SpeedTouch™
605/608/608 WL/620
(Wireless) Business DSL Routers
User’s Guide
N
Power
LA
N
Ethernet
W
Plug-in
ISD
Internet
Download from Www.Somanuals.com. All Manuals Search And Download.
SpeedTouch™
605/608
608 WL/620
User’s Guide
Download from Www.Somanuals.com. All Manuals Search And Download.
Copyright
Copyright ©1999-2005 THOMSON. All rights reserved.
Distribution and copying of this document, use and communication of its contents is not permitted without written authorization
from THOMSON. The content of this document is furnished for informational use only, may be subject to change without notice,
and should not be construed as a commitment by THOMSON. THOMSON assumes no responsibility or liability for any errors or
inaccuracies that may appear in this document.
Thomson Telecom Belgium
Prins Boudewijnlaan, 47
B-2650 Edegem
Belgium
Trademarks
The following trademarks are used in this document:
ꢀ
ꢀ
ꢀ
ꢀ
SpeedTouch™ is a trademark of THOMSON.
Bluetooth® word mark and logos are owned by the Bluetooth SIG, Inc.
Ethernet™ is a trademark of Xerox Corporation.
Wi-Fi® and the Wi-Fi logo are registered trademarks of the Wi-Fi Alliance. "Wi-Fi CERTIFIED", "Wi-Fi ZONE", "Wi-Fi Alli-
ance", their respective logos and "Wi-Fi Protected Access" are trademarks of the Wi-Fi Alliance.
ꢀ
ꢀ
UPnP™ is a certification mark of the UPnP™ Implementers Corporation.
Microsoft®, MS-DOS®, Windows® and Windows NT® are either registered trademarks or trademarks of Microsoft Corpo-
ration in the United States and/or other countries.
ꢀ
Apple® and Mac OS® are registered trademarks of Apple Computer, Incorporated, registered in the United States and
other countries.
ꢀ
ꢀ
UNIX® is a registered trademark of UNIX System Laboratories, Incorporated.
Adobe®, the Adobe logo, Acrobat and Acrobat Reader are trademarks or registered trademarks of Adobe Systems, Incor-
porated, registered in the United States and/or other countries.
ꢀ
Netscape® and Netscape Navigator® are registered trademarks of Netscape Communications Corporation.
Other brands and product names may be trademarks or registered trademarks of their respective holders.
Document Information
Status: (January 2006)
Reference:
Short Title: User’s Guide ST605/608 (WL)/620 R5.4
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
Contents
Access via the Web Interface..........................................................................................7
Access via CLI...................................................................................................................8
Access via FTP................................................................................................................10
Remote Assistance ........................................................................................................13
Wireless Basics ..............................................................................................................18
Connecting Wireless Clients for the First Time...........................................................20
Wireless Security ...........................................................................................................22
Connecting Additional Wireless Clients.......................................................................24
Extending the Range of Your Wirelstess Network......................................................26
E-DOC-CTC-20051017-0151 v1.0
i
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
4.1 Navigation.................................................................................... 36
Menu...............................................................................................................................37
Language Bar .................................................................................................................38
Navigation Bar ...............................................................................................................39
Notification Area............................................................................................................40
Tasks ...............................................................................................................................41
4.2 Home............................................................................................ 42
Information.....................................................................................................................44
SpeedTouch™ Easy Setup............................................................................................45
Restart.............................................................................................................................46
Configuration .................................................................................................................47
Back up & Restore..........................................................................................................48
Reset to Factory Defaults ..............................................................................................49
Event Logs......................................................................................................................50
Update ............................................................................................................................51
DSL Connection .............................................................................................................54
Internet Services ............................................................................................................55
Internet Service Settings...............................................................................................56
E-DOC-CTC-20051017-0151 v1.0
ii
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
4.5 Toolbox ........................................................................................ 57
Remote Assistance ........................................................................................................58
Game & Application Sharing........................................................................................59
Defined Games & Applications.....................................................................................61
Game or Application Definition....................................................................................62
New Game or Application.............................................................................................64
Web Site Filtering ..........................................................................................................65
Web Filtering Activation................................................................................................68
Content Level .................................................................................................................69
New Content Level.........................................................................................................70
Firewall ...........................................................................................................................72
Intrusion Detection ........................................................................................................75
Dynamic DNS.................................................................................................................76
User Management .........................................................................................................77
Edit User .........................................................................................................................79
Change Default User......................................................................................................80
Add User.........................................................................................................................81
Devices............................................................................................................................83
Device Settings ..............................................................................................................84
Assign Public IP..............................................................................................................86
Wireless Device Settings...............................................................................................87
Access Point Settings ....................................................................................................88
Configuring WDS........................................................................................................... 93
Interfaces ........................................................................................................................94
Interface Settings...........................................................................................................95
DHCP Pool ......................................................................................................................96
5.1 Home.......................................................................................... 101
E-DOC-CTC-20051017-0151 v1.0
iii
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
Easy Setup....................................................................................................................103
System Information.....................................................................................................104
Connections..................................................................................................................106
Diagnostics...................................................................................................................107
Syslog ...........................................................................................................................108
System Update.............................................................................................................110
SpeedTouch™ Services ..............................................................................................113
SNTP .............................................................................................................................116
SLA................................................................................................................................117
Add-on ..........................................................................................................................120
5.3 IP Router .................................................................................... 121
IP Addresses.................................................................................................................122
Expressions ..................................................................................................................123
Classification ................................................................................................................125
IP Routing .....................................................................................................................127
RIP .................................................................................................................................128
NAT ...............................................................................................................................129
IP QoS ...........................................................................................................................131
ATM...............................................................................................................................136
Routed PPPoE...............................................................................................................139
Routed PPPoA ..............................................................................................................141
Routed PPPoI................................................................................................................144
Bridged Ethernet.......................................................................................................... 147
Routed IPoA..................................................................................................................151
PPTP-to-PPP Relay .......................................................................................................152
Virtual LAN ...................................................................................................................153
DHCP.............................................................................................................................155
DNS...............................................................................................................................160
Managed Switch ..........................................................................................................161
Wireless ........................................................................................................................163
5.6 Firewall ...................................................................................... 170
Policy.............................................................................................................................171
Log ................................................................................................................................175
E-DOC-CTC-20051017-0151 v1.0
iv
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
5.7 VPN ............................................................................................ 176
LAN to LAN...................................................................................................................177
VPN Client.....................................................................................................................178
VPN Server ...................................................................................................................179
Certificates....................................................................................................................180
Advanced......................................................................................................................181
Debug............................................................................................................................182
5.8 SIP PBX...................................................................................... 183
Wired Ethernet Troubleshooting................................................................................189
Wireless Ethernet Troubleshooting............................................................................190
Upgrade Troubleshooting...........................................................................................191
E-DOC-CTC-20051017-0151 v1.0
v
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
E-DOC-CTC-20051017-0151 v1.0
vi
Download from Www.Somanuals.com. All Manuals Search And Download.
About this User’s Guide
About this User’s Guide
Used symbols The following symbols are used in this User’s Guide:
A note provides additional information about a topic.
A tip provides an alternative method or shortcut to perform an action.
A caution warns you about potential problems or specific precautions that
need to be taken.
!
Terminology Generally, the SpeedTouch™605(i), SpeedTouch™608(i), SpeedTouch™608(i) WL
and SpeedTouch™620(i) will be referred to as SpeedTouch™ in this User’s Guide.
Documentation and THOMSON continuously develops new solutions, but is also committed to improve
its existing products.
software updates
For suggestions regarding this document, please contact
For more information on THOMSON's latest technological innovations, documents
E-DOC-CTC-20051017-0151 v1.0
1
Download from Www.Somanuals.com. All Manuals Search And Download.
About this User’s Guide
E-DOC-CTC-20051017-0151 v1.0
2
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
1 Getting to know your SpeedTouch™
Introduction With the SpeedTouch™605(i) and SpeedTouch™608(i) Business DSL Routers and
the SpeedTouch™608 WL(i) and SpeedTouch™620(i) Wireless Business DSL
Routers you can build a secure small (home-)office network, seamlessly connecting
wired and wireless devices and surf the Internet at high speed, all combined in one
device.
Installation For more information on how to set up, install and wire your SpeedTouch™ and set
up Internet connection, refer to the Installation and Setup Guide.
Configuration This User’s Guide will help you configuring your SpeedTouch™.
Before you begin
Before connecting the SpeedTouch™, please read the SpeedTouch™ Quick
Installation Guide and the Safety Instructions and Regulatory Notices.
E-DOC-CTC-20051017-0151 v1.0
3
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
1.1 SpeedTouch™ LED Behaviour
Front panel LEDs The SpeedTouch™ is equipped with a number of LEDs on its front panel, indicating
the state of the device during normal operation.
The following table shows the meaning of the different LEDs.
Indicator
Name
Description
Colour State
Power
Green
Red
Solid on
Solid on
Power on, normal operation
Power on, self-test failed, indicating
device malfunction
Orange Solid on
Off
Bootloader active
Power off
Ethernet
WLAN
Green
Blinking
Solid on
Ethernet activity
Ethernet connection, no activity
No Ethernet connection
Off
Green
Blinking
Solid on
Blinking
Solid on
Blinking
Solid on
Toggling
Wireless activity, WPA encryption
No wireless activity, WPA encryption
Wireless activity, WEP encryption
No wireless activity, WEP encryption
Wireless activity, no security
No wireless activity, no security
Wireless client registration phase
Amber
Red
Red/
green
Off
WLAN disabled
E-DOC-CTC-20051017-0151 v1.0
4
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
Indicator
Name
Description
Colour State
Plug-in
Green
Blinking
Data passing through the cardbus
Solid on
Cardbus is connected, no data
passing through
Off
Cardbus is not connected
ISDN activity
ISDN
DSL
Green
Blinking
Solid on
ISDN line connected, no activity
No ISDN line
Off
Green
Blinking
Solid on
Pending DSL line synchronisation
DSL line synchronised
No DSL line
Off
Internet
Green
Blinking
Solid on
Solid on
Internet activity
Internet connectivity, no activity
Internet connection setup failed
No Internet connection
Red
Off
Ethernet LEDs A LED may be provided per Ethernet port to indicate link integrity (or activity).
Depending on the SpeedTouch™ product you are using, a second LED (A) may be
provided to indicate the 10/100Base-T selection:
A
B
Indicator
Name
Description
LED Status
Off
A
Integrity
(Activity)
No connection on this port
Ethernet link up
(Optional)
Solid on
Blinking
Off
Data is flowing from/to this port
10Base-T Ethernet connection
100Base-T Ethernet connection
B
10/100Base-T
Solid on
E-DOC-CTC-20051017-0151 v1.0
5
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
1.2 Accessing your SpeedTouch™
Access methods Your SpeedTouch™ is accessible in one of the following ways:
Access Method
Can be used to
Web browser
Configure your SpeedTouch™ via HTTP or
HTTPS.
For more information, see “1.2.1 Access via
Command Line Interface (CLI)
File Transfer Protocol (FTP)
Fine-tune your SpeedTouch™ configuration.
For more information, see “1.2.2 Access via
Back up and restore data on your
SpeedTouch™.
For more information, see “1.2.3 Access via
Remote Assistance
Allow a remote user to help you configuring
your SpeedTouch™.
For more information, see “1.2.4 Remote
E-DOC-CTC-20051017-0151 v1.0
6
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
1.2.1 Access via the Web Interface
To access the
Proceed as follows:
SpeedTouch™ via the
Web interface
1
2
Open a Web browser.
You can access the pages via HTTP or HTTPS.
For remote assistance the secure version HTTPS is used in
combination with certificates. Simply provide your ISP with the link as
shown, user name and password before he can log on to the pages.
the configurable aspects of the SpeedTouch™.
E-DOC-CTC-20051017-0151 v1.0
7
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
1.2.2 Access via CLI
To access the
SpeedTouch™ via the
Command Line
You can access the Command Line Interface (CLI) via:
ꢀ
The embedded Expert pages. For more information, see “5 Expert
Interface (CLI)
ꢀ
A Telnet session
This requires a TCP/IP connection between the host from which the Telnet
session is opened and the SpeedTouch™. Your SpeedTouch™ and the
connected computer must have an IP address in the same subnet.
ꢀ
ꢀ
The serial ‘Console’ interface
Quote site commands (over FTP)
For more information on CLI commands, see the SpeedTouch™ CLI Reference
Guide.
E-DOC-CTC-20051017-0151 v1.0
8
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
To start a Telnet Proceed as follows:
session
1
Open a telnet application.
You can use the Command Prompt window.
In Microsoft Windows XP for instance:
1
2
On the Windows taskbar, click Start.
Select (All) Programs > Accessories > Command Prompt.
2
3
Connect to your SpeedTouch™.
In the Command Prompt window:
At the prompt, type telnetfollowed by the IP address of your
SpeedTouch™ (192.168.1.254 by default).
Enter your SpeedTouch™ security user name and password.
The default user is ‘Administrator’ and the default password is blank.
As soon as you have opened a session to the CLI, the SpeedTouch™ banner is
displayed, followed by the CLI prompt, as shown in the example below.
Username : Administrator
-----------------------------------------------------------------------
-
*
*
*
*
*
*
*
*
*
*
______ SpeedTouch
___/_____/\
/
/\\ Version 5.4
/ \\
_____/__
_/
//
_______//_______/
/ \
/\_____/___ \ Copyright (c) 1999-2005,
/
\
/\ \
THOMSON
\
/
/ _\/______
/
\
/ /
/ /
/ /
/\
/ _\__
/ / /\
__/
/ /
/
\
\
/
/
\_______\/
* /_/______/___________________/ /________/ /___/
* \ \ ___________ \ \ \ \
/\ \ \ \ \___\/
\ \
\ \________\/
\
/
\
\
*
*
*
*
*
*
*
*
*
\_\
\
/
\
\/
\_____/
/__________/
_____
/\
/
\
\
/
/
\
\
\
/
\
\
/_____\/
/___\/
/
\ /
/____/
\
\
\
\
\
/___\/
\____\/
-----------------------------------------------------------------------
{Administrator}=>
E-DOC-CTC-20051017-0151 v1.0
9
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
1.2.3 Access via FTP
To access the
SpeedTouch™ via the
File Transfer Protocol
(FTP)
You can access the file system of the SpeedTouch™ via the File Transfer Protocol
(FTP), in order to:
ꢀ
ꢀ
Restore or back up configuration files, templates or language packs.
Upgrade your configuration or firmware.
File system
The SpeedTouch™ file system is stored on non-volatile memory and contains the
SpeedTouch™ software, service template files and (optionally) default setting files.
To open an FTP session Proceed as follows:
1
Open a Command Prompt window.
In Microsoft Windows XP for instance:
1
2
On the Windows taskbar, click Start.
Select (All) Programs > Accessories > Command Prompt.
2
3
At the prompt, type ftpfollowed by the IP address of your SpeedTouch™
(192.168.1.254 by default).
Enter your SpeedTouch™ security user name and password.
The default user is ‘Administrator’ and the default password is blank.
The example below shows an FTP session to the SpeedTouch™ file system.
File system structure
The structure of the file system is very simple: it consists of a single root directory
called root and two subdirectories called active and dl (download).
ꢀ
The root directory contains:
ꢀ
ꢀ
all the necessary files for the SpeedTouch™ to start correctly
the active and the dl directories
ꢀ
ꢀ
The active directory contains the active software image.
The dl directory contains the passive software image.
If you made changes to the SpeedTouch™ configuration and saved
them, a user.ini configuration settings file is created in the dl
subdirectory.
E-DOC-CTC-20051017-0151 v1.0
10
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
File system access
rights
In the different directories you have the following rights:
Directory
root
Access rights
NO read/write
read-only
active
dl
read/write
Common FTP
commands
Depending on the access rights you have in a directory, you can use one of the
following commands:
Use the
to ...
command ...
cd
access another directory than the one currently open.
Example: ftp>cd dl.
dir
list the directory files.
Example: ftp>dir.
bin
set the transfer mode to ‘binary’.
turn on the hashing option.
hash
put
upload files.
Example: ftp>put C:/MyBackupFiles/user.ini.
A configuration file must be uploaded to the dl directory.
get
download files.
Example: ftp>get user.ini.
Downloading the configuration file must be done from the dl
directory.
delete
bye
delete files.
quit FTP.
E-DOC-CTC-20051017-0151 v1.0
11
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
FTP file transfer To allow correct file transfers, set the transfer mode to “binary”: at the ftp prompt,
type binand press ENTER.
Turn on the hashing option to see the progression of the file transfer: At the
ftp prompt, type hashand press ENTER.
Example.
/home/doejohn{1}$ftp 192.168.1.254
Connected to 192.168.1.254
220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to change.
Name (192.168.1.254:doejohn):
331 SpeedTouch™ (00-90-D0-01-02-03) User 'doejohn' OK. Password requir
ed.
Password : ######
330 OK
ftp>
ftp>bin
200 TYPE is now 8-bit binary
ftp>
ftp>hash
200Hash mark printing on (8192 bytes/hash mark).
ftp>cd dl
250 Changed to /dl
ftp>put C:\user.ini
200 Connected to 192.168.1.10 port 1271
150 Opening data connection for user.ini
226 File written successfully
ftp: 256 bytes sent in 0,000Seconds 256000,000Kbytes/sec.
ftp>
Quote site command
All the CLI commands can be executed from within an FTP session. Only complete
CLI commands (in other words, the complete command syntax with all the
parameters already specified) can be executed.
Example: To execute the CLI command :ip iplistto list all IP addresses
currently assigned to SpeedTouch™ interfaces, at the FTP prompt, type ‘quote site
ip iplist’ and press ENTER.
ftp> quote site ip iplist
200- Interface
Type
IP-address
10.0.0.138
*192.168.1.254
81.240.198.191
127.0.0.1
Point-to-point/Mask
255.255.255.0
255.255.255.0
81.240.198.1
255.255.255.255
200- 2
200- 2
200- 1
200- 0
200-
LocalNetwork Ethernet
LocalNetwork Ethernet
Internet
loop
Serial
Internal
200 CLI command "ip iplist" executed
ftp>
For more information on CLI commands, see the SpeedTouch™ CLI Reference
Guide.
E-DOC-CTC-20051017-0151 v1.0
12
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
1.2.4 Remote Assistance
To access the
SpeedTouch™ remotely
You can make your SpeedTouch accessible from the Internet with regard to remote
support. In this way, you can allow your help desk to access your SpeedTouch™
remotely.
To enable remote
access
Proceed as follows:
1
2
3
4
In the menu, select Toolbox > Remote Assistance.
Click Enable Remote Assistance.
Provide the following parameters to your help desk:
ꢀ
ꢀ
ꢀ
URL (the HTTPS link)
User name
Password
Your ISP is now able to access your SpeedTouch™ via the HTTPS link in
combination with the provided certificate (a secure authentication
mechanism).
For security reasons, remote assistance will be automatically disabled after
20 minutes of inactivity, or after restarting your SpeedTouch™.
To disable remote Proceed as follows:
access
1
2
3
In the menu, select Toolbox > Remote Assistance.
Click Disable Remote Assistance.
E-DOC-CTC-20051017-0151 v1.0
13
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1
Getting to know your SpeedTouch™
E-DOC-CTC-20051017-0151 v1.0
14
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
2 Local Network Setup
Introduction The SpeedTouch™ offers you the following local networking solutions:
ꢀ
ꢀ
Device settings Once you have connected a device, you can personalise its settings. For more
E-DOC-CTC-20051017-0151 v1.0
15
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
2.1 Wired Ethernet
Local network
The Ethernet ports on the back panel allow you to connect the SpeedTouch™ to an
existing 10 or 100Base-T Ethernet network or one (or more) computer(s) with an
installed Ethernet card.
Using the SpeedTouch™ Ethernet switch, you can create a local Ethernet network of
up to four devices, without needing extra networking devices.
In the SpeedTouch™ package, a yellow full-wired straight-through RJ-45/
RJ-45 Ethernet cable is included.
Standard wiring Use the yellow Ethernet cable provided to wire your computer's Ethernet port to
one of the SpeedTouch™'s Ethernet ports.
procedure
The Ethernet cable can also be used to wire an Ethernet port of your
SpeedTouch™ to any external Ethernet hub or switch.
Please follow the installation instructions supplied with the external hub or
switch for connections and Ethernet cabling.
Ethernet link check
Behaviour” on page 4 for more information.
Device settings Once you have connected a device, you can personalise its settings.
Managed Ethernet Your SpeedTouch™ intelligently switches data between the devices on your LAN,
using priority queuing to ensure that higher priority messages are delivered first
and in real time. This feature maximizes your network performance.
switch
The managed Ethernet switch allows you to configure a Virtual Local Area Network
(VLAN), group ports or isolate a port, configure secure channel connections, define
Quality of Service (QoS), and configure port mirroring, allowing monitoring from
one port to another.
You can configure the managed Ethernet switch manually using CLI (For more
information, see the SpeedTouch™ CLI Reference Guide) or on the expert Web
E-DOC-CTC-20051017-0151 v1.0
16
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
2.2 Wireless Ethernet
Introduction The SpeedTouch™ 608 WL/620Wi-Fi® certified IEEE 802.11g compliant wireless
access point allows multiple computers to connect wirelessly to your local network
over the SpeedTouch™ Wireless LAN environment. The SpeedTouch™ is backward
compatible with IEEE 802.11b, which means 802.11b and 802.11g devices can
coexist in the same wireless network.
The Wireless Distribution System (WDS) on your SpeedTouch™ allows you to
extend the range of your wireless network. To be able to use WDS, you will need to
introduce an additional WDS-enabled access point into your wireless network.
To be able to connect the computers, make sure that a wireless client adapter
(WLAN client) is installed on each computer you want to connect via the WLAN.
Wireless client All wireless client adapters compliant to 802.11g and/or 802.11b can communicate
with the SpeedTouch™ and other members of the SpeedTouch™ (W)LAN
environment. However, be aware that only 802.11g compliant wireless clients are
able to gain full profit of the 54 Mb/s (Max) bandwidth delivered by the
SpeedTouch™.
requirements
It is highly recommended to use only wireless client adapters that are Wi-Fi™
certified to ensure smooth interoperability with the SpeedTouch™’s WLAN.
E-DOC-CTC-20051017-0151 v1.0
17
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
2.2.1 Wireless Basics
802.11b/g
ꢀ
ꢀ
802.11b is an IEEE standard, operating at 2,4 GHz at a speed of up to 11 Mb/s.
802.11g, a newer IEEE standard also operating at 2,4 GHz, gives you up to 54
Mb/s speed, more security and better performance.
Wireless Fidelity The Wi-Fi certification ensures that your SpeedTouch™ will interoperate with any
Wi-Fi certified 802.11g and 802.11b compliant wireless device.
Access Point
The SpeedTouch™ Wireless LAN Access Point (AP) behaves as a networking hub
allowing to wirelessly interconnect several devices to the local (W)LAN and to
provide access to the Internet.
Network Name or SSID The WLAN's 'radio' link is a shared medium. As no physical connection exists
between the SpeedTouch™ and wireless clients, a name must be given to allow
unique identification of your WLAN radio link. This is done by the Service Set ID
(SSID), also referred to as Network Name. Wireless clients must be part of this SSID
environment in order to be able to communicate with other clients on the (W)LAN -
including the SpeedTouch™.
Radio channels The 802.11g standard allows several WLAN networks using different radio channels
to be co-located. The SpeedTouch™ supports multiple radio channels and is able to
select the best radio channel at each startup.
You can choose to set the channels automatically or manually.
The different channels overlap. To avoid interference with another access
point, make sure that the separation (in terms of frequency) is as high as
possible. It is recommended to keep at least 3 channels between 2 different
access points.
The SpeedTouch™ supports all channels allowed for wireless networking. However,
depending on local regulations, the number of channels actually allowed to be used
may be additionally restricted, as shown in the table below.
Regulatory Domain
China
Allowed Radio Channels
1 to 13
1 to 13
5 to 8
Europe
Israel
Japan
1 to 14
10 to 13
1 to 14
1 to 11
Jordan
Thailand
USA / Canada
E-DOC-CTC-20051017-0151 v1.0
18
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
Antennas Direct the external antenna to allow optimization of the wireless link. If for example
the antenna is erect, wireless links in the horizontal plane are favoured. Please note
that the antenna characteristics are influenced by the environment, that is by
reflections of the radio signal against walls or ceilings. It is advisable to use the
received signal strength as indicated by the wireless client manager to optimize the
antenna position for the link to a given client.
Concrete walls weaken the radio signal and thus affect the connection.
E-DOC-CTC-20051017-0151 v1.0
19
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
2.2.2 Connecting Wireless Clients for the First Time
Wireless default
settings
After every Reset-to-Defaults, the SpeedTouch™ wireless access point
configuration is returned to its initial default settings.
These default settings are:
ꢀ
Security level is low (security disabled) for an easy first use, meaning the data
will not be encrypted. Wireless security settings are described in
ꢀ
This default network name (SSID) is printed on the identification label located
on the bottom of your SpeedTouch™ and is unique for each device. It consists
of the concatenation of the word “SpeedTouch” and 6 hexadecimal
characters, without any spaces, for example SpeedTouch123456.
ꢀ
ꢀ
The SpeedTouch™ is broadcasting its network name (SSID).
The radio channel number is set to ‘automatically scan for the best radio
channel’.
ꢀ
Registration is not activated. New stations are allowed automatically. The
Access Control List is open and empty. No wireless client will be denied access
to the SpeedTouch™ based on its physical hardware address.
The default wireless settings may differ from the settings listed above
depending on your Service Provider’s requirements. If this is the case, refer
to the installation/configuration instructions provided by your Service
Provider.
!
To prepare wireless
Make sure that:
clients for the first time
ꢀ
ꢀ
The SpeedTouch™ is turned on and ready for service.
The SpeedTouch™ is in its default configuration.
If necessary, reset the SpeedTouch™ to its default configuration (See
“7.3 Reset to Factory Defaults” on page 194 for more information).
ꢀ
ꢀ
A wireless client adapter is installed on your computer.
The wireless client adapter’s IP configuration is set to dynamically obtain its IP
configuration (DHCP) - this is usually the default. For more information, see
the documentation of your wireless client adapter.
To configure wireless
clients for the first time
The wireless client must be correctly configured for the default network name. As
the SpeedTouch™ broadcasts its network name to the wireless clients, you can
select the SpeedTouch™ wireless network from a list of available networks.
Depending on your wireless client a wireless icon may become green or a message
similar to the following may appear: “Successfully joined Wireless network
SpeedTouch123456”.
Some wireless clients do not automatically join a wireless network. If so,
follow the instructions for the wireless client software to initiate association.
E-DOC-CTC-20051017-0151 v1.0
20
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
First-time association The example below shows how the SpeedTouch™ wireless network is presented
towards a Windows XP Service Pack 2 system.
example
Proceed as follows to associate your wireless client to the SpeedTouch™:
1
Click the network icon in the notification area:
The Wireless Network Connection window appears:
2
In the Choose a wireless network list, select the SpeedTouch™ wireless
network and click Connect.
The following window appears:
3
Click Connect Anyway.
Your computer is now connected to the SpeedTouch™ wireless network.
For other Operating Systems the wireless client will in most cases be
configured via dedicated client managers.
E-DOC-CTC-20051017-0151 v1.0
21
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
2.2.3 Wireless Security
Introduction Since the SpeedTouch™ wireless environment is a radio environment, precautions
must be taken to ensure that your wireless network is safe from malicious intruders.
To secure your wireless network, the following wireless access point settings can be
personalised:
ꢀ
ꢀ
ꢀ
Your Network Name (SSID)
ACL setting
Data encryption
Security settings To personalise the wireless security settings on your SpeedTouch™:
1
2
3
4
5
Go to the SpeedTouch™ Web pages.
In the menu, select Home Network.
Click your WLAN.
In the upper right corner, click Configure.
On the Wireless Access Point page, you can modify the Security settings.
Network Name (SSID) On the Wireless Access Point page, you can give a new name to your Network
Name (SSID).
Under Security, you can clear Broadcast Network Name (SSID), to prohibit the
Network Name from being broadcast.
E-DOC-CTC-20051017-0151 v1.0
22
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
Access Control List The SpeedTouch™ features a managed Access Control List (ACL) and a physical
registration mechanism in the form of the Association / Registration button on
the back panel of your SpeedTouch™.
(ACL)
On the Wireless Access Point page, you have the following options for the ACL:
New stations are
ꢀ
ꢀ
Allowed (automatically): All new stations can access the SpeedTouch™.
Allowed (via registration): Only allowed stations in the ACL have access.You
can add new stations via:
ꢀ
ꢀ
The Association / Registration button.
The Search for wireless devices task.
ꢀ
Not allowed: Only allowed stations in the ACL have access.
You can add new stations to the ACL only via the Search for wireless devices
task. For more information, see “ Registering clients via Web pages” on
Data encryption To set up wireless connectivity, you can choose different levels of security:
ꢀ
Security disabled (default)
No security; the data will not be encrypted, no authentication process will be
used.
ꢀ
WEP (Wired-Equivalent Privacy)
Traffic between the SpeedTouch™ and the clients is encrypted by sharing a
pre-defined 64-bit or a 128-bit Network key for secure communication with
legacy 802.11b clients.
The default 64 bit hexadecimal WEP key is printed on the identification
label located at the bottom of the SpeedTouch™ and is unique for
each device.
ꢀ
WPA-PSK (Wi-Fi Protected Access Pre-Shared Key)
The highest form of security available for home users. Make sure that your
wireless client and client manager are compatible with it.
The default WPA-Personal pass phrase is printed on the identification
label located at the bottom of the SpeedTouch™ and is unique for
each device.
The WPA-Personal pass phrase must consist of 8 to 63 ASCII
characters or 8 to 64 HEX digits.
ꢀ
Wi-Fi Protected Access (WPA Encryption)
WPA is the highest form of security available but make sure that your
wireless client and client manager are compatible with it. If you want to
use this level of encryption you must have a RADIUS (Remote
Authentication Dial-in User Service) server installed on your network.
Wireless access points may already have been configured during the Home
Install Wizard.
If you change wireless settings, wireless clients will be disconnected. In this
case, you need to reconfigure the wireless clients before you can connect to
the Internet again.
If
E-DOC-CTC-20051017-0151 v1.0
23
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
2.2.4 Connecting Additional Wireless Clients
Preconditions Make sure that:
ꢀ
ꢀ
ꢀ
The SpeedTouch™ is turned on and ready for service.
The SpeedTouch™ has been configured as DHCP server (default).
The wireless client adapters have been installed on all the computers you
want to connect to the WLAN.
Security issues
ꢀ
Depending on the personalised wireless settings:
ꢀ
Make sure you use the same encryption or security level on the client as
on your SpeedTouch™. If for instance WPA-PSK is enabled on the
SpeedTouch™, you must also configure the wireless client to use WPA-
PSK and configure the same WPA-PSK pass phrase.
ꢀ
If the Network Name (SSID) is not broadcast, you must configure the
wireless client for the SpeedTouch™ Network Name. Refer to the
documentation of your wireless client for more information.
ꢀ
If the SpeedTouch™ ACL settings are set to:
ꢀ
New stations are allowed (automatically), your device can access the
SpeedTouch™ WLAN without additional configuration.
ꢀ
New stations are allowed (via registration), you have to register your
wireless client(s).For more information, see “ Registering wireless
ꢀ
New stations are not allowed, you have to search for wireless client(s)
Registering wireless
clients
If ‘New stations are allowed (via registration)’, you can add a wireless client to the
ACL via:
ꢀ
ꢀ
Registering clients via Proceed as follows to add a wireless client to the ACL:
Web pages
1
2
3
Go to the SpeedTouch™ Web pages.
In the menu, select Home Network > Devices.
In the Pick a task list, click Search for wireless devices.
The SpeedTouch™ searches for new wireless stations that use the encryption
key of the SpeedTouch™ Access Point.
The SpeedTouch™ takes you to the Home Network. The new station will be
shown next to the name of the SpeedTouch™ WLAN.
4
5
6
Click the name of the new station.
Click Configure.
Select Allowed on WLAN, and then click Apply.
The device is added to the ACL and will always be allowed to connect to the
SpeedTouch™.
E-DOC-CTC-20051017-0151 v1.0
24
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
Registering clients via Proceed as follows to register new wireless network clients via the association
button:
the association button
1 Push the Association button on the SpeedTouch™ back panel for at least two
seconds.
The WLAN LED toggles between green and red.
The ACL will be unlocked for a time frame of one minute. Any new wireless
client successfully attempting to connect to the SpeedTouch™ (having the
correct wireless settings, that is the network name and, if required, the
network key) within the time frame of one minute, will be added to the table.
The SpeedTouch™ automatically saves your current configuration at the end
of the registration phase.
Some WLAN clients do not automatically join a WLAN. If so, follow
the instructions for the WLAN client software to initiate the
association.
2
Successfully registered stations are associated to the SpeedTouch™ WLAN.
Depending on your WLAN client adapter, a wireless icon may become green
or a message similar to the following may appear: “Successfully joined
Wireless network SpeedTouch123456”.
3
4
The wireless clients will be added to the SpeedTouch™ ACL.
After one minute the ACL is locked.
The registration procedure can be repeated as often as needed.
E-DOC-CTC-20051017-0151 v1.0
25
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
2.2.5 Extending the Range of Your Wirelstess
Network
Wireless Distribution The SpeedTouch™ features the Wireless Distribution System (WDS) functionality.
This feature allows you to extend the range of your wireless network by introducing
one or more WDS-enabled devices into your wireless network.
System (WDS)
WDS enables data packets to pass from one wireless access point to another, as if
the access points were ports on a wired Ethernet switch. WDS allows you to extend
the range of your SpeedTouch™ by means of one or more wireless repeaters, like
for instance a SpeedTouch™180. The following illustration depicts two WDS-
enabled devices communicating via WDS.
WDS Link
SpeedTouch™180
SpeedTouch™620
The SpeedTouch™ allows you to add up to four wireless repeaters.
Repeaters extend the coverage area of your wireless LAN. However, bear in
mind that throughput is reduced for wireless clients that are connected
through a repeater.
Preconditions Make sure that:
ꢀ
ꢀ
Your wireless repeater is be WDS enabled.
Both your SpeedTouch™ and your wireless repeater use:
ꢀ
ꢀ
The same WEP key if WEP is enabled.
WPA encryption is not supported when using WDS.
!
The same fixed channel.
The SpeedTouch™ and your wireless repeater do not necessarily need to
use the same SSID. Using different SSIDs allows you to force your wireless
clients to use either the access point of the SpeedTouch™ or the one of your
wireless repeater.
E-DOC-CTC-20051017-0151 v1.0
26
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
To configure WDS Proceed as follows:
1
2
3
4
Go to the SpeedTouch™ Web pages.
In the menu, select Home Network.
Click your WLAN.
In the upper right corner, click Configure.
If not already done, set a fixed channel and check whether the security
settings (WEP encryption or no encryption) on your SpeedTouch™ are
the same as on the repeater.
5
On the Wireless Access Point page, in the Pick a task list, click Configure WDS.
6
7
Select WDS Enabled.
In the Pick a task list, click Scan for wireless access points.
A warning is displayed.
8
9
Click OK.
The SpeedTouch™ scans for access points on the same radio channel.
Select your repeater in the List of Accessible Access Points, and then click
Apply.
E-DOC-CTC-20051017-0151 v1.0
27
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2
Local Network Setup
E-DOC-CTC-20051017-0151 v1.0
28
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3
Internet Connectivity Dial-In Clients
3 Internet Connectivity Dial-In Clients
Introduction If you want to set up initial Internet connectivity using the Home Install Wizard on
the Setup CD or the embedded Easy Setup, refer to the provided Installation and
Setup Guide.
Access methods Depending on the configuration of the SpeedTouch™ you may have:
ꢀ
Direct access:
As soon as the initial configuration is finished, immediate and uninterrupted
WAN access is provided.
If you have direct access, the remote organisation might ask for a user
name and password on an Internet welcome page.
ꢀ
Dial-in access:
Access must be explicitly established, that is by “dialling” into a Broadband
Remote Access Server (BRAS).
Depending on the SpeedTouch™ configuration, dial-in access is provided via
the SpeedTouch™’s Routed PPPoA or Routed PPPoE packet services with
embedded PPP client.
Connection protocols The applied connection protocol model depends on the service profile you selected
to configure the SpeedTouch™ and should correspond with the Service Provider’s
requirements. If, for instance, your ISP provides PPPoE, you should configure
PPPoE.
You can find more information on connection protocols in the Internet Connection
Configuration Guide.
Dial-in clients
There are different ways to dial in, depending on the operating system on your
computer and your preferences.
Dial-in method:
canbeusedonfollowing Formoreinformation,
operating system:
see:
Embedded PPP dial-in client:
1
Dial-in client on
embedded pages
Windows, Mac, unix,
other
2
Windows XP/UPnP
(Internet Gateway
Device)
Windows XP
“3.2 Internet Gateway
E-DOC-CTC-20051017-0151 v1.0
29
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3
Internet Connectivity Dial-In Clients
Embedded PPP dial-in The SpeedTouch™’s embedded PPP dial-in client allows you to establish an Internet
connection for computers residing on your local network, using only one computer
of the network to control the client.
clients
If this computer runs:
ꢀ
Any Operating System
you can always use the SpeedTouch™ Web pages.
ꢀ
Windows XP
you can use the Windows XP Internet Gateway Device Control Client.
Broadband host PPPoE You can also connect to the Internet using a Broadband PPPoE dial-in application.
The PPP over Ethernet connection scenario provides PPP-like dial-in behaviour over
the virtual Ethernet segment.
dial-in clients
To be able to use a broadband dial-in application on your computer for connecting
to the Internet, the SpeedTouch™ needs to be configured for Bridged Ethernet or
Routed PPPoE (with PPPoE relay) via the SpeedTouch™ Home Install Wizard on the
Setup CD or the embedded Easy Setup. .
If your computer runs ...
Windows XP
you can use ...
the Windows XP broadband dial-in client
a Mac OS X broadband dial-in client
Mac OS X
a broadband PPPoE dial-in client provided by
you Service Provider
Upon availability of OS-specific PPPoE dial-in client applications, the latter
method is Operating System independent.
For PPPoE session connectivity from a Mac OS 8.6/9.x, a Windows 95/
98(SE)/ME/2000 or a Linux system, a host PPPoE dial-in application is
mandatory.
E-DOC-CTC-20051017-0151 v1.0
30
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3
Internet Connectivity Dial-In Clients
3.1 SpeedTouch™ Web Pages
Introduction As the SpeedTouch™ Web pages are controllable from any Operating System with
an installed Web browser, the method to establish PPP sessions described later, can
be used on any computer system.
For more information on Internet connection setup, refer to the provided
Installation and Setup Guide.
Starting an Internet Proceed as follows to start an Internet session:
session
1
Open a Web browser on your computer and browse to the SpeedTouch™ Web
information).
The SpeedTouch™ home page appears by default.
2
3
Click Connect at the appropriate broadband connection.
You might be requested to enter your user name and password.
The SpeedTouch™ embedded PPP dial-in client establishes the Internet
connection.
Browse the Web.
Monitoring your
Internet connection
You can view and monitor your connection to the Internet as long as the session is
running via:
ꢀ
ꢀ
E-DOC-CTC-20051017-0151 v1.0
31
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3
Internet Connectivity Dial-In Clients
Terminating an Internet
session
Proceed as follows to close an active PPP connection:
1
2
Go to the SpeedTouch™ Web pages.
Click Disconnect at the appropriate broadband connection.
The SpeedTouch™ embedded PPP dial-in client closes the Internet connection.
The Internet Link status changes to Disconnected and your computer is offline.
E-DOC-CTC-20051017-0151 v1.0
32
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3
Internet Connectivity Dial-In Clients
3.2 Internet Gateway Device Control Agent
Introduction Windows XP users can easily establish PPP sessions, thanks to the Windows XP
Internet Gateway Device (IGD) Discovery and Control Client that allows you to
control the SpeedTouch™ directly from you computer.
The IGD Control Client only allows to connect or disconnect a fully
configured connection.
Preconditions Make sure that:
ꢀ
The following subcomponents of the Windows XP Networking Services are
added to your Windows XP system:
ꢀ
ꢀ
IGD Discovery and Control Client (see “ Adding IGD Discovery and
ꢀ
Starting an Internet Proceed as follows to start an Internet session:
session
1
2
In the Windows taskbar, click Start.
Select (Settings >) Control Panel.
The Control Panel window appears.
3
Go to (Network and Internet Connections >) Network Connections.
The Network Connections window appears.
You will find an Internet Gateway icon, representing the SpeedTouch™ IGD
Internet connection ability.
4
5
Double-click the Internet Connection icon.
The SpeedTouch™ embedded PPP dial-in client establishes the Internet
connection. The Internet Gateway icon displays Connected and your
computer is online.
Open a Web browser and surf the Internet.
E-DOC-CTC-20051017-0151 v1.0
33
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3
Internet Connectivity Dial-In Clients
Internet connection As long as the SpeedTouch™ embedded PPP dial-in client is connected, you can
view the connection status and some counters by double-clicking the Internet
Connection icon in the Network Connections window.
status
Terminating an Internet
session
Proceed as follows to terminate an Internet session:
1
2
In the Windows taskbar, click Start.
Select (Settings >) Control Panel > (Network and Internet Connections >)
Network Connections.
3
4
In the Network Connections window, right-click the Internet Connection icon
and select Disconnect to close the session.
You can also double-click the icon. Then the Internet Connection
Status window will appear on which a Disconnect button is available
to close the session.
The SpeedTouch™ embedded PPP dial-in client will close the Internet
connection. The Internet Gateway icon displays Disconnected and your
computers are offline.
E-DOC-CTC-20051017-0151 v1.0
34
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4 Basic Configuration
Embedded The SpeedTouch™ comes with embedded Web pages, providing an interface to the
software installed on the device. It allows easy setup and management of the
SpeedTouch™ via your Web browser from any PC connected to the SpeedTouch™.
Basic and Expert Mode
The pages are grouped in:
ꢀ
ꢀ
Basic Mode: offering the main configuration tasks
Expert Mode: adding advanced features to the basic mode and presenting the
Command Line Interface (CLI) commands in a graphical user interface.
SpeedTouch™ Consult:
documentation
ꢀ
The SpeedTouch™ Installation and Setup Guide
for more information on setup and installation procedures.
ꢀ
The SpeedTouch™ Application Notes and Configuration guides
for advanced configuration concepts.
E-DOC-CTC-20051017-0151 v1.0
35
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.1.1 Menu
Menu items The menu is located on the left side of the page and consists of the following menu
items:
ꢀ
ꢀ
ꢀ
Provides basic information on the SpeedTouch™.
Allows you to view/configure your broadband connections.
Allows you to assign games or applications to a device and secure your
Internet connection.
ꢀ
ꢀ
Allows you to manage your local network.
Expert Configuration Mode:
and maintenance of your SpeedTouch™ device.
Collapsing and
expanding the menu
You can collapse/expand the menu by clicking the arrow located at the top of the
menu.
E-DOC-CTC-20051017-0151 v1.0
37
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.1.2 Language Bar
Language bar The language bar is located under the SpeedTouch™ logo and allows you to
change the language of the SpeedTouch™ Web interface.
The language bar will only be shown if more than one language is available.
!
E-DOC-CTC-20051017-0151 v1.0
38
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.1.3 Navigation Bar
Navigation bar The navigation bar is located at the top of the page and allows you to:
ꢀ
View the current user name.
Click this name to change your password or switch to another user.
ꢀ
ꢀ
View the current position on the SpeedTouch™ Web interface.
Get context-related Help information.
Display level Depending on the page you are viewing, the following buttons will be available:
ꢀ
ꢀ
Overview to view a summary of the current status or configuration.
Details to view more detailed information on the current status or
configuration.
ꢀ
Configure to change the current settings.
E-DOC-CTC-20051017-0151 v1.0
39
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.1.4 Notification Area
ꢀ
ꢀ
ꢀ
Error messages, indicated by a red traffic light.
Warnings, indicated by an orange traffic light.
Information, indicated by a green traffic light.
If none of these events occur, the notification area will not be shown.
E-DOC-CTC-20051017-0151 v1.0
40
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.1.5 Tasks
Tasks To allow a quick configuration of your SpeedTouch™, some pages may offer you a
number of related tasks in the Pick a task list. These tasks will guide you to the page
where you can perform the selected task.
E-DOC-CTC-20051017-0151 v1.0
41
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.3 SpeedTouch
The SpeedTouch menu
The SpeedTouch menu consists of the following items:
ꢀ
ꢀ
ꢀ
ꢀ
The SpeedTouch page
The SpeedTouch page gives you some basic information on the SpeedTouch™:
ꢀ
ꢀ
Product Information
E-DOC-CTC-20051017-0151 v1.0
43
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.3.2 SpeedTouch™ Easy Setup
Easy Setup Wizard The Easy Setup Wizard helps you to configure your SpeedTouch™ Internet
connection.
Proceed as follows to configure the SpeedTouch™ using the SpeedTouch™ Easy
Setup wizard:
1
2
In the left menu, click SpeedTouch.
In the Pick a task list, click Set up.
The Easy Setup wizard will now guide you through the configuration of your
SpeedTouch™.
E-DOC-CTC-20051017-0151 v1.0
45
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.3.3 Restart
Restarting your
SpeedTouch™
Proceed as follows:
1
2
In the left menu, click SpeedTouch.
In the Pick a task list, click Restart.The following message appears:
3
Click Yes, restart my SpeedTouch.
The SpeedTouch™ restarts.
E-DOC-CTC-20051017-0151 v1.0
46
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.3.4 Configuration
Overview
The Overview page displays the current configuration of your SpeedTouch™.
Details The Details page displays more detailed information on the current configuration of
your SpeedTouch™.
Configure
The Configure page allows you to change the current configuration.
If you want to:
ꢀ
Reconfigure your SpeedTouch™:
Click Configuration Wizard under Service Configuration. For more
ꢀ
Configure the time settings of your SpeedTouch™:
ꢀ
Select Auto-configuration if you want the SpeedTouch™ to use a time
server to synchronise its clock to a dedicated time server.
ꢀ
Clear Auto-configuration to manually configure the SpeedTouch™ time
settings.
ꢀ
Disable/enable Web browsing interception or set it to automatic:
In the Web Browsing Interception list, click the Web browsing interception
setting of your choice.
If you disable Web browsing interception or set it to automatic you
!
Click Apply to apply and save your settings.
E-DOC-CTC-20051017-0151 v1.0
47
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.3.5 Back up & Restore
Introduction The Back up & Restore page allows you to:
ꢀ
ꢀ
Save your current configuration.
Restore a previously saved configuration.
Accessing the Backup Proceed as follows:
& Restore page
1
2
3
In the SpeedTouch menu, click Configuration.
Click Configure.
In the Pick a task list, click Save or Restore Configuration.
Saving your current Proceed as follows:
configuration
1
2
3
Click Back up Configuration Now.
Click Save.
Choose a location to save your backup file and click Save.
Restoring a previously
saved configuration
Proceed as follows:
1
2
3
Click Browse.
Select the configuration file you want to restore and click Open.
Click Restore Configuration Now.
The SpeedTouch™ loads your configuration and restarts.
E-DOC-CTC-20051017-0151 v1.0
48
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.3.6 Reset to Factory Defaults
Introduction The Reset to Factory Defaults page allows you to reset the SpeedTouch™ to return
to the initial configuration of your SpeedTouch™. All your changes will be
deleted.The following message appears:
Resetting the
SpeedTouch™ factory
defaults
Proceed as follows:
1
2
3
In the left menu, click SpeedTouch.
In the Pick a task list, click Return to Factory Default Settings.
Click Yes, reset my SpeedTouch.
If you reset your SpeedTouch™ to factory default settings, all active
connections will be disconnected.
!
E-DOC-CTC-20051017-0151 v1.0
49
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.3.7 Event Logs
Event Logging
The Event Logs page summarizes the last events recorded on your SpeedTouch™.
Recorded Events The Recorded Events table gives you an overview of the last event logs that have
been recorded since the SpeedTouch™ was turned on. The first column of the table
indicates the importance of the event log.
Indicator Description
Informational
Warning
Error
Category The Category list allows you to filter the events shown in the Recorded Events
table. For example, by clicking Security you can view all security related events, for
example generated by the SpeedTouch™ firewall.
E-DOC-CTC-20051017-0151 v1.0
50
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.3.8 Update
Updating the The Update page allows you to:
SpeedTouch™ system
software
ꢀ
ꢀ
ꢀ
View System Information.
View information on the current System Firmware.
Update your SpeedTouch™ from a remote server.
Use this option if you want your SpeedTouch™ to check the internet for new
firmware and update if it found one.
ꢀ
Update from a PC.
Use this option if you want to install an update on your SpeedTouch™ that is
located on the PC.
E-DOC-CTC-20051017-0151 v1.0
51
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.4 Broadband Connection
The Broadband The Broadband Connection menu consists of following menu items:
Connection menu
ꢀ
ꢀ
The Broadband The Broadband Connection page gives you a short status overview of the
connections configured on the SpeedTouch™.
Connection page
Click View more to see more information on the selected broadband connection.
If you configured a dial-up connection, you can establish/terminate the
connection by clicking Connect/Disconnect.
E-DOC-CTC-20051017-0151 v1.0
52
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.4.1 Connectivity Check
Introduction On this page, you can perform a connectivity check on an Internet service of your
SpeedTouch™. The following message appears:
Checking your Internet Proceed as follows:
connectivity
1
2
3
In the left menu, click Broadband Connection.
In the Pick a task list, click Check connectivity to the Internet.
In the Internet Service to Check list, click the Internet service that you want to
check.
4
Click Check Connectivity.
The SpeedTouch™ lists the test results in the Test Results list.
Analysing the test If the test is successful, you will get a list of green check marks. Otherwise a red
cross will indicate which tests have failed.
results
E-DOC-CTC-20051017-0151 v1.0
53
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.4.2 DSL Connection
Overview
Click Overview to view basic information on your DSL connection.
Details Click Details to view more detailed information on your DSL connection.
E-DOC-CTC-20051017-0151 v1.0
54
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.4.3 Internet Services
Internet Services The Internet Services page displays information on your Internet Connection(s).
information
If you configured a dial-up connection you can establish/terminate the
connection by clicking Connect/Disconnect.
To view more detailed information on a specific connection, click the View more link
of the corresponding connection.
E-DOC-CTC-20051017-0151 v1.0
55
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.4.4 Internet Service Settings
Accessing the Internet Proceed as follows:
Service Settings page
1
2
In the Broadband Connection menu, click Internet Services.
Click the View more link of the Internet service you want to view.
Overview
The Overview page gives you basic information on the selected Internet Service.
If you configured a connection you can establish/terminate the connection
by clicking Connect/Disconnect.
Details The Details page gives you more detailed information on the selected Internet
Service.
If you configured a dial-up connection you can establish/terminate the
connection by clicking Connect/Disconnect.
E-DOC-CTC-20051017-0151 v1.0
56
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5 Toolbox
The Toolbox menu The Toolbox menu consists of the following menu items:
ꢀ
Allows you to make your SpeedTouch™ accessible for remote support.
ꢀ
Allows you to share services and games that you run in your private network
towards the Internet.
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
Allows you to block/allow access to specific Web sites.
Allows you to configure the security level of the SpeedTouch™ firewall.
Allows you to view the intrusions you are protected against.
Allows you to assign a DNS host name to your broadband connection(s).
Allows you to manage the users configured on your SpeedTouch™.
The Toolbox page
The Toolbox page gives you an overview of the available services and their current
status. You can click on the names of these services to go to the corresponding Web
page.
E-DOC-CTC-20051017-0151 v1.0
57
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.1 Remote Assistance
Enabling Remote
Assistance
The Remote Assistance page allows you to make your SpeedTouch™ accessible for
remote support.
If you want to enable remote assistance, you must be connected to the
Internet.
!
Proceed as follows to use remote assistance:
1
2
3
If necessary, type a password in the Password box.
Click Enable Remote Assistance.
Pass the information listed under:
ꢀ
ꢀ
ꢀ
URL
Username
Password
to your technical support, in order for them to be able to access your
SpeedTouch™.
Once the technical support is connected, no other connections can be
made.
Terminating remote
assistance
The remote assistance session ends:
ꢀ
ꢀ
ꢀ
if the technical support disables remote assistance.
after 20 minutes of inactivity.
after restarting your SpeedTouch™.
E-DOC-CTC-20051017-0151 v1.0
58
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.2 Game & Application Sharing
Overview
Configure
The Overview page summarizes the applications or games installed on a particular
local host on your network, for which the SpeedTouch™ should accept inbound
initiated connections coming from the Internet.
On the Configure page, you can:
ꢀ
Select Use UPnP to enable UPnP on the SpeedTouch™.
UPnP provides NAT-Traversal: UPnP aware applications on a PC will
automatically create Hyper-NAT entries on the SpeedTouch™ for incoming
traffic on the protocol ports this type of traffic needs. As a consequence these
applications are able to traverse the SpeedTouch™ without the need for extra
and manual configuration.
UPnP is an architecture for transparent peer-to-peer connectivity of
computers, intelligent appliances, and (wireless) devices. It enables
seamless operation of a wide range of games and messaging
applications.
ꢀ
For security reasons you are able to configure the UPnP policy towards
Windows XP and UPnP aware applications and Operating Systems.
In case you select the Use Extended Security check box, only limited UPnP
operation between a host running MS Windows XP and the SpeedTouch™ is
allowed: A local host is:
ꢀ
NOT allowed to connect/disconnect the SpeedTouch™ Internet Gateway
Device (IGD) connection.
ꢀ
Allowed to add/delete Hyper-NAT entries only for its own IP address, not
for other local hosts.
If you clear the Use Extended Security check box, all UPnP- and IGD-based
communication between any local host and the SpeedTouch™ is allowed.
E-DOC-CTC-20051017-0151 v1.0
59
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
ꢀ
Assign a game or application to a specific network device.
E-DOC-CTC-20051017-0151 v1.0
60
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.3 Defined Games & Applications
Accessing the Defined
Proceed as follows to access the Defined Games & Applications page:
Games & Applications
page
1
2
In the Toolbox menu, click Game & Application Sharing.
In the Pick a task list, click Modify a game or application.
The Defined Games & This page gives you an overview of the games and applications defined on your
SpeedTouch™. Each game or application can be assigned to a device on your local
network.
Applications page
If you want to:
ꢀ
ꢀ
View the translation rules of a game or application, click the name of the rule.
Change the translation rules of a game or application, click the Edit link of the
game or application.
ꢀ
Remove a game or application from your SpeedTouch™, click the Delete link
of the game or application.
E-DOC-CTC-20051017-0151 v1.0
61
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.4 Game or Application Definition
Accessing the Game or Proceed as follows to access the Game or Application Definition page:
Application Definition
1
2
3
In the Toolbox menu, click Game & Application Sharing.
In the Pick a task list, click Modify a game or application.
Click the name of the game or application you want to view/change.
page
Overview
This page gives you an overview of the port mappings used to allow this service or
game to be initiated from the Internet.
Consult the user’s guide or support pages of your application to know which
ports are being used by this application.
A service consists of one or more TCP/UDP port ranges. Each incoming port range
can be translated into a different internal (local network) port range. Port ranges can
be statically assigned to devices or dynamically assigned using an outgoing trigger.
Configure
Under:
ꢀ
Game or Application Name you can:
Change the name of the game or application.
ꢀ
Game or Application Definition you can:
Change the TCP/UDP port definition for this game or application.
E-DOC-CTC-20051017-0151 v1.0
62
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
Adding a Port Proceed as follows:
Translation rule
1
2
3
4
Click the Edit link of the TCP/UDP port definition of the game or application.
In the Protocol list, click the protocol the game or application uses.
In the Port Range box, type the port range the game or application uses.
In the Translate To box, type the port range to which the SpeedTouch™ has to
translate the ports specified under Port Range.
5
If you want to make a dynamic translation rule you must specify a trigger
protocol and port.
As soon as the SpeedTouch™ receives outgoing traffic on this trigger
port, it will activate this translation rule.
6
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
63
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.5 New Game or Application
Creating a new game or Proceed as follows:
application
1
2
In the Toolbox menu, click Game & Application Sharing.
In the Pick a task list, click Create a new game or application.The following
window appears:
3
4
Type the name of the game or application in the Name box.
Click:
ꢀ
Clone Existing Game or Application if you want to start from the port
mappings of the selected game or application.
ꢀ
Manual Entry of Port Maps if you want to manually configure the port
mapping for this game or application.
or Application Definition page to configure the port mappings for this game or
application.
5
Enter the necessary port mappings and click Add.
E-DOC-CTC-20051017-0151 v1.0
64
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.6 Web Site Filtering
Web Site Filtering
The SpeedTouch™ allows you to block/allow particular Web sites:
Based on the Web site’s URL.
ꢀ
As within a Web site lots of references can be made to other URLs, it is
recommended to use this feature in combination with content based
filtering.
ꢀ
ꢀ
Based on the Web site’s content.
By redirecting a Web site to another Web site.
If your administrator account is configured as default user, make sure you
configure a password for this account or change the default user. Otherwise
users on your local network can browse to your SpeedTouch™ to disable
your filtering rules.
!
Overview
The Overview page displays:
ꢀ
ꢀ
The current Address Based Filtering rules.
The current Content Based Filtering configuration.
To view which content types are blocked/allowed, click Details. For more
Address based filtering rules have priority over content based filtering
rules.
!
Configure
On the Configure page, you can:
ꢀ
ꢀ
ꢀ
ꢀ
Deny access to a specific web site.
Content levels
The following content levels are available:
ꢀ
ꢀ
ꢀ
All:
Allow all categorized Web sites.
Legal:
Allow all except illegal, extreme, spam and spyware Web sites.
Teenagers:
Block illegal, adult, extreme, online ordering/gambling, spam and spyware
Web sites.
ꢀ
ꢀ
Children:
Only allow children-save Web sites.
BlockAll:
Block all categorized Web sites.
E-DOC-CTC-20051017-0151 v1.0
65
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
Deny access to a Use this feature if:
specific Web site
ꢀ
ꢀ
Allow is selected under Action for Unknown Sites.
Block is selected under Action for Unknown Sites and you want to make an
exception on an allow rule. For example: you are allowing “provider.com” but
you want to deny access to “mail.provider.com”.
ꢀ
A content category/group is allowed by Content Based Filtering and you want
to make an exception. For example: you are allowing Web Mail content but
you want to deny access to “mail.provider.com”.
Proceed as follows:
1
Type the URL of the Web site you want to block (for example
“mail.provider.com”) in the Web Site box.
2
In the Action list, click:
ꢀ
ꢀ
Block if you want to block this Web site.
Redirect if you want to redirect to another page. Type the address of the
redirect page in the Redirect box.
3
Click Add.
Allow access to a Use this feature if:
specific Web site
ꢀ
ꢀ
Block is selected under Action for Unknown Sites
Allow is selected under Action for Unknown Sites and you want to make an
exception on a block/redirect rule. For example: you are blocking “bank.com”
but you want to allow access to “netbanking.bank.com”.
ꢀ
A content category/group is blocked by Content Based Filtering and you want
to make an exception. For example: you are blocking Finance / Investment
content but you want to allow access to “netbanking.bank.com”.
Proceed as follows:
1
Type the URL of the Web site you want to allow (for example
“netbanking.bank.com”) in the Web Site box.
Click Allow in the Action list.
Click Add.
2
3
Redirect a Web site Proceed as follows:
1
Type the URL of the Web site you want to redirect (for example “cracks.am”)
in the Web Site box.
2
3
Click Redirect in the Action list.
Type the URL of the Web site you want to redirect to (for example
“mycompany.com/internetpolicy.htm”) in the Redirect box.
4
Click Add.
E-DOC-CTC-20051017-0151 v1.0
66
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
Redirecting all Web
sites
Proceed as follows:
1
2
3
Type “*” in the Web Site box.
Click Redirect in the Action list.
Type the URL of the Web site you want to redirect to (for example
“mycompany.com/internetpolicy.htm”) in the Redirect box.
4
5
Click Add.
Type the URL of the Web site you want to redirect to (for example
“mycompany.com/internetpolicy.htm”) in the Web Site box.
6
7
Click Allow in the Action list.
Click Add.
Configure content Under Content Based Filtering you can:
based filtering settings
ꢀ
ꢀ
ꢀ
Enable/disable content based filtering.
Allow/block uncategorized Web sites.
Select a content level in the Content Level list.
To change a content level definition, click the Edit link of the content
level you want to change. For more information, see “4.5.8 Content
E-DOC-CTC-20051017-0151 v1.0
67
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.7 Web Filtering Activation
Accessing this page Proceed as follows:
In the Toolbox menu, click Web Site Filtering.
In the Pick a task list, click Activate Web Filtering License.
1
2
Web Filtering Activation
page
This page you can:
ꢀ
ꢀ
Activate a Web Filtering evaluation license.
Activate a free 30-days Web Filtering evaluation license.
Standard license Proceed as follows:
activation
1
2
3
Click Standard.
In the License Key box, type the license key provided by your ISP.
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
68
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.8 Content Level
Accessing the Content Proceed as follows:
Level page
1
2
3
In the Toolbox menu, click Web Site Filtering.
Click Configure.
Click the Edit link of the content level you want to edit.
Overview
The Content Level page gives you an overview of the different categories and their
rules.
The following icons indicate whether the content type is allowed or not.
Icon Description
The category/group is allowed.
The category/group is not allowed.
The group is partly allowed.
Configure
This page allows you to change:
ꢀ
ꢀ
ꢀ
The content level name.
The content level description.
The content level configuration.
E-DOC-CTC-20051017-0151 v1.0
69
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.9 New Content Level
Accessing the New On this page you to create a new content level. Proceed as follows to access this
page:
Content Level page
1
2
3
In the Toolbox menu, click Web Site Filtering.
In the upper right corner, click Configure.
In the Pick a task list, click Create a new content level.
Procedure
To apply a new content level, you must perform the following actions:
1
2
3
4
You can create up to 16 content levels.
!
Content level creation
Proceed as follows:
1
2
In the Name box, type a name for the new content level.
In the Description box, type a short text to describe what this security level will
do.
3
Click Next.
The Configuration section appears.
Content level Proceed as follows:
configuration
1
Click:
ꢀ
Clone Existing Level to start from a previously created content level.
If no levels have been defined before, this option will not be
shown.
ꢀ
ꢀ
Black List to allow all Web sites by default.
White List to block all Web sites by default.
2
Click Next.
The Content level definition section appears.
E-DOC-CTC-20051017-0151 v1.0
70
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
Content level definition Only Web sites that match the selected content level will be allowed. Proceed as
follows:
1 If you want to:
ꢀ
ꢀ
ꢀ
ꢀ
Allow a category:
Select the check box next to the category name.
Allow an entire group:
Select the check box next to the group name.
Block a category:
Clear the check box next to the category name.
Block an entire group:
Clear the check box next to the group name.
2
Click Apply.
Content level activation To activate your new content level:
1
2
3
4
In the Toolbox menu, click Web Site Filtering.
In the upper right corner, click Configure.
In the Content Level list, select your new content level.
Click Apply.
The new content level is now active.
E-DOC-CTC-20051017-0151 v1.0
71
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.10 Firewall
About the firewall The firewall allows you to secure traffic from and to the SpeedTouch™. There are
different security levels, depending on the degree of security you need.
Overview
Configure
The Overview page summarizes the overall security policy configured on your
SpeedTouch™.
On the Configure page you can select the security level of the SpeedTouch™.
Security Levels Select one of following security levels:
ꢀ
High
All outgoing connections are blocked, except for traffic from well-known
protocols such as DNS, HTTP, HTTPS, FTP, TELNET, IMAP and POP. All
incoming connections are blocked.
Game and Application Sharing is not allowed.
ꢀ
ꢀ
Medium:
All outgoing connections are blocked except MS Windows protocols such as
NetBIOS, RPC and SMB. All incoming connections are blocked as well.
However, Game and Application Sharing is allowed.
Standard:
All outgoing connections are allowed. All incoming connections are blocked,
except for inbound connections assigned to a local host via Game and
Application Sharing.
E-DOC-CTC-20051017-0151 v1.0
72
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
ꢀ
ꢀ
ꢀ
Low:
All outgoing connections are allowed. All incoming connections are blocked,
except for ICMP (Internet Control Management Protocol) and inbound
connections assigned to a local host via Game and Application Sharing.
Disabled:
All in- and outgoing traffic is allowed to pass through your SpeedTouch™,
including Game and Application Sharing.
This is the default firewall level.
BlockAll:
All traffic from and to the Internet is blocked. Game and Application Sharing is
not allowed by the firewall.
Although BlockAll should block all connections, some mandatory types
of traffic such as DNS will still be relayed between LAN and WAN via
the SpeedTouch™.
The firewall levels only have impact on the forward hook. This means that
the handling of traffic from and to the Web pages of the SpeedTouch™ is
independent of the selected firewall level.
Protocol checks will be performed on all accepted connections, irrespective
of the chosen level. You can only disable protocol checks via the CLI.
Details of a security
level
To view the details of the currently active security level:
1
2
In the Toolbox menu, click Firewall.
Click the Details link.
Following information is provided per rule that is part of the security level
ꢀ
ꢀ
ꢀ
The name of the rule
The Action that is applied on the traffic when the rule is valid
The Source and Destination interface or IP address (range) to which the rule
applies
ꢀ
ꢀ
The protocol or SpeedTouch™ Service for which the rule applies.
The number of Hits (number of times that the rule was applied to traffic).
Creating a new security Proceed as follows:
level
1
2
3
4
5
6
In the Toolbox menu, click Firewall.
In the upper right corner, click Configure.
In the Pick a task list, click Create a new Security Level.
In the Name box, type a name for the new security level.
Choose an existing security level to clone from.
Click Apply.
Editing a security level Proceed as follows:
1
2
3
In the Toolbox menu, click Firewall.
In the upper right corner, click Configure.
Select a security level, and then click the Edit link.
The firewall settings of the selected security level appear.
You can:
4
E-DOC-CTC-20051017-0151 v1.0
73
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
ꢀ
ꢀ
Select a row using the Edit link to modify the security rule.
Click Add to create a new security rule.
5
Edit or define following parameters of the rule:
ꢀ
ꢀ
The Name of the security rule
The Source Interface and IP Address (range)
Use Any as IP address in case all traffic for the interface should
be parsed.
Or you can type a User-defined IP address (range).
ꢀ
ꢀ
The Destination Interface and IP Address (range)
Use Any as IP address in case all traffic for the interface should
be parsed.
Or you can type a User-defined IP address (range).
The Service type of the traffic; this can be a protocol (dns, smtp, ...) or a
specific SpeedTouch™ system service.
6
7
Select an Action that should be done on traffic for which the security rules
applies:
ꢀ
ꢀ
ꢀ
Accept: to allow the traffic to pass
Deny: to drop the traffic (without notification)
Count: to let the traffic pass, but count it (Hits)
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
74
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.11 Intrusion Detection
Intrusion Detection
Your SpeedTouch™ protects your network against malicious intrusions. The
Intrusion Detection page shows you the intrusions you are protected against.
The Protected Intrusions table shows the number of times the SpeedTouch™
actively protected your network against each intrusion since last statistics reset.
E-DOC-CTC-20051017-0151 v1.0
75
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.12 Dynamic DNS
Dynamic DNS The Dynamic DNS service allows you to assign a dynamic DNS host name (for
example john.dyndns.org) to a broadband connection even if it is using a dynamic
IP address. As soon as the device gets a new IP address, the dynamic DNS server
updates its entry to the new IP address.
Overview
Configure
Click Overview to view the different Dynamic DNS clients with their name, host
names, interface and IP address.
On the Configure page, you can assign a Dynamic DNS host name to a broadband
connection. Proceed as follows:
1
Create an account at the Dynamic DNS service of your choice, for example:
2
3
On the Dynamic DNS page, click Configure.
Select the Enabled check box.
4
5
If necessary, click the broadband connection to which you want to assign the
Dynamic DNS hostname in the Interface list.
Type the user name and password of your Dynamic DNS service account in
the corresponding fields.
6
7
In the Service list, click your Dynamic DNS service.
In the Host box, type the host name you want to assign to this interface (for
example myspeedtouch.dyndns.org).
8
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
76
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.13 User Management
Overview
The Overview page gives you an overview of the currently configured users and
their privileges.
Click the name of a user to edit his user account.
Configure
On the Configure page, you can:
ꢀ
ꢀ
ꢀ
Click Add to create a new user account.
Click Edit to change a user account.
Click Delete to remove a user.
Types of users The table below shows the types of users and their privileges:
User
Privileges
root
This is the root (master) account. This
user has all privileges without any
exceptions or limitations.
SuperUser
This user can perform any service via
any access channel from any access
origin.
TechnicalSupport
Administrator
LAN_Admin
Poweruser
This user can perform any service via
any access channel from WAN origin
only.
This user can perform any service via
any access channel from LAN or Local
origin only.
This user can perform only LAN
related configurations via any access
channel from any origin.
This user has access
to the GUI (Service/overview page) via
HTTP or HTTPS access channel from
LAN origin only.
E-DOC-CTC-20051017-0151 v1.0
77
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
User
Privileges
WAN_Admin
This user can perform only WAN
related configurations via any access
channel from any origin.
User
This user has access to the GUI
(Overview pages, remote assistance)
via HTTP or HTTPS access channel
from LAN origin only.
Guest
This user does not have any privileges.
E-DOC-CTC-20051017-0151 v1.0
78
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.14 Edit User
Editing a user account Proceed as follows:
1
2
In the Toolbox menu, click User Management.
Under Local User Data, click the name of the user you want to edit.
The Edit User page appears. On this page, you can:
ꢀ
Click Reset Password to reset the password of the selected user to the
user name. So, if you reset the password of John his password will be
“John”.
ꢀ
Change the administration rights of the selected user.
You can not change the administration rights of the account you
are logged on with.
!
E-DOC-CTC-20051017-0151 v1.0
79
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.15 Change Default User
The Default User page
On this page you can change the default user. If users browse to the SpeedTouch™
Web pages, they will be automatically logged on with this account.
To allow users to automatically log on under this account, this default user
account must be configured with a blank password.
!
Changing the default Proceed as follows:
user
1
2
3
In the Toolbox menu, click User Management.
In the Pick a task list, click Set the default user.
The Change Default User page appears.
4
5
In the User Name list, click the name of the new default user.
Click Change Default User to confirm your choice.
E-DOC-CTC-20051017-0151 v1.0
80
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.5.16 Add User
Adding users Proceed as follows:
1
2
3
In the Toolbox menu, click User Management.
In the Pick a task list, click Add new user.
The Add User page appears.
4
Under User definition you can configure:
ꢀ
The name of the new user.
The password of the new user will be equal to the user name; for
example if the user name is John Doe, the password will be
!
John Doe. Also when resetting a user, the password will be
changed into the user name.
ꢀ
The administration rights of the new user.
You can only add users with less than or equal administration
rights as yourself.
!
E-DOC-CTC-20051017-0151 v1.0
81
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.6 Office Network
Office Network Menu The Office Network menu consists of the following items:
ꢀ
Allows you the view/configure the devices detected on your local network.
ꢀ
Allows you to view/configure the interfaces that are available on the
SpeedTouch™.
The Office Network
page
The Office Network page gives you an overview of your SpeedTouch™ network.
Viewing (wireless) client If you click on a (wireless) client you can:
information
ꢀ
ꢀ
View the (wireless) client’s network settings.
Configure the (wireless) client’s network settings by clicking Configure.
E-DOC-CTC-20051017-0151 v1.0
82
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.6.1 Devices
Overview
The Overview page gives you an overview of the devices that are currently
connected to the SpeedTouch™ network. Click on a device name to get more
information on a specific device.
The detected device ‘dsldevice’ is the SpeedTouch™ itself.
Configure
The Configure page gives you an overview of the devices that are currently
connected to the SpeedTouch™ network.
If you want to:
ꢀ
Get more information on a specific device, click on the name of the device.
ꢀ
ꢀ
Edit a device from the Detected Device(s) list, click Edit.
Delete a device from the Detected Device(s) list, click Delete.
Once a device connects to the SpeedTouch™ network, it will remain
listed in the Detected Device(s) list until you delete it.
E-DOC-CTC-20051017-0151 v1.0
83
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.6.2 Device Settings
Accessing the device Proceed as follows:
settings page
1
2
In the Office Network menu, click Devices.
In the Detected Device(s) list, click the name of the device you want to view.
Overview
The Overview page displays the following items:
ꢀ
Information allows you to view:
ꢀ
Status shows whether the device is currently connected to the
SpeedTouch™ network.
ꢀ
ꢀ
Type shows the device type.
Connected To shows the interface to which the device is currently
connected.
ꢀ
Addressing allows you to view:
ꢀ
ꢀ
Physical Address shows the MAC address of the device.
IP Address Assignment shows whether the device is using a static or
dynamic IP address.
ꢀ
ꢀ
IP Address shows the current IP address of the device.
Always use the same address indicates whether the wireless client has a
static DHCP lease or not.
ꢀ
DHCP Lease Time displays the time for which the wireless client can use
this IP address.
ꢀ
Connection Sharing:
Gives you an overview of the games or services that are currently assigned to
this device. Click the name of the game or service to view the used port
mappings.
E-DOC-CTC-20051017-0151 v1.0
84
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.6.3 Assign Public IP
Introduction On this page you can assign the public IP address of your Internet Connection(s) to
a specific device on your local network. You might want to do this if:
ꢀ
ꢀ
You do not want to use the Network Address Translation engine of your
SpeedTouch™.
This device is running server applications (Web server,...) and you want it to be
accessible from the Internet.
You can also achieve this by creating a port mapping for the specified
server, as described in “4.5.2 Game & Application Sharing” on
ꢀ
This device has to be considered as the unique access point to your local
network (DMZ).
Be aware that the device to which you assign the public IP address will lose
all security offered by the SpeedTouch™.
!
Assigning the public IP
address to a device
Proceed as follows:
1
2
In the Office Network menu, click Devices.
In the Pick a task list, click Assign the public IP address of a connection to a
device.
3
4
Click the Edit link of your Internet connection.
In the Device list, select the device you want to assign the public address to.
5
Click Apply.
The SpeedTouch™ prompts you to make some adjustments as a result of the
new configuration.
6
7
Click OK.
Release and renew the IP address of the device.
For more information, see your operating system’s user guide or help.
If necessary, reassign server applications to this device.
8
E-DOC-CTC-20051017-0151 v1.0
86
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.6.4 Wireless Device Settings
Availability This page is only available on SpeedTouch™ devices equipped with a wireless
access point.
Accessing the wireless
Proceed as follows:
device settings page
1
2
In the Office Network menu, click Devices.
In the Detected Device(s) list, click the name of the wireless device you want to
view.
Overview
The Overview page displays the following items:
ꢀ Information allows you to view:
ꢀ
Status displays whether the device is currently connected to the
SpeedTouch™ network.
ꢀ
ꢀ
Type displays the device type.
Connected To displays the interface to which the device is currently
connected.
ꢀ
Allowed on LAN indicates whether the wireless client is allowed to
connect to the SpeedTouch™ WLAN.
ꢀ
Addressing allows you to view:
ꢀ
ꢀ
Physical Address displays the MAC address of the device.
IP Address Assignment displays whether the device is using a static or
dynamic IP address.
ꢀ
ꢀ
IP Address displays the current IP address of the device.
Always use the same address indicates whether the wireless client has a
static DHCP lease or not.
ꢀ
DHCP Lease Time displays the time for which the wireless client can use
this IP address.
ꢀ
Connection Sharing:
Gives you an overview of the games or services that are currently assigned to
this device. Click the name of the game or service to view the used port
mappings.
Configure
On the Configure page you can:
ꢀ
ꢀ
Change the device information.
Assign a static DHCP server lease to this device by selecting the Always use
the same address check box.
ꢀ
Allow a game or service running on this device to be initiated from the
Internet.
E-DOC-CTC-20051017-0151 v1.0
87
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.6.5 Access Point Settings
Availability This page is only available on SpeedTouch™ devices equipped with a wireless
access point.
Accessing the Access
Point settings
Proceed as follows:
1
2
In the left menu, click Office Network.
Under Wireless, click the name of the Access Point you want to view or
configure.
The Access Point names have the following format: “WLAN: “ +
Network Name, for example “WLAN: SpeedTouch123456”.
Overview
The Overview page displays a brief overview of the current configuration.
Details The Details page displays a more detailed overview of the current configuration.
Under Configuration, the following fields are available:
ꢀ
ꢀ
ꢀ
ꢀ
Interface Enabled:
Indicates whether the wireless interface is enabled or disabled.
Physical Address:
Displays the Base Service Set Identifier (BSSID) of the selected Access Point.
Network Name (SSID):
Displays the network name of your WLAN.
Interface Type:
Displays one of the following interface types:
ꢀ
802.11b
Only stations that are configured in 802.11b mode can associate.
ꢀ
802.11b(legacy)/g
This is a special compatibility mode for 802.11b/g and is in fact designed
for older types of b-clients. Use this mode if you are experiencing
problems with wireless clients that connect to the SpeedTouch™ Access
Point.
ꢀ
ꢀ
802.11b/g
Only stations that are configured in 802.11b/g mode can associate.
802.11g
Only stations that are configured in 802.11g mode can associate.
ꢀ
ꢀ
Actual Speed:
Displays the current transmission speed.
Channel Selection:
Displays whether you select a fixed channel yourself or the SpeedTouch™
selects a channel for you.
ꢀ
ꢀ
Region:
Displays your region.
Channel:
Displays the channel that is currently used by the Access Point.
E-DOC-CTC-20051017-0151 v1.0
88
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
ꢀ
ꢀ
Allow multicast from Broadband Network:
Displays whether you to allow/deny multicast messages from the Internet.
Large bandwidth streams, like video streams, have a large impact on
your wireless performance.
WMM:
Displays whether WMM is enabled or disabled.For more information about
WMM or Wi-Fi MultiMedia enhances QoS at wireless driver level. It
provides a mechanism to prioritise wireless data traffic to and from
the associated (WMM capable) stations.
Under Security the following fields are available:
ꢀ
Broadcast Network Name:
By default the SpeedTouch™ broadcasts its network name, allowing you to
easily recognise your wireless network in the list of available networks. Once
you have configured your wireless clients, it is recommended to disable this
feature by clearing this check box.
ꢀ
ꢀ
Allow New Devices:
Allows you to change the access control used by the SpeedTouch™.
Encryption:
Allows you to select an encryption level for your wireless network. The
following encryption methods are supported by the SpeedTouch™:
ꢀ
ꢀ
The default WEP key and the default WPA key are printed on the
SpeedTouch™ bottom label.
Before configuring the SpeedTouch™ encryption, make sure you
know which encryption methods are supported by your wireless
client.
!
ꢀ
Configure
WEP
On the Configure page, you can change the configuration details displayed on the
Details page.
The Wired Equivalent Privacy (WEP) algorithm protects wireless communication
from eavesdropping.
WEP relies on a secret key that is shared between the wireless client (for example a
laptop with a wireless Ethernet card and the SpeedTouch™. The fixed secret key is
used to encrypt packets before they are transmitted. Meaning during transmission
between client and AP ("in the air") the information in the packets is encrypted.
If your wireless client(s) support(s) WPA-PSK we recommend you to use
WPA-PSK, because WEP encryption has been proven to have some security
issues.
To enable WEP:
1
2
Select Use WEP Encryption
In the WEP Key Length list, click the desired Data Security level (either 64-bit
or 128-bit and Alphanumeric or Hexadecimal).
3
In the Encryption key box, type a Network key of your choice. In case of:
ꢀ
64 bit, Alphanumeric:
The 40-bit Network key must consist of 5 alphanumeric characters.
E-DOC-CTC-20051017-0151 v1.0
89
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
ꢀ
ꢀ
ꢀ
64 bit, Hexadecimal:
The 40-bit Network key must consist of 10 hexadecimal digits.
128 bit, Alphanumeric:
The 104-bit Network key consists of 13 alphanumeric characters.
128 bit, Hexadecimal:
The 104-bit Network key consists of 26 hexadecimal digits.
4
5
Click Apply to immediately apply your changes.
Configure your wireless client(s) with the same settings.
WPA-PSK The SpeedTouch™ supports WPA-PSK, which offers three advantages over WEP:
ꢀ
Authentication via a 4-way handshake to check whether the Pre-Shared Keys
(PSKs) are identical.
ꢀ
Stronger encryption types:
ꢀ
Temporal Key Integrity Protocol (TKIP) (default): Instead of using a
fixed WEP key, TKIP uses in pairs temporary session keys which are
derived from the PSK during the 4-way handshake. For each packet
it uses a different key. TKIP also provides a message integrity check
(MIC) and a rekeying mechanism (in seconds).
ꢀ
Advanced Encryption Standard (AES): State-of-the-art encryption;
can only be used if all wireless devices in your WLAN support AES.
ꢀ
Message Integrity Check (MIC). Which is a strong mathematical function in
which the recipient and transmitter each compute and compare the MIC. If
they don't match it is assumed that a third person has been trying to read the
data.
Proceed as follows to enable WPA-PSK:
1
2
Select Use WPA-PSK Encryption.
In the WPA-PSK Encryption Key box, type a pass phrase (also known as Pre-
shared key) of your choice. The pass phrase must consist of 8 to 63 ASCII
characters or 64 HEX digits.
3
In the WPA-PSK Version list, click the desired WPA-PSK version.
Depending on the WPA-PSK version you choose, one of the following
WPA-PSK encryption will be set automatically:
ꢀ
ꢀ
ꢀ
WPA: TKIP
WPA2: AES
WPA+WPA2: TKIP+AES
AES is not yet implemented in most clients but it is in the
SpeedTouch™ because it will be the future security standard.
4
5
Click Apply to immediately apply your changes.
Configure your wireless client(s) with the same settings.
WPA Encryption Proceed as follows to enable WPA Encryption:
1
2
3
4
Select Use WPA Encryption.
In the WPA Radius IP box, type the WPA Radius IP.
In the WPA Radius Port box, type the WPA Radius Port.
In the WPA Radius Key box, type the WPA Radius Key.
E-DOC-CTC-20051017-0151 v1.0
90
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
5
In the WPA Version list, click the desired WPA version.
Depending on the WPA version you choose, one of the following WPA
encryption will be set automatically:
ꢀ
ꢀ
ꢀ
WPA: TKIP
WPA2: AES
WPA+WPA2: TKIP+AES
6
7
Click Apply to immediately apply your changes.
Configure your wireless client(s) with the same settings.
Access control on the The following modes are available:
SpeedTouch™
ꢀ
New stations are allowed (automatically):
All New stations can access the SpeedTouch™ WLAN.
ꢀ
New stations are allowed (via registration):
Only allowed stations in the Access Control List (ACL) have access. You can
add new stations via registration.
For more information, see “ Allowing new wireless” on page 92
ꢀ
New stations are not allowed:
Only allowed stations in the Access Control List (ACL) have access.
E-DOC-CTC-20051017-0151 v1.0
91
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
Allowing new wireless
If you selected New stations are allowed (via registration) or in the New stations
are not allowed list, wireless clients have to be added manually.
Proceed as follows:
1
2
In the Office Network menu, click Devices.
In the Pick a task list, click Search for wireless devices.
The SpeedTouch™ searches for new wireless stations that use the encryption
key of the SpeedTouch™ Access Point.
The SpeedTouch™ takes you to the Office Network. The new station will be
shown next to the name of the SpeedTouch™ WLAN.
To view the device settings, click the name of the new station. For more
E-DOC-CTC-20051017-0151 v1.0
92
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.6.6 Configuring WDS
Availability This page is only available on SpeedTouch™ devices equipped with a wireless
access point.
What is WDS
The Wireless Distribution System (WDS) allows you to extend the range of your
wireless network by introducing one or more WDS-enabled devices into your
wireless network.
You can only establish WDS links with WDS-enabled devices.
!
Configuring WDS Proceed as follows to access the WDS pages on the SpeedTouch™:
1
2
In the left menu, click Office Network.
Under Wireless, click the Access Point you want to configure for WDS.
The Access Point names have the following format: “WLAN: “ +
Network Name, for example “WLAN: SpeedTouch123456.
3
4
Click Configure.
In the Pick a task list, click Configure WDS.
Establishing a WDS Proceed as follows:
connection
1
In the Pick a task list, click Scan for wireless Access Points.
The SpeedTouch™ warns you that all associated stations will lose connectivity
for a few seconds.
2
Click OK.
The SpeedTouch™ lists the results in the Accessible Access Points table.
Select the Access Point to which you want to establish a WDS connection.
Click Apply.
3
4
5
Configure this Access Point with:
ꢀ
ꢀ
The same WEP key if WEP is enabled.
The same fixed channel.
E-DOC-CTC-20051017-0151 v1.0
93
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.6.7 Interfaces
Interfaces overview
The Interfaces page gives you an overview of the interfaces used on your
SpeedTouch™. If you want to know more about the network settings of a specific
interface, click the name of the interface you want to view.
E-DOC-CTC-20051017-0151 v1.0
94
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.6.8 Interface Settings
Overview
The Overview page gives you an overview of the current interface settings.
Configure
The Configure page allows you to:
ꢀ
ꢀ
Change the IP address settings of the SpeedTouch™.
Change the DHCP IP address pool settings.
Before changing the DHCP pools, make sure that at least one IP
address of the SpeedTouch™ uses the same subnet as the IP
addresses in the DHCP pools.
!
Assigning a new IP Under IP Addresses, proceed as follows:
address to the
SpeedTouch™
1
Type the IP address of your choice (for example 192.168.1.1) in the left text
box.
2
3
Type subnet mask (for example 255.255.255.0) in the right text box.
Click Add.
Network devices using the same subnet mask can now access the
SpeedTouch™ using this IP address.
E-DOC-CTC-20051017-0151 v1.0
95
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
4.6.9 DHCP Pool
DHCP Pool page
On the DHCP Pool page, you can create/change a DHCP pool.
Accessing the DHCP
Pool page
Proceed as follows:
1
2
3
4
In the Office Network menu, click Interfaces.
Click the name of the interface which DHCP pool settings you want to change.
Click Configure.
Under DHCP Pools, click:
ꢀ
ꢀ
ꢀ
Add to add a new DCHP pool.
Edit to edit an existing DHCP pool.
Delete to delete an existing DHCP pool.
This link will only be shown if there are more than one DHCP
pools.
The DHCP Pool page appears.
E-DOC-CTC-20051017-0151 v1.0
96
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
Components of the
DHCP Pool page
The following settings are available for configuration:
ꢀ
ꢀ
ꢀ
Interface:
The SpeedTouch™ interface to which the DHCP pool applies.
Start Address:
The start IP address of the DHCP server’s address pool.
End Address:
The end IP address of the DHCP server’s address pool.
Both the start and end IP address define the IP address range used by
the DHCP server to assign leases.
ꢀ
ꢀ
ꢀ
Subnet Mask:
The subnet mask of the DHCP server’s address pool.
Server:
The SpeedTouch™ IP address used as DHCP server address.
Gateway:
The IP address that will be assigned to the DHCP clients as their default
gateway.
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
Primary DNS:
The IP address of the primary DNS server.
Secondary DNS:
The IP address of the secondary DNS server.
Primary WINS:
The IP address of the primary WINS server.
Secondary WINS:
The IP address of the secondary WINS server.
Lease Time:
The time for which the DHCP client is allowed to use the assigned IP address:
If you select Always give same address to DHCP clients, the lease time
will be automatically set to Infinite.
ꢀ
Always give same address to DHCP clients:
Select this check box if you always want to use the same IP address for the
DHCP clients.
E-DOC-CTC-20051017-0151 v1.0
97
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4
Basic Configuration
E-DOC-CTC-20051017-0151 v1.0
98
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5 Expert Configuration
Introduction The SpeedTouch™ Expert Mode pages allows for advanced configuration and
maintenance of your SpeedTouch™ device.
While the Basic pages are mainly constructed to allow you to overview and
diagnose the running product and its configuration, the Expert Mode pages have
been designed to allow in-depth configuration of every aspect of your
SpeedTouch™.
Web GUI overview The following Site Map gives you an overview of all available menus in Expert
Mode:
Click ...
To ...
view information on your SpeedTouch™, configure
or upgrade it.
view/configure the SpeedTouch™ IP interfaces, IP
routing table and NAT entries.
view/configure a broadband connection.
view/configure the SpeedTouch™ DHCP server/
client, the DNS configuration, the managed
Ethernet switch .
view/configure the SpeedTouch™ Firewall.
configure the SpeedTouch™ for VPN.
configure the SpeedTouch™ SIP PBX.
Back to Basic
E-DOC-CTC-20051017-0151 v1.0
99
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Expert Mode navigation The Navigation and notification area displays the current user and the site
navigator, as well as notification messages, if applicable.
In addition, following action buttons are always available on every page:
Click ...
To ...
Save All
force a save of the current configuration of your
SpeedTouch™.
CLI
access the complete SpeedTouch™ Command
Line Interface in a graphical way.
Help
open the SpeedTouch™ help pages.
If available on your SpeedTouch™, you are able to change the language of
your SpeedTouch™ web pages via the language action buttons in the top
right corner on each of the SpeedTouch™ pages.
E-DOC-CTC-20051017-0151 v1.0
100
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.1 Home
Overview
The Expert Mode home page is in fact the same as the SpeedTouch™ home page in
Basic Mode; it provides an instant overview of all aspects of your SpeedTouch™
configuration and operational status.
E-DOC-CTC-20051017-0151 v1.0
101
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.2 SpeedTouch™
Overview
The SpeedTouch™ menu consists of the following topics:
Click ...
To ...
start the embedded Easy Setup wizard.
view important SpeedTouch™ information.
start/stop PPP connection sessions.
view detailed system and configuration
information of the SpeedTouch™ and perform IP
connectivity checks on WAN connections.
view/configure the SpeedTouch™ system logging
engine.
manage various kinds of system configuration
files and to perform a system upgrade.
view/configure existing SpeedTouch™ services or
to add new ones.
view/configure SpeedTouch™’s real-time clock
engine.
access the SpeedTouch™ Service Level
Agreement (SLA) facilities.
add new or extend existing functionality of your
SpeedTouch™ via software key activation.
E-DOC-CTC-20051017-0151 v1.0
102
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.2.1 Easy Setup
Introduction Click Easy Setup to start the SpeedTouch™ Easy Setup wizard.
The Easy Setup wizard provides an easy way to prepare the SpeedTouch™ for
Internet connectivity. Depending on the installed wizard templates (see “ Manage
configuration files” on page 111 for more information) you can select from one or
more semi-automatic scripts helping you to fully configure most aspects of the
SpeedTouch™ with a minimum of effort and risk of wrong or insufficient
configurations.
E-DOC-CTC-20051017-0151 v1.0
103
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.2.2 System Information
Overview
The System Information page is the SpeedTouch™ expert start page. It consists of
four sections:
ꢀ
ꢀ
ꢀ
ꢀ
Diagnostics Select Diagnostics to view the results of the System Self Test, LAN connectivity and
DSL synchronisation test:
If result is ...
Then ...
the overall status of the particular item is healthy.
an error situation has been detected for that item.
DSL Line Info Select DSL Line Info to view the current physical status of the ADSL line.
The DSL Statistics allow you to view:
ꢀ
Line Status: this shows whether the DSL link is synchronised (Enabled) or not
(Initialising).
ꢀ
Bandwidth Up/Down: the maximum available bandwidth of the DSL link in
both up- and downstream direction.
ꢀ
ꢀ
Uptime: The duration of the current Enabled Line Status.
kBytes Tx/Rx: the amount of kilobytes (kBytes) sent (Tx) and received (Rx)
since the establishment of the DSL link.
In addition, per configured Internet Service interface you van view:
ꢀ
ꢀ
The interface’s currently assigned or configured local WAN IP address
The interface’s currently assigned or configured primary (and secondary) DNS
server IP address(es)
In case the negotiation of IP addresses failed, Unassigned or - is displayed
for the applicable interface.
Configuration Select Configuration to view the configuration currently active on the
SpeedTouch™.
E-DOC-CTC-20051017-0151 v1.0
104
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
System
Select System to view some important system information of the SpeedTouch™.
The System table lists the SpeedTouch™’s:
ꢀ
ꢀ
Product Name
Physical Address. This worldwide unique hardware address is also called
Medium Access Control (MAC) address.
ꢀ
ꢀ
ꢀ
ꢀ
Software Release
Board Name
Serial Number
Product Code
Most of the information is also listed on the identification label on the
bottom of the SpeedTouch™.
E-DOC-CTC-20051017-0151 v1.0
105
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.2.3 Connections
Overview
The Connections page allows you to start and stop PPP connection sessions. All
If no PPP connections have been defined, this table is empty.
Connections In the Connections table, per interface, following information is provided:
ꢀ
ꢀ
ꢀ
Interface: the name of the PPP connection interface
Destination: the name of the ATM interface of the PPP connection
Mode: the PPP connection mode, being either:
ꢀ
ꢀ
ꢀ
always-on: by default the session will always be active
dial-in: the session is only activated if you explicitly Dial-in
dial-on-demand: the session is automatically started as soon as outgoing
traffic has been generated
ꢀ
ꢀ
Link: the actual PPP link status, being either:
ꢀ
ꢀ
ꢀ
ꢀ
idle: no PPP link set-up
connecting: PPP link set-up pending
connected: PPP link set up
empty, in case of an idle, listening PPP connection
State: the PPP connection interface state, being either:
ꢀ
ꢀ
up: WAN connectivity on this interface achieved
down: no WAN connectivity achieved (yet)
Start/stopPPPsessions To start an idle PPP session:
1
2
3
4
Select the applicable PPP connection (with Link idle).
Type/edit the Password for the user name.
Select whether the password should be saved or not.
Click Dial-in to apply your changes and start the PPP connection session.
To stop an active PPP connection session (with Link connecting or connected):
1
2
Select the applicable PPP connection.
Click Hang-up to stop the PPP connection session.
E-DOC-CTC-20051017-0151 v1.0
106
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.2.4 Diagnostics
Overview
The Diagnostics page provides in-depth information, counters and statistical data
on the SpeedTouch™ system settings, and its LAN and WAN connections.
The diagnostics are broken down into three expandible categories:
ꢀ
ꢀ
ꢀ
System
LAN
WAN
Per category an overall status is displayed:
If the status is ...
Then ...
the overall status of the particular category is
healthy.
an error situation has been detected for that
category.
the overall status of the category could not be
determined.
Following action buttons are provided:
Click ...
Expand All
To ...
expand all collapsed categories.
collapse all expanded categories.
check all connections on IP connectivity.
refresh all counters and values.
expand the applicable category.
collapse the applicable category.
Collapse All
IP Connectivity
Refresh
next to a category
next to a category
E-DOC-CTC-20051017-0151 v1.0
107
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.2.5 Syslog
Overview
The Syslog page consists of two sections:
ꢀ
ꢀ
Messages
This section allows to overview system log and alert messages your SpeedTouch™
generated during operation. System log messages are used to provide a historical
overview of events, errors, and messages generated during SpeedTouch™
operation.
Per message following information is shown:
ꢀ
ꢀ
ꢀ
The system message content (and time of generation)
By default the table is automatically refreshed every 30 seconds and shows all
system log messages.
ꢀ
Click Stop AutoRefresh to stop the automatic refreshing of the table.
The Message buffer view options menu becomes accessible to:
ꢀ
ꢀ
ꢀ
Change the Refresh rate of the table.
As long as AutoRefresh is disabled you can manually refresh the table by
clicking Refresh.
ꢀ
Click AutoRefresh to apply your changes and to start automatic update of the
table (using the new refresh rate).
Configuration This section allows you to view/configure remote destinations (syslog servers) to
send (a subset of) the SpeedTouch™ syslog messages for remote monitoring
purposes.
To add a destination:
1
2
3
In the Destination box, type a destination (IP address or host name) to send
the messages to.
4
Click Add.
E-DOC-CTC-20051017-0151 v1.0
108
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
To change or delete a destination:
1
2
Select the applicable interface
If needed, make your changes and click:
ꢀ
New to add a new destination with the new settings next to the existing
one.
ꢀ
ꢀ
Apply to apply the changes to the existing destination.
Delete to remove the destination from the list of destinations.
Click Deactivate to withdraw all forwarding of syslog messages for all
destinations; to re-enable forwarding of syslog messages, click Activate.
Facility Following priority facilities are possible for a syslog message generated by the
SpeedTouch™. The facilities are listed by descending priority, each followed by
(notation, priority value):
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
Kernel messages (kern, 0)
User-level messages (user, 8)
Mail system (mail, 16)
System daemons (daemon, 24)
Authorization messages (auth, 32)
Syslog daemon messages (syslog, 40)
Line printer subsystem (lpr, 48)
Network news subsystem (news, 56)
UUCP subsystem (uucp, 64)
Clock daemon (cron, 72)
Security messages (security, 80)
FTP daemon (ftp, 88)
NTP subsystem (ntp, 96)
Log audit (audit, 104)
Log alert (alert, 112)
Clock daemon (clock, 120)
Local use messages (local0 ... local7, 128 ... 184)
Severity Following priority severities are possible for a syslog message generated by the
SpeedTouch™ SpeedTouch™. The severities are listed by descending priority, each
followed by (notation, priority value):
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
Emergency conditions, system unusable (emerg, 0)
Alert conditions, immediate action is needed (alert, 1)
Critical conditions (crit, 2)
Error conditions (err, 3)
Warning conditions (warning, 4)
Normal but significant conditions (notice, 5)
Informational messages (info, 6)
Debug-level messages (debug, 7)
E-DOC-CTC-20051017-0151 v1.0
109
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.2.6 System Update
Overview
The System Update page features all means for management and maintenance of
your SpeedTouch™. It consists of two sections:
ꢀ
ꢀ
System configuration The System Configuration section allows you to manage locally stored system files.
Select:
ꢀ
ꢀ
ꢀ
Upload File to upload a system file to the SpeedTouch™.
Configuration Files to manage stored configuration files.
Language Packs to manage stored SpeedTouch™ web interface language
Upload system files Following file types are allowed:
ꢀ
ꢀ
ꢀ
.ini
Files with extension ini are SpeedTouch™ configuration files. These files are
intended for backing up configurations (to back up your current configuration,
.tpl
Files with extension tpl are configuration templates, used by the
SpeedTouch™ Home Install Wizard, available on the SpeedTouch™ Setup CD,
.lng
Files with extension lng are language packs for your SpeedTouch™. These
files allow you to select the language in which the SpeedTouch™ web
interface is presented.
You can only upload files with known extensions; however this does not
guarantee the validity of a system file. Only upload files if these are:
!
ꢀ
configuration files (.ini) you backed up yourself from this
SpeedTouch™.
ꢀ
template files (.tpl) that are known to be valid for your SpeedTouch™
(e.g. stemming from the SpeedTouch™ Setup CD delivered with your
SpeedTouch™).
ꢀ
language packs (.lng) that match your SpeedTouch™’s Board name
and Software release.
E-DOC-CTC-20051017-0151 v1.0
110
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
To upload system files:
1
2
Click Browse to specify the file on your local drive you wish to upload.
Click Upload to upload the system file to your SpeedTouch™.
Each file requires an amount of memory. Make sure to limit the number of
files to the minimum.
!
Manage configuration This table allows you to view configuration files that are currently stored on your
SpeedTouch™.
files
Following configuration files are listed:
ꢀ
ꢀ
ꢀ
Active Configuration; showing details on the configuration that is currently
running on your SpeedTouch™.
Backup Configuration; listing configuration backups stored on your
SpeedTouch™.
Wizard template, listing configuration wizard templates that are currently
To view the configuration of, backup, or delete a configuration file:
1
Select the configuration file. A Details pane shows some extra information on
the selected configuration file.
2
Click:
ꢀ
ꢀ
Backup to store the file on a location on your local disk.
Delete to remove the file from your SpeedTouch™.
Some configuration files may be required for the
SpeedTouch™’s system integrity. These files are protected and
cannot be deleted from your SpeedTouch™.
!
ꢀ
Cancel to return to the configuration file overview.
Manage language packs
this Help in various languages.
Use the Language bar to change the language in which the SpeedTouch™
web interface, Easy Setup and this Help is displayed. For more information,
Although all language pack files stored on your SpeedTouch™ are listed,
only language pack files that match with the board name and the software
!
E-DOC-CTC-20051017-0151 v1.0
111
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
System Upgrade The System Upgrade section allows you to manage your SpeedTouch™’s system
software and upload or apply a new system software.
For extended management reasons and roll-back scenarios your SpeedTouch™
provides storage room for two system software packages: the active system
software the SpeedTouch™ is currently running and the passive one.
ꢀ
The System software properties table provides information on the active
software:
ꢀ
A link is provided to check for the latest available system software (based on
the information provided in the System software properties table and your
SpeedTouch™’s serial number.
ꢀ
The Software Versions table allows you to overview the currently stored
active and passive system software and to:
ꢀ
ꢀ
Upload system software
Proceed as follows:
1
Make sure you have a valid system software for your SpeedTouch™ readily
available on your local disk.
Use the link provided to check for the latest available system software.
2
3
4
If a Passive system software version is listed, click Remove Passive to remove
it from the SpeedTouch™ storage.
Click Browse... to specify the system software file on your local drive you wish
to upload.
Click Upload to upload the system software to your SpeedTouch™.
Uploading system software may take a few minutes. Meanwhile do
not browse to another SpeedTouch™ page in order not to interrupt
the upload process.
!
If the upload was successful the uploaded system software will be listed as Passive
system software version.
Switchtoanothersystem
software version
To upgrade your SpeedTouch™ system software to a new version, or in some cases
roll-back to a previous version:
1
Make sure that a Passive system software is correctly uploaded to your
SpeedTouch™ (it should be listed in the Software Versions table).
2
Click Switch Over to restart the SpeedTouch™ and activate the passive system
software version as active version.
Switching the system software versions may take a few minutes. Do
not power off your SpeedTouch™, or interrupt the switch process in
any other way.
!
During restart, the SpeedTouch™ will switch the passive and active system
software; the previous active system software will be stored as passive system
software version.
If for any reason the switch-over failed, the system software version that
was running as active software version will be retained. To ensure correct
operation of the SpeedTouch™ after recovery, the previous passive system
software may need to be removed; instead the active system software will
be duplicated as passive system software version.
E-DOC-CTC-20051017-0151 v1.0
112
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.2.7 SpeedTouch™ Services
Overview
The SpeedTouch™ Services page allows you to view and configure all services that
are currently configured on your SpeedTouch™. The purpose of this page is to
centralise the management of all SpeedTouch™ embedded Services and
Applications, or otherwise stated, all internal modules and engines of the
SpeedTouch™ that accept, relay or initiate IP traffic.
The SpeedTouch™ Service table provides an overview of registered services and
some additional information.
Optionally you can click:
ꢀ
Show/Hide Dynamic SpeedTouch™ services to show/hide SpeedTouch™
services that have been dynamically created by the SpeedTouch™.
ꢀ
Show/Hide members of service groups to show/hide all the individual
SpeedTouch™ services that are member of a SpeedTouch™ service Group.
Select a service to:
ꢀ
ꢀ
View detailed SpeedTouch™ service information.
Generally it is advised not to alter any of the settings of a SpeedTouch™
service.
!
E-DOC-CTC-20051017-0151 v1.0
113
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Edit SpeedTouch™ Editing SpeedTouch™ services might be useful in cases where you want to hide/
protect the service by deviation from the typical service settings or restricting
access from/to interfaces. However;
service properties
Do not edit SpeedTouch™ system services unless specifically needed.
!
To edit a SpeedTouch™ system service:
1
2
Select the service.
In Service properties:
ꢀ
Select or clear Service enabled to respectively enable or disable the
service.
ꢀ
Depending on the service, either:
ꢀ
ꢀ
Select a Source IP interface.
Type a new Internal TCP/UDP port.
3
4
5
6
In External TCP/UDP Port, optionally:
ꢀ
ꢀ
Clear existing External TCP/UDP ports, if applicable.
Type the port number of an additional external TCP/UDP port to add.
In Allow service via (Interface), optionally:
ꢀ
ꢀ
Clear existing interfaces, if applicable.
Type the name of the additional interface.
In Accept service from (Remote IP), optionally:
ꢀ
ꢀ
Clear existing remote IP addresses, if applicable.
Type the IP address of the specific remote IP host.
Click Apply to apply your changes to the SpeedTouch™ service.
You must repeat the procedure for each individual External TCP/UDP port,
interface, or remote IP address you want to add.
E-DOC-CTC-20051017-0151 v1.0
114
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
SpeedTouch™ service
types
The SpeedTouch™ service can be of following type:
Type
Indicates a SpeedTouch™ service that...
is the originator of an IP connection (source IP
Client
packets).
Server
Peer
is the responder of an IP connection (listening to IP
packets).
can be an originator or a responder of an IP
connection.
Proxy
Relay
is a responder on the LAN side and originator on
the WAN side of the SpeedTouch™.
is a responder on one side (LAN or WAN) and re-
originates on the other side (WAN resp. LAN) of
the SpeedTouch™.
Group
is an assembly of SpeedTouch™ services. Editing
such kind of entries will edit all members of that
Group.
Transparent-Map
Dynamic
uses transparent NAT port mappings.
has been dynamically created or enabled by the
SpeedTouch™ service manager.
Sibling
Shared
the service is member of a SpeedTouch™ Group
service.
uses a protocol port as another existing
SpeedTouch™ service.
E-DOC-CTC-20051017-0151 v1.0
115
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.2.8 SNTP
Overview
The Simple Network Time Protocol (SNTP) web page allows you to configure the
SpeedTouch™ real-time clock.
The page contains two sections:
ꢀ
ꢀ
Selecting Manual immediately disables the SpeedTouch™ SNTP client. As a
consequence the SpeedTouch™ real-time clock will no longer be
periodically synchronised with an Internet time server.
!
SNTP Client As long as the SNTP section is selected, automatic time synchronisation of the
SpeedTouch™ real-time clock by means of the SpeedTouch™ SNTP client is
guaranteed (given that NTP servers are configured of course).
The SNTP table allows you to overview and add/delete NTP servers (present on the
Internet or your local network) to which the SpeedTouch™ real-time clock is able to
synchronize its time settings with.
To add an NTP server:
1
2
Click New (if an entry is currently selected, click Cancel first)
Type the host name or IP address of the NTP server.
You can check the Internet for free accessible real-time NTP servers.
3
4
Select the NTP version (1, 2, 3, or 4). This information is most likely provided
with the NTP server's IP address.
Click Apply.
You can add multiple NTP servers. This ensures that the SpeedTouch™ SNTP client
will always be able to contact at least one NTP server to synchronize the
SpeedTouch™ real-time clock with.
Manual You can manually configure the SpeedTouch™'s real-time clock in case no
connection to an NTP server is available.
To manually configure the SpeedTouch™ real-time clock:
1
2
3
4
Type the current Date (day/month/year)
Type the current Time (hours:minutes:seconds in 24-hour clock)
Select the Time Zone suiting your physical regional location.
Select Daylight saving to adjust the SpeedTouch™ real-time clock to daylight
saving time, if used in your region.
5
Click Apply to apply the time settings to the SpeedTouch™ real-time clock.
E-DOC-CTC-20051017-0151 v1.0
116
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.2.9 SLA
Overview
The Service Level Agreement (SLA) page allows you to view and configure ping
and traceroute tests.
The page contains two sections:
ꢀ
ꢀ
Ping
The Ping table provides a list of configured ping test entries.
test.
Select a ping test entry to:
ꢀ
ꢀ
Perform a ping test and view test results and history (see Ping tests and
results).
ꢀ
Add/delete a ping test To add a ping test entry:
1
2
3
4
Click New (if an entry is currently selected, click Cancel first).
Type a name for the ping test entry.
Type the host name or IP address of the target to ping.
Click Apply.
To delete a ping test:
1
2
Select the ping test entry to delete.
Click Delete.
Modifypingtestproperties To modify a ping test entry:
1
2
3
4
Select the ping test entry.
Click Modify.
Make your changes.
Click Apply to apply your changes to the ping test entry.
E-DOC-CTC-20051017-0151 v1.0
117
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Ping tests and results
To start/stop a ping test:
1
2
Select the ping test entry.
Click:
ꢀ
ꢀ
Activate to start the ping test.
Deactivate a ping test that is currently running.
To view the results of the ping test:
1
2
Select the ping test entry, if needed.
Click Result.
To overview a history of ping tests:
1
2
Select the ping test entry.
Click History.
Traceroute
The Traceroute table provides a list of configured traceroute test entries.
delete a traceroute test below.
Per traceroute test entry following information is shown in the table:
ꢀ
ꢀ
ꢀ
ꢀ
an intuitive Test name of the traceroute Test
the traceroute test entry Owner
the traceroute Target Address (host or IP address)
the traceroute test Status, being either:
ꢀ
ꢀ
Stopped
In Progress
Select a traceroute test entry to:
ꢀ
ꢀ
Perform a traceroute test and view test results and history (see traceroute tests
ꢀ
E-DOC-CTC-20051017-0151 v1.0
118
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Add/deleteatraceroute
test
To add a traceroute test entry:
1
2
3
4
Click New (if an entry is currently selected, click Cancel first).
Type a name for the traceroute test entry.
Type the host name or IP address of the target to traceroute.
Click Apply.
To delete a traceroute test:
1
2
Select the traceroute test entry to delete.
Click Delete.
Modify traceroute test
properties
To modify a traceroute test entry:
1
2
Select the traceroute test entry.
Click Modify.
3
4
Make your changes.
Click Apply to apply your changes to the traceroute test entry.
traceroute tests and To start/stop a traceroute test:
results
1
2
Select the traceroute test entry.
Click:
ꢀ
ꢀ
Activate to start the traceroute test.
Deactivate a traceroute test that is currently running.
To view the results of the traceroute test:
1
2
Select the traceroute test entry, if needed.
Click Result.
To overview a history of traceroute tests:
1
2
Select the traceroute test entry.
Click History.
To view a list of hops that have been reached by the traceroute request:
1
2
Select the traceroute test entry.
Click Hop.
E-DOC-CTC-20051017-0151 v1.0
119
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.2.10 Add-on
Overview
Some of the SpeedTouch™'s extended functionalities require a software activation
key to enable the corresponding software module.
To acquire a software activation key for activating a SpeedTouch™ software
module, proceed as follows:
1
2
3
Click the name of the software module you intend to activate. This link will
forward you to the SpeedTouch™ software activation key web server.
Follow the instructions for generating and downloading the software
activation key.
If required, paste the obtained software key in the Software Activation Code
Input display box.
4
5
Click Add to process the software activation key.
Click Restart to restart the SpeedTouch™. This allows the SpeedTouch™
system software to validate the software activation key and to activate the
corresponding module.t
Important: The key is unique for each module and for each SpeedTouch™
device. It can not be re-used for activating another software module, or be
copied from or to another SpeedTouch™ device.
!
Once activated, the software key can not be disabled anymore via the Add-
on web page.
E-DOC-CTC-20051017-0151 v1.0
120
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.3 IP Router
Overview
The IP Router menu consists of the following topics:
Click ...
To ...
view/configure the IP addresses assigned to any of
the SpeedTouch™ interfaces.
view/configure interface, or IP, or Service related
expressions.
view/configure packet classification and handling.
view/configure the SpeedTouch™ IP forwarding
and routing table.
view/configure the SpeedTouch™ Routing
Information Protocol (RIP) engine.
vie/configure the SpeedTouch™ Address
Translation information base.
view/configure the SpeedTouch™ IP Quality of
Service (IPQoS) engine.
E-DOC-CTC-20051017-0151 v1.0
121
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.3.1 IP Addresses
Overview
The IP address table shows all IP addresses configured on any of SpeedTouch™’s
interfaces.
In the table following information is provided per IP address:
ꢀ
ꢀ
ꢀ
The Interface to which the IP address applies
The IP address/Netmask (in prefix notation)
The IP address Type, being either:
ꢀ
auto, in case the address has been automatically assigned by the
SpeedTouch™ at startup or via negotiation
ꢀ
extra, in case of a manually configured IP address.
ꢀ
You can also assign additional new IP addresses to the SpeedTouch™ (see
In case you select an IP address entry, you can:
ꢀ
and click Apply.
ꢀ
Click Delete to delete the IP address.
Add/change an IP
address
To add a new IP address to the SpeedTouch™:
1
2
Click New.
Select the Interface to which the IP address must apply.
3
4
Either:
ꢀ
ꢀ
Type a valid IP address/mask (in prefix notation).
Select Obtain an IP address automatically.
Click Apply to add the IP address.
To change the configuration of an existing IP address:
1
2
3
Select the IP address entry.
Make your changes.
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
122
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.3.2 Expressions
Overview
Expressions are used in rules for source and destination interface, source and
destination IP address(es) (ranges) and services.
The Expressions page consists of three sections:
ꢀ
ꢀ
ꢀ
Expressions are also used by the SpeedTouch™ Stateful Inspection
Interface The Interface section bundles all expressions that express a relation based on
Interfaces.
The Expressions table provides following information per expression:
ꢀ
ꢀ
ꢀ
The Name of the expression
A Summary of the expression’s configuration
For more detailed information you can expand the expression (click
).
Adding an interface
related expression
To add a new interface related expression:
1
2
Click New.
In the Interface Expressions Properties table:
ꢀ
ꢀ
Type a Name for the expression.
Select the Interface group the expression should relate to. For negative
logic, select Not.
ꢀ
Select the interface the expression should relate to. An interface is the
connection between the SpeedTouch™ and one of his attached
networks. For negative logic, select Not.
3
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
123
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
IP
The IP section bundles all expressions that express a relation based on IP
addresses.
The Expressions table provides following information per expression:
ꢀ
ꢀ
ꢀ
The Name of the expression
A Summary of the expression’s configuration.
For more detailed information you can expand the expression (click
).
Adding an IP related To add a new IP related expression:
expression
1
2
Click New.
In the IP Expressions Properties table:
ꢀ
ꢀ
Type a Name for the expression.
Type an IP address or an IP address range. For negative logic, select Not.
You can define a valid IP address range by:
ꢀ
ꢀ
ꢀ
Typing a subnet, e.g. 10.0.0.0/8
Typing a IP address subset range, e.g. 10.[1-31].[9-11].[1-5]
Using wild cards, e.g. 192.5.*.*
3
Click Apply to add the expression to the table.
Service
The Service section bundles all expressions that express a relation based on
services.
The Expressions table provides following information per expression:
ꢀ
ꢀ
ꢀ
The Name of the expression
A Summary of the expression’s configuration.
For more detailed information you can expand the expression (click
).
Adding a service related To add a new service related expression:
expression
1
2
Click New.
In the Service Expressions Properties table:
ꢀ
ꢀ
ꢀ
Type a Name for the expression.
Select a Protocol to filter on. For negative logic, select Not.
Type a Source port from... to... to define the source port range. For
negative logic, select Not.
ꢀ
Type a Destination port from... to... to define the destination port range.
For negative logic, select Not.
3
Click Apply to add the expression to the table.
E-DOC-CTC-20051017-0151 v1.0
124
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.3.3 Classification
Overview
The Classification page consists of three section:
ꢀ
ꢀ
ꢀ
Labels, providing a list of existing packet classification labels and abilities to
add/modify or delete packet classification label entries.
data flow by means of classification rules.
flow by means of classification rules.
Labels The Labels section provides an overview of existing packet-classification labels.
The Labels table provides following information per label:
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
the packet-classification label Name
the kind of packet Classification
the Class of classification
the TCP Ack class
whether TOS Marking is enabled or disabled.
Proceed as follows to create a new label:
1
2
3
Click New to add a label.
Fill in all the fields.
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
125
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Routing Rules
The Routing Rules section provides an overview of the existing routing rules.
Proceed as follows to create a new rule:
1
2
Click New to create a new rule.
Fill in all the fields.
ꢀ
ꢀ
ꢀ
Index:
The index of the label rule.
Name:
The name of the rule.
Label:
The label allows to identify packets with matching criteria. If such a
packet arrives it is “labelled” with a packet classification label. Still no
packet classified routing is done. Only if you add a route that uses that
particular label as route criterion, the effective classification based
routing is applied.
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
Service:
The service or protocol. (e.g. smtp, http, telnet,...)
Source Interface:
The source interface. (e.g. _lan1, _wan1, _dmz1,...)
Source IP - Select:
The name of the source IP expression.
Destination IP - Select:
The name of the destination IP expression.
State:
Select this check box to enable this rule.
Log:
Select this check box to generate a syslog message when this label is
being used.
3
Click Apply.
IP QoS Rules The IP QoS Rules section provides an overview of the existing routing rules.
Proceed as follows to create a new rule:
1
2
3
Click New to create a new rule.
Fill in all the fields.
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
126
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.3.4 IP Routing
Overview
The IP Routing table presents the current content of the SpeedTouch™ Routing
Information Base. It contains all routes to all possible destinations and is consulted
by the SpeedTouch™ any time prior to sending or forwarding any packets.
Similar to the IP address table, a number of IP Routes are pre-configured. Other
routes are either added via adding an IP address manually, or via the address
configuration, for example for Routed IPoA, or by the Routing Information Protocol.
Adding an IP route
To add an IP route:
1
2
3
Click New in the bottom row of the table
Specify the Destination IP prefix
If needed, select a packet-classification routing Label (in case the route applies
for classified packets)
4
5
Either specify the IP address of a directly connected Gateway OR select the
Interface to which the route should apply (mutually exclusive).
Click Apply.
Deleting an IP route
To delete an IP route:
1
2
Select the IP route you want to delete
Click Delete.
An IP prefix is the combination of an IP address and (sub)net mask and e.g.
192.6.11.150/24.
E-DOC-CTC-20051017-0151 v1.0
127
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.3.5 RIP
Overview
The RIP web page contains three tabs:
ꢀ
ꢀ
ꢀ
Configuration The Configuration section allows you to enable/disable the SpeedTouch™ RIP
functionality and configure the some basic RIP settings.
Interfaces The RIP Interfaces table allows you to configure interface specific RIP settings such
as:
ꢀ
ꢀ
Override the master RIP status (enable/disable)
Override the master RIP version, separately for receiving and sending RIP
messages
ꢀ
ꢀ
ꢀ
Specify whether authorization is needed or not, and if so the required
authorization string
Specify whether routed must be included in RIP updates sent to a gateway
from which the updates were learned
Specify whether the interface should transmit RIP updates or not.
Neighbours Optionally, the RIP Neighbours table allows you to define one or more RIP
neighbours. This may be necessary in cases where multicast messages can not be
sent or received among the network.
E-DOC-CTC-20051017-0151 v1.0
128
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.3.6 NAT
Overview
The NAT menu consists of following sections:
ꢀ
ꢀ
ꢀ
Interfaces The Interface page allows you to enable/disable NAPT on a specific interface.
Proceed as follows to enable/disable an interface:
1
2
Select the interface that has to be enabled/disabled
Click Save All to make the settings permanent.
Mappings
The Mappings page allows you to map one or more private IP addresses into one or
more public IP address on a specific interface.
Depending on your needs following fields are available:
ꢀ
Interface:
The name of the IP interface that needs to be NAT-ed.
ꢀ
Protocol:
The IP protocol on which address translation has to be applied. This allows the
SpeedTouch™ to link specific traffic (protocol dependent) to a chosen private
host.
ꢀ
ꢀ
ꢀ
Outside address:
The outside (typically public) IP address(es).
Inside address:
The inside (typically private) IP address(es).
Access list:
You can use the access list to define the address(es) that are allowed to use the
outbound connections.
ꢀ
Foreign address:
Foreign address is to define the address(es) that are allowed to use the
inbound connections.
ꢀ
ꢀ
Flags
Description
If you selected NAPT, you will have to specify a port range for the inside and
outside address.
E-DOC-CTC-20051017-0151 v1.0
129
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Creating a NAT Proceed as follows to create a address translation mapping:
mapping
1
2
3
Click New to create a new map.
Select or fill in all the fields (see above).
Click Apply.
Templates The Template page allows you to create a NA(P)T template.
Depending on your needs following fields are available:
ꢀ
ꢀ
ꢀ
ꢀ
Interface:
The name of the IP interface that needs to be NAT-ed.
Group:
The IP interface group scope for this template.
Type:
Allows you to choose the translation type.
Protocol:
The IP protocol on which address translation has to be applied. This allows the
SpeedTouch™ to link specific traffic (protocol dependent) to a chosen private
host.
ꢀ
ꢀ
ꢀ
Outside address:
The outside (typically public) IP address(es).
Inside address:
The inside (typically private) IP address(es).
Access list:
You can use the access list to define the address(es) that are allowed to use the
outbound connections.
ꢀ
Foreign address:
Foreign address is to define the address (es) that are allowed to use the
inbound connections.
ꢀ
ꢀ
Flags
Description
If you selected NAPT, you will have to specify a port range for the inside and
outside address.
Creating a NAT Proceed as follows to create a template:
template
1
2
3
Click New to create a new template.
Select or fill in all the fields (see above).
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
130
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.3.7 IP QoS
Definition Quality of Service is the ability for an application to obtain the network service it
requires for successful operation. Nowadays the total amount of data traffic
increases, while new types of data emerge, like: voice data, video data, audio data.
These new types of data pose new requirements for data transport, e.g. low latency,
low data loss, … To meet these requirements, the entire network must ensure them
via a connection service guarantee. Such a connection service guarantee can both
be applied to connection oriented networks (connection based) and to packet-
oriented networks (data-stream or data type based).
Quality of Service allows specifying a connection service guarantee via a set of
connection parameters. Throughout the network, this set of connection parameters
will be used to handle the connection data in a way to achieve the connection
service guarantee. This handling includes reserving bandwidth, priority based
queuing, scheduling, modifying data characteristics, …
Examples of connection parameters include the maximum amount of bandwidth
that may be used, the guaranteed amount of bandwidth that will always be
available, the maximum delay the data can experience throughout the network, a
priority indication, …
Overview
The IPQoS menu consists of following sections:
ꢀ
ꢀ
ꢀ
E-DOC-CTC-20051017-0151 v1.0
131
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Configuration The Configuration page allows you to configure IPQoS for a given destination
interface for the IPQoS queues instantiation.
When enabling or disabling IPQoS, take the following into account:
ꢀ
if the WAN interface (for example PPPoA, IPoA, ...) is detached at the
time of enabling/disabling IPQoS, then the WAN interface has to be
attached in order for the enabling/disabling of IPQoS to take effect.
ꢀ
if the WAN interface is attached at the time of enabling/disabling
IPQoS, then the WAN interface has to be detached and then re-
attached in order for the enabling/disabling of IPQoS to take effect.
The following settings are available:
ꢀ
ꢀ
ꢀ
Name:
The destination interface for the IPQoS queues instantiation.
State:
Disable or enable IPQoS for the interface.
Discard:
Determines the packet discard strategy in case of congestion. Choose
between:
ꢀ
tail: Tail Drop: arriving packets will be dropped as soon as the destination
queue is in an overflow state.
ꢀ
early: Early Packet discard: arriving packets will be dropped early
according to the BLUE active queue management algorithm.
ꢀ
Priority:
Select the sub queue priority algorithm. Choose between:
ꢀ
wfq:
Weighted Fair Queuing (WFQ) is used for the four AF queues. The
realtime queue has priority over the WFQ queues, which have priority
over the best-effort queue.
ꢀ
ꢀ
strict:
Priority queuing is used. Strict Priority scheduling is used between all
queues. The higher the queue number, the higher the priority.
wrr:
Weighted Round Robin (WRR) is used for the four AF queues. Each
queue is scheduled in turn, with a circular “round” wrapping.
ꢀ
ꢀ
WFQ queue Weight:
A number between 1 and 97. Represents the weight of the queue used for
WFQ or WRR.
Max highest queue rate (%):
Represents a percentage of the interface bandwidth for rate-limiting of the
Real Time queue. In case of congestion, the Real Time queue will only use this
percentage of the interface bandwidth when there is also traffic on the other
queues. This prevents other queues from starvation (when the highest uses all
bandwidth).
ꢀ
Max highest queue burst:
Represents the Real Time queue burst size (in kilobytes) for rate limiting.
E-DOC-CTC-20051017-0151 v1.0
132
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Queues The Queues page allows you to prioritize data.
The following settings are available:
ꢀ
Propagate:
If the propagate function is enabled, an overflow to a lower priority queue will
be created in case the initial queue is full. If the function is disabled packets in
excess of the queue will be dropped.
ꢀ
ECN:
If the ECN marking is enabled, the Congestion Experienced code-point in the
ECN field is set. This means that when a queue is congested the EC code-point
will be set instead of dropping the packet. if the ECN marking is disabled,
packets will be dropped if the queue is congested.
ꢀ
AckFilter:
If the Ack filtering option is enabled, duplicate ACK packets in a queue will
only be sent once. Meaning that the last duplicate ACK packet will be sent and
the other ACK packets will be dropped. If the ackfiltering option is disabled, all
ACK packets will be sent in their original sequence.
To make changes to the configuration of the queues, simply select or clear the
appropriate check box(es).
Selecting or clearing a setting’s check box immediately applies the change
made to the corresponding setting of the queue.
!
Meter The Meter page allows you to configure rate limiting. This allows aggregated data
to be policed to pre-configured bandwidths. This rate limiting can be configured for
a specific interface, IP address or service. A meter can be selected by a label or can
be interface specific.
The following settings are available:
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
Name:
The name of the IPQoS meter.
Interface:
The name of the interface.
Label:
The name of the label.
Drop rate:
The drop rate in kilobits per second (Kb/s).
Mark rate:
The mark rate in kilobits per second (Kb/s).
Burst:
The burst size in kilobytes (KB).
Status:
The status of the IPQoS meter entry. This can be either Started or Stopped.
To activate or de-activate a particular rate limiting entry, simply select or clear
the Status check box of the IPQoS meter entry.
Selecting or clearing the check box of an IPQoS meter entry
immediately activates or de-activates the corresponding rate limiting.
!
ꢀ
# dropped:
The number of packets that exceeded the drop rate and - as a consequence -
are dropped.
E-DOC-CTC-20051017-0151 v1.0
133
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
ꢀ
ꢀ
# marked:
The number of packets that exceeded the mark rate and - as a consequence -
are marked.
# compliant:
The number of packets that comply to the IPQoS meter rate limits and - as a
consequence - can pass.
To add a new IPQoS rate limiting entry:
1
2
Click New.
Type:
ꢀ
ꢀ
ꢀ
a Name for the new entry.
the Drop and Mark rate
the Burst size
3
Select:
ꢀ
ꢀ
the Interface to which the entry applies
Drop action
You can either choose to simply count the number of packets that exceed
the drop rate, or to effectively drop them.
ꢀ
ꢀ
Mark action
You can either choose to simply count the number of packets that exceed
the mark rate, or to effectively mark them.
Marking
In case you have chosen to mark packets that exceed the mark rate, you
can select what marking is applied: TOS, DSCP, or Precedence.
Depending on the selected marking you must also select an
appropriate TOS, DSCP or Precedence value.
Select Disabled in case no marking must be applied.
ꢀ
Classification
You can select:
ꢀ
ꢀ
ignore, so that no changes are made to the classification
overwrite, so that the internal priority will be overwritten, no matter
what the value is
ꢀ
decrease, so that the internal priority will only be overwritten in
case the value defined is lower than the value upon arrival
ꢀ
offset, to effectively lower the priority setting with a relative offset
as defined in Class value.
ꢀ
Class
The class or offset used for classification.
4
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
134
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.4 Connections
Overview
The Connections menu consists of the following topics:
Click ...
To ...
view/configure SpeedTouch™’s ATM interfaces.
view/configure the Routed PPP over Ethernet
(PPPoE) Internet services.
view/configure the Routed PPP over ATM (PPPoA)
Internet services.
view/configure the Routed PPP over ISDN (PPPoI)
Internet services.
view/configure the Bridged Ethernet Internet
services.
view/configure the Routed Ethernet Internet
services.
view/configure the Routed IP over ATM (IPoA)
Internet service.
view/configure the PPTP-to-PPP Relay Internet
services.
view/configure the SpeedTouch™ Virtual LAN
functionality.
E-DOC-CTC-20051017-0151 v1.0
135
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.4.1 ATM
Overview
The ATM page consists of following sections:
ꢀ
ꢀ
ꢀ
Phonebook
The SpeedTouch™ Phonebook is a repository for ATM connectivity information. A
number of pre-configured entries may already reside in the SpeedTouch™
Phonebook.
The Phonebook:
ꢀ
ꢀ
ꢀ
Allows you to use named connections.
Provides an instant overview of all possible connections.
Indicates whether hardware and software resources are actually assigned to
Phonebook entries.
ꢀ
Resolves conflicts when adding new connectivity information.
Adding a phonebook To add a new Phonebook entry:
entry
1
2
3
Click New.
example 8.35).
4
Click Apply.
Connection Service
Name
There are a few limitations on names:
ꢀ
ꢀ
ꢀ
A phonebook name cannot have spaces.
The name INCOMING is reserved for internal use.
For entries of connection service type PPPoA, planned to be used for the
Relayed PPPoA packet service, the phonebook name may not start with capital
P or T (Microsoft Windows OS restrictions).
ꢀ
Phonebook entries with a name starting with DHCP are reserved for the PPP-
to-DHCP spoofing feature of the SpeedTouch™.
E-DOC-CTC-20051017-0151 v1.0
136
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Virtual Channel
The address format is vpi*vci, e.g. 8*35; or vpi.vci, e.g. 8.35.
Identifiers (VPI and VCI)
VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) are two parameters
identifying ATM Virtual Channels.
It is the responsibility of the network operator to provide end-to-end connectivity
throughout the network on these virtual channels. Due to regional differences or
because of the specific policy of your local operator, specific VPI/VCI values may be
required. In this case, the network operator, ISP or corporate administrator will
provide the correct values.
The VPI can range from 0 to 15, VCI from 32 .. 511.
QoS Book
The QoS Book table displays following parameters:
ꢀ
Name:
The name of the new QoS entry.
ꢀ
txctd:
The name of the Connection Traffic Descriptor (CTD) for the transmit
(upstream) direction.
ꢀ
rxctd:
The name of the CTD for the receive (downstream) direction.
Interfaces The Interfaces tab allows you to configure:
ꢀ
Name:
The name of the ATM interface to be configured.
ꢀ
Destination:
The WAN destination for this ATM interface. Typically, an ATM phonebook
entry.
ꢀ
ꢀ
QoS name:
The name of the Quality of Service (QoS) book entry to apply on this ATM
interface.
Encapsulation:
The type of encapsulation to be used for this ATM interface. Choose between:
ꢀ
ꢀ
ꢀ
llc: Logical Link Control (LLC) / Sub Network Access Protocol (SNAP)
vcmux: Virtual Channel MUltipleXing (VCMUX).
auto: the SpeedTouch™ will determine the encapsulation method to use.
ꢀ
ꢀ
Number of retries:
A number between 0 and 65535. Represents the number of times the
SpeedTouch™ retries to set up a WAN connection before giving up.
FCS:
Enable or disable the inclusion of the Ethernet Frame Check Sequence (FCS) in
the packet header on the WAN side (only used for llc encapsulation for mac).
This parameter is normally left disabled.
E-DOC-CTC-20051017-0151 v1.0
137
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
ꢀ
Upper layer protocol:
Select the Upper Layer Protocol (ULP) for this interface. Choose between:
ꢀ
ꢀ
ip (for a Routed IPoA interface).
mac (for a Bridged Ethernet, Routed ETHoA, Bridged PPP over Ethernet
(PPPoE), Routed PPPoE or a PPPoE Relay interface).
ꢀ
ppp (for a Routed PPP over ATM (PPPoA) interface).
E-DOC-CTC-20051017-0151 v1.0
138
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.4.2 Routed PPPoE
Introduction The Routed PPPoE configuration page allows you to add new Routed PPPoE, or
Routed PPPoE Relay connection entries or to change settings of existing entries.
Creating a Routed To add a Routed PPPoE connection entry:
PPPoE connection entry
1
2
Click New.
In the Interface box, type a unique interface name (different from the MER
interface name).
3
In the Destination list, click the appropriate Routed Ethernet destination
indicated by the Routed Ethernet interface name
4
5
6
Type user name and password for the account at the ISP [optional].
If applicable, type a Service name and/or Access Concentrator [optional]
Click Apply.
Additional configuration Once created, per Routed PPPoE connection, additional configuration is possible by
clicking:
ꢀ
ꢀ
These parameters can only be modified when the link is down. Take the link
down first by clicking Hang-up.
Routing Following fields are available:
ꢀ
Destination:
Controls the networks that can be reached via this particular PPP connection.
Specify the remote host or network in prefix notation. e.g. 172.16.0.0/16.
ꢀ
Label:
Allows you to assign a label to this connection.
E-DOC-CTC-20051017-0151 v1.0
139
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Other This window holds miscellaneous information and configuration possibilities.
Following fields are available:
ꢀ
Mode:
A PPP connection can be established in three ways:
ꢀ
ꢀ
ꢀ
Manually:
You have to press the Dial-In button of a particular connection.
Always-On:
The SpeedTouch™ automatically tries to establish PPP connections.
On-Demand:
A PPP connection is triggered by specific frames arriving at the Ethernet
port.
ꢀ
ꢀ
Idle Time Limit:
Allows you to specify after which time limit the PPP connection is released.
Otherwise stated, if no traffic passes over the PPP connection for Idle Time, the
connection is closed.
Authentication allows you to select the default PPP authentication mechanism
when starting the PPP session. Via the drop down box, three authentication
methods can be selected for the connection:
ꢀ
Auto (default):
Preferably the CHAP (Challenge Handshake Authentication Protocol) will
be used. However, if not successful, PAP (Password Authentication
Protocol) authentication is used instead. If in turn PAP fails, the
connection will NOT be authenticated.
ꢀ
ꢀ
CHAP:
CHAP authentication is forced. If not successful, the connection will NOT
be authenticated.
PAP:
PAP authentication is forced. If not successful, the connection will NOT
be authenticated.
ꢀ
ꢀ
Local IP and Remote IP:
During PPP session setup IP addresses are negotiated. Typically at the client
side, these fields are left empty. This forces the client to ask the server for
addresses. To setup the SpeedTouch™ as PPP server, you are able to supply
suitable values (according your network configuration).
Primary DNS and Secondary DNS:
During PPP session setup the BRAS will normally provide the DNS server IP
addresses. Typically at the client side, these fields should therefore be left
empty.
In cases where the DNS server IP addresses are not provided by the BRAS, or
to setup the SpeedTouch™ as PPP server, you are able to supply suitable
values (according your network configuration).
Statistics For a running PPP session the fourth tab allows you to overview following
connection statistics:
ꢀ
ꢀ
ꢀ
ꢀ
IP address:
local IP address assigned by the server.
Bytes received:
Number of bytes received on this PPP connection.
Bytes dropped:
Number of bytes failed to transmit.
Bytes sent:
Number of bytes transmitted over this PPP connection.
E-DOC-CTC-20051017-0151 v1.0
140
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.4.3 Routed PPPoA
Introduction The Routed PPPoA configuration page allows you to add new Routed PPPoA
connection entries or to change settings of existing entries.
Creating a Routed To add a Routed PPPoA connection entry:
PPPoA connection
1
2
Click New.
entry
In the Interface box, type a unique interface name (different from the MER
interface name).
3
In the Destination list, click the appropriate Routed Ethernet destination
indicated by the Routed Ethernet interface name
4
5
Type user name and password for the account at the ISP [optional].
Click Apply.
Additional configuration Once created, per Routed PPPoA connection, additional configuration is possible by
clicking:
ꢀ
ꢀ
These parameters can only be modified when the link is down. Take the link
down first by clicking Hang-up.
Routing Following fields are available:
ꢀ
Destination:
Controls the networks that can be reached via this particular PPP connection.
Specify the remote host or network in prefix notation. e.g. 172.16.0.0/16.
ꢀ
Label:
Allows you to assign a label to this connection.
E-DOC-CTC-20051017-0151 v1.0
141
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Other This window holds miscellaneous information and configuration possibilities.
Following fields are available:
ꢀ
Mode:
A PPP connection can be established in three ways:
ꢀ
ꢀ
ꢀ
Manually:
You have to press the Dial-In button of a particular connection.
Always-On:
The SpeedTouch™ automatically tries to establish PPP connections.
On-Demand:
A PPP connection is triggered by specific frames arriving at the Ethernet
port.
ꢀ
ꢀ
Idle Time Limit:
Allows you to specify after which time limit the PPP connection is released.
Otherwise stated, if no traffic passes over the PPP connection for Idle Time, the
connection is closed.
Authentication allows you to select the default PPP authentication mechanism
when starting the PPP session. Via the drop down box, three authentication
methods can be selected for the connection:
ꢀ
Auto (default):
Preferably the CHAP (Challenge Handshake Authentication Protocol) will
be used. However, if not successful, PAP (Password Authentication
Protocol) authentication is used instead. If in turn PAP fails, the
connection will NOT be authenticated.
ꢀ
ꢀ
CHAP:
CHAP authentication is forced. If not successful, the connection will NOT
be authenticated.
PAP:
PAP authentication is forced. If not successful, the connection will NOT
be authenticated.
ꢀ
ꢀ
Local IP and Remote IP:
During PPP session setup IP addresses are negotiated. Typically at the client
side, these fields are left empty. This forces the client to ask the server for
addresses. To setup the SpeedTouch™ as PPP server, you are able to supply
suitable values (according your network configuration).
Primary DNS and Secondary DNS:
During PPP session setup the BRAS will normally provide the DNS server IP
addresses. Typically at the client side, these fields should therefore be left
empty.
In cases where the DNS server IP addresses are not provided by the BRAS, or
to setup the SpeedTouch™ as PPP server, you are able to supply suitable
values (according your network configuration).
Statistics For a running PPP session the fourth tab allows you to overview following
connection statistics:
ꢀ
ꢀ
ꢀ
IP address:
Local IP address assigned by the server.
Bytes received:
Number of bytes received on this PPP connection.
Bytes dropped:
Number of bytes failed to transmit.
E-DOC-CTC-20051017-0151 v1.0
142
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
ꢀ
Bytes sent:
Number of bytes transmitted over this PPP connection.
E-DOC-CTC-20051017-0151 v1.0
143
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.4.4 Routed PPPoI
Availability The ISDN modem is only fully functional after activating the ISDN software module
with the ISDN software module activation key. For more information, see
Introduction The Routed PPPoI configuration page allows you to add new Routed PPPoI
connection entries or to change settings of existing entries.
Creating a Routed To add a Routed PPPoI connection entry:
PPPoI connection entry
1
2
3
Click New.
In the Interface box, type a unique interface name.
In the ISP profile list, click:
ꢀ
ꢀ
The name of a profile if you want to use an existing profile.
New to create a new profile. Type the name you want to assign to this
profile in the Enter Name box.
These ISP profile contain the ISDN parameters.
Type user name and password for the account at the ISP.
If needed, enter the ISDN parameters of your ISP.
Click Apply.
4
5
6
Additional configuration Once created, per Routed PPPoI connection, additional configuration is possible by
clicking:
1
2
These parameters can only be modified when the link is down. Take the link
down first by clicking Hang-up.
Routing Following fields are available:
ꢀ
Destination:
Controls the networks that can be reached via this particular PPP connection.
Specify the remote host or network in prefix notation. e.g. 172.16.0.0/16.
ꢀ
Label:
Allows you to assign a label to this connection.
E-DOC-CTC-20051017-0151 v1.0
144
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Other This window holds miscellaneous information and configuration possibilities.
Following fields are available:
ꢀ
Mode:
A PPP connection can be established in three ways:
ꢀ
ꢀ
ꢀ
Manually:
You have to press the Dial-In button of a particular connection.
Always-On:
The SpeedTouch™ automatically tries to establish PPP connections.
On-Demand:
A PPP connection is triggered by specific frames arriving at the Ethernet
port.
ꢀ
ꢀ
Idle Time Limit:
Allows you to specify after which time limit the PPP connection is released.
Otherwise stated, if no traffic passes over the PPP connection for Idle Time, the
connection is closed.
Authentication allows you to select the default PPP authentication mechanism
when starting the PPP session. Via the drop down box, three authentication
methods can be selected for the connection:
ꢀ
Auto (default):
Preferably the CHAP (Challenge Handshake Authentication Protocol) will
be used. However, if not successful, PAP (Password Authentication
Protocol) authentication is used instead. If in turn PAP fails, the
connection will NOT be authenticated.
ꢀ
ꢀ
CHAP:
CHAP authentication is forced. If not successful, the connection will NOT
be authenticated.
PAP:
PAP authentication is forced. If not successful, the connection will NOT
be authenticated.
ꢀ
ꢀ
Local IP and Remote IP:
During PPP session setup IP addresses are negotiated. Typically at the client
side, these fields are left empty. This forces the client to ask the server for
addresses. To setup the SpeedTouch™ as PPP server, you are able to supply
suitable values (according your network configuration).
Primary DNS and Secondary DNS:
During PPP session setup the BRAS will normally provide the DNS server IP
addresses. Typically at the client side, these fields should therefore be left
empty.
In cases where the DNS server IP addresses are not provided by the BRAS, or
to setup the SpeedTouch™ as PPP server, you are able to supply suitable
values (according your network configuration).
E-DOC-CTC-20051017-0151 v1.0
145
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Statistics For a running PPP session the fourth tab allows you to overview following
connection statistics:
ꢀ
ꢀ
ꢀ
ꢀ
IP address:
Local IP address assigned by the server.
Bytes received:
Number of bytes received on this PPP connection.
Bytes dropped:
Number of bytes failed to transmit.
Bytes sent:
Number of bytes transmitted over this PPP connection.
E-DOC-CTC-20051017-0151 v1.0
146
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.4.5 Bridged Ethernet
Overview
The Bridged Ethernet page consists of following sections:
ꢀ
ꢀ
Bridged Ethernet The Bridged Ethernet page allows you to configure the SpeedTouch™ for
IEEE802.1D Transparent Bridging, which equally may include preparing it for
Bridged PPPoE.
Next to transparent bridging, the SpeedTouch™ also features full VLAN awareness,
and as such allows Ethernet interface grouping or VLAN-tag based forwarding.
The Bridged Ethernet page gives you an overview of all interfaces that are
connected to the SpeedTouch™ Ethernet bridge.
Bridge properties Under the Bridged Ethernet overview table are the parameters that are applicable
for the Ethernet bridge itself. Following parameters are configurable:
ꢀ
Aging time
Using this input, the aging timer of the bridge internal database can be
changed. If the aging time of a MAC entry has expired, this entry will be
removed from the database.
ꢀ
Virtual LAN
By selecting this checkbox, the SpeedTouch™ bridge will become fully VLAN
ID aware. This means that if incoming Ethernet packets are VLAN tagged, this
tag will be taken into account, and as such the packet will only be bridged to
the ports that are member of that VLAN.
The SpeedTouch™ will always take into account the VLAN interface
configuration that is set. This means that if an interface is configured
to be member of VLAN_A, it will not be able to communicate with an
interface that is set to be VLAN_B, even if the bridge state is set to
VLAN=disabled!
!
E-DOC-CTC-20051017-0151 v1.0
147
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Add a new Bridge port Proceed as follows to add a new port to the Ethernet Bridge:
1
2
Click New under the Bridge Ethernet overview table
In the Interface box, type a unique interface name; in the Destination list,
select the interface you want to use for this connection.
3
Mark the Multicast filter checkbox if you wish to filter out multicast streams on
this interface. In normal situations multicast packets are flooded on all ports of
the bridge, but this might cause unwanted performance issues on some
interface types.
4
5
6
7
8
Select the VLAN name to which arriving packets on this interface should be
assigned. In VLAN enabled mode this is only applicable for untagged packets.
Select the default Priority* to be used for tagging outgoing VLAN packets on
this interface.
Mark the Ingress Filtering* checkbox to filter out VLAN tagged packets that
arrive on an interface that has not the same VID as the packet.
Mark the Accept VLAN only* checkbox to no longer accept packets arriving on
this interface without a VLAN tag.
Choose your preferred Priority configuration from the list. This will make the
SpeedTouch™ to map the priority indication in the VLAN packet (IEEE 802.1p
value) to an internal priority class. This internal class can be taken into account
in other modules of the SpeedTouch™.
ꢀ
ꢀ
Disabled, to not perform priority mapping
Overwrite, to set the VLAN priority indication as the internal priority.
9
Click Apply.
The parameters that are marked with an asterisk (*) are only applicable
when the SpeedTouch™ Ethernet bridge is in VLAN enabled mode.
VLAN
Next to transparent bridging, the SpeedTouch™ is also capable of operating in a full
VLAN ID aware mode. By using VLAN tagging, it is possible to make distinction
between different virtual networks residing on the same physical Ethernet segment,
and as such define different properties for them.
VLAN interface
overview
On the VLAN page, there is an overview of all VLANs that are defined in the
member of it.
E-DOC-CTC-20051017-0151 v1.0
148
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
VLAN interface
configuration
Proceed as follows to add or remove Bridged Ethernet interfaces for a certain VLAN:
1
2
Select the VLAN you wish to edit.
A listing of all bridge interfaces will appear, each followed by a drop-down list.
Change the value of the drop-down list to add or remove interfaces from this
VLAN:
ꢀ
(none), which means that this interface is not a member of the selected
VLAN.
ꢀ
Tagged, which means that this interface is a member of the selected
VLAN, and that packets coming in and going out of the SpeedTouch™
will be VLAN tagged.
ꢀ
Untagged, which means that this interface is a member of the selected
VLAN, but that the VLAN functionality will be not visible outside the
SpeedTouch™. This means that inside the SpeedTouch™ VLAN will be
used to isolate interfaces from each other, but that outside of the
SpeedTouch™ no VLAN tagging will be used.
3
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
149
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.4.6 Routed Ethernet
Introduction The Routed Ethernet web page allows you to add and modify Routed Ethernet
interfaces.
Routed Ethernet interfaces can be used for creating end-to-end MAC Encapsulated
Routing (MER) connections, or for creating a destination interface to create Routed
PPPoE connections on, or to apply a routed PPPoE Relay scenario.
E-DOC-CTC-20051017-0151 v1.0
150
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.4.7 Routed IPoA
Creating a new Routed To add a new Routed IPoA Ethernet interface, proceed as follows:
IPoA Ethernet Interface
1
2
Click New.
Following fields become available:
ꢀ
ꢀ
ꢀ
Interface Name:
Is a name that has local significance only and allows to reference a
particular Routed IPoA interface
Local IP Address:
Is an IP address that must be configured on the local Routed IPoA
Ethernet interface and is provided by your ISP or system administrator.
Remote IP address:
Is an IP address that is configured on the device connected at the remote
end of the ATM virtual channel and is again supplied by your ISP or
system administrator
ꢀ
Destination Network:
This input field allows to specify all networks (0.0.0.0/0), a summarized
network (e.g. 20.0.0.0/24, 20.0.1.0/24, 20.0.2.0/24 and 20.0.3.0/24 can be
summarized into 20.0.0.0/22) or a specific network (e.g. 20.0.0.0/24).
Additional networks can be specified via entries in the forwarding table.
3
4
5
In the Interface box, type a unique interface name.
In the Destination list, select the interface you want to use for this connection.
Assuming a numbered IPoA link, configure the Local and Remote IP
addresses.
6
7
If required enable NAPT via the NAPT box (by default unchecked)
For IP connectivity beyond the local and remote IP address, a single or
summarized network can be supplied in the Destination Network field. In the
ultimate case "all destination networks" can be specified via the so-called
default route (0.0.0.0/0).
8
Click Apply.
If all field values are correctly specified, the Routed IPoA interface is created and
attached to the specified ATM virtual channel.
Generated IP routes In the assumption that Local IP, Remote IP and Destination Network are specified, 3
IP routes are automatically added:
ꢀ
ꢀ
ꢀ
A host route to Local IP address
A host route to the Remote IP address
A network route to the specified Destination Network.
E-DOC-CTC-20051017-0151 v1.0
151
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.4.8 PPTP-to-PPP Relay
Overview
The PPTP-to-PPP Relay, referred to as "Relay" further in this section, interacts with a
PPTP tunnelling application installed on the locally attached computers, for
example Microsoft's Dial-Up Networking.
A typical user-relay interaction scenario is as follows: A PPTP Tunnelling application
is started on one of the locally attached computers. This application establishes a
PPTP tunnel to the SpeedTouch™ and is the trigger for the Relay to come into
action. The Relay chooses a free PPPoA phonebook entry and from then on relays
all PPP frames sourced by the PPTP application from the tunnel to the virtual
channel identified by the phonebook entry and vice versa. At the remote end of the
virtual channel, the BRAS extracts the PPP frames, reconstructs the encapsulated IP
packets and forwards these to the Internet.
If, at the end of a session, the user disconnects the PPTP application, it destroys the
tunnel and the Relay subsequently releases the virtual channel.
Multiple users can initiate/terminate tunnels towards the Relay as long as there are
free ATM virtual channels on the DSL Line. The maximum number of tunnels may
however be restricted by DSL provider / ISP provisioning rules.
The SpeedTouch™ Relayed PPPoA page allows you to overview current active relay
session, currently maintained by the SpeedTouch™.
E-DOC-CTC-20051017-0151 v1.0
152
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.4.9 Virtual LAN
Concept The concept of VLAN was introduced as a way to solve many of the issues of a large
Layer 2 environment. It controls the traffic on a physical LAN. The physical LAN is
partitioned into multiple virtual LANs. Each VLAN is assigned a number, called the
VID, which identifies it uniquely within the network. Traffic between these systems
stays bottled up within their VLAN.
Although different VLANs use a common physical network, the traffic of each VLAN
is isolated from the other VLANs.
The Virtual LAN page
The Virtual LAN page gives you an overview of the Virtual LANs currently defined
on the SpeedTouch™. It also allows you to add new VLANs, and delete existing
VLANs.
Creating a new VLAN To add a Virtual LAN:
Click New.
1
2
3
4
5
In the Name box, type a unique name that describes the use of the VLAN.
In the VID box, enter the unique VLAN ID to be used for this VLAN.
Click Apply to create the VLAN you have defined.
Click Save All to make your changes permanent.
Using VLAN
The Virtual LANs that are defined can be used in the Ethernet Configuration pages
E-DOC-CTC-20051017-0151 v1.0
153
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.5 Local Networking
Overview
The Connections menu consists of the following topics:
Click ...
To ...
View/configure the SpeedTouch™ DHCP settings.
View/configure the SpeedTouch™ DNS settings.
View/configure the SpeedTouch™ Managed
Switch.
View/configure the SpeedTouch™ wireless access
point settings.
E-DOC-CTC-20051017-0151 v1.0
154
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.5.1 DHCP
Overview
The DHCP web page offers three tabs to configure the SpeedTouch™ 's DHCP
functionality:
ꢀ
ꢀ
ꢀ
To configure the general behaviour of the SpeedTouch™ 's DHCP server.
To configure the SpeedTouch™ DHCP relay.
To configure the SpeedTouch™ DHCP client.
DHCP Server The DHCP server configuration is split up in three sections:
ꢀ
To configure the SpeedTouch™ DHCP server ‘master’ settings and behaviour.
ꢀ
To overview current the SpeedTouch™ DHCP server's current leases, and/or
add/delete static DHCP lease entries.
ꢀ
To overview and add/delete DHCP address pools for the SpeedTouch™ DHCP
server.
As mentioned before, the SpeedTouch™ DHCP server - configuring local network
hosts - can be run in conjunction with one or more SpeedTouch™ DHCP clients or
SpeedTouch™ DHCP Relay agents, each created on behalf of a wide area
connection. I.e. for WAN interfaces the SpeedTouch™ offers DHCP client, or DHCP
relay support to configure MAC Encapsulated Routing (MER) or Routed IPoA
interfaces independently.
Server Config Following fields are available:
ꢀ
Activate server:
Select this check box to enable the SpeedTouch™ DHCP server.
ꢀ
Activate verify first:
Select this check box to enable IP address conflict network probing before
handing out an address to a client.
ꢀ
Activate trust client:
Select this check box if you want the SpeedTouch™ to take the IP address
suggested by a DHCP client into account.
E-DOC-CTC-20051017-0151 v1.0
155
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Server Leases
In case the SpeedTouch™ DHCP server is running this table holds all leases which
are assigned by the DHCP server to (accepted) DHCP clients.
Following lease parameters are shown:
ꢀ
ꢀ
ꢀ
ꢀ
Client ID:
The MAC address of the DHCP client.
Address:
The IP address leased by the DHCP client.
Pool:
The DHCP server address pool the lease IP address is taken from.
TTL:
The DHCP server lease's Time To Live (in seconds).
For a permanent DHCP lease, TTL displays infinite.
ꢀ
State:
The DHCP server lease state:
ꢀ
Free (in case of statically added DHCP leases):
Indicating unused DHCP server leases. No DHCP request from this
particular Client ID has been received by the DHCP server (yet).
ꢀ
Used:
Indicating assigned DHCP leases. A DHCP lease has been assigned to this
Client ID in the past (actually (Pool lease time)-TTL seconds ago).
As soon as a DHCP request is received, the SpeedTouch™ DHCP server will assign
the IP address matching the DHCP client's identity to this client (e.g. in case of a
renewal, or for static entries). If no pre-configured lease could be found in the table,
a new lease will be created when the client's request is granted.
Existing DHCP leases can be made static (i.e. TTL infinite) by selecting the
DHCP lease and clicking Lock.
DHCP leases can be added manually, e.g. for DHCP client devices that need a
"static" IP configuration. You can also remove existing DHCP leases.
E-DOC-CTC-20051017-0151 v1.0
156
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Address Pools One or more disjunctive DHCP server address pools can be created per existing
SpeedTouch™ interface using the Address Pool table. The first address pool
displayed in the table has the highest priority for a certain interface.
If you select one of the address pools, following fields become available:
ꢀ
ꢀ
ꢀ
ꢀ
Name:
The name of the DHCP server's address pool.
Interface:
The SpeedTouch™ interface for which the address pool applies.
Start address:
The start IP address of the DHCP server's address pool.
End address:
The end IP address of the DHCP server's address pool. Both the start and end
IP address define the IP address range used by the DHCP server to assign
leases.
ꢀ
ꢀ
ꢀ
ꢀ
Subnet mask:
The subnet mask of the DHCP server's address pool.
Lease time:
The maximum time a client is allowed to use the address.
Gateway:
The IP address that will be assigned to DHCP clients as their default gateway
Server:
The SpeedTouch™ IP address used as DHCP server address (applicable for
SpeedTouch™ multi-homing).
ꢀ
ꢀ
Primary DNS Server:
The IP address of the primary DNS server.
Secondary DNS Server:
The IP address of the secondary DNS server.
The table header shows following pool properties in addition:
ꢀ
ꢀ
State: the current DHCP server's address pool state.
PPP: the PPP interface used to fill the DHCP server's address pool dynamically
(dynamic pools only).
Address pool types Two kinds of DHCP server address pools can be envisaged:
ꢀ
ꢀ
Static address pools.
Dynamic address pools.
Static address pools are configured manually by the user (state = static); on the
other hand dynamic pools are configured dynamically based on the PPP-IPCP
parameters negotiated for a (Routed) PPP connection (PPP interface given in the
PPP column). When the PPP connection is up (state = up), all pool properties are
defined except for the lease time which has to be configured manually. At the
moment the PPP connection goes down (state = down) the pool parameters are
remain valid to preserve LAN connectivity. If the pool parameters have been
changed after the PPP connection comes up again, all associated leases are
updated as well.
E-DOC-CTC-20051017-0151 v1.0
157
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
DHCP Relay
The DHCP relay tab allows you to add/delete and overview SpeedTouch™ 's DHCP
relay interfaces.
The DHCP relay configuration is split up in two sections:
ꢀ
To add/delete and configure a DHCP relay server on a certain interface
ꢀ
To enable/disable and define the behaviour of the DHCP relay agent per
configured interface.
Relay Config The Relay Configuration table allows you to add or delete (additional) DHCP relay
agents for a specific interface.
To create a new DHCP relay agent:
1
2
3
Click New.
In the DHCP relay server box, type the IP address of the DHCP server.
In the Interface list, click the appropriate relay interface (click None to indicate
no interface is specified).
4
5
In the Gateway Address (giaddr) box, type the Gateway IP address to be used
for the giaddr field in relayed DHCP packets.
Click Apply.
Relay Interfaces
The Relay Interfaces table allows you to configure interface specific DHCP relay
settings as:
ꢀ
ꢀ
Enable/disable the DHCP relay server
The maximum number of hops allowed for relayed DHCP requests and replies
(as indicated in the DHCP packet)
ꢀ
ꢀ
Defining whether to forward (trusted) or to drop (not trusted) DHCP request
packets when a DHCP relay agent info option is present and the Gateway IP
address field is 0 (as specified in RFC3046).
Define the remote ID (as specified in RFC3046) to allow the DHCP relay agent
to relay DHCP responses to the proper network.
E-DOC-CTC-20051017-0151 v1.0
158
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
DHCP Client Dynamic interfaces are created and managed by means of the DHCP Client table.
Following fields are listed in the DHCP Client table:
ꢀ
Interface:
The name of the SpeedTouch™ logical interface for which this DHCP client
applies
ꢀ
ꢀ
The Address column shows the IP address assigned to the interface given in
the first column.
The State column shows the current state of the dynamic interface. According
to RFC2131, following states are envisaged:
ꢀ
init:
The DHCP client hasn't been activated yet. (You can activate a DHCP
client entry by selecting it and clicking Enable.
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
requesting:
The DHCP client is searching for a DHCP server.
selecting:
The DHCP client requests a server for an IP address.
bound:
A dynamic IP address has been assigned by the DHCP server.
renewing:
The DHCP client requests a known server to extend its lease.
rebinding:
The DHCP client searches a server to extend its lease.
ꢀ
The Timeout column is filled in for each DHCP client which is currently in the
"bound" state. It indicates the lease time of the assigned IP address.
For each of these interfaces you can configure following fields:
ꢀ
ꢀ
ꢀ
IP Address:
The preferred IP address to be assigned to the DHCP client. If not accepted, the
(remote) DHCP server may overrule this address.
Client ID:
MAC address of the SpeedTouch™ logical interface, to be communicated to
the (remote) DHCP server. If empty, the SpeedTouch™ 's MAC address is used.
Host name:
The host name associated with the dynamic IP address, to be communicated
to the (remote) DHCP server
ꢀ
ꢀ
User ID:
The user class identifier option to be associated with the lease.
Lease time:
The preferred duration of the lease of the dynamic IP address, if assigned. If
not accepted, the (remote) DHCP server may overrule this lease time.
ꢀ
Vendor ID:
Enable transmission of the vendor class identifier option (selected) or not
(cleared).
E-DOC-CTC-20051017-0151 v1.0
159
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.5.2 DNS
Overview
DNS is short for Domain Name System. It is a network functionality that allows
network members to use host names rather than IP addresses for referencing
networked computers.
The DNS web page consists of two sections:
ꢀ
ꢀ
Configuration In addition to the host name, a local computer needs the DNS domain name to
construct a fully qualified name. By default the SpeedTouch™ DNS's domain name
is lan. You can specify another (sub)domain name in the domain field (and Apply)
In normal conditions you should never disable the SpeedTouch™ DNS server,
surely not in case the SpeedTouch™ DHCP server is active on the local network as
well. If required however, you can disable the SpeedTouch™ DNS server by clearing
Activate Server (and Apply).
Disabling the SpeedTouch™ DNS server will disable all DNS forwarding
functionality as well. This may compromise end-to-end connectivity
through the SpeedTouch™ connections.
Hostname Table The Hostname Table shows all DNS host names (with respective IP address) the
SpeedTouch™ DNS server is aware of (for example entries created via DHCP server
replies to leases).
If not all computers reveal their hostname in the DHCP request, or even worse if
they do not support DHCP, static entries can be added to the local DNS database.
Proceed as follows:
1
2
Click New.
In the Hostname field, type the name you want to associate to the specified IP
address.
3
4
In the Address box, type the IP address of the computer.
Click Add.
Make sure to keep the database consistent.
!
E-DOC-CTC-20051017-0151 v1.0
160
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.5.3 Managed Switch
Overview
Your SpeedTouch™ is equipped with a four-port 10/100Base-T auto-sensing MDI/
MDI-X Ethernet switch. Each physical Ethernet port of the switch can be managed
individually for extended networking control and monitoring purposes.
The Managed Switch page consists of two sections:
ꢀ
ꢀ
ꢀ
provides an overview of each individual Ethernet port.
Allows per Ethernet port to configure some Ethernet port properties.
ꢀ
Mirror Configuration allows you to configure port mirroring and traffic
capturing.
Managed Ethernet Under Managed Ethernet Switch, you can select a port to change:
Switch
ꢀ
State.
Allows you to enable/disable the interface.
ꢀ
Speed/Duplex. Select either:
ꢀ
auto:
Auto negotiation of Ethernet communication speed (10Mb/s or 100Mb/s)
and Duplex mode (half duplex or full duplex).
ꢀ
ꢀ
ꢀ
ꢀ
10BaseTHD:
10Mb/s communication speed in half duplex mode.
10BaseTFD:
10Mb/s communication speed in full duplex mode.
100BaseTHD:
100Mb/s communication speed in half duplex mode.
100BaseTFD:
100Mb/s communication speed in full duplex mode.
E-DOC-CTC-20051017-0151 v1.0
161
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Mirror Configuration Port mirroring allows monitoring from one port (called mirrored port) to another
port (called mirror capture port). This functionality allows any port's Ingress and/or
Egress traffic to be monitored to a pre-defined "mirror capture port".
Depending on your configuration you can mirror (from mirror port to mirror capture
port):
ꢀ
ꢀ
ꢀ
The outgoing traffic
The incoming traffic
Both incoming and outgoing traffic.
E-DOC-CTC-20051017-0151 v1.0
162
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.5.4 Wireless
Availability This page is only available on SpeedTouch™ devices equipped with a wireless
access point.
Overview
The SpeedTouch™ IEEE802.11g compliant Wireless LAN (WLAN) interface allows
you to share its high-speed Internet connection with multiple networking clients in a
local network, without needing to (re-)wire your home.
The SpeedTouch™ acts as a wireless Access Point (AP), connecting wireless clients
and transferring data between them.
The wireless web page consists of four sections:
ꢀ
ꢀ
ꢀ
ꢀ
wireless access point
Security to overview and control the security settings and wireless client
access to the SpeedTouch™ 's wireless network segment
Associated stations to overview the wireless stations, currently associated
with the SpeedTouch™ wireless access point.
Networks to scan for wireless clients in your neighbourhood and scan for,
view, configure WDS connections with other wireless devices.
Be aware that in case you are connected wirelessly to the SpeedTouch™
and you change its wireless access point settings, wireless connectivity
may be lost!
!
E-DOC-CTC-20051017-0151 v1.0
163
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Access point settings
This section provides an overview and allows you to configure the basic wireless
networking parameters for your SpeedTouch™ wireless access point.
Following wireless access point settings can be viewed or configured:
ꢀ
Network Name (SSID):
The network name, also known as Service Set ID (SSID). For more
ꢀ
Rate:
Displays the current modulation rate in which the SpeedTouch™ is operating.
Take into consideration that if the distance between the SpeedTouch™ and the
clients increases the throughput decreases. Walls, closets and big metal
objects have a negative influence.
ꢀ
ꢀ
Channel Selection allows you to choose between:
ꢀ
ꢀ
Auto:
The best communication channel is automatically selected by the
SpeedTouch™ (recommended setting). The Current Channel displays the
channel currently in use.
A specific channel.
ꢀ
ꢀ
Regulatory Domain displays the access point’s Regulatory Domain.
Only stations with correct Network name (SSID) can connect:
If this check box is:
ꢀ
ꢀ
Cleared, the SpeedTouch™ broadcasts its SSID and accepts every client.
Selected, the SpeedTouch™ does not broadcast its SSID and accepts
only those clients who have the correct Network name (SSID).
ꢀ
ꢀ
Framebursting:
Allows you to enhance the performance of wireless networks by improving
the efficiency between the client and the access point if you have mainly
downstream traffic.
WMM:
WMM is enabled by default. Clear the check box to disable WMM.
ꢀ
ꢀ
Allow multicast frames sent to local clients.
Wireless interface enabled:
Allows you to enable/disable the wireless interface.
E-DOC-CTC-20051017-0151 v1.0
164
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Network Name (SSID) The WLAN's 'radio' link is a shared medium. As no physical connection exists
between the SpeedTouch™ and wireless clients, a name must be given to allow
unique identification of your WLAN radio link. This is done by the Network Name,
also known as Service Set ID (SSID). Wireless clients must be configured for the
same Network Name in order to be able to communicate with other clients on the
(W)LAN - via the SpeedTouch™ wireless access point.
To change the Network Name (SSID):
1
2
Type a Network Name of your choice.
Click Apply to immediately apply your changes.
Network Name
broadcast
By default the access point broadcasts its SSID and accepts every client. However,
for security reasons you are able to configure not to broadcast its SSID and to
accept only those clients who have exactly the same SSID, as configured on the
SpeedTouch™
To change the Network Name broadcasting configuration:
1
Select Only stations with correct Network Name (SSID) can connect to
disable Network Name broadcasting.
2
Click Apply to immediately apply your changes.
When you enable this option, the SSID will not be broadcasted. The SpeedTouch™
wireless network will no longer be visible in the list of available networks of your
wireless client.
Interoperability Mode
By default the interoperability mode allows for both IEEE 802.11g complaint
wireless clients and IEEE 802.11b compliant wireless clients to connect to the
SpeedTouch™.
To change the interoperability mode:
1
Select the desired option:
ꢀ
802.11g and b to allow both IEEE802.11b and IEEE802.11g compliant
wireless clients to connect to the SpeedTouch™
ꢀ
802.11g only to allow only IEEE802.11g compliant wireless clients
2
Click Apply to immediately apply your changes.
Channel By default the SpeedTouch™ chooses its radio channel automatically at start-up of
the access point on basis of the least interference with other access points.
To update the channel:
1
Click update to let the SpeedTouch™ re-evaluate the aerial conditions to base
the new channel selection on. Your changes will immediately be applied.
Wireless associated clients always follow the access point's radio channel selection.
They will change their channel into that of the new updated channel selection.
To configure a fixed channel:
1
In the Channel Selection list, click the desired channel. Be aware of your
region limitations.
2
Click Apply to immediately apply your changes.
To return to auto mode:
1
2
In the Channel Selection list, click auto.
Click Apply to immediately apply your changes.
E-DOC-CTC-20051017-0151 v1.0
165
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Enable/disable the To disable your wireless interface:
wireless interface
1
2
Clear wireless interface enabled.
Click Apply to immediately apply your changes.
All your wireless clients will be disconnected!
!
You can also disable your wireless interface by pressing the front panel
button for 10 seconds. When the WLAN led is extinguished, the interface is
disabled.
To enable the wireless interface:
1
2
Select Wireless interface enabled.
Click Apply to immediately apply your changes.
You can also enable your wireless interface by pressing the front panel
button for 10 seconds until the WLAN led starts flashing.
Security
The security configuration tab allows you to configure the SpeedTouch™:
ꢀ
ꢀ
Security Mode settings.
Access Control settings.
Security Mode
Three security levels are available for protecting the SpeedTouch™ wireless
network environment.
ꢀ
level 0:
No security, i.e. the data will not be encrypted, no authentication process will
be used.
ꢀ
level 1:
encrypting the traffic between the SpeedTouch™ and the clients by sharing a
pre-defined 64-bit or 128-bit Network key.
ꢀ
ꢀ
level 2:
WPA-PSK is the highest form of security available for home users but make
sure that your wireless client and client manager are compatible with it.
level 3:
WPA is the highest form of security available but make sure that your wireless
client and client manager are compatible with it. If you want to use this level of
encryption you must have a RADIUS (Remote Authentication Dial-in User
Service) server installed on your network.
By default the SpeedTouch™ access point uses security level 0, implying that no
encryption is used for wireless networking. In case security level 1 or 2 is active,
select Security Level 0 - no encryption to return to security level 0. Selecting this
security level has immediate effect. Data will no longer be encrypted. Therefore, to
re-access the wireless environment of the SpeedTouch™ you must first disable
security on your wireless client.
E-DOC-CTC-20051017-0151 v1.0
166
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
WEP
The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless
communication from eavesdropping.
WEP relies on a secret key that is shared between the wireless client (e.g. a laptop
with a wireless ethernet card and the SpeedTouch™. The fixed secret key is used to
encrypt packets before they are transmitted. I.e. during transmission between client
and AP ("in the air") the information in the packets is encrypted
To enable level1 - WEP:
1
2
Select Security Level 1 - WEP.
In the Type list, click the desired Data Security level (either 64-bit or 128-bit and
Alphanumeric or Hexadecimal).
3
In the Encryption key box, type a Network key of your choice. In case of:
ꢀ
ꢀ
ꢀ
ꢀ
64 bits, Alphanumeric:
The 40-bits Network key must consist of 5 alphanumeric characters.
64 bits, Hexadecimal:
The 40-bits Network key must consist of 10 hexadecimal digits.
128 bits, Alphanumeric:
The 104-bits Network key consists of 13 alphanumeric characters.
128 bits, Hexadecimal:
The 104-bits Network key consists of 26 hexadecimal digits.
4
Click Apply to immediately apply your changes.
WPA-PSK The SpeedTouch™ supports WPA-PSK which has 3 improvements regarding to
WEP:
ꢀ
Authentication via a 4-way handshake to check whether the Pre-Shared Keys
(PSKs) are the same.
ꢀ
Stronger encryption types:
ꢀ
Temporal Key Integrity Protocol (TKIP) (default): Instead of using a
fixed WEP key, TKIP uses in pairs temporary session keys which are
derived from the PSK during the 4-way handshake. For each packet
it uses a different key. TKIP also provides a message integrity check
(MIC) and a rekeying mechanism (in seconds).
ꢀ
Advanced Encryption Standard (AES): State-of-the-art encryption;
can only be used if all wireless devices in your WLAN support AES.
ꢀ
Message Integrity Check (MIC), which is a strong mathematical function in
which the recipient and transmitter each compute and compare the MIC. If
they don't match it is assumed that a third person has been trying to read the
data.
To enable level2 - WPA-PSK:
1
2
Select Security Level 2 - WPA-PSK (WPA Personal).
In the WPA passphrase box, type a passphrase (also known as Pre-shared key)
of your choice. The passphrase must consist of 8 to 63 ASCII characters or 64
HEX digits.
3
In the Encryption list, click the desired Encryption method (either TKIP or AES).
AES is not yet implemented in most clients but AES is implemented in
the SpeedTouch™ because it will be the future security standard.
4
5
Optionally select the rekeying interval.
Click Apply to immediately apply your changes.
E-DOC-CTC-20051017-0151 v1.0
167
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
WPA
WPA is the highest form of security available but make sure that your wireless client
and client manager are compatible with it. If you want to use this level of encryption
you must have a RADIUS (Remote Authentication Dial-in User Service) server
installed on your network.
To enable level2 - WPA:
1
2
Select Security Level 2 - WPA.
Enter the RADIUS settings provided by your network administrator in the
appropriate fields.
3
Click Apply to immediately apply your changes.
Access Control
Wireless client access control allows to authorize or explicitly inhibit access
between specific wireless clients and the SpeedTouch™ wireless access point
based on the wireless client's MAC address.
The Access Control tab allows you to manage the SpeedTouch™ Access Control
List (ACL).
By default New stations allowed automatically is selected. Any client with the
correct wireless settings (Network Name and, if required, Network key) will be
automatically associated to the SpeedTouch™ and will be allowed to send/receive
data via the SpeedTouch™ wireless access point. In case New wireless client
allowed is not selected, you must manually add the wireless clients and their
authorization to the access control list.
You can use the Association / Registration button to allow wireless clients to enter
the access control list. This button can be found on the back panel of the
SpeedTouch™, or on the Access Control tab. Pressing this button triggers the
SpeedTouch™ to unlock the access control list for a time frame of one minute, after
which the access control list is locked again. Any wireless clients trying to associate
with the SpeedTouch™ having the correct wireless settings (Network Name and, if
required, Network key) will be added to the table.
Per wireless client present in the access control list, the following information is
provided and can be re-configured:
ꢀ
ꢀ
An intuitive name for the wireless client
Whether the wireless client is allowed (select yes) or not (select no) to
exchange data between the wireless clients and the SpeedTouch™.
Regardless of whether registration of wireless clients is controlled via the
Association / Registration button or not, you can always manually add/delete clients
to/from the access control list or define wireless clients that are specifically allowed
(select yes) or not allowed (select no) to access the SpeedTouch™ wireless network.
To delete all wireless clients from the access control list, click Flush. Be aware that if
you are connected wirelessly to the SpeedTouch™, you will lose your connection.
Associated stations The Associated Stations tab allows you to overview the currently associated
clients.
To add an associated station to the access control list:
1
Select the entry you want to explicitly add to the ACL. Associated stations that
are not present in the ACL yet, are identified by the name Not Registered
(ACL).
2
3
4
To change the access rights for this station, click Access Control.
Change the name of the station (optional but recommended).
In the Allowed list, click:
E-DOC-CTC-20051017-0151 v1.0
168
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
ꢀ
ꢀ
Yes to allow it to exchange data with other stations.
No to explicitly deny the station to associate with the SpeedTouch™.
5
Click Apply to immediately apply your changes.
Networks
The Networks tab allows you to:
ꢀ
ꢀ
Other Networks The Other Networks tab allows you to overview the wireless networks in your
neighbourhood.
To scan for other wireless networks:
1
2
3
Click Scan.
The SpeedTouch™ scans all channels for wireless networks.
The SpeedTouch™ lists the available networks in the table.
WDS The Wireless Distribution System (WDS) allows you to extend the range of your
SpeedTouch™ by means of one or more wireless repeater(s).
To allow a WDS connection with a specific access point:
1
2
3
Click New.
In the Name box, type an appropriate name for the access point.
In the BSSID box, type the BSSID of the access point.
E-DOC-CTC-20051017-0151 v1.0
169
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.6 Firewall
Overview
The Firewall menu consists of the following topics:
Click ...
To ...
view/configure interface, or IP, or Service related
expressions. For more information, see
view/configure the SpeedTouch™ Stateful
Inspection Firewall security level and its policies.
view log messages for SpeedTouch™ firewall
events.
E-DOC-CTC-20051017-0151 v1.0
170
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.6.1 Policy
Firewall levels The Level list allows you to choose between the following level:
ꢀ
ꢀ
ꢀ
Disabled:
All traffic is allowed to pass through your SpeedTouch™. Game and
Application sharing is allowed by the firewall.
BlockAll:
Use this Security Level to block all traffic from and to the Internet. Game and
Application sharing is not allowed by the firewall.
High:
Use this Security Level to block all outgoing connections except well known
applications (DNS, HTTP, HTTPS, FTP, TELNET, IMAP, POP) and block all
incoming connections. Game & Application sharing is not allowed by the
firewall.
ꢀ
Medium:
Use this Security Level to allow all outgoing connections except Windows
protocols (NetBIOS, RPC, SMB) and block all incoming connections. Game and
Application sharing is allowed by the firewall.
ꢀ
ꢀ
Standard:
Use this Security Level to allow all outgoing connections and block all
incoming traffic. Game and Application sharing is allowed by the firewall.
Low:
Use this Security Level to allow all outgoing connections and block all
incoming traffic except Internet Control Management Protocol (ICMP). Game
and Application sharing is allowed by the firewall.
E-DOC-CTC-20051017-0151 v1.0
171
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Buttons Click:
ꢀ
Customize... to create a new firewall level starting from the selected firewall
ꢀ
Set Active to activate the selected firewall rule.
To save the new configuration, click Save All.
!
Loose UDP tracking
If this check box is:
ꢀ
Selected:
The source port of the original UDP connection is opened for all hosts which
want to connect to this port.
This can be configured for example for gaming: to allow the client to
receive information from other players of the same online game, loose
udp tracking should be configured to allow incoming packets on the
port that was used to start the communication with the server.
ꢀ
Cleared:
Only returning UDP streams belonging to the same connection are allowed.
Game & Application Select this check box to allow the firewall to open ports for "games and application
sharing" in order to use applications like Peer-to-Peer file sharing (PtoP), Internet
Games, Web serving, FTP serving, WebCams, IRC DDC, and Instant Messaging such
as AIM, ICQ, Yahoo and MS Messenger.
Sharing Allowed
Proxying allowed
Select this check box to allow the firewall to act as a proxy server.
A proxy server acts both as a server and a client for the purpose of making requests
on behalf of other clients. Requests are serviced internally or by passing them on to
other servers. A proxy interprets, and, if necessary, rewrites a request message
before forwarding it. For example HTTP Intercept.
Read only
The default levels are set read only to indicate you cannot change or add rules. Click
customize to copy the level and add or change rules. The read only check box is
only present when a default level is active.
E-DOC-CTC-20051017-0151 v1.0
172
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
Creating a firewall rule Proceed as follows to create a new security level and to add rules:
1
2
3
4
5
Select one of the six security levels.
Click Customize.
Type name and description for the new security level and click Apply.
Click New to add a rule.
Fill in all the fields.
ꢀ
Index:
The index of the firewall rule. The firewall hierarchically goes through the
rules, starting from rule 1. When no rule is hit, the firewall will block the
traffic because of his default behaviour.
ꢀ
ꢀ
ꢀ
Name:
The name of the rule.
Source Interface:
The source interface. (e.g. _lan1, _wan1, _dmz1,...)
Source IP - Select:
The name of the source IP expression.
You can also type an IP address.
ꢀ
ꢀ
Destination Interface:
The destination interface (e.g. _lan1, _wan1, _dmz1,...)
Destination IP- Select:
The name of the destination IP expression.
You can also type an IP address.
ꢀ
ꢀ
Service:
The service or protocol. (e.g. smtp, http, telnet,...)
Flags:
ꢀ
Enable:
To enable the rule or not.
ꢀ
Log:
To log the actions concerning this rule. You can see the result in
Firewall > Log.
ꢀ
Action:
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
Accept:
The connection is accepted.
Deny:
Send to the sender that the packet could not be delivered.
Drop:
The packet is silently discarded.
Reset:
Reset of the connection.
Count:
Counts the number of connections that match the rule description.
Contrary to other actions this action does not stop further parsing
of the firewall rules database.
The results are shown in the Hits column.
6
Click Apply.
E-DOC-CTC-20051017-0151 v1.0
173
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
7
Click Set Active to activate the new settings.
E-DOC-CTC-20051017-0151 v1.0
174
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.6.2 Log
Introduction The Log page allows you to view log messages when:
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
ꢀ
a firewall rule is hit.
the firewall is enabled or disabled.
the firewall level is changed.
a firewall rule is created.
a firewall rule is modified.
a firewall rule is deleted.
E-DOC-CTC-20051017-0151 v1.0
175
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.7 VPN
Availability The VPN feature is only available if you activated the VPN software module. For
Overview
The VPN menu consists of following items
Click ...
To ...
connect your LAN with a remote LAN through an
IPSec VPN tunnel.
set up a connection between the SpeedTouch™
and a remote VPN server.
set up the SpeedTouch™ as a VPN server.
manage your authentication certificates.
configure VPN tunnels with a component oriented
environment.
see status, statistics and logging.
E-DOC-CTC-20051017-0151 v1.0
176
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.7.1 LAN to LAN
Tabs The LAN to LAN page consists of two tabs. Select:
ꢀ
Remote Gateway Address Known as the starting page when the
SpeedTouch™ must be able to initiate a VPN connection.
ꢀ
Remote Gateway Address Unknown as the starting page when the
SpeedTouch™ only needs to have responder capability. By not specifying the
Remote Gateway Address, you allow additional sites to join the VPN without
requiring any modification to the configuration of your SpeedTouch™.
Configuration Perform the following steps to configure your LAN to LAN application:
procedure
1
On the LAN to LAN web page, select either Remote Gateway Address Known
or Remote Gateway Address Unknown.
2
3
4
Configure the Remote Gateway parameters.
Define the Connection parameters.
Save the configuration.
E-DOC-CTC-20051017-0151 v1.0
177
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.7.2 VPN Client
The VPN Client page
The VPN client in the SpeedTouch™ can replace a software VPN client installed on a
computer. You can use it for example to connect from your home to your
employer’s corporate network for tele-working. The VPN Client page allows you to
configure a VPN client that functions in Initiator mode. This means that the VPN
client takes the initiative to set up a secure connection to a remote VPN server.
Configuration Perform the following steps to configure your VPN client:
procedure
1
2
3
Select VPN > VPN Client.
Fill out the various parameter fields in the VPN Client web page.
Select the IKE Authentication method. Either Preshared Key or Certificate
Authentication can be selected.
4
5
Select the Start Mechanism. Either manual dial-in or Automatic Start (Always
On) can be selected.
Click Add to confirm the data and Save All to save the configuration.
E-DOC-CTC-20051017-0151 v1.0
178
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.7.3 VPN Server
The SpeedTouch™ as In a VPN client-server scenario, the VPN server is always the responder in the IKE
negotiations. Various VPN clients can dial in to a VPN server, since it supports
multiple simultaneous VPN connections. A VPN server does not know a priori which
remote Security Gateway will attempt to set up a VPN connection. In time, new
users may join the VPN. It is an advantage that the SpeedTouch™ VPN server
requires no modifications to its configuration when new clients are added to the
VPN. The SpeedTouch™ can establish a secure connection with any Remote
Gateway that meets the VPN settings, regardless its location in the public network.
VPN Server
The use of the Extended Authentication protocol can optionally be configured. In
this case, a list of authorized users is composed and stored in the SpeedTouch™.
Configuration Perform the following steps to configure your VPN server:
procedure
1
2
3
Select VPN > VPN Server.
Fill out the various parameter fields in the VPN Server web page.
Select the IKE Authentication method. Either Preshared Key or Certificate
Authentication can be selected.
4
Click Apply to confirm the data and Save All to make the configuration
permanent.
Optional: If you use the Extended Authentication protocol, you have to compose an
authorized users list.
E-DOC-CTC-20051017-0151 v1.0
179
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.7.4 Certificates
Certificates pages The Certificates pages allow you to manage your certificates.
Secure Storage page
Request Import page
This page shows the list of certificates stored in the SpeedTouch™.
This page allows importing new certificates from a Certificate Authority into the
SpeedTouch™.
CRL page
CEP page
This page allows managing the use of Certificates Revocation Lists.
This page allows configuring the Certificates Enrollment Protocol settings.
E-DOC-CTC-20051017-0151 v1.0
180
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.7.5 Advanced
When to use The Advanced VPN menu gives access to two main pages where the complete
IPSec configuration can be done. These pages are component-oriented, as opposed
oriented means that a number of components are constructed and subsequently
combined.
It is highly recommended to use the application-oriented web pages for
VPN configurations. Only in exceptional cases, these pages will not be
sufficiently flexible to fulfil your requirements. Only in these cases, the
Advanced VPN menu should be used.
How to use
Configuring an operational IPSec connection basically consists of the definition of a
Peer Profile and a Connection Profile. The Peer represents the remote Security
Gateway and all the parameters required to set up an IKE Security Association to
this Security Gateway. A Connection represents the IPSec connection and all its
associated parameters.
All parameters of an IPSec configuration can be adjusted, so the functionality of
these web pages corresponds to the Command Line Interface (CLI). Choices have to
be made in accordance to the data known to the user, and the VPN layout.
The Advanced VPN menu should be used by skilled persons only, as these
pages allow you to manually adjust configuration components that are in
general automatically generated by the SpeedTouch™. Therefore, take care
!
when altering settings in the Advanced VPN menu.
E-DOC-CTC-20051017-0151 v1.0
181
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.7.6 Debug
Status page
This page shows the status of the IKE Security Association (Phase 1) and the IPSec
Security Association(s) (Phase 2). For an operational VPN connection, both an IKE
Security Association and an IPSec Security Association should be active.
Statistics page
Logging page
This page shows the amount of traffic carried over the IKE Security Association
(Phase 1) and the IPSec Security Association(s) (Phase 2).
On the Logging page you can monitor the received and transmitted messages of
the IKE and IPSec negotiations.
Proceed as follows:
1
2
Browse to Expert mode > VPN > Debug > Logging.
Select the desired level of Trace Detail. Select high to see the most detailed
level of logging.
3
4
Start the VPN connection.
Browse again to Expert mode > VPN > Debug > Logging.
Tear Down All Tunnels On this page you can halt all established VPN tunnels.
E-DOC-CTC-20051017-0151 v1.0
182
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
5.8 SIP PBX
Availability The SIP PBX feature is only available if you activated the SIP PBX software module.
SpeedTouch™ SIP PBX The SpeedTouch™ has a key role in the enhancement of Voice over IP services for
corporations, universities or enterprises. Using the SpeedTouch™ integrated multi-
media SIP PBX, the user can secure the SIP communications and manage, without
involvement of the operator, certain local services such as registration blocking,
sessions screening, sessions logging. The added value of a PBX is now available in
a SIP-enabled network!
Enabling the SIP PBX
To enable the SIP PBX:
1
2
3
4
On the SpeedTouch menu, click SpeedTouch Services.
Select the SIP PBX, registrar... entry.
Under Service properties, click Service enabled.
Optionally, you can change the SIP port in the Internal TCP/UDP port: box.
Overview
The SIP PBX menu consists of:
ꢀ
ꢀ
ꢀ
ꢀ
General The General page allows you to:
ꢀ
Set or change the default proxy and registrar:
By default, these fields are left empty. This implies that if you configure a SIP
User to use the default settings, this User Agent is only allowed to register to
the SIP PBX.
It is possible to add a specific registrar/proxy for a user, overriding the
default registrar/proxy.
ꢀ
ꢀ
The forward time out is the time in seconds, in which the SIP PBX expects a
reply from an outbound proxy/registrar. When the timer expires, the SIP PBX
stops the attempt to communicate externally. This implies that the User
Agents will only be working locally.
When the Allow all registration check box is selected, then all User Agents are
allowed to register to the SIP PBX. If not, only the User Agents that are
configured in Location Service > My Users, will be allowed to register.
E-DOC-CTC-20051017-0151 v1.0
183
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5
Expert Configuration
ꢀ
Enable/disable call screening.
Location Service
The Location Service page allows you to:
ꢀ
ꢀ
View the registered users.
Add new SIP users.
Call Logging All inbound and outbound SIP sessions that cross the multi-media SIP PBX can be
monitored from the SpeedTouch™web interface.
Both successful and failed calls will be shown.
This is a useful tool to supervise the SIP communications involving your LAN User
Agents.
The Syslog Settings tab allows you to log SIP call information to the syslog.
Call Screening
To increase SIP communications security, it may make sense to block sessions
originating from either side of the network that are associated with particular users
or groups, on account of fraud, abuse, and so forth.
E-DOC-CTC-20051017-0151 v1.0
184
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 6
Software Keys
6 Software Keys
Introduction A Software Key is a tool to disclose or activate services or software modules.
The following Software modules can be activated:
ꢀ
ꢀ
ꢀ
ꢀ
VPN256-32, VPN16-4, VPN16-1:
Integrated VPN IPSec capability (SpeedTouch™620 only)
VPN16-4:
Integrated VPN IPSec extesnsion (SpeedTouch™608/608 WL only)
ISDN:
Integrated ISDN Modem full capacity (SpeedTouch™608 WL/620 only)
SIP256:
SIP Multi-Media PBX capability (SpeedTouch™620 only)
HowtoactivateaSoftware
module
Proceed as follows to activate a software module:
1
The SpeedTouch™ home page appears.
Select Expert Mode > SpeedTouch > Add-On.
The Add-On page appears.
2
E-DOC-CTC-20051017-0151 v1.0
185
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 6
Software Keys
3
Select the desired software module to open the registration web site on the
Internet.
Complete the form to request a new software Key.
4
Select the Request Software Key button to proceed.
As a result you will get a text box with the key in it.
5
6
Copy the key and past it into the Software Activation Code Input Display and
click the Add button.
Click the Restart button, to restart the SpeedTouch™and activate the software
module. A progress bar will show, indicating the time needed.
E-DOC-CTC-20051017-0151 v1.0
186
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 7
Troubleshooting
7 Troubleshooting
Introduction This chapter suggest solutions for problems you may encounter while installing or
configuring y our SpeedTouch™.
If the suggestions do not resolve the problem, look at the support pages on http://
www.speedtouch.com/support or contact your service provider.
For Internet connection troubleshooting, refer to the provided Installation and
Setup Guide.
Topics
In this chapter:
ꢀ
ꢀ
ꢀ
E-DOC-CTC-20051017-0151 v1.0
187
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 7
Troubleshooting
7.1 General SpeedTouch™ Troubleshooting
SpeedTouch™ does not
work
If none of the LEDs light up, make sure that:
ꢀ
ꢀ
The SpeedTouch™ is plugged into a power socket outlet.
You are using the correct power supply for your SpeedTouch™ device.
The power requirements for your SpeedTouch™ are clearly indicated
on the identification label on the bottom of the SpeedTouch™.
ꢀ
The SpeedTouch™ is turned on via the rocker switch at the back panel.
SpeedTouch™ If your SpeedTouch™ is cannot be reached due to misconfiguration, you might
consider a hardware reset to factory defaults as described in “7.3 Reset to Factory
unreachable
However, note that resetting the SpeedTouch™ to its factory settings will
revoke all the changes you made to the configuration.
!
Poor SpeedTouch™ Make sure that the SpeedTouch™ is installed and configured as instructed in the
Installation and Setup Guide or as instructed by the Service Provider.
performance
E-DOC-CTC-20051017-0151 v1.0
188
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 7
Troubleshooting
7.1.1 Wired Ethernet Troubleshooting
LANLEDdoesnotlightup Make sure that:
The LAN cable is securely connected to the 10/100Base-T port.
You are using the correct cable type for your Ethernet equipment, that is UTP
CAT5 with RJ-45 connectors.
ꢀ
ꢀ
E-DOC-CTC-20051017-0151 v1.0
189
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 7
Troubleshooting
7.1.2 Wireless Ethernet Troubleshooting
Not able to connect Check the following:
wireless clients
ꢀ
If registration is enabled, you must press the 'Association' button to register
the wireless client or search for wireless devices via the embedded Web
pages.
ꢀ
Make sure the SpeedTouch™ Association Control List is not locked. You can
check this on the Web pages. On the Wireless Access Point settings, make sure
New stations are not allowed is NOT selected.
No wireless connectivity
Make sure that:
ꢀ
ꢀ
ꢀ
Both the wireless client adapter and the SpeedTouch™ are allowed to connect
through wireless channels as defined for local regulatory domain.
The WLAN client is configured for the correct wireless settings (SSID, security
settings).
Check the signal strength, indicated by the wireless client manager. If the
signal is low, try to place the SpeedTouch™ or to direct the SpeedTouch™’s
antenna for optimal performance.
ꢀ
Make sure that the wireless client adapter is enabled (message like “radio
on”).
Poor wireless
Check the following:
connectivity or reach
ꢀ
Choose automatic channel selection or carefully select a radio channel that
does not interfere with other radio channels.
ꢀ
Make sure both the WLAN client adapter and the SpeedTouch™ are allowed to
connect through wireless channels as defined for local regulatory domain.
ꢀ
ꢀ
Check the location of the SpeedTouch™ in the building.
Check the signal strength, indicated by the wireless client manager. If the
signal is low, try to place the SpeedTouch™ or to direct the SpeedTouch™’s
antenna for optimal performance.
E-DOC-CTC-20051017-0151 v1.0
190
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 7
Troubleshooting
7.1.3 Upgrade Troubleshooting
Error messages
While upgrading your SpeedTouch™ via the Web pages, one of the following
messages may appear:
Message
Due to
Failed to retrieve new software
version from the support site. Try
again later.
ꢀ
The file does not exist,
meaning there is no newer
software release.
ꢀ
Loss of connectivity. Try again
later.
An internal error (switchover from
active to passive build failed, out of
disk space,...) occurred. Try again
later. If the problem persists, contact
your help desk.
Could not install the new software
version. If problem persists, contact
your help desk.
E-DOC-CTC-20051017-0151 v1.0
191
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 7
Troubleshooting
7.2 UPnP™ on Windows XP Systems
SpeedTouch™ not Check the following:
detected by UPnP™ or
IGD Control Client
ꢀ
ꢀ
ꢀ
Make sure the UPnP™ and Internet Gateway Device Control Client Networking
components are added to your Windows XP system.
Your computer doesn’t support UPnP™ if you run an operating system other
than Windows XP and Windows Millennium.
Make sure that UPnP™ is not disabled in the SpeedTouch™ Web page; see
Adding UPnP™ If you are running Microsoft Windows XP, it is recommended to add the UPnP™
component to your system.
Proceed as follows:
1
In the Start menu, click (Settings >) Control Panel.
The Control Panel window appears.
2
Click Add or Remove Programs.
The Add or Remove Programs window appears.
Click Add/Remove Windows Components.
3
4
In the Windows Components Wizard, select Networking Services in the
Components list and click Details.
5
In the Networking Services window, select Universal Plug and Play or UPnP
User Interface and click OK.
6
7
Click Next to start the installation and follow the instructions in the Windows
Components Wizard.
At the end of the procedure the wizard informs you that the installation was
successful. Click Finish to quit.
E-DOC-CTC-20051017-0151 v1.0
192
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 7
Troubleshooting
Adding IGD Discovery Your Windows XP system is able to discover and control Internet Gateway Devices
(IGD), like the SpeedTouch™ on your local network. Therefore it is recommended to
add the IGD Discovery and Control client to your system.
and Control
Proceed as follows:
1
2
3
On the Windows taskbar, click Start.
Select (Settings >) Control Panel > Add or Remove Programs.
In the Add or Remove Programs window, click Add/Remove Windows
Components.
The Windows Components Wizard appears:
4
5
Select Networking Services in the Components list and click Details.
In the Networking Services window, Select Internet Gateway Device
Discovery and Control Client and click OK.
6
7
Click Next to start the installation and follow the instructions in the Windows
Components Wizard.
At the end of the procedure the wizard informs you that the installation was
successful. Click Finish to quit.
E-DOC-CTC-20051017-0151 v1.0
193
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 7
Troubleshooting
7.3 Reset to Factory Defaults
Resetting your
SpeedTouch™
You might consider a reset to factory defaults as described below.
Be aware that a reset to factory defaults will revoke all configurational
!
changes you made to the SpeedTouch™.
You can choose between:
ꢀ
ꢀ
A reset to factory default settings deletes the configuration profile settings.
Therefore, after the reset, a reconfiguration of your SpeedTouch™ will be needed.
Also your WLAN clients will have to be re-associated, as described in
Software reset Proceed as follows:
1
2
3
Go to the SpeedTouch™ Web pages.
In the menu, select SpeedTouch > Configuration.
In the Pick a task list, click Reset my SpeedTouch to default settings.
The SpeedTouch™ restarts.
4
The SpeedTouch™ returns to the SpeedTouch™ home page (unless the IP
address of your computer is not in the same subnet as the default IP address
of the SpeedTouch™, being 192.168.1.254).
Hardware reset Proceed as follows:
1
2
Make sure the SpeedTouch™ is turned on.
Use a pen or an unfolded paperclip to push the recessed reset button on the
back panel. The reset button is marked with a red circle. Push it until the power
LED lights red - this will take about 7 seconds.
ISDN
ON
Asso-
Reset
ciation
OFF
18VAC
Console
1
2
3
4
3
Release the reset button.
E-DOC-CTC-20051017-0151 v1.0
194
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 7
Troubleshooting
4
The SpeedTouch™ restarts.
Your system administrator may have disabled the physical reset button of
the SpeedTouch™. In this case, a hardware reset to defaults is not possible.
!
E-DOC-CTC-20051017-0151 v1.0
195
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 7
Troubleshooting
E-DOC-CTC-20051017-0151 v1.0
196
Download from Www.Somanuals.com. All Manuals Search And Download.
Download from Www.Somanuals.com. All Manuals Search And Download.
©
H
O
0
g
s
ed.
-
D
C
200
5
0
-
0
5
v1.
Need more help?
Additional help is available online at www.speedtouch.com
Download from Www.Somanuals.com. All Manuals Search And Download.
|