User Manual - D-Link
Contents
1. IP Policies Configuration Group Name ADMIN Defined Address Configuration Source Address Type IP Address T Network Address IP Address Save 164 Unified Services Router User Manual ex Login Policies Policy by Browsers Policy by IP are applicable SSL VPN user only Security gt Authentication gt User Database gt Users The Users page allows the administrator to add edit or delete existing groups Each user is associated to configured groups The Lists of Available Users is displayed in the List of Users page with User name associated group and Login status e Click Add to create a user e Click Edit to update an existing user e Click Delete to clear an existing user Figure 104 Available Users with login status and associated Group a Security Security Authentication User Database Users 8 Q SY Y Get User DB Groups Users This page shows a list of available users in the system A user can add delete and edit the users also This page can also be used for setting policies on users Users List Show entries Right click on record to get more options a T v v admin ADMIN Enabled LAN Enabled WAN guest GUEST Disabled LAN Disabled WAN Showing 1 to 2 of 2 entries First Previous 1 Next gt Last gt Add New User 7 1 1 Users and Passwords Security gt Aut2. profile s doesnt exist Re assembling fragments incorrect size Error creating cipher context Error initializing cipher context Error creating digest context Error initializing digest context Error initializing DES in Klite Error initializing MD4 in Klite Error initializing SHA in Klite Error initializing RC4 in Klite Error cleaning cipher context Error destroying cipher context 257 User Manual Unified Services Router SSL_CTX_use_certificate_file cert PEM failed SSL_CTX_use_PrivateKey_file failed private key does not match public key SSL_CTX_load_verify_locations failed SSL_new failed Both SSL_VERIFY_PEER and SSL_VERIFY NONE set Error EAPAUTH_MALLOC failed EAPAUTH_MALLOC failed eap TimerCreate failed eapCtxDelete pCtx NULL eapRole EAP_ROLE_PEER or EAP ROLE AUTHENTICATOR pEapCtx NULL or pPDU NULL received EAP pdu bigger than EAP _MTU_SIZE received EAP pdu bigger than EAP _MTU_ SIZE state machine is in invalid state unable to create method context method ctxCreate failed method profile set failed state machine is in invalid state Only StandAlone authenticator supported currently state machine is in invalid state BuildReq operation failed No method ops defined for current method Process operation failed State machine is in invalid state Packet length mismatch d d eapAuthTypeToType Inv
3. DEBUG dot1 1Malloc failed ERROR Back auth state s DEBUG Authenticator d DEBUG aesWrap failed ERROR Auth PAE state s DEBUG unknown key descriptor version d ERROR Auth Reauth state s DEBUG dot11Malloc failed ERROR could not initialize AES128ECB ERROR Supplicant d DEBUG could not initialize AES 128 ECB ERROR Supp Pae state s DEBUG MD5 initialization failed ERROR from pnacBackAuthFail calling pnac I xCannedFail DEBUG RC4 framework initialization failed ERROR s returned ERROR DEBUG PNAC framework initialization failed ERROR pnacUmiloctlHandler cmd s d DEBUG ERROR option value not specified ERROR s not configured for 802 1x DEBUG ERROR u can be used only with s ERROR could not process PDU received from the wire DEBUG ERROR user name not specified ERROR pnacPDUForward failed to foward the received PDU DEBUG _ failed to enable debug ERROR Creating PHY port with AUTH backend S SendRtn p RecvRtn p DEBUG s failed to convert string to MAC ERROR pnacUmiAuthConfig s not configured for 802 1x DEBUG failed to initialize UMI ERROR pnacSuppRegisterUserlInfo not a valid pnacPhyPortParamSet invalid AC DEBUG arguments ERROR onacPhyPortParamSet Failed to onaclfConfig autoAuth Enabled DEBUG create socket ERROR Error from pnacSendRin no pnac port pae found pnacPhyPortParamSet s device for DEBUG invalid ERR
4. s error allocating beacon _ func __ DEBUG mic check failed ERROR failed to allocate UAPSD QoS NULL tx descriptors d error DEBUG s Wrong parameters func __ ERROR failed to allocate UAPSD QoS NULL wbuf DEBUG s Wrong Key length _ func __ ERROR s unable to allocate channel table func DEBUG s Wrong parameters func __ ERROR s unable to update h w beacon queue parameters DEBUG s Wrong Key length _ func __ ERROR ALREADY ACTIVATED DEBUG s Wrong parameters _func__ ERROR s missed u consecutive beacons DEBUG s Wrong Key length _ func __ ERROR s busy times rx_clear d rx_frame d tx _frame d func rx_clear rx_frame tx_frame DEBUG s Wrong parameters func _ ERROR s unable to obtain busy times _ func __ DEBUG s Wrong Key length func __ ERROR s beacon is officially stuck DEBUG s Wrong parameters func __ ERROR s Wrong Key Length d Busy environment detected DEBUG _ func __ des key_len ERROR s Wrong parameters d Inteference detected DEBUG _ func_ des key_len ERROR rx_clear d rx_frame d s Wrong Key Length d tx_frame d DEBUG _ func__ des key_len ERROR s resume beacon xmit after u misses DEBUG s Wrong parameters func __ ERROR s stuck beacon resetting bmiss count u DEBUG s Wrong Key Length func __ ERROR EMPTY QUEUE DEBUG s Wrong parameters func __ ERROR SWRInfo seqno d isswRetry
5. event received DEBUG d ERROR PNAC_EVENT_PORT_STATUS_CHAN umiloctl UMlL COMP_KDOT11 d GED event received DEBUG d ERROR umiloctl UMI_COMP_UDOT11 d unsupported event d from PNAC DEBUG d failed ERROR event for non existent node s Create new node DEBUG UDP socket is not created ERROR Add new node to DOT11 Node list DEBUG UDP send failed ERROR IAPP socket SOCK_STREAM Update dot11STA database DEBUG failed ERROR Add PMKSA to the list DEBUG IAPP TCP connect failed to s ERROR eapolRecvAuthKeyMsg received key message DEBUG cmd d not supported sender d ERROR umiloctl UMI_COMP_KDOT11 d node not found DEBUG d failed ERROR eapolRecvKeyMsg replay counter not IAPP CACHE NOTIFY REQUEST incremented DEBUG send to ERROR 269 Unified Services Router eapolRecvKeyMsg replay counter is not same processing pairwise key message 2 RSN IE matching OK processing pairwise key message 4 processing group key message 2 processing key request message from client WPA version 2x 2x not supported S group cipher 2x doesn t match s Pairwise cipher s not supported s authentication method d not supported s Auth method s pairwise cipher s IE size d WPA version 2x 2x not supported Unable to obtain IE of type d PTK state changed from s to s using PMKSA from cache PTK GK state changed from s to s GK state changed from s to s Sending PTK Msg1 Sending PTK Msg3 Send
6. ccccccccccesesseceeeseeceessecceseeeeeeseeeeeeseeeeeeeeeees 202 Figure 133 Unified Services Router Figure 134 Figure 135 Figure 136 Figure 137 Figure 138 Figure 139 Figure 140 Figure 141 Figure 142 Figure 143 Figure 144 Figure 145 Figure 146 Figure 147 Figure 148 Figure 149 Figure 150 Figure 151 Figure 152 Figure 153 Figure 154 Figure 155 Figure 156 Figure 157 Figure 158 Figure 159 Figure 160 User Manual Web GUI Management from the WAN Qu ccccccsscccessccesssccesseccesseeeesseecesseesesseeeessees 203 SNMP Users Traps and Access COmntrl ccccccccccccesseccceeessseeceeeesseeeceeessseeeeeeesaeeees 204 SNMP system information for this router cece ccccccssseccceeessseeceeeesseeeceeeesseeeceeessaeeees 205 Date Time and NTP server setup 0 0 cece ccccsseccessseecessseeeessseeecseseeeeseseecessseeseseaeeeens 206 Facility settings for Logging ios cessaunictacsccussansizes tabcanasdoonadshceccedstacwsiat isora nanoteknik 207 Log configuration options for traffic through router essesessesseessseessessseesseeessresseeese 209 IPv6 Log configuration options for traffic through router eeeessnennsenenssneesssneessseeeese 209 E mail configuration as a Remote Logging Option sssessssssessessssssessssssresssesressseses 210 Syslog server configuration for Remote Logging CONTINUE ee ee ceecccceeesteeeees 211 VPN logs displaye
7. System LAN Dedicated WAN Rollover WAN Wireless All of your LAN network connection details are displayed on the Device Status page LAN Information MAC Address 00 19 21 68 50 00 IPv4 Address 192 168 50 1 255 255 255 0 IPv Address fec0 1 64 Status UP DHCP Server Disabled DHCP Relay Disabled 223 Unified Services Router User Manual Status Status System Information Device WAN1 System LAN Dedicated WAN Rollover WAN Wireless All of your Dedicated WAN network connection details are displayed on the Device Status page Dedicated WAN Information MAC Address 28 10 7B BE 23 21 IPv4 Address 0 0 0 0 255 255 255 0 IPv6 Address N A Status DOWN IPv6 Connection Type N A IPv6 Connection State IPv6 is disabled Prefix Obtained N A NAT IPv4 Only Enabled IDA Cannactan Tune Munama ID INUCDI IPv4 Connection State Not Yet Connected Link State LINK DOWN WAN Mode Use only single port WAN1 Gateway 0 0 0 0 Primary DNS 0 0 0 0 Secondary DNS 0 0 0 0 Renew Release Status Status System Information Device Wireless System LAN Dedicated WAN Rollover WAN Wireless All of your wireless network connection details are displayed on the Device Status page Wireless Lan Information Operating Frequency 2 4GHz Mode B G Mixed Channel 1 Available Access Points AutoTest WEP 128 Shared 224 Unified Services Router User Manual
8. sqlite3_mprintf failed Access port can be present only in single vian Failed to execute vlanConfig binary for vianld d unknown vlan state 249 sqlite3QueryResGet failed Query s User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR po ERROR rena ERROR ERROR Unified Services Router s SQL get query s s sqlite3QueryResGet failed s no result found s buffer overflow s value of S in s table is s s returning with status s dnsResolverConfigure addressFamily od dnsResolverConfigure LogicallfName AS chap secrets File found PID File for xl2tod found pid d options xl2tpd file found options xl2tpd file not found Conf File for xl2tod found xl2tod conf not found Chap Secrets file found Chap Secrets file not found S DBUpdate event Table s opCode d rowld d chap secrets File found PID File for pptpd found pid d PID File for pptpd interface found pid d options pptpd file found options pptpd file not found Conf File for pptod found pptod conf not found Chap Secrets file found Chap Secrets file not found s DBUpdate event Table s opCode d rowld d chap secrets File found pppoeMgmtTblHandler MtuFlag d pppoeMgmtTblHandler Mtu d pppoeMgmtTblHandler Idle TimeOutFlag d DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEB
9. setting rxResp code d from pnacPDUProcess received from pnacPDUProcess received from pnacPDUProcess received PNAC_EAPOL_KEY_PACKET doing pnacTxCannedFail doing pnacTxCannedSuccess doing pnacTxReqld doing pnacTxReq eN p DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 212 KDOT11_SET PARAM IEEE80211_l OC_UCASTCIPHERS failed KDOT11_SET PARAM IEEE80211_ OC_KEYMGTALGS failed KDOT11_SET_ PARAM IEEE80211_ OC_WPA failed unknow cipher type d umiloctl UMIl_COMP_IAPP d failed invalid media value d invalid mediaOpt value d invalid mode value d dot11PnaclfCreate failed wpaPFRF failed Error generating global key counter wpaCalcMic unsupported key descriptor version integrity failed need to stop all Stations couldn t find AP context for s interface dot11Malloc failed dot11Malloc failed eapolRecvKeyMsg desclype d eapolRecvKeyMsg version eapolRecvKeyMsg descriptor version eapolRecvKeyMsg set eapolRecvKeyMsg set wpaAuthRecvP TKMsg2 packet received wpaAuthRecvP TKMsg2 failed wpaAuthRecvP TKMsg2 mismatch wpaAuthRecvP TKMsg 4 packet received wpaAuthRecvP TKMsg 4 keyDataLength not zero wpaAuthRecvP TKMsg 4 failed wpaAuthRecvGTKMsg2 packet received secureBit no
10. Internet over IPsec tunnel menninar aeee aeia aae 145 6 3 CO MTIG UII VEN CION eee a a 146 Unified Services Router User Manual GA PREP PLZT TUNNG Suip A eatatinataostaea rapt iene wias 146 6 41 PPTP ANG SUD DOM aniei asses ec akc ee cha cde ah aa ast te 146 0 42 E27 P lt TUNNeLSUDDO a a n weeacate anda E A 148 6 5 GRE FUNNELS B 6 g ari E E EO 151 66 OPENVPN SUPPOR staja tes side ais E A he T ata 153 6 6 ODENVPN Remote NG IWONK seninim ia a A 154 662 OpenVPN AUINGMUCATOMN anna a a NN 155 RAPET es ea E E A gm ba ae as tstecee a nea ba senecene Danaea 157 7 1 CHOUDS ANG USES concisescaas bansduatcnorabentaadep S A a 159 TT MISELSIANG Fh ASSWOROS nih ssssssarsnnsheqteesspsivsanaieh nates tivasnansgunetansiinainct bam naimeisia tae 165 7 1 2 Adding many users to the Local User Database ccc ccccsssecceeesseeeees 166 Te USN SoL VEIN FONCIES imos ana ne E E ise 168 Tel Using Network RESOUNCES naian a AN A a E sis 170 133 Application Port Forwarding sasesisissseeneroieeie ai a E 171 7 4 SSL VPN Client Configuration ccc ccccccccssseccecssecceesseeeesesseeeeesseeeseseeeeeaes 174 To User OM sutagtstcaucitactsansacettnatncttea E tae acuag punt asuartea dines uanhecs 177 T5A Creding Portal WAVOUNS sss oen an aaa vedi Seanse Peamaoractantlaciwersoadecs 177 Chapter 8 Advanced Configuration TOols cccccsccccsssscccsesseccseseecessseecessssescsesseeeeseseeeesenseeeees 180 8 1 USB Device SCID ie
11. Status Network Information Device Statistics Q This page shows the Rx Tx packet and byte count for all the system interfaces It also shows the up time for all the interfaces Device Statistics Show entries No right click options q LAN 7084 4856 0 56 29 0 Days 00 52 53 WAN 3 0 0 0 0 Not Yet Available Showing 1 to 2 of 2 entries First Previous 1 Next gt Last gt 10 2 2 Wireless Statistics Status gt Network Information gt Wireless Statistics The Wireless Statistics tab displays the incrementing traffic statistics for each enabled access point This page will give a snapshot of how much traffic is being transmitted over each wireless link If you suspect that a radio or VAP may be down the details on this page would confirm if traffic is being sent and received through the VAP The clients connected to a particular AP can be viewed by using the Status Button on the list of APs in the Setup gt Wireless gt Access Points page Traffic statistics are shown for that individual AP as compared to the summary stats for each AP on this Statistics page The poll interval the refresh rate for the statistics can be modified to view more frequent traffic and collision statistics 22i Unified Services Router User Manual Figure 157 AP specific statistics Status Status Network Information Wireless Statistics Q Q Wireless traffic statistics for all configured access points are di
12. ifmedia_set target S S seen_option S S Seen_option S seen option gt 279 s s discard information element User Manual Unified Services Router PPPOL2TP gt s _ FUNCTION _ PPPOL2TP lt s _ FUNCTION _ s recv tunnel gt name s xmit session gt name s xmit session gt name S module use_count is d __ FUNCTION mod use count PPPOL2TP s _ fmt PPPOL2TP gt s _ FUNCTION PPPOL2TP lt s _ FUNCTION sS recv tunnel gt name S xmit session gt name S xmit session gt name PPPOL2TP s _ fmt PPPOL2TP gt s _ FUNCTION _ PPPOL2TP lt s _ FUNCTION _ s recv tunnel gt name S xmit session gt name S xmit session gt name IRQ 31 is triggered s d func LINE t R S 0x Y Ox Ox 08x 08x status ERROR page addr uint82_t pValue gt gt 32 uint382_t pValue amp Oxffffffff t W S 0x Ox 0x 08x 08x status ERROR page addr uint82_t value gt gt 32 uint32_t value amp Oxffffffff S mac_add 02XK 0V2K 02XK 02XK 02XK 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 S mac_del 02XK 0V2K 02XK 02XK 02XK 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 S mac_kick O02XK 0V2K 02XK 02XK 02XK 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 S
13. inteface name passed is NULL BSSID passed is NULL inteface name passed is NULL unable to allocate memory for DOT11_CTX unable to install wme mapping on s unable to get S mac address Failed to set s SSID Failed to set SSID broadcast status Failed to set PreAuth mode unable to install key KDOT11 SET PARAM IEEE80211_ OC _AUTHMODE failed KDOT11 SET PARAM IEEE80211_ OC PRIVACY failed wpalnit failed 270 User Manual Unified Services Router User Manual dot1 1InstallProfile unable to get onaclfConfig Invalid supplicant DEBUG interface index ERROR Failed to process user request DEBUG adpHmaclnit s failed ERROR Failed to process user request s d DEBUG interface s not found ERROR pnaclfConfigUmiloctl umiloctl failed DEBUG AP not found on s ERROR pnaclfConfigUmiloctl usrPnac returned d DEBUG keyLen gt PNAC KEY MAX_SIZE ERROR pnaclfConfigUmiloctl usrPnac returned od DEBUG Invalid profile name passed ERROR pnaclfConfigUmiloctl usrPnac returned d DEBUG Creation of WPS EAP Profile failed ERROR pnacKernNotifier invalid PAE configuration DEBUG unsupported command d ERROR From pnacEapDemoAuthRecv unsupported response DEBUG device s not found ERROR From pnacEapDemoAuthRecv invalid codes received DEBUG unsupported command d ERROR From pnacRadXlateDemoRecv received unknown DEBUG dot11NodeAlloc failed
14. Always n O On Demand Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP Use These DNS Servers MAC Address MAC Address Source Use Default MAC Clone your PC s MAC Use this MAC Port Setup MTU Size Default Custom Port Speed Auto Sense T 53 Unified Services Router User Manual Network Network Internet WAN1 Settings Q 6 This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses Account Information etc This information is usually provided by your ISP or network administrator IPv4 WAN Settings WAN Setup Connection Type Russian dual access PPTP Enable VLAN Tag C ort Russian PPTP Address Mode Dynamic IP Static IP Server Address 0 0 0 0 User Name dlink Password MPPE Encryption ll Split Tunnel Reconnect Mode Always On On Demand Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP Use These DNS Servers MAC Address MAC Address Source Use Default MAC Clone your PC s MAC Use this MAC Port Setup MTU Size Default Custom Port Speed Auto Sense save 54 Unified Services Router User Manual Network Network Internet WAN Settings Q This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses Ac
15. Associate with Te IP MAC Binding XW Note the following limits for the number of DHCP Reserved IP addresses per product ea DSR 150 150N 32 e amp DSR 250 250N 64 e amp DSR 500 500N 96 18 Unified Services Router User Manual te DSR 1000 1000N 128 2 1 2 LAN DHCP Leased Clients Setup gt Network Information gt DHCP Clients gt LAN Leased Clients This page provides the list of clients connect to LAN DHCP server Figure 4 LAN DHCP Leased Clients Status Status Network Information DHCP Clients LAN Leased Clients LAN Leased Clients IPv Leased Clients DMZ Leased Clients This table displays the list of DHCP clients connected to the LAN DHCP Server and to whom DHCP Server has given leases lf the LAN is serving DHCP addresses this table will show the list of DHCP clients for the router s LAN DHCP server LAN Leased Clients List Show entries Right click on record to get more options a No data available in table Showing 0 to 0 of 0 entries First Previous Next p Last p IP Addresses The LAN IP address of a host that matches the reserved IP list MAC Addresses The MAC address of a LAN host that has a configured IP address reservation 2 1 3 LAN Configuration in an IPv6 Network Network gt IPv6 gt LAN Settings gt IPv6 LAn Settings 1 In IPv6 mode the LAN DHCP server is disabled by default similar to IPv4 mode The DHCPv6 server will serve IPv6 add
16. Authentication Type This column displays the type of authentication to be used for OSPFv2 If Authentication type is none the interface does not authenticate OSPF packets If Authentication Type is Simple then OSPF packets are authenticated using simple text key If Authentication Type is MD5 then the interface authenticates OSPF packets with MD5 authentication 76 Unified Services Router User Manual Figure 42 OSPF v2 configuration OSPFv2 Configuration DSP Fv Enable EN Interface WAN1 Area Range 0 200 Priority Default 1 Range 0 255 oS oft o Hello Interval Default 10 Range 1 65535 Dead Interval Default 40 Range 1 65535 Cast 0 Default 10 Range 1 65535 Authentication Type Mds Md5 Key ID Range 1 255 Md5 Authentication Key 3 5 5 OSPFv3 Network gt IPv6 gt OSPF y3 Open Shortest Path First version 3 OSPFv3 supports IPv6 To enable an OSPFv3 process on a router you need to enable the OSPFv3 process globally assign the OSPFv3 process a router ID and enable the OSPFv3 process on related interfaces ex DSR 150 DSR 150N DSR 250 and DSR 250 don t support OSPFv3 77 Unified Services Router User Manual Figure 43 OSPFv3 configured parameters Network Network Pw OSPFw3 7 es This page shows the OSPFv3 parameters configured on the router User can also edit the OSPFv3 configured parameters OSPF Open Shortest Path F
17. Error from pnacRadXlateRadNonldRespSend s Failed to set port status WARN send to failed Error from pnacRadXlateRadRecvProc s Failed to notify event to dot11 WARN recvfrom failed From onacLibDeinit Failed to destroy the pnacRadXlateRadPktIntegrityChk no phyPort s WARN corresponding Error from pnacPortPaeDeconfig kopnacPortPaeDe pnacRadXlateRadPktIntegrityChk no config failed WARN message onacPortPaeDeconfig kpnacPortPaeDe Error from config failed WARN pnacRadXlateRadPktIntegrityChk From pnacBackAuthSuccess failed to notify pnacRadXlateRadChalPktHandle no the destination WARN encapsulated eap Error from pnacRadXlateRadChalPktHandle could not initialize MGMT framework ERROR malloc for eap Error from pnacEapDemoSuppUserInfoRegister umilnit failed ERROR invalid Error from pnacEapDemoSuppRecv ilapplnit failed ERROR received null EAP pkt Error from pnacEapDemoSuppRecv could not initialize IAPP MGMT ERROR send pir to pnac supplicant From pnacEapDemoSuppRecv user doti1Malloc failed ERROR info not entered yet DEBUG pnacPhyPortParamSet Failed to add User Manual Unified Services Router User Manual Error from pnacEapDemoSuppRecv buffer length not specified ERROR couldn t ERROR MDString adpDigestInit for md5 Invalid length d specified ERROR failed ERROR Failed to get information
18. MSCHAP v2 encryption Figure 119 POP3 Authentication Server configuration a Security Security Authentication External Auth Server POP3 Server Radius Server POP3 Server POP3 Trusted CA LDAP Server AD Server NT Domain This page allow user to configure pop3 authentication servers POP3 Server Configuration SON EBBEN Server Checking Authentication Server 1 Primary Authentication Port Default 110 Range 0 65535 SSL Enable C a Authentication Server 2 Secondary fo Optional Authentication Port 110 Default 110 Range 0 65535 SSL Enable err Authentication Server 3 Optional DOO O Optional Authentication Port 110 Default 110 Range 0 65535 SSL Enable C a Timeout Range 1 999 Seconds Retries Range 5 9 Save Cancel The Server Checking button is used to verify connectivity to the configured server s A CA file is used as part of the POP3 negotiation to verify the configured authentication server identity Each of the 3 configured servers can have a unique CA used for authentication 185 Unified Services Router User Manual Figure 120 POP3 CA file upload a Security Security Authentication External Auth Server POP3 Trusted CA 8 Q Sa Radius Server POP3 Server POP3 Trusted CA LDAP Server AD Server NT Domain This page shows the list of POP3 CA Files POP3 CA Files List entries Right click on record to
19. Portal Layout and Theme Name Portal Layout Name Po Login Profile Name Portal Site Title ee Banner Title Po Banner Message Display Banner Message C Te on Login Fage HTTP Meta Tags for Cache C Te Con trol Recommended save 179 Unified Services Router User Manual Chapter 8 Advanced Configuration Tools 8 1 USB Device Setup Status gt System Information gt USB Status The D Link Services Router has a USB interface for printer access file sharing and on the DSR 1000 DSR 1000N models 3G modem support There is no configuration on the GUI to enable USB device support Upon inserting your USB storage device printer cable or 3G modem the DSR router will automatically detect the type of connected peripheral USB Mass Storage also referred to as a share port files on a USB disk connected to the DSR can be accessed by LAN users as a network drive USB Printer The DSR can provide the LAN with access to printers connected through the USB The printer driver will have to be installed on the LAN host and traffic will be routed through the DSR between the LAN and printer USB 3G modem A 3G modem dongle can be plugged in and used as a secondary WAN Load balancing auto failover or primary WAN access can be configured through the 3G interface To configure printer on a Windows machine follow below given steps Click Start on the desktop Select Printers and faxes option Right click and s
20. Source Address Translation 209 165 201 225 gt 10 30 30 30 DMZ interface 10 30 30 1 Inside interface 192 168 10 1 Inside DMZ User Web Server 192 168 10 10 Private IP Address 10 30 30 30 Public IP Address 209 165 200 225 111 Unified Services Router User Manual Figure 62 The firewall rule configuration page allows you to define the To From zone service action schedules and specify source destination IP addresses as needed Security Security Firewall Firewall Rules IPv4 Firewall Rules Q 1Pv4 Firewall Rules Firewall Rules IPv6 Firewall Rules Firewall Rules A firewall is a security mechanism to selectively block or allow certain types of traffic in accordance with rules specified by network administrators You can use this page to manage the firewall rules that control traffic to and from your network The List of Available Firewall Rules table includes all firewall rules for this device and allows several operations on the firewall rules Firewall Rules Default Outbound Policy for IPv4 Always Allow O Block Save Cancel IPv4 Firewall Rules List Show 10 entries Right click on record to get more options a oo T T T No data available in table Showing 0 to 0 of 0 entries First J Previous Next gt Last gt Add New IPv4 Firewall Rule P 4 Firewall Rules Contiguration From Zone SECURE LAN To Zone INSECURE WAN Serv
21. Unified Services Router Releasing Packet with cookie p Received EAP lIdentity from Pnac s Filling User Name s Filling State Filling EAP Message Filling Service Type d Filling Framed MTU d Received Access Challenge from Server Sending Reply EAP Packet to Pnac Error sending packet to Pnac RADIUS Authentication Failed RADIUS Authentication Successful Got Packet with cookie p Next DNS Retry after 1 min Next Synchronization after Next Synchronization after Next Synchronization after d Primary is not available Secondary is not available Invalid value for use default servers No server is configured Backing off for d seconds Requesting time from s Synchronized time with s Received KOD packet from s No suitable server found s Received Invalid Length packet from s Received Invalid Version packet from AS Received Invalid Mode packet from s Request Timed out from s Looking Up s Timezone difference d Could not open file s Could not read data from file nto TblHandler status d tz d DayLightsaving d oNtpControl gt ServerNames PRIMARY_SERVER S DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 261 radEapSendRin Invalid Arguments radEapSendRin failed
22. WEP Index and Keys Authentication Open System a sca Generate Key WEP Key 1 WEP Key 2 WEP Key 3 4 2 2 WPA or WPA2 with PSK A pre shared key PSK is a known passphrase configured on the AP and client both and is used to authenticate the wireless client An acceptable passphrase is between 8 to 63 characters in length 92 Unified Services Router User Manual 4 3 Creating and Using Access Points Wireless gt General gt Access Points Once a profile a group of security settings is created it can be assigned to an AP on the router The AP SSID can be configured to broadcast its availability to the 802 11 environment can be used to establish a WLAN network The AP configuration page allows you to create a new AP and link to it one of the available profiles This router supports multiple AP s referred to as virtual access points VAPs Each virtual AP that has a unique SSIDs appears as an independent access point to clients This valuable feature allows the router s radio to be configured in a way to optimize security and throughput for a group of clients as required by the user To create a VAP click the add button on the Wireless gt General gt Access Points page After setting the AP name the profile dropdown menu is used to select one of the configured profiles ex The AP Name is a unique identifier used to manage the AP from the GUI and is not the SSID that is detected by clients when the AP h
23. s unable to allocate device object testCompHandler received s from func __ DEBUG d char plnBuf ERROR s unable to attach hardware HAL status u DEBUG UMI proto registration failed d ret ERROR s HAL ABI msmatch DEBUG AF_UMI registration failed d ret ERROR s Warning using only u entries in u key cache DEBUG umi initialization failed d ret ERROR unable to setup a beacon xmit queue DEBUG kernel UMI registration failed ERROR unable to setup CAB xmit queue DEBUG Logs kernel txt 447 KERN ERR ERROR unable to setup xmit queue for BE ERROR msm not found properly d traffic DEBUG len d msm ERROR s DFS attach failed func __ DEBUG ModExp returned Error ERROR s Invalid interface id u __func_ if_id DEBUG ModExp returned Error ERROR 295 Unified Services Router User Manual S grppoll Buf allocation failed S Ox p len u tag p unsigned func __ DEBUG int len ERROR s unable to start recv logic DEBUG 03d i ERROR s Invalid interface id u __func__ if_id DEBUG 02x unsigned char p i ERROR s unable to allocate channel table __ func __ DEBUG mic check failed ERROR s Tx Antenna Switch Do internal S Ox p len u tag p unsigned reset func _ DEBUG ee ERROR Radar found on channel d d MHz DEBUG 03d ERROR End of DFS wait period DEBUG 02X anes char p i ERROR
24. skb len d dlen d pskb gt len AES Software Test Duration d d DEBUG Non linear skb AES Hardware Test d iterations iter DEBUG End of sdp p nexthdr AES Hardware Test Duration d d DEBUG S unknown pairwise cipher d 3DES Software Test d iterations iter DEBUG s unknown group cipher d s unknown SIOCSIWAUTH flag 3DES Software Test Duration d d DEBUG d 3DES Hardware Test d iterations s unknown SIOCGIWAUTH flag iter DEBUG d 3DES Hardware Test Duration d d DEBUG s unknown algorithm d DES Software Test d iterations iter DEBUG s key size d is too large DES Software Test Duration d d DEBUG try module_get failed DES Hardware Test d iterations iter DEBUG s request_irq failed dev gt name DES Hardware Test Duration d d DEBUG try_module_get failed SHA Software Test d iterations iter DEBUG try module_get failed SHA Software Test Duration d d DEBUG s unknown pairwise cipher d SHA Hardware Test d iterations iter DEBUG s unknown group cipher d s unknown SIOCSIWAUTH flag SHA Hardware Test Duration d d DEBUG d s unknown SIOCGIWAUTH flag MD5 Software Test d iterations iter DEBUG d MD5 Software Test Duration d d DEBUG s unknown algorithm d MD5 Hardware Test d iterations iter DEBUG s key size d is too large unable t
25. 4 gt min mbps lt 0 250 gt DEBUG martian source u u u u from ARNIN lt 0 1 gt per_low lt 0 50 gt DEBUG Il header S ADDBA mode is AUTO martian destination u u u u ARNIN func __ DEBUG from ARNIN S Invalid TID value _ func __ DEBUG u u u u sent an invalid ICMP s ADDBA mode is AUTO ARNIN func DEBUG dst cache overflow ARNIN s Invalid TID value _ func _ DEBUG Neighbour table overflow ARNIN S Invalid TID value _ func__ DEBUG host u u u u if d ignores martian destination u u u u ARNIN Addba status IDLE DEBUG from s ADDBA mode is AUTO func __ ARNIN MEDSODSEDEDEDESEODEDEDE OF DEDEDEOEODEDE ODEDE OSOSEOESEODEDE OSOEOEOEOS usage hbrparams ac lt 2 gt enable DEBUG martian source u uU u u from 291 Unified Services Router S Invalid TID value Error in ADD no node available S Channel capabilities do not match chan flags Ox x S Cannot map channel to mode freq u flags Ox x ic_get_currentCountry not initialized yet Country ie is C c c s wrong state transition from d to d s wrong state transition from d to d s wrong state transition from d to d s wrong state transition from d to d _ fune __ s wrong state transition from d to d s wrong state transition from d to d ieee80211_ deliver_l2uf no buf available s s vap gt iv_dev gt name buf NB no S Ys YS vap gt
26. Close the browser and launch it again Ensure that you are using the correct login information The factory default login name is admin and the password is password Ensure that CAPS LOCK is off when entering this information Symptom Router does not save configuration changes Recommended action 1 When entering configuration settings click Apply before moving to another menu or tab otherwise your changes are lost Click Refresh or Reload in the browser Your changes may have been made but the browser may be caching the old configuration Symptom Router cannot access the Internet 233 Unified Services Router User Manual Possible cause If you use dynamic IP addresses your router may not have requested an IP address from the ISP Recommended action 1 Launch your browser and go to an external site such as Www google com 2 Access the firewall s configuration main menu at http 192 168 10 1 3 Select Monitoring gt Router Status 4 Ensure that an IP address is shown for the WAN port If 0 0 0 0 is shown your firewall has not obtained an IP address from your ISP See the next symptom Symptom Router cannot obtain an IP address from the ISP Recommended action 1 Turn off power to the cable or DSL modem 2 Turn off the router 3 Wait 5 minutes and then reapply power to the cable or DSL modem 4 When the modem LEDs indicate that it has resynchronized with the ISP reapply power to
27. Figure 40 Static route configuration fields Network Network Routing Static Routes Q o Static Routes List Show 10 7 entries Right click on record to get more options E No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last al Add New Static Route Static Route Configuration x Active C Te Private C Te Destination IP Address Po IP Subnet Mask Gateway IP Address Po Metric Range 2 15 3 5 4 OSPFv2 Network gt Routing gt OSPF OSPF is an interior gateway protocol that routes Internet Protocol IP packets solely within a single routing domain It gathers link state information from available routers and constructs a topology map of the network OSPF version 2 is a routing protocol which described in RFC2328 OSPF Version 2 OSPF is IGP Interior Gateway Protocols OSPF is widely used in large networks such as ISP backbone and enterprise networks 75 Unified Services Router User Manual ex DSR 150 DSR 150N DSR 250 and DSR 250 don t support OSPFv2 Figure 41 OSPFv2 configured parameters Network Network Routi OSPF a CRE This page shows the OSPFv 2 parameters configured on the router User can also edit the OSPFv configured parameters OSPF v2 List DISABLED LAN 1 10 40 10 None DISABLED WAN 1 10 40 10 None DISABLED WAN 1 10 40 10 None Showing 1 to 3 of 3 entries First Previous 1 Next gt L
28. Profile s does not exist Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist invalid type value d supported values are 1 2 3 4 Profile s does not exist ERROR incomplete DB update information old values result does not contain 2 rows sqlite3QueryResGet failed Error in executing DB update handler sqlite3QueryResGet failed ERROR incomplete DB update information old values result does not contain 2 rows sqlite3QueryResGet failed Error in executing DB update handler sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ERROR ERROR ERROR ERROR ERROR ERROR ERROR Error from pnacRecvRin invalid arguments Error from pnacRecvMapi unsupported PDU received supp ToACSendRin returned not OK Error from pnacBasicPktCreate malloc failed Error from pnacEAPPktCreate basic pkt create failed Error from pnacTxCannedFail eap pkt create failed Error from pnacTxCannedSuccess eap pkt create failed Error from pnacTxReqld eap pkt create failed Error from pnacTxReq eap pkt create failed Error from pnac
29. Restoring old configuration failed to write update RADVD configuration file upnpDisableFunc failed upnpEnableFunc failed User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router umiloctl s UMI_CMD_IFDEV_EVENT d failed klogctl 9 failed malloc failed for d bytes klogctl 4 failed emailLogs Invalid Number of Arguments Exiting sqlite3QueryResGet failed Could not execute the smtpClient Error while cleaning the database Exiting s Facility System Firewall Enabling rule for protocol binding Disabling rule for protocol binding Enabling Remote SNMP on WAN Disabling Remote SNMP on WAN wan traffic counters are restared Traffic limit has been reached Traffic meter monthly limit has been changed to d Enabling traffic meter for only dowload Enabling traffic meter for both directions Enabling traffic meter with no limit Email alert in traffic meter disabled Email alert in traffic meter enabled Traffic Meter Monthly limit d MB has been Traffic Metering Adding rule to drop all traffic Traffic Metering sabling Email traffic Disabling attack checks for IPv6 rules Enabling attack checks for IPv6 rules Configuring
30. The default auto refresh for this page is 10 seconds Figure 159 List of connected 802 11 clients per AP Status Status Network Information Wireless Clients 2 Q w This list identifies the wireless clients or stations currently connected to the Access Points configured and enabled on this device Wireless Clients No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last gt 10 3 3 LAN Clients Status gt Network Information gt LAN Clients The LAN clients to the router are identified by an ARP scan through the LAN switch The NetBIOS name if available IP address and MAC address of discovered LAN hosts are displayed Figure 160 List of LAN hosts Status Status Network Information LAN Clients oo This page displays a list of LAN clients connected to the router LAN Clients List Show entries No right click options Q j a T v v unknown 192 168 10 200 00 80 48 63 2e a7 Showing 1 to 1 of 1 entries First Previous 1 Next gt Last gt 10 3 4 Active VPN Tunnels Status gt Network Information gt Active VPNs gt IPsec SAs You can view and change the status connect or drop of the router s IPsec security associations Here the active IPsec SAs security associations are listed along with 229 Unified Services Router User Manual the traffic details and tunnel state The traffic is a cumulative measure of transmit
31. This is the endpoint address for the tunnel that starts with this router The endpoint can be the LAN interface assuming the LAN is an IPv4 network or a specific LAN IPv4 address IPv4 Address The end point address if not the entire LAN 81 Unified Services Router User Manual 3 6 3 7 Configurable Port WAN Option This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port If the port is selected to be a secondary WAN interface all configuration pages relating to WAN2 are enabled WANS3 3G Configuration This router supports one of the physical ports WAN3 to be configured for 3G internet access Network gt Internet gt WAN3 Settings WANS configuration for the 3G USB modem is available only on WAN3 interface There are a few key elements of WAN 3 configuration e Reconnect Mode Select one of the following options O O O Always On The connection is always on Username Enter the username required to log in to the ISP On Demand The connection is automatically ended 1f it is idle for a specified number of minutes Enter the number of minutes in the Maximum Idle Time field This feature is useful if your ISP charges you based on the amount of time that you are connected e Password Enter the password required to login to the ISP e Dial Number Enter the number to dial to the ISP e Authentication Protocol Select one of None PAP or CHA
32. YS nimfMacGet Update Flag nimfMacGet MacAddress nimfMacGet MacAddress nimfMacGet MacAddress nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet Mac option Not changed nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet MacAddress s nimfMacGet returning with status s Now in enableing LanBridge function sucessfully executed the command s Now in disableing LanBridge function sucessfully executed the command s configPortTblHandler Now we are in Sqlite Update The Old Configuration of ConfiPort was sS The New Configuration of ConfiPort was sS The user has deselected the configurable port failed query s failed query s failed query s S DBUpdate event Table s opCode d rowld d ERNE DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG pae ddns SQL error s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ddns SQL error s sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s ddnsDisable failed ddnsDisable failed failed to call ddns enable ddns SQL error s ddnsDisable failed sqlite3QueryResGet failed Query s Error in executing DB update handler Failed to open the resolv conf file Exiting n Could not write to the resolv conf file Exiting Error opening the
33. You can choose to set Date and Time manually which will store the information on the router s real time clock RTC If the router has access to the internet the most accurate mechanism to set the router time is to enable NTP server communication es Accurate date and time on the router is critical for firewall schedules Wi Fi power saving support to disable APs at certain times of the day and accurate logging Please follow the steps below to configure the NTP server 1 Select the router s time zone relative to Greenwich Mean Time GMT 2 If supported for your region click to Enable Daylight Savings 3 Determine whether to use default or custom Network Time Protocol NTP servers If custom enter the server addresses or FQDN 205 Unified Services Router User Manual Figure 137 Date Time and NTP server setup O Maintenance Maintenance Administration Date and Time Qo Q This page allows us to set the date time and NTP servers Network Time Protocol NTP is a protocol that is used to synchronize computer clock time in a network of computers Accurate time across a network is important for many reasons Date and Time Current Device Time Sat Jan 01 00 24 01 GMT 2011 Time Zone GMT Greenwich Mean Tim Y Daylight Saving lo NTP Servers on NTP Server Type Default Custom Time to re synchronize 120 Default 120 Range 5 1440 Minutes Save Cancel 9 4 Log Configuration T
34. d expire rt_ cache 02x u u u u hash rt_bind_peer 0 p NET _CALLER iph DEBUG BUG aoe DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG FAIL ieee80211_crypto_setkey failed FAIL unable to allocate skbuff FAIL ccmp encap failed FAIL encap data length mismatch FAIL ccmp decap failed FAIL decap botch length mismatch FAIL decap botch data does not compare PASS u of u 802 111 AES CCMP test vectors passed pass total FAIL encrypt data does not compare S Ox p len u tag p len 03d i 02x u_int8_t p i first difference at byte u ieee80211_crypto_newkey failed ieee80211_crypto_setkey failed unable to allocate skbuff tkip enmic failed enmic botch length mismatch enmic botch tkip encap failed encrypt phase1 botch encrypt data length mismatch encrypt data does not compare tkip decap failed decrypt phase1 botch decrypt data does not compare decap botch length mismatch decap boich data does not compare tkip demic failed 281 User Manual DEBUG Unified Services Router lp_rt_advice redirect to ip_rt bug u u u u gt U U U U S UDP short packet From MU U YU YU U d d to ouU U U YoU YoU UDP bad checksum From d d d d d to d d d d d ulen d a guy asks for address mask
35. e Any all users e Single Address enter an IP address e Address Range enter the appropriate IP address range 108 Unified Services Router User Manual 6 Log traffic that is filtered by this rule can be logged this requires configuring the router s logging feature separately QoS Priority Outbound rules where To Zone insecure WAN only can have the traffic marked with a QoS priority tag Select a priority level e Normal Service ToS 0 lowest QoS e Minimize Cost ToS 1 e Maximize Reliability ToS 2 e Maximize Throughput ToS 4 Minimize Delay ToS 8 highest QoS Inbound rules can use Destination NAT DNAT for managing traffic from the WAN Destination NAT is available when the To Zone DMZ or secure LAN With an inbound allow rule you can enter the internal server address that is hosting the selected service You can enable port forwarding for an incoming service specific rule From Zone WAN by selecting the appropriate checkbox This will allow the selected service traffic from the internet to reach the appropriate LAN port via a port forwarding rule Translate Port Number With port forwarding the incoming traffic to be forwarded to the port number entered here External IP address The rule can be bound to a specific WAN interface by selecting either the primary WAN or configurable port WAN as the source IP address for incoming traffic ex This router supports multi NAT and so t
36. firewall rules or blocked keywords Approved URLs List No data available in table Fe Presos Next gt Le Add New Approved URL Upload URLs List from File Export URLs List to File 5 10 5 Dynamic WCF Security gt Web Content Filter gt Dynamic Filtering Figure 77 Dynamic WCF Q ge Security Security Web Content Filter Dynamic Filtering This page displays the list of categories to be blocked Dynamic Filtering Clubs and Societies Music Video Business Oriented Government Blocking List Educational Advertising Drugs Alcohol Computing IT Swimsuit Lingerie Models Adult News Job Search Gambling Travel Tourism a Shopping C Entertainment Chat Rooms IMs Dating Sites Game Sites Investment Sites C a E Banking C a Crime Terrorism Personal Beliefs Cults Cem Politics Cem Sports www E Mail Sites C a Violence Undesirab le C a Malicious Search Sites Health Sites CE CE CE CE CE C Remote Control Desktop duduaugauad ccm 130 Unified Services Router User Manual This feature allows the administrator to block access from a range of web content categories The router must be upgraded with the the WCE license and then the Content Filtering option which allows the user to filter out internet sites needs to be enabled The Dynamic Content Filtering configuration page will let the administrator choose from a range of pre defined categories to be blocked When enab
37. flow between the secure LAN and the internet Routing Mode Network gt Internet gt Routing This device supports classical routing network address translation NAT and transport mode routing With classical routing devices on the LAN can be directly accessed from the internet by their public IP addresses assuming appropriate firewall settings If your ISP has assigned an IP address for each of the computers that you use select Classic Routing NAT is a technique which allows several computers on a LAN to share an Internet connection The computers on the LAN use a private IP address range while the WAN port on the router is configured with a single public IP address Along with connection sharing NAT also hides internal IP addresses from the computers on the Internet NAT is required if your ISP has assigned only one IP address to you The computers that connect through the router will need to be assigned IP addresses from a private subnet When Transparent Routing Mode is enabled NAT is not performed on traffic between LAN and WAN Broadcast and multicast packets that arrive on the LAN interface are switched to the WAN and vice versa if they do not get filtered by firewall or VPN policies To maintain the LAN and WAN in the same broadcast domain select Transparent mode which allows bridging of traffic from LAN to WAN and vice versa except for router terminated traffic and other management traffic All DSR features such a
38. judiciable et 2 ce dispositif doit accepter tout brouillage re u y compris un brouillage susceptible de provoquer un fonctionnement ind sirable Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance 20cm between the radiator amp your body D claration d exposition aux radiations Cet quipement est conforme aux limites d exposition aux rayonnements IC tablies pour un environnement non contr l Cet quipement doit tre install et utilis avec un minimum de 20 cm de distance entre la source de rayonnement et votre corps Wall Mount Option The Router has four wall mount slots on its bottom panel Before you begin make sure you have two screws that are size 4 this indicates a diameter measurement of 0 112inches 2 845mm 1 Determine where you want to mount the Router 2 Drill two holes into the wall Make sure adjacent holes are 2 36 inches 60mm apart 3 Insert a screw into each hole and leave 0 2inches 5mm of its head exposed 4 Maneuver the Router so the wall mount slots line up with the two screws 5 Place the wall mount slots over the screws and slide the Router down until the screws fit snugly into the wall mount slots 316
39. subnet address of your PC is different from the network address of the remote device e Verify that the cable or DSL modem is connected and functioning e Ask your ISP if it assigned a hostname to your PC If yes select Network Configuration gt WAN Settings gt Ethernet ISP Settings and enter that hostname as the ISP account name e Ask your ISP if it rejects the Ethernet MAC addresses of all but one of your PCs Many broadband ISPs restrict access by allowing traffic from the MAC address of only your broadband modem but some ISPs additionally restrict access to the MAC address of just a single PC connected to that modem If this is the case configure your firewall to clone or spoof the MAC address from the authorized PC 11 4 Restoring factory default configuration settings To restore factory default configuration settings do either of the following 1 Do you know the account password and IP address e If yes select Maintenance gt Firmware amp Config gt Soft Reboot and click Default e If you do not do the following o On the rear panel of the router press and hold the Reset button about 10 seconds until the test LED lights and then blinks o Release the button and wait for the router to reboot 2 Ifthe router does not restart automatically manually restart it to make the default settings effective 3 After a restore to factory defaults whether initiated from the configuration interface or the Res
40. uU U U U from Redirect from u uU U U on S about IP routing cache hash table of u buckets ldKbytes source route option u u uU uU gt VU U OU U IPsec device unregistering s dev gt name IPsec device down s dev gt name mark only supports 32bit mark ipt_time invalid argument Logs_kernel txt 45 KERN_WARNIN G Logs_kernel txt 59 KERN_WARNIN G ipt_LOG not logging via system console S wrong options length u fname opt_len s options rejected o 0 02x o 1 02x ipt_time IPT DAY didn t matched S wrong options length u s options rejected o 0 02x o 1 02x s don t know what to do 0 5 02x S wrong options length u fname opt_len s options rejected o 0 02x o 1 02x S wrong options length u s options rejected o 0 02x o 1 02x s don t know what to do 0 5 02x 289 DSEONSODSODSODSDSENDSEDSEDSEODSEODSEDSEDSEDSEDSEDSEZ Z User Manual Zz jz jz2 Z IN IN IN IN Z T O 1 Do m n O JO JO O FO FO FO FO 7 7 O O ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN Unified Services Router MD5 Hardware Test s md5HardTest 0 Failed Passed New port d ntohs expinfo gt natport DEBUG AES Software Test d iterations iter DEBUG
41. 1 Create a GRE tunnel from the GUI 2 Setup a static route for the remote local networks using the GRE tunnel Figure 93 GRE Tunnel configuration re VPN VPN GRE GRE Tunnels Q o This page allows user to add edit GRE tunnel configuration GRE Tunnels List Show entries Right click on record to get more options S No data available in table Showing 0 to 0 of 0 entries J First Previous Next gt Last gt Add New GRE Tunnel GRE Tunnel Name Po IP Address rr SC Y Interface Remote End Address Po Enable DDP Broadcast C To Static Route Configuration IP Address Gateway IP Address Po Save When creating the GRE tunnel the IP Address should be a unique address that identifies that GRE tunnel endpoint It will be referenced in the other router s static route as the Gateway IP address The Remote End Address in the GRE tunnel configuration page is the WAN IP address of the other endpoint router Once the tunnel is established a static route on the router can be made using the interface set to the configured GRE tunnel name The destination IP address of the static route is the remote LAN subnet and the route s gateway IP address will be the 152 Unified Services Router User Manual GRE tunnel IP of the terminating router the same router that manages the remote LAN subnet Once these two steps are completed all DDP broadcast traffic can flow between remote LAN subnets via the GRE Tunne
42. 1 Captive Portal Setup Security gt Authentication gt Login Profiles Captive Portal is a security mechanism to selectively provide authentication on certain interfaces This page displays configured custom Captive Portal profiles and indicates which are in use 37 Unified Services Router User Manual Figure 16 Captive Portal Profile List a z Security Securi Authentication Login Profiles j y or oo The table lists all the available Login Profiles in the system This Login page is used for authentication on Captive Portal enabled interfaces Login Profiles List show 10 entries Right click on record to get more options ag default D link Unified Services Router SSLVPH default D link Unified Services Router Not In Use Showing 1 to 2 of 2 entries First Previous 1 Next a Last 5 Pasa new Login Prone List of Available Profiles Any one of these profiles can be used for Captive Portal Login page while enabling Captive Portal Click Add in the Captive Portal setup page to allow defining customized captive portal login page information Page Background Color Header Details Header Caption Login Section Details Advertisement Details Footer Details and Captive Portal Header Image Security gt Authentication gt Login Profiles To create a new Captive Portal a profile with a unique policy name is to be created The profile governs the entry screen shown to new session
43. 1 to 2 of 2 entries First Previous 1 Next gt Last The following details are displayed in SMS INBOX page e Sno Displays the serial number of message in the inbox e Sender Displays the sender of the particular message e TimeStamp Displays the time when the message was sent e Text Displays the content of the particular Message The following actions are performed e Delete Deletes the SMS having that particular Sno Only one message can be deleted at a time e Refresh Updates the inbox with new SMS if any e Reply Lets the user create a new SMS in reply to a particular message by the selected sender Receiver field in the createSms htm page is filled with the sender s number e Forward Lets the user forward a selected SMS Text Message field in the createSms htm page is filled with the Text of the selected message 183 Unified Services Router User Manual Figure 118 SMS Service Receive SMS O Maintenance Maintenance Administration SMS Service Create SMS Q Inbox Create SM5 SMS This page will allow users to create a new SMS and send it to a particular number Compose Message Receiver 8184904351 Text Message Text Message The following details to be provided in Create Message page e Receiver Enter the phone number of the intended receiver of the message e Text Message Enter the body of the message here Click Send Message to send the
44. 2 0 0 INFO const char descr krb5_keyblock k DEBUG s driver unloaded dev_info INFO 287 Unified Services Router test key key pre hashed key key const char descr kro5_keyblock k 128 bit AES key amp dk 256 bit AES key amp dk WARNING bwMonMultipathNxtHopSelect checking rates hop d dev s usableBwLimit d currBwShare d lastHopSelected d weightedHopPrefer d 1 selecting hop d lastHopSelected d selHop lastHopSelected 4 hop d dev s usableBwLimit d currBwShare d lastHopSelected d weightedHopPrefer d 2 selecting hop d lastHopSelected d selHop lastHopSelected 3 selecting hop d lastHopSelected d selHop lastHopSelected bwMonitor multipath selection enabled bwMonitor multipath selection disabled weightedHopPrefer set to d weightedHopPrefer bwMonitor sysctl registration failed bwMonitor sysctl registered bwMonitor sysctl not registered Unregistered bwMonitor sysctl CONFIG_SYSCTL enabled Initialized bandwidth monitor Removed bandwidth monitor Oops AES _GCM_encrypt failed keylen u key gt cvm_keylen Oops AES _GCM_decrypt failed keylen u key gt cvm_keylen WS msg OV2xX S data i Failed to set AES encrypt key Failed to set AES encrypt key AES s Encrypt Test Duration d d hard Hard Soft Failed to set AES encrypt key Failed to set AES encrypt key AES s Decrypt Test Duration d
45. 20cm between the radiator amp your body This transmitter must not be co located or operating in conjunction with any other antenna or transmitter The availability of some specific channels and or operational frequency bands are country dependent and are firmware programmed at the factory to match the intended destination The firmware setting is not accessible by the end user Note The country code selection is for non US model only and is not available to all US model Per FCC regulation all WiFi product marketed in US must fixed to US operation channels only Europe EU Declaration of Conformity This device complies with the essential requirements of the R amp TTE Directive 1999 5 EC The following test methods have been applied in order to prove presumption of conformity with the essential requirements of the R amp TTE Directive 1999 5 EC EN 60950 1 Safety of Information Technology Equipment EN50385 2002 08 Product standard to demonstrate the compliance of radio base stations and fixed terminal stations for wireless telecommunication systems with the basic restrictions or the reference levels related to human exposure to radio frequency electromagnetic fields 110MHz 40 GHz General public EN 300 328 V1 7 1 2006 10 Electromagnetic compatibility and Radio spectrum Matters ERM Wideband Transmission systems Data transmission equipment operating in the 2 4 GHz ISM band and using spread spectrum modulation techniqu
46. 3 1 4 4 Primary benefits of Virtual APs e Optimize throughput if 802 11b 802 11 g and 802 11n clients are expected to access the LAN via this router creating 3 VAPs will allow you to manage or shape traffic for each group of clients A unique SSID can be created for the network of 802 11b clients and another SSID can be assigned for the 802 11n clients Each can have different security parameters remember the SSID and security of the link is determined by the profile In this way legacy clients can access the network without bringing down the overall throughput of more capable 802 11n clients e Optimize security you may wish to support select legacy clients that only offer WEP security while using WPA2 security for the majority of clients for the radio By creating two VAPs configured with different SSIDs and different security parameters both types of clients can connect to the LAN Since WPA2 is more secure you may want to broadcast this SSID and not broadcast the SSID for the VAP with WEP since it is meant to be used for a few legacy devices in this scenario Tuning Radio Specific Settings Wireless gt General gt Radio Settings The Radio Settings page lets you configure the channels and power levels available for the AP s enabled on the DSR The router has a dual band 802 1 1n radio meaning either 2 4 GHz or 5 GHz frequency of operation can be selected not concurrently though Based on the selected operating freq
47. 44 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 ef ee ae 11 12 13 o 11 12 13 7 a 9 a F See 36 40 44 48 40 44 48 40 48 48 3644 44 fe fog fe Taiwan 2 4Ghz 10 u 10 u o 157 161 165 64 153 161 60 149 157 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 a S a a 11 12 13 a 11 12 13 7 8 9 Lie Seier 36 40 44 48 40 44 48 40 48 48 36 44 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 Js 6 o A 11 12 13 oe 11 12 13 7 e 9 an Beir 36 40 44 48 40 44 48 40 48 48 3644 44 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 a ee eT ao 11 12 13 ae 11 12 13 7 e 9 36 40 44 48 40 44 48 40 48 48 3644 SGhz o 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 10 states 2 4Ghz 10 11 10 11 7 36 40 44 48 149 40 48 153 36 44 149 5 Ghz 153 157 161 165 161 157 Latin 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 11 America 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 301 Unified Services Router User Manual 36 40 44 48 149 40 48 153 36 44 149 5 Ghz 153 157 161 165 161 157 1 2 3 4 3 6 7 8 9 3 6 ds 8 9 2 S 4 5 6 12 Denmark 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 5Gwe 36 40 44 48 40 48 36 44 1 2 3 4 3 6 T 8 9 5 6 if 8 9 1 2 3 4 5 6 13 Germany 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 sere 36 40 44 48 40 48 36 44 1 2 3 4 3
48. 5150MHz to 5250MHz frequency range Non modification Statement Use only the integral antenna supplied by the manufacturer when operating this device Unauthorized antennas modifications or attachments could damage the TI Navigator access point and violate FCC regulations Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment Canadian Department of Communications Industry Canada IC Notice This Class B digital apparatus complies with Canadian ICES 003 and RSS 210 Cet appareil num rique de la classe B est conforme a la norme NMB 003 et CNR 210 du Canada Industry Canada Statement This device complies with RSS 210 of the Industry Canada Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation IMPORTANT NOTE Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment End users must follow the specific operating instructions for satisfying RF exposure compliance To maintain compliance with IC RF exposure compliance requirements please follow operation instruction as documented in this manual 308 Unified Services Router User Manual Europe EU Declaration of Conformity This device complies wi
49. 6 7 8 9 3 6 T 8 9 1 2 3 4 5 6 14 Netherlands 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 fs Ghz 36 40 44 48 40 48 36 44 1 2 3 4 5 6 T 8 9 3 6 T 8 9 1 2 3 4 5 6 15 Norway 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 fs Ghz 36 40 44 48 40 48 36 44 iF 2 3 4 5 6 T 8 9 3 6 Ts 8 9 1 2 3 4 5 6 16 Poland 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 sor 36 40 44 48 40 48 36 44 Luxembour 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 17 g 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 o sor 36 40 44 48 40 48 36 44 South 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 18 Africa 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 sGhz 36 40 44 48 40 48 36 44 United 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 19 Kingdom 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 o Ghz 36 40 44 48 40 48 36 44 1 2 3 4 5 6 T 8 9 5 6 Ts 8 9 1 2 3 4 35 6 20 Ireland 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 fs Ghz 36 40 44 48 40 48 36 44 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 21 France 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 Ghz 36 40 44 48 40 48 36 44 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 22 Israel 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 fs Ghz 36 40 44 48 40 48 36 44 1 2 3 4 5 6 7 8 9 5 6 Ts 8 9 1 2 3 4 5 6 23 Korea 2 4Gh
50. Add to create a group e Click Edit to update an existing group e Click Delete to clear an existing group Figure 98 List of groups Security Authentication User Database Groups Qo Q k F i Get User DB Groups Users This page shows the list of added groups to the router The user can add delete and edit the groups also Groups List Show entries Right click on record to get more options q E ADMIN Admin Group GUEST Guest Group Showing 1 to 2 of 2 entries First Previous 1 Next gt Last gt Add New Group Group configuration page allows creating a group with a different type of users The user types are as follows e PPTP User These are PPTP VPN tunnel LAN users that can establish a tunnel with the PPTP server on the WAN e L2TP User These are L2TP VPN tunnel LAN users that can establish a tunnel with the L2TP server on the WAN e Xauth User This user s authentication is performed by an externally configured RADIUS or other Enterprise server It is not part of the local user database e SSLVPN User This user has access to the SSL VPN services as determined by the group policies and authentication domain of which it is a member The domain determined SSL VPN portal will be displayed when logging in with this user type e Admin This is the router s super user and can manage the router use SSL VPN to access network resources and login to L2TP PPTP servers on
51. DEBUG Enabling DOS Attacks DEBUG Disabling ICSA Notification Item for Fragmented Packets DEBUG Restarting Firewall d Y d For s DEBUG Disabling ICSA Notification Item for restartStatus d for LogicallfName Multi cast Packets DEBUG s DEBUG Adding IP MAC binding rule for s MAC address DEBUG Deleting Lan Group s DEBUG Deleting IP MAC binding rule for s MAC DEBUG Adding Lan Group s DEBUG src firewall linux user firewalld c 60 u ndef ADP_DEBUG DEBUG Deleting lan host s from group s DEBUG src firewall linux user firewalld c 62 d efine ADP_DEBUG printf DEBUG Adding lan host s from group s DEBUG Restarting traffic meter with d mins Disabling Firewall Rule for IGMP d hours DEBUG Protocol DEBUG 265 Unified Services Router User Manual Updating traffic meter with d mins Enabling Firewall Rule for IGMP d hours DEBUG Protocol DEBUG Deleting IP MAC Bind Rule for MAC Deleting traffic meter DEBUG address s and IP DEBUG Adding IP MAC Bind Rule for MAC Disabling block traffic for traffic meter DEBUG address s and IP DEBUG Deleting Protocol Bind Rule for Enabling traffic meter DEBUG Service s DEBUG Deleting Protocol Bind Rule for Adding lan group s DEBUG Service s DEBUG Deleting Protocol Bind Rule for Deleting lan group s DEBUG Service s DEBUG Adding Protocol Bind Rule for Service Renaming lan group from s to s DEBUG s DEBU
52. Device Drivers List of Device Drivers l A v _ D Link DWM 156 A5 DWM 156 A6 DWM 157 A1 0 9 CN Chinese Simplified Language Installation Pack Version 1 0 a DE German Language Installation Pack Version 1 0 J ES Spanish Language Installation Pack Version 1 0 o FR French Language Installation Pack Version 1 0 a IT Italian Language Installation Pack Version 1 0 d JP Japanese Language Installation Pack Version 1 0 d D Link DWM 152 A1 DWM 152 A2 DWM 152 A3 DWM 156 A1 DWM 156 A2 DWM 156 A3 DWM 156 A7 DWM 157 B1 DWM 158 D1 Huawei E D 1550 E 173 E 156 E 303 EC 306 ZTE MF 710 RU Russian Language Installation Pack Version 1 0 2 TE Chinese Traditional Language Installation Pack Version 1 0 a First 1 Previous Next gt Last gt List of Default Drivers l D Link DWM 156 A5 DWM 156 A6 DWM 157 A1 09 D Link DWM 152 A1 DWM 152 A2 DWM 152 A3 DWM 156 A1 DWM 156 A2 DWM 156 A3 DWM 156 A7 DWM 157 B1 DWM 158 D1 Huawei E option 09 1550 E 173 E 156 E 303 EC 306 ZTE MF 710 Fist J Previous 1 Next gt tre A Driver for your device not listed click here to see if updates or new drivers are available Manual Install Select Driver No file chosen nsan Install History Install History 196 Unified Services Router User Manual Upon clicking on the link click here a page showing the list of device drivers is displayed Driver Des
53. EK Par la pr sente D Link Corporation d clare que l appareil DSR 1000N est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 CE Con la presente D Link Corporation dichiara che questo DSR 1000N conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999 5 CE Ar so D Link Corporation deklar ka DSR 1000N atbilst Direkt vas 1999 5 EK b tiskaj m pras b m un citiem ar to saist tajiem noteikumiem iuo D Link Corporation deklaruoja kad is DSR 1000N atitinka esminius reikalavimus ir kitas 1999 5 EB Direktyvos nuostatas Hierbij verklaart D Link Corporation dat het toestel DSR 1000N in overeenstemming is met de essenti le eisen en de andere relevante bepalingen van richtlijn 1999 5 EG Hawnhekk D Link Corporation jiddikjara li dan DSR 1000N jikkonforma mal ti ijiet essenzjali u ma provvedimenti o rajn relevanti li hemm fid Dirrettiva 1999 5 EC Alul rott D Link Corporation nyilatkozom hogy a DSR 1000N megfelel a vonatkoz alapveto k vetelm nyeknek s az 1999 5 EC ir nyelv egy b eldirasainak Niniejszym D Link Corporation o wiadcza ze DSR 1000N jest zgodny z zasadniczymi wymogami oraz pozosta ymi stosownymi postanowieniami Dyrektywy 1999 5 EC 306 Unified Services Router User Manual Portugu s Portuguese Slovensko Slovenian Slovensky Slovak ti Suomi Finnish Sv
54. ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Ennon pass ERROR ERROR ERROR ERROR pee apie ERROR ERROR ERROR Unified Services Router User Manual oNtpControl gt ServerNames SECONDARY_SERVE R s DEBUG failed to take lock for compld d ERROR failed to convert ioctl args to buffer DS d DEBUG for ERROR oPriServ s DEBUG request timeout dst d lt src d ERROR oSecServ s DEBUG failed to take lock for compld d ERROR umiloctlArgsToBuf failed to allocate Making request from d gt d DEBUG memory ERROR sent request dst d lt src d using umiRecvFrom could not allocate option d DEBUG memory ERROR received request too small d bytes DEBUG adpMalloc failed ERROR context with ID d already Received a UMI request from d DEBUG registered ERROR Failed to allocate memory for sent a reply src d gt dst d DEBUG creating UMI context ERROR Failed to create recvSem for UMI umiRegister x Xx X x DEBUG context ERROR srcld d s gt destlId d s Failed to create mutex locks for UMI cmd d inLen d outLen d DEBUG context ERROR Failed to create mutex recvQLock for waiting for reply Giving Up DEBUG UMI context ERROR No request in the list after semTake DEBUG Invalid arguments to umiloctl ERROR reply timeout DEBUG could not find the destination context ERROR timeout after
55. ERROR From pnacRadXlateDemoRecv invalid codes received DEBUG Getting WPA IE failed for s ERROR Error from pnacRadXlateDemoRecv malloc failed DEBUG Getting WPS IE failed for s ERROR From pnacRadXlateRadPktHandle Failed initialize authenticator for node received a non supported DEBUG s ERROR Only md5 authentication scheme Failed to get the system up time while currently supported DEBUG adding node s ERROR Message from authenticator DEBUG error creating PNAC port for node s ERROR from pnacPDUXmit bufsize d pktT ype d DEBUG dot1 1NodeAlloc failed ERROR pnacPDUXmit sending eap packet code d DEBUG Invalid arguments ERROR onacRecvRin no corresponding pnac port pae found DEBUG umiloctl UMIl_COMP_IAPP d failed ERROR sending unicast key DEBUG Invalid IE ERROR umiloctl UMl_COMP_KDOT11_ VAP sending broadcast key DEBUG d failed ERROR from pnacAuthPAEDisconnected umiloctl UMI_COMP_KDOT11 d calling pnacTxCannedFail DEBUG d failed ERROR from pnacAuthPAEForceUnauth calling ort _SET_PARAM IEEE80211_ pnacTxCannedFail DEBUG OC_WME_CWMIN failed ERROR KDOT11_SET_PARAM IEEE80211_ state changed from s to s DEBUG OC WME CWMAxX failed ERROR PNAC user comp id not set dropping KDOT11_ SET PARAM IEEE80211_ event d DEBUG OC_WME AIFS failed ERROR KDOT11_SET_PARAM 80211_lOC_ sending event d to d DEBUG WME_TXOPLIMIT failed ERROR KDOT11_SET_PARAM IEEE80211_ requesting k
56. Enable IPv6 firewall rule DEBUG Rip Error Command Too Long ERROR Deleting IGMP proxy rule DEBUG No authentication for Ripv1 ERROR Enable IGMP proxy rule DEBUG Invalid Rip Direction ERROR Restarting IGMP rule DEBUG Invalid Rip Version ERROR Traffic meter enabled with no limit type DEBUG Invalid Password for 1st Key ERROR Traffic meter enabled for only download DEBUG Invalid Time for 1st Key ERROR Traffic meter enabled for both directions DEBUG Invalid Password for 2nd Key ERROR Deleted firewall rule s for service s with action s DEBUG Invalid Time for 2nd Key ERROR s firewall rule s for service s with action s DEBUG Invalid First Keyld ERROR Added firewall rule s for service s with action s DEBUG Invalid Second Keyld ERROR Enabling Inter VLAN routing DEBUG Invalid Authentication Type ERROR Updating inter VLAN routing status DEBUG ripDisable failed ERROR Deleting inter VLAN routing DEBUG ripEnable failed ERROR Facility Local Wireless node s setting s to val d DEBUG sqlite3QueryResGet failed ERROR Custom wireless event s DEBUG sqlite3QueryResGet failed ERROR Wireless event cmd 0x x len d DEBUG VAP s set beacon interval failed ERROR New Rogue AP 02x 02x 02x 02x 02x 02x detected DEBUG VAP s set DTIM interval failed ERROR WPS session in progress ignoring enrolle assoc request DEBUG VAP s set RTS Threshold failed ERROR VAP s set Fragm
57. Figure 152 Device Status display continued Status Status System Information Device WAN2 System LAN Dedicated WAN Rollover WAN Wireless All of your Rollover WAN network connection details are displayed on the Device Status page Rollover WAN Information MAC Address 00 11 BB CC DD 70 IPv4 Address 0 0 0 0 255 255 255 0 IPv Address N A Status DOWN IPv6 Connection Type N A IPv6 Connection State IPv6 is disabled Prefix Obtained N A NAT IPv4 Only Enabled IDA Cannactan Tuna I Internat IPv4 Connection State Not Yet Connected Link State LINK DOWN WAN Mode Use only single port WAN1 Gateway 0 0 0 0 Primary DNS 0 0 0 0 Secondary DNS 0 0 0 0 10 1 2 Resource Utilization Status gt Device Info gt Dashboard The Dashboard page presents hardware and usage statistics The CPU and Memory utilization is a function of the available hardware and current configuration and traffic through the router Interface statistics for the wired connections LAN WANI WAN2 DMZ VLANs provide indication of packets through and packets dropped by the interface Click refresh to have this page retrieve the most current statistics 225 Unified Services Router Figure 153 Resource Utilization statistics VPNs 10 on amp nH W 0 32 1 1 mm IPSec Gateway 0 0 Tunnels Connected IPSec Client 0 0 Tunnels Connected SSL VPN 0 0 Tunnels Connected Figure 154 Resource Utilization data c
58. ICMP pkts sec WAN Security Checks Enable Stealth Mode If Stealth Mode is enabled the router will not respond to port scans from the WAN This makes it less susceptible to discovery and attacks Block TCP Flood If this option is enabled the router will drop all invalid TCP packets and be protected from a SYN flood attack LAN Security Checks Block UDP Flood If this option is enabled the router will not accept more than 20 simultaneous active UDP connections from a single computer on the LAN UDP Connection Limit You can set the number of simultaneous active UDP connections to be accepted from a single computer on the LAN the default is 25 ICSA Settings Block ICMP Notification selecting this prevents ICMP packets from being identified as such ICMP packets if identified can be captured and used in a Ping ICMP flood DoS attack Block Fragmented Packets selecting this option drops any fragmented packets through or to the gateway Block Multicast Packets selecting this option drops multicast packets which could indicate a spoof attack through or to the gateway DoS Attacks SYN Flood Detect Rate max sec The rate at which the SYN Flood can be detected 135 Unified Services Router User Manual Echo Storm ping pkts sec The number of ping packets per second at which the router detects an Echo storm attack from the WAN and prevents further ping traffic from that external address ICMP Flood ICMP pkts
59. If WEP is the chosen security option you must set a unique static key to be shared with clients that wish to access this secured wireless network This static key can be generated from an easy to remember passphrase and the selected encryption length e Authentication select between Open System or Shared Key schemes e Encryption select the encryption key size 64 bit WEP or 128 bit WEP The larger size keys provide stronger encryption thus making the key more difficult to crack e WEP Passphrase enter an alphanumeric phrase and click Generate Key to generate 4 unique WEP keys with length determined by the encryption key size Next choose one of the keys to be used for authentication The selected key must be shared with wireless clients to connect to this device 91 Unified Services Router User Manual Figure 51 Profile configuration to set network security Wireless General Profiles Qe 6 A profile is a grouping of wireless settings which can be shared across multiple APs AP specific settings are configured on the Access Point Configuration page The profile allows for easy duplication of SSIDs security settings encryption methods client authentication etc across APs Profiles List Show entries Right click on record to get more options a defaulti AutoTest Enabled WEP 128 Shared Showing 1 to 1 of 1 entries First Previous 1 Next gt Last Fass new Prone Broadcast SSID Security
60. Java applets can be prevented from being downloaded from internet sites and similarly the gateway can prevent ActiveX controls from being downloaded via Internet Explorer For added security cookies which typically contain session information can be blocked as well for all devices on the private network Figure 73 Content Filtering used to block access to proxy servers and prevent ActiveX controls from being downloaded fT ge Security Security Web Content Filter Static Filtering OQ Q Operation Succeeded Static Filtering Approved URL Blocked Keywords This content filtering option allows the user to block access to certain Internet sites Up to 32 key words in the site s name web site URL can be specified which will block access to the site To setup URLs go to Approved URLs and Blocked Keywords page Static Filtering Content Filtering Web Proxy Java ActiveX Browser Cookies goaded Save Cancel 5 10 2 Approved URLs Security gt Web Content Filter gt Static Filtering gt Approved URI The Approved URLs is an acceptance list for all URL domain names Domains added to this list are allowed in any form For example if the domain yahoo is added to this list then all of the following URL s are permitted access from the LAN www yahoo com yahoo co uk etc Import export from a text or CSV file for Approved URLs is also supported 127 Unified Services Router User Manual Figur
61. No data available in table El rst Pres Next 7 tast z1 f Asa new IPSec Poney Backup Policies List Cee E e en E p a a No data available in table hI First Previous Next gt Last gt IPSec Policy Configuration General Policy Name Policy Type Auto Policy IP Protocol Version IKE Version IKEw1 IPSec Mode Tunnel Mode Select Local Gateway Dedicated WAN Remote Endpoint IP Address IP Address FQDN Enable Mode Config slit Enable NetBIOS Save 142 Unified Services Router User Manual p IPSec Policy Configuration Enable NetBIOS Enable RollOver Protocol Enable DHCP Local Start IP Address ve Local Submet Mask Remate IP Subnet Remote Start IP Address Remote Subnet Mask ill Enable Keepalive Phasel IKE 5A Parameters 7 ave Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase 1 Phase 2 negotiation to use for the tunnel This is covered in the IPsec mode setting as the policy can be Manual or Auto For Auto policies the Internet Key Exchange IKE protocol dynamically exchanges keys between two IPsec hosts The Phase 1 IKE parameters are used to define the tunnel s security association details The Phase 2 Auto policy parameters cover the security association lifetime and encryption authentication details of the phase 2 key negotiation The VPN policy is one half of the IKE VPN
62. PPTP or L2TP ISP servers The router acts as a broker device to allow the ISP s server to create a TCP control connection between the LAN VPN client and the VPN server PPTP Tunnel Support VPN gt PPTP VPN gt Client PPTP VPN Client can be configured on this router Using this client we can access remote network which is local to PPTP server Once client is enabled the user can access VPN gt PPTP VPN gt Active Users page and establish PPTP VPN tunnel clicking Connect To disconnect the tunnel click Drop 146 Unified Services Router User Manual Figure 88 PPTP tunnel configuration PPTP Client CAS VPN Q VPN PPTP VPN Client PPTP VPN Client can be configured on this router Using this client we can access remote network which is local to PPTP server PPTP Client Server IP 0 0 0 0 Remote Network 0 0 0 0 l Remote Netmask Range 0 32 Mppe Encryption C Idle Time Out fo Ss Range 300 1800 Seconds Auto Dial C Save Cancel Figure 89 PPTP VPN connection status VPN PPTPVPN Active Users Q Active PPTP tunnels connections are listed here as LAN VPN clients are active PPTP users PPTP Active Users List Show entries No right click options a No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last gt VPN gt PPTP VPN gt Server A PPTP VPN can be established through this router Once enabled a PPTP server i
63. Pinging lt IP address gt with 32 bytes of data Request timed out 5 Ifthe path is not working Test the physical connections between PC and router e Ifthe LAN port LED is off go to the LED displays section on page B 1 and follow instructions for LAN or Internet port LEDs are not lit e Verify that the corresponding link LEDs are lit for your network interface card and for any hub ports that are connected to your workstation and firewall 6 Ifthe path is still not up test the network configuration e Verify that the Ethernet card driver software and TCP IP software are installed and configured on the PC e Verify that the IP address for the router and PC are correct and on the same subnet 11 3 2 Testing the LAN path from your PC to a remote device From the PC s Windows toolbar select Start gt Run 2 Type ping n 10 lt IP_address gt where n 10 specifies a maximum of 10 tries and lt IP address gt is the IP address of a remote device such as your ISP s DNS server Example ping n 10 10 1 1 1 3 Click OK and then observe the display see the previous procedure 4 Ifthe path is not working do the following e Check that the PC has the IP address of your firewall listed as the default gateway If the IP configuration of your PC is assigned by DHCP this information 1s not visible in your PC s Network Control Panel 236 Unified Services Router User Manual e Verify that the network
64. Who is it fib_add_ifaddr bug prim NULL fib_ del_ifaddr bug prim NULL expire gt gt u d d d expire expire u d d d expire rt_cache 02x u u u u hash rt_bind_peer 0 p ip_rt_advice redirect to ip_rt bug u u u u gt U U oU U WS S lookup policy list found s s called output START FUNCTION _ s flow dst s _ FUNCTION XFRMSTRADDR fl gt fl4_dst family Ss flow src s FUNCTION _ XFRMSTRADDR fl gt fl4_src family s flow dst s _ FUNCTION _ XFRMSTRADDR fl gt fl6_ dst family s flow src S FUNCTION _ XFRMSTRADDR fl gt fl6_src family a guy asks for address mask Who is it icmp v4 hw csum failure expire gt gt u d d d expire expire u d d d expire rt_cache 02x u u u u hash rt_bind_peer 0 p NET CALLER iph lp_rt_advice redirect to ip_rt bug u u u u gt U U U U KS UDP short packet From MU U YU YU U d d to ouU oU U YoU YU UDP bad checksum From d d d d d to d d d d d ulen d REJECT ECHOREPLY no longer supported DEBUG enie User Manual 802 111 TKIP test vectors passed DEBUG S buf DEBUG Atheros HAL assertion failure s line Yu s DEBUG ath_hal logging to s s ath_hal_logfile DEBUG ath_hal logging disabled DEBUG S S sep ath_hal_buildopts i DEBUG a
65. Wireless Wizard This wizard will guide you through common and easy steps to configure your routers wireless interface Run Dynamic DNS Wizard This Wizard helps in configuring Dynamic DNS Security Wizard This wizard will guide you in configuring default Outbound Policy VPN Passthrough and VPN Network Settings Run Users Wizard This Wizard guides you in creating a new user Run Date and Time Wizard This Wizard helps you in configuring Date WAN 1 or WAN 2 settings and Time settings To easily establish a VPN tunnel using VPN Wizard follow the steps below 1 Select the VPN tunnel type to create e The tunnel can either be a gateway to gateway connection site to site or a tunnel to a host on the internet remote access e Set the Connection Name and pre shared key the connection name is used for management and the pre shared key will be required on the VPN client or gateway to establish the tunnel The pre shared key has a maximum length of 64 digits e Determine the local gateway for this tunnel if there is more than one WAN configured the tunnel can be configured for either of the gateways 2 Configure Remote and Local WAN address for the tunnel endpoints Remote Gateway Type identify the remote endpoint of the tunnel by FQDN or static IP address e Remote WAN IP address FQDN This field is enabled only if the peer you are trying to connect to is a Gateway For VPN Clients this IP address o
66. a list of clients MAC addresses blocked by admin Block MAC Clients List Show entries Right click on record to get more options l a No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last 5 Add New Blocked Clients 2 5 2 Captive Portals on a VLAN Network gt VLAN gt VLAN Settings Captive Portals can be enabled on a per VLAN basis Hosts of a particular VLAN can be directed to authenticate via the Captive Portal which may be a customized portal with unique instructions and branding as compared to another VLAN The most critical aspect of this configuration page is choosing the authentication server All users VLAN hosts that want to gain internet access via the selected Captive Portal will be authenticated through the selected server 41 Unified Services Router User Manual Figure 19 VLAN based configuration of Captive Portals Network Network VLAN VLAN Settings Q The router supports virtual network isolation on the LAN with the use of VLANs LAN devices can be configured to communicate in a subnetwork defined by VLAN identifiers VLAN Configuration Vlan Enable lt E F VLAN List Default 1 192 168 50 1 255 255 255 0 VLAN ID Default 1 Range 2 4093 Name Activate Inter VLAN Routing Multi VLAN Subnet IP Address Subnet Mask DHCP DHCP Mode None DHCP Server DHCP Relay LAN Proxy Enable DNS Proxy
67. active and effective until the network changes The List of Static Routes displays all routes that have been added manually by an administrator and allows several operations on the static routes The List of IPv4 Static Routes and List of IPv6 Static Routes share the same fields with one exception Name Name of the route for identification and management Active Determines whether the route is active or inactive A route can be added to the table and made inactive if not needed This allows routes to be used as needed without deleting and re adding the entry An inactive route is not broadcast if RIP is enabled Private Determines whether the route can be shared with other routers when RIP is enabled If the route is made private then the route will not be shared in a RIP broadcast or multicast This is only applicable for IPv4 static routes Destination the route will lead to this destination host or IP address IP Subnet Mask This is valid for IPv4 networks only and identifies the subnet that is affected by this static route Interface The physical network interface WANI WAN2 WAN3 DMZ or LAN through which this route is accessible Gateway IP address of the gateway through which the destination host or network can be reached Metric Determines the priority of the route If multiple routes to the same destination exist the route with the lowest metric is chosen 74 Unified Services Router User Manual
68. all EU member states and EFTA countries under the following conditions and or with the following restrictions In Italy the end user should apply for a license at the national spectrum authorities in order to obtain authorization to use the device for setting up outdoor radio links and or for supplying public access to telecommunications and or network services This device may not be used for setting up outdoor radio links in France and in some areas the RF output power may be limited to 10 mW EIRP in the frequency range of 2454 2483 5 MHz For detailed information the enduser should contact the national spectrum authority in France This device is a 5 GHz wideband transmission system transceiver intended for use in all EU member states and EFTA countries under the following conditions and or with the following restrictions This device may only be used indoors in the frequency bands 5150 5250 MHz In France and Luxembourg a limited implementation of the frequency bands 5150 5250 MHz and 5250 5350 MHz In Luxermbourg it is not allowed to make use of the frequency band 5470 5725 MHz End users are encouraged to contact the national spectrum authorities in France and Luxembourg in order to obtain the latest information about any restrictions in the 5 GHz frequency band s C 4 0560 305 Unified Services Router Cesky Czech Dansk Danish Deutsch German Eesti Estonian English Espanol
69. all persons and must not be co located or operating in conjunction with any other antenna or transmitter This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range Non modification Statement Use only the integral antenna supplied by the manufacturer when operating this device Unauthorized antennas modifications or attachments could damage the TI Navigator access point and violate FCC regulations Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment Canadian Department of Communications Industry Canada IC Notice This Class B digital apparatus complies with Canadian ICES 003 and RSS 210 Cet appareil num rique de la classe B est conforme a la norme NMB 003 et CNR 210 du Canada ndustry Canada Statement This device complies with RSS 210 of the Industry Canada Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation IMPORTANT NOTE Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment End users 304 Unified Services Router User Manual must follow the specific operating instructions for satisfying RF exposure compliance To maintain compliance with IC RF exposure c
70. applied in its entirety 197 Unified Services Router User Manual Chapter 9 Administration amp Management 9 1 Configuration Access Control The primary means to configure this gateway via the browser independent GUI The GUI can be accessed from LAN node by using the gateway s LAN IP address and HTTP or from the WAN by using the gateway s WAN IP address and HTTPS HTTP over SSL Administrator and Guest users are permitted to login to the router s management interface The user type is set in the Advanced gt Users gt Users page The Admin or Guest user can be configured to access the router GUI from the LAN or the Internet WAN by enabling the corresponding Login Policy 198 Unified Services Router User Manual Figure 130 User Login policy configuration tf Security Authentication User Database Groups Q Get User DB Groups Users This page shows the list of added groups to the router The user can add delete and edit the groups also Groups List T A ove ADMIN Admin Group GUEST Guest Group Aaa New Group Login Policies ADMIN Allow GUEST Deny KI First Previous 1 Next gt Last 2 Group Name ADMIN T Disable Login di Deny Login from WAN Interface Save 9 1 1 Admin Settings Maintenance gt Administration gt System settings 199 Unified Services Router User Manual This page allows one to set the name
71. are enabled e Username Enter the username required to log in to the ISP e Password Enter the password required to login to the ISP e Authentication Type The type of Authentication in use by the profile Auto Negotiate PAP CHAP MS CHAP MS CHAPv2 e Dhcpv6 Options The mode of Dhcpv6 client that will start in this mode disable dhcpv6 stateless dhcpv6 stateful dhcpv6 stateless dhcpv6 with prefix delegation e Primary DNS Server Enter a valid primary DNS Server IP Address 57 Unified Services Router User Manual Secondary DNS Server Enter a valid secondary DNS Server IP Address Click Save Settings to save your changes 3 2 8 Checking WAN Status Status gt System Information gt Device gt WANx The connection status and a summary of configured settings for all WAN interfaces are available on the WAN Status page You can view the following key connection status information for each WAN port Connection time The connection uptime Connection type Dynamic or Static IP address Connection state This is whether the WAN is connected or disconnected to an ISP The Link State is whether the physical WAN connection in place the Link State can be up i e cable inserted while the WAN connection state is down IP address subnet mask IP Address assigned Gateway IP address WAN Gateway Address 58 Unified Services Router User Manual Figure 28 Connection Status information for both WAN ports Status Stat
72. are needed to access the internal domain of the ISP where he hosts various services These routes can even be configured through the static routing page as well Figure 24 WAN configuration for Japanese Multiple PPPoE part 2 its in figure 22 itself Secondary PPPoE Profile Configuration Address Mode Dynamic IP Static IP IP Address 0 0 0 0 IP Subnet Mask 0 0 0 0 User Name dlink Password sesse Service Optional Authentication Type Auto negotiate Reconnect Mode Always On On Demand Maximum Idle Time E Secondary PPPoE Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP Primary DNS Server 0 0 0 0 Secondary DNS Server 0 0 0 0 Mac Address MAC Address Source Use Default Address A MAC Address 00 00 00 00 00 00 3 2 5 Russia L2TP and PPTP WAN For Russia L2TP WAN connections you can choose the address mode of the connection to get an IP address from the ISP or configure a static IP address provided by the ISP For DHCP client connections you can choose the MAC address of the router to register with the ISP In some cases you may need to clone the LAN host s MAC address if the ISP is registered with that LAN host 51 Unified Services Router User Manual Figure 25 Russia L2TP ISP configuration Network Network Internet WAN1 Settings Q is This page allows you to set up your Internet connection Ensure that you have the Internet connect
73. ccc ccesseceeeneees 145 PPTP tunnel configuration PPTP CIiO nt ic ccccccccccessseeceeessseeeceeessseeeeeeessseeceeens 147 PP TP VPN COMMECUION SLATS eseye eera e ee ea E een aai 147 PPTP tunnel configuration PPTP Server csoiscnni i E a 148 L2TP tunnel configuration L2TP Server nn ccc cccccccsscccsssccesssccesseecesseecssseeeesseeeesseeeeses 149 L2TP tunnel configuration L2TP Client casintsrcrtasecruartsetsens cashvetiwlacued duareas taouecsa cap teeadielatens 151 GRE TUNME CONMGUGATIO Misioen AE A E 132 Pen VIN CONIU UON eaa A A 154 OpenVPN Remote Network esciconncslaninni seats aleatnee Si an 154 OpenVPN AUTNS NICATION cciscincvacveudissnsidesoannsevadsesddousudsostaads a i 155 Example of clientless SSL VPN connections to the DSR ee cccsssecceeteeeeenseees 158 LIST OF QROUDS setahets ta easha et Sek ee eet eae ea ea 159 Unified Services Router User Manual Figure 99 User group configuration cc ceessccesssecssssecsssnecssscecsescecsessecseseecseseecssssecsensesssssesssseessnees 160 Figure 100 SoLEV PN SSNS cier a A T Biante ae a Rea ee 161 Figure 101 Group login POIICIES OPTIONS ensien ee aloe ete eee 162 Figure 102 Browser policies Options cscssssccsssecsssnecsscecsssnecssseecsessecseseecseesecssseecseseesssnsessnees 163 FIQUEG TOS HIF DONCISS ODTOINS esiisa naai ai iaeo adoi naina 164 Figure 104 Available Users with login status and associated Grou ccccccccssccceesseceeesss
74. complete URLs or keywords Keywords prevent access to websites that contain the specified characters in the URLs or the page contents The table lists all the Blocked keywords and allows several operations on the keywords Blocked All URL Configuration Block ALl URL OFF Blocked Keywords List Show entries Right click on record to get more options q GUN Enabled Showing 1 to 1 of 1 entries J First Previous 1 Next gt Last 7 Add New Keyword Upload Keywords List from File Export Keywords List to File 5 10 4 Export Web Filter Security gt Web Content Filter gt Static Filtering gt Approved URL Export Approved URLs Feature enables the user to export the URLs to be allowed to a cSV comma separated value file which can then be downloaded to the local host The user has to click the export button to get the csv file Export Blocked Keywords This feature enables the user to export the keywords to be blocked to a csv file which can then be downloaded to the local host The user has to click the export button to get the csv file 129 Unified Services Router User Manual Figure 76 Export Approved URL list Security Security Web Content Filter Static Filtering Approved URL Static Filtering Approved URL Blocked Keywords This page displays the approved URLs The list of websites here are always allowed to be accessed and have higher priority than any configured
75. custom page for remote SSL VPN users that is presented upon authentication There are various fields in the portal that are customizable for the domain and this allows the router administrator to communicate details such as login instructions available services and other usage details in the portal visible to remote users During domain setup configured portal layouts are available to select for all users authenticated by the domain 177 Unified Services Router User Manual X The default portal LAN IP address is https 192 168 10 1 scgi bin userPortal portal This is the same page that opens when the User Portal link is clicked on the SSL VPN menu of the router GUI The router administrator creates and edits portal layouts from the configuration pages in the SSL VPN menu The portal name title banner name and banner contents are all customizable to the intended users for this portal The portal name is appended to the SSL VPN portal URL As well the users assigned to this portal through their authentication domain can be presented with one or more of the router s supported SSL services such as the VPN Tunnel page or Port Forwarding page To configure a portal layout and theme following information is needed Portal layout name A descriptive name for the custom portal that is being configured It is used as part of the SSL portal URL Portal site title The portal web browser window title that appears when the client
76. d retryCnt d wh u_int16_t amp wh gt i_seq O gt gt 4 0 bf gt bf_isswretry bf gt bf_swretries DEBUG s Wrong Key Length func __ ERROR Buffer 08X gt Next 08X Prev 08X Last 08X bf TAILQ_NEXT bf bf_list Stas 08X flag 08X Node 08X bf gt bf_ status bf gt bf_ flags of gt bf_node Descr 08X gt Next 08X Data 08X CtlO 08X Ctl1 08X bf gt bf_daddr ds gt ds_link ds gt ds_ data ds gt ds_ctl0 ds gt ds_ctl1 DEBUG s Wrong parameters func __ ERROR Ctl2 08X Ctl3 08X Sta0 08X Stal1 08X ds gt ds_hw 0 ds gt ds_hw 1 lastds gt ds_hw 2 lastds gt ds_hw 3 DEBUG s Wrong parameters func __ ERROR DEBUG s Wrong parameters _ func __ ERROR DEBUG ERROR s Wrong parameters _func__ 296 Unified Services Router Error entering wow mode Wakingup due to wow signal S wowStatus Ox x func wowStatus Pattern added already Error All the d pattern are in use Cannot add a new pattern MAX_NUM_PATTERN Pattern added to entry d i Remove wake up pattern mask p pat p maskBytes patternBytes mask x pat x U_int32_t maskBytes u_int32_t patternBytes Pattern Removed from entry d Error Pattern not found PPM STATE ILLEGAL x x forcePpmStateCur afo gt forceState FORCE_PPM 4d 6 6x 8 8x B BX B 8X 3 3X 4 4X failed to allocate tx descriptors d error failed to allocate beacon
77. deleted in bridge DEBUG ddnsDisable failed ERROR removing s from bridge S s DEBUG sqlite3QueryResGet failed Query s ERROR adding s to bridge S s DEBUG sqlite3QueryResGet failed Query s ERROR stopping bridge DEBUG ddnsDisable failed ERROR stopping bridge DEBUG failed to call ddns enable ERROR stopping bridge DEBUG ddnsDisable failed ERROR s DBUpdate event Table s opCode d rowld d DEBUG sqlite3QueryResGet failed Query s ERROR Error in executing DB update Wan is not up DEBUG handler ERROR S DBUpdate event Table s opCode d rowld d DEBUG sqlite3QueryResGet failed Query s ERROR doDNS failed DEBUG Illegal invocation of ddnsView s ERROR doDNS failed DEBUG sqlite3QueryResGet failed Query s ERROR doDNS Result FAILED DEBUG sqlite3QueryResGet failed Query s ERROR doDNS Result SUCCESS DEBUG ddns SQL error s ERROR Write Old Entry s s s to s DEBUG Illegal operation interface got deleted ERROR DEBUG sqlite8QueryResGet failed Query s Write New Entry s s s to s DEBUG salite3QueryResGet failed Query s ERROR Write Old Entry s s S to s ERROR Write New Entry s S S to s DEBUG sqlite3QueryResGet failed Query s ERROR ifStaticMgmtDBUpdateHandler returning with DEBUG ddnsDisable failed ERROR nimfLinkStatusGet buffer DEBUG ddns SQL erro
78. existing rules in the List of Available Firewall Rules table 2 To edit or add an outbound or inbound services rule do the following e To edit a rule click the checkbox next to the rule and click Edit to reach that rule s configuration page e To add a new rule click Add to be taken to a new rule s configuration page Once created the new rule is automatically added to the original table 3 Chose the From Zone to be the source of originating traffic either the secure LAN public DMZ or insecure WAN For an inbound rule WAN should be selected as the From Zone Choose the To Zone to be the destination of traffic covered by this rule If the From Zone is the WAN the To Zone can be the public DMZ or secure LAN Similarly if the From Zone is the LAN then the To Zone can be the public DMZ or insecure WAN Parameters that define the firewall rule include the following Service ANY means all traffic is affected by this rule For a specific service the drop down list has common services or you can select a custom defined service Action amp Schedule Select one of the 4 actions that this rule defines BLOCK always ALLOW always BLOCK by schedule otherwise ALLOW or ALLOW by schedule otherwise BLOCK A schedule must be preconfigured in order for it to be available in the dropdown list to assign to this rule Source amp Destination users For each relevant category select the users to which the rule applies
79. firewall rules that control traffic to and from your network The List of Available Firewall Rules table includes all firewall rules for this device and allows several operations on the firewall rules IPv6 Firewall Rules Default Outbound Policy for IPv6 Always Allow O Block Show 10 entries Right click on record to get more options Q 4 a A A A A A A A gv 4 4 4 4 ov 4 No data available in table Showing 0 to 0 of 0 entries N First Previous Next gt Last T Add New IPv6 Firewall Rule ge rh Firewall Poles Confiaouratin vO v Firewall Rules Configuration x Bo From fone SECURE LAN To Zone INSECURE WAN Service ANY T Action Block Always Source Hosts O Any Single Address O Address Range From 192 166 1 22 Prefix Length Range 0 128 Destination Hosts O Any Single Address O Address Range Log O Never Always Save 114 Unified Services Router User Manual Figure 64 List of Available IPv6 Firewall Rules a Security Security Firewall Firewall Rules IPv6 Firewall Rules Qo Q IPv4 Firewall Rules Firewall Rules IPv Firewall Rules Firewall Rules A firewall is a security mechanism to selectively block or allow certain types of traffic in accordance with rules specified by network administrators You can use this page to manage the firewall rules that control traffic to and from your network The List of Available Firewall Rules table
80. first difference at byte u i DEBUG S t gt name DEBUG FAIL ieee80211_crypto_newkey failed DEBUG 280 Unified Services Router s addr del 02X 02X 02X 02X 02X 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 S mac_undefined O02K 02XK 02K 02XK 0V2K 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 S set float d d IRQ 32 is triggered ip_finish_output2 No header cache and no neighbour a guy asks for address mask Who is it icmp v4 hw csum failure expire gt gt u d d d expire expire u d d d expire rt_cache 02x uU u u u hash rt_bind_peer 0 p NET _CALLER iph ip_rt_advice redirect to ip_rt bug u u uU u gt U U U U WS udp cork app bug 2 udp cork app bug 3 udp v4 hw csum failure UDP short packet From U YU YOU YU U d Yod to YU U U U u UDP bad checksum From d d d d d to d d d d d ulen d S lookup policy list found s s called output START _ FUNCTION __ s flow dst s _ FUNCTION _ XFRMSTRADDR fl gt fl4_dst family S flow src s FUNCTION _ XFRMSTRADDR fl gt fl4_src family s flow dst s _ FUNCTION _ XFRMSTRADDR fl gt fl6_ dst family S flow src s FUNCTION _ XFRMSTRADDR fl gt fl6_src family a guy asks for address mask Who is it icmp v4 hw csum failure expire gt gt u d d d expire expire u d d
81. get more options a No data available in table Showing 0 to 0 of 0 entries k First Previous Next gt Last gt Add CA File 8 4 2 NT Domain Server Security gt Authentication gt External Auth Server gt NT Domain The NT Domain server allows users and hosts to authenticate themselves via a pre configured Workgroup field Typically Windows or Samba servers are used to manage the domain of authentication for the centralized directory of authorized users 186 Unified Services Router Radius Server POP3 Server POP3 Trusted CA LDAP Server AD Server NT Domain NT Domain Configuration Server Check Authentication Server 1 Primary Authentication Server 2 Secondary Authentication Server 3 Optional Workgroup Second Workgroup Third Workgroup Timeout Retries First Administrator Account Password First Server Hostname Second Administrator Account Password Second Server Hostname Third Administrator Account Password Figure 121 NT Domain Authentication Server configuration Security Authentication External Auth Server NT Domain This page allow you to configure NT Domain servers Server Checking Options PY Oia Option Po Option Range 1 999 Seconds Range 5 9 admin Optional CELEI l Optional Po S Oa PO tina Potion Optional Optional Po ptiona User Manual Third Server Hostname Potion 8 4 3 RADIUS Server Securit
82. gt rf_pulseid NOL WARNING 10 minute CAC period as channel is a weather radar channel s disable detects func _ s enable detects func _ s disable FFT val Ox x func val s enable FFT val 0x x func __ val s debug level now 0x x __func__ dfs_debug level RateTable d maxvalidrate d ratemax d pRc gt rateTableSize k oRc gt rateMaxPhy s txRate value of 0x x is bad __FUNCTION __ txRate Valid Rate Table DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ike er er DEBUG DEBUG DEBUG DEBUG Da DEBUG DEBUG enuo DEBUG DEBUG DEBUG ina DEBUG User Manual Module s failed to initialize buf ERROR ath_pci 32 bit DMA not available ERROR ath_pci cannot reserve PCI memory region ERROR ath_pci cannot remap PCI memory region ERROR ath_pci no memory for device state ERROR s unable to attach hardware s HAL status u ERROR s HAL ABI mismatch ERROR s failed to allocate descriptors d ERROR s unable to setup a beacon xmit queuel ERROR S unable to setup CAB xmit queuel ERROR s unable to setup xmit queue for s traffic ERROR s unable to register device dev gt name ERROR s autocreation of VAP failed d ERROR ath_dev_probe no memory for device state ERROR kdot1 1RogueAPEnable called
83. host will rely on an external DHCPv6 server to provide required configuration settings e The domain name of the DHCPV6 server is an optional setting e Server Preference is used to indicate the preference level of this DHCP server DHCP advertise messages with the highest server preference value to a LAN host are preferred over other DHCP server advertise messages The default is 255 e The DNS server details can be manually entered here primary secondary options An alternative is to allow the LAN DHCP client to receive the DNS server details from the ISP directly By selecting Use DNS proxy this router acts as a proxy for all DNS requests and communicates with the ISP s DNS servers a WAN configuration parameter e Primary and Secondary DNS servers If there is configured domain name system DNS servers available on the LAN enter the IP addresses here e Lease Rebind time sets the duration of the DHCPv6 lease from this router to the LAN client IPv6 Address Pools This feature allows you to define the IPv6 delegation prefix for a range of IP addresses to be served by the gateway s DHCPv6 server Using a delegation prefix you can automate the process of informing other networking equipment on the LAN of DHCP information specific for the assigned prefix Prefix Delegation The following settings are used to configure the Prefix Delegation e Prefix Delegation Select this option to enable prefix delegation in DHCPv6 server This
84. in table Tat Provo Newt 7 L a Ens or Maintenance Maintenance Management SNMP Access Control List SNMP Trap List Access Control List SNMP System Info The table lists all IP addresses of SNMP agents to which the router will allows several operations on the SNMP agents Access Control List No data available in table LIN First J Previous Next gt Last gt Add Access Control Maintenance gt Management gt SNMP gt SNMP System Info The router is identified by an SNMP manager via the System Information The identifier settings The SysName set here is also used to identify the router for SysLog logging 204 Unified Services Router User Manual Figure 136 SNMP system information for this router 3 Maintenance Maintenance Management SNMP SNMP System Info SNMP Trap List Access Control List SNMP System Info This page displays the current SNMP configuration of the router The following MIB Management Information Base fields are displayed and can be modified here SNMP System Info SysContact SysLocation SysName DSR 250N Save Cancel 9 3 Configuring Time Zone and NTP Maintenance gt Administration gt Date and Time You can configure your time zone whether or not to adjust for Daylight Savings Time and with which Network Time Protocol NTP server to synchronize the date and time
85. includes all firewall rules for this device and allows several operations on the firewall rules IPv6 Firewall Rules Default Outbound Policy for IPv6 Always Allow I Block Show entries Right click on record to get more options a No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last gt Add New IPv6 Firewall Rule 5 4 1 Firewall Rule Configuration Examples Example 1 Allow inbound HTTP traffic to the DMZ Situation You host a public web server on your local DMZ network You want to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day Solution Create an inbound rule as follows Example 2 Allow videoconferencing from range of outside IP addresses 115 Unified Services Router User Manual Situation You want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses 132 177 88 2 132 177 88 254 from a branch office Solution Create an inbound rule as follows In the example CUSeeMe the video conference service used connections are allowed only from a specified range of external IP addresses Example 3 Multi NAT configuration Situation You want to configure multi NAT to support multiple public IP addresses on one WAN port interface Solution Create an inbound rule that configures the firewall to host an additional public IP address Associate
86. is open to the public but behind the firewall The DMZ adds an additional layer of security to the LAN as specific services ports that are exposed to the internet on the DMZ do not have to be exposed on the LAN It is recommended that hosts that must be 32 Unified Services Router User Manual exposed to the internet such as web or email servers be placed in the DMZ network Firewall rules can be allowed to permit access specific services ports to the DMZ from both the LAN or WAN In the event of an attack to any of the DMZ nodes the LAN is not necessarily vulnerable as well Network gt Internet gt DMZ DHCP Reserved IPs DMZ configuration is identical to the LAN configuration There are no restrictions on the IP address or subnet assigned to the DMZ port other than the fact that it cannot be identical to the IP address given to the LAN interface of this gateway 33 Unified Services Router User Manual Figure 13 DMZ configuration Network Network Internet DMZ DHCP Reserved IPs Qo This page allows user to configure the reserved IP Addresses for the DHCP Server confieuration ln order to ensure certain DMZ devices always receive the same IP address when DHCP is enabled on the DMZ bind the DMZ device s MAC address to a preferred IP address This IP address will only be assigned to the matching MAC address DMZ DHCP Reserved IPs List No data available in table Network Network Internet DMZ Settings
87. iv_dev gt name s s s vap gt iv_dev gt name ether_sprintf mac buf s s discard s frame s vap gt iv_dev gt name s s discard frame s vap gt iv_dev gt name s s discard s information element s s s discard information element WS s s discard s frame s vap gt iv_dev gt name s s discard frame s vap gt iv_dev gt name HBR list dumpNode tAddress t t tState tT rigger t Block Nodes informationAddress t t tBlock t tDroped VI frames A t 2 OX 2 2OX 2 2X 2 2X o2 2X 2 2xX t Ms t Ms t S 2 2X o2 2X o2 2X Yo2 2X o2 2X o2 2x t s t t od d tFunction t s j ni gt node_trace i funcp Yod tMacAdadr t s j Yd tDescp t t s j ni gt node_trace i descp DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ll header Unable to create ip set_list ip_conntrack_in Frag of proto u hook u ae to ae netfilter socket option Unable to create ip conntrack_hash Unable to create ip _conntrack slab cache Unable to create ip set_hash Unable to create ip expect slab cache Unable to create ip _set_iptreeb slab cache Unable to create ip _set_iptreed slab cache S Cannot allocate space for scompressor fname s cannot allocate space for MPPC history s cannot allocate space for MPPC history s cannot load ARC4 module fname s cannot load SHA1 module fname s CryptoAPI SHA1 digest size
88. lanUptime File Error Opening the lanUptime File failed to open s failed to open s failed to query networkInterface table failed to query networkInterface table sqlite3QueryResGet failed Query s failed to enable IPv6 forwarding failed to set capabilities on the failed to enable IPv6 forwarding failed to set capabilities on the failed to disable IPv6 forwarding failed to set capabilities on the failed to open s Could not create ISATAP Tunnel Could not destroy ISATAP Tunnel Could not configure ISATAP Tunnel Could not de configure ISATAP Tunnel nimfStatus Update updating NimfStatus failed nimfStatus Update updating NimfStatus failed nimfLinkStatusGet determinig link s status failed nimfLinkStatusGet opening status file failed 246 User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR E ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Rnon ERROR Unified Services Router User Manual s DBUpdate event Table s opCode d rowld d DEBUG Failed to commit ERROR s d SIP ENABLE s DEBUG ifStatusDBUpdate Failed to begin ERROR sip TolHandler failed to update ifStatic DEBUG s SQL error s ERROR sipTblHandler failed to update Configport DEBUG s Fa
89. medio de la presente D Link Corporation declara que el DSR 500N cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999 5 CE ME THN MAPOY A D Link Corporation AHAQNEI OTI DSR 500N 2YMMOP ONETAI MPO2 TI OYZIOAEI2 AMAITH2ZEI2 KAI TI AOINE2 2XETIKE2 AIATAZEI TH OAHTIA 1999 5 EK Par la pr sente D Link Corporation d clare que l appareil DSR 500N est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 CE Con la presente D Link Corporation dichiara che questo DSR 500N conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999 5 CE Ar o D Link Corporation deklar ka DSR 500N atbilst Direkt vas 1999 5 EK b tiskaj m pras b m un citiem ar to saist tajiem noteikumiem iuo D Link Corporation deklaruoja kad is DSR 500N atitinka esminius reikalavimus ir kitas 1999 5 EB Direktyvos nuostatas Hierbij verklaart D Link Corporation dat het toestel DSR 500N in overeenstemming is met de essenti le eisen en de andere relevante bepalingen van richtlijn 1999 5 EG Hawnhekk D Link Corporation jiddikjara li dan DSR 500N jikkonforma mal ti ijiet essenzjali u ma provvedimenti o rajn relevanti li hemm fid Dirrettiva 1999 5 EC Alul rott D Link Corporation nyilatkozom hogy a DSR 500N megfelel a vonatkoz alapveto k vetelm nyeknek s az 1999
90. message Click Don t Save Settings to reset Receiver and Text Message fields 8 4 External Authentication The local user database present in the router itself is typically used for granting management access for the GUI or CLI External authentication servers are typically more secure and can be used for allowing wireless AP connections authenticating IPsec endpoints and even allowing access via a Captive Portal on the VLAN This section describes the available authentication servers on the router and also the configuration requirements In all cases the Server Checking button is used to verify connectivity to the configured server s 8 4 1 POP3 Server Security gt Authentication gt External Auth Server gt POP3 Server POP3 is an application layer protocol most commonly used for e mail over a TCP IP connection The authentication server can be used with SSL encryption over port 995to send encrypted traffic to the POP3 server The POP3 server s certificate is verified by a user uploaded CA certificate If SSL encryption is not used port 110 will be used for the POP3 authentication traffic The DSR router acts only as a POP3 client to authenticate a user by contacting an external POP3 server This authentication option is available for IPsec PPTP L2TP 184 Unified Services Router User Manual Server and Captive Portal users Note that POP3 for PPTP L2TP servers is supported only with PAP and not with CHAP MSCHAP
91. message will be logged Make sure the log option is set to allow for this firewall rule ex Enabling accepted packet logging through the firewall may generate a significant volume of log messages depending on the typical network traffic This is recommended for debugging purposes only In addition to network segment logging unicast and multicast traffic can be logged Unicast packets have a single destination on the network whereas broadcast or multicast packets are sent to all possible destinations simultaneously One other useful log control is to log packets that are dropped due to configured bandwidth profiles over a particular interface This data will indicate to the admin whether the bandwidth profile has to be modified to account for the desired internet traffic of LAN users 208 Unified Services Router User Manual Figure 139 Log configuration options for traffic through router 8 Maintenance Maintenance Logs Settings Routing Logs The table lists all the available routing Logs in the system Routing Logs Routing Log Accepted Packets Dropped Packets LAN to WAN C a C a WAN to LAN Cea C a WAN to DMZ Cem C ea DMZ to WAN Cea C a LAN to DMZ C a Cea DMZ to LAN C a C a VLAN to VLAN C a Maintenance gt Log Settings gt IPv6 logs This page allows you to configure the IPv6 logging Figure 140 IPv6 Log configuration options for traffic through router O Maintenance Maintenance
92. more options al No data available in table Showing 0 to 0 of 0 entries First Previous Next p Last L il J Jl Add New Advertisement Prefix Advertiseme nt Prefix Configuration xE IPv Prefix Type 6tod Global Local ISATAP SLA ID tRange 0 999 Prefix Lifetime fs Range 5 65536 Seconds 2 2 VLAN Configuration The router supports virtual network isolation on the LAN with the use of VLANs LAN devices can be configured to communicate in a sub network defined by VLAN identifiers LAN ports can be assigned 25 Unified Services Router User Manual unique VLAN IDs so that traffic to and from that physical port can be isolated from the general LAN VLAN filtering is particularly useful to limit broadcast packets of a device in a large network VLAN support is enabled by default in the router In the VLAN Configuration page enable VLAN support on the router and then proceed to the next section to define the virtual network Network gt VLAN gt VLAN Settings The Available VLAN page shows a list of configured VLANs by name and VLAN ID A VLAN membership can be created by clicking the Add button below the List of Available VLANs A VLAN membership entry consists of a VLAN identifier and the numerical VLAN ID which is assigned to the VLAN membership The VLAN ID value can be any number from 2 to 4091 VLAN ID 1 is reserved for the default VLAN which is used for untagged frames
93. of the router Figure 131 Admin Settings O Maintenance Maintenance Administration System Setting This page allows user to set the router identification name System Setting Current System Name DSR 250N Save Cancel 9 1 2 License Updates Maintenance gt Administration gt Licsense Update Certain features available in the DSR require a license The licence is presented in the form of a code specific for this particular router which when activated enables the use of this feature for a fixed duration A license code is provided based on the router s MAC Address so it is unique to that particular device Each license has the following three parameters Model The license key model as it relates to the feature being enabled Activation Code The specific activiation code corresponding to this license Expires Licenses can either have a fixed duration which would be displayed in this column or are perpetual for the life of this router e amp Currently dynamic web content filtering WCF is the only license controlled feature available in the DSR products 200 Unified Services Router User Manual Figure 132 License upload field and List of Active Licenses O Maintenance Maintenance Administration License Update QO Q This page shows the list of activated licenses and also can be used for activating new WCF licenses License Update Licenses List Show 10 y entries No ri
94. option can be selected only in Stateless Address Auto Configuration mode of DHCPv6 server e Prefix Address IPv6 prefix address in the DHCPv6 server prefix pool e Prefix Length Length prefix address 2 1 4 Configuring IPv6 Router Advertisements Router Advertisements are analogous to IPv4 DHCP assignments for LAN clients in that the router will assign an IP address and supporting network information to devices that are configured to accept such details Router Advertisement is required in an IPv6 network is required for stateless auto configuration of the IPv6 LAN By configuring the Router Advertisement Daemon on this router the DSR will listen on the LAN for router solicitations and respond to these LAN hosts with router advisements 21 Unified Services Router User Manual RADVD Network gt IPv6 gt LAN Settings gt Router Advertisement To support stateless IPv6 auto configuration on the LAN set the RADVD status to Enable The following settings are used to configure RADVD Advertise Mode Select Unsolicited Multicast to send router advertisements RA s to all interfaces in the multicast group To restrict RA s to well known IPv6 addresses on the LAN and thereby reduce overall network traffic select Unicast only Advertise Interval When advertisements are unsolicited multicast packets this interval sets the maximum time between advertisements from the interface The actual duration between advertisements is a rando
95. policies 140 Unified Services Router User Manual 6 2 Configuring IPsec Policies VPN gt IPSec VPN gt Policies An IPsec policy is between this router and another gateway or this router and an IPsec client on aremote host The IPsec mode can be either tunnel or transport depending on the network being traversed between the two policy endpoints e Transport This is used for end to end communication between this router and the tunnel endpoint either another IPsec gateway or an IPsec VPN client on a host Only the data payload is encrypted and the IP header is not modified or encrypted e Tunnel This mode is used for network to network IPsec tunnels where this gateway is one endpoint of the tunnel In this mode the entire IP packet including the header is encrypted and or authenticated When tunnel mode is selected you can enable NetBIOS and DHCP over IPsec DHCP over IPsec allows this router to serve IP leases to hosts on the remote LAN As well in this mode you can define the single IP address range of IPs or subnet on both the local and remote private networks that can communicate over the tunnel 141 Unified Services Router User Manual Figure 85 IPsec policy configuration 45 VPN VPN IPSec VPN Policies Qo o9 This page shows the list of configured IPsec VPN policies on the router A user can also add delete edit enable disable and export IPsec VPN policies from this page IPSec Policies List
96. ports or a configured access point and clicking Edit The edit page offers the following configuration options e Mode The mode of this VLAN can be General Access or Trunk The default is access e In General mode the port is a member of a user selectable set of VLANs The port sends and receives data that is tagged or untagged with a VLAN ID If the data into the port is untagged it is assigned the defined PVID In the configuration from Figure 4 Port 3 is a General port with PVID 3 so untagged data into Port 3 will be assigned PVID 3 All tagged data sent out of the port with the same PVID will be untagged This is mode is typically used with IP Phones that have dual Ethernet ports Data coming from phone to the switch port on the router will be tagged Data passing through the phone from a connected device will be untagged 28 Unified Services Router User Manual Figure 9 Port VLAN list Network Network VLAN Port VLAN oo This page allows user to configure the port VLANs A user can choose ports and can add them into a VLAN In order to tag all traffic through a specific LAN port with a VLAN ID you can associate a VLAN to a physical port The VLAN Port table displays the port identifier the mode setting for that port and VLAN membership information Go to the Available VLAN page to configure a VLAN membership that can then be associated with a port Port VLANs List ns OptionalPort Access 1 1 Port Access 1 1 P
97. routing modes When the system is in bridge mode where the LANI and WAN2 DMZ ports are in the same network traffic management factors in traffic type and bandwidth available on the ports part of the bridge For Bandwidth Profiles the major difference between the options available in bridge mode compared to standard classical NAT routing mode is the interface options are not applicable There is no association of the bandwidth profile with a particular outbound or inbound interface as this profile can only apply to the bridge network Similarly Traffic Selectors for bridge mode do not factor in port SSID VLAN as these concepts to not apply to the bridge network 64 Unified Services Router User Manual Figure 33 Bridge Bandwidth Profile Configuration Name Policy Type Outbound Profile Type Priority Priority ave Figure 34 Bridge Traffic Selector Configuration Network Network Internet Traffic Management Bridge Traffic Selectors 7 Bandwidth Profiles Traffic Shaping Bridge Bandwidth Profiles Bridge Traffic Selectors This page shows the list of static routes configured on the router User can also add delete and edit the configured routes Use this page to define static routes Be sure to enter a destination address subnet mask gateway and metric foreach configured static route The Interface dropdown menu will show all available configured wired interfaces on the router as options Once a brid
98. s DEBUG address s ERROR l2teoMgmtTblHandler Serverlp s DEBUG pptpEnable inet_aton failed ERROR l2toMgmtTblHandler Staticlp s DEBUG pptpEnable inet_aton failed ERROR l2topMgmtTblHandler NetMask s DEBUG pptpEnable spawning failed ERROR optpDisable unable to kill ppp l2teoMgmtTblHandler SplitTunnel s DEBUG daemon ERROR needToStartHealthMonitor returning pptpMgmtTblHandler unable to get with status s DEBUG current MTU Option ERROR pptoMgmtTblHandler unable to get l2tpEnable command string s DEBUG the Mtu ERROR pptpMgmtTblHandler l2toEnable command s DEBUG dbRecordValueGet failed for s ERROR pptoMgmtTblHandler pptp enable l2tpEnable command string s DEBUG failed ERROR pptoMgmtTblHandler pptp disable PID File for dhcpc found DEBUG failed ERROR pptoMgmtDBUpdateHandler pid d DEBUG sqlite3QueryResGet ERROR l2topMgmtDBUpdateHandler query pptpMgmtDBUpdateHandler error in string s DEBUG executing ERROR I2toMgmtDBUpdateHandler returning with status s DEBUG Illegal invocation of dhcpConfig s ERROR dhcpLiblnit unable to open the RADVD started successfully DEBUG database file s ERROR RADVD stopped successfully DEBUG sqlite3QueryResGet failed Query s ERROR dhcpcMgmtinit unable to open the empty update nRows d nCols d WARN database file s ERROR Wan is not up or in load balencing dhcpcReleaseLease unable to mode WARN release lease ERROR threegM
99. s_ addr s Buffer d mtu d path mtu d header d trailer d func __ bufMgrLen pBufMgr mt u dst_mtu pDst gt path pDst gt header_len pDst gt trailer_len 299 FAST PATH Breaks on MAX PACKET User Manual CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL CRITICAL Unified Services Router User Manual Appendix E RJ 45 Pin outs 300 Unified Services Router User Manual Appendix F New Wi Fi Frequency table New appendix section supported in20 pais supported in 40 Country Mhz A P eA band 2 3 4 5 6 7 8 9 5 D Ts 8 9 r 2 3 4 5 6 1 Australia 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 36 40 44 48 149 40 48 153 36 44 149 5 Ghz 153 157 161 165 161 157 1 2 gt 4 5 6 Ty 8 9 5 6 ds 8 9 1 2 3 4 2 6 2 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 36 40 44 48 149 40 48 153 36 44 149 5 Ghz 153 157 161 165 161 157 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 2 Pr 11 12 13 T 11 12 13 7 8 9 O T e 5Gh 36 40 44 48 40 44 48 40 48 48 36 44 1 2 3 4 3 6 7 8 9 J 6 Ta 8 9 1 2 3 4 5 6 a ae ovr a 11 12 13 oa 11 12 13 7 8 9 SGhz 36 40 44 48 40 44 48 40 48 48 36
100. semTake DEBUG memPartAlloc for d size failed ERROR srcld d s lt destiId d s cmd d DEBUG memPartAlloc for d size failed ERROR No Handler registered for this UMI Un registerting component with Id d DEBUG context ERROR failed to send ioctl request dst d lt Couldn t find component with ID Src d DEBUG d ERROR processed a reply dst d lt src d DEBUG id d handler x ERROR request with no result option dst d lt Received NULL buffer in src d DEBUG umiBufToloctlArgs ERROR usbMgmitInit unable to open the cmd S DEBUG database file s ERROR cmdstring is s s d DEBUG call to printConfig failed ERROR Calling printerConfig binary DEBUG Failed to Disable Network Storage ERROR Some error occurred while removing Calling unmount for USB DEBUG device ERROR Some error occurred while removing Calling mount for USB DEBUG device ERROR usbdevice is d s d DEBUG Salite update failed ERROR Query string s DEBUG Failed to enable printer properly ERROR sqlite3QueryResGet failed Query s DEBUG Failed to mount device on system ERROR s 1 usb is already disconnected for Failed to enable network storage old usb type DEBUG device ERROR s 2 call disable for new usb type DEBUG Failed to mount device on system ERROR s 3 usb is already disconnected for old usb type DEBUG Salite update failed ERROR s 4 Disabled old usb type Now DEBUG US
101. share port Maintenance gt Administration gt USB SharePort This page allows configure the SharePort feature available in this router 181 Unified Services Router User Manual Figure 116 USB SharePort Maintenance Maintenance Administration USB Share Ports Q O USB Share Ports USB Share Port Setup Enable USB Printer CN Enable sharing OFF Printer Enabled Interfaces List USB 1 Enable USB Printer Select this option to allow the USB printer connected to the router to be shared across the network The USB printer can be accessed on any LAN host with appropriate printer driver installed connected to the router by using the following command in the host s add printers window http lt Router s IP 631 gt printers lt Device Model gt Device Model can be found in the USB settings page Enable Sharing Select this option to allow the USB storage device connected to the router to be shared across the network USB 2 Enable USB Printer Select this option to allow the USB printer connected to the router to be shared across the network The USB printer can be accessed on any LAN host with appropriate printer driver installed connected to the router by using the following command in the host s add printers window http lt Router s IP 631 gt printers lt Device Model gt Device Model can be found in the USB settings page Enable Sharing Select this option to allow the USB stor
102. t02 Taie SIAUSICS se eta eevee ate Gace ccs 227 10 21 Wreg POM SlAUISTICS sc7 cai ssctosdacousdevsenaesdudeees EN 221 10 2 2 Wireless Statis tibs userii a a N 221 10 3 Active C nnectonS eienares e a aa E a iT 228 10 3 1 Sessions through the ROuter ccc cccesseccssssecesssseeceseseesesssseeeeseeeeeseseeeees 228 10 3 2 Wireless CHES aanne nen vadsoenuseietier kiamiagln be cesdeer cess siunbor dwar 228 10339 LAN CIEMS orreina rn E Mmbenassanimeanienes 229 10 3 4 ACTIVE YPN TUNNE S capan a a a aa Bucns 229 TOW DIGS OO LING sorar ttt sae hase ane A E A Baste 233 tkt sIMPTEHAGT GOMMEC TION Gasca 5 coctssss stra seadbcndecssieva cscs sanoseacionsnesbernoras cova mtaousasoastegene neucoras 233 Wide Date and Imie se a th dabaldenttesectncetebtanlaauee aoaisensdaaue 235 11 3 Pinging to Test LAN Connectivity ccc cccccccccseccesseccesseccesseeeesseeeesseeeeaees 235 11 3 1 Testing the LAN path from your PC to your router cc cceeecccessseceeeeeesees 235 11 3 2 Testing the LAN path from your PC to a remote device cc ccceeccceeeenees 236 11 4 Restoring factory default Configuration settings cc ce cccesscceeeesseeeeeeeeees 237 OCIS sees e cate E sagen ra eeers caneaed eceetod seus eeasteeee soaeuasosaamacne canes 239 OS SAY ens a d eee ne a e e 240 FaClory Delaull Sens ener a aati eile a eae 243 Standard Services Available for Port Forwarding amp Firewall Configuration 244 LOO OUTDUT ET
103. tTLSMsgLen 0x x DEBUG session key Error n ERROR Send req ptr 0x x Send resp ptr Converting password to unicode Ox x DEBUG Error ERROR Constructing failure response P2 decision d methodState d DEBUG ERROR ERROR Default EAP method state d Error checking authenticator decision d DEBUG response ERROR TTLS pkt data len d flags 0x x DEBUG Error generating NT response ERROR Username string more than 256 Got start DEBUG ASCII characters ERROR ERROR Got first fragment n DEBUG Invalid Value Size ERROR Invalid MS Length Got d Got fragment n DEBUG expected d ERROR Got last fragment DEBUG Error constructing response ERROR Got unfragmented message DEBUG Got type d expecting d ERROR Cannot handle message opCode Got frag ack DEBUG d ERROR Revd AVP Code u flags 0x x len Yu vendorid u DEBUG EAPAUTH_ MALLOC failed ERROR MOD EAP method state from upper d decision d DEBUG tlsGlueCtxCreate failed ERROR 255 Unified Services Router User Manual Got AVP len ul Should be less than 16777215 AVP length extract Error client certificate must be set in the profile DEBUG total frags len gt initial total TLS pFB is NULL DEBUG length ERROR Requesting message before assembly total frags len gt initial total TLS complete DEBUG length ERROR total data revd d doesnt match the pFB is NULL DEB
104. the IP addresses For applying the policy to addresses the port range port number can be defined The final steps require the policy permission to be set to either permit or deny access to the selected addresses or network resources As well the policy can be specified for one or all of the supported SSL VPN services i e VPN tunnel 168 Unified Services Router User Manual Once defined the policy goes into effect immediately The policy name SSL service it applies to destination network resource or IP addresses and permission deny permit is outlined in a list of configured policies for the router Figure 108 SSL VPN policy configuration ssl SSL VPN Server Policies Configuration Policy Type SSL VPN Policy Apply Policy to Folicy Name ICMP Port Range Port Number Defined Resources Permission Global Group User Network Resource Permit Deny Save To configure a policy for a single user or group of users enter the following information Policy for The policy can be assigned to a group of users a single user or all users making it a global policy To customize the policy for specific users or groups the user can select from the Available Groups and Available Users drop down Apply policy to This refers to the LAN resources managed by the DSR and the policy can provide or prevent access to network resources IP address IP network etc Policy name This field is a
105. the group select the corresponding group click Policy by Browsers The following parameters are configured e Group Name This is the name of the group that can have its login policy edited e Deny Login from Defined Browsers The list of defined browsers below will be used to prevent the users of this group from logging in to the routers GUI All non defined browsers will be allowed for login for this group 162 Unified Services Router User Manual e Allow Login from Defined Browsers The list of defined browsers below will be used to allow the users of this group from logging in to the routers GUI All non defined browsers will be denied for login for this group e Defined Browsers This list displays the web browsers that have been added to the Defined Browsers allotment upon which group login policies can be defined Check Box at First Column Header Selects all the defined browsers in the table e Delete Deletes the selected browser s You can add to the list of Defined Browsers by selecting a client browser from the drop down menu and clicking Add This browser will then appear in the above list of Defined Browsers e Click Save Settings to save your changes Figure 102 Browser policies options Browser Policies Show 10 entries Q No data available in table Soin 10 nt it Pes et gt tt Add Browser Policies PPPT E i a Race Browser Policies Configuration Add Defi
106. the network that can communicate with the router and allow for auto configuration If a network device is detected by UPnP the router can open internal or external ports for the traffic protocol required by that network device Once UPnP is enabled you can configure the router to detect UPnP supporting devices on the LAN or a configured VLAN If disabled the router will not allow for automatic device configuration Configure the following settings to use UPnP Advertisement Period This is the frequency that the router broadcasts UPnP information over the network A large value will minimize network traffic but cause delays in identifying new UPnP devices to the network Advertisement Time to Live This is expressed in hops for each UPnP packet This is the number of steps a packet is allowed to propagate before being discarded Small values will limit the UPnP broadcast range A default of 4 is typical for networks with few switches 35 Unified Services Router User Manual Figure 14 UPnP Configuration Network Network LAN UPnP 7 6 UPnP Universal Plug and Play is a feature that allows for automatic discovery of devices that can communicate with this security appliance UPnP is useful for auto configuring application rules where internal external ports for the traffic protocol required by a detected network device are opened without user intervention The UPnP Port Map Table has the details of UPnP devices that resp
107. the primary link goes down for any reason Both WAN ports primary and secondary must be configured to connect to the respective ISP s before enabling this feature The secondary WAN port will remain unconnected until a failure is detected on the primary link either port can be assigned as the primary In the event of a failure on the primary port all internet traffic will be rolled over to the backup port When configured in Auto Failover mode the link status of the primary WAN port is checked at regular intervals as defined by the failure detection settings Note that bothW AN1 WAN2 and WAN3 can be configured as the primary internet link e Auto Rollover using WAN port e Primary WAN Selected WAN is the primary link WANI WAN2 WAN3 e Secondary WAN Selected WAN is the secondary link 66 Unified Services Router User Manual 3 4 2 Failover Detection Settings To check connectivity of the primary internet link one of the following failure detection methods can be selected e DNS lookup using WAN DNS Servers DNS Lookup of the DNS Servers of the primary link is used to detect primary WAN connectivity e DNS lookup using DNS Servers DNS Lookup of the custom DNS Servers can be specified to check the connectivity of the primary link e Ping these IP addresses These IP s will be pinged at regular intervals to check the connectivity of the primary link e Retry Interval is The number tells the router how often it should run the ab
108. this address with a web server on the DMZ If you arrange with your ISP to have more than one public IP address for your use you can use the additional public IP addresses to map to servers on your LAN One of these public IP addresses is used as the primary IP address of the router This address is used to provide Internet access to your LAN PCs through NAT The other addresses are available to map to your DMZ servers The following addressing scheme is used to illustrate this procedure e WAN IP address 10 1 0 118 e LAN IP address 192 168 10 1 subnet 255 255 255 0 e Web server host in the DMZ IP address 192 168 12 222 e Access to Web server simulated public IP address 10 1 0 52 116 Unified Services Router User Manual Example 4 Bloc Example 4 Block traffic by schedule if generated from specific range of machines Use Case Block all HTTP traffic on the weekends if the request originates from a specific group of machines in the LAN having a known range of IP addresses and anyone coming in through the Network from the WAN i e all remote users Configuration 1 Setup a schedule e To setup a schedule that affects traffic on weekends only navigate to Security Schedule and name the schedule Weekend e Define weekend to mean 12 am Saturday morning to 12 am Monday morning all day Saturday amp Sunday e In the Scheduled days box check that you want the schedule to be active for specific d
109. traffic is handled when received on one physical interface NAT is the most common application for most routers and allows you to hide internal LAN IP addresses from internet devices Transparent mode does not perform NAT and lets you bridge traffic between the LAN and Option Routing Mode Routing Settings Routing Settings NAT Classical Rou ting Transparent Save Cancel 72 Unified Services Router User Manual 3 5 2 Dynamic Routing RIP 3 5 3 WA DSR 150 150N 250 250N does not support RIP Setup gt Internet Settings gt Routing Mode Dynamic routing using the Routing Information Protocol RIP is an Interior Gateway Protocol IGP that is common in LANs With RIP this router can exchange routing information with other supported routers in the LAN and allow for dynamic adjustment of routing tables in order to adapt to modifications in the LAN without interrupting traffic flow The RIP direction will define how this router sends and receives RIP packets Choose between Both The router both broadcasts its routing table and also processes RIP information received from other routers This is the recommended setting in order to fully utilize RIP capabilities Out Only The router broadcasts its routing table periodically but does not accept RIP information from other routers In Only The router accepts RIP information from other routers but does not broadcast its routing table None The router neither broadc
110. tunnel client provides a point to point connection between the browser side machine and this device When a SSL VPN client is launched from the user portal a network adapter with an IP address DNS and WINS settings is automatically created which allows local applications to talk to services on the private network without any special network configuration on the remote SSL VPN client machine SSL VPN Client Full Tunnel Support DNS Suffix Primary DNS Server Secondary DNS Server 192 168 251 254 Client Address Range Begin 192 168 251 1 Client Address Range End LCP Timeout Range 1 999999 Seconds Save Cancel The router allows full tunnel and split tunnel support Full tunnel mode just sends all traffic from the client across the VPN tunnel to the router Split tunnel mode only sends traffic to the private LAN based on pre specified client routes These client routes give the SSL client access to specific private networks thereby allowing access control over specific LAN services Client level configuration supports the following e Enable Split Tunnel Support With a split tunnel only resources which are referenced by client routes can be accessed over the VPN tunnel With full tunnel support if the split tunnel option is disabled the DSR acts in full tunnel mode all addresses on the private network are accessible over the VPN tunnel Client routes are not required e
111. unicast key for s DEBUG invalid ACL type d ERROR cmd d i_ type d _val d DEBUG interface name not specified ERROR join event for new node s DEBUG interface name not specified ERROR wpa rsn IE id d d not supported DEBUG Invalid interface s specified ERROR wpa IE id d not supported DEBUG buffer length not specified ERROR leave event for node s DEBUG Invalid length d specified ERROR NodeFree request for node s DEBUG failed created iappdLock ERROR installing key to index d DEBUG failed to create cipher contexts ERROR iReg i_val d DEBUG unable to register to UMI ERROR olfName s DEBUG iappSockinit failed ERROR oe iapplnit got error unregistering it with iReq i_val d DEBUG UMI ERROR umiloctl UMI_COMP_UDOT11 d setting mode d DEBUG qd failed ERROR Global counter wrapped re umiloctl UMI_COMP_KDOT11 d generating DEBUG qd failed ERROR Got PNAC_EVENT_PREAUTH_SUCCESS event for s DEBUG UDP failed received Length is d ERROR event for non existent node s PNAC EVENT EAPOL_START event DEBUG umiloctl UMl_COMP_KDOT11 ERROR umiloctl UMl_ COMP_UDOT11 d received DEBUG d ERROR PNAC_EVENT_EAPOL_LOGOFF umiloctl UMlL COMP_KDOT11 d event received DEBUG d ERROR PNAC EVENT REAUTH event received PNAC EVENT AUTH SUCCESS DEBUG No IAPP Node found for req id d ERROR umiloctl UMlLCOMP_UDOT11 d
112. your mobile users by providing remote access to a central corporate database Site to site VPN tunnels use IP Security IPsec Protocol Point to Point Tunneling Protocol PPTP or Layer 2 Tunneling Protocol L2TP to facilitate 1 Unified Services Router User Manual 1 1 1 2 branch office connectivity through encrypted virtual links The DSR 150 150N DSR 250 250N DSR 500 500N and DSR 1000 1000N support 10 25 35 and 75 simultaneous IPsec VPN tunnels respectively Efficient D Link Green Technology As aconcerned member of the global community D Link is devoted to providing eco friendly products D Link Green Wi Fi and D Link Green Ethernet save power and prevent waste The D Link Green WLAN scheduler reduces wireless power automatically during off peak hours Likewise the D Link Green Ethernet program adjusts power usage based on the detected cable length and link status In addition compliance with RoHS Restriction of Hazardous Substances and WEEE Waste Electrical and Electronic Equipment directives make D Link Green certified devices the environmentally responsible choice Support for the 3G wireless WAN USB dongle is only available for DSR 1000 and DSR 1000N About this User Manual This document is a high level manual to allow new D Link Services Router users to configure connectivity setup VPN tunnels establish firewall rules and perform general administrative tasks Typical deployment and use case scenarios are descr
113. 0 0 443 portal SSLVPN Showing 1 to 1 of 1 entries N First J Previous Add New SSL VPN Portal Layout 1 Next 2 Last gt Portal Layout and Theme Name Portal Layout Name Login Profile Name Portal Site Title Banner Title Banner Message Display Banner Message on Login Page HTTP Meta Tags for Cache Control Recommended Activex Web Cache Cleaner C Te SSL VPN Portal Authentication Authentication Type LDAP T SSL VPN Portal Pages to Display VPN Tunnel page Port Forwarding 4 Save 161 Unified Services Router User Manual Login Policies To set login policies for the group select the corresponding group click Login policies The following parameters are configured e Group Name This is the name of the group that can have its login policy edited e Disable Login Enable to prevent the users of this group from logging into the devices management interface s e Deny Login from WAN interface Enable to prevent the users of this group from logging in from a WAN wide area network interface In this case only login through LAN 1s allowed Figure 101 Group login policies options Login Policies Show entries ay ADMIN Allow GUEST Deny Showing 1 to 2 of 2 entries Add Login Policies Login Policies Configuration Group Name ADMIN Disable Login OFF Deny Login from WAN OFF Interface Dave Policy by Browsers To set browser policies for
114. 2x p You uU U u NIPQUAD trt gt rt_dst 02x p You ouU uU ou NIPQUAD trt gt rt_dst 02x p You ouU uU ou NIPQUAD trt gt rt_dst 02Xx p unable to register vIPsec kernel comp to UMI unregistering VIPSECK from UMI in viPsecKloctlHandler cmd d cmd s Error DST Refcount value less than 1 d for S DEVICE refcnt d pDst gt dev gt name s Got Null m p m p sa p sai p func __ ppBufMor 285 User Manual Unified Services Router NAT no longer support implicit source local NAT NAT packet src u uU u u gt dst U U U U SNAT multiple ranges no longer supported format args version offset_before d offset_after d correction_pos u x gt offset_before x gt offset_after x gt correction_pos ip_ct_h323 ip_ct_h323 incomplete TPKT fragmented lp _ct_h245 decoding error s ilp_ct_h245 packet dropped ip_ct q931 decoding error s lp _ct_q931 packet dropped lp _ct_ras decoding error s ip_ct_ras packet dropped ERROR registering port d ERROR registering port d iot_connlimit d SIC U OU U U d dst uU U U U d WS iot_connlimit d SIC U OU U U d dst u U U U d new ipt_connlimit Oops invalid ct state iot_connlimit Hmm kmalloc failed ipt_connlimit src You u u u mask u uU uU U _lvi PPPOL2TP _ fmt args 02X ptr length 02X unsigned char m gt msg_iov i io
115. 42 Unified Services Router User Manual Chapter 3 Connecting to the Internet WAN Setup 3 1 This router has two WAN ports that can be used to establish a connection to the internet The following ISP connection types are supported DHCP Static PPPoE PPTP L2TP 3G Internet via USB modem It is assumed that you have arranged for internet service with your Internet Service Provider ISP Please contact your ISP or network administrator for the configuration information that will be required to setup the router Internet Setup Wizard Setup gt Wizard gt Internet The Internet Connection Setup Wizard is available for users new to networking By going through a few straightforward configuration pages you can take the information provided by your ISP to get your WAN connection up and enable internet access for your network 43 Unified Services Router Figure 20 Internet Connection Setup Wizard Status User Manual Wizards Internet Connection Wizard This wizard wall guide you in connecting your new D Link Unified Services Router to the Internet Run Wireless Wizard This wizard will guide you through common and easy steps to configure your routers wireless interface Dynamic DNS Wizard This Wizard helps in configuring Dynamic DNS WAN 1 or WAN settings Security Wizard This wizard wall guide you in configunneg default Outbound Policy VPN Passthrough and VPN Net
116. 5 EC ir nyelv egy b eldirasainak Niniejszym D Link Corporation o wiadcza ze DSR 500N jest zgodny z zasadniczymi wymogami oraz pozosta ymi stosownymi postanowieniami Dyrektywy 1999 5 EC 310 Unified Services Router User Manual Portugu s Portuguese Slovensko Slovenian Slovensky Slovak ti Suomi Finnish Svenska Swedish D Link Corporation declara que este DSR 500N esta conforme com os requisitos essenciais e outras disposi es da Directiva 1999 5 CE D Link Corporation izjavlja da je ta DSR 500N v skladu z bistvenimi zahtevami in ostalimi relevantnimi dolo ili direktive 1999 5 ES D Link Corporation t mto vyhlasuje e DSR 500N sp a z kladn po iadavky a v etky pr slu n ustanovenia Smernice 1999 5 ES D Link Corporation vakuuttaa t ten ett DSR 500N tyyppinen laite on direktiivin 1999 5 EY oleellisten vaatimusten ja sit koskevien direktiivin muiden ehtojen mukainen H rmed intygar D Link Corporation att denna DSR 500N st r verensst mmelse med de v sentliga egenskapskrav och vriga relevanta best mmelser som framg r av direktiv 1999 5 EG 311 Unified Services Router User Manual 3 DSR 250N Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against ha
117. 50 1 255 255 255 0 Showing 1 to 1 of 1 entries First l Previous 1 Next gt Last 4 Add New VLAN 2 2 3 VLAN configuration Network gt VLAN gt VLAN Settings This page allows enabling or disabling the VLAN function on the router Virtual LANs can be created in this router to provide segmentation capabilities for firewall rules and VPN policies The LAN network is considered the default VLAN Check the Enable VLAN box to add VLAN functionality to the LAN 31 Unified Services Router User Manual Figure 12 VLAN Configuration Network Network VLAN VLAN Settings o o The router supports virtual network isolation on the LAN with the use of VLANs LAN devices can be configured to communicate in a subnetwork defined by VLAN identifiers VLAN Configuration Vlan Enable on EE VLAN List Show entries Right click on record to get more options l a Default 1 192 168 50 1 255 255 255 0 Showing 1 to 1 of 1 entries k First Previous 1 Next y Last 2 Add New VLAN VLAN ID Default 1 Range 2 4093 Hame Activate InterVLAN Routing Multi VLAN Subnet IP Address Subnet Mask DHCP DHCP Mode None O DHCP Server DHCP Relay LAN Proxy Enable DNS Proxy Orr Save 2 3 Configurable Port DMZ Setup This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port A DMZ is a sub network that
118. 66 Sve MOA BalaniCiiG eaire a a E a toedlendleulaadiike 67 34S ProtOCOLBINOINGS asna r aa a 68 34a MP PU SUA aenea r E E 69 3 5 ROUNO GOMMNGULATON ensasi anaE Er A 71 Sl ROUMO MOIO inna ornon o o r a a en oida 71 3 5 2 Dynamic Routing RIP ou ccc ccccsssscccceessseeeceeessseeeceeessseeceeesssseeeeeeseeeeeeens 73 39 Slate ROUN roitda ao r Ee a ESEE e Ora raia T3 SoA OSPF VZ EE EEES 75 3939 OSPFV eor E E EOS 77 IG GOF TUMMEN onae a N OS A 79 S97 ISATAF TUNNELS ene me ne Nett Me eT ce A A ae oe 80 3 6 Configurable Port WAN Option ou ccc cccsscceesscceeseecesseeeesseeesssesessseeenees 82 Unified Services Router User Manual Chapter 4 Chapter 5 Chapter 6 37 WANS 8G CoOmiqurailonix assicimcicss acots cane h asi Aa a 82 3 6 WAN POF Settings secasses iieiaei na a ioia anana Easra 84 Wireless Access Point Setup sis vecessnact i sourenteadsal scbeatepsnecasd a poeae asta tha dlacnedlevebantasliwatuerabenieds 86 4 1 Wireless Settings Wizard cc eeccccsssccsssscssstscssstecsstecsssnecsestecseasecssaeecssneeesenees 86 4 1 1 Wireless Network Setup Wizard ccc ccccceseccessssecceesseeeeesseeeeeesseseeesseeeeseaes 89 4 1 2 Add Wireless Device with WPS ccc cccccccccseccesseceesseecesseeeesseeeesseeeesseeeesseeens 89 4 1 3 Manual Wireless Network Setup 0 0 0 ccc cccesccessseeceessseeeesseeseessseseeesseeeesaes 90 4 2 WVIRGIGSS POMS sseiias ce tagst wh ota te A R 90 421 WEP SECU srasni Ena a a A cvom
119. 7 ami CAS VPN Q VPN SSLVPN SSL VPN Server Policy o Q k This SSLVPN Enable feature enables Option users to use SSLVPN functionality Policies are useful to permit or deny access to specific network resources IP addresses or IP networks They may be defined at the user group or global level By Default a global PERMIT policy not displayed was already configured over all addresses and over all services ports SSL VPN Server Policies List Show entries Right click on record to get more options Q No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last Add New SSL VPN Server Policy To add a SSL VPN policy you must first assign it to a user group or make it global i e applicable to all SSL VPN users If the policy is for a group the available configured groups are shown in a drop down menu and one must be selected Similarly for a user defined policy a SSL VPN user must be chosen from the available list of configured users The next step is to define the policy details The policy name is a unique identifier for this rule The policy can be assigned to a specific Network Resource details follow in the subsequent section IP address IP network or all devices on the LAN of the router Based on the selection of one of these four options the appropriate configuration fields are required i e choosing the network resources from a list of defined resources or defining
120. A ov v v vr No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last gt Add New Resource SSL VPN Resources Service VPN Tunnel Port Forwarding all Resource Object Configuration ICMP Object Type IP Address Object Address Port Range Port Number Begin Range 0 65535 End Range 0 65535 Save 7 3 Application Port Forwarding Setup gt VPN Settings gt SSL VPN Server gt Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding service Traffic from the remote user to the router is detected and re routed based on configured port forwarding rules Internal host servers or TCP applications must be specified as being made accessible to remote users Allowing access to a LAN server requires entering the local server IP 171 Unified Services Router User Manual address and TCP port number of the application to be tunneled The table below lists some common applications and corresponding TCP port numbers As a convenience for remote users the hostname FQDN of the network server can be configured to allow for IP address resolution This host name resolution provides users with easy to remember FQDN s to access TCP applications instead of error prone IP addresses when using the Port Forwarding service through the SSL U
121. Address Mode Dynamic IP Static IP Service Optional Authentication Type Auto negotiate Reconnect Mode Always On O On Demand Primary PPPoE Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP Use These DNS Servers Secondary PPPoE Profile Configuration Address Mode Dynamic IP Static IP Authentication Type Auto negotiate Reconnect Mode Always On O On Demand Secondary PPPoE Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP Use These DNS Servers MAC Address MAC Address Source Use Default MAC Clone your PC s MAC Use this MAC Port Setup MTU Size Default Custom Port Speed Auto Sense T Save Cancel There are a few key elements of a multiple PPPoE connection e Primary and secondary connections are concurrent e Each session has a DNS server source for domain name lookup this can be assigned by the ISP or configured through the GUI 50 Unified Services Router User Manual e The DSR acts as a DNS proxy for LAN users e Only HTTP requests that specifically identify the secondary connection s domain name for example flets will use the secondary profile to access the content available through this secondary PPPoE terminal All other HTTP HTTPS requests go through the primary PPPoE connection When Japanese multiple PPPoE is configured and secondary connection is up some predefined routes are added on that interface These routes
122. B1 Touch failed ERROR usbdevice is d s d DEBUG USB2 Touch failed ERROR USB failed to begin transaction s DEBUG Sqlite update failed ERROR USB SQL error s pSetString s DEBUG Failed query s ERROR 262 Unified Services Router USB failed to commit transaction s DEBUG USB updated table s DEBUG USB returning with status s DEBUG s DBUpdate event Table s opCode d rowld d DEBUG executing s status d DEBUG executing s DEBUG s returned status Y d DEBUG s returned status d DEBUG snmpd conf not found DEBUG SNMP_DEBUG Fwrite Successful DEBUG SNMP_DEBUG Fwrite failed DEBUG radPairGen received unknown attribute d of length d WARN radPairGen s has unknown type WARN radPairLocate unknown attribute ld of length d WARN radPairLocate s has unknown type WARN Illegal invocation of couMemUsage s ERROR cpuMemUsageDBUpdateHandler SQL error s ERROR unable to open the DB file s ERROR umilnit failed ERROR unable to register to UMI ERROR Error Reading from the Database ERROR short DB update event request ERROR Error in executing DB update handler ERROR adpListNodeRemove Returned with an error ERROR command too long Try increasing ERROR failed to allocate memory for CRON_NODE ERROR salite3QueryResGet failed ERROR There was an error while reading the schedules ERROR unable to register to UMI ERROR short DB update event request ERRO
123. Bindings have been defined Network Network Internet WAN Mode Q9 e This page allows user to configure the policies on the two WAN ports for Internet connection By configuring both WANs there are two ways for the router to access the internet Load balancing allows traffic to and from the internet to be shared across both configured links to ensure one ISP is not excessively overloaded Auto Rollover uses a backup link to preserve internet connectivity for the LAN if the main ISP configured on the primary Option fails for any reason WAN Mode WAN Mode Setup WAN Mode Load Balancing Load Balancing Setup Load Balancing O Round Robin Spillover Mode WAN health check WAN DNS Servers Retry Interval is Default 30 Range 5 999 Seconds Failover After Default 4 Range 2 999 Failures Spillover Configuration Setup Load Tolerance Default 80 Range 20 BO Save Cancel 3 4 3 Protocol Bindings Network gt Routing gt Protocol Binding Protocol bindings are useful when the Load Balancing feature is in use Choosing from a list of configured services or any of the user defined services the type of traffic can be assigned to go over only one of the available WAN ports For increased flexibility the source network or machines can be specified as well as the destination network or machines For example the VOIP traffic for a set of LAN IP addresses can be assigned to one WAN and any VOIP traffic from the rem
124. CH OIG E i2 0555 i cpsc dashed sh nse usa i dssancntes be daar ch nse cannes dannaseeddesamn inate 245 FO Pll ONS es x accis essence des aesgucsasuGesbeecesa E ANA 300 New Wi Fi Frequency table New appendix section o c ic cceccccceessseeceeeesseeeeeeens 301 Product Statement essan e onecodevsnds soot sabanneieaanauuassasasouerasauat bens 304 Unified Services Router User Manual List of Figures Figure 1 Setup page for LAN TCP IP settings a cc ceesccssssecssssecsseecssseecsseeecssseecsseeesssseeessneeens 16 Figure 2 Setup page for LAN TCP IP settings 1 eeecssssecssseecsseecssseecssssecssseeesseeessseeeessneeens 16 Figure 3 LAN DHGP Reserved IP S ix csscia tencessscrsouosteabacesAaucsendesse Gent eee torteea A 18 Figure 4 LAN DHCP Leased Clients 2 0 0 0 eee ccessecesssecssssecssssecssstecsssnecssseecssssecssseecsseeecsseeesesseesssneeens 19 Figure 5 IPv6 LAN and DHCPV6 Configuration sisino E 20 Figure 6 Configuring the Router Advertisement Daemon ccc ceccccesccceeseeeseteeeeeeeensneeesseeeensneeess 23 Figure 7 IPv6 Advertisement Prefix settings cccsssecsssecssssecsseecssscecssssecssnsecssssecssseesssneessseeeess 25 Figure 8 Adding VLAN memberships to the LAN ccc eccccccceseccesseccesseceeessecesseecesseecesseeeesseeeesseeens 2q Figure 9 Pon VLAN TSV ex nerariaaraeinne mtd souhe iit abuse lesa 29 Figure 10 Configuring VLAN membership for a pott 0 0 ccc ececccesseecesneeeseee
125. CHO A erene a N O E 181 USB Sharo Por Ccchituectorachtseth enir E EA 182 SMS Service Send SMS 2 ceessecsssecsssnecssnecssscecseseecsseeecseeeecseseecsseeesseeeessseeeessneeess 183 SMS Service Receive SIMS caccancssHsoserundsonehiacecusidecwaynradedosensncnanesletsadaldessacetadeesgiecsagenieds 184 POP3 Authentication Server configuration s ssessnnsseeesnnesssessnessssesssissneesssresneesssesss 185 POPS CA MC HUOIO AG counie NS 186 NT Domain Authentication Server CONFIQUIATION c ce ccccccceessecceesseeeeesseeeeesseeesesseees 187 RADIUS SEIVET configuration sss nisen ai Resets Rea 188 Active Directory Authentication Server configuration eee ccceseeceeesseceeesteeeeesseeeeees 189 LDAP Authentication Server configuration 2 00 eee ce scceesecesteeeeseeeeeeeeesseeeessseeensneeenses 191 Certificate summary for IPsec and HI TPS management cccccccccesseeceeeesseeeees 193 Advanced SWITCH SETINGS enea E E 194 BOvVICE DIVOS seiaerosa en a e a SE 195 Installation of driver language pack s sssssesessssessessssssessssssrsssserressssrresssssresssserressserress 196 Selection of Installed Language oonnnenenseoenessneesssneesseeesssnesssoeessseessoresssnrsssesessseresson 197 User Login policy COMMOTION sesane a elaweeunie es 199 AON o UNM es E E E TTEA 200 License upload field and List of Active LICENSES 0 0 0 ccccccccessseecceeessseeceeesssseeeeeens 201 Remote Management from the WAN
126. DHCP Reserved IPs 8 Q LAN DHCP Reserved IPs List Show entries Right click on record to get more options Q T v v No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last Add New DHCP Reserved IP h h T acari coe J Cn inrratinrn i hte A Aal mo A E d om F A U AL Host Name test ipmact IP Address MAC Address Associate with ON i IP MAC Binding Save 5 12 Intrusion Prevention IPS Security gt Firewall gt IPs The gateway s Intrusion Prevention System IPS prevents malicious attacks from the internet from accessing the private network Static attack signatures loaded to the DSR allow common attacks to be detected and prevented The checks can be enabled between the WAN and DMZ or LAN and a running counter will allow the administrator to see how many malicious intrusion attempts from the WAN have been detected and prevented W DSR 150 150N does not support Intrusion Prevention System 133 Unified Services Router User Manual Figure 79 Intrusion Prevention features on the router a Security Security Firewall IPS This page allows user to configure Intrusion Detection System and Intrusion Preventions system on the router IPS Intrusion Detection Prevention Enable Number of Signatures Loaded Enable Intrusion Detection Co Enable Intrusion Prevention o IPS Checks Active Between LAN
127. DNS Suffix The DNS suffix name which will be given to the SSL VPN client This configuration is optional e Primary DNS Server DNS server IP address to set on the network adaptor created on the client host This configuration is optional e Secondary DNS Server Secondary DNS server IP address to set on the network adaptor created on the client host This configuration is optional e Client Address Range Begin Clients who connect to the tunnel get a DHCP served IP address assigned to the network adaptor from the range of addresses beginning with this IP address Client Address Range End The ending IP address of the DHCP range of addresses served to the client network adaptor VPN gt SSL VPN gt Client Routes If the SSL VPN client is assigned an IP address in a different subnet than the corporate network a client route must be added to allow access to the private LAN through the VPN tunnel As well a static route on the private LAN s firewall typically this router is needed to forward private traffic through the VPN Firewall to the remote SSL VPN 175 Unified Services Router User Manual client When split tunnel mode is enabled the user is required to configure routes for VPN tunnel clients e Destination network The network address of the LAN or the subnet information of the destination network from the VPN tunnel clients perspective is set here e Subnet mask The subnet information of the destination network is set
128. EAP MS CHAP2 context OK DEBUG EAPAUTH MALLOC failed ERROR pCtx NULL DEBUG EAPAUTH_MALLOC failed ERROR Deleted EAP MS CHAP v2 context OK DEBUG NULL context created Error ERROR Not authenticated yet DEBUG NULL context received Error ERROR Authenticator response invalid DEBUG Authenticator ident invalid ERROR Success request message invalid EAP MS CHAPv2 password changed DEBUG Error ERROR rcvd opCode d DEBUG Plugin context is NULL ERROR pCtx NULL DEBUG Deriving implicit challenge Error ERROR TLS message len changed in the fragment ignoring DEBUG Generating NT response Error ERROR no data to send while fragment ack received DEBUG NULL in out buffer Error ERROR TLS handshake successful DEBUG Incorrect vendor id ERROR Allocating memory for outBuff Created EAP TTLS context OK DEBUG ERROR ERROR Deleted EAP TTLS context OK DEBUG AVP code not recognized ERROR No more fragments in message ERROR DEBUG EAPAUTH_ MALLOC failed ERROR Upper EAP sent us method state d Converting password to unicode decision d DEBUG Error ERROR P2 sending fragment DEBUG Generating password hash Error ERROR Generating password hash hash P2 send unfragmented message DEBUG Error ERROR P1 sending fragment DEBUG Generating master key Error ERROR Generating first 16 bytes of session P1 sending unfragmented message DEBUG key Error n ERROR Generating second 16 bytes of
129. G Deleting host s from s group DEBUG S Session Settings DEBUG Adding host s to s group DEBUG Restarting IPv6 Firewall Rules DEBUG Enabling Keyword blocking for s Deleting Port Trigger Rule for keyword DEBUG d d d d d DEBUG Disabling keyword Blocking for s Deleting Port Trigger Rule for keyword DEBUG d d d d d DEBUG Deleting trusted domain with keyword Enabling Port Trigger Rule for S DEBUG Vd d 7 d od DEBUG Disabling Port Trigger Rule for Adding s keyword to trusted domain DEBUG d d d d d DEBUG Enabling Management Access from Enabling Port Trigger Rule for Internet on port d DEBUG d d d dqd d DEBUG Enabling remote access management Disabling Port Trigger Rule for for IP address range DEBUG d d d d d DEBUG Enabling remote access management Adding Port Trigger Rule for to only this PC DEBUG Ad d d d d DEBUG Disabling Management Access from Internet on port d DEBUG Enabling Content Filter DEBUG Disabling remote access management for IP address range DEBUG Disabling Content Filter DEBUG Disabling remote access management only to this PC DEBUG Enabling Content Filter DEBUG MAC Filtering sabled for BLOCK and Setting NAT mode for pLogicallfName PERMIT REST DEBUG s DEBUG MAC Filtering sabled for PERMIT and BLOCK REST DEBUG Enabling DROP for INPUT DEBUG Enabling Content Filtering DEBUG Enabling DROP for FORWARD DEBUG Disabling C
130. IC ERROR msg gt msg_namelen wrong d msg hardware error reseting DEBUG gt msg_namelen ERROR addr family wrong d usin rx FIFO overrun reseting DEBUG gt sin_family ERROR s During Wow Sleep and got udp addr x hu usin BMISS func __ DEBUG gt sin_addr s_addr usin gt sin_port ERROR AC tRTS tAggr Scaling tMin Rate Kbps tHBR tPER LOW THRESHOLD DEBUG Ss s d BAD TUNNEL MAGIC ERROR BE t s t t od t 6d t t s t d DEBUG s s d BAD TUNNEL MAGIC ERROR BK t s tit od t 6d t t os t d DEBUG socki lookup socket file changed ERROR VI Mt s t t odl t 6d t t s t d DEBUG s s d BAD TUNNEL MAGIC ERROR VO I s t t od t Balt t s t d DEBUG rebootHook null function pointer ERROR d p Yolu Ox x Ox x Ox p Ox x Ox x Ox x 0x x DEBUG Bad ioctl command ERROR bb state 0x 08x 0x 08x bbstate sc fResetMod Failed to configure gpio 4ul bbstate sc 5ul DEBUG pin ERROR 08x 08x 08x 08x 08x 08x fResetMod Failed to register interrupt 08x 08X 08x 08x 08x 08x DEBUG handler ERROR noise floor Yd Yd d d d d DEBUG registering char device failed ERROR P 08x 08x 08x 08x 08x 08Bx 08x 08x 08x 08x 08x 08X DEBUG unregistering char device failed ERROR d p Ylu Ox x Ox x Ox p Ox x Ox x Ox x Ox x DEBUG proc entry delete failed ERROR 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x 08x DEBUG proc entry initialization failed ERROR
131. IGMP Setup IGMP Proxy Enable IGMP Proxy selecting this allows the router to listen in on IGMP traffic through the network and manage multicast streams bound for the LAN In the event that aWAN uses Russia Dual Access PPTP L2TP connection the outbound interface for IGMP traffic can be selected Either the physical link DHCP or the PPP link PPTP L2TP can be designated to carry IGMP outbound traffic This applies to any WAN that uses Russia Dual Access PPTP which is set at based on the WAN configuration This setting is specific for Russia Dual Access ISPs where streaming services are run on the physical links only 136 Unified Services Router User Manual Chapter 6 IPsec PPTP L2TP VPN A VPN provides a secure communication channel tunnel between two gateway routers or a remote PC client The following types of tunnels can be created e Gateway to gateway VPN to connect two or more routers to secure traffic between remote sites e Remote Client client to gateway VPN tunnel A remote client initiates a VPN tunnel as the IP address of the remote PC client is not known in advance The gateway in this case acts as a responder e Remote client behind a NAT router The client has a dynamic IP address and is behind a NAT Router The remote PC client at the NAT router initiates a VPN tunnel as the IP address of the remote NAT router is not known in advance The gateway WAN port acts as responder e PPTP server f
132. Logs Settings IPv6 Logs This page allows user to configure log settings for IPv6 network IPv6 Logs LAN to WAN Accepted Packets Dropped Packets WAN Please configure at least one Accepted Packets Dropped Packets yee da 9 4 2 Sending Logs to E mail or Syslog Maintenance gt Log Settings gt Remote Logs Once you have configured the type of logs that you want the router to collect they can be sent to either a Syslog server or an E Mail address For remote logging a key configuration field is the Remote Log Identifier Every logged message will contain the configured prefix of the Remote Log Identifier so that syslog servers or email addresses that receive logs from more than one router can sort for the relevant device s logs 209 Unified Services Router User Manual Once you enable the option to e mail logs enter the e mail server s address IP address or FQDN of the SMTP server The router will connect to this server when sending e mails out to the configured addresses The SMTP port and return e mail addresses are required fields to allow the router to package the logs and send a valid e mail that 1s accepted by one of the configured send to addresses Up to three e mail addresses can be configured as log recipients In order to establish a connection with the configured SMTP port and server define the server s authentication requirements The router supports Login Plain no encryption or C
133. MP manager is provided with this router s Management Information Base MIB file the manager can update the router s hierarchal variables to view or update configuration parameters The router as a managed device has an SNMP agent that allows the MIB configuration variables to be accessed by the Master the SNMP manager The Access Control List on the router identifies managers in the network that have read only or read write SNMP credentials The Traps List outlines the port over which notifications from this router are provided to the SNMP community managers and also the SNMP version vl v2c v3 for the trap 203 Last A Unified Services Router User Manual Figure 135 SNMP Users Traps and Access Control 8 Maintenance Maintenance Management SNMP SNMP Trap List Access Control List SNMP System Info Simple Network Management Protocol SNMP lets you monitor and manage your router from an SNMP manager SNMP provides a remote means to monitor and control network devices and to manage configurations statistics collection performance and security SNMP v3 User List admin RWUSER No Auth No Priv guest ROUSER No Auth No Priv ro Maintenance Maintenance Management SNMP SNMP Trap List SNMP Trap List Control List SNMP System Info The table lists all IP addresses of SNMP agents to which the router will send trap messages SNMP Traps List No data available
134. Manual Figure 147 Dynamic DNS configuration Network Network Internet Dynamic DNS Dynamic DNS WAN1 Settings Dynamic DNS WAN Settings Dynamic DNS WAN Settings WAN Mode Current WAN Mode use only single WAN port WAN1 WANT Dynamic DNS Service Type DynDNS ORAY DLINKDDNS O None Domain Name Status User Name Password Allow Wildcards i Update Periodically 30 Days Save Cancel 9 10 Using Diagnostic Tools Maintenance gt Management gt Diagnostics gt Network Tools The router has built in tools to allow an administrator to evaluate the communication status and overall network health 217 Unified Services Router User Manual Figure 148 Router diagnostics tools available in the GUI 8 Maintenance Maintenance Management Diagnostics Network Tools Network Tools Capture Packets System Check This page can be used for diagnostics purpose This page provides user with some diagnostic tools like ping dns lookup and traceroute Network Tools Command Output for Ping and Traceroute oe Ecco Command Output DNS Lookup Domain Name Command Output Maintenance Management Diagnostics Capture Packets Q Network Tools Capture Packets System Check This page provides user packet sniffer as a diagnostic tool Capture Packets Interface LAN v Start Trace J Stop Trace Download 218 Unified Servi
135. N 2 settings and Time settings 87 Unified Services Router User Manual Wireless Wizard Configuration Network Name SSID sd Network Key Type Manual Wireless Security fs Automatic To prevent outsiders from accessing your network the router will automatically assign a secunty Password Wireless Securty Password Between and 63 characters A longer WPA key is more secure than a to your network Manual Use this options if you prefer to create our own short one key Step 1 of 1 Previous Save 88 Unified Services Router User Manual Wireless Wizard Wireless Wizard Configuration Network Name SSID Po Network Key Type Automatic 4 1 1 4 1 2 Automatic To prevent outsiders from accessing your network the router will automatically assign a secunty to your network Manual Use this options if you prefer to create our own key Wireless Network Setup Wizard This wizard provides a step by step guide to create and secure a new access point on the router The network name SSID is the AP identifier that will be detected by supported clients The Wizard uses a TKIP AES cipher for WPA WPA2 security depending on support on the client side devices associate with this AP using either WPA or WPA2 security with the same pre shared key The wizard has the option to automatically generate a network key for the AP This key is the pre shared key for WPA or WPA2 type security Supporte
136. N proxy section e Enable DNS Proxy To enable the router to act as a proxy for all DNS requests and communicate with the ISP s DNS servers click the checkbox 5 Click Save Settings to apply all changes 15 Unified Services Router User Manual Figure 1 Setup page for LAN TCP IP settings a Network Network LAN LAN Settings Qo le The LAN Configuration page allows you to configure the LAN interface of the router including default behaviour for ping on LAN interfaces the DHCP Server which runs on it and Changes here affect all devices connected to the router s LAN switch and also wireless LAN clients Note that a change to the LAN IP address will require all LAN hosts to be in the same subnet and use the new address to access this GUI Figure 2 Setup page for LAN TCP IP settings b LAN Settings LAN Ping Allow Ping from LAN i IP Address Setup IP Address 192 168 10 1 DHCP Setup Starting IP Address Ending IP Address Default Gateway Lease Time 24 Range 1 262800 Hours 1 Configure DNS WINS DNS Host Name Mapping LAN Proxy Activate DNS Proxy on 16 Unified Services Router User Manual 2 1 1 LAN DHCP Reserved IPs Network gt LAN gt LAN DHCP Reserved IPs The router s DHCP server can assign TCP IP configurations to computers in the LAN explicitly by adding client s network interface hardware address and the IP address to be assigned to that client in DHCP server s
137. Netbios Setup Netbios 4 dada Save Cancel 6 4 2 L2TP Tunnel Support VPN gt L2TP VPN gt Server A L2TP VPN can be established through this router Once enabled a L2TP server is available on the router for LAN and WAN L2TP client users to access Once the L2TP server is enabled L2TP clients that are within the range of configured IP addresses of allowed clients can reach the router s L2TP server Once authenticated by the L2TP server the tunnel endpoint L2TP clients have access to the network managed by the router 148 Unified Services Router User Manual Figure 91 L2TP tunnel configuration L2TP Server VPN L2TP VPN Server Q L2TP allows an external user to connect to your router through the internet forming a VPN This section allows you to enable disable L2TP server and define a range of IP addresses for clients connecting to your router The connected clients can function as if they are on your LAN they can communicate with LAN hosts access any servers present etc L2TP Server Server Setup Enable L2TP Server Enable IPv4 L2TP Routing Mode Nat Classical Range of IP Addresses Allocated to L2TP Clients Starting IP Address Ending IP Address Authentication Database Authentication Local User Database il Authentication Supported PAP a CHAP C a MS CHAP C a MS CHAPv2 C a Encryption Secret Key C a User Time out Idle TimeOut Range 300 1800 Seconds 149 Unifi
138. OR Processing PEAP message ERROR ERROR PEAP pkt rcvd data len d flags d version d DEBUG Processing PEAP message ERROR ERROR Got PEAP Start packet DEBUG Indicated length not valid ERROR ERROR Did not get Acknowledged result Got first fragment DEBUG ERROR ERROR Cannot understand AVP value Got fragment n DEBUG ERROR ERROR Got last fragment DEBUG eapExtResp is NULL ERROR ERROR eapWscCtxCreate Got unfragmented message DEBUG EAPAUTH_MALLOC failed ERROR eapWscProcess umiloctl req to WSC Got frag ack DEBUG failed status d ERROR Ext AVP parsed flags 0x x DEBUG eapWscCheck Invalid frame ERROR Mandatory bit not set WARNING DEBUG eapWscBuildRea Invalid state d ERROR eapWscProcessWscResp Invalid Ext AVP parsed type d DEBUG data recd pData p dataLen ERROR Data received for invalid context Ext AVP parsed value q DEBUG dropping it ERROR eapWscProcessWscResp Build Got PEAPvO success DEBUG Request failed ERROR eapWscProcessWscResp Invalid Got PEAPVO failure DEBUG state d ERROR eapWscProcessWscResp Message pCtx NULL DEBUG processing failed 0x X ERROR 254 Unified Services Router User Manual eapWscProcessWscData Invalid Authenticator response check Error DEBUG notification recd d ERROR Authenticator response check Failed DEBUG unable to initialize MD5 ERROR MDString adpDigestlnit for md5 MS CHAP2 Response AVP size u DEBUG failed ERROR Created
139. OR ERROR ERROR ERROR ERROR ERROR ERROR poe ERROR ERROR ERROR ERROR eee ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router User Manual pppStatsUpdate unable to get DHCPv6 Client stopped successfully DEBUG default MTU ERROR pppoeMgmilnit unable to open the DHCPv 6 Client Restart successful DEBUG database file s ERROR pppoeDisable unable to kill ppp l2teoMgmtTblHandler MtuFlag d DEBUG daemon ERROR pppoeMultipleEnableDisable pppoe l2toMgmtTblHandler Mtu d DEBUG enable failed ERROR pppoeMultipleEnableDisable pppoe l2toMgmtTblHandler IsoName s DEBUG disable failed ERROR pppoeMgmtTblHandler unable to l2toMgmtTbliHandler UserName s DEBUG get current Mtu Option ERROR pppoeMgmtTblHandler unable to l2toMgmtTbliHandler Password s DEBUG get the Mtu ERROR pppoeMgmtTbiHandler pppoe l2teMgmtTblHandler AccountName s DEBUG enable failed ERROR pppoeMgmtDBUpdateHandler failed l2teMgmtTblHandler DomainName s DEBUG query s ERROR l2teoMgmtTblHandler Secret not pppoeMgmtDBUpdateHandler error specified DEBUG in executing ERROR optpMgmtlnit unable to open the l2teoMgmtTblHandler Secret s DEBUG database file s ERROR l2teoMgmtTblHandler dynamic Mylp pptpEnable error executing configured DEBUG command s ERROR pptpEnable unable to resolve l2teoMgmtTblHandler Mylo
140. OR Error from ponacPhyPortParamSet s Getting sending portStatus s d to dott 1 DEBUG MAC address ERROR 273 Unified Services Router pnacRecvASInfoMessage Rkey of length d set 802 1X multicast pnaclsInterfaceUp failed to create a ASSendRitn p ASToAuthRecv p DEBUG raw socket adpRand failed unable to generate onaclsinterfaceUp failed to get random unicast key WARN interface flags using group key as unicast key WARN failed to allocate buffer Integrity check failed more than once in last 60 secs WARN UMI initialization failed MIC failed twice in last 60 secs taking countermeasures WARN UMI initialization failed Error from pnacEapDemoAuthLibInit Failed to set dot11 port status WARN malloc failed Error from pnacEapDemoAuthRecv PTK state machine in NO _ STATE WARN received null EAP pkt Error from pnacEapDemoAuthRecv PTK state machine in NO_STATE WARN send Error from pnacRadXlateASAda PMKSA refcount not 1 WARN cannot open socket Error from pnacRadXlateDemoRecv IV verification failednknown subtype gt WARN received null EAP pkt pnaclfConfig overwriting previous From pnacRadXlateDemoRecv send interface WARN i Error from pnacRadXlateDemoRecv pnaclfConfig overwriting previous WARN RADIUS pnaclfConfig overwriting previous Error from pnacRadXlateDemoRecv username WARN RADIUS Error from pnaclfConfig overwriting previous pnacRadXlateRadidRespSend send password WARN to failed
141. OR nimfOldFieldValueGet user has pKeyBits s DEBUG changed MTU size ERROR nimfAdvOptSetWrap failed to get pRootEnable s DEBUG old Port Speed ERROR nimfAdvOptSetWrap user has pRsaEnable s DEBUG changed Port Speed ERROR nimfAdvOptSetWrap failed to get oDsaEnable s DEBUG old Mac Address ERROR nimfAdvOptSetWrap user has pPassEnable s DEBUG changed Mac Address ERROR nimfAdvOptSetWrap unable to get pEmptyPassEnable s DEBUG Mac Address ERROR nimfAdvOptSetWrap Failed to pSftpEnable s DEBUG RESET the flag ERROR nimfAdvOptSetWrap setting pScpEnable s DEBUG advanced options failed ERROR 247 Unified Services Router User Manual nimfAdvOptSetWrap interface oSshdEnable s advanced options applied ERROR nimfGetUpdateMacFlag unable to pPrivSep s get Flag from MacTable ERROR s DBUpdate event Table s nimfMacGet Updating MAC address opCode d rowld d failed ERROR Re Starting sshd daemon sqlite3QueryResGet failed Query s ERROR sshd re started successfully error executing the command s ERROR sshd stopped error executing the command s ERROR failed query s error executing the command s ERROR vian disabled not applying vian disableLan function is failed to configuration disable ConfigPort ERROR failed query s sqlite3QueryResGet failed Query s ERROR failed query s sqlite3QueryResGet failed Query s ERROR Unable to D
142. P The WPS Current Status section outlines the security authentication and encryption settings of the selected AP These are consistent with the AP s profile There are two setup options available for e Personal Identification Number PIN The wireless device that supports WPS may have an alphanumeric PIN if so add the PIN in this field The router will connect within 60 seconds of clicking the Configure via PIN button immediately below the PIN field There is no LED indication that a client has connected e Push Button Configuration PBC for wireless devices that support PBC press and hold down on this button and within 2 minutes click the PBC connect button The AP will detect the wireless device and establish a link to the client XW More than one AP can use WPS but only one AP can be used to establish WPS links to client at any given time 102 Unified Services Router User Manual Figure 58 WPS configuration for an AP with WPA WPA2 profile Wireless Advanced WPS Q Please configure at least one AP with WPA WPA 2 security to use this feature This page allows you to define and modify the Wi Fi Protected Setup WPS configuration parameters WPS Settings WPS Configuration VAP Name None WPS Status oN WPS Current Status Security NSA Authentication N A Encryption N A 103 Chapter 5 Securing the Private Network You can secure your network by creating and applying rule
143. P Authentication Protocols to connect to the ISP e APN Enter the APN Access Point Name provided by the ISP Domain Name System DNS Servers e Domain name servers DNS convert Internet names such as www dlink com to IP addresses to route traffic to the correct resources on the Internet If you configure your router to get an IP address dynamically from the ISP then you need to specify the DNS server source in this section e DNS Server Source Choose one of the following options O Get Dynamically from ISP Choose this option if your ISP did not assign a static DNS IP address Use These DNS Servers Choose this option if your ISP assigned a static DNS IP address for you to use Also complete the fields that are highlighted white in this section Primary DNS Server Enter a valid primary DNS Server IP Address Secondary DNS Server Enter a valid secondary DNS Server IP Address 82 Unified Services Router User Manual e Configurable Port This page allows you to assign the functionality intended for the Configurable Port Choose from the following options o WAN If this option is selected configure the WAN3 The WAN Mode options are now available as there are two WAN ports for the gateway o DMZ If this option is selected you are able to configure the DMZ port on the DMZ Configuration menu Click Save Settings to save your changes Click Don t Save Settings to revert to the previous settings Figur
144. Pv6 The ICMP type is a numeric value that can range between O and 40 while for ICMPv6 the type ranges from 1 to 255 For a list of ICMP types visit the following URL http www iana org assignments icmp parameters Start Port The first TCP UDP or BOTH port of a range that the service uses If the service uses only one port then the Start Port will be the same as the Finish Port 120 Unified Services Router User Manual 5 6 Finish Port The last port in the range that the service uses If the service uses only one port then the Finish Port will be the same as the Start Port Port The port that the service uses ALG support Security gt Firewall gt ALGs gt SMTP ALGs Application Level Gateways ALGs are security component that enhance the firewall and NAT support of this router to seamlessly support application layer protocols In some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP UDP ports to communicate with the known ports a particular client application such as H 323 or RTSP requires without which the admin would have to open large number of ports to accomplish the same support Because the ALG understands the protocol used by the specific application that it supports it is a very secure and efficient way of introducing support for client applications through the router s firewall 121 Unified Services Router User Manual Figure 68 Available ALG support on the router a Secur
145. Qo le The De Militarized Zone DMZ is a network which when compared to the LAN has fewer firewall restrictions by default This zone can be used to host servers and give public access to them DMZ setup is similar to the LAN TCP IP options The network subnet for the DMZ can be different from the LAN and firewall VPN policies can be customized for the DMZ The DMZ is typically used for network devices that you wish to expose to the internet such as FTP or mail servers DMZ Settings DMZ Setup Enable DMZ a DMZ IP Address IP Address 172 177 100 254 Subnet Mask 200 255 255 0 DHCP for DMZ DHCP Mode None DHCP Server DHCP Relay Starting IP Address 172 17 100 100 Ending IP Address 172 17 100 253 Default Gateway 172 17 100 254 Domain Name DLink Lease Time Range 1 262800 Hours Primary DNS Server Secondary DNS Server WINS Server ll Enable DNS Proxy a ac 34 Unified Services Router User Manual 2 4 ex For DSR 500N and DSR 1000N in order to configure a DMZ port the router s configurable port must be set to DMZ in the Setup gt Internet Settings gt Configurable Port page e amp For DSR 150N and DSR 250N enabling DMZ will result in port 8 of the LAN switch being used for a dedicated DMZ port The other 7 LAN ports remain unchanged Universal Plug and Play UPnP Network gt LAN gt UPnP Universal Plug and Play UPnP is a feature that allows the router to discovery devices on
146. R Generating challenge response Error DEBUG TLS handshake ERROR ERROR Unexpected tlsGlueContinue return Conn cipher name s ver Ss S DEBUG value ERROR Send req ptr 0x x Send resp ptr NULL request or response PDU or 0x x DEBUG NULL context ERROR Request ptr 0x x DEBUG Protocol version mismatch ERROR ERROR Response ptr 0x x DEBUG Creating receive buffer ERROR ERROR Revd AVP Code ul DEBUG Setting first fragment ERROR ERROR Revd AVP flags 0x 02x DEBUG Setting fragment ERROR ERROR Revd AVP len ul DEBUG Setting last fragment ERROR ERROR Revd AVP vendor id ul DEBUG Getting message ERROR ERROR tCode d DEBUG Processing TTLS message ERROR ERROR tldent d DEBUG Processing TTLS message ERROR ERROR tLen d DEBUG Processing TTLS message ERROR ERROR tType d DEBUG Decapsulating AVP ERROR ERROR tOpCode d DEBUG Processing EAP receive Error ERROR tMSID d DEBUG AVP code not EAP Error ERROR 256 Unified Services Router tmsLen d tvalSize d Frag Buffer bytes left d Stripped username s digestLen d ClearText CipherText digestLen d digestLen1 d digestLen2 d password change is not allowed for this user completed writing the policy completed writing the SA completed writing the proposal block cmdBuf s X509_ DEBUG Invalid Certificate for the generated X590_ E
147. R malloc DB_UPDATE_NODE failed ERROR short ifDev event request ERROR salite3_moprintf failed ERROR no component id matching s ERROR umiloctl s UMI_CMD_DB_UPDATE d failed ERROR sqlite3_mprintf failed ERROR sqlite3_mprintt failed ERROR no component id matching s ERROR 263 Failed to execute usb database update handler Usage s lt DBFile gt lt opType gt lt tbIName gt lt rowld gt Illegal invocation of snmpConfig s Invalid Community Access Type Invalid User Access Type Invalid Security Level Invalid Authentication Algorithm Invalid Privacy Algorithm Invalid Argument Failed to allocate memory for enginelD SNMP_DEBUG Failed to get host address SNMP_DEBUG FOPEN failed sqlite3QueryResGet failed Query s sqlite3QueryResGet failed Query s Invalid Security Level Invalid Authentication Algorithm Invalid Privacy Algorithm Failed to Get Host Address Invalid version snmp v3 Trap Configuration Failed sqlite3QueryResGet failed query s sqlite3QueryResGet failed Query s Failed to Open Snmp Configuration File Failed to write access control entries Failed to write snmpvs users entries Failed to write snmp trap entries Failed to write system entries Failed to restart snmp S failed with status Error in executing DB update handler s Unable to open file s RADVD start failed RADVD stop failed failed to create open RADVD configuration file s
148. RAM MDS5 encrypted for the username and password data to be sent to the SMTP server Authentication can be disabled if the server does not have this requirement In some cases the SMTP server may send out IDENT requests and this router can have this response option enabled as needed Once the e mail server and recipient details are defined you can determine when the router should send out logs E mail logs can be sent out based on a defined schedule by first choosing the unit i e the frequency of sending logs Hourly Daily or Weekly Selecting Never will disable log e mails but will preserve the e mail server settings Figure 141 E mail configuration as a Remote Logging option O Maintenance Maintenance Logs Settings Remote Logs Q This page allows user to configure the remote logging options for the router Remote Logging Remote Log Identifier DSR 250N E Mail Log E Mail Server Address SMTP Port Range 1 65535 Return E Mail Address Send to E Mail Address 1 Send to E Mail Address 2 Optional Send to E Mail Address 3 Optional Authentication with SMTP None I Plain Login I CRAM MD5 Respond to Identd from SMTP lo E Mail log by schedule Unit Never I Hourly D Daily I Weekly Save Cancel An external Syslog server is often used by network administrator to collect and store logs from the router This remote device typically has less memory constrain
149. ROR s Cannot allocate space for mode s desc gt ifmt_string DEBUG Scompressor fname ERROR s cannot allocate space for MPPC lt unknown subtype gt DEBUG history ERROR s cannot allocate space for MPPC S desc gt ifmt_string DEBUG history ERROR S S seen_option DEBUG s cannot load ARC4 module fname ERROR s no memory for sysctl table WS S seen_option DEBUG s cannot load SHA1 module fname ERROR s CryptoAPI SHA1 digest size too S seen_option gt DEBUG small fname ERROR s cannot allocate space for SHA1 S S dev gt name buf DEBUG digest fname ERROR __ func __ DEBUG S d trying to write outside history ERROR S failed to register sysctls vap gt iv_dev gt name DEBUG s d trying to write outside history ERROR Atheros HAL assertion failure s line Sou YS DEBUG Ss d trying to write outside history ERROR ath_hal logging to s s S d too big uncompressed packet ath_hal_logfile DEBUG d ERROR S d encryption negotiated but not ath_hal logging disabled DEBUG an ERROR S d error not an MPPC or MPPE S S sep ath_hal_buildopts i DEBUG frame ERROR ath_pci No devices found driver not Kernel doesn t provide ARC4 and or installed DEBUG SHA1 algorithms ERROR d pri d qd u ad u sd u tot Yu amp d 02x 02x 02x DEBUG PPP not interface or channel ERROR SC Pus
150. RROR Failed to create File S x509TblHandler pCertType s pRowQueryStr s x509SelfCertTblHandler pRowQueryStr s S DBUpdate event Table s opCode d rowld d umiRegister failed eapAuthHandler Invalid data received EAPAUTH_ MALLOC failed malloc failed BIO_new_mem_buf failed malloc failed BIO_new_mem_buf failed SSL_CTX_new TLSv1_client_method failed unable to set user configured CIPHER list S Certificate verification failed Server name match failed Got s expected DEBUG DEBUG DEBUG DEBUG ERROR ERROR Encapsulating AVP ERROR profile s doesnt exist profile s is in use profile s already exists EAPAUTH MALLOC failed User not found EAP MD5 not enabled in system configuration EAP MSCHAPV2 not enabled in system configuration EAP TLS not enabled in system configuration EAP TTLS not enabled in system configuration EAP PEAP not enabled in system configuration EAP WSC not enabled in system configuration PAP not enabled in system configuration CHAP not enabled in system configuration MSCHAP not enabled in system configuration MSCHAPV2 not enabled in system configuration PAP Token not enabled in system configuration EAP MD5 not enabled in system configuration EAP MSCHAPV2 not enabled in system config EAP TLS not enabled in system configuration EAP TTLS and EAP PEAP are not valid as inner invalid innerAuth d
151. RTHERMORE D LINK WILL NOT BE LIABLE FOR THIRD PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES D LINK WILL IN NO EVENT BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT D LINK RECEIVED FROM THE END USER FOR THE PRODUCT Unified Services Router User Manual Table of Contents Chapter 1 Chapter 2 Chapter 3 IFO CLEC TO iena E saleasaabaaina tees E ATTS 11 1 1 ADOUT tis User Manual fexetccca Snes haceniece a S 12 1 2 Typographical CONVENTIONS enseseeeseneosseessseesseessseesseosssresseesssresseosssessseosseesssees 12 Configuring Your Network LAN Setup ccc eccsccccsseeeeseeessneeesseeesseeessseeessseeessneeensgs 13 2 1 LAIN UCOMMO EAU OM zeinean E e T 13 2A JLAN DACP R served PS vrs sssinchasscvesne sesso ninsdesneisieceastouceeteasseos EA T 17 2 1 2 LAN DHCP Leased GIO NtS sicispibshscnceasbactediecencnoi as sheiideuweniessaueeAieiateceed a 19 2 1 38 LAN Configuration in an IPv6 Network ec cecccecesccceeseeeseneeeesteeenseeessneeenees 19 2 1 4 Configuring IPv6 Router Advertisements ccc cecceceseeeeeseeeeeteeesseeenseeenees 21 22 YVLEAN COMU AUO icoane EN E EE 25 2 2 1 Associating VLANS tTO POTIS ceee E 27 2 2 2 Multiple VLAN Subnets ee ccsssecsssecsssnecssssecssscecssseecsessecssaeecssseeessneeeees 30 22223 NAGANECONMGULA OM i sdencncccsansheceasantncabanibaandsaeonsuneniesoasacncdsanheucmieanieceaniesenasoaces 31 2 3 Configurable Port DMZ Setup ccecccccsssecesssseccssss
152. S Len d msg len DEBUG gt iac_name INFO wlan s acl policy unregistered iac 02x uint8_t ptr i DEBUG siac_name INFO End DEBUG s tmpbuf INFO CVM_MOD_EXP_BASE MISMATCH cmd x base x cmd DEBUG VLAN2 INFO op gt sizeofptr ld op gt sizeofptr DEBUG VLAN3 INFO opcode cmd x cmd DEBUG VLAN4 lt d ds INFO modexp opcode received DEBUG S S dev_info version INFO Memory Allocation failed DEBUG s driver unloaded dev_info INFO modexpcrt opcode received DEBUG S buf INFO kmalloc failed DEBUG S S dev_info ath_hal_version INFO kmalloc failed DEBUG s driver unloaded dev_info INFO S WS mem 0x lx irq d kmalloc failed DEBUG hw_base 0x p INFO kmalloc failed DEBUG S S dev_info version INFO kmalloc Failed DEBUG s driver unloaded dev_info INFO kmalloc failed DEBUG S YS Mem OxVWlx irq d INFO unknown cyrpto ioctl cmd received x cmd DEBUG S S mem 0x lx irq d INFO register_chrdev returned ZERO DEBUG S YS dev_info version INFO const char descr kro5_keyblock k DEBUG s driver unloaded dev_info INFO F password amp pdata DEBUG s buf INFO test key key DEBUG s s dev_info ath hal version INFO pre hashed key key DEBUG s driver unloaded dev_info INFO const char descr kro5_keyblock k DEBUG s driver unloaded dev_info INFO AES 128 bit key amp key DEBUG s Version
153. Schedules to bind to a firewall rule Security Security Firewall Schedules Q When you create a firewall rule you can specify a schedule when the rule applies The table lists all the Available Schedules for this device and allows several operations on the Schedules Schedules List Show 10 v entries Right click on record to get more options a T v v v No data available in table Showing 0 to 0 of 0 entries K First 4 Previous Next gt Last gt Add New Schedule Schedules Configuration 9 Scheduled Days Do you want this schedule all Days Specific Days to be active on all days or specific days Monday C ea Tuesday C ea Wednesday C ea Thursday C a Saturday C Te Friday ah Sunday C Te Start Time HH MM AM PM TE ETE AM End Time End Time Scheduled Time of Day r Do you want this schedule all Day amp Specific Times to be active all day or at specific times during the day 107 Unified Services Router User Manual 5 3 Configuring Firewall Rules Security gt Firewall gt Firewall Rules gt IPv4 Firewall Rules All configured firewall rules on the router are displayed in the Firewall Rules list This list also indicates whether the rule is enabled active or not and gives a summary of the From To zone as well as the services or users that the rule affects To create a new firewall rules follow the steps below 1 View the
154. SendRespToServer malloc failed Error from pnacSendRespToServer no AS configured Error from pnacTxStart basic pkt create failed Error from pnacTxStart basic pkt create failed Error from pnacTxRspld eap pkt create failed Error from pnacTxRspAuth eap pkt create failed Error from pnacEapPktRecord EAP packet too Error from pnacEapPktRecord from pnacBackAuthTimeout calling pnacTxCannedFail hmac_md5 adoHmacContextCreate failed hmac_md5 adpHmaclnit failed pnacUmiloctlHandler invalid cmd d pnacEapRadAuthSend Invalid arguments pnacEapRadAuthSend failed to allocate inbuffer pnacXmit umiloctl failed d pnacPDUForward Invalid input pnacPDUForward error in getting port pae information pnacPDUForward error allocating memory pnacUmilfMacAddrChange s not configured for 802 1x pnacUmilfMacAddrChange could not process PDU received pnacUmiPhyPortConfig Invalid config data User Manual Unified Services Router sqlite3QueryResGet failed Query s startStopVap failed to stop s Invalid SQLITE operation code d src doti 1 mgmt dot1 1Mgmt c 1177 ADP_ERROR only delete event expected on dot11RogueAP sqlite3QueryResGet failed unhandled database operation d sqlite3QueryResGet failed failed to configure WPS on s sqlite3QueryResGet failed sqlite3QueryResGet failed sqlite3QueryResGet failed sqlite3QueryResGet failed sqlite3QueryResGet failed no VAP rows returned expected one multiple
155. Spanish EAANVIK Greek Fran ais French Italiano Italian Latviski Latvian Lietuviy Lithuanian Nederlands Dutch Malt Maltese Magyar Hungarian Le Polski Polish User Manual D Link Corporation timto prohlaSuje Ze tento DSR 1000N je ve shod se zakladnimi po adavky a dal mi prisluSnymi ustanoven mi sm rnice 1999 5 ES Undertegnede D Link Corporation erkl rer herved at f lgende udstyr DSR 1000N overholder de v sentlige krav og vrige relevante krav i direktiv 1999 5 EF Hiermit erkl rt D Link Corporation dass sich das Ger t DSR 1000N in bereinstimmung mit den grundlegenden Anforderungen und den brigen einschl gigen Bestimmungen der Richtlinie 1999 5 EG befindet K esolevaga kinnitab D Link Corporation seadme DSR 1000N vastavust direktiivi 1999 5 EU p hin uetele ja nimetatud direktiivist tulenevatele teistele asjakohastele s tetele Hereby D Link Corporation declares that this DSR 1000N is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC Por medio de la presente D Link Corporation declara que el DSR 1000N cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999 5 CE ME THN IIAPOY2A D Link Corporation AHAQNEI OTI DSR 1000N 2YMMOP ONETAI MPO2 TI OYZIOAEIZ ANMAITHZEI2 KAI TI AOINE 2XETIKE2 AIATA El2 TH OAHTIA 1999 5
156. Static IP Optional Auto negotiate Always On On Demand Get Dynamically from ISP Use These DNS Servers Use Default MAC Clone your PC s MAC Use this MAC Default Custom Auto Sense Most PPPoE ISP s use a single control and data connection and require username password credentials to login and authenticate the DSR with the ISP The ISP connection type for this case is PPPoE Username Password The GUI will prompt you for authentication service and connection settings in order to establish the PPPoE link For some ISP s most popular in Japan the use of Japanese Multiple PPPoE is required in order to establish concurrent primary and secondary PPPoE connections between the DSR and the ISP The Primary connection is used for the bulk of data and internet traffic and the Secondary PPPoE connection carries ISP specific i e control traffic between the DSR and the ISP 49 Unified Services Router User Manual Figure 23 WAN configuration for Japanese Multiple PPPoE part 1 Network Network Internet WAN1 Settings This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses Account Information etc This information is usually provided by your ISP or network administrator IPv4 WAN Settings WAN Setup Connection Type Japanese multiple PPPoE Enable VLAN Tag Japanese PPPoE
157. The router has not yet successfully reached a network time server NTS Recommended action 1 If you have just configured the router wait at least 5 minutes select Administration gt Time Zone and recheck the date and time 2 Verify your Internet access settings Symptom Time is off by one hour Possible cause The router does not automatically adjust for Daylight Savings Time Recommended action 1 Select Administration gt Time Zone and view the current date and time settings 2 Click to check or uncheck Automatically adjust for Daylight Savings Time then click Apply Pinging to Test LAN Connectivity Most TCP IP terminal devices and firewalls contain a ping utility that sends an ICMP echo request packet to the designated device The DSR responds with an echo reply Troubleshooting a TCP IP network is made very easy by using the ping utility in your PC or workstation 11 3 1 Testing the LAN path from your PC to your router 1 From the PC s Windows toolbar select Start gt Run 2 Type ping lt IP_address gt where lt IP_address gt is the router s IP address Example ping 192 168 10 1 3 Click OK 235 Unified Services Router User Manual 4 Observe the display e If the path is working you see this message sequence Pinging lt IP address gt with 32 bytes of data Reply from lt IP address gt bytes 32 time NN ms TTL xxx e If the path is not working you see this message sequence
158. UG Route already exists DEBUG Route addition failed Network Disabling WAN DMZ rules DEBUG Unreachable DEBUG Enabling WAN DMZ rules DEBUG Route addition failed Network is down DEBUG Restarting DMZ rule having s address with s address DEBUG Route addition failed DEBUG Enabling LAN DHCP relay DEBUG Failed to add rule in iptables DEBUG OneToOneNat configured successfully DEBUG Failed to delete rule from iptables DEBUG fwLBSpillOverConfigure Something OneToOneNat configuration failed DEBUG going wrong here ERROR fwLBSpillOverConfigure unable to get Deleting scheduled IPv6 rules DEBUG interfaceName ERROR delete from FirewallRules6 where fwLBSpillOverConfigure Could not set ScheduleName s DEBUG PREROUTING rules ERROR Update FirewallRules6 where fwLBSpillOverConfigure Could not set ScheduleName s to New DEBUG POSTROUTING rules ERROR fwLBSpillOverConfigure Something Dns proxy Restart failed DEBUG going wrong Here ERROR fwL2TPGenericRules c unable to deleting interface to ifgroup failed DEBUG open the database file ERROR fwL2TPGenericRules c inet_aton adding interface to ifgroup failed DEBUG failed ERROR deleting interface pVirtlface s from fwPPTPGenericRules c unable to ifgroup d DEBUG open the database file ERROR adding interface pVirtlface s to fwPPTPGenericRules c inet_aton ifgroup d failed DEBUG failed ERROR DNS proxy firewall rule add failed for Del
159. UG DEBUG DEBUG Failed to execute vlanConfig binary for port number d Failed to clear vlan for oldPVID d Failed to execute vianConfig binary for port number d Failed to clear vlan for d Failed to set vian entry for vlan d Failed to set vian entries while enabling Failed to execute vilanConfig binary for port number d Failed to execute vlanConfig binary for vianld d Failed to enable vlan Failed to disable vian Failed to set vlanPort table entries while Failed to enable vlan unknown vlan state threegMgmtlnit unable to open the database file s threegConnEnable failed to get the WanMode threegEnable spawning failed threegDisable unable to kill ppp daemon threegMgmtHandler Query s threegMgmtHandler error in executing database update Error in executing DB update handler are we getting invoked twice could not open s to append could not write nameserver s to AS could not write nameserver s to S could not open s to truncate dnsResolverConfigMgmtlnit unable to open the resolverConfigDBUpateHandler sqlite8QueryResGet could not configure DNS resolver dnsResolverConfigure could not write nameserver sS unboundMgmt unable to open the ioctl call Failed could not update active user Details sqlite3QueryResGet failed Query s Can t kill xl2tod xl2tpd restart failed 250 User Manual Unified S
160. UG _ initial ERROR oFB is NULL DEBUG couldnt write d data to TLS buffer ERROR invalid flags s passed to Buffer cannot hold message ERROR DEBUG eapTlsBuildResp ERROR oFB is NULL Error DEBUG EAPAUTH MALLOC failed ERROR oFB is NULL DEBUG tlsGlueCtxCreate failed ERROR TLS_FB is NULL DEBUG Context NULL ERROR ERROR oFB gt msgBuff is NULL DEBUG Setting profile to glue layer ERROR ERROR Error calculating binary DEBUG _eapCtxCreate failed ERROR a d authentication not enabled in the Error calculating binary DEBUG system ERROR Initializing inner non EAP auth plugin adpDigestlnit for SHA1 failed DEBUG ERROR ERROR adpDigestInit for SHA1 failed DEBUG TTLS key derive ERROR ERROR TTLS context from EAP plugin is E d DEBUG NULL ERROR ERROR Allocating memory for TTLS Phase 2 R d DEBUG payload ERROR ERROR Could not initialize des ecb DEBUG TLS Encrypting response ERROR ERROR Allocating TLS read buffer is NULL adpDigestlnit for MD4 failed DEBUG ERROR ERROR Inner authentication id d adpDigestlnit for SHA1 failed DEBUG unhandled ERROR adpDigestInit for SHA failed DEBUG innerEapRecv is NULL ERROR ERROR Error converting received auth reponse to bin DEBUG Decrypting TLS data ERROR ERROR Gnerating challenge hash Error DEBUG Processing Phase 2 method Error ERROR Generating password hash Error DEBUG Writing message to BIO ERROR ERRO
161. Unified Services Router User Manual Regulatory statement R amp TTE European standards dictate maximum radiated transmit power of 100mW EIRP and frequency range 2 400 2 4835GHz In France the equipment must be restricted to the 2 4465 2 4835GHz frequency range and must be restricted to indoor use Operation of this device is subjected to the following National regulations and may be prohibited to use if certain restriction should be applied D 0 020m is the minimum safety distance between the EUT and human body when the E Field strength is 61V m NCC Warning Statement Article 12 Without permission any company firm or user shall not alter the frequency increase the power or change the characteristics and functions of the original design of the certified lower power frequency electric machinery Article 14 The application of low power frequency electric machineries shall not affect the navigation safety nor interfere a legal communication if an interference is found the service will be suspended until improvement is made and the interference no longer exists 313 Unified Services Router User Manual 4 DSR 150N Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equ
162. User Manual Unified Services Router D Link Corporation Copyright 2014 http www dlink com Unified Services Router User Manual User Manual DSR 150 150N 250 250N DSR 500 500N 1000 1000N Unified Services Router Version 2 02 Copyright 2014 Copyright Notice This publication including all photographs illustrations and software is protected under international copyright laws with all rights reserved Neither this manual nor any of the material contained herein may be reproduced without written consent of the author Disclaimer The information in this document is subject to change without notice The manufacturer makes no representations or warranties with respect to the contents hereof and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose The manufacturer reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of the manufacturer to notify any person of such revision or changes Limitations of Liability UNDER NO CIRCUMSTANCES SHALL D LINK OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF ANY CHARACTER E G DAMAGES FOR LOSS OF PROFIT SOFTWARE RESTORATION WORK STOPPAGE LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE D LINK PRODUCT OR FAILURE OF THE PRODUCT EVEN IF D LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES FU
163. VAP rows returned expected one sqlite3QueryResGet failed invalid query result ncols d nrows d s VAP s create failed sqlite3QueryResGet failed invalid query result ncols d nrows d Facility Kernel User Manual pnacUmiPhyPortConfig Invalid backend name specified ERROR pnacUmiPhyPortConfig could not create PNAC physical ERROR pnacUmiAuthConfig Invalid config data ERROR opnacUmiAuthConfig Invalid backend name specified ERROR unable to create new EAP context ERROR unable to apply s profile on the EAP context ERROR pnacUmiAuthConfig could not configure PNAC PAE ERROR opnacUmiSuppConfig Invalid config data ERROR pnacUmiSuppConfig Invalid backend name specified ERROR pnacUmiSuppConfig s not configured for 802 1x ERROR pnacUmiSuppConfig could not PNAC port Access ERROR pnacUmiSuppConfig Failed to register user information ERROR pnacPortByMacDeconfig port not found ERROR pnacPortByMacDeconfig port not found ERROR onacUmilfDown Invalid config data ERROR pnacUmilfDown Invalid config data ERROR Error from pnacPortDeconfig port not configured ERROR pnacUmilfDown could not de configure port ERROR onacUmiPhyPortDestroy Invalid config data ERROR onacUmiPhyPortDestroy Invalid config data ERROR pnacUmiPhyPortDestroy Failed to destroy the port ERROR Invalid config data ERROR DNAT multiple ranges no longer supported DNAT Target size u wrong fo
164. _kernel txt 304 KERN ERR ERROR JBD recovery pass d ended at ERROR S S d BAD SESSION MAGIC ERROR S S d BAD TUNNEL MAGIC ERROR msg gt msg_namelen wrong d msg gt msg_namelen ERROR addr family wrong d usin gt sin_family ERROR udp addr x hu usin gt sin_addr s_addr usin gt sin_port ERROR S S d BAD TUNNEL MAGIC ERROR S Y S d BAD TUNNEL MAGIC ERROR socki_lookup socket file changed ERROR S Y S d BAD TUNNEL MAGIC ERROR S S d BAD SESSION MAGIC ERROR S S d BAD TUNNEL MAGIC ERROR msg gt msg_namelen wrong d msg gt msg_namelen ERROR addr family wrong d usin gt sin_family ERROR udp addr x hu usin gt sin_addr s_addr usin gt sin_port ERROR 294 Unified Services Router User Manual s cancel DFS WAIT period on channel d _ func ___ SC gt sc_curchan channel DEBUG s s d BAD TUNNEL MAGIC ERROR Non DFS channel cancelling previous DFS wait timer channel d sc gt sc_curchan channel DEBUG s s d BAD TUNNEL MAGIC ERROR s unable to reset hardware hal status Yu DEBUG socki_lookup socket file changed ERROR s unable to start recv logic func __ DEBUG S S d BAD TUNNEL MAGIC ERROR s unable to start recv logic func __ DEBUG s s d BAD SESSION MAGIC ERROR s unable to reset hardware hal status u DEBUG s s d BAD TUNNEL MAG
165. a VLAN to a physical port The VLAN Port table displays the port identifier the mode setting for that port and VLAN membership information Go to the Available VLAN page to configure a VLAN membership that can then be associated with a port Port VLANs List OptionalPort Access 1 1 Forti Access 1 1 Port2 Access 1 1 Ports Access 1 1 Portd Access 1 1 Ports Access 1 1 Fort Access 1 1 Port Access 1 1 Showing 1 to 6 of 8 entries 2 2 2 Multiple VLAN Subnets Network gt VLAN gt VLAN Settings This page shows a list of available multi VLAN subnets Each configured VLAN ID can map directly to a subnet within the LAN Each LAN port can be assigned a unique IP address and a VLAN specific DHCP server can be configured to assign IP address leases to devices on this VLAN VLAN ID The PVID of the VLAN that will have all member devices be part of the same subnet range IP Address The IP address associated with a port assigned this VLAN ID Subnet Mask Subnet Mask for the above IP Address 30 Unified Services Router User Manual Figure 11 Multiple VLAN Subnets Network Network VLAN WLAN Settings Q le The router supports virtual network isolation on the LAN with the use of VLANs LAN devices can be configured to communicate in a subnetwork defined by VLAN identifiers VLAN Configuration Vlan Enable on VLAN List Show 10 entries Right click on record to get more options a Default 1 192 168
166. about authorized AP list ERROR pnacUmilnit UMI initialization failed ERROR Recd IE data for non existent AP s ERROR could not start PNAC task ERROR Recd IE data for wrong AP s ERROR invalid aruments ERROR Received Invalid IE data from WSC ERROR pnaclfNameTolndex failed ERROR pnacPhyPortParamSet device invalid Recd IE data for non existent AP s ERROR s d ERROR Recd WSC Start command without pnacPhyPortParamSet EILOCGADDR interface name ERROR ioctl failed ERROR onacPhyPortParamSet multicast Recd WSC start for non existent AP s ERROR addr add ioctl failed ERROR onacPhyPortParamUnset multicast Recd WSC start for wrong AP s ERROR addr del ioctl failed ERROR Unable to send WSC_WLAN_CMD_ PORT to WSC ERROR onacPDUXmit Invalid arguments ERROR pnacPDUXmit failed to get Failed to get the ap context for s ERROR M BLK_ID ERROR WPS can only be applied to from pnaclsinterfaceUp device WPA WPA2 security profiles ERROR S d invalid ERROR pnacRecvRin dropping received wpsEnable running wsccmd failed ERROR packet as port is ERROR Failed to get the ap context for s ERROR onacSendRin Invalid arguments ERROR WPS conf under non WPA WPA2 pnacSendRin no physical port security setting ERROR corresponding to ERROR Failed to reset the Beacon Frame IE in pnacSendRin dropping packet as the driver ERROR port ERROR Failed to reset the Beacon Frame IE in pnacAuthBuildRC4KeyDesc the drive
167. accesses this portal This field is optional Banner title The banner title that is displayed to SSL VPN clients prior to login This field is optional Banner message The banner message that is displayed to SSL VPN clients prior to login This field is optional Display banner message on the login page The user has the option to either display or hide the banner message in the login page HTTP meta tags for cache control This security feature prevents expired web pages and data from being stored in the client s web browser cache It is recommended that the user selects this option ActiveX web cache cleaner An ActiveX cache control web cleaner can be pushed from the gateway to the client browser whenever users login to this SSL VPN portal SSL VPN portal page to display The User can either enable VPN tunnel page or Port Forwarding or both depending on the SSL services to display on this portal Once the portal settings are configured the newly configured portal is added to the list of portal layouts VPN gt SSL VPN gt Portal Layout gt Add New SSI VPN Portal Layout This pages allows the admin to create a custom SSL VPN portal layout This new portal is for local DB authentication using the SSL VPN group user and then the port forward connection for this local database portal is available 178 Unified Services Router User Manual Figure 114 SSL VPN Portal configuration E SSL VPN Fortal Layout Contiguration
168. age device connected to the router to be shared across the network Sharing Enabled interfaces The LAN interfaces on which USB sharing is enabled at least one interface must be selected to begin sharing Enable Printer Enables printer sharing on the selected interface Enable Storage Enables storage device sharing on the selected interface 182 Unified Services Router User Manual 8 3 SMS service Maintenance gt Administration gt SMS Service gt Inbox The D Link Services Router has a USB interface to connect 3G modem support to send and receive Short Messaging Service The received messages can be seen in the Inbox and allows the user to create a new SMS If WAN3 is used in dedicated wan mode load balancing mode or if 3G USB Device is not connected to router then the controls on this page will be greyed out Figure 117 SMS Service Send SMS 5 ge Maintenance Maintenance Administration SMS Service Inbox Q Q O o Inbox Create SMS SMS This page allows the users to check received messages in the Inbox and also to create new messages Inbox Idea welcomes you to Mumbai Roam across India on Idea at affordable call rates with free incoming SMS Idea Mumbai helpline 0 IA IDEA 13 10 18 22 23 02 no 919702012345 Idea welcomes you to Mumbai Roam across India on Idea at affordable call rates with free incoming SMS Ildea Mumbai helpline 1 IA IDEA 13 10 25 10 51 33 no 919702012345 Showing
169. agments in message KS DEBUG ERROR ERROR No phase 2 data or phase 2 data Received EAP Packet with code d DEBUG buffer NULL ERROR ERROR Allocating memory for PEAP Phase 2 Response ID d DEBUG payload ERROR ERROR Response Method d DEBUG TLS encrypting response ERROR ERROR Setting message in fragment buffer Created EAP PEAP context OK DEBUG ERROR ERROR Allocating TLS read buffer is NULL Deleted EAP PEAP context OK DEBUG ERROR ERROR Upper EAP sent us decision d method state d DEBUG Setting last fragment ERROR ERROR P2 decision d methodState d DEBUG Getting message ERROR ERROR Writing message to BIO ERROR DEBUG Processing PEAP message ERROR ERROR Encrypted d bytes for P2 DEBUG Setting fragment ERROR ERROR P2 sending fragment DEBUG Creating receive buffer ERROR ERROR P2 message size d DEBUG Setting first fragment ERROR ERROR P2 sending unfragmented message DEBUG Sending P1 response ERROR ERROR NULL request or response PDU or P1 Sending fragment DEBUG NULL context ERROR ERROR Expecting start packet got something P1 Total TLS message size d DEBUG else ERROR ERROR P1 sending unfragmented message peapFragFirstProcess TLS record size Processing PEAP message from DEBUG Protocol version mismatch ERROR ERROR Setting version d DEBUG to receive d DEBUG frag ERROR ERR
170. aining IP addresses 68 Unified Services Router User Manual can be assigned to the other WAN link Protocol bindings are only applicable when load balancing mode is enabled and more than one WAN is configured Figure 36 Protocol binding setup to associate a service and or LAN source to a WAN and or destination network Network Network Routing Protocol Binding O This page shows the configured protocol bindings A user can also add delete edit enable or disable the protocol bindings Protocol bindings are required when the Load Balancing feature is in use and are only applicable when two Option links are configured This feature lets you assign a service to a particular Option link to ensure the high priority services are sent to the more reliable or less expensive ISP Protocol Bindings List No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last a Add New Protocol Bindi 3 4 4 IP Aliasing Network gt Internet gt IP Aliasing A single WAN ethernet port can be accessed via multiple IP addresses by adding an alias to the port This is done by configuring an IP Alias address Figure 37 Configuring the IP Alias Network Network Internet IP Aliasing Q le This page displays the configured IF Aliases on Option interfaces User can also add delete and edit the IP Alias also A single Option Ethernet port can be accessed via multiple IP addresses
171. alid eapAuthType d eapTypeToAuthType Invalid eapType d unable to create method context method ctxCreate failed Invalid condition methodState d respMethod d A EAP Ctx map already exists eap TimerCreate Currently unsupported for Peer role eapTimerStart Currently unsupported for Peer role eap TimerDestroy Currently unsupported for Peer role eap TimerCancel Currently unsupported for Peer role eap TimerHandler Currently unsupported for Peer role ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR User Manual Error cleaning digest context ERROR Error destroying digest context ERROR Error stripping domain name ERROR Error cleaning digest context ERROR Error cleaning digest context ERROR Challenge not present in failure packet ERROR Wrong challenge length ERROR Incorrect password change version value ERROR Error generating password hash ERROR Error generating password hash ERROR Error encrypting password hash with block ERROR Could not initialize des ecb ERROR Error cleaning cipher context ERROR Error cleaning cipher context ERROR Error cleaning digest context ERROR Error cleaning digest context ERROR adpDigestinit for SHA1 failed ERROR X509_ERROR Query s ERROR X509_ ERROR Invalid Certificate for the ERROR invalid x509 certificate ERROR Couldn t get the x509 cert hash ERROR Memory allocation
172. ame couldn t resolve hostname s radGetHostIP couldn t get hostname radGetHostIP couldn t get host IP address RADIUS dictionary loading failed Failed to set default timeout value Failed to set default retries value ERROR incomplete DB update information old values result does not contain 2 rows sqlite3QueryResGet failed empty update nRows d nCols d Error in executing DB update handler sqlite3QueryResGet failed Invalid SQLITE operation code d sqlite3QueryResGet failed empty result nNRows d nCols d sqlite3QueryResGet failed empty result nNRows d nCols d RADIUS Accounting Exchange Failed Unable to set debug for radAcct Unable to set debug level for radAcct ERROR option value not specified ERROR option value not specified Unable to initialize RADIUS radEapMsgQueueAdd Invalid EAP packet length d radEapRecvTask invalid EAP code d radEapRecvTask Packet length mismatch d d No attributes received in Access Challenge message No State Attribute in Access Challenge message radEapRecv Task failed to initialize UMI umiRegister failed errno d Invalid arguments to ioctl handler 260 User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR
173. ame but belonging to different groups can be authenticated since the user information is stored in a hierarchal manner Also of note is that configuring a LDAP server on Windows or Linux servers is considerably less complex than setting up NT Domain or Active Directory servers for user authentication The details configured on the router will be passed for authenticating the router and its hosts The LDAP attributes domain name DN and in some cases the administrator account amp password are key fields in allowing the LDAP server to authenticate the router 190 Unified Services Router User Manual Figure 124 LDAP Authentication Server configuration Security Security Authentication External Auth Server LDAP Server Radius Server POP3 Server POP3 Trusted CA LDAP Server AD Server NT Domain This page allows a user to configure authentication servers for LDAP authentication LDAP Server Configuration eee THOER Server Checking Authentication Server 1 Primary Doo O O Authentication Server 2 Secondary Optional Authentication Server 3 Optional Doo O O Optional LDAP Attribute 1 Optionat LDAP Attribute 2 Optional LDAP Attribute 3 Optional LDAP Attribute 4 opioa Second LDAP Base DN opioa Third LDAP Base DN ptionat Timeout e Range 1 999 Seconds Retries Range 5 9 First Administrator Account Optional Password Optional Second Adm
174. and WAN Co IPS Status 0 Save Cancel 5 13 Protecting from Internet Attacks Security gt Firewall gt Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the router unusable Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP scans TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources Additionally certain Denial of Service DoS attacks can be blocked These attacks if uninhibited can use up processing power and bandwidth and prevent regular network services from running normally ICMP packet flooding SYN traffic flooding and Echo storm thresholds can be configured to temporarily suspect traffic from the offending source 134 Unified Services Router User Manual Figure 80 Protecting the router and LAN from internet attacks rity Firewall Attack Checks his page allows you to specify whether or not to protect against common attacks from the LAN and WAN networks ttack Checks WAN Security Checks Stealth Mode Block TCP Flood LAN Security Checks Block UDP Flood EX EI C Je ICSA Settings Block ICMP Notification ET CE Block Fragmented Packets Block Multicast Packets Block Spoofed IP Packets DoS Attacks SYN Flood Detect Rate 128 Range 1 10000 max sec Echo Storm 15 Range 1 10000 Ping pkts sec ICMP Flood 100 Range 1 10000
175. ansmitting data over the opened outgoing or incoming port s Port triggering application rules are more flexible than static port forwarding that is an available option when configuring firewall rules This is because a port triggering rule does not have to reference a specific LAN IP or IP range As well ports are not left open when not in use thereby providing a level of security that port forwarding does not offer ex Port triggering is not appropriate for servers on the LAN since there is a dependency on the LAN device making an outgoing connection before incoming ports are opened Some applications require that when external devices connect to them they receive data on a specific port or range of ports in order to function properly The router must send all incoming data for that application only on the required port or range of ports The router has a list of common applications and games with corresponding outbound and inbound ports to open You can also specify a port triggering rule by defining the type of traffic TCP or UDP and the range of incoming and outgoing ports to open when enabled 125 Unified Services Router User Manual Figure 72 List of Available Application Rules showing 4 unique rules Security Security Firewall Dynamic Port Forwarding Q 6 Application Rules Rules Application Rules Status Rules Status The table lists all the available port triggering rules and allows several operations on the r
176. as broadcast enabled 93 Unified Services Router User Manual Figure 52 Virtual AP configuration Wireless General Access Points Q o The List of Available Access Points table lists the configured Access Points AP for this device From this summary list the status of each AP over all radios can be reviewed and AP parameter configuration settings can be accessed Access Points List Enabled api AutoTest Enabled defaultl No Turn off Add New Access Point Access Point Configuration re AP Name Profile Name default T Active Time WLAN Partition C save 94 Unified Services Router User Manual 255 Point Contiguration AP Name Profile Name default i Active Time Schedule Control Start Time Hour oOo Minute WLAN Partition a B8 Save A valuable power saving feature is the start and stop time control for this AP You can conserve on the radio power by disabling the AP when it is not in use For example on evenings and weekends if you know there are no wireless clients the start and stop time will enable disable the access point automatically Once the AP settings are configured you must enable the AP on the radio on the Wireless gt General gt Access Points page The status field changes to Enabled if the AP is available to accept wireless clients If the AP is configured to broadcast its SSID a profile parameter a green check mark indicating it is broadc
177. ask which allows the other OpenVPN clients to reach this network Figure 95 OpenVPN Remote Network OpenVPN Remote Network Configuration xX Common Name DH Remote Network 192 166 110 111 Subnet Mask 255 255 255 0 Save Common Name Common Name of the OpenVPN client certificate 154 Unified Services Router User Manual Remote Network Network address of the remote resource Subnet Mask Netmask of the remote resource 6 6 2 OpenVPN Authentication VPN gt Open VPN gt Authentication This page allows the user to upload required certificates and keys Figure 96 OpenVPN Authentication VPN OpenVPN Authentication Q Openvpn provides authentication using certificates This page allows you to upload required certificates and keys which are in pem format OpenVPN Authentication Trusted Certificate CA Certificate Certificate Status No Browse Certificate File Choose File No file chosen Upload Server Client Certificate Certificate Status No Browse Certificate File L Choose File No file chosen Upload Server Client Key Key Status No Browse Key File Choose File No file chosen Upload DH Key Key Status No Browse Key File Choose File No file chosen Upload Tls Authentication Key Key Status No Browse Key File Choose File No file chosen Upload Trusted Certificate CA Certificate Browse and upload the pem formatted CA Certificate Se
178. ast gt Interface The physical network interface on which OSPF v2 is Enabled Disabled Status This column displays the Enable Disable state of OSPFv2 for a particular interface Area The area to which the interface belongs Two routers having a common segment their interfaces have to belong to the same area on that segment The interfaces should belong to the same subnet and have similar mask Priority Helps to determine the OSPFv2 designated router for a network The router with the highest priority will be more eligible to become Designated Router Setting the value to 0 makes the router ineligible to become Designated Router The default value is 1 Lower value means higher priority HelloInterval The number of seconds for HelloInterval timer value Setting this value Hello packet will be sent every timer value seconds on the specified interface This value must be the same for all routers attached to a common network The default value is 10 seconds DeadInterval The number of seconds that a device s hello packets must not have been seen before its neighbors declare the OSPF router down This value must be the same for all routers attached to a common network The default value is 40 seconds OSPF requires these intervals to be exactly the same between two neighbors If any of these intervals are different these routers will not become neighbors on a particular segment Cost The cost of sending a packet on an OSPF v2 interface
179. asting will be shown in the List of Available Access points Unified Services Router User Manual Figure 53 List of configured access points Virtual APs shows one enabled access point on the radio broadcasting its SSID Wireless General Access Points o e The List of Available Access Points table lists the configured Access Points AP for this device From this summary list the status of each AP over all radios can be reviewed and AP parameter configuration settings can be accessed Access Points List Show entries Right click on record to get more options l as Enabled apl AutoTest Enabled default No Turn off Showing 1 to 1 of 1 entries First Previous 1 Next gt Last 3 Add New Access Point AP Name Profile Name default1 Active Time WLAN Partition Orr ave The clients connected to a particular AP can be viewed by using the Status Button on the List of Available Access Points Traffic statistics are shown for that individual AP as compared to the summary stats for each AP on the Statistics table Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link as well as the time connected to this particular AP Clicking the Details button next to the connected client will give the detailed send and receive traffic statistics for the wireless link between this AP and the client 96 Unified Services Router User Manual 4
180. asts its route table nor does it accept any RIP packets from other routers This effectively disables RIP e The RIP version is dependent on the RIP support of other routing devices in the LAN Disabled This is the setting when RIP is disabled RIP 1 is a class based routing version that does not include subnet information This is the most commonly supported version RIP 2 includes all the functionality of RIPv1 plus it supports subnet information Though the data is sent in RIP 2 format for both RIP 2B and RIP 2M the mode in which packets are sent is different RIP 2B broadcasts data in the entire subnet while RIP 2M sends data to multicast addresses If RIP 2B or RIP 2M is the selected version authentication between this router and other routers configured with the same RIP version is required MD5 authentication is used in a first second key exchange process The authentication key validity lifetimes are configurable to ensure that the routing information exchange is with current and supported routers detected on the LAN Static Routing Network gt Routing gt Static Routes Advanced gt IPv6 gt IPv6 Static Routing Manually adding static routes to this device allows you to define the path selection of traffic from one interface to another There is no communication between this router and other devices to account for 73 Unified Services Router User Manual changes in the path once configured the static route will be
181. ate table lists the self certificates currently loaded on the gateway The following information is displayed for each uploaded self certificate e Name The name you use to identify this certificate it is not displayed to IPsec VPN peers or SSL users e Subject Name This is the name that will be displayed as the owner of this certificate This should be your official registered or company name as Psec or SSL VPN peers are shown this field e Serial Number The serial number is maintained by the CA and used to identify this signed certificate e Issuer Name This is the CA name that issued signed this certificate e Expiry Time The date after which this signed certificate becomes invalid you should renew the certificate before it expires To request a self certificate to be signed by a CA you can generate a Certificate Signing Request from the gateway by entering identification parameters and passing it along to the CA for signing Once signed the CA s Trusted Certificate and signed certificate from the CA are uploaded to activate the self certificate validating the identity of this gateway The self certificate is then used in IPsec and SSL connections with peers to validate the gateway s authenticity 192 Unified Services Router User Manual Figure 125 Certificate summary for IPsec and HTTPS management VPN IPSec VPN Certificates Trusted Certificates x Trusted Certificates Active Self Certific
182. ates Self Certificate Requests Trusted Certificates or CA certificates are used to verify the validity of certificates signed by them When a certificate is generated it is signed by a trusted organization or authority called the Certificate Authority The table contains the certificates of each CA When a remote VPN gateway or client presents a digital certificate the authentication process verifies that the presented certificate is issued by one of the trusted authorities The Trusted CA certificates are used in this authentication process Trusted Certificates CA Certificate List No data available in table Upload New CA Certificate VPN IPSec VPN Certificates Active Self Certificates Trusted Certificates Active Self Certificates Self Certificate Requests This table lists the certificates issued to you by trusted Certification Authorities CAs and available for presentation to remote IKE servers The remote IKE server validates this router using these certificates For each certificate the following data is displayed Active Self Certificates List No data available in table Upload New Seif Certificate VPN IPSec VPN Certificates Self Certificate Requests Trusted Certificates Active Self Certificates Self Certificate Requests The Self Certificate Requests table displays a list of all the certificate requests made Self Certificate Requests Lis
183. ation failed Bad ioctl command WpsMod Failed to register interrupt handler registering char device failed unregistering char device failed S d ERROR non NULL node pointer in p Yp lt s gt S d ERROR non NULL node pointer in p Yp lt s gt can t alloc name s name s unable to register device dev gt name failed to automatically load module S WpsMod Failed to configure gpio pin Unable to load needed module s no support for Module s is not known buf Error loading module s buf 297 ath_dev_probe no memory for device User Manual ERROR ERROR Unified Services Router 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x 0x 08x Ox 08x 0x 08x Ox 08x 0x 08x 0x 08x 0x 08x sc_txa d tid p pause d tid tid gt paused d Yp j tid gt tx_buffj Yp buf axq_q s unable to reset hardware hal status u func _ status ASSERTION HIT MacAddr s TxBufldx d Tid d tidno AthBuf p tid gt tx_buffi S unable to reset hardware hal Status u S unable to reset hardware hal Status u s unable to start recv logic _fmt VA ARGS _ sample_pri d is a multiple of refori d sample_pri refpri ie filter Yod filterID d rf numpulses u rf gt rf_minpri u rf gt rf_maxpri u rf gt rf_threshold u rf gt rf_filterlen u rf gt rf_mindur u rf gt rf_maxdur u rf
184. ation is usually provided by your ISP or network administrator IPv4 WAN Settings WAN Setup Connection Type Dynamic IP DHCP Enable VLAN Tag Dynamic IP DHCP DNS Servers Domain Name System DNS Server Source Get Dynamically from ISP Use These DNS Servers MAC Address MAC Address Source Use Default MAC Clone your PC s MAC Use this MAC Port Setup MTU Size Default Custom Save Cancel ex The 3G USB Modem can be configured as dedicated WAN2 for DSR 500 and DSR 500N as well as dedicated WAN3 for DSR 1000 and DSR 1000N 85 Unified Services Router User Manual Chapter 4 Wireless Access Point Setup 4 1 This router has an integrated 802 11n radio that allows you to create an access point for wireless LAN clients The security encryption authentication options are grouped in a wireless Profile and each configured profile will be available for selection in the AP configuration menu The profile defines various parameters for the AP including the security between the wireless client and the AP and can be shared between multiple APs instances on the same device when needed Up to four unique wireless networks can be created by configuring multiple virtual APs Each such virtual AP appears as an independent AP unique SSID to supported clients in the environment but is actually running on the same physical radio integrated with this router You will need the following information to configu
185. avansasadubsmovaansuatinieabes teats 91 4 2 2 WPA or WPA2 with PSK oye satscsscssveseatandencinncsbsinbnead natosoas iegonetedapadcosnasanndaehunegoeadcoaes 92 4 3 Creating and Using Access Points ccc ccccsseccssssecesesseccessseecesseesesesseeeeseaaees 93 4 3 1 Primary benefits of Virtual APS oicscccceskscaviesestaxsudviues Wviscentuativavedassentosnawvtavaes 97 4 4 TUNING Radio Specific Settings ee cesecssteecssneecsseecsseecsseeeesseesseeeesseeeess 97 ASS WNIM te rn Pe R Cr Pg Tt ee re 98 4 6 Wireless distribution system WDS cc cccccccccssssscecceessseeeceeessseeeeeeesseeees 100 4 7 Advanced Wireless SettingS cccccccccssscccsssseccessseccessseceessseeeeessseeeesseeeeeaes 101 4 8 Wi Fi Protected Setup WPS J sensns aneri a 102 Securing the Private NetWOfKresirresu estimon a a E aR 105 5 1 Firewall Rule S snaue aeara A a E e a aie 105 52 Defining Rule Schedules on nnonnnnnnnnnsnnesssnnessseesssnressosessseressssessseresssnessseressseess 106 5 3 Configuring Firewall RUule S cccccccccssscccssseccsssseecessseeeesseescsseeeeeseseeceseaes 108 5 4 Configuring IPv6 Firewall RUI S ccc ccccscecceessecceesseeceesseeeeeesseeeeesseeeeeaes 113 5 4 1 Firewall Rule Configuration Examples cccccccccccessscccessseceeesseeceesseeeeeaes 115 5 5 Security ON CUSTOM SCIVIGCS siscc iiscccaeisecisi antes ioe einen geen eaten ele 119 5 6 ALG SUDDO eors tae Semtare erate teem CURe meas a eo i
186. ays Select Saturday and Sunday e In the scheduled time of day select all day this will apply the schedule between 12 am to 11 59 pm of the selected day e Click apply now schedule Weekend isolates all day Saturday and Sunday from the rest of the week 117 Unified Services Router User Manual Figure 65 Schedule configuration for the above example fr Security Firewall Schedules Q When you create a firewall rule you can specify a schedule when the rule applies The table lists all the Available Schedules for this device and allows several operations on the Schedules Schedules List Show 10 v entries Right click on record to get more options al A A A ov v R No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last D Fass new Scneauie Scheduled Days Do you want this schedule Al Days O Specific Days to be active on all days or specific days Scheduled Time of Day Do you want this schedule All Day Specific Times to be active all day or at specific times during the day Start Time HH MM AM PM 08 43 AM End Time HH MM AM PM 08 43 AM vr Save 2 Since we are trying to block HTTP requests it is a service with To Zone Insecure WANI WAN2 WANS3 that is to be blocked according to schedule Weekend 3 Select the Action to Block
187. be used only if your WAN is configured in Auto Rollover mode 144 Unified Services Router User Manual Figure 87 IPsec policy configuration continued Auto Manual Phase 2 Phase Auto Policy Parameters SA Lifetime Encryption Algorithm DES For NONE Jor 3DES lor AES 128 EN AES 192 i AES 256 OFF TWOFISH 128 OFF TWOFISH 192 or TWOFISH 256 i BLOWFISH OFF 7 CAST128 i Integrity Algorithm MDS a SHA 1 on ei ee f 1 payee f 1 Integrity Algorithm MDS jor SHA 1 EN SHA2 224 or SHA2 256 o TOR SHA2 384 OFF SHA2 512 oe PFS Key Group OFF Save 6 2 1 Extended Authentication XAUTH You can also configure extended authentication XAUTH Rather than configure a unique VPN policy for each user you can configure the VPN gateway router to authenticate users from a stored list of user accounts or with an external authentication server such as a RADIUS server With a user database user accounts created in the router are used to authenticate users With a configured RADIUS server the router connects to a RADIUS server and passes to it the credentials that it receives from the VPN client You can secure the connection between the router and the RADIUS server with the authentication protocol supported by the server PAP or CHAP For RADIUS PAP the router first checks in the user database to see if the user credentials are available if they are not the
188. by Schedule otherwise allow This will take a predefined schedule and make sure the rule is a blocking rule during the defined dates times All other times outside the schedule will not be affected by this firewall blocking rule 118 Unified Services Router User Manual 9 9 4 As we defined our schedule in schedule Weekend this is available in the dropdown menu 5 We want to block the IP range assigned to the marketing group Let s say they have IP 192 168 10 20 to 192 168 10 30 On the Source Users dropdown select Address Range and add this IP range as the From and To IP addresses 6 We want to block all HTTP traffic to any services going to the insecure zone The Destination Users dropdown should be any 7 We don t need to change default QoS priority or Logging unless desired clicking apply will add this firewall rule to the list of firewall rules 8 The last step is to enable this firewall rule Select the rule and click enable below the list to make sure the firewall rule is active Security on Custom Services Security gt Firewall gt Custom Services Custom services can be defined to add to the list of services available during firewall rule configuration While common services have known TCP UDP ICMP ports for traffic many custom or uncommon applications exist in the LAN or WAN In the custom service configuration menu you can define a range of ports and identify the traffic typ
189. by adding a alias to the port This is done by configuring IP Alias IP Aliasing List Show entries Right click on record to get more options l E No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last Al Fass new 1P Miasino 69 Unified Services Router User Manual Interface Sets the interface on which IP Alias is being configured IP Address Sets the IP address of the IP Alias Subnet Mask Sets the Subnet Mask of the IP Alias Click Save Settings to save your changes Click Don t Save Settings to revert to the previous settings Figure 38 IP Alias Configuration IP Aliasing Configuration Interface 2 WAN save List of IP Aliases The List of IP Aliases displays the configured IP Aliases on the router Interface Name The interface on which the Alias was configured IP Address The IP Address of the configured IP Alias Subnet Mask The Subnet Mask of the configured IP Alias Edit Opens the IP Alias configuration page to edit the selected IP Alias Add Opens the IP Alias configuration page to add a new IP Alias Delete Deletes the selected IP Aliases 70 Unified Services Router User Manual 3 5 3 5 1 Routing Configuration Routing between the LAN and WAN will impact the way this router handles traffic that is received on any of its physical interfaces The routing mode of the gateway is core to the behavior of the traffic
190. c entering your network selectively allowing only specific outside users to access specific local resources By default all access from the insecure WAN side are blocked from accessing the secure LAN except in response to requests from the LAN or DMZ To allow outside devices to access services on the secure LAN you must create an inbound firewall rule for each service If you want to allow incoming traffic you must make the router s WAN port IP address known to the public This is called exposing your host How you make your address known depends on how the WAN ports are configured for this router you may use the IP address if a static address is assigned to the WAN port or if your WAN address is dynamic a DDNS Dynamic DNS name can be used Outbound LAN DMZ to WAN rules restrict access to traffic leaving your network selectively allowing only specific local users to access specific outside resources The default outbound rule is to allow access from the secure zone LAN to either the public DMZ or insecure WAN On other hand the default outbound rule is to deny access from Unified Services Router User Manual DMZ to insecure WAN You can change this default behavior in the Firewall Settings gt Default Outbound Policy page When the default outbound policy is allow always you can to block hosts on the LAN from accessing internet services by creating an outbound firewall rule for each service Figure 59 List of Available Fir
191. cccccccccscscccuseccccesceceeesseeaes 115 Schedule configuration for the above example cece ccessscccessseceeesseeceesseeeeestseeeens 118 LIST OF USECl GETING OZSCLVICCS ho deanai aa ain ba Se at ge ts ee ees ee dase 120 Unified Services Router Figure 67 Figure 68 Figure 69 Figure 70 Figure 71 Figure 72 Figure 73 Figure 74 Figure 75 Figure 76 Figure 77 Figure 78 Figure 79 Figure 80 Figure 81 Figure 82 Figure 83 Figure 84 Figure 85 Figure 86 Figure 87 Figure 88 Figure 89 Figure 90 Figure 91 Figure 92 Figure 93 Figure 94 Figure 95 Figure 96 Figure 97 Figure 98 User Manual CUSTOM Services configuration c ce ececccccsessecesesseccessseeceseseccesseecesesseeeseaeeeeeseseeeeseaseeeees 120 Available ALG Support on the router ccc ccccccccssccccesseeceesssecceesseeeeesseeeeesseeeeesseeeens 122 Passthrough options for VPN tunnels ccc ccccssccceesssseecceeessseeceeesssseeeeeesssseeeeeensaeeees 123 List of Configured Firewall Rules for the BridQe ccccccccccesscceeesseeceessseeeesseseeesseees 124 Bridge Firewall Rule configuration 0 0 cceccccccesssssccceeessseeceeeessseeceeesssseeeeeessseeseeeessseeees 124 List of Available Application Rules showing 4 unique rules 00 0 cece ceeecceesseeeeenseees 126 Content Filtering used to block access to proxy servers and prevent ActiveX controls fr mi DEING COWNIOAGEG sssrinin ara AE E AANT ii 127 Two
192. ce and in some areas the RF output power may be limited to 10 mW EIRP in the frequency range of 2454 2483 5 MHz For detailed information the enduser should contact the national spectrum authority in France C 0560 309 Unified Services Router Cesky Czech Dansk Danish Deutsch German Eesti Estonian English Espanol Spanish EAAnVvIKn Greek Fran ais French Italiano Italian Latviski Latvian Lietuviy Lithuanian Nederlands Dutch Malt Maltese Magyar Hungarian Le Polski Polish User Manual D Link Corporation timto prohlaSuje Ze tento DSR 500N je ve shod se zakladnimi po adavky a dal mi prisluSnymi ustanoven mi sm rnice 1999 5 ES Undertegnede D Link Corporation erkl rer herved at f lgende udstyr DSR 500N overholder de v sentlige krav og vrige relevante krav i direktiv 1999 5 EF Hiermit erkl rt D Link Corporation dass sich das Ger t DSR 500N in bereinstimmung mit den grundlegenden Anforderungen und den brigen einschl gigen Bestimmungen der Richtlinie 1999 5 EG befindet K esolevaga kinnitab D Link Corporation seadme DSR 500N vastavust direktiivi 1999 5 EU pohinduetele ja nimetatud direktiivist tulenevatele teistele asjakohastele s tetele Hereby D Link Corporation declares that this DSR 500N is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC Por
193. ces Router User Manual 8 Maintenance 9 10 1 9 10 2 Maintenance Management Diagnostics System Check amp Operation Succeeded Network Tools Capture Packets System Check This page display the router s static and dynamic routes System Check Command Output Kernel IP routing table a Destination Gateway Genmask Flags Metric i Ref Use Iface 127 0 0 1 127 0 0 1 255 255 255 255 UGH 1 o 0 lo 192 168 10 0 0 0 0 0 255 255 255 0 U o 0 0 bdgl 192 168 10 0 192 168 10 1 255 255 255 0 UG 1 o 0 bdg1 127 0 0 0 0 0 0 0 255 0 0 0 U o 0 0 lo on RO 4 Ping This utility can be used to test connectivity between this router and another device on the network connected to this router Enter an IP address and click PING The command output will appear indicating the ICMP echo request status Trace Route This utility will display all the routers present between the destination IP address and this router Up to 30 hops intermediate routers between this router and the destination will be displayed 219 Unified Services Router User Manual Figure 149 Sample trace route output Operation Succeeded Capture Packets System Check router s static and dynamic routes Display IPv4 Table Kernel IP routing table Destination Gateway Genmesk Flags Metric Ref Use Iface 127 0 8 7 0 6 3 s465 0 lo 192 168 10 0 828 8 0 bdgl 192 168 10 0 0 bdgl 9 10 3 DNS Looku
194. check for Stealth Mode Enabling Firewall Rules for Load for tcp DEBUG Balancing DEBUG Enabling attack check for Stealth Mode Enabling Firewall Rules for Spill Over for udp DEBUG Load Balancing DEBUG Enabling Firewall Rules for Auto Enabling attack check for TCP Flood DEBUG Failover DEBUG Enabling attack check for UDP Flood DEBUG Deleting BlockSites Keyword DEBUG Enabling attack check for IPsec DEBUG Enabling BlockSites Keyword DEBUG Enabling attack check for PPTP DEBUG Disabling BlockSites Keyword DEBUG Enabling attack check for L2TP DEBUG Updating BlockSites Keyword from DEBUG Enabling attack check for UDP Flood DEBUG Inserting BlockSites Keyword DEBUG Enabling attack check for IPsec DEBUG Deleting Trusted Domain DEBUG Enabling attack check for PPTP DEBUG Adding Trusted Domain DEBUG Restarting Schedule Based Firewall Enabling attack check for L2TP DEBUG Rules DEBUG Enabling DoS attack check with d SyncFlood detect rate DEBUG Enabling Remote SNMP DEBUG Disabling DoS attack check having d SyncFlood detect rate DEBUG Disabling Remote SNMP DEBUG Enabling ICSA Notification Item for ICMP notification DEBUG Enabling Remote SNMP DEBUG Enabling ICSA Notification Item for Fragmented Packets DEBUG Disabling DOS Attacks DEBUG Enabling ICSA Notification Item for Multi cast Packets DEBUG Enabling DOS Attacks DEBUG Disabling ICSA Notification Item for ICMP notification
195. count Information ete This information is usually provided by your ISP or network administrator IPv4 WAN Settings WAN Setup Connection Type Russian dual access L2TP Enable VLAN Tag Russian LTP Address Mode Dynamic IP Static IP Server Address Secret fF O O Optional Split Tunnel C Reconnect Mode w Always On On Demand Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP Use These DNS Servers MAC Address MAC Address Source Use Default MAC Clone your PC s MAC Use this MAC Port Setup MTU Size Default Custom Port Speed Auto Sense T F cancel 55 Unified Services Router User Manual Network Network Internet WANI Settings oo This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses Account Information etc This information is usually provided by your ISP or network administrator IPv4 WAN Settings WAN Setup Connection Type Enable VLAN Tag Russian PPPoE Address Mode User Name Password Service Authentication Type Reconnect Mode Domain Name System DNS Servers DNS Server Source MAC Address MAC Address Source WAN Physical Setting Address Mode WAN Physical Setting Domain Name System DNS Server Source Port Setup MTU Size Port Speed Russian dual access PPPoE CE Dynamic IP Static IP Po Optiona
196. cription of the driver name Description This describes the type of language installation pack supported Installed All the language installation packs or option 3G Driver for ThreeG V 1 0 displayed in the list of device drivers are shown in Red color by default since none of them have been selected When a particular language installation pack or if Option Driver for ThreeG V 1 0 is selected then the button turns green in color Action It consists of 2 options e Install 1 0 Click on Install 1 0 to install a particular Language pack Remove To remove the installed language pack click on Remove Manual Install User can upload the provided driver package for installation Install History This displays the history of the language packs installed uninstalled previously along with the respective date and time to show when they were installed uninstalled Figure 129 Selection of Installed Language Maintenance This page shows the list of available languages Language Settings Oo Maintenance Administration Set Language Please install drivers for languages in packagemanager Save Cancel Once the language has been selected by the user from the list of Device Drivers the Set Language option under Tools menu will display the selected language The user must select the language from the drop down list of Set Language and save the settings so that this configuration is
197. ctions as a Dynamic Host Configuration Protocol DHCP server to the hosts on the WLAN or LAN network With DHCP PCs and other LAN devices can be assigned IP addresses as well as addresses for DNS servers Windows Internet Name Service WINS servers and the default gateway With the DHCP server enabled the router s IP address serves as the gateway address for LAN and WLAN clients The PCs in the LAN are assigned IP addresses from a pool of addresses specified in this procedure Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN For most applications the default DHCP and TCP IP settings are satisfactory If you want another PC on your network to be the DHCP server or if you are manually configuring the network settings of all of your PCs set the DHCP mode to none DHCP relay can be used to forward DHCP lease information from another LAN device that is the network s DHCP server this is particularly useful for wireless clients Instead of using a DNS server you can use a Windows Internet Naming Service WINS server A WINS server is the equivalent of a DNS server but uses the NetBIOS protocol to resolve hostnames The router includes the WINS server IP address in the DHCP configuration when acknowledging a DHCP request from a DHCP client You can also enable DNS proxy for the LAN When this is enabled the router then as a proxy for all DNS requests and communicates with the ISP s DNS servers When
198. d writing Chap secrets Pap Secrets pptpMgmtTbliHandler Serverlp s DEBUG failed Error in executing DB update pptopMgmtTbliHandler Staticlp s DEBUG handler pptoMgmtTblHandler NetMask s DEBUG unboundMgmt unable to open the pptoMgmtTblHandler MppeEncryptSupport s DEBUG Can t kill pptod pptoMgmtTblHandler SplitTunnel s DEBUG ppipd restart failed pptpEnable ppp dial string s DEBUG Can t kill pptod pptpEnable soawning command s DEBUG failed to get field value PID File for dhcpc found DEBUG failed to get field value DEBUG unboundMgmt unable to open the pid d pptpMgmtDBUpdateHandler query string s DEBUG writing options pptpd failed pptoMgmtDBUpdateHandler returning with status s DEBUG pptpdStop failed dhcpcReleaseLease dhcpc release command s DEBUG writing pptod conf failed dhcpcMgmtTblHandler MtuFlag d DEBUG writing options pptpd failed dhcpcMgmtTblHandler Mtu d DEBUG pptpdStop failed DHCPv6 Server started successfully DEBUG pptpdStart failed writing Chap secrets Pap Secrets DHCPv6 Server stopped successfully DEBUG failed Error in executing DB update DHCPv 6 Client started successfully DEBUG handler 251 DEBUG sqlite3QueryResGet failed Query s DEBUG sqlite3QueryResGet failed Query s User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR cei a ERROR ERROR ERR
199. d hard Hard Soft Failed to set AES encrypt key DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG pe DEBUG DEBUG DEBUG S driver unloaded dev_info wlan s backend registered be gt iab name wlan s backend unregistered wlan s acl policy registered iac gt lac_name wlan s acl policy unregistered iac gt lac_name S S dev_info version driver unloaded dev_info s dev_info ath_hal_version driver unloaded dev_ info S YS Mem O0x lx irq d S S dev_info version s driver unloaded dev_info ath_pci switching rfkill capability s Unknown autocreate mode s Ys mem 0x lx irq d s dev_info version driver unloaded dev _info s dev_info version unloaded dev_info s dev_info version unloaded dev_info s dev_info version S unloaded dev_info failed to create procfs entry ICMP u u u u ICMP u u u u Source Wrong address mask uU U U uU from Redirect from u u u u on s about IP routing cache hash table of u buckets ldKbytes source route option u u u u gt Pu U U U ICMP u u u u ICMP u u u u Source Wrong address mask u U U U from 288 User Manual Unified Services Router Failed to set AES encrypt key DEBUG Failed to set AES encrypt key DEBUG Failed to set AES encrypt key DEBUG Fail
200. d clients that have been given this PSK can associate with this AP The default auto assigned PSK is passphrase The last step in the Wizard is to click the Connect button which confirms the settings and enables this AP to broadcast its availability in the LAN Add Wireless Device with WPS With WPS enabled on your router the selected access point allows supported WPS clients to join the network very easily When the Auto option for connecting a wireless device is chose you will be presented with two common WPS setup options e Personal Identification Number PIN The wireless device that supports WPS may have an alphanumeric PIN and if entered in this field the AP will establish a link to the client Click Connect to complete setup and connect to the client 89 Unified Services Router User Manual e Push Button Configuration PBC for wireless devices that support PBC press and hold down on this button and within 2 minutes click the PBC connect button The AP will detect the wireless device and establish a link to the client ex You need to enable at least one AP with WPA WPA2 security and also enable WPS in the Advanced gt Wireless Settings gt WPS page to use the WPS wizard 4 1 3 Manual Wireless Network Setup 4 2 This button on the Wizard page will link to the Setup gt Wireless Settings gt Access Points page The manual options allow you to create new APs or modify the parameters of APs created by the Wiza
201. d in GUI event viewer cece ccccccesteceeesseeeessseeeeeseeeeeeseeeeesseeeeesaes 212 Restoring configuration from a saved file will result in the current configuration being OVEIWIHTLGI and aA FED OO anai caakvas laninestedinhuas eases A 213 Firmware version information And upgrade option cceceeccceessecceesseecessseeeeesseeeeees 215 Firmware upgrade and configuration restore backup via USB eeeeeceeseeeees 216 Dynamic DNS COMIGUIAUON siete aie eats 217 Router diagnostics tools available in the GUI ou cc ccccsssececesessseeeeeesssseeeeeessaes 218 Sample trace route OULD UT sc picecact pact cosdyas Searaten teedgustdedvbiee tanddnatdaaretandeedanai avbiaabenndeaigeareeenicds 220 POG ANIZ AQUIOINS cin ease sve acnas ceiceseeaainatan O toad v cued entuad assum O A 221 Device Status GISDIAY renscbanirai ia Ea A arian chert 223 Device St t s display Continued assire iina ai A TAE 225 Resource Utilization statistics cctss 011342 onenencuannt laddiveidacnanchs Meoseatmcsotehsadwadst lacuna deneseniecwatubbens 226 Resource Utilization data continued 0 0 0 eee cccessecceeseceeseseecessssesesesseeeesssaeeessseeeeees 226 Resource Utilization data continued 0 0 0 eee cccessecceeseecessseccseseeeesssseecesssseeessaeeeees 226 PAVSICAl OOM STAUSIICS cc neeiia chest acl AE E A 227 AP SDCCINIG SIAUSHCS 54 2 cies Gotu a E sd ates ees Bee 228 List of current Active Firewall SESSIONS cccccsesccceeseeeseeeeesneeessseeensseeesssee
202. database Whenever DHCP server receives a request from client hardware address of that client is compared with the hardware address list present in the database if an IP address is already assigned to that computer or device in the database the customized IP address is configured otherwise an IP address is assigned to the client automatically from the DHCP pool Computer Name The user defined name for the LAN host IP Addresses The LAN IP address of a host that is reserved by the DHCP server MAC Addresses The MAC address that will be assigned the reserved IP address when it is on the LAN Associate with IP MAC Binding When the user enables this option the Computer Name IP and MAC addresses are associated with the IP MAC binding The actions that can be taken on list of reserved IP addresses are Select Selects all the reserved IP addresses in the list Edit Opens the LAN DHCP Reserved IP Configuration page to edit the selected binding rule Delete Deletes the selected IP address reservation s Add Opens the LAN DHCP Reserved IP Configuration page to add a new binding rule 17 Unified Services Router User Manual Figure 3 LAN DHCP Reserved IPs Network Network LAN LAN DHCP Reserved IPs 8 fe LAN DHCP Reserved IPs List Show entries Right click on record to get more options a Mo data available in table Showing 0 to 0 of 0 entries 4 First Previous Next b Last
203. derneath will define which users require authentication for HTTP access and when a matching user request is made the DSR will intercept the request and prompt for a username 36 Unified Services Router User Manual password The login credentials are compared against the Runtime Authentication users in user database prior to granting HTTP access WA DSR 150 150N 250 250N does not have support for the Captive Portal feature xW Captive Portal is available for LAN users only and not for DMZ hosts Status gt Network Information gt CaptivePortal Sessions The active run time internet sessions through the router s firewall are listed in the below table These users are present in the local or external user database and have had their login credentials approved for internet access A Disconnect button allows the DSR admin to selectively drop an authenticated user The Block MAC button will result in the selected client being added to the blocked list and the current and future sessions from this client will be prevented Figure 15 Active Runtime sessions Status Status Network Information CaptivePortal Sessions a Use this page to monitor the runtime authentication sessions that are active on your router Captive Portal Sessions List Show entries Right click on record to get more options a No data available in table Showing 0 to 0 of 0 entries First Previous Next p Last 3 2 5
204. descripotrs d error failed to allocate UAPSD descripotrs d error hal qnum u out of range max u HAL AC u out of range max zu HAL AC u out of range max zu s unable to update hardware queue ul Multicast Q p buf buf flags Ox 08x gt bf_flags buf status Ox 08x buf gt bf_status frames in aggr d length of aggregate d length of frame d sequence number d tidno d isdata d isaggr d isampdu d ht d isretried d isxretried d shpreamble d isbar d ispspoll d aggrburst d calcairtime d qosnulleosp d Yp 0X 08x Ox 08xX Ox 08x 0x 08x Ox 08x 0x 08x 0x 08x 0x 08x Ox 08x 0x 08x DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG pe DEBUG DEBUG DEBUG DEBUG DEBUG device name s not found pRea gt ifName unable to register KIFDEV to UMI ERROR s Timeout at page 0x addr 0x ERROR s Timeout at page 0x addr 0x Invalid IOCTL 08x cmd s unable to register device dev gt name ath_pci 32 bit DMA not available ath_pci cannot reserve PCI memory region ath_pci cannot remap PCI memory region ath_pci no memory for device state s unable to register device dev gt name state S no memory for device state _ func kernel MIBCTL registr
205. disabled all DHCP clients receive the DNS IP addresses of the ISP To configure LAN Connectivity please follow the steps below 1 Inthe LAN Setup page enter the following information for your router e IP address factory default 192 168 10 1 Unified Services Router User Manual ex If you change the IP address and click Save Settings the GUI will not respond Open a new connection to the new IP address and log in again Be sure the LAN host the machine used to manage the router has obtained IP address from newly assigned pool or has a static IP address in the router s LAN subnet before accessing the router via changed IP address 2 3 Subnet mask factory default 255 255 255 0 In the DHCP section select the DHCP mode None the router s DHCP server is disabled for the LAN DHCP Server With this option the router assigns an IP address within the specified range plus additional specified information to any LAN device that requests DHCP served addresses DHCP Relay With this option enabled DHCP clients on the LAN can receive IP address leases and corresponding information from a DHCP server on a different subnet Specify the Relay Gateway and when LAN clients make a DHCP request it will be passed along to the server accessible via the Relay Gateway IP address If DHCP is being enabled enter the following DHCP server parameters Starting and Ending IP Addresses Enter the first and last continuous address
206. e murder sabotage bombing etc e Personal Beliefs Cults Sites about religion places of worship religious groups and occultism 131 Unified Services Router User Manual e Politics Sites about politics elections and legislation and sites that promote a politician or political party e Sports Sites about sports teams fan clubs and generally about all kinds of sports e www Email Sites Websites that allow users to send and or receive email through a web accessible email account 5 11 IP MAC Binding Network gt LAN gt LAN DHCP Reserved IPs Another available security measure is to only allow outbound traffic from the LAN to WAN when the LAN node has an IP address matching the MAC address bound to it This is IP MAC Binding and by enforcing the gateway to validate the source traffic s IP address with the unique MAC Address of the configured LAN node the administrator can ensure traffic from that IP address is not spoofed In the event of a violation i e the traffic s source IP address doesn t match up with the expected MAC address having the same IP address the packets will be dropped and can be logged for diagnosis Figure 78 The following example binds a LAN host s MAC Address to an IP address served by DSR If there is an IP MAC Binding 132 Unified Services Router User Manual violation the violating packet will be dropped and logs will be captured Network Network LAN LAN
207. e TCP UDP ICMP for this service Once defined the new service will appear in the services list of the firewall rules configuration menu 119 Unified Services Router User Manual Figure 66 List of user defined services ry Securi Firewall Custom Services i Q When you create a firewall rule you can specify a service that is controlled by the rule Common types of services are available for selection and you can create your own custom services This page allows creation of custom services against which firewall rules can be defined Once defined the new service will appear in the List of Available Custom Services table Custom Services List Show entries Right click on record to get more options 9 No data available in table Showing 0 to 0 of 0 entries J First Previous Next gt Last gt Add New Custom Service Figure 67 Custom Services configuration Type TCP T Port Type Port Range O Multiple Ports Start Port Ranee 0 65535 Finish Port Range 0 65535 Save Created services are available as options for firewall rule configuration Name Name of the service for identification and management purposes Type The layer 3 Protocol that the service uses TCP UDP BOTH ICMP or ICMP v6 Port Type This fields allows to select Port Range or Multiple Ports ICMP Type This field is enabled when the layer 3 protocol in the Type field is selected as ICMP or ICM
208. e 26 Russia Dual access PPPOE configuration ccc ececcceseseceeseeeeeneeeesneeenseeessseeensseeensaeeens 53 PIGUIG 27 IRV WAN S6100 Dage amean a a A ENA 57 Figure 28 Connection Status information for both WAN pol ts cccccescccsseccesseeeesseeeesseeeetseeens 59 PIQUE 29 Enabling VLAN OM WAN exitehcaiestencaitascencande catia nin naaa aasa ai arat aniis 60 Figure 30 List of Configured Bandwidth Profiles ccc ceccccsssscessseeeseseeeseneeeeseeeeseeeeseeeseneeessneeens 61 Figure 31 Bandwidth Profile Configuration ccc cccccccscccessccesseccessecceeseecesseecesseecesseecesseecesseeeesseeens 62 Figure 32 Traffic Selector Configuration 0 0 0 icc ccesecceessccesseccesseecesseecesseeceeseecesseecesseeeesaeecetseeeetseeens 63 Figure 33 Bridge Bandwidth Profile Configuration ccc ccccccescccesseeseseeessseeeeseeeseeeenseesessseeesteeeens 65 Figure 34 Bridge Traffic Selector COnfiQuration c cc ccccccsccccsscccesseccesseceesseecesseecesseecesseecesseeeesseeens 65 Unified Services Router Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Figure 51 Figure 52 Figure 53 Figure 54 Figure 55 Figure 56 Figure 57 Figure 58 Figure 59 Figure 60 Figure 61 Figure 62 Figure 63 Figure 64 Figure 65 Figure 66 User Manual Load Balancin
209. e 47 WAN3 configuration for 3G internet Network Network Internet WANS Settings o a ne This page allows user to configure the ISP settings to enable this router to connect to a 3Ginternet please check the USB card status on Status System Information gt USE Status page Rollover WAN Settings Rollover WAN 3G Internet Reconnect Mode Always On O On Demand 3G Internet Connection Type User Name Optional Password i Optional Dial In Number Authentication Protocol APN Required on APH wWap isp com Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP O Use These DNS Servers Port Setup l l MTU Size Default Custom Save Cancel Cellular 3G internet access is available on WAN3 via a 3G USB modem for DSR 1000 and DSR 1000N The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish a connection The dial Number and APN are specific to the cellular carriers Once the connection type settings are configured and saved navigate to the WAN status page Network gt Internet gt WAN Settings and Enable the WAN3 link to establish the 3G connection XW The 3G USB modem can be configured as the third WAN in DSR 1000 and DSR 1000N 83 Unified Services Router User Manual 3 8 WAN Port Settings Network gt Internet gt WANI Settings The physical port settings for each WAN link can be defined here If your ISP account de
210. e 74 Two trusted domains added to the Approved URLs List Security Web Content Filter Static Filtering Approved URL Static Filtering Approved URL Blocked Keywords This page displays the approved URLs The list of websites here are always allowed to be accessed and have higher priority than any configured firewall rules or blocked keywords Approved URLs List Show entries Right click on record to get more options 9 j No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last upload URLS List om Fie Approved URLs Contiguration LX URL www dlink com Save 5 10 3 Blocked Keywords Security gt Web Content Filter gt Static Filtering gt Blocked Keywords Keyword blocking allows you to block all website URL s or site content that contains the keywords in the configured list This is lower priority than the Approved URL List i e if the blocked keyword is present in a site allowed by a Trusted Domain in the Approved URL List then access to that site will be allowed Import export from a text or CSV file for keyword blocking is also supported 128 Unified Services Router User Manual Figure 75 One keyword added to the block list Security Web Content Filter Static Filtering Blocked Keywords Operation Succeeded Static Filtering Approved URL Blocked Keywords You can block access to websites by entering
211. e CE ee 121 5 7 VPN Passthrough for Firewall ccc cccccssssccccesssseeceeesseeeceeessseeeceeesseseeeeens 122 5 8 Bridge Mode Firewall vcsiscti saree hic ea ttait aateat ats ahi el cacti on akc testie aatinioiasa 123 5 9 PDDICA ION RUES osiin a a a a ea 125 5 10 We bContent FINGHING cxiesscncessatd cnssntnareadeAtiandaseusssenidasaceaeumeedelsoucdtaveencsantetesaapaeds 126 5 10 1 Static Content Filtering iii cn cadeszoc Sunt ialccdasdennaned cxatadereedones enbaacendsananchstadscentackoassisln 127 DTZ ADDIOV EG URES kaiene esgan eeo peon saisdiesseananed suas devsachonsibets 127 D Oise Bl cked KeyWords ccscecnanchsrcdieusecuauut nbaddastsieaned exhaddeseudsonss bnini orania 128 D 104 Export Web FME a aessrsoriciesresintors taladdestsseaned exhaddeneesionss bininin oratia 129 D TOS DV MAING WO F aeien o E rO 130 Sl IEMA Binding i siasesaip a a A A 132 5 12 Intrusion Prevention IP Sansi A 133 5 13 Protecting from Internet Attacks 00 0 0 ccccsseccseseceessseecesessesesssseeeessseeeesnes 134 5 14 IGMP Proxy to manage multicast traffic ccc cccescceeeseeeeeesseeeeeseeeeeaes 136 IPSeG PRI EZR VPN ora ia eat eo aes 137 6 1 VPN VIZ ae tacaes va secaucos a E ag deceoaacuen Gul edueran unseohsasuoros 138 6 2 Configuring IPsec Policies wc cicccscesscdeieesctccsstseiielassbacaerssstessensnesdesveacdenavesbdenat onduers 141 6 2 1 Extended Authentication XAUTH ssessssssssssesssssressssrssssresssressseresserressseesss 145 6 2 2
212. eboots automatically with the restored settings 4 Toerase your current settings and revert to factory default settings click the Default button The router will then restore configuration settings to factory defaults and will reboot automatically See Appendix B for the factory default parameters for the router Figure 144 Restoring configuration from a saved file will result in the current configuration being overwritten and a reboot or Maintenance Maintenance Firmware amp Config Backup Restore 7 Q H Backup Restore Restore Backup Settings Settings This page allows user to do configuration related operations which includes backup and restore Backup Restore Download Debug Logs Config File Backup Save to System PC Save to USB Port 1 Restore Config File from System PC Browse Saved Configurations Choose File No file chosen Restore Restore Config File from USB USB Device Status disconnected Select File Fi The configuration file can be encrypted during the backup process by enabling encryption This will ensure confidential information like system username passwords are not available for view by unauthorized sources Selecting this option will apply to configuration files backed up on the host as well as a USB drive 213 Unified Services Router User Manual 9 6 9 7 Generating DBGLOGs Tools gt System This page also allows you to download and automate the d
213. ebug log a k a dbglog package agrouping of system status statistics and support logs that are useful for D Link support to diagnose router issues Clicking the download link for the debug logs will result in the package being saved on the host machine used to manage this router This package a compressed archive can then be sent to D Link support for evauation Upgrading Router Firmware Maintenance gt Firmware amp config gt Firmware upgrade gt Using System PC You can upgrade to a newer software version from the Administration web page In the Firmware Upgrade section to upgrade your firmware click Browse locate and select the firmware image on your host and click Upgrade After the new firmware image is validated the new image is written to flash and the router is automatically rebooted with the new firmware The Firmware Information and also the Status gt Device Info gt Device Status page will reflect the new firmware version ec IMPORTANT During firmware upgrade do NOT try to go online turn off the DSR shut down the PC or interrupt the process in anyway until the operation is complete This should take only a minute or so including the reboot process Interrupting the upgrade process at specific points when the flash is being written to may corrupt the flash memory and render the router unusable without a low level process of restoring the flash firmware not through the web GUI 214 Unified Serv
214. ed Services Router User Manual VPN L2TP VPN Server Q 2 L2TP allows an external user to connect to your router through the internet forming a VPN This section allows you to enable disable L2TP server and define a range of IP addresses for clients connecting to your router The connected clients can function as if they are on your LAN they can communicate with LAN hosts access any servers present etc L2TP Server Server Setup Enable L2TP Server Enable IPv6 v L2TP Routing Mode Nat Classical Range of IP Addresses Allocated to L2TP Clients Starting IP Address Ending IP Address IPv6 Prefix IPv6 Prefix IPv6 Prefix Length Authentication Database Authentication Local User Database v Authentication Supported PAP CHAP MS CHAP C E CE CE MS CHAPv2 C en CE e Encryption Secret Key User Time out Idle TimeOut Range 300 1800 Seconds Save Cancel VPN gt L2TP VPN gt Client A L2TP VPN Client can be configured on this router Using this client we can access remote network which are local to the L2TP server Once the client is enabled the user can access Status gt Active VPN page and establish L2TP VPN tunnel clicking Connect To disconnect the tunnel click Drop A L2TP VPN can be established through this router Once enabled a L2TP server is available on the router for LAN and WAN L2TP client users to access Once the L2TP server is enabled L2TP clients that are configur
215. ed resources added via OpenVPN client routes through the tunnel Full Tunnel is the default Enable Client to Client communication Enable this to allow OpenVPN clients to communicate with each other in split tunnel case Disabled by default Upload Access Server Client Configuration The user has to download the auto login profile and upload here to connect this router to the OpenVPN Access Server Certificates Select the set of certificates OpenVPN server uses First Row Set of certificates and keys the server uses Second Row Set of certificates and keys newly uploaded Enable TLS Authentication Key Enabling this adds TLS authentication which adds an additional layer of authentication Can be checked only when the TLS key is uploaded Disabled by default Click Save Settings to save the settings 153 Unified Services Router User Manual Figure 94 OpenVPN configuration OpenVPN Settings OpenVPN on Mode Server I Client D Access Server Client VPN Network 128 10 0 0 VPN Netmask 255 255 0 0 Port Default 1194 Range 1024 65535 Tunnel Protocol O TCP UDP Encryption Algorithm BF CBC v Hash Algorithm SHA1 Y Tunnel Type Full Tunnel Split Tunnel Certificates Enable Tls Authentication Key Enable Tls Authentication Key Disabled Save Cancel 6 6 1 OpenVPN Remote Network VPN gt Open VPN gt Remote Networks This page allows the user to add edit a remote network and netm
216. ed to set DES encrypt key q i DEBUG Failed to set DES decrypt key d DEBUG Failed to set DES encrypt key d i DEBUG Failed to set DES decrypt key d i DEBUG Failed to set DES encrypt key DEBUG Failed to set DES decrypt key DEBUG Failed to set DES encrypt key DEBUG Failed to set DES decrypt key DEBUG AES Software Test DEBUG AES Software Test s aesSoftTest 0 Failed Passed DEBUG AES Hardware Test DEBUG AES Hardware Test s aesHardTest 0 Failed Passed DEBUG 3DES Software Test DEBUG 3DES Software Test s des3SoftTest 0 Failed Passed DEBUG 3DES Hardware Test DEBUG 3DES Hardware Test s des3HardTest 0 Failed Passed DEBUG DES Software Test DEBUG DES Software Test s desSoftTest 0 Failed Passed DEBUG DES Hardware Test DEBUG DES Hardware Test s desHardTest 0 Failed Passed DEBUG SHA Software Test DEBUG SHA Software Test s shaSoftTest 0 Failed Passed DEBUG SHA Hardware Test DEBUG SHA Hardware Test s shaHardTest 0 Failed Passed DEBUG MD5 Software Test DEBUG MD5 Software Test s md5SoftTest 0 Failed Passed DEBUG MD5 Hardware Test DEBUG Redirect from u u uU U on S about IP routing cache hash table of u buckets ldKbytes source route option u u u uU gt VU U U U Wrong address mask u U U U from Redirect from u u u uU on s about source route option ICMP u u u u ICMP u u u u Source Wrong address mask
217. ed with the remote L2TP network server range IP address and Netmask can reach an endpoint router s L2TP 150 Unified Services Router User Manual server Once authenticated by the L2TP server the tunnel endpoint L2TP clients have access to the local network managed by the router Figure 92 L2TP tunnel configuration L2TP Client CES VPN a VPN L2TP VPN Client L2TP VPN Client can be configured on this router Using this client we can access remote network which is local to L2TP server L2TP Client Client EN Server IP 0 0 0 0 Remote Network 0 0 0 0 Remote Netmask fo Ss Range 0 32 Username dlink Password gt ae Reconnect Mode Always On On Demand Enable MPPE Ten Auto Dial o Save Cancel 6 5 GRE Tunnel Support VPN gt GRE gt GRE Tunnels GRE tunnels allow for broadcast traffic on the LAN of the router to be passed over the internet and received by remote LAN hosts This is primarily useful in the D Link Discovery Protocol DDP application where broadcast traffic from one LAN host is to be received by all LAN hosts in the local subnets of the GRE endpoints XW Note the following limits for the number of supported GRE tunnels per product x DSR 150 150N 5 e amp DSR 250 250N 10 e amp DSR 500 500N 15 151 Unified Services Router User Manual x DSR 1000 1000N 20 There are two simple steps involved in establishing a GRE tunnel on the router
218. eeeesees 165 Figure 105 User Configuration Options cccsssccssssscssssecsstecsescecssssecsssescssseecseeeecseeeecnsneeeseneessnees 166 Figure 106 Import a CSV file with multiple users to the User Database cece cceseeeeneees 167 Figure 107 List of SSL VPN polices Global filter 00 00 ccccscccessseceeesseeecessseeeessseeeeesseeeeesaes 168 Figure 108 SSL VPN policy configurato Misca a E EE 169 Figure 109 List of configured resources which are available to assign to SSL VPN policies 171 Figure 110 List of Available Applications for SSL Port Forwarding cccccccssscceeesseceeesseeeeeeaes 173 Figure 111 SSL VPN client adapter and access configuration sessseeseseseseseessseseseserssresseesseesee 175 Figure 112 Configured client routes only apply in split tunnel mode eee cceeseceeesseeeeeeees 176 Figure 113 Figure 114 Figure 115 Figure 116 Figure 117 Figure 118 Figure 119 Figure 120 Figure 121 Figure 122 Figure 123 Figure 124 Figure 125 Figure 126 Figure 127 Figure 128 Figure 129 Figure 130 Figure 131 Figure 132 List of configured SSL VPN portals The configured portal can then be associated with an authentication COMAIN eee eecccccesccssneeeeseeeeeseeeeseeessseeeeeseeceeeeeseaeeeneseeenenesensaees 177 SSL VPN Portal configuration ist jee cnsdyat Sears tcodgustoedsbiee tansdnat aarstanteadanai whee benndeaiaeareentee 179 USB Device DELS
219. eeeessseeeesseesessseeseesaeees 32 2 4 Universal PING ang Play CUIPIIP coscscastansassccestaswamrtuisnuean mack eoeaareutraseaeaen 35 2 5 ADIN G Fornal sisemi arenu nda haces ae cn eet 36 Zon Capive POlMal SGU tcc dsatevde aaharieeidn a iakades 37 292 Captives Portals na VEAN seraa a onsale teen earl nto 41 Connecting to the Internet WAN Setup 0 0 cee eccsscccesseccesesseceeesseeeeesseeeeessseeeeeseees 43 3 1 Internet Setup VV IZ AN cc tases te areten txatan tise hea sansdeas soanenah scmbep ee iAiah ycensual ease teeads 43 3 2 ATAU Gia 11 6 0 1d e 9 emereene er eeneesne seems ie Nee Hk even wean ent Re emer Met on mnnIt Srarer en ae ee 46 Ovid WVAINUPOMMI addres S ccviusancsu ian E E 8 Goes nc eee 47 322 WAN DNS SENGS eere ee a e E i 47 323 BAOF WAN e r a a N 48 SA al oc saer E EN 48 32o RUSSA EZ TP ana PPTA WAN ceea a e E E TA 51 320 R SSaD alACGCesSs PPPOE ceee a E N 52 3 2 7 WAN Configuration in an IPV6 Network ccc ccceccecesceceeseeeeeseeeeseeesseeessseeenaes 56 328 GHECKING WAN Old S rasina T A A 58 Bee VEANON WAN rasia OOE aden la cee ead eran etapa eetan eaten 59 3 3 Bandwidth COMTOIS x cecsnssheretccteisseciescctctsoasceneheelasiiudacaseadhotab AE Gatcieaseeli ce 60 3 3 1 Bandwidth Controls in Bridge MOde ccccccccccesseceeesseceeeseecessseeeeeesseeeseseees 63 3 4 Features with Multiple WAN LINKS ccc cc ccccescccceesssceceeeessseeceeessseeeceeesseeeees 66 SAT AUTO FAN OV Cle seei e a a aaea
220. eeseeesseeeeeeeesseeenseeeens 30 Figure 11 Multiple VLAN Subnets ssa scaresattnctrerecicsheitnarinaraadenciQncuhtucdestaWensssaduvesanstdeacaalaebastadteadsAbeceles 31 Figure 122 VEAN CONIU ON sia a N 32 Roure os DMZ coniguratoNnarse ana T e etc 34 Figure 14 UPMP CONNGUrA UOI soiis r N E E 36 Figure 152 Active Runtime Session nua tanren n a a a a E 37 Figure 16 Captive Portal Protile List xiissc eee Bk eel eet UR es 38 Figure 17 Customized Captive Portal Setup c cc ccccsscccsesseceesseeeessseeeeseseecesseecesessesesesseeeeseaaees 39 Figure 18 Blocking specific clients by their MAC AddreSS ec cccccceseceeeseeeeneeensneeeeseeenseeesseeeens 41 Figure 19 VLAN based configuration of Captive Portals c ccc ccescccccssseceeesseeceeseeeeeesseseseseees 42 Figure 20 Internet Connection Setup Wizard 2 0 0 eee cccccccesceseneeeeeeeeseneeeseseeessseeessneeenseeeesseeeensaeeens 44 Figure 21 Manual WAN COnfigQuration ccccccccssccessceeeseeesseeeseeecesseeeseseeessseeeseneeeneseeensaeeeseneeensneeens 48 Figure 22 PPPoE configuration for standard ISPS 0 ccc ceccccceseecseneceeeneeeseeeeesseeeesseeensneeensseeesseeeens 49 Figure 23 WAN configuration for Japanese Multiple PPPOE part 1 00essssssoenessssesssssesesssssesesssssn 50 Figure 24 WAN configuration for Japanese Multiple PPPoE part 2 its in figure 22 itself 51 Figure 25 Russia L2TP ISP conig ratlON naonin a Se ee eee cei 52 Figur
221. elect add printer or click on Add printer present at the left menu Select the Network Printer radio button and click next select device isn t listed in case of Windows7 Select the Connect to printer using URL radio button Select a shared printer by name in case of Windows 7 and give the following URL http lt Router s LAN IP address gt 63 1 printers lt Model Name gt Model Name can be found in the USB status page of router s GUI Click next and select the appropriate driver from the displayed list Click on next and finish to complete adding the printer 180 Unified Services Router User Manual Figure 115 USB Device Detection Status Status System Information USB Status i Q j e This page displays information about the USB devices connected to the USB port s This page will update dynamically to show the status of the USB devices connected to the router USB s Status Status disconnected Vendor NA Model NA Type NA Mount Status NA Status Status System Information Device System Q Q System LAN Dedicated WAN Rollover WAN Wireless All of your Internet and network connection details are displayed on the Device Status page The firmware version and hardware serial number is also displayed here System Information General System Name DSR 250N Firmware Version 2 00_WW Hardware Version Al Serial Number QBDT123456789 8 2 USB
222. ements are analogous to IPv4 DHCP assignments for LAN clients With this the router will perform stateless auto configuration of LAN nodes by assigning an IP address and supporting network information to devices that are configured to accept such details By configuring the Router Advertisement Daemon on this router the device will listen on the LAN for router solicitations and respond to these LAN hosts with router advertisements Router Advertisement Router Advertisement Daemon Setup Status ON au Advertise Mode Unsolicited Multicast O Unicast Only Advertise Interval 30 Range 10 1800 RA Flags Managed C Te Other oN Router Preference O Low O Medium High MTU Range 1280 1500 Router Lifetime Seconds Advertisement Prefixes Network gt IPv6 gt LAN Settings gt Advertisement Prefixes The router advertisements configured with advertisement prefixes allow this router to inform hosts how to perform stateless address auto configuration Router advertisements contain a list of subnet prefixes that allow the router to determine neighbors and whether the host is on the same link as the router The following prefix options are available for the router advertisements e IPv6 Prefix Type To ensure hosts support IPv6 to IPv4 tunnel select the 6to4 prefix type Selecting Global Local ISATAP will allow the nodes to support all other IPv6 routing options e SLA ID The SLA ID Site Level Aggregation Identifier is available
223. enska Swedish D Link Corporation declara que este DSR 1000N esta conforme com os requisitos essenciais e outras disposi es da Directiva 1999 5 CE D Link Corporation izjavlja da je ta DSR 1000N v skladu z bistvenimi zahtevami in ostalimi relevantnimi dolo ili direktive 1999 5 ES D Link Corporation t mto vyhlasuje e DSR 1000N sp a z kladn po iadavky a v etky pr slu n ustanovenia Smernice 1999 5 ES D Link Corporation vakuuttaa t ten ett DSR 1000N tyyppinen laite on direktiivin 1999 5 EY oleellisten vaatimusten ja sit koskevien direktiivin muiden ehtojen mukainen H rmed intygar D Link Corporation att denna DSR 1000N st r verensst mmelse med de v sentliga egenskapskrav och vriga relevanta best mmelser som framg r av direktiv 1999 5 EG 307 Unified Services Router User Manual 2 DSR 500N Federal Communications Commission FCC Compliance Notice Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a partic
224. entation ran query s DEBUG Mi iat failed ERROR DBUpdate event Table s opCode d rowld d DEBUG VAP s set Protection Mode failed ERROR sing VAPs using profile s DEBUG VAP s set Tx Power failed ERROR sing VAP s DEBUG WDS Profile s not found ERROR ran query s DEBUG Failed to initalize WPS on s ERROR me sing VAP instance s DEBUG _ failed to get profile s ERROR VAP s set Short Preamble failed DEBUG could not initialize MGMT framework ERROR VAP s set Short Retry failed DEBUG could not initialize MGMT framework ERROR VAP s set Long Retry failed DEBUG dot1 1VapBssidUpdt SQL error s ERROR Decrypting context with key s DEBUG salite3QueryResGet failed Query s ERROR KDOT11_GET_PARAM IEEE80211 _ Unknown IAPP command d received DEBUG lIOC_CHANNEL failed ERROR 268 Unified Services Router User Manual Failed to get the channel setting for unexpected reply from d cmd d DEBUG S ERROR unexpected reply from d cmd d DEBUG sqlite3QueryResGet failed Query s ERROR Recvied DOT11 EAPOL_KEYMSG DEBUG salite3QueryResGet failed Query s ERROR shutting down AP s DEBUG profile s not found ERROR APCtx Found DEBUG sqlite3QueryResGet failed Query s ERROR Interface name and policy must be APCtx Not Found DEBUG specified ERROR Interface name and policy must be node not found x x x DEBUG specified ERROR error installing
225. er from D Link s repositories This feature allows users to download new drivers for supported USB devices and language packs to enable multi lingual support for the router s management interface Multi lingual support via the package manager allows the user to choose a language of choice so that the entire textual content in the router s user interface is presented in the selected language ex DSR 1000 DSR 1000N DSR 500 and DSR 500N support the Package Manager feature This feature supports a single driver and single language pack to be stored in the router i e these files are available for use after device reboot There are 2 types of installations supported by this feature 194 Unified Services Router User Manual 1 Manual Installation Upon selecting manual installation the user has to download the package which will then display the available languages that the router GUI now supports eX Only drivers provided by D Link can be used for manual installation A validation process will be performed during installation 2 Auto Installation By selecting the link click here the Auto installation of the package is exercised A page showing the list of available drivers language packs is displayed from which the user can select and install one of the options For this type of installation the router must be able to access the internet as this will allow the user to download the package from a repository server which con
226. erface oS ERROR invalid argument ERROR pnacAuthConfig maxAuth limit missing profile name ERROR reached ERROR Profile s does not exist ERROR pnacAuthConfig malloc failed ERROR Error from pnacAuthConfig pAsArg Profile s does not exist ERROR cannot be NULL ERROR Error from pnacAuthConfig receive SSID should not be longer than d ERROR routine hook ERROR Profile s does not exist ERROR pnacAuthConfig pnacAuthinit failed ERROR Profile s does not exist ERROR kpnacPortPaeContig failed ERROR Profile s does not exist ERROR Invalid arguments ERROR Error from pnacSuppConfig malloc Profile s does not exist ERROR failed ERROR Error from pnacSuppConfig receive Profile s does not exist ERROR routine hook ERROR Error from pnacSuppConfig Profile s does not exist ERROR pnacSupplnit failed ERROR SSID not set SSID is needed to generate password hash ERROR kpnacPortPaeConfig failed ERROR pnacAuthDeconfig failed pPortPae Password string too big ERROR NULL ERROR Error from pnacPhyPortDestroy port dot11Malloc failed ERROR not configured ERROR pnacPhyPortDestroy Failed to Profile s does not exist ERROR deconfigure port ERROR Hex string should only have d hex chars ERROR pnacPhyPortParamUnset FAILED ERROR Error from pnacPhyPortCreate dot11Malloc failed ERROR malloc failed ERROR Error from pnacPhyPortCreate Profile s does not exist ERROR pnacP
227. erver found s secret s DEBUG DEBUG Certificate Request Failed File Open Failed File is Empty Memory Allocation Failed File Open Failed File is Empty Error in executing DB update handler unable to register to UMI sqlite3QueryResGet failed radSendtoServer socket s radSendtoServer bind Failed s AS radRecvfromServer recvfrom Failed s radRecvfromServer Packet too small from S d s radCheckMsgAuth Invalid Message Authenticator length in radDictLoad couldn t open dictionary AS YS radBuildAndSendRea Invalid Request Code d radPairAssign bad attribute value length radPairAssign unknown attribute type d radPairNew unknown attribute d radPairGen Attribute d has invalid length radPairValue unknown attribute type d radPairValueLen unknown attribute type d radPairLocate Attribute d has invalid length radPairUnpackDefault Unknown Attribute d radConfigure can t open s s radConfigure s line d bogus format s radConfAssert No AuthServer Specified radConfAssert No Default Timeout Specified radConfAssert No Default Retry Count Specified radExtractMppeKey Invalid MS MPPE Key Length 259 User Manual ERROR ERROR ERROR ERROR ERROR ERROR ERROR Unified Services Router Packed Auth Regest code d id d len d DEBUG Sending Packet to x d DEBUG Receivin
228. ervices Router pppoeMgmtTblHandler IdleTimeOutValue d pppoeMgmtTblHandler UserName s DEBUG failed to get field value DEBUG failed to get field value pppoeMgmtTblHandler Password s DEBUG salite3QueryResGet failed Query s pppoeMgmtTblHandler DNS specified S DEBUG salite3QueryResGet failed Query s pppoeMgmtTblHandler Service s DEBUG unboundMgmt unable to open the pppoeMgmtTblHandler Staticlp s DEBUG writing options xl2tod failed oppoeMgmtTbiHandler NetMask s DEBUG piepasup taled pppoeMgmtTblHandler AuthOpt d DEBUG writing xl2tod conf failed pppoeMgmtTblHandler Satus d DEBUG writing options xl2tpd failed pppoeEnable ppp dial string s DEBUG xl2tpdStop failed pppoeMgmtDBUpdateHandler returning with status s DEBUG xl2tpdStart failed pptpMgmtTblHandler MtuFlag d writing Chap secrets Pap Secrets pptoMgmtTblHandler Mtu d DEBUG failed pptpMgmtTbliHandler IdleTimeOutFlag od DEBUG xl2tpdStop failed pptoMgmtTbliHandler IdleTimeOutValue d DEBUG xl2todStart failed pptoMgmtTblHandler GetDnsFromlsp d DEBUG salite3QueryResGet failed Query s writing Chap secrets Pap Secrets pptopMgmtTbiHandler UserName s DEBUG failed pptoMgmtTblHandler Password s DEBUG xl2todStop failed optoMgmtTbiHandler dynamic Mylp configured pptpMgmtTbliHandler Mylp s xl2todStart faile
229. es Harmonized EN covering essential requirements under article 3 2 of the R amp TTE Directive EN 301 489 1 V1 8 1 2008 04 314 Unified Services Router User Manual Electromagnetic compatibility and Radio Spectrum Matters ERM ElectroMagnetic Compatibility EMC standard for radio equipment and services Part 1 Common technical requirements EN 301 489 17 V2 1 1 2009 05 Electromagnetic compatibility and Radio spectrum Matters ERM ElectroMagnetic Compatibility EMC standard for radio equipment Part 17 Specific conditions for Broadband Data Transmission Systems This device is a 2 4 GHz wideband transmission system transceiver intended for use in all EU member states and EFTA countries except in France and Italy where restrictive use applies In Italy the end user should apply for a license at the national spectrum authorities in order to obtain authorization to use the device for setting up outdoor radio links and or for supplying public access to telecommunications and or network services This device may not be used for setting up outdoor radio links in France and in some areas the RF output power may be limited to 10 mW EIRP in the frequency range of 2454 2483 5 MHz For detailed information the end user should contact the national spectrum authority in France CCO Les Cesky Jm no v robce t mto prohla uje Ze tento typ za zen je ve shod se z kladn mi Czech po adavky a dal mi p slu n mi us
230. es in the IP address pool Any new DHCP client joining the LAN is assigned an IP address in this range The default starting address is 192 168 10 2 The default ending address is 192 168 10 100 These addresses should be in the same IP address subnet as the router s LAN IP address You may wish to save part of the subnet range for devices with statically assigned IP addresses in the LAN Primary and Secondary DNS servers If configured domain name system DNS servers are available on the LAN enter their IP addresses here Default Gateway By default this setting has the router s LAN IP address It can be customized to any valid IP within the LAN subnet in the event that the network s gateway is not this router In this case the DHCP server will give the configured IP address as the Default Gateway to its DHCP clients Domain Name This is the network domain name used for identification WINS Server optional Enter the IP address for the WINS server or if present in your network the Windows NetBIOS server Lease Time Enter the time in hours for which IP addresses are leased to clients Relay Gateway Enter the gateway address This is the only configuration parameter required in this section when DHCP Relay is selected as its DHCP mode In the DNS Host Name Mapping section 14 Unified Services Router User Manual e Host Name Provide a valid host name e IP address Provide the IP address of the host name 4 Inthe LA
231. essneeenaas 228 List of connected 802 11 clients per AP uu ccccccccssscccessseecessseeceessseceesseeeesteeeeees 229 HIST OW LAIN DOS S casno nae e o AEE OO E O EO 229 List of current Active VPN Sessions ccescccsssccssssecssscecssseecsseeeessnsesssneesssseeessneessees 231 Figure 161 10 Unified Services Router User Manual Chapter 1 Introduction D Link Services Routers offer a secure high performance networking solution to address the growing needs of small and medium businesses Integrated high speed IEEE 802 11n and 3G wireless technologies offer comparable performance to traditional wired networks but with fewer limitations Optimal network security is provided via features such as virtual private network VPN tunnels IP Security IPsec Point to Point Tunneling Protocol PPTP Layer 2 Tunneling Protocol L2TP and Secure Sockets Layer SSL Empower your road warriors with clientless remote access anywhere and anytime using SSL VPN tunnels With the D Link Services Router you are able to experience a diverse set of benefits Comprehensive Management Capabilities The DSR 500 DSR 500N DSR 1000 and DSR 1000N include dual WAN Gigabit Ethernet which provides policy based service management ensuring maximum productivity for your business operations The failover feature maintains data traffic without disconnecting when a landline connection is lost The Outbound Load Balancing feature adjusts outgoing traffic acros
232. esssrssssesssrssneessersssees 205 9 4 Log COMO ULATION skience a E E EE 206 9 4 1 Defining What to LO cece ccccsssccccessssseeceeessseeeceeessseeceeesssseeceeesssseceeeessaeeees 206 9 4 2 Sending Logs to E mail or Syslog ccc ccssssessseseesssseseesssseesssensessnsesenessens 209 94 3 Event log Viewerin GUb arser ann a a aA 211 9 5 Backing up and Restoring Configuration Settings sssessessseeesesseeeeene 212 9 6 Generating DB GLO GS asenenc an a 214 9 7 Upgrading Router Firmware cccccccccccsssscccceessscecceeessseeceeesssseeceeesssseeeeeeesaes 214 Unified Services Router User Manual Chapter 10 Chapter 11 Chapter 12 Appendix A Appendix B Appendix C Appendix D Appendix E Appendix F Appendix G 9 8 Upgrading Router Firmware via USB ccccccccccccecsssceeeessseceessseceessseeseesseees 215 9 9 Dynami WIN SHS CUD a cosaice teorinin eig ape naa i i O E aa Ran 216 9 10 WsM DagNosStiE LOOMS eria a E E MA een 217 EOP eaa aa a a T O 219 OS Traco ROUlG seine a N 219 D107 INS LOOKU Darne a atau enc aieeeinataw 220 9 10 HOUTEr OBIONS sarean a N 220 Oty MOC ANIZ ATION sinse atucseceaccadounemedesna ane A 221 Router Status and StAUISTIC Sirs 5 4 cent x atscisnccstatuateeataton ont deateal SaaeiiehanadgustealobacnYcaasuatsealsiented 222 TO OV eN OVENI EW naaa a Oo 222 1O ty Vis B Y et are 18 sr rem eR mT TT 222 TOA ZAC SO UNCC TMZ ANION saiansctaes ccaccisnae ecessca E R E A ae 225
233. et DEBUG LEN u TOS 0x 02X xlr8NatConntrackPreHook isr p PREC 0x 02X TTL u ID u DEBUG plsr DEBUG FRAG u ntohs ih gt frag_off amp xlr8NatConntrackPreHook IP_OFFSET DEBUG secure d secure DEBUG Context found for ESP TRUNCATED DEBUG p pFlowEntry gt post plsr 0 DEBUG xlr8NatConntrackPreHook New PROTO TCP DEBUG connection DEBUG xlr8NatConntrackPostHook INCOMPLETE u bytes DEBUG postSecure d postlsr p p DEBUG proto d spi d lt gt proto d spi SPT u DPT u DEBUG d pPktInfo gt proto oPktInfo gt spi DEBUG SEQ u ACK u DEBUG IPSEC_INF Clock skew detected DEBUG IPSEC_ERR s d Max d No WINDOW u ntohs th gt window DEBUG of SA Limit reached DEBUG RES 0x 02x u8 ntohl tcp_flag_word th amp IPSEC _ERR s d Max d No TCP_RESERVED BITS gt gt 22 DEBUG of SA Limit reached DEBUG URGP u ntohs th gt urg_ptr DEBUG IPSEC_ERR s d time secs u DEBUG 284 Unified Services Router TRUNCATED 02X opfi PROTO UDP INCOMPLETE u bytes SPT u DPT u LEN u SPT u DPT u LEN u PROTO ICMP INCOMPLETE u bytes TYPE u CODE u ich gt type ich gt code INCOMPLETE u bytes ID u SEQ u PARAMETER u GATEWAY u u u u MTU u ntohs ich gt un frag mtu PROTO AH INCOMPLETE u bytes SPI 0x x ntohl ah gt spi PROTO ESP INCOMPLETE u bytes SPI 0x x ntohl eh gt spi PROTO u ih g
234. et button the following settings apply e LAN IP address 192 168 10 1 e Username admin e Password admin e DHCP server on LAN enabled e WAN port configuration Get configuration via DHCP 231 Chapter 12 Credits Microsoft Windows are registered trademarks of Microsoft Corp Linux is a registered trademark of Linus Torvalds UNIX is a registered trademark of The Open Group Unified Services Router User Manual Appendix A Glossary Address Resolution Protocol Broadcast protocol for mapping IP addresses to MAC addresses CHAP Challenge Handshake Authentication Protocol Protocol for authenticating users to an ISP Dynamic DNS System for updating domain names in real time Allows a domain name to be assigned to a device with a dynamic IP address Dynamic Host Configuration Protocol Protocol for allocating IP addresses dynamically so that DHCE addresses can be reused when hosts no longer need them Domain Name System Mechanism for translating H 323 IDs URLs or e mail IDs into IP addresses Also used to assist in locating remote gatekeepers and to map IP addresses to hostnames of administrative domains Fully qualified domain name Complete domain name including the host portion Example serverA companyA com FTP File Transfer Protocol Protocol for transferring files between network nodes HTTP Hypertext Transfer Protocol Protocol used by web browsers and web servers to transfer files Internet Key Excha
235. et connection Ensure that you have the Internet connection information such as the IP Addresses Account Information etc This information is usually provided by your ISP or network administrator IPv4 WAN Settings WAN Setup Enable VLAN Tag on VLAN ID 0 Dynamic IP DHCP Host Name Po DNS Servers Domain Name System DNS Server Source Get Dynamically from ISP Y Use These DNS Servers MAC Address MAC Address Source Use Default MAC I Clone your PC s MAC I Use this MAC Port Setup MTU Size Default I Custom Save Cancel 3 3 Bandwidth Controls Network gt Internet gt Traffic Management gt Bandwidth Profilers Bandwidth profiles allow you to regulate the traffic flow from the LAN to WAN 1 or WAN 2 This is useful to ensure that low priority LAN users like guests or HTTP service do not monopolize the available WAN s bandwidth for cost savings or bandwidth priority allocation purposes Bandwidth profiles configuration consists of enabling the bandwidth control feature from the GUI and adding a profile which defines the control parameters The profile can then be associated with a traffic selector so that bandwidth profile can be applied to the traffic matching the selectors Selectors are elements like IP addresses or services that would trigger the configured bandwidth regulation 60 Unified Services Router User Manual Figure 30 List of Configured Bandwidth Profiles Network Network Interne
236. eting IP address s DEBUG s ERROR deleting interface s from ifgroup d Adding new IP address s DEBUG failed ERROR Updating old IP address s to new IP adding interface s to ifgroup d address s DEBUG failed ERROR Restarting Firewall For s Address nimfBridgeTblHandler unable to get Update from s s DEBUG interfaceName ERROR Disabling Firewall Rule for MSS packet marking DEBUG nimfBridgeTblHandler ERROR Enabling Firewall Rule for MSS packet marking DEBUG nimfBridgeTblHandler unable to get ERROR Enabling packet marking rule for s Failed to s traffic from s to s to IDLE timer DEBUG IPS ERROR Deleted firewall rule s for service s Failed to s traffic from s to s to with action s DEBUG IPS ERROR s firewall rule s for service s with action s DEBUG failed to start IPS service ERROR Added firewall rule s for service s Timeout in waiting for IPS service to with action s DEBUG start ERROR 267 Unified Services Router User Manual Deleting inbound WAN LAN firewall Usage s lt DBFile gt lt opType gt rule DEBUG lt tbIName gt lt rowld gt ERROR Deleting inbound WAN DMZ firewall xlr8NatConfig illegal invocation of rule DEBUG s ERROR RIPng disabled DEBUG Illegal invocation of s ERROR xlr8NatMgmtTblHandler failed query RIPng enabled DEBUG s ERROR Disable IPV6 firewall rule DEBUG Could not open file s ERROR
237. ewall Rules fr Security Firewall Firewall Rules IPv4 Firewall Rules oO Q A A IPv4 Firewall Rules IPv6 Firewall Rules Bridge Firewall Rules A firewall is a security mechanism to selectively block or allow certain types of traffic in accordance with rules specified by network administrators You can use this page to manage the firewall rules that control traffic to and from your network The List of Available Firewall Rules table includes all firewall rules for this device and allows several operations on the firewall rules Firewall Rules Default Outbound Policy for IPv4 Always Allow I Block Save Cancel IPv4 Firewall Rules List Show entries Right click on record to get more options l a No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last gt 5 2 Defining Rule Schedules Security gt Firewall gt Schedules Firewall rules can be enabled or disabled automatically if they are associated with a configured schedule The schedule configuration page allows you to define days of the week and the time of day for a new schedule and then this schedule can be selected in the firewall rule configuration page ex All schedules will follow the time in the routers configured time zone Refer to the section on choosing your Time Zone and configuring NTP servers for more information 106 Unified Services Router User Manual Figure 60 List of Available
238. eys informantion from d DEBUG OC_WME ACM failed ERROR opnacUmiPortPaeParamSet error in KDOT11_ SET PARAM IEEE80211_ getting port pae DEBUG OC _WME failed ERROR onacUmiPortPaeParamSet invalid param d DEBUG invalid group cipher d ERROR pnacRecvASInfoMessage Skey of KDOT11_SET PARAM IEEE80211_ length d set DEBUG OC_MCASTCIPHER failed ERROR pnacRecvASInfoMessage reAuthPeriod KDOT11_SET PARAM IEEE80211_ set to d DEBUG OC _MCASTKEYLEN failed ERROR 271 Unified Services Router pnacRecvASInfoMessage supp Timeout set to d PORT SUCCESSFULLY DESTROYED creating physical port for s onacAuthInit using defualt pnacAuthParams pnacSupplnit using defualt pnacSuppParams Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc Error from pnacCombinedStMachTriggerFunc received a pdu on s pnacRecvMapi protoType 04x pPhyPort gt auth ToASSendRtn p port not found from pnacRecvMapi pkt body len d pktT ype d from pnacPDUProcess received PNAC_EAP_PACKET currentld d code d from pnacPDUProcess from pnacPDUProcess identifier d from pnacPDUProcess true from pnacPDUProcess identifier d
239. face Oubound rules restrict access to traffic leaving your LAN Port1 interface Firewall rules are applied in the order listed As a general rule you should move the strictest rules those with the most specific services or addresses to the top of the list List of Bridge Firewall Rules Right click on record to get more options No data available in table Showing 0 to 0 of 0 entries h First Previous Next gt Last Al Add New Bridge Firewall Rule Firewall rules configured for the bridge will filter traffic based on protocol outgoing range of ports and or the incoming range of ports The processing is at L2 and can apply either to the LANI port or the WAN2 DMZ port not both Figure 71 Bridge Firewall Rule configuration fans Custom Services Configuration X Port Type Port Range O Multiple Forts Start Port O Range 0 65535 Finish Port oOo Range 0 65535 Save 124 Unified Services Router User Manual 5 9 Application Rules Security gt Firewall gt Dynamic Port Forwarding Application rules are also referred to as port triggering This feature allows devices on the LAN or DMZ to request one or more ports to be forwarded to them Port triggering waits for an outbound request from the LAN DMZ on one of the defined outgoing ports and then opens an incoming port for that specified type of traffic This can be thought of as a form of dynamic port forwarding while an application is tr
240. failed ERROR FileName too lengthy ERROR Couldn t execute command ERROR Memory allocation failed ERROR Memory allocation failed ERROR invalid certificate data ERROR Query s ERROR Query s ERROR Memory allocation failed ERROR X509_ERROR Failed to validate the certficate ERROR Memory allocation failed ERROR Query s ERROR Invalid Sign Key Length d ERROR Invalid Hash Alg d ERROR Invalid Sign Alg d ERROR No Memory Available ERROR 258 Unified Services Router pCtx is NULL ERROR tlsGlueCtxCreate failed eapVars is NULL Context NULL ERROR Initializing inner EAP auth ERROR pCtx is NULL ERROR Memory Allocation Failed Facility System Admin Usage s lt DBFile gt Could not open database s CPU LOG File not found MEM LOG File not found cpuMemUsageDBUpdateHandler update query s Printing the whole list after inserting s at d minute d hour d dayOfMonth d month adpCmdExec exited with return code d S op d row d sqlite3_mprintf failed sqlite3QueryResGet failed query s Printing the whole list after delete s at d minute d hour d dayOfMonth d month Printing the whole list after inserting s at d minute d hour d dayOfMonth d month email logs No logging events enabled S Mail sent and the Database is reset Disabled syslog server Event logs are full sending logs to email Email logs sending failed Packing attribute s S
241. fines the WAN port speed or is associated with a MAC address this information is required by the router to ensure a smooth connection with the network The default MTU size supported by all ports is 1500 This is the largest packet size that can pass through the interface without fragmentation This size can be increased however large packets can introduce network lag and bring down the interface speed Note that a 1500 byte size packet is the largest allowed by the Ethernet protocol at the network layer The port speed can be sensed by the router when Auto is selected With this option the optimal port settings are determined by the router and network The duplex half or full can be defined based on the port support as well as one of three port speeds 10 Mbps 100 Mbps and 1000 Mbps i e 1 Gbps The default setting is 100 Mbps for all ports The default MAC address is defined during the manufacturing process for the interfaces and can uniquely identify this router You can customize each WAN port s MAC address as needed either by letting the WAN port assume the current LAN host s MAC address or by entering a MAC address manually 84 Unified Services Router User Manual Figure 48 Physical WAN port settings Network Internet WANI Settings Q Le This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses Account Information etc This inform
242. ful when configuring multiple PPPoE connections i e for Japan ISPs that have multiple PPPoE support ISP login information This is required for PPTP and L2TP ISPs e User Name e Password e Secret required for L2TP only MPPE Encryption For PPTP links your ISP may require you to enable Microsoft Point to Point Encryption MPPE Split Tunnel supported for PPTP and L2TP connection This setting allows your LAN hosts to access internet sites over this WAN link while still permitting VPN traffic to be directed to a VPN configured on this WAN port ex If split tunnel is enabled DSR won t expect a default route from the ISP server In such case user has to take care of routing manually by configuring the routing from Static Routing page Connectivity Type To keep the connection always on click Keep Connected To log out after the connection is idle for a period of time useful if your ISP costs are based on logon times click Idle Timeout and enter the time in minutes to wait before disconnecting in the Idle Time field My IP Address Enter the IP address assigned to you by the ISP Server IP Address Enter the IP address of the PPTP or L2TP server te DSR 150 150N 250 250N doesn t have a dual WAN support WAN Port IP address Your ISP assigns you an IP address that is either dynamic newly generated each time you log in or static permanent The IP Address Source option allows you to define whether the address is s
243. g Reply Packet DEBUG Verified Reply Packet Integrity DEBUG Generated Reply Attribute Value pairs DEBUG Verified Message Authenticator DEBUG Unloaded RADIUS Dictionary DEBUG Adding Dictionary Attribute s DEBUG Adding Dictionary Value s DEBUG Loaded Dictionary s DEBUG Adding Dictionary Attribute s DEBUG Adding Dictionary Value s DEBUG Receiving attribute s DEBUG Processing attribute s DEBUG Processing attribute s DEBUG Processing attribute s DEBUG Processing attribute s DEBUG radConfGet DEBUG Added Server s d with DEBUG Added Server s d with DEBUG Default Timeout Set to d DEBUG Default Retry Count Set to d DEBUG S VS Yd DEBUG Deleting Server s d with DEBUG Adding Rowld d to Server s d with DEBUG rowlds d d DEBUG Deleting Server s d with DEBUG RADIUS Deconfigured DEBUG Found Option s on line d of file s DEBUG Setting Option s with value s DEBUG RADIUS Configured DEBUG d Server s d with DEBUG DBUpdate event Table s opCode d rowld d DEBUG Host IP address s DEBUG Adding Packet for existing cookie p DEBUG Adding Packet and cookie p DEBUG Releasing Packet and cookie p DEBUG radVendorMessage Invalid Length in Vendor Message radVendorMessage Unknown Vendor ID received d radVendorAttrGet Invalid Length in Vendor Message radVendorAttrGet Unknown Vendor ID d radVendorMessagePack Unknown Vendor ID d radGetIPByN
244. g is available when multiple WAN ports are configured and Protocol Bindings Nave been defined eecccescsessceesseeeseseacesessesessessssesessesesseseaseseaeesesseseseeseaseneas 68 Protocol binding setup to associate a service and or LAN source to a WAN and or Ge STMT OMS WOR oieri eiiean aaia i a EA N R tsi sects Sed eet sta 69 COMIGUEING THe PAA rsa A wiaaadacn omen iets te aeons 69 IP AliaS Connor AU OM cicsSseereccecccs sats AA sce emanans itatenaoaiatiecamckcspeatateite 70 Routing Mode to determine traffic routing between WAN and LAN eee eeeees T2 Silale route COMMOUAUOM HEIOS saene a EE 75 OSPFv2 configured parameters cniris ier E E R 76 OSPF YZ CONO A UON aiaa e e E TEON 77 OSPFv3 configured parameters cc ccesccccesssccceesseeccesseeceessseeeesssseceesssecceesseeeeenseeeeetseeeeens 78 OSPFYS COMMUN enra a E E A S 79 TO TOANNENNO aeran a E E E A 79 ISATAP Tunnels Configuratio sasssa air TE AEE E EAE 81 WANS configuration for 3G internet 4 acccjisncnesicecanstactawiocescesteirnanseasecnictantevtasearaneedeeuntoueeens 83 Physical WAN DOS eting Sirenis a 85 Wireless Network Setup WizardS ccc ecccsscccsssseccessseeeessseeeesesseeeseseecessseeeesesseseneeeeeens 87 List of Available Profiles shows the options available to secure the wireless link 91 Profile configuration to Set network security cece ecccccceessecceesseeceessseeeeesseeeeesseeeeseeeeees 92 Virtual AP Configuratio
245. g with Status sS adding to dhcprealy ifgroup failed adding to ipset fwDhcpRelay failed Disabling Firewall Rule for DHCP Relay Protocol Enabling Firewall Rule for DHCP Relay Protocol prerouting Firewall Rule add for Relay failed prerouting Firewall Rule add for Relay failed DEBUG DEBUG lpaddress should be provided with accessoption 1 Subnetaddress should be provided with accessoption 2 Failed to restart sshd unable to open the Error in executing DB update handler Error in executing DB update handler unknown vlan state Failed to execute vlanConfig binary for vianld d salite3_mprintf failed Access port can be present only in single vian Failed to execute vlanConfig binary for vianld d unknown vlan state Failed to execute vlanConfig binary for port number d Failed to clear vlan for oldPVID d Failed to execute vlanConfig binary for port number d Failed to clear vlan for d Failed to set vlan entry for vlan d Failed to set vlan entries while enabling sqlite3QueryResGet failed Failed to execute vlanConfig binary for port number d Failed to execute vlanConfig binary for vianld d Failed to enable vlan Failed to disable vlan Failed to set vianPort table entries while Failed to enable vian unknown vlan state Error in executing DB update handler unknown vlan state Failed to execute vilanConfig binary for vianld d
246. ge bandwidth profile has been created it can then be associated with a traffic flow from the LANPort 1 toDMZ Bridge traffic selectors are elements like IP addresses or services that require their outbound traffic to be regulated Bridge Traffic Selectors List Show 10 entries Right click on record to get more options l ai Mo data available in table Stains E E IN First Previous Next gt Last 3 Add New Bridge Traffic Selector 65 Unified Services Router User Manual Available Profiles Service AIM T Traffic Selector Match Type MAC Address MAC Address 3 4 Features with Multiple WAN Links This router supports multiple WAN links This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable WAN connectivity on one of the ports Network gt Internet gt WAN Mode To use Auto Failover or Load Balancing WAN link failure detection must be configured This involves accessing DNS servers on the internet or ping to an internet address user defined If required you can configure the number of retry attempts when the link seems to be disconnected or the threshold of failures that determines if a WAN port is down 3 4 1 Auto Failover In this case one of your WAN ports is assigned as the primary internet link for all internet traffic The secondary WAN port is used for redundancy in case
247. ght click options Q v T ov No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last gt Activation Setup License Activation Code 9 1 3 Remote Management Maintenance gt Management gt Remote Management Both HTTPS and telnet access can be restricted to a subset of IP addresses The router administrator can define a known PC single IP address or range of IP addresses that are allowed to access the GUI with HTTPS The opened port for SSL traffic can be changed from the default of 443 at the same time as defining the allowed remote management IP address range 201 Unified Services Router User Manual Figure 133 Remote Management from the WAN or Maintenance Maintenance Management Remote Management Q Q Ss S From this page a user can configure the remote management feature This feature can be used to manage the box remotely from WAN side Remote Management Remote Management Setup Enable Remote Management Es HTTPS Port No 443 Range 1 65535 SSH ee SNMP Access Control Setup Access Type ALLIP Addresses I IP Address Range I Only Selected PC WAN Ping Respond to Ping j Save Cancel Maintenance gt Administration gt Web GUI Management This feature restricts management access via the GUI to a predefined set of IP addresses or VLAN subnets When enabled the GUI management access can be restricted for all LAN hosts and in
248. gmtHandler no row found nRows d nCols d WARN dhcpcEnable unable to kill dhclient ERROR pppoeMgmtDBUpdateHandler empty dhcpcEnable enabling dhcpc failed update WARN on s ERROR 232 Unified Services Router dhcpcEnable dhclient already running on S dhcpcDisable deleted dhclient leases l2toMgmtlnit unable to open the database file s 2tpEnable unable to resolve address AS 2tpEnable inet_aton failed The Enable Command is s l2tpEnable Executing the Command failed 2tpDisable command string s l2toDisable unable to stop l2tp session l2topMgmtTblHandler unable to get current MTU option l2topMgmtTblHandler unable to get the Mtu l2teoMgmtTblHandler dbRecordValueGet failed for s l2topMgmtTblHandler l2tpEnable failed l2tpMgmtTblHandler disabling I2tp failed l2topMgmtDBUpdateHandler sqlite83QueryResGet l2teoMgmtDBUpdateHandler error in executing Illegal invocation of tcpdumpConfig S Failed to start tcpdump Failed to stop tcpdump Invalid teodumpEnable value Facility System VPN WARN ERROR ERROR ERROR ERROR ERROR ERROR dhcpcDisable unable to kill dhclient dhcpcDisable delete failed for dhclient leases dhcpcDisable failed to reset the ip dhcpcMgmtTblHandler unable to get current Mtu Option dhcpcMgmtTblHandler unable to get the Mtu dhcpcMgmtTblHandler dhclient enable failed dhcpcMgmtTblHandler dhcpc release fai
249. gt Portal Layouts When remote users want to access the private network through an SSL tunnel either using the Port Forwarding or VPN tunnel service they login through a user portal This portal provides the authentication fields to provide the appropriate access levels and privileges as determined by the router administrator The domain where the user account is stored must be specified and the domain determines the authentication method and portal layout screen presented to the remote user Figure 113 List of configured SSL VPN portals The configured portal can then be associated with an authentication domain VPN SSL YPN Portal Layouts Q e The table lists the SSL portal layouts configured for this device and allows several operations on the portal layouts The router allows you to create a custom page for remote SSL VPN users that is presented upon authentication Login instructions available services and other usage details that are specific to a domain are useful to present on the authentication portal Portals are assigned to the user domain SSL VPN Portal Layouts List Show entries Right click on record to get more options q SSLVPN 0 https 0 0 0 0 443 portal SSLVPN Showing 1 to 1 of 1 entries First Previous 1 Next gt Last gt Add New SSL VPN Portal Layout 7 5 1 Creating Portal Layouts Setup gt VPN Settings gt SSL VPN Server gt Portal Layouts The router allows you to create a
250. h on the router Enabled passthrough checkboxes have higher priority than firewall rules based on the same service VPN Passthrough PPTP EN L2TP on Save Cancel 5 8 Bridge Mode Firewall Security gt Firewall gt Firewall Rules gt Bridge Firewall rules When Bridge is the selected system routing mode Layer 2 level firewall rules are available to manage network traffic These firewall rules will be applied between the two ports that are part of the bridge LAN1 and the WAN2 DMZ physical ports XW Bridge mode option is available on DSR 500 500N 1000 1000N products only 123 Unified Services Router User Manual Figure 70 List of Configured Firewall Rules for the Bridge Security Firewall Firewall Rules Bridge Firewall Rules Ke 1Pv4 Firewall Rules Firewall Rules IPv6 Firewall Rules Firewall Rules A firewall is a security mechanism to selectively block or allow certain types of traffic in accordance with rules specified by network administrators You can use this page to manage the firewall rules that control traffic between interfaces of your Bridged network The List of Bridge Firewall Rules table includes all firewall rules for the bridged network and allows several operations on the firewall rules By default in bridge Mode all access is allowed for Inbound and Outbound direction between the interfaces of the bridged network Inbound Rules govern access from DMZ Port to the LAN Port1 inter
251. han the chosen severity are captured For example if you have configured CRITICAL level logging for the Wireless facility then 802 11 logs with severities CRITICAL ALERT and EMERGENCY are logged The severity levels available for logging are 206 Unified Services Router User Manual e EMERGENCY system is unusable e ALERT action must be taken immediately e CRITICAL critical conditions e ERROR error conditions e WARNING warning conditions e NOTIFICATION normal but significant condition e INFORMATION informational e DEBUGGING debug level messages Figure 138 Facility settings for Logging 0 Maintenance Maintenance Logs Settings Facility L ogs Settings y Logs Q 9 This page allows user to configure logging severity levels for different logging facilities Facility Logs Facility Select Facility I System I Locall UTM I Local0 Wireless For Event Log Syslog Emergency Alert Critical Error Warning Notification Information Debugging dadadada EEEEEEE Ww pS lt a Cancel The display for logging can be customized based on where the logs are sent either the Event Log viewer in the GUI the Event Log viewer is in the Status gt Logs page or a remote Syslog server for later review E mail logs discussed in a subsequent section follow the same configuration as logs configured for a Syslog server Maintenance gt Log Settings gt Routing Logs This page allows you to determ
252. hbutton Notify on s s dev gt name vap gt iv_dev gt name DEBUG PPP no memory VJ compressor ERROR Could not find Board Configuration Data DEBUG failed to register PPP device d err ERROR Could not find Radio Configuration data DEBUG PPP no memory comp pkt ERROR s No device func __ DEBUG ppp compressor dropped pkt ERROR ath_ahb No devices found driver not installed DEBUG PPP no memory VJ comp pkt ERROR PKTLOG_TAG s proc_dointvec failed FUNCTION _ DEBUG PPP no memory comp pkt ERROR PKTLOG_TAG s proc_dointvec failed FUNCTION _ DEBUG PPP no memory fragment ERROR 293 Unified Services Router s failed to register sysctls proc_name DEBUG PKTLOG_TAG s proc_mkdir failed __ FUNCTION __ DEBUG PKTLOG_TAG s pktlog_attach failed for s DEBUG PKTLOG_TAG s allocation failed for pl info FUNCTION DEBUG PKTLOG_TAG s allocation failed for pl info FUNCTION _ DEBUG PKTLOG_TAG s create_proc_entry failed for s DEBUG PKTLOG_TAG s sysctl register failed for s DEBUG PKTLOG_TAG s page fault out of range FUNCTION _ DEBUG PKTLOG_TAG s page fault out of range FUNCTION _ DEBUG PKTLOG_TAG s Log buffer unavailable FUNCTION _ DEBUG PKTLOG TAG DEBUG Logging should be disabled before changing bufer size DEBUG s allocation failed for pl_info __ func __ DEBUG s Unable to allocate buffer func _ DEBUG s allocation failed for pl_info __ func __ DEBUG s Unable t
253. he External IP address does not necessarily have to be the WAN address On a single WAN interface multiple public IP addresses are supported If your ISP assigns you more than one public IP address one of these can be used as your primary IP address on the WAN port and the others can be assigned to servers on the LAN or DMZ In this way the LAN DMZ server can be accessed from the internet by its aliased public IP address Outbound rules can use Source NAT SNAT in order to map bind all LAN DMZ traffic matching the rule parameters to a specific WAN interface or external IP address usually provided by your ISP 109 Unified Services Router User Manual Once the new or modified rule parameters are saved it appears in the master list of firewall rules To enable or disable a rule click the checkbox next to the rule in the list of firewall rules and choose Enable or Disable e amp The router applies firewall rules in the order listed As a general rule you should move the strictest rules those with the most specific services or addresses to the top of the list To reorder rules click the checkbox next to a rule and click up or down 110 Unified Services Router User Manual Figure 61 Example where an outbound SNAT rule is used to map an external IP address 209 156 200 225 to a private DMZ IP address 10 30 30 30 www example com f i Internet Public IP Address 209 165 200 225 outside interface DSR
254. hentication gt User Database gt Users gt Add New Users The user configurations allow creating users associated to group The user settings contain the following key components e User Name This is unique identifier of the user e First Name This is the user s first name e Last Name This is the user s last name e Select Group A group is chosen from a list of configured groups e Password The password associated with the user name 165 Unified Services Router User Manual e Confirm Password The same password as above is to be re entered to prevent against typing errors e Idle Timeout The session timeout for the user It is recommended that passwords contains no dictionary words from any language and is a mixture of letters both uppercase and lowercase numbers and symbols The password can be up to 30 characters Figure 105 User configuration options User Configuration User Hame First Name a Last Name admin Select Group ADMIN Password tn tn ca J E Confirm Password Save 7 1 2 Adding many users to the Local User Database Security gt Authentication gt User Database gt Get User DB The DSR administrator can add users to the local built in database directly via an appropriately formatted comma separated value CSV file The advantage of this feature is to allow for a large number of users to be added to the system with one operation and the same file can be uploaded to mu
255. here Figure 112 Configured client routes only apply in split tunnel mode VPN SSLVPN Client Routes Q9 Q The Configured Client Routes entries are the routing entries which will be added by the SSL VPN Client such that only traffic to these destination addresses is redirected through the SSL VPN tunnels and all other traffic is redirected using the hosts SSL VPN Clients native network interface The table shows the destination routes that will be configured on the SSL VPN client For example if the SSL VPN Client wishes to access the LAN network then in SPLIT Tunnel mode you should add the LAN subnet as the destination subnet on this device SSL VPN Client Routes List Show entries Right click on record to get more options Q No data available in table Showing 0 to 0 of 0 entries J First Previous Next gt Last 7 Add New Client Route Save ave ex Steps to Install Uninstall SSLVPN tunnel in MAC OS XW 1 Open terminal and run visudo as root and it will open sudoers file 176 Unified Services Router User Manual ew 2 Add username ALL NOPASSWD usr sbin chown bin chmod bin rm at the bottom of the sudoers file save and close the file Username is the user name of the MAC account but not SSLVPN user name xW While uninstalling SSLVPN tunnel when it asks for password enter the MAC user account password but not the root password or SSL VPN user password 7 5 User Portal VPN gt SSL VPN
256. his router allows you to capture log messages for traffic through the firewall VPN and over the wireless AP As an administrator you can monitor the type of traffic that goes through the router and also be notified of potential attacks or errors when they are detected by the router The following sections describe the log configuration settings and the ways you can access these logs 9 4 1 Defining What to Log Maintenance gt Log Settings gt Facility Logs The Logs Facility page allows you to determine the granularity of logs to receive from the router There are three core components of the router referred to as Facilities e Kernel This refers to the Linux kernel Log messages that correspond to this facility would correspond to traffic through the firewall or network stack e System This refers to application and management level features available on this router including SSL VPN and administrator changes for managing the unit e Wireless This facility corresponds to the 802 11 driver used for providing AP functionality to your network e Locall UTM This facility corresponds to IPS Intrusion Prevention System which helps in detecting malicious intrusion attempts from the WAN For each facility the following events in order of severity can be logged Emergency Alert Critical Error Warning Notification Information Debugging When a particular severity level is selected all events with severity equal to and greater t
257. hyPortParamSet ERROR invalid key index d key index should error from pnacPhyPortCreate be 0 3 ERROR malloc failed ERROR Error from pnacAuthlnit wepKey length incorrect ERROR pnacPortTimersinit failed ERROR Error from pnacAuthlnit Profile s does not exist ERROR pnacAuthPAElnit failed ERROR Error from pnacAuthinit Invalid Cipher type d ERROR pnacAuthKeyTxlnit failed ERROR Profile supports WEP stas Group cipher Error from pnacAuthinit must be WEP ERROR pnacReauthTimerlnit failed ERROR Error from pnacAuthinit Profile s does not exist ERROR pnacBackAuthinit failed ERROR Error from pnacAuthinit Profile s does not exist ERROR pnacCtrlDirlnit failed ERROR Error from pnacAuthinit Profile s does not exist ERROR pnacKeyRecvinit failed ERROR invalid pairwise cipher type d ERROR Error from pnacSupplnit malloc failed ERROR Error from pnacSupplnit Cipher s is already in the list ERROR pnacPortTimersiInit failed ERROR Error from pnacSupplnit Profile s does not exist ERROR pnacKeyRecvinit failed ERROR Error from pnacSupplnit Invalid Cipher type d ERROR pnacSuppKeyTxInit failed ERROR Error from pnacSupplnit Cipher s not found in the list ERROR pnacSuppPAE Init failed ERROR 276 Unified Services Router Profile s does not exist Profile s does not exist Auth method s is already in the list Profile s does not exist Auth method s not found in the list Profile s does not exist
258. ibed in each section For more detailed setup instructions and explanations of each configuration parameter refer to the online help that can be accessed from each page in the router GUI Typographical Conventions The following is a list of the various terms followed by an example of how that term is represented in this document Product Name D Link Services Router o Model numbers DSR 500 500N 1000 1000N 250 250N 150 150N GUI Menu Path GUI Navigation Monitoring gt Router Status Important note XA 12 Chapter 2 Configuring Your Network LAN Setup 2 1 It is assumed that the user has a machine for management connected to the LAN to the router The LAN connection may be through the wired Ethernet ports available on the router or once the initial setup is complete the DSR may also be managed through its wireless interface as it is bridged with the LAN Access the router s graphical user interface GUI for management by using any web browser such as Microsoft Internet Explorer or Mozilla Firefox e Go to http 192 168 10 1 default IP address to display the router s management login screen e Default login credentials for the management GUI e Username admin e Password admin ex If the router s LAN IP address was changed use that IP address in the navigation bar of the browser to access the router s management UI LAN Configuration Network gt LAN gt LAN Settings By default the router fun
259. ice ANY Action Always Block Source Hosts e Single Address O Address Range Destination Hosts e Single Address Address Range Log Never O Always QoS Priority Normal Service 112 Unified Services Router User Manual IPv6 Firewall Rules Configuration From fone SECURE LAN To fone Service Action INSECURE WAN AMY T Block Always T Source Hosts Any Q Single Address Address Range Destination Hosts Any OQ Single Address Address Range Log 5 4 Never O Always Configuring IPv6 Firewall Rules Security gt Firewall gt Firewall Rules gt IPv4 Firewall Rules All configured IPv6 firewall rules on the router are displayed in the Firewall Rules list This list also indicates whether the rule is enabled active or not and gives a summary of the From To zone as well as the services or users that the rule affects 113 Unified Services Router User Manual Figure 63 The IPv6 firewall rule configuration page allows you to define the To From zone service action schedules and specify source destination IP addresses as needed Security Security Firewall Firewall Rules IPv6 Firewall Rules Q IPv4 Firewall Rules Firewall Rules IPv Firewall Rules Firewall Rules A firewall is a security mechanism to selectively block or allow certain types of traffic in accordance with rules specified by network administrators You can use this page to manage the
260. ices Router User Manual Figure 145 Firmware version information and upgrade option 9 Maintenance Maintenance Firmware amp Config Firmware Upgrade Using System PC oO Q Using System PC Using USB Check Update This page allows user to upgrade downgrade the router firmware This page also shows the information regarding firmware version and build time Using System PC Current Firmware Information Firmware Version 2 00_WW Firmware Date Tue Jul 1 06 14 53 2014 Firmware Upgrade Browse Firmware Choose File No file chosen Upgrade This router also supports an automated notification to determine if a newer firmware version is available for this router By clicking the Check Now button in the notification section the router will check a D Link server to see if a newer firmware version for this router is available for download and update the Status field below eX IMPORTANT After firmware 1 04B13 new user database architecture is introduced The new user database is easier to setup and more intuitively to use When users upgrade DSR s firmware to 1 04B13 or latter DSR will automatically merge users in the old database into the new one However all user databases will be swept away when users downgrade firmware from 1 04B13 to the older one e g 1 03B43 Please keep in mind backup your user database for further restoring once you decide to downgrade firmware to the older one 9 8 Upgrading Router Fir
261. iled to commit ERROR nimfNetlfaceTblHandler unable to S d SIP DISABLE s DEBUG get LedPinld ERROR nimfNetlfaceTblHandler unable to S d SIP SET CONF s DEBUG get LedPinld ERROR nimfNetlfaceTblHandler unable to Failed to open S S DEBUG get LedPinld ERROR Failed to start sipalg DEBUG s unable to kill dhclient ERROR nimfAdvOptSetWrap unable to get Failed to stop sipalg DEBUG current Mac Option ERROR nimfAdvOptSetWrap unable to get Failed to get config info DEBUG current Port ERROR nimfAdvOptSetWrap unable to get Network Mask 0x x DEBUG current MTU Option ERROR nimfAdvOptSetWrap error getting RTP DSCP Value 0x x DEBUG Mac Address from ERROR nimfAdvOptSetWrap unable to get Need more arguments DEBUG the MTU ERROR nimfAdvOptSetWrap error setting Invalid lanaddr DEBUG interface advanced ERROR nimfAdvOptSetWrap error getting Invalid lanmask DEBUG MTU size ERROR nimfAdvOptSetWrap unable to get Invalid option DEBUG Mac Address ERROR nimfAdvOptSetWrap error setting Failed to set config info DEBUG interface advanced ERROR nimfAdvOptSetWrap failed to get Unknown option DEBUG old connectiontype ERROR nimfAdvOptSetWrap old connection sshdTblHandler DEBUG typeis s ERROR nimfAdvOptSetWrap failed to get pPort s DEBUG old MTU Option ERROR nimfAdvOptSetWrap error getting pProtocol s DEBUG MTUsize ERROR nimfOldFieldValueGet failed to get pListerAddr s DEBUG old ERR
262. iled to create procfs entry PPPoL2TP kernel driver s proc dir not created Initialzing Product Data modules De initializing by kernel UMI module loaded kernel UMI module unloaded Loading bridge module 286 User Manual Unified Services Router User Manual 02X skb gt datali DEBUG Unloading bridge module INFO _lvi PPPOL2TP _ fmt args DEBUG unsupported command d cmd INFO 02X ptr length DEBUG Loading ifDev module INFO 02X unsigned char m gt msg_iovii iov_base j DEBUG Unloading ifDev module INFO ERROR d in alloc_chrdev_region 02X skb gt datali DEBUG result INFO KERN_EMERG THE value read is d value DEBUG ERROR d in cdev_add result INFO KERN_EMERG Factory Reset button is pressed DEBUG using bcm switch s bcmswitch INFO KERN_ EMERG Returing error in INTR priviegedID d wanporttNo d registration DEBUG privlegediD wanportNo INFO KERN_EMERG Initialzing Factory defaults modules DEBUG Loading mii INFO Failed to allocate memory for pSipListNode DEBUG Unloading mii INFO SIPALG Memeory allocation failed for pSipNodeEntryTbl DEBUG s Version 0 1 INFO okt err s pktInfo error DEBUG s driver unloaded dev_info INFO wlan s backend registered be okt err s pktInfo error DEBUG siab_ name INFO okt err s pktInfo error DEBUG wlan s backend unregistered INFO wlan s acl policy registered iac s
263. illover logic governs outbound connections moving from the primary to secondary WAN You can configure spillover mode by using following options e Load Tolerance It is the percentage of bandwidth after which the router switches to secondary WAN e Max Bandwidth This sets the maximum bandwidth tolerable by the primary WAN for outbound traffic If the link bandwidth of outbound traffic goes above the load tolerance value of max bandwidth the router will spillover the next connections to secondary WAN For example if the maximum bandwidth of primary WAN is 1 Kbps and the load tolerance is set to 70 Now every time a new connection is established the bandwidth increases After a certain number of connections say bandwidth reached 70 of 1Kbps the new outbound connections will be spilled over to secondary WAN The maximum value of load tolerance is 80 and the minimum is 20 67 Unified Services Router User Manual ex DSR 1000 DSR 1000N DSR 500 and DSR 500N support the traffic load balancing between physical WAN port and the 3G USB Modem Load balancing is particularly useful when the connection speed of one WAN port greatly differs from another In this case you can define protocol bindings to route low latency services such as VOIP over the higher speed link and let low volume background traffic such as SMTP go over the lower speed link Figure 35 Load Balancing is available when multiple WAN ports are configured and Protocol
264. ine the type of traffic through the router that is logged for display in Syslog E mailed logs or the Event Viewer Denial of service attacks general attack information login attempts dropped packets and similar events can be captured for review by the IT administrator 207 Unified Services Router User Manual Traffic through each network segment LAN WAN DMZ can be tracked based on whether the packet was accepted or dropped by the firewall Accepted Packets are those that were successfully transferred through the corresponding network segment 1 e LAN to WAN This option is particularly useful when the Default Outbound Policy is Block Always so the IT admin can monitor traffic that is passed through the firewall e Example If Accept Packets from LAN to WAN is enabled and there is a firewall rule to allow SSH traffic from LAN then whenever a LAN machine tries to make an SSH connection those packets will be accepted and a message will be logged Assuming the log option is set to Allow for the SSH firewall rule Dropped Packets are packets that were intentionally blocked from being transferred through the corresponding network segment This option is useful when the Default Outbound Policy is Allow Always e Example If Drop Packets from LAN to WAN is enabled and there is a firewall rule to block SSH traffic from LAN then whenever a LAN machine tries to make an SSH connection those packets will be dropped and a
265. ing GTK Msg1 sending EAPOL pdu to PNAC creating pnac authenticator with values d d S Profile s does not exist IAPP initialized Encrypting context key s for could not find access point context for AS join event for existing node s failed to send PNAC_FORCE_AUTHORIZED failed to send PNAC_AUTHORIZED failed to send PNAC_VAR_KEY_AVAILABLE TRUE failed to send PNAC_VAR_KEY_TX_EN TRUE failed to send PNAC_VAR_KEY_TX_EN FALSE failed to send PNAC FORCE AUTHORIZED failed to send PNAC _ AUTHORIZED mic verification OK DEBUG DEBUG DEBUG DEBUG DEBUG src doti 1 iapp iappLib c 1314 ADP_ERROR BSSID value passed is NULL reserved requestld is passed interface name is NULL IP address value passed is NULL opening receive UDP socket failed enabling broadcast for UDP socket failed opening receive TCP socket for new AP failed src dot1 1 iapp iappLib c 1 784 ADP_ERROR src doti 1 iapp iappLib c 1 794 ADP_ERROR src doti 1 iapp iappLib c 1803 ADP_ERROR failed created dot11dLock failed initialize profile library failed to create cipher contexts unable to register to UMI could not create MIB tree unable to register to PNAC Max registration attempts by DOT11 to PNAC exceeded Creation of EAP WPS Profile Failed umiloctl UMI_COMP_IAPP d failed DOT11_RX_EAPOL_KEYMSG unknown ifname s cmd d not supported sender d
266. inistrator Account Optional Password fe Optional Third Administrator Account fe Optional Password fe Optional Save Cancel 8 5 Authentication Certificates VPN gt IPSec VPN gt Certificates gt Trusted Certificates This gateway uses digital certificates for IPsec VPN authentication as well as SSL validation for HTTPS and SSL VPN authentication You can obtain a digital certificate from a well known Certificate Authority CA such as VeriSign or generate and sign your own certificate using functionality available on this gateway The gateway comes with a self signed certificate and this can be replaced by one signed by a CA as per your networking requirements A CA certificate provides strong assurance of the server s identity and is a requirement for most corporate network VPN solutions 191 Unified Services Router User Manual The certificates menu allows you to view a list of certificates both from a CA and self signed currently loaded on the gateway The following certificate data is displayed in the list of Trusted CA certificates CA Identity Subject Name The certificate is issued to this person or organization Issuer Name This is the CA name that issued this certificate Expiry Time The date after which this Trusted certificate becomes invalid A self certificate is a certificate issued by a CA identifying your device or self signed if you don t want the identity protection of a CA The Active Self Certific
267. ion information such as the IP Addresses Account Information etc This information is usually provided by your ISP or network administrator IPv4 WAN Settings WAN Setup Connection Type Russian dual access L2TP Enable VLAN Tag Russian LATP Address Mode Dynamic IP Static IP Server Address Secret Doo Optional Split Tunnel Reconnect Mode Always On On Demand Domain Name System DNS Servers DNS Server Source Get Dynamically from ISP O Use These DNS Servers MAC Address MAC Address Source Use Default MAC Clone your PC s MAC Use this MAC Port Setup MTU Size Default Custom Port Speed Auto Sense 3 2 6 Russia Dual Access PPPoE For Russia dual access PPPoE connections you can choose the address mode of the connection to get an IP address from the ISP or configure a static IP address provided by the ISP 52 Unified Services Router User Manual Figure 26 Russia Dual access PPPoE configuration Network Network Internet WANI Settings 7 This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses Account Information etc This information is usually provided by your ISP or network administrator IPv4 WAN Settings WAN Setup Connection Type L2TP Username Password YT Enable VLAN Tag L TP Address Mode cy Dynamic IP Static IP Split Tunnel C a Reconnect Mode
268. ipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures e Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation IMPORTANT NOTE FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance
269. irst version 3 is a routing protocol for IPv Networks OSPFv3 described in RFC2 740 05PF is an IGP Interior Gateway Protocol used to distribute routing information within a single Autonomous System Compared with RIP OSPF can provide scalable network support and faster convergence times O SPF can be used to design and build large and complicated networks OSPF v3 List Show entries Right click on record to get more options a DISABLED LAN 1 10 40 10 DISABLED WAN 1 10 40 10 DISABLED WAN 1 10 40 10 Showing 1 to 3 of 3 entries First Previous 1 Next gt Last gt Interface The physical network interface on which OSPFv3 is Enabled Disabled Status This column displays the Enable Disable state of OSPFv3 for a particular interface Priority Helps to determine the OSPFv3 designated router for a network The router with the highest priority will be more eligible to become Designated Router Setting the value to 0 makes the router ineligible to become Designated Router The default value is 1 Lower Value means higher priority HelloInterval The number of seconds for HelloInterval timer value Setting this value Hello packet will be sent every timer value seconds on the specified interface This value must be the same for all routers attached to a common network The default value is 10 seconds DeadInterval The number of seconds that a device s hello packets must not have been seen before its neighbors declare
270. is also useful for IPsec PPTP L2TP client authentication Figure 123 Active Directory Authentication Server configuration a Security Security Authentication External Auth Server AD Server Radius Server POP3 Server POP3 Trusted CA LDAP Server AD Server NT Domain This page allow to configure Active Directory authentication servers Active Directory Configuration Server Check server Checking Po Optional Optional Authentication Server 1 Primary Authentication Server 2 Secondary Authentication Server 3 Optional Active Directory Domain Second Active Directory Domain Optional Third Active Directory Domain Timeout Retries First Administrator Account Password First Server Hostname Second Administrator Account Password Second Server Hostname Third Administrator Account Password Third Server Hostname 189 Po Option Range 1 999 Seconds S Range 5 9 Optional Optional Optional Optional Po Optional Optional Po Optional Optional Optional Save ANCE Unified Services Router User Manual 8 4 5 LDAP Server Security gt Authentication gt External Auth Server gt LDAP Server The LDAP authentication method uses LDAP to exchange authentication credentials between the router and external server The LDAP server maintains a large database of users in a directory structure so users with the same usern
271. isable configurable port no ports present in this vlanid d DEBUG from ERROR failed query s DEBUG configPortTblHandler has failed ERROR vlan disabled not applying vlan configuration DEBUG sqlite3QueryResGet failed Query s ERROR Error in executing DB update disabling vian DEBUG handler ERROR enabling vian DEBUG sqlite3QueryResGet failed ERROR vlan disabled not applying vlan Failed to execute switchConfig for configuration DEBUG port ERROR Failed to execute switchConfig for no ports present in this vlanid d DEBUG port enable ERROR Failed to execute ifconfig for port failed query s DEBUG enable ERROR vlan disabled not applying vlan configuration DEBUG Failed to execute ethtool for ERROR Failed to execute switchConfig for removing s from bridge s s DEBUG port disable ERROR Failed to execute ifconfig for port adding s to bridge d s DEBUG disable ERROR restarting bridge DEBUG sqlitesQueryResGet failed ERROR switchConfig Ignoring event on port number d DEBUG sqlite3_mprintf failed ERROR restarting bridge DEBUG sqlitesQueryResGet failed ERROR Failed to execute switchConfig for executing S s DEBUG port mirroring ERROR Usage s lt DB Name gt lt Entry removing s from bridge s s DEBUG Name gt lt logFile gt lt subject gt ERROR adding s to bridge d s DEBUG sqlite3QueryResGet failed ERROR Could not get all the required switchConfig Ignoring event on
272. it to one or all of the supported SSL services Once this is done editing one of the created network resources allows you to configure the object type either IP address or IP range associated with the service The Network Address Mask Length and Port Range Port Number can all be defined for this resource as required A network resource can be defined by configuring the following in the GUI e Resource name A unique identifier name for the resource e Service The SSL VPN service corresponding to the resource VPN tunnel Port Forwarding or All 170 Unified Services Router User Manual Figure 109 List of configured resources which are available to assign to SSL VPN policies VPN SSL VPN Resources Q 6 Network resources are services or groups of LAN IP addresses that are used to easily create and configure SSL VPN policies This shortcut saves time when creating similar policies for multiple remote SSL VPN users Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding service Traffic from the remote user to the router is detected and re routed based on configured port forwarding rules Port forwarding requires the identification of the TCP application and local server IP address that is being made accessible to remote users SSL VPN Resources List Show entries Right click on record to get more options a A A A
273. ity Security Firewall ALGs SMTP ALGs SMTP ALGs Approved Mail IDs Blocked Mail IDs Mail Filtering This page allows the user to enable the SMTP ALG SMTP ALG Port Range 1 65535 Save Cancel a Security x Security Firewall ALGs SMTP ALGs Approved Mail IDs Blocked Mail IDs Mail Filtering Application Level Gateway allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer control data protocols such as TFTP SIP RTSP etc Each ALG provides special handling for a specific protocol or application A number of ALGs for common applications are enabled by default ALGs RTSP on SIP Er H 323 E TFTP on Save Cancel 5 7 VPN Passthrough for Firewall Security gt Firewall gt VPN Passthrough This router s firewall settings can be configured to allow encrypted VPN traffic for IPsec PPTP and L2TP VPN tunnel connections between the LAN and internet A specific firewall rule or service is not appropriate to introduce this passthrough support instead the appropriate check boxes in the VPN Passthrough page must be enabled 122 Unified Services Router User Manual Figure 69 Passthrough options for VPN tunnels N ge Security Security Firewall VPN Passthrough Q 9 This page allows user to configure VPN IPsec PPTP and L2TP passthroug
274. k administrator IPv4 WAN Settings WAN Setup Connection Type Enable VLAN Tag Static IP IP Address IP Subnet Mask Gateway IP Address Domain Name System DNS Servers Primary DNS Server Secondary DNS Server MAC Address MAC Address Source Port Setup MTU Size Port Speed 3 2 4 PPPoE Static IP 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Use Default MAC Clone your PC s MAC Use this MAC Default O Custom Auto Sense Network gt Internet gt WANI Settings The PPPoE ISP settings are defined on the WAN Configuration page There are two types of PPPoE ISP s supported by the DSR the standard username password PPPoE and Japan Multiple PPPOE 48 Unified Services Router User Manual Figure 22 PPPoE configuration for standard ISPs Network Network Internet WANT Settings eo This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses Account Information etc This information is usually provided by your ISP or network administrator IPv4 WAN Settings WAN Setup Connection Type Enable VLAN Tag PPPoE Profile Configuration Address Mode User Name Password Service Authentication Type Reconnect Mode Domain Name System DNS Servers DNS Server Source MAC Address MAC Address Source Port Setup MTU Size Port Speed PPPoE Username Passwor T oe Dynamic IP
275. l 6 6 OpenVPN Support VPN gt Open VPN gt Settings OpenVPN allows peers to authenticate each other using a pre shared secret key certificates or username password When used in a multiclient server configuration it allows the server to release an authentication certificate for every client using signature and Certificate authority An Open VPN can be established through this router Check Uncheck this and click save settings to start stop the OpenVPN server Mode OpenVPN daemon mode It can run in server mode client mode or access server client mode In access server client mode the user has to download the auto login profile from the OpenVPN Access Server and upload the same to connect Server IP OpenVPN server IP address to which the client connects applicable in client mode VPN Network Address of the Virtual Network VPN Netmask Netmask of the Virtual Network Port The port number on which OpenVPN server or Access Server runs Tunnel Protocol The protocol used to communicate with the remote host Ex TCP UDP UDP is the default Encryption Algorithm The cipher with which the packets are encrypted Ex BF CBC AES 128 AES 192 and AES 256 BF CBC is the default Hash algorithm Message digest algorithm used to authenticate packets Ex SHA1 SHA256 and SHA512 SHAI is the default Tunnel Type Select Full Tunnel to redirect all the traffic through the tunnel Select Split Tunnel to redirect traffic to specifi
276. l Auto negotiate s Always On On Demand Get Dynamically from ISP O Use These DNS Servers Use Default MAC Clone your PC s MAC Use this MAC Dynamic IP Static IP Use These DNS Servers Get Dynamically from ISP Default Custom Auto Sense Save Cancel 3 2 7 WAN Configuration in an IPv6 Network Network gt IPv6 gt WAN1Settings For IPv6 WAN connections this router can have a static IPv6 address or receive connection information when configured as a DHCPv6 client In the case where the ISP assigns you a fixed address to access the internet the static configuration settings must be completed In addition to the IPv6 address assigned to your router the IPv6 prefix length defined by the ISP is needed The default IPv6 Gateway address is the server at the ISP that this router will connect to for accessing the internet The primary and secondary DNS servers on the ISP s IPv6 network are used for resolving internet addresses and these are provided along with the static IP address and prefix length from the ISP 56 Unified Services Router User Manual When the ISP allows you to obtain the WAN IP settings via DHCP you need to provide details for the DHCPv6 client configuration The DHCPv6 client on the gateway can be either stateless or stateful If a stateful client is selected the gateway will connect to the ISP s DHCPv6 server for a leased address For stateless DHCP there need not be a DHCPv6 serve
277. la directive 1999 5 CE Italiano Con la presente nome del costruttore dichiara che questo tipo di apparecchio Italian conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999 5 CE Latviski Ar So name of manufacturer izgatavotaja nosaukums deklar ka type of equipment Latvian iek rtas tips atbilst Direkt vas 1999 5 EK b tiskaj m pras b m un citiem ar to saist tajiem noteikumiem Lietuvi iuo manufacturer name deklaruoja kad is equipment type atitinka esminius Lithuanian reikalavimus ir kitas 1999 5 EB Direktyvos nuostatas Hierbij verklaart naam van de fabrikant dat het toestel type van toestel in Nederlands overeenstemming is met de essenti le eisen en de andere relevante bepalingen van Dutch richtlijn 1999 5 EG mt Malti Hawnhekk isem tal manifattur jiddikjara li dan il mudel tal prodott jikkonforma mal Maltese ti ijiet essenzjali u ma provvedimenti o rajn relevanti li hemm fid Dirrettiva 1999 5 EC 315 Unified Services Router User Manual hu Magyar Alul rott gy rt neve nyilatkozom hogy a t pus megfelel a vonatkoz alapvet6 Hungarian k vetelm nyeknek s az 1999 5 EC ir nyelv egy b eldirasainak Et Polski Niniejszym nazwa producenta o wiadcza e nazwa wyrobu jest zgodny z zasadniczymi Polish wymogami oraz pozosta ymi stosownymi postanowieniami Dyrektywy 1999 5 EC Portugu s Nome do fabricante decla
278. le Configuration Name Policy Type Outbound T WAN Interface Dedicated WAN Priority Low T Save Network gt Internet gt Traffic Management gt Bridge Traffic Selectors Once a profile has been created it can then be associated with a traffic flow from the LAN to WAN To create a traffic selector click Add on the Traffic Selectors page Traffic selector configuration binds a bandwidth profile to a type or source of LAN traffic with the following settings e Available profiles Assign one of the defined bandwidth profiles e Service You can have the selected bandwidth regulation apply to a specific service i e FTP from the LAN If you do not see a service that you want you can configure a custom service through the Advanced gt Firewall Settings gt Custom Services page To have the profile apply to all services select ANY e Traffic Selector Match Type this defines the parameter to filter against when applying the bandwidth profile A specific machine on the LAN can be identified via IP address or MAC address or the profile can apply to a LAN port or VLAN group As well a wireless network can be selected by its BSSID for bandwidth shaping In order to restrict services from all IP addresses or specific subnets the subnet mask field can be configured in conjunction with the IP address to regulate inbound traffic 62 Unified Services Router User Manual Figure 32 Traffic Selector Configuration Network Ne
279. led access to a website belonging to one of these configured categories will be blocked with an error page e Adult Content Sites that host explicit sex content nudity and sites that use profanity e News Sites that offer news and information on current events including newspapers broadcasters and other publishers e Job Search Sites that offer job listings interview coaching and other employment related services e Gambling Sites that offer online gambling or information about gambling e Travel Tourism Sites with travel and tourism information like city maps and services including planning trips reservations for bus train airlines hotel booking etc e Shopping Online shops catalogs auction sites and classified ads etc e Entertainment Websites for TV movies entertainment news etc and sites hosting video content of movies TV streaming etc e Chatrooms IM Social networking sites chartrooms and instant messaging sites e Dating Sites Online dating matchmaking relationship advice personal ads and web pages related to marriage e Game Sites Sites that offer online games MORPG and information about computer games cheat codes etc e Investment Sites Sites for brokerages trusts insurance and other investments related organizations e E banking Sites providing online banking services offered by financial institutions e Crime Terrorism Sites providing information on anti social activities lk
280. led dhcpcMgmtTblHandler dhcpc disable failed dhcpcMgmtDBUpdateHandler failed query s dhcpcMgmtDBUpdateHandler error in executing DHCP v6 Client start failed DHCPv6 Client stop failed failed to create open DHCPv6 client failed to write DHCPv6 client configuration file failed to restart DHCP v6 Client failed to create open DHCPv6 Server Restoring old configuration DHCPv6 Server configuration update failed DHCPv6 Server Restart failed sqlite3QueryResGet failed Query s User Manual ERROR d command not supported by eapAuth oCtx NULL Current cert subject name s X509_STORE_CTX_get_ex_data failed Cannot get cipher no session est S SSL_ERROR_WANT_X509_ LOOKUP err code d in s BIO write Error Decrypting BIO reset failed Encrypting BIO reset ERROR DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG 253 PEAP key derive ERROR PEAP context is NULL ERROR Constructing P2 response ERROR innerEapRecv is NULL ERROR Decrypting TLS data ERROR Wrong identity size ERROR Wrong size for extensions packet ERROR innerEapRecv is NULL ERROR Inner EAP processing ERROR TLS handshake ERROR Unified Services Router User Manual BIO_read Error DEBUG Sending P1 response ERROR ERROR EAP state machine changed from s to Unexpected tlsGlueContinue return S DEBUG value ERROR EAP state machine changed from s to No more fr
281. ltiple DSR devices as needed Once uploaded the specific users in the local user database can be modified via the GUI as needed 166 Unified Services Router User Manual Figure 106 Import a CSV file with multiple users to the User Database a Security Security Authentication User Database Get User DB e Get User DB Groups Users This page allows user to import a CSV formatted user database to the router Get User DB Select User DB File Choose File No file chosen Upload The following parameters must be used to define the User database CSV file 1 Create an empty text file with a csv extension 2 Each line in the file corresponds to a single user entry Every line should end with carriage return equivalent of CRLF Do not add comments or other text in this file 3 Formatting rules a All the fields must be enclosed within double quotes b Consecutive fields are seperated by commas c There should be no leading or trailing spaces in a line d There should be no spaces between fields Each line in the CSV user database file should follow the following format UserName FirstName LastName GroupName MultiLogin Password The above sample has fields that can assume the following values e Username text field Name of the user and identifier in the DSR s database and so it must be unique in the local user database e FirstName text field This is a user detail and need not be
282. m value between one third of this field and this field The default is 30 seconds RA Flags The router advertisements RA s can be sent with one or both of these flags Chose Managed to use the administered stateful protocol for address auto configuration If the Other flag is selected the host uses administered stateful protocol for non address auto configuration Router Preference this low medium high parameter determines the preference associated with the RADVD process of the router This is useful if there are other RADVD enabled devices on the LAN as it helps avoid conflicts for IPv6 clients MTU The router advertisement will set this maximum transmission unit MTU value for all nodes in the LAN that are auto configured by the router The default is 1500 Router Lifetime This value is present in RA s and indicates the usefulness of this router as a default router for the interface The default is 3600 seconds Upon expiration of this value a new RADVD exchange must take place between the host and this router 22 Unified Services Router User Manual Figure 6 Configuring the Router Advertisement Daemon Network Network IPv LAN Settings Router Advertisement IPv LAN Settings IPv6 Address Pools Prefixes for Prefix Delegation Router Advertisement Advertisement Prefixes This page allows user to configure Router Advertisement Daemon RADVD related configurations Router Advertis
283. mac_undefined 02XK 0V2K 02XK 02XK 02XK 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 s addr_add 02XK 0V2K 02XK 02XK 02XK 02X dev gt name addr 0 addr 1 addr 2 addr 3 addr 4 addr 5 DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG aii DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG User Manual S S dev gt name buf DEBUG s no memory for sysctl table __ func __ DEBUG s no memory for VAP name __ func __ DEBUG s failed to register sysctls vap gt iv_dev gt name DEBUG s no memory for new proc entry s __ func__ DEBUG s Ox p len u tag p len DEBUG 03d i DEBUG 02x u_int8_t p Ii DEBUG first difference at byte u DEBUG s t gt name DEBUG FAIL ieee80211_crypto_newkey failed DEBUG FAIL ieee80211_crypto_setkey failed DEBUG FAIL unable to allocate skbuff DEBUG FAIL wep decap failed DEBUG FAIL decap botch length mismatch DEBUG FAIL decap botch data does not compare DEBUG FAIL wep encap failed DEBUG FAIL encap data length mismatch DEBUG FAIL encrypt data does not compare DEBUG PASS DEBUG u of u 802 111 WEP test vectors passed pass total DEBUG sS Ox p len u tag p len DEBUG 03d DEBUG 02x u_int8_t p i DEBUG
284. mode with RADIUS server or both Note that WPA does not support 802 1 1n data rates is it appropriate for legacy 802 11 connections WPA2 this security type uses CCMP encryption and the option to add TKIP encryption on either PSK pre shared key or Enterprise RADIUS Server authentication WPA WPA2 this uses both encryption algorithms TKIP and CCMP WPA clients will use TKIP and WPA2 clients will use CCMP encryption algorithms 90 Unified Services Router User Manual W WPA WPA2 is a security option that allows devices to connect to an AP using the strongest security that it supports This mode allows legacy devices that only support WPA2 keys such as an older wireless printer to connect to a secure AP where all the other wireless clients are using WPA2 Figure 50 List of Available Profiles shows the options available to secure the wireless link Wireless General Profiles e A profile is a grouping of wireless settings which can be shared across multiple APs AP specific settings are configured on the Access Point Configuration page The profile allows for easy duplication of S5SIDs security settings encryption methods client authentication etc across APs Profiles List Show entries Right click on record to get more options a default1 DSR 500N_1 Enabled OPEN NONE NONE Showing 1 to 1 of 1 entries First Add New Profile Previous 1 Next p Last 4 2 1 WEP Security
285. mware via USB Maintenance gt Firmware amp config gt Firmware upgrade gt Using USb This page allows user to upgrade the firmware backup and restore the settings using a USB storage key 215 Unified Services Router User Manual Figure 146 Firmware upgrade and configuration restore backup via USB or Maintenance Maintenance Firmware amp Config Firmware Upgrade Using USB Please Connect a USB Storage Device Using System PC Using USB Check Update This page allows user to upgrade downgrade the router firmware via USB Device Using USB USB USB Device Status disconnected Select Firmware 9 9 Dynamic DNS Setup Network gt Internet gt Dynamic DNS gt Dynamic DNS WANI Settings Dynamic DNS DDNS is an Internet service that allows routers with varying public IP addresses to be located using Internet domain names To use DDNS you must setup an account with a DDNS provider such as DynDNS org D Link DDNS or Oray net Each configured WAN can have a different DDNS service if required Once configured the router will update DDNS services changes in the WAN IP address so that features that are dependent on accessing the router s WAN via FQDN will be directed to the correct IP address When you set up an account with a DDNS service the host and domain name username password and wildcard support will be provided by the account provider 216 Unified Services Router User
286. n 2c cs3h so ascents bitiias oss a a edness 94 List of configured access points Virtual APs shows one enabled access point on the FACIO OFOAAGASUING INS SID asset ae tect icc dae es hoes nach E E e EE decoded deceit 96 Radio Card configuration OPTIONS 0 0 cece cccssccccessseccessseeeecsseeccesseeceesseeceesseeeeessseeeesseeeens 98 WV TIVES O A eosar ccs hc ca n a a a N 99 Wireless Distribution System 20 cece cccsseccessssecessseecesesseeeessseeccsesseeeeesaeecesesseeeseseeeeeseaeees 100 Advanced Wireless communication settings 0 0 0 ccc cccescceessseccessseeeeesseeeeesseeeeestseeeens 102 WPS configuration for an AP with WPA WPAZ2 profile ee eeccecesseeeeseeeesteeesseeenees 103 List of Available Firewall Rules sicsssiwitinsinii tain e h n aeael cane tee 106 List of Available Schedules to bind to a firewall rule eee eceseeeteeesteeesteeeseeeeeeens 107 Example where an outbound SNAT rule is used to map an external IP address 209 156 200 225 to a private DMZ IP address 10 30 30 30 ee eceseeeeteeeeees 111 The firewall rule configuration page allows you to define the To From zone service action schedules and specify source destination IP addresses as needed 112 The IPv6 firewall rule configuration page allows you to define the To From zone service action schedules and specify source destination IP addresses as needed 114 List of Available IPv6 Firewall Rules cece ccecccccssccccccc
287. n allows the user to specify a WDS peer The WDS Peers table displays the list of WDS peers currently configured on the device A maximum of 4 WDS peers can be specified in any given mode Advanced Wireless Settings Wireless gt Advanced gt Advanced Sttings Sophisticated wireless administrators can modify the 802 11 communication parameters in this page Generally the default settings are appropriate for most networks Please refer to the GUI integrated help text for further details on the use of each configuration parameter 101 Unified Services Router User Manual Figure 57 Advanced Wireless communication settings Wireless Advanced Advanced Settings B This page is used to specify advanced configuration settings for the radio Advanced Wireless Settings Beacon Interval 100 Default 100 Range 40 3500 Milliseconds Dtim Interval Default Range 1 2755 RTS Threshold 2346 Default 2346 Range 256 2346 Fragmentation Threshold 2346 Default 2346 Range 257 2346 Preamble Mode Long Protection Mode Power Save Enable L Save Cancel 4 8 Wi Fi Protected Setup WPS Wireless gt Advanced gt WPS WPS is a simplified method to add supporting wireless clients to the network WPS is only applicable for APs that employ WPA or WPA2 security To use WPS select the eligible VAPs from the dropdown list of APs that have been configured with this security and enable WPS status for this A
288. nd background 98 Unified Services Router User Manual Figure 55 Wi Fi Multimedia P a P Wireless Wireless Advanced WMM o This page allows you to configure the Wi Fi Multimedia WMM configuration parameters WMM Settings Wi Fi Multimedia Configuration Profile Name default T Enable MM Default Class Of Service Background IP TOS DiffServ Mapping Show entries No right click options l a Showing 1 to 10 of 64 entries First E i 213 4 5 Next gt Save Cancel Profile Name This field allows you to select the available profiles in wireless settings Enable WMM This field allows you to enable WMM to improve multimedia transmission Default Class of Service This field allows you to select the available Access Categories voice video best effort and background 99 Unified Services Router User Manual 4 6 Wireless distribution system WDS Wireless gt Advanced gt WDS Wireless distribution system is a system enabling the wireless interconnection of access points in a network This feature is only guaranteed to work only between devices of the same type Figure 56 Wireless Distribution System Wireless Advanced WDS Operation Succeeded This page allows you to configure the Wireless Distribution System WDS configuration parameters WDS Settings WDS Enable on WDS Encryption 128 WDS Security WEP WDS Authentication Sha
289. ned Browser Client Browser Internet Explorer Save Policy by IP To set policies bye IP for the group select the corresponding group click Policy by IP The following parameters are configured e Group Name This is the name of the group that can have its login policy edited 163 Unified Services Router User Manual e Deny Login from Defined Browsers The list of defined browsers below will be used to prevent the users of this group from logging in to the routers GUI All non defined browsers will be allowed for login for this group e Allow Login from Defined Browsers The list of defined browsers below will be used to allow the users of this group from logging in to the routers GUI All non defined browsers will be denied for login for this group e Defined Browsers Displays the web browsers that have been added to the Defined Browsers list upon which group login policies can be defined e Check Box At First Column Header Selects all defined browsers in the table e Delete Deletes the selected browser s You can add to the list of Defined Browsers by selecting a client browser from the drop down menu and clicking Add This browser will then appear in the above list of Defined Browsers e Click Save Settings to save your changes Figure 103 IP policies options IP Policies Show entries Q T lt gt gt gt gt No data available in table Showing 0 to 0 of 0 entries Add IP Policies
290. ng information in a conspicuous location This device has been designed to operate with the antennas listed below and having a maximum gain of 1 8 dB Antennas not included in this list or having a gain greater than 1 8 dB are strictly prohibited for use with this device The required antenna impedance is 50 ohms RSS GEN 7 1 5 To reduce potential radio interference to other users the antenna type and its gain should be so chosen that the equivalent isotropically radiated power e i r p is not more than that permitted for successful communication Le pr sent appareil est conforme aux CNR d industrie Canada applicables aux appareils radio exempts de licence L exploitation est autoris e aux deux conditions suivantes 1 l appareil ne doit pas produire de brouillage et 2 l utilisateur de l appareil doit accepter tout brouillage radio lectrique subi m me si le brouillage est susceptible d en comSpromettre le fonctionnement C 09840 Is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximation of the Laws of the Member States relating to Electromagnetic Compatibility 2004 108 EC Low voltage Directive 2006 95 EC the procedures given in European Council Directive 99 5 EC and 2004 104 EC The equipment was passed The test was performed according to the following European standards EN 300 328 V 1 7 1 EN 301 489 1 V 1 8 1 EN 301 489 17 V 2 1 1 EN 62311 EN 60950 1 312
291. ng List for Configured Host Names f lt gt No data available in table Add New Rule 173 Unified Services Router User Manual Port Forwarding List for Host Configuration Local Server IP Address 192 168 15 25 Fully Qualified Poman Mame 7 4 SSL VPN Client Configuration VPN gt SSL VPN gt SSL VPN Clients An SSL VPN tunnel client provides a point to point connection between the browser side machine and this router When a SSL VPN client is launched from the user portal a network adapter with an IP address from the corporate subnet DNS and WINS settings is automatically created This allows local applications to access services on the private network without any special network configuration on the remote SSL VPN client machine It is important to ensure that the virtual PPP interface address of the VPN tunnel client does not conflict with physical devices on the LAN The IP address range for the SSL VPN virtual network adapter should be either in a different subnet or non overlapping range as the corporate LAN ex The IP addresses of the client s network interfaces Ethernet Wireless etc cannot be identical to the router s IP address or a server on the corporate LAN that is being accessed through the SSL VPN tunnel 174 Unified Services Router User Manual Figure 111 SSL VPN client adapter and access configuration cad VPN s VPN SSLVPN SSL VPN Client Q An SSL VPN
292. nge Mode for securely exchanging encryption keys in ISAKMP as part of building a VPN tunnel IP security Suite of protocols for securing VPN tunnels by authenticating or encrypting IP packets in a data stream IPsec operates in either transport mode encrypts payload but not packet headers or tunnel mode encrypts both payload and packet headers Internet Key Exchange Security Protocol Protocol for establishing security associations and cryptographic keys on the Internet Internet service provider Media access control address Unique physical address identifier attached to a network adapter MAC Address Maximum transmission unit Size in bytes of the largest packet that can be passed on The MTU MTU for Ethernet is a 1500 byte packet Network Address Translation Process of rewriting IP addresses as a packet passes through a NAT router or firewall NAT enables multiple hosts on a LAN to access the Internet using the single public IP address of the LAN s gateway router Microsoft Windows protocol for file sharing printer sharing messaging authentication and name resolution NetBIOS Network Time Protocol Protocol for synchronizing a router to a single clock on the network NTP known as the clock master Password Authentication Protocol Protocol for authenticating users to a remote access server PAP or ISP 240 Unified Services Router User Manual Point to Point Protocol over Ethernet Protocol for c
293. nn aa a a aa 180 8 2 USB SHAE DON sires sseatsel tear a E E E A 181 8 3 SMG SENICE arara e aA A OE 183 8 4 External Authentication seseenneeeeeseesssesesssseeressssrresssssersssseeressseeressssrresssserressse 184 oal PORSO OCIO aea a E tuedeasteaades 184 SiGe NT Doman SOI VSM iea e a a e a 186 04 RADIUS SENE sian a a A 187 8 4 4 Active Directory Server sessessereesesresssreesssresssrcesssresssreesseresssreesseressereeseeeeseeeeese 189 240 LDAP SENE anne tle aauis Sade us duateasawasenter aoe aeaeoaee aon 190 8 5 Authentication Certificate cc cccccccccccsssccceesssseecceeessseeceeessseeeceeessseeeeeeessaeeees 191 8 6 Advanced Switch Configuration cccccccccccccssscccssssecesesseeceesssesesesseeeesseeeeseaes 194 8 7 Package Manager se ranesire ia n ee Ae ao 194 Chapter 9 Administration amp ManageMe n ccccccccccccccssscccesssecceesseeceesseeccessseeceessseceesseeeestseeees 198 9 1 Configuration ACCESS COntOl ccccccccccecsssscccceessseeeceeessseeeceeessseeeeeeeseeeeeeens 198 LEL FROMINCSOUUINGS 0 c5hcnz lt snaieiciecsdausachanes sxtasneuseanayelcsnssdaucudsauns sokesienswenanedstaasiersadaneaiess 199 9 1 2 License WDC AICS aii sire conanchzrscddansacwauat niinno nascar sadionss NEO EEEn 200 9213 Remote Managemen sesssenioan ann a T eerste ea 201 JIA CELAC Ce SS aaa A E A eee 203 9 2 SNMP CONIOUrANON ronu E A N 203 9 3 Configuring Time Zone and NTP ssessessnensssnssesssssrsssrsss
294. o allocate buffer func _ DEBUG Atheros HAL assertion failure s line YU S DEBUG ath_hal logging to s s ath_hal_logfile DEBUG ath_hal logging disabled DEBUG S S sep ath_hal_buildopts i DEBUG failed to allocate rx descriptors d error DEBUG ath_stoprecv rx queue p link p DEBUG no mpdu s _ func __ DEBUG Reset rx chain mask Do internal reset s _ func __ DEBUG OS_CANCEL_TIMER failed DEBUG s unable to allocate channel table __ func __ DEBUG s unable to collect channel list from hal DEBUG s cannot map channel to mode freq u flags Ox x DEBUG S unable to reset channel u uMhz DEBUG s unable to restart recv logic DEBUG s start DFS WAIT period on channel d func __ sc gt sc_curchan channel DEBUG User Manual PPP VJ uncompressed error eee ppp decompress _ frame no memory ERROR ppp_mp_reconstruct bad seq u lt U ERROR PPP couldn t register device s d ERROR ppp re ppp struct p but dead d ERROR ppp destroying undead channel p ERROR PPP removing module but units remain ERROR PPP failed to unregister PPP device ERROR ha JBD bad block at offset u ERROR lie D corrupted journal superblock ERROR JB D bad block at offset u ERROR Pe JBD Failed to read block at offset u ERROR error d scanning journal err ERROR JB D IO error d recovering block ERROR Logs_kernel txt 303 KERN_ERR ERROR Logs
295. o load s MD5 Hardware Test Duration d d DEBUG scan_modnames mode pnac src pnac linux kernel xcalibur c 2 09 define DEBUG_PRINTK _printk DEBUG Failed to mkdir proc net madwifi bcmDevicelnit registration failed DEBUG try_module get failed bcmDevicelnit pCdev Add failed DEBUG s request_irq failed dev gt name too many virtual ap s already got REG Size 8 Bit DEBUG d sc gt sc_nvaps Value x At Page x Addr oX DEBUG s request_irg failed dev gt name rix u Yu bad ratekbps u mode REG Size 16 Bit DEBUG u Value x At Page x Addr cix u Yu bad ratekbps u mode ox DEBUG u REG Size 32 Bit DEBUG S no rates for S 290 User Manual ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN ARNIN MEDSODSEDEDEDEDEODSE DEDEDEDSEODSEODSEDEDEDESEDEDEDEDEDEODEDEDEDEODEOEOSE Unified Services Router User Manual Value x At Page x Addr no rates yet mode u SC ARNIN X DEBUG gt sc_curmode ARNIN REG Size 64 Bit DEBUG u u u u sent an invalid ICMP ARNIN REG Size is not in 8 16 32 64 DEBUG dst cache overflow Written Value x At Page x ARNIN DEBUG Neighbour table overflow Addr x ARNIN bcm_ioctl Unkn
296. o workgroups e LDAP Base DN This is the base domain name for the LDAP authentication server If there are multiple LDAP authentication servers users can enter the details for up to two unique LDAP Base DN e Active Directory Domain If the domain uses the Active Directory authentication the Active Directory domain name is required Users configured in the Active Directory database are given access to the SSL VPN portal with their Active Directory username and password If there are multiple Active Directory domains user can enter the details for up to two authentication domains 160 Unified Services Router User Manual e Timeout The timeout period for reaching the authentication server e Retries The number of retries to authenticate with the authentication server after which the DSR stops trying to reach the server Figure 100 SSLVPN Settings VPN SSL VPN Portal Layouts Q 3 The table lists the SSL portal layouts configured for this device and allows several operations on the portal layouts The router allows you to create a custom page for remote SSL VPN users that is presented upon authentication Login instructions available services and other usage details that are specific to a domain are useful to present on the authentication portal Portals are assigned to the user domain SSL VPN Portal Layouts List Show 10 v entries Right click on record to get more options Q inane SSLVPN 0 https 0 0
297. ompliance requirements please follow operation instruction as documented in this manual This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range Europe EU Declaration of Conformity This device complies with the essential requirements of the R amp TTE Directive 1999 5 EC The following test methods have been applied in order to prove presumption of conformity with the essential requirements of the R amp TTE Directive 1999 5 EC EN 60950 1 2006 A11 2009 Safety of information technology equipment EN 300 328 V1 7 1 2006 10 Electromagnetic compatibility and Radio spectrum Matters ERM Wideband transmission systems Data transmission equipment operating in the 2 4 GHz ISM band and using wide band modulation techniques Harmonized EN covering essential requirements under article 3 2 of the R amp TTE Directive EN 301 893 1 V1 5 1 2008 12 Broadband Radio Access Networks BRAN 5 GHz high performance RLAN Harmonized EN covering essential requirements of article 3 2 of the R amp T TE Directive EN 301 489 17 V1 3 2 2008 04 and EN 301 489 1 V1 8 1 2008 04 Electromagnetic compatibility and Radio spectrum Matters ERM Electro Magnetic Compatibility EMC standard for radio equipment and services Part 17 Specific conditions for 2 4 GHz wideband transmission systems and 5 GHz high performance RLAN equipment This device is a 2 4 GHz wideband transmission system transceiver intended for use in
298. ond to the router s advertisements and thereby don t require corresponding application port forwarding rules to be configured UPnP UPnP Setup Activate UPnP Advertisement Period Range 1 86400 Seconds Advertisement Time To Live Range 1 255 Hops Save Cancel UPnP Port Map List Show entries No right click options a No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last gt UPnP Port map Table The UPnP Port map Table has the details of UPnP devices that respond to the router s advertisements The following information is displayed for each detected device e Active A yes no indicating whether the port of the UPnP device that established a connection is currently active e Protocol The network protocol i e HTTP FTP etc used by the DSR e Int Port Internal Port The internal ports opened by UPnP if any e Ext Port External Port The external ports opened by UPnP if any e IP Address The IP address of the UPnP device detected by this router Click Refresh to refresh the portmap table and search for any new UPnP devices 2 5 Captive Portal LAN users can gain internet access via web portal authentication with the DSR Also referred to as Run Time Authentication a Captive Portal is ideal for a web caf scenario where users initiate HTTP connection requests for web access but are not interested in accessing any LAN services Firewall policies un
299. one to one NAT settings with s private start IP Deleting forward one to one NAT having setting s private start Disabling attack check for Block ping to WAN interface Disabling attack check for Stealth mode for tcp Disabling attack check for Stealth mode for udp Disabling attack check for TCP Flood DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Eo User Manual sqlite3QueryResGet failed Query s ERROR Error in executing DB update handler ERROR unable to open the DB file s ERROR umilnit failed ERROR unable to register to UMI ERROR short DB update event request ERROR short ifDev event request ERROR sqlite3_mprintf failed ERROR s failed status d ERROR Disable all NAT rules DEBUG Enable all NAT rules DEBUG Enabling NAT URL filter rules DEBUG Restarting all NAT rules DEBUG Deleting schedule based firewall rules DEBUG Deleting schedule based firewall rules from DB DEBUG Update schedule based firewall rules in DB DEBUG Restart schedule based firewall rules DEBUG inter vlan routing enabled DEBUG inter vlan routing disabled DEBUG Disabling Content Filter for d DEBUG Enabling Content Filter for d DEBUG src firewall linux user firewalld c 59 undef ADP_DEBUG2 DEBUG src fire
300. onnecting a network of hosts to an ISP without the ISP having to manage the allocation of IP addresses Point to Point Tunneling Protocol Protocol for creation of VPNs for the secure transfer of data from remote clients to private servers over the Internet Remote Authentication Dial In User Service Protocol for remote user authentication and accounting Provides centralized management of usernames and passwords Rivest Shamir Adleman Public key encryption algorithm Transmission Control Protocol Protocol for transmitting data over the Internet with guaranteed reliability and in order delivery User Data Protocol Protocol for transmitting data over the Internet quickly but with no guarantee of reliability or in order delivery Virtual private network Network that enables IP traffic to travel securely over a public TCP IP network by encrypting all traffic from one network to another Uses tunneling to encrypt all information at the IP level Windows Internet Name Service Service for name resolution Allows clients on different IP subnets to dynamically resolve addresses register themselves and browse the network without sending broadcasts IKE Extended Authentication Method based on the IKE protocol for authenticating not just devices which IKE authenticates but also users User authentication is performed after device authentication and before IPsec negotiation 241 Unified Services Router User Manual 242 Appendi
301. ontent Filtering DEBUG Enabling NAT based Firewall Rules DEBUG Deleting rule port triggering for protocol Setting transparent mode for TCP DEBUG pLogicallfName DEBUG Deleting rule port triggering for protocol UDP DEBUG Enabling Accept for INPUT DEBUG Deleting rule port triggering for protocol TCP DEBUG Enabling Accept for FORWARD DEBUG Deleting rule port triggering for protocol Setting Routing mode for UDP DEBUG pLogicallfName DEBUG Enabling rule port triggering for protocol TCP DEBUG Enabling DROP for INPUT DEBUG Enabling rule port triggering for protocol UDP DEBUG Enabling DROP for FORWARD DEBUG Enabling rule port triggering for protocol TCP DEBUG Disabling NAT based Firewall Rules DEBUG Enabling rule port triggering for Enabling Firewall Rules for URL protocol UDP DEBUG Filtering amp DEBUG 266 Unified Services Router User Manual Enabling DNS proxy DEBUG Adding Firewall Rule for RIP Protocol DEBUG Restarting Schedule Based Firewall Restarting DNS proxy DEBUG Rules DEBUG enabling IPS checks between s and checking DNS proxy for Secure zone DEBUG s zones DEBUG disabling IPS checks between s and checking DNS proxy for Public zone DEBUG s zones DEBUG Enabling Block traffic from s zone DEBUG Stopping IPS s DEBUG Configuring firewall session settings for i DEBUG IPS started DEBUG Disabling DMZ DEB
302. ontinued Traffic Information CPU Utilization User Manual Memory Utilization 100000 O Used 75000 50000 Free E B i o 844964082023892 5540 m Buffers Total Memory 154748 MB Incoming 5245 Outgoing 7517 Dropped Incoming 0 Dropped Outgoing 0 Active Information ICMP Recieved Available VLANs Active Interfaces Figure 155 Resource Utilization data continued Traffic Information Incoming 15014 Outgoing 17682 Dropped Incoming 0 Dropped Outgoing 0 Active Information ICMP Recieved Available VLANs Active Interfaces 0 226 Unified Services Router User Manual 10 2 Traffic Statistics 10 2 1 Wired Port Statistics Status gt Network Information gt Device Statistics Detailed transmit and receive statistics for each physical port are presented here Each interface WANI WAN2 DMZ LAN and VLANs have port specific packet level information provided for review Transmitted received packets port collisions and the cumulating bytes sec for transmit receive directions are provided for each interface along with the port up time If you suspect issues with any of the wired ports this table will help diagnose uptime or transmit level issues with the port The statistics table has auto refresh control which allows display of the most current port level data at each page refresh The default auto refresh for this page is 10 seconds Figure 156 Physical port statistics Status
303. ook DEBUG lp _nat_init can t register local out hook DEBUG ip_nat_init can t register local in hook DEBUG lpt_hook happy cracking DEBUG lp_conntrack can t register pre routing defrag hook DEBUG ip_conntrack can t register local_ out defrag hook DEBUG lp_conntrack can t register pre routing hook DEBUG lp_conntrack can t register local out hook DEBUG ip_conntrack can t register local in helper hook DEBUG ip_conntrack can t register postrouting helper hook DEBUG ip_conntrack can t register post routing hook DEBUG ip_conntrack can t register local in hook DEBUG ip_conntrack can t register to sysctl DEBUG lp_conntrack_rtsp v IP_NF_RTSP_VERSION loading DEBUG ip_conntrack_rtsp max_outstanding must be a positive integer DEBUG ip_conntrack_rtsp setup_ timeout must be a positive integer DEBUG ip_conntrack_rtsp ERROR registering port d ports i DEBUG ip_nat_rtsp v IP_NF_RTSP_VERSION loading DEBUG s Sorry Cannot find this match option FILE _ DEBUG ipt_time loading DEBUG ipt_time unloaded DEBUG ip_conntrack_irc max_dcc_channels must be a positive integer DEBUG io_conntrack_irc ERROR registering port d DEBUG move data from NORMAL to XR moved d buffers from NORMAL to XR index move buffers from XR to NORMAL moved d buffers from XR to NORMAL count S d S FILE LINE _ _ func S d s FILE LINE _ func s no buffer s dev gt name _ func __ s no skbuff
304. or LAN WAN PPTP client connections e L2TP server for LAN WAN L2TP client connections Figure 82 Example of Gateway to Gateway IPsec VPN tunnel using two DSR routers connected to the Internet i 5 as yN Internet J Outside as Outside 209 165 200 226 209 165 200 236 Site A Site B DSR DSR Inside 10 20 20 90 Inside 10 10 10 0 Printer e Personal Personal computers computers a eene eee eeeaeeeeeneeeaeeneee ee 82 2 ee 88 ee OL ON tt lO ee ee a a ee ee ae ae ee ee ee eer er er er er re er er re er er ee ee 137 Unified Services Router User Manual Figure 83 Example of three IPsec client connections to the internal network through the DSR IPsec gateway DNS Server 10 10 10 163 Personal Computer pi ee Using VPN Software Client H Internal Inside wag Outside E intemet a network f 10 10 10 0 masas k J hte A L Personal Computer Using VPN Software Client WINS Server 10 10 10 133 Personal Computer Using VPN Software Client 6 1 VPN Wizard Setup gt Wizard gt VPN Wizard You can use the VPN wizard to quickly create both IKE and VPN policies Once the IKE or VPN policy is created you can modify it as required 138 Unified Services Router Figure 84 VPN Wizard launch screen Wizards User Manual Internet Connection Wizard This wizard will guide you in connecting your new D Link Unified Services Router to the Internet Run
305. ort Access 1 1 Ports Access 1 1 Port4 Access 1 1 Forth Access 1 1 Port Access 1 1 Port Access 1 1 Showing 1 to 8 of 8 entries Wireless VLANs List a r AutoTest Access 1 1 Showine 1 to 1 of 1 entries e In Access mode the port is a member of a single VLAN and only one All data going into and out of the port is untagged Traffic through a port in access mode looks like any other Ethernet frame e In Trunk mode the port is a member of a user selectable set of VLANs All data going into and out of the port is tagged Untagged coming into the port is not forwarded except for the default VLAN with PVID 1 which is untagged Trunk ports multiplex traffic for multiple VLANs over the same physical link e Select PVID for the port when the General mode is selected e Configured VLAN memberships will be displayed on the VLAN Membership Configuration for the port By selecting one more VLAN membership options for a General or Trunk port traffic can be routed between the selected VLAN membership IDs 29 Unified Services Router User Manual xW The DSR 150 150N does not support General mode for port VLANs due to hardware limitations Figure 10 Configuring VLAN membership for a port Network Network VLAN Port VLAN Qe e This page allows user to configure the port VLANs A user can choose ports and can add them into a VLAN In order to tag all traffic through a specific LAN port with a VLAN ID you can associate
306. ove configured failure detection method e Failover after This sets the number of retries after which failover is initiated ec DSR 1000 DSR 1000N DSR 500 DSR 500N DSR 250 DSR 250N DSR 150 and DSR 150N support 3G USB Modem as a failover link when the internet access is lost Load Balancing This feature allows you to use multiple WAN links and presumably multiple ISP s simultaneously After configuring more than one WAN port the load balancing option is available to carry traffic over more than one link Protocol bindings are used to segregate and assign services over one WAN port in order to manage internet flow The configured failure detection method is used at regular intervals on all configured WAN ports when in Load Balancing mode DSR currently support three algorithms for Load Balancing Round Robin This algorithm is particularly useful when the connection speed of one WAN port greatly differs from another In this case you can define protocol bindings to route low latency services such as VOIP over the higher speed link and let low volume background traffic such as SMTP go over the lower speed link Protocol binding is explained in next section Spillover If Spillover method is selected the primary WAN acts as a dedicated link until a defined bandwidth threshold are reached After this the secondary WAN will be used for new connections Inbound connections on the secondary WAN are permitted with this mode as the sp
307. own loctl Case DEBUG host u u u u if ed ignores Register Dump for Port martian destination u u u u ARNIN Number d port DEBUG from ARNIN data x regNamefj s Read Status s DEBUG martian source u u u u from ARNIN data x regNamefjj DEBUG Il header powerDevicelnit device registration ARNIN failed DEBUG uU uU uU u sent an invalid ICMP ARNIN powerDevicelnit adding device failed DEBUG dst cache overflow s Error Big jump in pn number ARNIN TID d from x x to X x s The MIC is corrupted Drop this s Read Status s ARNIN DEBUG Neighbour table overflow frame func __ DEBUG host u u u u if ed ignores s The MIC is OK Still use this frame martian destination u u u u ARNIN and update PN _ func __ DEBUG from ADDBA send failed recipient is not a ARNIN 11n node DEBUG martian source uU u u u from ARNIN Cannot Set Rate x value DEBUG Il header Getting Rate Series x vap ARNIN gt iv_fixed_rate series DEBUG u uU uU uU sent an invalid ICMP Getting Retry Series x vap ARNIN gt iv_fixed_rate retries DEBUG dst cache overflow ARNIN IC Name S ic gt ic_dev gt name DEBUG Neighbour table overflow usage rtparams rt_idx lt 0 1 gt per ARNIN lt 0 100 gt probe _intval lt 0 100 gt ARNIN DEBUG host u uU u u if d ignores usage acparams ac lt 0 3 gt RTS lt 0 1 gt aggr scaling lt 0
308. p To retrieve the IP address of a Web FTP Mail or any other server on the Internet type the Internet Name in the text box and click Lookup If the host or domain entry exists you will see a response with the IP address A message stating Unknown Host indicates that the specified Internet Name does not exist eX This feature assumes there is internet access available on the WAN link s 9 10 4 Router Options The static and dynamic routes configured on this router can be shown by clicking Display for the corresponding routing table Clicking the Packet Trace button will allow the router to capture and display traffic through the DSR between the LAN and WAN interface as well This information is often very useful in debugging traffic and routing issues 220 Unified Services Router User Manual 9 11 Localization Maintenance gt Administration gt Set Language The router GUI displays content in English by default The package manager feature has to be enabled so that the appropriate language of the installed language package is shown The user must configure the package manager feature under Advanced settings first in order to install a language package Figure 150 Localization or Maintenance Coe Maintenance Administration Set Language Please install drivers for languages in packagemanager This page shows the list of available languages Language Settings 221 Unified Services Router Use
309. policy pair required to establish an Auto IPsec VPN tunnel The IP addresses of the machine or machines on the two VPN endpoints are configured here along with the policy parameters required to secure the tunnel 143 Unified Services Router User Manual Figure 86 IPsec policy configuration continued Auto policy via IKE IPSec Policy Configuration x Phasel IKE SA Parameters Exchange Mode Direction Type Nat Traversal NAT Keep Alive Frequency 0 Seconds Local Identifier Type Local Wan IP ha m o 4 4 a Remote Identifier Type Remote Wan IP Encryption Algorithm DES or 3DES m AES 128 on AES 192 o AES 256 en BLOWFISH i oF aremann OOOO hi save A Manual policy does not use IKE and instead relies on manual keying to exchange authentication parameters between the two IPsec hosts The incoming and outgoing security parameter index SPI values must be mirrored on the remote tunnel endpoint As well the encryption and integrity algorithms and keys must match on the remote IPsec host exactly in order for the tunnel to establish successfully Note that using Auto policies with IKE are preferred as in some Psec implementations the SPI security parameter index values require conversion at each endpoint DSR supports VPN roll over feature This means that policies configured on primary WAN will rollover to the secondary WAN in case of a link failure on a primary WAN This feature can
310. ports DEBUG dev gt name DEBUG Could not find Board Configuration ip_nat_h323 out of TCP ports DEBUG Data DEBUG Could not find Radio Configuration ip_nat_q931 out of TCP ports DEBUG data DEBUG ath_ahb No devices found driver not ip_nat_ras out of TCP ports DEBUG installed DEBUG ip_nat_q931 out of TCP ports DEBUG fmt VA ARGS _ DEBUG io_conntrack core Frag of proto u DEBUG fmt VA ARGS _ DEBUG xlr8NatlpFinishOutput Err skb2 Broadcast packet DEBUG NULL DEBUG Should beast u u u u xlr8NatSoftCtxEnqueue Calling gt uU U U U Sk p ptype u DEBUG xlir8NatlpFinishOutput status DEBUG xlr8NatSoftCtxEnqueue ip_conntrack version s u buckets xlr8NatlpFinishOutput returned d max DEBUG d status DEBUG ERROR registering port d DEBUG icmpExceptionHandler Exception DEBUG netfilter PSD loaded c astaro AG DEBUG fragExceptionHandler Exception DEBUG netfilter PSD unloaded c astaro AG DEBUG algExceptionHandler Exception DEBUG S SELF DEBUG dnsExceptionHandler Exception DEBUG s LAN DEBUG IPsecExceptionHandler Exception DEBUG ESP Packet Src x Dest x Sport d dport d secure d spi d s WAN DEBUG isr p DEBUG xlr8NatConntrackPreHook We found TRUNCATED DEBUG the valid context DEBUG SRC u uU u u xlr8NatConntrackPreHook Not a DST u u uU u DEBUG secured pack
311. r s ERROR nimfLinkStatusGetErr returning with status d DEBUG Failed to call ddns enable ERROR nimfAdvOptSetWrap current Mac Option d DEBUG ddns SQL error s ERROR nimfAdvOptSetWrap current Port Speed Option d DEBUG sqlite3QueryResGet failed Query s ERROR nimfAdvOptSetWrap current Mtu Option d DEBUG Failed to call ddns enable ERROR nimfAdvOptSetWrap looks like we are reconnecting DEBUG ddns SQL error s ERROR nimfAdvOptSetWrap Mtu Size d DEBUG ddnsDisable failed ERROR nimfAdvOptSetWrap NIMF table is s DEBUG ddns SQL error s ERROR nimfAdvOptSetWrap WAN_MODE TRIGGER DEBUG sqlite3QueryResGet failed Query s ERROR nimfAdvOptSetWrap MTU d DEBUG Failed to call ddns enable ERROR nimfAdvOptSetWrap MacAddress s DEBUG ddns SQL error s ERROR nimfAdvOptSetWrap old Mtu Flag d DEBUG ddnsDisable failed ERROR 245 Unified Services Router nimfAdvOptSetWrap user has changed MTU option nimfAdvOptSetWrap MTU d nimfAdvOptSetWrap old MTU size d nimfAdvOptSetWrap old Port Speed Option d nimfAdvOptSetWrap old Mac Address Option d nimfAdvOptSetWrap MacAddress s Setting LED d d For s l2toEnable command string s nimfAdvOptSetWrap handling reboot scenario nimfAdvOptSetWrap INDICATOR d nimfAdvOptSetWrap UpdateFlag d nimfAdvOptSetWrap returning with status s nimfGetUpdateMacFlag MacTable Flag IS d nimfMacGet Mac Option changed d YS S
312. r u ranges DNAT wrong table s tablename DNAT hook mask 0x x bad hook _ mask S d resetting MPPC MPPE compressor DEBUG DEBUG DEBUG DEBUG DEBUG S VSVS d gt S d NS DEBUG S VSVS d WS DEBUG s Failed to add WDS MAC s dev gt name DEBUG s Device already has WDS mac address attached DEBUG s Added WDS MAC s dev gt name DEBUG 278 Unified Services Router S d wrong offset value d S d wrong length of match value d S d too big offset value d S d cannot decode offset value S d wrong length code 0x xX S d short packet len d __ FUNCTION _ S d bad sequence number d expected d S d bad sequence number d expected d PPPIOCDETACH file gt f_count d PPP outbound frame not passed PPP VJ decompression error PPP inbound frame not passed PPP reconstructed packet PPP no memory for missed pkts u u S d resetting MPPC MPPE compressor S d wrong offset value d S d wrong length of match value d S d too big offset value d S d cannot decode offset value S d wrong length code 0x X S d short packet len d _ FUNCTION _ S d bad sequence number d expected d S d bad sequence number d expected d PPPIOCDETACH file gt f_count d PPP outbound frame not passed PPP VJ decompression error PPP inbound frame not passed PPP reconstructed packet PPP no memo
313. r ERROR adpEncryptinit RC4 failed ERROR pnacAuthBuildRC4KeyDesc WPS method cannot be NULL ERROR adpCipherContextCtrl ERROR PIN value length should be a multiple of onacDot1 1 UserSet incorrect buffer 4 ERROR length ERROR Failed to initiate PIN based association PIN s ERROR PNAC user component id not set ERROR Failed to initiate PBC based enrolle pnacKeyInfoGet failed to allocate association ERROR buffer ERROR Invalid association mode Allowed PNAC user comp id not set dropping modes PIN PBC ERROR EAPOL key pkt ERROR pnacUmiPortPaeParamSet invalid wpsEnable running wsccmd failed ERROR buffer received ERROR Failed to send QUIT command to WSC Error from pnacRecvASInfoMessage from DOT11 ERROR ERROR Failed to clear off the WPS process ERROR pnacRecvASInfoMessage ERROR pnacRecvASInfoMessage Bad info missing profile name ERROR length ERROR A profile exists with the same name ERROR Error from pnacLibInit malloc failed ERROR Error in allocating memory for profile ERROR could not create phy ports lock ERROR missing profile name ERROR could not create nodes ports lock ERROR missing profile name ERROR port exists for iface s ERROR Profile name and interface name must be specified ERROR pnacPhyPortCreate failed ERROR Profile s does not exist ERROR kpnacPhyPortCreate failed ERROR 275 Unified Services Router User Manual Could not set profile s on the int
314. r Internet Name is determined when a connection request is received from a client e Local Gateway Type identify this router s endpoint of the tunnel by FQDN or static IP address e Local WAN IP address FQDN This field can be left blank if you are not using a different FQDN or IP address than the one specified in the WAN port s configuration 139 Unified Services Router User Manual 3 Configure the Secure Connection Remote Accessibility fields to identify the remote network e Remote LAN IP address address of the LAN behind the peer gateway e Remote LAN Subnet Mask the subnet mask of the LAN behind the peer ex Note The IP address range used on the remote LAN must be different from the IP address range used on the local LAN 4 Review the settings and click Connect to establish the tunnel The Wizard will create an Auto IPsec policy with the following default values for a VPN Client or Gateway policy these can be accessed from a link on the Wizard page W The VPN Wizard is the recommended method to set up an Auto IPsec policy Once the Wizard creates the matching IKE and VPN policies required by the Auto policy one can modify the required fields through the edit link Refer to the online help for details Easy Setup Site to Site VPN Tunnel If you find it difficult to configure VPN policies through VPN wizard use easy setup site to site VPN tunnel This will add VPN policies by importing a file containing VPN
315. r Manual Chapter 10 Router Status and Statistics 10 1 System Overview The Status page allows you to get a detailed overview of the system configuration The settings for the wired and wireless interfaces are displayed in the DSR Status page and then the resulting hardware resource and router usage details are summarized on the router s Dashboard 10 1 1 Device Status Status gt System Information gt Device gt System The DSR Status page gives a summary of the router configuration settings configured in the Setup and Advanced menus The static hardware serial number and current firmware version are presented in the General section The WAN and LAN interface information shown on this page are based on the administrator configuration parameters The radio band and channel settings are presented below along with all configured and active APs that are enabled on this router 222 Unified Services Router User Manual Figure 151 Device Status display Status Status System Information Device System Wireless Dedicated WAN Rollover WAN All of your Internet and network connection details are displayed on the Device Status page The firmware version and hardware serial number is also displayed here System Information General System Name DSR 250N Firmware Version 2 00_WW Hardware Version Al Serial Number QBDT123456789 Status Status System Information Device LAN Q j d te
316. r available at the ISP rather ICMPv6 discover messages will originate from this gateway and will be used for auto configuration A third option to specify the IP address and prefix length of a preferred DHCPV6 server is available as well Figure 27 IPv6 WAN Setup page Network Network IPv6 WAN Settings IPv6 Mode is not enabled This page allows user to IPv6 related Option configurations This router can have a static IPv6 address or receive connection information when configured as a DHCPv6 client or connect to ISP using username and password PPPoE The DHCPv6 client on the gateway can be either stateless or stateful If a stateful client is selected the gateway will connect to the ISP s DHCP v6 server for a leased address For stateless DHCP there need not be a DHCPv6 server available at the ISP rather ICMPv6 discover messages will originate from this gateway and will be used for auto configuration IPv6 Wan Settings Pv WAN Setup Connection Type DHCPV6 DHCP v6 DHCP Auto Configuration Stateless Address O Stateful Address Prefix Delegation C a Prefix Delegation Select this option to request router advertisement prefix from any available DHCPv6 servers available on the ISP the obtained prefix is updated to the advertised prefixes on the LAN side This option can be selected only in Stateless Address Auto Configuration mode of DHCPv6 Client When IPv6 is PPPoE type the following PPPoE fields
317. ra que este tipo de equipamento est conforme com os Portuguese requisitos essenciais e outras disposi es da Directiva 1999 5 CE l Slovensko Ime proizvajalca izjavlja da je ta tip opreme v skladu z bistvenimi zahtevami in ostalimi Slovenian relevantnimi dolo ili direktive 1999 5 ES Slovensky Meno v robcu t mto vyhlasuje ze typ zariadenia sp a z kladn po iadavky a v etky Slovak pr slu n ustanovenia Smernice 1999 5 ES ti Suomi Valmistaja manufacturer vakuuttaa t ten ett type of equipment laitteen Finnish tyyppimerkint tyyppinen laite on direktiivin 1999 5 EY oleellisten vaatimusten ja sit koskevien direktiivin muiden ehtojen mukainen Svenska H rmed intygar f retag att denna utrustningstyp st r verensst mmelse med de Swedish v sentliga egenskapskrav och vriga relevanta best mmelser som framg r av direktiv 1999 5 EG Industry Canada statement This device complies with RSS 210 of the Industry Canada Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation Ce dispositif est conforme la norme CNR 210 d industrie Canada applicable aux appareils radio exempts de licence Son fonctionnement est sujet aux deux conditions suivantes 1 le dispositif ne doit pas produire de brouillage pr
318. rd Wireless Profiles Wireless gt General gt Profiles The profile allows you to assign the security type encryption and authentication to use when connecting the AP to a wireless client The default mode is open i e no security This mode is insecure as it allows any compatible wireless clients to connect to an AP configured with this security profile To create a new profile use a unique profile name to identify the combination of settings Configure a unique SSID that will be the identifier used by the clients to communicate to the AP using this profile By choosing to broadcast the SSID compatible wireless clients within range of the AP can detect this profile s availability The AP offers all advanced 802 11 security modes including WEP WPA WPA2 and WPA WPA2 options The security of the Access point is configured by the Wireless Security Type section Open select this option to create a public open network to allow unauthenticated devices to access this wireless gateway WEP Wired Equivalent Privacy this option requires a static pre shared key to be shared between the AP and wireless client Note that WEP does not support 802 11n data rates is it appropriate for legacy 802 11 connections WPA Wi Fi Protected Access For stronger wireless security than WEP choose this option The encryption for WPA will use TKIP and also CCMP if required The authentication can be a pre shared key PSK Enterprise
319. rdance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures e Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation This transmitter must not be co located or operating in conjunction with any other antenna or transmitter The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm from
320. re your wireless network e Types of devices expected to access the wireless network and their supported Wi Fi modes e The router s geographical region e The security settings to use for securing the wireless network eX Profiles may be thought of as a grouping of AP parameters that can then be applied to not just one but multiple AP instances SSIDs thus avoiding duplication if the same parameters are to be used on multiple AP instances or SSIDs Wireless Settings Wizard Setup gt Wizard gt Wireless Settings The Wireless Network Setup Wizard is available for users new to networking By going through a few straightforward configuration pages you can enable a Wi Fi network on your LAN and allow supported 802 11 clients to connect to the configured Access Point 86 Unified Services Router User Manual Figure 49 Wireless Network Setup Wizards Wizards Internet Connection Wizard Security Wizard This wizard will guide you in connecting This wizard will guide you in configuring your new D Link Unified Sernices Router to default Outbound Policy VPM Passthrough the Internet and VPN Network Settings Wireless Wizard Users Wizard This wizard will guide you through common This Wizard guides you in creating a new and easy steps to configure your routers user wireless interface Dynamic DNS Wizard Date and Time Wizard This Wizard helps in configunne Dynamic DNS This Wizard helps you in configuring Date WAN 1 or WA
321. received on the interface By enabling Inter VLAN Routing you will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other configured VLAN IDs that have Inter VLAN Routing enabled 26 Unified Services Router User Manual Figure 8 Adding VLAN memberships to the LAN Network Network VLAN VLAN Settings i 2 The router supports virtual network isolation on the LAN with the use of VLANs LAN devices can be configured to communicate in a subnetwork defined by VLAN identifiers VLAN Configuration Vlan Enable on VLAN List Show entries Right click on record to get more options ag Default 1 192 168 50 1 259 299 295 0 E A sop First Previous 1 Next gt Last 5 Add New VLAN WLAN ID Default 1 Range 2 4093 Name O Activate Inter VLAN C T Rou ting Multi VLAN Subnet DHCP DHCP Mode None O DHCP Server DHCP Relay LAN Proxy Enable DNS Proxy Save 2 2 1 Associating VLANs to ports 2 Unified Services Router User Manual In order to tag all traffic through a specific LAN port with a VLAN ID you can associate a VLAN to a physical port Network gt VLAN gt Port VLAN VLAN membership properties for the LAN and wireless LAN are listed on this page The VLAN Port table displays the port identifier the mode setting for that port and VLAN membership information The configuration page is accessed by selecting one of the four physical
322. red System MAC Address 00 19 21 68 50 04 Save Cancel WDS Peer MAC Address List Show entries Right click on record to get more options a No data available in table Showing 0 to 0 of 0 entries First Add New WDS Previous Next Last ex This feature is only guaranteed to work only between devices of the same type i e using the same chipset driver For example between two DSR250N boxes or between two DSRIOOON It should also interoperate between a DSR 1000N and DSR 500 N boxes since they are based on the same chipset driver When the user enables the WDS links use the same security configuration as the default access point The WDS links do not have true WPA WPA2 support as in there is no WPA key handshake performed Instead the Session Key to be used with a WDS Peer is computed using a hashing function similar to the one used for computing a WPA PMK The inputs to this function are a PSK configurable by an administrator from the WDS page and an internal magic string non configurable In effect the WDS links use TKIP AES encryption depending on the encryption configured for the default AP In case the default AP uses mixed encryption TKIP AES The WDS link will use the AES encryption scheme 100 Unified Services Router User Manual 4 7 ex For a WDS link to function properly the Radio settings on the WDS peers have to be the same The WDS page would consist of two sections The first section p
323. resses from configured address pools with the IPv6 Prefix Length assigned to the LAN es IPv4 IPv6 mode must be enabled in the Advanced gt IPv6 gt IP mode to enable IPv6 configuration options 19 Unified Services Router User Manual LAN Settings The default IPv6 LAN address for the router is fec0 1 You can change this 128 bit IPv6 address based on your network requirements The other field that defines the LAN settings for the router is the prefix length The IPv6 network subnet is identified by the initial bits of the address called the prefix By default this is 64 bits long All hosts in the network have common initial bits for their IPv6 address the number of common initial bits in the network s addresses is set by the prefix length field Figure 5 IPv6 LAN and DHCPv6 configuration Network Network Pv LAN Settings IPyv LAN Settings 9 IPv6 Mode is not enabled IPv6 LAN Settings IPv6 Address Pools Prefixes for Prefix Delegation Router Advertisement Advertisement Prefixes This page allows user to IPv related LAN configurations The IPv6 address is 128 bits with a default 64 bit prefix that defines the network and is common among all LAN hosts Changes here affect all devices connected to the router s LAN switch Note that a change to the defaul LAN IP address will require all LAN hosts to be in the same network prefix and use the new address to access this GUI IPv6 LAN Se
324. rmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures e Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation RSS GEN 7 1 4 User Manual for Transmitters with Detachable Antennas The user manual of transmitter devices equipped with detachable antennas shall contain the followi
325. router connects to the RADIUS server 6 2 2 Internet over IPsec tunnel In this feature all the traffic will pass through the VPN Tunnel and from the Remote Gateway the packet will be routed to Internet On the remote gateway side the outgoing packet will be SNAT ed 145 Unified Services Router User Manual 6 3 6 4 6 4 1 Configuring VPN clients Remote VPN clients must be configured with the same VPN policy parameters used in the VPN tunnel that the client wishes to use encryption authentication life time and PFS key group Upon establishing these authentication parameters the VPN Client user database must also be populated with an account to give a user access to the tunnel xW VPN client software is required to establish a VPN tunnel between the router and remote endpoint Open source software such as OpenVPN or Openswan as well as Microsoft IPsec VPN software can be configured with the required IKE policy parameters to establish an IPsec VPN tunnel Refer to the client software guide for detailed instructions on setup as well as the router s online help The user database contains the list of VPN user accounts that are authorized to use a given VPN tunnel Alternatively VPN tunnel users can be authenticated using a configured RADIUS database Refer to the online help to determine how to populate the user database and or configure RADIUS authentication PPTP L2TP Tunnels This router supports VPN tunnels from either
326. rovides general WDS settings shared by all its WDS peers WDS Enable This would be a check box WDS Encryption Displays the type of encryption used It could be one of OPEN 64 bit WEP 128 bit WEP TKIP AES Use the term being used throughout the box i e either CCMP or AES WDS Passphrase This is required if the encryption selected is TKIP CCMP We would expect it to be within 8 63 ASCII characters In the WDS configuration page this field is mandatory and has to be same on the two WDS peers when the security is configured in TKIP AES mode The WDS links use this as the PSK for the connection DUT s Mac Address This would be the mac address of this box This should be configured in the peer s WDS configuration page to be able to establish a WDS link with this box This field in the WDS Configuration section displays the device s mac address which needs to be specified on the WDS peer for making a connection to this device Similarly the WDS peers MAC address will have to be specified on this device for the WDS link to be established between the two devices The second section will have the list of configured WDS peers with buttons to Add Delete Peer entries We support up to a maximum of 4 WDS links per box ex The both devices need to have same wireless settings wireless mode encryption authentication method WDS passphrase WDS MAC address and wireless SSID when we configure WDS features in DSR router The Add WDS Peer sectio
327. rver Client Certificate Browse and upload the pem formatted Server Client Certificate 155 Unified Services Router User Manual Server Client Key Browse and upload the pem formatted Server Client Key DH Key Browse and upload the pem formatted Diffie Hellman Key TLS Authentication Key Browse and upload the pem formatted TLS Authentication Key 156 Chapter 7 SSL VPN The router provides an intrinsic SSL VPN feature as an alternate to the standard IPsec VPN SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre installed VPN client on the remote host Instead users can securely login through the SSL User Portal using a standard web browser and receive access to configured network resources within the corporate LAN The router supports multiple concurrent sessions to allow remote users to access the LAN over an encrypted link through a customizable user portal interface and each SSL VPN user can be assigned unique privileges and network resource access levels The remote user can be provided different options for SSL service through this router VPN Tunnel The remote user s SSL enabled browser is used in place of a VPN client on the remote host to establish a secure VPN tunnel A SSL VPN client Active X or Java based is installed in the remote host to allow the client to join the corporate LAN with pre configured access policy privileges At this point a virtual network interface is created on the user
328. rvices Router User Manual 3 5 7 ISATAP Tunnels Network gt IPv6 gt ISATAP Tunnels ISATAP Intra Site Automatic Tunnel Addressing Protocol is an IPv6 transition mechanism meant to transmit IPv6 packets between dual stack nodes on top of an IPv4 network ISATAP specifies an IPv6 IPv4 compatibility address format as well as a means for site border router discovery ISATAP also specifies the operation of IPv6 over a specific link layer that being IPv4 used as a link layer for IPv6 80 Unified Services Router User Manual Figure 46 ISATAP Tunnels Configuration Network Network IPv6 ISATAP Tunnels IPv6 Mode is not enabled This page shows the list of available ISATAP tunnels A user can also add delete and edit ISATAP tunnels from this page ISATAP is available to provide connectivity between IPv6 nodes within the LAN as it treats the IPv4 network as a single IPv6 local link ISATAP Tunnels List Show entries Right click on record to get more options l 2 Mo data available in table Showing 0 to 0 of 0 entries First Previous Next 9 Last Add New ISATAP Tunnel ISATAP Tunnels Contiguration E End Point Address LAN Other IP Save ISATAP Subnet Prefix This is the 64 bit subnet prefix that is assigned to the logical ISATAP subnet for this intranet This can be obtained from your ISP or internet registry or derived from RFC 4193 End Point Address
329. ry for missed pkts u u s INC USE COUNT now d __ FUNCTION _ mod_use_ count s DEC USE COUNT now d __ FUNCTION _ mod_use_ count PPPOL2TP s _ fmt DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG s WDS MAC address s is not known by this interface madwifi s Not enough space _ FUNCTION _ E to chan d ieeeChan E w AES_CCM TKIP S Cannot map channel to mode freq u flags 0x x S S vap gt iv_dev gt name buf S Ys S vap gt iv_dev gt name S Ys S vap gt iv_dev gt name ether_sprintf mac buf s s discard s frame S vap gt iv_dev gt name s s discard frame s vap gt iv_dev gt name Y os s discard s information element s WS Y s s discard s frame S vap gt iv_dev gt name sS s discard frame s vap gt iv_dev gt name ifmedia_add null ifm Adding entry for ifmedia_set no match for 0x x 0x x ifmedia_set setting to ifmedia_ioctl no media found for Ox x ifmedia_ioctl switching s to dev gt name ifmedia_match multiple match for lt unknown type gt desc gt ifmt_string mode s desc gt ifmt_string lt unknown subtype gt S desc gt ifmt_string
330. s dev gt name _ func s HAL qnum u out of range max ul grppoll_ start grppoll Buf allocation failed s HAL qnum u out of range max ul s AC u out of range max ul s unable to update hardware queue sS bogus frame type 0x x s dev gt name ath_stoprecv rx queue 0x x link p S S unable to reset channel u uU MHz S S unable to restart recv logic s unable to allocate channel table dev gt name s unable to allocate channel table dev gt name s unable to collect channel list from HAL R p llx 08x 08x 08x 08x 08xX 08x AoC T p llx 08x 08x 08x 08x 08x 08x 08x 08x AoC S no memory for sysctl table _ func __ s no memory for device name Storage func __ S failed to register sysctls sc gt sc_dev gt name S Mac d d phy d d dev gt name 5 GHz radio d d 2 GHz radio d d radio d d ah gt ah_analog5GhzRev gt gt 4 283 User Manual DEBUG Unified Services Router User Manual ip_nat_h323 radio d d ah io _nat_mangle_tcp_packet DEBUG gt ah_analog5GhzRev gt gt 4 DEBUG ip_nat_h323 lo _nat_mangle_udp_packet DEBUG s Use hw queue u for s traffic DEBUG s Use hw queue u for CAB traffic ip _nat_h323 out of expectations DEBUG dev gt name DEBUG s Use hw queue u for beacons ip_nat_h323 out of RTP
331. s and the browser message and background color header can be customized to identify the service provider for internet access 38 Unified Services Router User Manual Figure 17 Customized Captive Portal Setup Security Authentication Login Profiles 7 eo The table lists all the available Login Profiles in the system This Login page is used for authentication on Captive Portal enabled interfaces Login Profiles List SSLYPN default D link Unified Services Router default D link Unified Services Router Not In Use Add New Login Profile General Details Background Image Color oes o o o o Default Add Add Add Add Add Minimal Page for Mobile Devices Header Details Background Image Color 39 Unified Services Router User Manual Header Background Image Header Caption Caption Font Font Size Font Color Red Login Details Login Section Title Portal Login Welcome Message Error Message Footer Details Change Footer Content OFF 4 Security gt Firewall gt Blocked Clients Access for specific clients can be regulated by the Captive Portal as well The Block Client page allows one to define a MAC address that will always be denied access through all configured Captive Portals 40 Unified Services Router User Manual Figure 18 Blocking specific clients by their MAC address Security Firewall blockedClients Q9 6 This page shows
332. s available on the router for LAN and WAN PPTP client users to access Once the PPTP server is enabled PPTP clients that are within the range of configured IP addresses of allowed clients can reach the router s PPTP server Once authenticated by the PPTP server the tunnel endpoint PPTP clients have access to the network managed by the router The range of IP addresses allocated to PPTP clients can coincide with the LAN subnet As well the PPTP server will default to local PPTP user authentication but can be configured to employ an external authentication server should one be configured 147 Unified Services Router User Manual Figure 90 PPTP tunnel configuration PPTP Server VPN PPTP VPN Server Q o PPTP allows an external user to connect to your router through the internet This section allows you to enable disable PPTP server and define a range of IP addresses for clients connecting to your router The connected clients can function as if they are on your LAN they can communicate with LAN hosts access any servers present etc PPTP Server Server Setup Enable PPTP Server Enable IPv4 PPTP Routing Mode Nat W Classical Range of IP Addresses Allocated to PPTP Clients Starting IP Address Ending IP Address Authentication Database Authentication Local User Database Authentication Supported PAP CHAP MS CHAP MS CHAPv2 User Time out Idle TimeOut Range 300 1800 Seconds
333. s 3G modem support are supported in transparent mode assuming the LAN and WAN are configured to be in the same broadcast domain xW NAT routing has a feature called NAT Hair pinning that allows internal network users on the LAN and DMZ to access internal servers e g an internal FTP server using their externally known domain name This is also referred to as NAT loopback since LAN generated traffic is redirected through the firewall to reach LAN servers by their external name When Bridge Mode routing is enabled the first physical LAN port and secondary WAN DMZ port 2 interfaces are bridged together at Layer 2 creating an aggregate network The other LAN ports and the primary WAN WANLI are not part of this bridge and the router asks as a NAT device for these other ports With Bridge mode for the LAN port 1 and WAN2 DMZ interfaces L2 and L3 broadcast traffic as well as ARP RARP packets are passed through When WAN2 71 Unified Services Router User Manual receives tagged traffic the tag information will be removed before the packet is forwarded to the LAN port interface ex Bridge mode option is available on DSR 500 500N 1000 1000N products only Figure 39 Routing Mode to determine traffic routing between WAN and LAN Network Network Internet Routing i le This page allows user to configure different routing modes like NAT Classical Routing and Transparent The Routing mode determines how
334. s DEBUG variables to email the Logs ERROR restarting bridge DEBUG runSmtpClient failed ERROR switchConfig Ignoring event on port number d DEBUG getaddrinfo returned s ERROR IswitchConfig executing s s DEBUG file not found ERROR restarting bridge DEBUG sqlite3QueryResGet failed Query s ERROR UserName s DEBUG sqlite3QueryResGet failed Query s ERROR Password s DEBUG sqlite3QueryResGet failed Query s ERROR IsoName s DEBUG No memory to allocate ERROR Failed to Open SSHD Configuration DialNumber s DEBUG File ERROR 248 Unified Services Router Apn s GetDnsFromlsp s IdleTimeOutFlag s IdleTimeOutValue d AuthMetho d executing S s removing s from bridge d sS adding s to bridge d s stopping bridge restarting bridge Could not configure 6to4 Tunnel Interface Could not de configure 6to4 Tunnel Interface failed to restart 6to4 tunnel interfaces BridgeConfig too few arguments to command s BridgeConfig unsupported command d BridgeConfig returned error d sqlite3QueryResGet failed Error in executing DB update handler sqlite3QueryResGet failed Failed to remove vlan Interface for vianlid sqlite3QueryResGet failed Invalid oidp passed Invalid oidp passed Failed to get oid from the tree threegEnable Input to wrapper s threegEnable spawning command s threegMgmtHandler query string s threegMgmtHandler returnin
335. s host and this will be assigned an IP address and DNS server address from the router Once established the host machine can access allocated network resources Port Forwarding A web based ActiveX or Java client is installed on the client machine again Note that Port Forwarding service only supports TCP connections between the remote user and the router The router administrator can define specific services or applications that are available to remote port forwarding users instead of access to the full LAN like the VPN tunnel ex ActiveX clients are used when the remote user accesses the portal using the Internet Explorer browser The Java client is used for other browsers like Mozilla Firefox Netscape Navigator Google Chrome and Apple Safari Unified Services Router User Manual Figure 97 Example of clientless SSL VPN connections to the DSR DNS Server 10 10 10 163 Clientless VPN Internal network WINS Server 10 10 10 133 Clientless VPN Hee OEE _ _ eeerP EEE _ _ Clientless VPN Inside A Outside 10 10 10 0 158 Unified Services Router User Manual 7 1 Groups and Users Security gt Authentication gt User Database gt Groups The group page allows creating editing and deleting groups The groups are associated to set of user types The lists of available groups are displayed in the List of Group page with Group name and description of group e Click
336. s that your router uses to selectively block and allow inbound and outbound Internet traffic You then specify how and to whom the rules apply To do so you must define the following Services or traffic types examples web browsing VoIP other standard services and also custom services that you define Direction for the traffic by specifying the source and destination of traffic this is done by specifying the From Zone LAN WAN DMZ and To Zone LAN WAN DMZ Schedules as to when the router should apply rules Any Keywords in a domain name or on a URL of a web page that the router should allow or block Rules for allowing or blocking inbound and outbound Internet traffic for specified services on specified schedules MAC addresses of devices that should not access the internet Port triggers that signal the router to allow or block access to specified services as defined by port number Reports and alerts that you want the router to send to you You can for example establish restricted access policies based on time of day web addresses and web address keywords You can block Internet access by applications and services on the LAN such as chat rooms or games You can block just certain groups of PCs on your network from being accessed by the WAN or public DMZ network 5 1 Firewall Rules Security gt Firewall gt Firewall Rules gt IPv4 Firewall Rules Inbound WAN to LAN DMZ rules restrict access to traffi
337. s two WAN interfaces and optimizes the system performance resulting in high availability The solution supports configuring a port as a dedicated DMZ port allowing you to isolate servers from your LAN te DSR 150 150N 250 250N producst have a single WAN interface and thus it does not support Auto Failover and Load Balancing scenarios Superior Wireless Performance Designed to deliver superior wireless performance the DSR 500N and DSR 1000N include 802 11 a b g n support allowing for operation on either the 2 4 GHz or 5 GHz radio bands Multiple In Multiple Out MIMO technology allows the DSR 500N and DSR 1000N to provide high data rates with minimal dead spots throughout the wireless coverage area W DSR 150N DSR 250N and DSR 500N support the 2 4GHz radio band only Flexible Deployment Options The DSR 1000 1000N supports Third Generation 3G Networks via an extendable USB 3G dongle This 3G network capability offers an additional secure data connection for networks that provide critical services The DSR 1000N can be configured to automatically switch to a 3G network whenever a physical link is lost Robust VPN features A fully featured virtual private network VPN provides your mobile workers and branch offices with a secure link to your network The DSR 150 150N 250 250N DSR 500 500N and DSR 1000 1000N are capable of simultaneously managing 5 5 10 20 Secure Sockets Layer SSL VPN tunnels respectively empowering
338. sec The number of ICMP packets per second at which the router detects an ICMP flood attack from the WAN and prevents further ICMP traffic from that external address ex The ping on LAN interfaces is enabled in default To disable the ping response from LAN hosts to the LAN WAN port of the device uncheck the Allow Ping from LAN option 5 14 IGMP Proxy to manage multicast traffic Network gt LAN gt IGMP Setup IGMP snooping allows the router to listen in on IGMP network traffic through the router This then allows the router to filter multicast traffic and direct this only to hosts that need this stream This is helpful when there is a lot of multicast traffic on the network say from an IPTV application where all LAN hosts do not need to receive this multicast traffic Enabling IGMP snooping allows the router to regulate the amount of multicast traffic on the network to prevent flooding all LAN hosts Active IGMP snooping is referred to IGMP Proxy and this is available on your router Figure 81 Enabling IGMP Proxy for the LAN Network Network LAN IGMP Setup Qo The IGMP Proxy page allows the user to enable IGMP proxy on a LAN interface This is known as active IGMP snooping and lets the router listen in on IGMP network traffic The router filters multicast traffic through the router and is used to prevent LAN hosts from receiving traffic from a multicast group that they have not explicitly joined IGMP Setup
339. ser Manual 232 Unified Services Router User Manual Chapter 11 Trouble Shooting 11 1 Internet connection Symptom You cannot access the router s web configuration interface from a PC on your LAN Recommended action 1 2 Check the Ethernet connection between the PC and the router Ensure that your PC s IP address is on the same subnet as the router If you are using the recommended addressing scheme your PC s address should be in the range 192 168 10 2 to 192 168 10 254 Check your PC s IP address If the PC cannot reach a DHCP server some versions of Windows and Mac OS generate and assign an IP address These auto generated addresses are in the range 169 254 x x If your IP address is in this range check the connection from the PC to the firewall and reboot your PC If your router s IP address has changed and you don t know what it is reset the router configuration to factory defaults this sets the firewall s IP address to 192 168 10 1 If you do not want to reset to factory default settings and lose your configuration reboot the router and use a packet sniffer such as Ethereal to capture packets sent during the reboot Look at the Address Resolution Protocol ARP packets to locate the router s LAN interface address Launch your browser and ensure that Java JavaScript or ActiveX is enabled If you are using Internet Explorer click Refresh to ensure that the Java applet is loaded
340. ser Portal To configure port forwarding following are required e Local Server IP address The IP address of the local server which is hosting the application e TCP port The TCP port of the application Once the new application is defined it is displayed in a list of configured applications for port forwarding allow users to access the private network servers by using a hostname instead of an IP address the FQDN corresponding to the IP address is defined in the port forwarding host configuration section e Local server IP address The IP address of the local server hosting the application The application should be configured in advance e Fully qualified domain name The domain name of the internal server is to be specified Once the new FQDN is configured it is displayed in a list of configured hosts for port forwarding eX Defining the hostname is optional as minimum requirement for port forwarding is identifying the TCP application and local server IP address The local server IP address of the configured hostname must match the IP address of the configured application for port forwarding 172 Unified Services Router User Manual Figure 110 List of Available Applications for SSL Port Forwarding Port Forwarding List tor Contigured Applications CE No data available in table Add New Rule Port Forwarding List for Contigured Applications TCP Port Number C Range 0 65535 Save Port Forwardi
341. sists of all the available languages Figure 127 Device Drivers O Maintenance Maintenance Administration Package Manager This page shows the list of available drivers User can install or uninstall the drivers Device Drivers List of Default Drivers W gt Joni a cdc D Link DWM 156 A5 DWM 156 A6 DWM 157 A1 b 0 9 acm D Link DWM 152 A1 DWM 152 A2 DWM 152 A3 DWM 156 A1 DWM 156 A2 DWM 156 A3 DWM 156 A7 DWM 157 B1 DWM 158 D1 Huawei E option 0 9 1550 E 173 E 156 E 303 EC 306 ZTE MF 710 Showing 1 to 2 of 2 entries First Previous 1 Next gt Last gt Driver for your device not listed click here to see if updates or new drivers are available Manual Install Select Driver Choose File No file chosen Install History Install History Device Drivers Users can install drivers manually or can install from the listed drivers List of Device Drivers It allows the user to install or uninstall the available drivers Manual Install User can upload the provided driver package for installation 195 Unified Services Router User Manual Browse The user can choose the package to upload Click on Install to save your changes Figure 128 Installation of driver language pack O Maintenance Maintenance Administration Package Manager This page shows the list of available drivers User can install or uninstall the drivers
342. soft reboot of the router This page also allows you to download and automate the dbglog package agrouping of system status statistics and support logs that are useful for D Link support to diagnose router issues ea IMPORTANT During a restore operation do NOT try to go online turn off the router shut down the PC or do anything else to the router until the operation is complete This will take approximately 1 minute Once the LEDs are turned off wait a few more seconds before doing anything with the router For backing up configuration or restoring a previously saved configuration please follow the steps below 1 To save a copy of your current settings click the Backup button in the Save Current Settings option The browser initiates an export of the configuration file and prompts to save the file on your host 2 If there is a USB storage device currently plugged in to the system you can enable Autobackup of the configuration file to the USB file system The snapshot of current configuration settings will be updated on the USB file system and overwrite any files with the same filename i e if there was an earlier configuration backup done to this location 212 Unified Services Router User Manual 3 To restore your saved settings from a backup file click Browse then locate the file on the host After clicking Restore the router begins importing the file s saved configuration settings After the restore the router r
343. splayed in this table The receive Rx and transmit Tx data is shown per configured AP Wireless Statistics Showing 1 to 1 of 1 entries First Previous 1 Next gt Last 7 10 3 Active Connections 10 3 1 Sessions through the Router Status gt Network Information gt Active Sessions This table lists the active internet sessions through the router s firewall The session s protocol state local and remote IP addresses are shown Figure 158 List of current Active Firewall Sessions Status Status Network Information Active Sessions e S5 N Use this page to monitor the sessions that are active on your router Active Sessions List T ee No right click options q T v v v 192 168 10 1 443 192 168 10 200 51084 tcp ESTABLISHED 192 168 10 1 443 192 168 10 200 50832 tcp ESTABLISHED 192 168 10 1 443 192 168 10 200 51065 tcp ESTABLISHED Showing 1 to 3 of 3 entries First Previous 1 Next gt Last gt 10 3 2 Wireless Clients Status gt Network Information gt Wireless Clients The clients connected to a particular AP can be viewed on this page Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link as well as the time connected to the corresponding AP 228 Unified Services Router User Manual The statistics table has auto refresh control which allows display of the most current port level data at each page refresh
344. stead enabled only via a specific IP address or specific VLAN subnet When this feature is enabled e Access will be allowed by the configured IP address or VLAN subnet and no other LAN hosts will be allowed to access the GUI management interface e Only the GUI management is affected CLI SNMP are not affected by this control e User will still need administrator credentials to modify configuration settings 202 Unified Services Router User Manual Figure 134 Web GUI Management from the WAN 3 Maintenance Maintenance Administration Web GUI Management This page allows the user to manage Device GUI access deny permissions to VLAN host VLAN Network Web GUI Management Enable List of Allowed IP Address Vlan Network Show entries Right click on record to get more options Q No data available in table Showing 0 to 0 of 0 entries First Previous Next gt 9 1 4 9 2 CLI Access In addition to the web based GUI the gateway supports SSH and Telnet management for command line interaction The CLI login credentials are shared with the GUI for administrator users To access the CLI type cli in the SSH or console prompt and login with administrator user credentials SNMP Configuration Maintenance gt Management gt SNMP SNMP is an additional management tool that is useful when multiple routers in a network are being managed by a central Master system When an external SN
345. t A No data available in table New Self Certificate 193 Unified Services Router User Manual 8 6 Advanced Switch Configuration Maintenance gt Management gt Power Saving The DSR allows you to adjust the power consumption of the hardware based on your actual usage The two green options available for your LAN switch are Power Saving by Link Status and Length Detection State With Power Saving by Link Status option enabled the total power consumption by the LAN switch is dependent function of on the number of connected ports The overall current draw when a single port is connected is less than when all the ports are connected With Length Detection State option enabled the overall current supplied to a LAN port is reduced when a smaller cable length is connected on a LAN port Jumbo Frames support can be configured as an advanced switch configuration Jumbo frames are Ethernet frames with more than 1500 bytes of payload When this option is enabled the LAN devices can exchange information at Jumbo frames rate Figure 126 Advanced Switch Settings or Maintenance Maintenance Management Power Saving Q Q This page allows user to enable disable power saving in the router Power Saving By Link Status By Cable Length Detection i AE Save Cancel 8 7 Package Manager Maintenance gt Administration gt Package Manager A package is a set of files which are installed by the rout
346. t Traffic Management Bandwidth Profiles Bandwidth Profiles Traffic Shaping This page shows the list of configured bandwidth profiles These profiles then can be used with the traffic selectors Bandwidth Profiles Enable Bandwidth Profiles oN Bandwidth Profiles List Show entries Right click on record to get more options l a l No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last gt Add New Bandwidth Profile To create a new bandwidth profile click Add in the List of Bandwidth Profiles The following configuration parameters are used to define a bandwidth profile e Profile Name This identifier is used to associate the configured profile to the traffic selector e You can choose to limit the bandwidth either using priority or rate e If using priority Low High and Medium can be selected If there is a low priority profile associated with traffic selector A and a high priority profile associated with traffic selector B then the WAN bandwidth allocation preference will be to traffic selector B packets e For finer control the Rate profile type can be used With this option the minimum and maximum bandwidth allowed by this profile can be limited e Choose the WAN interface that the profile should be associated with 61 Unified Services Router User Manual Figure 31 Bandwidth Profile Configuration Bandwidth Profi
347. t called DEBUG S no memory for cwm attach __ func __ DEBUG s error acw NULL Possible attach failure func __ DEBUG s unable to abort tx dma _ func __ DEBUG s no memory for ff attach _ func__ DEBUG Failed to initiate PBC based enrolle association DEBUG KERN EMERG Returing error in INTR registration DEBUG KERN_EMERG Initialzing Wps module DEBUG S d S FILE LINE_ func __ DEBUG DEV is null p p dev dst Packet is Fragmented d pBufMgr gt len Marked the packet proto d sip x dip x sport d dport d spi d isr p p Yp SAV CHECK FAILED IN DECRYPTION FAST PATH Breaks on BUF CHECK FAST PATH Breaks on DST CHECK FAST PATH Breaks on MTU d d d bufMgrLen pBufMogr mtu dst_mtu oDst gt path od d bufMgrLen pBufMgr IP_MAX_PA CKET SAV CHECK FAILED IN ENCRYPTION Match Found proto d spi d pPktInfo gt proto oFlowEntry gt pre spi PRE proto u Srcip u uU uU u sport u dstip u u u u dport oU POST proto u srcip u uU uU u sport u dstip u u u u dport uU Clearing the ISR p p PROTO d uU U U U gt u U U U ESP DONE p p sav m ESP BAD p p sav m Bug in ip _route_input_slow Bug in ip _route_input_slow Bug in ip_route_input Bug in ip _route_input_slow AH Assigning the secure flags for sav p Sav ESP Assigning the secure flags for Sav p skb p src x dst x Sav skb ip gt ip src s_addr ip gt ip_dst
348. t protocol UID u sko gt sk gt sk_socket gt file gt f_uid lt d gt SIN s OUT s loginfo gt u log level level_ string SIN S OUT S s prefix NULL loginfo gt prefix prefix IN OUT PHYSIN s physindev gt name PHYSOUT s physoutdev gt name MAC O02xX C p DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table unknown oid s varName could not find oid pointer for s varName unRegistering IPsecMib ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table ERROR Failed to add entry to IPsec sa table unknown oid s varName could not find oid pointer for s varName unRegistering IPsecMib You ouU uU u NIPQUAD trt gt rt_dst 0
349. t set in GTK Msg2 wpaAuthRecvGTKMsg2 keyDataLength not zero unknown invalid descriptor incorrect Ack must not be MIC bit must be unexpected mic check rsn ie unexpected mic check unexpected User Manual Unified Services Router User Manual wpaAuthRecvGTKMsg2 mic check doing pnacTxStart DEBUG failed ERROR wpaAuthRecvKeyRea unexpected doing pnacTxLogoff DEBUG packet received ERROR wpaAuthRecvKeyReaq doing pnacTxRspld 1st cond DEBUG keyDataLength not zero ERROR wpaAuthRecvKeyRea mic check doing pnacTxRspld entering 2nd cond DEBUG failed ERROR from pnacTxRspld code d identifier d length d i DEBUG invalid OUI x x X ERROR doing pnacTxRspld 2nd cond DEBUG s invalid OUI x x x ERROR doing pnacTxRspAuth 1st cond DEBUG S d Cipher in WPA IE x ERROR doing pnacTxRspAuth 2nd cond DEBUG s invalid OUI x x x ERROR message for unknown port PAE DEBUG short WPA IE length d received ERROR from pnacAC ToSuppRecvRin calling pnacEapPktRecord DEBUG PTK state machine in unknown state ERROR from pnacEapPktRecord code d identifier d DEBUG doti1InstallkKeys failed ERROR from pnacEapPktRecord received group state machine entered into success pkt DEBUG WPA_AUTH GTK_INIT ERROR from pnacEapPktRecord received failure pkt DEBUG dot11Malloc failed ERROR from pnacEapPktRecord received request pkt DEBUG dot11Malloc failed ERROR unknown EAP code d
350. tanoven mi sm rnice 1999 5 ES Dansk Undertegnede fabrikantens navn erkl rer herved at f lgende udstyr udstyrets Danish typebetegnelse overholder de v sentlige krav og vrige relevante krav i direktiv 1999 5 EF Deutsch Hiermit erkl rt Name des Herstellers dass sich das Ger t Ger tetyp in German Ubereinstimmung mit den grundlegenden Anforderungen und den brigen einschl gigen Bestimmungen der Richtlinie 1999 5 EG befindet Eesti K esolevaga kinnitab tootja nimi name of manufacturer seadme seadme t p type of Estonian equipment vastavust direktiivi 1999 5 EU p hin uetele ja nimetatud direktiivist tulenevatele teistele asjakohastele s tetele English Hereby name of manufacturer declares that this type of equipment is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC Espa ol Por medio de la presente nombre del fabricante declara que el clase de equipo cumple Spanish con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999 5 CE EA nVIK ME THN MAPOY2A name of manufacturer AHAQNE OTI type of equipment Greek ZYMMOPOONETAI MPO TI OYZIOAEIZ ANAITHZEI2Z KAI Tl2 AOINE2 2XETIKE2 AIATA El2 TH OAHMTIA2 1999 5 EK Francais Par la presente nom du fabricant d clare que l appareil type d appareil est conforme aux French exigences essentielles et aux autres dispositions pertinentes de
351. tatically provided by the ISP or should be received dynamically at each login If static enter your IP address IPv4 subnet mask and the ISP gateway s IP address PPTP and L2TP ISPs also can provide a static IP address and subnet to configure however the default is to receive that information dynamically from the ISP WAN DNS Servers The IP Addresses of WAN Domain Name Servers DNS are typically provided dynamically from the ISP but in some cases you can define the static IP addresses of the DNS servers DNS servers map Internet domain names example www google com to IP addresses Click to indicate whether to get DNS server addresses automatically from your ISP or to use ISP specified addresses If it s latter enter addresses for the primary and secondary DNS servers To avoid connectivity problems ensure that you enter the addresses correctly 47 Unified Services Router 3 2 3 DHCP WAN User Manual For DHCP client connections you can choose the MAC address of the router to register with the ISP In some cases you may need to clone the LAN host s MAC address if the ISP is registered with that LAN host Figure 21 Manual WAN configuration Network Network Internet WANT Settings CHO This page allows you to set up your Internet connection Ensure that you have the Internet connection information such as the IP Addresses Account Information etc This information is usually provided by your ISP or networ
352. ted received packets since the tunnel was established Ifa VPN policy state is IPsec SA Not Established it can be enabled by clicking the Connect button of the corresponding policy The Active IPsec SAs table displays a list of active IPsec SAs Table fields are as follows 230 Unified Services Router User Manual Figure 161 List of current Active VPN Sessions Status Status Network Information Active VPNs IPsec SAs IPsec SAs SSL VPN Connections PPTP VPN Connections Open VPN Connections L2TP VPN Connections This page lists current established IPsec Security Associations Active IPsec SAs List No data available in table Status Status Network Information Active VPNs SSL VPN Connections IPsec SAs SSL VPN Connections PPTP VPN Connections Open VPN Connections L2TP VPN Connections This page lists current established SSL VPN tunnels Active SSL VPN Connections No data available in table ED Status Status Network Information Active VPNs PPTP VPN Connections IPsec SAs SSL VPN Connections PPTP VPN Connections OpenVPN Connections L2TP VPN Connections This page lists current established PPTP VPN tunnels Active PPTP VPN Connections All active SSL VPN connections both for VPN tunnel and VPN Port forwarding are displayed on this page as well Table fields are as follows 231 Unified Services Router U
353. th the essential requirements of the R amp TTE Directive 1999 5 EC The following test methods have been applied in order to prove presumption of conformity with the essential requirements of the R amp TTE Directive 1999 5 EC EN 60950 1 2006 A11 2009 Safety of information technology equipment EN 300 328 V1 7 1 2006 10 Electromagnetic compatibility and Radio spectrum Matters ERM Wideband transmission systems Data transmission equipment operating in the 2 4 GHz ISM band and using wide band modulation techniques Harmonized EN covering essential requirements under article 3 2 of the R amp TTE Directive EN 301 489 17 V1 3 2 2008 04 and EN 301 489 1 V1 8 1 2008 04 Electromagnetic compatibility and Radio spectrum Matters ERM Electro Magnetic Compatibility EMC standard for radio equipment and services Part 17 Specific conditions for 2 4 GHz wideband transmission systems and 5 GHz high performance RLAN equipment This device is a 2 4 GHz wideband transmission system transceiver intended for use in all EU member states and EFTA countries under the following conditions and or with the following restrictions In Italy the end user should apply for a license at the national spectrum authorities in order to obtain authorization to use the device for setting up outdoor radio links and or for supplying public access to telecommunications and or network services This device may not be used for setting up outdoor radio links in Fran
354. th_pci No devices found driver not installed DEBUG fmt VA ARGS _ DEBUG s Warning using only u entries in u key cache DEBUG s TX99 support enabled dev gt name DEBUG S grppoll Buf allocation failed _func__ DEBUG S s unable to start recv logic DEBUG S s unable to start recv logic DEBUG s no skbuff func __ DEBUG s hardware error resetting dev gt name DEBUG s rx FIFO overrun resetting dev gt name DEBUG s unable to reset hardware s HAL status u DEBUG s unable to start recv logic dev gt name DEBUG S s unable to reset hardware s HAL status u DEBUG S s unable to start recv logic DEBUG ath_mgtstart discard no xmit buf DEBUG s 02u 7s tag ix ciphers hk gt kv_type DEBUG 02x hk gt kv_valli DEBUG mac s ether_sprintf mac DEBUG S SC gt SC_splitmic mic rxmic DEBUG 02x hk gt kv_micfi DEBUG txmic DEBUG 02x hk gt kv_txmicf i DEBUG s unable to update h w beacon queue parameters DEBUG s stuck beacon resetting omiss count u DEBUG 282 Unified Services Router ipt_rpc only valid for PRE_ROUTING FORWARD POST_ROUTING LOCAL_IN and or LOCAL_OUT targets DEBUG ip _nat_init can t setup rules DEBUG ip_nat_init can t register in hook DEBUG io_nat_init can t register out hook DEBUG ip_nat_init can t register adjust in hook DEBUG ip_nat_init can t register adjust out h
355. the WAN There will always be one default administrator user for the GUI 159 Unified Services Router User Manual e Guest User read only The guest user gains read only access to the GUI to observe and review configuration settings The guest does not have SSL VPN access e Captive Portal User Captive portal users obtain internet access via approval from the router The access is determined based on captive portal policies Idle Timeout This is the login timeout period for users of this group Figure 99 User group configuration Group Configuration e pa User Type User Type Admin C Network Guest PPTP User OFF L2TP User OFF SSLVPW User OFF Idle Timeout Default 10 Range 1 999 Minutes Save When SSLVPN users are selected the SSLVPN settings are displayed with the following parameters as captured in SSLVPN Settings As per the Authentication Type SSL VPN details are configured e Authentication Type The authentication Type can be one of the following Local User Database default RADIUS PAP RADIUS CHAP RADIUS MSCHAP RADIUS MSCHAPv2 NT Domain Active Directory and LDAP e Authentication Secret If the domain uses RADIUS authentication then the authentication secret is required and this has to match the secret configured on the RADIUS server e Workgroup This is required is for NT domain authentication If there are multiple workgroups user can enter the details for up to tw
356. the OSPF router down This value must be the same for all routers attached to a common network The default value is 40 seconds OSPF requires these intervals to be exactly the same between two neighbors If any of these intervals are different these routers will not become neighbors on a particular segment Cost The cost of sending a packet on an OSPFV3 interface 78 Unified Services Router User Manual Figure 44 OSPF v3 configuration OSPFv3 Configuration OSPFvi Enable on Interface WANT Priority Default 1 Range 0 255 Hello Interval Default 10 Range 1 65535 Dead Interval 40 Default 40 Range 1 65535 Cost Default 10 Range 1 65535 3 5 6 6to4 Tunneling Network gt IPv6 gt 6 to 4 Tunneling 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6 a system that allows IPv6 packets to be transmitted over an IPv4 network Select the check box to Enable Automatic Tunneling and allow traffic from an IPv6 LAN to be sent over an IPv4 Option to reach a remote IPv6 network Figure 45 6 to 4 tunneling Network Pv6 6 to 4 Tunneling Qo IPv6 Mode is not enabled This page allows user to enable disable the 6 to 4 tunneling With this option enabled IPv4 address information is embedded in IPv6 addresses on the LAN This option is very common in network that use both IPv4 and IPv nodes IPv6 to IPv4 Tunneling Activate Auto Tunneling 79 Unified Se
357. the router If the router still cannot obtain an ISP address see the next symptom Symptom Router still cannot obtain an IP address from the ISP Recommended action 1 Ask your ISP if it requires a login program PPP over Ethernet PPPoE or some other type of login 2 If yes verify that your configured login name and password are correct 3 Ask your ISP if it checks for your PC s hostname 4 If yes select Network Configuration gt WAN Settings gt Ethernet ISP Settings and set the account name to the PC hostname of your ISP account 5 Ask your ISP if it allows only one Ethernet MAC address to connect to the Internet and therefore checks for your PC s MAC address 6 If yes inform your ISP that you have bought a new network device and ask them to use the firewall s MAC address 7 Alternatively select Network Configuration gt WAN Settings gt Ethernet ISP Settings and configure your router to spoof your PC s MAC address Symptom Router can obtain an IP address but PC is unable to load Internet pages 234 Unified Services Router User Manual 11 2 11 3 Recommended action 1 Ask your ISP for the addresses of its designated Domain Name System DNS servers Configure your PC to recognize those addresses For details see your operating system documentation 2 On your PC configure the router to be its TCP IP gateway Date and time Symptom Date shown is January 1 1970 Possible cause
358. to allocate buffer umiloctl failed failed to initialize EAP message queue Unable to set debug for radEap Unable to set debug level for radEap ERROR option value not specified ERROR option value not specified could not initialize MGMT framework Unable to initialize RADIUS Unable to set debug for radEap Unable to set debug level for radEap ERROR option value not specified Unable to initialize RADIUS Invalid username or password Unable to set debug for radAuth Unable to set debug level for radAuth ERROR option value not specified Unable to initialize RADIUS Invalid username challenge or response Unable to set debug for radAuth Unable to set debug level for radAuth ERROR option value not specified Unable to initialize RADIUS Invalid username or password usage s lt DB fileName gt ntpd umi initialization failed ntpd ntplnit failed ntpd ntoMgmtlnit failed There was an error while getting the timeZoneChangeScript unexpected reply from d cmd d cmd d not supported caller d default reached Unable to initialize ntoControl ntpMgmt Couldn t open database AS ERROR incomplete DB update information empty update nRows d nCols d Error in executing DB update handler requestNtpTime Invalid addr User Manual ERROR ERROR ERROR eee ERROR ERROR ERROR re ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR
359. too small fname s cannot allocate space for SHA1 digest fname S d trying to write outside history S d trying to write outside history S d trying to write outside history S d too big uncompressed packet d S d encryption negotiated but not an S d error notan MPPC or MPPE frame Kernel doesn t provide ARC4 and or SHA1 algorithms PPP not interface or channel PPP no memory VJ compressor failed to register PPP device d err PPP no memory VJ comp pkt PPP no memory comp pkt 292 User Manual ERROR ERROR o Unified Services Router User Manual Yod tValue t t llu Ox llx j ni gt node_trace i value DEBUG ppp compressor dropped pkt ERROR ifmedia_add null ifm DEBUG PPP no memory fragment ERROR Adding entry for DEBUG PPP VJ uncompressed error ERROR ifmedia_set no match for 0x x 0x x DEBUG ppp decompress _ frame no memory ERROR ppp _mp_reconstruct bad seq u lt ifmedia_set target DEBUG u ERROR PPP couldn t register device s ifmedia_set setting to DEBUG d ERROR ifmedia_ioctl switching s to dev ppp Son ppp struct p but gt name DEBUG dead d ERROR ifmedia_match multiple match for DEBUG ppp destroying undead channel p ERROR PPP removing module but units lt unknown type gt DEBUG remain ERROR desc gt ifmt_string DEBUG PPP failed to unregister PPP device ER
360. trusted domains added to the Approved URLs List cece ccceseceeeseeeeetseees 128 One keyword added to the block liSt oo cece cccscccesseccessecesssecesseecesssecesseecesseesenseeeesaees 129 EXDOF ADproVed URE STara a A A a E 130 PD GATING WV OE ane rne a A OE 130 The following example binds a LAN host s MAC Address to an IP address served by DSR If there is an IP MAC Binding violation the violating packet will be dropped and OOS Will De CADE Gry cece ssoucuu ted creases costes ey ciutnts ate cease Er AEREN 132 Intrusion Prevention features ON the router ce eeessccssssecssssecssccecsseeeesseeessseeesesneeeeees 134 Protecting the router and LAN from internet attacks 0 cece cccccesscccceesssseeeeeeesseeees 135 Enabling IGMP Proxy ior the LEAN cise cctsa tat dielep es nuteaed dives tec eates dada cadena ie 136 Example of Gateway to Gateway IPsec VPN tunnel using two DSR routers connected TO RE NUS ENG Uc sescct cosets aetna atta n teat gaia ta snencaate SondadateatasteGencta E 137 Example of three IPsec client connections to the internal network through the DSR IPSEC a tes 2 gener ena area Sin eD MRP a N eMC P TT eae an TR ES na Rr er ec ene es 138 VPN Wizard launch Scree ecaa a a a dues 139 IPSEC POICY COMMU AUC segrai iaaa E E A EEEE 142 IPsec policy configuration continued Auto policy via IKE ccc ceccesseceeeesseeeeeeens 144 IPsec policy configuration continued Auto Manual Phase 2 c
361. ts than the local Event Viewer on the router s GUI and thus can collect a considerable number of logs over a sustained period This is typically very useful for debugging network issues or to monitor router traffic over a long duration 210 Unified Services Router User Manual This router supports up to 8 concurrent Syslog servers Each can be configured to receive different log facility messages of varying severity To enable a Syslog server select the checkbox next to an empty Syslog server field and assign the IP address or FQDN to the Name field The selected facility and severity level messages will be sent to the configured and enabled Syslog server once you save this configuration page s settings Figure 142 Syslog server configuration for Remote Logging continued O Maintenance Maintenance Logs Settings S Server ogs gs yslog 7 This page allows user to configure the syslog server logging options for the router Syslog Server Configuration SysLog Server 1 SysLog Server 2 SysLog Server 3 SysLog Server 4 SysLog Server 5 SysLog Server 6 SysLog Server 7 SysLog Server 8 pues Save Cancel 9 4 3 Event Log Viewer in GUI Status gt Logs gt View All Logs The router GUI lets you observe configured log messages from the Status menu Whenever traffic through or to the router matches the settings determined in the Tools gt Log Settings gt Logs Facility or Tools gt Log Settings gt Logs Config
362. ttings LAN TCP IP Setup IPv6 Address IPv Prefix Length Ranege 0 128 DHCP v6 Status on Mode Stateless Stateful Domain Name dlink com Server Preference 255 Range 0 255 DNS Servers Use DNS Proxy Lease Rebind Time Range 0 604800 Seconds Prefix Delegation C A Save Cancel ex If you change the IP address and click Save Settings the GUI will not respond Open a new connection to the new IP address and log in again Be sure the LAN host the machine used to manage the router has obtained IP address from newly assigned pool or has a static IP address in the router s LAN subnet before accessing the router via changed IP address As with an Pv4 LAN network the router has a DHCPv6 server If enabled the router assigns an IP address within the specified range plus additional specified information to any LAN PC that requests DHCP served addresses 20 Unified Services Router User Manual The following settings are used to configure the DHCPV6 server e DHCP Mode The IPv6 DHCP server is either stateless or stateful If stateless is selected an external IPv6 DHCP server is not required as the IPv6 LAN hosts are auto configured by this router In this case the router advertisement daemon RADVD must be configured on this device and ICMPv6 router discovery messages are used by the host for auto configuration There are no managed addresses to serve the LAN nodes If stateful is selected the IPv6 LAN
363. twork Internet Traffic Management Bridge Traffic Selectors Bandwidth Profiles Traffic Shaping Bridge Bandwidth Profiles Bridge Traffic Selectors This page shows the list of static routes configured on the router User can also add delete and edit the configured routes Use this page to define static routes Be sure to enter a destination address subnet mask gateway and metric foreach configured static route The Interface dropdown menu will show all available configured wired interfaces on the router as options Once a bridge bandwidth profile has been created it can then be associated with a traffic flaw from the LANPort 1 toDM Bridge traffic selectors are elements like IP addresses or services that require their outbound traffic to be regulated Bridge Traffic Selectors List Show entnes Right click on record to get more options a No data available in table Showing 0 to 0 of 0 entries hJ First Previous Next p Last L Add New Bridge Traffic Selector Bridge Tnattic 5 elector Contigui ation ix Service AIM Traffic Selector Match Type MAC Address MAC Address Save 3 3 1 Bandwidth Controls in Bridge Mode Network gt Internet gt Traffic Management gt Bridge Bandwidth Profile Configuration Network gt Internet gt Traffic Management gt Bridge Traffic Selectors 63 Unified Services Router User Manual The above traffic management applies to classical or NAT
364. uency the mode selection will let you define whether legacy connections or only 802 11n connections or both are accepted on configured APs 97 Unified Services Router User Manual Figure 54 Radio card configuration options Wireless General Radio Settings 6 This page allows you to configure the hardware settings for each available radio card Radio Settings Operating Frequency 2 4GHz T Mode g and b Channel Spacing Z0MHZ T Current Channel 1 2 412GHz Channel Auto T Transmission Rate Best Automatic The ratified 802 11n support on this radio requires selecting the appropriate broadcast NA or NG etc mode and then defining the channel spacing and control side band for 802 11n traffic The default settings are appropriate for most networks For example changing the channel spacing to 40 MHz can improve bandwidth at the expense of supporting earlier 802 11n clients The available transmission channels are governed by regulatory constraints based on the region setting of the router The maximum transmission power is similarly governed by regulatory limits you have the option to decrease from the default maximum to reduce the signal strength of traffic out of the radio 4 5 WMM Wireless gt Advanced gt WMM Wi Fi Multimedia WMM provides basic Quality of service QoS features to IEEE 802 11 networks WMM prioritizes traffic according to four Access Categories AC voice video best effort a
365. ular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures e Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation This transmitter must not be co located or operating in conjunction with any other antenna or transmitter The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm from all persons and must not be co located or operating in conjunction with any other antenna or transmitter This transmitter is restricted to indoor use in the
366. ules Application Rules List Show entries Right click on record to get more options Q No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last gt Add New Application Rule Application Rules Enable ma OFF Protocol Tce UDP Interface LAN DMZ Outgoing Trigger Port Range Start Port Range 0 65535 To Range 0 65535 Incoming Response Port Range Start Port Range 0 65535 MAN i Range 0 65535 Save The application rule status page will list any active rules i e incoming ports that are being triggered based on outbound requests from a defined outgoing port 5 10 Web Content Filtering The gateway offers some standard web filtering options to allow the admin to easily create internet access policies between the secure LAN and insecure WAN Instead of creating policies based on the type of traffic as is the case when using firewall rules web based content itself can be used to determine 1f traffic is allowed or dropped 126 Unified Services Router User Manual 5 10 1 Static Content Filtering Security gt Web Content Filter gt Static Filtering Content filtering must be enabled to configure and use the subsequent features list of Trusted Domains filtering on Blocked Keywords etc Proxy servers which can be used to circumvent certain firewall rules and thus a potential security gap can be blocked for all LAN devices
367. unique e LastName text field This is a user detail and need not be unique e GroupName text field The group that is associated with this user MultiLogSup Boolean value With this enabled 1 then multiple users can share a single username and password e Password text field password to assign for this username XW The Group for a corresponding user GroupName in the CSV must be created via the GUI in advance of the User Database CSV upload action ex None of the above fields can be left empty or NULL in the User Database CSV 167 Unified Services Router User Manual 7 2 Using SSL VPN Policies VPN gt SSL VPN gt SSL VPN Server Policy SSL VPN Policies can be created on a Global Group or User level User level policies take precedence over Group level policies and Group level policies take precedence over Global policies These policies can be applied to a specific network resource IP address or ranges on the LAN or to different SSL VPN services supported by the router The List of Available Policies can be filtered based on whether it applies to a user group or all users global ex A more specific policy takes precedence over a generic policy when both are applied to the same user group global domain I e a policy for a specific IP address takes precedence over a policy for a range of addresses containing the IP address already referenced Figure 107 List of SSL VPN polices Global filter
368. unique name for identifying the policy IP address Required when the governed resource is identified by its IP address or range of addresses Mask Length Required when the governed resource is identified by a range of addresses within a subnet ICMP Select this option to include ICMP traffic Port range If the policy governs a type of traffic this field is used for defining TCP or UDP port number s corresponding to the governed traffic Leaving the starting and ending port range blank corresponds to all UDP and TCP traffic Service This is the SSL VPN service made available by this policy The services offered are VPN tunnel port forwarding or both Defined resources This policy can provide access to specific network resources Network resources must be configured in advance of creating the policy to make them available for selection as a defined resource Network resources are created with the following information 169 Unified Services Router User Manual e Permission The assigned resources defined by this policy can be explicitly permitted or denied 7 2 1 Using Network Resources VPN gt SSL VPN gt Resources Network resources are services or groups of LAN IP addresses that are used to easily create and configure SSL VPN policies This shortcut saves time when creating similar policies for multiple remote SSL VPN users Adding a Network Resource involves creating a unique name to identify the resource and assigning
369. uration pages the corresponding log message will be displayed in this window with a timestamp eS It is very important to have accurate system time manually set or from a NTP server in order to understand log messages Status gt Sysytem Information gt All Logs gt IPSec VPN Logs This page displays IPsec VPN log messages as determined by the configuration settings for facility and severity This data is useful when evaluating IPsec VPN traffic and tunnel health 211 Unified Services Router User Manual Figure 143 VPN logs displayed in GUI event viewer Status Status System Information All Logs IPSec VPN Logs Q Current Logs Firewall Logs IPSec VPN Logs SSL VPN Logs This page displays the captured log messages specifically for IPsec events Current IPSec VPN Logs Show entries No right click options a No data available in table Showing 0 to 0 of 0 entries First Previous Next gt Last gt Clear All send Logs 9 5 Backing up and Restoring Configuration Settings Maintenance gt Firmware amp config gt Backup restore You can back up the router s custom configuration settings to restore them to a different device or the same router after some other changes During backup your settings are saved as a file on your host You can restore the router s saved settings from this file as well This page will also allow you revert to factory default settings or execute a
370. us System Information Device WAN 6 System Dedicated WAN Rollover WAN Wireless All of your Rollover WAN network connection details are displayed on the Device Status page Rollover WAN Information MAC Address 00 11 B6 CC DD 70 IPv4 Address 0 0 0 0 255 255 255 0 IPve Address i Status DOWN IPv Connection Type threeg IPv Connection State Not Yet Connected Prefix Obtained NAT IPv4 Only Enabled IPv4 Connection Type 3G Internet IPv4 Connection State Not Yet Connected Link State LINK DOWN WAN Mode Use only single port WAN Gateway 0 0 0 0 Primary DNS 0 0 0 0 Secondary DNS 0 0 0 0 The WAN status page allows you to Enable or Disable static WAN links For WAN settings that are dynamically received from the ISP you can Renew or Release the link parameters if required 3 2 9 VLAN ON WAN This page allows you to set up your internet connection if it uses tagged VLAN headers for interacting with the ISP Ensure that you have the Internet connection information such as the IP Addresses Account Information etc This information is usually provided by your ISP or network administrator With VLAN on WAN support the router is able to get addresses to access the tagged interface Network gt Internet gt WANI1 Settings 59 Unified Services Router User Manual Figure 29 Enabling VLAN on WAN Network Network Internet WAN1 Settings ed Y This page allows you to set up your Intern
371. users that want to connect to the IPSec L2TP PPTP SSL VPN and wireless networks provided by this device If the first primary RADIUS server is not accessible at any time then the device will attempt to contact the secondary RADIUS server for user authentication Radius Server Configuration ee ee Server Checking Authentication Server 1 Primary 192 168 1 2 Authentication Port Range 0 65535 Timeout Range 1 999 Seconds Retries Range 1 999 Authentication Server 2 Secondary Authentication Port Range 0 65535 Timeout Range 1 999 Seconds Retries Range 1 999 Authentication Server 3 Optional Authentication Port Range 0 65535 Timeout Range 1 999 Seconds Retries Range 1 999 Save Cancel 188 Unified Services Router User Manual 8 4 4 Active Directory Server Security gt Authentication gt External Auth Server gt AD Server Active Directory authentication is an enhanced version of NT Domain authentication The Kerberos protocol is leveraged for authentication of users who are grouped in Organizational Units OUs In particular the Active Directory server can support more than a million users given is structure while the NT Domain server is limited to thousands The configured Authentication Servers and Active Directory domain s are used to validate the user with the directory of users on the external Windows based server This authentication option is common for SSL VPN client users and
372. uter Once authenticated set the time zone that you are located in and then choose the type of ISP connection type DHCP Static PPPoE PPTP L2TP Depending on the connection type a username password may be required to register this router with the ISP In most cases the default settings can be used if the ISP did not specify that parameter The last step in the Wizard is to click the Connect button which confirms the settings by establishing a link with the ISP Once connected you can move on and configure other features in this router e amp 3G Internet access with a USB modem is supported on WAN3 The Internet Connection Setup Wizard assists with the primary WAN port WAN1 configuration only WAN Configuration Network gt Internet gt WANI Settings You must either allow the router to detect WAN connection type automatically or configure manually the following basic settings to enable Internet connectivity e ISP Connection type Based on the ISP you have selected for the primary WAN link for this router choose Static IP address DHCP client Point to Point Tunneling Protocol PPTP Point to Point Protocol over Ethernet PPPoE Layer 2 Tunneling Protocol L2TP Required fields for the selected ISP type become highlighted Enter the following information as needed and as provided by your ISP 46 Unified Services Router User Manual 3 2 1 3 2 2 PPPoE Profile Name This menu lists configured PPPoE profiles particularly use
373. v_base j 02X skb gt datal i _lvi PPPOL2TP _ fmt args 02X ptr length 02X unsigned char m gt msg_iov i iov_base j DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG P DEBUG DEBUG paoa DEBUG s Got Deleted SA p state d _func__ plPsecinfo plPsecl nfo gt state s s fmt FILE _ __FUNCTION __ args S s fmt FILE _ __FUNCTION __ args iot_ TIME format args IPT ACCOUNT_NAME checkentry wrong parameters not equals existing table parameters IPT ACCOUNT_NAME checkentry too big netmask IPT ACCOUNT_NAME checkentry failed to allocate zu for new table S sizeof struct t_ipt_account_table info gt name IPT ACCOUNT_NAME checkentry wrong network netmask account Wrong netmask given by netmask parameter i Valid is 32 to 0 netmask IPT ACCOUNT NAME checkentry failed to create procfs entry IPT ACCOUNT NAME checkentry failed to register match failed to create procfs entry MPPE MPPC encryption compression module registered module unregistered PPP generic driver version PPP_VERSION MPPE MPPC encryption compression MPPE MPPC encryption compression module registered MPPE MPPC encryption compression module unregistered PPP generic driver version PPP VERSION PPPoL2TP kernel driver s PPPoL2TP kernel driver s fa
374. wall linux user firewalld c 61 define ADP_DEBUG 2 printf DEBUG Enabling Source MAC Filtering DEBUG Disabling Source MAC Filtering DEBUG Adding MAC Filter Policy for Block amp Permit Rest DEBUG Adding MAC Filter Policy for Permit amp Block Rest DEBUG Restarting Source MAC Address Policy DEBUG Disabling Firewall Rule for DHCP Relay Protocol DEBUG Enabling Firewall Rule for DHCP Relay Protocol DEBUG prerouting Firewall Rule add for Relay failed DEBUG prerouting Firewall Rule add for Relay failed DEBUG 264 Unified Services Router User Manual Deleting MAC Filter Policy for Address Disabling attack check for UDP Flood DEBUG s DEBUG Adding MAC Filter Policy for Address Disabling attack check for IPsec DEBUG s DEBUG Disabling attack check for PPTP DEBUG Disabling Firewall Rules for DMZ host DEBUG Disabling attack check for L2TP DEBUG Enabling Firewall Rules for DMZ host DEBUG Disabling Firewall Rules for Spill Over Disabling attack check for UDP Flood DEBUG Load Balancing DEBUG Disabling Firewall Rules for Load Disabling attack check for IPsec DEBUG Balancing DEBUG Enabling Firewall Rules for Load Disabling attack check for PPTP DEBUG Balancing DEBUG Enabling Firewall Rules for Spill Over Disabling attack check for L2TP DEBUG Load Balancing DEBUG Enabling attack check for Block ping to Enabling Firewall Rules for Auto WAN DEBUG Failover DEBUG Enabling attack
375. when 6to4 Prefixes are selected This should be the interface ID of the router s LAN interface used for router advertisements e IPv6 Prefix When using Global Local ISATAP prefixes this field is used to define the IPv6 network advertised by this router 23 Unified Services Router User Manual e IPv6 Prefix Length This value indicates the number contiguous higher order bits of the IPv6 address that define up the network portion of the address Typically this is 64 e Prefix Lifetime This defines the duration in seconds that the requesting node is allowed to use the advertised prefix It is analogous to DHCP lease time in an IPv4 network 24 Unified Services Router User Manual Figure 7 IPv6 Advertisement Prefix settings Network Network Pv6 LAN Settings Advertisement Prefixes Qo Le IPv Mode is not enabled IPv LAN Settings IPv Address Pools Prefixes for Prefix Delegation Router Advertisement Advertisement Prefixes This page allows user to configure IPv6 prefixes which will be used while advertisement The router advertisements configured with advertisement prefixes allow this router to inform hosts how to perform stateless address auto configuration Router advertisements contain a list of subnet prefixes that allow the router to determine neighbors and whether the host is on the same link as the router Advertisement Prefixes List Show 10 T entries Right click on record to get
376. with NULL argument ERROR kdoti 1 RogueAPEnable can not add more interfaces ERROR kdot1 1 RogueAPGetState called with NULL argument ERROR kdot1 1 RogueAPDisable called with NULL argument ERROR sS SKB does not exist FUNCTION __ ERROR s recvd invalid skb ERROR unable to register KIFDEV to UMI ERROR The system is going to factory defaults I CRITICAL s msg CRITICAL 02x data i CRITICAL Inside crypt_open in driver CRITICAL Inside crypt_release in driver CRITICAL Inside crypt_init module in driver CEE EECEE CRITICAL Inside crypt_cleanup module in driver CE EEECEE CRITICAL SKB is null p skb CRITICAL DST is null p dst CRITICAL 298 Unified Services Router Index d value d code x rate d flag x int validRatelndex i DEBUG RateTable d maxvalidrate d ratemax d pRc gt rateTableSize k oRc gt rateMaxPhy DEBUG Can t allocate memory for ath_vap DEBUG Unable to add an interface for ath_dev DEBUG s 02u 7s tag ix ciphers hk gt kv_type DEBUG 02x hk gt kv_valli DEBUG mac 02x 02x 02x 02x 02x 02x mac 0 mac 1 mac 2 mac 3 mac 4 mac 5 DEBUG mac 00 00 00 00 00 00 DEBUG 02x hk gt kv_mic i DEBUG txmic DEBUG 02x hk gt kv_txmicf i DEBUG Cannot support setting tx and rx keys individually DEBUG bogus frame type 0x x sS DEBUG ERROR ieee80211_encap ret NULL DEBUG ERROR ath amsdu_attach no
377. work Settings Users Wizard This Wizard guides you in creating a new user Date and Time Wizard This Wizard helps you in configuring Date and Time settings Run F Wile Unified Services Router net Connection Wizare User Manual Current Connection type DHCP Internet Connection DHCP _ E Choose this if your Internet connection automatically provides you with an IP Address Most Cable Modems use this type of connection z Choose this if your Internet connection requires PPTP username and password to get online Choose this if your Internet connection requires PPTP username and password to get online L TP Choose this if your Internet connection requires LTF a username and password to get online Step 1 of 2 45 PPPoE Choose this option if your Internet connection requires a username and password to get online Most DSL Static IP Address C Te Choose this option if your Internet Setup Provider provided you with IP Address information that has to be modems use this type of connecton manually configured nert Unified Services Router User Manual DHCP Connection Details DHCP Connection Dynamic IP Address MAC Address Source Use Default Address T Host Hame DNS settings DNS Server Source Get Dynamically from 3 2 You can start using the Wizard by logging in with the administrator password for the ro
378. x B Factory Default Settings EC e Device login User name case sensitive Login password case sensitive WAN MAC address IPv4 subnet mask Local area network LAN Disabled except traffic on port 80 the HTTP port Outbound communications to the Internet Enabled all Source MAC filtering Disabled Stealth mode Enabled Internet Connection Inbound communications from the Internet Unified Services Router User Manual Appendix C Standard Services Available for Port Forwarding amp Firewall Configuration ANY ICMP TYPE 8 AIM ICMP TYPE 9 BGP ICMP TYPE 10 BOOTP_CLIENT BOOTP_SERVER CU SEEME UDP CU SEEME TCP DNS UDP DNS TCP FINGER FTP HTTP HTTPS ICMP TYPE 3 ICMP TYPE 4 ICMP TYPE 5 ICMP TYPE 6 ICMP TYPE 7 ICMP TYPE 11 ICMP TYPE 13 ICQ IMAP2 IMAP3 IRC NEWS NFS NNTP PING POP3 PPTP RCMD REAL AUDIO REXEC 244 RLOGIN RTELNET RISP TCP RTSP UDP SFTP SMTP SNMP TCP SNMP UDP SNMP TRAPS TCP SNMP TRAPS UDP SQL NET SSH TCP SSH UDP STRMWORKS TACACS TELNET TFTP VDOLIVE Unified Services Router User Manual Appendix D Log Output Reference Facility System Networking DBUpdate event Table s BridgeConfig too few arguments to opCode d rowld d DEBUG command s ERROR BridgeConfig too few arguments to networkIntable txt not found DEBUG command s ERROR sqlite3QueryResGet failed DEBUG sqlite3QueryResGet failed Query s ERROR Interface is already
379. y gt Authentication gt External Auth Server gt RADIUS Server Enterprise Mode for wireless security uses a RADIUS Server for WPA and or WPA2 security A RADIUS server must be configured and accessible by the router to authenticate wireless client connections to an AP enabled with a profile that uses RADIUS authentication e The Authentication IP Address is required to identify the server A secondary RADIUS server provides redundancy in the event that the primary server cannot be reached by the router when needed 187 Unified Services Router User Manual e Authentication Port the port for the RADIUS server connection e Secret enter the shared secret that allows this router to log into the specified RADIUS server s This key must match the shared secret on the RADIUS Server e The Timeout and Retries fields are used to either move to a secondary server if the primary cannot be reached or to give up the RADIUS authentication attempt if communication with the server is not possible Figure 122 RADIUS Server configuration Security Security Authentication External Auth Server Radius Server Radius Server POP3 Server POP3 Trusted CA LDAP Server AD Server NT Domain This page configures the RADIUS servers to be used for authentication A RADIUS server maintains a database of user accounts used in larger environments If a RADIUS server is configured in the LAN it can be used for authenticating
380. z 10 11 12 13 10 11 12 13 7 8 9 36 40 44 48 149 40 48 153 36 44 149 5 Ghz 153 157 161 161 157 1 2 3 4 5 6 7 8 9 5 6 7 8 9 1 2 3 4 5 6 24 Japan 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 36 40 44 48 40 48 36 44 1 2 3 4 5 6 To 8 9 3 6 7 8 9 1 2 3 4 gt 6 25 Egypt 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 302 Unified Services Router User Manual le oe ee 5 Ghz 60 64 40 48 56 64 36 44 52 60 la tain en ce ae 26 Brazil 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 a asang aen enm 5 Ghz 153 157 161 165 161 157 min a ddl a sa 27 Canada 2 4Ghz 10 11 10 11 7 36 40 44 48 149 40 48 153 36 44 149 5 Ghz 153 157 161 165 161 157 1 Zs 3 4 2 6 T 8 9 5 6 7 8 9 1 2 3 4 5 6 28 China 2 4Ghz 10 11 12 13 10 11 12 13 7 8 9 36 40 44 48 149 40 48 153 36 44 149 5 Ghz 153 157 161 165 161 157 303 Unified Services Router User Manual Appendix G Product Statement 1 DSR 1000N Federal Communications Commission FCC Compliance Notice Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in acco
Download Pdf Manuals
Related Search