Download: Mirror Download [FCC.gov] Document ID 1533282 Application ID sbazlsFM63ekmTAuXFnh8w== Document Description W1002n_UsMan Short Term Confidential No Permanent Confidential No Supercede No Document Type User Manual Display Format Adobe Acrobat PDF - pdf Filesize 186.68kB (2333454 bits) Date Submitted 2011-08-31 00:00:00 Date Available 2011-08-31 00:00:00 Creation Date 2011-08-18 14:46:40 Producing Software FOP 0.20.5 Document Lastmod 2011-08-22 16:43:47 Document Title W1002n_UsMan
Manual
Funkwerk Enterprise Communications GmbH
Manual
bintec WLAN and Industrial WLAN
Reference
CopyrightŠ Version 10.1, 2011 Funkwerk Enterprise Communications GmbH
bintec WLAN and Industrial WLAN
Manual
Funkwerk Enterprise Communications GmbH
Legal Notice
Aim and purpose
This document is part of the user manual for the installation and configuration of funkwerk devices. For
the latest information and notes on the current software release, please also read our release notes,
particularly if you are updating your software to a higher release version. You will find the latest release
notes under www.funkwerk-ec.com .
Liability
This manual has been put together with the greatest possible care. However, the information contained in this manual is not a guarantee of the properties of your product. Funkwerk Enterprise Communications GmbH is only liable within the terms of its conditions of sale and supply and accepts no liability for technical inaccuracies and/or omissions.
The information in this manual can be changed without notice. You will find additional information and
also release notes for funkwerk devices under www.funkwerk-ec.com .
Funkwerk devices make WAN connections as a possible function of the system configuration. You
must monitor the product in order to avoid unwanted charges. Funkwerk Enterprise Communications
GmbH accepts no responsibility for data loss, unwanted connection costs and damage caused by unintended operation of the product.
Trademarks
funkwerk trademarks and the funkwerk logo, bintec trademarks and the bintec logo, artem trademarks
and the artem logo, elmeg trademarks and the elmeg logo are registered trademarks of Funkwerk Enterprise Communications GmbH.
Company and product names mentioned are usually trademarks of the companies or manufacturers
concerned.
Copyright
All rights reserved. No part of this manual may be reproduced or further processed in any way without
the written consent of Funkwerk Enterprise Communications GmbH. The documentation may not be
processed and, in particular, translated without the consent of Funkwerk Enterprise Communications
GmbH.
You will find information on guidelines and standards in the declarations of conformity under
www.funkwerk-ec.com .
How to reach Funkwerk Enterprise Communications GmbH
Funkwerk Enterprise Communications GmbH, SĂźdwestpark 94, D-90449 Nuremberg, Germany,
Phone: +49 911 9673 0, Fax: +49 911 688 07 25
Funkwerk Enterprise Communications France S.A.S., 6/8 Avenue de la Grande Lande, F-33174
Gradignan, France, Phone: +33 5 57 35 63 00, Fax: +33 5 56 89 14 05
Internet: www.funkwerk-ec.com
bintec WLAN and Industrial WLAN
Table of Contents
Funkwerk Enterprise Communications GmbH
Table of Contents
Chapter 1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Chapter 2
About this guide. . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 3
Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1
Setting up and connecting . . . . . . . . . . . . . . . . . . . . . .
3.2
Cleaning. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12
3.3
Support information . . . . . . . . . . . . . . . . . . . . . . . .
12
Chapter 4
Basic configuration . . . . . . . . . . . . . . . . . . . . . . 14
4.1
Presettings . . . . . . . . . . . . . . . . . . . . . . . . . . .
14
4.1.1
Preconfigured data . . . . . . . . . . . . . . . . . . . . . . . .
14
4.1.2
Software update . . . . . . . . . . . . . . . . . . . . . . . . .
15
4.2
System requirements . . . . . . . . . . . . . . . . . . . . . . .
16
4.3
Preparations . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
4.3.1
Gathering data . . . . . . . . . . . . . . . . . . . . . . . . . .
16
4.3.2
Configuring a PC . . . . . . . . . . . . . . . . . . . . . . . . .
18
4.4
IP configuration. . . . . . . . . . . . . . . . . . . . . . . . . .
19
4.5
Modify system password. . . . . . . . . . . . . . . . . . . . . .
22
4.6
Setting up a wireless network . . . . . . . . . . . . . . . . . . .
22
4.7
Setting up a bridge link . . . . . . . . . . . . . . . . . . . . . .
23
4.8
Software Update . . . . . . . . . . . . . . . . . . . . . . . . .
24
Chapter 5
Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
bintec WLAN and Industrial WLAN
Table of Contents
ii
Funkwerk Enterprise Communications GmbH
Chapter 6
Technical data . . . . . . . . . . . . . . . . . . . . . . . . 28
6.1
Scope of supply . . . . . . . . . . . . . . . . . . . . . . . . .
28
6.2
General Product Features . . . . . . . . . . . . . . . . . . . . .
30
6.3
LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
6.4
Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . .
43
6.5
Antenna connectors for industrial WLAN devices with 802.11n support .
45
6.6
Pin Assignments . . . . . . . . . . . . . . . . . . . . . . . . .
46
6.6.1
Ethernet interface . . . . . . . . . . . . . . . . . . . . . . . . .
46
6.6.2
Serial interface . . . . . . . . . . . . . . . . . . . . . . . . . .
47
6.6.3
Socket for power supply . . . . . . . . . . . . . . . . . . . . . .
47
6.7
Frequencies and channels . . . . . . . . . . . . . . . . . . . . .
48
6.8
WEEE information . . . . . . . . . . . . . . . . . . . . . . . .
49
Chapter 7
Access and configuration. . . . . . . . . . . . . . . . . . . 50
7.1
Access Options. . . . . . . . . . . . . . . . . . . . . . . . . .
50
7.1.1
Access via LAN . . . . . . . . . . . . . . . . . . . . . . . . .
50
7.1.2
Access via the Serial Interface . . . . . . . . . . . . . . . . . . .
53
7.2
Logging in . . . . . . . . . . . . . . . . . . . . . . . . . . . .
55
7.2.1
User names and passwords in ex works state . . . . . . . . . . . .
55
7.2.2
Logging in for Configuration . . . . . . . . . . . . . . . . . . . .
56
7.3
Configuration options . . . . . . . . . . . . . . . . . . . . . . .
56
7.3.1
Funkwerk Configuration Interface for advanced users . . . . . . . . .
57
7.3.2
SNMP shell . . . . . . . . . . . . . . . . . . . . . . . . . . .
72
7.4
BOOTmonitor . . . . . . . . . . . . . . . . . . . . . . . . . .
72
Chapter 8
Assistants . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
Table of Contents
Chapter 9
System Management . . . . . . . . . . . . . . . . . . . . . 76
9.1
Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
76
9.2
Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . .
79
9.2.1
System . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
79
9.2.2
Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . .
82
9.2.3
Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . .
83
9.2.4
System Licences . . . . . . . . . . . . . . . . . . . . . . . . .
87
9.3
Interface Mode / Bridge Groups. . . . . . . . . . . . . . . . . . .
90
9.3.1
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . .
92
9.4
Administrative Access . . . . . . . . . . . . . . . . . . . . . . .
96
9.4.1
Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
96
9.4.2
SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
97
9.4.3
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
9.5
Remote Authentication . . . . . . . . . . . . . . . . . . . . . . 102
9.5.1
RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
9.5.2
TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
9.5.3
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
9.6
Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
9.6.1
Certificate List . . . . . . . . . . . . . . . . . . . . . . . . . . 113
9.6.2
CRLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
9.6.3
Certificate Servers . . . . . . . . . . . . . . . . . . . . . . . . 123
Chapter 10
Physical Interfaces . . . . . . . . . . . . . . . . . . . . .
10.1
Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . 125
10.1.1
Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . 125
10.2
Serial Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
10.2.1
Serial Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
10.3
Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
bintec WLAN and Industrial WLAN
125
iii
Table of Contents
iv
Funkwerk Enterprise Communications GmbH
10.3.1
Relay Configuration . . . . . . . . . . . . . . . . . . . . . . . . 132
Chapter 11
LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11.1
IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 133
11.1.1
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
11.2
VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
11.2.1
VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
11.2.2
Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . 140
11.2.3
Administration . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Chapter 12
Wireless LAN . . . . . . . . . . . . . . . . . . . . . . . .
12.1
WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
12.1.1
Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 143
12.1.2
Virtual Service Sets . . . . . . . . . . . . . . . . . . . . . . . . 157
12.1.3
WDS Links. . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
12.1.4
Client Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
12.1.5
Bridge Links . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
12.2
Administration . . . . . . . . . . . . . . . . . . . . . . . . . . 179
12.2.1
Basic Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Chapter 13
Wireless LAN Controller . . . . . . . . . . . . . . . . . .
13.1
Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
13.1.1
Basic Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 180
13.1.2
Radio Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
13.1.3
Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . 181
13.1.4
Start automatic installation . . . . . . . . . . . . . . . . . . . . . 184
13.2
Controller Configuration . . . . . . . . . . . . . . . . . . . . . . 185
13.2.1
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
13.3
Slave AP configuration . . . . . . . . . . . . . . . . . . . . . . 187
133
142
180
bintec WLAN and Industrial WLAN
Table of Contents
Funkwerk Enterprise Communications GmbH
13.3.1
Slave Access Points . . . . . . . . . . . . . . . . . . . . . . . 188
13.3.2
Radio Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . 192
13.3.3
Wireless Networks (VSS) . . . . . . . . . . . . . . . . . . . . . 198
13.4
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
13.4.1
Active Clients . . . . . . . . . . . . . . . . . . . . . . . . . . 204
13.4.2
Neighbor APs . . . . . . . . . . . . . . . . . . . . . . . . . . 205
13.4.3
Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . 205
13.5
Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
13.5.1
Firmware Maintenance . . . . . . . . . . . . . . . . . . . . . . 206
Chapter 14
Networking . . . . . . . . . . . . . . . . . . . . . . . . .
14.1
Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
14.1.1
IP Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
14.1.2
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
14.2
NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
14.2.1
NAT Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 215
14.2.2
NAT Configuration . . . . . . . . . . . . . . . . . . . . . . . . 217
14.3
Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . 221
14.3.1
Load Balancing Groups . . . . . . . . . . . . . . . . . . . . . . 222
14.4
QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
14.4.1
QoS Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
14.4.2
QoS Classification . . . . . . . . . . . . . . . . . . . . . . . . 228
14.4.3
QoS Interfaces/Policies . . . . . . . . . . . . . . . . . . . . . . 231
14.5
Access Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 237
14.5.1
Access Filter
14.5.2
Rule Chains . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
14.5.3
Interface Assignment . . . . . . . . . . . . . . . . . . . . . . . 243
Chapter 15
Routing Protocols . . . . . . . . . . . . . . . . . . . . . .
bintec WLAN and Industrial WLAN
208
. . . . . . . . . . . . . . . . . . . . . . . . . . 239
245
Table of Contents
vi
Funkwerk Enterprise Communications GmbH
15.1
RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
15.1.1
RIP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 245
15.1.2
RIP Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
15.1.3
RIP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Chapter 16
Multicast. . . . . . . . . . . . . . . . . . . . . . . . . . .
16.1
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
16.1.1
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
16.2
IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
16.2.1
IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
16.2.2
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
16.3
Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
16.3.1
Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
16.4
PIM
16.4.1
PIM Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 260
16.4.2
PIM Rendezvous Points . . . . . . . . . . . . . . . . . . . . . . 263
16.4.3
PIM Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Chapter 17
WAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17.1
Internet + Dialup . . . . . . . . . . . . . . . . . . . . . . . . . 266
17.1.1
PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
17.1.2
PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
17.1.3
IP Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
17.2
Real Time Jitter Control . . . . . . . . . . . . . . . . . . . . . . 278
17.2.1
Controlled Interfaces . . . . . . . . . . . . . . . . . . . . . . . 279
Chapter 18
VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
18.1
IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
18.1.1
IPSec Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
253
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
266
281
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
Table of Contents
18.1.2
Phase-1 Profiles . . . . . . . . . . . . . . . . . . . . . . . . . 287
18.1.3
Phase-2 Profiles . . . . . . . . . . . . . . . . . . . . . . . . . 295
18.1.4
XAUTH Profiles . . . . . . . . . . . . . . . . . . . . . . . . . 299
18.1.5
IP Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
18.1.6
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
18.2
L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
18.2.1
Tunnel Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . 307
18.2.2
Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
18.2.3
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
18.3
GRE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
18.3.1
GRE Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Chapter 19
Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . .
19.1
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
19.1.1
Filter Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
19.1.2
QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
19.1.3
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
19.2
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
19.2.1
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
19.3
Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
19.3.1
Address List . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
19.3.2
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
19.4
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
19.4.1
Service List . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
19.4.2
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Chapter 20
Local Services . . . . . . . . . . . . . . . . . . . . . . .
20.1
DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
20.1.1
Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 338
20.1.2
Static Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
bintec WLAN and Industrial WLAN
320
336
vii
Table of Contents
viii
Funkwerk Enterprise Communications GmbH
20.1.3
Domain Forwarding . . . . . . . . . . . . . . . . . . . . . . . . 342
20.1.4
Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
20.1.5
Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
20.2
HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
20.2.1
HTTPS Server . . . . . . . . . . . . . . . . . . . . . . . . . . 347
20.3
DynDNS Client . . . . . . . . . . . . . . . . . . . . . . . . . . 348
20.3.1
DynDNS Update . . . . . . . . . . . . . . . . . . . . . . . . . 349
20.3.2
DynDNS Provider . . . . . . . . . . . . . . . . . . . . . . . . . 350
20.4
DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . 352
20.4.1
DHCP Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
20.4.2
IP/MAC Binding . . . . . . . . . . . . . . . . . . . . . . . . . 355
20.4.3
DHCP Relay Settings . . . . . . . . . . . . . . . . . . . . . . . 357
20.5
Scheduling. . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
20.5.1
Trigger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
20.5.2
Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
20.5.3
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
20.6
Surveillance . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
20.6.1
Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
20.6.2
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
20.6.3
Ping Generator . . . . . . . . . . . . . . . . . . . . . . . . . . 379
20.7
Funkwerk Discovery . . . . . . . . . . . . . . . . . . . . . . . 381
20.7.1
Device Discovery . . . . . . . . . . . . . . . . . . . . . . . . . 381
20.7.2
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
20.8
HotSpot Gateway . . . . . . . . . . . . . . . . . . . . . . . . . 385
20.8.1
HotSpot Gateway . . . . . . . . . . . . . . . . . . . . . . . . . 387
20.8.2
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Chapter 21
Maintenance . . . . . . . . . . . . . . . . . . . . . . . .
21.1
Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
21.1.1
Ping Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
392
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
Table of Contents
21.1.2
DNS Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
21.1.3
Traceroute Test . . . . . . . . . . . . . . . . . . . . . . . . . 393
21.2
Software &Configuration . . . . . . . . . . . . . . . . . . . . . . 394
21.2.1
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
21.3
Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
21.3.1
System Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Chapter 22
External Reporting . . . . . . . . . . . . . . . . . . . . .
22.1
Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
22.1.1
Syslog Servers . . . . . . . . . . . . . . . . . . . . . . . . . . 400
22.2
IP Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . 403
22.2.1
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
22.2.2
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
22.3
E-mail Alert . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
22.3.1
E-mail Alert Server . . . . . . . . . . . . . . . . . . . . . . . . 405
22.3.2
E-mail Alert Recipient . . . . . . . . . . . . . . . . . . . . . . . 407
22.4
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
22.4.1
SNMP Trap Options. . . . . . . . . . . . . . . . . . . . . . . . 409
22.4.2
SNMP Trap Hosts . . . . . . . . . . . . . . . . . . . . . . . . 411
22.5
Activity Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . 412
22.5.1
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Chapter 23
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . .
23.1
Internal Log . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
23.1.1
System Messages . . . . . . . . . . . . . . . . . . . . . . . . 415
23.2
IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
23.2.1
IPSec Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . 416
23.2.2
IPSec Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . 418
23.3
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
bintec WLAN and Industrial WLAN
400
415
ix
Table of Contents
Funkwerk Enterprise Communications GmbH
23.3.1
Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
23.4
WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
23.4.1
WLANx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
23.4.2
VSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
23.4.3
WDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
23.4.4
Bridge Links . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
23.4.5
Client Links . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
23.5
Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
23.5.1
br . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
23.6
HotSpot Gateway
. . . . . . . . . . . . . . . . . . . . . . . . 436
23.6.1
HotSpot Gateway
. . . . . . . . . . . . . . . . . . . . . . . . 436
23.7
QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
23.7.1
QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
23.8
PIM
23.8.1
Global Status . . . . . . . . . . . . . . . . . . . . . . . . . . 438
23.8.2
Not Interface-Specific Status . . . . . . . . . . . . . . . . . . . . 440
23.8.3
Interface-Specific States
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
. . . . . . . . . . . . . . . . . . . . . 442
Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . .
445
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . .
486
bintec WLAN and Industrial WLAN
1 Introduction
Funkwerk Enterprise Communications GmbH
Chapter 1 Introduction
The new generation access points are manufactured in an environmentally friendly way
and meet the RoHS directive. They support the latest WLAN technology and are designed
for use particularly in the professional environment.
Safety notices
The safety precautions brochure, which is supplied with your device, tells you what you
need to take into consideration when using your access point.
Installation
How to connect your device is shown in chapter Installation on page 6.
Configuration
Chapter Basic configuration on page 14 also tells you what preliminary tasks are necessary
for configuration. You will then be shown how you can access your device from a Windows
PC using a current web browser and how to make basic settings.
Password
If you are familiar with the configuration of bintec devices and you want to get started right
away, all you really need to know is the preset user name and password.
User Name:
Password:
Note
Remember to change the password immediately when you log in to the device for the
first time. All bintec devices are supplied with the same password, which means they
are not protected against unauthorised access until you change the password. How to
change the passwords is described in chapter Modify system password on page 22.
Workshops
Step-by-step instructions for the most important configuration tasks can be found in the
separate FEC Application Workshop guide for each application, which can be downloaded from the www.funkwerk-ec.com website under Solutions.
Dime Manager
bintec WLAN and Industrial WLAN
1 Introduction
Funkwerk Enterprise Communications GmbH
The devices are also designed for use with Dime Manager. The Dime Manager management tool can locate your Funkwerk devices within the network quickly and easily. The
.NET-based application, which is designed for up to 50 devices, offers easy to use functions and a comprehensive overview of devices, their parameters and files.
All devices in the local network, including remote devices that can be reached over SNMP,
are located using SNMP Multicast irrespective of their current IP address. A new IP address and password and other parameters can also be assigned. A configuration can then
be initiated over HTTP or TELNET. If using HTTP, the Dime Manager automatically logs into the devices on your behalf.
System software files and configuration files can be managed individually as required or in
logical groups for devices of the same type.
You can find the Dime Manager on the enclosed product DVD.
bintec WLAN and Industrial WLAN
2 About this guide
Funkwerk Enterprise Communications GmbH
Chapter 2 About this guide
This document is valid for bintec devices with system software as of software version
7.10.1.
The Reference, which you have in front of you, contains the following chapters:
User's Guide - Reference
Chapter
Description
Introduction
You see an overview of the device.
About this guide
We explain the various components of this manual and how to
use it.
Installation
This contains instructions for how to set up and connect your
device.
Basic configuration
This chapter provides a step-by-step guide to the basic functions on your device.
Reset
This chapter explains how to reset your device to the ex works
state.
Technical data
Access and configuration
Assistants
System Management
Physical Interfaces
LAN
This section contains a description of all the device's technical
properties.
This includes explanations about the different access and configuration methods.
These chapters describe all configuration options of the Funkwerk Configuration Interface. The individual menus are described in the order of navigation.
The individual chapters also contain more detailed explanations
on the subsystem in question.
Wireless LAN
Wireless LAN Controller
Networking
Routing Protocols
Multicast
bintec WLAN and Industrial WLAN
2 About this guide
Funkwerk Enterprise Communications GmbH
Chapter
Description
WAN
VPN
Firewall
Local Services
Maintenance
External Reporting
Monitoring
Glossary
The glossary contains a reference to the most important technical terms used in network technology.
Index
The index lists all the key terms for operating the device and all
the configuration options and gives page numbers so they can
be found easily.
To help you locate information easily, this user's guide uses the following visual aids:
List of visual aids
Icon
Use
Indicates practical information.
Indicates general and important points.
Indicates a warning of risk level "Attention" (points out possible
dangers that may cause damage to property if not observed).
Indicates a warning of risk level "Warning" (points out possible
dangers that may cause physical injury or even death if not observed).
The following typographical elements are used to help you find and interpret the information in this user's guide:
Typographical elements
Typographical element Use
â˘
Indicates lists.
bintec WLAN and Industrial WLAN
2 About this guide
Funkwerk Enterprise Communications GmbH
Typographical element Use
Menu->Submenu
Indicates menus and sub-menus.
File->Open
non-proportional, e.g.
Indicates commands that you must enter as written.
bold, e.g. Windows
Start menu
Indicates keys, key combinations and Windows terms.
bold, e.g. Licence Key
Indicates fields.
italic, e.g.
Indicates values that you enter or that can be configured.
Online: blue and italic,
e.g.
www.funkwerk-ec.com
Indicates hyperlinks.
bintec WLAN and Industrial WLAN
3 Installation
Funkwerk Enterprise Communications GmbH
Chapter 3 Installation
Note
Please read the safety notices carefully before installing and starting up your device.
These are supplied with the device.
Refer to chapter Technical data on page 28.
3.1 Setting up and connecting
Note
All you need for this are the cables and antennas supplied with the equipment.
The device can be fitted with various antenna systems. External, screw-on standard
antennas can be used (optional).
The access points of the outdoor version (bintec WIx065n) can be mounted on a mast
or DIN rail (indoor version only). Optional theft protection is also available for the indoor and outdoor versions.
For the bintec WI series devices, a screw terminal bar is included as standard for
power supply.
Devices of the industrial WLAN series with 802.11n support are fitted with a unit that
heats the radio module to operating temperature when the temperature falls below 10
degrees Celsius. Once this temperature has been reached, the device continues with
the start-up process. During the heating phase the red Failure LED flashes.
Caution
The use of the wrong mains adapter may damage your device. Only use the mains adaptor supplied (only for bintec W1002n). If you require foreign adapters/mains units,
please contact our funkwerk service.
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
3 Installation
Fig. 2: Connection options bintec W1002n
bintec WLAN and Industrial WLAN
3 Installation
Funkwerk Enterprise Communications GmbH
Fig. 3: Connection options bintec WIx040n and bintec WIx065n.
When setting up and connecting, carry out the steps in the following sequence (refer to the
connection diagrams for the individual devices in chapter Technical data on page 28):
(1)
Antennas
Screw the standard antennas supplied on to the connectors provided for this purpose.
Put the antennas in the required position before tightening the screw nut. Once the
screw nut has been tightened, it may not be possible to rotate the radiator any more.
If two antennas are connected to the device, these must be installed at least 6 cm
and preferably 12 cm apart so that antenna diversity can be used.
In highly reflective environments, it may make sense to maintain an angle of 90° in
the direction of the antennas. For this, arrange the antennas in a V shape.
(2)
Installation
The access points can be fitted to the wall using brackets on the housing or can
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
3 Installation
used as a table-top device.
Wall mounting
To attach the device to the wall, use the brackets on the back of the housing. Optional wall mounting with theft protection is available.
Warning
Before drilling, make sure that there are no building installations where you are drilling.
If gas, electricity, water or waste water lines are damaged, you may endanger your life
or damage property.
⢠Screw the mount to the wall with the 2 screws.
⢠Hang the device in the mount with the screw nut but do not tighten it. Make sure the
device connections are accessible.
⢠Protect the device against theft with the lock supplied.
Fig. 4: Wall mounting straps bintec W1002n
bintec WLAN and Industrial WLAN
3 Installation
Funkwerk Enterprise Communications GmbH
Fig. 5: Wall mounting of the bintec WIx040n (standard design, DIN rail or theft protection
optional)
10
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
3 Installation
Fig. 6: Wall mounting of the bintec WIx065n (standard design and with theft protection)
Use as a table-top device
The access point can also be used as a table-top device. For this option, use the
four self-adhesive feet on the bottom of the device. Place your device on a solid,
level base.
(3)
LAN
For the standard configuration of your device via Ethernet, connect port ETH1 or
ETH2 of your device to your LAN using the Ethernet cable supplied. The device
automatically detects whether it is connected to a switch or directly to a PC.
Use just one of the ports ETH1 and ETH2, the second port is used to cascade a
number of devices. If you use both Ethernet connections on the same switch, loops
may be formed.
The standard patch cable (RJ45-RJ45) is symmetrical. It is therefore not possible to
mix up the cable ends.
(4)
Power connection
Connect the device to a mains socket using the mains adaptor supplied.
Use the power cord supplied (or the screw strip terminal in the case of the WI
series) and insert it in the appropriate socket on your device. Now plug the power
cord into a power socket (100â240 V). The status LEDs signal that your device is
correctly connected to the power supply.
Note
WI series products are supplied without a mains unit. All devices must be earthed.
Note
To restrict power in the event of a fault, the 24 V DC electric circuit is to be protected
with an external 2 A fuse on the installation side for bintec WIx040n and bintec
WIx065n. The relay contact must also be protected externally with a 1-A fuse (AC) or
2-A fuse (DC).
bintec WLAN and Industrial WLAN
11
3 Installation
Funkwerk Enterprise Communications GmbH
Note
If the bintec WIx065n is installed outdoors, the lines laid outside the building are to be
categorized as TNV1 electric circuits in accordance with EN60950, as their SELV level
can also be overridden by transient overvoltage (e.g. during storms) during operation
in line with the regulations. When wiring the connections, it is therefore necessary to
make sure that protective measures against overvoltage are carried out where the
cable enters the building, to ensure that the limit values of a SELV electric circuit are
maintained in the building.
You can set up further connections as required:
⢠Serial connection: For alternative configuration possibilities, connect the serial interface
of your PC (COM1 or COM2) to the serial interface of the gateway ( console). However,
configuration via the serial interface is not provided by default.
Note
Note that the serial interface of bintec WIx065n must only be used by a service technician as a maintenance interface.
The device is now ready for configuration.
3.2 Cleaning
You can clean your device easily. Use a damp cloth or antistatic cloth. Do not use solvents.
Never use a dry cloth; the electrostatic charge could cause electronic faults. Make sure that
no moisture can enter the device and cause damage.
3.3 Support information
If you have questions about your product or are looking for additional information, the Funkwerk Enterprise Communications GmbH Support Centre can be reached Monday to Friday
between the hours of 8.00 am and 5 pm. They can be contacted as follows:
12
Email
hotline@funkwerk-ec.com
International Support Coordination
Telephone: +49 911 9673 1550
Fax: +49 911 9673 1599
bintec WLAN and Industrial WLAN
3 Installation
Funkwerk Enterprise Communications GmbH
End-customer Hotline
0900 1 38 65 93 (âŹ1.10/min on land-lines in Germany)
For detailed information on our support services, contact www.funkwerk-ec.com .
bintec WLAN and Industrial WLAN
13
4 Basic configuration
Funkwerk Enterprise Communications GmbH
Chapter 4 Basic configuration
You can use the Dime Manager (IP address assignment) and the Funkwerk Configuration Interface (other configuration steps) for the basic configuration of your device.
The basic configuration is explained below step-by-step. A detailed online help system
gives you extra support.
This userâs guide assumes you have the following basic knowledge:
⢠Basic knowledge of network structure
⢠Knowledge of basic network terminology, such as server, client and IP address
⢠Basic knowledge of using Microsoft Windows operating systems
The companion DVD also supplied includes all the tools that you need for the configuration
and management of your device.
You can find other useful applications on the Internet at www.funkwerk-ec.com .
4.1 Presettings
4.1.1 Preconfigured data
You have three ways of accessing your device in your network to perform configuration
tasks:
(a) Dynamic IP address
In ex works state, your device is set to DHCP client mode, which means that when it is
connected to the network, it is automatically assigned an IP address if a DHCP server
is run. You can then access your device for configuration purposes using the IP address assigned by the DHCP server. For information on determining the dynamically
assigned IP address, please see your DHCP server documentation.
(b) Fallback IP address
If you do not run a DHCP server, you can connect your device directly to your configuration PC and then reach it using the following, predefined fallback IP configuration:
⢠IP Address:
⢠Netmask:
Make sure that the PC from which the configuration is performed has a suitable IP
14
bintec WLAN and Industrial WLAN
4 Basic configuration
Funkwerk Enterprise Communications GmbH
configuration (see Configuring a PC on page 18).
(c) Assigning a fixed IP address
You can use the Dime Manager to assign a new IP address and the required password to your device.
Note
Please note:
If your device has obtained an IP address dynamically from a DHCP server operated
in your network for the basic configuration, the fallback IP address 192.168.0.252 is
deleted automatically and your device will no longer function over this address.
However, if you have set up a connection to the device over the fallback IP address
192.168.0.252 or have assigned an IP address with the Dime Manager in the basic
configuration, you will only be able to access your device over this IP address. The
device will no longer obtain an IP configuration dynamically over DHCP.
Use the following access data to configure your device in an ex works state:
⢠User Name:
⢠Password:
Note
All bintec devices are delivered with the same username and password. As long as
the password remains unchanged, they are therefore not protected against unauthorised use. Make sure you change the passwords to prevent unauthorised access to
your device!
How to change the passwords is described in Modify system password on page 22.
4.1.2 Software update
Your device contains the version of the system software available at the time of production.
More recent versions may have since been released. You can easily perform an update
with the Funkwerk Configuration Interface using the Maintenance->Software
&Configurationmenu.
For a description of the update procedure, see Software Update on page 24.
bintec WLAN and Industrial WLAN
15
4 Basic configuration
Funkwerk Enterprise Communications GmbH
4.2 System requirements
For configuration, your PC must meet the following system requirements:
⢠Microsoft Windows operating system Windows 2000 or higher
⢠Internet Explorer 6 or 7, Mozilla Firefox Version 1.2 or higher
⢠Installed network card (Ethernet)
⢠DVD drive
⢠TCP/IP protocol installed (see Configuring a PC on page 18)
⢠High colour display (more than 256 colours) for correct representation of the graphics.
4.3 Preparations
To prepare for configuration, you need to...
⢠Obtain the data required for the basic configuration.
⢠Check whether the PC from which you want to perform the configuration meets the necessary requirements.
⢠install the Dime Managersoftware, which provides more tools for working with your
device.
4.3.1 Gathering data
The main data for the basic configuration can be gathered quickly, as no information is required that needs in-depth network knowledge. If applicable, you can use the example values.
Before you start the configuration, you should gather the data for the following purposes:
⢠IP configuration (obligatory if your device is in the ex works state)
⢠Optional: Configuration of a wireless network connection in Access Point mode
⢠Optional: Configuration of client links in Client Links mode
⢠Optional: Configuration of bridge links in Bridge mode.
The following table shows examples of possible values for the necessary data. You can
enter your personal data in the "Your values" column, so that you can refer to these values
later when needed.
If you configure a new network, you can use the given example values for IP addresses
and netmasks. In cases of doubt, ask your system administrator.
16
bintec WLAN and Industrial WLAN
4 Basic configuration
Funkwerk Enterprise Communications GmbH
Basic configuration
For a basic configuration of your gateway, you need information that relates to your network environment:
IP configuration of the access point
Access data
Example value
IP address of your access point
Netmask of your access point
Your values
Access Point mode
If you run your device in Access Point mode, you can set up the required wireless networks. To do this, you need the following data:
Configuration of a wireless network
Access data
Example value
Network Name (SSID)
Security mode
Preshared key
!
Your values
"
Access Client mode
If you run your device in Access Client mode, you can set up the required client links. To do
this, you need the following data:
IP configuration of the access client
Access data
Example value
Network Name (SSID)
Security mode
Preshared key
!
Your values
"
Bridge mode
If you run your device in Bridge mode, you can either configure connections to other
bridges manually or use the bridge link autoconfiguration function. For the manual configuration of a bridge link, you need the following data:
Configuration of a bridge link
bintec WLAN and Industrial WLAN
17
4 Basic configuration
Funkwerk Enterprise Communications GmbH
Access data
Example value
Preshared key
#$
MAC address of remote bridge
%% %%&%'
Your values
"
To use the bridge link autoconfiguration function, proceed as described in the Automatic
Configuration of a Bridge Link workshop; for additional information, also read user's
guide chapter Wireless LAN under WLAN->Bridge Links->Add
4.3.2 Configuring a PC
In order to reach your device via the network and to be able to carry out configuration, the
PC used for the configuration has to satisfy some prerequisites.
⢠Make sure that the TCP/IP protocol is installed on the PC.
⢠Select the suitable IP configuration for your configuration PC.
The PC via which you want to configure the IP address for your device must be in the
same network as your device.
Checking the Windows TCP/IP protocol
Proceed as follows to check whether you have installed the protocol:
(1)
Click the Windows Start button and then Settings -> Control Panel -> Network Connections (Windows XP) or Control Panel -> Network and Sharing Center->
Change Adapter Settings (Windows 7).
(2)
Click on LAN Connection.
(3)
Click on Properties in the status window.
(4)
Look for the Internet Protocol (TCP/IP) entry in the list of network components.
Installing the Windows TCP/IP protocol
If you cannot find the Internet Protocol (TCP/IP) entry, install the TCP/IP protocol as follows:
(1)
First click Properties, then Install in the status window of the LAN Connection.
(2)
Select the Protocol entry.
(3)
Click Add.
(4)
Select Internet Protocol (TCP/IP) and click on OK.
(5)
Follow the on-screen instructions and restart your PC when you have finished.
Allocating PC IP address
18
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
4 Basic configuration
Allocate an IP address to your PC as follows:
(1)
Select Internet Protocol (TCP/IP) and click on Properties.
(2)
Choose Use following IP address and enter a suitable IP address, the matching netmask, your default gateway and your preferred DNS server.
If you run a DHCP server in your network, you can apply the default Windows setting Obtain IP address automatically and Obtain DNS server address automatically.
Your PC should now meet all the prerequisites for the configuration of your device.
4.4 IP configuration
In the ex works state, your device is configured in DHCP Client mode and therefore dynamically receives an IP address if you run a DHCP server in your network. If this is not the
case, connect your device directly to the configuration PC and use the fallback IP address
.
Alternatively, you can assign your device the required fixed IP address by using the Dime
Manager.
To do this, install the program from the DVD provided to your configuration PC.
Proceed as follows:
(a) Place the DVD provided in the DVD drive of your configuration PC. The installation
wizard should start automatically. If it does not, open the following file on the DVD using your file browser: .
(b) Follow the instructions in the installation wizard.
Then carry out the following steps to configure an IP address for your device:
(1)
Start the Dime Manager from the Windows Start menu: Start -> Programs -> funkwerk -> Dime Manager.
The following dialog box appears:
bintec WLAN and Industrial WLAN
19
4 Basic configuration
Funkwerk Enterprise Communications GmbH
Fig. 7: Dime Manager initial screen
The Dime Manager detects the devices installed in the network.
(2)
In the list, double click the device you want to configure.
The following dialog box appears:
Fig. 8: IP address assignment with the Dime Manager
(3)
Enter the network parameters (Device name, IP address, Netmask and Gateway)
and click on OK.
Note
The maximum length of the Device name parameter is 32 characters.
20
bintec WLAN and Industrial WLAN
4 Basic configuration
Funkwerk Enterprise Communications GmbH
The Device name parameter may contain only the letters "a"-"z", "A"-"Z", the digitss
"0"-"9", dash "-" and dot "." to avoid errors by other systems during interpretation of the
Device name. The first character must be a letter, and the last character cannot be a
dot "." or dash "-". A single character is not permitted as a name.
Your device can now be reached over the Ethernet with its IP address using a Web
browser and can now be configured.
Funkwerk Configuration Interface Call up
Fig. 9: Funkwerk Configuration Interface Login
Start the configuration interface as follows:
(a) Enter the IP address of your device in the address line of your Web browser.
With DHCP server:
⢠the IP address that the DHCP server assigned to your device
Without DHCP server:
⢠With direct connection to the configuration PC: the fallback IP address
⢠The fixed IP address assigned via the Dime Manager
Press the Enter (Return) key .
(b) Enter in the User field and
bintec WLAN and Industrial WLAN
in the Password field.
21
4 Basic configuration
Funkwerk Enterprise Communications GmbH
4.5 Modify system password
All bintec devices are delivered with the same username and password. As long as the
password remains unchanged, they are therefore not protected against unauthorised use.
Make sure you change the passwords to prevent unauthorised access to your device!
Proceed as follows:
(a) Go to the System Management->Global Settings->Passwordsmenu.
(b) Enter a new password for System Admin Password .
(c) Enter the new password again under Confirm Admin Password .
(d) Click OK.
(e) Store the configuration using the Save configuration button above the menu navigation.
Note the following rules on password use:
⢠The password must not be easy to guess. Names, car registration numbers, dates of
birth, etc. should not be chosen as passwords.
⢠The password should contain at least one character that is not a letter (special character
or number).
⢠The password should be at least 8 characters long.
⢠Change your password regularly, e.g. every 90 days.
4.6 Setting up a wireless network
Proceed as follows to use your device as an access point:
(1)
In Funkwerk Configuration Interface select the Assistants->Wireless LAN menu.
(2)
Follow the steps shown by the wizard. The wizard has its own online help, which offers all of the information you may require.
(3)
Store the configuration using the Save configuration button above the menu navigation.
Configuring the WLAN Adapter under Windows XP
After installing the drivers for your WLAN card, Windows XP set up a new connection in the
network environment. Proceed as follows to configure the Wireless LAN connection:
(1)
22
Click on Start -> Settings and double-click on Network Connections -> Wireless
Network Connection.
bintec WLAN and Industrial WLAN
4 Basic configuration
Funkwerk Enterprise Communications GmbH
(2)
On the left-hand side, select Change Advanced Settings.
(3)
Go to the Wireless networks tab.
(4)
Click Add.
Proceed as follows:
(1)
Enter a Network Name, e.g. () ".
(2)
Set Network Authentication to .
(3)
Set Data Encryption to *.
(4)
Under Network Key and Confirm Network Key , enter the configured preshared key.
(5)
Exit each menu with OK.
Note
Windows XP allows several menus to be modified. Depending on the configuration,
the path to the wireless network connection you want to configure may be different to
that described above.
4.7 Setting up a bridge link
If you run your device in Bridge mode, you must set up a bridge link.
Bridge link autoconfiguration
(1)
Go to Wireless LAN->WLAN->Radio Settings->
(2)
In Operation Mode select +$ .
(3)
Leave the default settings in all other fields.
(4)
Click OK.
(5)
Go to Wireless LAN->WLAN->Bridge Links->New.
(6)
Under Preshared Key enter #$
(7)
Leave the default settings in all other fields.
(8)
Click OK.
(9)
Configure a bridge link on the remote device in the same way.
", for example.
(10) On your local device, in the list Wireless LAN->WLAN->Bridge Links, click on the
icon.
(11) On the menu Wireless LAN->WLAN->Bridge Links->
which opens, click under
Action on the link.
(12) After the scan, the results are listed. For the list entry you require, click the ( "
bintec WLAN and Industrial WLAN
23
4 Basic configuration
Funkwerk Enterprise Communications GmbH
link.
(13) Store the configuration using the Save configuration button above the menu navigation.
To use the bridge link autoconfiguration function, please also read the Automatic Configuration of a Bridge Link workshop and, for additional information, also the user's guide
Wireless LAN under WLAN->Bridge Links->Add.
Manual configuration
(1)
Go to Wireless LAN->WLAN->Radio Settings->
(2)
In Operation Mode select +$ .
(3)
Leave the default settings in all other fields.
(4)
Click OK.
(5)
Go to Wireless LAN->WLAN->Bridge Links->
(6)
Under Preshared Key enter #$
(7)
For Remote MAC Address , enter the MAC address of the bridge to which your bridge
is to set up a connection, e.g. %% %%&%'.
(8)
Leave the default settings in all other fields.
(9)
Click OK.
", for example.
(10) Configure a bridge link on the remote device in the same way.
(11) Store the configuration using the Save configuration button above the menu navigation.
Your device is ready for operation when you have completed the configuration.
The configuration of the device and its integration into your network are now completed.
4.8 Software Update
The range of functions of bintec devices is continuously being extended. These extensions
are made available to you by Funkwerk Enterprise Communications GmbH free of charge.
Checking for new software versions and the installation of updates can be carried out easily with the Funkwerk Configuration Interface . An existing internet connection is needed
for an automatic update.
Proceed as follows:
24
(1)
Go to the Maintenance->Software &Configuration menu.
(2)
Under Action select ,!" - " " and, under Source Location
." " "
/
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
(3)
4 Basic configuration
Confirm with Go.
The device will now connect to the Funkwerk Enterprise Communications GmbH download
server and check whether an updated version of the system software is available. If so,
your device will be updated automatically. When installation of the new software is complete, you will be invited to restart the device.
Caution
Once you have clicked on Go, the update cannot be interrupted. If an error occurs during the update, do not re-start the device and contact support.
bintec WLAN and Industrial WLAN
25
5 Reset
Funkwerk Enterprise Communications GmbH
Chapter 5 Reset
If the configuration is incorrect or if your device cannot be accessed, you can reset the
device to the ex works standard settings using the Reset button on the bottom of the
device.
Practically al existing configuration data will then be ignored, only the current user passwords are retained. Configurations stored in the device are not deleted and can, if required,
be reloaded when the device is rebooted.
For bintec W1002n proceed as follows:
(1)
Switch off your device.
(2)
Press the Reset button on your device.
(3)
Keep the Reset button on your device pressed down and switch the device back on.
(4)
Look at the LEDs:
- Initially all LEDs illuminate.
- The device runs through the boot sequence.
- After the LED has flashed three times, release the Reset button.
- The "" LED flashes and the *"0 and *"0 LEDs illuminate if these exist
for the ports that are connected to the Ethernet.
On devices of the WI series, the red ) LED flashes first. Hold in the Cfg button until the red LED goes out and the green "" LED starts to flash.
Proceed as follows if you also want to reset all the user passwords to the ex works state
and delete stored configurations when resetting the device:
(1)
Set up a serial connection to your device. Reboot your device and monitor the boot
sequence. Start the BOOTmonitor (as described in BOOTmonitor on page 72) and
choose the (4) Delete Configuration and follow the instructions.
or
(2)
Set up a serial connection to your device. First carry out the reset procedure described and enter
#" $ as Login at the login prompt in the command
line. Leave the password empty and press the Return key. The device runs through
the boot sequence again.
You can now configure your device again as described from Basic configuration on page
14.
26
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
5 Reset
Note
If you delete the boot configuration using the Funkwerk Configuration Interface , all
passwords will also be reset and the current boot configuration deleted. The next time,
the device will boot with the standard ex works settings.
On devices of the WI series, there is a further button - the HW reset. After pressing briefly
once, the device reboots.
Fig. 10: Underside of the bintec WIx040n with the HW and Cfg reset buttons
bintec WLAN and Industrial WLAN
27
6 Technical data
Funkwerk Enterprise Communications GmbH
Chapter 6 Technical data
This chapter summarises all of the hardware properties of the devices W1002n, WI1040n,
WI2040n, WI1065n and WI2065n.
Caution
bintec WIx065n is a class A set-up. This set-up can cause interference in living areas;
in this case the operator can request for appropriate measures to be taken.
6.1 Scope of supply
Your device is supplied with the following parts:
bintec W1002n
Cable sets/mains unit/other
Software
Documentation
Ethernet cable (RJ-45, STP)
Companion
DVD
Quick Install Guide (printed)
Plug-in power pack (12 V/230
V)
R&TTE Compliance Information (printed)
3 external standard antennas
User's Guide (on DVD)
Self-adhesive feet to allow the
device to be used as a desktop
device
Safety notices
2 screws and 2 raw plug for
fastening to the wall
bintec WI1040n
Ethernet cable (RJ-45, STP)
Serial cable (D-SUB9)
3 external standard antennas
Self-adhesive feet to allow the
device to be used as a desktop
device
Companion
DVD
Quick Install Guide (printed)
R&TTE Compliance Information (printed)
User's Guide (on DVD)
Safety notices
Blind stops for SFP
SD slot cover with screw
3-pole screw terminal bar for
the power supply
28
bintec WLAN and Industrial WLAN
6 Technical data
Funkwerk Enterprise Communications GmbH
Cable sets/mains unit/other
Software
Documentation
Companion
DVD
Quick Install Guide (printed)
2-pole screw terminal bar for
relay
Mounting bracket for wall
mounting
1 screw pin set
Blind stops for Ethernet interfaces
bintec WI2040n
Ethernet cable (RJ-45, STP)
Serial cable (D-SUB9)
4 external standard antennas
R&TTE Compliance Information (printed)
User's Guide (on DVD)
Self-adhesive feet to allow the
device to be used as a desktop
device
Safety notices
Blind stops for SFP
SD slot cover with screw
3-pole screw terminal bar for
the power supply
2-pole screw terminal bar for
relay
Mounting bracket for wall
mounting
1 screw pin set
Blind stops for Ethernet interfaces
bintec WI1065n
Ethernet cable (RJ-45, STP)
Serial cable (D-SUB9)
3 external standard antennas
Blind stops for SFP
SD slot cover with screw
Companion
DVD
Quick Install Guide (printed)
R&TTE Compliance Information (printed)
User's Guide (on DVD)
Safety notices
3-pole screw terminal bar for
the power supply
2-pole screw terminal bar for
bintec WLAN and Industrial WLAN
29
6 Technical data
Funkwerk Enterprise Communications GmbH
Cable sets/mains unit/other
Software
Documentation
Companion
DVD
Quick Install Guide (printed)
relay
1 screw pin set
Blind stops for Ethernet interfaces
4 threaded caps for antennas
bintec WI2065n
Ethernet cable (RJ-45, STP)
Serial cable (D-SUB9)
4 external standard antennas
R&TTE Compliance Information (printed)
User's Guide (on DVD)
Blind stops for SFP
SD slot cover with screw
Safety notices
3-pole screw terminal bar for
the power supply
2-pole screw terminal bar for
relay
1 screw pin set
Blind stops for Ethernet interfaces
4 threaded caps for antennas
One set of rubber seals for
cable bushings
6.2 General Product Features
The general product features cover performance features and the technical prerequisites
for installation and operation of your device.
The features are summarised in the following table:
General Product Features bintec W1002n
Property
Value
bintec W1002n
One internal wireless module, 3 external antennas
Dimensions and weights:
Equipment dimensions without cable
30
163 mm x 168 mm x 50 mm
bintec WLAN and Industrial WLAN
6 Technical data
Funkwerk Enterprise Communications GmbH
Property
Value
(W x L x H)
Weight
approx. 430 g
LEDs
4 (1x Status, 1x WLAN, 2x Ethernet)
Power consumption of the device
5-10 Watt, depending on extensions
Voltage supply
External switched-mode power supply 12 V DC, 1.25 A
PoE on Ethernet 1 Class 0 (insulated) with one WLAN
module
Environmental requirements:
Storage temperature
-10° to +70 #
Operating temperature
0° to 40 #
Relative atmospheric humidity
10 % to 95 % (non-condensing)
Room classification
Only use in dry rooms.
Available interfaces:
Serial interface V.24
Permanently installed, supports Baud rates: 1200, 2400,
4800, 9600, 19200, 38400, 57600, 115200 Baud
Ethernet IEEE 802.3 LAN (2-port switch)
Permanently installed (twisted pair only), 10/100 mbps,
autosensing, MDIX
Available sockets:
Serial interface V.24
9-pin Sub-D connector
Ethernet interface
RJ45 socket
Antennas:
Antenna connection
RTNC socket
Transmit Power
max. 100 mW (20 dBm) EIRP
Receiver sensitivity
2.4 GHz 802.11b/g:
1 Mbit/s -91 dBm; 2 Mbit/s -90 dBm; 5.5 Mbit/s -89 dBm;
11 Mbit/s -88 dBm; 6 Mbit/s -90 dBm;9 Mbit/s -89 dBm;
12 Mbit/s -88 dBm; 18 Mbit/s -86 dBm; 24 Mbit/s -83
dBm; 36 Mbit/s -80 dBm; 48 Mbit/s -76 dBm; 54 Mbit/s 74 dBm
2.4 GHz 802.11n 20 MHz:
MSC0 -89 dBm; MSC1 -87 dBm; MCS2 -85 dBm; MCS3
-82 dBm; MCS4 -79 dBm; MSC5 -75 dBm; MCS6 -73
dBm; MCS7 -70 dBm; MCS8 -87 dBm; MCS9 -84 dBm;
MCS10 -81 dBm; MCS11 -79 dBm; MCS12 -77 dBm;
MCS13 -72 dBm; MCS14 -68 dBm; MCS15 -67 dBm
bintec WLAN and Industrial WLAN
31
6 Technical data
Funkwerk Enterprise Communications GmbH
Property
Value
2.4 GHz 802.11n 40 MHz:
MSC0 -87 dBm; MSC1 -84 dBm; MCS2 -82 dBm; MCS3
-79 dBm; MCS4 -75 dBm; MSC5 -71 dBm; MCS6 -69
dBm; MCS7 -67 dBm; MCS8 -86 dBm; MCS9 -83 dBm;
MCS10 -79 dBm; MCS11 -77 dBm; MCS12 -74 dBm;
MCS13 -69 dBm; MCS14 -67 dBm; MCS15 -65 dBm
2.4 GHz 802.11n 40 MHz:
MSC0 -84 dBm; MSC1 -82 dBm; MCS2 -79 dBm; MCS3
-77 dBm; MCS4 -74 dBm; MSC5 -69 dBm; MCS6 -67
dBm; MCS7 -66 dBm; MCS8 -83 dBm; MCS9 -82 dBm;
MCS10 -79 dBm; MCS11 -76 dBm; MCS12 -72 dBm;
MCS13 -68 dBm; MCS14 -66 dBm; MCS15 -64 dBm
Modulation
Modulation IEEE 802.11 standards: b/g (2.4 GHz)
Modulation types: 11, 5.5, 2 and 1 Mbit/s (DSSS) 2.4
GHz;
54, 48, 36, 24, 18, 12, 9 and 6 Mbit/s (OFDM) 2.4 GHz
Channels
IEEE 802.11b/g: 13 channels (Europe)
Standards
IEEE 802.11b,g,d,h,i
IEEE 802.11n (MIMO 2T3R)
IEEE 802.3
IEEE 802.3f
IEEE 802.1q (VLAN Tagging)
32
bintec WLAN and Industrial WLAN
6 Technical data
Funkwerk Enterprise Communications GmbH
Property
Value
Frequency bands
2.4 GHz Indoor/Outdoor (2412-2,472 MHz)
Standards & Guidelines
R&TTE Directive 1999/5/EC
EN 60950-1 (IEC60950); EN 300 328; EN 301
489-17;EN 301 489-1; EN 301 893; EN 60601-1-2
(Medical electrical equipment - Part 1-2)
Buttons
A monitor button
Security features
WEP64 (40 bit key), WEP128 (104 bit key), WPA Personal, WPA Enterprise, WPA2 Personal, WPA2 Enterprise
Access Control List, Network Name Broadcast can be
deactivated
WEP key length (bit)
Software supplied
Printed documentation supplied
40 (64) or 104 (128)
Dime Manager on DVD
Quick Install Guide
Safety notices
R&TTE Compliance Information
Online documentation
User's Guide
Workshops
Release Notes, if required
General Product Features bintec WI1040n and bintec WI2040n
Property
Value
Variants:
bintec WI1040n
An internal wireless module, 3 external antenna (WLAN 1
Ant.1, WLAN 1 Ant.2, WLAN 1 Ant.3)
bintec WI2040n
Two internal wireless modules, 4 external antenna
(WLAN 1 Ant.1, WLAN 1 Ant.2, WLAN 2 Ant.1, WLAN 2
Ant.2)
bintec WLAN and Industrial WLAN
33
6 Technical data
Funkwerk Enterprise Communications GmbH
Property
Value
Dimensions and weights:
Equipment dimensions without cable
220 mm x 185 mm x 42 mm without feet
(W x L x H)
Weight
LEDs
approx. 1,200 g (3 WLAN modules)
bintec WI1040n 6 (1x Failure, 1x Status, 3x WLAN, 2x
Ethernet, 1x SFP)
bintec WI2040n 7 (1x Failure, 1x Status, 3x WLAN, 2x
Ethernet, 1x SFP)
Power consumption of the device
5-24 Watt, depending on extensions
Voltage supply
Earth conductor/connection to earth 5-20W. All devices
must be earthed.
24 V Âą 30 % DC 1.1 A with reverse voltage protection, insulated 3-pole
PoE on Ethernet 1 Class 0 (insulated) with max. two
WLAN modules
Protection against theft
Theft protection is available as an option
Temperature sensor
Temperature monitoring and software-controlled actions
possible
Environmental requirements:
Storage temperature
Operating temperature
Relative atmospheric humidity
Room classification
-40 # to +85 #
-25 # to +70 #
10 % to 95 % (non-condensing)
Operate only in dry rooms
Available interfaces:
Serial interface V.24
Permanently installed, supports Baud rates: 1200, 2400,
4800, 9600, 19200, 38400, 57600, 115200 Baud
Ethernet IEEE 802.3 LAN
Permanently installed (twisted pair only), 10/100 mbps,
autosensing, MDI/MDIX 2x 10/100 Base T/TX
Relay
An alarm using relay is possible in the event of overtemperature or error: potential-free working contact, 42 V AC
1 A / 30 V DC 2 A
Optical interface
Module slot for optical interface 100 mbps LWL Single
Mode LC or LWL Multimode LC - 1x 100 Base FX/SX
with SFP module
Available sockets:
34
bintec WLAN and Industrial WLAN
6 Technical data
Funkwerk Enterprise Communications GmbH
Property
Value
Serial interface V.24
9-pin Sub-D connector
Relay switching contact N/O
42 V AC 1 A / 30 V DC 2 A potential-free, software configurable, switchable
Ethernet interface
RJ45 socket
Antennas:
Antenna connection
RTNC socket
Transmit Power (WLAN)
max. 100 mW (20 dBm) EIRP
Receiver sensitivity
2.4 GHz 802.11b/g:
1 Mbit/s -91 dBm; 2 Mbit/s -90 dBm; 5.5 Mbit/s -89 dBm;
11 Mbit/s -88 dBm; 6 Mbit/s -90 dBm;9 Mbit/s -89 dBm;
12 Mbit/s -88 dBm; 18 Mbit/s -86 dBm; 24 Mbit/s -83
dBm; 36 Mbit/s -80 dBm; 48 Mbit/s -76 dBm; 54 Mbit/s 74 dBm
Modulation
Modulation IEEE 802.11 standards:/g (2.4 GHz)
Modulation types: 11, 5.5, 2 and 1 Mbit/s (DSSS) 2.4 GHz;
54, 48, 36, 24, 18, 12, 9 and 6 Mbit/s (OFDM) 2.4 GHz
Channels
IEEE802.11b/g: 13 channels (Europe)
Standards
IEEE 802.11b,g,d,h,i
IEEE 802.3
IEEE 802.3f
IEEE 802.1q (VLAN Tagging)
Standards & Guidelines
R&TTE Directive 1999/5/EC
EN 60950-1 (IEC60950); EN 60950-22; EN 301489-1;
EN301489-17; EN 55022; EN 300328-1; EN 301893; EN
302502; EN 50371 (Medical equipment EN 60601-1; EN
60601-2; EN 55011)
bintec WLAN and Industrial WLAN
35
6 Technical data
Funkwerk Enterprise Communications GmbH
Property
Value
E1-mark (vehicle licencing)
Buttons
Reset and reset to ex work settings possible with two buttons (1x config reset, 1x HW reset)
Security features
WEP, WPA, WPA2, Access Control List, Network Name
Broadcast can be deactivated
WEP key length (bit)
40 (64) or 104 (128)
Software supplied
Printed documentation supplied
Dime Manager on DVD
Quick Install Guide
Safety notices
R&TTE Compliance Information
Online documentation
User's Guide
Workshops
Release Notes, if required
General Product Features bintec WI1065n and bintec WI2065n
Property
Value
Variants:
bintec WI1065n
An internal wireless module, 3 external antenna (WLAN 1
Ant.1, WLAN 1 Ant.2, WLAN 1 Ant.3)
bintec WI2065n
Two internal wireless modules, 4 external antenna
(WLAN 1 Ant.1, WLAN 1 Ant.2, WLAN 2 Ant.1, WLAN 2
Ant.2)
Dimensions and weights:
Equipment dimensions without cable
257 mm x 285 mm x 60 mm
(W x L x H)
Weight
approx. 1,900 g (3 WLAN modules)
LEDs
8 (1x Failure, 1x Status, 3x WLAN, 2x Ethernet, 1x SFP)
Power consumption of the device
5-24 Watt, depending on extensions
Voltage supply
Earth conductor/connection to earth 5-20W. All devices
must be earthed.
24 V Âą 30% DC 1,1 A with reverse voltage protection, insulated 3-pole
PoE on Ethernet 1 Class 0 (insulated) with max. two
36
bintec WLAN and Industrial WLAN
6 Technical data
Funkwerk Enterprise Communications GmbH
Property
Value
WLAN modules
Protection against theft
Theft protection is available as an option
Temperature sensor
Temperature monitoring and software-controlled actions
possible
Environmental requirements:
Storage temperature
-40 # to +85 #
Operating temperature
-20 # to +65 #
Relative atmospheric humidity
10 % to 100 %
Available interfaces:
Serial interface V.24
Permanently installed, supports Baud rates: 1200, 2400,
4800, 9600, 19200, 38400, 57600, 115200 Baud
Ethernet IEEE 802.3 LAN
Permanently installed (twisted pair only), 10/100 mbps,
autosensing, MDI/MDIX 2x 10/100 Base T/TX
Relay
An alarm using relay is possible in the event of overtemperature or error: potential-free working contact, 42 V AC
1 A / 30 V DC 2 A
Optical interface
Module slot for optical interface 100 mbps LWL Single
Mode LC or LWL Multimode LC - 1x 100 Base FX/SX
with SFP module
Available sockets:
Serial interface V.24
9-pin Sub-D connector
Relay switching contact N/O
42 V AC 1 A / 30 V DC 2 A potential-free, software configurable, switchable
Ethernet interface
RJ45 socket
Antennas:
Antenna connection
RTNC socket
Transmit Power (WLAN)
max. 100 mW (20 dBm) EIRP
Receiver sensitivity
2.4 GHz 802.11b/g:
1 Mbit/s -91 dBm; 2 Mbit/s -90 dBm; 5.5 Mbit/s -89 dBm;
11 Mbit/s -88 dBm; 6 Mbit/s -90 dBm;9 Mbit/s -89 dBm;
12 Mbit/s -88 dBm; 18 Mbit/s -86 dBm; 24 Mbit/s -83
dBm; 36 Mbit/s -80 dBm; 48 Mbit/s -76 dBm; 54 Mbit/s 74 dBm
bintec WLAN and Industrial WLAN
37
6 Technical data
Funkwerk Enterprise Communications GmbH
Property
Value
Modulation
Modulation IEEE 802.11 standards: b/g (2.4 GHz)
Modulation types: 11, 5.5, 2 and 1 Mbit/s (DSSS) 2.4 GHz;
54, 48, 36, 24, 18, 12, 9 and 6 Mbit/s (OFDM) 2.4 GHz
Channels
IEEE802.11b/g: 13 channels (Europe)
Standards
IEEE 802.11b,g,d,h,i
IEEE 802.3
IEEE 802.3f
IEEE 802.1q (VLAN Tagging)
Standards & Guidelines
R&TTE Directive 1999/5/EC
EN 60950-1 (IEC60950); EN 60950-22; EN 301489-1;
EN301489-17; EN 55022; EN 300328-1; EN 301893; EN
302502; EN 50371
Buttons
Reset and reset to ex work settings possible with two buttons (1x config reset, 1x HW reset)
Security features
WEP, WPA, WPA2, Access Control List, Network Name
Broadcast can be deactivated
WEP key length (bit)
40 (64) or 104 (128)
Software supplied
Printed documentation supplied
Dime Manager on DVD
Quick Install Guide
Safety notices
R&TTE Compliance Information
Online documentation
User's Guide
Workshops
Release Notes, if required
To ensure safe operation, the WI series devices have a connection to earth. The minimum
cross-section of the earth lead should be 1.5 mm². The distance between the device and
the connection to earth should be as short as possible. For the bintec WIx065n devices,
38
bintec WLAN and Industrial WLAN
6 Technical data
Funkwerk Enterprise Communications GmbH
the connection to earth is under the cover.
Fig. 11: Connection to earth bintec WIx040n
6.3 LEDs
The LEDs show the radio status, radio activity, Ethernet activity and LED states of your
device. The LED states are indicated by combinations of the LEDs which are explained in
detail in this chapter.
The LEDs on bintec W1002n are arranged as follows:
Fig. 12: LEDs of bintec W1002n
In operation mode, the LEDs display the following status information for your device:
LED status display bintec W1002n
LED
Status
Information
Status
off
The power supply is not connected. If
other LEDs are on, also Error.
on (static)
Errors
on (flashing)
Ready
on (flashing slowly)
Free
on (static)
At least one client is registered.
on (flickering)
At least one client is registered and
there is data traffic.
on (flashing fast)
BLD (Broken Link Detection) active
on (flashing fast)
Scan active
WLAN (1/2)
bintec WLAN and Industrial WLAN
39
6 Technical data
Funkwerk Enterprise Communications GmbH
LED
Status
Information
ETH 1/2
off
No cable or no Ethernet link
on
Cable plugged in and link
on (flickering)
Cable plugged in and link with data
traffic
During the heating phase the red Failure LED flashes. Once this temperature has been
reached, the device continues with the start-up process.
All LEDs are on during the start-up process. This means the monitor has been started and
firmware is being loaded.
Note
Note that the number of active WLAN LEDs depends on the number of existing wireless modules.
The LEDs on bintec WI1040n and bintec WI2040n are arranged as follows:
Fig. 13: LEDs of bintec WI1040n and bintec WI2040n
In operation mode, the LEDs display the following status information for your device:
LED status display bintec WI1040n and bintec WI2040n
LED
Status
Information
Failure (red)
on
After power-up and during booting or
if an error occurs.
flashes
During the heating phase.
off
If the device is at the login prompt.
off
The power supply is not connected. If
other LEDs are on, also Error.
Status (green)
40
bintec WLAN and Industrial WLAN
6 Technical data
Funkwerk Enterprise Communications GmbH
LED
WLAN 1/2/3 (3x green)
ETH 1/2
Status
Information
on (static)
Errors
on (flashing)
Ready
on (flashing slowly)
Free
on (static)
At least one client is registered.
on (flickering)
At least one client is registered and
there is data traffic.
on (flashing fast)
BLD (Broken Link Detection) active
on (flashing fast)
Scan active
off
No cable or no Ethernet link
on
Cable plugged in and link
on (flickering)
Cable plugged in and link with data
traffic
off
No data traffic
on
Data traffic via the SFP interface.
(2x green)
SFP (green)
on (flickering)
Cable plugged in and data traffic
During the heating phase the red Failure LED flashes. The other LEDs then come on during booting (if the units are initialised).
Note
Note that the number of active WLAN LEDs depends on the number of existing wireless modules.
The LEDs on bintec WI1065n and bintec WI2065n are arranged as follows:
bintec WLAN and Industrial WLAN
41
6 Technical data
Funkwerk Enterprise Communications GmbH
Fig. 14: LEDs of bintec WI1065n and bintec WI2065n
In operation mode, the LEDs display the following status information for your device:
LED status display bintec WI1065n and bintec WI2065n
LED
Status
Information
Failure (red)
on
After power-up and during booting or if an
error occurs.
flashes
During the heating phase.
off
If the device is at the login prompt.
off
The power supply is not connected. If other
LEDs are on, also Error.
on (static)
Errors
on (flashing)
Ready
on (flashing slowly)
Free
on (static)
At least one client is registered
on (flickering)
At least one client is registered and there is
data traffic
on (flashing fast)
BLD (Broken Link Detection) active
on (flashing fast)
Scan active
off
No cable or no Ethernet link
on
Cable plugged in and link
on (flickering)
Cable plugged in and link with data traffic
off
No data traffic
on
Data traffic via the SFP interface.
on (flickering)
Cable plugged in and data traffic
Status (green)
WLAN 1/2/3 (3x
green)
ETH 1/2 (2x green)
SFP (green)
42
bintec WLAN and Industrial WLAN
6 Technical data
Funkwerk Enterprise Communications GmbH
During the boot operation, only the red LED is on. The other LEDs then come on during
booting (if the units are initialised).
6.4 Connectors
All the connections are located on the underside of the device.
On bintec W1002n the third antenna connection is located on the underside of the device.
The connectors on industrial WLAN devices with 802.11n support are the same as the connectors on other industrial WLAN devices. Only the assignment of the antenna connectors
is different. See Antenna connectors for industrial WLAN devices with 802.11n support on
page 45.
bintec W1002n has two Ethernet connections and a serial interface.
The connections are arranged as follows:
Fig. 15: bintec W1002n underside
bintec W1002n underside
POWER
Socket for plug-in power pack
CONSOLE
Serial interface
RESET
Reset button
ETH1/PoE and
ETH2
10/100 Base-T Ethernet interface
ANT3
Connections for screwing on the external antennas
ANT3 = RX3
Top
witho ANT1/ANT2
ut
Fig.
bintec WLAN and Industrial WLAN
Connections for screwing on the external antennas
ANT1 = TX/RX1 (Connection of first directional antenna)
43
6 Technical data
Funkwerk Enterprise Communications GmbH
ANT2 = TX/RX2 (Connection of second option directional antenna)
bintec WI1040n, and bintec WI2040n have two Ethernet connections and a serial interface.
The connections are arranged as follows:
Fig. 16: Underside bintec WI1040n and bintec WI2040n
Underside of bintec WI1040n and bintec WI2040n
Power 24V DC
Socket for power supply
Eth1 (PoE) / Eth2
10/100 Base-T Ethernet interfaces
Reset (HW and
Cfg)
Reset button and delete configuration
SFP
SFP slot for 100 Mbit/s fibre module (optional)
Serial
Serial interface RS232
Relay N/O
Alarm relay
bintec WI1065n and bintec WI2065n have two Ethernet connections and a serial interface.
The connections are arranged as follows:
Fig. 17: Underside bintec WI1065n and bintec WI2065n
Underside of bintec WI1065n and bintec WI2065n
44
Power 24 V DC
Socket for power supply
Eth1 PoE / Eth2 10/100 Base-T Ethernet interfaces
bintec WLAN and Industrial WLAN
6 Technical data
Funkwerk Enterprise Communications GmbH
HW
Reset button performs restart
Cfg
Deletes the configuration
SFP
SFP slot for 100 Mbit/s fibre module (optional)
Serial
Serial interface RS232
Relay N/O
Alarm relay contact
6.5 Antenna connectors for industrial WLAN devices
with 802.11n support
Note
The three antenna for devices bintec WI1040n, bintec WI1065n and bintec W1002n
have 2 Transmit and 3 Receive functions in n operating mode MIMO 2T3R. WLAN 1
Ant. 1 and WLAN 1 Ant. send and receive, Ant. 3 only receives.
For devices bintec WI2040n and bintec WI2065n only 2 antenna are used for each of
the 2 wireless modules. These are both sending and receiving antenna. There is no
third receiving antenna; this is MIMO 2T2R operating mode.
However gross rates of 300 Mbps are possible. The receiving sensitivity decreases
slightly. Only 2 antenna connections are required to operate bridgelink with dual polarisation antenna.
Antenna should be Lambda/2 or a multiple of this. In bintec WIx040n the antenna are
37 mm apart; in bintec WIx065n the antenna are 55 mm apart.
2.4 GHz Lambda/2 corresponds to 6.15 cm; 5 GHz Lambda/2 corresponds to 2.72 cm.
Devices with 802.11n support can use up to 3 antenna per wireless module. The assignment of the existing 4 antenna connectors is shown in the following graphic:
Fig. 18: Antenna configuration for bintec WIx040n devices
bintec WLAN and Industrial WLAN
45
6 Technical data
Funkwerk Enterprise Communications GmbH
Fig. 19: Antenna configuration for bintec WIx065n devices
6.6 Pin Assignments
6.6.1 Ethernet interface
Your device has two Ethernet interfaces. These are used to connect individual PCs or other
switches.
The connection is made via an RJ45 socket.
Fig. 20: Ethernet 10/100 Base-T interface (RJ45 socket)
The pin assignment for the Ethernet 10/100 Base-T interface (RJ45 socket) is as follows:
RJ45 socket for LAN connection
Pin
Function Eth1 - PoE
Function Eth 2
TD +/Power
TD +
TD -/Power
TD -
RD +/Power
RD +
Power
Not used
Power
Not used
RD -/Power
RD -
Power
Not used
Power
Not used
The Ethernet 10/100 BASE-T interface does not have an Auto-MDI-X function in bintec
46
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
6 Technical data
W1002n.
6.6.2 Serial interface
Your device has a Serial interface for connection to a console. This supports Baud rates
from 1200 to 115200 Bps.
The interface is designed as a 9-pin SUB-D socket.
Fig. 21: 9-pin Sub-D connector
The pin assignment is as follows:
Pin assignment of the Sub-D port
Pin
bintec W1002n function
Not used
RxD
TxD
Not used
GND
DSR
RTS
CTS
Not used
6.6.3 Socket for power supply
The WI devices have a 3-pole connection for the power supply. An individual power supply
can be connected with any polarity and to any terminal with 2 pins. If a redundant power
supply is selected (2 mains units) the minus poles must be connected together to terminal
2 and the plus poles must be connected separately to terminals 1 and 3.
Fig. 22: 3-pole connector for the power supply
The pin assignment is as follows:
bintec WLAN and Industrial WLAN
47
6 Technical data
Funkwerk Enterprise Communications GmbH
Pin assignment of the connector for the power supply
Pin
Configuration
6.7 Frequencies and channels
Different certification regulations apply around the world. ETSI standards generally apply
(predominantly used in Europe). For operation in Europe, please read the notes in the
R&TTE Compliance Information.
6.8
FCC Compliance statement
This device complies with part 15 of the FCC Rules.Operation is subject to the following
two conditions:
(1) This device may not cause harmful interference, and
(2) this device must accept any interference received, including interference that may
cause undesired operation.
Modifications not expressly approved by this company could void the user's authority
to operate the equipment.
The external antennas used for this transmitter must provide a separation distance
of at least 20 cm from all persons and must not be co-located oroperating in conjunction
with any other antenna ortransmitter.This device and its antenna must not be colocated
or operating in conjunction with any other antenna or transmitter.
Do not change the delivered antennas, modifications could void the user's authority to
operate the equipment.
48
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
6 Technical data
6.9 WEEE information
bintec WLAN and Industrial WLAN
49
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Chapter 7 Access and configuration
This chapter describes all the access and configuration options.
7.1 Access Options
The various access options are presented below. Select the procedure to suit your needs.
There are various ways you can access your device to configure it:
⢠Via your LAN
⢠Via the serial interface
7.1.1 Access via LAN
Access via one of the Ethernet interfaces of your device allows you to open the Funkwerk
Configuration Interface in a web browser for configuration purposes and to access your
device via Telnet or SSH.
Caution
If you carry out the initial configuration with the Funkwerk Configuration Interface ,
this can result in inconsistencies or malfunctions, as soon as you carry out additional
settings using other configuration options. Therefore, it is recommended that the configuration is continued with the Funkwerk Configuration Interface . If you use SNMP
shell commands, continue with this configuration method.
7.1.1.1 HTTP/HTTPS
With a current web browser, you can use the HTML interfaces to configure your device.
The configuration can be set up using the Funkwerk Configuration Interface . To do this,
enter the IP address of your device in the address field of your Web browser.
With DHCP server:
⢠the IP address that your DHCP server assigned to your device
Without DHCP server:
⢠With direct connection to the configuration PC: the fallback IP address
50
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
7 Access and configuration
⢠The fixed IP address assigned via the Dime Manager
Press the Enter (Return) key .
7.1.1.2 Telnet
Apart from configuration using a web browser, with a Telnet connection you can also access the SNMP shell and use other configuration options.
You do not need any additional software on your PC to set up a Telnet connection to your
device. Telnet is available on all operating systems.
Proceed as follows:
Windows
(1)
Click Run⌠in the Windows Start menu.
(2)
Enter !.
(3)
Click OK.
A window with the login prompt appears. You are now in the SNMP shell of your
device.
(4)
Continue with Logging in for Configuration on page 56.
Unix
You can also set up a Telnet connection on UNIX and Linux without any problem:
(1)
Enter ! in a terminal.
A window with the login prompt appears. You are now in the SNMP shell of your
device.
(2)
Continue with Logging in for Configuration on page 56.
7.1.1.3 SSH
In addition to the unencrypted and potentially viewable Telnet session, you can also connect to your device via an SSH connection. This is encrypted, so all the remote maintenance options can be carried out securely.
The following preconditions must be met in order to connect to the device via SSH:
⢠The encryption keys needed for the process must be available on the device.
⢠An SSH client must be installed on your PC.
Encryption keys
First of all, make sure that the keys for encrypting the connection are available on your
bintec WLAN and Industrial WLAN
51
7 Access and configuration
Funkwerk Enterprise Communications GmbH
device:
(1)
Log in to one of the types already available on your device (e.g. via Telnet - for login
see Logging in on page 55).
(2)
Enter " for the input prompt. You are now in the Flash Management shell.
(3)
Call up a list of all the files saved on the device: ".
If you see a display like the one below, the keys needed are already there and you can
connect to the device via SSH:
#$"%$ ! "
# & '$ ( )*
&"+ ", - .
&2""" . . 3.
-
../. /.
00
+.1
../. /.- .00 $1$114 +
&2""" . . .
../. /.- .00
$1$114
&2""" . . . -3.
../. /.- .0 0- $1$114 +
&2""" . . . -
../. /.- .0 0
$1$114
#$"%$ !
Note
The device generates a key pair for each of the algorithms (RSA and DSA), i.e. two
files must be stored in the flash for each algorithm (see example at above).
If no keys are available, you have to generate these first. Proceed as follows:
52
(1)
Leave the Flash Management shell with .
(2)
Launch the Funkwerk Configuration Interface and log on to your device (see Calling up Funkwerk Configuration Interface on page 58).
(3)
Make sure that *$) 0 is selected as the language.
(4)
Check the key status in the System Management->Administrative Access->SSH
menu. If both keys are available, you'll see in both fields RSA Key Status and DSA
Key Status the value 1 " .
(5)
If one or both of these fields contains the value 2" 1 " , you must generate
the relevant key. To have the device generate the key, click Generate.
The device generates the key and stores it in the FlashROM. 1 " indicates
that generation was successful.
(6)
Make sure that both keys have been successfully generated. If necessary, repeat the
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
7 Access and configuration
procedure described above.
Login via SSH
Proceed as follows to log in on your device via SSH:
If you have made sure that all the keys needed are available on the device, you have to
check whether an SSH client is installed on your PC. Most UNIX and Linux distributions install a SSH client by default. Additional software, e.g. PuTTY, usually has to be installed on
a Windows PC.
Proceed as follows to log in on your device via SSH:
UNIX
(1)
Enter $ $ ! in a terminal.
The login prompt window appears. This is located in the SNMP shell of the device.
(2)
Continue with Logging in on page 55.
Windows
(1)
How an SSH connection is set up very much depends on the software used. Consult
the documentation for the program you are using.
As soon as you have connected to the device, the login prompt window will appear.
You are now in the SNMP shell of your gateway.
(2)
Continue with Logging in on page 55.
Note
PuTTY requires certain settings for a connection to a bintec device. The support
pages of http://www.funkwerk-ec.com include FAQs, which list the required settings.
7.1.2 Access via the Serial Interface
Your device has a serial interface, with which a PC can be connected directly. The following chapter describes what you have to remember when setting up a serial connection and
what you can do to configure your device in this way.
Access via the serial interface is ideal if you are setting up an initial configuration of your
device and a LAN access is not possible via the pre-configured IP address
(192.168.0.252/255.255.255.0).
Windows
bintec WLAN and Industrial WLAN
53
7 Access and configuration
Funkwerk Enterprise Communications GmbH
To connect your device to your PC via the serial interface, proceed as described in Installation on page 6.
If you are using a Windows PC, you need a terminal program for the serial connection, e.g.
HyperTerminal. Make sure that HyperTerminal was also installed on the PC with the Windows installation. However, you can also use any other terminal program that can be set to
the corresponding parameters (see below).
Proceed as follows to access your device via the serial interface:
(1)
Click on Programs -> Accessories -> HyperTerminal in the Windows Start menu.
(2)
Press Return (at least once) after the HyperTerminal window opens.
A window with the login prompt appears. You are now in the SNMP shell of your device.
You can now log in on your device and start the configuration.
Check
If the login prompt does not appear after you press Return several times, the connection to
your device has not been set up successfully.
Therefore, check the COM1 or COM2 settings on your PC.
(1)
Click on File ->Properties.
(2)
Click Configure in the Connect to tab.
The following settings are necessary:
- Bits per second:
- Data bits:
- Parity: !
- Stopbits:
- Flow control: !
(3)
Enter the values and click OK.
(4)
Make the following settings in the Settings tab:
- Emulation: 34
(5)
Click OK.
The changes to the terminal program settings do not take effect until you disconnect the
connection to your device and then make the connection again.
If you use HyperTerminal, there may be problems with displaying umlauts and other special
characters. If necessary, therefore, set HyperTerminal to " " " instead of 34
.
Unix
54
bintec WLAN and Industrial WLAN
7 Access and configuration
Funkwerk Enterprise Communications GmbH
You will require a terminal program such as (on System V), (on BSD) or * *
(on Linux). The settings for these programs correspond to those listed above.
Example of a command line for using : "
.. " //%
Example of a command line for using : "
.. //%
7.2 Logging in
With the help of certain access data, you can log in on your device and carry out different
actions. The extent of the actions available depend on the authorisations of the user concerned.
A login prompt appears first, regardless of how you access your device. You cannot view
any information on the device or change the configuration without authentication.
7.2.1 User names and passwords in ex works state
In its ex works state, your device is provided with the following user names and passwords:
User names and passwords in ex works state
User Name Password
Authorisations
*
424 Read and change system variables, save configurations; use
Funkwerk Configuration Interface .
2
+
Read and write system variables (except passwords) (changes
are lost when you switch off your device).
+
Read system variables (except passwords).
It is only possible to change and save configurations if you log in with the user name "
*. Access information (user names and passwords) can also only be changed if you log
in with the user name *. For security reasons, passwords are normally shown on the
Setup Tool screen not in plain text, but only as asterisks. The user names, on the other
hand, are displayed as plain text.
The security concept of your device enables you to read all the other configuration settings
with the user name , but not the access information. It is therefore impossible to log in
with , read the password of the * user and subsequently log in with * and
make changes to the configuration.
bintec WLAN and Industrial WLAN
55
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Caution
All bintec devices are delivered with the same username and password. As long as
the password remains unchanged, they are therefore not protected against unauthorised use. How to change the passwords is described in on page .
Make sure you change the passwords to prevent unauthorised access to your device!
If you have forgotten your password, you must reset your device to the ex works state,
which means your configuration will be lost.
7.2.2 Logging in for Configuration
Set up a connection to the device. The access options are described in Access Options on
page 50.
Funkwerk Configuration Interface
Log in via the HTML surface as follows:
(1)
Enter your user name in the User field of the input window.
(2)
Enter your password in the Password field of the input window and confirm with Return or click the Login button.
The status page of the Funkwerk Configuration Interface opens in the browser.
SNMP shell
Log into the SNMP shell as follows:
(1)
Enter your user name e.g. *, and confirm with Return.
(2)
Enter your user password e.g. 424, and confirm with Return.
Your device logs in with the input prompt, e.g. 2.. 0!. The login was successful. You are
now in the SNMP shell.
To leave the SNMP shell after completing the configuration, enter and press Return.
7.3 Configuration options
This chapter first offers an overview of the various tools you can use for configuration of
your device.
56
bintec WLAN and Industrial WLAN
7 Access and configuration
Funkwerk Enterprise Communications GmbH
You can configure your device in the following ways:
⢠Funkwerk Configuration Interface
⢠Assistant
⢠SNMP shell commands
The configuration options available to you depend on the type of connection to your device:
Types of connections and configurations
Type of connection
Possible types of configuration
LAN
Wizard, Funkwerk Configuration Interface , shell commands
Serial connection
Shell command
Therefore, several types of configuration are available for each type of connection.
Note
To change the device configuration, you must log in with the user name *. If you
do not know the password, you cannot make any configuration settings. This applies to
all types of configuration.
7.3.1 Funkwerk Configuration Interface for advanced users
Funkwerk Configuration Interface is a web-based graphic user surface that you can use
from any PC with an up-to-date Web browser via an HTTP or HTTPS connection.
With the Funkwerk Configuration Interface you can perform all the configuration tasks
easily and conveniently. It is integrated in your device and is available in English. If required, other languages can be downloaded from the download area of
www.funkwerk-ec.com and installed on your device.
The settings you make with the Funkwerk Configuration Interface are applied with the
OK or Apply button of the menu, and you do not have to restart the device.
If you finish the configuration and want to save your settings so that they are loaded as the
boot configuration when you reboot your device, save these by clicking the Save configuration button.
You can also use the Funkwerk Configuration Interface to monitor the most important
function parameters of your device.
bintec WLAN and Industrial WLAN
57
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Fig. 24: Funkwerk Configuration Interface home page
7.3.1.1 Calling up Funkwerk Configuration Interface
(1)
Check whether the device is connected and switched on and that all the necessary
cables are correctly connected (see Technical data on page 28).
(2)
Check the settings of the PC from which you want to configure your device (see Configuring a PC on page 18).
(3)
Open a web browser.
(4)
Enter 0""!%55 (or the IP address dynamically assigned by your
DHCP server or the address statically assigned by you with the Dime Manager) in the
Web browser's address field.
(5)
Enter in the User field and
in the Password field and click LOGIN.
You are not in the status menu of your device's Funkwerk Configuration Interface (see
Status on page 76).
58
bintec WLAN and Industrial WLAN
7 Access and configuration
Funkwerk Enterprise Communications GmbH
7.3.1.2 Operating elements
Funkwerk Configuration Interface window
The Funkwerk Configuration Interface window is divided into three areas:
⢠The header
⢠The navigation bar
⢠The main configuration window
Fig. 25: Areas of the Funkwerk Configuration Interface
Header
Fig. 26: Funkwerk Configuration Interface header
Funkwerk Configuration Interface header
Menu
Function
Language: In the dropdown menu, choose the language in
which you want to display the Funkwerk Configuration Interface. Here you can choose the language in which you perform
bintec WLAN and Industrial WLAN
59
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Menu
Function
the configuration. German and English are available.
View: Select the desired view from the dropdown menu. Standard and SNMP browsers can be selected.
Online Help: Click this button if you want help with the menu
now active. The description of the sub-menu where you are now
is displayed.
Logout: If you want to end the configuration, click this button to
log out of your device. A window is opened offering you the following options:
⢠Save configuration, save previous boot configuration, then
exit.
⢠Save configuration, then exit.
⢠Exit without saving.
Navigation bar
Fig. 27: Save Configuration button
60
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
7 Access and configuration
Fig. 28: Menus
The Save configuration button is found in the navigation bar.
If you save a current configuration, you can save this as the boot configuration or you can
also archive the previous boot configuration as a backup.
If you click the Save configuration button in the FCI, you will be asked "Do you really want
to save the current configuration as a boot configuration?"
You have the following two options:
⢠/
$ ", i.e. save the current configuration as the boot configuration
⢠/ $ " # ! ! /
#" $ ", i.e. save
the current configuration as the boot configuration and also archive the previous boot
configuration as a backup.
If you want to load the archived boot configuration into your device, go to the
Maintenance->Software &Configuration menu, select Action = 6!" $
" and click on Go. The archived backup is used as the current boot configuration.
bintec WLAN and Industrial WLAN
61
7 Access and configuration
Funkwerk Enterprise Communications GmbH
The navigation bar also contains the main configuration menus and their sub-menus.
Click the main menu you require. The corresponding sub-menu then opens.
If you click the sub-menu you want, the entry selected will be displayed in red. All the other
sub-menus will be closed. You can see at a glance the sub-menu you are in.
Status page
If you call the Funkwerk Configuration Interface , the status page of your device is displayed after you log in. The most important data of your device can be seen on this at a
glance.
Main configuration window
The sub-menus generally contain several pages. These are called using the buttons at the
top of the main window. If you click a button, the window is opened with the basic parameters. You can extend this by clicking the Advanced Settings tab, which displays the additional options.
Configuration elements
The various actions that you can perform when configuring your device in the Funkwerk
Configuration Interface are triggered by means of the following buttons:
Funkwerk Configuration Interface buttons
Button
Function
Updates the view.
If you do not want to save a newly configured list entry, cancel
this and any settings made by pressing Cancel.
Confirms the settings of a new entry and the parameter
changes in a list.
Immediately starts the configured action.
Calls the sub-menu to create a new entry.
Inserts an entry in an internal list.
Funkwerk Configuration Interface buttons for special functions
Button
Function
In the Access Point Discovery menu, with this button you start
62
bintec WLAN and Industrial WLAN
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Button
Function
the automatic recognition of all access points available in the
network and connected by Ethernet.
In the System Management->Certificates->Certificate List
menu and the System Management->Certificates->CRLs
menu, this button activates the sub-menus for configuration of
the certificate or CRL imports.
In the System Management->Certificates->Certificate List
menu, this button activates the sub-menu for the configuration
of the certificate request.
In the Monitoring->ISDN/Modem->Current Calls menu, presscolumn.
ing this button ends the active calls selected in the
Various icons indicate the following possible actions or statuses:
Funkwerk Configuration Interface symbols
Icon
Function
Deletes the list entry.
Displays the menu for changing the settings of an entry.
Displays the details for an entry.
Moves an entry. A combo box opens in which you can choose
the list entry that selected entry is to be placed in front of/after.
Creates another list entry first and opens the configuration
menu.
Sets the status of the entry to 6"/ .
Sets the status of the entry to "/ .
Indicates "Dormant" status for an interface or connection.
Indicates "Up" status for an interface or connection.
Indicates "Down" status for an interface or connection.
Indicates "Blocked" status for an interface or connection.
Indicates "Going up" status for an interface or connection.
Indicates that data traffic is encrypted.
Triggers a WLAN bandscan.
bintec WLAN and Industrial WLAN
63
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Icon
Function
Displays the next page in a list.
Displays the previous page in a list.
You can select the following operating functions in the list view:
Funkwerk Configuration Interface list options
Menu
Function
Update Interval
Here you can set the interval in which the view is to be updated.
To do this, enter a period in seconds in the input field and con.
firm it with
Filter
You can have the list entries filtered and displayed according to
certain criteria.
You can determine the number of entries displayed per page by
entering the required number in Viewxper page.
Use the
and
buttons to scroll one page forward and one
page back.
You can filter according to certain keywords within the configuration parameters by selecting the filter rule you want under Filter inx y and entering the search word in the input
field.
launches filter operation.
Configuration elements
Some lists contain configuration elements.
You can therefore change the configuration of the corresponding list entry directly in the list.
Fig. 29: Configuration of the update interval
Fig. 30: Filter list
Structure of the Funkwerk Configuration Interface configuration menu
The menus of the Funkwerk Configuration Interface contain the following basic struc-
64
bintec WLAN and Industrial WLAN
7 Access and configuration
Funkwerk Enterprise Communications GmbH
tures:
Funkwerk Configuration InterfaceMenu architecture
Menu
Function
Basic configuration
menu/list
When you select a menu from the navigation bar, the menu of
basic parameters is displayed first. In a sub-menu containing
several pages, the menu containing the basic parameters is displayed on the first page.
The menu contains either a list of all the configured entries or
the basic settings for the function concerned.
Sub-menu
The New button is available in each menu in which a list of all
the configured entries is displayed. Click the button to display
the configuration menu for creating a new list entry.
Sub-menu
Click this button to process the existing list entry. You go to the
configuration menu.
Menu
Click this tab to display extended configuration options.
The following options are available for the configuration:
Funkwerk Configuration Interface configuration elements
Menu
Function
Input fields
e.g. empty text field
Text field with hidden input
Enter the data.
Radio buttons
e.g.
Select the corresponding option.
Checkboxes
e.g. activation by selecting checkbox
Selection of several possible options
Dropdown menus
bintec WLAN and Industrial WLAN
e.g.
65
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Menu
Function
Click the arrow to open the list. Select the required option using
the mouse.
Internal lists
e.g.
Click
. A new list entry is created. Enter the correspond-
ing data. If list input fields remain empty, these are not saved
when you confirm with OK. Delete the entries by clicking the
icon.
Display of options that are not available
Options that are not available because they depend on the selection of other options are
generally hidden. If the display of these options could be helpful for a configuration decision, they are instead greyed out and cannot be selected.
Important
Please look at the messages displayed in the sub-menus. These provide information
on any incorrect configurations.
Warning symbols
Icon
Meaning
This symbol appears in messages referring you to settings
that were made with the Setup Tool.
This symbol appears in messages referring you to the fact
that values were entered or selected incorrectly.
Pay particular attention to the following message:
"Warning: Changes not supported by the Setup Tool!" If you change them with the
Funkwerk Configuration Interface , this can cause inconsistencies or malfunctions.
Therefore, it is recommended that the configuration is continued with the Setup Tool.
66
bintec WLAN and Industrial WLAN
7 Access and configuration
Funkwerk Enterprise Communications GmbH
7.3.1.3 Funkwerk Configuration InterfaceMenus
The configuration options of your device are contained in the sub-menus, which are displayed in the navigation bar in the left-hand part of the window.
Note
Please note that not all devices have the full range of functions. Check the software of
your device on the corresponding product page under www.funkwerk-ec.com .
Assistants
Menu
Function
First steps
In this menu you can make the basic settings that are required
to add your gateway to your local network (LAN).
Internet Access
The wizard guides you through the individual configuration
steps to connect your local network (LAN) to the internet.
VPN
In this menu you are guided through all of the settings that are
required to set up your LAN-LAN connection as a virtual private
network.
Wireless LAN
Wireless LAN involves the set-up of a network using wireless
technology.
VoIP PBX in LAN
The assistant is required for specific PBX in the LAN, such as
Hybird in order to guarantee SIP compatibility. To do this, external communication is carried out over a single IP address
and NAT is realised as full-cone NAT.
System Management
Menu
Function
Status
In this menu, general information on your device is displayed at
a glance.
This information includes serial number, software version, current memory and processor use, status of the physical interfaces and the last 10 system messages.
Global Settings
In this menu, you enter the basic system settings of your device,
such as, for example, system name, system date, system time
and passwords.
You can also manage licences that are necessary for the use of
bintec WLAN and Industrial WLAN
67
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Menu
Function
certain functions.
Interface Mode / Bridge In this menu, you define the mode in which the interfaces of
Groups
your device are to run (routing or bridging) and if necessary can
define bridge groups.
Administrative Access In this menu, you configure the access options for the individual
interfaces.
Remote Authentication In this menu, you configure the authentication via a RADIUS
server or TACACS+ server.
Certificates
In this menu you can generate and import keys and have them
certified.
Physical Interfaces
Menu
Function
Ethernet Ports
In this menu, you configure the Ethernet interfaces of your
device. To do this, you select the speed and type of interface,
for example.
Serial Port
Relay
This menu is for configuring the serial interface if one exists.
In this menu, you configure the relay.
LAN
Menu
Function
IP Configuration
In this menu, you carry out the IP configuration of the LAN interfaces for your device.
VLAN
In this menu, you configure the VLANs.
Wireless LAN
68
Menu
Function
WLAN
In this menu, you configure your wireless modules as an access
point or bridge.
Administration
In this menu, you make the basic WLAN settings.
bintec WLAN and Industrial WLAN
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Wireless LAN Controller
Menu
Function
Wizard
The Wizard helps you to set up a WLAN infrastructure.
Controller Configuration
In this menu, you make the basic wireless LAN controller settings.
Slave AP configuration In this menu, you configure the slave access points.
Monitoring
In this menu, you can monitor active and neighbouring clients.
Maintenance
In this menu, you can update access point software and save
any configurations.
Networking
Menu
Function
Routes
In this menu, you enter additional routes.
NAT
In this menu, you configure the NAT firewall (NAT, Network Address Translation).
Load Balancing
In this menu, you configure application-controlled bandwidth
management.
QoS
In this menu, you configure all the "Quality of Service" settings.
Access Rules
In this menu, accesses to data and functions are restricted.
Routing Protocols
Menu
Function
RIP
In this menu, you configure the dynamic updating of the routing
table via RIP.
Multicast
Menu
Function
General
In this menu, you enable or disable multicast routing.
IGMP
In this menu, you configure the interfaces on which IGMP is to
be enabled.
Forwarding
bintec WLAN and Industrial WLAN
In this menu, you specify which multicast groups are always
69
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Menu
Function
passed between the interfaces of your device.
PIM
In this menu, you can turn on and off all PIM functionalities.
WAN
Menu
Function
Internet + Dialup
In this menu, you define the Internet connections for the various
connection protocols or dialup connections.
Real Time Jitter Control
In this menu, you can optimise the low-bandwidth transmission
of voice data packets.
VPN
Menu
Function
IPSec
In this menu, you configure VPN connections over IPSec.
L2TP
In this menu you configure the use of L2TP (Layer 2 Tunnelling
Protocol).
GRE
This menu shows a list of all configured GRE tunnels.
Firewall
Menu
Function
Policies
In this menu you configure the filter rules for the firewall.
Interfaces
In this menu, you can group together the interfaces to be
filtered.
Addresses
In this menu, you can create the address aliases to be filtered.
Services
In this menu, you can create the service aliases to be filtered.
Local Services
70
Menu
Function
DNS
In this menu, you configure the name resolution.
HTTPS
In this menu, you configure the port and certificate for a configuration session over HTTPS.
DynDNS Client
In this menu, you configure the dynamic name resolution.
bintec WLAN and Industrial WLAN
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Menu
Function
DHCP Server
In this menu, you configure your device as a DHCP server.
Scheduling
In this menu, you configure time-dependent standard actions of
your devices.
Surveillance
In this menu, you configure the surveillance of interfaces or
hosts in the network.
Funkwerk Discovery
In this menu, you can configure management functions for
bintec Access Point.
HotSpot Gateway
In this menu, you configure the bintec Hotspot Gateway.
Maintenance
Menu
Function
Diagnostics
In this menu you can test the accessibility of hosts, DNS servers
or routing.
Software
&Configuration
In this menu, you manage your device's software version, configuration files and interface language.
Reboot
In this menu, you can initiate the rebooting of the device.
External Reporting
Menu
Function
Syslog
In this menu, you configure the host to which the data logged internally on the device is forwarded for saving and further processing.
IP Accounting
In this menu, you decide for which interfaces accounting messages are to be generated.
E-mail Alert
Depending on the configuration, in this menu e-mails are sent to
the administrator as soon as relevant syslog messages occur.
SNMP
In this menu, you configure whether the device is to listen for
external SNMP accesses and send SNMP traps.
Activity Monitor
In this menu, you configure the monitoring of your device with
the Windows Tool Activity Monitor.
bintec WLAN and Industrial WLAN
71
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Monitoring
Menu
Function
Internal Log
In this menu, the system messages are displayed.
IPSec
In this menu, the IPSec connections and connection statistics
that are currently active are displayed.
Interfaces
In this menu, connection statistics and status of all interfaces
are displayed.
WLAN
This menu shows you the WLAN connections statistics.
Bridges
In this menu you can view the current values of the configured
bridges.
HotSpot Gateway
This menu shows a list of all bintec Hotspot users.
QoS
In this menu, statistics are displayed for all interfaces for which
QoS has been configured.
PIM
In this menu, the status for all interfaces for which PIM has been
configured is displayed.
7.3.2 SNMP shell
SNMP (Simple Network Management Protocol) is a protocol that defines how you can access the configuration settings.
All configuration settings are stored in the MIB (Management Information Base) in the form
of MIB tables and MIB variables. You can access these directly from the SNMP shell via
SNMP commands. This type of configuration requires a detailed knowledge of our devices.
7.4 BOOTmonitor
The BOOTmonitor is only available over a serial connection to the device.
The BOOTmonitor provides the following functions, which you select by entering the corresponding number:
72
(1)
Boot System (reboot the system):
The device loads the compressed boot file from the flash memory to the working
memory. This happens automatically on starting.
(2)
Software Update via TFTP:
The devices performs a software update via a TFTP server.
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
7 Access and configuration
(3)
Software Update via XMODEM:
The device performs a software update via a serial interface with XMODEM.
(4)
Delete configuration:
The device is reset to the ex works state. All configuration files are deleted and the
BOOTmonitor settings are set to the default values.
(5)
Default BOOTmonitor Parameters:
You can change the default settings of the BOOTmonitor of the device, e.g. the
baud rate for serial connections.
(6)
Show System Information:
Shows useful information about your device, e.g. serial number, MAC address and
software versions.
The BOOTmonitor is started as follows.
The devices passes through various functional states when starting:
⢠Start mode
⢠BOOTmonitor mode
⢠Normal mode
After some self-tests have been successfully carried out in the start mode, your device
reaches the BOOTmonitor mode. The BOOTmonitor prompt is displayed if you are serially
connected to your device.
Fig. 31: BOOTmonitor
After display of the BOOTmonitor prompt, press the space bar within four seconds to use
the functions of the BOOTmonitor. If you do not make an entry within four seconds, the
device changes back to normal operating mode.
bintec WLAN and Industrial WLAN
73
7 Access and configuration
Funkwerk Enterprise Communications GmbH
Note
If you change the baud rate (the preset value is 9600 baud), make sure the terminal
program used also uses this baud rate. If this is not the case, you will not be able to
establish a serial connection to the device.
74
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
8 Assistants
Chapter 8 Assistants
The Assistants menu offers step-by-step instructions for the following basic configuration
tasks:
⢠First steps
⢠Internet Access
⢠VPN
⢠Wireless LAN
⢠VoIP PBX in LAN
Choose the corresponding task from the navigation bar and follow the instructions and explanations on the separate pages of the Wizard.
bintec WLAN and Industrial WLAN
63
9 System Management
Funkwerk Enterprise Communications GmbH
Chapter 9 System Management
The System Management menu contains general system information and settings.
You see a system status overview. Global system parameters such as the system name,
date/time, passwords and licences are managed and the access and authentication methods are configured.
9.1 Status
If you log into the Funkwerk Configuration Interface , your device's status page is displayed, which shows the most important system information.
You see an overview of the following data:
⢠System status
⢠Your device's activities: Resource utilisation, active sessions and tunnels
⢠Status and basic configuration of LAN, WAN and WLAN interfaces
You can individually customise the update interval of the status page by entering the desired period in seconds for Automatic Refresh Interval and clicking on the Apply button.
Caution
Under Automatic Refresh Interval do not enter a value below seconds, otherwise
the refresh interval of the screen will be too short to make further changes!
The menu System Management->Status consists of the following fields:
Fields in the StatusSystem Information menu
Field
Value
Uptime
Displays the time past since the device was rebooted.
System Date
Displays the current system date and system time.
Serial Number
Displays the device serial number.
BOSS Version
Displays the currently loaded version of the system software.
Last configuration
stored
64
Displays day, date and time of the last saved configuration (boot
configuration in flash).
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Fields in the StatusResource Information menu
Field
Value
CPU Usage
Displays the CPU usage as a percentage.
Memory Usage
Displays the usage of the working memory in MByte in relation
to the available total working memory in MByte. The usage is
also displayed in brackets as a percentage.
Temperature
Devices of the bintec WI series are fitted with a temperature
sensor. This shows the current temperature and the maximum
and minimum temperatures reached.
Active Sessions (SIF,
RTP, etc... )
Displays the total of all SIF, TDRC, and IP load balancing sessions.
Active IPSec Tunnels
Displays the number of currently active IPSec tunnels in relation
to the number of configured IPSec tunnels.
Fields in the StatusPhysical Interfaces menu
Field
Value
Interface - Connection
Information - Link
The physical interfaces are listed here and their most important
settings are shown. The system also displays whether the interface is connected or active.
Interface specifics for Ethernet interfaces:
⢠IP address
⢠Netmask
Interface specifics for serial/ISDN interfaces:
⢠Configured
⢠Not configured
Interface specifics for xDSL interfaces:
⢠Downstream/Upstream Line Speed
Interface Specifics for WLAN Interfaces:
Access Point Mode:
⢠Operation Mode: Access Point or Off
⢠The channel used on this wireless module
⢠Number of connected clients
bintec WLAN and Industrial WLAN
65
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Value
⢠Number of WDS links
⢠Software version of the wireless card
Access Client Mode:
⢠Operation Mode: Access Client or Off
⢠The channel used on this wireless module
⢠Software version of the wireless card
Bridge mode:
⢠Operation Mode: Bridge or Off
⢠The channel used on this wireless module
⢠Number of configured bridge links
⢠Software version of the wireless card
Interface specifics for relay:
⢠Configured Mode
Fields in the StatusWAN Interfaces menu
Field
Value
Description - Connection Information - Link
The WAN interfaces are listed here, and their most important
settings are shown. The system also displays whether the interface is active.
9.2 Global Settings
Basic system parameters are managed in the Global Settings menu.
9.2.1 System
Your device's basic system data are entered in the System Management->Global Settings->System menu.
The menu System Management->Global Settings->System consists of the following
fields:
66
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Fields in the SystemBasic Parameters menu
Field
Value
System Name
Enter the system name of your device. This is also used as the
PPP host name.
A character string of up to 255 characters is possible.
The device type is entered as the default value.
Location
Enter the location of your device.
Contact
Enter the relevant contact person. Here you can enter the email address of the system administrator, for example.
A character string of up to 255 characters is possible.
The default value is ,2*7.
Maximum Number of
Syslog Entries
Enter the maximum number of syslog messages that are stored
internally in the device.
Possible values are to .
The default value is . You can display the stored messages in
Monitoring->Internal Log.
Maximum Message
Select the priority of system messages above which a log
Level of Syslog Entries should be created.
System messages are only recorded internally if they have a
higher or identical priority to that indicated, i.e. all messages
generated are recorded at syslog level 8 # $.
Possible values:
⢠* $ -: Only messages with emergency priority are recorded.
⢠) ": Messages with emergency and alert priority are recorded.
⢠("): Messages with emergency, alert and critical priority are recorded.
⢠*: Messages with emergency, alert, critical and error priority are recorded.
bintec WLAN and Industrial WLAN
67
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Value
⢠$: Messages with emergency, alert, critical, error and
warning priority are recorded.
⢠2" : Messages with emergency, alert, critical, error,
warning and notice priority are recorded.
⢠6 " (default value): Messages with emergency,
alert, critical, error, warning, notice and information priority are
recorded.
⢠8 # $: All messages are recorded.
Maximum Number of
Accounting Log
Entries
Enter the maximum number of accounting entries that are
stored internally in the device.
Possible values are to .
The default value is .
Manual WLAN ControlEnter the IP address of the WLAN controller.
ler IP Address
The value can only be modified if the WLAN controller function
is enabled.
9.2.2 Passwords
Setting the passwords is another basic system setting.
Note
All bintec devices are delivered with the same username and password. As long as
the password remains unchanged, they are not protected against unauthorised use.
Make sure you change the passwords to prevent unauthorised access to the device
If the password is not changed, under System Management->Status there appears
the warning: "System password not changed!"
The menu System Management->Global Settings->Passwords consists of the following
fields:
Fields in the PasswordsSystem Password menu
68
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Value
System Admin Password
Enter the password for the user name *.
Confirm Admin Password
Confirm the password by entering it again.
This password is also used with SNMPv3 for authentication
(MD5) and encryption (DES).
Fields in the PasswordsSNMP Communities menu
Field
Value
SNMP Read Community
Enter the password for the user name .
SNMP Write Community
Enter the password for the user name 2.
Field in the PasswordsGlobal Password Options menu
Field
Value
Show passwords and
keys in clear text
Define whether the passwords are to be displayed in clear text
(plain text).
The function is enabled with 0
The function is disabled by default.
If you activate the function, all passwords and keys in all menus
are displayed and can be edited in plain text.
The WLAN and IPSec keys are one exception here. They can
only be entered in plain text. If you press OK or call the menu
again, they are displayed as asterisks.
9.2.3 Date and Time
You need the system time for tasks such as correct timestamps for system messages, accounting or IPSec certificates.
You have the following options for determining the system time (local time):
Manual
The system time can be set manually on the device.
bintec WLAN and Industrial WLAN
69
9 System Management
Funkwerk Enterprise Communications GmbH
If the correct location of the device (country/city) is set for the Time Zone, switching from
summer time to winter time (and back) is automatic. The switch occurs independently of an
NTP server. Summer time starts on the last Sunday in March by switching from 2 a.m. to 3
a.m. The calendar-related or schedule-related switches that are scheduled for the missing
hour are then carried out. Winter time starts on the last Sunday in October by switching
from 3 a.m. to 2 a.m. The calendar-related or schedule-related switches that are scheduled
for the additional hour are then carried out.
If a value other than Universal Time Coordinated (UTC), option ,4(9:, has been chosen
for the Time Zone, the switch from summer to winter time must be carried out manually
when required.
Time server
You can obtain the system time automatically, e.g. using various time servers. To ensure
that the device uses the desired current time, you should configure one or more time servers. Switching from summer time to winter time (and back) must be carried out manually if
the time is derived using this method by changing the value in the Time Zone field with an
option UTC+ or UTC-.
Note
If a method for automatically deriving the time is defined on the device, the values obtained in this way automatically have higher priority. A manually entered system time is
therefore overwritten.
The System Management->Global Settings->Date and Timemenu consists of the following fields:
Fields in the Date and TimeBasic Settings menu
Field
Description
Time Zone
Select the time zone in which your device is installed.
You can select Universal Time Coordinated (UTC) plus or
minus the deviation in hours or a predefined location, e.g.
* ! 5+ ).
Current Local Time
The current date and current system time are shown here. The
entry cannot be changed.
Fields in the Date and TimeManual Time Settings menu
70
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
Set Date
Enter a new date.
Format:
⢠Day: dd
⢠Month: mm
⢠Year: yyyy
Set Time
Enter a new time.
Format:
⢠Hour: hh
⢠Minute: mm
Fields in the Date and TimeAutomatic Time Settings (Time Protocol) menu
Field
Description
First Timeserver
Enter the primary time server, by using either a domain name or
an IP address.
In addition, select the protocol for the time server request.
Possible values:
⢠24 (default value): This server uses the simple network
time protocol with UDP port 123.
⢠4 / 5 ,8 : This server uses the time service
with UDP port 37.
⢠4 / 5 4( : This server uses the time service
with TCP port 37.
⢠2 : This time server is not currently used for the time request.
Second Timeserver
Enter the secondary time server, using either a domain name or
an IP address.
In addition, select the protocol for the time server request.
Possible values:
⢠24 (default value): This server uses the simple network
time protocol with UDP port 123.
bintec WLAN and Industrial WLAN
71
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
⢠4 / 5 ,8 : This server uses the time service
with UDP port 37.
⢠4 / 5 4( : This server uses the time service
with TCP port 37.
⢠2 : This time server is not currently used for the time request.
Third Timeserver
Enter the tertiary time server, using either a domain name or an
IP address.
In addition, select the protocol for the time server request.
Possible values:
⢠24 (default value): This server uses the simple network
time protocol with UDP port 123.
⢠4 / 5 ,8 : This server uses the time service
with UDP port 37.
⢠4 / 5 4( : This server uses the time service
with TCP port 37.
⢠8 #) : This time server is not currently used for the time
request.
Time Update Interval
Enter the time interval in minutes at which the time is automatically updated.
The default value is &&.
Time Update Policy
Enter the time period after which the system attempts to contact
the time server again following a failed time update.
Possible values:
⢠2) (default value): The system attempts to contact the
time server after 1, 2, 4, 8, and 16 minutes.
⢠$$
/ : For ten minutes, the system attempts to contact the time server after 1, 2, 4, 8 seconds, then every 10
seconds.
⢠*)
: For an unlimited period, the system attempts to
contact the time server after 1, 2, 4, 8 seconds, then every 10
seconds.
72
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
If certificates are used to encrypt data traffic in a VPN, it is extremely important that the correct time is set on the device. To
ensure this is the case, for Time Update Policy, select the
value *)
Internal Time Server
Select whether the internal timeserver is to be used.
The function is activated by selecting *#) . Time requests
from a client will be answered with the current system time. This
is given as GMT, without offset.
The function is disabled by default. Time requests from a client
are not answered.
9.2.4 System Licences
This chapter describes how to activate the functions of the software licences you have purchased.
The following licence types exist:
⢠Licences already available in the device's ex works state
⢠Free extra licences
⢠Extra licences at additional cost
The data sheet for your device tells you which licences are available in the device's ex
works state and which can also be obtained free of charge or at additional cost. You can
access this data sheet at www.funkwerk-ec.com .
Entering licence data
You can obtain the licence data for extra licences via the online licensing pages in the support section at www.funkwerk-ec.com . Please follow the online licensing instructions.
(Please also note the information on the licence card for licences at additional cost.) You
will then receive an e-mail containing the following data:
⢠Licence Key and
⢠Licence Serial Number.
You enter this data in the System Management->Global Settings->System
Licences->New menu.
In the System Management->Global Settings->System Licences->New menu, a list of
bintec WLAN and Industrial WLAN
73
9 System Management
Funkwerk Enterprise Communications GmbH
all registered licences is displayed (Description, Licence Type, Licence Serial Number,
Status).
Possible values for Status
Licence
Meaning
OK
Subsystem is activated.
Not OK
Subsystem is not activated.
Not supported
You have entered a licence for a subsystem your device does
not support.
In addition, above the list is shown the System Licence ID required for online licensing.
Note
To restore the standard licences for a device, click the Default Licences button
(standard licences).
9.2.4.1
/New
Choose the
icon to edit existing entries. Choose the New button to add licences.
Activating extra licences
You activate extra licences by adding the received licence information in the System Management->Global Settings->System Licences->New menu.
The menu System Management->Global Settings->System Licences->New consists of
the following fields:
Fields in the System LicencesBasic Settings menu
Field
Value
Licence Serial Number Enter the licence serial number you received when you bought
the licence.
Licence Key
Enter the licence key you received by e-mail.
Note
If 2" ; is displayed as the status:
⢠Enter the licence data again.
74
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
⢠Check your hardware serial number.
If 2" !!" is displayed as the status, you have entered a license for a subsystem that your device does not support. This means you cannot use the functions of
this licence.
Deactivating a licence
Proceed as follows to deactivate a licence:
(1)
Go to System Management->Global Settings->System Licences->New.
(2)
Press the
(3)
Confirm with OK.
icon in the line containing the licence you want to delete.
The licence is deactivated. You can reactivate your additional licence at any time by entering the valid licence key and licence serial number.
9.3 Interface Mode / Bridge Groups
In this menu, you define the operation mode for your device's interfaces.
Routing versus bridging
Bridging connects networks of the same type. In contrast to routing, bridges operate at layer 2 of the OSI model (data link layer), are independent of higher-level protocols and transmit data packets using MAC addresses. Data transmission is transparent, which means the
information contained in the data packets is not interpreted.
With routing, different networks are connected at layer 3 (network layer) of the OSI model
and information is routed from one network to the other.
Conventions for port/interface names
If your device has a radio port, it receives the interface name WLAN. If there are several radio modules, the names of wireless ports in the user interface of your device are made up
of the following parts:
(a) WLAN
(b) Number of the physical port (1 or 2)
Example: .2
bintec WLAN and Industrial WLAN
75
9 System Management
Funkwerk Enterprise Communications GmbH
The name of the Ethernet port is made up of the following parts:
(a) ETH, where en stands for Ethernet
(b) Number of the port
Example: *4<
The names of the interfaces connected to an Ethernet port are made up of the following
parts:
(a) Abbreviation for interface type
(b) Number of the Ethernet port
(c) Number of the interface
Example: (first interface on the first Ethernet port)
The name of the bridge group is made up of the following parts:
(a) Abbreviation for interface type
(b) Number of the bridge group
Example: # (first bridge group)
The name of the wireless network is made up of the following parts:
(a) Abbreviation for interface type
(b) Number of the wireless module
(c) Number of the interface
Example: /
(first wireless network on the first wireless module)
The name of the WDS link or bridge link is made up of the following parts:
(a) Abbreviation for interface type
(b) Number of the wireless module on which the WDS link or bridge link is configured
(c) Number of the WDS link or bridge link
Example: (first WDS link or bridge link on the first wireless module)
The name of the client link is made up of the following parts:
(a) Abbreviation for interface type
(b) Number of the wireless module on which the client link is configured
(c) Number of the client link
Example: " (first client link on the first wireless module)
76
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
The names of the virtual interfaces connected to an Ethernet port are made up of the following parts:
(a) Abbreviation for interface type
(b) Number of the Ethernet port
(c) Number of the interface connected to the Ethernet port
(d) Number of the virtual interface
Example: (first virtual interface based on the first interface on the first Ethernet
port)
9.3.1 Interfaces
You define separately whether each interface is to operate in routing or bridging mode.
If you want to set bridging mode, you can either use existing bridge groups or create a new
bridge group.
The default setting for all existing interfaces is bridging mode. When selecting the 2
+$ 1 ! option for Mode / Bridge Group, a bridge group, i.e. #, # etc. is
automatically created and the interface operated in bridging mode.
The System Management->Interface Mode / Bridge Groups->Interfacesmenu consists
of the following fields:
Fields in the Interfaces menu
Field
Description
Interface Description
Displays the name of the interface.
Mode / Bridge Group
Select whether you want to run the interface in 7 "$ =
or whether you want to assign the interface to an existing ( #,
# etc.) or new bridge group ( 2
+$ 1 !). When
selecting 2
+$ 1 !, after you click the OK button, a
new bridge group is automatically created.
Configuration Interface Select the interface via which the configuration is to be carried
out.
Possible values:
⢠) " (default value): Ex works setting The right configuration interface must be selected from the other options.
⢠6$ : No interface is defined as configuration interface.
⢠>6"
bintec WLAN and Industrial WLAN
?: Select the interface to be used for con-
77
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
figuration. If this interface is in a bridge group, it is assigned
the group's IP address when it is taken out of the group.
9.3.1.1 Add or
Select the Add button to edit the mode of PPP interfaces. For WLAN clients in bridge mode
(so-called MAC Bridge) you can also edit additional settings via the
icon.
You can realise bridging for devices behind access clients with the MAC Bridge function. In
wildcard mode you cannot define how Unicast non-IP frames or non-ARP frames are processed. To use the MAC bridge function, you must carry out configuration steps in several
menus.
(1)
Select Funkwerk Configuration Interface menu Wireless LAN->WLAN->Radio
Settings and click the icon to modify an entry.
(2)
Select Operation Mode =
(3)
Select the System Management->Interface Mode / Bridge Groups->Interfaces
menu. The additional interface sta1-0 is displayed.
(4)
For interface sta1-0 select Mode / Bridge Group = # @>6
figuration Interface= and save the settings with OK.
(5)
Click the Save configuration button to save all of the configuration settings. You can
use the MAC Bridge.
() " and save the settings with OK.
?A and Con-
The System Management->Interface Mode / Bridge Groups->Interfaces->
menu
consists of the following fields:
Fields in the Layer-2.5 Options menu
Field
Value
Interface
Shows the interface that is being edited.
Wildcard Mode
Select the Wildcard mode you want to use on the interface.
Possible values:
⢠(default value): Wildcard mode is not used.
78
â˘
"": With this setting, you must enter the MAC address of
a device that is connected over IP under Wildcard MAC Address. Each packet without IP and without ARP is forwarded
to this device. This occurs even when the device is no longer
connected.
â˘
": If you choose this setting, the MAC address of the first
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Value
non-IP unicast frame or non-ARP unicast frame, which occurs
on any of the Ethernet interfaces, is used as the wildcard
MAC address. This wildcard MAC address can only be reset
by rebooting the device or by selecting another wildcard
mode.
⢠) ": If you choose this setting, the internal WLAN MAC address is used to establish a connection to the access point. As
soon as a non-IP unicast frame or non-ARP unicast frame appears, it is forwarded to the MAC address from which the last
non-IP unicast frame or non-ARP unicast frame was received
on the Ethernet interface of the device. This wildcard MAC address is renewed with each non-IP unicast frame or non-ARP
unicast frame.
Wildcard MAC Address Only for Wildcard Mode = ""
Enter the MAC address of a device that is connected over IP.
Transparent MAC Address
Only for Wildcard Mode = "", "
Choose whether or not the Wildcard MAC Address are used in
addition as WLAN MAC address to establish the connection to
the access point.
The function is enabled with *#) .
The function is disabled by default.
The System Management->Interface Mode / Bridge Groups->Interfaces->Add menu
consists of the following fields:
Fields in the InterfacesAdd menu
Field
Description
Interface
Select the interface whose status should be changed.
9.4 Administrative Access
In this menu, you can configure the administrative access to the device.
bintec WLAN and Industrial WLAN
79
9 System Management
Funkwerk Enterprise Communications GmbH
9.4.1 Access
In the Administrative Access->Access menu, a list of all IP-configurable interfaces is displayed.
For every Ethernet interface, the access parameters 4 ) ", <, <44, <44, $
and 2= can be selected .
9.4.1.1 Add
Press the Add button to configure administrative access for additional interfaces.
The System Management+Administrative Access->Access->Addmenu consists of the
following fields:
Fields in the Access menu
Field
Description
Interface
Select the interface for which administrative access is to be configured.
9.4.2 SSH
Your devices offers encrypted access to the shell. You can enable or disable this access in
the System Management->Administrative Access->SSH menu (Enabled, standard
value) and have access to the options for configuration of the SSH login.
You need an SSH client application, e.g. PuTTY, to be able to reach the SSH Daemon.
If you wish to use SSH Login together with the PuTTY client, you may need to comply with
some special configuration requirements, for which we have prepared FAQs. You will find
these in the Service/Support section at www.funkwerk-ec.com .
To be able to reach the shell of your device via an SSH client, make sure the settings for
the SSH Daemon and SSH client are the same.
Note
If configuration of an SSH connection is not possible, restart the device to initialise the
SSH Daemon correctly.
The System Management->Administrative Access->SSHmenu consists of the following
80
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
fields:
Fields in the SSHSSH (Secure Shell) Parameters menu
Field
Value
SSH service active
Select whether the SSH Daemon is to be enabled for the interface.
The function is activated by selecting *#) .
The function is enabled by default.
Enabled
Select whether data compression should be used.
The function is activated by selecting *#) .
The function is disabled by default.
TCP Keepalives
Select whether the device is to send keepalive packets.
The function is activated by selecting *#) .
The function is enabled by default.
Logging Level
Select the syslog level for the syslog messages generated by
the SSH Daemon.
Possible settings:
⢠6 " (default value): Fatal and simple errors of the
SSH Daemon and information messages are recorded.
⢠"): Only fatal errors of the SSH Daemon are recorded.
⢠*: Fatal and simple errors of the SSH Daemon are recorded.
⢠8 # $: All messages are recorded.
Fields in the SSHAuthentication and Encryption Parameters menu
Field
Value
Encryption Algorithms Select the algorithms that are to be used to encrypt the SSH
connection.
Possible options:
⢠'8*
⢠+)
bintec WLAN and Industrial WLAN
0
81
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Value
⢠*
⢠*
By default '8*, +)
Hashing Algorithms
0 and * are enabled.
Select the algorithms that are to be available for message authentication of the SSH connection.
Possible options:
⢠=8
⢠<
⢠7! =8
By default =8, < and 7! =8 are enabled.
Fields in the SSHKey Status menu
Field
Value
RSA Key Status
Shows the status of the RSA key.
If an RSA key has not been generated yet, 2" $ " is
displayed in red and a link 1 " displayed. If you select
the link, the generation process is triggered and the view is updated. The status 1 "$ is now displayed in green.
When generation is completed successfully, the status changes
from 1 "$ to 1 " . If an error has occurred during generation, 2" $ " is displayed again with link
1 " . You can then repeat generation.
If the status , is displayed, generation of a key is not
possible, for example because there is not enough space in the
FlashROM.
DSA Key Status
Shows the status of the DSA key.
If an DSA key has not been generated yet, 2" $ " is
displayed in red, along with a link 1 " . If you select the
link, the generation process is triggered and the view is updated. The status 1 "$ is now displayed in green.
When generation is completed successfully, the status changes
from 1 "$ to 1 " . If an error has occurred during generation, 2" $ " is displayed again with link
82
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Value
1 " . You can then repeat generation.
If the status , is displayed, generation of a key is not
possible, for example because there is not enough space in the
FlashROM.
9.4.3 SNMP
SNMP (Simple Network Management Protocol) is a network protocol used to monitor and
control network elements (e.g. routers, servers, switches, printers, computers etc.) from a
central station. SNMP controls communication between the monitored devices and monitoring station. The protocol describes the structure of the data packets that can be transmitted, as well as the communication process.
The data objects queried via SNMP are structured in tables and variables and defined in
the MIB (Management Information Base). This contains all the configuration and status
variables of the device.
SNMP can be used to perform the following network management tasks:
⢠Surveillance of network components
⢠Remote controlling and configuration of network components
⢠Error detection and notification
You use this menu to configure the use of SNMP.
The menu System Management->Administrative Access->SNMP consists of the following fields:
Fields in the SNMPBasic Settings menu
Field
Value
SNMP Version
Select the SNMP version your device is to use to listen for external SNMP accesses.
Possible values:
⢠/: SNMP Version 1
⢠/: Community-Based SNMP Version 2
⢠/': SNMP Version 3
By default /, / and /' are enabled.
bintec WLAN and Industrial WLAN
83
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Value
If no option is selected, the function is deactivated.
SNMP Listen UDP Port Shows the UDP port ( ) at which the device receives SNMP
requests.
The value cannot be changed.
Tip
If your SNMP Manager supports SNMPv3, you should, if possible, use this version as
older versions transfer all data unencrypted.
9.5 Remote Authentication
This menu contains the settings for user authentication.
9.5.1 RADIUS
RADIUS (Remote Authentication Dial In User Service) is a service that enables authentication and configuration information to be exchanged between your device and a RADIUS
server. The RADIUS server administrates a database with information about user authentication and configuration and for statistical recording of connection data.
RADIUS can be used for:
⢠Authentication
⢠Accounting
⢠Exchange of configuration data
For an incoming connection, your device sends a request with user name and password to
the RADIUS server, which then searches its database. If the user is found and can be authenticated, the RADIUS server sends corresponding confirmation to your device. This confirmation also contains parameters (called RADIUS attributes), which your device uses as
WAN connection parameters.
If the RADIUS server is used for accounting, your device sends an accounting message at
the start of the connection and a message at the end of the connection. These start and
end messages also contain statistical information about the connection (IP address, user
name, throughput, costs).
84
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
RADIUS packets
The following types of packets are sent between the RADIUS server and your device
(client):
Packet types
Field
Value
ACCESS_REQUEST
Client -> Server
If an access request is received by your device, a request is
sent to the RADIUS server if no corresponding connection partner has been found on your device.
ACCESS_ACCEPT
Server -> Client
If the RADIUS server has authenticated the information contained in the ACCESS_REQUEST, it sends an ACCESS_ACCEPT to your device together with the parameters
used for setting up the connection.
ACCESS_REJECT
Server -> Client
If the information contained in the ACCESS_REQUEST does
not correspond to the information in the user database of the
RADIUS server, it sends an ACCESS_REJECT to reject the
connection.
ACCOUNTING_START
Client -> Server
If a RADIUS server is used for accounting, your device sends
an accounting message to the RADIUS server at the start of
each connection.
ACCOUNTING_STOP
Client -> Server
If a RADIUS server is used for accounting, your device sends
an accounting message to the RADIUS server at the end of
each connection.
A list of all entered RADIUS servers is displayed in the System Management->Remote
Authentication->RADIUS menu.
bintec WLAN and Industrial WLAN
85
9 System Management
Funkwerk Enterprise Communications GmbH
9.5.1.1
/New
Choose the
icon to edit existing entries. Choose the New button to add RADIUS serv-
ers.
The System Management->Remote Authentication->RADIUS->Newmenu consists of
the following fields:
Fields in the RADIUSBasic Parameters menu
Field
Value
Authentication Type
Select what the RADIUS server is to be used for.
Possible values:
⢠"0 ""(standard value, for PPP connections
only): The RADIUS server is used for controlling access to a
network.
⢠"$(for PPP connections only): The RADIUS server
is used for recording statistical call data.
⢠.$ "0 "": The RADIUS server is used for
controlling access to the SNMP shell of your device.
⢠6 "0 "": The RADIUS server is used for
sending configuration data for IPSec peers to your device.
⢠.2 @:A: The RADIUS server is used for controlling
access to a wireless network.
⢠B,4<: The RADIUS server is used for authenticating IPSec
peers via XAuth.
Vendor Mode
Only for Authentication Type = "$.
In hotspot applications, select the mode define by the provider.
In standard applications, leave the value set to 8
)".
Possible values for hotspot applications:
â˘
4 ) : For France Telecom hotspot applications.
⢠#" <"!" / : For bintec hotspot applications.
86
Server IP Address
Enter the IP address of the RADIUS server.
RADIUS Secret
Enter the shared password used for communication between
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Value
the RADIUS server and your device.
Default User Password Some Radius servers require a user password for each RADIUS request. Enter the password that your device sends as the
default user password in the prompt for the dialout routes on the
RADIUS server.
Priority
If a number of RADIUS server entries were created, the server
with the highest priority is used first. If this server does not answer, the server with the next-highest priority is used.
Possible values from (highest priority) to C (lowest priority).
The default value is .
See also Policy in the Advanced Settings.
Entry active
Select whether the RADIUS server configured in this entry is to
be used.
The function is activated by selecting *#) .
The function is enabled by default.
Group Description
Define a new RADIUS group description or assign the new RADIUS entry to a predefined group. The configured RADIUS
servers for a group are queried according to Priority and the
Policy.
Possible values:
⢠2 (default value): Enter a new group description in the text
field.
⢠8 )" 1 ! : Select this entry for special applications,
such as Hotspot Server configuration.
⢠>1 ! 2 ?: Select a predefined group from the list.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Value
Policy
Select how your device is to react if a negative response to a request is received.
bintec WLAN and Industrial WLAN
87
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Value
Possible values:
⢠"0""/ (default value): A negative response to a
request is accepted.
⢠2 "0""/ : A negative response to a request is
not accepted. A request is sent to the next RADIUS server until your device receives a response from a server configured
as authoritative.
UDP Port
Enter the UDP port to be used for RADIUS data.
RFC 2138 defines the default ports 1812 for authentication
(1645 in older RFCs) and 1813 for accounting (4,180.84 cm
older RFCs). You can obtain the port to be used from the documentation for your RADIUS server.
The default value is .
Server Timeout
Enter the maximum wait time between ACCESS_REQUEST
and response in milliseconds.
After timeout, the request is repeated according to Retries or
the next configured RADIUS server is requested.
Possible values are whole numbers between and .
The default value is (1 second).
Alive Check
Here you can activate a check for accessibility of a RADIUS
server in Status 8 .
An Alive Check is carried out regularly (every 20 seconds) by
sending an ACCESS_REQUEST to the IP address of the RADIUS server. If the server is accessible, Status is reset to )/
. If the RADIUS server is only reachable over a switched line
(dialup connection), this can cause additional costs if the server
is for a long time.
The function is activated by selecting *#) .
The function is enabled by default.
Retries
88
Enter the number of retries for cases when there is no response
to a request. If an response has still not been received after
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Value
these attempts, the Status is set to . In Alive Check =
*#) your device attempts to reach the server every 20
seconds. If the server responds, Status is set back to )/
Possible values are whole numbers between and .
The default value is . To prevent Status being set to , set
this value to .
RADIUS Dialout
Only for Authentication Type = "0 "" and 6
"0 "".
Select whether your device receives requests from RADIUS
server dialout routes. This enables temporary interfaces to be
configured automatically and your device can initiate outgoing
connections that are not configured permanently.
The function is activated by selecting *#) .
The function is disabled by default.
If the function is active, you can enter the following option:
⢠7 ) 6" /): Enter the time period in seconds
between update intervals.
The default entry here is i.e. an automatic reload is not carried out.
9.5.2 TACACS+
TACACS+ permits access control for your device, network access servers (NAS) and other
network components via one or more central servers.
Like RADIUS, TACACS+ is an AAA protocol and offers authentication, authorisation and
accounting services (TACACS+ Accounting is currently not supported by bintec devices).
The following TACACS+ functions are available on your device:
⢠Authentication for login shell
⢠Command authorisation on the shell (e.g. telnet, setup. show)
TACACS+ uses TCP port 49 and establishes a secure and encrypted connection.
A list of all entered TACACS+ servers is displayed in the System Management->Remote
bintec WLAN and Industrial WLAN
89
9 System Management
Funkwerk Enterprise Communications GmbH
Authentication->TACACS+ menu.
9.5.2.1
/New
Choose the
icon to edit existing entries. Choose the New button to add TACACS+ serv-
ers.
The System Management->Remote Authentication->TACACS+ ->Newmenu consists of
the following fields:
Fields in the TACACS+Basic Parameters menu
Field
Description
Authentication Type
Displays which TACACS+ function is to be used. The value
cannot be changed.
Possible values:
⢠.$ "0 "": Here, you can define whether the
current TACACS+ server is to be used for login authentication
to your device.
Server IP Address
Enter the IP address of the TACACS+ server that is to be requested for login authentication.
TACACS+ Secret
Enter the password to be used to authenticate and, if applicable, encrypt data exchange between the TACACS+ server and
the network access server (your device). The maximum length
of the entry is 32 characters.
Priority
Assign a priority to the current TACACS+ server. The server
with the lowest value is the one used first for TACACS+ login
authentication. If there is no response or access is denied (only
if Policy = 2 "0""/ ), the entry with the nextlowest priority is used.
The available values are to , the default value is .
Entry active
Select whether this server is to be used for login authentication.
The function is activated by selecting *#) .
The function is enabled by default.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
90
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
Policy
Select the interpretation of the TACACS+ response.
Possible values:
⢠2 "0""/ (default value): The TACACS+ servers are queried in order of their priority (see Priority) until a
positive response is received or a negative response is received from an authoritative server.
⢠"0""/ : A negative response to a request is accepted, i.e. a request is not sent to another TACACS+ server.
The device's internal user administration is not turned off by
TACACS+. It is checked after all TACACS+ servers have been
queried.
TCP Port
Shows the default TCP port ( &) used for the TACACS+ protocol. The value cannot be changed.
Timeout
Enter time in seconds for which the NAS is to wait for a response from TACACS+.
If a response is not received during the wait time, the next configured TACACS+ server is queried (only if Policy = 2
"0""/ ) and the current server is set to status
+) .
The possible values are to , the default value is '.
Block Time
Enter the time in seconds for which the current server is to remain in blocked status.
At the end of the block time, the server is set to the status specified in the Entry active field.
The possible values are to ', the default value is . The
value means that the server is never set to +) status
and thus no other servers are queried.
Encryption
Select whether data exchange between the TACACS+ server
and the NAS is to be encrypted with MD5.
The function is activated by selecting *#) .
The function is enabled by default.
bintec WLAN and Industrial WLAN
91
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
If the function is not enabled, the packets and all related information are transferred unencrypted. Unencrypted transfer is not
recommended as a default setting and should only be used for
debugging.
9.5.3 Options
This setting possible here causes your device to carry out authentication negotiation for incoming calls, if it cannot identify the calling party number (e.g. because the remote terminal
does not signal the calling party number). If the data (password, partner PPP ID) obtained
by executing the authentication protocol is the same as the data of a listed remote terminal
or RADIUS user, your device accepts the incoming call.
The menu System Management->Remote Authentication->Options consists of the following fields:
Fields in the OptionsGlobal RADIUS Options menu
Field
Description
Authentication for PPP By default, the following authentication sequence is used for inDialin
coming calls with RADIUS: First CLID, then PPP and then PPP
with RADIUS.
Options:
⢠6#: Only inband RADIUS requests (PAP,CHAP, MSCHAP V1 & V2) (i.e. PPP requests without CLID) are sent to
the RADIUS server defined in Server IP Address.
⢠; "# @(.68A : Only outband RADIUS requests (i.e. requests for calling line identification = CLID) are sent to the
RADIUS server.
6# is activated by default.
9.6 Certificates
An asymmetric cryptosystem is used to encrypt data to be transported in a network, to generate or check digital signatures and the authenticate users. A key pair consisting of a public key and a private key is used to encrypt and decrypt the data.
For encryption the sender requires the public key of the recipient. The recipient decrypts
92
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
9 System Management
the data using his private key. To ensure that the public key is the real key of the recipient
and is not a forgery, a so-called digital certificate is required.
This confirms the authenticity and the owner of a public key. It is similar to an official passport in that it confirms that the holder of the passport has certain characteristics, such as
gender and age, and that the signature on the passport is authentic. As there is more than
one certificate issuer, e.g. the passport office for a passport, and as such certificates can
be issued by several different issuers and in varying qualities, the trustworthiness of the issuer is extremely important. The quality of a certificate is regulated by the German Signature Act or respective EU Directives.
Certification authorities that issue so-called qualified certificates are organised in a hierarchy with the Federal Network Agency as the higher certifying authority. The structure and
content of a certificate are stipulated by the standard used. X.509 is the most important and
the most commonly use standard for digital certificates. Qualified certificates are personal
and extremely trustworthy.
Digital certificates are part of a so-called Public Key Infrastructure (PKI). PKI refers to a
system that can issue, distribute and check digital certificates.
Certificates are issued for a specific period, usually one year, i.e. they have a limited validity period.
Your device is designed to use certificates for VPN connections and for voice connections
over Voice over IP.
9.6.1 Certificate List
A list of all existing certificates is displayed in the System
Management->Certificates->Certificate List menu.
9.6.1.1
Click the
icon to display the content of the selected object (key, certificate, or request).
The certificates and keys themselves cannot be changed, but a few external attributes can
be changed, depending on the type of the selected entry.
The System Management->Certificates->Certificate List->
menu consists of the fol-
lowing fields:
Fields in the menu
bintec WLAN and Industrial WLAN
93
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
Description
Shows the name of the certificate, key, or request.
Certificate is CA Certificate
Mark the certificate as a certificate from a trustworthy certification authority (CA).
Certificates issued by this CA are accepted during authentication.
The function is enabled with 4
The function is disabled by default.
Certificate Revocation
List (CRL) Checking
Only for Certificate is CA Certificate = 4
Define the extent to which certificate revocation lists (CRLs) are
to be included in the validation of certificates issued by the owner of this certificate.
Possible settings:
⢠8 #) : No CRLs check.
⢠) - : CRLs are always checked.
⢠;)- (7. 8 "# " " !
"
(default value): A check is only carried out if a CRL Distribution Point entry is included in the certificate. This can be determined under "View Details" in the certificate content.
⢠,
""$
! " " : The settings of the higher level certificate are used, if one exists. It is
does not, the same procedure is used as that described under
"Only if a CRL Distribution Point is present".
Force certificate to be
trusted
Define that this certificate is to be accepted as the user certificate without further checks during authentication.
The function is enabled with 4
The function is disabled by default.
94
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Caution
It is extremely important for VPN security that the integrity of all certificates manually
marked as trustworthy (certification authority and user certificates) is ensured. The displayed "fingerprints" can be used to check this integrity: Compare the displayed values
with the fingerprints specified by the issuer of the certificate (e.g. on the Internet). It is
sufficient to check one of the two values.
9.6.1.2 Certificate Request
Registration authority certificates in SCEP
If SCEP (Simple Certificate Enrollment Protocol) is used, your device also supports separate registration authority certificates.
Registration authority certificates are used by some Certificate Authorities (CAs) to handle
certain tasks (signature and encryption) during SCEP communication with separate keys,
and to delegate the operation to separate registration authorities, if applicable.
When a certificate is downloaded automatically, i.e. if CA Certificate = 8 )
is selected, all the certificates needed for the operation are loaded automatically.
If all the necessary certificates are already available in the system, these can also be selected manually.
Select the Certificate Request button to request or import more certificates.
The menu System Management->Certificates->Certificate List->Certificate Request
consists of the following fields:
Fields in the Certificate ListCertificate Request menu
Field
Description
Certificate Request De- Enter a unique description for the certificate.
scription
Mode
Select the way in which you want to request the certificate.
Possible settings:
⢠= ) (default value): Your device generates a PKCS#10
for the key. This file can then be uploaded directly in the
browser or copied in the
menu using the View details
field. This file must be provided to the CA and the received
bintec WLAN and Industrial WLAN
95
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
certificate must then be imported manually to your device.
⢠(* : The key is requested from a CA using the Simple Certificate Enrolment Protocol.
Generate Private Key
Only for Mode = = )
Select an algorithm for key creation.
7 (standard value) and 8 are available.
Also select the length of the key to be created.
Possible values: , C, &, ', &, &.
Please note that a key with a length of 512 bits could be rated
as unsecure, whereas a key of 4096 bits not only needs a lot of
time to create, but also occupies a major share of the resources
during IPSec processing. A value of 768 or more is, however,
recommended and the default value is 1024 bits.
SCEP URL
Only for Mode = (*
Enter the URL of the SCEP server, e.g. http://scep.funkwerk.de:8080/scep/scep.dll
Your CA administrator can provide you with the necessary data.
CA Certificate
Only for Mode = (*
Select the CA certificate.
⢠8 ) : In CA Name, enter the name of the CA
certificate of the certification authority (CA) from which you
wish to request your certificate, e.g. . Your CA administrator can provide you with the necessary data.
If no CA certificates are available, the device will first download the CA certificate of the relevant CA. It then continues
with the enrolment process, provided no more important parameters are missing. In this case, it returns to the Generate
Certificate Request menu.
If the CA certificate does not contain a CRL distribution point
(Certificate Revocation List, CRL), and a certificate server is
not configured on the device, the validity of certificates from
96
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
this CA is not checked.
⢠: If all the necessary certificates are already available in the system, you select these
manually.
RA Sign Certificate
Only for Mode = (*
Only for CA Certificate not = 8 ) .
Select a certificate for signing SCEP communication.
The default value is ,
CA certificate is used.
RA Encrypt Certificate
( ( " "
, i.e. the
Only for Mode = (*
Only if RA Sign Certificate not = ,
.
( ( " "
If you use one of your own certificates to sign communication
with the RA, you can select another one here to encrypt communication.
The default value is ,
7 $ ( " "
the same certificate is used as for signing.
Password
, i.e.
Only for Mode = (*
You may need a password from the certification authority to obtain certificates for your keys. Enter the password you received
from the certification authority here.
Fields in the Certificate ListSubject Name menu
Field
Description
Custom
Select whether you want to enter the name components of the
subject name individually as specified by the CA or want to
enter a special subject name.
If *#) is selected, a subject name can be given in Summary with attributes not offered in the list. Example:
"CN=VPNServer, DC=mydomain, DC=com, c=DE".
If the field is not selected, enter the name components in Com-
bintec WLAN and Industrial WLAN
97
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
mon Name, E-mail, Organizational Unit, Organization, Locality, State/Province and Country.
The function is disabled by default.
Summary
Only for Custom = enabled.
Enter a subject name with attributes not offered in the list.
Example: "CN=VPNServer, DC=mydomain, DC=com, c=DE".
Common Name
Only for Custom = disabled.
Enter the name according to CA.
E-mail
Only for Custom = disabled.
Enter the e-mail address according to CA.
Organizational Unit
Only for Custom = disabled.
Enter the organisational unit according to CA.
Organization
Only for Custom = disabled.
Enter the organisation according to CA.
Locality
Only for Custom = disabled.
Enter the location according to CA.
State/Province
Only for Custom = disabled.
Enter the state/province according to CA.
Country
Only for Custom = disabled.
Enter the country according to CA.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced SettingsSubject Alternative Names menu
98
Field
Description
#1, #2, #3
For each entry, define the type of name and enter additional
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
subject names.
Possible values:
⢠2 (default value): No additional name is entered.
⢠6: An IP address is entered.
⢠82: A DNS name is entered.
⢠*): An e-mail address is entered.
⢠,76: A uniform resource identifier is entered.
⢠82: A distinguished name (DN) name is entered.
⢠768: A registered identity (RID) is entered.
Field in the Advanced SettingsOptions menu
Field
Description
Autosave Mode
Select whether your device automatically stores the various
steps of the enrolment internally. This is an advantage if enrolment cannot be concluded immediately. If the status has not
been saved, the incomplete registration cannot be completed.
As soon as the enrolment is completed and the certificate has
been downloaded from the CA server, it is automatically saved
in the device configuration.
The function is enabled with *#) .
The function is enabled by default.
9.6.1.3 Import
Choose the Import button to import certificates.
The menu System Management->Certificates->Certificate List->Import consists of the
following fields:
Fields in the Certificate ListImport menu
Field
Description
External Filename
Enter the file path and name of the certificate to be imported, or
use Browse... to select it from the file browser.
Local Certificate De-
Enter a unique description for the certificate.
bintec WLAN and Industrial WLAN
99
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
scription
File Encoding
Select the type of coding so that your device can decode the
certificate.
Possible values:
⢠" (default value): Activates automatic code recognition. If
downloading the certificate in auto mode fails, try with a certain type of encoding.
⢠+
&
⢠+Password
You may need a password to obtain certificates for your keys.
Enter the password here.
9.6.2 CRLs
In the System Management->Certificates->CRLs menu, a list of all CRLs (Certification
Revocation List) is displayed.
If a key is no longer to be used, e.g. because it has fallen into the wrong hands or has been
lost, the corresponding certificate is declared invalid. The certification authority revokes the
certificate and publishes it on a certificate blacklist, so-called CRL. Certificate users should
always check against these lists to ensure that the certificate used is currently valid. This
check can be automated via a browser.
The Simple Certificate Enrollment Protocol (SCEP) supports the issue and revocation of
certificates in networks.
9.6.2.1 Import
Choose the Import button to import CRLs.
The System Management->Certificates->CRLs->Importmenu consists of the following
fields:
Fields in the CRLsCRL Import menu
100
Field
Description
External Filename
Enter the file path and name of the CRL to be imported, or use
bintec WLAN and Industrial WLAN
9 System Management
Funkwerk Enterprise Communications GmbH
Field
Description
Browse... to select it from the file browser.
Local Certificate Description
File Encoding
Enter a unique description for the CRL.
Select the type of encoding, so that your device can decode the
CRL.
Possible values:
⢠" (default value): Activates automatic code recognition. If
downloading the CRL in auto mode fails, try with a certain
type of encoding.
⢠+
&
⢠+Password
Enter the password to be used for the import.
9.6.3 Certificate Servers
A list of all certificate servers is displayed in the System Management->Certificates->Certificate Servers menu.
A certification authority (certification service provider, Certificate Authority, CA) issues your
certificates to clients applying for a certificate via a certificate server. The certificate server
also issues the private key.
9.6.3.1 New
Choose the New button to set up a certificate server.
The System Management->Certificates->Certificate Servers->Newmenu consists of the
following fields:
Fields in the Certificate ServersBasic Parameters menu
Field
Description
Description
Enter a unique description for the certificate server.
LDAP URL Path
Enter the LDAP URL or the HTTP URL of the server.
bintec WLAN and Industrial WLAN
101
10 Physical Interfaces
Funkwerk Enterprise Communications GmbH
Chapter 10 Physical Interfaces
In this menu, you configure the physical interfaces that you have used when connecting
your gateway. The configuration interface only shows the interfaces that are available on
your device. In the System Management->Status menu, you can see a list of all physical
interfaces and information on whether the interfaces are connected or active and whether
they have already been configured.
10.1 Ethernet Ports
An Ethernet interface is a physical interface for connection to the local network or external
networks.
Note
In the ex works state, the Ethernet ports ETH1 and ETH2 are assigned to the standard
bridge group #, which is preconfigured as DHCP client and with the fallback IP Address and Netmask .
10.1.1 Port Configuration
Your device allows you to configure the two Ethernet interfaces separately.
The menu Physical Interfaces->Ethernet Ports->Port Configuration consists of the following fields:
Fields in the Port Configuration menu
Field
Description
Switch Port
Shows the respective port. The numbering corresponds to the
numbering of the Ethernet ports on the back of the device.
Interface
Displays the interface assigned to the Ethernet port here.
Configured Speed /
Mode
Select the mode in which the interface is to run.
Possible values:
⢠)) " $"" (default value)
⢠" #!
102
)-
bintec WLAN and Industrial WLAN
10 Physical Interfaces
Funkwerk Enterprise Communications GmbH
Field
Description
⢠" #!
)-
⢠" #!
5 )) 8 !) :
⢠" #!
5 <)
8 !) :
⢠" #!
5 )) 8 !) :
⢠" #!
5 <)
⢠: #!
8 !) :
5 )) 8 !) :
⢠: #!
5 )) 8 !) :
⢠: #!
5 <)
8 !) :
⢠: #!
5 )) 8 !) :
⢠: #!
5 <)
8 !) :
⢠2 : The interface is created but remains inactive.
Current Speed / Mode
Shows the actual mode and actual speed of the interface.
Possible values:
⢠#!
5 )) 8 !) :
⢠#!
5 <)
8 !) :
⢠#!
5 )) 8 !) :
⢠#!
5 <)
8 !) :
⢠8
10.2 Serial Port
The serial interface can be operated as a console or as a data interface. In data interface
mode, the data for the serial interface can be transmitted over an IP infrastructure (Serial
over IP).
10.2.1 Serial Port
In the Physical Interfaces->Serial Port->Serial Port menu, you can perform settings for
the serial interface.
The Physical Interfaces->Serial Port->Serial Portmenu consists of the following fields:
Fields in the Serial PortGeneral menu
bintec WLAN and Industrial WLAN
103
10 Physical Interfaces
Funkwerk Enterprise Communications GmbH
Field
Port Mode
Description
Select in which mode the serial interface is to be used.
Possible values:
⢠( $ " (default value): The serial interface is used
as a console.
⢠8" ": The serial interface is operated as a data interface, Serial over IP is used.
If the 8" " option is selected for Port Mode, an extra configuration section opens.
Fields in the Serial PortSerial Settings menu
Field
Baudrate
Description
Select which baud rate should be used. Make sure that the remote terminal is suitable for the selected baud rate. If this is not
the case, you will not be able to establish a serial connection to
the device.
Possible values:
⢠'
â˘
â˘
⢠&
⢠&
⢠(default value)
â˘
⢠C
â˘
Data Bits
Select how many data bits should be sent in sequence for traffic
data.
Possible values:
⢠(default value): Eight Data Bits are sent in sequence.
⢠C: Seven Data Bits are sent in sequence.
Parity
104
Select whether or not a parity bit should be used to identify
bintec WLAN and Industrial WLAN
10 Physical Interfaces
Funkwerk Enterprise Communications GmbH
Field
Description
transmission errors.
Possible values:
⢠2 (default value): No parity bit is used.
⢠*/ : An even number of "1" bits is used to identify transmission errors.
⢠;: An uneven number of "1" bits is used to identify transmission errors.
Stop Bits
Stop bits terminate the data transmission of a transmission unit.
Choose whether a stop bit should be used or whether two stop
bits should be used.
Possible values:
⢠(default value)
â˘
Handshake
Only for Port Mode = 8" "
Choose how the recipient can continue the data transmission so
that no data is lost, if no other data can be processed.
Possible values:
⢠2 (default value): The recipient is unable to continue the
data transmission.
⢠745(4: The hardware handshake used controls the data
flow over the RTS and CTS lines.
⢠B;25B;: If the software handshake is used, the recipient
sends special signs to the sender to control the data flow.
Fields in the Serial PortIP menu
Field
Mode
Description
Select the Mode in which the gateway should process IP data
packets.
Possible values:
⢠/ (default value): The gateway waits for incoming TCP
connections.
bintec WLAN and Industrial WLAN
105
10 Physical Interfaces
Funkwerk Enterprise Communications GmbH
Field
Description
⢠() ": The gateway actively sets up a TCP connection.
⢠,8: The gateway sends and receives UDP packets.
Local IP Address
Local Port
Remote IP
Port Number
Enter the IP address of the client logging in. IF Local IP Address = , any client can log in.
Enter the port for Local IP Address.
Enter the IP address of the server at which your gateway should
log in.
Enter the port for Remote IP.
Fields in the Serial PortTrigger menu
Field
Byte Count
Description
Enter the received characters in bytes, which are used as a trigger for data transmission.
The function is enabled with *#) .
The function is enabled by default.
Possible values: .. &. Default value: .
Timeout
Enter the time in ms since receiving the last character, which is
used as a trigger for data transmission.
The function is enabled with *#) .
The function is enabled by default.
Possible values: .. '. Default value: .
Inter-Byte Gap
Enter the time in ms since receiving the first character, which is
used as a trigger for data transmission.
The function is enabled with *#) .
The function is disabled by default.
Possible values: .. '. Default value: .
Fields in the Serial PortBuffer menu
106
bintec WLAN and Industrial WLAN
10 Physical Interfaces
Funkwerk Enterprise Communications GmbH
Field
Description
Clear Serial RX-Buffer
Click the Clear button to clear the receive buffer.
Clear Serial TX-Buffer
Click the Clear button to clear the send buffer.
10.3 Relay
Devices of the WI series are fitted with a relay. The relay is open when at rest (i.e. unexcited/fault). You can choose whether the relay is manually controlled or used as an alarm
relay, coupled with the red error LED. When manually controlled, the state of the relay is
set during booting when the configuration is loaded.
10.3.1 Relay Configuration
In this menu, you can configure the Port Mode mode.
The Physical Interfaces->Relay->Relay Configurationmenu consists of the following
fields:
Fields in the Relay ConfigurationBasic Parameters menu
Field
Port Mode
Description
Possible values:
⢠6 "/ (default value): The relay is manually set to always
open.
⢠"/ : The relay is manually set to always closed.
⢠) 7 )-: The relay is automatically coupled with the
red error LED.
bintec WLAN and Industrial WLAN
107
11 LAN
Funkwerk Enterprise Communications GmbH
Chapter 11 LAN
In this menu, you configure the addresses in your LAN and can structure your local network
using VLANs.
11.1 IP Configuration
In this menu, you can edit the IP configuration of the LAN and Ethernet interfaces of your
device.
11.1.1 Interfaces
The existing IP interfaces are listed in the LAN->IP Configuration->Interfaces menu. You
can edit the IP configuration of the interfaces or create virtual interfaces for special applications. Here is a list of all of the interfaces (logical Ethernet interfaces and others created in
the subsystems) configured in the System Management->Interface Mode / Bridge
Groups->Interfaces menu.
Use the
to edit the settings of an existing interface (bridge groups, Ethernet interfaces in
routing mode).
You can use the New button to create virtual interfaces. However, this is only needed in
special applications (e.g. BRRP).
Depending on the option selected, different fields and options are available. All the configuration options are listed below.
The default setting for all existing interfaces of your device is Bridging mode. In the ex
works state the bridge group br0 is pre-configured as a DHCP client with the fallback IP address and netmask .
Note
Please note:
If your device has obtained an IP address dynamically from a DHCP server operated
in your network for the basic configuration, the fallback IP address 192.168.0.252 is
deleted automatically and your device will no longer function over this address.
However, if you have set up a connection to the device over the fallback IP address
192.168.0.252 or have assigned an IP address with the Dime Manager in the basic
108
bintec WLAN and Industrial WLAN
11 LAN
Funkwerk Enterprise Communications GmbH
configuration, you will only be able to access your device over this IP address. The
device will no longer obtain an IP configuration dynamically over DHCP.
Example of subnets
If your device is connected to a LAN that consists of two subnets, you should enter a
second IP Address / Netmask.
The first subnet has two hosts with the IP addresses 192.168.42.1 and 192.168.42.2, for
example, and the second subnet has two hosts with the IP addresses 192.168.46.1 and
192.168.46.2. To be able to exchange data packets with the first subnet, your device uses
the IP address 192.168.42.3, for example, and 192.168.46.3 for the second subnet. The
netmasks for both subnets must also be indicated.
11.1.1.1
Choose the
or New
icon to edit existing entries. Choose the New button to create virtual inter-
faces.
The LAN->IP Configuration->Interfaces->
menu consists of the following fields:
Fields in the InterfacesBasic Parameters menu
Field
Description
Based on Ethernet Interface
This field is only displayed if you are editing a virtual routing interface.
Select the Ethernet interface for which the virtual interface is to
be configured.
Address Mode
Select how an IP address is assigned to the interface.
Possible values:
⢠"" (default value): The interface is assigned a static IP
address in IP Address / Netmask.
⢠8<(: An IP address is assigned to the interface dynamically
via DHCP.
IP Address / Netmask
Only for Address Mode = ""
With Add, add a new address entry, enter the IP Address and
the corresponding Netmask of the virtual interface.
bintec WLAN and Industrial WLAN
109
11 LAN
Funkwerk Enterprise Communications GmbH
Field
Description
Interface Mode
Only for physical interfaces in routing mode.
Select the configuration mode of the interface.
Possible values:
⢠,"$$ (default value): The interface is not assigned for a
specific purpose.
⢠4$$ @3.2A: This option only applies for routing interfaces.
You use this option to assign the interface to a VLAN. This is
done using the VLAN ID, which is displayed in this mode and
can be configured. The definition of a MAC address in MAC
Address is optional in this module.
MAC Address
Only with virtual interfaces and only for Interface Mode = ,
"$$
Enter the MAC address associated with the interface. For virtual
interfaces, you can use the MAC address of the physical interface under which the virtual interface was created, but this is not
necessary. You can also allocate a virtual MAC address. The
first 6 characters of the MAC are preset (but can be changed).
VLAN ID
Only for Interface Mode = 4$$ @3.2A
This option only applies for routing interfaces. Assign the interface to a VLAN by entering the VLAN ID of the relevant VLAN.
Possible values are (default value) to &&.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
DHCP MAC Address
Only for Address Mode = 8<( .
If Use built-in is activated (default setting), the hardware MAC
address of the Ethernet interface is used. In the case of physical
interfaces, the current MAC address is entered by default.
If you disable Use built-in, you enter an MAC address for the
virtual interface, e.g. % % %%# %' .
110
bintec WLAN and Industrial WLAN
11 LAN
Funkwerk Enterprise Communications GmbH
Field
Description
Some providers use hardware-independent MAC addresses to
allocate their clients IP addresses dynamically. If your provider
has assigned you a MAC address, enter this here.
DHCP Hostname
Only for Address Mode = 8<( .
Enter the host name requested by the provider. The maximum
length of the entry is 45 characters.
DHCP Broadcast Flag
Only for Address Mode = 8<( .
Choose whether or not the BROADCAST bit is set in the DHCP
requests for your device. Some DHCP servers that assign IP
addresses by UNICAST do not respond to DHCP requests with
the set BROADCAST bit. In this case, it is necessary to send
DHCP requests in which this bit is not set. In this case, disable
this option.
The function is activated by selecting *#) .
The function is enabled by default.
Proxy ARP
Select whether your device is to respond to ARP requests from
its own LAN on behalf of defined remote terminals.
The function is activated by selecting *#) .
The function is disabled by default.
TCP-MSS Clamping
Select whether your device is to apply MSS Clamping. To prevent IP packets fragmenting, the MSS (Maximum Segment
Size) is automatically decreased by the device to the value set
here.
The function is activated by selecting *#) .
The function is disabled by default. Once enabled, the default
value ' is entered in the input field.
bintec WLAN and Industrial WLAN
111
11 LAN
Funkwerk Enterprise Communications GmbH
11.2 VLAN
By implementing VLAN segmentation in accordance with 802.1Q, you can configure
VLANs on your device. The wireless ports of an access point, in particular, are able to remove the VLAN tag of a frame sent to the clients and to tag received frames with a predefined VLAN ID. This functionality makes an access point nothing less than a VLANaware switch with the enhancement of grouping clients into VLAN groups. In general,
VLAN segmenting can be configured with all interfaces.
VLAN for Bridging and VLAN for Routing
In the LAN->VLAN menu, VLANs (virtual LANs) are configured with interfaces that operate
in Bridging mode. Using the VLAN menu, you can make all the settings needed for this and
query their status.
Caution
For interfaces that operate in Routing mode, you only assign a VLAN ID to the interface. You define this via the parameters Interface Mode = 4$$ @3.2A and field
VLAN ID in menu LAN->IP Configuration->Interfaces->New.
11.2.1 VLANs
In this menu, you can display all the VLANs already configured, edit your settings
and
create new VLANs. By default, the =$ " VLAN is available, to which all interfaces
are assigned.
11.2.1.1
Choose the
or New
icon to edit existing entries. Choose the New button to configure other
VLANs.
The LAN->VLAN->VLANs->
/New menu consists of the following fields:
Fields in the VLANsConfigure VLAN menu
112
Field
Description
VLAN Identifier
Enter the number that identifies the VLAN. In the
menu, you
bintec WLAN and Industrial WLAN
11 LAN
Funkwerk Enterprise Communications GmbH
Field
Description
can no longer change this value.
Possible values are to &&.
VLAN Name
Enter a unique name for the VLAN. A character string of up to
32 characters is possible.
VLAN Members
Select the ports that are to belong to this VLAN. You can use
the Add button to add members.
For each entry, also select whether the frames to be transmitted
from this port are to be transmitted 4$$ (i.e. with VLAN information) or ,"$$ (i.e. without VLAN information).
11.2.2 Port Configuration
In this menu, you can define and view the rules for receiving frames at the VLAN ports.
The LAN->VLANs->Port Configurationmenu consists of the following fields:
Fields in the Port Configuration menu
Field
Description
Interface
Shows the port for which you define the PVID and processing
rules.
PVID
Assign the selected port the required PVID (Port VLAN Identifier).
If a packet without a VLAN tag reaches this port, it is assigned
this PVID.
Drop untagged frames If this option is enabled, untagged frames are discarded. If the
option is disabled, untagged frames are tagged with the PVID
defined in this menu.
Drop non-members
bintec WLAN and Industrial WLAN
If this option is enabled, all tagged frames that are tagged with a
VLAN ID to which the selected port does not belong are discarded.
113
11 LAN
Funkwerk Enterprise Communications GmbH
11.2.3 Administration
In this menu, you make general settings for a VLAN. The options must be configured separately for each bridge group.
The LAN->VLANs->Administrationmenu consists of the following fields:
Fields in the AdministrationAdministration menu
Field
Description
Enable VLAN
Enable or disable the specified bridge group for VLAN.
The function is enabled with *#) .
The function is not activated by default.
Management VID
114
Select the VLAN ID of the VLAN in which your device is to operate.
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
12 Wireless LAN
Chapter 12 Wireless LAN
In the case of wireless LAN or Wireless LAN (WLAN = Wireless Local Area Network), this
relates to the creation of a network using wireless technology.
Network functions
Like a wired network, a WLAN offers all the main network functions. Access to servers,
files, printers, and the e-mail system is just as reliable as company-wide Internet access.
Because the devices do not require any cables, the great advantage of WLAN is that there
are no building-related restrictions (i.e. the device location does not depend on the position
and number of connections).
Currently applicable standard: IEEE 802.11
In the case of 802.11-WLANs, all the functions of a wired network are possible. WLAN
transmits inside and outside buildings with a maximum of 100 mW.
IEEE 802.11g is currently the most widespread standard for wireless LANs and offers a
maximum data transmission rate of 54 mbps. This procedure operates in the radio frequency range of 2.4 GHz, which ensures that parts of the building are penetrated as effectively as possible with a low transmission power that poses no health risks.
A 802.11g-compatible standard is 802.11b, which operates in the 2.4 GHz range (2400
MHz - 2485 MHz) and offers a maximum data transmission rate of 11 mbps. 802.11b and
802.11g WLAN systems involve no charge or login.
In Europe, transmission power of not just 30 mW but 1000 mW can be used with 802.11h,
but only if TPC (TX Power Control, method for controlling transmission power in wireless
systems to reduce interferences) and DFS (Dynamic Frequency Selection) are used. The
purpose of TPC and DFS is to ensure that satellite connections and radar devices are not
interfered with.
The standard 802.11n (Draft 2.0) uses MIMO technology (Multiple Input Multiple Output) for
data transmission that allows data transfer via WLAN over longer distances or with higher
data rates. With bandwidth 20 MHz or 40 MHz a gross data rate of 150 Mbps or 300 Mbps
is achieved.
bintec WLAN and Industrial WLAN
115
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
12.1 WLAN
In the Wireless LAN->WLAN menu, you can configure all WLAN modules of your device.
Depending on the model, one or more WLAN modules, WLAN 1 and, where relevant,
WLAN 2 and WLAN 3 are available.
12.1.1 Radio Settings
In the Wireless LAN->WLAN->Radio Settings menu, an overview of all the configuration
options for the WLAN module is displayed.
12.1.1.1 Radio Settings->
In this menu, you change the settings for the wireless module.
Choose the
button to edit the configuration.
The menu Wireless LAN->WLAN->Radio Settings->
includes the following fields:
Fields in the Radio SettingsWireless Settings menu
Field
Operation Mode
Description
Define the mode in which the wireless module of your device is
to operate.
Possible values:
⢠;
(default value): The wireless module is not active.
â˘
": Your device is used as an access point in
your network.
â˘
() ": Your device serves as an Access Client in
your network.
⢠+$ : Your device is used as a wireless bridge in your network.
Client Mode
Only for Operation Mode =
() "
Possible values:
⢠6 " " (default value): In a network in infrastruc-
116
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
ture mode, all clients communicate with each other via access
points only. There is no direct communication between the individual clients.
⢠<: In ad-hoc mode, an access client can be used as
central interface between a number of terminals. In this way,
devices such as computers and printers can be wirelessly interconnected.
Select the Channelto be used.
Operation Band
Select the operation band and usage area of the wireless module.
For Operation Mode
" or +$
Possible values:
⢠& 13) ?: According to setting for Operation Band, Bandwidth, Number of Spatial Streams and Wireless Mode various fixed values in mbps are available.
Burst Mode
120
Activate this function to increase the transmission speed for
802.11g through frame bursting. As a result, several packets
are sent one after the other without a waiting period. This is particularly effective in 11b/g mixed operation.
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
The function is enabled with *#) .
The function is activated by default.
If problems occur with older WLAN hardware, this function
should be deactivated.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
Channel Plan
Only for Operation Mode =
".
" and Channel =
Select the desired channel plan.
The channel plan makes a preselection when a channel is selected. This ensures that no channels overlap, i.e. a distance of
four channels is maintained between the channels used. This is
useful if more access points are used with overlapping radio
cells.
Possible values:
⢠)): All channels can be dialled when a channel is selected.
⢠": Depending on the region, operation band, wireless
mode and bandwidth, the channels that have a distance of 4
channels are provided.
⢠,
Beacon Period
: Select the desired channels.
Only for Operation Mode =
" with Client Mode <.
" or
()
Enter the time in milliseconds between the sending of two
beacons.
This value is transmitted in Beacon and Probe Response
Frames.
Possible values are to '.
The default value is msec.
DTIM Period
bintec WLAN and Industrial WLAN
Only for Operation Mode =
" or
()
121
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
" with Client Mode <.
Enter the interval for the Delivery Traffic Indication Message
(DTIM).
The DTIM field is a data field in transmitted beacons that informs clients about the window to the next broadcast or multicast transmission. If clients operate in power save mode, they
come alive at the right time and receive the data.
Possible values are to .
The default value is .
RTS Threshold
Here, you select how the RTS/CTS mechanism is to be
switched on/off.
If you choose , , you can specify in the input field
the data packet length threshold in bytes (1..2346) as of which
the RTS/CTS mechanism is to be used. This makes sense if
several clients that are not in each other's wireless range are
run in one access point. The mechanism can also be switched
on/off independently of the data packet length by selecting the
value ) - or ) - (default value).
Short Guard Interval
Enable this function to reduce the guard interval (= time
between transmission of two data symbols) from 800ns to
400ns.
Short Retry Limit
Enter the maximum number of attempts to send a frame with
length less than or equal to the value defined in RTS
Threshold. After this many failed attempts, the packet is discarded.
Possible values are to .
The default value is C.
Long Retry Limit
Enter the maximum number of send attempts for a data packet
that is longer than the value defined in RTS Threshold After
this many failed attempts, the packet is discarded.
Possible values are to .
The default value is &.
122
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
Fragmentation
Threshold
Enter the maximum size as of which the data packets are to be
fragmented (i.e. split into smaller units). A low value is recommended for this field in areas with poor reception and in the
event of radio interference.
Possible values are to '&.
The default value is '& bytes.
If
() " is selected for Operation Mode with Client Mode 6 " " ,
the following parameters are additionally available under Advanced Settings:
Fields in the menu Advanced Settings for Access Client Mode.
Field
Description
Scan channels
Choose the channels which the WLAN client automatically
scans for available wireless networks.
Possible values:
⢠)) (default value): All channels are scanned.
⢠": The channel is automatically selected.
⢠,
defined.
Roaming Profile
: The desired channels can therefore be
Select the roaming profile. The options available include typical
roaming functions.
Possible values:
⢠" 7$: The WLAN client searches for available
wireless networks as soon as the radio signal of the existing
radio connection becomes unsuitable for higher data rates.
⢠2) 7$ (default value): Standard roaming.
⢠) 7$: The WLAN client searches for available
wireless networks as soon as the radio signal of the existing
radio connection becomes weaker.
⢠2 7$: The WLAN client searches for available wireless networks if it is no longer connected to a wireless network.
⢠( " 7$: Specify the individual roaming parameters.
bintec WLAN and Industrial WLAN
123
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Scan Threshold
Description
Indicates the value in dBm above which the system scans for
available wireless networks in the background.
The value can only be modified for Roaming Profile = (
7$. The default value is C +.
Scan Interval
Indicates the interval in milliseconds after which the system
scans for available wireless networks.
The value can only be modified for Roaming Profile = (
7$. The default value is .
Channel Sweep
"
"
Indicates how many frequencies are scanned in the background.
The value can only be modified for Roaming Profile = ( "
7$. The default value is . The value disables the scan
in the background. The value enables the scan of all available frequencies.
Min. Period Active
Scan
Indicates the minimum time in milliseconds a frequency is actively scanned.
The value can only be modified for Roaming Profile = (
7$. The default value is .
Max. Period Active
Scan
Indicates the maximum time in milliseconds a frequency is actively scanned.
The value can only be modified for Roaming Profile = (
7$. The default value is & .
Min. Period Passive
Scan
"
Indicates the maximum time in milliseconds a frequency is actively scanned.
The value can only be modified for Roaming Profile = (
7$. The default value is .
RTS Threshold
"
Indicates the minimum time in milliseconds a frequency is passively scanned.
The value can only be modified for Roaming Profile = (
7$. The default value is .
Max. Period Passive
Scan
"
"
Select how the RTS/CTS mechanism is to be switched on/off.
If you choose ( ", in the input field you can specify the
data packet length threshold in bytes (1..2346) as of which the
124
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
RTS/CTS mechanism is to be used. This makes sense if several clients that are not in each other's wireless range are run in
one access point. The mechanism can also be switched on/off
independently of the data packet length by selecting the value
) - or ) - (default value).
Short Guard Interval
Enable this function to reduce the guard interval (= time
between transmission of two data symbols) from 800ns to
400ns.
Short Retry Limit
Enter the maximum number of attempts to send a frame with
length less than or equal to the value defined in RTS
Threshold. After this many failed attempts, the packet is discarded.
Possible values are to .
The default value is C.
Long Retry Limit
Enter the maximum number of send attempts for a data packet
that is longer than the value defined in RTS Threshold After
this many failed attempts, the packet is discarded.
Possible values are to .
The default value is &.
Fragmentation
Threshold
Enter the maximum size as of which the data packets are to be
fragmented (i.e. split into smaller units). Low values are recommended for this field in areas with poor reception and in the
event of radio interference.
Possible values are to '&.
The default value is '& bytes.
bintec WLAN and Industrial WLAN
125
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
12.1.2 Virtual Service Sets
If you're operating your device in Access Point mode ( Wireless LAN->WLAN->Radio Settings-> ->Operation Mode =
"), you can edit or create the desired wireless networks in the menu Wireless LAN->WLAN->Virtual Service Sets->
->New.
Note
The preset wireless network Funkwerk-EC has the following security settings in the ex
works state:
⢠Security Mode =
⢠WPA Mode =
⢠WPA Cipher as well as WPA2 Cipher = * 46
⢠The Preshared Key is filled with an internal system value, which you must change
during configuration.
Setting network names
In contrast to a LAN set up over Ethernet, a wireless LAN does not have any cables for setting up a permanent connection between the server and clients. Access violations or faults
may therefore occur with directly adjacent radio networks. To prevent this, every radio network has a parameter that uniquely identifies the network and is comparable with a domain
name. Only clients with a network configuration that matches that of your device can communicate in this WLAN. The corresponding parameter is called the network name. In the
network environment, it is sometimes also referred to as the SSID.
Protection of wireless networks
As data can be transmitted over the air in the WLAN, this data can in theory be intercepted
and read by any attacker with the appropriate resources. Particular attention must therefore
be paid to protecting the wireless connection.
There are three security modes, WEP, WPA-PSK and WPA Enterprise. WPA Enterprise offers the highest level of security, but this security mode is only really suitable for companies, because it requires a central authentication server. Private users should choose WEP
or preferably WPA-PSK with higher security as their security mode.
WEP
802.11 defines the security standard WEP (Wired Equivalent Privacy = encryption of data
126
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
12 Wireless LAN
with 40 bit (Security Mode = * &) or 104 bit (Security Mode = * &). However,
this widely used WEP has proven susceptible to failure. However, a higher degree of security can only be achieved through hardware-based encryption which required additional
configuration (for example 3DES or AES). This permits even sensitive data from being
transferred via a radio path without fear of it being stolen.
IEEE 802.11i
Standard IEEE 802.11i for wireless systems contains basic security specifications for wireless networks, in particular with regard to encryption. It replaces the insecure WEP (Wired
Equivalent Privacy) with WPA (Wi-Fi Protected Access). It also includes the use of the advanced encryption standard (AES) to encrypt data.
WPA
WPA (Wi-Fi Protected Access) offers additional privacy by means of dynamic keys based
on the Temporal Key Integrity Protocol (TKIP), and offers PSK (preshared keys) or Extensible Authentication Protocol (EAP) via 802.1x (e.g. RADIUS) for user authentication.
Authentication using EAP is usually used in large wireless LAN installations, as an authentication instance in the form of a server (e.g. a RADIUS server) is used in these cases. PSK
(preshared keys) are usually used in smaller networks, such as those seen in SoHo (Small
office, Home office). Therefore, all the wireless LAN subscribers must know the PSK, because it is used to generate the session key.
WPA 2
The enhancement of WPA is WPA 2. In WPA 2, the 802.11i standard is not only implemented for the first time in full, but another encryption algorithm AES (Advanced Encryption
Standard) is also used.
Access control
You can control which clients can access your wireless LAN via your device by creating an
Access Control List (ACL Mode or MAC-Filter). In the Access Control List, you enter the
MAC addresses of the clients that may access your wireless LAN. All other clients have no
access.
Security measures
To protect the data transferred on the WLAN, the following configuration steps should be
menu, where
carried out in the Wireless LAN->WLAN->Virtual Service Sets->New->/
necessary:
⢠Change the access passwords for your device.
bintec WLAN and Industrial WLAN
127
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
⢠Change the default SSID, Network Name (SSID) =
, of your access point.
Enable the Visible option. This will exclude all WLAN clients that attempt to establish a
connection with the general value for Network Name (SSID) - and do not know the
SSID settings.
⢠Use the available encryption methods. For this, select Security Mode = * &, *
&, or *" ! or both, and enter the corresponding key into the
access point under WEP Key 1 - 4 or Preshared Key in the WLAN clients.
⢠The WEP Key should be changed regularly. To do this, change Transmit Key . Select
the longer 104 Bit WEP key.
⢠For transmission of information with very high security relevance, configure Security
Mode = *" ! with WPA Mode = . This method contains hardwarebased encryption and RADIUS authentication of the client. In special cases, combination
with IPSec is possible.
⢠Restrict WLAN access to permitted clients. Enter the MAC addresses of the wireless network cards for these clients in the Allowed Addresses list in the MAC-Filter menu (see
Fields in the MAC-Filter menu on page 131).
A list of all WLAN networks is displayed in the Wireless LAN->WLAN->Virtual Service
Sets menu.
12.1.2.1 Virtual Service Sets->New
Choose the
icon to edit existing entries. Choose the Newbutton to configure additional
wireless networks.
The Wireless LAN->WLAN->Virtual Service Sets->
->New menu consists of the follow-
ing fields:
Fields in the Virtual Service SetsService Set Parametersmenu
Field
Description
Network Name (SSID)
Enter the name of the wireless network (SSID).
Enter an ASCII string with a maximum of 32 characters.
Also select whether the Network Name (SSID) is to be transmitted.
The network name is displayed by selecting 3 #) .
It is visible by default.
Intra-cell Repeating
128
Select whether communication between the WLAN clients is to
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
be permitted within a radio cell.
The function is activated by selecting *#) .
The function is enabled by default.
ARP Processing
Select whether the ARP Processing function should be activated. The ARP data traffic is reduced in the network by the fact
that ARP broadcasts that have been converted to ARP unicasts
are forwarded to IP addresses that are known internally. Unicasts are quicker and clients with an enabled power save function are not addressed.
The function is activated by selecting *#) .
The function is disabled by default.
Please note that ARP Processing cannot be applied in conjunction with the MAC bridge function.
WMM
Select whether voice or video prioritisation via WMM (Wireless
Multimedia) is to be activated for the wireless network so that
optimum transmission quality is always achieved for time-critical
applications. Data prioritisation is supported in accordance with
DSCP (Differentiated Services Code Point) or IEEE802.1d.
The function is activated by selecting *#) .
The function is enabled by default.
Max. Clients
Enter the maximum number of clients that can be connected to
this wireless network (SSID)
The maximum number of clients that can register with a wireless module depends on the specifications of the respective
WLAN module. This number can be shared across all configured wireless networks. If the maximum number of clients is
reached, no more new wireless networks can be created and a
warning message will appear.
Fields in the Virtual Service SetsSecurity Settings menu
Field
Description
Security Mode
Select the Security Mode (encryption and authentication) for
bintec WLAN and Industrial WLAN
129
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
the wireless network.
Possible values:
⢠6"/ (default value): Neither encryption nor authentication
⢠* &: WEP 40 bits
⢠* &: WEP 104 bits
⢠: WPA Preshared Key
⢠*" !
Transmit Key
: 802.11x
Only for Security Mode = * &
Select one of the keys configured in WEP Key <1 - 4> as a default key.
The default value is - .
WEP Key 1-4
Only for Security Mode = * &, * &
Enter the WEP key.
Enter a character string with the right number of characters for
the selected WEP mode. For * & you need a character
string with 5 characters, for * & with 13 characters, e. g.
! for * &.
0 )) for * &,
WPA Mode
Only for Security Mode = and *" !
Select whether you want to use WPA (with TKIP encryption) or
WPA 2 (with AES encryption), or both.
Possible values:
⢠(default value): WPA and WPA 2 can be
applied.
⢠: Only WPA is applied.
⢠: Only WPA 2 is applied.
WPA Cipher
Only for Security Mode = and *" !
and for WPA Mode = and
Select the type of encryption with which to apply WPA .
130
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
Possible values:
⢠)
) " /) !"E (default value)
⢠* : AES is used.
⢠* 46 : AES or TKIP is used.
WPA2 Cipher
Only for Security Mode = and *" !
and for WPA Mode = and
Select the type of encryption with which to apply WPA 2.
Possible values:
⢠* (default value): AES is used.
⢠* 46 : AES or TKIP is used.
Preshared Key
Only for Security Mode =
Enter the WPA password.
Enter an ASCII string with 8 - 63 characters.
Note: Change the default Preshared Key! If the key has not
been changed, your device will not be protected against unauthorised access!
EAP Preauthentification
Only for Security Mode = *" !
Select whether the EAP preauthentification function is to be activated. This function tells your device that WLAN clients, which
are already connected to another access point, can first carry
out 802.1x authentication as soon as they are within range.
Such WLAN clients can then simply connect over the existing
network connection with your device.
The function is activated by selecting *#) .
The function is enabled by default.
Fields in the MAC-Filter menu
Field
Description
ACL Mode
Select whether only certain clients are to be permitted for this
wireless network.
bintec WLAN and Industrial WLAN
131
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
The function is activated by selecting *#) .
The function is disabled by default.
Allowed Addresses
Use Add to make entries and enter the MAC addresses (MAC
Address) of the clients to be permitted.
12.1.3 WDS Links
If you're operating your device in Access Point mode ( Wireless LAN->WLAN->Radio Settings-> ->Operation Mode =
"), you can edit or create the desired WDS
Links in the menu Wireless LAN->WLAN->WDS Links->
->New.
Important
The WDS link can only be configured in the 2.4 GHz band indoors if the channel is
NOT ".
The number of channels that can be selected depends on the country setting. Please consult the data sheet for your device.
WDS links (WDS = Wireless Distribution System) are static links between access points
(AP), which are generally used to connect clients with networks that are not directly accessible to them e.g. because the distance is too great. The access point sends from one
client to another access point, which then forwards the data to another client.
Important
Note that the data is transferred between the access points in unencrypted form over
the WDS link in the default configuration. You are therefore urgently advised to apply
one of the available security methods (WEP 40 or WEP 104) to protect data on WDS
links.
WDS links are configured as interfaces with the prefix 8. They behave like VSS interface
and only differ from these with respect to the predefined routing. A WDS link is defined as a
transit network: this relates to a point-to-point connection or point-to-multipoint connection
between two access points that are included in different networks.
132
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
12.1.3.1 WDS Links->New
Choose the
icon to edit existing entries. Choose the New button to configure additional
WDS links.
The Wireless LAN->WLAN->WDS Links->
->New menu consists of the following fields:
Fields in the WDS LinksBasic Parameters menu
Field
Description
WDS Description
Enter a name for the WDS link.
If the ,
)" option is activated, the automatically generated name of the interface is used.
If the option is not activated, you can enter a suitable name in
the input field.
Option ,
)" is active by default.
Fields in the WDS Security Settings menu
Field
Description
Privacy
Select whether an encryption method is to be used for this WDS
link and if so, which one.
Possible values:
⢠2 (default value): Data traffic on this WDS link is not encrypted.
⢠* &: Data traffic on this WDS link is encrypted with WEP
40. In WEP Key 1 to WEP Key 4 enter the keys for this WDS
link, and in Transmit Key select the default key.
⢠* &: Data traffic on this WDS link is encrypted with
WEP140. In WEP Key 1 to WEP Key 4 enter the keys for this
WDS link, and in Transmit Key select the default key.
⢠: Data traffic on this WDS link is encrypted with WPA.
Enter the key for this WDS link in Preshared Key.
⢠: Data traffic on this WDS link is encrypted with WPA.
Enter the key for this WDS link in Preshared Key.
Transmit Key
bintec WLAN and Industrial WLAN
Only for Privacy = * &
133
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
, * &
Select one of the keys configured in WEP Key 1 to WEP Key 4
as a standard key.
The default value is - .
WEP Key 1 to WEP Key Only for Privacy = * &, * &
Enter the WEP key. There are two ways of entering a WEP key:
⢠Direct entry in hexadecimal form
If the entry starts with :, the generator is deactivated. Enter
a hexadecimal string with exactly the right number of characters for the selected WEP mode. 10 characters * & or 26
characters for * & e.g. * &: :+'C&(, *
&: :8(+8+8&8('8+8'
⢠Direct entry of ASCII characters
Enter a character string with the right number of characters for
the selected WEP mode. For * & you need a character
string with 5 characters, for * & with 13 characters, e. g.
0 )) for * &,
! for * &.
Preshared Key
Only for Privacy =
,
Enter the WPA password.
Enter an ASCII string with 8 - 63 characters.
Fields in the Remote Partner menu
Field
Description
Remote MAC Address
Enter the MAC address of the WDS partner.
12.1.4 Client Link
If you're operating your device in Access Client mode ( Wireless LAN->WLAN->Radio Set() ")), you can edit the existing client links in
tings-> ->Operation Mode =
menu Wireless LAN->WLAN->Client Link->
134
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
The Client Mode can be operated in infrastructure mode or in ad-hoc mode.
In a network in infrastructure mode, all clients communicate with each other via access
points only. There is no direct communication between the individual clients.
In ad-hoc mode, an access client can be used as central interface between a number of
terminals. In this way, devices such as computers and printers can be wirelessly interconnected.
12.1.4.1 Client Link->
Choose the
icon to edit existing entries.
The Wireless LAN->WLAN->Client Link->
menu consists of the following fields:
Fields in the Client LinkBasic Parameters menu
Field
Description
Network Name (SSID)
Enter the name of the wireless network (SSID).
Enter an ASCII string with a maximum of 32 characters.
Fields in the Client LinkSecurity Settings menu
Field
Description
Security Mode
Select the security mode (encryption and authentication) for the
wireless network.
Possible values:
⢠6"/ (default value): Neither encryption nor authentication
⢠* &: WEP 40 bits
⢠* &: WEP 104 bits
⢠2 : Only for Client Mode = <. WPA None
⢠Only for: Client Mode = 6 " " . WPA
Preshared Keys
Transmit Key
Only for Security Mode = * &
Select one of the keys configured in WEP Key <1 - 4> as a default key.
bintec WLAN and Industrial WLAN
135
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
The default value is - .
WEP Key 1-4
Only for Security Mode = * &, * &
Enter the WEP key.
Enter a character string with the right number of characters for
the selected WEP mode. For * & you need a character
string with 5 characters, for * & with 13 characters, e. g.
0 )) for * &,
! for * &.
WPA Mode
Only for Security Mode =
Select whether you want to use WPA (with TKIP encryption) or
WPA 2 (with AES encryption), or both.
Possible values:
⢠(default value): Only WPA is used.
⢠: Only WPA2 is used.
Preshared Key
Only for Security Mode =
Enter the WPA password.
Enter an ASCII string with 8 - 63 characters.
WPA Cipher
Only for Security Mode = and WPA Mode =
Select which encryption method should be used.
Possible values:
⢠46 (default value): Temporal Key Integrity Protocol.
⢠*: Advanced Encryption Standard.
⢠* 46
Both encryption methods are rated as secure, with AES offering
better performance.
WPA2 Cipher
Only for Security Mode = and WPA Mode =
Select which encryption method should be used.
Possible values:
136
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
⢠46 (default value): Temporal Key Integrity Protocol.
⢠*: Advanced Encryption Standard.
⢠* 46
Both encryption methods are rated as secure, with AES offering
better performance.
12.1.4.2 Client Link Scan
After the desired Client Links have been configured, the
icon is shown in the list.
You use this icon to open the Scan menu.
After successful scanning, a selection of potential scan partners is displayed in the scan
list. In the Action column, click Select to connect the local clients with this client. If the
appears in the Connected column. The
partners are connected with one another, the
icon appears in the Connected column if the connection is active.
The Wireless LAN->WLAN->Client Link->Scan menu consists of the following fields:
Fields in the Client LinkScan menu
Field
Description
Client Link Description Displays the name of the client link you configured.
Action
Start the scan by clicking on Scan.
If the antennas are installed correctly on both sides and LOS is
free, the client finds available clients and displays them in the
following list.
If the partner client cannot be found, check the line of sight and
the antenna installation. Then carry out the Scan. The partner
should then be found.
AP MAC Address
Shows the MAC address of the remote client.
Network Name (SSID)
Displays the name of the remote client.
Channel
Shows the Channel used.
Mode
Shows the security mode (encryption and authentication) for the
wireless network.
Signal
Displays the signal strength of the detected client link in dBm.
bintec WLAN and Industrial WLAN
137
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
Connected
Displays the status of the link on your client.
Action
You can change the status of the client link. The available actions are displayed in this field.
12.1.5 Bridge Links
If you're operating your device in Bridge mode (Wireless LAN->WLAN->Radio Settings->
->Operation Mode = +$ ), you can edit or create the desired Bridge Links in the
menu Wireless LAN->WLAN->Bridge Links->
->New.
With the bridge function, you can, for example, make a wireless connection between a
bintec W1002n and one or more other bintec W1002n devices. The range of these wireless connections can be several kilometres, depending on the antennas used.
Note
Always use the antennas and antenna cables supplied with the equipment to prevent
unintentional violations of the applicable law. If you have special requirements, e.g. regarding cable lengths, please contact your dealer or Funkwerk Enterprise Communications GmbH.
Bridges are generally used to interconnect various LAN segments at Layer 2 of the OSI
7-layer model. The special feature of bintec bridges is that the distances between these
segments can be several kilometres, without the necessity for a cable for these ranges.
If you operate a wireless port in Bridge mode, this can only be used for a bridge link. This
means:
⢠The port has no network name.
⢠Wireless clients cannot log in (associate) to this port.
⢠There is no node table for this port (as there are no clients).
⢠There is no Access Control List (ACL) for this port.
This port will only connect to the partner bridge port you have configured and also only accept connections from this port.
The bintec bridges have transmission rates far above the possibilities of the ISDN S0,
ISDN S2M or ADSL. The high-speed bridge even surpasses standard Ethernet (10BaseT,
10Base2, 10Base5).
138
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Caution
Never connect two bridges that have set up a connection to each other with radio to
the same LAN segment. This leads to unavoidable overloading of your network and
stops all network traffic.
Some of the possible network topologies are described here to give you an overview of the
options available when you use bintec bridges.
To be able to set up a wireless link to bintec bridges, an uninterrupted view must exist
between the antennas at both ends. This is called a line of sight, abbreviated to LOS.
The term line of sight does not just mean a straight line of vision between the two antennas, but a kind of tunnel, which must not be disturbed by obstacles. This tunnel is called
the 1st Fresnel zone. The Fresnel zone has the shape of an ellipse rotated around its longitudinal axis. At least 60 % of the 1st Fresnel zone must remain free of obstacles. The radius (or the small semi-axis) depends on the frequency used and the distance between the
antennas.
Example: Radius of 1st Fresnel zone as a function of distance from transmit antenna for
antenna separation of 5 km at 2.45 GHz.
Example 1
Distance from transmit an- Radius of 1st Fresnel zone Radius at 60 % of
tenna (km)
(m)
1st Fresnel zone (m)
0,250
5,4
4,2
0,500
7,4
5,7
0,750
8,8
6,8
1,000
9,9
7,7
1,250
10,7
8,3
1,500
11,3
8,8
1,750
11,8
9,1
2,000
12,1
9,4
2,250
12,3
9,5
2,500
12,4
9,6
2,750
12,3
9,5
3,000
12,1
9,4
bintec WLAN and Industrial WLAN
139
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Distance from transmit an- Radius of 1st Fresnel zone Radius at 60 % of
tenna (km)
(m)
1st Fresnel zone (m)
3,250
11,8
9,1
3,500
11,3
8,8
3,750
10,7
8,3
4,000
9,9
7,7
4,250
8,8
6,8
4,500
7,4
5,7
4,750
5,4
4,2
Example: Radius of 1st Fresnel zone as a function of distance to the transmit antenna for a
distance of 700 m at 2.45 GHz.
Example 2
Distance from transmit an- Radius of 1st Fresnel zone Radius at 60 % of
tenna (km)
(m)
1st Fresnel zone (m)
100
1,6
1,25
200
2,1
1,6
300
2,3
1,75
400
2,3
1,75
500
2,
1,6
600
1,6
1,25
Note
When setting up a bridge link, make sure that no obstacles or trees protrude into the
Fresnel zone. If obstacles exist, the transmission rate will drop and the path may eventually fail.
It is not essential to consider the LOS for short distances inside buildings, as the radius
of the Fresnel zone will be very small here.
If you meet these requirements, the link can be set up and maintained without further
limitations. A special feature of links with bintec bridges is that they are completely unaffected by weather conditions.
Note
For a bridge path, always use the marked antenna connection. This is the device's
primary connection.
140
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
A label containing details of the two antennas is located on the back of the device. The
primary antenna is designated Ant 1.
12.1.5.1 Bridge Links->New
Choose the
icon to edit existing entries. Choose the New button to configure additional
Bridge links.
The Wireless LAN->WLAN->Bridge Links->
->New menu consists of the following
fields:
Fields in the Bridge LinksBasic Parameters menu
Field
Description
Bridge Link Description
Enter a name for the bridge link.
If the ,
)" option is activated, the automatically generated name of the interface is used.
If the option is not activated, you can enter a suitable name in
the input field.
Option ,
Remote Configuration
)" is active by default.
Select whether setup of a bridge link from a remote bridge is to
be permitted.
Possible values:
⢠)) (default value): It is possible to set up a bridge link
from a remote bridge.
⢠8 : It is not possible to set up a bridge link from a remote bridge.
Fields in the Bridge LinksBridge Security Settings menu
Field
Description
Privacy
Select whether an encryption method is to be used for this
bridge link and if so, which one.
Possible values:
⢠46 (default value): Temporal Key Integrity Protocol.
⢠*: Advanced Encryption Standard.
bintec WLAN and Industrial WLAN
141
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
Both encryption methods are rated as secure, with AES offering
better performance.
Preshared Key
Enter the password for this bridge link. You can also obtain the
preshared key automatically.
Fields in the Bridge LinksRemote Partner menu
Field
Description
Remote MAC Address
Enter the MAC address of the bridge link partner.
12.1.5.2 Bridge Links Scan
After the desired Bridge Links have been configured, the
icon is shown in the list.
You use this icon to open the Automatic Bridge Link Configuration menu.
After successful scanning, a selection of potential bridge partners is displayed in the scan
list. In the Action column, click Select to connect the local bridge with this bridge. If the
icon appears in the Connected column.
partners are connected with one another, the
The
icon appears in the Connected column if the connection is active.
The Wireless LAN->WLAN->Bridge Links->Automatic Bridge Link Configuration
menu consists of the following fields:
Fields in the Automatic Bridge Link Configuration menu
Field
Description
Bridge Link Description
Displays the name of the bridge link you configured.
Max. Scan Duration
Enter the maximum time in seconds for the scan.
Possible values are to .
The default value is .
Action
Start the scan by clicking on Scan.
If the antennas are installed correctly on both sides and LOS is
free, the bridge finds available bridges and displays them in the
following list.
142
bintec WLAN and Industrial WLAN
12 Wireless LAN
Funkwerk Enterprise Communications GmbH
Field
Description
If the partner bridge cannot be found, check the line of sight and
the antenna installation. Then carry out the Scan. The partner
should then be found.
Remote Link Description
Displays the name of the bridge link configured on the remote
bridge.
Remote Device Name
Displays the name of the remote bridge.
Signal dBm
Displays the signal strength of the detected bridge link.
Remote MAC Address
Shows the MAC address of the remote bridge.
Remote link enabled
Displays the status of the link on the remote bridge.
Connected
Displays the status of the link on your bridge.
Action
You can change the status of the bridge link. The available actions are displayed in this field.
12.2 Administration
The Wireless LAN->Administration menu contains basic settings for running your gateway as an access point (AP).
12.2.1 Basic Settings
The Wireless LAN->Administration->Basic Settings menu includes the following fields:
Fields in the Basic SettingsWLAN Administration menu
Field
Description
Region
Select the country in which the access point is to be run.
Possible values are all the countries configured on the device's
wireless module.
The range of channels available for selection (Channel in the
Radio Settingsmenu) changes depending on the country setting.
The default value is 1 -.
bintec WLAN and Industrial WLAN
143
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Chapter 13 Wireless LAN Controller
By using the wireless LAN controller, you can set up and manage a WLAN infrastructure
with up to 150 access points (APs). The WLAN controller has a Wizard which assists you in
the configuration of your access points. The system uses the CAPWAP protocol (Control
and Provisioning of Wireless Access Points Protocol) for any communication between masters and slaves.
In smaller WLAN infrastructures with up to six APs, one of the APs assumes the master
function and manages the other APs as well as itself. In larger WLAN networks, a gateway,
e.g. such as a bintecR1202, assumes the master function and manages the APs.
Provided the controller has "located" all of the APs in its system, each of these shall receive a new passport and configuration in succession, i.e. they are managed via the WLAN
controller and can no longer be amended "externally".
With the bintec WLAN controller you can
⢠automatically detect individual access points (APs) and connect to a WLAN network
⢠Load the system software into the APs
⢠Load the configuration into the APs
⢠Monitor and manage APs
13.1 Wizard
The Wizard menu offers step-by-step instructions for the set up of a WLAN infrastructure.
The Wizard guides you through the configuration.
When you select the Wizard you will receive instructions and explanations on the separate
pages of the Wizard.
Note
We highly recommended that you use the Wizard when initially configuring your WLAN
infrastructure.
13.1.1 Basic Settings
Here you can configure all of the various settings that you require for the actual wireless
LAN controller.
144
bintec WLAN and Industrial WLAN
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
The wireless LAN controller uses the following settings:
Region
Select the country in which the wireless controller is to be operated.
Note: The range of channels that can be used varies depending on the country setting.
Interface
Select the interface to be used for the wireless controller.
DHCP Server
Select whether an external DHCP server shall assign IP addresses to the APs or if your
device should be used as the DHCP server. For an internal DHCP server, CAPWAP option
138 is enabled in order to allow communication between the master and slaves.
Note: Make sure that option 138 is enabled when using an external DHCP server.
If you wish to use a bintec Gateway for example as a DHCP server, click on the FCI menu
of this device under Local Services->DHCP Server->DHCP Pool->New->Advanced Settings in the DHCP Optionsfield on the Add button. Select as Option ( (")
) and in the Value field enter the IP address of the WLAN controller.
IP Address Range
If the IP addresses are to be assigned internally, you must enter the start and end IP address of the desired range.
Note: If you click on Next, a warning appears which informs you that continuing will overwrite the wireless LAN controller configuration. By clicking on OK you signal that you agree
with this and wish to continue with the configuration.
13.1.2 Radio Profile
Select which frequency band your WLAN controller shall use.
If the & 1as standard key.
WEP Key <1 -4 >
Enter a WEP key for Security Mode = * & or * &.
Note: Enter a character string with the right number of characters for the selected WEP
mode. For * & you need a character string with 5 characters, for * & with 13
characters, e. g. 0 )) for * &,
! for * &.
WPA Mode
Select for Security Mode = or *" !
or WPA 2 or both.
146
, whether you wish to use WPA
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
13 Wireless LAN Controller
WPA Cipher
For Security Mode select = or *" ! and for WPA Mode = or
, with which encryption you wish to apply WPA.
WPA2 Cipher
For Security Mode select = or *" ! and for WPA Mode =
or , with which encryption you wish to apply WPA2.
Preshared Key
Enter the WPA password for Security Mode = .
Enter an ASCII string with 8 - 63 characters.
Note: Change the default Preshared Key! If the key has not been changed, your device will
not be protected against unauthorised access!
Radius Server
You can control access to a wireless network via a RADIUS server.
With Add, you can create new entries.
Enter the IP address and the password of the desired RADIUS server.
EAP Preauthentification
For Security Mode = *" ! , select whether the EAP preauthentification function is to be *#) . This function tells your device that WLAN clients, which are already
connected to another access point, can first carry out 802.1x authentication as soon as
they are within range. Such WLAN clients can then simply connect over the existing network connection with your device.
VLAN
Select whether the VLAN segmentation is to be used for this wireless network.
If you wish to use VLAN segmentation, enter in the entry field a numerical value between
and &&, to identify the VLAN (VLAN ID is not possible!).
Note: Before you continue, please ensure that all access points that the WLAN controller
shall manage are correctly wired and switched on.
13.1.4 Start automatic installation
You will see a list of all detected access points.
bintec WLAN and Industrial WLAN
147
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
If you wish to change the settings of a detected AP, click on
in the corresponding entry.
You will see the settings for all selected access points. You can change these settings.
The following parameters are available:
Location
Displays the stated locality of the AP. You can enter another locality.
Active Radio Profile
Displays the wireless module profile that is currently selected. You can select another wireless module profile from the list if several wireless module profiles are set up.
Assigned Wireless Network (VSS)
Displays the wireless networks that are currently assigned.
Operation Mode
Select whether the device is to be operated in
" mode or in 8 )" mode.
The 8 )" setting uses the value that you have selected in the corresponding Radio
Profile.
Channel
Displays the channel that is assigned. You can select an alternative channel.
The number of channels that can be selected depends on the country setting. Please consult the data sheet for your device.
Note: Configuring the network name (SSID) in Access Point mode means that wireless networks can be logically separated from each other, but they can still physically interfere with
each other if they are operating on the same or closely adjacent wireless channels. So if
you are operating two or more radio networks close to each other, it is advisable to allocate
the networks to different channels. Each of these should be spaced at least four channels
apart, as a network also partially occupies the adjacent channels.
In the case of manual channel selection, please make sure first that the APs actually support these channels.
Transmit Power
Displays the transmission power in dBm. You can select another transmission power.
With OK you take over the setting in window Access Point Settings.
148
bintec WLAN and Industrial WLAN
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Select the access points that your WLAN controller shall manage. In the Manage column,
click on the desired entries, or click on Select all in order to select all entries.
Click on Start in order to install the WLAN and automatically assign the frequencies.
Note: If there are not enough licences available, the message "The maximum number of
slave access points that can be supported has been exceeded". Please check your licences. If this message is displayed then you should obtain additional licences if appropriate.
During the installation of the WLAN and the allocation of frequencies, on the messages displayed you will see how far the installation has progressed. The display is continuously updated.
Provided that non-overlapping wireless channels are located for all access points, the configuration that is set in the Wizard is transferred to the access points.
When the installation is complete, you will see a list of the Managed access points.
13.2 Controller Configuration
In this menu, you make the basic settings for the wireless LAN controller.
13.2.1 General
The Wireless LAN Controller->Controller Configuration->General menu includes the
following fields:
Fields in the GeneralBasic Settingsmenu
Field
Description
Region
Select the country in which the wireless LAN controller is to be
operated.
Possible values are all the countries configured on the device's
wireless module.
The range of channels that can be used varies depending on
the country setting.
The default value is 1 -.
Interface
bintec WLAN and Industrial WLAN
Select the interface to be used for the wireless controller.
149
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Field
Description
DHCP Server
Select whether an external DHCP server shall assign IP addresses to the APs or if your device should be used as the DHCP server. For an internal DHCP server, CAPWAP option 138
is active in order to allow communication between the master
and slaves.
Note: Make sure that option 138 is active when using an external DHCP server.
Possible values:
⢠8<( / "0 #) ( !" @'A%
(default value): An external DHCP server with active CAPWAP option 138 assigns the IP addresses to the APs.
⢠8<( / "0 #) ( !" @'A%:
Your device, on which the CAPWAP option 138 is active, assigns the IP addresses to the APs.
IP Address Range
Only for DHCP Server = 8<( /
( !" @'A%
"0
#)
Enter the start and end IP address of the range. These IP addresses and your device must originate from the same network.
13.3 Slave AP configuration
In this menu, you will find all of the settings that are required to manage the slave access
points.
13.3.1 Slave Access Points
In the Wireless LAN Controller->Slave AP configuration->Slave Access Points menu a
list of all APs found with the wizard is displayed.
For every access point, you see an entry with a parameter set (Location, Device, IP Address, MAC Address, Channel, Search Channel, Status).
Click on the Channel reallocation button under START in order to reassign any assigned
channels, e.g. when a new access point has been added.
Possible values for Status
150
bintec WLAN and Industrial WLAN
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Status
Meaning
Discovered
The AP has received an IP address via the DHCP and has communicated this to the controller via option 138. The controller
has prompted the required parameters from the AP.
Initialising
The WLAN controller and the APs "communicate" via CAPWAP.
The configuration is transferred and enabled to the APs.
Managed
The AP is set to "Managed" status. The controller has sent a
configuration to the AP and has enabled this. The AP is managed centrally from the controller and cannot be configured via
the FCI.
No License Available
The AP does not have a WLAN controller licence.
Offline
The AP is either administratively disabled or switched off or has
its power supply cut off etc.
13.3.1.1 Edit
Choose the
icon to edit existing entries.
You can also delete entries with the aid of
. If you have deleted APs, these will be loc-
ated again but shall not be configured.
In the menu Wireless LAN Controller->Slave AP configuration->Slave Access Points> the data for wireless module 1 and wireless module 2 are displayed, if the corresponding device contains two wireless modules. With devices featuring a single wireless module,
the data for wireless module 1 are displayed.
This menu consists of the following fields:
Fields in the Slave Access PointsAccess Point Settings menu
Field
Description
Administration Status
Select whether the selected AP is to be managed from the
WLAN controller.
The function is activated by selecting *#) .
The function is enabled by default.
You can disconnect the AP from the WLAN controller and therefore remove it from your WLAN infrastructure by disabling the
function. The AP then receives the 8 / status, but is
no longer =$ .
bintec WLAN and Industrial WLAN
151
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Field
Description
CAPWAP Encryption
Select whether communication between the master and slaves
is to be encrypted.
The function is activated by selecting *#) .
The function is enabled by default.
You can override the encryption in order to view the communication for debugging purposes.
Location
Displays the stated locality of the AP. You can enter another
locality.
Fields in the Slave Access PointsWireless module1 or in the Slave Access PointsWireless module 2 menu.
Field
Description
Operation Mode
Displays the mode in which the wireless module is to be operated. You can change the mode.
Possible values:
⢠;
(default value): The wireless module is not active.
â˘
": The wireless module is used as an access
point in your network.
⢠8 )": Uses the setting that was defined in the wireless
module profile.
Active Radio Profile
Displays the wireless module profile that is currently selected.
You can select another wireless module profile from the list if
several wireless module profiles are set up.
Channel
Displays the channel that is assigned. You can select another
channel.
The number of channels that can be selected depends on the
country setting. Please consult the data sheet for your device.
Access Point mode
Configuring the network name (SSID) in Access Point mode
means that wireless networks can be logically separated from
each other, but they can still physically interfere with each other
if they are operating on the same or closely adjacent wireless
152
bintec WLAN and Industrial WLAN
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Field
Description
channels. So if you are operating two or more radio networks
close to each other, it is advisable to allocate the networks to
different channels. Each of these should be spaced at least four
channels apart, as a network also partially occupies the adjacent channels.
In the case of manual channel selection, please make sure first
that the APs actually support these channels.
Possible values (according to the selected wireless module profile):
⢠For Operation Band = & 1Slave AP configuration->Radio Profile menu. A profile with 2.4 GHz is created
by default; the 2.4 GHz profile cannot be deleted.
bintec WLAN and Industrial WLAN
153
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
For each wireless module profile, you will see an entry with a parameter set ( Radio Profile,
Configured Radio Modules, Operation Band, Wireless Mode).
13.3.2.1 Edit or New
Choose the
icon to edit existing entries. Select the New button in order to create new
wireless module profiles.
The Wireless LAN Controller->Slave AP configuration->Radio Profile->
+New menu
consists of the following fields:
Fields in the Radio ProfileRadio Profile Definition menu
Field
Description
Operation Mode
Description
Enter the desired description of the wireless module profile.
Define the mode in which the wireless module profile is to be
operated.
Possible values:
⢠;
(default value): The wireless module profile is not active.
â˘
": Your device is used as an access point in
your network.
Operation Band
Select the frequency band of the wireless module profile.
Possible values:
⢠& 13) ?: According to setting for Operation Band, Bandwidth, Number of Spatial Streams and Wireless Mode various fixed values in mbps are available.
Burst Mode
Activate this function to increase the transmission speed for
802.11g through frame bursting. As a result, several packets
are sent one after the other without a waiting period. This is particularly effective in 11b/g mixed operation.
The function is enabled with *#) .
The function is disabled by default.
If problems occur with older WLAN hardware, this function
should not be active.
The menu Advanced Settings consists of the following fields:
Fields in the Radio ProfileAdvanced Settings menu
Field
Channel Plan
Description
Select the desired channel plan.
The channel plan makes a preselection when a channel is selected. This ensures that no channels overlap, i.e. a distance of
four channels is maintained between the channels used. This is
useful if more access points are used with overlapping radio
cells.
Possible values:
⢠)): All channels can be dialled when a channel is selected.
⢠": Depending on the region, operation band, wireless
mode and bandwidth, the channels that have a distance of 4
channels are provided.
⢠,
self.
User Defined Channel
Plan
156
: You can select the desired channels your-
Only for Channel Plan = ,
.
bintec WLAN and Industrial WLAN
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Field
Description
The currently selected channels are displayed here.
With Add you can add channels. If all available channels are
displayed, you cannot add any more entries.
You can also delete entries with the aid of
Beacon Period
Enter the time in milliseconds between the sending of two
beacons.
This value is transmitted in Beacon and Probe Response
Frames.
Possible values are to '.
The default value is .
DTIM Period
Enter the interval for the Delivery Traffic Indication Message
(DTIM).
The DTIM field is a data field in transmitted beacons that informs clients about the window to the next broadcast or multicast transmission. If clients operate in power save mode, they
come alive at the right time and receive the data.
Possible values are to .
The default value is .
RTS Threshold
Short Guard Interval
Short Retry Limit
Here you can specify the data packet length threshold in bytes
(1..2346) as of which the RTS/CTS mechanism is to be used.
This makes sense if several clients that are not in each other's
wireless range are run in one access point.
Enable this function to reduce the guard interval (= time
between transmission of two data symbols) from 800 ns to 400
ns.
Enter the maximum number of attempts to send a frame with
length less than or equal to the value defined in RTS
Threshold. After this many failed attempts, the packet is discarded.
Possible values are to .
bintec WLAN and Industrial WLAN
157
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Field
Description
The default value is C.
Long Retry Limit
Enter the maximum number of attempts to send a data packet
of length greater than the value defined in RTS Threshold.
After this many failed attempts, the packet is discarded.
Possible values are to .
The default value is &.
Fragmentation
Threshold
Enter the maximum size as of which the data packets are to be
fragmented (i.e. split into smaller units). Low values are recommended for this field in areas with poor reception and in the
event of radio interference.
Possible values are to '&.
The default value is '&.
13.3.3 Wireless Networks (VSS)
An overview of all created wireless networks is displayed in the Wireless LAN Controller>Slave AP configuration->Wireless Networks (VSS) menu. A wireless network is created by default.
For every wireless network (VSS), you see an entry with a parameter set (VSS Description, Network Name (SSID), Number of associated radio modules, Security, Status,
Action).
Under Assign unassigned VSS to all radio modules click on the Startbutton to assign a
newly-created VSS to all wireless modules.
13.3.3.1 Edit or New
Choose the
icon to edit existing entries. Choose the Newbutton to configure additional
wireless networks.
The Wireless LAN Controller->Slave AP configuration->Wireless Networks
(VSS)->New menu consists of the following fields:
Fields in the Wireless Networks (VSS)Service Set Parametersmenu
158
bintec WLAN and Industrial WLAN
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Field
Description
Network Name (SSID)
Enter the name of the wireless network (SSID).
Enter an ASCII string with a maximum of 32 characters.
Also select whether the Network Name (SSID) is to be transmitted.
The network name is displayed by selecting 3 #) .
It is visible by default.
Intra-cell Repeating
Select whether communication between the WLAN clients is to
be permitted within a radio cell.
The function is activated by selecting *#) .
The function is enabled by default.
ARP Processing
Select whether the ARP processing function should be enabled.
The ARP data traffic is reduced in the network by the fact that
ARP broadcasts that have been converted to ARP unicasts are
forwarded to IP addresses that are known internally. Unicasts
are quicker and clients with an enabled power save function are
not addressed.
The function is activated by selecting *#) .
The function is disabled by default.
Make sure that ARP processing cannot be applied together with
the MAC bridge function.
WMM
Select whether voice or video prioritisation via WMM (Wireless
Multimedia) is to be activated for the wireless network so that
optimum transmission quality is always achieved for time-critical
applications. Data prioritisation is supported in accordance with
DSCP (Differentiated Services Code Point) or IEEE802.1d.
The function is activated by selecting *#) .
The function is enabled by default.
Max. Clients
bintec WLAN and Industrial WLAN
Enter the maximum number of clients that can be connected to
this wireless network (SSID)
159
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Field
Description
The maximum number of clients that can register with a wireless module depends on the specifications of the respective
WLAN module. This number can be shared across all configured wireless networks. If the maximum number of clients is
reached, no more new wireless networks can be created and a
warning message will appear.
Fields in the Wireless Networks (VSS)Security Settings menu
Field
Security Mode
Description
Select the security mode (encryption and authentication) for the
wireless network.
Possible values:
⢠6"/ (default value): Neither encryption nor authentication
⢠* &: WEP 40 bits
⢠* &: WEP 104 bits
⢠: WPA Preshared Key
⢠*" !
Transmit Key
: 802.11x
Only for Security Mode = * &
Select one of the keys configured in WEP Key as a standard
key.
The default value is - .
WEP Key 1-4
Only for Security Mode = * &, * &
Enter the WEP key.
Enter a character string with the right number of characters for
the selected WEP mode. For * & you need a character
string with 5 characters, for * & with 13 characters, e. g.
0 )) for * &,
! for * &.
WPA Mode
Only for Security Mode = and *" !
Select whether you want to use WPA (with TKIP encryption) or
WPA 2 (with AES encryption), or both.
160
bintec WLAN and Industrial WLAN
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Field
Description
Possible values:
⢠(default value): WPA and WPA 2 can be
used.
⢠: Only WPA is used.
⢠: Only WPA2 is used.
WPA Cipher
Only for Security Mode = and *" !
and for WPA Mode = and
Select the type of encryption you want to apply to WPA.
Possible values:
⢠46 (default value): TKIP is used.
⢠* : AES is used.
WPA2 Cipher
Only for Security Mode = and *" !
and for WPA Mode = and
Select the type of encryption you want to apply to WPA2.
Possible values:
⢠* (default value): AES is used.
⢠46: TKIP is used.
Preshared Key
Only for Security Mode =
Enter the WPA password.
Enter an ASCII string with 8 - 63 characters.
Note: Change the default Preshared Key! If the key has not
been changed, your device will not be protected against unauthorised access!
Radius Server
You can control access to a wireless network via a RADIUS
server.
With Add, you can create new entries. Enter the IP address and
the password of the RADIUS server.
EAP Preauthentifica-
bintec WLAN and Industrial WLAN
Only for Security Mode = *" !
161
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Field
Description
tion
Select whether the EAP preauthentification function is to be activated. This function tells your device that WLAN clients, which
are already connected to another access point, can first carry
out 802.1x authentication as soon as they are within range.
Such WLAN clients can then simply connect over the existing
network connection with your device.
The function is activated by selecting *#) .
The function is enabled by default.
Fields in the Wireless Networks (VSS)MAC-Filter menu
Field
ACL Mode
Description
Select whether only certain clients are to be permitted for this
wireless network.
The function is activated by selecting *#) .
The function is disabled by default.
Allowed Addresses
Use Add to make entries and enter the MAC addresses (MAC
Address) of the clients to be permitted.
Fields in the Wireless Networks (VSS)VLAN menu
Field
Description
VLAN
Select whether the VLAN segmentation is to be used for this
wireless network.
The function is activated by selecting *#) .
The function is disabled by default.
VLAN ID
Enter the number that identifies the VLAN.
Possible values are to &&.
VLAN ID 1 is not possible as it is already in use.
13.4 Monitoring
This menu is used to monitor your WLAN infrastructure.
162
bintec WLAN and Industrial WLAN
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
13.4.1 Active Clients
In the Wireless LAN Controller->Monitoring->Active Clients menu, current values of all
active clients are displayed.
For each Active Clients you will see an entry with a parameter set (Location, VSS, Client
MAC, Signal (dBm), Status, Uptime).
Possible values for Status
Status
Meaning
None
The client is no longer in a valid status.
Logon
The client has just logged on with the WLAN controller.
Associated
The client has logged on with the WLAN controller.
Authenticate
The client is in the process of being authenticated.
Authenticated
The client is authenticated.
13.4.2 Neighbor APs
In the Wireless LAN Controller->Monitoring->Neighbor APs menu, the adjacent AP's
found during the scan are displayed.
For each adjacent AP, you see an entry with a parameter set ( Detected via AP, MAC Address, SSID, Signal (dBm), Channel, Last Seen; under Detected via AP you see the respective device location).
Click under New Neighborscan on Start to rescan adjacent APs. You will receive a warning that the wireless modules of the access points must also be disabled for a certain period of time. When you start the process with OK, a progress bar is displayed. The located
AP display is updated every ten seconds.
13.4.3 Wireless Networks
In menu Wireless LAN Controller->Monitoring+Wireless Networks an overview of the
currently used AP is displayed. You see which wireless module is assigned to which wireless network. For each wireless a parameter set is displayed (Location, VSS, MAC Address (VSS), Channel, Clients).
bintec WLAN and Industrial WLAN
163
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
13.5 Maintenance
This menu is used for the maintenance of your managed APs.
13.5.1 Firmware Maintenance
In the Wireless LAN Controller->Maintenance->Firmware Maintenance menu, a list of
all Managed Access Points is displayed.
For every access point, you see an entry with a parameter set (Update firmware, Location, Device, IP Address, LAN MAC Address, Firmware Version , Status).
Possible values for Status
Status
Meaning
Image already exists.
The software image already exists; no update is required.
Error
An error has occurred.
Running
The operation is currently in progress.
Done
The update is complete.
The Wireless LAN Controller->Maintenance->Firmware Maintenance menu consists of
the following fields:
Fields in the Firmware Maintenance menu
Field
Action
Description
Select the action you wish to execute.
After each task, a window is displayed showing the other steps
that are required.
Possible values:
⢠,!"
- " " : You can also start an update
of the system software.
⢠/ $ " "0 "" ": You
can save a configuration which contains the AP status information.
Source Location
Select the source for the action.
Possible values:
164
bintec WLAN and Industrial WLAN
13 Wireless LAN Controller
Funkwerk Enterprise Communications GmbH
Field
Description
⢠<44
/ (default value): Where applicable, the file is
stored on a remote server specified in the URL.
⢠( " "
/ : The file is
on the official Funkwerk update server. (Only for Action= ,!
"
- " " )
⢠44
/ : The file is stored respectively on a TFTP
server specified in the URL.
URL
bintec WLAN and Industrial WLAN
Only for Source Location = <44
/ or 44
/
Enter the URL of the update server from which the system software file is loaded or on which the configuration file is saved.
165
14 Networking
Funkwerk Enterprise Communications GmbH
Chapter 14 Networking
14.1 Routes
Default Route
With a default route, all data is automatically forwarded to one connection if no other suitable route is available. If you set up access to the Internet, you must configure the route to
your Internet Service Provider (ISP) as a default route. If, for example, you configure a corporate network connection, only enter the route to the head office or branch office as a default route if you do not configure Internet access over your device. If, for example, you
configure both Internet access and a corporate network connection, enter a default route to
the ISP and a network route to the head office. You can enter several default routes on
your device, but only one default route can be active at any one time. If you enter several
default routes, you should thus note differing values for Metric.
14.1.1 IP Routes
A list of all configured routes is displayed in the Networking+Routes->IP Routes menu.
14.1.1.1
Choose the
or New
icon to edit existing entries. Choose the New button to create additional
routes.
If the *:" 7 " option is selected for Route Class, an extra configuration section
opens.
The menu Networking+Routes->IP Routes->New consists of the following fields:
Field in the IP RoutesRoute Class menu
166
Field
Description
Extended Route
Select whether the route is to be defined with extended parameters. If the function is active, a route is created with extended
routing parameters such as source interface and source IP address, as well as protocol, source and destination port, type of
service (TOS) and the status of the device interface.
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
The function is activated by selecting *#) .
The function is disabled by default.
Fields in the IP RoutesRoute Parameters menu
Field
Description
Route Type
Select the type of route.
Possible values:
⢠2 "
7 " (default value): Route to a network.
⢠8 )" 7 " : Is used if no other suitable route is available.
⢠< " 7 " : Route to a single host.
Destination IP Address/Netmask
Only for Route Type < " 7 " or 2 "
7 "
Enter the IP address of the destination host.
In Route Type = 2 " 7 " , you additionally enter the
corresponding netmask in the second field. If no entry is made,
your device uses a default netmask.
Interface
If necessary, enter the interface to be used for this route.
Network Type
Not for Route Type = 8
)" 7 "
Also select the network type.
Possible values:
⢠8 " (default value):
⢠in the LAN: You define another IP address for the interface.
⢠in the WAN: You define a route without a transit network.
⢠6 ":
⢠in the LAN: You define a gateway route.
⢠in the WAN: You define a route with a transit network.
Local IP Address
Only for Network Type = 8 "
Enter the IP address of the gateway to which your device is to
bintec WLAN and Industrial WLAN
167
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
forward the IP packets.
Gateway
Only for Network Type = 6 "
Enter the IP address of the host to which your device is to forward the IP packets.
Metric
Select the priority of the route.
The lower the value, the higher the priority of the route.
Value range from to , The default value is .
Fields in the IP RoutesExtended Route Parameters menu
Field
Description
Source Interface
Select the interface over which the data packets are to reach
the device.
The default value is 2 .
New Source IP Address/Netmask
Enter the IP address and netmask of the source host or source
network.
Layer 4 Protocol
Select a protocol.
Possible values: 6(= , 4( , ,8 , 17* , * , < , ; ,
.4, - .
The default value is -.
Source Port
Only for Layer 4 Protocol = 4( or ,8.
Enter the source port.
First select the port number range.
Possible values:
⢠- (default value): The route is valid for all port numbers.
⢠$) : Enables the entry of a port number.
⢠7$ : Enables the entry of a range of port numbers.
⢠/) $ : Entry of privileged port numbers: 0 ... 1023.
168
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
⢠/ : Entry of server port numbers: 5000 ... 32767.
⢠() "
: Entry of client port numbers: 1024 ... 4999.
⢠() "
: Entry of client port numbers: 32768 ... 65535.
⢠2" !/)$ : Entry of unprivileged port numbers: 1024
... 65535.
Enter the appropriate values for the individual port or start port
of a range in Port and, for a range, the end port in to Port.
Destination Port
Only for Layer 4 Protocol = 4( or ,8.
Enter the destination port.
First select the port number range.
Possible values:
⢠- (default value): The route is valid for all port numbers.
⢠$) : Enables the entry of a port number.
⢠7$ : Enables the entry of a range of port numbers.
⢠/) $ : Entry of privileged port numbers: 0 ... 1023.
⢠/ : Entry of server port numbers: 5000 ... 32767.
⢠() "
: Entry of client port numbers: 1024 ... 4999.
⢠() "
: Entry of client port numbers: 32768 ... 65535.
⢠2" !/)$ : Entry of unprivileged port numbers: 1024
... 65535.
Enter the appropriate values for the individual port or start port
of a range in Port and, for a range, the end port in to Port.
DSCP / TOS Value
Select the Type of Service (TOS).
Possible values:
⢠6$ (default value): The type of service is ignored.
⢠8( +- 3) : Differentiated Services Code Point
according to RFC 3260 is used to signal the priority of IP
packets (indicated in binary format).
⢠8( 8 ) 3) : Differentiated Services Code Point
according to RFC 3260 is used to signal the priority of IP
packets (indicated in decimal format).
bintec WLAN and Industrial WLAN
169
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
⢠4; +- 3) : The TOS value is specified in binary
format, e.g. 00111111.
⢠4; 8 ) 3)
format, e.g. 63.
: The TOS value is specified in decimal
Enter the relevant value for 8( +- 3) , 8(
8 ) 3) , 4; +- 3) and 4; 8 )
3) .
Mode
Select when the interface defined in Route Parameters ->Interface is to be used.
Possible values:
⢠8) ! " (default value): The route can be used if
the interface is "up". If the interface is "dormant", then dial and
wait until the interface is "up".
⢠"0""/ : The route can always be used.
⢠8) ! " : The route can be used when the
interface is "up". If the interface is "dormant", then select and
use the alternative route (rerouting) until the interface is "up".
⢠2 / ) !: The route can be used when the interface is
"up".
⢠) - ) !: The route can be used when the interface
is "up". If the interface is "dormant", then dial and wait until the
interface is "up". In this case, an alternative interface with a
poorer metric is used for routing until the interface is "up".
14.1.2 Options
Back Route Verify
The term Back Route Verify describes a very simple but powerful function. If a check is activated for an interface, incoming data packets are only accepted over this interface if outgoing response packets are routed over the same interface. You can therefore prevent the
acceptance of packets with false IP addresses - even without using filters.
The Networking->Routes->Options menu includes the following fields:
Fields in the OptionsBack Route Verify menu
170
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
Mode
Select how the interfaces to be activated for Back Route Verify
are to be specified.
Possible values:
⢠*#)
)) "
ated for all interfaces.
: Back Route Verify is activ-
⢠*#)
! " (default value): A list
of all interfaces is displayed in which Back Route Verify is only
enabled for specific interfaces.
⢠8 #)
)) "
abled for all interfaces.
No.
Only for Mode = *#)
: Back route verify is dis-
! "
Displays the serial number of the list entry.
Interface
Only for Mode = *#)
! "
Displays the name of the interface.
Back Route Verify
Only for Mode = *#)
Select whether +
interface.
7 "
! "
3 - is to be activated for the
The function is enabled with *#) .
By default, the function is deactivated for all interfaces.
Fields in the OptionsGeneral menu
Field
Description
Allow deleting/editing
all routing entries
Define whether all the routes entered on your device can be edited and deleted in the Networking->Routes->IP Routes
menu.
The function is enabled with *#) .
By default, the function is deactivated for all interfaces.
bintec WLAN and Industrial WLAN
171
14 Networking
Funkwerk Enterprise Communications GmbH
14.2 NAT
Network Address Translation (NAT) is a function on your device for defined conversion of
source and destination addresses of IP packets. If NAT is activated, IP connections are still
only allowed by default in one direction, outgoing (forward) (= protective function). Exceptions to the rule can be configured (in NAT Configuration on page 173).
14.2.1 NAT Interfaces
A list of all NAT interfaces is displayed in the Networking->NAT->NAT Interfaces menu.
For every NAT interface, the 24 "/ , ) " 8 - and 4
tions can be selected .
"0 $0 op-
In addition, " $ displays how many port forwarding rules were configured
for this interface.
Options in the menu NAT Interfaces
Field
Description
NAT active
Select whether NAT is to be activated for the interface.
The function is disabled by default.
Silent Deny
Select whether IP packets are to be silently denied by NAT. If
this function is deactivated, the sender of the denied IP packet
is informed by means of an ICMP or TCP RST message.
The function is disabled by default.
PPTP Passthrough
Select whether the setup and operation of several simultaneous, outgoing PPTP connections from hosts in the network are
also to be permitted if NAT is activated.
The function is disabled by default.
If PPTP Passthrough is enabled, the device itself cannot be
configured as a tunnel endpoint.
Port
172
Shows the number of portforwarding rules configured in Networking->NAT->NAT Configuration .
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
14.2.2 NAT Configuration
In the Networking->NAT->NAT Configuration menu you can exclude data from NAT
simply and conveniently as well as translate addresses and ports. For outgoing data traffic
you can configure various NAT methods, i.e. you can determine how an external host establishes a connection to an internal host.
14.2.2.1 New
Choose the New button to set up NAT.
The menu Networking->NAT->NAT Configuration ->New consists of the following fields:
Field in the NAT ConfigurationBasic Parameters menu
Field
Description
Description
Enter a description for the NAT configuration.
Interface
Select the interface for which NAT is to be configured.
Possible values:
⢠- (default value): NAT is configured for all interfaces.
⢠>6"
list.
Type of traffic
?: Select one of the interfaces from the
Select the type of data traffic for which NAT is to be configured.
Possible values:
⢠$ @8 "" 24A (default value): The data
traffic that comes from outside.
⢠"$$ @
â˘
NAT method
24A: Outgoing data traffic.
:) $ @"0 " 24A: Data traffic excluded from
NAT.
Only for Type of traffic = "$$ @
24A.
Select the NAT method for outgoing data traffic. The starting
point for choosing the NAT method is a NAT scenario in which
an "internal" source host has initiated an IP connection to an "external" destination host over the NAT interface, and in which an
internally valid source address and internally valid source port
are translated to an externally valid source address and an ex-
bintec WLAN and Industrial WLAN
173
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
ternally valid source port.
Possible values:
â˘
)) (UDP only): Any given external host may send IP
packets via the external address and the external port to the
initiating source address and the initial source port.
⢠"" (UDP only): Like full-cone NAT; as external host, however, only the initial "external" destination host
is allowed.
⢠!" "" (UDP only): Like restricted-cone
NAT; however, exclusively data from the initial destination
port are allowed.
â˘
- " (standard value) any protocol: Outbound, an externally valid source address and an externally valid source
port are administratively set. Inbound, only response packets
within the existing connection are allowed.
In the NAT Configuration ->Specify original traffic menu, you can configure for which
data traffic NAT is to be used.
Fields in the NAT ConfigurationSpecify original traffic menu
Field
Description
Service
Not for Type of traffic = "$$ @ 24A and NAT
method = )) , "" or !"
"" .
Select one of the preconfigured services.
Possible values:
Protocol
⢠,
⢠>
/
(default value)
?
Only for certain services.
Not for Type of traffic = "$$ @ 24A and NAT
method = )) , "" or !"
"" . In this case UDP is automatically defined.
Select a protocol. According to the selected Service, different
protocols are available.
174
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
Possible values:
⢠- (default value)
⢠<
⢠(0
⢠*1
⢠*
⢠11
⢠17*
⢠<=
⢠6(=
⢠61
⢠617
⢠6
⢠66
⢠6/
⢠6B 6
⢠6;6
⢠-!")
⢠.4
⢠;
⢠,
⢠78
⢠73
⢠6
⢠4(
⢠4.
⢠,8
⢠377
⢠B268
Source IP Address/
Netmask
bintec WLAN and Industrial WLAN
Enter the source IP address and corresponding netmask of the
original data packets, as the case arises.
175
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Source Port
Description
Only for Type of traffic = "$$ @ 24A, NAT
method = - " and Service = , . Enter
the source port of the original data packets. The default setting
)) means that the port remains unspecified.
Source Port/Range
Not for Type of traffic = "$$ @ 24A Enter the
source port or the source port range of the original data packets. The default setting )) means that the port remains unspecified.
Destination IP Address/Netmask
Enter the destination IP address and corresponding netmask of
the original data packets, as the case arises.
Destination Port/Range
Only for Service = ,
.
Enter the destination port or the destination port range of the
original data packets. The default setting All means that the port
is not specified.
In the NAT Configuration ->Replacement Values menu you can define, depending on
whether you're dealing with inbound or outbound data traffic, new addresses and ports, to
which specific addresses and ports from the NAT Configuration ->Specify original traffic
menu can be translated.
Fields in the NAT ConfigurationReplacement Values menu
Field
Description
New Destination IP Ad- Only for Type of traffic = $ @8 "" 24A.
dress/Netmask
Enter the destination IP address and corresponding netmask to
which the original destination IP address is to be translated.
New Destination Port
Only for Type of traffic = $ @8
"" 24A.
Leave the destination port as it appears or enter the destination
port to which the original destination port is to be translated.
Selecting ;$) leaves the original destination port. If you
disable ;$), an input field appears in which you can
enter a new destination port.
;$)is active by default.
New Source IP Address/Netmask
176
Only for Type of traffic = "$$ @
24A.
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
Enter the source IP address and corresponding netmask to
which the original source IP address is to be translated.
New Source Port
Only for Type of traffic = "$$ @
24A.
Leave the source port as it appears or enter a new source port
to which the original source port is to be translated.
;$) leaves the original source port. If you disable Original, an input field appears in which you can enter a new source
q-port. ;$)is active by default.
14.3 Load Balancing
The increasing amount of data traffic over the Internet means it is necessary to send data
over different interfaces to increase the total bandwidth available. IP load balancing enables the distribution of data traffic within a certain group of interfaces to be controlled.
14.3.1 Load Balancing Groups
If interfaces are combined to form groups, the data traffic within a group is divided according to the following principles:
⢠In contrast to Multilink PPP-based solutions, load balancing also functions with accounts
with different providers.
⢠Session-based load balancing is achieved.
⢠Related (dependent) sessions are always routed over the same interface.
⢠A decision on distribution is only made for outgoing sessions.
A list of all configured load balancing groups is displayed in the Networking->Load Balancing->Load Balancing Groups menu. Clicking the magnifier icon opens an overview of
basic parameters pertaining to this group.
Note
Note that all interfaces collected under a Load Balancing Group must have routes with
identical metrics. If applicable, go to Networking->Routes and verify the relevant
entries.
bintec WLAN and Industrial WLAN
177
14 Networking
Funkwerk Enterprise Communications GmbH
14.3.1.1 New
Choose the New button to create additional groups.
The menu Networking->Load Balancing->Load Balancing Groups->New consists of the
following fields:
Fields in the Load Balancing GroupsBasic Parameters menu
Field
Description
Group Description
Enter the desired description of the interface group.
Distribution Policy
Select the way the data traffic is to be distributed to the interfaces configured for the group.
Possible values:
â˘
7 7# (default value): A newly added session is assigned to one of the group interfaces according to
the percentage assignment of sessions to the interfaces. The
number of sessions is decisive.
⢠. ! " + "0: A newly added session is
assigned to one of the group interfaces according to the share
of the total data rate handled by the interfaces. The current
data rate based on the data traffic is decisive in both the send
and receive direction.
Consider
Only for Distribution Policy = . ! " + "0
Choose the direction in which the current data rate is to be considered.
Options:
⢠8 ): Only the data rate in the receive direction is considered.
⢠,!): Only the data rate in the send direction is considered.
By default, the 8 ) and ,!) options are disabled.
Distribution Mode
178
Select the state the interfaces in the group may have if they are
to be included in load balancing.
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
Possible values:
⢠) - (default value): Also includes idle interfaces.
⢠;)"/
state are included.
"
: Only interfaces in the up
In the Interface area, you add interfaces that match the current group context and configure these. You can also delete interfaces.
Use Add to create more entries.
Fields in the Load Balancing GroupsInterface Selection for Distribution menu
Field
Description
Interface
Select the interfaces that are to belong to the group from the
available interfaces.
Distribution Ratio
Enter the percentage of the data traffic to be assigned to an interface.
The meaning differs according to the employed Distribution
Ratio:
â˘
7 7# is based on the number of distributed sessions.
⢠For . ! " + "0 the data rate is the decisive factor.
14.4 QoS
QoS (Quality of Service) makes it possible to distribute the available bandwidths effectively
and intelligently. Certain applications can be given preference and bandwidth reserved for
them. This is an advantage, especially for time-critical applications such as VoIP.
The QoS configuration consists of three parts:
⢠Creating IP filters
⢠Classifying data
⢠Prioritising data.
bintec WLAN and Industrial WLAN
179
14 Networking
Funkwerk Enterprise Communications GmbH
14.4.1 QoS Filter
In the Networking->QoS->QoS Filtermenu IP filters are configured.
The list also displays any configured entries from Networking->Access Rules->Rule
Chains.
14.4.1.1 New
Choose the New button to define more IP filters.
The Networking->QoS->QoS Filter->New menu consists of the following fields:
Fields in the QoS FilterBasic Parameters menu
Field
Description
Description
Enter the name of the filter.
Service
Select one of the preconfigured services. The extensive range
of services configured ex works includes the following:
⢠"/"⢠!!) F"
⢠"0
⢠0$
⢠) " G
⢠-"
⢠0!
â˘
The default value is ,
Protocol
.
Select a protocol.
The "/ - option (default value) matches any protocol.
Type
Only for Protocol = !
Select the type.
Possible values: -, *0 !)-, 8 "" 0
#) , F 0, 7 ", *0, 4
: ,
180
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
4
"!, 4
"! !)-.
See RFC 792.
The default value is -.
Connection State
With Protocol = "!, you can define a filter that takes the
status of the TCP connections into account.
Possible values:
⢠* "#) 0 : All TCP packets that would not open any new
TCP connection on routing over the gateway match the filter.
⢠- (default value): All TCP packets match the filter.
Destination IP Address/Netmask
Enter the destination IP address of the data packets and the
corresponding netmask.
Destination Port/Range Only for Protocol = "! or !
Enter a destination port number or a range of destination port
numbers.
Possible values:
⢠)) (default value): The destination port is not specified.
⢠! - !": Enter a destination port.
⢠! - !" $ : Enter a destination port range.
Source IP Address/
Netmask
Source Port/Range
Enter the source IP address of the data packets and the corresponding netmask.
Only for Protocol = "! or !
Enter a source port number or a range of source port numbers.
Possible values:
⢠)) (default value): The destination port is not specified.
⢠! - !": Enter a destination port.
⢠! - !" $ : Enter a destination port range.
DSCP/TOS Filter
(Layer 3)
bintec WLAN and Industrial WLAN
Specify how the priority of the IP packets is signalled.
Possible values:
181
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
⢠6$ (default value): No priority signalling is used.
⢠8( +- 3) : Differentiated Services Code Point is
used to signal the priority of IP packets (indicated in binary
format, 6 bit).
⢠8( 8 ) 3) : Differentiated Services Code Point
is used to signal the priority of IP packets (indicated in decimal format).
⢠4; +- 3) : Type of Service is used to signal the
priority of IP packets (indicated in binary format 8 bit).
⢠4; 8 ) 3) : Type of Service is used to signal the
priority of IP packets (indicated in decimal format).
Additional information on DSCP and TOS in RFC's 3260 and
1349.
COS Filter
(802.1p/Layer 2)
Enter the service class of the IP packets (Class of Service,
CoS).
Possible values are whole numbers between and C.
The default value is .
14.4.2 QoS Classification
The data traffic is classified in the Networking->QoS->QoS Classification menu, i.e. the
data traffic is associated using class IDs of various classes. To do this, create class plans
for classifying IP packets based on pre-defined IP filters. Each class plan is associated to
at least one interface via its first filter.
14.4.2.1 New
Choose the New button to create additional data classes.
The Networking->QoS->QoS Classification->New menu consists of the following fields:
Fields in the QoS ClassificationBasic Parameters menu
Field
Description
Class map
Choose the class plan you want to create or edit.
Possible values:
182
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
⢠2 (default value): You can create a new class plan with this
setting.
⢠>2 )
!)?: Shows a class plan that has
already been created, which you can select and edit. You can
add new filters.
Description
Only for Class map = 2
Enter the name of the class plan.
Filter
Select an IP filter.
If the class plan is new, select the filter to be set at the first point
of the class plan.
If the class plan already exists, select the filter to be attached to
the class plan.
To select a filter, at least one filter must be configured in the
Networking->QoS->QoS Filter menu.
Direction
Select the direction of the data packets to be classified.
Possible values:
⢠6$: Incoming data packets are assigned to the Class
ID specified below .
⢠; "$$ (default value): Outgoing data packets are assigned to the Class ID specified belowd.
⢠+"0: Incoming and outgoing data packets are assigned to
the Class ID specified below.
High Priority Class
Enable or disable the high priority class. If the high priority class
is active, the data packets are associated with the class with the
highest priority and priority 0 is set automatically.
The function is enabled with *#) .
The function is disabled by default.
Class ID
Only for High Priority Class not active.
Choose a number which assigns the data packets to a class.
bintec WLAN and Industrial WLAN
183
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
Note: The class ID is a label to assign data packets to specific
classes. (The class ID defines the priority.)
Possible values are whole numbers between and &.
Set DSCP/TOS value
(Layer 3)
Here you can set or modify the DSCP/TOS value of IP datagrams according to the specified class (Class ID).
Possible values:
â˘
/ (default value): The DSCP/TOS value of the IP datagrams remains unchanged.
⢠8( +- 3) : Differentiated Services Code Point
according to RFC 3260 is used to signal the priority of IP
packets (indicated in binary format, 6 bit).
⢠8( 8 ) 3) : Differentiated Services Code Point
according to RFC 3260 is used to signal the priority of IP
packets (indicated in decimal format).
⢠4; +- 3) : The TOS value is specified in binary
format, e.g. 00111111.
⢠4; 8 ) 3)
format, e.g. 63.
Set COS value
(802.1p/Layer 2)
: The TOS value is specified in decimal
Here you can set or change the Class of Service (Layer 2 Priority) within the VLAN Ethernet header of the IP datagrams in correspondence to the class (Class ID) they have been assigned
to.
Possible values are whole numbers between and C.
Interfaces
The default value is
/ .
Only for Class map = 2
When creating a new class plan, select the interfaces to which
you want to link the class plan. A class plan can be assigned to
multiple interfaces.
14.4.3 QoS Interfaces/Policies
In the Networking->QoS->QoS Interfaces/Policies menu, you set prioritisation of data.
184
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Note
Data can only be prioritized in the outgoing direction.
Packets in the high-priority class always take priority over data with class IDs 1... 254.
It is possible to assign or guarantee each queue and thus each data class a certain part of
the total bandwidth of the interface. In addition, you can optimise the transmission of voice
data (real time data).
Depending on the respective interface, a queue is created automatically for each class, but
only for data traffic classified as outgoing and for data traffic classified in both directions. A
priority is assigned to these automatic queues. The value of the priority is equal to the
value of the class ID. You can change the default priority of a queue. If you add new
queues, you can also use classes in other class plans via the class ID.
14.4.3.1 New
Choose the New button to create additional prioritisations.
The Networking->QoS->QoS Interfaces/Policies->New menu consists of the following
fields:
Fields in the QoS Interfaces/PoliciesBasic Parameters menu
Field
Description
Interface
Select the interface for which QoS is to be configured.
Priorisation algorithm
Select the algorithm according to which the queues are to be
processed. This activates and deactivates QoS on the selected
interface.
Possible values:
⢠"- H
$: QoS is activated on the interface. The
available bandwidth is distributed strictly according to the
queue priority.
⢠$0" 7 7#: QoS is activated on the interface.
The available bandwidth is distributed according to the
weighting (weight) of the queue. Exception: High-priority packets are always handled with priority.
⢠$0" H
bintec WLAN and Industrial WLAN
$: QoS is activated on the inter-
185
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
face. The available bandwidth is distributed as âfairlyâ as possible among the (automatically detected) traffic flows in a
queue. Exception: High-priority packets are always handled
with priority.
⢠8 #) (default value): QoS is deactivated on the interface. The existing configuration is not deleted, but can be activated again if required.
Traffic shaping
Activate or deactivate data rate limiting in the send direction.
The function is enabled with *#) .
The function is disabled by default.
Maximum Upload
Speed
Only for Traffic shaping enabled.
Enter a maximum data rate for the queue in the send direction
in kbits.
Possible values are to .
The default value is , i.e. no limits are set, the queue can occupy the maximum bandwidth.
Protocol Header Size
below Layer 3
Choose the interface type to include the size of the respective
overheads of a datagram when calculating the bandwidth.
Possible values:
⢠,
(value in bytes; possible values are to .)
⢠*"0 " (default value)
Only for Ethernet interfaces:
⢠*"0 "
⢠*"0 " 3.2
⢠/ *"0 "
⢠/ *"0 " 3.2
Only for IPSec interfaces:
⢠6 / *"0 "
⢠6 / *"0 " 3.2
⢠6 / / *"0 "
186
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
⢠6 / * 3.2
Real Time Jitter Control
Only for Traffic shaping enabled
Real Time Jitter Control optimises latency when forwarding real
time datagrams. The function ensures that large data packets
are fragmented according to the available upload bandwidth.
Real Time Jitter Control is useful for small upload bandwidths (<
800 kbps).
Activate or deactivate Real Time Jitter Control.
The function is enabled with *#) .
The function is disabled by default.
Control Mode
Only for Real Time Jitter Control enabled.
Select the mode for optimising voice transmission.
Possible values:
⢠)) 74 " : All RTP streams are optimised. The
function activates the RTP stream detection mechanism for
the automatic detection of RTP streams. In this mode, the
Real Time Jitter Control is activated as soon as an RTP
stream has been detected.
⢠6"/ : Voice data transmission is not optimised.
⢠(")) 74 " )-: This mode is used if
either the VoIP Application Layer Gateway (ALG) or the VoIP
Media Gateway (MGW) is active. Real Time Jitter Control is
activated by the control instances ALG or MGW.
⢠) - : Real Time Jitter Control is always active, even if no
real time data is routed.
Queues/Policies
Configure the desired QoS queues.
For each class created from the class plan, which is associated
with the selected interface, a queue is generated automatically
and displayed here (only for data traffic classified as outgoing
and for data traffic classified as moving in both directions).
Add new entries with Add. The Edit Queue/Policy menu
bintec WLAN and Industrial WLAN
187
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
opens.
The menu Edit Queue/Policy consists of the following fields:
Fields in the Edit Queue/Policy menu
Field
Description
Description
Enter the name of the queue/policy.
Outbound Interface
Shows the interface for which the QoS queues are being configured.
Priorisation queue
Select the queue priority type.
Possible values:
⢠()
+
ânormalâ.
(default value): Queue for data classified as
⢠<$0 "-: Queue for data classified as âhigh priorityâ.
⢠8 )": Queue for data that has not been classified or data
of a class for which no queue has been configured.
Class ID
Only for Priorisation queue = ()
+
.
Select the QoS packet class to which this queue is to apply.
To do this, at least one class ID must be given in the Networking->QoS->QoS Classification menu.
Priority
Only for Priorisation queue = ()
+
.
Choose the priority of the queue. Possible values are @0$0
!"-A to & @) !"-A.
The default value is .
Weight
Only for Priorisation algorithm = $0" 7 7#
or $0" H
$
Choose the priority of the queue. Possible values are to &.
The default value is .
RTT Mode (Realtime
Traffic Mode)
188
Active or deactivate the real time transmission of the data.
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
The function is enabled with *#) .
The function is disabled by default.
RTT mode should be activated for QoS classes in which real
time data has priority. This mode improves latency when forwarding real time datagrams.
It is possible to configure multiple queues when RTT mode is
enabled. Queues with enabled RTT mode must always have a
higher priority than queues with disabled RTT mode.
Traffic Shaping
Activate or deactivate data rate (=Traffic Shaping) limiting in the
send direction.
The data rate limit applies to the selected queue. (This is not the
limit that can be defined on the interface.)
The function is enabled with *#) .
The function is disabled by default.
Maximum Upload
Speed
Only for Traffic Shaping enabled.
Enter a maximum data rate for the queue in kbits.
Possible values are to .
The default value is .
Overbooking allowed
Only for Traffic Shaping enabled.
Enable or disable the function. The function controls the bandwidth limit.
If Overbooking allowed is activated, the bandwidth limit set for
this queue can be exceeded, as long as free bandwidth exists
on the interface.
If Overbooking allowed is deactivated, the queue can never
occupy bandwidth beyond the bandwidth limit that has been set.
The function is enabled with *#) .
The function is disabled by default.
bintec WLAN and Industrial WLAN
189
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
Burst size
Only for Traffic Shaping enabled.
Enter the maximum number of bytes that may still be transmitted temporarily when the data rate permitted for this queue has
been reached.
Possible values are to &.
The default value is .
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
Dropping Algorithm
Choose the procedure for rejecting packets in the QoS queue, if
the maximum size of the queue is exceeded.
Possible values:
⢠4) 8! (default value): The newest packet received is
dropped.
⢠< 8!: The oldest packet in the queue is dropped.
⢠7 8!: A randomly selected packet is dropped from
the queue.
Congestion Avoidance Select the process according to which packets are preventively
(RED)
dropped between Min. queue size and Max. queue size to prevent queue overflow (Random Early Detection).
Possible values:
⢠2 (default value): No packets are dropped.
â˘
Min. queue size
$0" : Packets are dropped according to the
level of the queue. This procedure ensures a smaller longterm queue size for TCP-based data traffic, so that traffic
bursts can also usually be transmitted without large packet
losses.
Enter the minimum size of the queue in bytes.
Possible values are to '&.
The default value is .
190
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
Max. queue size
Enter the maximum size of the queue in bytes.
Possible values are to '&.
The default value is '&.
14.5 Access Rules
Accesses to data and functions are restricted with access lists (which user gets to use
which services and files).
You define filters for IP packets in order to allow or block access from or to the various
hosts in connected networks. This enables you to prevent undesired connections being set
up via the gateway. Access lists define the type of IP traffic the gateway is to accept or
deny. The access decision is based on information contained in the IP packets, e.g.:
⢠source and/or destination IP address
⢠packet protocol
⢠source and/or destination port (port ranges are supported)
Access lists are an effective means if, for example, sites with LANs interconnected over a
bintec gateway wish to deny all incoming FTP requests or only allow Telnet sessions
between certain hosts.
Access filters in the gateway are based on the combination of filters and actions for filter
rules (= rules) and the linking of these rules to form rule chains. They act on the incoming
data packets to allow or deny access to the gateway for certain data.
A filter describes a certain part of the IP data traffic based on the source and/or destination
IP address, netmask, protocol and source and/or destination port.
You use the rules that you use in the access lists to tell the gateway what to do with the
filtered data packets, i.e. whether it should allow or deny them. You can also define several
rules, which you arrange in the form of a chain to obtain a certain sequence.
There are various approaches for the definition of rules and rule chains:
Allow all packets that are not explicitly denied, i.e.:
⢠Deny all packets that match Filter 1.
⢠Deny all packets that match Filter 2.
⢠...
⢠Allow the rest.
bintec WLAN and Industrial WLAN
191
14 Networking
Funkwerk Enterprise Communications GmbH
or
⢠Allow all packets that are explicitly allowed, i.e.:
⢠Allow all packets that match Filter 1.
⢠Allow all packets that match Filter 2.
⢠...
⢠Deny the rest.
or
⢠Combination of the two possibilities described above.
A number of separate rule chains can be created. The same filter can also be used in different rule chains.
You can also assign a rule chain individually to each interface.
Caution
Make sure you donât lock yourself out when configuring filters.
If possible, access your gateway for filter configuration over the serial console interface
or ISDN Login.
14.5.1 Access Filter
This menu is for configuration of access filter. Each filter describes a certain part of the IP
traffic and defines, for example, the IP addresses, the protocol, the source port or the destination port.
A list of all access filters is displayed in the Networking->Access Rules->Access Filter
menu.
14.5.1.1 Edit/New
Choose the
icon to edit existing entries. To configure access fiters, select the New but-
ton.
The Networking->Access Rules->Access Filter->New menu includes the following fields:
Fields in the Access FilterBasic Parameters menu
192
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
Description
Enter a description for the filter.
Service
Select one of the preconfigured services. The extensive range
of services configured ex works includes the following:
⢠"/"⢠!!) F"
⢠"0
⢠0$
⢠) " G
⢠-"
⢠0!
â˘
The default value is ,
Protocol
.
Select a protocol.
The "/ - option (default value) matches any protocol.
Type
Only if Protocol = !
Possible values:
⢠⢠*0 !)⢠8
""
â˘
0#)
0
⢠7 "
⢠*0
⢠4
:
⢠4
"!
⢠4
"! !)-
The default value is -.
See RFC 792.
Connection State
bintec WLAN and Industrial WLAN
Only if Protocol = "!
193
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
You can define a filter that takes the status of the TCP connections into account.
Possible values:
⢠- (default value): All TCP packets match the filter.
⢠* "#) 0 : All TCP packets that would not open any new
TCP connection on routing over the gateway match the filter.
Destination IP Address/Netmask
Enter the destination IP address and netmask of the data packets.
Possible values:
⢠- (default value)
⢠< ": Enter the IP address of the host.
⢠2 " : Enter the network address and the related netmask.
Destination Port/Range
Only if Protocol = "!, !
Enter the destination port number or range of destination port
numbers that matches the filter.
Possible values:
⢠)) (default value): The route is valid for all port numbers
⢠! - !": Enables the entry of a port number.
⢠! - !" $ : Enables the entry of a range of port
numbers.
Source IP Address/
Netmask
Source Port/Range
Enter the source IP address and netmask of the data packets.
Only if Protocol = "!, !
Enter the source port number or range of source port numbers.
Possible values:
⢠)) (default value): The route is valid for all port numbers
⢠! - !": Enables the entry of a port number.
⢠! - !" $ : Enables the entry of a range of port
numbers.
194
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
Field
Description
DSCP/TOS Filter
(Layer 3)
Select the Type of Service (TOS).
Possible values:
⢠6$ (default value): The type of service is ignored.
⢠8( +- 3) : Differentiated Services Code Point
according to RFC 3260 is used to signal the priority of IP
packets (indicated in binary format, 6 bit).
⢠8( 8 ) 3) : Differentiated Services Code Point
according to RFC 3260 is used to signal the priority of IP
packets (indicated in decimal format).
⢠8( < : ) 3) : Differentiated Services Code
Point according to RFC 3260 is used to signal the priority of
IP packets (indicated in hexadecimal format).
⢠4; +- 3) : The TOS value is specified in binary
format, e.g. 00111111.
⢠4; 8 ) 3)
format, e.g. 63.
: The TOS value is specified in decimal
⢠4; < : ) 3) : The TOS value is specified in
hexadecimal format, e.g. 3F.
COS Filter
(802.1p/Layer 2)
Enter the service class of the IP packets (Class of Service,
CoS).
Possible values are whole numbers between and C.
The default value is 6$ .
14.5.2 Rule Chains
Rules for IP filters are configured in the access list menu. These can be created separately
or incorporated in rule chains.
In the Networking->Access Rules->Rule Chains menu, all created filter rules are listed.
14.5.2.1 Edit/New
Choose the
icon to edit existing entries. To configure access lists, select the New but-
ton.
bintec WLAN and Industrial WLAN
195
14 Networking
Funkwerk Enterprise Communications GmbH
The Networking->Access Rules->Rule Chains->New menu consists of the following
fields:
Fields in the Rule ChainsBasic Parameters menu
Field
Rule Chain
Description
Select whether to create a new rule chain or to edit an existing
one.
Possible values:
⢠2 (default value): You can create a new rule chain with this
setting.
⢠>2 "0 ) 0?: Select an already existing
rule chain, and thus add another rule to it.
Description
Access Filter
Enter the name of the rule chain.
Select an IP filter.
If the rule chain is new, select the filter to be set at the first point
of the rule chain.
If the rule chain already exists, select the filter to be attached to
the rule chain.
Action
Define the action to be taken for a filtered data packet.
Possible values:
⢠)) (default value): Allow packet if it matches the filter.
⢠))
)"
does not match the filter.
" "0: Allow packet if it
⢠8 -: Deny packet if it matches the filter.
⢠8 -
)"
not match the filter.
" "0: Deny packet if it does
⢠6$ : Use next rule.
To set the rules of a rule chain in a different order, in the list menu for the entry to be shifted select the
button. A dialog now opens, in which you can decide under Move whether
the entry # ) (standard value) or #/ another rule of this rule chain is to be shifted.
196
bintec WLAN and Industrial WLAN
14 Networking
Funkwerk Enterprise Communications GmbH
14.5.3 Interface Assignment
In this menu, the configured rule chains are assigned to the individual interfaces and the
gatewayâs behavior is defined for denying IP packets.
A list of all configured interface assignments is displayed in the Networking->Access
Rules->Interface Assignment menu.
14.5.3.1 Edit/New
Choose the
icon to edit existing entries. Choose the New button to configure additional
assignments.
The Networking->Access Rules->Interface Assignment->New menu consists of the following fields:
Fields in the Interface AssignmentBasic Parameters menu
Field
Description
Interface
Select the interface for which a configured rule chain is to be assigned.
Rule Chain
Select a rule chain.
Silent Deny
Define whether the sender is to be informed if an IP packet is
denied.
Possible values:
⢠I
(default value): The sender is not informed.
⢠2: The sender receives an ICMP message.
Reporting Method
Define whether a syslog message is to be generated if a packet
is denied.
Possible values:
⢠2 !": No syslog message.
⢠6 (default value): A syslog message is generated with the
protocol number, source IP address and source port number.
⢠8 !: A syslog message is generated with the contents of the
first 64 bytes of the denied packet.
bintec WLAN and Industrial WLAN
197
15 Routing Protocols
Funkwerk Enterprise Communications GmbH
Chapter 15 Routing Protocols
15.1 RIP
The entries in the routing table can be defined statically or the routing table can be updated
constantly by dynamic exchange of routing information between several devices. This exchange is controlled by a Routing Protocol, e.g. RIP (Routing Information Protocol). By default, about every 30 seconds (this value can be changed in Update Timer), a device
sends messages to remote networks using information from its own current routing table.
The complete routing table is always exchanged in this process. If triggered RIP is used, information is only exchanged if the routing information has changed. In this case, only the
changed information is sent.
Observing the information sent by other devices enables new routes and shorter paths for
existing routes to be saved in the routing table. As routes between networks can become
unreachable, RIP removes routes that are older than 5 minutes (i.e. routes not verified in
the last 300 seconds - Garbage Collection Timer + Route Timeout -). Routes learnt with
triggered RIP are not deleted.
Your device supports both version 1 and version 2 of RIP, either individually or together.
15.1.1 RIP Interfaces
A list of all RIP interfaces is displayed in the Routing Protocols->RIP->RIP Interfaces
menu.
15.1.1.1 Edit
For every RIP interface, go to the
3 and 7 "
menu to select options 3 , 7 /
.
The menu Networking->RIP->RIP Interfaces->
consists of the following fields:
Fields in the RIP Parameters for menu
198
Field
Description
Send Version
Decide whether routes are to be propagated via RIP and if so,
select the RIP version for sending RIP packets over the interface in send direction.
bintec WLAN and Industrial WLAN
15 Routing Protocols
Funkwerk Enterprise Communications GmbH
Field
Description
Possible values:
⢠2 (default value): RIP is not enabled.
⢠76 3: Enables sending and receiving of version 1 RIP
packets.
⢠76 3: Enables sending and receiving of version 2 RIP
packets.
⢠76 353: Enables sending and receiving RIP packets of
both version 1 and 2.
⢠76 3 = )" ": For sending RIP V2 messages over
the multicast address 224.0.0.9.
⢠76 3 4$$ : RIP V1 messages are sent, received
and processed as per RFC 2091 (triggered RIP).
⢠76 3 4$$ : RIP V2 messages are sent, received
and processed as per RFC 2091 (triggered RIP).
Receive Version
Decide whether routes are to be imported via RIP and if so, select the RIP version for receiving RIP packets over the interface
in receive direction.
Possible values:
⢠2 (default value): RIP is not enabled.
⢠76 3: Enables sending and receiving of version 1 RIP
packets.
⢠76 3: Enables sending and receiving of version 2 RIP
packets.
⢠76 353: Enables sending and receiving RIP packets of
both version 1 and 2.
⢠76 3 4$$ : RIP V1 messages are sent, received
and processed as per RFC 2091 (triggered RIP).
⢠76 3 4$$ : RIP V2 messages are sent, received
and processed as per RFC 2091 (triggered RIP).
Route Announce
Select this option if you want to set the time at which any activated routing protocols (e.g. RIP) are to propagate the IP routes
defined for this interface.
Note: This setting does not affect the interface-specific RIP configuration mentioned above.
bintec WLAN and Industrial WLAN
199
15 Routing Protocols
Funkwerk Enterprise Communications GmbH
Field
Description
Possible values:
⢠,! 8" (not for LAN interfaces, interfaces in Bridge
mode and interfaces for leased lines): Routes are propagated
if the interface status is up or ready.
⢠,! )- (default value): Routes are only propagated if the
interface status is up.
⢠) - : Routes are always propagated independently of operational status.
15.1.2 RIP Filter
In this menu, you can specify exactly which routes are to be exported or imported.
You can use the following strategies for this:
⢠You explicitly deactivate the import or export of certain routes. The import or export of all
other routes that are not listed is still allowed.
⢠You explicitly activate the import or export of certain routes. In this case, you must also
explicitly deactivate the import or export of all other routes. You reach this via a filter for
IP Address / Netmask = no entry (this corresponds to IP address 0.0.0.0 with netmask
0.0.0.0). To make sure this filter is used last, it must be placed at the lowest position.
You configure a filter for a default route with the following values:
⢠IP Address / Netmask = IP address (this corresponds to IP address 0.0.0.0), for netmasks = 255.255.255.255
A list of all RIP filters is displayed in the Routing Protocols->RIP->RIP Filter menu.
You can use the
button to insert another filter above the list entry. The configuration
menu for creating a new window opens.
You can use the
button to move the list entry. A dialog box opens, in which you can se-
lect the position to which the filter is to be moved.
15.1.2.1 New
Choose the Newbutton to set up more RIP filters.
The menu Routing Protocols->RIP->RIP Filter->New consists of the following fields:
200
bintec WLAN and Industrial WLAN
15 Routing Protocols
Funkwerk Enterprise Communications GmbH
Fields in the RIP FilterBasic Parameters menu
Field
Description
Interface
Select the interface to which the rule to be configured applies.
IP Address / Netmask
Enter the IP address and netmask to which the rule is to be applied. This address can be in the LAN or WAN.
The rules for incoming and outgoing RIP packets (import or export) for the same IP address must be separately configured.
You can enter individual host addresses or network addresses.
Direction
Select whether the filter applies to the export or import of routes.
Possible values:
⢠6!" (default value)
⢠*:!"
Metric Offset for Active Select the value to be added to the route metric if the status of
Interfaces
the interface is "up". During export, the value is added to the exported metric if the interface status is "up".
Possible values are to .
The default value is .
Metric Offset for Inactive Interfaces
Select the value to be added to the route metric if the status of
the interface is "dormant". During export, the value is added to
the exported metric if the interface status is "dormant".
Possible values are to .
The default value is .
15.1.3 RIP Options
The menu Routing Protocols->RIP->RIP Options consists of the following fields:
Fields in the RIP OptionsGlobal RIP Parameters menu
Field
Description
RIP UDP Port
The setting option UDP Port, which is used for sending and re-
bintec WLAN and Industrial WLAN
201
15 Routing Protocols
Funkwerk Enterprise Communications GmbH
Field
Description
ceiving RIP updates, is only for test purposes. If the setting is
changed, this can mean that your device sends and listens at a
port that no other devices use. The default value should be
retained.
Default Route Distribu- Select whether the default route of your device is to be propagtion
ated via RIP updates.
The function is enabled with *#) .
The function is enabled by default.
Poisoned Reverse
Select the procedure for preventing routing loops.
With standard RIP, the routes learnt are propagated over all interfaces with RIP SEND activated. With Poisoned Reverse ,
however, your device propagates via the interface over which it
learned the routes, with the metric (Next Hop Count) 16
(=âNetwork is not reachableâ).
The function is enabled with *#) .
The function is disabled by default.
RFC 2453 Variable
Timer
For the timers described in RFC 2453, select whether to use the
same values that you can configure in the Timer for RIP V2
(RFC 2453) menu.
The function is enabled with *#) .
The function is enabled by default.
If you deactivate the function, the times defined in RFC are retained for the timeouts.
RFC 2091 Variable
Timer
For the timers described in RFC 2091, select whether to use the
same values that you can configure in the Timer for Triggered
RIP (RFC 2091) menu.
The function is enabled with *#) .
The function is disabled by default.
If the function is not activated, the times defined in RFC are retained for the timeouts.
202
bintec WLAN and Industrial WLAN
15 Routing Protocols
Funkwerk Enterprise Communications GmbH
Fields in the RIP OptionsTimer for RIP V2 (RFC 2453) menu
Field
Description
Update Timer
Only for RFC 2453 Variable Timer = *#)
An RIP update is sent on expiry of this period of time.
The default value is ' (seconds).
Route Timeout
Only for RFC 2453 Variable Timer = *#)
After the last update of a route, the route time is active.
After timeout, the route is deactivated and the Garbage Collection Timer is started.
The default value is (seconds).
Garbage Collection
Timer
Only for RFC 2453 Variable Timer = *#)
The Garbage Collection Timer is started as soon as the route
timeout has expired.
After this timeout, the invalid route is deleted from the
IPROUTETABLE if no update is carried out for the route.
The default value is (seconds).
Fields in the RIP OptionsTimer for Triggered RIP (RFC 2091) menu
Field
Description
Hold Down Timer
Only for RFC 2091 Variable Timer = *#)
The hold down timer is activated as soon as your device receives an unreachable route (metric 16). The route may deleted
once this period has elapsed.
The default value is 120 (seconds).
Retransmission Timer
Only for RFC 2091 Variable Timer = *#)
After this timeout, update request or update response packets
are sent again until an update flush or update acknowledge
packet arrives.
The default value is 5 (seconds).
bintec WLAN and Industrial WLAN
203
16 Multicast
Funkwerk Enterprise Communications GmbH
Chapter 16 Multicast
What is multicasting?
Many new communication technologies are based on communication from one sender to
several recipients. Therefore, modern telecommunication systems such as voice over IP or
video and audio streaming (e.g. IPTV or Webradio) focus on reducing data traffic, e.g. by
offering TriplePlay (voice, video, data). Multicast is a cost-effective solution for effective use
of bandwidth because the sender of the data packet, which can be received by several recipients, only needs to send the packet once. The packet is sent to a virtual address
defined as a multicast group. Interested recipients log in to these groups.
Other areas of use
One classic area in which multicast is used is for conferences (audio/video) with several recipients. The most well-known are probably the MBone Multimedia Audio Tool (VAT),
Video Conferencing Tool (VIC) and Whiteboard (WB). VAT can be used to hold audio conferences. All subscribers are displayed in a window and the speaker(s) are indicated by a
black box. Other areas of use are of particular interest to companies. Here, multicasting
makes it possible to synchronise the databases of several servers, which is valuable for
multinationals or even companies with just a few locations.
Address range for multicast
For, IPv4 the IP addresses 224.0.0.0 to 239.255.255.255 (224.0.0.0/4) are reserved for
multicast in the class D network. An IP address from this range represents a multicast
group to which several recipients can log in. The multicast router then forwards the required packets to all subnets with logged in recipients.
Multicast basics
Multicast is connectionless, which means that any trouble-shooting or flow control needs to
be guaranteed at application level.
At transport level, UDP is used almost exclusively, as, in contrast to TCP, it is not based on
a point-to-point connection.
At IP level, the main difference is therefore that the destination address does not address a
204
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
16 Multicast
dedicated host, but rather a group, i.e. during the routing of multicast packets, the decisive
factor is whether a recipient is in a logged-in subnet.
In the local network, all hosts are required to accept all multicast packets. For Ethernet or
FDD, this is based on MAC mapping, where the group address is encoded into the destination MAC address. For routing between several networks, the routers first need to make
themselves known to all potential recipients in the subnet. This is achieved by means of
Membership Management protocols such as IGMP for IPv4 and MLP for IPv6.
Membership Management protocol
In IPv4, IGMP (Internet Group Management Protocol) is a protocol that hosts can use to
provide the router with multicast membership information. IP addresses of the class D address range are used for addressing. An IP address in this class represents a group. A
sender (e.g. Internet radio) sends data to this group. The addresses (IP) of the various
senders within a group are called the source (addresses). Several senders (with different
IP addresses) can therefore transmit to the same multicast group, leading to a 1-to-n relationship between groups and source addresses. This information is forwarded to the router
by means of reports. In the case of incoming multicast data traffic, a router can use this information to decide whether a host in its subnet wants to receive it. Your device supports
the current version IGMP V3, which is upwardly compatible, which means that both V3 and
V1/V2 hosts can be managed.
Your device supports the following multicast mechanisms:
⢠Forwarding: This relates to static forwarding, i.e. incoming data traffic for a group is
passed in all cases. This is a useful option if multicast data traffic is to be permanently
passed.
⢠IGMP: IGMP is used to gather information about the potential recipients in a subnet. In
the case of a hop, incoming multicast data traffic can thus be selected.
Tip
With multicast, the focus is on excluding data traffic from unwanted multicast groups.
Note that if forwarding is combined with IGMP, the packets can be forwarded to the
groups specified in the forwarding request.
16.1 General
bintec WLAN and Industrial WLAN
205
16 Multicast
Funkwerk Enterprise Communications GmbH
16.1.1 General
In the Multicast->General->General menu you can disable or enable the multicast function.
The Multicast->General->General menu consists of the following fields:
Fields in the GeneralBasic Settings menu
Field
Description
Multicast Routing
Select whether Multicast Routing should be used.
The function is enabled with *#) .
The function is disabled by default.
16.2 IGMP
IGMP (Internet Group Management Protocol, see RFC 3376) is used to signal the information about group (membership) in a subnet. As a result, only the packets explicitly wanted
by a host enter the subnet.
Special mechanisms ensure that the requirements of the individual clients are taken into
consideration. At the moment there are three versions of IGMP (V1 - V3); most current systems use V3, and less often V2.
Two packet types play a central role in IGMP: queries and reports.
Queries are only transmitted from a router. If several IGMP routers exist in a network, the
router with the lowest IP address is the "querier". We differentiate here between a general
query (sent to 224.0.0.1), a group-specific query (sent to a group address) and the groupand-source-specific query (sent to a specific group address). Reports are only sent by
hosts to respond to queries.
16.2.1 IGMP
In this menu, you configure the interfaces on which IGMP is to be enabled.
16.2.1.1 Edit/New
Choose the
icon to edit existing entries. Choose the New button to configure IGMP on
other interfaces.
206
bintec WLAN and Industrial WLAN
16 Multicast
Funkwerk Enterprise Communications GmbH
The Multicast->IGMP->IGMP->New menu consists of the following fields:
Fields in the IGMPIGMP Settings menu
Field
Description
Interface
Select the interface on which IGMP is to be enabled, i.e. queries
are sent and responses are accepted.
Query Interval
Enter the interval in seconds in which IGMP queries are to be
sent.
Possible values are to .
The default value is .
Maximum Response
Time
For the sending of queries, enter the time interval in seconds
within which hosts must respond. The hosts randomly select a
time delay from this interval before sending the response. This
spreads the load in networks with several hosts, improving performance.
Possible values are to .
The default value is .
Robustness
Select the multiplier for controlling the timer values. A higher
value can e.g. compensate for packet loss in a network susceptible to loss. If the value is too high, however, the time between
logging off and stopping of the data traffic can be increased
(leave latency).
Possible values are to .
The default value is .
Last Member Query In- Define the time after a query for which the router waits for an
terval
answer.
If you shorten the interval, it will be more quickly detected that
the last member has left a group so that no more packets for
this group should be forwarded to this interface.
Possible values are to .
The default value is .
bintec WLAN and Industrial WLAN
207
16 Multicast
Funkwerk Enterprise Communications GmbH
Field
Description
IGMP State Limit
Limit the number of reports/queries per second for the selected
interface.
Mode
Specify whether the interface defined here only works in host
mode or in both host mode and routing mode.
Possible values:
⢠7 "$ (default value): The interface is operated in Routing
mode.
⢠: < ": The interface is only operated in host mode.
IGMP Proxy
IGMP Proxy enables you to simulate several locally connected interfaces as a subnet to an
adjacent router. Queries coming in to the IGMP Proxy interface are forwarded to the local
subnets. Local reports are forwarded on the IPGM Proxy interface.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
IGMP Proxy
Select whether your device is to forward the hosts' IGMP messages in the subnet via its defined Proxy InterfaceProxy Interface.
Proxy Interface
Only for IGMP Proxy enabled
Select the interface on your device via which queries are to be
received and collected.
16.2.2 Options
In this menu, you can enable and disable IGMP on your system. You can also define
whether IGMP is to be used in compatibility mode or only IGMP V3 hosts are to be accepted.
The Multicast->IGMP->Options menu consists of the following fields:
Fields in the OptionsBasic Settings menu
208
bintec WLAN and Industrial WLAN
16 Multicast
Funkwerk Enterprise Communications GmbH
Field
Description
IGMP Status
Select the IGMP status.
Possible values:
⢠" (default value): Multicast is activated automatically for
hosts if the hosts open applications that use multicast.
⢠,!: Multicast is always on.
⢠8 : Multicast is always off.
Mode
Only for IGMP Status = ,! or "
Select Multicast Mode.
Possible values:
⢠(!"#)"- = (default value): The router uses IGMP version 3. If it notices a lower version in the network, it
uses the lowest version it could detect.
⢠3 ' )-: Only IGMP version 3 is used.
Maximum Groups
Enter the maximum number of groups to be permitted, both internally and in reports.
Maximum Sources
Enter the maximum number of sources that are specified in version 3 reports and the maximum number of internally managed
sources per group.
IGMP State Limit
Enter the maximum permitted total number of incoming queries
and messages per second.
The default value is , i.e. the number of IGMP status messages is not limited.
16.3 Forwarding
16.3.1 Forwarding
In this menu, you specify which multicast groups are always passed between the interfaces
of your device.
bintec WLAN and Industrial WLAN
209
16 Multicast
Funkwerk Enterprise Communications GmbH
16.3.1.1 New
Choose the New button to create forwarding rules for new multicast groups.
The Multicast->Forwarding->Forwarding->New menu consists of the following fields:
Fields in the ForwardingBasic Parameters menu
Field
Description
All Multicast Groups
Select whether all multicast groups, i.e. the complete multicast
address range 224.0.0.0/4, are to be forwarded from the defined
Source Interface to the defined Destination Interface To do
this, set the checkmark for Enabled.
Disable the option if you only want to forward one defined multicast group to a particular interface.
The option is deactivated by default.
Multicast Group Address
Only for All Multicast Groups = not active.
Enter here the address of the multicast group you want to forward from a defined Source Interface to a defined Destination
Interface
Source Interface
Select the interface on your device to which the selected multicast group is sent.
Destination Interface
Select the interface on your device to which the selected multicast group is to be forwarded.
16.4 PIM
Protocol Independent Multicast (PIM) is a multicast-routing process that makes possible
dynamic routing from multicast packets. With PIM the distribution of information is regulated via a central point, which is known as the rendezvous point. Data packets are initially
routed here before being made available to other recipient routers.
Multicast routing protocols differentiates between sparse mode and dense mode. In dense
mode, all packets are forwarded and only packets to groups that have been explicitly cancelled are rejected. In sparse mode, packets are only forward to groups if they have been
ordered. Your device uses PIM in sparse mode.
210
bintec WLAN and Industrial WLAN
16 Multicast
Funkwerk Enterprise Communications GmbH
16.4.1 PIM Interfaces
A list of all PIM interfaces is displayed in the Multicast->PIM->PIM Interfaces menu.
16.4.1.1 Edit/New
Choose the
icon to edit existing entries. To configure PIM lists, select the New button.
The Multicast->PIM->PIM Interfaces->New menu consists of the following fields:
Fields in the PIM InterfacesPIM Interface Settings menu
Field
Description
Interface
Choose the interface used for PIM, i.e. over which multicast
routing is operated.
PIM Mode
Indicates the mode to be used for PIM. Your device uses PIM in
sparse mode. The entry cannot be changed.
Use as Stub interface
Determine whether or not the interface is used for PIM data
packets. This parameter allows you to use an interface for IGMP, for example, whilst preventing (fake) PIM messages.
If this function is deactivated (default value), the PIM data packets for this interface are blocked.
If the function is active, the interface for the PIM data packets
are released.
Designated Router PriDefine the value of the designated router priority entered in the
ority
Designated Router Priority option.
The higher the value, the greater the probability that the corresponding router will be used as the designated router.
The default value is .
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Hello Interval
bintec WLAN and Industrial WLAN
Description
Define the interval (in seconds) at which PIM Hello messages
are sent over this interface.
211
16 Multicast
Funkwerk Enterprise Communications GmbH
Field
Description
The value means that no PIM Hello messages are sent on
this interface.
Possible values: to seconds.
The default value is '.
Triggered Hello Interval
Define the maximum waiting time until a PIM Hello message is
sent after a system boot or after a reboot of a neighbour.
The value means that PIM Hello messages are always sent
straight away.
Possible values: to seconds.
The default value is .
Hello Hold Time
Define the value of the holdtime field in a PIM Hello message.
This indicates how long a PIM route is available. As soon as the
Hello Hold Time has expired and no other Hello messages
have been received, the PIM router will be classed as unavailable.
Possible values: to ' seconds.
The default value is .
Join/Prune Interval
Define the frequency at which the PIM Join/Prune messages
are sent on the interface.
The value means that no periodic PIM Join/Prune messages
are sent on this interface.
Possible values: to seconds.
The default value is .
Join/Prune Hold Time
Define the value entered in the holdtime field of a PIM Join/
Prune message.
This is the time for which a recipient must maintain the Join/
Prune state.
Possible values: to ' seconds.
212
bintec WLAN and Industrial WLAN
16 Multicast
Funkwerk Enterprise Communications GmbH
Field
Description
The default value is .
Propagation Delay
Define the value entered in the Propagation Delay field. This
field is part of the LAN Prune Delay option in the PIM Hello
messages, which are sent on this interface.
Propagation Delay and Override Interval represent the so-called
LAN-Prune-Delay settings. These result in a delay in processing
prune messages for upstream routers.
If the Propagation Delay is too short, the transfer of multicast
packets may be cancelled before a downstream router has sent
a prune override message.
Possible values: to ' seconds.
The default value is .
Override Interval
Define the value that the gateway enters in the Override_Interval field for the LAN Prune Delay option.
Override Interval defines the maximum time a downstream
router can wait until sending a prune override message.
Possible values: to seconds.
The default value is '.
16.4.2 PIM Rendezvous Points
In menu Multicast->PIM->PIM Rendezvous Points you determine which Rendezvous
Point is responsible for which group.
A list of all PIM Rendezvous Points is displayed.
16.4.2.1 Edit/New
Choose the
icon to edit existing entries. To configure PIM Rendezvous Points, select
the New button.
The Multicast->PIM->PIM Rendezvous Points->New menu consists of the following
fields:
bintec WLAN and Industrial WLAN
213
16 Multicast
Funkwerk Enterprise Communications GmbH
Fields in the PIM Rendezvous PointsPIM Rendezvous Point Settings menu
Field
Description
Multicast Group Range Select the Multicast group for the PIM Rendezvouz point. You
can enter )) 1 ! (default value), or specify a multicast
network segment by selecting ! 7$ .
Multicast Group Address
Only if Multicast Group Range = ! 7$
Here you enter the IP address of the multicast network segment.
Multicast Group Prefix
Only if Multicast Group Range = ! 7$
Length
Here you enter the network mask length of the multicast network segment.
224.0.0.0/4 indicates the entire multicast class D segment.
Possible values: & (default value) to '.
Rendezvous Point IP
Address
Precedence
Enter the IP address or the hostname of the rendezvous points.
Enter the value for pimGroupMappingPrecedence to be used for
static RP configurations. This allows precise control over which
configuration is to be replaced by this static configuration.
When the function is activated pimStaticRPOverrideDynamic is
ignored. The absolute values of this object are only significant
on the local router and need not be synchronised with other
routers.
The function is deactivated with the default value . If the function is not activated by setting a value not 0, this can have different consequences for other routers. Hence, avoid using this
function if exact control of the behaviour of the static RP is not
required.
16.4.3 PIM Options
The Multicast->PIM+PIM Options menu includes the following fields:
Fields in the PIM OptionsBasic Settings menu
214
bintec WLAN and Industrial WLAN
16 Multicast
Funkwerk Enterprise Communications GmbH
Field
PIM Status
Description
Select whether PIM should be activated. The function is activated by selecting *#) .
The function is disabled by default.
Keepalive Period
Enter the interval in seconds within which a KeepAlive message
must be sent.
Possible values: to '.
The default value is .
Register Suppression
Timer
Enter the time in seconds after which a PIM Designated Router
(DR) should no longer send any register-encapsulated data to
the Rendezvouz Point (RP) once the Register-Stop-Message
has been received. This object is used to employ timers at the
DR as well as at the RP. This timespan is named Register_Suppression_Time in the PIM-SM specification.
Possible values: to '.
The default value is .
bintec WLAN and Industrial WLAN
215
17 WAN
Funkwerk Enterprise Communications GmbH
Chapter 17 WAN
This menu offers various options for configuring accesses or connections from your LAN to
the WAN. You can also optimise voice transmission here for telephone calls over the Internet.
17.1 Internet + Dialup
In this menu, you can set up Internet access or dialup connections.
To enable your device to set up connections to networks or hosts outside your LAN, you
must configure the partners you want to connect to on your device. This applies to outgoing
connections (your device dials its WAN partner) and incoming connections (a remote partner dials the number of your device).
If you want to set up Internet access, you must set up a connection to your Internet Service
Provider (ISP). For broadband Internet access, your device provides the PPPover-Ethernet (PPPoE) and PPP-over-PPTP protocols.
Note
Note your provider's instructions.
All the entered connections are displayed in the corresponding list, which contains the Description, the User Name, the Authentication and the current Status.
The field Status can have the following values:
Possible values for Status
Field
Description
connected
not connected (dialup connection); connection setup possible
not connected (e.g. because of an error during setup of an outgoing connection, a renewed attempt is only possible after a
specified number of seconds)
administratively set to down (deactivated); connection setup not
possible for leased lines:
216
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
17 WAN
Authentication
If a call is received, PPP authentication is carried out with the connection partner depending on the configuration, before the call is accepted. Your device needs the necessary data
for this, which you should enter here. First establish the type of authentication process that
should be performed, then enter a common password and two codes. You get this information, for example, from your Internet Service Provider (ISP) or the system administrator at
your head office. If the data you entered on your device is the same as the caller's data, the
call is accepted. The call is rejected if the data is not the same.
Default Route
With a default route, all data is automatically forwarded to one connection if no other suitable route is available. If you set up access to the Internet, you must configure the route to
your Internet Service Provider (ISP) as a default route. If, for example, you configure a corporate network connection, only enter the route to the head office or branch office as a default route if you do not configure Internet access over your device. If, for example, you
configure both Internet access and a corporate network connection, enter a default route to
the ISP and a network route to the head office. You can enter several default routes on
your device, but only one default route can be active at any one time. If you enter several
default routes, you should note differing values for Metric.
Activating NAT
With Network Address Translation (NAT), you conceal your whole network to the outside
world behind one IP address. You should certainly do this for your connection to the Internet Service Provider (ISP).
Only outgoing sessions are allowed initially if NAT is activated. To allow certain connections from outside to hosts within the LAN, these must be explicitly defined and admitted.
Connection Idle Timeout
The connection idle timeout is determined in order to clear the connection automatically if it
is not being used, i.e. if data is no longer being sent, to help you save costs.
Block after Connection Failure
You use this function to set up a waiting time for outgoing connection attempts after which
your device's connection attempt is regarded as having failed.
bintec WLAN and Industrial WLAN
217
17 WAN
Funkwerk Enterprise Communications GmbH
17.1.1 PPPoE
In the WAN->Internet + Dialup->PPPoE menu, a list of all PPPoE interfaces is displayed.
PPP over Ethernet (PPPoE) is the use of the Point-to-Point Protocol (PPP) network protocol over an Ethernet connection. Today, PPPoE is used for ADSL connections in Germany. In Austria, the Point To Point Tunnelling Protocol (PPTP) was originally used for ADSL access. However, PPPoE is now offered here too by some providers.
17.1.1.1 New
Choose the New button to set up new PPPoE interfaces.
The menu WAN->Internet + Dialup->PPPoE->New consists of the following fields:
Fields in the PPPoEBasic Parameters menu
Field
Description
Description
Enter a name to uniquely identify the PPPoE partner. The first
character in this field must not be a number No special characters or umlauts must be used.
PPPoE Mode
Select whether you want to use a standard Internet connection
over PPPoE ( "), or whether your Internet access is to
be set up over several interfaces ( = )") ). If you choose
= )") , you can combine several DSL connections from a
provider over PPP as a static bundle in order to obtain more
bandwidth. Each of these DSL connections should use a separate Ethernet connection for this. At the moment, many providers
are still in the process of preparing the PPPoE Multilink function.
For PPPoE Multilink, we recommend using your device's Ethernet switch in Split-Port mode and to use a separate Ethernet interface e.g. , for each PPPoE connection.
PPPoE Ethernet Interface
Only for PPPoE Mode = "
Select the Ethernet interface specified for a standard PPPoE
connection.
If you want to use an external DSL modem, select the Ethernet
port to which the modem is connected.
When using the internal DSL modem, select here the EthoA in-
218
bintec WLAN and Industrial WLAN
17 WAN
Funkwerk Enterprise Communications GmbH
Field
Description
terface configured in Physical
Interfaces->ATM->Profiles->New
PPPoE Interfaces for
Multilink
Only for PPPoE Mode = = )")
Select the interfaces you want to use for your Internet connection. Click the Add button to create new entries.
User Name
Enter the user name.
Password
Enter the password.
Always on
Select whether the interface should always be activated.
The function is enabled with *#) .
The function is disabled by default.
Only activate this option if you have Internet access with a flatrate charge.
Connection Idle
Timeout
Only if Always on is disabled.
Enter the idle time in seconds for static short hold. The static
short hold setting determines how many seconds should pass
between sending the last traffic data packet and clearing the
connection.
Possible values are to ' (seconds). deactivates the
short hold.
The default value is '.
Example: for FTP transmission, for LAN-to-LAN transmission, for Internet connections.
Fields in the PPPoEIP Mode and Routes menu
Field
Description
IP Address Mode
Select whether your device is to be assigned a static IP address
or whether it should be assigned this dynamically.
Possible values:
⢠1 " 6
bintec WLAN and Industrial WLAN
(default value): Your device is dynamically
219
17 WAN
Funkwerk Enterprise Communications GmbH
Field
Description
assigned an IP address.
⢠"": You enter a static IP address.
Default Route
Select whether the route to this connection partner is to be
defined as the default route.
The function is enabled with *#) .
The function is enabled by default.
Create NAT Policy
Specify whether Network Address Translation (NAT) is to be activated.
The function is enabled with *#) .
The function is enabled by default.
Local IP Address
Only if IP Address Mode = ""
Enter the static IP address of the connection partner.
Route Entries
Only if IP Address Mode = ""
Define other routing entries for this connection partner.
Add new entries with Add.
⢠7 " 6
network.
: IP address of the destination host or
⢠2 " : Netmask for Remote IP Address. If no entry is
made, your device uses a default netmask.
⢠= ": The lower the value, the higher the priority of the
route (possible values ... ). The default value is .
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
Block after connection Enter the wait time in seconds before the device should try
failure for
again after an attempt to set up a connection has failed. The default value is .
Maximum Number of
220
Enter the number of unsuccessful attempts to setup a connec-
bintec WLAN and Industrial WLAN
17 WAN
Funkwerk Enterprise Communications GmbH
Field
Description
Dialup Retries
tion before the interface is blocked.
Possible values are to .
The default value is .
Authentication
Select the authentication protocol for this connection partner.
Select the authentication specified by your provider.
Possible values:
⢠(default value): Only run PAP (PPP Password Authentication Protocol); the password is transferred unencrypted.
⢠(<: Only run CHAP (PPP Challenge Handshake Authentication Protocol as per RFC 1994); the password is transferred
encrypted.
⢠5(<: Primarily run CHAP, otherwise PAP.
⢠=(</: Only run MS-CHAP version 1 (PPP Microsoft
Challenge Handshake Authentication Protocol).
⢠5(<5=(<: Primarily run CHAP, on denial then the
authentication protocol required by the connection partner.
(MSCHAP version 1 or 2 possible.)
⢠=(</: Run MS-CHAP version 2 only.
⢠2 : Some providers use no authentication. In this case, select this option.
DNS Negotiation
Select whether your device receives IP addresses for DNS
Server Primary and DNS Server Secondary from the connection partner or sends these to the connection partner.
The function is enabled with *#) .
The function is enabled by default.
Prioritize TCP ACK
Packets
Select whether the TCP download is to be optimised in the
event of intensive TCP upload. This function can be specially
applied for asymmetrical bandwidths (ADSL).
The function is enabled with *#) .
The function is disabled by default.
bintec WLAN and Industrial WLAN
221
17 WAN
Funkwerk Enterprise Communications GmbH
Field
Description
LCP Alive Check
Check whether the reachability of the remote terminal is to be
checked by sending LCP echo requests or replies. This makes
it possible to switch to a backup connection more quickly in the
event of line faults.
The function is enabled with *#) .
The function is disabled by default.
MTU
Enter the maximum packet size (Maximum Transfer Unit, MTU)
in bytes that is allowed for connection between the partners.
With default value "" the value is specified by Link
Control Protocol when establishing the connection.
If you disable "", you can enter a value.
Possible values are to .
The default value is .
17.1.2 PPTP
In the WAN->Internet + Dialup->PPTP menu, a list of all PPTP interfaces is displayed.
In this menu, you configure an Internet connection that uses the Point Tunnelling Protocol
(PPTP) to set up a connection, e.g. required in Austria.
17.1.2.1 New
Choose the New button to set up new PPTP interfaces.
The menu WAN->Internet + Dialup->PPTP->New consists of the following fields:
Fields in the PPTPBasic Parameters menu
Field
Description
Description
Enter a name for uniquely identifying the internet connection.
The first character in this field must not be a number No special
characters or umlauts must be used.
PPTP Interface
222
Select the IP interface over which packets are to be transported
bintec WLAN and Industrial WLAN
17 WAN
Funkwerk Enterprise Communications GmbH
Field
Description
to the remote PPTP terminal.
If you want to use an external DSL modem, select the Ethernet
port to which the modem is connected.
When using the internal DSL modem, select here the EthoA interface configured in Physical
Interfaces->ATM->Profiles->New for this connection, e.g.
"0.
User Name
Enter the user name.
Password
Enter the password.
Always on
Select whether the interface should always be activated.
The function is enabled with *#) .
The function is disabled by default.
Only activate this option if you have Internet access with a flatrate charge.
Connection Idle
Timeout
Only if Always on is disabled.
Enter the idle interval in seconds. This determines how many
seconds should pass between sending the last traffic data packet and clearing the connection.
Possible values are to ' (seconds). deactivates the
timeout.
The default value is '.
Example: for FTP transmission, for LAN-to-LAN transmission, for Internet connections.
Fields in the PPTPIP Mode and Routes menu
Field
Description
IP Address Mode
Select whether your device is to be assigned a static IP address
or whether it should be assigned this dynamically.
Possible values:
bintec WLAN and Industrial WLAN
223
17 WAN
Funkwerk Enterprise Communications GmbH
Field
Description
⢠1 " 6
(default value): Your device is automatically assigned a temporarily valid IP address from the provider.
⢠"": You enter a static IP address.
Default Route
Select whether the route to this connection partner is to be
defined as the default route.
The function is enabled with *#) .
The function is enabled by default.
Create NAT Policy
Specify whether Network Address Translation (NAT) is to be activated.
The function is enabled with *#) .
The function is enabled by default.
Local IP Address
Only for IP Address Mode = "".
Assign an IP address from your LAN to the PPT interface, which
is to be used as your device's internal source address.
Route Entries
Only if IP Address Mode = ""
Define other routing entries for this PPTP partner.
Add new entries with Add.
⢠7 " 6
network.
: IP address of the destination host or
⢠2 " : Netmask for Remote IP Address. If no entry is
made, your device uses a default netmask.
⢠= ": The lower the value, the higher the priority of the
route (possible values ... ). The default value is .
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
Block after connection Enter the wait time in seconds before the device should try
failure for
again after an attempt to set up a connection has failed. The default value is .
224
bintec WLAN and Industrial WLAN
17 WAN
Funkwerk Enterprise Communications GmbH
Field
Description
Maximum Number of
Dialup Retries
Enter the number of unsuccessful attempts to setup a connection before the interface is blocked.
Possible values are to .
The default value is .
Authentication
Select the authentication protocol for this Internet connection.
Select the authentication specified by your provider.
Possible values:
⢠(default value): Only run PAP (PPP Password Authentication Protocol); the password is transferred unencrypted.
⢠(<: Only run CHAP (PPP Challenge Handshake Authentication Protocol as per RFC 1994); the password is transferred
encrypted.
⢠5(<: Primarily run CHAP, otherwise PAP.
⢠=(</: Only run MS-CHAP version 1 (PPP Microsoft
Challenge Handshake Authentication Protocol).
⢠5(<5=(<: Primarily run CHAP, on denial then the
authentication protocol required by the connection partner.
(MSCHAP version 1 or 2 possible.)
⢠=(</: Run MS-CHAP version 2 only.
⢠2 : Some providers use no authentication. In this case, select this option.
DNS Negotiation
Select whether your device receives IP addresses for DNS
Server Primary and DNS Server Secondary from the connection partner or sends these to the connection partner.
The function is enabled with *#) .
The function is enabled by default.
Prioritize TCP ACK
Packets
Select whether the TCP download is to be optimised in the
event of intensive TCP upload. This function can be specially
applied for asymmetrical bandwidths (ADSL).
The function is enabled with *#) .
The function is disabled by default.
bintec WLAN and Industrial WLAN
225
17 WAN
Funkwerk Enterprise Communications GmbH
Field
Description
PPTP Address Mode
Displays the address mode. The value cannot be changed.
Possible values:
⢠"": The IP address of the Ethernet port selected in
PPTP Interface is used.
Local PPTP IP Address Assign the PPTP interface an IP address that is used as the
source address.
The default value is &.
Remote PPTP IP Address
Enter the IP address of the PPTP partner.
LCP Alive Check
Check whether the reachability of the remote terminal is to be
checked by sending LCP echo requests or replies. This makes
it possible to switch to a backup connection more quickly in the
event of line faults.
The default value is '.
The function is enabled with *#) .
The function is disabled by default.
17.1.3 IP Pools
In the IP Pools a list of all IP pools is displayed.
Your device can operate as a dynamic IP address server for PPP connections. You can
use this function by providing one or more pools of IP addresses. These IP addresses can
be assigned to dialling-in connection partners for the duration of the connection.
Any host routes entered always have priority over IP addresses from the address pools.
This means if an incoming call has been authenticated, your device first checks whether a
host route is entered in the routing table for this caller. If not, your device can allocate an IP
address from an address pool (if available). If address pools have more than one IP address, you cannot specify which connection partner receives which address. The addresses are initially assigned in order. If a new dial-in takes place within an interval of one
hour, an attempt is made to allocate the same IP address assigned to this partner the last
time.
Choose the Add button to set up new IP pools.
226
bintec WLAN and Industrial WLAN
17 WAN
Funkwerk Enterprise Communications GmbH
The menu WAN->Internet + Dialup->IP Pools->Add consists of the following fields:
Fields in the OptionsIP Pools menu
Field
Description
IP Pool Name
Enter the name of the IP pool.
IP Pool Range
In the first field, enter the first IP address of the range.
In the second field, enter the last IP address of the range.
17.2 Real Time Jitter Control
When telephoning over the Internet, voice data packets normally have the highest priority.
Nevertheless, if the upstream bandwidth is low, noticeable delays in voice transmission can
occur when other packets are routed at the same time.
The real time jitter control function solves this problem. So that the "line" is not blocked for
too long for the voice data packets, the size of the other packets can be reduced, if required, during a telephone call.
17.2.1 Controlled Interfaces
In menu WAN->Real Time Jitter Control->Controlled Interfaces a list of interfaces is displayed for which the Real Time Jitter Control function is configured.
17.2.1.1 New
Click the New button to optimise voice transmission for other interfaces.
The menu WAN->Real Time Jitter Control->Controlled Interfaces->New consists of the
following fields:
Fields in the Controlled InterfacesBasic Settings menu
Field
Description
Interface
Define for which interfaces voice transmission is to be optimised.
Control Mode
Select the mode for the optimisation.
Possible values:
bintec WLAN and Industrial WLAN
227
17 WAN
Funkwerk Enterprise Communications GmbH
Field
Description
⢠(")) 74 " )- (default value): By
means of the data routed via the media gateway, the system
detects voice data traffic and optimises the voice transmission.
⢠)) 74 " : All RTP streams are optimised.
⢠6"/ : Voice data transmission is not optimised.
⢠) - : Voice data transmission is always optimised.
Maximum Upload
Speed
228
Enter the maximum available upstream bandwidth in kbps for
the selected interface.
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
18 VPN
Chapter 18 VPN
A connection that uses the Internet as a "transport medium" but is not publicly accessible is
referred to as a VPN (Virtual Private Network). Only authorised users have access to such
a VPN, which is seemingly also referred to as a VPN tunnel. Normally the data transported
over a VPN is encrypted.
A VPN allows field staff or staff working from home offices to access data on the company's
network. Subsidiaries can also connect to head office over VPN.
Various protocols are available for creating a VPN tunnel, e.g. IPSec or PPTP.
The connection partner is authenticated with a password, using preshared keys or certificates.
With IPSec the data is encrypted using AES or 3DES, for example; with PPTP, you can
use MPPE.
18.1 IPSec
IPSec enables secure connections to be set up between two locations (VPN). This enables
sensitive business data to be transferred via an unsecure medium such as the Internet.
The devices used function here as the endpoints of the VPN tunnel. IPSec involves a number of Internet Engineering Task Force (IETF) standards, which specify mechanisms for the
protection and authentication of IP packets. IPSec offers mechanisms for encrypting and
decrypting the data transferred in the IP packets. The IPSec implementation can also be
smoothly integrated in a Public Key Infrastructure (PKI, see Certificates on page 92). The
funkwerk IPSec implementation achieves this firstly by using the Authentication Header
(AH) protocol and Encapsulated Security Payload (ESP) protocol, and secondly through
the use of cryptographic key administration mechanisms like the Internet Key Exchange
(IKE) protocol.
18.1.1 IPSec Peers
An endpoint of a communication is defined as peer in a computer network. Each peer offers its services and uses the services of other peers.
A list of all configured IPSec peers is displayed in the VPN->IPSec->IPSec Peers menu.
Peer Monitoring
bintec WLAN and Industrial WLAN
229
18 VPN
Funkwerk Enterprise Communications GmbH
The menu for monitoring a peer is called by selecting the
button for the peer in the peer
list. See Values in the IPSec Tunnels list on page 333.
18.1.1.1 New
Choose the New button to set up more IPSec peers.
The menu VPN->IPSec->IPSec Peers->New consists of the following fields:
Fields in the IPSec PeersPeer Parameters menu
Field
Description
Administrative Status
Select the status to which you wish to set the peer after saving
the peer configuration.
Possible values:
⢠,! (default value): The peer is available for setting up a tunnel
immediately after saving the configuration.
⢠8 : The peer is initially not available after the configuration
has been saved.
Description
Enter a description of the peer that identifies it.
The maximum length of the entry is 255 characters.
Peer Address
Enter the official IP address of the peer or its resolvable host
name.
The entry can be omitted in certain configurations, whereby
your device then cannot initiate an IPSec connection.
Peer ID
Select the ID type and enter the peer ID.
This entry is not necessary in certain configurations.
The maximum length of the entry is 255 characters.
Possible ID types:
⢠))- H ) 8 2
@H82A
⢠*)
⢠63&
⢠282 @8 "$ 0 2 A
230
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
On the peer device, this ID corresponds to the Local ID Value
parameter.
Preshared Key
Enter the password agreed with the peer.
The maximum length of the entry is 50 characters. All characters are possible except for : at the start of the entry.
Fields in the IPSec PeersInterface Routes menu
Field
Description
IP Address Assignment
Select the configuration mode of the interface.
Possible values:
⢠"" (default value): Enter a static IP address.
⢠6* ( $ = () ": Select this option if your gateway receives an IP address from the server as IPSec client.
⢠6* ( $ = / : Select this option if your gateway assigns an IP address as DHCP server for connecting clients. This is taken from the selected IP Assignment Pool.
IP Assignment Pool
Only if IP Address Assignment = /
Select an IP pool configured in the VPN->IP Pools menu. If an
IP pool has not been configured here yet, the message 2"
- " appears in this field.
Default Route
Only for IP Address Assignment = 2
and 6* ( $ = / Select whether the route to
this IPSec peer is to be defined as the default route.
The function is enabled with *#) .
The function is disabled by default.
Local IP Address
Only for IP Address Assignment = 2 and 6* ( $
= /
Enter the WAN IP address of your IPSec tunnel. This can be the
same IP address as the address configured on your router as
the LAN IP address.
bintec WLAN and Industrial WLAN
231
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
Route Entries
Define routing entries for this connection partner.
⢠7 "
LAN.
6
⢠2 "
: Netmask for Remote IP Address.
: IP address of the destination host or
⢠= ": The lower the value, the higher the priority of the
route (possible values ). The default value is .
The menu Advanced Settings consists of the following fields:
Fields in the Advanced SettingsAdvanced IPSec Options menu
Field
Description
Phase-1 Profile
Select a profile for Phase 1. Besides user-defined profiles, predefined profiles are available.
Possible values:
⢠2 @
)" ! ) A: Uses the profile marked
as standard in Phase-1 Profiles
⢠J = )"!! ): Uses a special profile which contains the proposals for Phase 1 3DES/MD5, AES/MD5 and
Blowfish/MD5 regardless of the proposal selection in menu
Phase-1 Profiles.
⢠> ) ?: Uses a profile configured in menu Phase-1
Profiles for Phase 1.
Phase-2 Profile
Select a profile for Phase 2. Besides user-defined profiles, predefined profiles are available.
Possible values:
⢠2 @
)" ! ) A: Uses the profile marked
as standard in Phase-1 Profiles
⢠= )"! ): Uses a special profile which contains the
proposals for Phase 2 3DES/MD5, AES-128/MD5 and Blowfish/MD5 regardless of the proposal selection in menu Phase1 Profiles.
⢠> ) ?: Uses a profile configured in menu Phase-1
Profiles for Phase 2.
XAUTH Profile
232
Select a profile created in VPN->IPSec->XAUTH Profiles if you
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
wish to use this IPSec peer XAuth for authentication.
If XAuth is used together with IKE Config Mode, the transactions for XAuth are carried out before the transactions for IKE
Config Mode.
Number of Admitted
Connections
Choose how many users can connect using this peer profile.
Possible values:
⢠; , (default value): Only one peer can be connected
with the data defined in this profile.
⢠= )"!) , : Several peers can be connected with the
data defined in this profile. The peer entry is duplicated for
each connection request with the data defined in this profile.
Start Mode
Select how the peer is to be switched to the active state.
Possible values:
⢠; 8 (default value): The peer is switched to the active
state by a trigger.
⢠) -
!: The peer is always active.
Fields in the Advanced SettingsAdvanced IP Options menu
Field
Description
Back Route Verify
Select whether a check on the back route should be activated
for the interface to the connection partner.
The function is enabled with *#) .
The function is disabled by default.
Proxy ARP
Select whether your device is to respond to ARP requests from
its own LAN on behalf of the specific connection partner.
Possible values:
⢠6"/ (default value): Deactivates Proxy ARP for this
IPSec peer.
⢠,! 8": Your device only responds to an ARP request if the status of the connection to the IPSec peer is ,!
(active) or " (dormant). In the case of 6) , your
device only responds to the ARP request; the connection is
bintec WLAN and Industrial WLAN
233
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
not set up until someone actually wants to use the route.
⢠,! )-: Your device responds to an ARP request only if the
status of the connection to the IPSec peer is ,! (active), i.e. a
connection already exists to the IPSec peer.
18.1.2 Phase-1 Profiles
In the VPN->IPSec->Phase-1 Profilesmenu, a list of all configured IPSec phase 1 profiles
is displayed.
In the Default column, you can mark the profile to be used as the default profile.
18.1.2.1 New
Choose the New (Create new IKEv1 Profile ) button to create additional profiles.
The menu VPN->IPSec->Phase-1 Profiles->New consists of the following fields:
Fields in the Phase-1 ProfilesPhase-1 (IKE) Parameters menu
Field
Description
Description
Enter a description that uniquely defines the type of rule.
Proposals
In this field, you can select any combination of encryption and
message hash algorithms for IKE phase 1 on your device. The
combination of six encryption algorithms and four message
hash algorithms gives 24 possible values in this field. At least
one proposal must exist. Therefore the first line of the table cannot be deactivated.
Encryption algorithms (Encryption):
⢠'8* (default value): 3DES is an extension of the DES algorithm with an effective key length of 112 bits, which is rated
as secure. It is the slowest algorithm currently supported.
⢠4 0: Twofish was a final candidate for the AES
(Advanced Encryption Standard). It is rated as just as secure
as Rijndael (AES), but is slower.
⢠+) 0: Blowfish is a very secure and fast algorithm.
Twofish can be regarded as the successor to Blowfish.
234
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
⢠(4: CAST is also a very secure algorithm, marginally
slower than Blowfish, but faster than 3DES.
⢠8*: DES is an older encryption algorithm, which is rated as
weak due to its small effective length of 56 bits.
⢠*: Rijndael has been nominated as AES due to its fast key
setup, low memory requirements, high level of security
against attacks and general speed.
⢠*: Rijndael has been nominated as AES due to its
fast key setup, low memory requirements, high level of security against attacks and general speed. Here, it is used with a
key length of 128 bits.
⢠*: Rijndael has been nominated as AES due to its
fast key setup, low memory requirements, high level of security against attacks and general speed. Here, it is used with a
key length of 192 bits.
⢠*: Rijndael has been nominated as AES due to its
fast key setup, low memory requirements, high level of security against attacks and general speed. Here, it is used with a
key length of 256 bits.
Hash algorithms (Authentication):
⢠=8 (default value): MD 5 (Message Digest #5) is an older
hash algorithm. It is used with a 96 bit digest length for IPSec.
⢠<: SHA1 (Secure Hash Algorithm #1) is a hash algorithm
developed by the NSA (United States National Security Association). It is rated as secure, but is slower than MD5. It is
used with a 96 bit digest length for IPSec.
⢠7! =8 : RipeMD 160 is a 160 bit hash algorithm. It is
used as a secure replacement for MD5 and RipeMD.
⢠4$ : Tiger 192 is a relatively new and very fast algorithm.
Please note that the description of the encryption and authentication or the hash algorithms is based on the authorâs knowledge
and opinion at the time of creating this User Guide. In particular,
the quality of the algorithms is subject to relative aspects and
may change due to mathematical or cryptographic developments.
DH Group
bintec WLAN and Industrial WLAN
The Diffie-Hellman group defines the parameter set used as the
235
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
basis for the key calculation during phase 1. "MODP" as supported by bintec devices stands for "modular exponentiation".
Possible values:
⢠@C +"A: During the Diffie-Hellman key calculation, modular exponentiation at 768 bits is used to create the encryption
material.
⢠@& +"A: During the Diffie-Hellman key calculation,
modular exponentiation at 1024 bits is used to create the encryption material.
⢠@' +"A: During the Diffie-Hellman key calculation,
modular exponentiation at 1536 bits is used to create the encryption material.
Lifetime
Create a lifetime for phase 1 keys.
As for RFC 2407, the default value is eight hours, which means
the key must be renewed once eight hours have elapsed.
The following options are available for defining the lifetime:
Input in Seconds: Enter the lifetime for phase 1 key in seconds.
The value can be a whole number from 0 to 2147483647. The
default value is &&.
Input in kBytes: Enter the lifetime for phase 1 keys as amount
of data processed in kBytes. The value can be a whole number
from 0 to 2147483647. The default value is .
The standard value as per RFC is used seconds and
Kbytes are entered.
Authentication Method Select the authentication method.
Possible values:
⢠0 - (default value): If you do not use certificates for the authentication, you can select Preshared Keys.
These are configured during peer configuration in the IPSec
Peers menu. The preshared key is the shared password.
⢠8 $" : Phase 1 key calculations are authenticated
using the DSA algorithm.
⢠7 $" : Phase 1 key calculations are authenticated
236
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
using the RSA algorithm.
⢠7 *-!": In RSA encryption the ID payload is also
encrypted for additional security.
Local Certificate
Only for Authentication Method = 8 $" , 7
$" or 7 *-!"
This field enables you to select one of your own certificates for
authentication. It shows the index number of this certificate and
the name under which it is saved. This field is only shown for
authentication settings based on certificates and indicates that a
certificate is essential.
Mode
Select the phase 1 mode.
Possible values:
⢠$$
/ (default value): The Aggressive Mode is necessary if one of the peers does not have a static IP address and
preshared keys are used for authentication; it requires only
three messages for configuring a secure channel.
⢠= = @68 " "A: This mode (also designated
Main Mode) requires six messages for a Diffie-Hellman key
calculation and thus for configuring a secure channel, over
which the IPSec SAs can be negotiated. A condition is that
both peers have static IP addresses if preshared keys are
used for authentication.
Also define whether the selected mode is used exclusively
(Strict), or the peer can also propose another mode.
Local ID Type
Select the local ID type.
Possible values:
⢠))- H ) 8 2
@H82A
⢠*)
⢠63&
⢠282 @8 "$ 0 2 A
Local ID Value
Enter the ID of your device.
For Authentication Method = 8 $" , 7 $
bintec WLAN and Industrial WLAN
237
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
" or 7 *-!" the option Use Subject Name
from certificateis displayed.
When you initially enable the Use Subject Name from certificate option, the first alternative subject name indicated in the certificate is used, or, if none is specified, the subject name of the
certificate is used.
Note: If you use certificates for authentication and your certificate contains alternative subject names (see Certificates on
page 92), you must make sure your device selects the first alternative subject name by default. Make sure you and your peer
both use the same name, i.e. that your local ID and the peer ID
your partner configures for you are identical.
Alive Check
During communication between two IPSec peers, one of the peers may become unavailable, e.g. due to routing problems or a reboot. However, this can only be detected when
the end of the lifetime of the security connection is reached. Up until this point the data
packets are lost. These are various methods of performing an alive check to prevent this
happening. In the Alive Check field you can specify whether a method should be used to
check the availability of a peer.
Two methods are available: Heartbeats and Dead Peer Detection.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
Alive Check
Select the method to be used to check the functionality of the
IPSec connection.
In addition to the default method Dead Peer Detection (DPD),
the (proprietary) Heartbeat method is implemented. This sends
and receives signals every 5 seconds, depending on the configuration. If these signals are not received after 20 seconds, the
SA is discarded as invalid.
Possible values:
⢠" " " (default value): Your device detects and uses
the mode supported by the remote terminal.
⢠6"/ : Your device neither sends nor expects a heart-
238
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
beat. Set this option if you use devices from other manufacturers.
⢠< "# " @*:! " )-A: Your device expects a
heartbeat from the peer, but does not send one itself.
⢠: Your device expects no heartbeat from the peer, but
sends one itself.
⢠< "# " @ K*:! "A: Your device expects a
heartbeat from the peer and sends one itself.
⢠8 8 " ": Use DPD (dead peer detection) in
accordance with RFC 3706. DPD uses a request-reply protocol to check the availability of the remote terminal and can
be configured independently on both sides. This option only
checks the availability of the peer if data is to be sent to it.
⢠8 8 " " @6) A: Use DPD (dead peer detection) in accordance with RFC 3706. DPD uses a requestreply protocol to check the availability of the remote terminal
and can be configured independently on both sides. This option is used to carry out a check at certain intervals depending
on forthcoming data transfers.
Block Time
Define how long a peer is blocked for tunnel setups after a
phase 1 tunnel setup has failed. This only affects locally initiated
setup attempts.
Possible values are to & (seconds); means the
value in the default profile is used and means that the peer is
never blocked.
The default value is '.
NAT Traversal
NAT Traversal (NAT-T) also enables IPSec tunnels to be
opened via one or more devices on which network address
translation (NAT) is activated.
Without NAT-T, incompatibilities may arise between IPSec and
NAT (see RFC 3715, section 2). These primarily prevent the
setup of an IPSec tunnel from a host within a LANs and behind
a NAT device to another host or device. NAT-T enables these
kinds of tunnels without conflicts with NAT device, activated
NAT is automatically detected by the IPSec Daemon and NAT-T
is used.
bintec WLAN and Industrial WLAN
239
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
The function is enabled with *#) .
The function is enabled by default.
CA Certificates
Only for Authentication Method = 8 $" , 7
$" or 7 *-!"
If you enable option Trust the following CA certificates , you
can select up to three CA certificates that are accepted for this
profile.
This option can only be configured if certificates are loaded.
18.1.3 Phase-2 Profiles
You can define profiles for phase 2 of the tunnel setup just as for phase 1.
In the VPN->IPSec->Phase-2 Profilesmenu, a list of all configured IPSec phase 2 profiles
is displayed.
In the Default column, you can mark the profile to be used as the default profile.
18.1.3.1 New
Choose the New button to create additional profiles.
The menu VPN->IPSec->Phase-2 Profiles->New consists of the following fields:
Fields in the Phase-2 ProfilesPhase-2 (IPSEC) Parameters menu
Field
Description
Description
Enter a description that uniquely identifies the profile.
The maximum length of the entry is 255 characters.
Proposals
In this field, you can select any combination of encryption and
message hash algorithms for IKE phase 2 on your default. The
combination of six encryption algorithms and two message hash
algorithms gives 12 possible values in this field.
Encryption algorithms (Encryption):
⢠'8* (default value): 3DES is an extension of the DES al-
240
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
gorithm with an effective key length of 112 bits, which is rated
as secure. It is the slowest algorithm currently supported.
⢠.. : All options can be used.
⢠*: Rijndael has been nominated as AES due to its
fast key setup, low memory requirements, high level of security against attacks and general speed. Here, it is used with a
key length of 128 bits.
⢠*: Rijndael has been nominated as AES due to its
fast key setup, low memory requirements, high level of security against attacks and general speed. Here, it is used with a
key length of 192 bits.
⢠*: Rijndael has been nominated as AES due to its
fast key setup, low memory requirements, high level of security against attacks and general speed. Here, it is used with a
key length of 256 bits.
⢠4 0: Twofish was a final candidate for the AES
(Advanced Encryption Standard). It is rated as just as secure
as Rijndael (AES), but is slower.
⢠+) 0: Blowfish is a very secure and fast algorithm.
Twofish can be regarded as the successor to Blowfish.
⢠(4: CAST is also a very secure algorithm, marginally
slower than Blowfish, but faster than 3DES.
⢠8*: DES is an older encryption algorithm, which is rated as
weak due to its small effective length of 56 bits.
Hash algorithms (Authentication):
⢠=8 (default value): MD 5 (Message Digest #5) is an older
hash algorithm. It is used with a 96 bit digest length for IPSec.
⢠.. : All options can be used.
⢠<: SHA1 (Secure Hash Algorithm #1) is a hash algorithm
developed by the NSA (United States National Security Association). It is rated as secure, but is slower than MD5. It is
used with a 96 bit digest length for IPSec.
Note that RipeMD 160 and Tiger 192 are not available for message hashing in phase 2.
Use PFS Group
bintec WLAN and Industrial WLAN
As PFS (Perfect Forward Secrecy) requires another DiffieHellman key calculation to create new encryption material, you
241
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
must select the exponentiation features. If you activate PFS
(Enabled), the options are the same as for the configuration in
Phase-1 ProfilesDH Group. PFS is used to protect the keys of
a renewed phase 2 SA, even if the keys of the phase 1 SA have
become known.
The field has the following options:
⢠@C +"A: During the Diffie-Hellman key calculation, modular exponentiation at 768 bits is used to create the encryption
material.
⢠@& +"A (default value): During the Diffie-Hellman key
calculation, modular exponentiation at 1024 bits is used to
create the encryption material.
⢠@' +"A: During the Diffie-Hellman key calculation,
modular exponentiation at 1536 bits is used to create the encryption material.
Lifetime
Define how the lifetime is defined that will expire before phase 2
SAs need to be renewed.
The new SAs are negotiated shortly before expiry of the current
SAs. As for RFC 2407, the default value is eight hours, which
means the key must be renewed once eight hours have
elapsed.
The following options are available for defining the lifetime:
Input in : Enter the lifetime for phase 2 key in seconds.
The value can be a whole number from to &C&'&C . The
default value is C.
Input in +-" : Enter the lifetime for phase 2 keys as amount
of data processed in Kbytes. The value can be a whole number
from to &C&'&C . The default value is .
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
242
Field
Description
IP Compression
Select whether compression is to be activated before data encryption. If data is compressed effectively, this can result in
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
higher performance and a lower volume of data to be transferred. In the case of fast lines or data that cannot be compressed, you are advised against using this option as the performance can be significantly affected by the increased effort
during compression.
The function is enabled with *#) .
The function is disabled by default.
Alive Check
Select whether and how IPSec heartbeats are used.
A bintec IPSec heartbeat is implemented to determine whether
or not a Security Association (SA) is still valid. This function
sends and receives signals every 5 seconds, depending on the
configuration. If these signals are not received after 20 seconds,
the SA is discarded as invalid.
Possible values:
⢠6"/ : Your device neither sends nor expects a heartbeat. Set this option if you use devices from other manufacturers.
⢠< "# " @*:! " )-A: Your device expects a
heartbeat from the peer, but does not send one itself.
⢠: Your device expects no heartbeat from the peer, but
sends one itself.
⢠< "# " @ K*:! "A: Your device expects a
heartbeat from the peer and sends one itself.
⢠" " ": Automatic detection of whether the remote terminal is a bintec device. If it is, Heartbeat Both (for a remote
terminal with bintec) or None (for a remote terminal without
bintec) is set.
Propagate PMTU
Select whether the PMTU (Path Maximum Transfer Unit) is to
be propagated during phase 2.
The function is enabled with *#) .
The function is enabled by default.
bintec WLAN and Industrial WLAN
243
18 VPN
Funkwerk Enterprise Communications GmbH
18.1.4 XAUTH Profiles
In the XAUTH Profiles menu, a list of all XAUTH profiles is displayed.
Extended Authentication for IPSec (XAuth) is an additional authentication method for IPSec
tunnel users.
The gateway can take on two different roles when using XAuth as it can act as a server or
as a client:
⢠As a server the gateway requires a proof of authorisation.
⢠As a client the gateway provides proof of authorisation.
In server mode multiple users can obtain authentication via XAuth, e.g. users of Apple
iPhones. Authorisation is verified either on the basis of a list or via a Radius Server. If using
a one time password (OTP), the password check can be carried out by a token server (e.g.
SecOVID from Kobil), which is installed behind the Radius Server. If a company's
headquarters is connected to several branches via IPSec, several peers can be configured.
A specific user can then use the IPSec tunnel over various peers depending on the assignment of various profiles. This is useful, for example, if an employee works alternately in different branches, if each peer represents a branch and if the employee wishes to have onsite access to the tunnel.
XAuth is carried out once IPSec IKE (Phase 1) has been completed successfully and before IKE (Phase 2) begins.
If XAuth is used together with IKE Config Mode, the transactions for XAuth are carried out
before the transactions for IKE Config Mode.
18.1.4.1 New
Choose the New button to create additional profiles.
The VPN->IPSec->XAUTH Profiles ->New menu consists of the following fields:
Fields in the XAUTH ProfilesBasic Parameters menu
Field
Description
Description
Enter a description for this XAuth profile.
Role
Select the role of the gateway for XAuth authentication.
Possible values:
244
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
⢠/ (default value): The gateway requires a proof of authorisation.
⢠() ": The gateway provides proof of authorisation.
Mode
Only for Role = /
Select how authentication is carried out.
Possible values:
⢠786, (default value): Authentication is carried out via a Radius server. It is configured in the System Management->Remote Authentication->RADIUS menu and selected in the
RADIUS Server Group ID field.
⢠.): Authentication is carried out via a local list.
Name
Only for Role = () "
Enter the authentication name of the client.
Password
Only for Role = () "
Enter the authentication password.
RADIUS Server Group
ID
Users
Only for Role = /
Select the desired System Management->Remote Authentication->RADIUS configured RADIUS group.
Only for Role = / and Mode = .)
If your gateway is configured as an XAuth server, the clients
can be authenticated via a locally configured user list. Define
the members of the user group of this XAUTH profile here by
entering the authentication name of the client (Name) and the
authentication password (Password). Add new members with
Add.
18.1.5 IP Pools
In the IP Pools menu, a list of all IP pools for your configured IPSec connections is displayed.
bintec WLAN and Industrial WLAN
245
18 VPN
Funkwerk Enterprise Communications GmbH
If you have set IP Address Assignment 6* ( $ = / for an IPSec peer,
here, you must define the IP pools from which the IP addresses are assigned.
Choose the Add button to set up new IP pools.
The VPN->IPSec->IP Pools->Add menu consists of the following fields:
Fields in the OptionsIP Pools menu
Field
Description
IP Pool Name
Enter the name of the IP pool.
IP Pool Range
In the first field, enter the first IP address of the range.
In the second field, enter the last IP address of the range.
18.1.6 Options
The VPN->IPSec->Options menu includes the following fields:
Fields in the OptionsGlobal Options menu
Field
Description
Enable IPSec
Select whether you want to activate IPSec.
The function is enabled with *#) .
The function is active as soon as an IPSec Peer is configured.
Delete complete IPSec If you click the
configuration
of your device.
icon, delete the complete IPSec configuration
This cancels all settings made during the IPSec configuration.
Once the configuration is deleted, you can start with a completely new IPSec configuration.
You can only delete the configuration with Enable IPSec = Not
activated..
IPSec Debug Level
Select the priority of the syslog messages of the IPSec subsystem to be recorded internally.
Possible values:
⢠* $ - (highest priority)
246
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
⢠) "
⢠(")
⢠*
⢠$
⢠2"
⢠6 "
⢠8 # $ (default value, lowest priority)
Syslog messages are only recorded internally if they have a
higher or identical priority to that indicated, i.e. all messages
generated are recorded at syslog level debug.
The Advanced Settings menu is for adapting certain functions and features to the special
requirements of your environment, i.e. mostly interoperability flags are set. The default values are globally valid and enable your system to work correctly to other bintec devices, so
that you only need to change these values if the remote terminal is a third-party product or
you know special settings are necessary. These may be needed, for example, if the remote
end operates with older IPSec implementations.
The menu Advanced Settings consists of the following fields:
Fields in the OptionsAdvanced Settings menu
Field
Description
IPSec Pathfinder Mode Select whether IPSec Pathfinder Mode should be used.
The IPSec Pathfinder Mode insures that data traffic (IKE, ESP,
AH) between peers is integrated into a pseudo HTTPS session.
The function is enabled with *#) .
The function is disabled by default.
Send Initial Contact
Message
Select whether IKE Initial Contact messages are to be sent during IKE (phase 1) if no SAs with a peer exist.
The function is enabled with *#) .
The function is enabled by default.
Sync SAs with ISP interface state
bintec WLAN and Industrial WLAN
Select whether all SAs are to be deleted whose data traffic was
routed via an interface on which the status has changed from
,!to 8 , 8" or +) .
247
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
The function is enabled with *#) .
The function is disabled by default.
Use Zero Cookies
Select whether zeroed ISAKMP Cookies are to be sent.
These are equivalent to the SPI (Security Parameter Index) in
IKE proposals; as they are redundant, they are normally set to
the value of the negotiation currently in progress. Alternatively,
your device can use zeroes for all values of the cookie. In this
case, select *#) .
Zero Cookie Size
Only for Use Zero Cookies = enabled.
Enter the length in bytes of the zeroed SPI used in IKE proposals.
The default value is '.
Dynamic RADIUS Authentication
Select whether RADIUS authentication is to be activated via
IPSec.
The function is enabled with *#) .
The function is disabled by default.
Fields in the Advanced SettingsPKI Handling Options menu
Field
Description
Ignore Certificate Request Payloads
Select whether certificate requests received from the remote
end during IKE (phase 1) are to be ignored.
The function is enabled with *#) .
The function is disabled by default.
Send Certificate Request Payloads
Select whether certificate requests are to be sent during IKE
(phase 1).
The function is enabled with *#) .
The function is enabled by default.
Send Certificate
Chains
248
Select whether complete certificate chains are to be sent during
IKE (phase 1).
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
The function is enabled with *#) .
The function is enabled by default.
Deactivate this function if you do not wish to send the peer the
certificates of all levels (from your level to the CA level).
Send CRLs
Select whether CRLs are to be sent during IKE (phase 1).
The function is enabled with *#) .
The function is disabled by default.
Send Key Hash Payloads
Select whether key hash payloads are to be sent during IKE
(phase 1).
In the default setting, the public key hash of the remote end is
sent together with the other authentication data. Only applies to
RSA encryption; activate this function with *#) to suppress this behaviour.
18.2 L2TP
The layer 2 tunnel protocol (L2TP) enables PPP connections to be tunnelled via a UDP
connection.
Your bintec device supports the following two modes:
⢠L2TP LNS Mode (L2TP Network Server): for incoming connections only
⢠L2TP LAC Mode (L2TP Access Concentrator): for outgoing connections only
Note the following when configuring the server and client: An L2TP tunnel profile must be
created on each of the two sides (LAC and LNS). The corresponding L2TP tunnel profile is
used on the initiator side (LAC) to set up the connection. The L2TP tunnel profile is needed
on the responder side (LNS) to accept the connection.
18.2.1 Tunnel Profiles
A list of all configured tunnel profiles is displayed in the VPN->L2TP->Tunnel Profiles
menu.
bintec WLAN and Industrial WLAN
249
18 VPN
Funkwerk Enterprise Communications GmbH
18.2.1.1 New
Choose the New button to create additional tunnel profiles.
The menu VPN->L2TP->Tunnel Profiles ->New consists of the following fields:
Fields in the Tunnel ProfilesBasic Parameters menu
Field
Description
Description
Enter a description for the current profile.
The device automatically names the profiles .4
and numbers them, but the value can be changed.
Local Hostname
Enter the host name for LNS or LAC.
⢠LAC: The Local Hostname is used in outgoing tunnel set-up
messages to identify this device and is associated with the
Remote Hostname of a tunnel profile configured on the LNS.
These tunnel setup messages are SCCRQs (Start Control
Connection Request) sent from the LAC and SCCRPs (Start
Control Connection Reply) sent from the LNS.
⢠LNS: Is the same as the value for Remote Hostname of the
incoming tunnel setup message from the LAC.
Remote Hostname
Enter the host name of the LNS or LAC.
⢠LAC: Defines the value for Local Hostname of the LNS
(contained in the SCCRQs received from the LNS and the
SCCRPs received from the LAC). The Local Hostname configured in LAC must match Remote Hostname configured for
the intended profile in LNS, and vice-versa.
⢠LNS: Defines the Local Hostname of the LAC. If the Remote
Hostname field remains empty on the LNS, the related profile
qualifies as the standard entry and is used for all incoming
calls for which no profile with a matching Remote Hostname
can be found.
Password
250
Enter the password to be used for tunnel authentication. Authentication between LAC and LNS takes place in both directions, i.e. the LNS checks the Local Hostname and the Password contained in the SCCRQ of the LAC and compares them
with those specified in the relevant profile. The LAC does the
same with the fields of the SCCRP of the LNS.
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
If this field remains empty, authentication data in the tunnel
setup messages are not sent and are ignored.
Fields in the Tunnel ProfilesLAC Mode Parameters menu
Field
Description
Remote IP Address
Enter the fixed IP address of the LNS used as the destination
address for connections based on this profile.
The destination must be a device that can behave like an LNS.
UDP Source Port
Enter how the port number to be used as the source port for all
outgoing L2TP connections based on this profile is to be determined.
By default, the Fixedoption is disabled, which means that ports
are dynamically assigned to the connections that use this profile.
If you want to enter a fixed port, activate the option Fixed. Select this option if you encounter problems with the firewall or
NAT.
The available values are to '.
UDP Destination Port
Enter the destination port number to be used for all calls based
on this profile. The remote LNS that receives the call must monitor this port on L2TP connections.
Possible values are ... '.
The default value is C (RFC 2661).
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
Local IP Address
Enter the IP address to be used as the source address for all
L2TP connections based on this profile.
If this field is left empty, your device uses the IP address of the
interface over which the L2TP tunnel reaches Remote IP Address.
bintec WLAN and Industrial WLAN
251
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
Hello Intervall
Enter the interval (in seconds) between the sending of two L2TP
HELLO messages. These messages are used to keep the tunnel open.
The available values are to , the default value is '. The
value means that no L2TP HELLO messages are sent.
Minimum Time
between Retries
Enter the minimum time (in seconds) that your device waits before resending a L2TP control packet for which it received no response.
The wait time is dynamically extended until it reaches the Maximum Time between Retries. The available values are to
, the default value is .
Maximum Time
between Retries
Enter the maximum time (in seconds) that your device waits before resending a L2TP control packet for which it received no response.
The available values are to , the default value is .
Maximum Retries
Enter the maximum number of times your device is to try to resend the L2TP control packet for which is received no response.
The available values are to , the default value is .
Data Packets Sequence Numbers
Select whether your device is to use sequence numbers for
data packets sent through a tunnel on the basis of this profile.
The function is not currently used.
The function is enabled with *#) .
The function is disabled by default.
18.2.2 Users
A list of all configured L2TP partner is displayed in the VPN->L2TP->Users menu.
18.2.2.1 New
Choose the New button to set up new L2TP partners.
252
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
The menu VPN->L2TP->Users->New consists of the following fields:
Fields in the UsersBasic Parameters menu
Field
Description
Description
Enter a name for uniquely identifying the L2TP partner.
The first character in this field must not be a number No special
characters or umlauts must be used. The maximum length of
the entry is 25 characters.
Connection Type
Select whether the L2TP partner is to take on the role of the
L2TP network server (LNS) or the functions of a L2TP access
concentrator client (LAC client).
Possible values:
⢠.2 (default value): If you select this option, the L2TP partner
is configured so that it accepts L2TP tunnels and restores the
encapsulated PPP traffic flow.
⢠.(: If you select this option, the L2TP partner is configured
so that it encapsulates a PPP traffic flow in L2TP and sets up
a L2TP tunnel to a remote LNS.
Tunnel Profile
Only for Connection Type = .(
Select a profile created in the Tunnel Profile menu for the connection to this L2TP partner.
User Name
Enter the code of your device.
Password
Enter the password.
Always on
Select whether the interface should always be activated.
The function is enabled with *#) .
The function is disabled by default.
Connection Idle
Timeout
bintec WLAN and Industrial WLAN
Only if Always on is disabled.
Enter the idle time in seconds for static short hold. The static
short hold setting determines how many seconds should pass
between sending the last traffic data packet and clearing the
connection.
253
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
Possible values are to ' (seconds). deactivates the
short hold. The default value is '.
Fields in the UsersIP Mode and Routes menu
Field
Description
IP Address Mode
Select whether your device is to be assigned a static IP address
or whether it should be assigned this dynamically.
Possible values:
⢠"" (default value): You enter a static IP address.
: Only for Connection Type = .2.
⢠/ 6
Your device dynamically assigns an IP address to the remote
terminal.
⢠1 " 6
: Only for Connection Type = .(. Your
device is dynamically assigned an IP address.
Default Route
Only for IP Address Mode = 1 " 6
and ""
Select whether the route to this connection partner is to be
defined as the default route.
The function is enabled with *#) .
The function is disabled by default.
Create NAT Policy
Only for IP Address Mode = 1 " 6
and ""
Specify whether Network Address Translation (NAT) is to be activated for this connection.
The function is enabled with *#) .
The function is disabled by default.
IP Assignment Pool
(IPCP)
254
Only for IP Address Mode = /
6
Select IP pools configured in the WAN->Internet + Dialup->IP
Pools menu.
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
Local IP Address
Only for IP Address Mode = "".
Enter the WAN IP address of your device.
Route Entries
Only for IP Address Mode = "".
Enter the Remote IP Address and Netmask for the LAN of the
L2TP partner and the attendant Metric. Add new entries with
Add.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
Block after connection Enter the wait time in seconds before the device should try
failure for
again after an attempt to set up a connection has failed. The default value is '.
Authentication
Select the authentication protocol for this L2TP partner.
Possible values:
⢠5(<5=(< (default value): Primarily run CHAP, on
denial, the authentication protocol required by the PPTP partner. (MSCHAP version 1 or 2 possible.)
⢠: Only run PAP (PPP Password Authentication Protocol);
the password is transferred unencrypted.
⢠(<: Only run CHAP (PPP Challenge Handshake Authentication Protocol as per RFC 1994); the password is transferred
encrypted.
⢠5(<: Primarily run CHAP, otherwise PAP.
⢠=(</: Only run MS-CHAP version 1 (PPP Microsoft
Challenge Handshake Authentication Protocol).
⢠=(</: Run MS-CHAP version 2 only.
⢠2 : Some providers use no authentication. In this case, select this option.
Encryption
bintec WLAN and Industrial WLAN
If necessary, select the type of encryption that should be used
for data traffic to the L2TP partner. This is only possible if STAC
or MS-STAC compression is not activated for the connection. If
Encryption is set, the remote terminal must also support it, oth-
255
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
erwise a connection cannot be set up.
Possible values:
⢠2 : MPP encryption is not used.
⢠*#) (default value): MPP encryption V2 with 128 bit is
used to RFC 3078.
â˘
!"#) : MPP encryption V2 with 128 bit is
used as compatible with Microsoft and Cisco.
LCP Alive Check
Check whether the reachability of the remote terminal is to be
checked by sending LCP echo requests or replies. This is recommended for leased lines, PPTP and L2TP connections.
The function is enabled with *#) .
The function is disabled by default.
Prioritize TCP ACK
Packets
Select whether the TCP download is to be optimised in the
event of intensive TCP upload. This function can be specially
applied for asymmetrical bandwidths (ADSL).
The function is enabled with *#) .
The function is disabled by default.
Fields in the Advanced SettingsIP Options menu
Field
Description
OSPF Mode
Select whether and how routes are propagated via the interface
and/or OSPF protocol packets are to be sent.
Possible values:
⢠/ (default value): OSPF is not activated for this interface, i.e. no routes are propagated or OSPF protocol packets
sent over this interface. Networks reachable over this interface are, however, included when calculating the routing information and propagated over active interfaces.
⢠"/ : OSPF is activated for this interface, i.e. routes are
propagated or OSPF protocol packets sent over this interface.
⢠6"/ : OSPF is disabled for this interface.
Proxy ARP Mode
256
Select whether your device is to respond to ARP requests from
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
its own LAN on behalf of the specific L2TP partner.
Possible values:
⢠6"/ (default value): Deactivates Proxy ARP for this
L2TP partner.
⢠,! 8": Your device only responds to an ARP request if the status of the connection to the L2TP partner is ,!
(active) or 8". In the case of 6) , your device only responds to the ARP request; the connection is not set up until
someone actually wants to use the route.
⢠,! )-: Your device responds to an ARP request only if the
status of the connection to the L2TP partner is ,! (active), i.e.
a connection already exists to the L2TP partner.
DNS Negotiation
Select whether your device shall receive IP addresses for DNS
Server Primary and Secondary and WINS Server Primary
and Secondary from the L2TP partner or send these to the
L2TP partner.
The function is enabled with *#) .
The function is enabled by default.
18.2.3 Options
The menu VPN->L2TP->Options consists of the following fields:
Fields in the OptionsGlobal Options menu
Field
Description
UDP Destination Port
Enter the port to be monitored by the LNS on incoming L2TP
tunnel connections.
Available values are all whole numbers from to ', the
default value is CL as specified in RFC 2661.
UDP Source Port Selection
Select whether the LNS should only use the monitored port
(UDP Destination Port) as the local source port for the L2TP
connection.
The function is enabled with : .
bintec WLAN and Industrial WLAN
257
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
The function is disabled by default.
18.3 GRE
Generic Routing Encapsulation (GRE) is a network protocol that encapsulates other protocols and transports them in the form of IP tunnels to the specified recipients.
The specification of the GRE protocol is available in two versions:
⢠GRE V.1 for use in PPTP connections (RFC 2637, configuration in the PPTP menu)
⢠GRE V.0 (RFC 2784) for general encapsulation using GRE
In this menu you can configure a virtual interface for using GRE V.0. The data traffic routed
over this interface is then encapsulated using GRE and sent to the specified recipient.
18.3.1 GRE Tunnels
A list of all configured GRE tunnels is displayed in the VPN->GRE->GRE Tunnels menu.
18.3.1.1 New
Choose the New button to set up new GRE tunnels.
The VPN->GRE->GRE Tunnels menu includes the following fields:
Fields in the GRE TunnelsBasic Parameters menu
Field
Description
Description
Enter a description for the GRE tunnel.
Local GRE IP Address
Enter the source IP address of the GRE packets to the GRE
partner.
If no IP address is given (this corresponds to IP address
0.0.0.0), the source IP address of the GRE packets is selected
automatically from one of the addresses of the interface via
which the GRE partner is reached.
Remote GRE IP Address
Default Route
258
Specify the destination IP address of the GRE packets to the
GRE partner.
If you enable the Default Route, all data is automatically routed
to one connection.
bintec WLAN and Industrial WLAN
18 VPN
Funkwerk Enterprise Communications GmbH
Field
Description
The function is disabled by default.
Local IP Address
Route Entries
Enter the (LAN) IP address to be used as the source address of
your device for sending own packets through the GRE tunnel.
Define other routing entries for this connection partner.
Add new entries with Add.
⢠7 " 6
network.
: IP address of the destination host or
⢠2 " : Netmask for Remote IP Address. If no entry is
made, your device uses a default netmask.
⢠= ": The lower the value, the higher the priority of the
route (possible values ... ). The default value is .
MTU
Enter the maximum packet size (Maximum Transfer Unit, MTU)
in bytes that is allowed for the GRE connection between the
partners.
Possible values are to .
The default value is .
Use key
Enable the key input for the GRE connection, which makes it
possible to distinguish between several parallel GRE connections between two GRE partners (see RFC 1701).
The code is activated with *#)
The function is disabled by default.
Key Value
Only if Use key is enabled.
Enter the GRE connection key.
Possible values are to &C&'&C.
The default value is .
bintec WLAN and Industrial WLAN
259
19 Firewall
Funkwerk Enterprise Communications GmbH
Chapter 19 Firewall
The Stateful Inspection Firewall (SIF) provided for bintec gateways is a powerful security
feature.
The SIF with dynamic packet filtering has a decisive advantage over static packet filtering:
The decision whether or not to send a packet cannot be made solely on the basis of source
and destination addresses or ports but also using dynamic packet filtering based on the
state of the connection to a partner.
This means packets that belong to an already active connection can also be forwarded.
The SIF also accepts packets that belong to an "affiliated connection". The negotiation of
an FTP connection takes place over port 21, for example, but the actual data exchange can
take place over a completely different port.
SIF and other security features
bintecâs Stateful Inspection Firewall fits into the existing security architecture of bintec
devices. The configuration work for the SIF is comparatively straightforward with systems
like Network Address Translation (NAT) and IP Access Lists (IPAL).
As SIF, NAT and IPAL are active in the system simultaneously, attention must be given to
possible interaction: If any packet is rejected by one of the security instances, this is done
immediately. This is irrelevant whether another instance would accept it or not. Your need
for security features should therefore be accurately analysed.
The essential difference between SIF and NAT/IPAL is that the rules for the SIF are generally applied globally, i.e. not restricted to one interface.
In principle, the same filter criteria are applied to the data traffic as those used in NAT and
IPAL:
⢠Source and destination address of the packet (with an associated netmask)
⢠Service (preconfigured, e.g. Echo, FTP, HTTP)
⢠Protocol
⢠Port number(s)
To illustrate the differences in packet filtering, a list of the individual security instances and
their method of operation is given below:
NAT
260
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
19 Firewall
One of the basic functions of NAT is the translation of the local IP addresses of your LAN
into the global IP addresses you are assigned by your ISP and vice versa. All connections
initiated externally are first blocked, i.e. every packet your device cannot assign to an existing connection is rejected. This means that a connection can only be set up from inside to
outside. Without explicit permission, NAT rejects every access from the WAN to the LAN.
IP Access Lists
Here, packets are allowed or rejected exclusively on the basis of the criteria listed above,
i.e. the state of the connection is not considered (except for Services = "!).
SIF
The SIF sorts out all packets that are not explicitly or implicitly allowed. The result can be a
"deny", in which case no error message is sent to the sender of the rejected packet, or a
"reject", where the sender is informed of the packet rejection.
The incoming packets are processed as follows:
⢠The SIF first checks if an incoming packet can be assigned to an existing connection. If
so, it is forwarded. If the packet cannot be assigned to an existing connection, a check is
made to see if a suitable connection is expected (e.g. as affiliated connection of an existing connection). If so, the packet is also accepted.
⢠If the packet cannot be assigned to any existing or expected connection, the SIF filter
rules are applied: If a deny rule matches the packet, the packet is discarded without
sending an error message to the sender of the packet; if a reject rule matches, the packet
is discarded and an ICMP Host Unreachable message sent to the sender of the packet.
The packet is only forwarded if an accept rule matches.
⢠All packets without matching rules are rejected without sending an error message to the
sender when all the existing rules have been checked (=default behaviour).
19.1 Policies
19.1.1 Filter Rules
The default behaviour with Action =
consists of two implicit filter rules: If an incoming packet can be assigned to an existing connection and if a suitable connection is expected (e.g. such as an affiliated connection of an existing connection), the packet is allowed.
The sequence of filter rules in the list is relevant: The filter rules are applied to each packet
bintec WLAN and Industrial WLAN
261
19 Firewall
Funkwerk Enterprise Communications GmbH
in succession until a rule matches. If overlapping occurs, i.e. more than one filter rule
matches a packet, only the first rule is executed. This means that if the first rule denies a
packet, whereas a later rule allows it, the packet is rejected. A deny rule also has no effect
if a relevant packet has previously been allowed by another filter rule.
A list of all configured filter rules is displayed in the Firewall->Policies->Filter Rules
menu.
You can use the
button to insert another policy above the list entry. The configuration
menu for creating a new policy opens.
You can use the
button to move the list entry. A dialog box opens, in which you can se-
lect the position to which the policy is to be moved.
19.1.1.1 New
Choose the New button to create additional parameters.
The menu Firewall->Policies->Filter Rules->New consists of the following fields:
Fields in the Filter RulesBasic Parameters menu
Field
Description
Source
Select one of the preconfigured aliases for the source of the
packet.
In the list, all WAN/LAN interfaces, interface groups (see Firewall->Interfaces->Groups), addresses (see Firewall->Addresses->Address List) and address groups (see
Firewall->Addresses->Groups) are available.
The value - means that neither the source interface nor the
source address is checked.
Destination
Select one of the preconfigured aliases for the destination of the
packet.
In the list, all WAN/LAN interfaces, interface groups (see Firewall->Interfaces->Groups), addresses (see Firewall->Addresses->Address List) and address groups (see
Firewall->Addresses->Groups) are available.
The value - means that neither the destination interface nor
the destination address is checked.
262
bintec WLAN and Industrial WLAN
19 Firewall
Funkwerk Enterprise Communications GmbH
Field
Description
Service
Select one of the preconfigured services to which the packet to
be filtered must be assigned.
The extensive range of services configured ex works includes
the following:
â˘
"!
⢠" ) "
â˘
"!
â˘
⢠0""!
⢠"!
⢠6" "
⢠2 "
"$
Additional services are created in Firewall->Services->Service
List.
In addition, the service groups configured in
Firewall->Services->Groups can be selected.
Action
Select the action to be applied to a filtered packet.
Possible values:
â˘
(default value): The packets are forwarded on the
basis of the entries.
⢠8 - : The packets are rejected.
⢠7 M " : The packets are rejected. An error message is issued to the sender of the packet.
Apply QoS
Only for Action =
Select whether you want to enable QoS for this policy with the
priority selected in Priority.
The function is enabled with *#) .
The option is deactivated by default.
If QoS is not activated for this policy, bear in mind that the data
cannot be prioritised on the sender side either.
bintec WLAN and Industrial WLAN
263
19 Firewall
Funkwerk Enterprise Communications GmbH
Field
Description
A policy for which QoS has been enabled is also set for the firewall. Make sure therefore that data traffic that has not been expressly authorised if blocked by the firewall!
Priority
Only for Apply QoS = *#)
Select the priority with which the data specified by the policy is
handled on the send side.
Possible values:
⢠2 (default value): No priority.
⢠. ." -: Low Latency Transmission (LTT), i.e. handling of data with the lowest possible latency, e.g. suitable for
VoIP data.
⢠<$0
⢠=
⢠.
19.1.2 QoS
More and more applications need increasingly larger bandwidths, which are not always
available. Quality of Service (QoS) makes it possible to distribute the available bandwidths
effectively and intelligently. Certain applications can be given preference and bandwidth reserved for them.
A list of all QoS rules is displayed in the Firewall->Policies->QoS menu.
19.1.2.1 New
Choose the New button to set up new QoS rules.
The Firewall->Policies->QoS->New menu consists of the following fields:
Fields in the QoSConfigure QoS Interface menu
264
Field
Description
Interface
Select the interface on which bandwidth management is to be
carried out.
Traffic Shaping
Select whether you want to activate bandwidth management for
bintec WLAN and Industrial WLAN
19 Firewall
Funkwerk Enterprise Communications GmbH
Field
Description
the selected interface.
The function is enabled with *#) .
The function is disabled by default.
Specify bandwidth
Only for Traffic Shaping = *#) .
Enter the maximum available bandwidth in kbps for the selected
interface.
Filter Rules
This field contains a list of all configured firewall policies for
which QoS was activated (Apply QoS = *#) ). The following options are available for each list entry:
⢠Use: Select whether this entry should be assigned to the QoS
interface. The option is deactivated by default.
⢠Bandwidth: Enter the maximum available bandwidth in Bit/s
for the service specified under Service. is entered by default.
⢠Bounded: Select whether the bandwidth defined in Bandwidth can be exceeded in the longer term. By activating this
field, you specify that it cannot be exceeded. If the option is
deactivated, the bandwidth can be exceeded and the excess
data rate is handled in accordance with the priority defined in
the firewall policy. The option is deactivated by default.
19.1.3 Options
The Firewall->Policies->Options menu includes the following fields:
Fields in the OptionsGlobal Firewall Options menu
Field
Description
Firewall Status
Enable or disable the firewall function.
The function is enabled with *#)
The function is enabled by default.
Logged Actions
bintec WLAN and Industrial WLAN
Select the firewall syslog level.
265
19 Firewall
Funkwerk Enterprise Communications GmbH
Field
Description
The messages are output together with messages from other
subsystems.
Possible values:
⢠)) (default value): All firewall activities are displayed.
⢠8 - : Only reject and deny events are shown, see "Action".
⢠!" : Only accept events are shown.
⢠2 : Syslog messages are not generated.
Full Filtering
Here you specify if only such packets are to be filtered that are
being sent to an interface that is different from the one that has
initiated the connection. With the option *#) (default value)
all packets will be filtered.
Fields in the OptionsSession Timer menu
Field
Description
UDP Inactivity
Enter the inactivity time after which a UDP session is to be regarded as expired (in seconds).
Possible values are ' to &.
The default value is .
TCP Inactivity
Enter the inactivity time after which a TCP session is to be regarded as expired (in seconds).
Possible values are ' to &.
The default value is '.
PPTP Inactivity
Enter the inactivity time after which a PPTP session is to be regarded as expired (in seconds).
Possible values are ' to &.
The default value is &.
Other Inactivity
Enter the inactivity time after which a session of another type is
to be regarded as expired (in seconds).
Possible values are ' to &.
266
bintec WLAN and Industrial WLAN
19 Firewall
Funkwerk Enterprise Communications GmbH
Field
Description
The default value is '.
19.2 Interfaces
19.2.1 Groups
A list of all configured interface routes is displayed in the Firewall->Interfaces->Groups
menu.
You can group together the interfaces of your device. This makes it easier to configure firewall rules.
19.2.1.1 New
Choose the New button to set up new interface groups.
The menu Firewall->Interfaces->Groups->New consists of the following fields:
Fields in the GroupsBasic Parameters menu
Field
Description
Description
Enter the desired description of the interface group.
Members
Select the members of the group from the available interfaces.
To do this, activate the field in the Members column.
19.3 Addresses
19.3.1 Address List
A list of all configured addresses is displayed in the Firewall->Addresses->Address List
menu.
19.3.1.1 New
Choose the New button to create additional addresses.
The menu Firewall->Addresses->Address List->New consists of the following fields:
bintec WLAN and Industrial WLAN
267
19 Firewall
Funkwerk Enterprise Communications GmbH
Fields in the Address ListBasic Parameters menu
Field
Description
Description
Enter the desired description of the address.
Address Type
Select the type of address you want to specify.
Possible values:
â˘
5 # " (default value): Enter an IP address
with subnet mask.
â˘
7$ : Enter an IP address range with a start and
end address.
Address / Subnet
Only for Address Type =
5 # "
Enter the IP address of the host or a network address and the
related netmask.
The default value is .
Address Range
Only for Address Type =
7$
Enter the start and end IP address of the range.
19.3.2 Groups
A list of all configured address groups is displayed in the Firewall->Addresses->Groups
menu.
You can group together addresses. This makes it easier to configure firewall rules.
19.3.2.1 New
Choose the New button to set up additional address groups.
The menu Firewall->Addresses->Groups->New consists of the following fields:
Fields in the GroupsBasic Parameters menu
268
Field
Description
Description
Enter the desired description of the address group.
Selection
Select the members of the group from the available Addresses.
bintec WLAN and Industrial WLAN
19 Firewall
Funkwerk Enterprise Communications GmbH
Field
Description
To do this, activate the field in the Selection column.
19.4 Services
19.4.1 Service List
In the Firewall->Services->Service List menu, a list of all available services is displayed.
19.4.1.1 New
Choose the New button to set up additional services.
The menu Firewall->Services->Service List->New consists of the following fields:
Fields in the Service ListBasic Parameters menu
Field
Description
Description
Enter an alias for the service you want to configure.
Protocol
Select the protocol on which the service is to be based. The
most important protocols are available for selection.
Destination Port Range Only for Protocol = 4( , ,854( or ,8
In the first field, enter the destination port via which the service
is to run.
If a port number range is specified, in the second field enter the
last port of the port range. By default the field does not contain
an entry. If a value is displayed, this means that the previously
specified port number is verified. If a port range is to be
checked, enter the upper limit here.
Possible values are to '.
Source Port Range
Only for Protocol = 4( , ,854( or ,8
In the first field, enter the source port to be checked, if applicable.
If a port number range is specified, in the second field enter the
last port of the port range. By default the field does not contain
bintec WLAN and Industrial WLAN
269
19 Firewall
Funkwerk Enterprise Communications GmbH
Field
Description
an entry. If a value is displayed, this means that the previously
specified port number is verified. If a port range is to be
checked, enter the upper limit here.
Possible values are to '.
Type
Only for Protocol = 6(=
The Type field shows the class of ICMP messages, the Code
field specifies the type of message in greater detail.
Possible values:
⢠- (default value)
⢠*0 !)⢠8
"" , 0#)
â˘
0
⢠7 "
⢠*0
⢠4
*:
⢠" #)
⢠4
"!
⢠4
"! !)-
⢠6 " 7 F
⢠6 " 7 !)-
Code
â˘
=
7 F
â˘
=
7 !)-
Selection options for the ICMP codes are only available for
Type = 8 "" , 0#) .
Possible values:
⢠- (default value)
⢠2 " , 0#)
⢠< " , 0#)
⢠") , 0#)
⢠" , 0#)
270
bintec WLAN and Industrial WLAN
19 Firewall
Funkwerk Enterprise Communications GmbH
Field
Description
⢠$ "" 2
⢠( " "0 8 "" 2 "
""/ )- 0#"
⢠( " "0 8 "" < "
""/ )- 0#"
19.4.2 Groups
A list of all configured service groups is displayed in the Firewall->Services->Groups
menu.
You can group together services. This makes it easier to configure firewall rules.
19.4.2.1 New
Choose the New button to set up additional service groups.
The menu Firewall->Services->Groups->New consists of the following fields:
Fields in the GroupsBasic Parameters menu
Field
Description
Description
Enter the desired description of the service group.
Members
Select the members of the group from the available service aliases. To do this, activate the field in the Members column.
bintec WLAN and Industrial WLAN
271
20 Local Services
Funkwerk Enterprise Communications GmbH
Chapter 20 Local Services
This menu offers services for the following application areas:
⢠Name resolution (DNS)
⢠Configuration via web browser (HTTPS)
⢠Locating of dynamic IP addresses using a DynDNS provider
⢠Configuration of gateway as a DHCP server (assignment of IP addresses)
⢠Automation of tasks according to schedule (scheduling)
⢠Alive checks for hosts or interfaces, ping tests
⢠Automatic detection and configuration of bintec devices
⢠Provision of public Internet accesses (hotspot).
20.1 DNS
Each device in a TCP/IP network is usually located by its IP address. Because host names
are often used in networks to reach different devices, it is necessary for the associated IP
address to be known. This task can be performed by a DNS server, which resolves the
host names into IP addresses. Alternatively, name resolution can also take place over the
HOSTS file, which is available on all PCs.
Your device offers the following options for name resolution:
⢠DNS Proxy, for forwarding DNS requests sent to your device to a suitable DNS server.
This also includes specific forwarding of defined domains (Forwarded Domains).
⢠DNS cache, for saving the positive and negative results of DNS requests.
⢠Static entries (Static Hosts), for manually defining or preventing assignments of IP addresses to names.
⢠DNS monitoring, for providing an overview of DNS requests on your device.
Global Name Server
Under Local Services->DNS->Global Settings->Basic Parameters you enter the IP addresses of global name servers that are asked if your device cannot answer requests itself
or by forwarding entries.
For local applications, the IP address of your device or the general loopback address
(127.0.0.1) can be entered as the global name server.
272
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
20 Local Services
Your device can also receive the global name servers dynamically and transfer them dynamically if necessary.
Strategy for name resolution on your device
A DNS request is handled by your device as follows:
(1)
If possible, the request is answered directly from the static or dynamic cache with IP
address or negative response.
(2)
Otherwise, if a suitable forwarding entry exists, the relevant DNS server is asked, depending on the configuration of the Internet or dialin connections, if necessary by setting up a WAN connection at extra cost. If the DNS server can resolve the name, the
information is forwarded and a dynamic entry created in the cache.
(3)
Otherwise, if global name servers are entered, the primary DNS server then the secondary DNS server are asked. If the IP address of your device or the loopback address is entered for local applications, these are ignored here. If one of the DNS servers can resolve the name, the information is forwarded and a dynamic entry created in
the cache.
(4)
Otherwise, if a suitable Internet or dialin connection is selected as the standard interface, the relevant DNS server is asked, depending on the configuration of the Internet
or dialin connections, if necessary by setting up a WAN connection at extra cost. If
one of the DNS servers can resolve the name, the information is forwarded and a dynamic entry created in the cache.
(5)
Otherwise, if overwriting the addresses of the global name servers is allowed ( DNS
Server Configuration = 8-), a connection is set up â if necessary at extra cost
â to the first Internet or dialin connection configured to enable DNS server addresses
to be requested from DNS servers (DNS Negotiation = *#) ), if this has not
been already attempted. If name server negotiation is successful, these are entered
as global name servers and are therefore available for further requests.
(6)
Otherwise the initial request is answered with a server error.
If one of the DNS servers answers with " *, the initial request is immediately answered accordingly and a corresponding negative entry is made in the DNS
cache of your device.
20.1.1 Global Settings
The Local Services->DNS->Global Settings menu includes the following fields:
Fields in the Global SettingsBasic Parameters menu
bintec WLAN and Industrial WLAN
273
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Domain Name
Enter the standard domain name of your device.
DNS Server Configura- Select whether the addresses of the global name server on your
tion
device can be overwritten by transferred name server addresses.
Possible values:
⢠8- (default value): The name server addresses can be
automatically overwritten.
⢠"" : The name server addresses are not overwritten.
DNS Server
Only for DNS Server Configuration = ""
Primary
Enter the IP address of the first and, if necessary, second global
DNS server.
Secondary
WINS Server
Primary
Enter the IP address of the first and, if necessary, alternative
global Windows Internet Name Server (=WINS) or NetBIOS
Name Server (=NBNS).
Secondary
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
Positive Cache
Select whether the positive dynamic cache is to be activated,
i.e. successfully resolved names and IP addresses are to be
stored in the cache.
The function is activated by selecting *#) .
The function is enabled by default.
Negative Cache
Select whether the negative dynamic cache is to be activated,
i.e. whether queried names for which a DNS server has sent a
negative response are stored as negative entries in the cache.
The function is activated by selecting *#) .
The function is enabled by default.
274
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Cache Size
Enter the maximum total number of static and dynamic entries.
Once this value is reached, the dynamic entry not requested for
the longest period of time is deleted when a new entry is added.
Cache Size is reduced by the user, dynamic entries are deleted
if necessary. Static entries are not deleted. Cache Size cannot
be set to lower than the current number of static entries.
Possible values: .. .
The default value is .
Maximum TTL for Pos- Enter the value to which the TTL is to be set for a positive dyitive Cache Entries
namic DNS entry in the cache if its TTL is or its TTL exceeds
the value for Maximum TTL for Positive Cache Entries .
The default value is &.
Maximum TTL for Neg- Enter the value set to which the TTL is to be set in the case of a
ative Cache Entries
negative dynamic entry in the cache.
The default value is &.
Fallback interface to
get DNS server
Only for DNS Server Configuration = 8-
Select the interface to which a connection is set up for name
server negotiation if other name resolution attempts were not
successful.
The default value is "", i.e. a one-time connection is
set up to the first suitable connection partner configured in the
system.
IP address to use for
DNS/WINS server assignment
As DHCP Server
Select which name server addresses are sent to the DHCP client if your device is used as DHCP server.
Possible values:
⢠2 : No name server address is sent.
⢠; 6
(default value): The address of your
device is transferred as the name server address.
⢠1)#) 82 ""$ : The addresses of the global name
bintec WLAN and Industrial WLAN
275
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
servers entered on your device are sent.
As IPCP Server
Select which name server addresses are to be transmitted by
your device in the event of dynamic server name negotiation if
your device is used as the IPCP server for PPP connections.
Possible values:
⢠2 : No name server address is sent.
⢠; 6
: The address of your device is transferred
as the name server address.
⢠1)#) 82 ""$ (default value): The addresses of the
global name servers entered on your device are sent.
20.1.2 Static Hosts
A list of all configured static hosts is displayed in the Local Services->DNS->Static Hosts
menu.
20.1.2.1 New
Choose the New button to set up new static hosts.
The menu Local Services->DNS->Static Hosts->New consists of the following fields:
Fields in the Static HostsBasic Parameters menu
Field
Description
DNS Hostname
Enter the host name to which the IP Address defined in this
menu is to be assigned if a positive response is received to a
DNS request. If a negative response is received to a DNS request, no address is specified.
The entry can also start with the wildcard *, e.g. *.funkwerk.de.
If a name is entered without a dot, this is completed with OK
" " after confirmation.
Entries with spaces are not allowed.
Response
276
In this entry, select the type of response to DNS requests.
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Possible values:
⢠2 $"/ : A DNS request for DNS Hostname gets a negative response.
⢠"/ (default value): A DNS request for DNS Hostname is answered with the related IP Address.
⢠2 : A DNS request is ignored; no answer is given.
IP Address
Only if Response = "/
Enter the IP address assigned to DNS Hostname.
TTL
Enter the validity period of the assignment from DNS Hostname
to IP Address in seconds (only relevant for Response =
"/ ) transmitted to requesting hosts.
The default value is & (= 24 h).
20.1.3 Domain Forwarding
In the Local Services->DNS->Domain Forwardingmenu, a list of all configured forwardings for defined domains is displayed.
20.1.3.1 New
Choose the New button to set up additional forwardings.
The menu Local Services->DNS->Domain Forwarding->New consists of the following
fields:
Fields in the Domain ForwardingForwarding Parameters menu
Field
Description
Forward
Select whether a host or domain is to be forwarded.
Possible values:
⢠< " (default value)
⢠8
Host
bintec WLAN and Industrial WLAN
Only for Forwarding = < "
277
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Enter the name of the host to be forwarded.
The entry can also start with the wildcard *, e.g. *.funkwerk.com.
If a name is entered without a full stop, you complete with OK "
. " " is added.
Domain
Only for Forwarding = 8
Enter the name of the domain to be forwarded.
The entry can also start with the wildcard *, e.g. *.funkwerk.com.
If a name is entered without a full stop, you complete with OK "
. " " is added.
Forward to
Select the forwarding destination requests to the name defined
in Host or Domain.
Possible values:
⢠6" (default value): The request is forwarded to the
defined Interface.
⢠82 / : The request is forwarded to the defined DNS
Server.
Interface
Only for Forward to = 6"
Select the interface via which the requests for the defined Domain are to be received and forwarded to the DNS server.
DNS Server
Only for Forward to = 82 /
Enter the IP address of the primary and secondary DNS server.
20.1.4 Cache
In the Local Services->DNS->Cachemenu, a list of all available cache entries is displayed.
You can select individual entries using the checkbox in the corresponding line, or select
them all using the Select all button.
A dynamic entry can be converted to a static entry by marking the entry and confirming with
Make static. This entry then disappears from the list and is thus included in the list in the
278
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Static Hosts menu. The TTL is transferred in this operation.
20.1.5 Statistics
In the Local Services->DNS->Statisticsmenu, the following statistical values are displayed:
Fields in the StatisticsDNS Statistics menu
Field
Description
Received DNS Packets Shows the number of received DNS packets addressed direct to
your device, including the response packets for forwarded requests.
Invalid DNS Packets
Shows the number of invalid DNS packets received and addressed direct to your device.
DNS Requests
Shows the number of valid DNS requests received and addressed direct to your device.
Cache Hits
Shows the number of requests that were answered with static or
dynamic entries from the cache.
Forwarded Requests
Shows the number of requests forwarded to other name servers.
Cache Hitrate (%)
Indicates the number of Cache Hits per DNS Requests in percentage.
Successfully
Answered Queries
Shows the number of successfully answered requests (positive
and negative).
Server Failures
Shows the number of requests that were not answered by any
name server (either positively or negatively).
20.2 HTTPS
You can operate the user interface of your device from any PC with an up-to-date Web
browser via an HTTPS connection.
HTTPS (HyperText Transfer Protocol Secure) is the procedure used to establish an encrypted and authenticated connection by SSL between the browser used for configuration
and the device.
bintec WLAN and Industrial WLAN
279
20 Local Services
Funkwerk Enterprise Communications GmbH
20.2.1 HTTPS Server
In the Local Services->HTTPS->HTTPS Server menu, you configure the parameters of
the secured configuration connection over HTTPS.
The Local Services->HTTPS->HTTPS Server menu includes the following fields:
Fields in the HTTPS ServerHTTPS Parameters menu
Field
Description
HTTPS TCP Port
Enter the port via which the HTTPS connection is to be established.
Possible values are to '.
The default value is &&'.
Local Certificate
Select a certificate that you want to use for the HTTPS connection.
Possible values:
⢠6" ) (default value): Select this option if you want to
use the certificate built into the device.
⢠>( " " ?: Select a certificate entered under
System Management->Certificates->Certificate List.
20.3 DynDNS Client
The use of dynamic IP addresses has the disadvantage that a host in the network can no
longer be found once its IP address has changed. DynDNS ensures that your device can
still be reached after a change to the IP address.
The following configuration steps are necessary:
⢠Registration of a host name at a DynDNS provider
⢠Configuration of your device
Registration
The registration of a host name means that you define an individual user name for the
DynDNS service, e.g. -G) ". The service providers offer various domain names for
280
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
this, so that a unique host name results for your device , e.g.
-G) "!/ . The DynDNS provider relieves you of the task of answering all DNS requests concerning the host -G) "!/ with the dynamic
IP address of your device.
To ensure that the provider always knows the current IP address of your device, your
device contacts the provider when setting up a new connection and propagates its present
IP address.
20.3.1 DynDNS Update
In the Local Services->DynDNS Client->DynDNS Update menu, a list of all configured
DynDNS registrations for updating is displayed.
20.3.1.1 New
Choose the New button to set up further DynDNS registrations to be updated.
The menu Local Services->DynDNS Client->DynDNS Update->New consists of the following fields:
Fields in the DynDNS UpdateBasic Parameters menu
Field
Description
Host Name
Enter the complete host name as registered with the DynDNS
provider.
Interface
Select the WAN interface whose IP address is to be propagated
over the DynDNS service (e.g. the interface of the Internet Service Provider).
User Name
Enter the user name as registered with the DynDNS provider.
Password
Enter the password as registered with the DynDNS provider.
Provider
Select the DynDNS provider with which the above data is registered.
A choice of DynDNS providers is already available in the unconfigured state and their protocols are supported.
Other DynDNS providers can be configured in the Local Services->DynDNS Client->DynDNS Provider menu.
bintec WLAN and Industrial WLAN
281
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
The default value is 8-82.
Enable update
Select whether the DynDNS entry configured here is to be activated.
The function is activated by selecting *#) .
The function is disabled by default.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
Mail Exchanger (MX)
Enter the full host name of a mail server to which e-mails are to
be forwarded if the host currently configured is not to receive
mail.
Ask your provider about this forwarding service and make sure
e-mails can be received from the host entered as MX.
Wildcard
Select whether the forwarding of all subdomains of the Host
Name should be enabled for the current IP address of the Interface (advanced name resolution).
The function is activated by selecting *#) .
The function is disabled by default.
20.3.2 DynDNS Provider
A list of all configured DynDNS providers is displayed in the Local Services->DynDNS Client->DynDNS Provider menu.
20.3.2.1 New
Choose the New button to set up new DynDNS providers.
The menu Local Services->DynDNS Client->DynDNS Provider->New consists of the following fields:
Fields in the DynDNS ProviderBasic Parameters menu
282
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Provider Name
Enter a name for this entry.
Server
Enter the host name or IP address of the server on which the
providerâs DynDNS service runs.
Update Path
Enter the path on the providerâs server that contains the script
for managing the IP address of your device.
Ask your provider for the path to be used.
Port
Enter the port at which your device is to reach your providerâs
server.
Ask your provider for the relevant port.
The default value is .
Protocol
Select one of the protocols implemented.
Possible values:
⢠8-82 (default value)
⢠"" 8-82
⢠;8
⢠<2
⢠8I2
⢠1 86<4=.
⢠1 864(
⢠(
" 8-82
⢠8 *:"
Update Interval
Enter the minimum time (in seconds) that your device must wait
before it is allowed to propagate its current IP address to the
DynDNS provider again.
The default value is ' seconds.
20.4 DHCP Server
You can configure your device as a DHCP (Dynamic Host Configuration Protocol) server.
bintec WLAN and Industrial WLAN
283
20 Local Services
Funkwerk Enterprise Communications GmbH
Your device and each PC in your LAN requires its own IP address. One option for allocating IP addresses in your LAN is the Dynamic Host Configuration Protocol (DHCP). If you
configure your device as a DHCP server, the device automatically assigns IP addresses to
requesting PCs in the LAN from a predefined IP address pool. A PC sends out an ARP request and in turn receives its IP address assigned by your device. You therefore do not
need to allocate fixed IP addresses to PCs, which reduces the amount of configuration
work in your network. To do this, you set up a pool of IP addresses, from which your device
assigns IP addresses to hosts in the LAN for a defined period of time. A DHCP server also
transfers the addresses of the domain name server entered statically or by PPP negotiation
(DNS), NetBIOS name server (WINS) and default gateway.
20.4.1 DHCP Pool
To activate your device as a DHCP server, you must first define IP address pools from
which the IP addresses are distributed to the requesting clients.
A list of all configured IP address pools is displayed in the Local Services->DHCP Server>DHCP Pool menu.
In the list, for each entry, you have the possibility under Status of enabling or disabling the
configured DHCP pools.
Note
In the ex works state the DHCP pool is preconfigured with the IP addresses
192.168.0.10 to 192.168.0.49 and is used if there is no other DHCP server available in
the network.
20.4.1.1 New
Choose the New button to set up new IP address pools. Choose the
icon to edit exist-
ing entries.
The menu Local Services->DHCP Server->DHCP Pool->New consists of the following
fields:
Fields in the DHCP PoolBasic Parameters menu
284
Field
Description
Interface
Select the interface over which the addresses defined in IP Address Range are to be assigned to DHCP clients.
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
When a DHCP request is received over this Interface, one of
the addresses from the address pool is assigned.
IP Address Range
Enter the first (first field) and last (second field) IP address of
the IP address pool.
Pool Usage
Specify whether the IP pool is used for DHCP requests in the
same subnet or for DHCP requests that have been forwarded to
your device from another subnet. In this case it is possible to
define IP addresses from another network.
Possible values:
⢠.) (default value): The DHCP pool is only used for DHCP
requests in the same subnet.
⢠.)57 )-: The DHCP pool is used for DHCP requests in
the same subnet and from other subnets.
⢠7 )-: The DHCP pool is only used for DHCP requests forwarded from other subnets.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Description
Gateway
Select which IP address is to be transferred to the DHCP client
as gateway.
Possible values:
⢠2 $"
- (default value): No IP address is sent.
⢠,
" $" -: Here, the IP address defined for
the Interface is transferred.
⢠! -: Enter the corresponding IP address.
Lease Time
Enter the length of time (in minutes) for which an address from
the pool is to be assigned to a host.
After the Lease Time expires, the address can be reassigned
by the server.
The default value is .
bintec WLAN and Industrial WLAN
285
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
DHCP Options
Specify which additional data is forwarded to the DHCP client.
Possible values for Option:
⢠4 / (default value): Enter the IP address of the
time server to be sent to the client.
⢠82 / : Enter the IP address of the DNS server to be
sent to the client.
⢠82 8 2 : Enter the DNS domain to be sent to the
client.
⢠6252+2 / : Enter the IP address of the WINS/
NBNS server to be sent to the client.
⢠6252+4 2 4-! : Enter the type of the WINS/NBT
node to be sent to the client.
⢠44 / : Enter the IP address of the TFTP server to be
sent to the client.
Several entries are possible. Add additional entries with the
Add button.
20.4.2 IP/MAC Binding
The Local Services->DHCP Server->IP/MAC Binding menu displays a list of all clients
that received an IP address from your device via DHCP.
You can now allocate an IP address from a defined IP address pool to specific MAC addresses. You can do this by selecting the Static Binding option in the list to convert a list
entry as a fixed binding, or you manually create a fixed IP/MAC binding by configuring this
in the New sub-menu.
Note
You can only create new static IP/MAC bindings if IP address ranges were configured
in Local Services->DHCP Server->DHCP Pool.
20.4.2.1 New
Choose the New button to set up new IP/MAC bindings.
286
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
The menu Local Services->DHCP Server->IP/MAC Binding->New consists of the following fields:
Fields in the IP/MAC BindingBasic Parameters menu
Field
Description
Description
Enter the name of the host to which the MAC Address the IP
Address is to be bound.
A character string of up to 256 characters is possible.
IP Address
Enter the IP address to be assigned to the MAC address specified in MAC Address is to be assigned.
MAC Address
Enter the MAC address to which the IP address specified in IP
Address is to be assigned.
20.4.3 DHCP Relay Settings
If your device for the local network does not distribute any IP addresses to the clients by
DHCP, it can still forward the DHCP requests on behalf of the local network to a remote
DHCP server. The DHCP server then assigns the your device an IP address from its pool,
which in turn sends this to the client in the local network.
The Local Services->DHCP Server->DHCP Relay Settings menu includes the following
fields:
Fields in the DHCP Relay SettingsBasic Parameters menu
Field
Description
Primary DHCP Server
Enter the IP address of a server to which BootP or DHCP requests are to be forwarded.
Secondary DHCP Serv- Enter the IP address of an alternative BootP or DHCP server.
er
20.5 Scheduling
Your device features an event scheduler. Specific standard actions (e.g. enabling or disabling of interfaces) can be executed. Moreover, every existing MIB variable can be configured with any value.
bintec WLAN and Industrial WLAN
287
20 Local Services
Funkwerk Enterprise Communications GmbH
Various events can be configured as initiators for these actions. This makes it possible to
initiate time-controlled actions. Moreover, the status or accessibility of interfaces or their
data traffic may lead to execution of the configured actions, or also the validity of licences.
Here also, it is possible to set up every MIB variable as initiator with any value.
Caution
The configuration of actions that are not available as defaults requires extensive knowledge of the method of operation of bintec gateways. An incorrect configuration can
cause considerable disruption during operation. If applicable, save the original configuration on your PC.
Note
To run the event scheduler, the date configured on your device must be 1.1.2000 or
later.
20.5.1 Trigger
In the Local Services->Scheduling->Trigger menu, a list of all initiators is displayed.
20.5.1.1 New
Choose the New button to create additional initiators.
The menu Local Services->Scheduling->Trigger->New consists of the following fields:
Fields in the TriggerBasic Parameters menu
Field
Event List
Description
Indicate the desired index for this initiator.
The configured initiators can be summarised via assignment to
an index to the events chains, so that complex conditions for initiating an action may also be created. The initiators within an
events chain are then processed in the listed order. If you wish
to add a new events chain, select 2 (default value). If a single
event is to be configured as an initiator, it also receives an index.
288
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Description
Only for Event List 2
Enter your chosen designation for the index.
Event Type
Select the initiator type.
Possible values:
⢠4 (default value): The operations configured and assigned
in Actions are triggered at specific points in time.
⢠=6+52=: The actions configured and assigned in Actions
are triggered if the defined MIB variables assume the specified values..
⢠6" "" : The actions configured and assigned
in Actions are triggered if the defined interfaces take on a
specified status.
⢠6" 4 : The operations configured and assigned in Actions are triggered if the data traffic on the specified interfaces falls below or exceeds the defined value.
⢠$ 4 ": The operations configured and assigned in Actions are triggered if the defined interfaces are accessible or
not accessible. Interface status is checked via ping test.
⢠( " " . " : The operations configured and
assigned in Actions are triggered when the specified validity
period is reached.
Monitored Variable
Only for Event Type =6+52=
Select the MIB variables whose defined value is to be configured as initiator. First select the System on which the MIB
variable is saved, then the MIB Table and finally the MIB Variable itself. Only MIB tables and MIB variables existing in the relevant area are displayed.
Compare Condition
Only for Event Type =6+52=
Select whether the MIB variable must be 1 " (default
value), *F ), .
, 2" *F ) to the value specified in
(! 3) , or lie within a 7$ in order to trigger the
operation.
Compare Value
bintec WLAN and Industrial WLAN
Only for Event Type =6+52=
289
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Enter the value of the MIB variable.
Index Variables
Only for Event Type =6+52=
Where required, select MIB variables to be used as "index" in
order to uniquely identify a specific data set in MIB Table, e.g.
(6 6 :. The combination of Index Variable and Index
Value yields unique identification of a specific table entry.
Monitored Interface
Only for Event Type 6"
4
""
and 6"
Select the interface whose defined status shall trigger an operation.
Interface Status
Only for Event Type 6"
""
Select the status that the interface must assume in order to trigger the intended operation.
Possible values:
⢠,! (default value): The interface is active.
⢠8 : The interface is inactive.
Traffic Direction
Only for Event Type 6"
4
Select the direction of the data traffic whose values should be
monitored as initiator for an action.
Possible values:
⢠7B (default value): Incoming data traffic is monitored.
⢠4B: Outgoing data traffic is monitored.
Interface Traffic CondiOnly for Event Type 6"
tion
4
Select whether the value for the data traffic must be 1 "
(default value) or .
than the value specified in 4
4 to initiate the action.
Transferred Traffic
Only for Event Type 6"
4
Enter the desired value in kBytes for the data traffic to be used
290
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
as comparison.
The default value is .
Destination IP Address
Only for Event Type $ 4
Enter the IP address to be checked for accessibility.
Source IP Address
Only for Event Type $ 4
Enter an IP address to be used as sender address for the ping
test.
Possible values:
⢠"" (default value): The IP address of the interface
over which the ping is sent is automatically entered as sender
address.
⢠! : Enter the desired IP address in the entry field.
Status
Only for Event Type $ 4
Select whether Destination IP Address must be 7 0 #)
(default value) or , 0 #) in order to initiate the action.
Interval
Only for Event Type $ 4
Enter the time in Seconds after which to send a new ping.
The default value is seconds.
Trials
Only for Event Type $ 4
Enter the number of ping tests to be performed until Destination IP Address is to be considered , 0 #) .
The default value is '.
Monitored Certificate
Only for Event Type ( " "
.
"
Select the certificate whose validity should checked.
Remaining Validity
Only for Event Type ( " "
.
"
Indicate the remaining validity of the certificate as a percentage.
bintec WLAN and Industrial WLAN
291
20 Local Services
Funkwerk Enterprise Communications GmbH
Fields in the TriggerSelect time interval menu
Field
Description
Time Condition
Only for Event Type 4
First select the type of time entry in Condition Type.
Possible values:
â˘
- : Select a weekday in Condition Settings.
⢠(default value): In Condition Settings, select a particular period.
⢠8- ="0: Select a specific day of the month in Condition Settings.
Possible values for Condition Settings in Condition Type =
-:
=- (default value) ... -.
Possible values for Condition Settings in Condition Type =
:
⢠8)- : The initiator becomes active daily (default value).
⢠=- - : The initiator becomes active daily from
Monday to Friday.
⢠=- " - : The initiator becomes active daily
from Monday to Saturday.
⢠" - - : The initiator becomes active on Saturdays and Sundays.
Possible values for Condition Settings in Condition Type =
8- ="0:
... '.
292
Start Time
Enter the time from which the initiator is to be activated. Activation is carried on the next scheduling interval. the default value
of this interval is 55 seconds.
Stop Time
Enter the time from which the initiator is to be deactivated. Deactivation is carried on the next scheduling interval. If you do not
enter a Stop Time or set Stop Time = Start Time, the initiator
is activated and deactivated after 10 seconds.
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
20.5.2 Actions
In the Local Services->Scheduling->Actionsmenu a list of all operations to be triggered
by events or event chains configured in Local Services->Scheduling->Trigger is displayed.
20.5.2.1 New
Choose the New button to configure additional operations.
The menu Local Services->Scheduling+Actions->New consists of the following fields:
Fields in the ActionsBasic Parameters menu
Field
Description
Command Type
Description
Enter your chosen designation for the action.
Select the desired action.
Possible values:
⢠7 #" (default value): Your device is rebooted.
⢠=6+52=: The desired value is entered for a MIB variable.
⢠6"
""
⢠) ""
⢠"
: The status of an interface is modified.
: The status of a WLAN SSID is modified.
,!" : A software update is initiated.
⢠( $ " =$ ": A configuration file is loaded
onto your device or backed up by your device.
⢠$ 4
": Accessibility of an IP address is checked.
⢠( " " =$ ": A certificate is to be renewed,
deleted or entered.
⢠.(% 2
2 $0# : A Neighbor Scan is launched
in a WLAN network controlled by the WLAN controller.
⢠.(% 3 "" : The status of a wireless network is modified.
Event List
Event List Condition
bintec WLAN and Industrial WLAN
Select the index of events or event chain configured in Local
Services->Scheduling->Trigger->Event List.
For event chains, select how many of the configured events
293
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
must occur for the operation to be triggered.
Possible values:
⢠)) (default value): The operation is triggered if all events occur.
⢠; : The operation is triggered if an event occurs.
⢠2 : The operation is triggered if none of the event occurs.
⢠; ": The operation is triggered if one of the events does
not occur.
Reboot device after
Only if Command Type = 7 #"
Indicate a timespan in seconds that must pass before the
device is restarted.
The default value is seconds.
MIB/SNMP Variable to
add/edit
Only if Command Type = =6+52=
Select the MIB table in which the MIB variable whose value is to
be modified is saved. First select the System, then the MIB Table. Only MIB tables present in the relevant area are displayed.
Command Mode
Only if Command Type = =6+52=
Select how the MIB entry is to be modified.
Possible settings:
⢠(0$
: "$
must be modified.
⢠( "
Index Variables
=6+
"- (default value): An existing entry
"-: A new entry must be created.
Only if Command Type = =6+52=
Where required, select MIB variables to be used as "index" in
order to uniquely identify a specific data set in MIB Table, e.g.
(6 6 :. The combination of Index Variable and Index
Value yields unique identification of a specific table entry.
Use Add to create more Index Variables.
Trigger Status
294
Only if Command Type = =6+52=
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Select the status the event must have in order to modify the MIB
variable as defined.
Possible values:
⢠"/ (default value): The value of the MIB variable is modified if the initiator is active.
⢠6"/ : The value of the MIB variable is modified if the
initiator is active.
⢠+"0 : The value of the MIB variable is differentially modified
as the initiator status evolves.
MIB Variables
Only if Command Type = =6+52=
Select the MIB variables whose value, dependent on the initiator status, is to be modified.
If the initiator is active (Trigger Status "/ ), the MIB variable with the value entered in Active Value is described.
If the initiator is inactive (Trigger Status 6"/ ), the MIB
variable with the value entered in Inactive Variable is described.
If the MIB variable is to be modified, depending on whether the
initiator is active or inactive (Trigger Status +"0 ), it is described with an active initiator with the value entered in Active
Value and with an inactive initiator with the value entered in Inactive Variable .
Use Add to create more entries.
Interface
Only if Command Type = 6"
""
Select the interface whose status should be changed.
Set interface status
Only if Command Type = 6"
""
Select the status to be set for the interface.
Possible values:
⢠,! (default value)
⢠8
bintec WLAN and Industrial WLAN
295
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
⢠7
Local WLAN SSID
Set status
Only for Command Type = ) "" Select the wireless
network whose status should be changed.
Only for Command Type = ) ""
the wireless network.
Select the status for
Possible values:
⢠"/" (default value)
⢠8 "/"
Source Location
Only if Command Type = "
,!"
Select the source for the software update.
Possible values:
⢠( " "
/ (default
value): The latest software will be downloaded from the Funkwerk server.
⢠<44 / : The latest software will be downloaded from
an HTTP server that you define in / ,7..
⢠<44 / : The latest software will be downloaded from
an HTTP server that you define in / ,7..
⢠44 / : The latest software will be downloaded from
an HTTP server that you define in / ,7..
Server URL
For Command Type = "
,!"
if Source Location not ( " "
/
Enter the URL of the server from which the desired software
version is to be drawn.
For Command Type = ( $ " =$ " with
Action = 6!" $ " or *:!" $
"
Enter the URL of the server from which a configuration file will
be obtained, or on which the configuration file is to be backed
up.
296
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
File Name
Description
For Command Type = "
,!"
Enter the file name of the software version.
For Command Type = ( " "
tion = 6!" " "
=$ " with Ac-
Enter the file name of the certificate file.
Action
For Command Type = ( $ " =$ "
Select which operation you wish to perform on a configuration
file.
Possible values:
⢠6!" $ " (default value)
⢠*:!" $ "
⢠7
$ "
⢠8 ) "
$ "
⢠(!- $ "
For Command Type = ( " "
=$ "
Select which operation you wish to perform on a certificate file.
Possible values:
⢠6!" " " (default value)
⢠8 ) "
" "
⢠(*
Protocol
Only for Command Type = ( " " =$ " and
( $ " =$ " if Action = 6!" $
"
Select the protocol for the data transfer.
Possible values:
⢠<44 (default value)
⢠<44
⢠44
bintec WLAN and Industrial WLAN
297
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
CSV File Format
Description
Only for Command Type = ( $ " =$ "
and Action = 6!" $ " or *:!" $
"
Select whether to transfer the file in CSV format, which can easily be read and modified. In addition, you can view the corresponding file clearly using Microsoft Excel for example.
The function is enabled by default.
Remote File Name
Only if Command Type = ( $ " =$ "
For Action = 6!" $ "
Enter the name of the file under which it is saved on the server
from which it is to be retrieved.
For Action = *:!" $ "
Enter the name of the file under which to save it on the server
on which it is to be saved.
Local File Name
Only for Command Type = ( $ " =$ "
and Action = 6!" $ ", 7 $
" or (!- $ "
When importing, renaming or copying, assign a name to the
configuration file under which it can be saved locally on the
device.
File Name in Flash
For Command Type = ( $ " =$ " and
Action = *:!" $ "
Select the source file to be exported.
For Command Type = ( $ " =$ " and
Action = 7 $ "
Select the file to be renamed.
For Command Type = ( $ " =$ " and
Action = 8 ) " $ "
Select the file to be deleted.
For Command Type = ( $ " =$ " and
298
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Action = (!- $ "
Select the file to be copied.
Configuration contains
Only for Command Type = ( $ " =$ "
certificates/keys
and Action = 6!" $ " or *:!" $
"
Select whether the certificates and keys contained in the configuration are to be imported or exported.
The function is disabled by default.
Encrypt configuration
Only for Command Type = ( $ " =$ "
and Action = 6!" $ " or *:!" $
"
Define whether the data of the selected Action are to be encrypted..
The function is disabled by default.
Reboot after execution
Only if Command Type = ( $ " =$ "
Select whether to restart your device after the desired Action.
The function is disabled by default.
Version Check
Only for Command Type = ( $ " =$ "
and Action = 6!" $ "
Select whether, when importing a configuration file, there should
be a check for the existence on the server of a newer version of
the already loaded configuration. If not, the file import is aborted.
The function is disabled by default.
Destination IP Address
Only if Command Type = $ 4
Enter the IP address to be checked for accessibility.
Source IP Address
Only if Command Type = $ 4
Enter an IP address to be used as sender address for the ping
test.
bintec WLAN and Industrial WLAN
299
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Possible values:
⢠"" (default value): The IP address of the interface
over which the ping is sent is automatically entered as sender
address.
⢠! : Enter the desired IP address in the entry field.
Interval
Only if Command Type = $ 4
Enter the time in Seconds after which to send a new ping.
The default value is second.
Count
Only if Command Type = $ 4
Enter the number of ping tests to be performed until Destination IP Address is to be considered unreachable.
The default value is '.
Server Address
Only for Command Type = ( " "
Action = 6!" " "
=$ " and
Enter the URL of the server from which a certificate file is to be
obtained.
Local Certificate Description
For Command Type = ( " "
tion = 6!" " "
=$ " and Ac-
Enter a description for the certificate under which to save it on
the device.
For Command Type = ( " "
tion = 8 ) " " "
=$ " and Ac-
Select the certificate to be deleted.
Password for protected Certificate
Only for Command Type = ( " "
Action = 6!" " "
=$ " and
Select whether to use a secure certificate requiring a password,
and enter into the entry field.
The function is disabled by default.
300
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Overwrite similar certiOnly for Command Type = ( " "
ficate
Action = 6!" " "
=$ " and
Select whether to overwrite a certificate already present on your
device with a new one.
The function is disabled by default.
Write certificate in conOnly for Command Type = ( " "
figuration
Action = 6!" " "
=$ " and
Choose whether to integrate the certificate into a configuration
file, and select the desired configuration file.
The function is disabled by default.
Certificate Request DeOnly for Command Type = ( " "
scription
Action = (*
=$ " and
Enter a description under which to save the SCEP certificate on
your device.
URL SCEP Server URL
Only for Command Type = ( " "
Action = (*
=$ " and
Enter the URL of the SCEP server, e.g. 0"
"!%55 !
%5 !5 !))
Your CA administrator can provide you with the necessary data.
Subject Name
Only for Command Type = ( " "
Action = (*
=$ " and
Enter a subject name with attributes.
Example: N(2O32 / L 8(O-L 8(OL
O8*N
CA Name
Only for Command Type = ( " "
Action = (*
=$ " and
Enter the name of the CA certificate of the certification authority
(CA) from which you wish to request your certificate, e.g.
. Your CA administrator can provide you with the
necessary data.
bintec WLAN and Industrial WLAN
301
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Password
Description
Only for Command Type = ( " "
Action = (*
=$ " and
You may need a password from the certification authority to obtain certificates. Enter the password you received from the certification authority here.
Key Size
Only for Command Type = ( " "
Action = (*
=$ " and
Select the length of the key to be created. Possible values are
& (default value) & and &..
Autosave Mode
Only for Command Type = ( " "
Action = (*
=$ " and
Select whether your device automatically stores the various
steps of the enrolment internally. This is an advantage if enrolment cannot be concluded immediately. If the status has not
been saved, the incomplete registration cannot be completed.
As soon as the enrolment is completed and the certificate has
been downloaded from the CA server, it is automatically saved
in the device configuration.
The function is enabled by default.
Use CRL
Only for Command Type = ( " "
Action = (*
=$ " and
Define the extent to which certificate revocation lists (CRLs) are
to be included in the validation of certificates issued by the owner of this certificate.
Possible values:
⢠" (default value): If the CA certificate contains an entry for
a CDP, CRL Distribution Point, it should be evaluated in addition to the CRLs already globally configured on the device.
⢠I
: CRLs are always checked.
⢠2: No CRL check.
WLC SSID
Only if Command Type = .(% 3 ""
Select the wireless network administered via the WLAN control-
302
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
ler whose status should be changed.
Set status
Only if Command Type = .(% 3 ""
Select the status for the selected wireless network.
Possible values:
⢠"/" (default value)
⢠8 "/"
20.5.3 Options
You configure the schedule interval in the Local Services->Scheduling->Options.
The Local Services->Scheduling->Options menu includes the following fields:
Fields in the OptionsScheduling Options menu
Field
Description
Schedule Interval
Select whether the schedule interval is to be enabled for the interface.
Enter the interval in seconds during which the system checks
whether there are planned tasks.
Possible values are to '.
The value ' is recommended (5 minute accuracy). Values
lower than 60 are generally pointless and are an unnecessary
use of system resources.
20.6 Surveillance
In this menu, you can configure an automatic availability check for hosts or interfaces and
automatic ping tests.
Note
This function cannot be configured on your device for connections that are authenticated via a RADIUS server.
bintec WLAN and Industrial WLAN
303
20 Local Services
Funkwerk Enterprise Communications GmbH
20.6.1 Hosts
In the Local Services->Surveillance->Hosts menu, a list of all monitored hosts is displayed.
20.6.1.1
Choose the
or New
icon to edit existing entries. Choose the New button to create additional
monitoring tasks.
The menu Local Services->Surveillance->Hosts->New consists of the following fields:
Field in the HostsHost Parameters menu
Field
Description
Group ID
Select an ID for the group of hosts whose availability is to be
monitored by your device.
The group IDs are automatically created from to . If an
entry has not yet been created, a new group is created using
the 2
68 option. If entries have been created, you can select
one from the list of created groups.
Each host to be monitored must be assigned to a group.
The operation configured in Interface is only executed if no other group member can be reached.
Fields in the HostsTrigger menu
Field
Description
Monitored IP Address
Enter the IP address of the host to be monitored.
Source IP Address
Select how the IP address is to be determined that your device
uses as the source address of the packet sent to the host to be
monitored.
Possible values:
⢠"" (default value): The IP address is determined
automatically.
⢠! : Enter the IP address in the adjacent input field.
304
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Interval
Enter the time interval (in seconds) to be used for checking
availability of the host.
Possible values are to '.
The default value is .
The smallest Interval of the group members is used within a
group.
Trials
Enter the number of pings that must remain unanswered for the
host to be regarded as unavailable.
Possible values are to '.
The default value is '.
Controlled Interfaces
Select the interface(s) for which the action defined in Interface
is to be performed.
All physical and virtual interfaces can be selected.
Select whether each interface is to be enabled ( *#) ) disabled ( 8 #) default value), set back ( 7
") or the connection restored ( 7 )).
20.6.2 Interfaces
In the Local Services->Surveillance->Interfaces menu, a list of all monitored interfaces is
displayed.
20.6.2.1
Choose the
or New
icon to edit existing entries. Choose the New button to set up monitoring for
other interfaces.
The menu Local Services->Surveillance->Interfaces->New consists of the following
fields:
Fields in the InterfaceBasic Parameters menu
Field
Description
Monitored Interface
Select the interface on your device that is to be monitored.
bintec WLAN and Industrial WLAN
305
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Trigger
Select the status or status transition of Monitored Interface
that is to trigger a particular Interface Action.
Possible values:
Interface Action
⢠6"
$
⢠6"
$
! (default value)
Select the action that is to follow the status or status transition
defined in Trigger.
The action is applied to the interface(s) selected in Interface.
Possible values:
⢠*#) (default value): Activation of interface(s)
⢠8 #) : Deactivation of interface(s)
Interface
Select the interface(s) for which the action defined in Interface
is to be performed.
All physical and virtual interfaces can be selected, along with
the )) 6" and )) 6 6" options .
20.6.3 Ping Generator
In the Local Services->Surveillance->Ping Generator menu, a list of all configured, automatically generated pings is displayed.
20.6.3.1
Choose the
or New
icon to edit existing entries. Choose the New button to create additional
pings.
The menu Local Services->Surveillance->Ping Generator->New consists of the following fields:
Fields in the Ping GeneratorBasic Parameters menu
Field
Description
Destination IP Address Enter the IP address to which the ping is automatically sent.
306
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Source IP Address
Enter the source IP address of the outgoing ICMP echo request
packets.
Possible values:
⢠"": The IP address is determined automatically.
⢠! (default value): Enter the IP address in the adjacent input field e.g. to test a particular extended route.
Interval
Enter the interval in seconds during which the ping is sent to the
address specified in Remote IP Address.
Possible values are to '.
The default value is .
20.7 Funkwerk Discovery
20.7.1 Device Discovery
The funkwerk Discovery protocol is used to identify and configure bintec access points that
are in the same wired network as your device. Once an access point has been discovered,
certain basic parameters (node name, IP address, netmask, and device address) can be
configured on the access point (provided you know the administrator password).
Note
Any bintec access points that exist are determined by means of a multicast. The IP
address of the access point is therefore irrelevant.
Please note that the discovered bintec access points are not stored in the flash, which
means discovery must be repeated after you reboot your device.
In the Local Services->Funkwerk Discovery ->Device Discovery menu, a list of all discovered access points in the network is displayed under Results. In the Interface field, select the interface of your device via which access point discovery is to be carried out. You
use the )) option to query all interfaces.
The current discovery status is displayed for each individual interface under Discovery
Status. Here, 2 means that no discovery is active. 8 / - is displayed if a discov-
bintec WLAN and Industrial WLAN
307
20 Local Services
Funkwerk Enterprise Communications GmbH
ery is currently performed.
This discovery function also enables your device to be discovered and configured by other
access points with a discovery function. You configure this in the Options submenu.
20.7.1.1 Discover
Click the Discover button to launch the bintec access point discovery.
If access points were discovered in the network, they are displayed in the list. You use the
button to go to the configuration menu for the access point.
This Local Services->Funkwerk Discovery ->Device Discovery->
menu includes the
following fields:
Fields in the Device DiscoveryBasic Parameters menu
Field
Description
Interface
The value of this field can only be read.
Shows the interface of your device on which discovery is carried
out.
MAC Address
The value of this field can only be read.
Shows the MAC address of the discovered access point.
Node Name
You can change the name of the discovered access point.
IP Address
You can change the IP address of the discovered access point.
Netmask
You can change the related netmask.
Gateway
You can change the gateway address of the discovered access
point.
Authentication Password
You must enter the administrator password for the access point,
The configuration operation cannot be performed without a
password.
Last Write Result
The value of this field can only be read.
Displays the result of the last configuration operation.
308
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Possible values:
⢠2 : The access point reported a successful operation,
or a configuration change has not yet been performed with
OK .
⢠4 ": The access point has not responded.
â˘
: The access point reported an authorisation
error. Check the authentication password.
⢠6/) 6 " : There is a problem with the intended IP parameters (IP address, netmask, or gateway address).
⢠8 "" , 0#) : The access point cannot be
reached for internal reasons (e.g. the interface to which the
access point is connected is down). A configuration request
cannot be sent to the access point.
⢠;"0 *: The access point responds to the configuration request with an unexpected or non-specific error.
⢠6" ) *: An internal device problem prevented the
configuration option from being carried out.
20.7.2 Options
In this menu, you can grant permission for your device to be discovered by other bintec
devices using the funkwerk Discovery protocol and to be configured by means of this.
The Local Services->Funkwerk Discovery ->Optionsmenu consists of the following
fields:
Fields in the OptionsDiscovery Server Options menu
Field
Description
Enable Discovery
Server
Select whether your device is to be discovered and configured
by other bintec devices in the network.
The function is enabled with *#) .
The function is disabled by default.
bintec WLAN and Industrial WLAN
309
20 Local Services
Funkwerk Enterprise Communications GmbH
20.8 HotSpot Gateway
The bintec HotSpot Solution allows provision of public Internet accesses (using WLAN or
wired Ethernet). The solution is adapted to setup of smaller and larger Hotspot solutions for
cafes, hotels, companies, communal residences, campgrounds, etc.
The bintec HotSpot Solution consists of a bintec gateway installed onsite (with its own
WLAN access point or additional connected WLAN device or wired LAN) and of the Hotspot server, centrally located at a computing centre. The operator account is administered
on the server via an administration terminal (e.g., a hotel reception PC); this includes functions such as registration entry, generating tickets, statistical analysis, etc.
Login sequence at the Hotspot server
⢠When a new user connects with the Hotspot, he/she is automatically assigned an IP address via DHCP.
⢠As soon as he attempts to access any Internet site with a browser, the user is redirected
to the home/login page.
⢠After the user has entered the registration data (user/password), these are sent to the
central RADIUS server (Hotspot server) as RADIUS registration.
⢠Following successful registration, the gateway opens Internet access.
⢠For each user, the gateway sends regular additional information to the RADIUS server
for recording accounting data.
⢠When the ticket expires, the user is automatically logged off and again redirected to the
home/login page.
Requirements
To operate a Hotspot, the customer requires:
⢠a bintec device as hotspot gateway with an active Internet access and configured hotspot
server entries for login and accounting (see menuSystem Management->Remote Authentication->RADIUS->New with Group Description 8 )" $ ! )
⢠bintec Hotspot hosting (article number 5510000198)
⢠Access data
⢠Documentation
⢠Software licensing
Please note that you must first activate the licence.
310
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
- Go to www.funkwerk-ec.com then Service/Support -> Services -> Online Services.
- Enter the required data (please note the relevant explanations on the license sheet),
and follow the instructions of the online licensing.
- You then receive the Hotspot server's login data.
Note
Activation may require 2-3 business days.
Access data for gateway configuration
RADIUS Server IP
62.245.165.180
RADIUS Server Password
Set by Funkwerk Enterprise Communications
GmbH
Domain
Individually set for customers by customer/dealer
Walled Garden Network
Individually set for customers by customer/dealer
Walled Garden Server URL
Individually set for customers by customer/dealer
Terms & Conditions URL
Individually set for customers by customer/dealer
Access data for configuration of the Hotspot server
Admin URL
https://hotspot.funkwerk-ec.com/
Username
Individually set by FEC
Password
Individually set by FEC
Note
Also refer to the WLAN Hotspot Workshop that is available to download from
www.funkwerk-ec.com .
20.8.1 HotSpot Gateway
In the HotSpot Gateway menu, you configure the bintec gateway installed onsite for the
bintec Hotspot Solution.
bintec WLAN and Industrial WLAN
311
20 Local Services
Funkwerk Enterprise Communications GmbH
A list of all configured hotspot networks is displayed in the Local Services->HotSpot
Gateway->HotSpot Gateway menu.
You can use the Enabled option to enable or disable the corresponding entry.
20.8.1.1
or New
In the Local Services->HotSpot Gateway->HotSpot Gateway->
menu, you configure
the hotspot network. Choose the New button to set up additional Hotspot networks.
The Local Services->HotSpot Gateway->HotSpot Gateway->
menu includes the fol-
lowing fields:
Fields in the HotSpot GatewayBasic Parameters menu
Field
Interface
Description
Choose the interface to which the Hotspot LAN or WLAN is connected. When operating over LAN, enter the Ethernet interface
here (e.g. en1-0). If operating over WLAN, the WLAN interface
to which the access point is connected must be selected.
Caution
For security reasons you cannot configure your device over
an interface that is configured for the Hotspot. Therefore
take care when selecting the interface you want to use for
the Hotspot.
If you select the interface over which the current configuration session is running, the current connection will be lost.
You must then log in again over a reachable interface that
is not configured for the Hotspot to configure your device.
Domain at the HotSpot Enter the domain name that you used when setting up the HotServer
Spot server for this customer. The domain name is required so
that the Hotspot server can distinguish between the different clients (customers).
Walled Garden
Enable this function if you want to define a limited and free area
of websites (intranet).
The function is not activated by default.
312
bintec WLAN and Industrial WLAN
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
Walled Network / Netmask
Only if Walled Garden is enabled.
Enter the network address of the Walled Network, the corresponding Netmask of the intranet server.
For the address range resulting from Walled NetworkNetmask,
clients require no authentication.
Example: Enter 192.168.0.0 / 255.255.255.0, if all IP addresses
from 192.168.0.0 to 19.168.0.255 are free. Enter 192.168.0.1 /
255.255.255.255, if only the IP address 192.168.0.1 is free.
Walled Garden URL
Only if Walled Garden is enabled.
Enter the Walled Garden URL of the intranet server. Freely accessible websites must be reachable over this address.
Terms &Conditions
Only if Walled Garden is enabled.
In the Terms &Conditions input field, enter the address of the
general terms and conditions on the intranet server, or public
server, e.g., http://www.webserver.de/agb.htm. The page must
lie within the address range of the walled garden network.
Language for login
window
Here you can choose the language for the start/login page.
The following languages are supported: *$) 0, 8 " 0,
6"), P , * !Q), " $ R and 2
) .
The language can be changed on the start/login page at any
time.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu
Field
Ticket Type
Description
Select the ticket type.
Possible values:
⢠3 0 : Only the user name must be entered. Define a default password in the input field.
⢠,
bintec WLAN and Industrial WLAN
5
(default value): User name and pass-
313
20 Local Services
Funkwerk Enterprise Communications GmbH
Field
Description
word must be entered.
Allowed HotSpot Client
Here you can define which type of users can log in to the Hotspot.
Possible values:
⢠)): All clients are approved.
⢠8<( () ": Prevents users who have not received an IP
address from DHCP from logging in.
20.8.2 Options
In the Local Services->HotSpot Gateway->Options menu, general settings for the hotspot are performed.
The Local Services->HotSpot Gateway->Options menu includes the following fields:
Fields in the OptionsBasic Parameters menu
314
Field
Description
Host for multiple locations
If several locations (branches) are set up on the Hotspot server,
enter the value of the NAS identifier (RADIUS server parameter)
that has been registered for this location on the Hotspot server.
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
21 Maintenance
Chapter 21 Maintenance
This menu provides you with numerous functions for maintaining your device. It firstly
provides a menu for testing availability within the network. You can manage your system
configuration files. If more recent system software is available, you can use this menu to install it. If you need other languages for the configuration interface, you can import these.
You can also trigger a system reboot in this menu.
21.1 Diagnostics
In the Maintenance->Diagnostics menu, you can test the availability of individual hosts,
the resolution of domain names and certain routes.
21.1.1 Ping Test
You can use the ping test to check whether a certain host in the LAN or an internet address
can be reached. The Outputfield displays the ping test messages. The ping test is
launched by entering the IP address to be tested in Test Ping Address and clicking the
Go button.
21.1.2 DNS Test
The DNS test is used to check whether the domain name of a particular host is correctly resolved. The Outputfield displays the DSN test messages. The DSN test is launched by entering the domain name to be tested in DNS Address and clicking the Go button.
21.1.3 Traceroute Test
You use the traceroute test to display the route to a particular address (IP address or domain name), if this can be reached. The Outputfield displays the traceroute test messages.
The traceroute test is launched by entering the address to be tested in Traceroute Address and clicking the Go button.
21.2 Software &Configuration
bintec WLAN and Industrial WLAN
315
21 Maintenance
Funkwerk Enterprise Communications GmbH
21.2.1 Options
You can use this menu to manage the software version of your device, your configuration
files and the language of the Funkwerk Configuration Interface .
Your device contains the version of the system software available at the time of production.
More recent versions may have since been released. You may therefore need to carry out
a software update.
Every new system software includes new features, better performance and any necessary
bugfixes from the previous version. You can find the current system software at
www.funkwerk-ec.com . The current documentation is also available here.
Important
If you want to update your software, make sure you consider the corresponding release notes. These describe the changes implemented in the new system software.
The result of an interrupted update (e.g. power failure during the update) could be that
your gateway no longer boots. Do not turn your device off during the update.
An update of BOOTmonitor and/or Logic is recommended in a few cases. In this case,
the release notes refer expressly to this fact. Only update BOOTmonitor or Logic if
Funkwerk Enterprise Communications GmbH explicitly recommends this.
Flash
Your device saves its configuration in configuration files in the flash EEPROM (Electrically
Erasable Programmable Read Only Memory). The data even remains stored in the flash
when your device is switched off.
RAM
The current configuration and all changes you set on your device during operation are
stored in the working memory (RAM). The contents of the RAM are lost if the device is
switched off. So if you modify your configuration and want to keep these changes for the
next time you start your device, you must save the modified configuration in the flash
memory before switching off: Save configuration button in the Funkwerk Configuration
Interface navigation area. This configuration is then saved in the flash in a file with the
name #". When you start your device, the #" configuration file is used by default.
Operations
316
bintec WLAN and Industrial WLAN
21 Maintenance
Funkwerk Enterprise Communications GmbH
The files in the flash memory can be copied, moved, erased and newly created. It is also
possible to transfer configuration files between your device and a host via HTTP.
Configuration file format
The file format of the configuration file allows encryption and ensures compatibility when
restoring the configuration on the gateway in various system software versions. This is a
CSV format, which can be read and modified easily. In addition, you can view the corresponding file clearly using Microsoft Excel for example. The administrator can store encrypted backup files for the configuration. When the configuration is sent by e-mail (e.g for support purposes) confidential configuration data can be protected fully if required. You can
save or import files with the actions "Export configuration", "Export configuration with status
information" and "Load configuration". If you want to save a configuration file with the action
""Export configuration" or "Export configuration with status information", you can choose
whether the configuration file is saved encrypted or without encryption.
Caution
If you have saved a configuration file in an old format via the SNMP shell with the
command, there is no guarantee that it can be reloaded to the device. As a result, the
old format is no longer recommended.
The Maintenance->Software &Configuration ->Optionsmenu consists of the following
fields:
Fields in the OptionsCurrently Installed Software menu
Field
Description
BOSS
Shows the current software version loaded on your device.
System Logic
ADSL Logic
Shows the current system logic loaded on your device.
Shows the current version of the ADSL logic loaded on your
device.
Fields in the OptionsSoftware and Configuration Options menu
Field
Action
Description
Select the action you wish to execute.
After each task, a window is displayed showing the other steps
that are required.
bintec WLAN and Industrial WLAN
317
21 Maintenance
Funkwerk Enterprise Communications GmbH
Field
Description
Possible values:
⢠2 " (default value):
⢠6!" $ ": Under Filename select a configuration file you want to import. Note: Click Go to first load the
file under the name #" in the flash memory for the device.
You must restart the device to enable it.
Note: The files to be imported must be in CSV format!
⢠6!" )$ $ : You can import additional language versions of the Funkwerk Configuration Interface into your
device. You can download the files to your PC from the download area at www.funkwerk-ec.com and from there import
them to your device.
⢠,!"
- " " : You can launch an update of
the system software, the ADSL logic and the BOOTmonitor.
⢠*:!" $ ": The configuration file Current
File Name in Flash is transferred to your local host. If you
press the Go button, a dialog box is displayed, in which you
can select the storage location on your PC and enter the desired file name.
⢠*:!" $ " "0 "" ":
The active configuration from the RAM is transferred to your
local host. If you press the Go button, a dialog box is displayed, in which you can select the storage location on your
PC and enter the desired file name.
⢠7 " # !: Only if, under Save configuration with
the setting / $ " #
! ! /
#" $ ", the current configuration was
saved as boot configuration and the previous boot configuration was also archived. You can load the archived boot configuration again.
⢠(!-: The configuration file in the Source File Name field is
saved asDestination File Name.
⢠7 : The configuration file in the Select file field is renamed to New File Name.
⢠8 ) " $ ": The configuration in the Select
file field is deleted.
⢠8 ) "
318
) : The file in the Select file field is deleted.
bintec WLAN and Industrial WLAN
21 Maintenance
Funkwerk Enterprise Communications GmbH
Field
Configuration Encryption
Description
Only for Action = 6!" $ ", *:!"
$ ", *:!" $ " "0 ""
". Define whether the data of the selected Action
are to be encrypted..
The function is activated by selecting *#) .
The function is disabled by default.
If the function is enabled, you can enter the Password in the
text field.
Filename
Source Location
Only for Action = 6!" $ ", 6!" )
$ $ ,!"
- " " . Enter the path and name
of the file or select the file with Browse... via the explorer/finder.
Only for Action = ,!"
- "
"
Select the source for the update.
Possible values:
⢠.) ) (default value): The system software file is
stored locally on your PC.
⢠<44 / : The file is stored on a remote server specified
in the URL.
⢠( " "
on the official Funkwerk update server.
URL
Current File Name in
Flash
Include certificates
and keys
/ : The file is
Only for Source Location = <44 /
Enter the URL of the update server from which the system software file is loaded.
For Action = *:!" $ " select the configuration file to be exported.
For Action = *:!" $ ", *:!" $
" "0 "" " define whether the selected Action shall also apply to certificates and keys.
The function is activated by selecting *#) .
The function is enabled by default.
bintec WLAN and Industrial WLAN
319
21 Maintenance
Funkwerk Enterprise Communications GmbH
Field
Source File Name
Destination File Name
Select file
New File Name
Description
Only for Action = (!- select the source file to be copied.
Only for Action = (!- Enter the name of the copy.
Only for Action = 7 , 8 ) " $ " or 8
) "
) select the file or configuration to be renamed or deleted.
Only for Action = 7 Enter the new name of the configuration file.
21.3 Reboot
21.3.1 System Reboot
In this menu, you can trigger an immediate reboot of your device. Once your system has
restarted, you must call the Funkwerk Configuration Interface again and log in.
Pay attention to the LEDs on your device. For information on the meaning of the LEDs, see
the Technical Data chapter of the manual.
Note
Before a reboot, make sure you confirm your configuration changes by clicking the
Save configuration button, so that these are not lost when you reboot.
If you wish to restart your device, click on the OK button. The device will reboot.
320
bintec WLAN and Industrial WLAN
Funkwerk Enterprise Communications GmbH
22 External Reporting
Chapter 22 External Reporting
22.1 Syslog
Events in various subsystems of your device (e.g. PPP) are logged in the form of syslog
messages (system logging messages). The number of messages visible depends on the
level set (eight steps from * $ - over 6 " to 8 # $).
In addition to the data logged internally on your device, all information can and should be
transmitted to one or more external PCs for storage and processing, e.g. to the system administratorâs PC. The syslog messages saved internally on your device are lost when you
reboot.
Warning
Make sure you only pass syslog messages to a safe computer. Check the data regularly and ensure that there is always enough spare capacity available on the hard disk
of your PC.
Syslog Daemon
All Unix operating systems support the recording of syslog messages. For Windows PCs,
the Syslog Demon included in the DIME Tools can record the data and distribute to various
files depending on the contents (can be called in the download area at
www.funkwerk-ec.com ).
22.1.1 Syslog Servers
Configure your device as a syslog server so that defined system messages can be sent to
suitable hosts in the LAN.
In this menu, you define which messages are sent to which hosts and with which conditions.
A list of all configured system log servers displayed in the External
Reporting->Syslog->Syslog Servers menu.
bintec WLAN and Industrial WLAN
321
22 External Reporting
Funkwerk Enterprise Communications GmbH
22.1.1.1 New
Select the New button to set up additional syslog servers.
The menu External Reporting->Syslog->Syslog Servers->New consists of the following
fields:
Fields in the Syslog ServersBasic Parameters menu
Field
Description
IP Address
Enter the IP address of the host to which syslog messages are
passed.
Level
Select the priority of the syslog messages that are to be sent to
the host.
Possible values:
⢠* $ - (highest priority)
⢠) "
⢠(")
⢠*
⢠$
⢠2"
⢠6 " (default value)
⢠8 # $ (lowest priority)
Syslog messages are only sent to the host if they have a higher
or identical priority to that indicated, i.e. at syslog level 8 # $
all messages generated are forwarded to the host.
Facility
Enter the syslog facility on the host.
This is only required if the Log Host is a Unix computer.
Possible values: )) C
The default value is )).
Timestamp
Select the format of the time stamp in the syslog.
Possible values:
322
bintec WLAN and Industrial WLAN
22 External Reporting
Funkwerk Enterprise Communications GmbH
Field
Description
⢠2 (default value): No system time indicated.
⢠4 : System time without date.
⢠8"
Protocol
K4 : System time with date.
Select the protocol for the transfer of syslog messages. Note
that the syslog server must support the protocol.
Possible values:
⢠,8 (default value)
⢠4(
Type of Messages
Select the message type.
Possible values:
⢠- " K "$ (default value)
⢠- "
⢠"$
22.2 IP Accounting
In modern networks, information about the type and number of data packets sent and received over the network connections is often collected for commercial reasons. This information is extremely important for Internet Service Providers that bill their customers by data
volume.
However, there are also non-commercial reasons for detailed network accounting. If, for
example, you manage a server that provides different kinds of network services, it is useful
for you to know how much data is generated by the individual services.
Your device contains the IP Accounting function, which enables you to collect a lot of useful
information about the IP network traffic (each individual IP session).
22.2.1 Interfaces
In this menu, you can configure the IP Accounting function individually for each interface.
In the External Reporting->IP Accounting->Interfaces menu, a list of all interfaces configured on your device is shown. For each entry, you can activate IP Accounting by setting
the checkmark. In the IP Accounting column, you do not need to click each entry individu-
bintec WLAN and Industrial WLAN
323
22 External Reporting
Funkwerk Enterprise Communications GmbH
ally. Using the options Select all or Deselect all you can enable or disable the IP accounting function for all interfaces simultaneously.
22.2.2 Options
In this menu, you configure general settings for IP Accounting.
In the External Reporting->IP Accounting->Options menu, you can define the Log
Format of the IP accounting messages. The messages can contain character strings in
any order, sequences separated by a slash, e.g. S" or S or defined tags.
Possible format tags:
Format tags for IP Accounting messages
Field
Description
%d
Date of the session start in the format DD.MM.YY
%t
Time of the session start in the format HH:MM:SS
%a
Duration of the session in seconds
%c
Protocol
%i
Source IP Address
%r
Source Port
%f
Source interface index
%I
Destination IP Address
%R
Destination Port
%F
Destination interface index
%p
Packets sent
%o
Octets sent
%P
Packets received
%O
Octets received
%s
Serial number for accounting message
%%
By default, the following format instructions are entered in the Log Format field: 62*4%
TT"TTT%T5T ? T6%T75TT!TTT;UT V
324
bintec WLAN and Industrial WLAN
22 External Reporting
Funkwerk Enterprise Communications GmbH
22.3 E-mail Alert
It was previously possible to send syslog messages from the router to any syslog host. Depending on the configuration, E-mails are sent to the administrator as soon as relevant syslog messages occur.
22.3.1 E-mail Alert Server
The menu E-mail Alert Server consists of the following fields:
The menu External Reporting->E-mail Alert->E-mail Alert Server consists of the following fields:
Fields in the E-mail Alert ServerBasic Parameters menu
Field
Description
Alert Service
Enable or disable the function.
Sender E-Mail Address Enter the mail address to be entered in the sender field of the Email.
Maximum Messages
per Minute
Limit the number of outgoing mails per minute. Possible values
are to , the default value is .
Fields in the E-mail Alert ServerSMTP Settings menu
Field
SMTP Server
Description
Enter the address (IP address or valid DNS name) of the mail
server to be used for sending the mails.
The entry is limited to 40 characters.
SMTP Authentication
Authentication expected by the SMTP server.
Possible values:
⢠2 (default value): The server accepts and send emails
without further authentication.
⢠*=4: The server only accepts e-mails if the router logs in
with the correct user name and password.
⢠=4 " ;: The server requires that e-mails are
called via POP3 by the sending IP with the correct POP3 user
name and password before sending an e-mail.
bintec WLAN and Industrial WLAN
325
22 External Reporting
Funkwerk Enterprise Communications GmbH
Field
User Name
Description
Only if SMTP Authentication = *=4 or =4 " ;.
Enter the user name for the POP3 or SMTP server.
Password
Only if SMTP Authentication = *=4 or =4 " ;.
Enter the password of this user.
POP3 Server
Only if SMTP Authentication = =4 " ;
Enter the address of the server from which the e-mails are to be
retrieved.
POP3 Timeout
Only if SMTP Authentication = =4 " ;
Enter how long the router must wait after the POP3 call before it
is forced to send the alert mail.
The default value is seconds.
22.3.2 E-mail Alert Recipient
In the E-mail Alert Recipient menu, a list of Syslog messages is displayed.
22.3.2.1 New
Choose the New button to create additional e-mail alert recipients.
The menu External Reporting->E-mail Alert->E-mail Alert Recipient consists of the following fields:
Fields in the E-mail Alert RecipientAdd / Edit E-mail Alert Recipient menu
Field
Description
Recipient
Enter the E-mail address of the recipient. The entry is limited to
40 characters.
E-Mail Subject
Event
Enter a re. for the email.
Select the event to trigger an email notification.
Possible values:
⢠- )$ "
326
"$ (default value): A Syslog mes-
bintec WLAN and Industrial WLAN
22 External Reporting
Funkwerk Enterprise Communications GmbH
Field
Description
sage includes a specific string.
⢠2
2 $0#
found.
: A new adjacent AP has been
⢠2
)/ @4A : A new unconfigured AP has
reported to the WLAN controller.
⢠=$
ible.
Matching String
) : A managed AP is no longer access-
You must enter a "Matching String". This must occur in a syslog
message as a necessary condition for triggering an alert.
The entry is limited to 55 characters. Bear in mind that without
the use of wildcards (e.g. "*"), only those strings that correspond
exactly to the entry fulfil the condition. The "Matching String"
entered therefore usually contains wildcards. To be informed of
all syslog messages of the selected level, just enter "*".
Severity
Select the severity level which the string configured in the
Matching String field must reach to trigger an e-mail alert.
Possible values:
* $ - (default value), ) ", ("), *,
$, 2" , 6 ", 8 # $
Message Timeout
Enter how long the router must wait after a relevant event before it is forced to send the alert mail.
Possible values are to &. The value 0 disables the
timeout.
Number of Messages
Enter the number of syslog messages that must be reached before an E-mail can be sent for this case. If timeout is configured,
the mail is sent when this expires, even if the number of messages has not been reached.
Possible values are to ; the default value is .
Message Compression
Select whether the text in the alert E-mail is to be shortened.
The e-mail then contains the syslog message only once plus the
number of relevant events.
Enable or disable the field.
bintec WLAN and Industrial WLAN
327
22 External Reporting
Funkwerk Enterprise Communications GmbH
Field
Description
The function is enabled by default.
Fields in the E-mail Alert RecipientMonitored Subsystems menu
Field
Subsystem
Description
Select the subsystems to be monitored.
Add new subsystems with Add.
22.4 SNMP
SNMP (Simple Network Management Protocol) is a protocol from the IP protocol family for
transporting management information about network components.
Every SNMP management system contains an MIB. SNMP can be used to configure, control and administrate various network components from one system. Such an SNMP tool is
included on your device: the Configuration Manager. As SNMP is a standard protocol, you
can use any other SNMP managers, e.g. HPOpenView.
For more information on the SNMP versions, see the relevant RFCs and drafts:
⢠SNMP V. 1: RFC 1157
⢠SNMP V. 2c: RFC 1901 - 1908
⢠SNMP V. 3: RFC 3410 - 3418
22.4.1 SNMP Trap Options
In the event of errors, a message - known as a trap packet - is sent unrequested to monitor
the system.
In the External Reporting->SNMP->SNMP Trap Options menu, you can configure the
sending of traps.
The External Reporting->SNMP->SNMP Trap Options menu includes the following
fields:
Fields in the SNMP Trap OptionsBasic Parameters menu
Field
Description
SNMP Trap Broadcast- Select whether the transfer of SNMP traps is to be activated.
ing
328
bintec WLAN and Industrial WLAN
22 External Reporting
Funkwerk Enterprise Communications GmbH
Field
Description
Your device then sends SNMP traps to the LAN's broadcast address.
The function is activated by selecting *#) .
The function is disabled by default.
SNMP Trap UDP Port
Only if SNMP Trap Broadcasting is enabled.
Enter the number of the UDP port to which your device is to
send SNMP traps.
Any whole number is possible.
The default value is .
SNMP Trap Community
Only if SNMP Trap Broadcasting is enabled.
Enter a new SNMP code. This must be sent by the SNMP Manager with every SNMP request so that this is accepted by your
device.
A character string of between and characters is possible
here.
The default value is 2= 4!.
22.4.2 SNMP Trap Hosts
In this menu, you specify the IP addresses to which your device is to send the SNMP traps.
In the External Reporting->SNMP->SNMP Trap Hosts menu, a list of all configured SNMP trap hosts is displayed.
22.4.2.1 New
Select the Newbutton to create additional SNMP trap hosts.
The menu External Reporting->SNMP->SNMP Trap Hosts->New consists of the following fields:
Fields in the SNMP Trap HostsBasic Parameters menu
bintec WLAN and Industrial WLAN
329
22 External Reporting
Funkwerk Enterprise Communications GmbH
Field
Description
IP Address
Enter the IP address of the SNMP trap host.
22.5 Activity Monitor
This menu contains the settings needed to monitor your device with the Windows tool
Activity Monitor (part of BRICKware for Windows).
Purpose
The Activity Monitor enables Windows users to monitor the activities of your device. Important information about the status of physical interfaces (e.g. ISDN line) and virtual interfaces is easily obtained with one tool. A permanent overview of the utilisation of your
device is possible.
Method of operation
A Status Daemon collects information about your device and transfers it as UDP packets to
the broadcast address of the first LAN interface (default setting) or to an explicitly entered
IP address. One packet is sent per time interval, which can be adjusted individually to values from 1 - 60 seconds. Up to 100 physical and virtual interfaces can be monitored,
provided the packet size of 4096 bytes is not exceeded. The Activity Monitor on your PC
receives the packets and can display the information contained in them in various ways according to the configuration.
Activate the Activity Monitor as follows:
⢠configure the relevant device(s) to be monitored.
⢠Start and configure the Windows application on your PC (you can download BRICKware
for Windows to your PC from the download area at www.funkwerk-ec.com and from
there import it to your device).
22.5.1 Options
The menu External Reporting->Activity Monitor->Options consists of the following
fields:
Fields in the OptionsBasic Parameters menu
330
bintec WLAN and Industrial WLAN
22 External Reporting
Funkwerk Enterprise Communications GmbH
Field
Description
Monitored Interfaces
Select the type of information to be sent in the UDP packets to
the Windows application.
Possible values:
⢠2 (default value): Deactivates the sending of information
to the Activity Monitor.
⢠0- ): Only information about the physical interfaces is
sent.
⢠0- )52532: Information about physical and virtual
interfaces is sent
Send information to
Select where your device sends the UDP packets.
Possible values:
⢠)) 6
@+ "A (default value): The default value means that the broadcast address of the first LAN interface is used.
⢠$) < ": The UDP packets are sent to the IP address
entered in the adjacent input field.
Update Interval
Enter the update interval (in seconds).
Possible values are to .
The default value is .
UDP Destination Port
Enter the port number for the Windows application Activity
Monitor.
The default value is C (registered by IANA - Internet Assigned Numbers Authority).
Password
bintec WLAN and Industrial WLAN
Enter the password for the Activity Monitor.
331
23 Monitoring
Funkwerk Enterprise Communications GmbH
Chapter 23 Monitoring
This menu contains information that enable you to locate problems in your network and
monitor activities, e.g. at your device's WAN interface.
23.1 Internal Log
23.1.1 System Messages
In the Monitoring->Internal Log->System Messages menu, a list of all internally stored
system messages is displayed. Above the table, you'll find the configured Maximum Number of Syslog Entries and the configured Maximum Message Level of Syslog Entries .
These values can be changed in the System Management->Global Settings->System
menu.
Values in the System Messages list
Field
Description
No.
Displays the serial number of the system message.
Date
Displays the date of the record.
Time
Displays the time of the record.
Level
Displays the hierarchy level of the message.
Subsystem
Displays which subsystem of the device generated the message.
Message
Displays the message text.
23.2 IPSec
23.2.1 IPSec Tunnels
A list of all configured IPSec tunnels is displayed in the Monitoring->IPSec->IPSec Tunnels menu.
Values in the IPSec Tunnels list
332
Field
Description
Description
Displays the name of the IPSec tunnel.
bintec WLAN and Industrial WLAN
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Description
Remote IP
Displays the IP address of the remote IPSec Peers.
Remote Networks
Displays the currently negotiated subnets of the remote terminal.
Security Algorithm
Displays the encryption algorithm of the IPSec tunnel.
Status
Displays the operating status of the IPSec tunnel.
Action
Enables you to change the status of the IPSec tunnel as displayed.
Details
Opens a detailed statistics window.
You change the status of the IPSec tunnel by pressing the
button or
button in the
Action column.
By pressing the
button, you display detailed statistics on the IPSec connection.
Values in the IPSec Tunnels list
Field
Description
Description
Shows the description of the peer.
Local IP Address
Shows the WAN IP address of your device.
Remote IP Address
Shows the WAN IP address of the connection partner.
Local ID
Shows the ID of your device for this IPSec tunnel.
Remote ID
Shows the ID of the peer.
Negotiation Type
Shows the exchange type.
Authentication Method Shows the authentication method.
MTU
Shows the current MTU (Maximum Transfer Unit).
Alive Check
Shows the method for checking that the peer is reachable.
NAT Detection
Displays the NAT detection method.
Local Port
Shows the local port.
Remote Port
Shows the remote port.
Packets
Shows the total number of incoming and outgoing packets.
Bytes
Shows the total number of incoming and outgoing bytes.
Errors
Shows the total number of errors.
IKE (Phase-1) SAs (x)
The parameters of the IKE (Phase 1) SAs are displayed here.
Role / Algorithm / Lifetime remaining / Status
bintec WLAN and Industrial WLAN
333
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Description
IPSec (Phase-2) SAs
(x)
Shows the parameters of the IPSec (Phase 2) SAs.
Role / Algorithm / Lifetime remaining / Status
Messages
The system messages for this IPSec tunnel are displayed here.
23.2.2 IPSec Statistics
In the Monitoring->IPSec->IPSec Statistics menu, statistical values for all IPSec connections are displayed.
The menu Monitoring->IPSec->IPSec Statistics consists of the following fields:
Field in the IPSec StatisticsLicences menu
Field
Description
IPSec Tunnels
Shows the IPSec licences currently in use (In Use) and the
maximum number of licences usable (Maximum).
Field in the IPSec StatisticsPeers menu
Field
Description
Status
Displays the number of IPSec tunnels by their current status.
⢠Up: Currently active IPSec tunnels.
⢠Going up: IPSec tunnels currently in the tunnel setup phase.
⢠Blocked: IPSec tunnels that are blocked.
⢠Dormant: Currently inactive IPSec tunnels.
⢠Configured: Configured IPSec tunnels.
Fields in the IPSec StatisticsSAs menu
Field
Description
IKE (Phase-1)
Shows the number of active phase 1 SAs (Established) from
the total number of phase 1 SAs (Total).
IPSec (Phase-2)
Shows the number of active phase 2 SAs (Established) from
the total number of phase 2 SAs (Total).
Fields in the IPSec StatisticsPacket Statistics menu
334
bintec WLAN and Industrial WLAN
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Description
Total
Shows the number of all processed incoming (In) or outgoing
(Out) packets.
Passed
Shows the number of incoming (In) or outgoing (Out) packets
forwarded in plain text.
Dropped
Shows the number of all rejected incoming (In) or outgoing
(Out) packets.
Encrypted
Shows the number of IPSec-protected incoming (In) or outgoing
(Out) packets.
Errors
Shows the number of incoming (In) or outgoing (Out) packets
for which processing led to errors.
23.3 Interfaces
23.3.1 Statistics
In the Monitoring->Interfaces->Statistics menu, current values and activities of all device
interfaces are displayed.
Change the status of the interface by pressing the
button or
button in the Action
column.
Values in the Statistics list
Field
Description
No.
Shows the serial number of the interface.
Description
Displays the name of the interface.
Type
Displays the interface text.
Tx Packets
Shows the total number of packets sent.
Tx Bytes
Displays the total number of octets sent.
Tx Errors
Shows the total number of errors sent.
Rx Packets
Shows the total number of packets received.
Rx Bytes
Displays the total number of bytes received.
Rx Errors
Shows the total number of errors received.
Status
Shows the operating status of the selected interface.
Unchanged for
Shows the length of time for which the operating status of the
interface has not changed.
bintec WLAN and Industrial WLAN
335
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Description
Action
Enables you to change the status of the interface as displayed.
Press the
button to display the statistical data for the individual interfaces in detail. With
the filter bar, you can select whether to display Transfer Totals or Transfer Throughput .
Values in the Statistics list
Field
Description
Description
Displays the name of the interface.
MAC Address
Displays the interface text.
IP Address / Netmask
Shows the IP address and the netmask.
NAT
Shows whether NAT is switched on or off.
Tx Packets
Shows the total number of packets sent.
Tx Bytes
Displays the total number of octets sent.
Rx Packets
Shows the total number of packets received.
Rx Bytes
Displays the total number of bytes received.
Status
Displays the status of an active TCP connection.
Local Address
Displays the local IP address of the interface for an active TCP
connection.
Local Port
Displays the local port of the IP address for an active TCP connection.
Remote Address
Displays the IP address to which an active TCP connection exists.
Remote Port
Displays the port to which an active TCP connection exists.
23.4 WLAN
23.4.1 WLANx
In the Monitoring->WLAN->WLAN menu, current values and activities of the WLAN interfaces are displayed. The values for wireless mode 802.11n are listed separately.
Values in the WLAN list
336
Field
Description
mbps
Displays the possible data rates on this wireless module.
Tx Packets
Shows the total number of packets sent for the data rate shown
bintec WLAN and Industrial WLAN
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Description
in mbps.
Rx Packets
Shows the total number of packets received for the data rate
shown in mbps.
You can choose the Advanced button to go to an overview of more details.
Values in the Advanced list
Field
Description
Description
Displays the description of the displayed value.
Value
Displays the statistical value.
Meaning of the list entries
Description
Meaning
Unicast MSDUs transmitted successfully
Displays the number of MSDUs successfully sent to unicast addresses since the last reset. An acknowledgement was received
for each of these packets.
Multicast MSDUs
transmitted successfully
Displays the number of MSDUs successfully sent to multicast
addresses (including the broadcast MAC address).
Transmitted MPDUs
Displays the number of MPDUs received successfully.
Multicast MSDUs received successfully
Displays the number of successfully received MSDUs that were
sent with a multicast address.
Unicast MPDUs received successfully
Displays the number of successfully received MSDUs that were
sent with a unicast address.
MSDUs that could not
be transmitted
Displays the number of MSDUs that could not be sent.
Frame transmissions
without ACK received
Displays the number of sent frames for which an acknowledgement frame was not received.
Duplicate received MS- Displays the number of MSDUs received in duplicate.
DUs
CTS frames received in Displays the number of received CTS (clear to send) frames
response to an RTS
that were received as a response to RTS (request to send).
Received MPDUs that
couldn't be decrypted
Displays the number of received MSDUs that could not be encrypted. One reason for this could be that a suitable key was
not entered.
RTS frames with no
CTS received
Displays the number of RTS frames for which no CTS was received.
bintec WLAN and Industrial WLAN
337
23 Monitoring
Funkwerk Enterprise Communications GmbH
Description
Meaning
Corrupt Frames Received
Displays the number of frames received incompletely or with errors.
23.4.2 VSS
In the Monitoring->WLAN->VSS menu, current values and activities of the configured
wireless networks are displayed.
Values in the VSS list
Field
Description
MAC Address
Shows the MAC address of the associated client.
IP Address
Shows the IP address of the client.
Up Time
Shows the time in hours, minutes and seconds for which the client is logged in.
Tx Packets
Shows the total number of packets sent.
Rx Packets
Shows the total number of packets received.
Signal dBm (RSSI1,
RSSI2, RSSI3)
Shows the received signal strength in dBm.
Noise dBm
Shows the received noise strength in dBm.
Data Rate mbps
Shows the current transmission rate of data received by this client in mbps.
The following clock rates are possible: IEEE 802.11b: 11, 5.5, 2
and 1 mbps; IEEE 802.11g/a: 54, 48, 36, 24, 18, 12, 9, 6 mbps.
VSS - Details for Connected Clients
In the Monitoring->WLAN->VSS->->
menu, the current values and
activities of a connected client are shown. The values for wireless mode 802.11n are listed
separately.
Values in the VSS list
338
Field
Description
Client MAC Address
Shows the MAC address of the associated client.
IP Address
Shows the IP address of the client.
Up Time
Shows the time in hours, minutes and seconds for which the client is logged in.
bintec WLAN and Industrial WLAN
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Description
Signal dBm (RSSI1,
RSSI2, RSSI3)
Shows the received signal strength in dBm.
Noise dBm
Shows the received noise strength in dBm.
SNR dB
Signal-to-Noise Ratio in dB is an indicator of the quality of the
wireless connection.
Values:
⢠> 25 dB excellent
⢠15 â 25 dB good
⢠2 â 15 dB borderline
⢠0 â 2 dB bad.
Data Rate mbps
Shows the current transmission rate of data received by this client in mbps. The following clock rates are possible: IEEE
802.11b: 11, 5.5, 2 and 1 mbps; IEEE 802.11g/a: 54, 48, 36, 24,
18, 12, 9.6 Mbps.
Rate
Displays the possible data rates on the wireless module.
Tx Packets
Shows the number of sent packets for the data rate.
Rx Packets
Shows the number of received packets for the data rate.
23.4.3 WDS
In the Monitoring->WLAN->WDS menu, current values and activities of the configured
WDS links are displayed.
Values in the WDS list
Field
Description
WDS Description
Shows the name of the WDS link.
Remote MAC
Shows the MAC address of the WDS link partner.
Up Time
Shows the time in hours, minutes and seconds for which the
WDS link is active.
Tx Packets
Shows the total number of packets sent.
Rx Packets
Shows the total number of packets received.
Signal dBm (RSSI1,
RSSI2, RSSI3)
Shows the received signal strength in dBm.
Noise dBm
Shows the received noise strength in dBm.
bintec WLAN and Industrial WLAN
339
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Description
Data Rate mbps
Shows the current transmission rate of data received on this
WDS link in Mbit/s.
If required, the Test link can be used to launch a link test. The test is only available for
funkwerk devices and only if the WDS link is active.
The link test provides all the data necessary for checking the quality of the WDS link. The
link test also helps you to align the antennas. This option is only displayed if the link state is
*#) .
WDS Link Details
You use the
icon to open an overview of further details for the WDS links. The values
for wireless mode 802.11n are listed separately.
Values in the WDS list
Field
Description
WDS Description
Shows the name of the WDS link.
Remote MAC
Shows the MAC address of the WDS link partner.
Up Time
Shows the time in hours, minutes and seconds for which the
WDS link is active.
Tx Packets
Shows the total number of packets sent.
Rx Packets
Shows the total number of packets received.
Signal dBm (RSSI1,
RSSI2, RSSI3)
Shows the received signal strength in dBm.
Noise dBm
Shows the received noise strength in dBm.
Data Rate mbps
Rate
Shows the current transmission rate of data received on this
WDS link in Mbit/s.
For each of the specified data rates, shows the values for Tx
Packets and Rx Packets.
23.4.4 Bridge Links
In the Monitoring->WLAN->Bridge Links menu, current values and activities of the bridge
links are displayed.
Values in the Bridge Links list
340
bintec WLAN and Industrial WLAN
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Description
Bridge Link Description
Shows the name of the bridge link.
Remote MAC
Shows the MAC address of the bridge link partner.
Up Time
Shows the time in hours, minutes and seconds for which the
bridge link in question is active.
Tx Packets
Shows the total number of packets sent.
Rx Packets
Shows the total number of packets received.
Signal dBm
Shows the received signal strength in dBm.
Noise dBm
Shows the received noise strength in dBm.
Data Rate mbps
Shows the current clock rate of data received on this bridge link
in Mbps.
If required, the Test link can be used to launch a link test.
The link test provides all the data necessary for checking the quality of the bridge link. The
link test also helps you to align the antennas. This option is only displayed if the link state is
*#) .
Bridge link details
You can use the
icon to open an overview of further details of the bridge links.
Values in the Bridge Links list
Field
Description
Bridge Link Description
Shows the name of the bridge link.
Remote MAC
Shows the MAC address of the bridge link partner.
Up Time
Shows the time in hours, minutes and seconds for which the
bridge link in question is active.
Tx Packets
Shows the total number of packets sent.
Rx Packets
Shows the total number of packets received.
Signal dBm
Shows the received signal strength in dBm.
Noise dBm
Shows the received noise strength in dBm.
Data Rate mbps
Shows the current clock rate of data received on this bridge link
in Mbps.
Rate
For each of the specified data rates, shows the values for Tx
Packets and Rx Packets.
bintec WLAN and Industrial WLAN
341
23 Monitoring
Funkwerk Enterprise Communications GmbH
23.4.5 Client Links
In the Monitoring->WLAN->Client Links menu, current values and activities of the client
links are displayed.
Values in the Client Links list
Field
Description
Client Link Description Shows the name of the client link.
AP MAC Address
Shows the MAC address of the client link partner.
Up Time
Shows the time in hours, minutes and seconds for which the client link in question is active.
Tx Packets
Shows the total number of packets sent.
Rx Packets
Shows the total number of packets received.
Signal dBm
Shows the received signal strength in dBm.
Noise dBm
Shows the received noise strength in dBm.
Data Rate mbps
Shows the current transmission rate of data received on this client link in Mbit/s.
Client Link Details
You can use the
icon to open an overview of further details of the client links.
Values in the Client Links list
Field
Description
AP MAC Address
Shows the MAC address of the client link partner.
Up Time
Shows the time in hours, minutes and seconds for which the client link in question is active.
Signal dBm
Shows the received signal strength in dBm.
Noise dBm
Shows the received noise strength in dBm.
SNR dB
Shows the signal quality in dB.
Data Rate mbps
Shows the current transmission rate of data received on this client link in Mbit/s.
Rate
For each of the specified data rates, shows the values for Tx
Packets and Rx Packets.
23.5 Bridges
342
bintec WLAN and Industrial WLAN
23 Monitoring
Funkwerk Enterprise Communications GmbH
23.5.1 br
In the Monitoring->Bridges-> br menu, the current values of the configured bridges
are shown.
Values in the br list
Field
Description
MAC Address
Shows the MAC addresses of the associated bridge.
Port
Shows the port on which the bridge is active.
23.6 HotSpot Gateway
23.6.1 HotSpot Gateway
In the Monitoring->HotSpot Gateway->HotSpot Gateway menu, a list of all connected
hosts is displayed.
Values in the HotSpot Gateway list
Field
Description
User Name
Displays the user's name.
IP Address
Shows the IP address of the user.
Physical Address
Shows the physical address of the user.
Logon
Shows the login time.
Interface
Shows the interface used.
23.7 QoS
In the Monitoring->QoS menu, statistics are displayed for all interfaces for which QoS has
been configured.
bintec WLAN and Industrial WLAN
343
23 Monitoring
Funkwerk Enterprise Communications GmbH
23.7.1 QoS
In the Monitoring->QoS->QoS menu, a list of all interfaces configured for QoS is displayed.
Values in the QoS list
Field
Description
Interface
Shows the interface for which QoS has been configured.
QoS Queue
Shows the QoS queue, which has been configured for this interface.
Send
Shows the number of sent packets with the corresponding packet class.
Dropped
Shows the number of rejected packets with the corresponding
packet class in case of overloading.
Queued
Shows the number of waiting packets with the corresponding
packet class in case of overloading.
23.8 PIM
23.8.1 Global Status
The status of all configured PIM components is displayed in the Monitoring+PIM+Global
Status menu.
Values in the Global Status list
Field
View
Description
Select the desired view from the dropdown menu.
The following are available: )), 6= 6" , 6=
2 $0# and = )" " 1 ! 5 7 =!!$
Values in the PIM Interfaces list
Field
Description
Interface
Displays the name of the PIM interface.
IP Address
344
Displays the primary IP address of the PIM interface.
bintec WLAN and Industrial WLAN
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Designated Router
Description
Displays the primary IP address of the designated router on this
PIM interface.
Values in the PIM Neighbors list
Field
Description
Interface
Displays the interface via which the PIM Neighbor is reached.
Generation ID
Displays the ID of the neighbor gateway.
IP Address
Displays the primary IP address of the PIM Neighbor.
Uptime
Indicates how long the last PIM Neighbor is a neighbor of the
local router.
Expiry Timer
Indicates when the PIM Neighbor is no longer entered as neighbor. If the value is displayed, the PIM Neighbor always remains entered as neighbor.
Values in the Multicast Group / RP Mappings list
Field
Description
Multicast Group Address
Displays the multicast group address.
Multicast Group Prefix Displays the related network mask.
Length
Rendevous Point IP
Address
Displays the IP address of the Rendezvous point.
23.8.2 Not Interface-Specific Status
The menu Monitoring+PIM+Not Interface-Specific Status includes status information for
all PIM interfaces.
Values in the Not Interface-Specific Status list
Field
View
Description
Select the desired view from the dropdown menu.
The following are available: )), @JLJL7A ""
"" , @L1A "" and
, @JL1A
@L1L74A ""
bintec WLAN and Industrial WLAN
345
23 Monitoring
Funkwerk Enterprise Communications GmbH
Values in the (*,*,RP) States list
Field
Description
Rendevous Point IP
Address
Displays the IP address of the Rendezvous Point (RP) for the
group.
Upstream Join State
The Upstream (*,*,RP) Join/Prune Status indicates the status of
the Upstream (*,*,RP) State Machine in the PIM-SM Specification.
Upstream Neighbor IP
Address
Displays the primary IP address of the Upstream Neighbors, or
unknown (0) if the Upstream Neighbor IP address is not known,
or if it is not a PIM Neighbor.
Uptime
Indicates the timespan of the RP's existence.
Upstream Join Timer
Join/Prune Timer is used to periodically send Join(*,*,RP) messages, and to correct Prune(*,*,RP) messages from peers on an
Upstream LAN interface.
Values in the (*,G) States list
Field
Description
Multicast Group Address
Displays the multicast group address.
Upstream Neighbor IP
Address
Displays the primary IP address of the Neighbor on pimStarGRPFIfIndex to which the local router periodically (*,G) sends
Join messages. The InetAddressType is defined through the
pimStarGUpstreamNeighborType. In the PIM-SM specification,
this address is named RPF'(*,G).
ReverseIndicates the address type of the RPF Next Hop to the RP, or
Path-Forwarding (RPF) unknown(0), if the Next Hop is not known.
Upstream Join State
Indicates whether the local router should join the group's RP
Tree. This corresponds to the status of the Upstream (*,G) State
Machine in the PIM-SM specification.
Uptime
Indicates the timespan since the entry was generated by the
local router.
Upstream Join Timer
Indicates the remaining time until the local router sends out the
next periodic (*,G) Join message on pimStarGRPFIfIndex. In
the PIM-SM specification, this address is named (*,G) Upstream
Join Timer. If the timer is deactivated, it has the value .
Values in the (S,G) States list
346
Field
Description
Multicast Group Ad-
Displays the multicast group address. InetAddressType is
bintec WLAN and Industrial WLAN
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Description
dress
defined in the pimSGAddressType object.
Source IP Address
Displays the source IP address. InetAddressType is defined in
the pimSGAddressType object.
Upstream Neighbor IP
Address
Displays the primary IP address of the Neighbor on pimSGRPFIfIndex, to which the router periodically (S,G) sends Join messages. The value is if the RPF Next Hop is unknown or is no
PM Neighbor. InetAddressType is defined in the pimSGAddressType object. In the PIM-SM specification, this address is
named RPF'(S,G).
Upstream Join State
Indicates whether the local router should join the ShortestPath-Tree for the source and the group represented by this
entry. This corresponds to the status of the Upstream (S,G)
State Machine in the PIM-SM specification.
Uptime
Indicates the timespan since the entry was generated by the
local router.
Upstream Join Timer
Indicates the remaining time until the local router sends out the
next periodic (S,G) Join message on pimSGRPFIfIndex. In the
PIM-SM specification, this timer is named (S,G) Upstream Join
Timer. If the timer is deactivated, it has the value .
Shortest Path Tree
Indicates whether the Shortest Path Tree Bit is set, i.e. whether
forwarding via the Shortest Path Tree should take place.
Values in the (S,G,RPT) States list
Field
Description
Multicast Group Address
Displays the multicast group address. InetAddressType is
defined in the pimStarGAddressType object.
Source IP Address
Displays the source IP address. InetAddressType is defined in
the pimStarGAddressType object.
ReverseIndicates the address type of the RPF Next Hop to the RP, or
Path-Forwarding (RPF) unknown(0), if the RPF Next Hop is not known.
Uptime
Indicates the timespan since the entry was generated by the
local router.
Upstream Override
Timer
Indicates the remaining time until the local router sends out the
next Triggered (S,G, rpt) Join message on pimSGRPFIfIndex. In
the PIM-SM specification, this timer is named (S,G, rpt) Upstream Override Join Timer. If the timer is deactivated, it has the
value .
bintec WLAN and Industrial WLAN
347
23 Monitoring
Funkwerk Enterprise Communications GmbH
23.8.3 Interface-Specific States
The menu Monitoring+PIM+Interface-Specific States includes interface-specific status
information.
Values in the Interface-Specific States list
Field
View
Description
Select the desired view from the dropdown menu.
The following are available: )), @JL1L6A ""
"" and @L1L74A ""
, @L1L6A
Values in the (*,G,I) States list
Field
Description
Multicast Group Address
Displays the multicast group address. InetAddressType is
defined in the pimStarGAddressType object.
Interface
Displays the name of the interface.
Join/Prune State
Indicates the status that results from the (*,G) Join/Prune messages received on this interface. This corresponds to the status
of the Downstream Per-Interface (*,G) State Machine in the
PIM-SM specification.
Uptime
Indicates the timespan since the entry was generated by the
local router.
Expiry Timer
Displays the remaining time until the (*,G) Join State becomes
invalid for this interface. In the PIM-SM specification, this address is named (*,G) Join Expiry Timer. If the timer is deactivated, it has the value . The value 'FFFFFFFF'h stands for infinite.
Assert State
Displays the (*,G) Assert State for this interface. This corresponds to the status of the Per-Interface (*,G) Assert State Machine in the PIM-SM specification. If pimStarGPimMode is 'bidir', this object must be 'noInfo'.
Assert Winner IP Address
Indicates the address of Assert Winner, if pimStarGIAssertState
runs 'iAmAssertLoser'. InetAddressType is defined through the
object pimStarGIAssertWinnerAddressType.
Values in the (S,G) States list
348
Field
Description
Multicast Group Ad-
Displays the multicast IP address. InetAddressType is defined
bintec WLAN and Industrial WLAN
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Description
dress
through the object pimStarGIAssertWinnerAddressType.
Source IP Address
Displays the source IP address. InetAddressType is defined
through the object pimStarGIAssertWinnerAddressType.
Interface
Displays the name of the interface.
Join/Prune State
Indicates the status that results from the (S,G) Join/Prune messages received on this interface. This corresponds to the status
of the Downstream Per-Interface (S,G) State Machine in the
PIM-SM and PIM-DM.
Uptime
Indicates the time remaining before the local router reacts to an
(S,G) Prune message received on this interface. The router
waits this period to check whether another downstream router
corrects the Prune message. In the PIM-SM specification, this
timer is named (S,G) Prune-Pending Timer. If the timer is deactivated, it has the value .
Expiry Timer
Displays the remaining time until the (S,G) Join State becomes
invalid for this interface. In the PIM-SM specification, this timer
is named (S,G) Join Expiry Timer . If the timer is deactivated, it
has the value . The value 'FFFFFFFF'h stands for infinite. In
the PIM-DM specification, this timer is named (S,G) Prune
Timer.
Assert State
Displays the (S,G) Assert State for this interface. This corresponds to the status of the Per-Interface (S,G) Assert State Machine in the PIM-SM Specification, See "I-D.ietf-pim-sm-v2-new
section 4.6.1"
Assert Winner IP Address
Indicates the address of Assert Winner, if pimStarGIAssertState
runs 'iAmAssertLoser. InetAddressType is defined through the
object pimSGIAssertWinnerAddressType.
Values in the (S,G,RPT) States list
Field
Description
Multicast Group Address
Displays the multicast IP address. InetAddressType is defined
through the object pimStarGIAssertWinnerAddressType.
Source IP Address
Displays the source IP address. InetAddressType is defined
through the object pimStarGAddressType.
Interface
Displays the name of the interface.
Uptime
Indicates the timespan since the entry was generated by the
local router.
Join/Prune State
Indicates whether the local router should sever the source of the
RP tree. This corresponds in the PIM-SM specification to the
bintec WLAN and Industrial WLAN
349
23 Monitoring
Funkwerk Enterprise Communications GmbH
Field
Description
status of the Upstream (S,G,rpt) State Machine for Triggered
Messages.
Expiry Timer
350
Displays the remaining time until the (S,G, rpt) Prune State becomes invalid for this interface. In the PIM-SM specification, this
timer is named (S,G, rpt) Prune Expiry Timer. If the timer is deactivated, it has the value . The value 'FFFFFFFF'h stands for
infinite. In the PIM-DM specification, this timer is named (S,G)
Prune Timer.
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
Glossary
Announcement
If you want to call your employees or family members to a meeting
or the dinner table, you could call each one of them individually or
simply use the announcement function. With just one call, you reach
all the announcement-enabled telephones without the subscribers
having to pick up the receiver.
Announcement func- Performance feature of a PBX. On suitable telephones (e.g. system
tion
telephones), announcements can be made as on an intercom.
Bit
Binary digit. Smallest unit of information in computer technology.
Signals are represented in the logical states "0" and "1".
Bundle
The external connections of larger PBXs can be grouped into
bundles. When an external call is initiated by the exchange code or
in the event of automatic external line access a bundle released for
this subscriber is used to establish the connection. If a subscriber
has authorisation for several bundles, the connection is established
using the first released bundle. If one bundle is occupied, the next
released bundle is used. If all the released bundles are occupied,
the subscriber hears the engaged tone.
Busy On Busy
Call to engaged team subscriber. If one subscriber in a team has
taken the receiver off the hook or is on the telephone, you can decide whether other calls are to be signalled for this team. The setting
for reaching a subscriber can be toggled between "Standard" and
"Busy On Busy". In the basic configuration, it is set to Standard. If
Busy on Busy is set for a team, other callers hear the engaged tone.
DECT
Digital European Cordless Telecommunication. European standard
for wireless telephones and wireless PBXs. Internal calls can be
made free of charge between several handheld units. Another advantage is the higher degree of interception protection (GAP).
Digital exchange
Allows computer-controlled crossbar switches to set up a connection
quickly, and special features such as inquiries, call waiting, threeparty conference and call forwarding to be activated. All T-Com exchanges have been digital since January 1998.
Digital voice transmission
As a result of the internationally standardised Pulse Code Modulation (PCM), analogue voice signals are converted to a digital pulse
flow of 64 kbps. Advantages: Better voice quality and less susceptibility to faults during analogue voice transmission.
bintec WLAN and Industrial WLAN
351
Glossary
Funkwerk Enterprise Communications GmbH
Direct Call
You are not at home. However, there is someone at home who
needs to be able to reach you quickly and easily by telephone if necessary (e.g. children or grandparents). As you can set up the Direct
Call function for one or more telephones, the receiver of the telephone simply needs to be lifted. After five seconds, the PBX automatically calls the defined direct call number, if you do not start dialling another number first. You can enter up to 12 destination numbers when you configure Direct Call. A direct call number can only
be used by one subscriber. If you want to change an entered direct
call number, you can simply enter the new direct call number without
having to delete the old direct call number. The old number is automatically overwritten when the new configuration is transferred to
the PBX.
DISA
Direct Inward System Access
Download
Data transfer during online connections, where files are "loaded"
from a PC or data network server to the user's own PC, PBX or terminal, so that they can be used there.
DSL and ISDN con- Data is transferred between the Internet and your PBX over ISDN or
nections
T-DSL. The PBX determines the remote terminal to which a data
packet is to be sent. For a connection to be selected and set up,
parameters must be defined for all the required connections. These
parameters are stored in lists which together permit the right connection to be set up. The PBX uses the PPP (Point-to-Point Protocol) for ISDN access, and PPPoE (Point-to-Point Protocol over
Ethernet) for access over T-DSL. The traffic on these two Internet
connections is monitored separately by the PBX.
352
DSL modem
Special modem for data transmission using DSL access technology.
DSL splitter
A DSL splitter is a device that splits the data or frequencies of various applications that run via a subscriber line or distribution point,
and provides this via separate connections.
Services
Euro ISDN contains service indicates with defined names. Some of
these have only historical meaning. In general, you should choose
the "Telephony" service for "real" telephone calls. If this selection
does not work (depends on network operator), you can try "speech",
"audio 3k1Hz" or "telephony 3k1Hz". The same applies for faxing.
Here, too, there is the collective term "Fax" plus a couple of more
specific cases. From a purely technical point of view, the services
are bits in a data word evaluated by means of a mask. If you include
several bits in the mask, all these services are approved for activation, while in the case of just one bit, it is just the one selected ser-
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
vice.
Three-party confer- A three-way telephone call. Performance feature in T-Net, T-ISDN
ence
and your PBX.
10 Base 2
Thin Ethernet connection. Network connection for 10-mbps networks with BNC connector. T-connectors are used for the connection of equipment with BNC sockets.
100Base-T
Twisted pair connection, Fast Ethernet. Network connection for
100-mbps networks.
10Base-T
Twisted pair connection. Network connection for 10-mbps networks
with RJ45 connector.
1TR6
D channel protocol used in the German ISDN. Today the more common protocol is DSS1.
3DES (Triple DES)
See DES.
802.11a/g
Specified data rates of 54, 48, 36, 24, 18, 12, 9 and 6 mbps and a
working frequency in the range of 2.4 GHz
(for IEEE802.11g). IEEE802.11 g can be configured to run in
compliance with 11b or 11b and 11 as well.
802.11b/g
One of the IEEE standards for wireless network hardware. Products
that meet the same IEEE standard can communicate with each other, even if they come from different hardware manufacturers. The
IEEE802.11b standard specifies the data rates of 1, 2, 5.5 and 11
mbps, a working frequency in the range of 2.4 to 2.4835 GHz and
WEP encryption. IEEE802.11 wireless networks are also known as
Wi-Fi networks.
A-subscriber
The A-subscriber is the caller.
a/b interface
For connection of an analogue terminal. In the case of an ISDN terminal (terminal adapter) with a/b interface, the connected analogue
terminal is able to use the supported T-ISDN performance features.
AAA
Authentication, Authorisation, Accounting
Access code
PIN or password
Access list
A rule that defines a set of packets that should or should not be
transmitted by the device.
Access point
An active component of a network consisting of wireless parts and
bintec WLAN and Industrial WLAN
353
Glossary
Funkwerk Enterprise Communications GmbH
optionally also of wired parts. Several WLAN clients (terminals) can
log in to an access point (AP) and communicate via the AP data. If
the optional wired Ethernet is connected, the signals between the
two physical media, the wireless interface and wired interface, are
bridged (bridging).
Access protection
Filters can be used to prevent external persons from accessing the
data on the computers in your LAN. These filters are a basic function of a firewall.
Accounting
Recording of connection data, e.g. date, time, connection duration,
charging information and number of data packets transferred.
Active probing
Active probing takes advantage of the fact that as standard, access
points are to respond to client requests. Clients therefore send
"probe requests" on all channels and wait for responses from an access point in the vicinity. The response packet then contains the
SSID of the wireless LAN and information on whether WEP encryption is used.
Ad hoc network
An ad hoc network refers to a number of computers that form an independent 802.11 WLAN each with a wireless adapter. Ad hoc networks work independently without an access point on a peer-to-peer
basis. Ad hoc mode is also known as IBSS mode (Independent Basic Service Set) and makes sense for the smallest networks, e.g. if
two notebooks are to be linked to each other without an access
point.
ADSL
Asymmetric digital subscriber line
AH
Authentication header
Alphanumeric display
Display unit e.g. for T-Concept PX722 system telephone, able to
display letters and other characters as well as digits.
Analogue connections
For the connection of analogue terminals such as telephone, fax
and answering machine.
Analogue terminals Terminals that transmit voice and other information analogously,
e.g. telephone, fax machine, answering machine and modem.
Analogue voice
transmission
To transmit voice via the telephone, acoustic oscillations are converted to continuous electrical signals, which are transmitted via a network of lines (digital voice transmission).
Answering machine You configure an analogue answering machine under "Terminal
Type".
354
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
AOC-D
Display during and at end of connection.
AOC-D/E
Advice of charge-during/end.
AOC-E
Display only at end of connection.
ARP
Address Resolution Protocol
Assignment
An external call can be signalled to internal subscribers. The entries
in the "Day" option and "Night" option can be different.
Asynchronous
A method of data transmission in which the time intervals between
transmitted characters can vary in length. This allows computers
and peripheral devices to intercommunicate without being synchronised by clock signals. The beginning and end of the transmitted
characters must be marked by start and stop bits â in contrast to
synchronous transmission.
ATM
Asynchronous transfer mode
Attention tone
Superimposing of an acoustic signal during a telephone call e.g. for
call waiting.
Authentication
Check on the user's identify.
Authorisation
Based on the identity (authentication), the user can access certain
services and resources.
Automatic callback
Special feature on telephones: By pressing a key or code, the caller
requests a call back from the engaged terminal. If the subscriber
you want is not at their desk or cannot take the call, they are automatically connected with the caller as soon as they have used the
telephone again and replaced the receiver.
Automatic callback
on busy
This function can only be used on telephones that permit suffix dialling. An automatic callback from an inquiry connection is not possible.
Automatic callback
on busy (CCBS)
You urgently need to contact a business partner or internal subscriber. However, when you call, you always hear the engaged tone.
If you were to receive notification that the subscriber had ended the
call, your chance of reaching them would be very good. With "Callback on Busy" you can reach the engaged subscriber once they
have replaced the receiver at the end of the call. Your telephone
rings. When you lift the receiver, a connection to the required subscriber is set up automatically. An internal "Callback on Busy" is deleted automatically after 30 minutes. The external "Callback on
bintec WLAN and Industrial WLAN
355
Glossary
Funkwerk Enterprise Communications GmbH
Busy" is deleted after a period specified by the exchange (approx.
45 minutes). Manual deletion before this period has elapsed is also
possible.
Automatic callback You urgently need to contact a business partner or internal subon no reply (CCBS) scriber. When you call them, you always hear the ringing tone, but
your business partner is not close to the telephone and does not
pick up. With "Callback on no reply", you can reach the subscriber
as soon as they have completed a call or lifted and replaced the receiver of their telephone. Your telephone rings. When you lift the receiver, a connection to the required subscriber is established automatically.
Automatic clearing
of Internet connection (ShortHold)
You can activate ShortHold. When you do so, you define the time
after which an existing connection is cleared if data transfer is no
longer taking place. If you enter a time of 0, ShortHold is deactivated.
Automatic outside
line
After the receiver of a telephone is lifted, the telephone number of
the external subscriber can be dialled immediately.
Automatic redialling Performance feature of a terminal. If the line is busy, several redial
attempts are made.
B channel
Corresponds to a telephone line in T-Net. In T-ISDN, the basic connection contains two B channels, each with a data transmission rate
of 64 kbps.
B channel
Bearer channel of an ISDN Basic Rate Interface or a Primary Rate
Interface for the transmission of traffic (voice, data). An ISDN Basic
Rate Interface consists of two B channels and one D channel. A B
channel has a data transmission rate of 64 kbps. The data transmission rate of an ISDN Basic Rate Interface with your gateway can be
increased to up to 128 kbps using channel bundling.
BACP/BAP
Bandwidth Allocation Control Protocols (BACP/BAP in accordance
with RFC 2125)
Base station
Central unit of wireless telephone devices. There are two different
types: The simple base station is used to charge the handheld unit.
For special-feature telephones, the base station can also be used as
a telephone, the handheld unit is charged using separate charging
stations.
Basic Rate Interface ISDN connection that includes two basic channels (B channels)
each with 64 kbps and one control and signalling channel (D chan-
356
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
nel) with 16 kbps. The two basic channels can be used independently of each other for each service offered in the T-ISDN. You can
therefore telephone and fax at the same time. T-Com offers the Basic Rate Interface as a point-to-multipoint or point-to-point connection.
Blacklist (dialling
ranges)
You can define a restriction on external dialling for individual subscribers. The telephone numbers entered in the blacklist table cannot be called by the terminals subject to dialling control, e.g. entry
0190 would block all connections to expensive service providers.
Block Cipher Modes Block-based encryption algorithm
Blowfish
An algorithm developed by Bruce Schneier. It relates to a block
cipher with a block size of 64 bit and a key of variable length (up to
448 bits).
Bluetooth
Bluetooth is a wireless transfer technology that can connect up different devices. Bluetooth replaces cables to connect various devices
e.g. Notebook, PC, PDA, etc. Thanks to Bluetooth, these devices
can exchange data with each other without a fixed connection. For
example, PCs, notebooks or a PDA can access the Internet or a local network. The appointments on a PDA can be synchronised with
the appointments on the PC without the need for a cable connection. Because of the many different application areas for the
Bluetooth technology, the different types of connections between the
devices are divided into profiles. A profile determines the service
(function) that the individual Bluetooth clients can use among each
other.
BOD
Bandwidth on Demand
BootP
Bootstrap protocol
Bps
Bits per second. A unit of measure for the transmission rate.
Break-in
In a PBX, the option of breaking in to an existing call. This is signalled acoustically by an attention tone.
BRI
Basic Rate Interface
Bridge
Network component for connecting homogeneous networks. As opposed to a gateway, bridges operate at layer 2 of the OSI model,
are independent of higher-level protocols and transmit data packets
using MAC addresses. Data transmission is transparent, which
means the information contained in the data packets is not inter-
bintec WLAN and Industrial WLAN
357
Glossary
Funkwerk Enterprise Communications GmbH
preted.
358
Broadcast
Broadcasts (data packages) are sent to all devices in a network in
order to exchange information. Generally, there is a certain address
(broadcast address) in the network that allows all devices to interpret a message as a broadcast.
Brokering
Brokering makes it possible to switch between two external or internal subscribers without the waiting subscriber being able to hear
the other conversation.
Browser
Program for displaying content on the Internet or World Wide Web.
Bus
A data transmission medium for use by all the devices connected to
a network. Data is forwarded over the entire bus and received by all
devices on the bus.
CA
Certificate Authority
Calendar
By allocating a calendar, you switch between Day and Night call assignment. For each day of the week, you can select any day/night
switching time. A calendar has four switch times, which can be specifically assigned to each individual day of the week.
Call allocation
In a PBX, calls can be assigned to certain terminals.
Call costs account
You can set up a "call costs account" for a subscriber here. The
maximum available number of units, in the form of a limit, can be assigned to each subscriber on their personal "call costs account". The
"cost limit" is to be activated so that units can be booked. Once the
units have been used up, no further external calls are possible. Internal calls can still be made at any time. The units are booked to
the account each time a call is ended.
Call diversion
Also known as call forwarding. An incoming call is diverted to a specified telephone, Internet or wireless connection.
Call filter
Performance feature e.g. of the T-Concept PX722 system telephone, special-feature telephones or answering machines. The call
is only signalled in the case of certain previously defined telephone
numbers.
Call forwarding in
the exchange
You can only use the options of call forwarding in the exchange via
the keypad if certain services are activated for your connection. You
can receive more information on this from your T-Com advisor. The
exchange connects the calling subscriber with an external subscriber you have specified.
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
Call forwarding in
the PBX
The call forwarding (CF) performance feature of the PBX enables
you to be reached even if you are not in the vicinity of your telephone. You achieve this by automatically forwarding your calls to
the required internal or external telephone number. You can use the
configuration program to define whether call forwarding should be
carried out in the PBX or the exchange. You should use call forwarding in the exchange if certain services are activated for your
connection. You can receive more information on this from your TCom advisor.
Call option day/night Option of changing the call allocation on a PBX using a calendar.
Calls received after office hours are forwarded to a telephone still
manned, or to the answering machine or fax.
Call pickup
Performance feature of a PBX. Calls can be received on an internal
terminal that is not part of active call allocation.
Call pickup
An external call is only signalled for your colleague. As you belong
to several different teams, this is not surprising. You can now form
various groups of subscribers in which call pickup is possible. A call
can only be picked up by subscribers/terminals in the same pickup
group. The assignment of subscribers in pickup groups is not dependent on the settings in the Day and Night team call assignment.
Call Relay on Busy
Reject
Call Through
Call Through is a dial-in via an external connection to the PBX with
the call put through from the PBX via another external connection.
Call to engaged sub- Busy on busy
scriber
Call waiting
The "Call Waiting" performance feature means that other people can
contact you during a telephone call. If another subscriber calls while
you are on the telephone, you hear your telephone's call waiting
tone. You can then decide whether to continue with your first call or
speak to the person whose call is waiting.
Call waiting protec- If you do not want to use the call waiting feature, you switch on call
tion
waiting protection. If you are taking a call, a second caller hears the
engaged tone.
Callback on Busy
bintec WLAN and Industrial WLAN
Performance feature in T-ISDN, PBXs and T-Net. A connection is
set up automatically as soon as the Busy status on the destination
connection ends. When the connection is free, this is signalled to
the caller. As soon as the caller lifts the receiver, the connection is
359
Glossary
Funkwerk Enterprise Communications GmbH
set up automatically. However, Callback must first be activated by
the caller on his or her terminal.
Callback on no reply You call a subscriber, who does not pick up. With "Callback on no
reply", this is not a problem for you, because with this special feature, you can set up the connection without having to redial. If you
are not on the telephone yourself, a new connection with the subscriber is set up - for a maximum of 180 minutes.
Called party number Number of the terminal called.
Caller list
Special-feature telephones such as the T-Concept PX722 system
telephone enable call requests to be stored during absence.
Calling party numberNumber of the calling terminal.
CAPI
Common ISDN Application Programming Interface
CAST
A 128-bit encryption algorithm with similar functionality to DES. See
Block Cipher Modes.
CBC
Cipher Block Chaining
CCITT
Consultative Committee for International Telegraphy and Telephony
CD (Call Deflection) The forwarding of calls. This performance feature enables you to
forward a call without having to take it yourself. If you forward a call
to an external subscriber, you bear any connection costs from your
connection to the destination of the forwarded call. This feature can
therefore be used by system telephones and ISDN telephones that
support this function (see user's guide for terminals). For more information on using this performance feature with the telephone,
please see the user's guide.
360
Central speeddial
memory
Performance feature of a PBX. Telephone numbers are stored in a
PBX and can be called from every connected telephone using a key
combination.
Certificate
Certificate
Channel Bundling
Channel bundling
CHAP
Challenge Handshake Authentication Protocol
Checksum field
Frame Check Sequence (FCS)
CLID
Calling Line Identification
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
Client
A client uses the services provided by a server. Clients are usually
workstations.
CLIP
Abbreviation for Calling Line Identification Presentation. Telephone
number display of calling party.
CLIR
Abbreviation for Calling Line Identification Restriction. Temporary
suppression of the transmission of the calling party's telephone
number.
COLR
Connected Line Identification Restriction (suppress B telephone
number). This performance feature permits or suppresses the display of the called subscriber's telephone number. If display of the B
telephone number is suppressed, your telephone number is not
transmitted to the caller when you take a call. Example: You have
set up call diversion to another terminal. If this terminal has activated suppression of the B telephone number, the calling party does
not see a telephone number on the terminal display.
Combination device If an analogue terminal connection of the PBX is set up as a "multifunctional port" for combination devices, all calls are received, regardless of the service. In the case of trunk prefixes using codes,
the service ID "Analogue Telephony" or "Telefax Group 3" can also
be transmitted, regardless of the configuration of the analogue connection. If 0 is dialled, the service ID "Analogue Telephony" is also
transmitted.
Conference call
Performance feature of a PBX: Several internal subscribers can
telephone simultaneously. Three-party conferences are also possible with external subscribers.
Configuration Man- Windows application (similar to the Windows Explorer), which uses
ager
SNMP commands to request and carry out the settings of your gateway. The application was called the DIME Browser before BRICKware version 5.1.3.
Configuration of the One important prerequisite for the transfer of your configuration to
PBX with the PC
the PBX is that you have set up a connection between the PC and
PBX. You can do this using the LAN Ethernet connection.
Configuration of the With some restrictions, you can also program your PBX using the
PBX with the teletelephone. For information on programming your PBX using the telephone
phone, please see the accompanying user's guide.
Connection of analogue terminals
bintec WLAN and Industrial WLAN
The performance features for analogue terminals can only be used
with terminals that use the MFC dialling method and that have an R
361
Glossary
Funkwerk Enterprise Communications GmbH
or flash key.
Connection of ISDN The internal telephone number of the connection, and not the exterminals
ternal number (multiple subscriber number) must be entered as the
MSN in the ISDN terminal connected to the internal ISDN bus. See
the user's guide for the ISDN terminals: Enter MSN. Please note
that not all the ISDN terminals available on the market can use the
performance features provided by the PBX via their key interface.
362
CRC
Cyclic Redundancy Check
CTI
Computer Telephony Integration. Term for connection between a
PBX and server. CTI enables PBX functions to be controlled and
evaluated by a PC.
D channel
Control and signalling channel of an ISDN Basic Rate Interface or
Primary Rate Interface. The D channel has a data transmission rate
of 16 kbps. In addition to the D channel, each ISDN BRI has two B
channels.
Data compression
A process for reducing the amount of data transmitted. This enables
higher throughput to be achieved in the same transmission time. Examples of this technique include STAC, VJHC and MPPC.
Data Link Layer
(DLL)
Data packet
A data packet is used for information transfer. Each data packet
contains a prescribed number of characters (information and control
characters).
Data transmission
rate
The data transmission rate specifies the number of information units
for each time interval transferred between sender and recipient.
Datagram
A self-contained data packet that is forwarded in the network with
minimum protocol overhead and without an acknowledgement
mechanism.
Datex-J
Abbreviation for Data Exchange Jedermann, the T-Online access
platform. Local dial-in node in every local network. Some German
cities offer additional high-speed access over T-Net/T-Net-ISDN.
Day/Night option
If you want to transfer important calls made after office hours to your
home office to an answering machine, so that you are not disturbed,
you can use call assignment. You can allocate each subscriber two
different call allocations (call assignment Day and call assignment
Night). With call assignments, it is also possible to forward the call to
an external subscriber, so that you can be contacted at all times.
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
With call assignment Day/Night, therefore, you define which internal
terminals are to ring in the event of an external call. Call assignment
Day/Night is achieved using a table in which all the incoming calls
are assigned to internal subscribers.
Day/Night/Calendar You define switching of call variant Day/Night.
DCE
Data Circuit-Terminating Equipment
DCN
Data communications network
Default gateway
Describes the address of the gateway to which all traffic not
destined for its own network is sent.
Denial-Of-Service At- A Denial-of-Service (DoS) attack is an attempt to flood a gateway or
tack
host in a LAN with fake requests so that it is completely overloaded.
This means the system or a certain service can no longer be run.
DES
Data Encryption Standard
Destination number Speeddial memory
memory
DHCP
Dynamic Host Configuration Protocol
Dial preparation
On some telephones with a display, you can first enter a telephone,
check it first, and then dial it.
Dial-in parameters
Define the dial-in parameters i.e. you enter the provider's dial-in
number and specify:
Dialling control
In the configuration for certain terminals, you can define restrictions
for external dialling.
Dialup connection
A connection is set up when required by dialling an extension number, in contrast to a leased line.
DIME
Desktop Internetworking Management Environment
DIME Browser
Old name for Configuration Manager.
Direct dial-in
Performance feature of larger PBXs at the point-to-point connection:
The extensions can be called directly from outside.
Direct dialling range See Extension numbers range
Display and output
of connection data
bintec WLAN and Industrial WLAN
In the configuration, it is possible to define storage of data records
for specific terminals or all terminals. In the ex works setting, all in-
363
Glossary
Funkwerk Enterprise Communications GmbH
coming external connections and all external calls you make are
stored.
Display of caller's
number
A suitable telephone is a prerequisite for this feature. Transmission
of the telephone number must be permitted by the caller.
DLCI
In a Frame Relay network, a DLCI uniquely describes a virtual connection. Note that a DLCI is only relevant for the local end of the
point-to-point connection.
DMZ
Demilitarised Zone
DNS
Domain Name System
Do not disturb
Station guarding
DOI
Domain of Interpretation
Domain
A domain refers to a logical group of devices in a network. On the
Internet, this is part of a naming hierarchy (e.g. bintec.de).
Door intercom
Door intercom device. It can be connected to various PBXs. A telephone can be used to take an intercom call and open the door.
Door intercom on
An analogue connection can be set up for connected of function
analogue connection module M06 to connect a DoorLine intercom system.
364
Door terminal adapter
The function module can be installed on an analogue connection of
your PBX. If a door intercom (DoorLine) is connected to your PBX
via a function module, you can speak with a visitor at the door via
every authorised telephone. You can assign particular telephones to
each ring button. These phones then ring if the ring button is
pressed. On analogue telephones, the signal on the telephone
matches the intercom call. In place of the internal telephones, an external telephone can also be configured as the call destination for
the ring button. Your door intercom can have up to 4 ring buttons.
The door opener can be pressed during an intercom call. It is not
possible activate the door opener if an intercom call is not taking
place.
Dotted Decimal
Notation
The syntactic representation of a 32-bit whole number, written in
four 8-bit numbers in decimal form and subdivided by a point. It is
used to represent IP addresses on the Internet, e.g. 192.67.67.20
Downstream
Data transmission rate from the ISP to the customer.
DSA (DSS)
Digital Signature Algorithm (Digital Signature Standard).
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
DSL/xDSL
Digital Subscriber Line
DSS1
Digital Subscriber Signalling System
DSSS
Direct Sequence Spread Spectrum is a wireless technology that was
originally developed for the military and offers a high level of protection against faults because the wanted signal is spread over a wide
area. The signal is spread by means of a spread sequence or chipping code consisting of 11 chips across 22 MHz. Even if there is a
fault on one or more of the chips during transfer, the information can
still be obtained reliably from the remaining chips.
DTE
Data Terminal Equipment
DTMF
Dual Tone Multi Frequency (tone dialling system)
Dynamic IP address In contrast to a static IP address, a dynamic IP address is assigned
temporarily by DHCP. Network components such as the web server
or printer usually have static IP address, while clients such as notebooks or workstations usually have dynamic IP addresses.
E1/T1
E1: European variant of the 2.048 mbps ISDN Primary Rate Interface, which is also called the E1 system.
ECB
Electronic Code Book mode
ECT
Explicit Call Transfer. This performance feature allows two external
connections to be transferred without blocking the two B channels of
the exchange connection.
Email
Electronic mail
Emergency numbers You urgently need to contact the policy, fire brigade or another telephone number. To make things worse, all the connections are busy.
However, you have informed your PBX of the telephone numbers
that need to be contactable in an emergency. If you now dial one of
these numbers, it is recognised by the PBX and a B channel of the
T-ISDN is automatically freed up for your emergency call. Emergency calls are not subject to configuration restrictions. If "Calling
with prefix plus code number" is set for a a connection, the internal
connection is busy. To make an external call, first dial 0 and then
the required emergency number.
Encapsulation
bintec WLAN and Industrial WLAN
Encapsulation of data packets in a certain protocol for transmitting
the packets over a network that the original protocol does not directly support (e.g. NetBIOS over TCP/IP).
365
Glossary
Funkwerk Enterprise Communications GmbH
Encryption
Refers to the encryption of data, e.g. MPPE.
Entry of external
connection data
In the ex works setting, all external connections made and received
via your PBX are recorded and stored in the form of connection data
records.
ESP
Encapsulating Security Payload
ESS
The Extended Service Set describes several BSS (several access
points) that form a single, logical wireless network.
Ethernet
A local network that connects all devices in the network (PC, printers, etc.) via a twisted pair or coaxial cable.
Ethernet connections
The 4 connections are led equally through an internal switch. Network clients can be directly connected to the connection sockets.
The ports are designed as 100/BaseT full-duplex, autosensing, auto
MDIX upwardly compatible to 10/Base T. Up to 4 SIP telephones or
IP softclients with SIP standard can be directly connected to PCs
with a network card.
Eumex Recovery
If the power supply to the PBX cuts out while new firmware is being
loaded, the PBX functions are deleted.
Euro ISDN
Harmonised ISDN standardised within Europe, based on signalling
protocol DSS1, the introduction of which network operators in over
20 European countries have committed to. Euro-ISDN has been introduced in Germany, replacing the previous national system 1 TR6.
Eurofile transfer
Communication protocol for the exchange of files between two PCs
over ISDN using an ISDN card (file transfer) or telephones or PBXs
configured for this.
Exchange
Node in the public telecommunication network. We differentiate
between local exchanges and remote exchanges.
Exchange access
right
PBXs differentiate between the following "exchange access rights".
These can be set up differently for each subscriber in the configuration.
Extended redialling A selected telephone number is "parked" in the telephone's memory.
It can be redialled later, even if you have called other numbers in the
meantime.
Extension
366
For PBXs, describes the terminal (e.g. telephone) connected to the
exchange. Each extension can access PBX services and communicate with other extensions.
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
Extension number
An extension is an internal number for a terminal or subsystem. In
point-to-point ISDN accesses, the extension is usually a number
from the extension numbers range assigned by the telephone provider. In point-to-multipoint connections, it can be the MSN or a part
of the MSN.
Extension numbers (direct dialling range)
range
Fall Back: Priority of The priority of the Internet provider entries is defined by the sethe Internet provider quence in which they are entered in the list. The first entry of a DSL
entries
connection is the standard access. If a connection cannot be set up
via the standard access after a predefined number of attempts,
setup is attempted using the second entry then subsequent entries.
If the final entry in the list does not enable a connection to be set up
successfully, the operation is terminated until a new request is
made. When fall back occurs and all other ISPs can only be reached
by dialup connections, both B channels may be occupied. If channel
bundling is used, you cannot be reached for the duration of this connection.
Fax
Abbreviation of telefax.
FHSS, Frequency
Hopping Spread
Spectrum
In a FHSS system, the frequency spread is achieved through constantly changing frequencies based on certain hopping patterns. In
contrast to DSSS systems, hopping patterns are configured, not the
frequency. The frequency changes very frequently in one second.
File transfer
Data transmission from one computer to another, e.g. based on the
Eurofile transfer standard.
Filter
A filter comprises a number of criteria (e.g. protocol, port number,
source and destination address). These criteria can be used to select a packet from the traffic flow. Such a packet can then be
handled in a specific way. For this purpose, a certain action is associated with the filter, which creates a filter rule.
Firewall
Describes the whole range of mechanisms to protect the local network against external access. Your gateway provides protection
mechanisms such as NAT, CLID, PAP/CHAP, access lists, etc.
Firmware
Software code containing all a device's functions. This code is written to a PROM (programmable read only memory) and is retained
there, even after the device is switched off. Firmware can be updated by the user when a new software version is available
(firmware upgrade).
bintec WLAN and Industrial WLAN
367
Glossary
368
Funkwerk Enterprise Communications GmbH
First-level domain
Describes the last part of a name on the Internet. For
www.t-com.de, the first-level domain is de and in this case stands
for Germany.
Flash key
The flash key on a telephone is the R button. R stands for
RĂźckfrage (inquiry). The key interrupts the line briefly to start certain
functions such as inquiries via the PBX.
Follow-me
Performance feature of a PBX for diverting calls on the destination
telephone.
Fragmentation
Process by which an IP datagram is divided into small parts in order
to meet the requirements of a physical network. The reverse process is known as reassembly.
Frame
Unit of information sent via a data connection.
Frame relay
A packet switching method that contains smaller packets and fewer
error checks than traditional packet switching methods such as
X.25. Because of its properties, frame relay is used for fast WAN
connections with a high density of traffic.
Freecall
Telephone number. Previous service 0130. These telephone numbers have been switched to freecall 0800 since January 1, 1998.
FTP
File Transfer Protocol
Full duplex
Operating mode in which both communication partners can communicate bidirectionally at the same time.
Function keys
Keys on the telephone that can be assigned telephone numbers or
network functions.
G.991.1
Data transmission recommendation for HDSL
G.991.2
Data transmission recommendation for SHDSL
G.992.1
Data transmission recommendation for ADSL. See also G.992.1 Annex A and G.992.1 Annex B.
G.992.1 Annex A
Data transmission recommendation for ADSL: ITU-T G.992.1 Annex
G.992.1 Annex B
Data transmission recommendation for ADSL: ITU-T G.992.1 Annex
G.SHDSL
See G.991.2.
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
Gateway
Entrance and exit, transition point
Half duplex
Bidirectional communication method in which it is only possible to
either send or receive at a particular point in time. Also known as
Simplex.
Handheld unit
Mobile component of wireless telephone units. In the event of digital
transmission, it is also possible to make telephone calls between the
handheld units (DECT).
Hands free
If the telephone has a microphone and speaker installed, you can
conduct a call without using your hands. As a result, other people in
the room can also participate in the call.
Hashing
The process of deriving a number (hash) from a character string. A
hash is generally far shorter than the text flow it was derived from.
The hashing algorithm is designed so that there is a relatively low
probability of generating a hash that is the same as another hash
generated from a text sequence with a different meaning. Encryption
methods use hashing to make sure that intruders cannot change
transmitted messages.
HDLC
High Level Data Link Control
HDSL
High Bit Rate DSL
HDSL2
High Bit Rate DSL, version 2
Headset
Combination of headphones and microphone as a useful aid for
anyone who makes a lot of telephone calls and wants to keep hands
free for making notes.
HMAC
Hashed Message Authentication Code
HMAC-MD5
Hashed Message Authentication Code - uses Message Digest Algorithm Version 5.
HMAC-SHA1
Hashed Message Authentication Code - uses Secure Hash Algorithm Version 1.
Holding a call
A telephone call is put on hold without breaking the connection
(inquiry/brokering).
Holding in the PBX
Both B channels of the ISDN connection are needed for the performance features "Call another person during a call" and "Speak alternately with two people" (brokering). As a result, you cannot be
reached from outside or make external calls via your PBX's second
bintec WLAN and Industrial WLAN
369
Glossary
Funkwerk Enterprise Communications GmbH
B channel. With this setting, an external caller put on hold hears the
PBX's on-hold music.
Hook flash
The use of the inquiry, brokerage and three-party conference special features in T-Net and certain performance features of some
PBXs is only possible with the hook flash function (long flash) of the
signal key on the telephone. On modern telephones, this key is indicated with an "R".
Host name
A name used in IP networks instead of the corresponding address.
A host name consists of an ASCII string that uniquely identifies the
host computer.
HTTP
HyperText Transfer Protocol
Hub
Network component used to connect several network components
together to form a local network (star-shaped).
IAE
ISDN connection unit, ISDN connection socket.
ICMP
Internet Control Message Protocol
ICV
Integrity Check Value
Identify malicious
callers (intercept)
You have to request this performance feature from T-Com. The
company will provide you with further information on the procedure.
If you enter code 77 during a call or after the caller has ended a call
(you hear the engaged tone from the exchange), the caller's telephone number is stored in the exchange. ISDN telephones can also
use separate functions for this performance feature. For more information on this function, please see your user's guide.
IEEE
The Institute of Electrical and Electronics Engineers (IEEE). A large,
global association of engineers, which continuously works on standards in order to ensure different devices can work together.
IETF
Internet Engineering Task Force
Index
The index from 0...9 is fixed. Every external multiple subscriber
number entered is assigned to an index. You need this index when
configuring performance features using the telephone's codes, e.g.
configuring "Call forwarding in the exchange" or "Define telephone
number for the next external call".
Infrastructure mode A network in infrastructure mode is a network that contains at least
one access point as the central point of communication and control.
In a network in infrastructure mode, all clients communicate with
370
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
each other via access points only. There is no direct communication
between the individual clients. A network of this kind is also known
as a BSS (basic service set), and a network that consists of several
BSS is known as an ESS (extended service set). Most wireless networks operate in infrastructure mode to establish a connection with
the wired network.
Inquiry
Makes it possible to put the first call on hold in the event of a call
waiting and take a new call.
Internal call tone
Special signal on a PBX to differentiate between internal and external calls.
Internal calls
Free-of-charge connection between terminals in a PBX.
Internal telephone
numbers
Your PBX has a fixed internal telephone number plan.
Internet
The Internet consists of a number of regional, local and university
networks. The IP protocol is used for data transmission on the Internet.
Internet time sharing Allows several users to surf the Internet simultaneously over an
ISDN connection. The information is requested by the individual
computers with a time delay.
Intranet
Local computer network within a company based on Internet technology providing the same Internet services, e.g. homepages and
sending email.
IP
Internet Protocol
IP Address
The first part of the address by which a device is identified in an IP
network, e.g. 192.168.1.254. See also netmask.
IPComP
IP payload compression
IPCONFIG
A tool used on Windows computers to check or change its own IP
settings.
IPoA
IP over ATM
ISDN
Integrated Services Digital Network
ISDN address
The address of an ISDN device that consists of an ISDN number followed by further numbers that relate to a specific terminal, e.g.
47117.
bintec WLAN and Industrial WLAN
371
Glossary
Funkwerk Enterprise Communications GmbH
ISDN Basic Rate In- ISDN subscriber connection. The Basic Rate Interface consists of
terface
two B channels and one D channel. In addition to the Basic Rate Interface, there is the Primary Rate Interface. The interface to the subscriber is provided by an So bus.
372
ISDN card
Adapter for connecting a PC to the ISDN Basic Rate Interface. From
a technical perspective, we differentiate between active and passive
cards. Active ISDN cards have their own processor, which handles
communication operations independently of the PC processor and
therefore does not require any resources. A passive ISDN card, on
the other hand, uses the PC's resources.
ISDN Login
Function of your gateway. Your gateway can be configured and administrated remotely using ISDN Login. ISDN Login operates on
gateways in the ex works state as soon they are connected to an
ISDN connection and therefore reachable via an extension number.
ISDN number
The network address of the ISDN interface, e.g. 4711.
ISDN router
A router that does not have network connections but provides the
same functions between PC, ISDN and the Internet.
ISDN-BRI
ISDN Basic Rate Interface
ISDN-Dynamic
This performance feature requires the installation of the T-ISDN
Speedmanager. If you are surfing the Internet and use two B channels for downloading, you cannot be reached by telephone from outside. As a further call is signalled over the D channel, your PBX can,
depending on the setting, specifically shut down a B channel so that
you can take the call.
ISDN-Internal/External
Alternative name for the So bus.
ISDN-PRI
ISDN Primary Rate Interface
ISO
International Standardization Organization
ISP
Internet Service Provider
ITU
International Telecommunication Union
Key Escrow
Stored keys can be viewed by the government. The US government,
in particular, requires key storages to prevent crimes being covered
up through data encryption.
LAN
Local Area Network
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
LAPB
Link Access Procedure Balanced
Last access
The last access by T-Service is stored and displayed in the configuration.
Layer 1
Layer 1 of the ISO OSI Model, the bit transfer layer.
LCD
Liquid Crystal Display, a screen in which special liquid crystal is
used to display information.
LCP
Link Control Protocol
LDAP
Lightweight Directory Access Protocol
Lease Time
The "Lease Time" is the time a computer keeps the IP address assigned to it without having to "talk" to the DHCP server.
Leased Line
Leased line
LLC
Link Layer Control
Local exchange
Switching node of a public local telephone network that supports the
connection of end systems.
Loudspeaker
Function on telephones with an integrated loudspeaker: You can
press a button so that the people present in the room can also hear
the telephone call.
MAC Address
Every device in the network is defined by a fixed hardware address
(MAC address). The network card of a device defines this internationally unique address.
Man-in-the-Middle
Attack
Encryption using public keys requires the public keys to be exchanged first. During this exchange, the unprotected keys can be intercepted easily, making a "man-in-the-middle" attack possible. The
attacker can set a key at an early stage so that a key known to the
"man-in-the-middle" is used instead of the intended key from the
real communication partner.
MD5
See HMAC-MD5
MFC
Multifrequency code dialling method
MIB
Management Information Base
Microphone mute
Switch for turning off the microphone. The subscriber on the telephone cannot hear the discussions in the room.
bintec WLAN and Industrial WLAN
373
Glossary
Funkwerk Enterprise Communications GmbH
Mixed mode
The access point accepts WPA and WPA2.
MLPPP
Multilink PPP
Modem
Modulator/Demodulator
MPDU
MAC Protocol Data Unit - every information packet exchanged on
the wireless medium includes management frames and fragmented
MSDUs.
MPPC
Microsoft Point-to-Point Compression
MPPE
Microsoft Point-to-Point Encryption
MSDU
MAC Service Data Unit - a data packet that ignores fragmentation in
the WLAN.
MSN
Multiple subscriber number
MSSID
See SSID
MTU
Maximum Transmission Unit
Multicast
A specific form of broadcast in which a message is simultaneously
transmitted to a defined user group.
Multiple subscriber Multiple subscriber number
number
Multiprotocol gateway
A gateway that can route several protocols, e.g. IP, X.25, etc.
Music on hold (MoH) Your PBX has two internal music-on-hold melodies. On delivery, internal melody 1 is active. You can choose between melody 1 or 2, or
deactivate the music on hold.
Music on hold (MoH) Performance feature of a PBX. During an inquiry or call forwarding,
a melody is played that the waiting subscriber hears. On your PBX,
you can choose between two internal melodies.
374
MWI
Transmission of a voice message from a mailbox e.g. T-NetBox or
MailBox to a terminal. The receipt of the message on the terminal is
signalled e.g. by a LED.
NAT
Network Address Translation
NDIS WAN
NDIS WAN is a Microsoft enhancement of this standards in relation
to wide area networking (WAN). The NDIS WAN CAPI driver per-
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
mits the use of the ISDN controller as a WAN card. The NDIS WAN
driver enables the use of a DCN network on Windows. NDIS is the
abbreviation for Network Device Interface Specification and is a
standard for the connection of network cards (hardware) to network
protocols (software).
Net surfing
A "journey of discovery" for interesting information in wide-ranging
data networks such as T-Online. Known mainly from the Internet.
NetBIOS
Network Basic Input Output System
Netmask
The second part of an address in an IP network, used for identification of a device, e.g. 255.255.255.0. See also IP address.
Network
Your PBX has a DSL router so that one or more PCs can surf the Internet and download information.
Network address
A network address designates the address of a complete local network.
Network termination In telecommunications, the network termination is the point at which
(NTBA)
access to a communication network is provided to the terminal.
Netz-Direkt (keypad You can use the "Netz-Direkt" (keypad) function (automatic external
functions)
line access) to enter a key sequence from your ISDN or analogue
telephone to use current T-ISDN functions. For more information on
this, consult your T-Com client advisor and request the necessary
codes (e.g. call forwarding in the exchange).
NMS
Network Management Station
Notebook function
During a telephone call, a telephone number can be entered in the
telephone's buffer so that it can be dialled at a later point in time.
NT
Network Termination
NTBA
Network Termination for Basic Access
NTP
Network Time Protocol
OAM
Operation and Maintenance
Offline
Without connection. Connectionless operating state e.g. of the PCs.
Online
With connection. For example the state of a connection between a
PC and data network or for data exchange between two PCs.
Online banking
Term for electronic banking e.g. using T-Online.
bintec WLAN and Industrial WLAN
375
Glossary
Funkwerk Enterprise Communications GmbH
Online Pass
Part of the T-Com certification services for the Internet. Digital pass
for the Internet. With the Online Pass, an Internet user can be authenticated as a customer in a company.
Online services
Services available around the clock via communication services
such as T-Online and the Internet.
OSI model
OSI = Open Systems Interconnection
OSPF
Open Shortest Path First
Outgoing extension The "outgoing extension number signal" is intended for internal connumber signal
nections on the point-to-point to which an explicit extension number
was not assigned. When an external call is made, the extension
number entered under Outgoing Extension Number Signal is also
transmitted.
Outgoing telephone If you have not suppressed transmission of your telephone number,
number
and the telephone of the person you are calling supports the CLIP
function, the person you are calling can see the telephone number
of the connection you are calling from on their telephone display.
This telephone number transmitted during an external call is called
the outgoing telephone number.
376
Packet switching
Packet switching
PAP
Password Authentication Protocol
Parking
The call is held temporarily in the exchange. The main difference to
on hold: The call is interrupted, the receiver can be replaced. Can
be used for brokering. Possible in T-Net, T-ISDN and PBXs. The terminal must have MFC and the R key.
PBX
Private Branch Exchange
PBX
The features offered by a PBX are manufacturer-specific and enable
operation of exchanges, free internal calls, callback on busy, and
conference calls, among other things. PBXs are used e.g. for office
communication (voice, text and data transfer).
PBX
Private Branch Exchange (PBX)
PBX
Private Automatic Branch Exchange
PBX number
A point-to-point ISDN access includes a PBX number and an extension numbers range. The PBX number is used to reach the PBX. A
certain terminal of the PBX is then dialled via one of the extension
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
numbers of the extension numbers range.
PCMCIA
The PCMCIA (Personal Computer Memory Card International Association) is an industry association founded in 1989 that represents
credit card-sized I/O cards such as WLAN cards.
PDM
Abbreviation for pulse dialling method. Conventional dialling procedure in the telephone network. Dialled numbers are represented by a
defined number of dc impulses. The pulse dialling method is being
replaced by the multifrequency code method (MFC) .
PGP
Pretty Good Privacy
PH
Packet handler
Phone book
The PBX has an internal phone book. You can store up to 300 telephone numbers and the associated names. You can access the
PBX's phone book with the funkwerk devices (for example CS 410).
You add entries to the phone book using the configuration interface.
PIN
Personal identification number
Ping
Packet Internet Groper
PKCS
Public Key Cryptography Standards
Point-to-multipoint
Point-to-multipoint connection
Point-to-multipoint
Basic connection in T-ISDN with three telephone numbers and two
lines as standard. The ISDN terminals are connected directly on the
network termination (NTBA) or ISDN internet connection of a PBX.
Point-to-multipoint
Point-to-multipoint
Point-to-multipoint
connection for the
PBX
You enter the multiple subscriber numbers received from T-Com
with the order confirmation in the table fields defined for them in the
configuration. As a rule, you receive three multiple subscriber numbers, but can apply for up to 10 telephone numbers for each connection. When you enter the telephone numbers, they are assigned
to an "index" and also to a team. Note that initially, all telephone
numbers are assigned to team 00. The internal telephone numbers
10, 11 and 20 are entered in team 00 ex works. External calls are
therefore signalled with the internal telephone numbers 10, 11 and
20 for the connections entered in team 00.
Point-to-point
Point-to-point
bintec WLAN and Industrial WLAN
377
Glossary
Funkwerk Enterprise Communications GmbH
Point-to-point ISDN Point-to-point
access
Polling
Fax machine function that "fetches" documents provided by other
fax machines or fax databases.
Port
Input/output
POTS
Plain Old Telephone System
PPP
Point-to-Point Protocol
PPP authentication Security mechanism. A method of authentication using passwords in
PPP.
378
PPPoA
Point to Point Protocol over ATM
PPPoE
Point to Point Protocol over Ethernet
PRI
Primary Rate Interface
Primary Rate Interface (PRI)
ISDN subscriber connection. The PRI consists of one D channel and
30 B channels (in Europe). (In America: 23 B channels and one D
channel.) There is also the ISDN Basic Rate Interface.
Protocol
Protocols are used to define the manner and means of information
exchange between two systems. Protocols control and rule the
course of data communication at various levels (decoding, addressing, network routing, control procedures, etc.).
Proxy ARP
ARP = Address Resolution Protocol
PSN
Packet Switched Network
PSTN
Public Switched Telephone Network
PVID
Port VLAN ID
R key
Telephones that have a R key (inquiry key) can also be connected
to a PBX. In modern telephones, the R key triggers the hook flash
function. This is required for use of performance features in T-Net
such as inquiry/brokering and three-party conference.
RADIUS
Remote Authentication Dial In User Service
RADSL
Rate-Adaptive Digital Subscriber Line
RAS
Remote access service
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
Real Time Clock
(RTC)
Hardware clock with buffer battery
Receiver volume
Function for controlling the volume in the telephone receiver.
Reconnection on the For a point-to-multipoint connection, enables the terminal connecbus (parking)
tion to be reconnected to another ISDN socket during the telephone
call.
Recording telephone Performance feature of an answering machine. Enables a conversacalls
tion to be recorded during the telephone call.
Remote
Remote, as opposed to local.
Remote access
Opposite to local access, see Remote.
Remote CAPI
bintec's own interface for CAPI.
Remote diagnosis/re-Some terminals and PBXs are supported and maintained by Tmote maintenance Service support offices over the telephone line, which often means a
service engineer does not have to visit the site.
Remote query
Answering machine function. Involves listening to messages remotely, usually in connection with other options such as deleting
messages or changing recorded messages.
Repeater
A device that transmits electrical signals from one cable connection
to another without making routing decisions or carrying out packet
filtering. See Bridge and Router.
Reset
Resetting the device enables you to return your system to a predefined initial state. This may be necessary if you have made incorrect configuration settings or the device is to be reprogrammed.
RFC
Specifications, proposals, ideas and guidelines relating to the Internet are published in the form of RFCs (request for comments).
Rijndael (AES)
Rijndael (AES) was selected as AES due to its fast key generation,
low memory requirements and high level of security against attacks.
For more information on AES, see http://csrc.nist.gov/encryption/aes.
RIP
Routing Information Protocol
RipeMD 160
RipeMD 160 is a cryptographic hash function with 160 bits. It is regarded as a secure replacement for MD5 and RipeMD.
bintec WLAN and Industrial WLAN
379
Glossary
380
Funkwerk Enterprise Communications GmbH
RJ45
Plug or socket for maximum eight wires. Connection for digital terminals.
Roaming
In a multicell WLAN, clients can move freely and log off from one access point and log on to another when moving through cells, without
the user noticing this. This is known as roaming.
Room monitoring
(acoustic)
To use the "Room Monitoring" performance feature, the telephone
must be activated in the room to be monitored by means of a code,
and the receiver must be lifted or "Hands-free" switched on. If you
replace the telephone receiver or turn off "Hands-free", room monitored ends and the performance feature is switched off.
Room monitoring
from external telephones
This function can be used to monitor rooms from an external telephone.
Room monitoring
from internal telephones
You can acoustically monitor a room from an internal telephone in
your PBX. This is set up using the telephone procedures described
in the user's guide. Please read the information on the described
functions in the user's guide.
Router
A device that connects different networks at layer 3 of the OSI model and routes information from one network to the other.
RSA
The RSA algorithm (named after its inventors Rivest, Shamir, Adleman) is based on the problem of factoring large integers. It therefore
takes a large amount of data processing capacity and time to derive
a RSA key.
RTSP
Real-Time Streaming Protocol
S2M interface
See Primary Rate Interface.
SAD
The SAD (=Security Association Database) contains information on
security agreements such as AH or ESP algorithms and keys, sequence numbers, protocol modes and SA life. For outgoing IPSec
connections, an SPD entry refers to an entry in the SAD i.e. the
SPD defines which SA is to be applied. For incoming IPSec connections, the SAD is queried to determine how the packet is to be processed.
SDSL
Symmetric Digital Subscriber Line
Server
A server offers services used by clients. Often refers to a certain
computer in the LAN, e.g. DHCP server.
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
ServerPass
Part of the T-Com certification services for the Internet. Digital pass
for a company. With the ServerPass, T-Com confirms that a server
on the Internet belongs to a particular company and that this was
verified through the presentation of an excerpt from the business register.
Service 0190
Additional voice service from T-Com for the commercial distribution
of private information services. The T-Com services are limited to
providing the technical infrastructure and collection processing for
the information providers. The provided information is accessed using the telephone number 0190 which is uniform across Germany
plus a 6-digit telephone number. Information offering: Entertainment,
weather, finance, sport, health, support and service hotlines.
Service 0700
Additional voice service from T-Com. Allows calls to be received via
a location-independent telephone number uniform across Germany,
starting with the numbers 0700. Free-of-charge routing to national
fixed network. Enhancement with Vanity possible.
Service 0900
Additional voice service from T-Com. Replaces Service 0190.
Service number 0180 Additional voice service 0180call from T-Com to receive calls from a
location-dependent telephone number uniform across Germany,
starting with the numbers 0180.
Setup Tool
Menu-driven tool for the configuration of your gateway. The Setup
Tool can be used as soon as the gateway has been accessed
(serial, ISDN Login, LAN).
SHA1
See HMAC-SHA.
SHDSL
Single-Pair High-Speed
Short hold
Is the defined amount of time after which a connection is cleared if
no more data is transmitted. Short hold can be set to static (fixed
amount of time) or dynamic (according to charging information).
Signalling
Simultaneous signalling: All assigned terminals are called simultaneously. If a telephone is busy, call waiting can be used.
Simplex operation
(ISDN subscribers
only)
This connection can only be used for an ISDN telephone (only TConcept PX722 system telephones) with a simplex function. If you
call an ISDN telephone with a simplex function, this automatically
activates the Loudspeaker function so that a conversation can take
place immediately. Please see the information on the telephone
user's guide on the simplex operation function.
bintec WLAN and Industrial WLAN
381
Glossary
382
Funkwerk Enterprise Communications GmbH
SIP
Session Initiation Protocol
SMS
Short Message Service
SMS receipt
If you have connected an SMS-enabled terminal, you can decide
whether SMS receipt is to be permitted for the connection. The ex
works setting is no SMS receipt. To receive an SMS with your SMSenabled terminal, you must register once with the T-Com SMS Service. One-time registration is free. You simply send an SMS containing ANMELD to the destination call number 8888. You then receive
a free-of-charge confirmation of registration from the T-Com SMS
Service. You can deregister your device or telephone number by
sending an SMS containing ABMELD to the destination number
8888. Incoming SMS are then read out. Information on which telephones are SMS-enabled can be obtained from T-Punkt, our customer hotline 0800 330 1000 or on the Internet at http://www.t-com.de.
SMS server telephone numbers
You can connect SMS-enabled telephones to your PBX and thus
use the SMS performance feature in the T-Com fixed network.
SMSs are forwarded to the recipient via the T-Com SMS server. To
send an SMS with an SMS-enabled terminal, the telephone number
0193010 of the SMS server must be prefixed to the recipient number. This telephone number is already stored in your PBX, so manual input of the server telephone is not necessary and does not need
to be sent from the telephone. To receive an SMS with your SMSenabled fixed-network telephone, you must register once with the
Deutsche Telekom SMS Service. Charges are made for sending
SMSs. There are no costs for receiving SMSs.
SNMP
Simple Network Management Protocol
SNMP shell
Input level for SNMP commands.
So bus
All ISDN sockets and the NTBA of an ISDN point-to-multipoint connection. All So buses consist of a four-wire cable. The lines transmit
digital ISDN signals. The So bus is terminated with a terminating
resistor after the last ISDN socket. The So bus starts at the NTBA
and can be up to 150 m long. Any ISDN devices can be operated on
this bus. However, only two devices can use the So bus at any one
time, as only two B channels are available.
So connection
See ISDN Basic Rate Interface
So interface
Internationally standardised interface for ISDN systems. This interface is provided on the network side by the NTBA . On the user
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
side, the interface is intended for connecting a PBX (point-to-point
connection) and for connecting up to eight ISDN terminals
(point-to-multipoint connection).
SOHO
Small Offices and Home Offices
SPD
The SPD (=Security Policy Database) defines the security services
available for IP traffic. These security services are dependent on
parameters such as the source and destination of the packet etc.
Special features
Performance features of the T-Net and T-ISDN networks such as
display of the caller's number, callback on busy, call forwarding,
changeable connection lock, changeable telephone number lock,
connection without dialling and transmission of charge information.
Availability depends on the standard of the connected terminals.
Special-features
connection
T-ISDN Basic Rate Interface with an extensive range of services:
call waiting, call forwarding, third-party conference, display of call
costs at the end of a connection, inquiry/brokering, telephone number transmission. In the special-features connection, three multiple
subscriber numbers are included as standard.
Specify own telephone number for
next call
If you want to make a business call late in the evening from your
private sphere - say the living room - for example, you can define
your business telephone number as the outgoing multiple subscriber
number (MSN) for this call. The advantages of this are that the costs
for the connection are recorded for the selected MSN and the person you are calling can identify you by the transferred MSN. Before
you call an external number, you can define which of your telephone
numbers is to be sent to the exchange and called party. You make
the selection using the telephone number index.
Speeddial number
A speeddial index (000...299) can be assigned to each of the 300
telephone numbers in the telephone book. You then dial this speeddial index instead of the long telephone number. Note that telephone
numbers dialled using the speeddial function must also comply with
the dialrule.
SPID
Service Profile Identifier
Splitter
The splitter separates data and voice signals on the DSL connection.
Spoofing
Technique for reducing data traffic (and thus saving costs), especially in WANs.
bintec WLAN and Industrial WLAN
383
Glossary
Funkwerk Enterprise Communications GmbH
SSID
The Service Set Identifier (SSID) or Network Name refers to the
wireless network code based on IEEE 802.11.
SSL
Secure Sockets Layer A technology, now standard, developed by
Netscape, which is generally used to secure HTTP traffic between a
web browser and a web server.
STAC
Data compression procedure.
Standard connection T-ISDN Basic Rate Interface with the performance features Inquiry/
Brokering and Telephone Number Transmission. The standard connection contains three multiple subscriber numbers.
384
Static IP address
A fixed IP address, in contrast to a dynamic IP address.
Station guarding
Deactivation of acoustic call signalling: do not disturb.
Subaddressing
In addition to the transmission of ISDN telephone numbers, additional information in the form of a subaddress can be transmitted from
the caller to the called party over the D channel when the connection is set up. Addressing that goes beyond the pure MSN, which
can be used e.g. specifically to locate several ISDN terminals that
can be reached on one telephone number for a particular service. In
the called terminal - e.g. a PC - various applications can also be addressed and in some cases executed. Costs are charged for the
performance feature, and it must be requested separately from the
network operator.
Subnet
A network scheme that divides individual logical networks into smaller physical units to simplify routing.
Subnet mask
A method of splitting several IP networks into a series of subgroups
or subnetworks. The mask is a binary pattern that must match the IP
addresses in the network. 255.255.255.0 is the default subnet mask.
In this case, 254 different IP addresses can occur in a subnet, from
x.x.x.1 to x.x.x.254.
Subscriber Name
To distinguish between connections more easily, you can assign a
subscriber name for each internal subscriber.
Suppress Atelephone number
(CLIR)
CLIP/CLIR: Calling line identification presentation/calling line identification restriction
Suppress B telephone number
(COLR)
COLP/COLR: Connected line identification presentation/connected
line identification restriction = Activate/suppress transmission of
called party's telephone number to caller. This performance feature
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
suppresses the display of the called subscriber's telephone number.
If display of the B telephone number is suppressed, your telephone
number is not transmitted to the caller when you take a call.
Suppress own tele- Temporary deactivation of the transmission of your own telephone
phone number
number.
Suppression of the
telephone number
Performance feature of a PBX. The display of the telephone number
can be deactivated on an individual basis.
Switch
LAN switches are network components with a similar function to
bridges or even gateways. They switch data packets between the input and output port. In contrast to bridges, switches have several input and output ports. This increases the bandwidth in the network.
Switches can also be used for conversion between networks with
different speeds (e.g. 100-mbps and 10-mbps networks).
Switchable dialling
method
Option of switching between the pulse dialling method and MFC
method by means of a switch or key input on the terminal, such as
the telephone or fax machine.
Synchronous
Transmission process in which the sender and receiver operate with
exactly the same clock signals â in contrast to asynchronous transmission. Spaces are bridged by a stop code.
Syslog
Syslog is used as the de facto standard for transmitting log messages in an IP network. Syslog messages are sent as unencrypted
text messages over the UDP port 514 and collected centrally. They
are usually used to monitor computer systems.
System telephones
Telephone that belongs to a modern PBX, which - depending on the
PBX - has a number of special features and keys, e.g. the TConcept PX722.
T-DSL
Product name used by Deutsche Telekom AG for its DSL services
and products.
T-Fax
Product name for T-Com fax machines.
T-ISDN
Telephony, faxing, data transfer and online services from one network and a single connection: T-ISDN offers exciting services with
numerous benefits, for example a point-to-multipoint connection the ideal solution for families or small businesses. This connection
option, which can be used with the existing telephone cable, costs
less than two telephone connections but offers far greater quality
and ease of use: Two independent lines, so that you can still make a
bintec WLAN and Industrial WLAN
385
Glossary
Funkwerk Enterprise Communications GmbH
phone call, receive a fax, or surf the Internet when another family
member is making a long call on the other line. Three or more telephone numbers, which you can assign individually to your devices
and distribute differently if needed through simple programming
steps. Most ISDN telephones can "manage" several telephone numbers, so you can set up a "central" telephone in your household, for
example, to allow you to react to calls to all ISDN telephone numbers with this telephone. The fax and telephone in your home office
can also each be assigned a number, as can your son or daughter's
phone. As a result, each family member can be contacted with a
separate number, helping to eliminate "day-to-day friction"! And as
far as the costs are concerned, on request you can have your bill
broken down to show which units have been charged for the individual ISDN telephone numbers.
T-Net
The digital telephone network of T-Com for connecting analogue terminals.
T-NetBox
The answering machine in T-Net and T-ISDN. The T-NetBox can
store up to 30 messages.
T-NetBox telephone Enter the current T-NetBox telephone number here if it differs from
number
the 08003302424 entered ex works. As soon as your T-NetBox receives a voice or fax message, notification is sent to your PBX.
386
T-Online
Umbrella term the T-Com online platform. Offers services such as email and Internet access.
T-Online software
T-Com software decoder for all conventional computer systems that
enables access to T-Online. Supports all functions such as KIT, email and the Internet with a browser. T-Online users receive this
software free of charge.
T-Service
T-Service carries out all installation work and configurations for the
PBX at the customer's request. The service ensures optimum voice
and data transmission at all times thanks to maintenance work.
T-Service access
T-Service access enables you to have your PBX configured by TService. Give T-Service a call! Get advice and provide information
on your configuration requirements. T-Service will then configure
your PBX remotely without you having to do anything.
TA
Terminal Adapter
TAPI
Telephony Application Program Interface
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
TAPI configuration
You can use the TAPI configuration to modify the TAPI driver in line
with the program that uses this driver. You can check which MSN is
to be assigned to a terminal, define a line name, and configure the
dialling parameters. First configure your PBX. You must then configure the TAPI interface. Use the "TAPI Configuration" program.
TCP
Transmission Control Protocol
TCP/IP
Transmission Control Protocol/Internet Protocol
TCU
Telecommunication connection unit
TE
Terminal equipment
TEI
Terminal Endpoint Identifier
Telefax
Term that describes the remote copying for transmitting texts,
graphics and documents true to the original over the telephone network.
Telematics
Telematics is a combination of telecommunication and computer
technology and describes data communication between systems
and devices.
Telnet
Protocol from the TCP/IP protocol family. Telnet enables communication with a remote device in the network.
Terminal adapter
Device for interface adaptation. It enables different equipment to be
connected to T-ISDN. The terminal adapter a/b is used to connect
analogue terminals to the So interface of the ISDN Basic Rate Interface. Existing analogue terminals can still be operated with tone dialling.
TFTP
Trivial File Transfer Protocol
Tiger 192
Tiger 192 is a relatively new and very fast hash algorithm.
TLS
Transport Layer Security
Tone dialling
Multifrequency code method (MFC)
Transfer internal
code
If you receive an internal call, e.g. from the subscriber with internal
telephone number 22, while you are away, this subscriber's internal
telephone number is stored in your telephone's caller list. However,
because your connection is automatically set to Automatic Outside
Line as a result of the ex works settings, you would first have to dial
** for a callback in order to obtain the internal dialling tone, and then
bintec WLAN and Industrial WLAN
387
Glossary
Funkwerk Enterprise Communications GmbH
22. If "Transfer Internal Code" is active, ** is placed before the 22
and the callback can be made directly from the caller list.
Transmission speed The number of bits per second transmitted in T-Net or T-ISDN from
the PC or fax machine. Fax machines achieve up to 14.4 kbps, modems 56 kbps. In the ISDN, data and fax exchange with 64 kbps is
possible. With T-DSL, up to 8 mbps can be received and up to 768
kbps sent.
TSD
Terminal Selection Digit
TTL
TTL stands for Time to Live and describes the time during which a
data packet is sent between the individual servers before it is discarded.
Twofish
Twofish was a possible candidate for the AES (Advanced Encryption Standard). It is regarded as just as secure as Rijndael (AES),
but is slower.
U-ADSL
Universal Asymmetric Digital Subscriber Line
UDP
User Datagram Protocol
Update
Update to a software program (PBX firmware). An update is the updated version of an existing software product, and is indicated by a
new version number.
Upload
Data transfer during online connections, where files are transferred
from the user's PC to another PC or to a data network server.
UPnP
Universal Plug and Play
Upstream
Data transmission rate from the client to the ISP.
URL
Universal/Uniform Resource Locator
USB
Universal Serial Bus
User guidance
Electronic user guidance that takes the user through the required
functions of a terminal such as a telephone, answering machine or
fax machine step by step (menu-guided operation).
UUS1 (User to User This function is only possible for system telephones and ISDN teleSignalling 1)
phones.
V.11
388
ITU-T recommendation for balanced dual-current interface lines (up
to 10 mbps).
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
V.24
CCITT and ITU-T recommendation that defines the interface
between a PC or terminal as Data Terminal Equipment (DTE) and a
modem as Data Circuit-terminating Equipment (DCE).
V.28
ITU-T recommendation for unbalanced dual-current interface line.
V.35
ITU-T recommendation for data transmission at 48kbps in the range
from 60 to 108kHz.
V.36
Modem for V.35.
V.42bis
Data compression procedure.
V.90
ITU standard for 56 kbps analogue modems. In contrast to older
V.34 modems, data is sent in digital form to the client when the V.90
standard is used and does not need to be first converted from digital
to analogue on one side of the modem (provider), as was the case
with V.34 and earlier modems. This makes higher transmission
rates possible. A maximum speed of 56 kbps can be achieved only
under optimum conditions.
Vanity
Letter dialling
VDSL
Very high bit rate digital subscriber line (also called VADSL or BDSL).
VID
VLAN ID
VJHC
Van Jacobson Header Compression
VLAN
Virtual LAN
VoIP
Voice over IP
VPN
Virtual Private Network
VSS
Virtual Service Set
WAN
Wide Area Network
WAN interface
WAN interface
WAN partner
Remote station that is reached over a WAN, e.g. ISDN.
Web server
Server that provides documents in HTML format for access over the
Internet (WWW).
Webmail
T-Online service with which e-mails can be sent and received world-
bintec WLAN and Industrial WLAN
389
Glossary
Funkwerk Enterprise Communications GmbH
wide on the Internet by means of a browser.
390
WEP
Wired Equivalent Privacy
Western plug
(also known as RJ-45 plug) Plug used for ISDN terminals with eight
contacts. Developed by the US telephone company Western Bell.
Western plugs for analogue telephones have four or six contacts.
WINIPCFG
A graphical tool on Windows 95, 98 and Millennium that uses Win32
API to view and configure the IP address configuration of computers.
WLAN
A group of computers wirelessly connected to each other (wireless
LAN).
WMM
Wireless multimedia
WPA
Wi-Fi-protected access
WPA Enterprise
Concentrates primarily on the needs of companies and offers secure
encryption and authentication. Uses 802.1x and the Extensible Authentication Protocol (EAP) and thus offers an effective means of
user authentication.
WPA-PSK
Intended for private users or small businesses that do not run a
central authentication server. PSK stands for Pre-Shared Key and
means that AP and client use a fixed character string (8 to 63 characters) known to all subscribers as the basis for key calculation for
wireless traffic.
WWW
World Wide Web
X.21
The X.21 recommendation defines the physical interface between
two network components in packet-switched data networks (e.g. Datex-P).
X.21bis
The X.21bis recommendation defines the DTE/DCE interface to Vseries synchronous modems.
X.25
An internationally agreed standard protocol that defines the interface
between network components and a packet-switched data network.
X.31
ITU-T recommendation on the integration of X.25-compatible DTEs
in ISDN (D channel).
X.500
ITU-T standards that cover user directory services, see LDAP. Example: The phone book is the directory in which you find people on
bintec WLAN and Industrial WLAN
Glossary
Funkwerk Enterprise Communications GmbH
the basis of their name (agreement with the telephone directory).
The Internet supports several databases with information on users,
such as e-mail addresses, telephone numbers and postal addresses. You can search these databases to obtain information
about individuals.
X.509
bintec WLAN and Industrial WLAN
ITU-T standards that define the format of the certificates and certificate queries and their use.
391
Index
Funkwerk Enterprise Communications GmbH
Index
System Admin Password
68
#1 #2, #3
392
98
152
Authentication 220 , 224 , 255
Authentication Method 234
Authentication Password 308
Authentication Type 86 , 90
Authentication Method 333
Authentication for PPP Dialin 92
Autosave Mode 99 , 293
Access Filter 196
ACCESS_ACCEPT 85
ACCESS_REJECT 85
ACCESS_REQUEST 85
ACCOUNTING_START 85
ACCOUNTING_STOP 85
ACL Mode 131 , 162
Action 137 , 137 , 142 , 142 , 164 ,
196 , 262 , 293 , 317 , 332 , 335
Active IPSec Tunnels 65
Active Radio Profile 152
Active Sessions (SIF, RTP, etc... ) 65
Address Mode 109
Address Range 268
Address Type 268
Address / Subnet 268
Administration Status 151
Administrative Status 230
ADSL Logic 317
Alert Service 325
Alive Check 87 , 238 , 242
Alive Check 333
All Multicast Groups 210
Allow deleting/editing all routing
entries 171
Allowed Addresses 131 , 162
Allowed HotSpot Client 313
Always on 218 , 222 , 253
AP MAC Address 137 , 342 , 342
Apply QoS 262
ARP Processing 128 , 158
Assert State 348 , 348
Assert Winner IP Address 348 , 348
Assigned Wireless Network (VSS)
Back Route Verify 233
Back Route Verify 170
Bandwidth 116 , 154
Based on Ethernet Interface 109
Baudrate 104
Beacon Period 121 , 156
Block after connection failure for 220 ,
224 , 255
Block Time 90 , 238
blocked 216
BOSS 317
BOSS Version 64
Bridge Link Description 141 , 142
Bridge Link Description 340 , 341
Burst size 188
Burst Mode 119 , 155
Byte Count 106
Bytes 333
CA Certificate 95
CA Certificates 238
CA Name 293
Cache Hitrate (%) 279
Cache Hits 279
Cache Size 274
CAPWAP Encryption 151
Certificate is CA Certificate 93
Certificate Request Description 95 ,
293
Certificate Revocation List (CRL)
Checking 93
Channel 116 , 137 , 152
bintec WLAN and Industrial WLAN
Index
Funkwerk Enterprise Communications GmbH
Channel Plan 121 , 156
Channel Sweep 123
Class ID 182 , 188
Class map 182
Clear Serial RX-Buffer 106
Clear Serial TX-Buffer 106
Client Mode 116
Client Link Description 137
Client Link Description 342
Client MAC Address 338
Code 269
Command Mode 293
Command Type 293
Common Name 97
Compare Condition 288
Compare Value 288
Compression 81
Configuration Encryption 317
Configuration contains
certificates/keys 293
Configuration Interface 77
Configured Speed / Mode 102
Confirm Admin Password 68
Congestion Avoidance (RED) 190
Connected 137 , 142
Connection State 180 , 192
Connection Type 253
Connection Idle Timeout 218 , 222 ,
253
Consider 178
Contact 67
Control Mode 185 , 227
Controlled Interfaces 304
Corrupt Frames Received 337
COS Filter (802.1p/Layer 2) 180 , 192
Count 293
Country 97
CPU Usage 65
Create NAT Policy 219 , 223 , 254
CSV File Format 293
CTS frames received in response to an
RTS 337
Current File Name in Flash 317
Current Local Time 70
bintec WLAN and Industrial WLAN
Current Speed / Mode
Custom 97
CW Max. 156
CW Min. 156
102
Data Bits 104
Data Packets Sequence Numbers
251
Data Rate mbps 338 , 338 , 339 , 340
, 340 , 341 , 342 , 342
Date 332
Default Route 219 , 223 , 231 , 254 ,
258
Default Route Distribution 201
Default User Password 86
Delete complete IPSec configuration
246
Description 93 , 101 , 154 , 173 , 180
, 182 , 188 , 192 , 196 , 218 , 222 ,
230 , 234 , 240 , 244 , 250 , 253 ,
258 , 267 , 268 , 268 , 269 , 271 ,
287 , 288 , 293 , 332 , 333 , 335 ,
336 , 337
Description - Connection Information Link 66
Designated Router 344
Designated Router Priority 211
Destination 262
Destination Interface 210
Destination Port 168
Destination Port/Range 174 , 180 ,
192
Destination File Name 317
Destination IP Address 288 , 293 ,
306
Destination IP Address/Netmask 167
, 174 , 180 , 192
Destination Port Range 269
Details 332
DH Group 234
DHCP Hostname 110
DHCP Options 285
DHCP Server 149
393
Index
Funkwerk Enterprise Communications GmbH
DHCP Broadcast Flag 110
DHCP MAC Address 110
Direction 182 , 201
Distribution Mode 178
Distribution Policy 178
Distribution Ratio 179
DNS Hostname 276
DNS Negotiation 220 , 224 , 256
DNS Server 277
DNS Requests 279
DNS Server 273
DNS Server Configuration 273
DNS Test 315
Domain 277
Domain at the HotSpot Server 312
Domain Name 273
dormant 216
down 216
Drop non-members 113
Drop untagged frames 113
Dropped 334 , 344
Dropping Algorithm 190
DSA Key Status 82
DSCP / TOS Value 168
DSCP/TOS Filter (Layer 3) 180 , 192
DTIM Period 121 , 156
Duplicate received MSDUs 337
Dynamic RADIUS Authentication 247
E-mail 97
E-Mail Subject 326
EAP Preauthentification 129 , 160
ED Threshold 156
Enable update 281
Enable IPSec 246
Enable VLAN 114
Enable Discovery Server 309
Enabled 258
Encrypt configuration 293
Encrypted 334
Encryption 90 , 255
Encryption Algorithms 81
Entry active 86 , 90
394
Errors 333 , 334
Event 326
Event Type 288
Event List 288 , 293
Event List Condition 293
Expiry Timer 345 , 348 , 348 , 349
Extended Route 166
External Filename 99 , 100
Facility 322
Fallback interface to get DNS server
274
File Encoding 99 , 100
File Name 293
File Name in Flash 293
Filename 317
Filter 182
Filter Rules 264
Firewall Status 265
First Timeserver 71
Force certificate to be trusted 93
Forward 277
Forward to 277
Forwarded Requests 279
Fragmentation Threshold 121 , 123 ,
156
Frame transmissions without ACK received 337
Garbage Collection Timer 203
Gateway 167 , 285 , 308
Generate Private Key 95
Generation ID 345
Group Description 86 , 178
Group ID 304
Handshake 104
Hashing Algorithms 81
Hello Interval 211
Hello Intervall 251
bintec WLAN and Industrial WLAN
Index
Funkwerk Enterprise Communications GmbH
Hello Hold Time 211
High Priority Class 182
Hold Down Timer 203
Host 277
Host for multiple locations
Host Name 281
HTTP 80
HTTPS 80
HTTPS TCP Port 280
314
IEEE 802.11d Compliance 116
IGMP Proxy 208
IGMP State Limit 207
IGMP State Limit 208
IGMP Status 208
Ignore Certificate Request Payloads
248
IKE (Phase-1) 334
IKE (Phase-1) SAs 333
Include certificates and keys 317
Index Variables 288 , 293
Inter-Byte Gap 106
Interface 78 , 79 , 80 , 102 , 113 , 149
, 167 , 170 , 173 , 179 , 185 , 197 ,
201 , 207 , 211 , 227 , 264 , 277 ,
281 , 284 , 293 , 305 , 308 , 312 ,
343 , 344 , 344 , 345 , 348 , 348 ,
349
Interface Action 305
Interface Mode 109
Interface Status 288
Interface Traffic Condition 288
Interface Description 77
Interface - Connection Information Link 65
Interfaces 182
Internal Time Server 71
Interval 288 , 293 , 304 , 306
Intra-cell Repeating 128 , 158
Invalid DNS Packets 279
IP Compression 242
IP Accounting 323
IP Address 276 , 287 , 308 , 322 , 329
bintec WLAN and Industrial WLAN
, 338 , 338 , 343 , 344 , 345
IP Address Assignment 231
IP Address Mode 219 , 223 , 254
IP Address Range 284
IP Address Range 149
IP Address / Netmask 109 , 201
IP Address / Netmask 336
IP address to use for DNS/WINS server
assignment 274
IP Assignment Pool 231
IP Assignment Pool (IPCP) 254
IP Pool Name 227 , 246
IP Pool Range 227 , 246
IPSec (Phase-2) 334
IPSec Tunnels 334
IPSec (Phase-2) SAs 333
IPSec Debug Level 246
IPSec Pathfinder Mode 247
Join/Prune Interval 211
Join/Prune State 348 , 348 , 349
Join/Prune Hold Time 211
Keepalive Period
Key Size 293
Key Value 258
214
Language for login window 312
Last configuration stored 64
Last Member Query Interval 207
Last Write Result 308
Layer 4 Protocol 168
LCP Alive Check 220 , 224 , 255
LDAP URL Path 101
Lease Time 285
Level 322 , 332
Licence Key 74
Licence Serial Number 74
Lifetime 234 , 240
Local Certificate 234
395
Index
Funkwerk Enterprise Communications GmbH
Local Hostname 250
Local Address 336
Local Certificate 280
Local Certificate Description 99 , 100
, 293
Local File Name 293
Local GRE IP Address 258
Local ID 333
Local ID Type 234
Local ID Value 234
Local IP Address 167 , 219 , 223 ,
231 , 251 , 254 , 258
Local IP Address 105 , 333
Local Port 105 , 333 , 336
Local PPTP IP Address 224
Locality 97
Location 67 , 151
Log Format 324
Logged Actions 265
Logging Level 81
Logon 343
Long Retry Limit 121 , 123 , 156
MAC Address 109 , 287 , 308
MAC Address 336 , 338 , 343
Mail Exchanger (MX) 282
Management VID 114
Manual WLAN Controller IP Address
67
Matching String 326
Max. Clients 128 , 158
Max. Link Distance 116
Max. Period Passive Scan 123
Max. Period Active Scan 123
Max. queue size 190
Max. Receive Lifetime 156
Max. Scan Duration 142
Max. Transmission Rate 119 , 155
Max. Transmit MSDU Lifetime 156
Maximum Number of Dialup Retries
220 , 224
Maximum Retries 251
Maximum Groups 208
396
Maximum Message Level of Syslog
Entries 67
Maximum Messages per Minute 325
Maximum Number of Accounting Log
Entries 67
Maximum Sources 208
Maximum Number of Syslog Entries
67
Maximum Response Time 207
Maximum Time between Retries 251
Maximum TTL for Negative Cache
Entries 274
Maximum TTL for Positive Cache
Entries 274
Maximum Upload Speed 185 , 188 ,
227
mbps 336
Members 267 , 271
Memory Usage 65
Message 332
Message Compression 326
Message Timeout 326
Messages 333
Metric 167
Metric Offset for Inactive Interfaces
201
Metric Offset for Active Interfaces 201
MIB Variables 293
MIB/SNMP Variable to add/edit 293
Min. Period Passive Scan 123
Min. Period Active Scan 123
Min. queue size 190
Minimum Time between Retries 251
Mode 95 , 105 , 137 , 168 , 170 , 207
, 208 , 234 , 244
Mode / Bridge Group 77
Monitored Certificate 288
Monitored Interface 288 , 305
Monitored Variable 288
Monitored Interfaces 330
Monitored IP Address 304
MSDUs that could not be transmitted
337
MTU 220 , 258 , 333
bintec WLAN and Industrial WLAN
Index
Funkwerk Enterprise Communications GmbH
Multicast Group Prefix Length 214
Multicast Group Prefix Length 345
Multicast Routing 206
Multicast Group Address 210 , 214
Multicast Group Range 214
Multicast Group Address 345 , 346 ,
346 , 347 , 348 , 348 , 349
Multicast MSDUs received
successfully 337
Multicast MSDUs transmitted successfully 337
Name 244
NAT 336
NAT method 173
NAT Traversal 238
NAT Detection 333
NAT active 172
Negative Cache 274
Negotiation Type 333
Netmask 254 , 308
Network Type 167
Network Name (SSID) 128 , 135 , 137
, 158
New Destination Port 176
New Destination IP Address/Netmask
176
New File Name 317
New Source Port 176
New Source IP Address/Netmask 168
, 176
No. 170 , 332 , 335
Node Name 308
Noise dBm 338 , 338 , 339 , 340 , 340
, 341 , 342 , 342
Number of Messages 326
Number of Spatial Streams 116 , 154
Number of Admitted Connections 232
Operation Band
Operation Mode
bintec WLAN and Industrial WLAN
116 , 154
116 , 152 , 154
Organization 97
Organizational Unit 97
OSPF Mode 256
Other Inactivity 266
Outbound Interface 188
Overbooking allowed 188
Override Interval 211
Overwrite similar certificate
293
Packets 333
Parity 104
Passed 334
Password 95 , 99 , 100 , 218 , 222 ,
244 , 250 , 253 , 281 , 293 , 317 ,
325 , 330
Password for protected Certificate
293
Peer Address 230
Peer ID 230
Phase-1 Profile 232
Phase-2 Profile 232
Physical Address 343
PIM Mode 211
PIM Status 214
Ping 80
Ping Test 315
Poisoned Reverse 201
Policy 87 , 90
Pool Usage 284
POP3 Server 325
POP3 Timeout 325
Port 172 , 282 , 343
Port Mode 103 , 107
Port Number 105
Positive Cache 274
PPPoE Mode 218
PPPoE Ethernet Interface 218
PPPoE Interfaces for Multilink 218
PPTP Interface 222
PPTP Inactivity 266
PPTP Passthrough 172
PPTP Address Mode 224
Precedence 214
397
Index
Funkwerk Enterprise Communications GmbH
Preshared Key 129 , 133 , 135 , 141 ,
160 , 230
Primary 273 , 273
Primary DHCP Server 287
Priorisation algorithm 185
Priorisation queue 188
Prioritize TCP ACK Packets 220 , 224
, 255
Priority 86 , 90 , 188 , 262
Privacy 133 , 141
Propagate PMTU 242
Propagation Delay 211
Proposals 234 , 240
Protocol 174 , 180 , 192 , 269 , 282 ,
293 , 322
Protocol Header Size below Layer 3
185
Provider 281
Provider Name 282
Proxy Interface 208
Proxy ARP 110 , 233
Proxy ARP Mode 256
PVID 113
QoS Queue 344
Query Interval 207
Queued 344
Queues/Policies 185
RA Encrypt Certificate 95
RA Sign Certificate 95
RADIUS Dialout 87
RADIUS Secret 86
Radius Server 160
RADIUS Server Group ID 244
Rate 340 , 341 , 342
Real Time Jitter Control 185
Reboot after execution 293
Reboot device after 293
Receive Version 198
Received DNS Packets 279
398
Received MPDUs that couldn't be decrypted 337
Recipient 326
Region 143 , 149
Register Suppression Timer 214
Remaining Validity 288
Remote Configuration 141
Remote Hostname 250
Remote Address 336
Remote Networks 332
Remote Port 333 , 336
Remote Device Name 142
Remote File Name 293
Remote GRE IP Address 258
Remote ID 333
Remote IP 105 , 332
Remote IP Address 251
Remote IP Address 333
Remote Link Description 142
Remote link enabled 142
Remote MAC 339 , 340 , 340 , 341
Remote MAC Address 134 , 142 ,
142
Remote PPTP IP Address 224
Rendevous Point IP Address 345 ,
346
Rendezvous Point IP Address 214
Reporting Method 197
Response 276
Retransmission Timer 203
Retries 87
Reverse-Path-Forwarding (RPF) 346
, 347
RFC 2091 Variable Timer 201
RFC 2453 Variable Timer 201
RIP UDP Port 201
Roaming Profile 123
Robustness 207
Role 244
Route Announce 198
Route Entries 219 , 223 , 231 , 254 ,
258
Route Timeout 203
Route Type 167
bintec WLAN and Industrial WLAN
Index
Funkwerk Enterprise Communications GmbH
RSA Key Status 82
RTS Threshold 121 , 123 , 156
RTS frames with no CTS received
337
RTT Mode (Realtime Traffic Mode)
188
Rule Chain 196 , 197
Rx Bytes 335 , 336
Rx Errors 335
Rx Packets 335 , 336 , 336 , 338 ,
338 , 339 , 340 , 340 , 341 , 342
Scan channels 123
Scan Interval 123
Scan Threshold 123
SCEP URL 95
Schedule Interval 303
Second Timeserver 71
Secondary 273 , 273
Secondary DHCP Server 287
Security Mode 129 , 135 , 160
Security Algorithm 332
Select file 317
Selected Channel 116
Selection 268
Send 344
Send Version 198
Send Certificate Chains 248
Send Certificate Request Payloads
248
Send CRLs 248
Send information to 330
Send Initial Contact Message 247
Send Key Hash Payloads 248
Sender E-Mail Address 325
Serial Number 64
Server 282
Server Address 293
Server Timeout 87
Server URL 293
Server Failures 279
Server IP Address 86 , 90
Service 174 , 192 , 262
bintec WLAN and Industrial WLAN
Set status 293
Set Time 70
Set COS value (802.1p/Layer 2) 182
Set Date 70
Set DSCP/TOS value (Layer 3) 182
Set interface status 293
Severity 326
Short Guard Interval 121 , 123 , 156
Short Retry Limit 121 , 123 , 156
Shortest Path Tree 346
Show passwords and keys in clear
text 69
Signal 137
Signal dBm 142
Signal dBm 338 , 338 , 339 , 340 ,
340 , 341 , 342 , 342
Silent Deny 197
Silent Deny 172
SMTP Authentication 325
SMTP Server 325
SNMP 80
SNMP Version 83
SNMP Listen UDP Port 83
SNMP Read Community 69
SNMP Trap Broadcasting 328
SNMP Trap Community 328
SNMP Trap UDP Port 328
SNMP Write Community 69
SNR dB 338 , 342
Source 262
Source Interface 168 , 210
Source Location 293
Source Port 168 , 174
Source Port/Range 174 , 180 , 192
Source Location 164 , 317
Source File Name 317
Source IP Address 288 , 293 , 304 ,
306
Source IP Address/Netmask 174 ,
180 , 192
Source IP Address 346 , 347 , 348 ,
349
Source Port Range 269
Specify bandwidth 264
399
Index
Funkwerk Enterprise Communications GmbH
SSH 80
SSH service active 81
Start Mode 232
Start Time 292
State/Province 97
Status 288 , 332 , 334 , 335 , 336
Stop Bits 104
Stop Time 292
Subject Name 293
Subsystem 328 , 332
Successfully Answered Queries 279
Summary 97
Switch Port 102
Sync SAs with ISP interface state 247
System Logic 317
System Name 67
System Date 64
TACACS+ Secret 90
TCP Inactivity 266
TCP Keepalives 81
TCP Port 90
TCP-MSS Clamping 110
Telnet 80
Temperature 65
Terms &Conditions 312
Third Timeserver 71
Ticket Type 313
Time 332
Time Condition 292
Time Zone 70
Time Update Interval 71
Time Update Policy 71
Timeout 90 , 106
Timestamp 322
Total 334
Traceroute Test 315
Traffic Direction 288
Traffic shaping 185 , 188 , 264
Transferred Traffic 288
Transmit Key 129 , 133 , 135 , 160
Transmit Power 116 , 152
Transmitted MPDUs 337
400
Transparent MAC Address 78
Trials 288 , 304
Trigger 305
Trigger Status 293
Triggered Hello Interval 211
TTL 276
Tunnel Profile 253
Tx Bytes 335 , 336
Tx Errors 335
Tx Packets 335 , 336 , 336 , 338 ,
338 , 339 , 340 , 340 , 341 , 342
Type 180 , 192 , 269 , 335
Type of Messages 322
Type of traffic 173
UDP Inactivity 266
UDP Destination Port 251
UDP Destination Port 257 , 330
UDP Port 87
UDP Source Port 251
UDP Source Port Selection 257
Unchanged for 335
Unicast MPDUs received successfully
337
Unicast MSDUs transmitted
successfully 337
up 216
Up Time 338 , 338 , 339 , 340 , 340 ,
341 , 342 , 342
Update Interval 282
Update Path 282
Update Interval 330
Update Timer 203
Upstream Join State 346 , 346 , 346
Upstream Join Timer 346 , 346 , 346
Upstream Neighbor IP Address 346 ,
346 , 346
Upstream Override Timer 347
Uptime 64 , 345 , 346 , 346 , 346 ,
347 , 348 , 348 , 349
URL 164 , 317
URL SCEP Server URL 293
Usage Area 116
bintec WLAN and Industrial WLAN
Index
Funkwerk Enterprise Communications GmbH
Use CRL 293
Use as Stub interface 211
Use PFS Group 240
Use Zero Cookies 247
Used Channel 152
Used Secondary Channel 116
User Defined Channel Plan 156
User Name 218 , 222 , 253 , 281 ,
325 , 343
Users 244
WPA2 Cipher 129 , 135 , 160
Write certificate in configuration
293
XAUTH Profile
232
Zero Cookie Size
247
Value 337
Vendor Mode 86
Version Check 293
View 344 , 345 , 348
VLAN 162
VLAN Identifier 112
VLAN Members 112
VLAN ID 109 , 162
VLAN Name 112
Walled Garden 312
Walled Network 312
Walled Garden URL 312
WDS Description 133
WDS Description 339 , 340
Weight 188
WEP Key 1 133
WEP Key 2 133
WEP Key 3 133
WEP Key 4 133
WEP Key 1-4 129 , 135 , 160
Wildcard 282
Wildcard Mode 78
Wildcard MAC Address 78
WINS Server 273
Wireless Mode 119 , 155
WLC SSID 293
WMM 128 , 158
WPA Cipher 129 , 135 , 160
WPA Mode 129 , 135 , 160
bintec WLAN and Industrial WLAN
401
Source Exif Data:
File Type : PDF
File Type Extension : pdf
MIME Type : application/pdf
PDF Version : 1.6
Linearized : No
Page Mode : UseOutlines
XMP Toolkit : Adobe XMP Core 4.0-c321 44.398116, Tue Aug 04 2009 14:24:39
Producer : FOP 0.20.5
Modify Date : 2011:08:22 16:43:47+02:00
Create Date : 2011:08:18 14:46:40+02:00
Metadata Date : 2011:08:22 16:43:47+02:00
Format : application/pdf
Document ID : uuid:a84bf3ac-daae-47fd-bf59-6d51821acd62
Instance ID : uuid:f57cffb4-fb4a-4b12-8754-0dab40f03b68
Has XFA : No
Page Count : 425
Type : Info
EXIF Metadata provided by EXIF.tools