex locks for UMI context Failed to create mutex recvQLock for UMI context Invalid arguments to umiloctl could not find the destination context User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 175 Unified Services Router timeout after semTake srcld d s lt destlId d s cmd d Un registerting component with Id
234. nued Auto policy via IKE Phase1 IKE SA Parameters Exchange Mode Direction Type Nat Traversal On Off NAT Keep Alive Frequency in seconds Local Identifier Type LocalWanIP z Local Identifier D Remote Identifier Type Remote Wan IP gt Remote Identifier a Encryption Algorithm l 3DES Authentication Algorithm sH Authentication Method Pre shared key Pre shared key TC tC Diffie Hellman DH Group Group 2 1024 bit z SA Lifetime sec 280 Enable Dead Peer Detection O Detection Period 10 Reconnect after failure count E Enable Extended Authentication O Username fa dmin Password A Manual policy does not use IKE and instead relies on manual keying to exchange authentication parameters between the two IPsec hosts The incoming and outgoing security parameter index SPI values must be mirrored on the remote tunnel endpoint As well the encryption and integrity algorithms and keys must match on the remote IPsec host exactly in order for the tunnel to establish successfully Note that using Auto policies with IKE are preferred as in some IPsec implementations the SPI security parameter index values require conversion at each endpoint DSR supports VPN roll over feature This means that policies configured on primary WAN will rollover to the seconday WAN incase of a link failure on a primary WAN This feature can be used only if your WAN is configured in Auto Rolleover mode
235. o allocate UAPSD QoS NULL whbuf s unable to allocate channel table func __ s unable to update h w beacon queue parameters ALREADY ACTIVATED s missed u consecutive beacons s busy times rx_clear d rx_frame d tx_frame d _func_ rx_clear rx_frame tx_frame s unable to obtain busy times __func__ s beacon is officially stuck Busy environment detected Inteference detected rx_clear d rx_frame d tx_frame d s resume beacon xmit after u misses s stuck beacon resetting bmiss count u EMPTY QUEUE SWRinfo seqno d isswRetry d retryCnt d wh u_int16_t amp wh gt i_seq 0 gt gt 4 0 bf gt bf_isswretry bf gt bf_swretries Buffer 08X gt Next 08X Prev 08X Last 08X bf TAILQ_NEXT bf bf_list Stas 08X flag 08X Node 08X bf gt bf_status bf gt bf_flags bf gt bf_node Descr 08X gt Next 08X Data 08X Ctl0 08X Ctl1 08X bf gt bf_daddr ds gt ds_link ds gt ds_data ds gt ds_ctlO ds gt ds_ctl1 Ctl2 08X Ctl3 08X Sta0 08X Sta1 08X ds gt ds_hw 0 ds gt ds_hw 1 lastds gt ds_hw 2 lastds gt ds_hw 3 Error entering wow mode DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG int len 03d i 02x unsigned char p i mic check failed s O
236. o pFlowEntry gt pre spi PRE proto u srcip u u u u sport u dstip u u u u dport u POST proto u srcip u u u u sport u dstip u u u u dport u Clearing the ISR p p PROTO d u u u Yu gt uU oU U U ESP DONE p p sav m ESP BAD p p sav m Bug in ip_route_input_slow Bug in ip_route_input_slow Bug in ip_route_input Bug in ip_route_input_slow AH Assigning the secure flags for sav p Sav ESP Assigning the secure flags for sav p skb p src x dst x sav skb ip gt ip_src s_addr ip gt ip_dst s_addr s Buffer d mtu d path mtu d header d trailer d __func__ bufMgrLen pBufMgr mtu dst_mtu pDst gt path pDst gt header_len pDst gt trailer_len User Manual CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL 212 Unified Services Router Appendix E RJ 45 Pin outs Signal ae Adapter Signal RJ 45 PIN DB 9 PIN CTS NC NC NC DTR NC NC NC TxD 6 3 RxD GND 5 5 GND GND 4 5 GND RxD 3 2 TxD DSR NC NC NC RTS NC NC NC User Manual 213 Unified Services Router User Manual Appendix F Product Statement 1 DSR 1000N Federal Communications Commission FCC Compliance Notice Radio Frequ
237. of addresses served to the client network adaptor 109 Unified Services Router User Manual Setup gt VPN Settings gt SSL VPN Client gt Configured Client Routes If the SSL VPN client is assigned an IP address in a different subnet than the corporate network a client route must be added to allow access to the private LAN through the VPN tunnel As well a static route on the private LAN s firewall typically this router is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client When split tunnel mode is enabled the user is required to to configure routes for VPN tunnel clients e Destination network The network address of the LAN or the subnet information of the destination network from the VPN tunnel clients perspective is set here e Subnet mask The subnet information of the destination network is set here Figure 69 Configured client routes only apply in split tunnel mode ey Sc cs crams SSL YPN CLIENT ROUTE CONFIGURATION LOGOUT The Configured Client Routes entries are the routing entries which will be added by the SSL YPN Client such that only traffic to these destination addresses is redirected through the SSL VPN tunnels All other traffic is redirected using the native network interface of the hosts SSL YPN Clients For example if the SSL YPN Client wishes to access the LAN network then in SPLIT Tunnel mode you should add the LAN subnet as the Destination Network VPN
238. oftware Test SHA Software Test s shaSoftTest 0 Failed Passed SHA Hardware Test SHA Hardware Test s shaHardTest 0 Failed Passed MD5 Software Test DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ICMP u u u u ICMP u u u u Source Wrong address mask u uU u U from Redirect from u u u u on S about IP routing cache hash table of u buckets ldKbytes source route option u u u u gt u U U oU Wrong address mask u u u uU from Redirect from u u u uU on s about source route option ICMP u u u u ICMP u uU u uU Source Wrong address mask u uU u U from Redirect from u u u U on s about IP routing cache hash table of u buckets ldKbytes source route option u u u u gt uU oU U U IPsec device unregistering s dev gt name IPsec device down s dev gt name mark only supports 32bit mark ipt_time invalid argument ipt_time IPT_DAY didn t matched Logs_kernel txt 45 KERN_WARNING Logs_kernel txt 59 KERN_ WARNING ipt_LOG not logging via system console S wrong options length u fname opt_len s options rejected o 0 02x o 1 02x S wrong options length u s options rejected o 0
239. okie p Releasing Packet with cookie p Received EAP Identity from Pnac s Filling User Name s Filling State Filling EAP Message Filling Service Type d Filling Framed MTU d Received Access Challenge from Server Sending Reply EAP Packet to Pnac Error sending packet to Pnac RADIUS Authentication Failed RADIUS Authentication Successful Got Packet with cookie p Next DNS Retry after 1 min Next Synchronization after DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Failed to set default retries value ERROR incomplete DB update information old values result does not contain 2 rows sqlite3QueryResGet failed empty update nRows d nCols d Error in executing DB update handler sqlite3QueryResGet failed Invalid SQLITE operation code d sqlite3QueryResGet failed empty result nNRows d nCols d sqlite3QueryResGet failed empty result nNRows d nCols d RADIUS Accounting Exchange Failed Unable to set debug for radAcct Unable to set debug level for radAcct ERROR option value not specified ERROR option value not specified Unable to initialize radius radEapMsgQueueAdd Invalid EAP packet length d radEapRecvTask invalid EAP code d radEapRecvTas
240. omplete This should take only a minute or so including the reboot process Interrupting the upgrade process at specific points when the flash is being written to may corrupt the flash memory and render the router unusable without a low level process of restoring the flash firmware not through the web GUI 130 Unified Services Router User Manual Figure 86 Firmware version information and upgrade option DSR 1000N ADVANCED TOOLS STATUS Date and Time FIRMWARE LOGOUT Log Settings gt Firmware This page allows user to upgrade downgrade the router firmware This page also show the information regarding firmware version and build time nw via US Firmware via USB Firmware Information Dynamic DNS 1 01827 Mon Feb 22 18 52 44 2010 Firmware Upgrade No file chosen Upgrade Locate amp select the upgrade file Firmware Upgrade Notification Options Check Now Check Now Status This router also supports an automated notification to determine if a newer firmware version is available for this router By clicking the Check Now button in the notification section the router will check a D Link server to see if a newer firmware version for this router is available for download and update the Status field below 9 7 Dynamic DNS Setup Tools gt Dynamic DNS Dynamic DNS DDNS is an Internet service that allows routers with varying public IP addresses to be locate
241. onfiguration ccceceeccescesceeeeeseeceeseeececeeseeseceeeeeeseeaeseeeeeeeaeeareeeeeees 119 9 3 Configuring Time Zone and NTP ec eeeeeeseeseeseeeeeeeeeseeseeeeeeeeseeareeeeeees 121 9 4 Log CONFIQUPATION 0 2 ee eeceeseeseeeceeceeseeseeeeceeeesecaeceeeeseeaeceeeaeeseeaeeeeeeseeeeeeesens 122 9 4 1 Defining Whatto Log wicc ccavccisceceustcedsnnsreascue E E a 122 9 4 2 Sending Logs to E mail or SySlOQ ecceeeeseeseeseeseeeeeeseeseeeeeeeeeeeseeeeeeeeeees 126 9 4 3 Event Log Viewer in GUI oo ee cecceeeceeseeseeeceeseeseeseceeeeeesecaeeseeeeeeseseeeeeees 128 9 5 Backing up and Restoring Configuration SettingS eceseseseeeeeeees 129 9 6 Upgrading Router Firmware ceccecceseescescceseeseeseeeeeeceeeeseeseeeeeeseeeeeeeeeess 130 9 7 Dynamic DNS Setup eccceceeseeseeseeseeeceeseeseceeeeeseeseeseeeecesecseseeeseeaeeeeesenss 131 9 8 Using DiaGnOStiC TOS keem enaena E AEAEE 132 ots EEE ad A AEA A ET T TE 133 9 8 2 rrace ROUTE eti e a a des n a e A A sees AAE 133 98 3 DNS LOOKUP asn a E a S E R e 134 98 4 Router Options zeros tes aeae ea a e Ee a E T a 134 Router Status and Statistics 20 0 cceceescescescceeceseeseeseceeceeeeseeseceeceeeesecaeeeeeeeeaeeeeeeees 135 10 1 System OVEIVIOW 0 ce ecececcceceeseeseesececeeeeseesecaeceeeeseeseceeeeeeaecseceseseeaeeateneenss 135 TOME DEVICE SATUS 2 5 och cates cstcten PR see riate a ae ON cea ett eR es 135 10 1 2 Resource Utilization oe eee ececceceesceeceeceesees
242. op e Select Printers and faxes option e Right click and select add printer or click on Add printer present at the left menu e Select the Network Printer radio button and click next select device isn t listed in case of Windows7 e Select the Connect to printer using URL radio button Select a shared printer by name in case of Windows 7 and give the following URL http lt Router s LAN IP address gt 631 printers lt Model Name gt Model Name can be found in the USB status page of router s GUI e Click next and select the appropriate driver from the displayed list e Click on next and finish to complete adding the printer 113 Unified Services Router User Manual Figure 72 USB Device Detection USB SETTINGS LOGOUT This page displays information about the USB devices connected to the USB port s This page also allows user to do certain configurations on USB devices such as safely unmounting the devices USB 1 Device Not Connected Device Vendor Device Model Device Type Mount Status USB 2 Device Not Connected Device Vendor Device Model Device Type Mount Status 8 2 Authentication Certificates Advanced gt Certificates This gateway uses digital certificates for IPsec VPN authentication as well as SSL validation for HTTPS and SSL VPN authentication You can obtain a digital certificate from a well known Certificate Authority CA such as VeriSign or generate and
243. or port number d User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 163 Unified Services Router s buffer overflow s value of s in s table is s s returning with status s dnsResolverConfigure addressFamily d dnsResolverConfigure LogicallfName S chap secrets File found PID File for xl2tpd found pid d options xl2tpd file found options xl2tpd file not found Conf File for xl2tpd found xl2tpd conf not found Chap Secrets file found Chap Secrets file not found s DBUpdate event Table s opCode d rowld d chap secrets File found PID File for pptpd found pid d PID File for pptpd interface found pid d options pptpd file found options pptpd file not found Conf File for pptpd found pptpd conf not found Chap Secrets file found Chap Secrets file not found s DBUpdate event Table s opCode d rowld d chap secrets File found pppoeMgmtTblHandler MtuFlag d pppoeMgmtTblHandler Mtu d pppoeMgmtTblHandler IdleTimeOutFlag d pppoeMgmtTblHandler IdleTimeOutValue d pppoeMgmtTblHandler UserName s pppoeMgmtTblHandler Password s pppoeMgmtTblHandler DNS specified S pppoeMgmtTblHandler Service s pppoeMgmtT
244. ount for all the system interfaces It also shows the up time For all the interfaces System up Time 0 days 1 hours 11 minutes 56 seconds Port Statistics Port TxPkts RxPkts Collisions TxB s RxB s Up time Dedicated WAN 96 0 0 0 0 0 Days 01 10 22 Configurable Port WAN 8 0 0 0 Days 01 09 55 LAN 12014 10292 0 Days 01 09 55 LAN22 Not Yet Available Poll Interval fio Seconds Start Stop 10 2 2 Wireless Statistics Status gt Traffic Monitor gt Wireless Statistics The Wireless Statistics tab displays the incrementing traffic statistics for each enabled access point This page will give a snapshot of how much traffic is being transmitted over each wireless link If you suspect that a radio or VAP may be down the details on this page would confirm if traffic is being sent and received through the VAP The clients connected to a particular AP can be viewed by using the Status Button on the list of APs in the Setup gt Wireless gt Access Points page Traffic statistics are shown for that individual AP as compared to the summary stats for each AP on this Statistics page The poll interval the refresh rate for the statistics can be modified to view more frequent traffic and collision statistics 141 Unified Services Router User Manual Figure 96 AP specific statistics DSR 1000N SETUP ADVANCED TOOLS STATUS The page will auto refresh in 1 seconds WIRELESS STATISTICS LOGOUT Wireless traffic stati
245. pdown select Address Range and add this IP range as the From and To IP addresses We want to block all HTTP traffic to any services going to the insecure zone The Destination Users dropdown should be any We don t need to change default QoS priority or Logging unless desired clicking apply will add this firewall rule to the list of firewall rules The last step is to enable this firewall rule Select the rule and click enable below the list to make sure the firewall rule is active Security on Custom Services Advanced gt Firewall Settings gt Custom Services Custom services can be defined to add to the list of services available during firewall rule configuration While common services have known TCP UDP ICMP ports for traffic many custom or uncommon applications exist in the LAN or WAN In the custom service configuration menu you can define a range of ports and identify the traffic type TCP UDP ICMP for this service Once defined the new service will appear in the services list of the firewall rules configuration menu 76 Unified Services Router User Manual Figure 43 List of user defined services CUSTOM SERVICES LOGOUT When you create a firewall rule you can specify a service that is controlled by the rule Common types of services are available For selection and you can create your own custom services This page allows creation of custom services against which firewall rules can be d
246. port triggering for protocol U Enabling rule port triggering for protocol T Enabling rule port triggering for protocol U Enabling DNS proxy Restarting DNS proxy checking DNS proxy for Secure zone checking DNS proxy for Public zone Enabling Block traffic from s zone Configuring firewall session settings for Disabling DMZ Disabling WAN DMZ rules Enabling WAN DMZ rules Restarting DMZ rule having s address with s address Enabling LAN DHCP relay OneToOneNat configured successfully OneToOneNat configuration failed Deleting scheduled IPv6 rules delete from FirewallRules6 where ScheduleName s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG d d d d d Disabling Port Trigger Rule for d d d d d Adding Port Trigger Rule for d d d d d Enabling Content Filter Disabling Content Filter Enabling Content Filter Setting NAT mode for pLogicallfName S Enabling DROP for INPUT Enabling DROP for FORWARD Enabling NAT based Firewall Rules Setting transparent mode for pLogicallfName Enabling Accept for INPUT Enabling Accept for FORWARD Setting Routing mode for pLogicallfName Enabling DROP for INPUT Enabling DROP for FORWARD Disabling NAT based Firewall Rul
247. pplication Rules CONTENT FILTERING LOGOUT Website Filter This content filtering option allow the user to block access to certain Internet sites Up to 32 key words in the site s name web site URL can be specified which will block access to the site To setup URL s go to Approved URL s and Blocked URL s page Save Settings Don t Save Settings Content Filtering Configuration Enable Content Filtering Web Components xI Proxy xI Jaya xI Activex 4 Cookies 5 8 2 Approved URLs Advanced gt Website Filter gt Approved URLs The Approved URLs is an acceptance list for all URL domain names Domains added to this list are allowed in any form For example if the domain yahoo is added to this list then all of the following URL s are permitted access from the LAN www yahoo com yahoo co uk etc 81 Unified Services Router User Manual Figure 48 Two trusted domains added to the Approved URLs List DSR 1000N ADVANCED TOOLS STATUS Application Rules gt Please Turn On Content Filtering to configure Approved URLs Website Filter APPROVED URLS LOGOUT This page displays the approved URLs Approved URLs List Firewall Settings Edit Delete Add Power Saving 5 8 3 Blocked Keywords Advanced gt Website Filter gt Blocked Keywords Keyword blocking allows you to block all website URL s or site content that contains the keywords in the configured lis
248. profile Wireless S ss Settings Save Settings Don t Save Settings Advanced Network Bandwidth Profile Configuration Name Profile Type Priority Priority Low Minimum Bandwidth Rate Max Bandwidth Kbps Maximum Bandwidth Rate D 100 1000000 Kbps WAN Interface Dedicated WAN w Advanced gt Advanced Network gt Traffic Management gt Traffic Selectors Once a profile has been created it can then be associated with a traffic flow from the LAN to WAN To create a traffic selector click Add on the Traffic Selectors page Traffic selector configuration binds a bandwidth profile to a type or source of LAN traffic with the following settings e Available profiles Assign one of the defined bandwidth profiles e Service You can have the selected bandwidth regulation apply to a specific service i e FTP from the LAN If you do not see a service that you want you can configure a custom service through the Advanced gt Firewall Settings gt Custom Services page To have the profile apply to all services select ANY e Traffic Selector Match Type this defines the parameter to filter against when applying the bandwidth profile A specific machine on the LAN can be identified via IP address or MAC address or the profile can apply to a LAN port or VLAN group As well a wireless network can be selected by its BSSID for bandwidth shaping 40 Unified Services Router User Manual n 21 Traffic Sele
249. r P1 Sending fragment DEBUG NULL context ERROR ERROR Expecting start packet got something P1 Total TLS message size d DEBUG else ERROR ERROR P1 sending unfragmented message DEBUG Protocol version mismatch ERROR ERROR peapFragFirstProcess TLS record size Processing PEAP message from to receive d DEBUG frag ERROR ERROR Setting version d DEBUG Processing PEAP message ERROR ERROR PEAP pkt rcvd data len d flags d version d DEBUG Processing PEAP message ERROR ERROR Got PEAP Start packet DEBUG Indicated length not valid ERROR ERROR Did not get Acknowledged result Got first fragment DEBUG ERROR ERROR Cannot understand AVP value Got fragment n DEBUG ERROR ERROR Got last fragment DEBUG eapExtResp is NULL ERROR ERROR eapWscCtxCreate Got unfragmented message DEBUG EAPAUTH_MALLOC failed ERROR eapWscProcess umiloctl req to WSC Got frag ack DEBUG failed status d ERROR Ext AVP parsed flags 0x x DEBUG eapWscCheck Invalid frame ERROR Mandatory bit not set WARNING DEBUG eapWscBuildRea Invalid state d ERROR eapWscProcessWscResp Invalid data Ext AVP parsed type d DEBUG recd pData p dataLen ERROR Data received for invalid context Ext AVP parsed value d DEBUG dropping it ERROR eapWscProcessWscResp Build Got PEAPv0 success DEBUG Request failed ERROR eapWscProcessWscResp Invalid Got PEAPV0 failure DEBUG state d ERROR eapWscProcessWscResp Message pCtx NULL DEBUG processing failed 0x X ERROR
250. r DMZ In this way the LAN DMZ server can be accessed from the internet by its aliased public IP address 7 Outbound rules can use Source NAT SNAT in order to map bind all LAN DMZ traffic matching the rule parameters to a specific WAN interface or external IP address usually provided by your ISP Once the new or modified rule parameters are saved it appears in the master list of firewall rules To enable or disable a rule click the checkbox next to the rule in the list of firewall rules and choose Enable or Disable XW The router applies firewall rules in the order listed As a general rule you should move the strictest rules those with the most specific services or addresses to the top of the list To reorder rules click the checkbox next to a rule and click up or down 69 Unified Services Router User Manual Figure 40 Example where an outbound SNAT rule is used to map an external IP address 209 156 200 225 to a private DMZ IP address 10 30 30 30 www example com Public IP Address 209 165 200 225 outside interface DSR Source Address Translation 209 165 201 225 gt 10 30 30 30 DMZ interface 10 30 30 1 Inside interface 192 168 10 1 Inside DMZ User Web Server 192 168 10 10 Private IP Address 10 30 30 30 Public IP Address 209 165 200 225 70 Unified Services Router User Manual Figure 41 The firewall rule configuration page allows you to define the To From zone
251. r diagnostics tools available in the GUI eee ccsccseesseeseeeseceseeeeeeeeseeesees 133 Sample traceroute OULU ee eeeeceesceeceecceseeseeseeeecesecseeseceeeeaecaecseeesesaecaeeeeeeseeseeereeeees 134 Device Status display ec cececceceeseessesecesceseeseeeeceseeseeaeceecaesaecseceeeeesaeeseeeseeseaeeeeerenees 136 Device Status display continued 20 0 ee eceeeeceeceeseeeeeeececeesecaecseeeeeseeaeeneeeaeeseeseeteness 137 Resource Utilization Statistics 00 0 ee eecceceeseesceesceceeseeseeeceeceeseeseceeeeeeeseeaeeeseeeeaeereereeaes 138 Resource Utilization data continued 0 2 0 ee eeceesceseenseeececeeseeseceeeeeeeseeaeeeeeeseeseeneeseeaes 139 Resource Utilization data continued 0 0 eee eeeeceeseeseeeceecceseeseeeeeeeeeaeeaeceeeeeeeseeeeeenees 140 Physical port Statistics scic icscccceeciectesdesvetasesdesdeatebactesesdescenccud EEE E NS 141 AP specific statistics ee eeeceeeceeccecceseeseeeeceseesecseceeeesecseceeeeeeesecsececeaeeaeseesereeseeaeereeaes 142 List of current Active Firewall S SSIONS cceccecesceeeeeseeseeseeeeeeeeceeaeeseeeeeseeseeeeseaes 143 Unified Services Router User Manual Figure 98 List of connected 802 11 clients per AP oo ce ececceeeecceceeseeeeeeeeeseeseeseeeeeseeaeeeereeees 144 Figure O9 Listo LAN MOSS eiccsscks def a des e cots levicthedesd cous E E deel becdesdanksdavevecdest nats its 145 Figure 100 List of current Active VPN SeSSIONS cccceseeseeseeeeeeseeseesees
252. rack_rtsp v IP_NF_RTSP_VERSION loading ip_conntrack_rtsp max_outstanding must be a positive integer ip_conntrack_rtsp setup_ timeout must be a positive integer ip_conntrack_rtsp ERROR registering port d ports i ip_nat_rtsp v IP_NF_RTSP_VERSION loading s Sorry Cannot find this match option FILE __ DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG txmic 02x hk gt kv_txmic i s unable to update h w beacon queue parameters s stuck beacon resetting bmiss count u move data from NORMAL to XR moved d buffers from NORMAL to XR index move buffers from XR to NORMAL moved d buffers from XR to NORMAL count s d s FILE LINE _ __ func __ s d s FILE LINE_ __ func __ s no buffer s dev gt name __ func __ s no skbuff s dev gt name __ func __ s HAL qnum u out of range max ul grppoll_start grppoll Buf allocation failed s HAL qnum u out of range max ul s AC u out of range max u s unable to update hardware queue Ss bogus frame type 0x x s dev gt name ath_stoprecv rx queue 0x x link p s s unable to reset channel u u MHz S s unable to restart recv logic s unable to allocate channel table dev gt name s u
253. rd EAP packet too Error from pnacEapPktRecord from pnacBackAuthTimeout calling pnacTxCannedFail hmac_md5 adpHmacContextCreate failed hmac_md5 adpHmaclinit failed pnacUmiloctlHandler invalid cmd d ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router User Manual pnacEapRadAuthSend Invalid Error in executing DB update handler ERROR arguments ERROR pnacEapRadAuthSend failed to sqlite3QueryResGet failed ERROR allocate inbuffer ERROR ERROR incomplete DB update information ERROR pnacXmit umiloctl failed d ERROR old values result does not contain 2 rows ERROR pnacPDUForward Invalid input ERROR pnacPDUForward error in getting port sqlite3QueryResGet failed ERROR pae information ERROR pnacPDUForward error allocating Error in executing DB update handler ERROR memory ERROR pnacUmilfMacAddrChange s not sqlite3QueryResGet failed Query s ERROR configured for 802 1x ERROR pnacUmilfMacAddrChange could not sqlite3QueryResGet failed Query s ERROR process PDU received ERROR pnacUmiPhyPortConfig Invalid config sqlite3QueryResGet failed Query s ERROR data ERROR pnacUmiPhyPortConfig Invalid sqlite3QueryResGet failed Query s ERROR backend name specified ERROR pnacUmi
254. re information 66 Unified Services Router User Manual Figure 39 List of Available Schedules to bind to a firewall rule DSR 1000N SETUP ADVANCED TOOLS STATUS SCHEDULES LOGOUT When you create a firewall rule you can specify a schedule when the rule applies The table lists all the Available Schedules For this device and allows several operations on the Schedules List of Available Schedules E Name Days Start Time End Time Guests Monday Tuesday Wednesday Thursday Friday 09 00 4M 05 00 PM Schedules L Marketing Tuesday Wednesday Thursday 12 00 4M 11 59 PM 7 EngineeringWeekend Sunday Saturday 12 00 AM 11 59 PM E dit Delete Add 5 3 Configuring Firewall Rules Advanced gt Firewall Settings gt Firewall Rules All configured firewall rules on the router are displayed in the Firewall Rules list This list also indicates whether the rule is enabled active or not and gives a summary of the From To zone as well as the services or users that the rule affects To create a new firewall rules follow the steps below 1 View the existing rules in the List of Available Firewall Rules table 2 To edit or add an outbound or inbound services rule do the following e To edit a rule click the checkbox next to the rule and click Edit to reach that rule s configuration page e To add a new rule click Add to be taken to a new rule s configuration page Once created the new rule is automat
255. re restared Traffic limit has been reached Traffic meter monthly limit has been changed to d Enabling traffic meter for only dowload Enabling traffic meter for both directions Enabling traffic meter with no limit Email alert in traffic meter disabled Email alert in traffic meter enabled Traffic Meter Monthly limit d MB has been Traffic Metering Adding rule to drop all traffic Traffic Metering sabling Email traffic Disabling attack checks for IPv6 rules Enabling attack checks for IPv6 rules Configuring one to one NAT settings with s private start IP Deleting forward one to one NAT having setting s private start Disabling attack check for Block ping to WAN interface Disabling attack check for Stealth mode for tcp Disabling attack check for Stealth mode for udp Disabling attack check for TCP Flood Disabling attack check for UDP Flood Disabling attack check for IPsec Disabling attack check for PPTP Disabling attack check for L2TP Disabling attack check for UDP Flood Disabling attack check for IPsec Disabling attack check for PPTP Disabling attack check for L2TP Enabling attack check for Block ping to WAN Enabling attack check for Stealth Mode for tcp Enabling attack check for Stealth Mode for udp Enabling attack check for TCP Flood Enabling attack check for UDP Flood Enabling attack check for IPsec Enabling attack check for PPTP DEBUG DEBUG DEBUG DEBUG DEBUG DE
256. received PNAC_EVENT_PORT_STATUS_ CHAN GED event received unsupported event d from PNAC event for non existent node s Create new node Add new node to DOT11 Node list Update dot11STA database Add PMKSA to the list eapolRecvAuthKeyMsg received key message node not found eapolRecvKeyMsg replay counter not incremented eapolRecvKeyMsg replay counter is not same processing pairwise key message 2 RSN IE matching OK processing pairwise key message 4 processing group key message 2 processing key request message from client WPA version 2x 2x not supported s group cipher 2x doesn t match s Pairwise cipher s not supported s authentication method d not supported s Auth method s pairwise cipher s IE size d WPA version 2x 2x not supported Unable to obtain IE of type d PTK state changed from s to s using PMKSA from cache PTK GK state changed from s to s GK state changed from s to s Sending PTK Msg1 Sending PTK Msg3 Sending GTK Msg1 DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual UDP failed received Length is d umiloctl UMI_COMP_KDOT11 umiloctl UMI_COMP_UDOT11 d d umiloctl UMI_LCOMP_KDOT11 d d No IAPP Node found for req i
257. resented in this document e Product Name D Link Unified Services Router o Model numbers DSR 500 500N 1000 1000N e GUI Menu Path GUI Navigation Monitoring gt Router Status e Important note XA 11 Chapter 2 Configuring Your Network 2 1 LAN Setup It is assumed that the user has a machine for management connected to the LAN to the router The LAN connection may be through the wired Ethernet ports available on the router or once the initial setup is complete the DSR may also be managed through its wireless interface as it is bridged with the LAN Access the router s graphical user interface GUI for management by using any web browser such as Microsoft Internet Explorer or Mozilla Firefox e Go to http 192 168 10 1 default IP address to display the router s management login screen e Default login credentials for the management GUI e Username admin e Password admin XW If the router s LAN IP address was changed use that IP address in the navigation bar of the browser to access the router s management UI LAN Configuration Setup gt Network Settings gt LAN Configuration By default the router functions as a Dynamic Host Configuration Protocol DHCP server to the hosts on the WLAN or LAN network With DHCP PCs and other LAN devices can be assigned IP addresses as well as addresses for DNS servers Windows Internet Name Service WINS servers and the default gateway With the DHCP
258. rmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation RSS GEN 7 1 4 User Manual for Transmitters with Detachable Antennas The user manual of transmitter devices equipped with detachable antennas shall contain the following
259. rning with status s RADVD started successfully RADVD stopped successfully empty update nRows d nCols d Wan is not up or in load balencing mode threegMgmtHandler no row found nRows d nCols d pppoeMgmtDBUpdateHandler empty update dhcpcEnable dhclient already running on s dhcpcDisable deleted dhclient leases I2tpMgmilnit unable to open the database file s I2tpEnable unable to resolve address AS I2tpEnable inet_aton failed DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG WARN WARN WARN WARN WARN WARN ERROR ERROR ERROR pppoeMgmtTblHandler unable to get current Mtu Option pppoeMgmtTblHandler unable to get the Mtu pppoeMgmtTblHandler pppoe enable failed pppoeMgmtDBUpdateHandler failed query s pppoeMgmtDBUpdateHandler error in executing pptpMgmilnit unable to open the database file s pptpEnable error executing command s pptpEnable unable to resolve address s pptpEnable inet_aton failed pptpEnable inet_aton failed pptpEnable spawning failed pptpDisable unable to kill ppp daemon pptpMgmtTblHandler unable to get current MTU Option pptpMgmtTblHandler unable to get the Mtu pptpMgmtTblHandler dbRecordValueGet failed for s pptpMgmtTblHandler pptp enable failed pptpMgmtTblHandler pptp disa
260. s is the server at the ISP that this router will connect to for accessing the internet The primary and secondary DNS servers on the ISP s IPv6 network are used for resolving internet addresses and these are provided along with the static IP address and prefix length from the ISP When the ISP allows you to obtain the WAN IP settings via DHCP you need to provide details for the DHCPv6 client configuration The DHCPv6 client on the gateway can be either stateless or stateful If a stateful client is selected the gateway will connect to the ISP s DHCPv6 server for a leased address For stateless DHCP there need not be a DHCPv6 server available at the ISP rather ICMPv6 discover messages will originate from this gateway and will be used for auto configuration A third option to specify the IP address and prefix length of a preferred DHCPv6 server is available as well 36 Unified Services Router User Manual Figure 17 IPv6 WAN Setup page site Filter Firewall Settings Wireless Settings Advanced Network IP MAC Binding IPv6 Radius Settings Power Saving ose 1000 Jf ADVANCED sratus IPV6 WAN2 CONFIG LOGOUT This page allow user to IPv6 related WAN2 configurations Save Settings Don t Save Settings Internet Address IPv6 Static IP Address IPv6 Address IPv6 Prefix Length Default IPv6 Gateway Primary DNS Server Secondary DNS Server Stateless Address Auto Configuration State
261. s to the DSR DNS Server 10 10 10 163 Clientless VPN DSR a es a Internal Inside Outside y network f 10 10 10 0 K i ENEE Clientless VPN a B eee WINS Server 10 10 10 133 Clientless VPN 7 1 Users Groups and Domains Advanced gt Users gt Users Authentication of the users IPsec SSL VPN or GUI is done by the router using either a local database on the router or external authentication servers i e LDAP or RADIUS The remote user must specify the user group and domain when logging in to the router One or more users are members of a Group One or more Groups belong to an authentication Domain The user settings contain the following e User Name This is unique identifier of the user e First Name This is the user s first name e Last Name This is the user s last name e User Type The user s access privileges are defined as an SSL VPN User administrator guest XAUTH user L2TP user PPTP user Local User The SSL VPN User or administrator user should be selected e Select Group A group is chosen from a list of configured groups e Password The password associated with the user name e Confirm Password The same password as above is required to mitigate against typing errors 98 Unified Services Router User Manual e Idle Timeout The session timeout for the user Once the user is configured the DSR will display a list of all configured users Figure 62 Availab
262. s_addr usin gt sin_port S S d BAD TUNNEL MAGIC S S d BAD TUNNEL MAGIC socki_lookup socket file changed S YS d BAD TUNNEL MAGIC rebootHook null function pointer Bad ioctl command fResetMod Failed to configure gpio pin fResetMod Failed to register interrupt handler registering char device failed unregistering char device failed proc entry delete failed proc entry initialization failed testCompHandler received s from d char pInBuf UMI proto registration failed d ret AF_UMI registration failed d ret umi initialization failed d ret kernel UMI registration failed Logs_kernel txt 447 KERN_ERR ERROR msm not found properly d len d msm ModExp returned Error ModExp returned Error S Ox p len u tag p unsigned User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 208 Unified Services Router __func__ s unable to start recv logic s Invalid interface id u __ func_ if_id s unable to allocate channel table __func__ s Tx Antenna Switch Do internal reset func __ Radar found on channel d d MHz End of DFS wait period s error allocating beacon func __ failed to allocate UAPSD QoS NULL tx descriptors d error failed t
263. sessceseesesnecssesceseenscnsessessesnecnsessseneensensesesnteneesesseats 26 Figure 10 Active Runtime sessions ececcescesseeseeseesecseesseeseeseeseeseesseeaecaeesseaeeaecseeseeeaeeaeessenseass 27 Figure 11 Internet Connection Setup WiZard uo eee ecceeeeceesceseeeeeesceseeaeeseeeeeeseeaecaeeeeeeaeeaeeeeeeenes 28 Figure 12 Manual WAN Configuration cececceeeeeeeeseeeeceseeseeseesececeeseeaecaeceeceseeaeeaesreeaeeaeeareeseaes 31 Figure 13 PPPoE configuration for standard ISPS cceceeseescesseeceeseeseeseeeeeeeeseeaeeaeeeeeeeeaeeaeeeeeess 32 Figure 14 WAN configuration for Japanese Multiple PPPoE part 1 0 0 0 ee eeeseeeereeseeseeereeeeees 33 Figure 15 WAN configuration for Multiple PPPOE part 2 0 ccceeeceeseesceeeeeceeseeseeeeeseeeeeaeeneeneeees 34 Figure 16 Russia L2TP ISP Configuration cccecceceeccesseeceeceeceeseeeeeceeseesecaeeeceseeaeeaeceeeeseeaeeaeeeeeess 35 Figure 17 IPV6 WAN Setup page eccseceeccesseseessceseeceesecsecececeesecseseeesseeaecseceesesecaeeaeseeenseeaeeareeeeess 37 Figure 18 Connection Status information for both WAN ports c ceseeeeeeseeseeeeeeeeeseeeeeeeeees 38 Figure 19 List of Configured Bandwidth Profiles ec ceeecceceeseeeseeceeseeseeeeeeeeeseeaeeseeeeeaeeaeeeeeeeees 39 Figure 20 Bandwidth Profile Configuration page cceceeccesceseeereeseeseeseeeeeeeseeaeeaeeeeeeseeseeeeeenes 40 Figure 21 Traffic Selector Configuration
264. ss You may wish to save part of the subnet range for devices with statically assigned IP addresses in the LAN e Primary and Secondary DNS servers If configured domain name system DNS servers are available on the LAN enter their IP addresses here e WINS Server optional Enter the IP address for the WINS server or if present in your network the Windows NetBios server 14 Unified Services Router User Manual e Lease Time Enter the time in hours for which IP addresses are leased to clients e Enable DNS Proxy To enable the router to act as a proxy for all DNS requests and communicate with the ISP s DNS servers click the checkbox 3 Click Save Settings to apply all changes Figure 1 Setup page for LAN TCP IP settings DSR 1000N SETUP ADVANCED TOOLS STATUS LAN SETUP LOGOUT Internet Settings The LAN Configuration page allows you to configure the LAN interface of the router In most cases the default settings should be sufficient Save Settings Don t Save Settings LAN TCP IP Setup IP Address 176 16 2 40 Subnet Mask 255 255 255 0 DHCP Mode Starting IP Address Ending IP Address Primary DNS Seryer Secondary DNS Server WINS Server Lease Time i Relay Gateway ya LAN Proxy Enable DNS Proxy Run Time User Authentication Enable Run Time User Authentication 15 Unified Services Router User Manual 2 1 1 LAN Configuration in
265. stics For all configured access points are displayed in this table The receive rx and transmit tx data is shown per configured AP Wireless Statistics Packets Bytes Errors Dropped AP Name Radio Multicast Collisions tx th rk tx rx cx rx tx api 1 0 0 OF On eo 0 0 173 Open_guests 1 0 0 Gs POs a 0 0 127 Poll Interval fi 0 Seconds Start Stop 10 3 Active Connections 10 3 1 Sessions through the Router Status gt Active Sessions This table lists the active internet sessions through the router s firewall The session s protocol state local and remote IP addresses are shown 142 Unified Services Router User Manual Figure 97 List of current Active Firewall Sessions DSR 1000N SETUP ADVANCED TOOLS STATUS ACTIVE SESSIONS LOGOUT This page displays a list of active sessions on your router Active Sessions Local Internet Protocol State 97 0 0 5 3465 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3525 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3491 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3459 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3487 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3408 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3493 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3431 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3479 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3515 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3501 97 0 0 2 443 tcp TIME_WAIT 97 0 0 5 3527 97 0 0 2 443 tcp CLOSE 192 168 75 100 500 97 0 0 32 500 udp none 97 0 0 5 3427 97 0 0
266. sult ncols d nrows d ERROR configure port ERROR pnacUmiPhyPortDestroy Invalid s VAP s create failed ERROR config data ERROR pnacUmiPhyPortDestroy Invalid sqlite3QueryResGet failed ERROR config data ERROR pnacUmiPhyPortDestroy Failed to invalid query result ncols d nrows d ERROR destroy the port ERROR 191 Unified Services Router Invalid config data User Manual ERROR Facility Kernel DNAT multiple ranges no longer supported DNAT Target size u wrong for u ranges DNAT wrong table s tablename DNAT hook mask 0x x bad hook_mask S d resetting MPPC MPPE compressor S d wrong offset value d S d wrong length of match value d S d too big offset value d S d cannot decode offset value S d wrong length code 0x xX S d short packet len d FUNCTION S d bad sequence number d expected d S d bad sequence number d expected d PPPIOCDETACH file gt f_count d PPP outbound frame not passed PPP VJ decompression error PPP inbound frame not passed PPP reconstructed packet PPP no memory for missed pkts u u S d resetting MPPC MPPE compressor S d wrong offset value d S d wrong length of match value d S d too big offset value d S d cannot decode offset value S d wrong length code 0x X S d short packet len d FUNCTION S d bad sequence number d expected d DE
267. supported clients in the environment but is actually running on the same physical radio integrated with this router You will need the following information to configure your wireless network e Types of devices expected to access the wireless network and their supported Wi Fi modes e The router s geographical region e The security settings to use for securing the wireless network XW Profiles may be thought of as a grouping of AP parameters that can then be applied to not just one but multiple AP instances SSIDs thus avoiding duplication if the same parameters are to be used on multiple AP instances or SSIDs Wireless Settings Wizard Setup gt Wizard gt Wireless Settings The Wireless Network Setup Wizard is available for users new to networking By going through a few straightforward configuration pages you can enable a Wi Fi network on your LAN and allow supported 802 11 clients to connect to the configured Access Point 53 Unified Services Router User Manual Figure 29 Wireless Network Setup Wizards DSR 1000N SETUP ADVANCED TOOLS STATUS Wizard gt WIRELESS SETTINGS LOGOUT Internet This page will guide you through common and easy steps to configure your router s wireless interface Wireless Network Setup Wizard This wizard is designed to assist you in your wireless network setup It will guide you through step by step instructions on how to set up your wireless network and how to mak
268. t x U_int32_t maskBytes u_int32_t patternBytes Pattern Removed from entry d i Error Pattern not found PPM STATE ILLEGAL x x forcePpmStateCur afp gt forceState FORCE_PPM 4d 6 6x 8 8x 8 8x 8 8X 3 3X 4 4x failed to allocate tx descriptors d error failed to allocate beacon descripotrs d error failed to allocate UAPSD descripotrs d error hal qnum u out of range max ul HAL AC u out of range max zul HAL AC u out of range max zul s unable to update hardware queue ul Multicast Q p buf buf flags Ox 08x buf gt bf_flags buf status 0x 08x buf gt bf_status frames in aggr d length of aggregate d length of frame d sequence number d tidno d isdata d isaggr d isampdu d ht d isretried d isxretried d shpreamble d isbar d ispspoll d aggrburst d calcairtime d qosnulleosp d Ap Ox 08x 0x 08x 0x 08x 0x 08x Ox 08x 0x 08x 0x 08x 0x 08x Ox 08x 0x 08x Ox 08x 0x 08x 0x 08x 0x 08x Ox 08x 0x 08x 0x 08x 0x 08x DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG gt ifName unable to register KIFDEV to UMI ERROR s Timeout at page 0x addr 0x ERROR s Timeout at page 0x addr 0x Invalid IOCTL 08x cmd s unable to register
269. t This is lower priority than the Approved URL List i e if the blocked keyword is present in a site allowed by a Trusted Domain in the Approved URL List then access to that site will be allowed Import export from a text or CSV file for keyword blocking is also supported 82 Unified Services Router User Manual Figure 49 Two keywords added to the block list d Website Filter DSR 1000N SETUP ADVANCED TOOLS STATUS Ap BLOCKED KEYWORDS LOGOUT You can block access to websites by entering complete URLs or keywords Keywords prevent access to websites that contain the specified characters in the URLs or the page contents The table lists all the Blocked keywords and allows several operations on the keywords Blocked Keywords Status Blocked Keyword Enabled gun Enabled bomb E dit Enable Disable Delete Add 5 9 IP MAC Binding Advanced gt IP MAC Binding Another available security measure is to only allow outbound traffic from the LAN to WAN when the LAN node has an IP address matching the MAC address bound to it This is IP MAC Binding and by enforcing the gateway to validate the source traffic s IP address with the unique MAC Address of the configured LAN node the administrator can ensure traffic from that IP address is not spoofed In the event of a violation i e the traffic s source IP address doesn t match up with the expected MAC address having the same IP address the packets will be
270. t 0 50 gt s ADDBA mode is AUTO __ func __ s Invalid TID value func__ s ADDBA mode is AUTO __ func __ s Invalid TID value func__ S Invalid TID value func _ Addba status IDLE DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG cix u Yu bad ratekbps u mode u s no rates for s no rates yet mode u SC gt sc_curmode uU U U U sent an invalid ICMP dst cache overflow Neighbour table overflow host u u u u ifY ed ignores martian destination u u u u from martian source u u u u from ll header WuU u u u sent an invalid ICMP dst cache overflow Neighbour table overflow host u u u u if ed ignores martian destination u u u ou from martian source u u u u from Il header u u u u sent an invalid ICMP dst cache overflow Neighbour table overflow host u u u u if ed ignores martian source u u u u from ll header martian destination u u u u from Ku u u u sent an invalid ICMP dst cache overflow Neighbour table overflow host u u u u ifY ed ignores martian destination u u u u User Manual WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN G WARNIN
271. t support Auto Failover and Load Balancing scenarios e Superior Wireless Performance Designed to deliver superior wireless performance the DSR 500N and DSR 1000N include 802 11 a b g n allowing for operation on either the 2 4 GHz or 5 GHz radio bands Multiple In Multiple Out MIMO technology allows the DSR 500N and DSR 1000N to provide high data rates with minimal dead spots throughout the wireless coverage area XW DSR 250N and DSR 500N supports the 2 4GHz radio band only e Flexible Deployment Options The DSR 1000 1000N supports Third Generation 3G Networks via an extendable USB 3G dongle This 3G network capability offers an additional secure data connection for networks that provide critical services The DSR 1000N can be configured to automatically switch to a 3G network whenever a physical link is lost e Robust VPN features A fully featured virtual private network VPN provides your mobile workers and branch offices with a secure link to your network The DSR 250N DSR 500 DSR 500N DSR 1000 and DSR 1000N are capable of simultaneously managing 5 10 20 Secure Sockets Layer SSL VPN tunnels respectively 10 Unified Services Router User Manual 1 1 1 2 empowering your mobile users by providing remote access to a central corporate database Site to site VPN tunnels use IP Security IPsec Protocol Point to Point Tunneling Protocol PPTP or Layer 2 Tunneling Protocol L2TP to facilitate branch o
272. tacks eeeeeeseseseeesesesereerrersrsrsrsrse 86 Figure 53 Example of Gateway to Gateway IPsec VPN tunnel using two DSR routers connected tothe Internet ee eeeeeeceseeseeeseeseesecsecseeseesecsecseesesaecsesseeseessecsecseeeseeaecseeeeeeaeeaeesseeseess 87 Figure 54 Example of three IPsec client connections to the internal network through the DSR IPSEC gateway nnie ne ven scr A E E leds E EA S 88 Figure 55 VPN Wizard launch screen sesssessssessesessrsesersesrstsesstsesrrsesttststesestssrstsrsrstrsesteseseesesese 89 Figure 56 IPsec policy configurato nsii nrt ao a a e i a S Aa 92 Figure 57 IPsec policy configuration continued Auto policy via IKE ssesssessssesersessrsesersseesese 93 Figure 58 IPsec policy configuration continued Auto Manual Phase 2 ceseeseseseereeeeees 94 Figure 59 PPTP tunnel configuration PPTP Servet ee eeecceceeceesseeseeeceeesesseeeceessesseeaeeeseeeaes 96 Figure 60 L2TP tunnel configuration L2ETP Servet ee eeesscsceesseeseeseeeceessesseeeceeeesseeaeeeseeeaes 96 Figure 61 Example of clientless SSL VPN connections to the DSR cece eseeeeeeeeeteeseeeeeeeees 98 Figure 62 Available Users with login status and associated Group Domain ccceeeeeeeee 99 Figure 63 User Configuration Options ecceceecceseeseeseeeececeeseesececeeeceaeeaecseeeeesaecseseeeeseeaeererenees 102 Unified Services Router User Manual Figure 64 Figure 65 Figure 66
273. tected WPS session in progress ignoring enrolle assoc request ran query s DBUpdate event Table s opCode d rowld d sing VAPs using profile s sing VAP s ran query s sing VAP instance s VAP s set Short Preamble failed VAP s set Short Retry failed VAP s set Long Retry failed Decrypting context with key s Unknown IAPP command d received unexpected reply from d cmd d unexpected reply from d cmd d Recvied DOT11_EAPOL_KEYMSG shutting down AP s APCtx Found APCtx Not Found node not found x x x error installing unicast key for s cmd d i_type d i_val d join event for new node s wpa rsn IE id d d not supported wpa IE id d not supported leave event for node s NodeFree request for node s installing key to index d iReq i_val d plfName s iReq i_val d setting mode d Global counter wrapped re generating DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG sqlite3QueryResGet failed sqlite3QueryResGet failed VAP s set beacon interval failed VAP s set DTIM interval failed VAP s set RTS Threshold failed VAP s set Fragmentation Threshold failed VAP s set Protection Mode failed VAP s set Tx Power failed WDS Profile s not
274. ter User Manual Figure 6 Port VLAN list DSR 1000N SETUP ADVANCED TOOLS STATUS PORT LANS LOGOUT Internet Settings This page allows user to configure the port YLANs 4 user can choose ports and can add them into a VLAN Port VLANs Port Name Mode LAN Membership Port 1 Access 1 Port 2 Access VLAN Settings Port 3 Access Port 4 Access Wireless VLANs SSID Mode LAN Membership E DSR 1000N_1 Access 1 e In Access mode the port is a member of a single VLAN and only one All data going into and out of the port is untagged Traffic through a port in access mode looks like any other Ethernet frame e In Trunk mode the port is a member of a user selectable set of VLANs All data going into and out of the port is tagged Untagged coming into the port is not forwarded except for the default VLAN with PVID 1 which is untagged Trunk ports multiplex traffic for multiple VLANs over the same physical link e Select PVID for the port when the General mode is selected e Configured VLAN memberships will be displayed on the VLAN Membership Configuration for the port By selecting one more VLAN membership options for a General or Trunk port traffic can be routed between the selected VLAN membership IDs 23 Unified Services Router User Manual Figure 7 Configuring VLAN membership for a port se 000 JAAN e ES re rr VLAN CONFIGURATION LOGOUT This page allows user to configure the port VL
275. teway Dedicated WAN Binding ae Source Network Any Start Address _ End Address PE Destination Network Any e Start Address A End Address Ee E Radius Settings Power Saving 3 5 Routing Configuration Routing between the LAN and WAN will impact the way this router handles traffic that is received on any of its physical interfaces The routing mode of the gateway is core to the behavior of the traffic flow between the secure LAN and the internet 3 5 1 Routing Mode Setup gt Internet Settings gt Routing Mode This device supports classical routing network address translation NAT and transport mode routing e With classical routing devices on the LAN can be directly accessed from the internet by their public IP addresses assuming appropriate firewall settings If your ISP has assigned an IP address for each of the computers that you use select Classic Routing 44 Unified Services Router User Manual NAT is a technique which allows several computers on a LAN to share an Internet connection The computers on the LAN use a private IP address range while the WAN port on the router is configured with a single public IP address Along with connection sharing NAT also hides internal IP addresses from the computers on the Internet NAT is required if your ISP has assigned only one IP address to you The computers that connect through the router will need to be assigned IP addresses
276. the Internet click on the button below USB Settings Internet Connection Setup Wizrd VLAN Settings Note Before launching these wizards please make sure you have Followed all steps outlined in the Quick Installation Guide included in the package Manual Internet Connection Options IF you would like to configure the Internet settings of your new D Link Systems Router manually then click on the button below Manual Internet Connection Setup You can start using the Wizard by logging in with the administrator password for the router Once authenticated set the time zone that you are located in and then choose the type of ISP connection type DHCP Static PPPoE PPTP L2TP Depending on the connection type a username password may be required to register this router with the ISP In most cases the default settings can be used if the ISP did not specify that parameter The last step in the Wizard is to click the Connect button which confirms the settings by establishing a link with the ISP Once connected you can move on and configure other features in this router 28 Unified Services Router User Manual 3 2 XW 3G Internet access with a USB modem is supported on the secondary WAN port WAN2 The Internet Connection Setup Wizard assists with the primary WAN port WAN1 configuration only WAN Configuration Setup gt Internet Settings gt WANI Setup You must either allow the router to detect WAN connection type automati
277. tings To restore factory default configuration settings do either of the following 1 Do you know the account password and IP address e If yes select Administration gt Settings Backup amp Upgrade and click default e If no do the following On the rear panel of the router press and hold the Reset button about 10 seconds until the test LED lights and then blinks Release the button and wait for the router to reboot 2 Ifthe router does not restart automatically manually restart it to make the default settings effective 3 After arestore to factory defaults whether initiated from the configuration interface or the Reset button the following settings apply e LAN IP address 192 168 10 1 e Username admin e Password password e DHCP server on LAN enabled e WAN port configuration Get configuration via DHCP 151 Chapter 12 Credits Microsoft Windows are registered trademarks of Microsoft Corp Linux is a registered trademark of Linus Torvalds UNIX is a registered trademark of The Open Group Unified Services Router User Manual a Appendix A Glossary e e anna ieee nce CHAP Challenge Handshake Authentication Protocol Protocol for authenticating users to an ISP Dynamic DNS System for updating domain names in real time Allows a domain name to be assigned to a device with a dynamic IP address DHCP Dynamic Host Configuration Protocol Protocol for allocating IP addresses dynamically so that
278. tpd conf failed writing options pptpd failed pptpdStop failed pptpdStart failed writing Chap secrets Pap Secrets failed Error in executing DB update handler pppStatsUpdate unable to get default MTU pppoeMgmtlnit unable to open the database file s pppoeDisable unable to kill ppp daemon pppoeMultipleEnableDisable pppoe enable failed pppoeMultipleEnableDisable pppoe disable failed User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 165 Unified Services Router I2tpMgmtTblHandler I2tpMgmtTblHandler I2tpMgmtTblHandler I2tpMgmtTblHandler I2tpMgmtTblHandler specified I2tpMgmtTblHandler I2tpMgmtTblHandler configured I2tpMgmtTblHandler I2tpMgmtTblHandler I2tpMgmtTblHandler I2tpMgmtTblHandler I2tpMgmtTblHandler UserName s Password s AccountName s DomainName s Secret not Secret s dynamic Mylp Mylp s Serverlp s Staticlp s NetMask s SplitTunnel s needToStartHealthMonitor returning with status s I2tpEnable command string s I2tpEnable command s I2tpEnable command string s PID File for dhcpc found pid d I2toMgmtDBUpdateHandler query string AS I2toMgmtDBUpdateHandler retu
279. u enter the addresses correctly DHCP WAN For DHCP client connections you can choose the MAC address of the router to register with the ISP In some cases you may need to clone the LAN host s MAC address if the ISP is registered with that LAN host 30 Unified Services Router User Manual Figure 12 Manual WAN configuration Internet Settings DSR 1000N SETUP ADVANCED TOOLS STATUS WAN1 SETUP LOGOUT This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses Account Information etc This information is usually provided by your ISP or network administrator Save Settings Don t Save Settings ISP Connection Type Dynamic POHCP Te Domain Name System DNS Servers Get Dynamically from ISP ze 0 0 0 0 0 0 0 0 MAC Address Use Default Address 00 00 00 00 00 00 3 2 4 PPPoE Setup gt Internet Settings The PPPoE ISP settings are defined on the WAN Configuration page There are two types of PPPoE ISP s supported by the DSR the standard username password PPPoE and Japan Multiple PPPoE 31 Unified Services Router User Manual Figure 13 PPPoE configuration for standard ISPs DSR 1000N ge SETUP ADVANCED TOOLS STATUS Internet Settings pay WANI SETUP Wireless Settings gt This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the
280. uter User Manual Figure 16 Russia L2TP ISP configuration O5F 1 000 iil SETUP ADVANCED STATUS wizard y internet Seating WANI SETUP Dea Ths page gloms yal bo set up vour Innereet connection Ensure that you have the meenet conrad kri Information such as bre P Addresses account infarmabion etc This iiformation k usuaky povided by your hatework Settings Lee TSP or network aiminit rako DHE Saup ro WPN Ratinga LSS Setings VLAN Satiings 1S Connection Type Purse LATP E Address Mide Dynamar IP Static IP IF Adress 1P Subnet Mask User Name Pemwward Taret Split Turmel OM Reconnest Miche Always on On demani rc Plain Idle Time inimes D mrt Server Address Boman Ame System ONS Servers ONS Server Source se These DHS Servers Primary DRS Server Secoredary DMS Server PIC Address Gource tee Ihe MAC Address MAC acres 3 2 6 WAN Configuration in an IPv6 Network Setup gt IPv6 gt IPv6 WANI Config 35 Unified Services Router User Manual For IPv6 WAN connections this router can have a static IPv6 address or receive connection information when configured as a DHCPv6 client In the case where the ISP assigns you a fixed address to access the internet the static configuration settings must be completed In addition to the IPv6 address assigned to your router the IPv6 prefix length defined by the ISP is needed The default IPv6 Gateway addres
281. ve Error AVP code not EAP Error Encapsulating AVP ERROR profile s doesnt exist profile s is in use profile s already exists EAPAUTH_MALLOC failed User not found EAP MD5 not enabled in system configuration EAP MSCHAPV2 not enabled in system configuration EAP TLS not enabled in system configuration EAP TTLS not enabled in system configuration Initializing inner non EAP auth plugin User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 170 Unified Services Router password change is not allowed for this user completed writing the policy completed writing the SA completed writing the proposal block cmdBuf s X509_DEBUG Invalid Certificate for the generated X590_ERROR Failed to create File s x509TblHandler pCertType s pRowQueryStr s x509SelfCertTblHandler pRowQueryStr s s DBUpdate event Table s opCode d rowld d umiRegister failed eapAuthHandler Invalid data received EAPAUTH_MALLOC failed malloc failed BIO_new_mem_buf failed malloc failed BIO_new_mem_buf failed SSL_CTX_new TLSv1_client_method failed unable to set user configured CIPHER list s Certificate verification failed Server
282. wer is similarly governed by regulatory limits you have the option to decrease from the default maximum to reduce the signal strength of traffic out of the radio 62 Unified Services Router User Manual 4 5 Advanced Wireless Settings Advanced gt Wireless Settings gt Advanced Wireless Sophisticated wireless administrators can modify the 802 11 communication parameters in this page Generally the default settings are appropriate for most networks Please refer to the GUI integrated help text for further details on the use of each configuration parameter Figure 36 Advanced Wireless communication settings DSR 1000N SETUP ADVANCED TOOLS STATUS gt ion Rules gt g ADVANCED WIRELESS LOGOUT This page is used to specify advanced configuration settings for the radio Save Settings Don t Save Settings Advanced Wireless Configuration Beacon Interval fioo Milliseconds Dtim Interval 2 RTS Threshold 2346 Fragmentation Threshold 2346 Preamble Mode Long z Protection Mode None X Power Saye Enable Short Retry Limit Long Retry Limit 4 6 Wi Fi Protected Setup WPS Advanced gt Wireless Settings gt WPS WPS is a simplified method to add supporting wireless clients to the network WPS is only applicable for APs that employ WPA or WPA2 security To use WPS select the eligible VAPs from the dropdown list of APs that have been configured with this security and enable WPS st
283. ws you to use multiple WAN links and presumably multiple ISP s simultaneously After configuring more than one WAN port the load balancing option is available to carry traffic over more than one link Protocol bindings are used to segregate and assign services over one WAN port in order to manage internet flow The configured failure detection method is used at regular intervals on all configured WAN ports when in Load Balancing mode DSR currently support three algorithms for Load Balancing Round Robin This algorithm is particularly useful when the connection speed of one WAN port greatly differs from another In this case you can define protocol bindings to route low latency services such as VOIP over the higher speed link and let low volume background traffic such as SMTP go over the lower speed link Protocol binding is explained in next section Spill Over If Spill Over method is selected WANI acts as a dedicated link till a threshold is reached After this WAN2 will be used for new connections You can configure spill over mode by using folloing options e Load Tolerance It is the percentage of bandwidth after which the router switches to seconday WAN e Max Bandwidth This sets the maximum bandwidth tolerable by the primary WAN If the link bandwidth goes above the load tolerance value of max bandwidth the router will spill over the next connections to secondary WAN For example if the maximum bandwidth of primary WAN
284. x p len u tag p unsigned int len 03d i 02x unsigned char p i mic check failed s Wrong parameters _ func __ s Wrong Key length func __ s Wrong parameters _ func __ s Wrong Key length func __ s Wrong parameters _ func __ s Wrong Key length func __ s Wrong parameters _ func __ s Wrong Key length func __ s Wrong parameters _ func __ s Wrong Key Length d _func_ des_key_len s Wrong parameters d ___ func__ des_key_len s Wrong Key Length d __ func_ des_key_len s Wrong parameters func __ s Wrong Key Length _ func __ s Wrong parameters func __ s Wrong Key Length __ func __ s Wrong parameters func __ s Wrong parameters func __ s Wrong parameters func __ s Wrong parameters func __ device name s not found pReq User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR 209 Unified Services Router Wakingup due to wow signal s wowStatus 0x x _func_ wowStatus Pattern added already Error All the d pattern are in use Cannot add a new pattern MAX_NUM_PATTERN Pattern added to entry d i Remove wake up pattern mask p pat p maskBytes patternBytes mask x pa
285. xample DSR 1000N SETUP ADVANCED TOOLS STATUS SCHEDULE CONFIGURATION LOGOUT Date and Time This page allows user to configure schedules These schedules then can be applied to firewall rules to achieve schedule based firewall Save Settings Don t Save Settings Schedule Name mm OOO O O Scheduled Days Do you want this schedule to be AlDave gt active on all days or specific days y Monday Dynamic DNS am Check Schedules Tuesday Wednesday Thursday Friday Saturday HHHH NN A Sunday Scheduled Time of Day Do you want this schedule to be active all day or at specific times during the day All Day X Start Time Hour Minute End Time Hour Minute 2 Since we are trying to block HTTP requests it is a service with To Zone Insecure WANI WAN2 that is to be blocked according to schedule Weekend 75 Unified Services Router User Manual 5 4 3 Select the Action to Block by Schedule otherwise allow This will take a predefined schedule and make sure the rule is a blocking rule during the defined dates times All other times outside the schedule will not be affected by this firewall blocking rule As we defined our schedule in schedule Weekend this is available in the dropdown menu We want to block the IP range assigned to the marketing group Let s say they have IP 192 168 10 20 to 192 168 10 30 On the Source Users dro
286. y 00 02 12 INFO test _policy 00 03 03 INFO 00 03 03 INFO Configuration found for 00 03 03 INFO Initiating new phase 1 Refresh Logs Clear Logs 9 5 Backing up and Restoring Configuration Settings Tools gt System You can back up the router s custom configuration settings to restore them to a different device or the same router after some other changes During backup your settings are saved as a file on your host You can restore the router s saved settings from this file as well This page will also allow you revert to factory default settings or execute a soft reboot of the router xw IMPORTANT During a restore operation do NOT try to go online turn off the router shut down the PC or do anything else to the router until the operation is complete This will take approximately 1 minute Once the LEDs are turned off wait a few more seconds before doing anything with the router For backing up configuration or restoring a previously saved configuration please follow the steps below 1 To save a copy of your current settings click the Backup button in the Save Current Settings option The browser initiates an export of the configuration file and prompts to save the file on your host 129 Unified Services Router User Manual 2 Torestore your saved settings from a backup file click Browse then locate the file on the host After clicking Restore the router begins importing the file s saved confi
287. y s ERROR X509_ERROR Invalid Certificate for state machine is in invalid state ERROR the ERROR Only StandAlone authenticator supported currently ERROR invalid x509 certificate ERROR state machine is in invalid state ERROR Couldn t get the x509 cert hash ERROR BuildReq operation failed ERROR Memory allocation failed ERROR No method ops defined for current method ERROR FileName too lengthy ERROR Process operation failed ERROR Couldn t execute command ERROR state machine is in invalid state ERROR Memory allocation failed ERROR Packet length mismatch d d ERROR Memory allocation failed ERROR eapAuthTypeToType Invalid eapAuthType d ERROR invalid certificate data ERROR eapTypeToAuthType Invalid eapType d ERROR Query s ERROR unable to create method context ERROR Query s ERROR method ctxCreate failed ERROR Memory allocation failed ERROR Invalid condition methodState d X509_ ERROR Failed to validate the respMethod d ERROR certficate ERROR A EAP Ctx map already exists ERROR Memory allocation failed ERROR eapTimerCreate Currently unsupported for Peer role ERROR Query s ERROR eapTimerStart Currently unsupported for Peer role ERROR Invalid Sign Key Length d ERROR eapTimerDestroy Currently unsupported for Peer role ERROR Invalid Hash Alg d ERROR eapTimerCancel Currently unsupported for Peer role ERROR Invalid Sign Alg d ERROR eapTimerHandler Currently unsupported for Peer role
288. ylen u key gt cvm_keylen S msg 02x s datali Failed to set AES encrypt key Failed to set AES encrypt key AES s Encrypt Test Duration d d hard Hard Soft Failed to set AES encrypt key DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG S s dev_info ath_hal_version s driver unloaded dev_info s driver unloaded dev_info s Version 2 0 0 s driver unloaded dev_info s driver unloaded dev_info wlan s backend registered be gt iab_name wlan s backend unregistered wlan s acl policy registered iac gt iac_name wlan s acl policy unregistered iac gt iac_name S S dev_info version s driver unloaded dev_info S s dev_info ath_hal_version s driver unloaded dev_info S YS Mem O0x lx irq d S s dev_info version s driver unloaded dev_info ath_pci switching rfkill capability s Unknown autocreate mode s S YS Mem O0x lx irq d S S dev_info version s driver unloaded dev_info S S dev_info version s unloaded dev_info S S dev_info version s unloaded dev_info S S dev_info version s unloaded dev_info failed to create procfs entry ICMP u u u Yu ICMP u u u u Sourc
289. ze network traffic but cause delays in identifying new UPnP devices to the network e Advertisement Time to Live This is expressed in hops for each UPnP packet This is the number of steps a packet is allowed to propagate before being discarded Small values will limit the UPnP broadcast range A default of 4 is typical for networks with few switches Figure 9 UPnP Configuration DSR 1000N SETUP ADVANCED TOOLS STATUS Ap gt S F ication Rules site Filter gt LOGOUT UPnP Universal Plug and Play is a feature that allows for automatic discovery of devices that can communicate with this security appliance Save Settings Don t Save Settings Advanced Network D Sonny UPnP Enable Do you want to enable UPnP Vv LAN LAN v Advertisement Period fi 800 In Secs Advertisement Time To Live 4 In Hops UPnP Port map Table Active Protocol Int Port Ext Port IP Address Refresh UPnP Port map Table The UPnP Port map Table has the details of UPnP devices that respond to the router s advertisements The following information is displayed for each detected device e Active A yes no indicating whether the port of the UPnP device that established a connection is currently active e Protocol The network protocol i e HTTP FTP etc used by the DSR e Int Port Internal Port The internal ports opened by UPnP if any e Ext Port External Port The external ports opened by UPnP if any
Download Pdf Manuals
Related Search