Manual Teldat GmbH Manual bintec WLAN and Industrial WLAN Reference Copyright© Version 14.
Manual Teldat GmbH Legal Notice Aim and purpose This document is part of the user manual for the installation and configuration of Teldat devices. For the latest information and notes on the current software release, please also read our release notes, particularly if you are updating your software to a higher release version. You will find the latest release notes under www.teldat.de . Liability This manual has been put together with the greatest possible care.
Table of Contents Teldat GmbH Table of Contents Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Chapter 2 About this guide. . . . . . . . . . . . . . . . . . . . . . . . . 3 Chapter 3 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1 bintec W1003n, W2003n, W2003n-ext and W2004n . . . . . . . . . . . 6 3.1.1 Setting up and connecting . . . . . . . . . . . . . . . . . . . . . . 6 3.1.2 Connectors . . . . . . . . . . . . . . . . . . . . . .
Table of Contents ii Teldat GmbH 3.4 bintec WI1065n and WI2065n . . . . . . . . . . . . . . . . . . . 33 3.4.1 Setting up and connecting . . . . . . . . . . . . . . . . . . . . . 33 3.4.2 Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.4.3 Antenna connectors . . . . . . . . . . . . . . . . . . . . . . . 37 3.4.4 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 3.4.5 Scope of supply . . . . . . . . . . . . . . . . . . . . . . . . . 39 3.4.
Table of Contents Teldat GmbH 4.7 Setting up a bridge link . . . . . . . . . . . . . . . . . . . . . . 57 4.8 Software Update . . . . . . . . . . . . . . . . . . . . . . . . . 59 Chapter 5 Access and configuration. . . . . . . . . . . . . . . . . . . 60 5.1 Access Options. . . . . . . . . . . . . . . . . . . . . . . . . . 60 5.1.1 Access via LAN . . . . . . . . . . . . . . . . . . . . . . . . . 60 5.1.2 Access via the Serial Interface . . . . . . . . . . . . . . . . . . . 63 5.2 Login .
Table of Contents iv Teldat GmbH 7.4.2 SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 7.4.3 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 7.5 Remote Authentication . . . . . . . . . . . . . . . . . . . . . . 106 7.5.1 RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 7.5.2 TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 7.5.3 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 7.
Table of Contents Teldat GmbH 10.1.1 Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 147 10.1.2 Wireless Networks (VSS) . . . . . . . . . . . . . . . . . . . . . 162 10.1.3 WDS Links. . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 10.1.4 Client Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 10.1.5 Bridge Links . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 10.2 Administration . . . . . . . . . . . . . . . . . . . . . . . . . . 186 10.
Table of Contents vi Teldat GmbH Chapter 12 Networking . . . . . . . . . . . . . . . . . . . . . . . . . 222 12.1 Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 12.1.1 IPv4 Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 12.1.2 IPv4 Routing Table . . . . . . . . . . . . . . . . . . . . . . . . 228 12.1.3 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 12.2 NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 12.2.
Table of Contents Teldat GmbH Chapter 14 Multicast. . . . . . . . . . . . . . . . . . . . . . . . . . . 14.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 14.1.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 14.2 IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 14.2.1 IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 14.2.2 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 14.
Table of Contents viii Teldat GmbH 16.1.6 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 16.2 L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 16.2.1 Tunnel Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . 347 16.2.2 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 16.2.3 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356 16.3 GRE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357 16.3.
Table of Contents Teldat GmbH 18.2 HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 18.2.1 HTTPS Server . . . . . . . . . . . . . . . . . . . . . . . . . . 386 18.3 DynDNS Client . . . . . . . . . . . . . . . . . . . . . . . . . . 387 18.3.1 DynDNS Update . . . . . . . . . . . . . . . . . . . . . . . . . 387 18.3.2 DynDNS Provider . . . . . . . . . . . . . . . . . . . . . . . . . 389 18.4 DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . 391 18.4.
Table of Contents x Teldat GmbH 19.1.3 Traceroute Test . . . . . . . . . . . . . . . . . . . . . . . . . 434 19.2 Software &Configuration . . . . . . . . . . . . . . . . . . . . . . 435 19.2.1 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 19.3 Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441 19.3.1 System Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . 441 Chapter 20 External Reporting . . . . . . . . . . . . . . . . . . . . . 20.
Table of Contents Teldat GmbH 21.4 WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464 21.4.1 WLANx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464 21.4.2 VSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466 21.4.3 WDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469 21.4.4 Bridge Links . . . . . . . . . . . . . . . . . . . . . . . . . . . 472 21.4.5 Client Links . . . . . . . . . . . . . . . . . . . . . . . . . . . 474 21.4.
Table of Contents xii Teldat GmbH bintec WLAN and Industrial WLAN
1 Introduction Teldat GmbH Chapter 1 Introduction The new generation access points are manufactured in an environmentally friendly way and meet the RoHS directive. They support the latest WLAN technology and are designed for use particularly in the professional environment. Safety notices The safety precautions brochure, which is supplied with your device, tells you what you need to take into consideration when using your access point.
1 Introduction Teldat GmbH The devices are also designed for use with Dime Manager. The Dime Manager management tool can locate your bintec devices within the network quickly and easily. The .NET-based application, which is designed for up to 50 devices, offers easy to use functions and a comprehensive overview of devices, their parameters and files.
2 About this guide Teldat GmbH Chapter 2 About this guide This document is valid for Teldat devices with system software as of software version 9.1.2. The Reference, which you have in front of you, contains the following chapters: User's Guide - Reference Chapter Description Introduction You see an overview of the device: About this guide We explain the various components of this manual and how to use it. Installation This contains instructions for how to set up and connect your device.
2 About this guide Teldat GmbH Chapter Description VPN Firewall Local Services Maintenance External Reporting Monitoring Glossary The glossary contains a reference to the most important technical terms used in network technology. Index The index lists all the key terms for operating the device and all the configuration options and gives page numbers so they can be found easily.
2 About this guide Teldat GmbH tion in this user's guide: Typographical elements Typographical element Use Indicates lists. • Menu->Submenu Indicates menus and sub-menus. File->Open non-proportional, e.g. Indicates commands that you must enter as written. bold, e.g. Windows Start menu Indicates keys, key combinations and Windows terms. bold, e.g. Licence Key Indicates fields. italic, e.g. Indicates values that you enter or that can be configured. Online: blue and italic, e.g.
3 Installation Teldat GmbH Chapter 3 Installation Note Please read the safety notices carefully before installing and starting up your device. These are supplied with the device. 3.1 bintec W1003n, W2003n, W2003n-ext and W2004n 3.1.1 Setting up and connecting Note All you need for this are the cables and antennas supplied with the equipment. The devices bintec W1003n, bintec W2003n and bintec W2004n are equipped integrated antennas. Their radiation is optimized for ceiling mounting.
3 Installation Teldat GmbH Fig. 3: Connection options bintec W1003n When setting up and connecting, carry out the steps in the following sequence: (1) Antennas For bintec W2003n-ext screw the standard antennas supplied on to the connectors provided for this purpose. If you are using alternative antennas, please note that you have to connect MIMO antennas to the ports Ant 1 and Ant 2 and a SIMO antenna to port Ant1.
3 Installation Teldat GmbH (100–240 V). The status LED signal that your device is correctly connected to the power supply. Optionally, power can be supplied through a standard PoE injector (part number 5530000082). Installation The access points are to be mounted either on the wall or on the ceiling, or use as a tabletop device. Use as a table-top device Attach the four self-adhesive feet on the bottom of the device. Place your device on a solid, level base.
3 Installation Teldat GmbH Fig. 4: Ceiling of bintec W1003n , bintec W2003n, bintec W2003n-ext and bintec W2004n 3.1.2 Connectors All the connections are located on the underside of the device. bintec W1003n has an Ethernet port, bintec W2003n, bintec W2003n-ext and bintec W2004n have two Ethernet ports. The connections are arranged as follows: Fig.
3 Installation Teldat GmbH 3 POWER Socket for power supply 3.1.3 LEDs The LEDs show the radio status and radio activity of your device. Note Note that the number of active WLAN LEDs depends on the number of existing wireless modules. The LEDs on bintec W1003n, bintec W2003n, bintec W2003n-ext and bintec W2004n are arranged as follows: Fig.
3 Installation Teldat GmbH Note If you change the LED behavior through the GUI or the WLAN Controller, this setting is preserved if you reset the device to the ex-works state. State Only the status LED flashes once per second. Flashing All LEDs show their standard behavior. Off All LEDs are deactivated. 3.1.
3 Installation Teldat GmbH Cable sets/mains unit/other Software Documentation Safety notices 3.1.5 General Product Features The general product features cover performance features and the technical prerequisites for installation and operation of your device. The features are summarised in the following table: General Product Features Property Value Dimensions and weights: Equipment dimensions without cable ca. 162 x 145 x 45 mm (W x L x H) Weight LEDs approx.
3 Installation Teldat GmbH Property Value bintec W2004n: 1 Radio module 802.11bgn 2,4GHz Mimo 3x3; 1 Radiomodul 802.11an 5GHz Mimo 3x3 Ethernet IEEE 802.
3 Installation Teldat GmbH . Note If you delete the boot configuration using the GUI, all passwords will also be reset and the current boot configuration deleted. The next time, the device will boot with the standard ex works settings. Note If you have changed the LED behavior to something other then the default value, this setting is preserved after resetting the device. 3.2 bintec W1002n 3.2.1 Setting up and connecting Note All you need for this are the cables and antennas supplied with the equipment.
3 Installation Teldat GmbH Fig. 7: Connection options bintec W1002n When setting up and connecting, carry out the steps in the following sequence: (1) Antennas Screw the standard antennas supplied on to the connectors provided for this purpose. (2) LAN For the standard configuration of your device via Ethernet, connect port ETH1 or ETH2 of your device to your LAN using the Ethernet cable supplied. The device automatically detects whether it is connected to a switch or directly to a PC.
3 Installation Teldat GmbH may be formed. The standard patch cable (RJ45-RJ45) is symmetrical. It is therefore not possible to mix up the cable ends. (3) Power connection Connect the device to a mains socket. Use the power cord supplied and insert it in the appropriate socket on your device. Now plug the power cord into a power socket (100–240 V). The status LEDs signal that your device is correctly connected to the power supply.
3 Installation Teldat GmbH Fig. 8: Wall mounting straps bintec W1002n 3.2.2 Connectors All the connections are located on the underside of the device. On bintec W1002n the third antenna connection is located on the underside of the device. bintec W1002n has two Ethernet ports and a serial interface. The connections are arranged as follows: Fig.
3 Installation Teldat GmbH Top witho ANT1/ANT2 ut Fig. Connections for screwing on the external antennas ANT1 = TX/RX1 (Connection of first directional antenna) ANT2 = TX/RX2 (Connection of second option directional antenna) 3.2.3 Antenna connectors The three antenna for devices bintec W1002n have 2 Transmit and 3 Receive functions in n operating mode MIMO 2T3R. WLAN 1 Ant. 1 and WLAN 1 Ant. send and receive, Ant. 3 only receives. The connectors on industrial WLAN devices with 802.
3 Installation Teldat GmbH LED ETH 1/2 Status Information on (flickering) At least one client is registered and there is data traffic. on (flashing fast) BLD (Broken Link Detection) active on (flashing fast) 5 GHz scan active off No cable or no Ethernet link on Cable plugged in and link on (flickering) Cable plugged in and link with data traffic 3.2.
3 Installation Teldat GmbH Property Value bintec W1002n One internal wireless module, 3 external antennas Dimensions and weights: Equipment dimensions without cable 163 mm x 168 mm x 50 mm (W x L x H) Weight approx. 430 g LEDs 4 (1x Status, 1x WLAN, 2x Ethernet) Power consumption of the device 5-10 Watt, depending on extensions Voltage supply External switched-mode power supply 12 V DC, 1.25 A PoE on Ethernet 1 Class 0 (insulated) with one WLAN module.
3 Installation Teldat GmbH Property Value Standards & Guidelines R&TTE Directive 1999/5/EC EN 60950-1 (IEC60950); EN 300 328; EN 301 489-17;EN 301 489-1; EN 301 893; EN 60601-1-2 (Medical electrical equipment - Part 1-2) Buttons A monitor button 3.2.7 Reset If the configuration is incorrect or if your device cannot be accessed, you can reset the device to the ex works standard settings using the Reset button on the bottom of the device.
3 Installation Teldat GmbH Note If you delete the boot configuration using the GUI, all passwords will also be reset and the current boot configuration deleted. The next time, the device will boot with the standard ex works settings. 3.3 bintec WI1040n and WI2040n 3.3.1 Setting up and connecting Note All you need for this are the cables and antennas supplied with the equipment. Note For the bintec WIx040n series devices, a screw terminal bar is included as standard for power supply.
3 Installation Teldat GmbH Fig. 11: Connection options bintec WIx040n When setting up and connecting, carry out the steps in the following sequence: (1) Antennas Screw the standard antennas supplied on to the connectors provided for this purpose. (2) LAN For the standard configuration of your device via Ethernet, connect port ETH1 or ETH2 of your device to your LAN using the Ethernet cable supplied. The device automatically detects whether it is connected to a switch or directly to a PC.
3 Installation Teldat GmbH (3) Power connection Connect the device to a mains socket. Use the power cord supplied and insert it in the appropriate socket on your device. Now plug the power cord into a power socket (100–240 V). The status LEDs signal that your device is correctly connected to the power supply. Optionally, power can be supplied through a standard PoE injector (part number 5530000082). Note bintec WIx040n series products are supplied without a mains unit. All devices must be earthed.
3 Installation Teldat GmbH Warning Before drilling, make sure that there are no building installations where you are drilling. If gas, electricity, water or waste water lines are damaged, you may endanger your life or damage property. • Screw the mount to the wall with the 2 screws. • Hang the device in the mount with the screw nut but do not tighten it. Make sure the device connections are accessible. • Protect the device against theft with the lock supplied. Fig.
3 Installation Teldat GmbH 4 SFP SFP slot for 100 Mbit/s fibre module (optional) 5 Serial Serial interface RS232 6 Relay N/O Alarm relay 3.3.3 Antenna connectors Note The three antenna for devices bintec WI1040n have 2 Transmit and 3 Receive functions in n operating mode MIMO 2T3R. WLAN 1 Ant. 1 and WLAN 1 Ant. send and receive, Ant. 3 only receives. For devices bintec WI2040n only 2 antenna are used for each of the 2 wireless modules. These are both sending and receiving antenna.
3 Installation Teldat GmbH firmware is being loaded. Note Note that the number of active WLAN LEDs depends on the number of existing wireless modules. The LEDs on bintec WI1040n and bintec WI2040n are arranged as follows: Fig.
3 Installation Teldat GmbH LED ETH 1/2 (2x green) SFP (green) Status Information on (flashing fast) BLD (Broken Link Detection) active on (flashing fast) 5 GHz scan active off No cable or no Ethernet link on Cable plugged in and link on (flickering) Cable plugged in and link with data traffic off No data traffic on Data traffic via the SFP interface. on (flickering) Cable plugged in and data traffic 3.3.
3 Installation Teldat GmbH bintec WI2040n Cable sets/mains unit/other Software Documentation Ethernet cable (RJ-45, STP) Companion DVD Quick Install Guide (printed) Serial cable (D-SUB9) 4 external standard antennas Self-adhesive feet to allow the device to be used as a desktop device R&TTE Compliance Information (printed) User's Guide (on DVD) Safety notices Blind stops for SFP SD slot cover with screw 3-pole screw terminal bar for the power supply 2-pole screw terminal bar for relay Mounting br
3 Installation Teldat GmbH Property Value (W x L x H) Weight approx. 1,200 g (with WLAN modules) LEDs bintec WI1040n 6 (1x Failure, 1x Status, 3x WLAN, 2x Ethernet, 1x SFP) bintec WI2040n 7 (1x Failure, 1x Status, 3x WLAN, 2x Ethernet, 1x SFP) Power consumption of the device 5-24 Watt, depending on extensions Voltage supply Earth conductor/connection to earth 5-20W. All devices must be earthed. 24 V ± 30 % DC 1.
3 Installation Teldat GmbH Property Value Single Mode LC or LWL Multimode LC - 1x 100 Base FX/SX with SFP module Available sockets: Serial interface V.24 9-pin Sub-D connector Relay switching contact N/O 42 V AC 1 A / 30 V DC 2 A potential-free, software configurable, switchable Ethernet interface RJ45 socket Antennas: Antenna connection RTNC socket Transmit Power (WLAN) max.
3 Installation Teldat GmbH 3.3.7 Reset If the configuration is incorrect or if your device cannot be accessed, you can reset the device to the ex works standard settings using the Reset button on the bottom of the device. Practically al existing configuration data will then be ignored, only the current user passwords are retained. Configurations stored in the device are not deleted and can, if required, be reloaded when the device is rebooted.
3 Installation Teldat GmbH Fig. 17: Underside of the bintec WIx040n with the HW and Cfg reset buttons 3.4 bintec WI1065n and WI2065n 3.4.1 Setting up and connecting Note All you need for this are the cables and antennas supplied with the equipment. Note For the bintec WIx065n series devices, a screw terminal bar is included as standard for power supply.
3 Installation Teldat GmbH Fig. 18: Connection options bintec WIx065n When setting up and connecting, carry out the steps in the following sequence: 34 (1) Antennas Screw the standard antennas supplied on to the connectors provided for this purpose. (2) LAN For the standard configuration of your device via Ethernet, connect port ETH1 or ETH2 of your device to your LAN using the Ethernet cable supplied. The device automatically detects whether it is connected to a switch or directly to a PC.
3 Installation Teldat GmbH (3) Power connection Connect the device to a mains socket. Use the power cord supplied and insert it in the appropriate socket on your device. Now plug the power cord into a power socket (100–240 V). The status LEDs signal that your device is correctly connected to the power supply. Optionally, power can be supplied through a standard PoE injector (part number 5530000082). Note bintec WIx065n series products are supplied without a mains unit. All devices must be earthed.
3 Installation Teldat GmbH pole brackets ( part number 5020591700) are available. Warning Before drilling, make sure that there are no building installations where you are drilling. If gas, electricity, water or waste water lines are damaged, you may endanger your life or damage property. • Screw the mount to the wall with the 2 screws. • Hang the device in the mount with the screw nut but do not tighten it. Make sure the device connections are accessible.
3 Installation Teldat GmbH Fig. 20: Underside bintec WI1065n and bintec WI2065n Underside of bintec WI1065n and bintec WI2065n 1 Power 24 V DC Socket for power supply 2 Eth1 PoE / Eth2 10/100 Base-T Ethernet interfaces 3 HW Reset button performs restart 4 Cfg Deletes the configuration 5 SFP SFP slot for 100 Mbit/s fibre module (optional) 6 Serial Serial interface RS232 7 Relay N/O Alarm relay contact 3.4.
3 Installation Teldat GmbH Fig. 21: Antenna configuration for bintec WIx065n devices 3.4.4 LEDs The LEDs show the radio status, radio activity, Ethernet activity and LED states of your device. The LED states are indicated by combinations of the LEDs which are explained in detail in this chapter. During the heating phase the red Failure LED flashes. The other LEDs then come on during booting (if the units are initialised).
3 Installation Teldat GmbH LED Status (green) WLAN 1/2 (2x green) Status Information off If the device is at the login prompt. off The power supply is not connected. If other LEDs are on, also Error.
3 Installation Teldat GmbH Cable sets/mains unit/other Software Documentation Companion DVD Quick Install Guide (printed) 2-pole screw terminal bar for relay 1 screw pin set Blind stops for Ethernet interfaces 4 threaded caps for antennas bintec WI2065n Ethernet cable (RJ-45, STP) Serial cable (D-SUB9) 4 external standard antennas R&TTE Compliance Information (printed) User's Guide (on DVD) Blind stops for SFP SD slot cover with screw Safety notices 3-pole screw terminal bar for the power supply
3 Installation Teldat GmbH Property Value (WLAN 1 Ant.1, WLAN 1 Ant.2, WLAN 2 Ant.1, WLAN 2 Ant.2) Dimensions and weights: Equipment dimensions without cable 257 mm x 285 mm x 60 mm (W x L x H) Weight approx. 1,900 g (with WLAN modules) LEDs 7 (1x Failure, 1x Status, 2x WLAN, 2x Ethernet, 1x SFP) Power consumption of the device 5-24 Watt, depending on extensions Voltage supply Earth conductor/connection to earth 5-20W. All devices must be earthed.
3 Installation Teldat GmbH Property Value Antennas: Antenna connection RTNC socket Transmit Power (WLAN) max. 100 mW (20 dBm) EIRP Standards & Guidelines R&TTE Directive 1999/5/EC EN 60950-1 (IEC60950); EN 60950-22; EN 301489-1; EN301489-17; EN 55022; EN 300328-1; EN 301893; EN 302502; EN 50371 Buttons Reset and reset to ex work settings possible with two buttons (1x config reset, 1x HW reset) To ensure safe operation, the WI series devices have a connection to earth.
3 Installation Teldat GmbH scribed and enter as Login at the login prompt in the command line. Leave the password empty and press the Return key. The device runs through the boot sequence again. You can now configure your device again as described from Basic configuration on page 48 . Note If you delete the boot configuration using the GUI, all passwords will also be reset and the current boot configuration deleted. The next time, the device will boot with the standard ex works settings. 3.
3 Installation Teldat GmbH RJ45 socet for LAN connection Pin Funktion 1 Tx+ (input) 2 Tx- (input) 3 Rx+ (output) 4 -- 5 -- 6 Rx- (output) 7 -- 8 -- The devices bintec W2003n, bintec W2003n-ext and bintec W2004n have two 10/100/1000 Ethernet interfaces, bintec W1003n has one 10/100/1000 Ethernet interface. The connection is made via an RJ45 socket. Fig.
3 Installation Teldat GmbH 3.6.2 Serial interface Your devices bintec W1002n, bintec WI1040n, bintec WI2040n, bintec WI1065n and bintec WI2065n have a Serial interface for connection to a console. This supports Baud rates from 1200 to 115200 Bps. The interface is designed as a 9-pin SUB-D socket. Fig.
3 Installation Teldat GmbH The pin assignment is as follows: Pin assignment of the connector for the power supply Pin Configuration 1 + 2 - 3 + 3.7 Frequencies and channels Different certification regulations apply around the world. ETSI standards generally apply (predominantly used in Europe). For operation in Europe, please read the notes in the R&TTE Compliance Information. 3.
3 Installation Teldat GmbH 3.
4 Basic configuration Teldat GmbH Chapter 4 Basic configuration You can use the Dime Manager (IP address assignment) and the GUI (other configuration steps) for the basic configuration of your device. The basic configuration is explained below step-by-step. A detailed online help system gives you extra support.
4 Basic configuration Teldat GmbH configuration (see Configuring a PC on page 52). (c) Assigning a fixed IP address You can use the Dime Manager to assign a new IP address and the required password to your device. Note Please note: If your device has obtained an IP address dynamically from a DHCP server operated in your network for the basic configuration, the fallback IP address 192.168.0.252 is deleted automatically and your device will no longer function over this address.
4 Basic configuration Teldat GmbH 4.2 System requirements For configuration, your PC must meet the following system requirements: • Internet Explorer oder Mozilla Firefox • Installed network card (Ethernet) • DVD drive • TCP/IP protocol installed (see Configuring a PC on page 52) 4.3 Preparation To prepare for configuration, you need to... • Obtain the data required for the basic configuration. • Check whether the PC from which you want to perform the configuration meets the necessary requirements.
4 Basic configuration Teldat GmbH later when needed. If you configure a new network, you can use the given example values for IP addresses and netmasks. In cases of doubt, ask your system administrator.
4 Basic configuration Teldat GmbH ation of a bridge link, you need the following data: Configuration of a bridge link Access data Example value Preshared key MAC address of remote bridge & & & &' & ( Your values To use the bridge link autoconfiguration function, proceed as described in the WLAN Automatic Configuration of a Bridge Link Workshop; for additional information, also read the user's guide chapter Wireless LAN under WLAN->Bridge Links->New. 4.3.
4 Basic configuration Teldat GmbH (5) Follow the on-screen instructions and restart your PC when you have finished. Allocating PC IP address Allocate an IP address to your PC as follows: (1) Select Internet Protocol (TCP/IP) and click Properties. (2) Choose Use following IP address and enter a suitable IP address, the matching netmask, your default gateway and your preferred DNS server.
4 Basic configuration Teldat GmbH Fig. 28: Dime Manager initial screen The Dime Manager detects the devices installed in the network. (2) In the list, double click the device you want to configure. The following dialog box appears: Fig. 29: IP address assignment with the Dime Manager (3) Enter the network parameters (Device name, IP address, Netmask and Gateway) and click on OK. Note The maximum length of the Device name parameter is 32 characters.
4 Basic configuration Teldat GmbH The Device name parameter may contain only the letters "a"-"z", "A"-"Z", the digitss "0"-"9", dash "-" and dot "." to avoid errors by other systems during interpretation of the Device name. The first character must be a letter, and the last character cannot be a dot "." or dash "-". A single character is not permitted as a name. Your device can now be reached over the Ethernet with its IP address using a Web browser and can now be configured. GUI Call up Fig.
4 Basic configuration Teldat GmbH 4.5 Modify system password All Teldat devices are delivered with the same username and password. As long as the password remains unchanged, they are therefore not protected against unauthorised use. Make sure you change the passwords to prevent unauthorised access to your device! Proceed as follows: (a) Go to the System Management->Global Settings->Passwords menu. (b) Enter a new password for System Admin Password .
4 Basic configuration Teldat GmbH (2) On the left-hand side, select Change Advanced Settings. (3) Go to the Wireless networks tab. (4) Click Add. Proceed as follows: (1) Enter a Network Name, e.g. ) # . (2) Set Network Authentication to !" #! $. (3) Set Data Encryption to " . (4) Under Network Key and Confirm Network Key , enter the configured preshared key. (5) Exit each menu with OK. Note Windows XP allows several menus to be modified.
4 Basic configuration Teldat GmbH (4) Click OK. (5) Go to Wireless LAN->WLAN->Bridge Links->New. (6) Under Preshared Key enter (7) Leave the default settings in all other fields. (8) Click OK. (9) Configure a bridge link on the remote device in the same way. , for example. (10) On your local device, in the list Wireless LAN->WLAN->Bridge Links, click on the icon. (11) On the menu Wireless LAN->WLAN->Bridge Links-> which opens, click under Action on the link.
4 Basic configuration Teldat GmbH 4.8 Software Update The range of functions of Teldat devices is continuously being extended. These extensions are made available to you by Teldat GmbH free of charge. Checking for new software versions and the installation of updates can be carried out easily with the GUI. An existing internet connection is needed for an automatic update. Proceed as follows: (1) Go to the Maintenance->Software &Configuration menu. (2) Under Action select +% , - .
5 Access and configuration Teldat GmbH Chapter 5 Access and configuration This chapter describes all the access and configuration options. 5.1 Access Options The various access options are presented below. Select the procedure to suit your needs. There are various ways you can access your device to configure it: • Via your LAN • Via the serial interface 5.1.
5 Access and configuration Teldat GmbH 5.1.1.2 Telnet Apart from configuration using a web browser, with a Telnet connection you can also access the SNMP shell and use other configuration options. You do not need any additional software on your PC to set up a Telnet connection to your device. Telnet is available on all operating systems. Proceed as follows: Windows (1) Click Run… in the Windows Start menu. (2) Enter !. (3) Click OK.
5 Access and configuration Teldat GmbH see Login on page 65). (2) Enter " for the input prompt. You are now in the Flash Management shell. (3) Call up a list of all the files saved on the device: " . If you see a display like the one below, the keys needed are already there and you can connect to the device via SSH: # $"%$ ! " # & ' $ ( ) * & " + ", - . & 2" "" 3 .- . ./ / .0 0. + 1 ./ / - 0..0 .
5 Access and configuration Teldat GmbH Proceed as follows to log in on your device via SSH: If you have made sure that all the keys needed are available on the device, you have to check whether an SSH client is installed on your PC. Most UNIX and Linux distributions install a SSH client by default. Additional software, e.g. PuTTY, usually has to be installed on a Windows PC. Proceed as follows to log in on your device via SSH: UNIX (1) Enter $ $ ! in a terminal.
5 Access and configuration Teldat GmbH HyperTerminal. Make sure that HyperTerminal was also installed on the PC with the Windows installation. However, you can also use any other terminal program that can be set to the corresponding parameters (see below). Proceed as follows to access your device via the serial interface: (1) Click on Programs -> Accessories -> HyperTerminal in the Windows Start menu. (2) Press Return (at least once) after the HyperTerminal window opens.
5 Access and configuration Teldat GmbH Example of a command line for using : " / / % 5.2 Login With the help of certain access data, you can log in on your device and carry out different actions. The extent of the actions available depend on the authorisations of the user concerned. A login prompt appears first, regardless of how you access your device. You cannot view any information on the device or change the configuration without authentication. 5.2.
5 Access and configuration Teldat GmbH If you have forgotten your password, you must reset your device to the ex works state, which means your configuration will be lost. 5.2.2 Logging in for Configuration Set up a connection to the device. The access options are described in Access Options on page 60. GUI (Graphical User Interface) Log in via the HTML surface as follows: (1) Enter your user name in the User field of the input window.
5 Access and configuration Teldat GmbH Types of connections and configurations Type of connection Possible types of configuration LAN Assistant, GUI, shell command Serial connection Shell command Therefore, several types of configuration are available for each type of connection. Note To change the device configuration, you must log in with the user name * . If you do not know the password, you cannot make any configuration settings. This applies to all types of configuration. 5.3.
5 Access and configuration Teldat GmbH Fig. 31: GUI home page 5.3.1.1 Calling up GUI (1) Check whether the device is connected and switched on and that all the necessary cables are correctly connected. (2) Check the settings of the PC from which you want to configure your device (see Configuring a PC on page 52). (3) Open a Web browser.
5 Access and configuration Teldat GmbH The GUI window is divided into three areas: • The header • The navigation bar • The main configuration window Fig. 32: Areas of the GUI Header Fig. 33: GUI header GUI header Menu Position Language: In the dropdown menu, choose the language in which you want to display theGUI. Here you can choose the language in which you perform the configuration. German and English are available. View: Select the desired view from the dropdown menu.
5 Access and configuration Teldat GmbH Menu Position Online Help: Click this button if you want help with the menu now active. The description of the sub-menu where you are now is displayed. Logout: If you want to end the configuration, click this button to log out of your device. A window is opened offering you the following options: • Save configuration, save previous boot configuration, then exit. • Save configuration, then exit. • Exit without saving. Navigation bar Fig.
5 Access and configuration Teldat GmbH Fig. 35: Menus The Save configuration button is found in the navigation bar. If you save a current configuration, you can save this as the boot configuration or you can also archive the previous boot configuration as a backup. If you click the Save configuration button in the GUI, you will be asked "Do you really want to save the current configuration as a boot configuration?" You have the following two options: • • 0 , i.e.
5 Access and configuration Teldat GmbH ->Software &Configuration menu, select Action = 6 % and click on Go. The archived backup is used as the current boot configuration. The navigation bar also contains the main configuration menus and their sub-menus. Click the main menu you require. The corresponding sub-menu then opens. If you click the sub-menu you want, the entry selected will be displayed in red. All the other sub-menus will be closed.
5 Access and configuration Teldat GmbH Button Position menu and the System Management->Certificates->CRLs menu, this button activates the sub-menus for configuration of the certificate or CRL imports. In the System Management->Certificates->Certificate List menu, this button activates the sub-menu for the configuration of the certificate request. Various icons indicate the following possible actions or statuses: GUI symbols Symbol Position Deletes the list entry.
5 Access and configuration Teldat GmbH GUI list options Menu Position Update Interval Here you can set the interval in which the view is to be updated. To do this, enter a period in seconds in the input field and confirm it with . Filter You can have the list entries filtered and displayed according to certain criteria. You can determine the number of entries displayed per page by entering the required number in View x per page. Use the and buttons to scroll one page forward and one page back.
5 Access and configuration Teldat GmbH Menu Position played on the first page. The menu contains either a list of all the configured entries or the basic settings for the function concerned. Sub-menu The New button is available in each menu in which a list of all the configured entries is displayed. Click the button to display the configuration menu for creating a new list entry. Sub-menu Click this button to process the existing list entry. You go to the configuration menu.
5 Access and configuration Teldat GmbH Menu Position the mouse. Internal lists e.g. Click . A new list entry is created. Enter the correspond- ing data. If list input fields remain empty, these are not saved when you confirm with OK. Delete the entries by clicking the icon. Display of options that are not available Options that are not available because they depend on the selection of other options are generally hidden.
5 Access and configuration Teldat GmbH Note Please note that not all devices have the full range of functions. Check the software of your device on the corresponding product page under www.teldat.de . 5.3.2 SNMP shell SNMP (Simple Network Management Protocol) is a protocol that defines how you can access the configuration settings. All configuration settings are stored in the MIB (Management Information Base) in the form of MIB tables and MIB variables.
5 Access and configuration Teldat GmbH • Start mode • BOOTmonitor mode • Normal mode After some self-tests have been successfully carried out in the start mode, your device reaches the BOOTmonitor mode. The BOOTmonitor prompt is displayed if you are serially connected to your device. Fig. 38: BOOTmonitor After display of the BOOTmonitor prompt, press the space bar within four seconds to use the functions of the BOOTmonitor.
6 Assistants Teldat GmbH Chapter 6 Assistants The Assistants menu offers step-by-step instructions for the following basic configuration tasks: • First steps • Internet Access • VPN • Wireless LAN • VoIP PBX in LAN Choose the corresponding task from the navigation bar and follow the instructions and explanations on the separate pages of the Wizard.
7 System Management Teldat GmbH Chapter 7 System Management The System Management menu contains general system information and settings. You see a system status overview. Global system parameters such as the system name, date/time, passwords and licences are managed and the access and authentication methods are configured. 7.1 Status If you log into the GUI, your device's status page is displayed, which shows the most important system information.
7 System Management Teldat GmbH Fig. 39: System Management ->Status The menu System Management->Status consists of the following fields: Fields in the System Information menu. Field Value Uptime Displays the time past since the device was rebooted. System Date Displays the current system date and system time. Serial Number Displays the device serial number. BOSS Version Displays the currently loaded version of the system software.
7 System Management Teldat GmbH Field Value Temperature Devices from the bintec WI series are fitted with a temperature sensor. This shows the current temperature and the maximum and minimum temperatures reached. Active Sessions (SIF, RTP, etc... ) Displays the total of all SIF, TDRC, and IP load balancing sessions. Active IPSec Tunnels Displays the number of currently active IPSec tunnels in relation to the number of configured IPSec tunnels. Fields in the Physical Interfaces menu.
7 System Management Teldat GmbH Field Value • The channel used on this wireless module • Software version of the wireless card Bridge mode: • Operation Mode: Bridge or Off • The channel used on this wireless module • Number of configured bridge links • Software version of the wireless card Interface specifics for relay: • Configured Mode Fields in the WAN Interfaces menu.
7 System Management Teldat GmbH Fig. 40: System Management ->Global Settings ->System The System Management->Global Settings->Systemmenu consists of the following fields: Fields in the Basic Settings menu. Field Value System Name Enter the system name of your device. This is also used as the PPP host name. A character string with a maximum of 255 characters is possible. The device type is entered as the default value. Location Enter the location of your device.
7 System Management Teldat GmbH Field Value The default value is . You can display the stored messages in Monitoring->Internal Log. Maximum Message Select the priority of system messages above which a log Level of Syslog Entries should be created. System messages are only recorded internally if they have a higher or identical priority to that indicated, i.e. all messages generated are recorded at 7 syslog level. Possible values: • ,: Only messages with emergency priority are recorded.
7 System Management Teldat GmbH Field Value tion is enabled. LED Mode The feature is only for W1003n, W2003n, W2003n-ext and W2004n available. Select the lighting scheme of the LEDs. Possible values: • (default value): Only the status LED flashes once per second. • : All LEDs show their standard behavior. • 8 : All LEDs are deactivated. 7.2.2 Passwords Setting the passwords is another basic system setting. Fig.
7 System Management Teldat GmbH The System Management->Global Settings->Passwords menu consists of the following fields: Fields in the System Password menu. Field Value System Admin Password Enter the password for the user name * . Confirm Admin Password Confirm the password by entering it again. This password is also used with SNMPv3 for authentication (MD5) and encryption (DES). Fields in the SNMP Communities menu. Field Value SNMP Read Community Enter the password for the user name .
7 System Management Teldat GmbH Fig. 42: System Management ->Global Settings ->Date and Time You have the following options for determining the system time (local time): ISDN/Manual The system time is updated via ISDN, i.e. the date and time are taken from the ISDN when the first outgoing call is made, or is set manually on the device. If the correct location of the device (country/city) is set for the Time Zone, switching from summer time to winter time (and back) is automatic.
7 System Management Teldat GmbH that the device uses the desired current time, you should configure one or more time servers. Switching from summer time to winter time (and back) must be carried out manually if the time is derived using this method by changing the value in the Time Zone field with an option UTC+ or UTC-. Note If a method for automatically deriving the time is defined on the device, the values obtained in this way automatically have higher priority.
7 System Management Teldat GmbH Fields in the Automatic Time Settings (Time Protocol) menu. Field Description ISDN Timeserver Only for devices with ISDN interface. Determine whether the system time is to be updated via ISDN. If a time server is configured, the time is only determined over ISDN until a successful update is received from this time server. Updating over ISDN is deactivated for the period in which the time is determined by means of a time server. The function is activated with .
7 System Management Teldat GmbH Field Description • 2 : This time server is not currently used for the time request. Third Timeserver Enter the third time server, by using either a domain name or an IP address. In addition, select the protocol for the time server request. Possible values: • 2/! (default value): This server uses the simple network time protocol via UDP port 123. • / 0 4 +7!: This server uses the Time service with UDP port 37.
7 System Management Teldat GmbH Field Description Internal Time Server Select whether the internal timeserver is to be used. The function is activated by selecting . Time requests from a client will be answered with the current system time. This is given as GMT, without offset. The function is disabled by default. Time requests from a client are not answered. 7.2.4 System Licences This chapter describes how to activate the functions of the software licences you have purchased.
7 System Management Teldat GmbH Licence Meaning OK Subsystem is activated. Not OK Subsystem is not activated. Not supported You have entered a licence for a subsystem your device does not support. In addition, above the list is shown the System Licence ID required for online licensing. Note To restore the standard licences for a device, click the Default Licences button (standard licences). 7.2.4.1 Edit or New Choose the icon to edit existing entries.
7 System Management Teldat GmbH Note If 2 8$ is displayed as the status: • Enter the licence data again. • Check your hardware serial number. If 2 %% is displayed as the status, you have entered a license for a subsystem that your device does not support. This means you cannot use the functions of this licence. Deactivating a licence Proceed as follows to deactivate a licence: (1) Go to System Management->Global Settings->System Licences->New. (2) Press the (3) Confirm with OK.
7 System Management Teldat GmbH (a) WLAN (b) Number of the physical port (1 or 2) Example: ."2 The name of the Ethernet port is made up of the following parts: (a) ETH (b) Number of the port Example: /; The name of the interface connected to an Ethernet port is made up of the following parts: (a) Abbreviation for interface type, whereby stands for internet.
7 System Management Teldat GmbH Example: # (first client link on the first wireless module) The name of the virtual interface connected to an Ethernet port is made up of the following parts: (a) Abbreviation for interface type (b) Number of the Ethernet port (c) Number of the interface connected to the Ethernet port (d) Number of the virtual interface Example: # # (first virtual interface based on the first interface on the first Ethernet port) 7.3.
7 System Management Teldat GmbH Field Description When selecting 2 - * 1 %, a new bridge group is automatically created after you click the OK button. Configuration Interface Select the interface via which the configuration is to be carried out. Possible values: • (default value): Ex works setting The right configuration interface must be selected from the other options. • 6 : No interface is defined as configuration interface.
7 System Management Teldat GmbH Fig. 46: System Management ->Interface Mode / Bridge Groups ->Interfaces->Add You can realise bridging for devices behind access clients with the MAC Bridge function. In wildcard mode you cannot define how Unicast non-IP frames or non-ARP frames are processed. To use the MAC bridge function, you must carry out configuration steps in several menus. (1) Select GUI menu Wireless LAN->WLAN->Radio Settings and click the icon to modify an entry.
7 System Management Teldat GmbH Field Value on any of the Ethernet interfaces, is used as the wildcard MAC address. This wildcard MAC address can only be reset by rebooting the device or by selecting another wildcard mode. • : If you choose this setting, the internal WLAN MAC address is used to establish a connection to the access point.
7 System Management Teldat GmbH Fig. 47: System Management ->Administrative Access ->Access For an Ethernet interface you can select the access parameters / /! , ! , 2=! and for the ISDN interfaces 6 72 . . , ;, ;//!, ;/# Only for hybird devices: You can also authorise your device for maintenance work from Teldat's Customer Service department.
7 System Management Teldat GmbH The System Management->Administrative Access->Access->Add menu consists of the following fields: Fields in the menu Access Field Description Interface Select the interface for which administrative access is to be configured. 7.4.2 SSH Your devices offers encrypted access to the shell. You can enable or disable this access in the System Management->Administrative Access->SSH Enabled menu (standard value). You can also access the options for configuring the SSH login.
7 System Management Teldat GmbH To be able to reach the shell of your device via an SSH client, make sure the settings for the SSH Daemon and SSH client are the same. Note If configuration of an SSH connection is not possible, restart the device to initialise the SSH Daemon correctly.
7 System Management Teldat GmbH Field Value By default (7 , * - and " # are enabled. Hashing Algorithms Select the algorithms that are to be available for message authentication of the SSH connection. Possible options: • =7 • ;"# • < % =7 By default =7 , ;"# and < % =7 are enabled. Fields in the menu Key Status Field Value RSA Key Status Shows the status of the RSA key. If an RSA key has not been generated yet, 2 is displayed in red and a link, 1 , is provided.
7 System Management Teldat GmbH Field Value possible, for example because there is not enough space in the FlashROM. The menu Advanced Settings consists of the following fields: Fields in the menu Advanced Settings Field Login Grace Time Value Enter the time (in seconds) that is available for establishing the connection. If a client cannot be successfully authenticated during this time, the connection is terminated. The default value is seconds.
7 System Management Teldat GmbH 7.4.3 SNMP SNMP (Simple Network Management Protocol) is a network protocol used to monitor and control network elements (e.g. routers, servers, switches, printers, computers etc.) from a central station. SNMP controls communication between the monitored devices and monitoring station. The protocol describes the structure of the data packets that can be transmitted, as well as the communication process.
7 System Management Teldat GmbH Field Value By default, 0 , 0 and 0( are enabled. If no option is selected, the function is deactivated. SNMP Listen UDP Port Shows the UDP port ( ) at which the device receives SNMP requests. The value cannot be changed. Tip If your SNMP Manager supports SNMPv3, you should, if possible, use this version as older versions transfer all data unencrypted. 7.5 Remote Authentication This menu contains the settings for user authentication. 7.5.
7 System Management Teldat GmbH RADIUS packets The following types of packets are sent between the RADIUS server and your device (client): Packet types Field Value ACCESS_REQUEST Client -> Server If an access request is received by your device, a request is sent to the RADIUS server if no corresponding connection partner has been found on your device.
7 System Management Teldat GmbH 7.5.1.1 Edit or New Choose the icon to edit existing entries. Choose the New button to add RADIUS serv- ers. Fig. 51: System Management ->Remote Authentication ->RADIUS->New The System Management->Remote Authentication->RADIUS->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Value Authentication Type Select what the RADIUS server is to be used for.
7 System Management Teldat GmbH Field Value • " (for PPP connections only): The RADIUS server is used for recording statistical call data. • . " : The RADIUS server is used for controlling access to the SNMP shell of your device. • 6! " : The RADIUS server is used for sending configuration data for IPSec peers to your device. • ."2 @ :A: The RADIUS server is used for controlling access to a wireless network.
7 System Management Teldat GmbH Field Value be used. The function is activated by selecting . The function is enabled by default. Group Description Define a new RADIUS group description or assign the new RADIUS entry to a predefined group. The configured RADIUS servers for a group are queried according to Priority and the Policy . Possible values: • 2 - (default value): Enter a new group description in the text field.
7 System Management Teldat GmbH Field Value Server Timeout Enter the maximum wait time between ACCESS_REQUEST and response in milliseconds. After timeout, the request is repeated according to Retries or the next configured RADIUS server is requested. Possible values are whole numbers between and . The default value is (1 second). Alive Check Here you can activate a check of the accessibility of a RADIUS server in Status 7 - .
7 System Management Teldat GmbH Field Value The function is disabled by default. If the function is active, you can enter the following options: • < 6 0 : Enter the time period in seconds between update intervals. The default entry here is i.e. an automatic reload is not carried out. 7.5.2 TACACS+ TACACS+ permits access control for your device, network access servers (NAS) and other network components via one or more central servers.
7 System Management Teldat GmbH Fig. 52: System Management ->Remote Authentication ->TACACS+ ->New The System Management->Remote Authentication->TACACS+ ->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Description Authentication Type Displays which TACACS+ function is to be used. The value cannot be changed. Possible values: • . " : Here, you can define whether the current TACACS+ server is to be used for login authentication to your device.
7 System Management Teldat GmbH Field Description authentication. If no response is given or access is denied (only if Policy = 2 # 0 ), the entry with the nexthighest priority is used. The available values are to , the default value is . Entry active Select whether this server is to be used for login authentication. The function is activated by selecting . The function is enabled by default.
7 System Management Teldat GmbH Field Description Block Time Enter the time in seconds for which the status of the current server shall remain blocked. When the block has ended, the server is set to the status specified in the Entry active field. The possible values are to ( , the default value is . The value means that the server is never set to * 5 status and thus no other servers are queried.
7 System Management Teldat GmbH Fields in the Global RADIUS Options menu. Field Description Authentication for PPP By default, the following authentication sequence is used for inDialin coming calls with RADIUS: First CLID, then PPP and then PPP with RADIUS. Options: • 6 : Only inband RADIUS requests (PAP,CHAP, MSCHAP V1 & V2) (i.e. PPP requests without CLID) are sent to the RADIUS server defined in Server IP Address. • 8 @).67A : Only outband RADIUS requests (i.e.
7 System Management Teldat GmbH Certificates are issued for a specific period, usually one year, i.e. they have a limited validity period. Your device is designed to use certificates for VPN connections and for voice connections over Voice over IP. 7.6.1 Certificate List A list of all existing certificates is displayed in the System Management->Certificates->Certificate List menu. 7.6.1.
7 System Management Teldat GmbH Fig. 54: System Management ->Certificates->Certificate List-> The certificates and keys themselves cannot be changed, but a few external attributes can be changed, depending on the type of the selected entry. The System Management->Certificates->Certificate List-> menu consists of the fol- lowing fields: Fields in the Edit parameters menu. 118 Field Description Description Shows the name of the certificate, key, or request.
7 System Management Teldat GmbH Field Description Certificates issued by this CA are accepted during authentication. The function is enabled with / . The function is disabled by default. Certificate Revocation List (CRL) Checking Only for Certificate is CA Certificate = / Define the extent to which certificate revocation lists (CRLs) are to be included in the validation of certificates issued by the owner of this certificate. Possible settings: • 7 : No CRLs check.
7 System Management Teldat GmbH 7.6.1.2 Certificate Request Registration authority certificates in SCEP If SCEP (Simple Certificate Enrollment Protocol) is used, your device also supports separate registration authority certificates. Registration authority certificates are used by some Certificate Authorities (CAs) to handle certain tasks (signature and encryption) during SCEP communication with separate keys, and to delegate the operation to separate registration authorities, if applicable.
7 System Management Teldat GmbH Fig. 55: System Management ->Certificates->Certificate List->Certificate Request The menu System Management->Certificates->Certificate List->Certificate Request consists of the following fields: Fields in the Certificate Request menu. Field Description Certificate Request De- Enter a unique description for the certificate. scription Mode Select the way in which you want to request the certificate.
7 System Management Teldat GmbH Field Description field. This file must be provided to the CA and the received certificate must then be imported manually to your device. • Generate Private Key ) ! : The key is requested from a CA using the Simple Certificate Enrolment Protocol. Only for Mode = = Select an algorithm for key creation. < " (default value) and 7 " are available. Also select the length of the key to be created. Possible values: , C , ', ( , ' , ' .
7 System Management Teldat GmbH Field Description not configured on the device, the validity of certificates from this CA is not checked. • : If all the necessary certificates are already available in the system, you select these manually. RA Sign Certificate Only for Mode = ) ! Only for CA Certificate not = ## 7 - ## Select a certificate for signing SCEP communication. The default value is ## + CA certificate is used. RA Encrypt Certificate )" ) ##, i.
7 System Management Teldat GmbH Field Description If the field is not selected, enter the name components in Common Name, E-mail, Organizational Unit, Organization, Locality, State/Province and Country. The function is disabled by default. Summary Only for Custom = enabled. Enter a subject name with attributes not offered in the list. Example: "CN=VPNServer, DC=mydomain, DC=com, c=DE". Common Name Only for Custom = disabled. Enter the name according to CA. E-mail Only for Custom = disabled.
7 System Management Teldat GmbH Field Description #1, #2, #3 For each entry, define the type of name and enter additional subject names. Possible values: • 2 (default value): No additional name is entered. • 6!: An IP address is entered. • 72 : A DNS name is entered. • # : An e-mail address is entered. • +<6: A uniform resource identifier is entered. • 72: A distinguished name (DN) name is entered. • <67: A registered identity (RID) is entered.
7 System Management Teldat GmbH Fig. 56: System Management ->Certificates->Certificate List->Import The menu System Management->Certificates->Certificate List->Import consists of the following fields: Fields in the Import menu. Field Description External Filename Enter the file path and name of the certificate to be imported, or use Browse... to select it from the file browser. Local Certificate Description Enter a unique description for the certificate.
7 System Management Teldat GmbH If a key is no longer to be used, e.g. because it has fallen into the wrong hands or has been lost, the corresponding certificate is declared invalid. The certification authority revokes the certificate and publishes it on a certificate blacklist, so-called CRL. Certificate users should always check against these lists to ensure that the certificate used is currently valid. This check can be automated via a browser.
7 System Management Teldat GmbH Field Description type of encoding. • * ' • * , Password Enter the password required for the import. 7.6.3 Certificate Servers A list of certificate servers is displayed in the System Management->Certificates->Certificate Servers menu. A certification authority (certification service provider, Certificate Authority, CA) issues your certificates to clients applying for a certificate via a certificate server.
8 Physical Interfaces Teldat GmbH Chapter 8 Physical Interfaces In this menu, you configure the physical interfaces that you have used when connecting your gateway. The configuration interface only shows the interfaces that are available on your device. In the System Management->Status menu, you can see a list of all physical interfaces and information on whether the interfaces are connected or active and whether they have already been configured. 8.
8 Physical Interfaces Teldat GmbH Fields in the Port Configuration menu. Field Description Switch Port Shows the respective port. The numbering corresponds to the numbering of the Ethernet ports on the back of the device. Interface Displays the interface assigned to the Ethernet port here. Configured Speed / Mode Select the mode in which the interface is to run.
8 Physical Interfaces Teldat GmbH 8.2 Serial Port The serial interface can be operated as a console or as a data interface. In data interface mode, the data for the serial interface can be transmitted over an IP infrastructure (Serial over IP). 8.2.1 Serial Port In the Physical Interfaces->Serial Port->Serial Port menu, you can perform settings for the serial interface. Fig.
8 Physical Interfaces Teldat GmbH Fig. 61: Physical Interfaces ->Serial Port ->Serial Port with Port Mode = 7 ! Fields in the Serial Settings menu. Field Baudrate Description Select which baud rate should be used. Make sure that the remote terminal is suitable for the selected baud rate. If this is not the case, you will not be able to establish a serial connection to the device.
8 Physical Interfaces Teldat GmbH Field Description • (default value) • • C • Data Bits Select how many data bits should be sent in sequence for traffic data. Possible values: • (default value): Eight Data Bits are sent in sequence. • C: Seven Data Bits are sent in sequence. Parity Select whether or not a parity bit should be used to identify transmission errors. Possible values: • 2 (default value): No parity bit is used.
8 Physical Interfaces Teldat GmbH Field Description • B824B8 : If the software handshake is used, the recipient sends special signs to the sender to control the data flow. Fields in the IP menu. Field Mode Description Select the Mode in which the gateway should process IP data packets. Possible values: • 0 (default value): The gateway waits for incoming TCP connections. • ) : The gateway actively sets up a TCP connection. • +7!: The gateway sends and receives UDP packets.
8 Physical Interfaces Teldat GmbH Field Description Possible values: .. ( . Default value: . Inter-Byte Gap Enter the time in ms since receiving the first character, which is used as a trigger for data transmission. The function is enabled with . The function is disabled by default. Possible values: .. ( . Default value: . Fields in the Buffer menu. Field Description Clear Serial RX-Buffer Click the Clear button to clear the receive buffer.
8 Physical Interfaces Teldat GmbH Field Port Mode Description Possible values: • 6 0 (default value): The relay is manually set to always open. • " 0 : The relay is manually set to always closed. • " < ,: The relay is automatically coupled with the red error LED.
9 LAN Teldat GmbH Chapter 9 LAN In this menu, you configure the addresses in your LAN and can structure your local network using VLANs. 9.1 IP Configuration In this menu, you can edit the IP configuration of the LAN and Ethernet interfaces of your device. 9.1.1 Interfaces The existing IP interfaces are listed in the LAN->IP Configuration->Interfaces menu. You can edit the IP configuration of the interfaces or create virtual interfaces for special applications.
9 LAN Teldat GmbH Example of subnets If your device is connected to a LAN that consists of two subnets, you should enter a second IP Address / Netmask. The first subnet has two hosts with the IP addresses 192.168.42.1 and 192.168.42.2, for example, and the second subnet has two hosts with the IP addresses 192.168.46.1 and 192.168.46.2. To be able to exchange data packets with the first subnet, your device uses the IP address 192.168.42.3, for example, and 192.168.46.3 for the second subnet.
9 LAN Teldat GmbH Field Description Select the Ethernet interface for which the virtual interface is to be configured. Address Mode Select how an IP address is assigned to the interface. Possible values: • (default value): The interface is assigned a static IP address in IP Address / Netmask. • 7;)!: An IP address is assigned to the interface dynamically via DHCP.
9 LAN Teldat GmbH Field Description This option only applies for routing interfaces. Assign the interface to a VLAN by entering the VLAN ID of the relevant VLAN. Possible values are (default value) to ' '. The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu. Field Description DHCP MAC Address Only for Address Mode = 7;)! If Use built-in is activated (default setting), the hardware MAC address of the Ethernet interface is used.
9 LAN Teldat GmbH Field Description The function is disabled by default. TCP-MSS Clamping Select whether your device is to apply MSS Clamping. To prevent IP packets fragmenting, the MSS (Maximum Segment Size) is automatically decreased by the device to the value set here. The function is activated by selecting . The function is disabled by default. Once enabled, the default value ( is entered in the input field. 9.2 VLAN By implementing VLAN segmentation in accordance with 802.
9 LAN Teldat GmbH Fig. 64: VLAN segmenting VLAN for Bridging and VLAN for Routing In the LAN->VLAN menu, VLANs (virtual LANs) are configured with interfaces that operate in Bridging mode. Using the VLAN menu, you can make all the settings needed for this and query their status. Caution For interfaces that operate in Routing mode, you only assign a VLAN ID to the interface. You define this via the parameters Interface Mode = / @3."2A and field VLAN ID in menu LAN->IP Configuration->Interfaces->New.
9 LAN Teldat GmbH 9.2.1 VLANs In this menu, you can display all the VLANs already configured, edit your settings and create new VLANs. By default, the = VLAN is available, to which all interfaces are assigned. 9.2.1.1 Edit or New Choose the icon to edit existing entries. Select the New button in order to create new VLANs. Fig. 65: LAN->VLAN->VLANs->New The LAN->VLAN->VLANs->New menu consists of the following fields: Fields in the Configure VLAN menu.
9 LAN Teldat GmbH 9.2.2 Port Configuration In this menu, you can define and view the rules for receiving frames at the VLAN ports. Fig. 66: LAN->VLANs->Port Configuration The LAN->VLANs->Port Configurationmenu consists of the following fields: Fields in the Port Configuration menu. Field Description Interface Shows the port for which you define the PVID and processing rules. PVID Assign the selected port the required PVID (Port VLAN Identifier).
9 LAN Teldat GmbH Fig. 67: LAN->VLANs->Administration The LAN->VLANs->Administrationmenu consists of the following fields: Fields in the Bridge Group br VLAN Options menu Field Description Enable VLAN Enable or disable the specified bridge group for VLAN. The function is enabled with . The function is not activated by default. Management VID bintec WLAN and Industrial WLAN Select the VLAN ID of the VLAN in which your device is to operate.
10 Wireless LAN Teldat GmbH Chapter 10 Wireless LAN In the case of wireless LAN or Wireless LAN (WLAN = Wireless Local Area Network), this relates to the creation of a network using wireless technology. Network functions Like a wired network, a WLAN offers all the main network functions. Access to servers, files, printers, and the e-mail system is just as reliable as company-wide Internet access.
10 Wireless LAN Teldat GmbH An amendment to the Telecommunications Act (TKG) allowed the 5.8 GHz band (5755 MHz - 5875 MHz) to be used for so-called BFWA applications (Broadband Fixed Wireless Access). This simply requires registration with the Federal Network Agency. However, the use of TPC and DFS is mandatory in this case. 10.1 WLAN In the Wireless LAN->WLAN menu, you can configure all WLAN modules of your device.
10 Wireless LAN Teldat GmbH Fig.
10 Wireless LAN Teldat GmbH Fig. 70: Wireless LAN WLAN Radio Settings The Wireless LAN->WLAN->Radio Settings-> for Operation Mode " ) menu consists of the following fields: Fields in the menu Wireless Settings Field Operation Mode Description Define the mode in which the wireless module of your device is to operate. Possible values: • 8 (default value): The wireless module is not active. • " ! : Your device is used as an access point in your network.
10 Wireless LAN Teldat GmbH Field Client Mode Description Only for Operation Mode = " ) Select the client connection mode to the access point. Possible values: • 6 (default value): In a network in infrastructure mode, all clients communicate with each other via access points only. There is no direct communication between the individual clients. • " ; : In ad-hoc mode, an access client can be used as central interface between a number of terminals.
10 Wireless LAN Teldat GmbH Field Description Possible values: • ' 1;D: Your device runs in 2.4 (Mode 802.11b and Mode 802.11g) or 5 GHz (Mode 802.11a/h). • 1;D (default value): Your device runs in 5 GHz (Mode 802.11a/h). • ' 1;D: Your device runs in 2.4 GHz (Mode 802.11b and Mode 802.11g). Usage Area Only for Operation Mode = " ) , Client Mode = 6 and Operation Band = ' 1;D or 1;D Possible values: • 6 #8 • 6 • 8 IEEE 802.
10 Wireless LAN Teldat GmbH Field Description channels apart, as a network also partially occupies the adjacent channels. In the case of manual channel selection, please make sure first that the clients actually support these channels. Possible values: • For Operation Band = ' 1;D 6 48 Possible values are to ( and " not possible in bridge mode. • For Operation Band = 1;D 6 (default value).
10 Wireless LAN Teldat GmbH Field Description Displays the second channel used. Bandwidth Only for Wireless Mode = 4 4 , 4 , , 4 Select how many channels are to be used. Possible values: • =;D (default value): One channel with 20 MHz bandwidth is used. • ' =;D: Two channels each with 20 MHz bandwidth are used. In the case one channel acts as a control channels and the other as an expansion channel.
10 Wireless LAN Teldat GmbH Field Description • = : (default value): The maximum antenna power is used. • * • * • * • ' * • * Fields in the menu Performance Settings Field Description Wireless Mode Select the wireless technology that the access point is to use. Only for Operation Band = ' 1;D 6 48 Possible values: • : The device operates only in accordance with 802.11g. 802.11b clients have no access. • : Your device operates only in accordance with 802.
10 Wireless LAN Teldat GmbH Field Description In Operation Mode " ) with Client Mode " ; additional options are available for Operation Band = 1;D 6 , 1;D 8 , 1;D 6 48 , 1;D 8 Possible values: • : The device operates only in accordance with 802.11a. • : Your device operates only according to 802.11n. • 4 : Your device operates according to either 802.11a or 802.11n.
10 Wireless LAN Teldat GmbH Field Description The Airtime fairness function ensures that the access point's send resources are distributed intelligently to the connected clients. This means that a powerful client (e. g. a 802.11n client) cannot achieve only a poor flow level, because a less powerful client (e. g. a 802.11a client) is treated in the same way when apportioning. The function is enabled with . The function is disabled by default.
10 Wireless LAN Teldat GmbH Field Description You can delete entries with the Beacon Period icon. Only for Operation Mode = " ! or " ) # with Client Mode " ; . Not available for bintec W1003n, bintec W2003n, bintec W2003n-ext and bintec W2004n. Enter the time in milliseconds between the sending of two beacons. This value is transmitted in Beacon and Probe Response Frames. Possible values are to ( . The default value is ms.
10 Wireless LAN Teldat GmbH Field Description value " - , or " - , (default value). Short Guard Interval Enable this function to reduce the guard interval (= time between transmission of two data symbols) from 800 ns to 400 ns. Short Retry Limit Not available for bintec W1003n, bintec W2003n, bintec W2003n-ext and bintec W2004n. Enter the maximum number of attempts to send a frame. This value must be less than or equal to the value specified in RTS Threshold.
10 Wireless LAN Teldat GmbH Fig. 71: Wireless LAN ->WLAN->Radio Settings -> ->Advanced Settings for Operation Mode " ) Fields in the menu Advanced Settings for Access Client Mode. Field Description Scan channels Choose the channels which the WLAN client automatically scans for available wireless networks. Possible values: • " (default value): All channels are scanned. • " : The channel is automatically selected. • + : The desired channels can therefore be defined.
10 Wireless LAN Teldat GmbH Field Description wireless networks as soon as the radio signal of the existing radio connection becomes unsuitable for higher data rates. • 2 < (default value): Standard roaming. • - < : The WLAN client searches for available wireless networks as soon as the radio signal of the existing radio connection becomes weaker. • 2 < : The WLAN client searches for available wireless networks if it is no longer connected to a wireless network. • ) ers.
10 Wireless LAN Teldat GmbH Field Min. Period Passive Scan Description Displays the minimum passive scanning time for a frequency in milliseconds. The value can only be modified for Roaming Profile = ) < . The default value is . Max. Period Passive Scan Displays the maximum passive scanning time for a frequency in milliseconds. The value can only be modified for Roaming Profile = ) < . The default value is .
10 Wireless LAN Teldat GmbH Field Description Fragmentation Threshold Enter the maximum size as of which the data packets are to be fragmented (i.e. split into smaller units). Low values are recommended for this field in areas with poor reception and in the event of radio interference. Possible values are to (' . The default value is (' bytes. 10.1.
10 Wireless LAN Teldat GmbH and read by any attacker with the appropriate resources. Particular attention must therefore be paid to protecting the wireless connection. There are three security modes, WEP, WPA-PSK and WPA Enterprise. WPA Enterprise offers the highest level of security, but this security mode is only really suitable for companies, because it requires a central authentication server. Private users should choose WEP or preferably WPA-PSK with higher security as their security mode. WEP 802.
10 Wireless LAN Teldat GmbH You can control which clients can access your wireless LAN via your device by creating an Access Control List (Access Control oder MAC-Filter). In the Access Control List, you enter the MAC addresses of the clients that may access your wireless LAN. All other clients have no access.
10 Wireless LAN Teldat GmbH Fig. 72: Wireless LAN ->WLAN->Wireless Networks (VSS) -> The Wireless LAN->WLAN->Wireless Networks (VSS)-> ->New ->New menu consists of the following fields: Fields in the menu Service Set Parameters Field Description Network Name (SSID) Enter the name of the wireless network (SSID). Enter an ASCII string with a maximum of 32 characters. Also select whether the Network Name (SSID) is to be transmitted. The network name is displayed by selecting 3 .
10 Wireless LAN Teldat GmbH Field Description The function is enabled by default. ARP Processing Select whether the ARP Processing function should be activated. The ARP data traffic is reduced in the network by the fact that ARP broadcasts that have been converted to ARP unicasts are forwarded to IP addresses that are known internally. Unicasts are quicker and clients with an enabled power save function are not addressed. The function is activated by selecting .
10 Wireless LAN Teldat GmbH Field Description tion Transmit Key • ! ' : WEP 40 bits • ! ': WEP 104 bits • !"#! $: WPA Preshared Key • !" % : 802.11i/TKIP Only for Security Mode = ! ' or ! ' Select one of the keys configured in WEP Key <1 - 4> as a default key. The default value is $ , . WEP Key 1-4 Only for Security Mode = ! ' , ! ' Enter the WEP key. Enter a character string with the right number of characters for the selected WEP mode.
10 Wireless LAN Teldat GmbH Field Description WPA2 Cipher Only for Security Mode = !"#! $ and !" % and for WPA Mode = !" and !" !" Select the type of encryption with which to apply WPA 2. Possible values: • " (default value): AES is used. • " Preshared Key /$6!: AES or TKIP is used. Only for Security Mode = !"#! $ Enter the WPA password. Enter an ASCII string with 8 - 63 characters.
10 Wireless LAN Teldat GmbH Field Description The maximum number of clients that can register with a wireless module depends on the specifications of the respective WLAN module. This maximum is distrubuted across all wireless networks configured for this radio module. No more new wireless networks can be created and a warning message will appear if the maximum number of clients is reached. Possible values are whole numbers between and '. The default value is ( . Max.
10 Wireless LAN Teldat GmbH Field Description • 7 # % D (default value): The function is not used for this VSS. This is useful if clients are to switch between different radio cells with as little delay as possible, e. g. with Voice over WLAN. • E' 1;D % : Preference is given to accepting clients in the 2.4 GHz band. • 1;D % : Preference is given to accepting clients in the 5 GHz band.
10 Wireless LAN Teldat GmbH Field Description Possible values are to . The default value is . 10.1.3 WDS Links Not available with W1003n, W2003n, W2003n-ext and W2004n. If you're operating your device in Access Point mode, ( Wireless LAN->WLAN->Radio Settings-> ->Operation Mode = " ! ), you can edit the desired WDS Links or set up new ones in the menu Wireless LAN->WLAN->WDS Links-> / New. Important The WDS link can only be configured in the 2.
10 Wireless LAN Teldat GmbH 10.1.3.1 Edit or New Choose the icon to edit existing entries. Choose the New button to configure additional WDS links. Fig. 73: Wireless LAN ->WLAN->WDS Links->New The Wireless LAN->WLAN->WDS Links->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description WDS Description Enter a name for the WDS link. If the + option is activated, the automatically generated name of the interface is used.
10 Wireless LAN Teldat GmbH Field Description link, and in Transmit Key select the default key. Transmit Key • ! ': Data traffic on this WDS link is encrypted with WEP140. In WEP Key 1 to WEP Key 4 enter the keys for this WDS link, and in Transmit Key select the default key. • !": Data traffic on this WDS link is encrypted with WPA. Enter the key for this WDS link in Preshared Key. • !" : Data traffic on this WDS link is encrypted with WPA. Enter the key for this WDS link in Preshared Key.
10 Wireless LAN Teldat GmbH Field Description Remote MAC Address Enter the MAC address of the WDS partner. 10.1.4 Client Link Not available with W1003n, W2003n, W2003n-ext and W2004n. If you're operating your device in Access Point mode, ( Wireless LAN->WLAN->Radio Settings-> ->Operation Mode = " ) ), you can edit the existing client links in the Wireless LAN->WLAN->Client Link-> menu. The Client Mode can be operated in infrastructure mode or in ad-hoc mode.
10 Wireless LAN Teldat GmbH Fields in the Security Settings menu. Field Description Security Mode Select the security mode (encryption and authentication) for the wireless network. Possible values: • 6 0 tion (default value): Neither encryption nor authentica- • ! ' : WEP 40 bits • ! ': WEP 104 bits • !" 2 : Only for Client Mode = " ; .
10 Wireless LAN Teldat GmbH Field Description Enter an ASCII string with 8 - 63 characters. WPA Cipher Only for Security Mode = !"#! $ and WPA Mode = !" Select which encryption method should be used. Possible values: • /$6! (default value): Temporal Key Integrity Protocol • " : Advanced Encryption Standard. Both encryption methods are rated as secure, with AES offering better performance. WPA2 Cipher Only for Security Mode = !"#! $ and WPA Mode = !" Select which encryption method is to be used.
10 Wireless LAN Teldat GmbH After successful scanning, a selection of potential scan partners is displayed in the scan list. In the Action column, click Select to connect the local clients with this client. If the partners are connected with one another, the icon appears in the Connected column. The icon appears in the Connected column if the connection is active. The Wireless LAN->WLAN->Client Link->Scan menu consists of the following fields: Fields in the Scan menu.
10 Wireless LAN Teldat GmbH ing on the antennas used. Note Always use the antennas and antenna cables supplied with the equipment to prevent unintentional violations of the applicable law. If you have special requirements, e.g. regarding cable lengths, please contact your dealer or Teldat GmbH. Bridges are generally used to interconnect various LAN segments at Layer 2 of the OSI 7-layer model.
10 Wireless LAN Teldat GmbH Fig. 76: Point-to-point topology Fig.
10 Wireless LAN Teldat GmbH Fig. 78: Wireless backbone Fig. 79: Wireless bridge with connection of wireless clients To be able to set up a wireless link to Teldat bridges, an uninterrupted view must exist between the antennas at both ends. This is called a line of sight, abbreviated to LOS. The term line of sight does not just mean a straight line of vision between the two antennas, but a kind of tunnel, which must not be disturbed by obstacles. This tunnel is called the 1st Fresnel zone.
10 Wireless LAN Teldat GmbH gitudinal axis. At least 60 % of the 1st Fresnel zone must remain free of obstacles. The radius (or the small semi-axis) depends on the frequency used and the distance between the antennas. Fig. 80: 1. Fresnel zone Example: Radius of 1st Fresnel zone as a function of distance from transmit antenna for antenna separation of 5 km at 2.45 GHz.
10 Wireless LAN Teldat GmbH Distance from transmit an- Radius of 1st Fresnel zone Radius at 60 % of tenna (km) (m) 1st Fresnel zone (m) 4,500 7,4 5,7 4,750 5,4 4,2 Example: Radius of 1st Fresnel zone as a function of distance to the transmit antenna for a distance of 700 m at 2.45 GHz.
10 Wireless LAN Teldat GmbH Fig. 81: Antenna connection A label containing details of the two antennas is located on the back of the device. The primary antenna is designated Ant 1. 10.1.5.1 Edit or New Choose the icon to edit existing entries. Choose the New button to configure additional Bridge links. Fig. 82: Wireless LAN ->WLAN->Bridge Links-> The Wireless LAN->WLAN->Bridge Links-> ->New ->New menu consists of the following fields: Fields in the Basic Parameters menu.
10 Wireless LAN Teldat GmbH Field Description the input field. Option + Remote Configuration is active by default. Select whether setup of a bridge link from a remote bridge is to be permitted. Possible values: • " - (default value): It is possible to set up a bridge link from a remote bridge. • 7 : It is not possible to set up a bridge link from a remote bridge. Fields in the Bridge Security Settings menu.
10 Wireless LAN Teldat GmbH Fig. 83: Wireless LAN ->WLAN->Bridge Links->Automatic Bridge Link Configuration After successful scanning, a selection of potential bridge partners is displayed in the scan list. In the Action column, click Select to connect the local bridge with this bridge. If the partners are connected with one another, the icon appears in the Connected column. The icon appears in the Connected column if the connection is active.
10 Wireless LAN Teldat GmbH Field Description Remote MAC Address Shows the MAC address of the remote bridge. Remote link enabled Displays the status of the link on the remote bridge. Connected Displays the status of the link on your bridge. Action You can change the status of the bridge link. The available actions are displayed in this field. 10.2 Administration The Wireless LAN->Administration menu contains basic settings for operating your gateway as an access point (AP). 10.2.
11 Wireless LAN Controller Teldat GmbH Chapter 11 Wireless LAN Controller By using the wireless LAN controller, you can set up and manage a WLAN infrastructure with multiple access points (APs). The WLAN controller has a Wizard which assists you in the configuration of your access points. The system uses the CAPWAP protocol (Control and Provisioning of Wireless Access Points Protocol) for any communication between masters and slaves.
11 Wireless LAN Controller Teldat GmbH 11.1.1 Basic Settings Here you can configure all of the various settings that you require for the actual wireless LAN controller. The wireless LAN controller uses the following settings: Region Select the country in which the wireless controller is to be operated. Please note: The range of channels that can be used varies depending on the country setting. Interface Select the interface to be used for the wireless controller.
11 Wireless LAN Controller Teldat GmbH 11.1.2 Radio Profile Select which frequency band your WLAN controller shall use. If the ' 1;D < If the 1;D < ! ! is set then the 2.4 GHz frequency band is used. is set then the 5 GHz frequency band is used. If the corresponding device contains two wireless modules, you can Use two independent radio profiles. This assigns ' 1;D < ! to module 1 and 1;D < ! to module 2. The function is activated by selecting .
11 Wireless LAN Controller Teldat GmbH Enter an ASCII string with a maximum of 32 characters. Also select whether the Network Name (SSID) 3 is to be transmitted. Security Mode Select the security mode (encryption and authentication) for the wireless network. Please note: !" % means 802.11x. WPA Mode Select for Security Mode = !"#! $ or !" oder WPA 2 or both. % , whether you wish to use WPA Preshared Key Enter the WPA password for Security Mode = !"#! $.
11 Wireless LAN Controller Teldat GmbH Note Before you continue, please ensure that all access points that the WLAN controller shall manage are correctly wired and switched on. 11.1.4 Start automatic installation You will see a list of all detected access points. If you wish to change the settings of a detected AP, click on in the corresponding entry. You will see the settings for all selected access points. You can change these settings.
11 Wireless LAN Controller Teldat GmbH The number of channels you can select depends on the country setting. Please consult the data sheet for your device. Note Configuring the network name (SSID) in Access Point mode means that wireless networks can be logically separated from each other, but they can still physically interfere with each other if they are operating on the same or closely adjacent wireless channels.
11 Wireless LAN Controller Teldat GmbH Under Configure the Alert Service for WLAN surveillance, click Start to monitor your managed APs. You are taken to the External Reporting->Alert Service->Alert Recipient menu with the default setting Event = = "! . You can specify that you wish to be notified by e-mail if the = "! event occurs. Click under New Neighborscan on Start, to rescan adjacent AP's.
11 Wireless LAN Controller Teldat GmbH Field Description The range of channels that can be used varies depending on the country setting. The default value is 1 ,. Interface Select the interface to be used for the wireless controller. DHCP Server Select whether an external DHCP server shall assign IP addresses to the APs or if you wish to assign fixed IP addresses yourself. Alternatively, you can use your device as a DHCP server.
11 Wireless LAN Controller Teldat GmbH Field Description Slave AP location Select whether the APs that the wireless LAN controller is to manage are located in the LAN or the WAN. Possible values: • . @."2A (default value) • < @ "2A The < @ "2A setting is useful if, for example, there is a wireless LAN controller installed at head office and its APs are distributed to different branches. If the APs are linked via VPN, it may be that a connection is terminated.
11 Wireless LAN Controller Teldat GmbH 11.3.1 Slave Access Points Fig. 86: Wireless LAN Controller ->Slave AP configuration ->Slave Access Points In the Wireless LAN Controller->Slave AP configuration->Slave Access Points menu a list of all APs found with the wizard is displayed. You will see an entry with a parameter set for each access point ( Location, Name, IP Address, LAN MAC Address, Channel, Search Channel, Status, Action).
11 Wireless LAN Controller Teldat GmbH 11.3.1.1 Edit Choose the icon to edit existing entries. You can also delete entries using the icon. If you have deleted APs, these will be loc- ated again but shall not be configured. Fig.
11 Wireless LAN Controller Teldat GmbH Field Description Name Displays the name of the AP. You can change the name. Description Enter a unique description for the AP. CAPWAP Encryption Select whether communication between the master and slaves is to be encrypted. The function is activated by selecting . The function is enabled by default. You can override the encryption in order to view the communication for debugging purposes.
11 Wireless LAN Controller Teldat GmbH Field Description different channels. Each of these should be spaced at least four channels apart, as a network also partially occupies the adjacent channels. In the case of manual channel selection, please make sure first that the APs actually support these channels. Possible values (according to the selected wireless module profile): • For Operation Band = ' 1;D 6 48 Possible values are to ( and " • For Operation Band = 1;D 6 (default value).
11 Wireless LAN Controller Teldat GmbH 11.3.2 Radio Profiles Fig. 88: Wireless LAN Controller ->Slave AP configuration ->Radio Profiles An overview of all created wireless module profiles is displayed in the Wireless LAN Controller->Slave AP configuration->Radio Profiles menu. A profile with 2.4 GHz and a profile with 5 GHz are created by default; the 2.4 GHz profile cannot be deleted.
11 Wireless LAN Controller Teldat GmbH Fig. 89: Wireless LAN Controller ->Slave AP configuration ->Radio Profiles -> The Wireless LAN Controller->Slave AP configuration->Radio Profiles-> / New / New menu consists of the following fields: Fields in the menu Radio Profile Definition Field Description Operation Mode Description Enter the desired description of the wireless module profile. Define the mode in which the wireless module profile is to be operated.
11 Wireless LAN Controller Teldat GmbH Field Description your network. Operation Band Select the frequency band of the wireless module profile. Possible values: • ' 1;D 6 48 (default value): Your device is operated at 2.4 GHz (mode 802.11b, mode 802.11g and mode 802.11n), inside or outside buildings. • 1;D 6 : Your device is operated at 5 GHz (mode 802.11a/h and mode 802.11n) inside buildings. • 1;D 8 : Your device is operated at 5 GHz (mode 802.11a/h and mode 802.11n) outside buildings.
11 Wireless LAN Controller Teldat GmbH Fields in the menu Performance Settings Field Wireless Mode Description Select the wireless technology that the access point is to use. For Operation Band = ' 1;D 6 48 Possible values: • : The device operates only in accordance with 802.11g. 802.11b clients have no access. • : Your device operates only in accordance with 802.11b and forces all clients to adapt to it.
11 Wireless LAN Controller Teldat GmbH Field Description Max. Transmission Rate Select the transmission speed. Possible values: • " (default value): The transmission speed is determined automatically. • >3 ?: According to setting for Operation Band, Bandwidth, Number of Spatial Streams and Wireless Mode various fixed values in mbps are available. Burst Mode Activate this function to increase the transmission speed for 802.11g through frame bursting.
11 Wireless LAN Controller Teldat GmbH Field Description lected. This ensures that no channels overlap, i.e. a distance of four channels is maintained between the channels used. This is useful if more access points are used with overlapping radio cells. Possible values: • " : All channels can be dialled when a channel is selected. • " : Depending on the region, operation band, wireless mode and bandwidth, the channels that have a distance of 4 channels are provided.
11 Wireless LAN Controller Teldat GmbH Field RTS Threshold Short Guard Interval Short Retry Limit Description Here you can specify the data packet length threshold in bytes (1..2346) as of which the RTS/CTS mechanism is to be used. This makes sense if several clients that are not in each other's wireless range are run in one access point. Enable this function to reduce the guard interval (= time between transmission of two data symbols) from 800 ns to 400 ns.
11 Wireless LAN Controller Teldat GmbH Field Description The function is enabled with . The function is not activated by default. 11.3.3 Wireless Networks (VSS) Fig. 90: Wireless LAN Controller ->Slave AP configuration ->Wireless Networks (VSS) An overview of all created wireless networks is displayed in the Wireless LAN Controller>Slave AP configuration->Wireless Networks (VSS) menu. A wireless network is created by default.
11 Wireless LAN Controller Teldat GmbH Fig. 91: Wireless LAN Controller ->Slave AP configuration ->Wireless Networks (VSS)->New The Wireless LAN Controller->Slave AP configuration->Wireless Networks (VSS)->New menu consists of the following fields: Fields in the menu Service Set Parameters Field Description Network Name (SSID) Enter the name of the wireless network (SSID). Enter an ASCII string with a maximum of 32 characters. Also select whether the Network Name (SSID) is to be transmitted.
11 Wireless LAN Controller Teldat GmbH Field Description The function is activated by selecting . The function is enabled by default. ARP Processing Select whether the ARP processing function should be enabled. The ARP data traffic is reduced in the network by the fact that ARP broadcasts that have been converted to ARP unicasts are forwarded to IP addresses that are known internally. Unicasts are quicker and clients with an enabled power save function are not addressed.
11 Wireless LAN Controller Teldat GmbH Field Transmit Key Description Only for Security Mode = ! ' or ! ' Select one of the keys configured in WEP Key as a standard key. The default value is $ , . WEP Key 1-4 Only for Security Mode = ! ' , ! ' Enter the WEP key. Enter a character string with the right number of characters for the selected WEP mode. For ! ' you need a character string with 5 characters, for ! ' with 13 characters, e. g. for ! ' , #- % for ! '.
11 Wireless LAN Controller Teldat GmbH Field Description • " (default value): AES is used. • /$6!: TKIP is used. Preshared Key Only for Security Mode = !"#! $ Enter the WPA password. Enter an ASCII string with 8 - 63 characters. Note: Change the default Preshared Key! If the key has not been changed, your device will not be protected against unauthorised access! Radius Server You can control access to a wireless network via a RADIUS server. With Add, you can create new entries.
11 Wireless LAN Controller Teldat GmbH Field Description Possible values are whole numbers between and '. The default value is ( . Max. number of clients Not all devices support this function. - soft limit To avoid a radio module being fully utilised, you can set a "soft" restriction on the number of connected clients. If this number is reached, new connection queries are initially rejected.
11 Wireless LAN Controller Teldat GmbH Field Description • 1;D % : Preference is given to accepting clients in the 5 GHz band. Fields in the menu MAC-Filter Field Access Control Description Select whether only certain clients are to be permitted for this wireless network. The function is activated by selecting . The function is disabled by default.
11 Wireless LAN Controller Teldat GmbH Field Description VLAN Select whether the VLAN segmentation is to be used for this wireless network. The function is activated by selecting . The function is disabled by default. VLAN ID Enter the number that identifies the VLAN. Possible values are to ' '. VLAN ID 1 is not possible as it is already in use. 11.4 Monitoring This menu is used to monitor your WLAN infrastructure. 11.4.1 Active Clients Fig.
11 Wireless LAN Controller Teldat GmbH Status Meaning Authenticated The client is authenticated. 11.4.2 Wireless Networks (VSS) Fig. 93: Wireless LAN Controller ->Monitoring ->Wireless Networks (VSS) In menu Wireless LAN Controller->Monitoring->Wireless Networks (VSS) an overview of the currently used AP is displayed. You see which wireless module is assigned to which wireless network. For each wireless a parameter set is displayed (Location, Name, VSS, MAC Address (VSS), Channel, Clients, Status).
11 Wireless LAN Controller Teldat GmbH 11.4.4 Neighbor APs Fig. 95: Wireless LAN Controller ->Monitoring ->Neighbor APs In the Wireless LAN Controller->Monitoring->Neighbor APs menu, the adjacent AP's found during the scan are displayed. Rogue APs, i.e. APs which are not managed by the WLAN controller but are using an SSID managed by the WLAN controller are highlighted in red. Note Check the rogue APs shown carefully, as an attacker could attempt to spy on data in your network using a rogue AP.
11 Wireless LAN Controller Teldat GmbH 11.4.5 Rogue APs Fig. 96: Wireless LAN Controller ->Monitoring ->Rogue APs APs which are using an SSID from their own network but are not managed by Wireless LAN Controller are displayed in the Wireless LAN Controller->Monitoring->Rogue APs menu. Rogue APs which have been found for the first time are displayed with a red background.
11 Wireless LAN Controller Teldat GmbH 11.4.6 Rogue Clients Fig. 97: Wireless LAN Controller ->Monitoring +Rogue Clients The Wireless LAN Controller->Monitoring+Rogue Clients menu displays the clients which have attempted to gain unauthorised access to the network and which are therefore on the blacklist. The blacklist is configured for each VSS in the Wireless LAN Controller->Slave AP configuration->Wireless Networks (VSS) menu. You can also add a new entry to the static blacklist.
11 Wireless LAN Controller Teldat GmbH Fig. 98: Wireless LAN Controller ->Monitoring +Rogue Clients+New The menu consists of the following fields: Fields in the New Blacklist Entry menu. Field Description Rogue Client MAC Ad- Enter the MAC address of the client you intend to include in the dress static blacklist. Network Name (SSID) Pick the wireless network you want to exclude the rogue client from. 11.5 Maintenance This menu is used for the maintenance of your managed APs. 11.5.
11 Wireless LAN Controller Teldat GmbH all Managed Access Points is displayed. For each managed AP you will see an entry with the following parameter set: Update firmware, Location, Device, IP Address, LAN MAC Address, Firmware Version , Status. Click the Select all button to select all of the entries for a firmware update. Click the Deselect all button to disable all entries and to then select individual entries if required (e.g.
11 Wireless LAN Controller Teldat GmbH Field Description • / /! 0 : The file is stored respectively on a TFTP server specified in the URL. URL bintec WLAN and Industrial WLAN Only for Source Location = ;//! 0 or / /! 0 Enter the URL of the update server from which the system software file is loaded or on which the configuration file is saved.
12 Networking Teldat GmbH Chapter 12 Networking 12.1 Routes Default Route With a default route, all data is automatically forwarded to one connection if no other suitable route is available. If you set up access to the Internet, you must configure the route to your Internet Service Provider (ISP) as a default route.
12 Networking Teldat GmbH If the : opens. option is selected for the Route Class, an extra configuration section Fig. 101: Network ->Routes ->IPv4 Routes ->New with Extended = The Network->Routes->IPv4 Routes->New menu consists of the following fields: Fields in the menu Basic Settings Field Description Interface Select the interface to be used for this route. Route Type Select the type of route.
12 Networking Teldat GmbH Field Description • ; < 0 6 via a specific interface. : Route to an individual host • ; < 0 1 a specific gateway. - ,: Route to an individual host via • 2 - 5 < 0 6 (default value): Route to a network via a specific interface. • 2 - 5 < 0 1 specific gateway.
12 Networking Teldat GmbH Field Description Route Class Select the type of Route Class. Possible values: • : Defines a route with the default parameters. • : : Select whether the route is to be defined with extended parameters. If the function is active, a route is created with extended routing parameters such as source interface and source IP address, as well as protocol, source and destination port, type of service (TOS) and the status of the device interface.
12 Networking Teldat GmbH Fields in the menu Extended Route Parameters Field Description Description Enter a description for the IP route. Source Interface Select the interface over which the data packets are to reach the device. The default value is 2 . New Source IP Address/Netmask Enter the IP address and netmask of the source host or source network. Layer 4 Protocol Select a protocol. Possible values: 6)=!, 61=!, /)!, +7!, 1< , !, ";, 8 ! , !6=, . /!, " ,. The default value is " ,.
12 Networking Teldat GmbH Field Description First select the port number range. Possible values: • " , (default value): The route is valid for all port numbers. • : Enables the entry of a port number. • < : Enables the entry of a range of port numbers. • ! 0 : Entry of privileged port numbers: 0 ... 1023. • 0 : Entry of server port numbers: 5000 ... 32767. • ) : Entry of client port numbers: 1024 ... 4999. • ) : Entry of client port numbers: 32768 ... 65535.
12 Networking Teldat GmbH Field Description 3 3 Mode , /8 . 7 3 and /8 ; : Select when the interface defined in Route Parameters ->Interface is to be used. Possible values: • 7 % - (default value): The route can be used if the interface is "up". If the interface is "dormant", then dial and wait until the interface is "up". • " 0 : The route can always be used. • 7 % : The route can be used when the interface is "up".
12 Networking Teldat GmbH Field Description Destination IP Address Displays the IP address of the destination host or destination network. Netmask Displays the netmask of the destination host or destination network. Gateway Displays the gateway IP address. Nothing is displayed here when routes are received by DHCP. Interface Displays the interface used for this route. Metric Displays the route's priority.
12 Networking Teldat GmbH Fields in the Back Route Verify menu. Field Description Mode Select how the interfaces to be activated for Back Route Verify are to be specified. Possible values: • ated for all interfaces. : Back Route Verify is activ- • % (default value): A list of all interfaces is displayed in which Back Route Verify is only enabled for specific interfaces. • 7 abled for all interfaces. No.
12 Networking Teldat GmbH Fig. 104: Networking ->NAT ->NAT Interfaces For every NAT interface, the 2"/ 0 , . ! can be selected. % 5 0 , 7 , and !!/! In addition, ! - displays how many port forwarding rules were configured for this interface. Options in the menu NAT Interfaces Field Description NAT active Select whether NAT is to be activated for the interface. The function is disabled by default.
12 Networking Teldat GmbH Field Description If PPTP Passthrough is enabled, the device itself cannot be configured as a tunnel endpoint. Port Shows the number of portforwarding rules configured in Networking->NAT->NAT Configuration . 12.2.2 NAT Configuration In the Networking->NAT->NAT Configuration menu you can exclude data from NAT simply and conveniently as well as translate addresses and ports. For outgoing data traffic you can configure various NAT methods, i.e.
12 Networking Teldat GmbH Field Description Interface Select the interface for which NAT is to be configured. Possible values: • " , (default value): NAT is configured for all interfaces. • >6 list. Type of traffic ?: Select one of the interfaces from the Select the type of data traffic for which NAT is to be configured. Possible values: • @7 2"/A (default value): The data traffic that comes from outside. • • NAT method @ 2"/A: Outgoing data traffic.
12 Networking Teldat GmbH Field Description within the existing connection are allowed. In the NAT Configuration ->Specify original traffic menu, you can configure for which data traffic NAT is to be used. Fields in the Specify original traffic menu. Field Description Service Not for Type of traffic = @ 2"/A and NAT method = # , # or % # # . Select one of the preconfigured services.
12 Networking Teldat GmbH Field Description • " , (default value) • "; • ) • 1! • ! • 11! • 1< • ;=! • 6)=! • 61=! • 61! • 61
12 Networking Teldat GmbH Field Description original data packets, as the case arises. Original Destination IP Only for Type of traffic = @7 2"/A Address/Netmask Enter the destination IP address and corresponding netmask of the original data packets, as the case arises.
12 Networking Teldat GmbH Field Description Enter the destination port or the destination port range of the original data packets. The default setting #" # means that the port is not specified. In the NAT Configuration ->Replacement Values menu you can define, depending on whether you're dealing with inbound or outbound data traffic, new addresses and ports, to which specific addresses and ports from the NAT Configuration ->Specify original traffic menu can be translated.
12 Networking Teldat GmbH Field Description 8 leaves the original source port. If you disable 8 # , an input field appears in which you can enter a new source port. 8 is active by default. 12.3 Load Balancing The increasing amount of data traffic over the Internet means it is necessary to send data over different interfaces to increase the total bandwidth available. IP load balancing enables the distribution of data traffic within a certain group of interfaces to be controlled. 12.
12 Networking Teldat GmbH Fig. 106: Networking ->Load Balancing->Load Balancing Groups->New The menu Networking->Load Balancing->Load Balancing Groups->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Group Description Enter the desired description of the interface group. Distribution Policy Select the way the data traffic is to be distributed to the interfaces configured for the group.
12 Networking Teldat GmbH Field Description • +% : Only the data rate in the send direction is considered. By default, the 7 - and +% options are disabled. Distribution Mode Select the state the interfaces in the group may have if they are to be included in load balancing. Possible values: • " - , (default value): Also includes idle interfaces. • 8 , 0 state are included.
12 Networking Teldat GmbH Field Description Distribution Policy Displays the type of data traffic selected. Fields in the Interface Selection for Distribution menu. Field Description Interface Select the interfaces that are to belong to the group from the available interfaces. Distribution Ratio Enter the percentage of the data traffic to be assigned to an interface.
12 Networking Teldat GmbH Field Description You can choose between all routes and all extended routes. Tracking IP Address You can use the Tracking IP Address parameter to have a particular route monitored. The load balancing status of the interface and the status of the routes connected to the interface can be influenced using this parameter. This means that routes can be enabled or disabled irrespective of the interface's operation status.
12 Networking Teldat GmbH less detail. The first data packet which the properties configured here match specifies the route for particular subsequent data packets. Which data packets are subsequently routed via this route is configured in the Networking>Load Balancing->Special Session Handling->New->Advanced Settings menu. If in the Networking->Load Balancing->Special Session Handling->New menu, for example, you select the parameter Service = % @ .
12 Networking Teldat GmbH The Networking->Load Balancing->Special Session Handling->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Admin Status Select whether the Special Session Handling should be activated. The function is activated by selecting . The function is enabled by default. Description Enter a name for the entry. Service Select one of the preconfigured services, if required.
12 Networking Teldat GmbH Field Description Destination Port/Range Enter, if required, a destination port number or a range of destination port numbers. Possible values: • #" # (default value): The destination port is not specified. • % , % : Enter a destination port. • % , % : Enter a destination port range. Source Interface If required, select your device's source interface. Source IP Address/ Netmask Enter, if required, the source IP address and netmask of the data packets.
12 Networking Teldat GmbH Field Description the subsequent data packets must be routed via the same Destination Port to the same Destination Address. The two parameters Destination Address and Destination Port are enabled by default. If you leave the default setting for one or both parameters, the value of the parameter concerned must be the same as in the first data packet with data packets sent subsequently. You can disable one or both parameters if you wish.
12 Networking Teldat GmbH Fig. 109: Networking ->QoS->QoS Filter ->New The Networking->QoS->QoS Filter->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter the name of the filter. Service Select one of the preconfigured services. The extensive range of services configured ex works includes the following: • 0 , • %% #F • • • G • , • % • The default value is + .
12 Networking Teldat GmbH Field Description Select the type. Possible values: " ,, % ,, 7 # , F , < , , / : , / %, / % % ,. See RFC 792. The default value is " ,. Connection State With Protocol = /)!, you can define a filter that takes the status of the TCP connections into account. Possible values: • : All TCP packets that would not open any new TCP connection on routing over the gateway match the filter.
12 Networking Teldat GmbH Field Description DSCP/TOS Filter (Layer 3) Select the Type of Service (TOS). Possible values: • 6 (default value): The type of service is ignored. • 7 )! * , 3 : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in binary format, 6 bit). • 7 )! 7 3 : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in decimal format).
12 Networking Teldat GmbH Fig. 110: Networking ->QoS->QoS Classification->New The Networking->QoS->QoS Classification->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Class map Choose the class plan you want to create or edit. Possible values: • 2 - (default value): You can create a new class plan with this setting. • >2 % ?: Shows a class plan that has already been created, which you can select and edit. You can add new filters.
12 Networking Teldat GmbH Field Description To select a filter, at least one filter must be configured in the Networking->QoS->QoS Filter menu. Direction Select the direction of the data packets to be classified. Possible values: • 6 : Incoming data packets are assigned to the class (Class ID) that is then to be defined. • 8 (default value): Outgoing data packets are assigned to the class (Class ID) that is then to be defined.
12 Networking Teldat GmbH Field Description • 7 )! 7 3 : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in decimal format). • 7 )! ; : 3 : Differentiated Services Code Point according to RFC 3260 is used to signal the priority of IP packets (indicated in hexadecimal format). • /8 * , 3 : The TOS value is specified in binary format, e.g. 00111111. • /8 7 3 format, e.g. 63.
12 Networking Teldat GmbH Depending on the respective interface, a queue is created automatically for each class, but only for data traffic classified as outgoing and for data traffic classified in both directions. A priority is assigned to these automatic queues. The value of the priority is equal to the value of the class ID. You can change the default priority of a queue. If you add new queues, you can also use classes in other class plans via the class ID. 12.4.3.
12 Networking Teldat GmbH Field Description ets are always handled with priority. • H : QoS is activated on the interface. The available bandwidth is distributed as “fairly” as possible among the (automatically detected) traffic flows in a queue. Exception: High-priority packets are always handled with priority. • 7 (default value): QoS is deactivated on the interface. The existing configuration is not deleted, but can be activated again if required.
12 Networking Teldat GmbH Field Description • !!! 0 3."2 Can only be selected for IPSec interfaces: Encryption Method • 6! 0 • 6! 0 • 6! 0 !!! • 6! 0 !!! 3."2 3."2 0 Only if an IPSec Peers is selected as Interface, Traffic shaping is " 0 and Protocol Header Size below Layer 3 is not + @! ; 8 I A. Select the encryption method used for the IPSec connection.
12 Networking Teldat GmbH Field Description • "
12 Networking Teldat GmbH Field Description • 7 : Queue for data that has not been classified or data of a class for which no queue has been configured. Class ID Only for Prioritisation queue = ) * Select the QoS packet class to which this queue is to apply. To do this, at least one class ID must be given in the Networking->QoS->QoS Classification menu. Priority Only for Prioritisation queue = ) * Choose the priority of the queue.
12 Networking Teldat GmbH Field Description The function is disabled by default. Maximum Upload Speed Only for Traffic Shaping = enabled. Enter a maximum data rate for the queue in kbits. Possible values are to . The default value is . Overbooking allowed Only for Traffic Shaping = enabled. Enable or disable the function. The function controls the bandwidth limit.
12 Networking Teldat GmbH Field Description • / 7 % (default value): The newest packet received is dropped. • ; 7 %: The oldest packet in the queue is dropped. • < 7 %: A randomly selected packet is dropped from the queue. Congestion Avoidance Enable or disable preventative deletion of data packets. (RED) Packets which have a data size of between Min. queue size and Max. queue size are preventively dropped to prevent queue overflow (RED=Random Early Detection).
12 Networking Teldat GmbH • source and/or destination IP address • packet protocol • source and/or destination port (port ranges are supported) Access lists are an effective means if, for example, sites with LANs interconnected over a Teldat gateway wish to deny all incoming FTP requests or only allow Telnet sessions between certain hosts. Access filters in the gateway are based on the combination of filters and actions for filter rules (= rules) and the linking of these rules to form rule chains.
12 Networking Teldat GmbH Caution Make sure you don’t lock yourself out when configuring filters: If possible, access your gateway for filter configuration over the serial console interface or ISDN Login. 12.5.1 Access Filter This menu is for configuration of access filter Each filter describes a certain part of the IP traffic and defines, for example, the IP addresses, the protocol, the source port or the destination port.
12 Networking Teldat GmbH Fig. 113: Networking ->Access Rules ->Access Filter ->New The Networking->Access Rules->Access Filter->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a description for the filter. Service Select one of the preconfigured services.
12 Networking Teldat GmbH Field Description Possible values: • " , • % , • 7 • F • < • • / : • / % • / % % , The default value is " ,. See RFC 792. Connection State Only if Protocol = /)! You can define a filter that takes the status of the TCP connections into account. Possible values: • " , (default value): All TCP packets match the filter.
12 Networking Teldat GmbH Field Description Possible values: • #" # (default value): The filter is valid for all port numbers • • Source IP Address/ Netmask Source Port/Range % , % : Enables the entry of a port number. % , % numbers. : Enables the entry of a range of port Enter the source IP address and netmask of the data packets. Only if Protocol = /)!, +7! Enter a source port number or the range of source port numbers.
12 Networking Teldat GmbH Field Description COS Filter (802.1p/Layer 2) Enter the service class of the IP packets (Class of Service, CoS). Possible values are whole numbers between and C. The default value is 6 . 12.5.2 Rule Chains Rules for IP filters are configured in the Rule Chains menu. These can be created separately or incorporated in rule chains. In the Networking->Access Rules+Rule Chains menu, all created filter rules are listed. Fig. 114: Networking ->Access Rules +Rule Chains 12.5.
12 Networking Teldat GmbH Fields in the Basic Parameters menu. Field Rule Chain Description Select whether to create a new rule chain or to edit an existing one. Possible values: • 2 - (default value): You can create a new rule chain with this setting. • >2 % ?: Select an already existing rule chain, and thus add another rule to it. Description Access Filter Enter the name of the rule chain. Select an IP filter.
12 Networking Teldat GmbH A list of all configured interface assignments is displayed in the Networking->Access Rules->Interface Assignment menu. Fig. 116: Networking ->Access Rules ->Interface Assignment 12.5.3.1 Edit or New Choose the icon to edit existing entries. Choose the New button to configure additional assignments. Fig.
12 Networking Teldat GmbH Field Description • 7 : The sender receives an ICMP message. Reporting Method Define whether a syslog message is to be generated if a packet is denied. Possible values: • 2 % : No syslog message. • 6 (default value): A syslog message is generated with the protocol number, source IP address and source port number. • 7 %: A syslog message is generated with the contents of the first 64 bytes of the denied packet. 12.
12 Networking Teldat GmbH Fig. 118: Networking ->Drop In->Drop In Groups ->New The Networking->Drop In->Drop In Groups->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Description Group Description Enter a unique name for the Drop In group. Mode Select which mode is to be used to send the MAC addresses of network components.
12 Networking Teldat GmbH Field Description • 7;)! Network Address Only for Network Configuration = Enter the network address of the Drop In network. Netmask Only for Network Configuration = Enter the corresponding netmask. Local IP Address Only for Network Configuration = Enter the local IP address. This IP address must be identical for all the Ethernet ports in a network.
12 Networking Teldat GmbH Field Description The function is disabled by default. Interface Selection Select all the ports which are to be included in the Drop In group (in the network). Add new entries with Add.
13 Routing Protocols Teldat GmbH Chapter 13 Routing Protocols 13.1 RIP The entries in the routing table can be defined statically or the routing table can be updated constantly by dynamic exchange of routing information between several devices. This exchange is controlled by a Routing Protocol, e.g. RIP (Routing Information Protocol).
13 Routing Protocols Teldat GmbH Fig. 120: Routing Protocols ->RIP->RIP Interfaces-> The menu Networking->RIP->RIP Interfaces-> consists of the following fields: Fields in the RIP Parameters for menu. Field Description Send Version Decide whether routes are to be propagated via RIP and if so, select the RIP version for sending RIP packets over the interface in send direction. Possible values: • 2 (default value): RIP is not enabled. • <6! 3 : Enables sending and receiving of version 1 RIP packets.
13 Routing Protocols Teldat GmbH Field Description • 2 (default value): RIP is not enabled. • <6! 3 : Enables sending and receiving of version 1 RIP packets. • <6! 3 : Enables sending and receiving of version 2 RIP packets. • <6! 3 43 :Enables sending and receiving RIP packets of both version 1 and 2. • <6! 3 / : RIP V1 messages are sent, received and processed as per RFC 2091 (triggered RIP). • <6! 3 / : RIP V2 messages are sent, received and processed as per RFC 2091 (triggered RIP).
13 Routing Protocols Teldat GmbH tion. You configure a filter for a default route with the following values: • IP Address / Netmask = no entry for IP address (this corresponds to IP address 0.0.0.0), for netmask = 255.255.255.255 A list of all RIP filters is displayed in the Routing Protocols->RIP->RIP Filter menu. Fig. 121: Routing Protocols ->RIP->RIP Filter You can use the button to insert another filter above the list entry. The configuration menu for creating a new window opens.
13 Routing Protocols Teldat GmbH Field Description Interface Select the interface to which the rule to be configured applies. IP Address / Netmask Enter the IP address and netmask to which the rule is to be applied. This address can be in the LAN or WAN. The rules for incoming and outgoing RIP packets (import or export) for the same IP address must be separately configured. You can enter individual host addresses or network addresses.
13 Routing Protocols Teldat GmbH 13.1.3 RIP Options Fig. 123: Routing Protocols ->RIP->RIP Options The menu Routing Protocols->RIP->RIP Options consists of the following fields: Fields in the Global RIP Parameters menu. Field Description RIP UDP Port The setting option UDP Port, which is used for sending and receiving RIP updates, is only for test purposes. If the setting is changed, this can mean that your device sends and listens at a port that no other devices use.
13 Routing Protocols Teldat GmbH Field Description (=“Network is not reachable“). The function is enabled with . The function is disabled by default. RFC 2453 Variable Timer For the timers described in RFC 2453, select whether the same values that you can configure in the Timer for RIP V2 (RFC 2453) menu should be used. The function is enabled with . The function is enabled by default. If you deactivate the function, the times defined in RFC are retained for the timeouts.
13 Routing Protocols Teldat GmbH Field Description Garbage Collection Timer Only for RFC 2453 Variable Timer = The Garbage Collection Timer is started as soon as the route timeout has expired. After this timeout, the invalid route is deleted from the IPROUTETABLE if no update is carried out for the route. The default value is (seconds). Fields in the Timer for Triggered RIP (RFC 2091) menu.
14 Multicast Teldat GmbH Chapter 14 Multicast What is multicasting? Many new communication technologies are based on communication from one sender to several recipients. Therefore, modern telecommunication systems such as voice over IP or video and audio streaming (e.g. IPTV or Webradio) focus on reducing data traffic, e.g. by offering TriplePlay (voice, video, data).
14 Multicast Teldat GmbH dedicated host, but rather a group, i.e. during the routing of multicast packets, the decisive factor is whether a recipient is in a logged-in subnet. In the local network, all hosts are required to accept all multicast packets. For Ethernet or FDD, this is based on MAC mapping, where the group address is encoded into the destination MAC address. For routing between several networks, the routers first need to make themselves known to all potential recipients in the subnet.
14 Multicast Teldat GmbH 14.1.1 General In the Multicast->General->Generalmenu you can disable or enable the multicast function. Fig. 124: Multicast->General->General The Multicast->General->Generalmenu consists of the following fields: Fields in the Basic Settings menu. Field Description Multicast Routing Select whether Multicast Routing should be used. The function is enabled with . The function is disabled by default. 14.
14 Multicast Teldat GmbH 14.2.1 IGMP In this menu, you configure the interfaces on which IGMP is to be enabled. 14.2.1.1 Edit or New Choose the icon to edit existing entries. Choose the New button to configure IGMP on other interfaces. Fig. 125: Multicast->IGMP->IGMP->New The Multicast->IGMP->IGMP->New menu consists of the following fields: Fields in the IGMP Settings menu. Field Description Interface Select the interface on which IGMP is to be enabled, i.e.
14 Multicast Teldat GmbH Field Description Time within which hosts must respond. The hosts randomly select a time delay from this interval before sending the response. This spreads the load in networks with several hosts, improving performance. Possible values are E to E . The default value is E . Robustness Select the multiplier for controlling the timer values. A higher value can e.g. compensate for packet loss in a network susceptible to loss.
14 Multicast Teldat GmbH IGMP Proxy enables you to simulate several locally connected interfaces as a subnet to an adjacent router. Queries coming in to the IGMP Proxy interface are forwarded to the local subnets. Local reports are forwarded on the IPGM Proxy interface. Fig. 126: IGMP Proxy The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu.
14 Multicast Teldat GmbH Fig. 127: Multicast->IGMP->Options The Multicast->IGMP->Options menu consists of the following fields: Fields in the Basic Settings menu. Field Description IGMP Status Select the IGMP status. Possible values: • " (default value): Multicast is activated automatically for hosts if the hosts open applications that use multicast. • +%: Multicast is always on. • 7 - : Multicast is always off. Mode Only for IGMP Status = +% or " Select Multicast Mode.
14 Multicast Teldat GmbH Field Description IGMP State Limit Enter the maximum permitted total number of incoming queries and messages per second. The default value is , i.e. the number of IGMP status messages is not limited. 14.3 Forwarding 14.3.1 Forwarding In this menu, you specify which multicast groups are always passed between the interfaces of your device. 14.3.1.1 New Choose the Newbutton to create forwarding rules for new multicast groups. Fig.
14 Multicast Teldat GmbH Field Description The option is deactivated by default. Multicast Group Address Only for All Multicast Groups = not active. Enter here the address of the multicast group you want to forward from a defined Source Interface to a defined Destination Interface. Source Interface Select the interface on your device to which the selected multicast group is sent. Destination Interface Select the interface on your device to which the selected multicast group is to be forwarded. 14.
14 Multicast Teldat GmbH 14.4.1.1 Edit or New Choose the icon to edit existing entries. To configure PIM lists, select the New button. Fig. 130: Multicast->PIM->PIM Interfaces->New The Multicast->PIM->PIM Interfaces->New menu consists of the following fields: Fields in the PIM Interface Settings menu. Field Description Interface Choose the interface used for PIM, i.e. over which multicast routing is operated. PIM Mode Indicates the mode to be used for PIM. Your device uses PIM in sparse mode.
14 Multicast Teldat GmbH Field Description are released. Designated Router PriDefine the value of the designated router priority entered in the ority Designated Router Priority option. The higher the value, the greater the probability that the corresponding router will be used as the designated router. The default value is . The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu.
14 Multicast Teldat GmbH Field Join/Prune Interval Description Define the frequency at which the PIM Join/Prune messages are sent on the interface. The value means that no periodic PIM Join/Prune messages are sent on this interface. Possible values: to seconds. The default value is . Join/Prune Hold Time Define the value entered in the holdtime field of a PIM Join/ Prune message. This is the time for which a recipient must maintain the Join/ Prune state. Possible values: to ( seconds.
14 Multicast Teldat GmbH 14.4.2 PIM Rendezvous Points In menu Multicast->PIM->PIM Rendezvous Points you determine which Rendezvous Point is responsible for which group. A list of all PIM Rendezvous Points is displayed. Fig. 131: Multicast->PIM->PIM Rendezvous Points 14.4.2.1 Edit or New Choose the icon to edit existing entries. To configure PIM Rendezvous Points, select the New button. Fig.
14 Multicast Teldat GmbH Field Description Here you enter the IP address of the multicast network segment. Multicast Group Prefix Only if Multicast Group Range = % < Length Here you enter the network mask length of the multicast network segment. 224.0.0.0/4 indicates the entire multicast class D segment. Possible values: ' (default value) to ( . Rendezvous Point IP Address Precedence Enter the IP address or the hostname of the rendezvous points.
14 Multicast Teldat GmbH The Multicast->PIM->PIM Options menu consists of the following fields: Fields in the Basic Settings menu. Field Description PIM Status Select whether PIM should be activated. The function is activated by selecting . The function is disabled by default. Keepalive Period Enter the interval in seconds within which a KeepAlive message must be sent. Possible values: to ( . The default value is .
15 WAN Teldat GmbH Chapter 15 WAN This menu offers various options for configuring accesses or connections from your LAN to the WAN. You can also optimise voice transmission here for telephone calls over the Internet. 15.1 Internet + Dialup In this menu, you can set up Internet access or dialup connections. To enable your device to set up connections to networks or hosts outside your LAN, you must configure the partners you want to connect to on your device.
15 WAN Teldat GmbH Authentication If a call is received, PPP authentication is carried out with the connection partner depending on the configuration, before the call is accepted. Your device needs the necessary data for this, which you should enter here. First establish the type of authentication process that should be performed, then enter a common password and two codes. You get this information, for example, from your Internet Service Provider (ISP) or the system administrator at your head office.
15 WAN Teldat GmbH 15.1.1 PPPoE A list of all PPToE interfaces is displayed in the WAN->Internet + Dialup->PPPoE menu. PPP over Ethernet (PPPoE) is the use of the Point-to-Point Protocol (PPP) network protocol over an Ethernet connection. Today, PPPoE is used for ADSL connections in Germany. In Austria, the Point To Point Tunnelling Protocol (PPTP) was originally used for ADSL access. However, PPPoE is now offered here too by some providers. 15.1.1.
15 WAN Teldat GmbH Fields in the Basic Parameters menu. Field Description Description Enter a name to uniquely identify the PPPoE partner. The first character in this field must not be a number No special characters or umlauts must be used. PPPoE Mode Select whether you want to use a standard Internet connection over PPPoE ( ) or your Internet access is to be set up over several interfaces ( = 5).
15 WAN Teldat GmbH Field VLAN ID Description Only if VLAN is enabled. Enter the VLAN-ID that you received from your provider. Always on Select whether the interface should always be activated. The function is enabled with . The function is disabled by default. Only activate this option if you have Internet access with a flatrate charge. Connection Idle Timeout Only if Always on is disabled. Enter the idle time in seconds for static short hold.
15 WAN Teldat GmbH Field Description The function is enabled by default. Create NAT Policy Specify whether Network Address Translation (NAT) is to be activated. The function is enabled with . The function is enabled by default. Local IP Address Only if IP Address Mode = Enter the static IP address of the connection partner. Route Entries Only if IP Address Mode = Define other routing entries for this connection partner. Add new entries with Add.
15 WAN Teldat GmbH Field Description Possible values: • !"! (default value): Only run PAP (PPP Password Authentication Protocol); the password is transferred unencrypted. • );"!: Only run CHAP (PPP Challenge Handshake Authentication Protocol as per RFC 1994); password is transferred encrypted. • !"!4);"!: Primarily run CHAP, otherwise PAP. • = #);"!0 : Only run MS-CHAP version 1 (PPP Microsoft Challenge Handshake Authentication Protocol).
15 WAN Teldat GmbH Field Description MTU Enter the maximum packet size (Maximum Transfer Unit, MTU) in bytes that is allowed for the connection. With default value " , the value is specified by link control at connection setup. If you disable " , you can enter a value. Possible values are to . The default value is . 15.1.2 PPTP A list of all PPTP interfaces is displayed in the WAN->Internet + Dialup->PPTP menu.
15 WAN Teldat GmbH Fig. 135: WAN ->Internet + Dialup ->PPTP->New The menu WAN->Internet + Dialup->PPTP->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a name for uniquely identifying the internet connection. The first character in this field must not be a number No special characters or umlauts must be used. PPTP Ethernet Interface Select the IP interface over which packets are to be transported to the remote PPTP terminal.
15 WAN Teldat GmbH Field Description When using the internal DSL modem, select here the EthoA interface configured in Physical Interfaces->ATM->Profiles->New, e.g. # . User Name Enter the user name. Password Enter the password. Always on Select whether the interface should always be activated. The function is enabled with . The function is disabled by default. Only activate this option if you have Internet access with a flatrate charge.
15 WAN Teldat GmbH Field Description defined as the default route. The function is enabled with . The function is enabled by default. Create NAT Policy Specify whether Network Address Translation (NAT) is to be activated. The function is enabled with . The function is enabled by default. Local IP Address Only for IP Address Mode = Assign an IP address from your LAN to the PPT interface, which is to be used as your device's internal source address.
15 WAN Teldat GmbH Field Description The default value is . Authentication Select the authentication protocol for this Internet connection. Select the authentication specified by your provider. Possible values: • !"! (default value): Only run PAP (PPP Password Authentication Protocol); the password is transferred unencrypted. • );"!: Only run CHAP (PPP Challenge Handshake Authentication Protocol as per RFC 1994); password is transferred encrypted. • !"!4);"!: Primarily run CHAP, otherwise PAP.
15 WAN Teldat GmbH Field Description selected Ethernet port. Local PPTP IP Address Assign the PPTP interface an IP address that is used as the source address. The default value is ' . Remote PPTP IP Address Enter the IP address of the PPTP partner. LCP Alive Check Select whether the availability of the remote terminal is to be checked by sending LCP echo requests or replies. This makes it possible to switch to a backup connection more quickly in the event of line faults.
15 WAN Teldat GmbH Fig. 136: WAN ->Internet + Dialup +IP Pools ->New Fields in the menu Basic Parameters Field Description IP Pool Name Enter any description to uniquely identify the IP pool. IP Address Range Enter the first (first field) and last (second field) IP address of the IP address pool. DNS Server Primary: Enter the IP address of the DNS server that is to be used, preferably, by clients who draw an address from this pool.
15 WAN Teldat GmbH 15.2.1.1 New Click the New button to optimise voice transmission for other interfaces. Fig. 137: WAN ->Real Time Jitter Control ->Controlled Interfaces ->New The menu WAN->Real Time Jitter Control->Controlled Interfaces->New consists of the following fields: Fields in the Basic Settings menu. Field Description Interface Define for which interfaces voice transmission is to be optimised. Control Mode Select the mode for the optimisation.
16 VPN Teldat GmbH Chapter 16 VPN A connection that uses the Internet as a "transport medium" but is not publicly accessible is referred to as a VPN (Virtual Private Network). Only authorised users have access to such a VPN, which is seemingly also referred to as a VPN tunnel. Normally the data transported over a VPN is encrypted. A VPN allows field staff or staff working from home offices to access data on the company's network. Subsidiaries can also connect to head office over VPN.
16 VPN Teldat GmbH The policy-based method uses data traffic filters to negotiate the IPSec phase 2 SAs. This allows for a very "fine-grained" filter to be applied to the IP packet, even at the level of the protocol and the port. The routing-based method offers various advantages over the policy-based method, e.g., NAT/PAT within a tunnel, IPSec in combination with routing protocols and the creation of VPN backup scenarios.
16 VPN Teldat GmbH Fig. 138: VPN->IPSec->IPSec Peers Peer Monitoring The menu for monitoring a peer is called by selecting the button for the peer in the peer list. See Values in the IPSec Tunnels list on page 459. 16.1.1.1 New Choose the New button to set up more IPSec peers.
16 VPN Teldat GmbH Fig. 139: VPN->IPSec->IPSec Peers ->New The menu VPN->IPSec->IPSec Peers->New consists of the following fields: Fields in the menu Peer Parameters Field Description Administrative Status Select the status to which you wish to set the peer after saving the peer configuration.
16 VPN Teldat GmbH Field Description Possible values: • +% (default value): The peer is available for setting up a tunnel immediately after saving the configuration. • 7 - : The peer is initially not available after the configuration has been saved. Description Enter a description of the peer that identifies it. The maximum length of the entry is 255 characters. Peer Address Enter the official IP address of the peer or its resolvable host name.
16 VPN Teldat GmbH Field Authentication Method Description Only for Internet Key Exchange = 6$ 0 Select the authentication method. Possible values: • ! $ , (default value): If you do not use certificates for the authentication, you can select Preshared Keys. These are configured during peer configuration in the IPSec Peers. The preshared key is the shared password. • < " : Phase 1 key calculations are authenticated using the RSA algorithm.
16 VPN Teldat GmbH Field Description Preshared Key Enter the password agreed with the peer. The maximum length of the entry is 50 characters. All characters are possible except for : at the start of the entry. Fields in the menu Interface Routes Field Description IP Address Assignment Select the configuration mode of the interface. Possible values: • (default value): Enter a static IP address.
16 VPN Teldat GmbH Field Description the default route. The function is enabled with . The function is disabled by default. Local IP Address Only for IP Address Assignment = = 0 or 6$ ) Enter the WAN IP address of your IPSec tunnel. This can be the same IP address as the address configured on your router as the LAN IP address. Metric Only for IP Address Assignment = or 6$ ) = ) and Default Route = Select the priority of the route.
16 VPN Teldat GmbH • a method based on policies and • a method based on routing. The policy-based method can only be configured using the Setup tool. With the GUI, you use the routing-based method. (The latter is also available using the Setup tool.) The policy-based method uses data traffic filters to negotiate the IPSec phase 2 SAs. This enables the filtering of the IP packets to be very "fine grained" down to protocol and port level.
16 VPN Teldat GmbH Fig. 140: VPN->IPSec->IPSec Peers ->New->Add Fields in the menu Basic Parameters Field Description Description Enter a description for the filter. Protocol Select a protocol. The " , option (default value) matches any protocol. Source IP Address/ Netmask Enter, if required, the source IP address and netmask of the data packets. Possible values: • " , • ; : Enter the IP address of the host. • 2 - 5 (default value): Enter the network address and the related netmask.
16 VPN Teldat GmbH Field Description " # (= -1) means that the port is not specified. Destination IP Address/Netmask Enter the destination IP address and corresponding netmask of the data packets. Destination Port Only for Protocol = /)! or +7! Enter the destination port of the data packets. The default setting #" # (= -1) means that the port is not specified.
16 VPN Teldat GmbH Field Description XAUTH Profile Select a profile created in VPN->IPSec->XAUTH Profiles if you wish to use this IPSec peer XAuth for authentication. If XAuth is used together with IKE Config Mode, the transactions for XAuth are carried out before the transactions for IKE Config Mode. Number of Admitted Connections Choose how many users can connect using this peer profile.
16 VPN Teldat GmbH Field Description The function is disabled by default. MobIKE Only for peers with IKEv2. MobIKE With changing public IP addresses, enables only these addresses to be updated in the SAs, without having to renegotiate the SAs themselves. The function is enabled by default. Note that MobIKE requires a current IPSec client, e.g. an upto-date Windows 7 or Windows 8 client, or the most recent version of the Teldat IPSec client.
16 VPN Teldat GmbH to be accepted by your device. The identification of the caller from his or her ISDN number is enough information to initiate setting up a tunnel. To set up this service, you must first configure a call number for IPSec callback on the passive side in the Physical Interfaces->ISDN Ports->MSN Configuration->New menu. The value Service is available for this purpose in the 6! field. This entry ensures that incoming calls for this number are routed to the IPSec service.
16 VPN Teldat GmbH via DynDNS is not correct. This problem is avoided by transferring the IP address over ISDN. This type of transfer of dynamic IP addresses also enables the more secure ID Protect mode (main mode) to be used for tunnel setup. Method of operation: Various modes are available for transferring your own IP address to the peer: The address can be transferred free in the D channel or in the B channel, but here the call must be accepted by the remote station and therefore incurs costs.
16 VPN Teldat GmbH ducted in the ID Protect mode using preshared keys. Note In some countries (e.g. Switzerland), the call in the D channel can also incur costs. An incorrect configuration at the called side can mean that the called side opens the B channel the calling side incurs costs. The following options are only available on devices with an ISDN connection: Fields in the menu IPSec Callback Field Description Mode Select the Callback Mode.
16 VPN Teldat GmbH Field Description Transfer own IP address over ISDN/GSM Select whether the IP address of your own device is to be transferred over ISDN for IPSec callback. The function is enabled with . The function is disabled by default. Transfer Mode Only for Transfer own IP address over ISDN/GSM = enabled Select the mode in which your device is to attempt to transfer its IP address to the peer.
16 VPN Teldat GmbH Field Description • ..) +*"77<: The IP address is transferred in both the "LLC" and "subaddress information elements". 16.1.2 Phase-1 Profiles A list of all configured tunnel profiles is displayed in the VPN->IPSec->Phase-1 Profiles menu. Fig. 141: VPN->IPSec->Phase-1 Profiles In the Default column, you can mark the profile to be used as the default profile. 16.1.2.
16 VPN Teldat GmbH Fig. 142: VPN->IPSec->Phase-1 Profiles ->New The menu VPN->IPSec->Phase-1 Profiles->New consists of the following fields: Fields in the Phase-1 (IKE) Parameters menu. Field Description Description Enter a description that uniquely defines the type of rule. Proposals In this field, you can select any combination of encryption and message hash algorithms for IKE phase 1 on your device.
16 VPN Teldat GmbH Field Description (Advanced Encryption Standard). It is rated as just as secure as Rijndael (AES), but is slower. • * - : Blowfish is a very secure and fast algorithm. Twofish can be regarded as the successor to Blowfish. • )" /: CAST is also a very secure algorithm, marginally slower than Blowfish, but faster than 3DES. • 7 : DES is an older encryption algorithm, which is rated as weak due to its small effective length of 56 bits.
16 VPN Teldat GmbH Field Description ation or the hash algorithms is based on the author’s knowledge and opinion at the time of creating this User Guide. In particular, the quality of the algorithms is subject to relative aspects and may change due to mathematical or cryptographic developments. DH Group Only for Phase-1 (IKE) Parameters The Diffie-Hellman group defines the parameter set used as the basis for the key calculation during phase 1.
16 VPN Teldat GmbH Field Description Possible values: • ! $ , (default value): If you do not use certificates for the authentication, you can select Preshared Keys. These are configured during peer configuration in the VPN->IPSec->IPSec Peers. The preshared key is the shared password. • 7 " : Phase 1 key calculations are authenticated using the DSA algorithm. • < " : Phase 1 key calculations are authenticated using the RSA algorithm.
16 VPN Teldat GmbH Field Description Strict), or the peer can also propose another mode. Local ID Type Only for Phase-1 (IKE) Parameters Select the local ID type. Possible values: • , H 7 2 @ H72A • # " • 6!3' " • " 2 #72 @7 2 A Local ID Value Only for Phase-1 (IKE) Parameters Enter the ID of your device. For Authentication Method = 7 " , < " # or < " ,% the Use Subject Name from certificate option is displayed.
16 VPN Teldat GmbH The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu. Field Description Alive Check Only for Phase-1 (IKE) Parameters Select the method to be used to check the functionality of the IPSec connection. In addition to the default method Dead Peer Detection (DPD), the (proprietary) Heartbeat method is implemented. This sends and receives signals every 5 seconds, depending on the configuration.
16 VPN Teldat GmbH Field Description The function is enabled by default. Block Time Define how long a peer is blocked for tunnel setups after a phase 1 tunnel setup has failed. This only affects locally initiated setup attempts. Possible values are # to ' (seconds); # means the value in the default profile is used and means that the peer is never blocked. The default value is ( .
16 VPN Teldat GmbH Field Description you can select up to three CA certificates that are accepted for this profile. This option can only be configured if certificates are loaded. 16.1.3 Phase-2 Profiles You can define profiles for phase 2 of the tunnel setup just as for phase 1. In the VPN->IPSec->Phase-2 Profiles menu, a list of all configured IPSec phase 2 profiles is displayed. Fig. 143: VPN->IPSec->Phase-2 Profiles In the Default column, you can mark the profile to be used as the default profile.
16 VPN Teldat GmbH Fig. 144: VPN->IPSec->Phase-2 Profiles ->New The menu VPN->IPSec->Phase-2 Profiles->New consists of the following fields: Fields in the Phase-2 (IPSEC) Parameters menu. Field Description Description Enter a description that uniquely identifies the profile. The maximum length of the entry is 255 characters. Proposals In this field, you can select any combination of encryption and message hash algorithms for IKE phase 2 on your default.
16 VPN Teldat GmbH Field Description " , a key length of 128 bits is used. • " # : Rijndael has been nominated as AES due to its fast key setup, low memory requirements, high level of security against attacks and general speed. Here, it is used with a key length of 128 bits. • " # : Rijndael has been nominated as AES due to its fast key setup, low memory requirements, high level of security against attacks and general speed. Here, it is used with a key length of 192 bits.
16 VPN Teldat GmbH Field Description used to protect the keys of a renewed phase 2 SA, even if the keys of the phase 1 SA have become known. The field has the following options: • @C * A: During the Diffie-Hellman key calculation, modular exponentiation at 768 bits is used to create the encryption material. • @ ' * A (default value): During the Diffie-Hellman key calculation, modular exponentiation at 1024 bits is used to create the encryption material.
16 VPN Teldat GmbH Field Description IP Compression Select whether compression is to be activated before data encryption. If data is compressed effectively, this can result in higher performance and a lower volume of data to be transferred. In the case of fast lines or data that cannot be compressed, you are advised against using this option as the performance can be significantly affected by the increased effort during compression. The function is enabled with .
16 VPN Teldat GmbH 16.1.4 XAUTH Profiles In the XAUTH Profiles menu a list of all XAUTH profiles is displayed. Extended Authentication for IPSec (XAuth) is an additional authentication method for IPSec tunnel users. The gateway can take on two different roles when using XAuth as it can act as a server or as a client: • As a server the gateway requires a proof of authorisation. • As a client the gateway provides proof of authorisation. In server mode multiple users can obtain authentication via XAuth, e.g.
16 VPN Teldat GmbH The VPN->IPSec->XAUTH Profiles ->New menu consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a description for this XAuth profile. Role Select the role of the gateway for XAuth authentication. Possible values: • 0 (default value): The gateway requires a proof of authorisation. • ) : The gateway provides proof of authorisation. Mode Only for Role = 0 Select how authentication is carried out.
16 VPN Teldat GmbH Field Description entering the authentication name of the client (Name)) and the authentication password (Password). Add new members with Add. 16.1.5 IP Pools In the IP Pools menu a list of all IP pools for your configured IPSec connections is displayed. If for an IPSec peer you have set IP Address Assignment 6$ ) = you must define the IP pools here from which the IP addresses are assigned. 0 , 16.1.5.1 Edit or New Choose the New button to set up new IP address pools.
16 VPN Teldat GmbH Field Description DNS server. 16.1.6 Options Fig. 147: VPN->IPSec->Options The menu VPN->IPSec->Options consists of the following fields: Fields in the Global Options menu. Field Description Enable IPSec Select whether you want to activate IPSec. The function is enabled with . The function is active as soon as an IPSec Peer is configured. Delete complete IPSec If you click the configuration of your device.
16 VPN Teldat GmbH Field Description This cancels all settings made during the IPSec configuration. Once the configuration is deleted, you can start with a completely new IPSec configuration. You can only delete the configuration if Enable IPSec = not activated. IPSec Debug Level Select the priority of the syslog messages of the IPSec subsystem to be recorded internally.
16 VPN Teldat GmbH Field Description The function is enabled with . The function is disabled by default. Send Initial Contact Message Select whether IKE Initial Contact messages are to be sent during IKE (phase 1) if no SAs with a peer exist. The function is enabled with . The function is enabled by default.
16 VPN Teldat GmbH Field Description quest Payloads end during IKE (phase 1) are to be ignored. The function is enabled with . The function is disabled by default. Send Certificate Request Payloads Select whether certificate requests are to be sent during IKE (phase 1). The function is enabled with . The function is enabled by default. Send Certificate Chains Select whether complete certificate chains are to be sent during IKE (phase 1). The function is enabled with .
16 VPN Teldat GmbH • L2TP LNS Mode (L2TP Network Server): for incoming connections only • L2TP LAC Mode (L2TP Access Concentrator): for outgoing connections only Note the following when configuring the server and client: An L2TP tunnel profile must be created on each of the two sides (LAC and LNS). The corresponding L2TP tunnel profile is used on the initiator side (LAC) to set up the connection. The L2TP tunnel profile is needed on the responder side (LNS) to accept the connection. 16.2.
16 VPN Teldat GmbH Fields in the Basic Parameters menu. Field Description Description Enter a description for the current profile. The device automatically names the profiles . /! and numbers them, but the value can be changed. Local Hostname Enter the host name for LNS or LAC. • ."): The local hostname is used in outgoing tunnel setup messages to identify this device and is associated with the remote hostname of a tunnel profile configured on the LNS.
16 VPN Teldat GmbH Field Description Remote IP Address Enter the fixed IP address of the LNS used as the destination address for connections based on this profile. The destination must be a device that can behave like an LNS. UDP Source Port Enter how the port number to be used as the source port for all outgoing L2TP connections based on this profile is to be determined.
16 VPN Teldat GmbH Field Description value means that no L2TP HELLO messages are sent. Minimum Time between Retries Enter the minimum time (in seconds) that your device waits before resending a L2TP control packet for which it received no response. The wait time is dynamically extended until it reaches the Maximum Time between Retries. The available values are to , the default value is .
16 VPN Teldat GmbH Fig. 149: VPN->L2TP->Users->New The menu VPN->L2TP->Users->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a name for uniquely identifying the L2TP partner. The first character in this field must not be a number No special characters or umlauts must be used. The maximum length of the entry is 25 characters.
16 VPN Teldat GmbH Field Description Connection Type Select whether the L2TP partner is to take on the role of the L2TP network server (LNS) or the functions of a L2TP access concentrator client (LAC client). Possible values: • .2 (default value): If you select this option, the L2TP partner is configured so that it accepts L2TP tunnels and restores the encapsulated PPP traffic flow. • .
16 VPN Teldat GmbH Field Description Possible values: • (default value): You enter a static IP address. • ! 0 6! " : Only for Connection Type = .2 . Your device dynamically assigns an IP address to the remote terminal. • 1 6! " : Only for Connection Type = ."). Your device is dynamically assigned an IP address. Default Route Only for IP Address Mode = 1 and 6! " Select whether the route to this connection partner is to be defined as the default route.
16 VPN Teldat GmbH The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu. Field Description Block after connection Enter the wait time in seconds before the device should try failure for again after an attempt to set up a connection has failed. The default value is ( . Authentication Select the authentication protocol for this L2TP partner.
16 VPN Teldat GmbH Field Description Compression If necessary, select the type of encryption that should be used for data traffic to the connection partner. If encryption is set, the remote terminal must also support it, otherwise a connection cannot be set up. Possible values: • 2 (default value): Encryption is not used.
16 VPN Teldat GmbH Field Description • 6 0 : OSPF is disabled for this interface. Proxy ARP Mode Select whether your device is to respond to ARP requests from its own LAN on behalf of the specific L2TP partner. Possible values: • 6 0 (default value): Deactivates Proxy ARP for this L2TP partner. • +% 7 : Your device only responds to an ARP request if the status of the connection to the L2TP partner is +% (active) or 7 .
16 VPN Teldat GmbH Field Description UDP Destination Port Enter the port to be monitored by the LNS on incoming L2TP tunnel connections. Available values are all whole numbers from to ( , the default value is C , as specified in RFC 2661. UDP Source Port Selection Select whether the LNS should only use the monitored port (UDP Destination Port) as the local source port for the L2TP connection. The function is enabled with : . The function is disabled by default. 16.
16 VPN Teldat GmbH 16.3.1.1 New Choose the New button to set up new GRE tunnels. Fig. 151: VPN->GRE->GRE Tunnels ->New The VPN->GRE->GRE Tunnels->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter a description for the GRE tunnel. Local GRE IP Address Enter the source IP address of the GRE packets to the GRE partner. If no IP address is given (this corresponds to IP address 0.0.0.
16 VPN Teldat GmbH Field Local IP Address Route Entries Description Here, enter the (LAN-side) IP address that is to be used as your device's source address for your own packets through the GRE tunnel. Define other routing entries for this connection partner. Add new entries with Add. • < 6! " : IP address of the destination host or network. • 2 5: Netmask for Remote IP Address If no entry is made, your device uses a default netmask.
17 Firewall Teldat GmbH Chapter 17 Firewall The Stateful Inspection Firewall (SIF) provided for Teldat gateways is a powerful security feature. The SIF with dynamic packet filtering has a decisive advantage over static packet filtering: The decision whether or not to send a packet cannot be made solely on the basis of source and destination addresses or ports but also using dynamic packet filtering based on the state of the connection to a partner.
17 Firewall Teldat GmbH One of the basic functions of NAT is the translation of the local IP addresses of your LAN into the global IP addresses you are assigned by your ISP and vice versa. All connections initiated externally are first blocked, i.e. every packet your device cannot assign to an existing connection is rejected. This means that a connection can only be set up from inside to outside. Without explicit permission, NAT rejects every access from the WAN to the LAN.
17 Firewall Teldat GmbH in succession until a rule matches. If overlapping occurs, i.e. more than one filter rule matches a packet, only the first rule is executed. This means that if the first rule denies a packet, whereas a later rule allows it, the packet is rejected. A deny rule also has no effect if a relevant packet has previously been allowed by another filter rule. A list of all configured filter rules is displayed in the Firewall->Policies->Filter Rules menu. Fig.
17 Firewall Teldat GmbH Field Description Source Select one of the preconfigured aliases for the source of the packet. In the list, all WAN/LAN interfaces, interface groups (see Firewall->Interfaces->Groups), addresses (see Firewall->Addresses->Address List) and address groups (see Firewall->Addresses->Groups) are available. The value " , means that neither the source interface nor the source address is checked. Destination Select one of the preconfigured aliases for the destination of the packet.
17 Firewall Teldat GmbH Field Description Action Select the action to be applied to a filtered packet. Possible values: • " (default value): The packets are forwarded on the basis of the entries. • 7 ,: The packets are rejected. • < K : The packets are rejected. An error message is issued to the sender of the packet. Apply QoS Only for Action = " Select whether you want to enable QoS for this policy with the priority selected in Priority. The function is enabled with .
17 Firewall Teldat GmbH 17.1.2 QoS More and more applications need increasingly larger bandwidths, which are not always available. Quality of Service (QoS) makes it possible to distribute the available bandwidths effectively and intelligently. Certain applications can be given preference and bandwidth reserved for them. A list of all QoS rules is displayed in the Firewall->Policies->QoS menu. 17.1.2.1 New Choose the New button to set up new QoS rules. Fig.
17 Firewall Teldat GmbH Field Description Filter Rules This field contains a list of all configured firewall policies for which QoS was activated (Apply QoS = ). The following options are available for each list entry: • Use: Select whether this entry should be assigned to the QoS interface. The option is deactivated by default. • Bandwidth: Enter the maximum available bandwidth in Bit/s for the service specified under Service. is entered by default.
17 Firewall Teldat GmbH Field Description Firewall Status Enable or disable the firewall function. The function is enabled with The function is enabled by default. Logged Actions Select the firewall syslog level. The messages are output together with messages from other subsystems. Possible values: • " (default value): All firewall activities are displayed. • 7 ,: Only reject and deny events are shown, see "Action". • " % : Only accept events are shown.
17 Firewall Teldat GmbH Field Description The default value is ' . Other Inactivity Enter the inactivity time after which a session of another type is to be regarded as expired (in seconds). Possible values are ( to ' . The default value is ( . 17.2 Interfaces 17.2.1 Groups A list of all configured interface routes is displayed in the Firewall->Interfaces->Groups menu. You can group together the interfaces of your device. This makes it easier to configure firewall rules. 17.2.1.
17 Firewall Teldat GmbH Field Description Description Enter the desired description of the interface group. Members Select the members of the group from the available interfaces. To do this, activate the field in the Selection column. 17.3 Addresses 17.3.1 Address List A list of all configured addresses is displayed in the Firewall->Addresses->Address List menu. 17.3.1.1 New Choose the New button to create additional addresses. Fig.
17 Firewall Teldat GmbH Field Description • " < : Enter an IP address range with a start and end address. Address / Subnet Only for Address Type = " 4 Enter the IP address of the host or a network address and the related netmask. The default value is . Address Range Only for Address Type = " < Enter the start and end IP address of the range. 17.3.2 Groups A list of all configured address groups is displayed in the Firewall->Addresses->Groups menu.
17 Firewall Teldat GmbH Field Description Selection Select the members of the group from the available Addresses. To do this, activate the Fields in the Selection column. 17.4 Services 17.4.1 Service List In the Firewall->Services->Service List menu, a list of all available services is displayed. 17.4.1.1 New Choose the New button to set up additional services. Fig.
17 Firewall Teldat GmbH Field Description specified port number is verified. If a port range is to be checked, enter the upper limit here. Possible values are to ( . Source Port Range Only for Protocol = /)!, +7!4/)! or +7! In the first field, enter the source port to be checked, if applicable. If a port number range is specified, in the second field enter the last port of the port range. By default the field does not contain an entry.
17 Firewall Teldat GmbH Field Description Code Selection options for the ICMP codes are only available for Type = 7 Possible values: • " , (default value) • 2 + • ; + • ! + • ! + • 2 • ) - 7 2 0 , ! • ) - 7 ; 0 , ! - 5 " # " # 17.4.
17 Firewall Teldat GmbH Fig. 160: Firewall ->Services->Groups->New The menu Firewall->Services->Groups->New consists of the following fields: Fields in the Basic Parameters menu. 374 Field Description Description Enter the desired description of the service group. Members Select the members of the group from the available service aliases. To do this, activate the Fields in the Selection column.
18 Local Services Teldat GmbH Chapter 18 Local Services This menu offers services for the following application areas: • Name resolution (DNS) • Configuration via web browser (HTTPS) • Locating of dynamic IP addresses using a DynDNS provider • Configuration of gateway as a DHCP server (assignment of IP addresses) • Automation of tasks according to schedule (scheduling) • Alive checks for hosts or interfaces, ping tests • Automatic detection and configuration of Teldat devices • Provision of public Interne
18 Local Services Teldat GmbH Strategy for name resolution on your device A DNS request is handled by your device as follows: (1) If possible, the request is answered directly from the static or dynamic cache with IP address or negative response. (2) Otherwise, if a suitable forwarding entry exists, the relevant DNS server is asked, depending on the configuration of the Internet or dialin connections, if necessary by setting up a WAN connection at extra cost.
18 Local Services Teldat GmbH 18.1.1 Global Settings Fig. 161: Local Services->DNS->Global Settings The menu Local Services->DNS->Global Settings consists of the following fields: Fields in the Basic Parameters menu. Field Description Domain Name Enter the standard domain name of your device. WINS Server Enter the IP address of the first and, if necessary, alternative global Windows Internet Name Server (=WINS) or NetBIOS Name Server (=NBNS).
18 Local Services Teldat GmbH Field Description i.e. successfully resolved names and IP addresses are to be stored in the cache. The function is activated by selecting . The function is enabled by default. Negative Cache Select whether the negative dynamic cache is to be activated, i.e. whether queried names for which a DNS server has sent a negative response are stored as negative entries in the cache. The function is activated by selecting . The function is enabled by default.
18 Local Services Teldat GmbH Fields in the IP address to use for DNS/WINS server assignment menu. Field Description As DHCP Server Select which name server addresses are sent to the DHCP client if your device is used as DHCP server. Possible values: • 2 : No name server address is sent. • 8- 6! " (default value): The address of your device is transferred as the name server address. • 72 : The addresses of the global name servers entered on your device are sent.
18 Local Services Teldat GmbH Fig. 162: Local Services->DNS->DNS Servers->New The Local Services->DNS->DNS Servers->Newmenu consists of the following fields: Fields in the Basic Parameters menu. Field Description Admin Status Select whether the DNS server should be enabled. The function is activated by selecting . The function is enabled by default. Description Enter a description for DNS server. Priority Assign a priority to the DNS server.
18 Local Services Teldat GmbH Field Description • 7, (default value) Interface Select the interface to which the DNS server pair is to be assigned. For Interface Mode = 7, A global DNS server is created with the setting 2 . For Interface Mode = A DNS server is configured for all interfaces with the " , setting. Primary DNS Server Only if Interface Mode = = Enter the IP address of the first name server for Internet address name resolution.
18 Local Services Teldat GmbH The menu Local Services->DNS->Static Hosts->New consists of the following fields: Fields in the Basic Parameters menu. Field Description DNS Hostname Enter the host name to which the IP Address defined in this menu is to be assigned if a positive response is received to a DNS request. If a negative response is received to a DNS request, no address is specified. The entry can also start with the wildcard *, e.g. *.teldat.de.
18 Local Services Teldat GmbH 18.1.4.1 New Choose the New button to set up additional forwardings. Fig. 164: Local Services->DNS->Domain Forwarding ->New The menu Local Services->DNS->Domain Forwarding->New consists of the following fields: Fields in the Forwarding Parameters menu. Field Description Forward Select whether a host or domain is to be forwarded. Possible values: • ; (default value) • 7 Host Only for Forwarding = ; Enter the name of the host to be forwarded.
18 Local Services Teldat GmbH Field Description Forward to Select the forwarding destination requests to the name defined in Host or Domain. Possible values: • 6 (default value): The request is forwarded to the defined Interface. • 72 0 : The request is forwarded to the defined DNS Server. Interface Only for Forward to = 6 Select the interface via which the requests for the defined Domain are to be received and forwarded to the DNS server.
18 Local Services Teldat GmbH 18.1.6 Statistics Fig. 166: Local Services->DNS->Statistics In the Local Services->DNS->Statisticsmenu, the following statistical values are displayed: Fields in the DNS Statistics menu. Field Description Received DNS Packets Shows the number of received DNS packets addressed direct to your device, including the response packets for forwarded requests. Invalid DNS Packets Shows the number of invalid DNS packets received and addressed direct to your device.
18 Local Services Teldat GmbH 18.2 HTTPS You can operate the user interface of your device from any PC with an up-to-date Web browser via an HTTPS connection. HTTPS (HyperText Transfer Protocol Secure) is the procedure used to establish an encrypted and authenticated connection by SSL between the browser used for configuration and the device. 18.2.1 HTTPS Server In the Local Services->HTTPS->HTTPS Servermenu, configure the parameters of the backed up configuration connection via HTTPS. Fig.
18 Local Services Teldat GmbH Field Description • >) ?: Under System Management->Certificates->Certificate List select entered certificate. 18.3 DynDNS Client The use of dynamic IP addresses has the disadvantage that a host in the network can no longer be found once its IP address has changed. DynDNS ensures that your device can still be reached after a change to the IP address.
18 Local Services Teldat GmbH Fig. 168: Local Services->DynDNS Client->DynDNS Update->New The menu Local Services->DynDNS Client->DynDNS Update->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Host Name Enter the complete host name as registered with the DynDNS provider. Interface Select the WAN interface whose IP address is to be propagated over the DynDNS service (e.g. the interface of the Internet Service Provider).
18 Local Services Teldat GmbH Field Description The default value is 7, 72 . Enable update Select whether the DynDNS entry configured here is to be activated. The function is activated by selecting . The function is disabled by default. The menu Advanced Settings consists of the following fields: Fields in the Advanced Settings menu.
18 Local Services Teldat GmbH Fig. 169: Local Services->DynDNS Client->DynDNS Provider ->New The menu Local Services->DynDNS Client->DynDNS Provider->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Provider Name Enter a name for this entry. Server Enter the host name or IP address of the server on which the provider’s DynDNS service runs.
18 Local Services Teldat GmbH Field Description • ;2 • 7L2 • 1 76!#;/=. • 1 76!#/)! • ) 7, 72 • 7 : Update Interval Enter the minimum time (in seconds) that your device must wait before it is allowed to propagate its current IP address to the DynDNS provider again. The default value is ( seconds. 18.4 DHCP Server You can configure your device as a DHCP (Dynamic Host Configuration Protocol) server. Your device and each PC in your LAN requires its own IP address.
18 Local Services Teldat GmbH 18.4.1.1 Edit or New Choose the New button to set up new IP address pools. Choose the icon to edit exist- ing entries. Fig. 170: Local Services->DHCP Server+IP Pool Configuration +New Fields in the menu Basic Parameters Field Description IP Pool Name Enter any description to uniquely identify the IP pool. IP Address Range Enter the first (first field) and last (second field) IP address of the IP address pool.
18 Local Services Teldat GmbH Note In the ex works state the DHCP pool is preconfigured with the IP addresses 192.168.0.10 to 192.168.0.49 and is used if there is no other DHCP server available in the network. 18.4.2.1 Edit or New Choose the New button to set up new IP address pools. Choose the icon to edit exist- ing entries. Fig.
18 Local Services Teldat GmbH Field Description Pool Usage Specify whether the IP pool is used for DHCP requests in the same subnet or for DHCP requests that have been forwarded to your device from another subnet. In this case it is possible to define IP addresses from another network. Possible values: • . (default value): The DHCP pool is only used for DHCP requests in the same subnet. • < ,: The DHCP pool is only used for DHCP requests forwarded from other subnets. • .
18 Local Services Teldat GmbH Field Description • 72 0 : Enter the IP address of the DNS server to be sent to the client. • 72 7 2 : Enter the DNS domain to be sent to the client. • 62 42*2 0 : Enter the IP address of the WINS/ NBNS server to be sent to the client. • 62 42*/ 2 /,% : Select the type of the WINS/NBT node to be sent to the client. • / /! 0 : Enter the IP address of the TFTP server to be sent to the client.
18 Local Services Teldat GmbH Field Description shall be transmitted for the DHCP server. Possible values: • (default value) • 8 Provisioning Server (code 3) Your device does not currently use this parameter. Enter which manufacturer value shall be transmitted. For the setting Select vendor = , the default value % is displayed. You can complete the IP address of the desired server. 18.4.
18 Local Services Teldat GmbH Fig. 172: Local Services->DHCP Server->IP/MAC Binding ->New The menu Local Services->DHCP Server->IP/MAC Binding->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Description Enter the name of the host to which the MAC Address the IP Address is to be bound. A character string of up to 256 characters is possible. IP Address Enter the IP address to be assigned to the MAC address specified in MAC Address is to be assigned.
18 Local Services Teldat GmbH Fig. 173: Local Services->DHCP Server->DHCP Relay Settings The menu Local Services->DHCP Server->DHCP Relay Settings consists of the following fields: Fields in the Basic Parameters menu. Field Description Primary DHCP Server Enter the IP address of a server to which BootP or DHCP requests are to be forwarded. Secondary DHCP Serv- Enter the IP address of an alternative BootP or DHCP server. er 18.
18 Local Services Teldat GmbH Caution The configuration of actions that are not available as defaults requires extensive knowledge of the method of operation of Teldat gateways. An incorrect configuration can cause considerable disruption during operation. If applicable, save the original configuration on your PC. Note To run the event scheduler, the date configured on your device must be 1.1.2000 or later. 18.5.
18 Local Services Teldat GmbH The menu Local Services->Scheduling->Trigger->New consists of the following fields: Fields in the Basic Parameters menu. Field Event List Description You can create a new event list with 2 - (default value). You give this list a name with Description. You use the remaining parameters to create the first event in the list. If you want to add to an existing event list, select the event list you want and add at least one more event to it.
18 Local Services Teldat GmbH Field Description Select the MIB variable whose defined value is to be configured as initiator. First, select the System in which the MIB variable is saved, then the MIB Table and finally the MIB Variable itself. Only the MIB tables and MIB variables present in the respective area are displayed. Compare Condition Only for Event Type =6*4 2=! Select whether the MIB variable 1 (default value), F , .
18 Local Services Teldat GmbH Field Description Select the direction of the data traffic whose values should be monitored as initiating an operation. Possible values: •
18 Local Services Teldat GmbH Field Description Enter the time in Seconds after which a ping must be resent. The default value is seconds. Trials Only for Event Type ! / Enter the number of ping tests to be performed until Destination IP Address as + applies. The default value is (. Monitored Certificate Only for Event Type ) . Select the certificate whose validity should be checked. Remaining Validity Only for Event Type ) .
18 Local Services Teldat GmbH Field Description • = ,# ,: The initiator becomes active daily from Monday to Friday. • = , # ,: The initiator becomes active daily from Monday to Saturday. • , # ,: The initiator becomes active on Saturdays and Sundays. Possible values for Condition Settings in Condition Type = 7 , = : ... ( . Start Time Enter the time from which the initiator is to be activated. Activation is carried on the next scheduling interval.
18 Local Services Teldat GmbH Fig. 175: Local Services->Scheduling->Actions->New The menu Local Services->Scheduling->Actions->New consists of the following fields: Fields in the Basic Parameters menu. Field Description Command Type Description Enter your chosen designation for the action. Select the desired action. Possible values: • < (default value): Your device is rebooted. • =6*4 2=!: The desired value is entered for a MIB variable.
18 Local Services Teldat GmbH Field Description • Event List Event List Condition .)& 3 : Only for devices with Wireless LAN Controller. The status of a wireless network is modified. Select the event list you want which has been created in Local Services->Scheduling->Trigger. For the selected chains of events, select how many of the configured events must occur for the operation to be initiated. Possible values: • " (default value): The operation is initiated if all events occur.
18 Local Services Teldat GmbH Field Description Where required, select MIB variables to uniquely identify a specific data set in MIB Table, e.g. ) 6 6 :. The unique identification of a particular table entry is derived from the combination of Index Variable (usually an index variable which is flagged with *) and Index Value. Use Index Variables to create more entries with Add.
18 Local Services Teldat GmbH Field Set interface status Description Only if Command Type = 6 Select the status to be set for the interface. Possible values: • +% (default value) • 7 - • < Source Location Only if Command Type = - +% Select the source for the software update. Possible values: • ) - / 0 (default value): The latest software will be downloaded from the Teldat server.
18 Local Services Teldat GmbH Field Description Enter the file name of the software version. For Command Type = ) tion = 6 % = with Ac- Enter the file name of the certificate file. Action For Command Type = ) = Select which operation is to be performed on a configuration file.
18 Local Services Teldat GmbH Field Description and Action = 6 % or :% # Select whether the file is to be sent in the CSV format. The CSV format can easily be read and modified. In addition, you can view the corresponding file clearly using Microsoft Excel for example. The function is enabled by default.
18 Local Services Teldat GmbH Field Description Select the file to be copied. Configuration contains Only for Command Type = ) certificates/keys = and Action = 6 % or :# % Select whether the certificates and keys contained in the configuration are to be imported or exported. The function is disabled by default.
18 Local Services Teldat GmbH Field Description Possible values: • " (default value): The IP address of the interface over which the ping is sent is automatically entered as sender address. • Interval % : Enter the desired IP address in the input field. Only if Command Type = ! / Enter the time in Seconds after which a ping must be resent. The default value is second.
18 Local Services Teldat GmbH Field Description Overwrite similar certiOnly for Command Type = ) ficate Action = 6 % = and Select whether to overwrite a certificate already present on the your device with the new one. The function is disabled by default.
18 Local Services Teldat GmbH Field Password Description Only for Command Type = ) Action = ) ! = and To obtain certificates, you may need a password from the certification authority. Enter the password you received from the certification authority here. Key Size Only for Command Type = ) Action = ) ! = and Select the length of the key to be created. Possible values are ' (default value) to ' and ' .
18 Local Services Teldat GmbH Field Description Select the WLAN module on which to perform the frequency band scan. WLC SSID Only if Command Type = .)& 3 Select the wireless network administered over the WLAN controller whose status should be changed. Set status Only if Command Type = .)& 3 Select the status for the selected wireless network. Possible values: • " 0 (default value) • 7 0 18.5.3 Options You configure the schedule interval in the Local Services->Scheduling->Options.
18 Local Services Teldat GmbH Field Description The value ( is recommended (5 minute accuracy). Values lower than 60 are generally pointless and are an unnecessary use of system resources. 18.6 Surveillance In this menu, you can configure an automatic availability check for hosts or interfaces and automatic ping tests. You can monitor temperature with devices from the bintec WI series. Note This function cannot be configured on your device for connections that are authenticated via a RADIUS server.
18 Local Services Teldat GmbH Fig. 177: Local Services->Surveillance->Hosts->New The menu Local Services->Surveillance->Hosts->New consists of the following fields: Fields in the Host Parameters menu Field Description Group ID If the availability of a group of hosts or the default gateway is to be monitored by your device, select an ID for the group or the default gateway. The group IDs are automatically created from to .
18 Local Services Teldat GmbH Field Description monitored. • Source IP Address % : Enter the IP address of the host to be monitored manually in the adjacent input field. Select how the IP address is to be determined that your device uses as the source address of the packet sent to the host to be monitored. Possible values: • " (default value): The IP address is determined automatically. • Interval % ; Enter the IP address in the adjacent input field.
18 Local Services Teldat GmbH Field Description Action to be performed Select which Action should be run. For most actions, you select an Interface to which the Action relates. All physical and virtual interfaces can be selected. For each interface, select whether it is to be enabled ( ), disabled ( 7 default value), reset ( < ), or the connection restablished ( < ). With Action = = you can monitor the IP address that is specified under Monitored IP Address.
18 Local Services Teldat GmbH Field Description Trigger Select the state or state transition of Monitored Interface that is to trigger a particular Interface Action. Possible values: Interface Action • 6 % (default value) • 6 - Select the action that is to follow the state or state transition defined in Trigger. The action is applied to the Interface(s) selected in Interface.
18 Local Services Teldat GmbH 18.6.3.1 Edit or New Choose the icon to edit existing entries. Choose the New button to configure new limits and actions. Fig. 179: Local Services->Surveillance->Temperature ->New Fields in the Basic Parameters menu. Field Trigger Description Enter here the temperature limit value (min/max). Possible values: Action • / % 0 • / % - Select the desired action.
18 Local Services Teldat GmbH 18.6.4 Ping Generator In the Local Services->Surveillance->Ping Generator menu, a list of all configured, automatically generated pings is displayed. 18.6.4.1 Edit or New Choose the icon to edit existing entries. Choose the New button to create additional pings. Fig. 180: Local Services->Surveillance->Ping Generator ->New The menu Local Services->Surveillance->Ping Generator->New consists of the following fields: Fields in the Basic Parameters menu.
18 Local Services Teldat GmbH Field Description The default value is . Trials Enter the number of ping tests to be performed until Destination IP Address as + applies. The default value is (. 18.7 Teldat Discovery 18.7.1 Device Discovery The Teldat Discovery protocol is used to identify and configure Teldat access points that are in the same wired network as your device.
18 Local Services Teldat GmbH Fig. 181: Local Services->Teldat Discovery ->Device Discovery If access points were discovered in the network, they are displayed in the list. You use the button to go to the configuration menu for the access point. Fig. 182: Local Services->Teldat Discovery ->Device Discovery -> This Local Services->Teldat Discovery->Device Discovery-> menu includes the fol- lowing fields: Fields in the Basic Parameters menu.
18 Local Services Teldat GmbH Field Description Shows the interface of your device on which discovery is carried out. MAC Address The value of this field can only be read. Shows the MAC address of the discovered access point. Node Name You can change the name of the discovered access point. IP Address You can change the IP address of the discovered access point. Netmask You can change the related netmask. Gateway You can change the gateway address of the discovered access point.
18 Local Services Teldat GmbH Field Description • 6 : An internal device problem prevented the configuration option from being carried out. 18.7.2 Options In this menu, you can grant permission for your device to be discovered by other Teldat devices using the Teldat Discovery protocol and to be configured by means of this. Fig.
18 Local Services Teldat GmbH • When a new user connects with the Hotspot, he/she is automatically assigned an IP address via DHCP. • As soon as he attempts to access any Internet site with a browser, the user is redirected to the home/login page. • After the user has entered the registration data (user/password), these are sent to the central RADIUS server (Hotspot server) as RADIUS registration. • Following successful registration, the gateway opens Internet access.
18 Local Services Teldat GmbH Domain Individually set for customers by customer/dealer Walled Garden Network Individually set for customers by customer/dealer Walled Garden Server URL Individually set for customers by customer/dealer Terms & Conditions URL Individually set for customers by customer/dealer Access data for configuration of the Hotspot server Admin URL https://hotspot.teldat.
18 Local Services Teldat GmbH Fig. 185: Local Services->HotSpot Gateway ->HotSpot Gateway -> The Local Services->HotSpot Gateway->HotSpot Gateway-> menu consists of the fol- lowing fields: Fields in the menu Basic Parameters Field Interface Description Choose the interface to which the Hotspot LAN or WLAN is connected. When operating over LAN, enter the Ethernet interface here (e. g. en1-0). If operating over WLAN, the WLAN interface to which the access point is connected must be selected.
18 Local Services Teldat GmbH Field Description Domain at the HotSpot Enter the domain name that you used when setting up the HotServer Spot server for this customer. The domain name is required so that the Hotspot server can distinguish between the different clients (customers). Walled Garden Enable this function if you want to define a limited and free area of websites (intranet). The function is not activated by default. Walled Network / Netmask Only if Walled Garden is enabled.
18 Local Services Teldat GmbH Field Description The language can be changed on the start/login page at any time. The menu Advanced Settings consists of the following fields: Fields in the menu Advanced Settings Field Ticket Type Description Select the ticket type. Possible values: • 3 : Only the user name must be entered. Define a default password in the input field. • + 4! - (default value): User name and password must be entered.
18 Local Services Teldat GmbH Field Default Idle Timeout Description Enable or disable the Default Idle Timeout. If a hotspot user does not trigger any data traffic for a configurable length of time, they are logged out of the hotspot. The function is enabled by default. The default value is seconds. 18.8.2 Options In the Local Services->HotSpot Gateway->Options menu, general settings are performed for the hotspot. Fig.
19 Maintenance Teldat GmbH Chapter 19 Maintenance This menu provides you with numerous functions for maintaining your device. It firstly provides a menu for testing availability within the network. You can manage your system configuration files. If more recent system software is available, you can use this menu to install it. If you need other languages for the configuration interface, you can import these. You can also trigger a system reboot in this menu. 19.
19 Maintenance Teldat GmbH 19.1.2 DNS Test Fig. 188: Maintenance->Diagnostics->DNS Test The DNS test is used to check whether the domain name of a particular host is correctly resolved. The Outputfield displays the DSN test messages. The ping test is launched by entering the domain name to be tested in DNS Address and clicking the Go button. 19.1.3 Traceroute Test Fig.
19 Maintenance Teldat GmbH You use the traceroute test to display the route to a particular address (IP address or domain name), if this can be reached. The Outputfield displays the traceroute test messages. The ping test is launched by entering the IP address to be tested in Traceroute Address and clicking the Go button. 19.2 Software &Configuration You can use this menu to manage the software version of your device, your configuration files and the language of the GUI. 19.2.
19 Maintenance Teldat GmbH stored in the working memory (RAM). The contents of the RAM are lost if the device is switched off. So if you modify your configuration and want to keep these changes for the next time you start your device, you must save the modified configuration in the flash memory before switching off: The Save configuration button over the navigation area of the GUI. This configuration is then saved in the flash in a file with the name .
19 Maintenance Teldat GmbH The Maintenance->Software &Configuration ->Optionsmenu consists of the following fields: Fields in the Currently Installed Software menu. Field Description BOSS Shows the current software version loaded on your device. System Logic ADSL Logic Shows the current system logic loaded on your device. Shows the current version of the ADSL logic loaded on your device. Fields in the Software and Configuration Options menu.
19 Maintenance Teldat GmbH Field Description 5 % % 0 the current configuration was saved as boot configuration and the previous boot configuration was also archived. You can load back the archived boot configuration. • 7 - 4 - : The file in the Select file field is deleted. • 6 % : You can import additional language versions of the GUI into your device. You can download the files to your PC from the download area at www.teldat.
19 Maintenance Teldat GmbH Field Description • :% : The configuration file Current File Name in Flash is transferred to your local host. If you click the Go button, a dialog box is displayed, in which you can select the storage location on your PC and enter the desired file name. • :% - : The active configuration from the RAM is transferred to your local host.
19 Maintenance Teldat GmbH Field Description Browse... via the explorer/finder. Source Location Only for Action = +% , - Select the source of the update. Possible values: • . (default value): The system software file is stored locally on your PC. • ;//! 0 : The file is stored on a remote server specified in the URL. • ) - / the official Teldat update server.
19 Maintenance Teldat GmbH Field New File Name Description Only for Action = < Enter the new name of the configuration file. 19.3 Reboot 19.3.1 System Reboot In this menu, you can trigger an immediate reboot of your device. Once your system has restarted, you must call the GUI again and log in. Pay attention to the LEDs on your device. For information on the meaning of the LEDs, see the Technical Data chapter of the manual.
20 External Reporting Teldat GmbH Chapter 20 External Reporting In this system menu, you define what system protocol messages are saved on which computers, and whether the system administrator should receive an e-mail for certain events. Information on IP data traffic can also be saved--depending on the individual interfaces. In addition, SNMP traps can be sent to specific hosts in case of error. Moreover, you can prepare your device for monitoring with the activity monitor. 20.
20 External Reporting Teldat GmbH A list of all configured system log servers displayed in the External Reporting->Syslog->Syslog Servers menu. 20.1.1.1 New Select the New button to set up additional syslog servers. Fig. 192: External Reporting ->Syslog ->Syslog Servers ->New The menu External Reporting->Syslog->Syslog Servers->New consists of the following fields: Fields in the Basic Parameters menu. Field Description IP Address Enter the IP address of the host to which syslog messages are passed.
20 External Reporting Teldat GmbH Field Description • 7 (lowest priority) Syslog messages are only sent to the host if they have a higher or identical priority to that indicated, i.e. at syslog level 7 all messages generated are forwarded to the host. Facility Enter the syslog facility on the host. This is only required if the Log Host is a Unix computer. Possible values: # C . The default value is . Timestamp Select the format of the time stamp in the syslog.
20 External Reporting Teldat GmbH 20.2 IP Accounting In modern networks, information about the type and number of data packets sent and received over the network connections is often collected for commercial reasons. This information is extremely important for Internet Service Providers that bill their customers by data volume. However, there are also non-commercial reasons for detailed network accounting.
20 External Reporting Teldat GmbH Fig. 194: External Reporting ->IP Accounting->Options In the External Reporting->IP Accounting->Options menu, you can define the Log Format of the IP accounting messages. The messages can contain character strings in any order, sequences separated by a slash, e.g. Q or Q or defined tags. Possible format tags: Format tags for IP Accounting messages Field Description %d Date of the session start in the format DD.MM.
20 External Reporting Teldat GmbH 20.3 Alert Service It was previously possible to send syslog messages from the router to any syslog host. Depending on the configuration, e-mail alerts are sent to the administrator as soon as relevant syslog messages appear. 20.3.1 Alert Recipient A list of Syslog messages is displayed in the Alert Recipient menu. 20.3.1.1 New Select the New to create additional alert recipients. Fig.
20 External Reporting Teldat GmbH Field Description Possible values: • E-mail • SMS Recipient Message Compression Enter the recipient's e-mail address. The entry is limited to 40 characters. Select whether the text in the alert E-mail is to be shortened. The e-mail then contains the syslog message only once plus the number of relevant events. Enable or disable the field. The function is enabled by default. Subject Event You can enter a subject.
20 External Reporting Teldat GmbH Field Description entered therefore usually contains wildcards. To be informed of all syslog messages of the selected level, just enter "*". Severity Select the severity level which the string configured in the Matching String field must reach to trigger an e-mail alert. Possible values: , (default value), " , ) , , # , 2 , 6 , 7 Monitored Subsystems Select the subsystems to be monitored. Add new subsystems with Add.
20 External Reporting Teldat GmbH 20.3.2 Alert Settings Fig. 196: External Reporting ->Alert Service->Alert Settings The menu External Reporting->Alert Service->Alert Settings consists of the following fields: Fields in the Basic Parameters menu. Field Alert Service Description Select whether the alert service is to be enabled for the interface. The function is enabled with . The function is enabled by default. Maximum E-mails per Minute Limit the number of outgoing mails per minute.
20 External Reporting Teldat GmbH Field Description Possible values: • 2 (default value): The server accepts and send emails without further authentication. • =/!: The server only accepts e-mails if the router logs in with the correct user name and password. • User Name =/! !8!: The server requires that e-mails are called via POP3 by the sending IP with the correct POP3 user name and password before sending an e-mail.
20 External Reporting Teldat GmbH 20.4 SNMP SNMP (Simple Network Management Protocol) is a protocol from the IP protocol family for transporting management information about network components. Every SNMP management system contains an MIB. SNMP can be used to configure, control and administrate various network components from one system. Such an SNMP tool is included on your device: the Configuration Manager. As SNMP is a standard protocol, you can use any other SNMP managers, e.g. HPOpenView.
20 External Reporting Teldat GmbH Field Description ing Your device then sends SNMP traps to the LAN's broadcast address. The function is activated by selecting . The function is disabled by default. SNMP Trap UDP Port Only if SNMP Trap Broadcasting is enabled. Enter the number of the UDP port to which your device is to send SNMP traps. Any whole number is possible. The default value is . SNMP Trap Community Only if SNMP Trap Broadcasting is enabled. Enter a new SNMP code.
20 External Reporting Teldat GmbH Fig. 198: External Reporting ->SNMP->SNMP Trap Hosts ->New The menu External Reporting->SNMP->SNMP Trap Hosts->New consists of the following fields: Fields in the Basic Parameters menu. Field Description IP Address Enter the IP address of the SNMP trap host. 20.5 Activity Monitor This menu contains the settings needed to monitor your device with the Windows tool Activity Monitor (part of BRICKware for Windows).
20 External Reporting Teldat GmbH • Start and configure the Windows application on your PC (you can download BRICKware for Windows to your PC from the download area at www.teldat.de and from there import it to your device). 20.5.1 Options Fig. 199: External Reporting ->Activity Monitor ->Options The menu External Reporting->Activity Monitor->Options consists of the following fields: Fields in the Basic Parameters menu.
20 External Reporting Teldat GmbH Field Description • Update Interval ; : The UDP packets are sent to the IP address entered in the adjacent input field. Enter the update interval (in seconds). Possible values are to . The default value is . UDP Destination Port Enter the port number for the Windows application Activity Monitor. The default value is C (registered by IANA - Internet Assigned Numbers Authority). Password 456 Enter the password for the Activity Monitor.
21 Monitoring Teldat GmbH Chapter 21 Monitoring This menu contains information that enable you to locate problems in your network and monitor activities, e.g. at your device's WAN interface. 21.1 Internal Log 21.1.1 System Messages In the Monitoring->Internal Log->System Messages menu, a list of all internally stored system messages is displayed. Above the table you will find the configured vales for the Maximum Number of Syslog Entries and Maximum Message Level of Syslog Entries fields.
21 Monitoring Teldat GmbH Field Description Subsystem Displays which subsystem of the device generated the message. Message Displays the message text. 21.2 IPSec 21.2.1 IPSec Tunnels A list of all configured IPSec tunnel providers is displayed in the Monitoring->IPSec->IPSec Tunnels menu. Fig. 201: Monitoring ->IPSec->IPSec Tunnels Values in the IPSec Tunnels list Field Description Description Displays the name of the IPSec tunnel. Remote IP Displays the IP address of the remote IPSec Peers.
21 Monitoring Teldat GmbH Fig. 202: Monitoring ->IPSec->IPSec Tunnels -> Values in the IPSec Tunnels list Field Description Description Shows the description of the peer. Local IP Address Shows the WAN IP address of your device. Remote IP Address Shows the WAN IP address of the connection partner. Local ID Shows the ID of your device for this IPSec tunnel. Remote ID Shows the ID of the peer. Negotiation Type Shows the exchange type. Authentication Method Shows the authentication method.
21 Monitoring Teldat GmbH Field Description Role / Algorithm / Lifetime remaining / Status IPSec (Phase-2) SAs (x) Shows the parameters of the IPSec (Phase 2) SAs. Role / Algorithm / Lifetime remaining / Status Messages The system messages for this IPSec tunnel are displayed here. 21.2.2 IPSec Statistics In the Monitoring->IPSec->IPSec Statistics menu, statistical values for all IPSec connections are displayed. Fig.
21 Monitoring Teldat GmbH Field Description Status Displays the number of IPSec tunnels by their current status. • Up: Currently active IPSec tunnels. • Going up: IPSec tunnels currently in the tunnel setup phase. • Blocked: IPSec tunnels that are blocked. • Dormant: Currently inactive IPSec tunnels. • Configured: Configured IPSec tunnels. Fields in the SAs menu. Field Description IKE (Phase-1) Shows the number of active phase 1 SAs (Established) from the total number of phase 1 SAs (Total).
21 Monitoring Teldat GmbH Fig. 204: Monitoring ->Interfaces->Statistics Change the status of the interface by clicking the or the button in the Action column. Values in the Statistics list Field Description No. Shows the serial number of the interface. Description Displays the name of the interface. Type Displays the interface text. Tx Packets Shows the total number of packets sent. Tx Bytes Displays the total number of octets sent. Tx Errors Shows the total number of errors sent.
21 Monitoring Teldat GmbH Fig. 205: Monitoring ->Interfaces->Statistics-> Values in the Statistics list Field Description Description Displays the name of the interface. MAC Address Displays the interface text. IP Address / Netmask Shows the IP address and the netmask. NAT Indicates if NAT is activated for this interface. Tx Packets Shows the total number of packets sent. Tx Bytes Displays the total number of octets sent. Rx Packets Shows the total number of packets received.
21 Monitoring Teldat GmbH 21.4 WLAN 21.4.1 WLANx In the Monitoring->WLAN->WLAN menu, current values and activities of the WLAN interface are displayed. The values for wireless mode 802.11n are listed separately. Fig. 206: Monitoring ->WLAN->WLAN Values in the WLAN list 464 Field Description mbps Displays the possible data rates on this wireless module.
21 Monitoring Teldat GmbH Field Description in mbps. Rx Packets Shows the total number of received packets for the data rate shown in mbps. You can choose the Advanced button to go to an overview of more details. Fig. 207: Monitoring ->WLAN->WLAN->Advanced Values in the Advanced list Field Description Description Displays the description of the displayed value. Value Displays the statistical value.
21 Monitoring Teldat GmbH Description Meaning Unicast MPDUs received successfully Displays the number of successfully received MSDUs that were sent with a unicast address. MSDUs that could not be transmitted Displays the number of MSDUs that could not be sent. Frame transmissions without ACK received Displays the number of sent frames which which an acknowledgement frame was not received. Duplicate received MS- Displays the number of MSDUs received in duplicate.
21 Monitoring Teldat GmbH Field Description ent is logged in. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. Signal dBm(RSSI1, RSSI2, RSSI3) Shows the received signal strength in dBm. Noise dBm Shows the received noise strength in dBm. Data Rate mbps Shows the current transmission rate of data received by this client in mbps. The following clock rates are possible: IEEE 802.11b: 11, 5.5, 2 and 1 mbps; IEEE 802.
21 Monitoring Teldat GmbH Fig. 209: Monitoring ->WLAN->VSS-> -> Values in the list 468 Field Description Client MAC Address Shows the MAC address of the associated client. IP Address Shows the IP address of the client. Uptime Shows the time in hours, minutes and seconds for which the client is logged in. Signal dBm(RSSI1, RSSI2, RSSI3) Shows the received signal strength in dBm. Noise dBm Shows the received noise strength in dBm.
21 Monitoring Teldat GmbH Field Description wireless connection. Values: • > 25 dB excellent • 15 – 25 dB good • 2 – 15 dB borderline • 0 – 2 dB bad. Data Rate mbps Shows the current transmission rate of data received by this client in mbps. The following clock rates are possible: IEEE 802.11b: 11, 5.5, 2 and 1 mbps; IEEE 802.11g/a: 54, 48, 36, 24, 18, 12, 9.6 Mbps. If the 5-GHz frequency band is used, the indication of 11, 5.5, 2 and 1 Mbps is suppressed for IEEE 802.11b.
21 Monitoring Teldat GmbH Field Description Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. Signal dBm(RSSI1, RSSI2, RSSI3) Shows the received signal strength in dBm. Noise dBm Shows the received noise strength in dBm. Data Rate mbps Shows the current clock rate of data received on this WDS link in Mbps. If required, the Test link can be used to launch a link test.
21 Monitoring Teldat GmbH Fig. 211: Monitoring ->WLAN->WDS-> Values in the WDS list Field Description WDS Description Shows the name of the WDS link. Remote MAC Shows the MAC address of the WDS link partner. Uptime Shows the time in hours, minutes and seconds for which the WDS link in question is active. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. Signal dBm(RSSI1, RSSI2, RSSI3) Shows the received signal strength in dBm.
21 Monitoring Teldat GmbH Field Data Rate mbps Rate Description Shows the current clock rate of data received on this WDS link in Mbps. For each of the specified data rates, displays the values for Tx Packets and Rx Packets. 21.4.4 Bridge Links In the Monitoring->WLAN->Bridge Links menu, current values and activities of the bridge links are displayed. Fig.
21 Monitoring Teldat GmbH link test also helps you to align the antennas. This option is only displayed if the link state is . Bridge link details You can use the icon to open an overview of further details of the bridge links. Fig. 213: Monitoring ->WLAN->Bridge Links-> Values in the Bridge Links list Field Description Bridge Link Description Shows the name of the bridge link. Remote MAC Shows the MAC address of the bridge link partner.
21 Monitoring Teldat GmbH Field Description Uptime Shows the time in hours, minutes and seconds for which the bridge link in question is active. Tx Packets Shows the total number of packets sent. Rx Packets Shows the total number of packets received. Signal dBm Shows the received signal strength in dBm. Noise dBm Shows the received noise strength in dBm. Data Rate mbps Shows the current clock rate of data received on this bridge link in Mbps.
21 Monitoring Teldat GmbH Client Link Details You can use the icon to open an overview of further details of the client links. Fig. 215: Monitoring ->WLAN->Client Links-> Values in the Client Links list Field Description AP MAC Address Shows the MAC address of the client link partner. Uptime Shows the time in hours, minutes and seconds for which the client link in question is active. Signal dBm Shows the received signal strength in dBm. Noise dBm Shows the received noise strength in dBm.
21 Monitoring Teldat GmbH Field Description SNR dB Shows the signal quality in dB. Data Rate mbps Shows the current clock rate of data received on this client link in Mbps. Rate For each of the specified data rates, displays the values for Tx Packets and Rx Packets. 21.4.6 Load Balancing The Monitoring->WLAN+Load Balancing menu displays an overview of the Load Balancing.
21 Monitoring Teldat GmbH 21.5.1 br In the Monitoring->Bridges-> br menu, the current values of the configured bridges are shown. Fig. 217: Monitoring ->Bridges Values in the br list Field Description MAC Address Shows the MAC addresses of the associated bridge. Port Shows the port on which the bridge is active. 21.6 HotSpot Gateway 21.6.1 HotSpot Gateway A list of all linked hotspot users is displayed in the Monitoring->HotSpot Gateway->HotSpot Gateway menu. Fig.
21 Monitoring Teldat GmbH Field Description IP Address Shows the IP address of the user. Physical Address Shows the physical address of the user. Logon Displays the time of the notification. Interface Shows the interface used. 21.7 QoS In the Monitoring->QoS menu, statistics are displayed for interfaces on which QoS has been configured. 21.7.1 QoS A list of all interfaces for which QoS was configured is displayed in the Monitoring->QoS->QoS menu. Fig.
21 Monitoring Teldat GmbH 21.8.1 Global Status The status of all configured PIM components is displayed in the Monitoring+PIM+Global Status menu. Fig. 220: Monitoring +PIM+Global Status Values in the Global Status list Field View Description Select the desired view from the dropdown menu. Are available: " , !6= 6 , !6= 2 and = 1 % 4
21 Monitoring Teldat GmbH Field Description Interface Displays the interface via which the PIM Neighbor is reached. Generation ID Displays the ID of the neighbor gateway. IP Address Displays the primary IP address of the PIM Neighbor. Uptime Indicates how long the last PIM Neighbor is a neighbor of the local router. Expiry Timer Indicates when the PIM Neighbor is no longer entered as neighbor. If the value is displayed, the PIM Neighbor always remains entered as neighbor.
21 Monitoring Teldat GmbH Fig. 221: Monitoring +PIM+Not Interface-Specific Status Values in the Not Interface-Specific Status list Field View Description Select the desired view from the dropdown menu. Are available: " , @UEUE
21 Monitoring Teldat GmbH Field Description Upstream Join Timer Join/Prune Timer is used to periodically send Join(*,*,RP) messages, and to correct Prune(*,*,RP) messages from peers on an Upstream LAN interface. Values in the (*,G) States list Field Description Multicast Group Address Displays the multicast group address. Upstream Neighbor IP Address Displays the primary IP address of the Neighbor on pimStarGRPFIfIndex, to which the local router periodically (*,G) sends Join messages.
21 Monitoring Teldat GmbH Field Description entry. This corresponds to the status of the Upstream (S,G) State Machine in the PIM-SM specification. Uptime Indicates the timespan since the entry was generated by the local router. Upstream Join Timer Indicates the remaining time until the local router sends out the next periodic (S,G) Join message on pimSGRPFIfIndex. In the PIM-SM specification, this timer is named (S,G) Upstream Join Timer. If the timer is deactivated, it has the value .
21 Monitoring Teldat GmbH Fig. 222: Monitoring +PIM+Interface-Specific States Values in the Interface-Specific States list Field View Description Select the desired view from the dropdown menu. Are available: " , @UE1E6A @ E1E
21 Monitoring Teldat GmbH Field Description Assert State Displays the (*,G) Assert State for this interface. This corresponds to the status of the Per-Interface (*,G) Assert State Machinen in the PIM-SM specification. If pimStarGPimMode is 'bidir', this object must 'noInfo' be. Assert Winner IP Address Indicates the address of Assert Winner, if pimStarGIAssertState runs 'iAmAssertLoser'. InetAddressType is defined through the object pimStarGIAssertWinnerAddressType.
21 Monitoring 486 Teldat GmbH Field Description Multicast Group Address Displays the multicast IP address. InetAddressType is defined through the object pimSGAddressType. Source IP Address Displays the source IP address. InetAddressType is defined through the object pimStarGAddressType. Interface Displays the name of the interface. Uptime Indicates the timespan since the entry was generated by the local router.
Glossary Teldat GmbH Glossary 10 Base 2 Thin Ethernet connection. Network connection for 10-mbps networks with BNC connector. T-connectors are used for the connection of equipment with BNC sockets. 100Base-T Twisted pair connection, Fast Ethernet. Network connection for 100-mbps networks. 10Base-T Twisted pair connection. Network connection for 10-mbps networks with RJ45 connector. 1TR6 D channel protocol used in the German ISDN. Today the more common protocol is DSS1. 3DES (Triple DES) See DES.
Glossary Teldat GmbH the optional wired Ethernet is connected, the signals between the two physical media, the wireless interface and wired interface, are bridged (bridging). Access protection Filters can be used to prevent external persons from accessing the data on the computers in your LAN. These filters are a basic function of a firewall. Accounting Recording of connection data, e.g. date, time, connection duration, charging information and number of data packets transferred.
Glossary Teldat GmbH having to pick up the receiver. Announcement func- Performance feature of a PBX. On suitable telephones (e.g. system tion telephones), announcements can be made as on an intercom. Answering machine You configure an analogue answering machine under "Terminal Type". AOC-D Display during and at end of connection. AOC-D/E Advice of charge-during/end. AOC-E Display only at end of connection.
Glossary Teldat GmbH Automatic callback on busy (CCBS) You urgently need to contact a business partner or internal subscriber. However, when you call, you always hear the engaged tone. If you were to receive notification that the subscriber had ended the call, your chance of reaching them would be very good. With "Callback on Busy" you can reach the engaged subscriber once they have replaced the receiver at the end of the call. Your telephone rings.
Glossary Teldat GmbH Base station Central unit of wireless telephone devices. There are two different types: The simple base station is used to charge the handheld unit. For special-feature telephones, the base station can also be used as a telephone, the handheld unit is charged using separate charging stations. Basic Rate Interface ISDN connection that includes two basic channels (B channels) each with 64 kbps and one control and signalling channel (D channel) with 16 kbps.
Glossary 492 Teldat GmbH Break-in In a PBX, the option of breaking in to an existing call. This is signalled acoustically by an attention tone. BRI Basic Rate Interface Bridge Network component for connecting homogeneous networks. As opposed to a gateway, bridges operate at layer 2 of the OSI model, are independent of higher-level protocols and transmit data packets using MAC addresses. Data transmission is transparent, which means the information contained in the data packets is not interpreted.
Glossary Teldat GmbH signment. For each day of the week, you can select any day/night switching time. A calendar has four switch times, which can be specifically assigned to each individual day of the week. Call allocation In a PBX, calls can be assigned to certain terminals. Call costs account You can set up a "call costs account" for a subscriber here. The maximum available number of units, in the form of a limit, can be assigned to each subscriber on their personal "call costs account".
Glossary Teldat GmbH to several different teams, this is not surprising. You can now form various groups of subscribers in which call pickup is possible. A call can only be picked up by subscribers/terminals in the same pickup group. The assignment of subscribers in pickup groups is not dependent on the settings in the Day and Night team call assignment.
Glossary Teldat GmbH Block Cipher Modes. CBC Cipher Block Chaining CCITT Consultative Committee for International Telegraphy and Telephony CD (Call Deflection) The forwarding of calls. This performance feature enables you to forward a call without having to take it yourself. If you forward a call to an external subscriber, you bear any connection costs from your connection to the destination of the forwarded call.
Glossary Teldat GmbH Combination device If an analogue terminal connection of the PBX is set up as a "multifunctional port" for combination devices, all calls are received, regardless of the service. In the case of trunk prefixes using codes, the service ID "Analogue Telephony" or "Telefax Group 3" can also be transmitted, regardless of the configuration of the analogue connection. If 0 is dialled, the service ID "Analogue Telephony" is also transmitted.
Glossary Teldat GmbH Data compression A process for reducing the amount of data transmitted. This enables higher throughput to be achieved in the same transmission time. Examples of this technique include STAC, VJHC and MPPC. Data Link Layer (DLL) Data packet A data packet is used for information transfer. Each data packet contains a prescribed number of characters (information and control characters).
Glossary Teldat GmbH tack host in a LAN with fake requests so that it is completely overloaded. This means the system or a certain service can no longer be run. DES Data Encryption Standard Destination number Speeddial memory memory 498 DHCP Dynamic Host Configuration Protocol Dial preparation On some telephones with a display, you can first enter a telephone, check it first, and then dial it. Dial-in parameters Define the dial-in parameters i.e.
Glossary Teldat GmbH matically overwritten when the new configuration is transferred to the PBX. Direct dial-in Performance feature of larger PBXs at the point-to-point connection: The extensions can be called directly from outside. Direct dialling range See Extension numbers range DISA Direct Inward System Access Display and output of connection data In the configuration, it is possible to define storage of data records for specific terminals or all terminals.
Glossary Teldat GmbH the ring button. Your door intercom can have up to 4 ring buttons. The door opener can be pressed during an intercom call. It is not possible activate the door opener if an intercom call is not taking place. Dotted Decimal Notation The syntactic representation of a 32-bit whole number, written in four 8-bit numbers in decimal form and subdivided by a point. It is used to represent IP addresses on the Internet, e.g. 192.67.67.
Glossary Teldat GmbH DTMF Dual Tone Multi Frequency (tone dialling system) Dynamic IP address In contrast to a static IP address, a dynamic IP address is assigned temporarily by DHCP. Network components such as the web server or printer usually have static IP address, while clients such as notebooks or workstations usually have dynamic IP addresses. E1/T1 E1: European variant of the 2.048 mbps ISDN Primary Rate Interface, which is also called the E1 system.
Glossary Teldat GmbH Ethernet connections The 4 connections are led equally through an internal switch. Network clients can be directly connected to the connection sockets. The ports are designed as 100/BaseT full-duplex, autosensing, auto MDIX upwardly compatible to 10/Base T. Up to 4 SIP telephones or IP softclients with SIP standard can be directly connected to PCs with a network card.
Glossary Teldat GmbH via the standard access after a predefined number of attempts, setup is attempted using the second entry then subsequent entries. If the final entry in the list does not enable a connection to be set up successfully, the operation is terminated until a new request is made. When fall back occurs and all other ISPs can only be reached by dialup connections, both B channels may be occupied. If channel bundling is used, you cannot be reached for the duration of this connection.
Glossary 504 Teldat GmbH Fragmentation Process by which an IP datagram is divided into small parts in order to meet the requirements of a physical network. The reverse process is known as reassembly. Frame Unit of information sent via a data connection. Frame relay A packet switching method that contains smaller packets and fewer error checks than traditional packet switching methods such as X.25. Because of its properties, frame relay is used for fast WAN connections with a high density of traffic.
Glossary Teldat GmbH conduct a call without using your hands. As a result, other people in the room can also participate in the call. Hashing The process of deriving a number (hash) from a character string. A hash is generally far shorter than the text flow it was derived from. The hashing algorithm is designed so that there is a relatively low probability of generating a hash that is the same as another hash generated from a text sequence with a different meaning.
Glossary Teldat GmbH host computer. HTTP HyperText Transfer Protocol Hub Network component used to connect several network components together to form a local network (star-shaped). IAE ISDN connection unit, ISDN connection socket. ICMP Internet Control Message Protocol ICV Integrity Check Value Identify malicious callers (intercept) You have to request this performance feature from T-Com. The company will provide you with further information on the procedure.
Glossary Teldat GmbH al calls. Internal calls Free-of-charge connection between terminals in a PBX. Internal telephone numbers Your PBX has a fixed internal telephone number plan. Internet The Internet consists of a number of regional, local and university networks. The IP protocol is used for data transmission on the Internet. Internet time sharing Allows several users to surf the Internet simultaneously over an ISDN connection.
Glossary Teldat GmbH the other hand, uses the PC's resources. 508 ISDN Login Function of your gateway. Your gateway can be configured and administrated remotely using ISDN Login. ISDN Login operates on gateways in the ex works state as soon they are connected to an ISDN connection and therefore reachable via an extension number. ISDN number The network address of the ISDN interface, e.g. 4711.
Glossary Teldat GmbH LCP Link Control Protocol LDAP Lightweight Directory Access Protocol Lease Time The "Lease Time" is the time a computer keeps the IP address assigned to it without having to "talk" to the DHCP server. Leased Line Leased line LLC Link Layer Control Local exchange Switching node of a public local telephone network that supports the connection of end systems.
Glossary Teldat GmbH MPPC Microsoft Point-to-Point Compression MPPE Microsoft Point-to-Point Encryption MSDU MAC Service Data Unit - a data packet that ignores fragmentation in the WLAN. MSN Multiple subscriber number MSSID See SSID MTU Maximum Transmission Unit Multicast A specific form of broadcast in which a message is simultaneously transmitted to a defined user group.
Glossary Teldat GmbH NetBIOS Network Basic Input Output System Netmask The second part of an address in an IP network, used for identification of a device, e.g. 255.255.255.0. See also IP address. Network Your PBX has a DSL router so that one or more PCs can surf the Internet and download information. Network address A network address designates the address of a complete local network.
Glossary Teldat GmbH OSPF Open Shortest Path First Outgoing extension The "outgoing extension number signal" is intended for internal connumber signal nections on the point-to-point to which an explicit extension number was not assigned. When an external call is made, the extension number entered under Outgoing Extension Number Signal is also transmitted.
Glossary Teldat GmbH replaced by the multifrequency code method (MFC) . PGP Pretty Good Privacy PH Packet handler Phone book The PBX has an internal phone book. You can store up to 300 telephone numbers and the associated names. You can access the PBX's phone book with the Teldat devices (for example CS 410). You add entries to the phone book using the configuration interface.
Glossary Teldat GmbH PPP Point-to-Point Protocol PPP authentication Security mechanism. A method of authentication using passwords in PPP. PPPoA Point to Point Protocol over ATM PPPoE Point to Point Protocol over Ethernet PRI Primary Rate Interface Primary Rate Interface (PRI) ISDN subscriber connection. The PRI consists of one D channel and 30 B channels (in Europe). (In America: 23 B channels and one D channel.) There is also the ISDN Basic Rate Interface.
Glossary Teldat GmbH Recording telephone Performance feature of an answering machine. Enables a conversacalls tion to be recorded during the telephone call. Remote Remote, as opposed to local. Remote access Opposite to local access, see Remote. Remote CAPI bintec's own interface for CAPI. Remote diagnosis/re-Some terminals and PBXs are supported and maintained by Tmote maintenance Service support offices over the telephone line, which often means a service engineer does not have to visit the site.
Glossary Teldat GmbH and the receiver must be lifted or "Hands-free" switched on. If you replace the telephone receiver or turn off "Hands-free", room monitored ends and the performance feature is switched off. 516 Room monitoring from external telephones This function can be used to monitor rooms from an external telephone. Room monitoring from internal telephones You can acoustically monitor a room from an internal telephone in your PBX.
Glossary Teldat GmbH the information providers. The provided information is accessed using the telephone number 0190 which is uniform across Germany plus a 6-digit telephone number. Information offering: Entertainment, weather, finance, sport, health, support and service hotlines. Service 0700 Additional voice service from T-Com. Allows calls to be received via a location-independent telephone number uniform across Germany, starting with the numbers 0700. Free-of-charge routing to national fixed network.
Glossary Teldat GmbH activates the Loudspeaker function so that a conversation can take place immediately. Please see the information on the telephone user's guide on the simplex operation function. 518 SIP Session Initiation Protocol SMS Short Message Service SMS receipt If you have connected an SMS-enabled terminal, you can decide whether SMS receipt is to be permitted for the connection. The ex works setting is no SMS receipt.
Glossary Teldat GmbH So connection See ISDN Basic Rate Interface So interface Internationally standardised interface for ISDN systems. This interface is provided on the network side by the NTBA . On the user side, the interface is intended for connecting a PBX (point-to-point connection) and for connecting up to eight ISDN terminals (point-to-multipoint connection). SOHO Small Offices and Home Offices SPD The SPD (=Security Policy Database) defines the security services available for IP traffic.
Glossary Teldat GmbH Spoofing Technique for reducing data traffic (and thus saving costs), especially in WANs. SSID The Service Set Identifier (SSID) or Network Name refers to the wireless network code based on IEEE 802.11. SSL Secure Sockets Layer A technology, now standard, developed by Netscape, which is generally used to secure HTTP traffic between a web browser and a web server. STAC Data compression procedure.
Glossary Teldat GmbH Suppress B telephone number (COLR) COLP/COLR: Connected line identification presentation/connected line identification restriction = Activate/suppress transmission of called party's telephone number to caller. This performance feature suppresses the display of the called subscriber's telephone number. If display of the B telephone number is suppressed, your telephone number is not transmitted to the caller when you take a call.
Glossary Teldat GmbH option, which can be used with the existing telephone cable, costs less than two telephone connections but offers far greater quality and ease of use: Two independent lines, so that you can still make a phone call, receive a fax, or surf the Internet when another family member is making a long call on the other line. Three or more telephone numbers, which you can assign individually to your devices and distribute differently if needed through simple programming steps.
Glossary Teldat GmbH TAPI Telephony Application Program Interface TAPI configuration You can use the TAPI configuration to modify the TAPI driver in line with the program that uses this driver. You can check which MSN is to be assigned to a terminal, define a line name, and configure the dialling parameters. First configure your PBX. You must then configure the TAPI interface. Use the "TAPI Configuration" program.
Glossary Teldat GmbH telephone number is stored in your telephone's caller list. However, because your connection is automatically set to Automatic Outside Line as a result of the ex works settings, you would first have to dial ** for a callback in order to obtain the internal dialling tone, and then 22. If "Transfer Internal Code" is active, ** is placed before the 22 and the callback can be made directly from the caller list.
Glossary Teldat GmbH Signalling 1) phones. V.11 ITU-T recommendation for balanced dual-current interface lines (up to 10 mbps). V.24 CCITT and ITU-T recommendation that defines the interface between a PC or terminal as Data Terminal Equipment (DTE) and a modem as Data Circuit-terminating Equipment (DCE). V.28 ITU-T recommendation for unbalanced dual-current interface line. V.35 ITU-T recommendation for data transmission at 48kbps in the range from 60 to 108kHz. V.36 Modem for V.35. V.
Glossary 526 Teldat GmbH Web server Server that provides documents in HTML format for access over the Internet (WWW). Webmail T-Online service with which e-mails can be sent and received worldwide on the Internet by means of a browser. WEP Wired Equivalent Privacy Western plug (also known as RJ-45 plug) Plug used for ISDN terminals with eight contacts. Developed by the US telephone company Western Bell. Western plugs for analogue telephones have four or six contacts.
Glossary Teldat GmbH in ISDN (D channel). X.500 ITU-T standards that cover user directory services, see LDAP. Example: The phone book is the directory in which you find people on the basis of their name (agreement with the telephone directory). The Internet supports several databases with information on users, such as e-mail addresses, telephone numbers and postal addresses. You can search these databases to obtain information about individuals. X.
Index Teldat GmbH Index 220 ISDN Timeserver 90 System Admin Password 87 # #1 #2, #3 124 2 2,4/5 GHz changeover 476 A Access Control 170 , 213 Access Filter 266 Access Filter 261 Access Rules 259 ACCESS_ACCEPT 107 ACCESS_REJECT 107 ACCESS_REQUEST 107 ACCOUNTING_START 107 ACCOUNTING_STOP 107 Action 177 , 177 , 185 , 185 , 220 , 266 , 362 , 405 , 421 , 437 , 458 , 462 Action to be performed 417 Actions 404 Active Clients 476 Active Clients 214 Active IPSec Tunnels 81 Active Radio Profile 198 Active Se
Index Teldat GmbH Baudrate 132 Beacon Period 156 , 170 , 204 Block after connection failure for 300 , 305 , 354 Block Time 114 , 333 blocked 295 BOSS 437 BOSS Version 81 Bridge Links 177 , 472 Bridge Link Description 183 , 185 Bridge Link Description 472 , 473 Bridges 476 Burst size 256 Burst Mode 154 , 203 Byte Count 134 Bytes 459 C CA Certificate 121 CA Certificates 333 CA Name 405 Cache 384 Cache Hitrate (%) 385 Cache Hits 385 Cache Size 377 CAPWAP Encryption 197 Certificate Request 120 Certificate Lis
Index Teldat GmbH Cyclic Background Scanning 204 D D Channel Mode 325 Data Bits 132 Data Packets Sequence Numbers 349 Data Rate mbps 466 , 468 , 469 , 471 , 472 , 473 , 474 , 475 Date 457 Date and Time 87 Default Route 299 , 304 , 316 , 352 , 358 Default Idle Timeout 431 Default Route Distribution 277 Default User Password 108 Delete 218 , 228 Delete complete IPSec configuration 343 Denied Clients soft/hard 476 Description 118 , 128 , 197 , 201 , 226 , 232 , 244 , 247 , 250 , 256 , 262 , 266 , 298 , 303
Index Teldat GmbH DynDNS Provider 389 DynDNS Update 387 DynDNS Client 387 E E-mail 123 E-mail Address 450 EAP Preauthentification 166 , 209 Enable update 388 Enable IPSec 343 Enable VLAN 145 Enable Discovery Server 426 Enabled 358 Encrypt configuration 405 Encrypted 461 Encryption 114 , 354 Encryption Algorithms 102 Entry active 108 , 113 Error 220 Errors 459 , 461 Ethernet Ports 129 Event 447 Event Type 400 Event List 400 , 405 Event List Condition 405 Exclude from NAT (DMZ) 269 Expiry Timer 479 , 484 ,
Index Teldat GmbH Host Name 388 Hosts 416 HotSpot Gateway 428 HotSpot Gateway 426 , 477 HTTP 99 HTTPS 99 , 386 HTTPS Server 386 HTTPS TCP Port 386 I IEEE 802.11d Compliance 149 IGMP 282 IGMP Proxy 285 IGMP State Limit 283 IGMP State Limit 286 IGMP Status 286 Ignore Certificate Request Payloads 345 IKE (Phase-1) 461 IKE (Phase-1) SAs 459 Image already exists.
Index Teldat GmbH Keepalive Period Key Size 405 Key Value 358 294 L L2TP 346 LAN 137 Language for login window 429 Last configuration stored 81 Last Member Query Interval 283 Last seen 218 Last Write Result 424 Layer 4 Protocol 226 LCP Alive Check 300 , 305 , 354 LDAP URL Path 128 Lease Time 394 LED Mode 84 Level 443 , 457 Licence Key 93 Licence Serial Number 93 Lifetime 328 , 336 Load Balancing 215 , 476 Load Balancing 238 Load Balancing Groups 238 Local Certificate 328 Local Hostname 348 Local Address
Index Teldat GmbH Maximum TTL for Negative Cache Entries 377 Maximum TTL for Positive Cache Entries 377 Maximum Upload Speed 253 , 256 , 309 mbps 464 Members 368 , 374 Memory Usage 81 Message 457 Message Compression 447 Message Timeout 447 Messages 459 Metric 225 , 228 , 316 Metric Offset for Inactive Interfaces 275 Metric Offset for Active Interfaces 275 MIB Variables 405 MIB/SNMP Variable to add/edit 405 Min. Period Passive Scan 159 Min. Period Active Scan 159 Min.
Index Teldat GmbH Operation Mode 149 , 198 , 201 Options 115 , 229 , 285 , 343 , 356 , 366 , 415 , 426 , 432 , 435 , 445 , 455 Organization 123 Organizational Unit 123 OSPF Mode 355 Other Inactivity 367 Outbound Interface 256 Outgoing Phone Number 325 Overbooking allowed 256 Override Interval 290 Overwrite similar certificate 405 P Packets 459 Parity 132 Passed 461 Password 121 , 126 , 127 , 298 , 303 , 341 , 348 , 351 , 388 , 405 , 437 , 450 , 455 Password for protected Certificate 405 Passwords 86 Peer
Index Teldat GmbH Public Source IP Address PVID 144 321 Q QoS 246 , 365 , 478 QoS Classification 249 QoS Interfaces/Policies 252 QoS Filter 246 QoS Queue 478 Query Interval 283 Queued 478 Queues/Policies 253 R RA Encrypt Certificate 121 RA Sign Certificate 121 Radio Profiles 200 Radio Settings 147 RADIUS 106 RADIUS Dialout 110 RADIUS Secret 108 Radius Server 209 RADIUS Server Group ID 341 Rate 471 , 473 , 475 Real Time Jitter Control 253 Real Time Jitter Control 308 Reboot 441 Reboot after execution 405
Index Teldat GmbH Route Type 223 , 228 Routes 222 Routing Protocols 272 RSA Key Status 103 RTS Threshold 156 , 159 , 204 RTS frames with no CTS received 465 RTT Mode (Realtime Traffic Mode) 256 Rule Chain 266 , 267 Rule Chains 265 Running 220 Rx Bytes 462 , 463 Rx Errors 462 Rx Packets 462 , 463 , 464 , 466 , 468 , 469 , 471 , 472 , 473 , 474 S Scan channels 159 Scan Interval 159 Scan Threshold 159 SCEP URL 121 Schedule Interval 415 Scheduling 398 Second Timeserver 90 Secondary DHCP Server 398 Secondary D
Index Teldat GmbH Software &Configuration 435 Source 362 Source Interface 226 , 244 , 287 Source Location 405 Source Port 226 , 234 , 319 Source Port/Range 234 , 244 , 247 , 262 Source Location 220 , 437 Source File Name 437 Source IP Address 400 , 405 , 417 , 422 Source IP Address/Netmask 234 , 244 , 247 , 262 , 319 Source IP Address 482 , 483 , 485 , 485 Source Port Range 371 Special Handling Timer 244 Special Session Handling 242 Specify bandwidth 365 SSH 99 , 101 SSH Port 102 SSH service active 102 SS
Index Teldat GmbH Triggered Hello Interval 290 TTL 382 Tunnel Profile 351 Tunnel Profiles 347 Tx Bytes 462 , 463 Tx Errors 462 Tx Packets 462 , 463 , 464 , 466 , 468 , 469 , 471 , 472 , 473 , 474 Type 247 , 262 , 371 , 462 Type of Messages 443 Type of traffic 232 Type of attack 218 U U-APSD 165 UDP Inactivity 367 UDP Destination Port 348 UDP Destination Port 356 , 455 UDP Port 110 UDP Source Port 348 UDP Source Port Selection 356 Unchanged for 462 Unicast MPDUs received successfully 465 Unicast MSDUs tran
Index Teldat GmbH WINS Server 377 Wireless Mode 154 , 203 Wireless LAN 146 Wireless Networks (VSS) 162 , 207 , 215 WLAN 147 , 464 WLANx 464 WLC SSID 405 WMM 165 , 208 WPA Cipher 166 , 175 , 209 WPA Mode 166 , 175 , 209 WPA2 Cipher 166 , 175 , 209 Write certificate in configuration 405 X XAUTH Profile 320 XAUTH Profiles 340 Z Zero Cookie Size 540 344 bintec WLAN and Industrial WLAN
