Watson SHDSL Router Web-based Management Manual Document Identification Document Version Document Revision Distribution Watson-SHDSL-Router-GUI-Manual.doc 2.
Revision History Revision Date Author Remarks 2.3.03 2.3-02 2.3-01 2.2-03 2.2-02 2.2-01 120229 100819 100111 091110 091109 090907 MHb MLr MLr MLr MLr MLr 2.1-01 2.0-01 1.0-01 090406 MLr 080616 MLr 070615 MLr Minor Update for TC-PAM 64/128 Updated software license notice Added port-based VLAN stacking Minor Updates Added ALG Rules configuration Added Stacked VLAN configuration Added hierarchical QoS configuration Updated Manual for SW Release 4.11.2 Updated Manual for SW Release 4.9.
Table of Contents Table of Contents ..................................................................................................................................... 1-1 1 Related Documents .......................................................................................................................... 1-1 2 Overview ........................................................................................................................................... 2-1 2.1 Introduction ................
Watson SHDSL Router Web-based Management Manual 8.3 8.4 8.5 8.6 9 1-2 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 8.2.3 Port Forwarding ...................................................................................................... 8-6 8.2.4 DMZ Host ............................................................................................................. 8-10 8.2.5 Port Triggering .....................................................................................................
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.6 9.7 9.8 9.9 Watson SHDSL Router Web-based Management Manual 9.5.2 CPU ...................................................................................................................... 9-95 9.5.3 Log ....................................................................................................................... 9-97 Routing ...................................................................................................................
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 5-13: Internet Connection - No Internet Connection ............................................................... 5-8 Figure 6-1: Internet Connection – Overview ....................................................................................... 6-1 Figure 6-2: Internet Connection – Settings .........................................................................................
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Figure 8-42: Add Traffic Priority Rule ............................................................................................... 8-42 Figure 8-43: Set DSCP Rule ............................................................................................................ 8-43 Figure 8-44: Set Priority with Queueing ...........................................................................................
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 8-93: Local Security Settings ................................................................................................. 8-77 Figure 8-94: Configuration Diagram ................................................................................................. 8-77 Figure 8-95: Network Connections ...................................................................................................
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Figure 9-19: Internet Protocol Settings – Automatic IP .................................................................... 9-19 Figure 9-20: Internet Protocol – Static IP ......................................................................................... 9-20 Figure 9-21: DNS Server – Automatic IP .........................................................................................
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 9-70: Network Bridging .......................................................................................................... 9-48 Figure 9-71: Connection Summary – Network Bridging ................................................................... 9-49 Figure 9-72: Bridge Properties .........................................................................................................
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Figure 9-121: DNS Server – Static IP............................................................................................... 9-75 Figure 9-122: Advanced Routing Properties .................................................................................... 9-76 Figure 9-123: PPP Configuration......................................................................................................
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 9-172: MAC Cloning Settings .................................................................................................. 9-3 Figure 9-173: Advanced Diagnostics ................................................................................................. 9-3 Figure 9-174: Protocols .................................................................................................................
1 Related Documents [1] Schmid Telecom, Watson SHDSL Router Manual [2] Schmid Telecom, Watson Ethernet Manual Revision: 2012-02-29 1-1
2 2.1 Overview Introduction Watson SHDSL router is an innovative Next-Generation DSL solution designed for enabling high-speed Internet or point-to-point connectivity to business customers. Watson SHDSL router uses Ethernet in the First Mile (EFM) technology, which is a transparent extension of Ethernet-base LANs into wide area networks. No conversion of packet formats is required when transiting between LAN and WAN.
3 Getting Started Connecting your computer or home network to the Watson SHDSL router is a simple procedure, varying slightly depending on your operating system. The setup is designed to seamlessly integrate Watson with your computer or home network. Moreover, zero-configuration is attained when taking advantage of Universal Plug-and-Play support in Windows XP. The Windows default network settings dictate that in most cases the setup procedure described below will be unnecessary.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Windows XP. Following are TCP/IP configuration instructions for all supported operating systems. Figure 3-1: IP and DNS Configuration 3.3.1 Windows XP 1. Access ‘Network Connections‘ from the Control Panel. 2. Right-click the Ethernet connection icon, and select ‘Properties‘. 3. Under the ‘General‘ tab, select the ‘Internet Protocol (TCP/IP)‘ component, and press the ‘Properties‘ button. 4.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 3. Select the ‘Internet Protocol (TCP/IP)‘ component, and press the ‘Properties‘ button. 4. The ‘Internet Protocol (TCP/IP)‘ properties will be displayed. Select the ‘Obtain an IP address automatically‘ radio button. Select the ‘Obtain DNS server address automatically‘ radio button. Click 'OK' to save the settings. 3.3.3 Linux 1. Login into the system as a super-user, by entering ‗su‘ at the prompt. 2.
Watson SHDSL Router Web-based Management Manual 3.4.1 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Configuring your DSL connection Select ‗Internet Connection‘ and then ‗Settings‘. The Internet Connection Settings screen appears. Figure 3-2: Internet Connection – DSL Settings Refer to section 6.2 for a detailed description of the DSL Settings. 3.4.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Refer to 5.4 to learn how to manualy configure your internet connection using the quick setup.
4 Using the Web-based Management This chapter describes how to use Watson Web-based management, which allows you to control all Watson‘s features and system parameters, using a user-friendly graphical interface. 4.1 Accessing the Web-based Management To access the Web-based management: 4. Launch a Web-browser on a computer in the LAN. 5. Type the gateway‘s IP address. The default IP address is 192.168.1.1 . 6. Enter your username and password to log on to the WBM.
Watson SHDSL Router Web-based Management Manual 4.2 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Navigational Aids The Web-based management is a user-friendly interface, designed as a Web site that can be explored with any Web browser. This section illustrates the WBM's page structure and describes its navigational components and their hierarchial manner. Figure 4-2: Navigation Components 1. The top level navigational aids are the Tabs, grouping the WBM screens into several main subject areas. 2.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 4.3 Watson SHDSL Router Web-based Management Manual Managing Tables Tables are structures used throughout the Web-based management. They handle user-defined entries relating to elements such as network connections, restrictions and configurable parameters. The principles outlined in this section apply to all tables in the WBM. Figure 4-4: Typical Table Structure Figure 4-4 illustrates a typical table. Each row defines an entry in the table.
5 5.1 Home Overview The 'Overview' screen presents Watson's status summary in one convenient location. You can quickly and efficiently view important details of your connection status and hardware peripherals, as well as the statuses of Watson's different services. The following is the default 'Overview' screen.
Watson SHDSL Router Web-based Management Manual 5.2 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Map View The network map depicts the various network elements, such as the Internet connection, firewall, gateway, internal network interface and local network computers and peripherals. Figure 5-2: The Network Map The following table explains the meaning of different network map symbols: Represents the Internet. Click this icon to configure the SHDSL connction and the WAN interface (refer to Section 6.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual progress box, located at the right hand side of the screen, provides a monitoring tool for the wizard's steps during the installation progress. Figure 5-3: Installation Wizard To start the installation wizard, click 'Next'. The wizard procedure will start, performing the steps listed in the progress box consecutively, stopping only if a step fails or if input is required.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 5-5: Test Internet Connection – Failure In this case, you can manually set the Internet connection type, by clicking the corresponding button. To learn about manually configuring your Internet connection, refer to Section 5.4.1. 5.3.2 Step 2: Setup Internet Connection If your Internet connection requires login details provided by your Internet Service Provider (ISP) (e.g.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Figure 5-6: Quick Setup 5.4.1 Configuring Your Internet Connection When subscribing to a broadband service, you should be aware of the method by which you are connected to the Internet. Technical information regarding the properties of your Internet connection should be provided by your Internet Service Provider (ISP).
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 5-7: WAN Ethernet Properties This screen provides all the configuration options for your WAN connection. For more information, refer to Section 9.4.3. 5.4.1.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 5.4.1.2 Automatic IP Address Ethernet Connection Select 'Automatic IP Address Ethernet Connection' from the 'Connection Type' combo-box (see Figure 5-9). Watson will obtain the WAN IP and DNS IP addresses from a DHCP server on the WAN. Figure 5-9: Internet Connection - Automatic IP Address Ethernet Connection 5.4.1.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 5-11: PPTP - Static IP Address 5.4.1.4 Point-to-point protocol over Ethernet (PPPoE) Select 'Point-to-point protocol over Ethernet (PPPoE)' from the 'Connection Type' combo box: Figure 5-12: Internet Connection - PPPoE Your Internet Service Provider (ISP) should provide you with the following information: Login user name Login password 5.4.1.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Share a broadband connection among multiple users (HTTP, FTP, Telnet, NetMeeting) and between all of the computers connected to your home network. Build a home network by connecting additional PCs and network devices to the gateway. Share resources (file servers, printers, etc.
6 6.1 Internet Connection Overview The 'Overview' screen provides general information regarding your SHDSL Connection and your Internet conncetion such as DSL link status, connection speed, internet connection's status, connection duration, and Internet address. Refer to this screen for a quick status reference.
Watson SHDSL Router Web-based Management Manual 6.2 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Settings The 'Settings' screen provides basic configuration options for the SHDSL modem and for the different types of Internet connections supported by Watson. Figure 6-2: Internet Connection – Settings Ethernet Encapsulation (TC Flow) Select either ‘EFM‘ or ‘HDLC‘ encapsulation.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Power Backoff Select ‗on‘ or ‗off‘. Default is ‗off‘. For short distances you can turn it on to reduce the transmitted power. Clock Mode To connect to other Schmid Telecom Watson devices use the default clock mode ‗1‘. If needed, choose another clock mode when connected to an SHDSL EFM device from another manufacturer.
Watson SHDSL Router Web-based Management Manual 6.3 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Diagnostics The 'Diagnostics' screen provides a series of tests aimed at validating your gateway's Internet connection. Figure 6-4: Internet Connection – Diagnostics Click 'Run' to begin the test routine. While testing is in progress, you may abort the diagnostics process by using the 'Abort' button.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 6.4 Watson SHDSL Router Web-based Management Manual SHDSL Status The 'SHDSL Status' screen provides the SHDSL port status and performance. Figure 6-6: Internet Connection – SHDSL Status Note: an important value to monitor is the ‘RX SNR Margin’. The RX SNR Margin should no be smaller than 4 dB to garanty good and reliable SHDSL performance. If the value is too small the linerate should be reduced to increase the RX SNR Margin.
7 7.1 Local Network Overview The 'Overview' screen presents your local network summary. This includes all connected devices. When this screen is loaded, Watson begins the process of automatically detecting the network services available on connected computers (hosts).
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 To view more information on a specific computer, click its respective link. The 'Host Information' screen appears. Figure 7-2: Host Information This screen presents all of the information relevant to the connected computer, such as connection information, available services, traffic statistics, and connection list. It also enables you to perform connectivity tests with the computer.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual screen appears (for more information, refer to Section 9.4). In addition, you can run a Ping or ARP test by clicking the respective 'Test Connectivity' button. The tests are performed in the 'Diagnostics' screen (refer to Section 9.8.8). Statistics This section displays the computer's traffic statistics, such as the number and size of transmitted and received packets.
8 8.1 Services Overview The 'Overview' screen presents a summary of Watson's services and their current status (enabled/disabled). These services are configurable via their respective tabs under the 'Services' main tab. Figure 8-1: Services Overview 8.2 Firewall Watson's gateway security suite includes comprehensive and robust security services: Stateful Packet Inspection Firewall, user authentication protocols and password protection mechanisms.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 The 'Overview' screen allows you to choose the security level for the firewall (refer to Section 8.2.1) The 'Access Control' screen can be used to restrict access from the home network to the Internet (refer to Section 8.2.2).
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual ing to a flexible and configurable set of rules. These rules are designed to prevent unwanted intrusions from the outside, while allowing home users access to the Internet services that they require. The firewall rules specify what types of services available on the Internet may be accessed from the home network and what types of services available in the home network may be accessed from the Internet.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Access Control defines restrictions on the types of requests that may pass from the home network out to the Internet, and thus may block traffic flowing in both directions. It can also be used for allowing specific services when maximum security is configured.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual The ‗Protocol’ drop-down menu menu lets you select or specify the type of protocol that will be used. Selecting the 'Show All Services' option will expand the list of available protocols. Select a protocol or add a new one using the 'User Defined' option. This will commence a sequence that will add a new service, representing the protocol. Refer to Section 9.9.1 in order to learn how to do so.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Click the 'OK' button to save your changes and return to the 'Access Control' screen. You can disable an access control rule in order to make a service available without having to remove the rule from the 'Access Control' screen. This may be useful if you wish to make the service available only temporarily and expect that you will want to reinstate the restriction in the future.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Additionally, port forwarding enables you to redirect traffic to a different port instead of the one to which it was designated. For example, you have a Web server running on your PC on port 8080 and you want to grant access to this server to anyone who accesses Watson via HTTP.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Click the 'New Entry' link. The 'Add Port Forwarding Rule' screen appears. Figure 8-8: Add Port Forwarding Rule Select the 'Specify Public IP Address' check box if you would like to apply this rule on Watson's non-default IP address, defined in the 'NAT' screen (refer to Section 8.2.7). Figure 8-9: Specify Public IP Address Enter the additional external IP address in the 'Public IP Address' field.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 1. Click the 'OK' button to save your changes. The 'Port Forwarding' screen will display a summary of the rule that you just added. Figure 8-11: Port Forwarding Rule You may edit the port forwarding rule by clicking its entry under the 'Local Host' column in the 'Port Forwarding' screen.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 1. From a LAN PC, browse to Watson's WBM and click 'Advanced'. Click the 'Remote Administration' icon, and check the 'Using Primary HTTP Port (80)' check box. Figure 8-12: Allow Incoming WAN Access to Web-Management 2. Click 'OK' to save the settings. 3. Verify that remote administration is enabled, by accessing Watson's WBM from a WAN PC. To define a port forwarding rule, perform the following: 1.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual An incoming request for access to a service in the home network, such as a Webserver, is fielded by Watson. Watson will forward this request to the DMZ host (if one is designated) unless the service is being provided by another PC in the home network (assigned in Port Forwarding), in which case that PC will receive the request instead.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 and sending it back to the LAN Host which originated the outgoing traffic to UDP port 2222. Select the 'Port Triggering' tab in the 'Security' management screen. The 'Port Triggering' screen will appear. This screen will list all of the port triggering entries. Figure 8-14: Port Triggering Let's add an entry for the application server example above: Figure 8-15: New Port Triggering Rule 1.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual You can disable a port triggering rule without having to remove it from the 'Port Triggering' screen. To temporarily disable a rule, clear the check box next to the service name. To reinstate it at a later time, simply reselect the check box. To remove a rule, click the permanently removed. action icon for the service.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 7. Click the 'Refresh' button to update the status if necessary. If the site is successfully located then 'Resolved' will appear in the status bar, otherwise 'Hostname Resolution Failed' will appear. In case Watson fails to locate the website, do the following: Use a Web browser to verify that the website is available. If it is, then you probably entered the website address incorrectly.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual such as a security server, requires that packets have a specific IP address – you can define a NAT rule for that address. 8.2.7.1 Configuration Click the 'NAT' tab in the 'Security' management screen. The 'NAT' screen will appear .
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Select between IP address, subnet or range in the 'Network Object Type' combo box, and enter the information respectively. To add a new NAT/NAPT rule, click the 'New Entry' link in the 'NAT/NAPT Rule Sets' section. The 'Add NAT/NAPT Rule' screen will appear. Figure 8-19: Add NAT/NAPT Rule This screen is divided into two main sections, 'Matching' and 'Operation'.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual NAT Addresses The NAT address into which the original IP address will be translated. The combo box displays all of your available NAT addresses/ranges, from which you can select an entry. If you would like to add a single address or a subrange from the given pool/range, select the 'User Defined' option in the combo box. Similarly, this will commence a sequence that will add a new network object.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 8.2.7.3 Adding NAT/NAPT IP Addresses In the following examples, LAN IP addresses are marked 192.168.1.X, while NAT addresses are marked 192.168.71.X. Assuming your obtained public IP addresses are 192.168.71.12 through 192.168.71.20, add them as NAT IP addresses to the WAN Ethernet settings, as follows: Figure 8-20: NAT IP Addresses 1. Click the 'NAT' tab in the 'Security' management screen.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 4. Back in the 'Add NAT/NAPT Rule' screen, select the '192.168.71.12' option in the 'NAT Addresses' combo box. The screen will refresh, adding this address as a NAT IP address. 5. Click 'OK' to save the settings.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 STEP 3 Translate the range 192.168.1.21–192.168.1.25 to 192.168.71.13– 192.168.71.14. Define this NAT rule in the same manner depicted above. The following attention message will be displayed: Figure 8-23: Attention Click 'OK'.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 1. Select the 'NAPT' option in the 'Operation' section combo box. The screen will refresh: Figure 8-25: Add NAPT Rule 2. Add a NAPT address by selecting the 'User Defined' option. 3. Enter 1024-1050 as the range of ports in the 'NAPT Ports' section. 4. Click 'OK' to save the settings.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 STEP 5 Translate the address 192.168.1.6 to 192.168.71.16 ports 1024-1100. Define this NAPT rule in the same manner depicted above. The rule will be displayed in the 'NAT' screen: Figure 8-27: NAT/NAPT Rule Sets This rule translates a LAN IP address to a NAT IP address with ports 1024-1100.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Figure 8-28: Connection List Click 'Advanced' to display the following details: The connection's time-to-live The number of kilo-bytes and packets received and transmitted The device type The routing mode The 'Approximate Max. Connections' value represents the amount of additional concurrent connections possible. 8.2.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 To view Watson's advanced filtering options, click 'Advanced Filtering' under the 'Firewall' tab in the 'Services' screen. The 'Advanced Filtering' screen appears: Figure 8-29: Advanced Filtering 8.2.9.1 Adding Input and Output Rules The first two sections of the 'Advanced Filtering' screen—'Input Rule Sets' and 'Output Rule Sets', are designed for configuring inbound and outbound traffic respectively.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Figure 8-30: Move Up and Move Down Action Icons There are numerous rules automatically inserted by the firewall in order to provide improved security and block harmful attacks. To add an advanced filtering rule, first choose the traffic direction and the device on which to set the rule. Then click the appropriate 'New Entry' link.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Destination Address The destination address of packets sent or received by Watson. This address can be configured in the same manner as the source address. This entry enables further filtration of the packets. Protocol You may also specify a traffic protocol. Selecting the 'Show All Services' option from the drop-down menu will expand the list of available protocols.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual outbound traffic respectively. Note that Watson is automatically configured with ALG rules for several widespread protocols. You can edit a rule by clicking its respective action icon, or remove it by clicking the action icon . To create an ALG rule, either inbound or outbound, click the 'New Entry' link that corresponds to the rule type you would like to define. The 'Add ALG Rule' screen appears.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 will commence a sequence that will add a new Service, representing the protocol. Refer to Section 9.9.2 in order to learn how to do so. Operation Define which ALG will be used, by selecting one from the designated drop-down menu. Logging Monitor the rule. Log Packets Matched by This Rule Select this check box to log the first packet from a connection that was matched by this rule.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Event There are five kinds of events: Inbound Traffic: The event is a result of an incoming packet. Outbound Traffic: The event is a result of outgoing packet. Firewall Setup: Configuration message. WBM Login: Indicates that a user has logged in to WBM. CLI Login: Indicates that a user has logged in to CLI (via Telnet).
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 1. Click the 'Settings' button that appears at the top of the 'Firewall Log' screen. The 'Log Settings' screen appears. Figure 8-34: Log Settings 2. Select the types of activities for which you would like to have a log message generated: Accepted Events Accepted Incoming Connections: Write a log message for each successful attempt to establish an inbound connection to the home network.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Prevent Log Overrun: Select this check box in order to stop logging firewall activities when the memory allocated for the log fills up. Click 'OK' to save the settings. The following are the available event types that can be recorded in the firewall log: Firewall internal - an accompanying explanation from the firewall internal mechanism will be added in case this event-type is recorded.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 AUTH:113 request - an outbound packet for AUTH protocol has been accepted (for maximum security level). Packet-Cable - for future use. IPV6 over IPV4 - an IPv6 over IPv4 packet has been accepted. ARP - an ARP packet has been accepted. PPP Discover - a PPP discover packet has been accepted. PPP Session - a PPP session packet has been accepted. 802.1Q - a 802.1Q (VLAN) packet has been accepted.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Error: No memory - a message notifying that a new connection has not been established because of lack of memory. NAT Error : Connection pool is full - a message notifying that a connection has not been created because the connection pool is full. NAT Error: No free NAT IP - a message notifying that there is no free NAT IP, therefore NAT has failed.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 7. Click 'OK' to save the settings. Figure 8-35: Enabling Secure Remote Administration Apply firewall protection on the LAN: 1. Click the 'Network Connections' tab under 'System'. 2. Click the 'LAN Ethernet' connection link. 3. Click the 'Advanced' button. 4. Enable the 'Internet Connection Firewall' check box. 5. Click 'OK' to save the settings.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual lected network traffic. This is achieved by shaping the traffic and processing higher priority traffic before lower priority traffic. As Quality of Service is dependent on the ‖weakest link in the chain‖, failure of a single component along the data path to assure priority packet transmission can easily cause a VoIP call or a Video on Demand (VoD) broadcast to fail miserably.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Click the QoS tab under 'Services'. The 'General' screen appears with the 'Overview' link being selected. Figure 8-37: General WAN Devices Bandwidth (Rx/Tx) Before selecting the QoS profile that mostly suits your needs, select your bandwidth from this drop-down menu. If you do not see an appropriate entry, select 'User Defined', and enter your Tx and Rx bandwidths manually.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Rx Bandwidth This parameter defines the gateway's Internet traffic reception rate. Enter your Rx bandwidth in Kbits per second. Entering inaccurate Tx/Rx values will cause incorrect behavior of the QoS module. It is important to set these fields as accurately as possible.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 8.3.2.1 Application View By default, the information is presented in "By Application" view. The screen refreshes constantly. You can stop its refreshing by using the 'Auto Refresh Off' button at the bottom of the screen. Figure 8-38: Internet Connection Utilization by Application The table displays the following information fields.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual In this example, the application "Domain Name Server" is running on computer 192.168.2.1, using UDP protocol on port 53. This screen provides a combined application and computer view, and enables you to select the general traffic priorities for that computer. 8.3.2.2 Computer View The "By Computer" tab presents a table displaying the sum of bandwidth used by each LAN computer.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 The first traffic-priority (classless) rule has precedence over all other trafficpriority rules. There is no prevention of a traffic-priority rule conflicting with a class rule. In this case, the priority and DSCP setting of the class rule (if given) will take precedence. Connection-based QoS also allows inheriting QoS parameters by some of the applications that open subsequent connections.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 1. Under the 'QoS' menu item, click 'Traffic Priority'. The 'Traffic Priority' screen appears. This screen is divided into two identical sections, one for 'QoS input rules' and the other for 'QoS output rules', which are for prioritizing inbound and outbound traffic, respectively. Each section lists all the gateway devices on which rules can be set.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 2. After choosing the traffic direction and the device on which to set the rule, click the appropriate 'New Entry' link. The 'Add Traffic Priority Rule' screen appears. Figure 8-42: Add Traffic Priority Rule This screen is divided into two main sections, 'Matching' and 'Operation', which are for defining the operation to be executed when matching conditions apply.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Using a protocol requires observing the relationship between a client and a server, in order to distinguish between the source and destination ports. For example, let's assume you have an FTP server in your LAN, serving clients inquiring from the WAN.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Apply QoS on Select whether to apply QoS on a connection or just the first packet. When applying on a connection, the data transfer session will be handled using Stateful Packet Inspection (SPI). This means that other packets matching this rule will be automatically allowed to access, and the same QoS scheme will be applied to them. Logging Monitor the rule.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual bandwidth will be available to all other traffic. However when needed, the entire class is reserved solely for its owner. Moreover, you can limit the maximum bandwidth that a class can use even if the entire bandwidth is available. When a shaping class is first defined for a specific traffic type, two shaping classes are created.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 1. Click 'OK'. The 'Edit Device Traffic Shaping' screen appears. Figure 8-46: Edit Device Traffic Shaping 8.3.4.3 Tx Traffic Shaping The bandwidth of a device can be divided in order to reserve constant portions of bandwidth to predefined traffic types. Such a portion is known as a Shaping Class.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual TCP Serialization You can enable TCP Serialization in its drop-down menu, either for active voice calls only or for all traffic. The screen will refresh, adding a 'Maximum Delay' field (see Figure 8-47). This function allows you to define the maximal allowed transmission time frame (in milliseconds) of a single packet.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 2. Back in the 'Edit Device Traffic Shaping' screen, click the class name to edit the shaping class. Alternatively, click its screen appears. action icon . The 'Edit Shaping Class' Figure 8-49: Edit Shaping Class Configure the following fields: Name The name of the class.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual fic's class. This level of prioritizing provides more flexibility in distributing bandwidth between traffic types, by defining additional classes within a parent class. HTB Hierarchical Tocken Bucket allows using one single physical link to simulate multiple slower links and to send different kinds of traffic on different simulated links.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 To define an Rx Traffic Policy Class: 1. Click the 'New Entry' link in the 'Rx Traffic Policing' section of the 'Edit Device Traffic Shaping' screen. The 'Add Policing Class' screen appears. Figure 8-52: Add Policing Class 2. Name the new class and click 'OK' to save the settings, e.g. Class B. 3. Back in the 'Edit Device Traffic Shaping' screen, click the class name to edit the shaping class.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Packets are specifically marked, allowing network nodes to provide different levels of service, as appropriate for voice calls, video playback or other delay-sensitive applications, via priority queuing or bandwidth allocation, or by choosing dedicated routes for specific traffic flows. Diffserv defines a field in IP packet headers referred to as DSCP.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 8-56: Edit DSCP Settings 3. Configure the following fields: DSCP Value (hex) Enter a hexadecimal number that will serve as the DSCP value. 802.1p Priority Select a 802.1p priority level from the drop-down menu (each priority level is mapped to low/medium/high priority queue). 4. Click 'OK' to save the settings.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 8.3.7 Watson SHDSL Router Web-based Management Manual Class Statistics Watson provides you with accurate, real-time information on the traffic moving through your defined device classes. For example, the amount of packets sent, dropped or delayed, are just a few of the parameters that you can monitor per each shaping class. To view your class statistics, click 'Class Statistics' under the QoS menu item. The following screen appears.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Connection type: Tunnel, Transport Use of Internet Security Association and Key Management Protocol (ISAKMP) in main and aggressive modes Key management: Manual, Automatic (Internet Key Exchange) NAT Traversal Negotiation for resolution of NATed tunnel endpoint scenarios Dead Peer Detection for tunnel disconnection in case the remote endpoint ceases to operate Gateway authentication: X.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Anti-Replay Protection Select this option to enable dropping of packets that are recognized (by their sequence number) as already been received. Connections This section will display the list of IPSec connections. To learn how to create an IPSec connection, refer to Section 9.4.14. 8.4.1.2.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 3. Click 'OK' to save the settings. Figure 8-61: IPSec Log Settings 8.4.1.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 'Network Connections' screen (refer to Section 9.4). To configure an IPSec connection settings, perform the following: 1. Press the connection's action icon . The 'VPN IPSec Properties' screen appears, displaying the 'General' sub-tab. Figure 8-62: VPN IPSec Properties – General 2. Press the 'Settings' sub-tab, and configure the following settings.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 will allow you to choose between the available rules. To learn how to configure scheduler rules, refer to Section 9.9.3. Network Select whether the parameters you are configuring relate to a WAN, LAN or DMZ connection, by selecting the connection type from the drop-down menu. For more information, refer to Section 9.4.2. 3. Press the 'Routing' sub-tab, and define the connection's routing rules.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Host Name or IP Address of Destination Gateway The IP address of your IPSec peer. If your connection is an IPSec Server, this field will display "Any Remote Gateway". Encapsulation Type Select between 'Tunneling' or 'Transport' encapsulation. 'Transport' encapsulation is performed between two gateways (no subnets), and therefore needs no explicit configuration.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 1.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Figure 8-66: Automatic Key Exchange Settings Auto Reconnect The IPSec connection will reconnect automatically if disconnected for any reason. Enable Dead Peer Detection Watson will detect whether the tunnel endpoint has ceased to operate, in which case will terminate the connection. Note that this feature will be functional only if the other tunnel endpoint supports it.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 check-boxes are replaced by radio buttons, presenting strict propositions according to your selections. Negotiation attempts Select the number of negotiation attempts to be performed in the automatic key exchange method. If all attempts fail, Watson will wait for a negotiation request. Life Time in Seconds valid.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 2. ‗Manua‘l key definition: Figure 8-67: Manual Key Definition Security Parameter Index (SPI): (HEX, 100 - FFFFFFFF) A 32 bit value that together with an IP address and a security protocol, uniquely identifies a particular security association. The local and remote values must be coordinated with their respective values on the IPSec peer.
Watson SHDSL Router Web-based Management Manual 8.4.1.4.1 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Configuring IPSec on Watson 1. Under the 'System' tab, click the 'Network Connections' menu item. The 'Network Connections' screen appears. Figure 8-68: Network Connections 2. Click the 'New Connection' link. The 'Connection Wizard' screen appears.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 3. Select the 'Connect to a Virtual Private Network over the Internet' radio button and click 'Next'. The 'Connect to a Virtual Private Network over the Internet' screen appears. Figure 8-70: Connect to a Virtual Private Network over the Internet 4. Select the 'VPN Client or Point-To-Point' radio button and click 'Next'. The 'VPN Client or Point-To-Point' screen appears.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 5. Select the 'Internet Protocol Security (IPSec)' radio button and click 'Next'. The 'Internet Protocol Security (IPSec)' screen appears. Figure 8-72: Internet Protocol Security (IPSec) 6. Specify the following parameters: Host Name or IP Address of Destination Gateway Remote IP Select "Same as Gateway". Encapsulation Type Select "Tunnel". Shared Secret Enter "hr5x". Specify 22.23.24.25 7.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 8. Click 'Finish'. The 'Network Connections' screen displays the newly created IPSec connection. Figure 8-74: New VPN IPSec Connection 8.4.1.4.2 Configuring IPSec on the Windows Host The following IP addresses are needed for the host configuration: Windows IP address – referred to as . Watson WAN IP address – referred to as .
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Right-click the 'IP Security Policies on Local Computer' and choose 'Create IP Security Policy...'. The IP Security Policy Wizard appears. Figure 8-76: IP Security Policy Wizard Click 'Next' and type a name for your policy, for example "Watson Connection".
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Click 'Next'. The 'Requests for Secure Communication' screen appears. Figure 8-78: Requests for Secure Communication Deselect the 'Activate the default response rule' check box, and click 'Next'. The 'Completing the IP Security Policy Wizard' screen appears.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Make sure that the 'Edit Properties' check box is selected, and click 'Finish'. The 'Watson Connection Properties' window appears. Figure 8-80: Watson Connection Properties Click 'OK'. 2. Building Filter List 1 – Windows XP to Watson: In the 'Local Security Settings' window, right-click the new 'Watson Connection' policy, created in the previous step, and select Properties.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Under the IP Filter List tab, click the 'Add' button. The 'IP Filter List' window appears. Figure 8-82: IP Filter List Enter the name "Windows XP to Watson" for the filter list, and deselect the 'Use Add Wizard' check box. Then, click the 'Add' button. The 'Filter Properties' window appears. Figure 8-83: Filter Properties In the 'Source address' drop-down menu, select 'My IP Address'.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 In the 'Destination address' drop-down menu, select 'A Specific IP Subnet'. In the 'IP Address' field, enter the LAN Subnet (), and in the 'Subnet mask' field enter 255.255.255.0. Click the 'Description' tab if you would like to enter a description for your filter. Click the 'OK' button. Click 'OK' again in the 'IP Filter List' window to save the settings. 3.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 4. Configuring Individual Rule of Tunnel 1 (Windows XP to Watson): Under the 'IP Filter List' tab of the 'New Rule Properties' window, select the 'Windows XP to Watson' radio button. Figure 8-85: IP Filter List Click the 'Filter Action' tab.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Select the 'Require Security' radio button, and click the 'Edit' button. The 'Require Security Properties' window appears. Figure 8-87: Require Security Properties Verify that the 'Negotiate security' option is enabled, and deselect the 'Accept unsecured communication, but always respond using IPSec' check box.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Under the 'Tunnel Setting' tab, select the 'The tunnel endpoint is specified by this IP Address' radio button, and enter . Figure 8-89: Tunnel Setting Under the 'Connection Type' tab, verify that 'All network connections' is selected. Click the 'Apply' button and then click the 'OK' button to save this rule. 5.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Under the 'Authentication Methods' tab, click the Edit button. The 'Edit Authentication Method Properties' window appears (see Figure 8-88). Select the 'Use this string (preshared key)' radio button, and enter a string that will be used as the key (for example, 1234). Click the 'OK' button.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 6. Assigning the New IPSec Policy: In the 'Local Security Settings' window, rightclick the 'Watson Connection' policy, and select 'Assign'. A small green arrow will appear on the policy's folder icon and its status under the 'Policy Assigned' column will change to 'Yes'. Figure 8-93: Local Security Settings 8.4.1.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 1. LAN Interface Settings Under the 'System' tab, click the 'Network Connections' menu item. The 'Network Connections' screen appears.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual If your LAN Ethernet connection is bridged, click the 'LAN Bridge' link. Otherwise, click the 'LAN Switch' link. The 'LAN Switch Properties' screen appears.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Internet Protocol Select "Use the Following IP Address" IP Address Specify 10.5.6.1 Subnet Mask Specify 255.255.255.0 IP Address Distribution Select "DHCP Server" Start IP Address Specify 10.5.6.1 End IP Address Specify 10.5.6.254 Subnet Mask Specify 255.255.255.0 Note: When configuring Gateway B, the IP address should be 172.23.9.1, according to the example depicted above.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Click the 'WAN Ethernet' link, the 'WAN Ethernet Properties' screen appears. Figure 8-99: WAN Ethernet Properties – General Press the 'Settings' tab, and configure the following settings: Figure 8-100: WAN Ethernet Properties – Settings Internet Protocol Select "Use the Following IP Address" IP Address Specify 14.15.16.17 Subnet Mask Specify the appropriate subnet mask, i.e 255.0.0.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Click 'OK' to save the settings. 8.4.1.5.2 Gateway-to-Gateway with Pre-shared Secrets A typical gateway-to-gateway VPN uses a pre-shared secret for authentication. Gateway A connects its internal LAN 10.5.6.0/24 to the Internet. Gateway A's LAN interface has the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17. Gateway B connects the internal LAN 172.23.9.0/24 to the Internet.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 1. Under the 'System' tab, click the 'Network Connections' menu item. The 'Network Connections' screen appears. Figure 8-101: Network Connections 2. Click the 'New Connection' link. The 'Connection Wizard' screen appears.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 3. Select the 'Connect to a Virtual Private Network over the Internet' radio button and click 'Next'. The 'Connect to a Virtual Private Network over the Internet' screen appears. Figure 8-103: Connect to a Virtual Private Network over the Internet 4. Select the 'VPN Client or Point-To-Point' radio button and click 'Next'. The 'VPN Client or Point-To-Point' screen appears.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 5. Select the 'Internet Protocol Security (IPSec)' radio button and click 'Next'. The 'Internet Protocol Security (IPSec)' screen appears. Figure 8-105: Internet Protocol Security (IPSec) 6. Specify the following parameters, as depicted in Figure 8-106 Host Name or IP Address of Destination Gateway Specify 22.23.24.25 Remote IP Select "IP Subnet" Remote Subnet IP Address Specify 172.23.9.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 7. Click 'Next', the 'Connection Summary' screen appears. Figure 8-107: Connection Summary 8. Select the 'Edit the Newly Created Connection' check box, and click 'Finish'. The 'VPN IPSec Properties' screen appears, displaying the 'General' tab. 9. Press the 'IPSec' tab, and configure the following settings: Deselect the 'Compress' check box.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 3. Use the Linux 'CA.sh' utility. Note that only the required fields are listed below. For the rest, you may simply press Enter. $ /usr/lib/ssl/misc/CA.sh -newca Enter PEM pass phrase: Common Name: Enter pass phrase for ./demoCA/private/./cakey.pem: For more information about this script, run 'man CA.pl' (CA.pl and CA.sh are the same). 4.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 In the 'Certificate Name' field, enter "Watson-1" (and "Watson-2" on the other gateway, respectively). Figure 8-109: Create X509 Request Click 'Generate' and then 'Refresh'. The 'New X509 Request' screen appears. Figure 8-110: New X509 Request Click 'Download Certificate Request', ~/cert_create/Watson-1/2_Watson.csr.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual In the 'Watson's Local' sub-tab, click 'Upload Certificate'. The 'Load Watson's Local Certificate' screen appears. Browse for the location of the certificate, which is ~/cert_create/_newcert.pem, and click 'Upload'. Figure 8-111: Load Watson's Local Certificate To authenticate the VPN connection with the created certificates, perform the following: 1.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Perform the same procedure on Gateway B with its respective parameters. When done, the IPSec connection's status should change to "Connected". 8.4.2 Point-to-Point Tunneling Protocol Server Watson can act as a Point-to-Point Tunneling Protocol Server (PPTP Server), accepting PPTP client connection requests. 8.4.2.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 8.4.2.2 Advanced PPTP Server Settings To configure advanced PPTP server settings press the 'Advanced' button on the PPTP screen. The screen expands, offering additional settings: Figure 8-114: Advanced PPTP Server Parameters Maximum Idle Time to Disconnect in Seconds Specify the amount of idle time (during which no data is sent or received) that should elapse before the gateway disconnects a PPTP connection.
Watson SHDSL Router Web-based Management Manual 8.5 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Personal Domain Name (Dynamic DNS) The Dynamic DNS (DDNS) service enables you to alias a dynamic IP address to a static hostname, allowing your computer to be more easily accessible from various locations on the Internet.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 2. Click the 'New Dynamic DNS Entry' link to add a new DDNS entry. The 'Dynamic DNS' screen appears: Figure 8-116: Dynamic DNS 3. Specify the DDNS parameters: Host Name Enter your full DDNS domain name. Connection DDNS service. Select the connection to which you would like to couple the Provider Select your DDNS service provider. The screen will refresh, displaying the parameters required by each provider.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 SSL Mode With Watson versions that support Secure Socket Layer (SSL), secured DDNS services are accessed using HTTPS. Upon connection, Watson validates the DDNS server's certificate. Use this entry to choose the certificate's validation method. None Do not validate the server's certificate. Chain Validate the entire certificate chain.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Access this feature either from the 'Advanced' tab under the 'Services' screen, or by clicking its icon in the 'Advanced' screen. The DNS table will be displayed. Figure 8-118: DNS Table To add a new entry to the list: Click the 'New DNS Entry' button. The 'DNS Entry' screen will appear. Enter the computer's host name and IP address. Click 'OK' to save the settings.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 1. Click the device's Watson SHDSL Router Web-based Management Manual action icon . The DHCP settings for this device appears: Figure 8-120: DHCP Server Settings for LAN Switch 2. Select the DHCP service: Disabled Disable the DHCP server for this device. DHCP Server Enable the DHCP server for this device. DHCP Relay 8.6.2.2).
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 8.6.2.2 DHCP Relay Settings To configure a device as a DHCP relay, perform the following steps: 1. Select the 'DHCP Relay' option in the 'IP Address Distribution' combo-box under the Service section (see Figure 8-120). The screen will refresh. Figure 8-121: DHCP Relay Settings for LAN Switch 2. Click the 'New IP Address' link.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 8. In the 'Routing Mode' combo-box, select "Route". This will change Watson's WAN to work in routing mode, which is necessary in order for DHCP relaying to function properly. Figure 8-123: Configure WAN Ethernet – Routing 9. Click 'OK' to save the settings. 8.6.2.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 1. Click the 'New Static Connection' link. The 'DHCP Connection Settings' screen appears: Figure 8-125: DHCP Connection Settings 2. Enter a host name for this connection. 3. Enter the fixed IP address that you would like to have assigned to the computer. 4. Enter the MAC address of the computer's network card.
9 9.1 System Overview The System 'Overview' screen presents a summary of Watson's system status indication. This includes various details about your Watson product. Figure 9-1: System Monitoring Overview 9.2 Settings 9.2.1 Overview The 'System Settings' screen allows you to configure various system and management parameters: System Configure general system parameters. Watson's Hostname Specify the gateway's host name. The host name is the gateway's URL address.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Session Lifetime The duration of idle time (in seconds) in which the WBM session will remain active. When this duration times out, the user will have to re-login.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Secondary HTTPS Management Client Authentication Secure Telnet over SSL Client Authentication The applied authentication settings can be either of the following: None The client is not authenticated during the SSL connection. Therefore, the client does not need to have a certificate recognized by Watson, which can be used for authentication (for more information about certificates, refer to Section 9.9.4).
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 9-3: System Settings Outgoing Mail Server Server field. Configure outgoing mail server parameters. Enter the hostname of your outgoing (SMTP) server in the 'Server' From Email Address Each email requires a 'from' address and some outgoing servers refuse to forward mail without a valid 'from' address for anti-spam considerations. Enter a 'from' email address in the 'From Email Address' field.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual your user name and password in the 'User Name' and 'Password' fields respectively. HTTP Interception Intercept HTTP Traffic for Assisting with Internet Connectivity Problems If the WAN device is physically disconnected or cannot obtain an up and running status, Watson will display an explanation of the connection's status.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 9-4: Date and Time Settings 2. Select the local time zone from the drop-down menu. Watson can automatically detect daylight saving setting for selected time zones. If the daylight saving settings for your time zone are not automatically detected, the following fields will be displayed: Enabled Select this check box to enable daylight saving time. Start Date and time when daylight saving starts.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual In the 'Update Every' field, specify the frequency of performing the update. You can define a time server address by clicking the 'New Entry' link at the bottom of the 'Automatic Time Update' section. You can find a list of time server addresses sorted by region at http://www.pool.ntp.org.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Click the 'Internet Time' tab. The window changes to the following. Figure 9-6: Windows–Internet Time Screen In the 'Server' field, enter Watson's LAN IP address (The default one is 192.168.1.1). Click 'Update Now'. Windows will synchronize with Watson's SNTP server. In addition, Windows will perform a periodical synchronization with the SNTP server. Click 'OK' to save the settings.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.3 Watson SHDSL Router Web-based Management Manual Users The 'Users' screen lists the currently defined users and provides a link to add new users. You may also group users according to your preferences. This screen can also be accessed by clicking the 'Users' icon in the 'Advanced' screen. The "Administrator" is a default user provided by the system.
Watson SHDSL Router Web-based Management Manual 9.3.1 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 User Settings To add a new user, click the 'New User' link. The 'User Settings' screen appears. Figure 9-8: User Settings 9.3.1.1 General Full Name The remote user's full name. User Name The name that a user will use to access your network. New Password The user's password. Retype New Password its correctness.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 'Warning' and 'Error' events. If the 'Warning' level is selected the user will receive notification of 'Warning' and 'Error' events etc. To configure email notification for a specific user: First make sure you have configured an outgoing mail server in 'System Settings'. A click on the 'Configure Mail Server' link will display the 'System Settings' page were you can configure the outgoing mail server.
Watson SHDSL Router Web-based Management Manual 9.4 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Network Connections Watson supports various network connections, both physical and logical. The Network Connections screen enables you to configure the various parameters of your physical connections, the LAN and WAN, and create new connections, using tunneling protocols over existing connections, such as PPP and VPN.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual WAN Ethernet (refer to Section 9.4.3). LAN Switch (refer to Section 9.4.4 ). LAN Ethernet (refer to Section 9.4.5). DSL (refer to Section 9.4.6). The logical network connections available with Watson are: WAN - Internet Connection DHCP - Dynamic Host Configuration Protocol (refer to Section 9.4.7). Manual - IP Address Configuration (refer to Section 9.4.8).
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 In order to create a connection on your gateway using the wizard, click the 'New Connection' link in the Network Connections screen. The 'Connection Wizard' screen will appear. Figure 9-12: Connection Wizard This screen presents you with the main connection types.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Advanced Connection Selecting this option will take you to the 'Advanced Connection' screen. This section is a central starting point for all the aforementioned logical network connections. In addition, it provides the sequence for creating the Network Bridge and VLAN Interface connections.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Each logical connection described later in this chapter will include the "route" needed to be taken through the Connection Wizard in order for the connection to be created. 9.4.2 Network Types Every network connection in Watson can be configured as one of three types: WAN, LAN or DMZ. This provides high flexibility and increased functionality.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.4.3.1 General To view and edit the WAN Ethernet connection settings, click the 'WAN Ethernet' link in the 'Network Connections' screen (see Figure 9-11). The 'WAN Ethernet Properties' screen will appear, displaying a detailed summary of the connection's parameters, under the 'General' tab. These parameters can be edited in the rest of the screen's tabs, as described in the following sections.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual nection may be active. Once a scheduler rule(s) is defined, the drop-down menu will allow you to choose between the available rules. To learn how to configure scheduler rules, refer to Section 9.9.3. Network Select whether the parameters you are configuring relate to a WAN, LAN or DMZ connection, by selecting the connection type from the drop-down menu. For more information, refer to Section 9.4.2.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Use the Following IP Address Your connection can be configured using a permanent (static) IP address. Your service provider should provide you with such an IP address and subnet mask. Figure 9-20: Internet Protocol – Static IP DNS Server Domain Name System (DNS) is the method by which Web site domain names are translated into IP addresses.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Subnet Mask A mask used to determine to what subnet an IP address belongs. An example of a subnet mask value is 255.255.0.0. Lease Time In Minutes Each device will be assigned an IP address by the DHCP server for a this amount of time, when it connects to the network. When the lease expires the server will determine if the computer has disconnected from the network.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 9-25: DHCP Relay Server Address Specify the IP address of the DHCP server. Click 'OK' to save the settings. Disabled – Select 'Disabled' from the combo-box if you do not want to assign IP addresses to the WAN. This is the standard setting for the WAN interface. Figure 9-26: IP Address Distribution - Disable DHCP 9.4.3.3 Routing You can choose to setup your gateway to use static or dynamic routing.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Routing Information Protocol (RIP) Select this check box to enable the Routing Information Protocol (RIP). RIP determines a route based on the smallest hop count between source and destination. When RIP is enabled, select the following: Listen to RIP messages—select 'None', 'RIPv1', 'RIPv2' or 'RIPv1/2'. Send RIP messages—select 'None', 'RIPv1', 'RIPv2-broadcast' or 'RIPv2multicast'.
Watson SHDSL Router Web-based Management Manual 9.4.4 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 LAN Switch The LAN Switch interface represents Watson's integrated Ethernet Switch. 9.4.4.1 General To view and edit the LAN Switch settings, click the 'LAN Switch' link in the 'Network Connections' screen (see Figure 9-11). The 'LAN Switch Properties' screen appears, displaying a detailed summary of the connection's parameters, under the 'General' tab.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Physical Address The physical address of the network card used for your network. Some cards allow you to change this address. MTU MTU is the Maximum Transmission Unit. It specifies the largest packet size permitted for Internet transmission. In the default setting, Automatic, the gateway selects the best MTU for your Internet connection. Select 'Automatic by DHCP' to have the DHCP determine the MTU.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Use the Following IP Address Your connection can be configured using a permanent (static) IP address. Your service provider should provide you with such an IP address and subnet mask. Figure 9-34: Internet Protocol – Static IP DNS Server Domain Name System (DNS) is the method by which Web site domain names are translated into IP addresses.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Subnet Mask A mask used to determine to what subnet an IP address belongs. An example of a subnet mask value is 255.255.0.0. Lease Time In Minutes Each device will be assigned an IP address by the DHCP server for a this amount of time, when it connects to the network. When the lease expires the server will determine if the computer has disconnected from the network.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Click the 'New IP Address' link. The 'DHCP Relay Server Address' screen will appear: Figure 9-39: DHCP Relay Server Address Specify the IP address of the DHCP server. Click 'OK' to save the settings. Disabled - Select 'Disabled' from the combo-box if you would like to statically assign IP addresses to your network computers. Figure 9-40: IP Address Distribution - Disable DHCP 9.4.4.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Send RIP messages—select 'None', 'RIPv1', 'RIPv2-broadcast' or 'RIPv2multicast'. Multicast – IGMP Proxy Internal IGMP proxy enables the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP interfaces. IGMP proxy enables the routing of multicast packets according to the IGMP requests of LAN devices asking to join multicast groups.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 In 802.1q mode the untagged packets (packets with no VLAN tag) that arrive in a port, will be tagged with the default VLAN identifier that is configured for each port. Figure 9-42: Switch VLAN VLAN Mode Select one of the following Switch modes: Transparent In transparent mode the switch is transparent to all VLANs. 802.1q In 802.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual VLANs – Allows you to add and delete VLANs from the VLAN table in the manner described in Section 4.3. Click the 'New Entry' link to add a VLAN to the table. The ‗Add Switch VLAN Screen‘ appears: Figure 9-43: Add Switch VLAN VLAN ID – The VLAN identifier of VLAN. Port – Each port can either be ‗T‘ tagged, ‗U‘ untagged or ‗–‗ not member of this VLAN.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 3. Upon transmission, ports that are marked with ‗T‘ (tagged) will send the packets tagged and ports that are marked with ‗U‘ (untagged) will send the packets untagged. Ports 1, 2, 5 and 6 will send the packets untagged. Ports 3, 4, 7 and 8 will send the packets tagged. The Trunk port will send packet which belongs to VLAN 100 untagged, packets which belongs to VLAN 200 tagged. 4.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Figure 9-46: Additional IP Addresses 9.4.5 LAN Ethernet A LAN Ethernet connection connects computers to Watson using Ethernet cables. 9.4.5.1 General To view and edit the LAN Ethernet connection settings, click the 'LAN Ethernet' link in the 'Network Connections' screen (see Figure 9-11). You may need to press the 'Advanced' button to expand the screen and display all connection entries.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.4.5.2 Settings Figure 8.48. LAN Ethernet Settings Phy Mode Manualy select the Ethernet connection speed or select autoneg for automatic negotiation of connection speed. The different possible selection are: autonegotiation mode, 10BT half duplex, 10BT full duplex, 100BTX half duplex, 100BTX full duplex. Figure 8.48. LAN Ethernet PHY mode Flow Control Enables the Ethernet Flow control mechanism.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 9.4.6.1 DSL Configuration To edit the DSL configuration, click the ‗DSL‘ link in the ‘Network Connections‘ screen (see Figure 9-11). The ‗Internet Connection Settings‘ screen will appear. Figure 9-48: DSL Configuration Ethernet Encapsulation (TC Flow) Select ‘EFM‘ or ‘HDLC‘ encapsulation. Use ‗HDLC‘ encapsulation when the Watson SHDSL router is connected to a Watson Ethernet plug-in (SZ.866.V654) [2].
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 9-49: DSL Status Click 'Clear Counters' to reset the performance counters. 9.4.7 Dynamic Host Configuration Protocol (DHCP) The Dynamic Host Configuration Protocol (DHCP) connection is a dynamic negotiation method, where the client obtains an IP address automatically from the service provider when connecting to the Internet. To configure a new DHCP connection, perform the following steps: 1.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Figure 9-50: Ethernet Connection 4. Select the 'Dynamic Negotiation (DHCP)' radio button and click Next. The 'Connection Summary' screen will appear. Figure 9-51: Connection Summary 5. Select the 'Edit the Connection' check box if you wish to be routed to the WAN Ethernet Properties screen after clicking 'Finish'. 6. Click Finish to save the settings.
Watson SHDSL Router Web-based Management Manual 9.4.8 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Manual IP Address Configuration The Manual IP Address Configuration connection is used to manually configure the networking IP addresses when connecting to the Internet. To manually configure the IP addresses, perform the following steps: 1. Click the 'New Connection' link in the 'Network Connections' screen (see Figure 9-11). The 'Connection Wizard' screen appears (see Figure 9-12). 2.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 4. Select the 'Manual IP Address Configuration' radio button and click Next. The 'Manual IP Address Configuration' screen appears: Figure 9-53: Manual IP Address Configuration 5. Enter the IP address, subnet mask, default gateway, and DNS server addresses in their respective fields. These values should either be provided to you by your ISP or configured by your system administrator. 6. Click Next.
Watson SHDSL Router Web-based Management Manual 9.4.9 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Point-to-Point Protocol over Ethernet (PPPoE) Point-to-Point Protocol over Ethernet (PPPoE) relies on two widely accepted standards, PPP and Ethernet. PPPoE enables your home network PCs that communicate on an Ethernet network to exchange information with PCs on the Internet.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 5. Enter the username and password provided by your Internet Service Provider (ISP), and click Next. The 'Connection Summary' screen will appear. Figure 9-56: Connection Summary 6. Select the 'Edit the Newly Created Connection' check box if you wish to be routed to the new connection's configuration screen after clicking 'Finish'. This screen is described later in this chapter. 7.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.4.9.2 General To view and edit the PPPoE connection settings, click the 'WAN PPPoE' link in the 'Network Connections' screen (see Figure 9-11). The 'WAN PPPoE Properties' screen will appear, displaying a detailed summary of the connection's parameters, under the 'General' tab. These parameters can be edited in the rest of the screen's tabs, as described in the following sections.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Network Select whether the parameters you are configuring relate to a WAN, LAN or DMZ connection, by selecting the connection type from the drop-down menu. For more information, refer to 9.4.2. MTU MTU is the Maximum Transmission Unit. It specifies the largest packet size permitted for Internet transmission. In the default setting, Automatic, the gateway selects the best MTU for your Internet connection.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Use the Following IP Address Your connection can be configured using a permanent (static) IP address. Your service provider should provide you with such an IP address and subnet mask. Figure 9-61: Internet Protocol – Static IP DNS Server Domain Name System (DNS) is the method by which Web site domain names are translated into IP addresses.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual ple devices, a topology that necessitates port translation in addition to address translation. Device Metric The device metric is a value used by the gateway to determine whether one route is superior to another, considering parameters such as bandwidth, delay, and more. Default Route route.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 PPP-on-Demand Use PPP on demand to initiate the point-to-point protocol session only when packets are actually sent over the Internet. Time Between Reconnect Attempts Specify the duration between PPP reconnected attempts, as provided by your ISP.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Support Microsoft CHAP Version 2 Select this check box if you are communicating with a peer that uses Microsoft CHAP Version 2 authentication protocol. PPP Encryption PPP supports encryption facilities to secure the data across the network connection. A wide variety of encryption methods may be negotiated, although typically only one method is used in each direction of the link.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.4.9.6 Advanced Internet Connection Firewall Your gateway's firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network such as the Internet. The firewall can be activated per network connection. To enable the firewall on this network connection, select the 'Enabled' check box. To learn more about your gateway's security features, refer to Section 8.2.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 4. Click 'Next'. The 'Connection Summary' screen appears, corresponding to your changes. Figure 9-71: Connection Summary – Network Bridging 5. Select the 'Edit the Connection' check box if you wish to be routed to the ‗Bridge Properties‘ screen after clicking 'Finish'. This screen is described later in this chapter. 6. Click 'Finish' to save the settings.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson detects LAN hosts that should be bridged to the WAN according to their MAC address or a specific DHCP option (either Vendor Class ID, Client ID or User Class ID). Once detected, these LAN hosts are placed under the WAN-LAN bridge, which you must add and configure for the hybrid bridging mode beforehand. To add the WAN-LAN bridge, follow the Connection Wizard steps described in Section 9.4.10.1.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 1. In the 'Bridge Properties' screen, click the 'Routing' tab. The following screen appears. Figure 9-73: Bridge Routing Settings 2. From the 'Routing Mode' drop-down menu, select 'Route' and click 'Apply'. The following warning screen appears. Figure 9-74: Browser Reload Warning Message 3. Click 'OK'. The page refreshes while saving the new settings, and returns to the previous screen.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 4. Click the 'Bridging' tab. The following screen appears. Figure 9-75: WAN-LAN Bridging Settings 5. In the 'Bridge Filter' section, click the 'New Entry' link. The following screen appears. Figure 9-76: Bridge Filter Settings 6. From the drop-down menu in the 'Operation' section, select the WAN-LAN bridge. If not renamed, its default entry appears as "Bridge (br0)".
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 7. From the 'Source Address' drop-down menu, select 'User Defined'. The 'Edit Network Object' screen appears. Figure 9-77: Edit Network Object 8. Click the 'New Entry' link. The 'Edit Item' screen appears.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 From the 'Network Object Type' drop-down menu, select 'DHCP Option'. The screen refreshes, changing to the following. Figure 9-79: Edit Item – DHCP Options From the designated drop-down menu, select one of the DHCP options. The field below changes accordingly. Enter a relevant value for the DHCP option (should be supplied by a service provider). Click 'OK' to save the settings.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 9.4.10.3 General To view and edit the Network Bridging connection settings, click the 'Bridge' link in the 'Network Connections' screen (see Figure 9-11). The 'Bridge Properties' screen will appear, displaying a detailed summary of the connection's parameters, under the 'General' tab. These parameters can be edited in the rest of the screen's tabs, as described in the following sections.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Schedule By default, the connection will always be active. However, you can configure scheduler rules in order to define time segments during which the connection may be active. Once a scheduler rule(s) is defined, the drop-down menu will allow you to choose between the available rules. To learn how to configure scheduler rules, refer to Section 9.9.3.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Obtain an IP Address Automatically Your connection is configured by default to act as a DHCP client. You should keep this configuration in case your service provider supports DHCP, or if you are connecting using a dynamic IP address. The server that assigns the gateway with an IP address, also assigns a subnet mask.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 To manually configure DNS server addresses, select 'Use the Following DNS Server Addresses' from the 'DNS Server' drop down menu (see figure 'DNS Server – Static IP'). Specify up to two different DNS server address, one primary, another secondary. Figure 9-86: DNS Server – Static IP To learn more about this feature, refer to Section 8.6.1.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Click 'OK' to save the settings. Figure 9-87: IP Address Distribution – DHCP Server DHCP Relay – Your gateway can act as a DHCP relay in case you would like to dynamically assign IP addresses from a DHCP server other than your gateway's DHCP server. Note that when selecting this option you must also change Watson's WAN to work in routing mode. For more information, refer to Section 8.6.2.2.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Disabled – Select 'Disabled' from the combo-box if you do not want to assign IP addresses to the WAN. This is the standard setting for the WAN interface. Figure 9-90: IP Address Distribution - Disable DHCP 9.4.10.5 Routing You can choose to setup your gateway to use static or dynamic routing.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Routing Table Allows you to add or modify routes when this device is active. Use the 'New Route' button to add a route or edit existing routes. Figure 9-91: Advanced Routing Properties To learn more about this feature, refer to Section 9.6.1. 9.4.10.6 Bridging This section allows you to specify the devices that you would like to join under the network bridge.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.4.10.7 Stacked VLAN Mode A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network. Use VLAN stacking to add an outer VLAN tag to the inner IEEE 802.1Q tagged frames that enter the network.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Figure 9-94: Stacked VLAN Mode The ‘Service Tag Protocol ID’ defines the VLAN TPID of the outer tag. According to the IEEE 802.1ad standard the value shall be 0x88a8. But in order to allow backwards compatibility with older VLAN stacking equipments the value can be defined to any other value. The ‘Management VID’ defines the VLAN ID of the outer VLAN which is reserved for managing the device.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 This screen is divided into two main sections, 'Matching' and 'Operation'. The 'Matching' section let‘s you select which C-VLAN (Customer VLAN) is going to be doubled tagged. The S-VLAN (Provider VLAN) which will be added is defined in the 'Operation' section.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual interface (see Chapter 9.4.11). After reconnection the LAN Switch Ports appears in the Stacked VLAN mode table. For each LAN Switch Port the default provider SVLAN ID and S-VLAN Priority can be defined. The ‘VID’ defines the default VLAN ID of the outer tag (Service Provider tag) which will be added to frames ingressing the selected LAN Switch Port.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 1. Select the 'VLAN Interface' radio button and click 'Next'. The 'VLAN Interface' screen appears. Figure 9-99: VLAN Interface 2. Select the underlying device for this interface. The drop-down menu will display Watson's Ethernet connections. 3. Enter a value that will serve as the VLAN ID, and click 'Next'. The 'Connection Summary' screen appears. Figure 9-100: Connection Summary 4.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual pears, displaying a detailed summary of the connection's parameters, under the 'General' sub-tab. These parameters can be edited in the rest of the screen's tabs, as described in the following sections. Figure 9-101: VLAN Interface Properties 9.4.11.3 Settings This section displays the connection's general parameters.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Network Select whether the parameters you are configuring relate to a WAN, LAN or DMZ connection, by selecting the connection type from the drop-down menu. For more information, refer to Section 9.4.2. Physical Address The physical address of the Ethernet Bridge. MTU MTU is the Maximum Transmission Unit. It specifies the largest packet size permitted for Internet transmission.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Use the Following IP Address Your connection can be configured using a permanent (static) IP address. Your service provider should provide you with such an IP address and subnet mask. Figure 9-105: Internet Protocol – Static IP 9.4.11.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Figure 9-109: DSCP Remarks Table 2. Click the 'New DSCP Remark' link. The following screen appears. Figure 9-110: DSCP Remark Entry Settings 3. Enter the 802.1p CoS and DSCP values to be associated, and click 'OK'. The new pair of values will appear in the table. 4. Click 'OK' to save the settings. 9.4.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 3. Select the 'Point-To-Point Tunneling Protocol (PPTP)' radio button and click Next. The 'Point-to-Point Tunneling Protocol (PPTP)' screen appears. Figure 9-111: Point-to-Point Tunneling Protocol 4. Enter the PPTP server host name or IP address provided by your ISP. 5. Enter the username and password provided by your Internet Service Provider (ISP). 6. Click 'Next'. The 'Connection Summary' screen appears.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.4.12.2 Creating a PPTP VPN connection with the Connection Wizard To create a new PPTP VPN connection, perform the following steps: 1. In the 'Network Connections' screen (see Figure 9-11), click the 'New Connection' link. The 'Connection Wizard' screen appears (see Figure 9-12). 2. Select the 'Advanced Connection' radio button and click 'Next'. The 'Advanced Connection' screen appears (see Figure 9-15). 3.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 7. Select the 'Edit the Newly Created Connection' check box if you wish to be routed to the PPTP VPN Properties screen after clicking 'Finish'. This screen is described later in this chapter. 8. Click 'Finish' to save the settings. The new PPTP VPN connection is added to the network connections list, and is configurable like any other connection. 9.4.12.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 will allow you to choose between the available rules. To learn how to configure scheduler rules, refer to Section 9.9.3. Network Select whether the parameters you are configuring relate to a WAN, LAN or DMZ connection, by selecting the connection type from the drop-down menu. For more information, refer to Section 9.4.2. MTU MTU is the Maximum Transmission Unit.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Use the Following IP Address Your connection can be configured using a permanent (static) IP address. Your service provider should provide you with such an IP address and subnet mask. Figure 9-119: Internet Protocol – Static IP DNS Server Domain Name System (DNS) is the method by which Web site domain names are translated into IP addresses.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 tiple devices, a topology that necessitates port translation in addition to address translation. Device Metric The device metric is a value used by the gateway to determine whether one route is superior to another, considering parameters such as bandwidth, delay, and more. Default Route route.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Time Between Reconnect Attempts Specify the duration between PPP reconnected attempts, as provided by your ISP. Figure 9-123: PPP Configuration PPP Authentication Point-to-Point Protocol (PPP) currently supports four authentication protocols: Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Microsoft CHAP version 1 and 2.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 PPP Encryption PPP supports encryption facilities to secure the data across the network connection. A wide variety of encryption methods may be negotiated, although typically only one method is used in each direction of the link. This section allows you to select the encryption methods your gateway may use when negotiating with a PPTP server.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 9.4.12.8 Advanced Internet Connection Firewall Your gateway's firewall helps protect your computer by preventing unauthorized users from gaining access to it through a network such as the Internet. The firewall can be activated per network connection. To enable the firewall on this network connection, select the 'Enabled' check box. To learn more about your gateway's security features, refer to Section 8.2.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 5. Click Next. The 'Connection Summary' screen appears. Note the attention message alerting that there are no users with VPN permissions.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 6. Check the 'Edit the Newly Created Connection' check box and click Finish. The 'Point-to-Point Tunneling Protocol Server (PPTP Server)' screen appears: Figure 9-130: Advanced PPTP Server Parameters 7. Click the 'Click Here to Create VPN Users' link to define remote users that will be granted access to your home network. Refer to Section 9.3 to learn how to define and configure users. 8.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 2. Select the 'Advanced Connection' radio button and click 'Next'. The 'Advanced Connection' screen appears (see Figure 9-15). 3. Select the 'Internet Protocol Security (IPSec)' radio button and click 'Next'. The 'Internet Protocol Security (IPSec)' screen appears. Figure 9-131: Internet Protocol Security (IPSec) 4. Enter the host or IP address of the destination gateway. 5.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Figure 9-132: Connection Summary 8. Select the 'Edit the Newly Created Connection' check box if you wish to be routed to the VPN IPSec Properties screen after clicking 'Finish'. 9. Click 'Finish' to save the settings. The new IPSec connection will be added to the network connections list, and will be configurable like any connection.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 3. Select the 'Internet Protocol Security Server (IPSec Server)' radio button and click Next. The 'Internet Protocol Security Server (IPSec Server)' screen appears: Figure 9-133: Internet Protocol Security Server (IPSec Server) 4. Enter the IPSec shared secret, which is the encryption key jointly decided upon with the network you are trying to access. 5. Click Next.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.4.16 Watson SHDSL Router Web-based Management Manual Internet Protocol over Internet Protocol (IPIP) Watson allows you to create an IPIP tunnel to another router, by encapsulating IP packets in IP. This tunnel can be managed as any other network connection. Supported by many routers, this protocol enables using multiple network schemes. Note, however, that IPIP tunnels are not secured. 9.4.16.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 6. Enter the IP address and subnet mask of the remote network that will be accessed via the tunnel, and click Next. The 'Connection Summary' screen appears: Figure 9-136: Connection Summary 7. Select the 'Edit the Connection' check box if you wish to be routed to the WAN IPIP Properties screen after clicking 'Finish'. This screen is described later in this chapter. 8. Click Finish to save the settings.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 9.4.16.2 General To view and edit the IPIP connection settings, click the 'WAN IPIP' link in the 'Network Connections' screen (see Figure 9-11). The 'WAN IPIP Properties' screen will appear, displaying a detailed summary of the connection's parameters, under the 'General' tab. These parameters can be edited in the rest of the screen's tabs, as described in the following sections.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 will allow you to choose between the available rules. To learn how to configure scheduler rules, refer to Section 9.9.3. Network Select whether the parameters you are configuring relate to a WAN, LAN or DMZ connection, by selecting the connection type from the drop-down menu. For more information, refer to Section 9.4.2. MTU MTU is the Maximum Transmission Unit.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Routing Table Allows you to add or modify routes when this device is active. Use the 'New Route' button to add a route or edit existing routes. Figure 9-139: Advanced Routing Properties To learn more about this feature, refer to Section 9.6.1. 9.4.16.5 IPIP The tunnel's remote endpoint IP address. Figure 9-140: IPIP 9.4.16.
Watson SHDSL Router Web-based Management Manual 9.4.17 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 General Routing Encapsulation (GRE) Watson allows you to create a GRE tunnel in order to transport multicast traffic and IPv6, in addition to other existing tunneling capabilities (e.g. IPIP, PPTP). 9.4.17.1 Creation with the Connection Wizard To create a new GRE tunnel, perform the following steps: 1. In the 'Network Connections' screen (see Figure 9-11), click the 'New Connection' link.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 6. Enter the IP address and subnet mask of the remote network that will be accessed via the tunnel, and click Next. The 'Connection Summary' screen appears: Figure 9-143: Connection Summary 7. Select the 'Edit the Connection' check box if you wish to be routed to the GRE Properties screen after clicking 'Finish'. This screen is described later in this chapter. 8. Click Finish to save the settings.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.4.17.2 General To view and edit the GRE connection settings, click the 'WAN GRE' link in the 'Network Connections' screen (see Figure 9-11). The 'WAN GRE Properties' screen will appear, displaying a detailed summary of the connection's parameters, under the 'General' tab. These parameters can be edited in the rest of the screen's tabs, as described in the following sections.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual will allow you to choose between the available rules. To learn how to configure scheduler rules, refer to Section 8.9.3. Network Select whether the parameters you are configuring relate to a WAN, LAN or DMZ connection, by selecting the connection type from the drop-down menu. For more information, refer to Section 8.4.2. MTU MTU is the Maximum Transmission Unit.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Routing Table Allows you to add or modify routes when this device is active. Use the 'New Route' button to add a route or edit existing routes. Figure 9-146: Advanced Routing Properties To learn more about this feature, refer to Section 9.6.1. 9.4.17.5 GRE The tunnel's remote endpoint IP address. Figure 9-147: GRE 9.4.17.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.5 Monitor 9.5.1 Network Watson SHDSL Router Web-based Management Manual The Monitoring screen displays a table summarizing the monitored connection data. Watson constantly monitors traffic within the local network and between the local network and the Internet. You can view statistical information about data received from and transmitted to the Internet (WAN) and to computers in the local network (LAN).
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 In addition, this screen displays a list of all the processes currently running on Watson and their virtual memory usage. The screen is automatically refreshed by default, though you may change this by clicking 'Automatic Refresh Off'.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.5.3 Watson SHDSL Router Web-based Management Manual Log The 'System Log' screen displays a list of recent activities that has taken place on Watson. Note that if you would like to view Watson's system log in your host's command prompt, you must install and run the syslog server. Figure 9-151: System Log Use the buttons at the top of the page to: Close Close the 'Log' screen and return to Watson's home page.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 this filter. To add a new filter, click the 'New Filter' link or its corresponding icon . The screen refreshes. action Figure 9-152: System Log Filters Using the drop-down lists, select the component and severity level by which to sort the log messages. Click 'Apply Filters' to display the messages in your specified criteria.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.6 Routing 9.6.1 Overview Watson SHDSL Router Web-based Management Manual Access Watson's routing settings by clicking the 'Routing' tab under the 'System' screen, or by clicking the 'Routing' icon in the 'Advanced' screen. The 'Routing' screen appears. Figure 9-153: Routing 9.6.1.1 Routing Table You can add, edit and delete routing rules from the routing table in the manner described in Section 4.3. Click the 'New Route' link.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 When adding a routing rule, you need to specify the following: Name Select the network device. Destination The destination is the destination host, subnet address, network address, or default route. The destination for a default route is 0.0.0.0. Netmask The network mask is used in conjunction with the destination to determine when a route is used. Gateway Enter the gateway's IP address.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Open Shortest Path First Protocol (OSPF) An Interior Gateway Protocol (IGP) used to distribute routing information within a single Autonomous System (for more information, refer to the protocol's RFC at http://www.ietf.org/rfc/rfc2328.txt). The feature's routing engine is based on the Quagga GNU routing software package.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 To activate the routing engine, you need to create a configuration file for the protocol daemon, and also for Zebra. Zebra is Quagga's IP routing management daemon, which provides kernel routing table updates, interface lookups, and redistribution of routes between the routing protocols. Note: To view examples of the http://www.quagga.net/docs/quagga.pdf . configuration files, browse 3.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.6.3 Watson SHDSL Router Web-based Management Manual PPPoE Relay PPPoE Relay enables Watson to relay packets on PPPoE connections, while keeping its designated functionality for any additional connections. The PPPoE Relay screen displays a check-box that enables PPPoE Relay. Figure 9-157: PPPoE Relay 9.7 Management 9.7.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 2. Double-click the 'Internet Gateway Device' icon. The WBM login screen appears in a browser window. This method is similar to opening a browser window and typing in '192.168.1.1'. To monitor the status of the connection between Watson and the Internet: 1. Open the 'Network Connections' control panel. 2. Double-click 'Internet Connection' icon.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 7. Select a local service that you would like to make available to computers on the Internet. The 'Service Settings' window will automatically appear. Figure 9-159: Service Settings: Edit Service 8. Enter the local IP address of the computer that provides this service and click 'OK'. 9. Select other services as desired and repeat the previous step for each. 10. Click 'OK' to save the settings.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 13. Complete the fields as indicated in the window. 14. Click 'OK' to close the window and return to the 'Advanced Settings' window. The service will be selected. 15. Click 'OK' to save the settings. 9.7.1.2 UPnP Configuration The UPnP feature is enabled by default.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 1. Access this feature either from the 'Management' menu item under the 'System' tab, or by clicking its icon in the 'Advanced' screen. The 'SNMP' screen appears: Figure 9-162: SNMP Management 2. Specify the SNMP parameters, as provided by your Internet service provider: Allow Incoming WAN Access to SNMP access to Watson's SNMP over the Internet.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 formation is exchanged between a management station and Watson's SNMP agent in the form of an SNMP message. The advantage of the third version of SNMP over the previous versions is that it provides user authentication, privacy, and access control.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Watson> conf set /snmp/mibs/usm_mib/usmuser_table/13.128.0.42.47.128.242.184.29.85 .234.15 .79.65.5.97.100.109.105.110/clone_from 0.0 Watson> conf set /snmp/mibs/usm_mib/usmuser_table/13.128.0.42.47.128.242.184.29.85 .234.15 .79.65.5.97.100.109.105.110/engine_id The sub-OID 13.128.0.42.47.128.242.184.29.85.234.15.79.65 stands for the engine ID (with length of 13 octets).
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 $ snmpset -v2c -c private vacmAccessContextMatch.11.97.100.109.105.110 .95.103.114.111.117.112.0.3.1 i exact $ snmpset -v2c -c private vacmAccessReadViewName.11.97.100.109.105.110 .95.103.114.111.117.112.0.3.1 s admin_view $ snmpset -v2c -c private vacmAccessWriteViewName.11.97.100.109.105 .110.95.103.114.111.117.112.0.3.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Remote access to Watson is blocked by default to ensure the security of your home network. However, remote access is supported by the following services, and you may use the 'Remote Administration' screen to selectively enable these services if they are needed.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Note: Web Management, Telnet and SSH may be used to modify settings of the firewall or disable it. The user may also change local IP addresses and other settings, making it difficult or impossible to access the gateway from the home network. Therefore, remote access to Telnet or HTTP services should be blocked and should only be permitted when it is absolutely necessary.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.7.4 Watson SHDSL Router Web-based Management Manual Secure Shell Secure Shell (SSH) is a protocol that provides encrypted connections to remote hosts or servers. Watson supports SSH connection requests from LAN clients with administrative permissions. When connected, a secured command-line session will grant a user access to all system settings and parameters. This service can also be opened to WAN clients. To learn more, please refer to Section 9.7.3.
Watson SHDSL Router Web-based Management Manual 9.8 Maintenance 9.8.1 About Watson Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 The 'About Watson' screen presents various details about Watson's software version, such as version number, type of platform and list of features. In addition, it displays Schmid Telecom's contact information.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 1. Access this feature either from the 'Maintenance' tab under the 'System' screen, or by clicking its icon in the 'Advanced' screen. The 'Configuration File' screen appears, displaying the complete contents of Watson's configuration file. Figure 9-167: Configuration File 2. Press the 'Load Configuration File' button to restore your configuration from a file and restart Watson. 3.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 2. Press 'OK' to reboot Watson. This may take up to one minute. To re-enter the WBM after restarting the gateway, press the browser's 'Refresh' button. 9.8.4 Restore Factory MAC Address Watson enables you to restore the MAC address of the WAN and LAN interfaces to the initial factory assigned address. Changing MAC addresses may interrupt the management connection.
9.8.6 Watson Firmware Upgrade Watson offers a built-in mechanism for upgrading its software image, without losing any of your custom configurations and settings. There are two methods for upgrading the software image: Upgrading from a local computer—use a software image file pre-downloaded to your PC's disk drive or located on the accompanying evaluation CD.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 3. Enter the path of the software image file, or click the 'Browse' button to browse for the file on your PC, and click 'OK'. Note: You can only use files with an ' rmt ' extension when performing the firmware upgrade procedure. The file will start loading from your PC to the gateway.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 1. Access this feature either from the 'Maintenance' tab under the 'System' screen, or by clicking its icon in the 'Advanced' screen. The 'MAC Cloning' screen appears: Figure 9-172: MAC Cloning Settings 2. Enter the physical MAC address to be cloned. 3. Press the 'Clone My MAC Address' button. 9.8.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.8.8.1 Diagnosing Network Connectivity To diagnose network connectivity, perform the following steps: 1. Under the Ping section, enter the IP address or URL to be tested in the 'Destination' field. 2. Enter the number of pings you would like to perform. 3. Press the 'Go' button. 4. In a few seconds, diagnostic statistics will be displayed. If no new information is displayed, press the 'Refresh' button. 9.8.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 9.9 Objects and Rules 9.9.1 Protocols Watson SHDSL Router Web-based Management Manual The Protocols feature incorporates a list of preset and user-defined applications and common port settings. You can use protocols in various security features such as Access Control and Port Forwarding. You may add new protocols to support new applications or edit existing ones according to your needs.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 1. Click the 'New Entry' link in the 'Protocols' screen. The 'Edit Service' screen appears: Figure 9-175: Edit Service 2. Name the service in the 'Service Name' field, and click the 'New Server Ports' link. The 'Edit Service Server Ports' screen appears. You may choose any of the protocols available in the combo box, or add a new one by selecting 'Other'.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual tion more persistent against network configuration settings. Moreover, Watson supports DHCP Option 60, enabling application of security and QoS rules on a network object according to its unique vendor class ID. For example, an IP telephone can be identified and applied with specific QoS priority rules. To define a network object: 1.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 3. Name the network object in the Description field, and click New Entry to create it. The 'Edit Item' screen appears. Figure 9-179: Edit Item 4. When selecting a method from the combo box, the screen refreshes, presenting the respective fields for entering the relevant information. The group definition can be according to one of the following methods: IP Address Enter an IP address common to the group.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 2. Click the 'New Entry' link. The 'Edit Scheduler Rule' screen appears: Figure 9-181: Edit Scheduler Rule 3. Specify a name for the rule in the 'Name' field. 4. Specify if the rule will be active/inactive during the designated time period, by selecting the apporpriate 'Rule Activity Settings' check-box. 5. Click the 'New Time Segment Entry' link to define the time segment to which the rule will apply.
Watson SHDSL Router Web-based Management Manual 9.9.4 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Certificates 9.9.4.1 Overview Public-key cryptography uses a pair of keys: a public key and a corresponding private key. These keys can play opposite roles, either encrypting or decrypting data. Your public key is made known to the world, while your private key is kept secret.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual The serial number of the certificate the entity (application or person) that created the certificate is responsible for assigning it a unique serial number to distinguish it from other certificates it issues. This information is used in numerous ways; for example when a certificate is revoked, its serial number is placed on a Certificate Revocation List (CRL).
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 name and some information about you on it, plus the signature of the person who issued it to you. Figure 9-183: Certificate Window 1. Access this feature either from the 'Objects and Rules' tab under the 'System' screen, or by clicking its icon in the 'Advanced' screen. The 'Certificates' screen appears.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 2. Click the 'Create Certificate Request' button. The 'Create X509 Request' screen appears: Figure 9-185: Create X509 Request 3. Enter the following certification request parameters: Certificate Name Subject Organization State Country 4. Click the 'Generate' button. A screen appears, stating that the certification request is being generated. 5.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 7. Click the 'Close' button. The main certificate management screen reappears, listing your certificate as "Unsigned". In this state, the request file may be opened at any time by pressing the action icon and then 'Open' in the dialogue box (Windows only). Figure 9-186: Unsigned Certification Request 8. After receiving a reply from the CA in form of a '.pem' file, click the 'Upload Certificate' link.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 1. Access this feature either from the 'Objects and Rules' tab under the 'System' screen, or by clicking its icon in the 'Advanced' screen. The 'Certificates' screen appears (see Figure 9-184). 2. Click the 'Create Self Signed Certificate' button. The 'Create Self Signed X509 Certificate' screen appears. Figure 9-188: Create Self Signed X509 Certificate 3.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 5. After a short while, press the 'Refresh' button, until the 'Certificate Details' screen appears. Figure 9-190: Certificate Details 6. Click the 'OK' button. The main certificate management screen reappears, displaying the certificate name and issuer. Figure 9-191: Loaded Certificate 7. Click the Save button and then 'Open' in the dialogue box to view the 'Certificate' window (Windows only).
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual 2. Click the 'Load Certificate' link. The 'Load Watson's Local Certificate' screen appears: Figure 9-192: Load Certificate 3. Use the Browse button to browse to the '.p12' file. If the private key is encrypted using a password, type it in the password entry (otherwise leave the entry empty) and press "Load" to load the certificate.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 3. Click the 'Upload Certificate' link. The 'Load CA's Certificate' screen appears. Figure 9-194: Load CA's Certificate 4. Use the Browse button to browse to the '.pem' or '.p12' file. Leave the password entry empty and press "Load" to load the certificate. The CA Certificates screen reappears, displaying the trusted certificate authority at the bottom of the list. 5.
10 Advanced This section of the Web-based Management offers shortcuts to Watson's advanced features. The different icons redirect to their respective screens, described throughout this manual. Please note that changes to advanced settings may adversely affect the operation of Watson and your home network, and should be made with caution.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 BGP OSPF – Manage BGP and OSPF configuration. This icon redirects to the 'Routing‘ tab under 'System' (refer to Section 9.6.2). CPU Monitor – View Watson CPU load and running processes. This icon redirects to the 'Monitor' tab under 'System' (refer to Section 9.5.2). Certificates – Manage digital certificates. This icon redirects to the 'Objects and Rules' tab under 'System' (refer to Section 9.9.4).
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Personal Domain Name (Dynamic DNS) – Define a static hostname for the WAN connection. This icon redirects to the 'DDNS' tab under 'Services' (refer to Section 8.5.2). Protocols – View and edit Watson's list of supported protocols. This icon redirects to the 'Objects and Rules' tab under 'System' (refer to Section 9.9.1). QOS – Define QoS parameters.
Watson SHDSL Router Web-based Management Manual 11 11.1 Watson-SHDSL-Router-GUI-Manual.doc Version 2.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.
Watson SHDSL Router Web-based Management Manual 11.2 Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Glossary 100Base-T Also known as "Fast Ethernet," an Ethernet cable standard with a data transfer rate of up to 100 Mbps. 10Base-T Mbps. An older Ethernet cable standard with a data transfer rate of up to 10 802.3 The IEEE (Institute of Electrical and Electronics Engineers - defined specification that describes the characteristics of Ethernet (wired) connections.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Client/server network A network of two or more computers that rely on a central server to mediate the connections or provide additional system resources. This dependence on a server differentiating a client/server network from a peer-to-peer network. Computer name A name that uniquely identifies a computer on the network so that all its shared resources can be accessed by other computers on the network.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Firewall A security system that helps protect a network from external threats, such as hacker attacks, originating outside the network. A hardware Firewall is a connection routing device that has specific data checking settings and that helps protect all of the devices connected to it. Firmware Software information stored in nonvolatile memory on a device. FTP Acronym for `File Transfer Protocol'.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual IP address Acronym for `Internet Protocol' address. IP is the protocol within TCP/IP that is used to send data between computers over the Internet. An IP address is an assigned number used to identify a computer that is connected to a network through TCP/IP. An IP address consists of four numbers (each of which can be no greater than 255) separated by periods, such as 192.168.1.1.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 NAT Acronym for `network address translation'. The process of converting between IP addresses used within a private network and Internet IP addresses. NAT enables all of the computers on a network to share one IP address. Network adapter Also known as a `network interface card' (NIC). An expansion card or other device used to provide network access to a computer, printer, or other device.
Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 Watson SHDSL Router Web-based Management Manual Profile A computer-based record that contains an individual network's software settings and identification information. Protocol A set of rules that computers use to communicate with each other over a network. Resource Any type of hardware (such as a modem or printer) or software (such as an application, file, or game) that users can share on a network.
Watson SHDSL Router Web-based Management Manual Watson-SHDSL-Router-GUI-Manual.doc Version 2.3-03 UTP Acronym for `unshielded twisted pair'. A cable that contains one or more twisted pairs of wires without additional shielding. It's more flexible and takes less space than a shielded twisted pair (STP) cable, but has less bandwidth. Virtual server One of multiple Web sites running on the same server, each with a unique domain name and IP address.
