Accton Technology ECG9210 VDSL2 Gateway User Manual install
Accton Technology Corp VDSL2 Gateway install
User Manual
| Download: |  |
| Mirror Download [FCC.gov] | |
| Document ID | 1246267 |
| Application ID | i/0iDYlv0iroudF3EXY+xg== |
| Document Description | User Manual |
| Short Term Confidential | No |
| Permanent Confidential | No |
| Supercede | No |
| Document Type | User Manual |
| Display Format | Adobe Acrobat PDF - pdf |
| Filesize | 233.64kB (2920502 bits) |
| Date Submitted | 2010-03-01 00:00:00 |
| Date Available | 2010-03-01 00:00:00 |
| Creation Date | 2010-02-22 09:57:14 |
| Producing Software | Acrobat Distiller 9.3.0 (Windows) |
| Document Lastmod | 2010-02-23 17:43:52 |
| Document Title | install.book |
| Document Creator | FrameMaker 9.0 |
| Document Author: | david |
ECG9210-04
Home Gateway VDSL2
Router with 802.11b/g
capabilities
User Guide
http://www.edgecorenetworks.com
http://www.edgecorenetworks
User Guide
Home Gateway VDSL2 Router
VDSL2 Home Gateway Router with
4100BASE-TX (RJ-45) Ports, 2 VDSL Ports (RJ-11)
and 802.11b/g wireless capabilities
EGC9210-04
E022010-DT-R01
150200000095A
Compliances
FCC - Class B
This equipment has been tested and found to comply with the limits for a Class B
digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a residential installation.
This equipment generates, uses and can radiate radio frequency energy and, if not
installed and used in accordance with instructions, may cause harmful interference to
radio communications. However, there is no guarantee that the interference will not
occur in a particular installation. If this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the equipment off
and on, the user is encouraged to try to correct the interference by one or more of the
following measures:
• Reorient the receiving antenna
• Increase the separation between the equipment and receiver
• Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected
• Consult the dealer or an experienced radio/TV technician for help
You are cautioned that changes or modifications not expressly approved by the party
responsible for compliance could void your authority to operate the equipment.
You may use unshielded twisted-pair (UTP) for RJ-45 connections - Category 3 or
better for 10 Mbps connections, or Category 5 or better for 100 Mbps connections.
This device complies with Part 15 of the FCC Rules. Operation is subject to the
following two conditions: (1) This device may not cause harmful interference, and (2)
this device must accept any interference received, including interference that may
cause undesired operation.
For product available in the USA/Canada market, only channel 1~11 can be operated.
Selection of other channels is not possible.
This device and its antenna(s) must not be co-located or operation in conjunction with
any other antenna or transmitter.
IMPORTANT NOTE:
FCC Radiation Exposure Statement:
This equipment complies with FCC radiation exposure limits set forth for an
uncontrolled environment. This equipment should be installed and operated with
minimum distance 20cm between the radiator & your body.
EC Conformance Declaration
Marking by the above symbol indicates compliance with the Essential Requirements of the
R&TTE Directive of the European Union (1999/5/EC). This equipment meets the following
conformance standards:
• EN 60950-1 (IEC 60950-1) - Product Safety
• EN 300 328 - Technical requirements for 2.4 GHz radio equipment
• EN 301 489-1 / EN 301 489-17 - EMC requirements for radio equipment
This device is intended for use in the following European Community and EFTA countries:
Austria
Belgium
Cyprus
Estonia
Finland
France
Czech Republic Denmark
Germany
Greece
Hungary
Iceland
Ireland
Italy
Latvia
Liechtenstein
Lithuania
Luxembourg
Malta
Netherlands
Norway
Poland
Portugal
Slovakia
Slovenia
Spain
Sweden
Switzerland
United Kingdom
Requirements for indoor vs. outdoor operation, license requirements and allowed channels
of operation apply in some countries as described below:
• In Italy the end-user must apply for a license from the national spectrum authority to
operate this device outdoors.
• In Belgium outdoor operation is only permitted using the 2.46 - 2.4835 GHz band:
Channel 13.
• In France outdoor operation is only permitted using the 2.4 - 2.454 GHz band:
Channels 1 - 7.
Note: The user must use the configuration utility provided with this product to ensure the
channels of operation are in conformance with the spectrum usage rules for
European Community countries as described below.
• This device will automatically limit the allowable channels determined by the current
country of operation. Incorrectly entering the country of operation may result in illegal
operation and may cause harmful interference to other systems. The user is obligated to
ensure the device is operating according to the channel limitations, indoor/outdoor
restrictions and license requirements for each European Community country as described
in this document.
• This device may be operated indoors only in all countries of the European Community
using the 2.4 GHz band: Channels 1 - 13, except where noted below.
• In Italy the end-user must apply for a license from the national spectrum authority to
operate this device outdoors.
• In Belgium outdoor operation is only permitted using the 2.46 - 2.4835 GHz band:
Channel 13.
• In France outdoor operation is only permitted using the 2.4 - 2.454 GHz band:
Channels 1 - 7.
Declaration of Conformity in Languages of the European Community:
Czech
Česky
SMC tímto prohlašuje, že tento Radio LAN device je ve shodě se základními
požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES.
Estonian
Eesti
Käesolevaga kinnitab SMC seadme Radio LAN device vastavust direktiivi
1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele
asjakohastele sätetele.
vi
English
Hereby, SMC, declares that this Radio LAN device is in compliance with the
essential requirements and other relevant provisions of Directive 1999/5/
EC.
Finnish
Suomi
Valmistaja SMC vakuuttaa täten että Radio LAN device tyyppinen laite on
direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin
muiden ehtojen mukainen.
Dutch
Nederlands
Hierbij verklaart SMC dat het toestel Radio LAN device in overeenstemming
is met de essentiële eisen en de andere relevante bepalingen van richtlijn
1999/5/EG
Bij deze SMC dat deze Radio LAN device voldoet aan de essentiële eisen
en aan de overige relevante bepalingen van Richtlijn 1999/5/EC.
French
Français
Par la présente SMC déclare que l'appareil Radio LAN device est conforme
aux exigences essentielles et aux autres dispositions pertinentes de la
directive 1999/5/CE
Swedish
Svenska
Härmed intygar SMC att denna Radio LAN device står I överensstämmelse
med de väsentliga egenskapskrav och övriga relevanta bestämmelser som
framgår av direktiv 1999/5/EG.
Danish
Dansk
Undertegnede SMC erklærer herved, at følgende udstyr Radio LAN device
overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF
German
Deutsch
Hiermit erklärt SMC, dass sich dieser/diese/dieses Radio LAN device in
Übereinstimmung mit den grundlegenden Anforderungen und den anderen
relevanten Vorschriften der Richtlinie 1999/5/EG befindet". (BMWi)
Hiermit erklärt SMC die Übereinstimmung des Gerätes Radio LAN device
mit den grundlegenden Anforderungen und den anderen relevanten
Festlegungen der Richtlinie 1999/5/EG. (Wien)
Greek
Ελληνική
με την παρουσα SMC δηλωνει οτι radio LAN device συμμορφωνεται προσ
τισ ουσιωδεισ απαιτησεισ και τισ λοιπεσ σχετικεσ διαταξεισ τησ οδηγιασ
1999/5/εκ.
Hungarian
Magyar
Alulírott, SMC nyilatkozom, hogy a Radio LAN device megfelel a vonatkozó
alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
Italian
Italiano
Con la presente SMC dichiara che questo Radio LAN device è conforme ai
requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva
1999/5/CE.
Latvian
Latviski
Ar šo SMC deklarē, ka Radio LAN device atbilst Direktīvas 1999/5/EK
būtiskajām prasībām un citiem ar to saistītajiem noteikumiem.
Lithuanian
Lietuvių
Šiuo SMC deklaruoja, kad šis Radio LAN device atitinka esminius
reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas.
Maltese
Malti
Hawnhekk, SMC, jiddikjara li dan Radio LAN device jikkonforma mal-ħtiġijiet
essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/
5/EC.
vii
Spanish
Español
Por medio de la presente SMC declara que el Radio LAN device cumple con
los requisitos esenciales y cualesquiera otras disposiciones aplicables o
exigibles de la Directiva 1999/5/CE
Polish
Polski
Niniejszym SMC oświadcza, że Radio LAN device jest zgodny z
zasadniczymi wymogami oraz pozostałymi stosownymi postanowieniami
Dyrektywy 1999/5/EC.
Portuguese
Português
SMC declara que este Radio LAN device está conforme com os requisitos
essenciais e outras disposições da Directiva 1999/5/CE.
Slovak
Slovensky
SMC týmto vyhlasuje, že Radio LAN device spĺňa základné požiadavky a
všetky príslušné ustanovenia Smernice 1999/5/ES.
Slovenian
Slovensko
SMC izjavlja, da je ta radio LAN device v skladu z bistvenimi zahtevami in
ostalimi relevantnimi določili direktive 1999/5/ES.
Customer Information
1.
2.
3.
4.
5.
6.
7.
viii
This equipment complies with Part 68 of the FCC rules and the requirements
adopted by the ACTA. On bottom of this equipment is a label that contains,
among other information, a product identifier of [INSERT LABEL]. If requested,
this number must be provided to the telephone company.
If this equipment, ECG9210-04, causes harm to the telephone network, the
telephone company will notify you in advance that temporary discontinuance of
service may be required. But if advance notice isn't practical, the telephone
company will notify the customer as soon as possible. Also you will be advised of
your right to file a complaint with the FCC if you believe it is necessary.
The telephone company may make changes in its facilities, equipment, operations
or procedures that could affect the operation of the equipment. If this happens, the
telephone company will provide advance notice in order for you to make
necessary modification to maintain uninterrupted service.
If you experience trouble with this equipment, you disconnect it from the network
until the problem has been corrected or until you are sure that the equipment is
not malfunctioning.
Please follow instructions for repairing if any (e.g. battery replacement section);
otherwise do not alternate or repair any parts of device except specified.
Connection to party line service is subject to state tariffs. Contact the state public
utility commission, public service commission or corporation commission for
information.
If your home has specially wired alarm equipment connected to the telephone
line, ensure the installation of this equipment does not disable alarm equipment,
consult your telephone company or a qualified installer.
Warnings and Cautionary Messages
Warning:
This product does not contain any serviceable user parts.
Caution:
Do not plug a phone jack connector in the RJ-45 port. This may damage this
device.
Caution:
Use only twisted-pair cables with RJ-45 connectors that conform to FCC
standards.
Environmental Statement
The manufacturer of this product endeavours to sustain an environmentally-friendly policy
throughout the entire production process. This is achieved though the following means:
•
•
•
•
•
•
Adherence to national legislation and regulations on environmental production standards.
Conservation of operational resources.
Waste reduction and safe disposal of all harmful un-recyclable by-products.
Recycling of all reusable waste content.
Design of products to maximize recyclables at the end of the product’s life span.
Continual monitoring of safety standards.
End of Product Life Span
This product is manufactured in such a way as to allow for the recovery and disposal of all
included electrical components once the product has reached the end of its life.
Manufacturing Materials
There are no hazardous nor ozone-depleting materials in this product.
Documentation
All printed documentation for this product uses biodegradable paper that originates from
sustained and managed forests. The inks used in the printing process are non-toxic.
ix
x
About This Guide
Purpose
This guide details the hardware features of the Gateway, including its physical and
performance-related characteristics, and how to install the Gateway. It also includes
information on how to operate and use the management functions of the Gateway.
Audience
The guide is intended for use by network administrators who are responsible for installing
and setting up network equipment; consequently, it assumes a basic working knowledge
of LANs (Local Area Networks).
Conventions
The following conventions are used throughout this guide to show information:
Note: Emphasizes important information or calls your attention to related features or
instructions.
Caution: Alerts you to a potential hazard that could cause loss of data, or damage the
system or equipment.
Warning: Alerts you to a potential hazard that could cause personal injury.
Revision History
This section summarizes the changes in each revision of this guide.
January 2010 Revision
This is the first revision of this guide.
xi
xii
Contents
Chapter 1: Introduction
Overview
VDSL Technology
Features and Benefits
Description of Hardware
13
13
14
15
16
Chapter 2: Installation
Installation Overview
Package Contents
System Requirements
Cable Connections
Powering On
Configuring the TCP/IP Protocols
25
25
25
25
26
27
27
Chapter 3: Network Planning
Application Examples
Networking Concepts
Route Determination
Bridging
Routing
Network Applications
Accessing a Remote Site
Accessing the Internet
Network Services
DHCP Service
DNS Service
NAT Functions
Virtual Server
User-Definable Application Sensing Tunnel
DMZ Host Support
Security
Virtual Private Network
29
29
29
29
29
30
30
30
31
32
32
32
32
33
33
33
33
34
Chapter 4: Initial Configuration
Accessing the Setup Wizard
Using the Setup Wizard
35
35
36
Chapter 5: System Configuration
Using the Web Interface
Home Page
Advanced Settings Menu
Status Information
System Information
45
45
46
47
50
50
xiii
Contents
WAN Status
Bridge WAN Status
LAN Status
System Log
DHCP Client List
System Configuration
System Mode
System Time
Admin Settings
System Tools
UPnP
Service Settings
SNMP
DNS
Management IP
WAN Configuration
WAN Type
WAN Settings
Dynamic IP Address
Static IP Address
PPPoE
DDNS
LAN Configuration
LAN Type
LAN Settings
Switch Ports
Route Configuration
Static Routing
Dynamic Routing
Policy Routing
Wireless Configuration
WLAN Security
WEP Security
WPA2 Security
WPS Security
Access Control
Client List
NAT Configuration
Virtual Server
Port Mapping
DMZ
Firewall Configuration
Firewall Settings
IP Filtering
ALG Configuration
xiv
51
52
52
53
53
54
54
56
57
58
59
60
61
63
63
64
64
65
65
66
67
68
69
69
70
72
73
73
74
76
77
79
79
80
82
84
85
86
86
87
89
90
90
91
92
Contents
Remote Control
Denial of Service
VDSL Configuration
VDSL Status and Rate Information
Performance Counters
SNR Information
DELT
IGMP Configuration
IGMP Settings
QoS Configuration
QoS Settings
Traffic Classification
DSCP to 802.1p Mapping
ACS Configuration
TR Settings
Appendix A: Troubleshooting
Diagnosing Gateway Indicators
If You Cannot Connect to the Internet
Problems Accessing the Management Interface
93
94
95
95
98
99
100
101
102
104
104
105
107
108
108
111
111
112
112
Appendix B: Cables
Twisted-Pair Cable and Pin Assignments
10BASE-T/100BASE-TX Pin Assignments
Straight-Through Wiring
Crossover Wiring
Cable Testing for Existing Category 5 Cable
RJ-11 Ports
113
113
113
114
115
115
116
Appendix C: Specifications
117
Physical Characteristics
Standards
Compliances
Wireless Characteristics
117
118
119
119
Glossary
121
Index
127
xv
Contents
xvi
Chapter 1: Introduction
Overview
This device can serve as a key component in any Ethernet-over-VDSL2 data transport
system that consists of an end-user Gateway and a VDSL2 switch connected by
standard telephone cable. The VDSL connection delivers an Ethernet data link rated
up to both 100 Mbps downstream and 100 Mbps upstream (VDSL2 profile 30A), while
simultaneously supporting standard telephone services. The system can be deployed
in any multi-dwelling/multi-tenant environment (apartment blocks, hotels, or office
complexes) to provide both high-speed Internet access and telephone services without
any need for re-wiring. It also provides a built-in 802.11b/g access point for wireless
connectivity.
VDSL switches combine both the data and phone signals coming from your Internet
and telephone service providers, and pass these signals directly over standard
telephone wiring to multiple users in the same building. The Gateway is used to
separate these signals and pass them on to a customer’s computer and telephone
equipment.
The VDSL2 switch is typically located in a wiring closet or other central location of a
multi-dwelling/multi-tenant unit, campus, or enterprise. An Internet connection is
provided from the ISP to the customer’s building over fiber optic cable, running
Ethernet directly over a 1 to 10 Gbps connection. This kind of WAN connection is
referred to as Fiber To The Building (FTTB). Data signals entering a site are first
passed through an Ethernet switch that segregates the signals for individual user
connections, and are then fed into the switch. Phone signals are also routed from PBX/
MDF distribution equipment into the switch. The data and phone signals for each user
are combined in the switch, and passed over VDSL lines to individual customers.
The Gateway at the customer end of the VDSL line connects to any PC equipped with
a 10BASE-T or 100BASE-TX network interface card. Your existing telephone, modem,
or fax machine simply plugs into the Gateway’s phone port. There is no need for
splitters, terminators, or filters. In fact, there is no need to modify your home wiring at
all. And because the VDSL connection is based on Ethernet, no complex software
configuration is required.
The Gateway provides access to a wide range of advanced transport features,
including support for real-time video, and other multimedia services requiring
guaranteed Quality of Service (QoS). It also provides multiprotocol encapsulation for
bridging Windows NetBEUI and Novell’s IPX protocols directly to a remote site for
complete access to corporate resources, or for routing TCP/IP traffic for Internet
connections.
13
1
Introduction
VDSL Technology
VDSL (Very High Bit-Rate Digital Subscriber Line) is at the high-end of all the DSL
technologies, offering the best combination of fiber optics and copper to provide
high-speed broadband Internet access. VDSL’s primary application is in providing a
broadband data service to multi-tenant residential or commercial buildings. In this
implementation, fiber optic cable carries the data from a telephone company’s central
office to the building; then the installed telephone copper wires take the data and
deliver it to individual units within that building.
Telephone
Rooms/Clients
VDSL Gateway
Floor 2
Telephone/Fax
Rooms/Clients
Existing Phone
Lines to Clients
Punch Down
Blocks /
Patch Panels
Floor 1
VDSL Gateway
VDSL
Concentrators
VDSL Lines
Local Servers
(Locally Hosted Services,
Video Servers, Billing)
Ethernet
Switch
ES3526F
Phone Lines
PBX
Fiber Optic Link to ISP
Ethernet
Links to Switch
Telephone Line from Central Office
ISP
(Internet)
Central Office
(PSTN)
Multi-dwelling/Multi-tenant Building
Figure 1-1 Providing Broadband Internet Access through VDSL
VDSL provides high-speed Internet access over existing phone lines by making use of
previously unused frequency bandwidth above the voice band (i.e., up to 30 MHz with
VDSL2). By placing VDSL signals above the frequency of the voice signal, a VDSL
service can coexist on the same line with other telephone services. VDSL can operate
symmetrically, providing the same data rate in both directions, or asymmetrically,
providing a higher data rate in the downstream (receive) direction than in the upstream
(transmit) direction.
VDSL delivers high-performance online applications, such as high-quality video and
other switched multimedia services. This Ethernet VDSL2 Gateway provides robust
performance, with a data rate up to 100 Mbps downstream and 100 Mbps upstream,
and a range up to 200 meters (656 ft).
This system is based on advanced VDSL2 Multi-Carrier Modulation (MCM) technology
with adaptive channel equalization that overcomes bridge taps and other line
14
Features and Benefits
distortions. Reed-Solomon Forward Error Correction and interleaving protects against
errors due to impulse noise, and enables recovery from signal interruptions. Frequency
Division Duplexing (FDD) separates downstream and upstream channels and allows
VDSL signals to coexist with regular telephone services. A power back-off mechanism
is also implemented to reduce noise from crosstalk in line bundles.
Features and Benefits
VDSL features (Gateway side) include:
• High-speed Internet access over existing phone lines
• VDSL2 connection provides the following rate/range options (profile 30A):
Table 1-1 Maximum Rates and Distances
Rate
Mode
Max. Range
100 Mbps
Downstream
200 m (656 ft)
100 Mbps
Upstream
• Concurrent data and telephone services over a single connection
• Always-on digital connection eliminates dial-up delays, providing transparent
reconnection when initiating a network request
• Supports ITU-T VDSL2 and interface standards
• Spectral compatibility with VDSL2, Smartphone digital PBX extensions and
narrowband interference
• Robust operation on severely distorted lines
• Supports power back-off algorithm that permits a mixed distance deployment
• Wireless 802.11b/g access point
• LEDs indicate VDSL link status, and power
• Simple plug-and-play installation
Additional VDSL2 features (Gateway side) include:
•
•
•
•
•
Fast startup for quick initialization
Trellis coding modulation for higher performance
Seamless rate adaptation for enhanced quality in video applications
Variable tone spacing enables best performance for long and short reach lines
Improved framing, overhead channel, and interleaving
Gateway services include:
• Multiprotocol encapsulation of Windows NetBEUI, Novell’s IPX and TCP/IP via
bridging for complete access to corporate resources
• TCP/IP routing transport using RIP or RIP 2 for Internet access
15
1
Introduction
• Network Address Translation (NAT/NAPT) which enables multiple user Internet
access with a single user account, flexible local IP address administration, and
firewall protection
• Virtual Server which allows remote users access to various services at your site
using a constant IP address
• DMZ Host allows a client to be fully exposed to the Internet for applications which do
not work properly behind a firewall
• Dynamic Host Configuration Protocol (DHCP) for dynamic IP address assignment as
a server or server relay
• TR-069 CPE WAN Management Protocol support for communication between the
Gateway and an Auto-Configuration Server
• TR-098 Multi-Service Delivery Framework for Home Networks
Description of Hardware
This Gateway is a Very High Bit-Rate Digital Subscriber Line (VDSL2) customer
premises equipment (CPE) that can connect to a remote site (via bridging) or to the
Internet (via routing). It transports data over standard telephone wire at a symmetric
data rate up to 100 Mbps downstream and 100 Mbps upstream, and a range up to
200 meters (656 ft).
This unit provides the following ports on the rear panel:
• One RJ-11 port for connection to your VDSL service provider’s incoming line.
• One RJ-11 port for connection to your telephone, modem, or fax machine. The
Gateway includes a built-in POTS voice/data splitter, so no external splitter or
low-pass filter is required.
• Four RJ-45 ports for connection to a 10/100BASE-TX Ethernet Local Area Network.
These ports operate at 10/100 Mbps, half/full duplex. All of these ports support
automatic MDI/MDI-X operation, so you can use straight-through cables for all
network connections. (See “10BASE-T/100BASE-TX Pin Assignments,” page 113.)
• One 802.11b/g antenna for wireless connectivity.
• WPS button for instant wireless connection.
• Wall or ceiling mount kit.
The rear panel also includes a DC power input jack, and a screw hole for grounding the
Gateway to earth.
There is also a reset button on the bottom of unit that can be used to restore the device
to its factory default settings.
16
1
Description of Hardware
The following figure shows the front components of the Gateway:
802.11b/g Antenna
WPS Button
PWR
ALAR
M VD
SL VD
SL LA
LINK
N1 LA
TX/RX
N2 LA
N3
LAN4
WLAN
WPS
WPS
Power LED
VDSL LINK LED
ALARM LED
LAN1~4 LEDs
VDSL TX/RX LED
WPS LED
WLAN LED
Figure 1-2 Top Panel
The Gateway includes key system and port indicators that simplify installation and
network troubleshooting. The LEDs, which are located on the top of the unit for easy
viewing, are described in the following table.
Table 1-2 LED Display Status
LED
Color
Status
PWR
Green
On
The unit is being supplied with power.
Off
The unit is not receiving power.
ALARM
VDSL LINK
Orange
Green
Description
On
Indicates VDSL link failure.
Off
Connected to network; VDSL link has been established.
On
A stable link has been established with the VDSL network.
Off
VDSL link has not been established.
Blinking
The unit is synchronizing (initializing the VDSL link).
17
1
Introduction
Table 1-2 LED Display Status (Continued)
LED
Color
Status
VDSL TX/RX
Green
On
Signal detected on VDSL WAN port.
Off
No signal detected on VDSL WAN port.
Blinking
Network traffic is crossing the VDSL WAN port.
LAN1-4
Green
WLAN
Green
WPS
Green
Description
On
Ethernet link signal detected on LAN port.
Off
No Ethernet link signal detected on LAN port.
Blinking
Network traffic is crossing the LAN port.
On/
Flashing
Indicates the 802.11b/g radio is enabled. Flashing indicates
wireless network activity.
Off
Indicates the 802.11b/g radio is disabled.
On (for 10
seconds)
Indicates the WPS authentication of a device has been
successfully completed.
Fast
Flashing
Indicates the WPS authentication of a client device is in
progress.
Slow
Flashing
(for 10
seconds)*
Indicates the WPS authentication of a device did not complete
after 120 seconds.
Off
Indicates that WPS is not in progress.
The following figure shows the rear components of the Gateway:
Power Receptacle
Power Switch
Grounding Point
RJ-45 LAN Ports
Figure 1-3 Rear Panel
18
RJ-11 Phone Ports
Description of Hardware
The following figure shows the base components of the Gateway:
Rubber Feet
Reset Button
Figure 1-4 Base Panel
19
1
Introduction
The gateway also includes a wall/ceiling mount bracket illustrated in the picture that
follows. Align the bracket in the direction indicated, marking four screw holes in the
mounting surface with a pencil. Drill four holes in the mounting surface sufficient in size
to accomodate the screws that you are using. If drilling into a wall, make sure to use
wall-plugs as well.
The mounting bracket also includes two clips for attaching the unit to the backet.
Mounting Holes
Figure 1-5 Mounting Bracket - Front
Before attaching the bracket to the mounting surface be sure to connect the unit to its
required connections, a power source, RJ-11/RJ-45 leads, grounding source, and
power on the unit to make sure that it is functioning and providing connectivity.
20
Description of Hardware
The mounting bracket also includes two clips for attaching the unit to the backet.
Mounting Clips
Figure 1-6 Mounting Bracket - Rear
21
1
Introduction
Figure 1-7 Mounting the unit in the bracket
Figure 1-8
Mount the connected unit into the bracket in the direction of the red arrows shown
above, making sure the unit clips correctly into the mounting clips.
22
Description of Hardware
Figure 1-9 Unit in bracket
23
1
Introduction
If mounting the assembled unit to a vertical surface follow the directions of the red
arrows indicated below.
Figure 1-10 Attaching the bracket to the mounting surface
24
Chapter 2: Installation
Installation Overview
Before installing the Gateway, verify that you have all the items listed in “Package
Contents.” If any items are missing or damaged, contact your local distributor. Also,
be sure you have all the necessary tools and cabling before installing the Gateway.
Package Contents
After unpacking the Gateway, check the contents of the box to be sure that you have
received the following components:
•
•
•
•
•
•
•
•
1 Ethernet-over-VDSL2 Gateway
1 AC power adapter
4 rubber foot pads
CD-ROM containing this User Guide
1 Category 5 UTP straight-through network cable (1 m / 3.28 ft)
1 standard RJ-11 telephone cable (1 m / 3.28 ft)
Mounting bracket (Optional)
Warranty Card
Please inform your dealer if there are any incorrect, missing, or damaged parts. If
possible, retain the carton, including the original packing materials in case there is a
need to return the Gateway for repair.
System Requirements
Before you start installing the Gateway, make sure you can provide the right operating
environment. See the following installation requirements:
• A PC or Macintosh with a 10/100 Mbps Ethernet adapter card installed.
• For Internet access, the computer must be configured for TCP/IP.
• Power requirements: 12 VDC via the included AC power adapter. Make sure that a
properly grounded power outlet is within 1.8 m (6 ft) of the Gateway.
• The Gateway should be located in a cool dry place, with at least 5 cm (2 in.) of space
on all sides for ventilation.
• Place the Gateway out of direct sunlight, and away from heat sources or areas with
a high amount of electromagnetic interference. The temperature and humidity
should be within the ranges listed in the specifications.
• Be sure that the Gateway is also accessible for Ethernet and telephone cabling.
25
2
Installation
Cable Connections
Depending on the wiring configuration used in your house, separate wall jacks may be
used for telephone and VDSL services. Otherwise, you will need to connect
telephones and your computer directly to the Gateway.
RJ-45 Ports
RJ-11 Ports
AC Power Adapter
Telephone, Fax, or Modem
Computer
AC Power Outlet
Standard Telephone Cable
Category 5 UTP cable to
Ethernet port on computer
VDSL Line Wall Jack
Figure 2-1 Connecting the Gateway
1. Using standard telephone cable, connect the Gateway’s RJ-11 VDSL port to the
RJ-11 telephone wall jack providing the VDSL service.
2. Connect a telephone or fax machine to the RJ-11 port on the Gateway labeled
PHONE.
3. For Ethernet connections, make sure you have installed a 10BASE-T or
100BASE-TX network adapter card in the computers to be connected to the LAN.
4. Prepare straight-through shielded or unshielded twisted-pair cables with RJ-45
plugs at both ends. Use 100-Ohm Category 3, 4, or 5 cable for a 10 Mbps Ethernet
connection, or Category 5 cable for a 100 Mbps connection.
5. Connect one end of the cable to the RJ-45 port of the network interface card, and
the other end to any of the RJ-45 LAN ports on the Gateway.
When inserting an RJ-45 plug, be sure the tab on the plug clicks into position to
ensure that it is properly seated.
Caution:
Do not plug a phone jack connector into any RJ-45 port. Use only
twisted-pair cables with RJ-45 connectors that conform to FCC standards.
Notes: 1. When connecting to any network device (such as a PC, hub or switch), you can
use either straight-through or crossover cabling. (Refer to Appendix B: “Cables”
on page 113 for a description of cable types.)
2. Make sure the twisted-pair cable connected to any of the Gateway’s LAN ports
does not exceed 100 meters (328 feet).
26
2
Powering On
Powering On
Plug the power adapter cord into the DC 12V power socket on the Gateway, and then
plug the power adapter directly into a power outlet. Check the LED marked PWR on
the top of the unit to be sure it is on. If the PWR indicator does not light up, refer to
Appendix A: “Troubleshooting” on page 111.
If the Gateway is properly configured, it will take about 30 seconds to establish a
connection with the VDSL service provider after powering up. During this time the
VDSL LINK indicator will flash during synchronization. After the VDSL connection has
been established, the VDSL LINK indicator will stay on.
Configuring the TCP/IP Protocols
To connect the Gateway to a computer through its Ethernet port, the computer must
have an Ethernet network adapter card installed, and be configured for the TCP/IP
protocol. Many service providers configure TCP/IP for client computers automatically
using a networking technology known as Dynamic Host Configuration Protocol
(DHCP). Other service providers may require you to use a specific IP configuration
(known as a static IP address), which must be entered manually.
Carry out the following steps to check that the computer’s Ethernet port is correctly
configured for DHCP.
Windows 95/98/NT
1. Click “Start/Settings/Control Panel.”
2. Click the “Network” icon.
3. For Windows NT, click the “Protocols” tab.
4. Select “TCP/IP” from the list of network protocols; this may include details of
adapters installed in your computer.
5. Click “Properties.”
6. Check the option “Obtain an IP Address.”
Windows 2000
1. Click “Start/Settings/Network/Dial-up Connections.”
2. Click “Local Area Connections.”
3. Select “TCP/IP” from the list of network protocols.
4. Click on “Properties.”
5. Select the option “Obtain an IP Address.”
Windows XP
1. Click “Start/Control Panel/Network Connections.”
27
2
Installation
2. Right-click the “Local Area Connection” icon for the adapter you want to configure.
3. Highlight “Internet Protocol (TCP/IP).”
4. Click on “Properties.”
5. Select the option “Obtain an IP address automatically” and “Obtain DNS server
address automatically.”
Windows Vista
1. Click Start/Control Panel.
2. Double-click “Network and Sharing Center.”
3. Click “View status.”
4. Click “Properties.” If the “User Account Control” window appears, click “Continue.”
5. Highlight “Internet Protocol Version 6 (TCP/IPv6)” or “Internet Protocol Version 4
(TCP/IPv4),” and click “Properties.”
6. Select the option “Obtain an IP address automatically” and “Obtain DNS server
address automatically.”
Mac OS
1. Pull down the Apple Menu. Click “Control Panels” and select “TCP/IP.”
2. In the TCP/IP dialog box, verify that “Ethernet” is selected in the “Connect Via:”
field.
3. If “Using DHCP Server” is already selected in the “Configure” field, your computer
is already configured for DHCP. Otherwise, select “Using DHCP Server” in the
“Configure” field and close the window.
4. Another box will appear asking whether you want to save your TCP/IP settings.
Click “Save.”
5. Your service provider will now be able to automatically assign an IP address to your
computer.
28
Chapter 3: Network Planning
Application Examples
VDSL provides significant savings on network installation, equipment, and service
fees. Internet services operate over existing phone cabling and a minimal amount of
network equipment. The only changes require installing a VDSL CPE (or Gateway
as described in this manual) for each client, and a VDSL switch in the basement or
wiring closet. Internet service can then be provided over a direct Ethernet connection
from your ISP. For non-commercial environments, you can run the switch through a
broadband router (such as this Gateway) at the customer’s site. This will allow you
to use a single-user account and ISP sharing to significantly reduce network access
charges.
Using VDSL provides Internet connections of up to 100 Mbps downstream and 100
Mbps upstream at 200 meters. Installation is extremely economical for
multiple-tenant dwellings such as apartment buildings, hotels or school dormitories,
as well as commercial buildings.
VDSL provides multiple-user access to the Internet with benefits including:
• Internet services such as e-mail over faster connections than currently possible
with other options such as cable modem or ADSL
• Multimedia applications such as video and virtual gaming made available to the
broader public for the first time
• Access to corporate intranets at speeds close to that available in the office
• Both local network applications and Internet services are supported for commercial
environments
Networking Concepts
Route Determination
Depending on the transport protocol used, this device can handle traffic as a Layer-2
bridge, using only the physical address stored in the packet’s source and destination
address fields. Or it can forward traffic as a fully functional Layer-3 router, using a
specific route (that is, next hop) for each IP host or subnet that is statically
configured or learned through dynamic routing protocols.
Bridging
When Bridge Mode is selected, the Gateway behaves like a wire directly connecting
your local network to the ISP. The Gateway simply stores the physical address and
corresponding port number of each incoming packet in an address table. This
information is subsequently used to filter packets whose destination address is on
29
3
Network Planning
the same segment (that is, the local network or remote network) as the source
address.
Routing
When Router Mode is selected, the Gateway forwards incoming IP packets and
uses RIP or RIP-2 for routing path management if enabled. The router supports both
static routing and dynamic routing.
• Static routing requires routing information to be stored in the router, either manually
or when a connection is set up, using the default gateway designated by your ISP.
• Dynamic routing uses a routing protocol to exchange routing information,
calculates routing tables, and responds to changes in the status or traffic on the
network.
Dynamic Routing Protocols - This router supports both RIP and RIP-2 dynamic
routing protocols. Routing Information Protocol (RIP) is the most widely used
method for dynamically maintaining routing tables in small to medium networks. RIP
uses a distance vector-based approach to routing. Routes are chosen to minimize
the distance vector, or hop count, which serves as a rough estimate of transmission
cost. Each router broadcasts an advertisement every 30 seconds, together with any
updates to its routing table. This allows all routers on the network to build consistent
tables of next hop links which lead to relevant subnets.
RIP-2 is a compatible upgrade to RIP. However, RIP-2 adds useful capabilities for
plain text authentication, multiple independent RIP domains, variable length subnet
masks, and multicast transmissions for route advertising (see RFC 1388).
Note: If the destination route is not found in the routing table, the router simply transmits
the packet to a default router for resolution.
Network Applications
The Gateway can be configured as a bridge for making a transparent connection to
a remote site, or as a router for accessing the Internet. These applications are briefly
described in the following sections.
Accessing a Remote Site
The Gateway can be configured to act as a transparent bridge between a local PC
or LAN attached to the Ethernet ports and a remote site across the WAN VDSL link.
Bridging can be used to make two separate networks appear as if they were part of
the same physical network. When data enters an Ethernet port on the Gateway, its
destination MAC address (physical address) is checked in the address database to
see if it is located in the local segment (that is, attached to one of the Gateway’s
Ethernet ports). If the destination address is not found, the frame is forwarded to the
VDSL port and queued for output. If the destination address is found to belong to
one of the local ports, the frame is dropped or “filtered.” However, note that
broadcast or multicast frames are always broadcast across the VDSL link.
30
Network Applications
The source MAC address of each frame is recorded into the address database only
if it belongs to the local LAN segment. This information is then used to make
subsequent decisions on frame forwarding. The address database can hold up to
512 unique MAC addresses. An entry in the address database will be discarded only
if it has not been accessed for a period of time called the aging time. This is to
ensure that correct forwarding decisions can still be made when a node is moved to
another port, and to keep the table clean.
VDSL
ECG9210-04
ECG9210-04
10/100Mbps Ethernet LAN
10/100Mbps Ethernet LAN
Figure 3-1 Transparent Bridged Network
Accessing the Internet
To access the Internet, which uses the TCP/IP protocol exclusively, the Gateway
should be configured to function as a router. One side of the connection is formed by
the ports attached to a local 10/100Mbps Ethernet LAN (or directly to a host PC with
an Ethernet adapter), while the other is the Layer 3 transport service running on the
VDSL port. When the Gateway receives an IP packet over the WAN interface, the
destination address is checked in the routing table. If the address is found, the
packet is forwarded to the associated interface/port. Otherwise, the packet is
dropped. When it receives an IP packet over the LAN interface, it also checks the
routing table. If the source and destination address are in the same subnet, no
action is required because the packet can be passed on at Layer 2. If the address is
found to be in a remote subnet, the packet is forwarded to the next hop router.
Otherwise, if not found in the address table, it is sent to the default gateway
designated by the ISP.
The routing table contains information on which networks are accessible through
each interface. It can be dynamically updated using the Routing Information Protocol
(RIP), or statically configured through the web management interface. If you use
RIP, the router will exchange information with neighboring routers to learn the best
routes to remote networks, and advertise the networks for which it can provide the
best route.
When the system is powered on, the Gateway builds its own routing database
according to previous static routing entries, and/or collects routing information from
adjacent routers through RIP or RIP-2 protocol. RIP (that is, RIP-1) is generally
supported by all routers, but RIP-2 carries more information which allows the router to
31
3
Network Planning
make better choices on the most appropriate path to a remote network. However,
RIP-1 is adequate for most networks and involves less overhead.
VDSL
Internet
VDSL
ECG9210-04
Local Area Network
PPP/ATM
ISP
DSLAM
TCP/IP Protocol
Figure 3-2 Routed Network
Network Services
DHCP Service
Dynamic Host Configuration Protocol (DHCP) allows network clients to dynamically
obtain TCP/IP configuration information upon bootup. When a DHCP client starts, it
broadcasts a DHCP request. The Gateway can be set up to respond to the client
with configuration information (including, an IP address, subnet mask and default IP
gateway) or to relay the request to another DHCP server.
The Gateway can be configured with an client pool of up to 254 IP addresses. These
addresses are leased to the requesting client for a specified amount of time, or until
the device surrenders the address during shut-down. Windows 95, 98, NT, 2000,
and Vista hosts as well as other systems that provide DHCP client services can be
configured with a TCP/IP address provided by this Gateway.
DNS Service
The DNS protocol is used to map host names to IP addresses. The Gateway can
specify a well-known DNS server, or relay service requests directly through to the
ISP for resolution.
NAT Functions
Network Address Translation (NAT) allows you to map multiple IP addresses for
clients from your local Ethernet through to the Internet using a single IP address for
the VDSL port. This allows multiple users to access the Internet using a single-user
account from your ISP.
32
Network Services
Virtual Server
You can also map multiple local servers to the Gateway’s external IP address. In this
way, service requests from Internet users can be redirected to designated servers
on the local network. This allows you to define a single access point for all the
Internet services provided at your site, such as a local web server or an FTP server.
And then, just by entering the external IP address for your site (provided by your
ISP), Internet users can access the service they need at the local address to which
you redirect them.
NAT allows Internet users through to the services you designate, but because all
your internal IP addresses are private, this provides a natural firewall that prevents
direct access to local resources by hackers. NAT also simplifies address
management because changes to IP addresses for local services will not affect
access for Internet users accessing your site. For example, when you update an IP
address for an Internet server on your local network, Internet users can continue to
access the service via the same external IP address.
User-Definable Application Sensing Tunnel
You can define special applications that require multiple connections such as
Internet gaming, videoconferencing, and Internet telephony. The Gateway can then
sense the application type and open a multi-port TCP/UDP tunnel for it.
DMZ Host Support
DMZ allows a networked computer to be fully exposed to the Internet. This function
is used when the special application sensing tunnel is insufficient to allow an
application to function correctly.
Security
The Gateway supports security features that can deny Internet access to specified
users, or filter all requests for specific services the administrator does not want to
serve. The Gateway’s firewall can also block common hacker attacks, including IP
Spoofing, Land Attack, Ping of Death, IP with zero length, Smurf Attack, UDP port
loopback, Snork Attack, TCP null scan, and TCP SYN flooding.
It also supports the following additional security features:
•
•
•
•
•
Disable Ping from the LAN or WAN side
Discard port scans from the WAN side
Filter specific MAC or IP addresses
Block certain web sites based a specified URL
Stateful Packet Inspection which accepts only legitimate packets based on
connection type
33
3
Network Planning
Virtual Private Network
The Gateway supports three of the most commonly used VPN protocols – PPTP,
L2TP and IPSec. These protocols allow remote users to establish a secure
connection to their corporate network. If your service provider supports VPNs, then
any of these protocols can be used to create an authenticated and encrypted tunnel
for passing secure data over the Internet (i.e., a traditionally shared data network).
The VPN protocols supported by the Gateway are briefly described below.
Point-to-Point Tunneling Protocol – Provides a secure tunnel for remote client
access to a PPTP security gateway. PPTP includes provisions for call origination
and flow control required by ISPs.
Layer Two Tunneling Protocol – L2TP includes most of the features provided by
PPTP, but has less overhead and is more suited for managed networks.
IP Security – Provides IP network-layer encryption. IPSec can support large
encryption networks (such as the Internet) by using digital certificates for device
authentication.
34
Chapter 4: Initial Configuration
Accessing the Setup Wizard
The Gateway provides a Setup Wizard for initial configuration of the unit’s operating
mode (Bridge or Router as described in “Networking Concepts” on page 29) and
WAN IP address (when Router mode is selected).
For initial configuration, connect a PC directly to one of the LAN ports on the back of
the unit, and use a web browser (such as Internet Explorer 6.0 or above, or Mozilla
Firefox 2.0.0.0 or above) to connect to the Gateway.
The Gateway has a default IP address of 192.168.2.1 and a subnet mask of
255.255.255.0. If your PC is set to “Obtain an IP address automatically” (that is, set
as a DHCP client), you can connect immediately to the web interface. Otherwise,
you must set your PC IP address to be on the same subnet as the Gateway (that is,
the PC and Gateway addresses must both start with 192.168.2.x).
To access the Setup Wizard, follow these steps:
1. Use your web browser to connect to the management interface using the default
IP address of 192.168.2.1.
2. Log into the Gateway’s management interface by entering the default user name
and password both as “admin,” and then click OK.
Figure 4-1 Login Dialog Box
35
4
Initial Configuration
3. Click WIZARD when the home page appears.
Figure 4-2 Home Page
Using the Setup Wizard
There are only a few basic steps you need to set up the Gateway, and to configure
an IP address for the WAN interface (when operating in Router mode).
The Setup Wizard takes you through the configuration procedures shown below:
1. Select the Operating Mode – By default, the Gateway is set to operate in Bridge
mode, and requires no other features to be set before using the Advanced Setup
menu. If you plan on using the Gateway in Bridge mode, just click Next and skip
to Step 4. Otherwise, select Router mode, and click Next.
Figure 4-3 Mode Selection (Bridge Mode)
36
Using the Setup Wizard
If Router mode is selected the information displayed on the screen changes to
that shown below.
Figure 4-4 Mode Selection (Router Mode)
2. Set the WAN Connection Type – By default, the Gateway’s WAN port is
configured for dynamic IP assignment using DHCP. Select the option indicated by
your Internet service provider, and click Next.
Figure 4-5 WAN Type
• Dynamic IP – If you selected Dynamic IP, the following screen will appear.
Click Next to confirm your selection.
Figure 4-6 WAN Setting (Dynamic IP)
37
4
Initial Configuration
• Static IP – If you selected Static-IP, the following screen will appear. Fill in the
required settings, and then click Next.
Figure 4-7 WAN Setting (Static IP)
Field Attributes
• IP address assigned by your ISP – IP address of the WAN interface. Valid
addresses consist of four decimal numbers, 0 to 255, separated by periods.
• Subnet Mask – This mask identifies the subnet and host portion of the IP
address.
• Default Address – The IP address of the gateway router which is used if the
requested destination address is not on the local subnet, nor in any of the
routing tables.
• Primary DNS – The IP address of the Primary Domain Name Server on the
network. A DNS maps numerical IP addresses to domain names which can
be used to identify network hosts by familiar names instead of the IP
addresses.
• Secondary DNS – The secondary domain name server.
38
Using the Setup Wizard
• PPPoE – If you selected PPPoE, the following screen will appear. Fill in the
required settings, and then click Next.
Figure 4-8 WAN Setting (PPPoE)
Field Attributes
•
•
•
•
User Name – Sets the PPPoE user name. (Range: 1-32 characters)
Password – Sets a PPPoE password. (Range: 1-32 characters)
Password Confirm – Prompts you to re-enter your password.
Service Name – The service name assigned for the PPPoE connection. The
service name is normally optional, but may be required by some service
providers. (Range: 1-32 characters)
• Access Concentrator Name – The name of the access concentrator to use
in PPPoE Active Discovery Offers (PADO). (Range: 1-32 characters)
• MTU (1400-1492) – Sets the maximum packet size that the WAN port may
transmit. The Maximum Transmission Unit is expressed in bytes. By default,
the Gateway will send several test messages to determine the MTU for the
upstream connection. (Range: 1400-1492 bytes)
• Idle Time (0-99) – The maximum length of inactive time the unit will stay
connected to the service provider before disconnecting. Select
“Auto-reconnect” to reconnect to the upstream gateway whenever an
Internet access request is made. (Range: 1-99 minutes; Default: 2 minutes)
39
4
Initial Configuration
3. Enable Local DHCP Service – By default, the Gateway’s is configured to
provide DHCP service to any client attached to the Gateway’s LAN ports. Set the
administrative status of this feature, and click Next.
Figure 4-9 DHCP Setting
4. Set Wireless Settings – The wireless radio on the Gateway is disabled by
default. To enable it check the WLAN Enable box. The access point’s ESSID is
automatically set, but may be changed by altering this field. Click Next to continue
with the wireless setup.
Figure 4-10 WLAN Setting
Field Attributes
• WLAN – Enables the wireless radio interface.
• ESSID – The name of the wireless network service provided by the VAP.
Clients that want to connect to the network must set their SSID to the same
as that of the VAP interface. (Default: ECG9210-04_AP-0; Range: 1-32
characters)
40
Using the Setup Wizard
5. Setting WLAN Security (WEP) – Sets the wireless security encryption key for
the wireless network.
Figure 4-11 WLAN Security - WEP
Field Attributes
• None – Disables security on the access point. (Default: Disabled)
• WEP – WEP is used as the multicast encryption cipher.
• Authentication Mode – Defines the mode with which the access point will
associate with other clients.
• Key Mode – Select 64 Bit, or 128 Bit length. Note that the same size of
encryption key must be supported on all wireless clients.
(Default: 64 Bit)
• Active Key – Selects the key number to use for encryption for the VAP
interface. If the clients have all four keys configured to the same values, you
can change the encryption key to any of the eight settings without having to
update the client keys. (Default: Key 1)
41
4
Initial Configuration
Setting WLAN Security (WPA) – Sets the WPA/WPA2 PSK wireless security
encryption key for the wireless network.
Figure 4-12 WLAN Security - WPA
Field Attributes
• TKIP/AFS – TKIP/AES is used as the multicast encryption cipher.
• AES – AES is used as the multicast encryption cipher. AES-CCMP is the
standard encryption cipher required for WPA2.
6. Click Next followed by Apply on the next srceen to save your settings. The unit
will save your settings and restart. Note that your configuration changes are not
saved until the Setup Wizard is completed and the system restarted.
Figure 4-13 Saving Your Settings
42
Using the Setup Wizard
7. When the system restarts, a countdown window displays for about 60 seconds.
Figure 4-14 Reboot
43
4
44
Initial Configuration
Chapter 5: System Configuration
Using the Web Interface
The Gateway provides a web-based management interface for configuring device
features and viewing statistics to monitor network activity. This interface can be
accessed by any computer on the network using a standard web browser (such as
Internet Explorer 6.0 or above, or Mozilla Firefox 2.0.0.0 or above).
Note: You can also use the Command Line Interface (CLI) to manage the Gateway over
a serial connection to the console port or via Telnet or SSH.
To make an initial connection to the management interface, connect a PC to one of
the Gateway’s LAN ports. Then either set it to “Obtain an IP address automatically”
(DHCP service is enabled by default on the Gateway) or configure it with a static
address within the same subnet as that used by the Gateway (that is, 192.168.2.x
with the subnet mask 255.255.255.0).
To access the configuration menu, follow these steps:
1.
Use your web browser to connect to the management interface using the
default IP address of 192.168.2.1.
2.
Log into the Gateway’s management interface by entering “admin” as both the
default user name and password.
Note: It is strongly recommended to change the default password the first time you
access the web interface. For information on changing the password, see “Admin
Settings” on page 57.
45
5
System Configuration
Home Page
When your web browser connects with the Gateway’s web agent, the home page is
displayed as shown below. For initial configuration, you can use the Setup Wizard as
described in the preceding chapter. To carry out more detailed configuration tasks,
use the Advanced Setup Menu, as described in this chapter.
Figure 5-1 Home Page
46
Using the Web Interface
Click “START WITH ADVANCED SETUP” to open the Advanced Settings menu as
shown below. By default, the Gateway is set to Bridge Mode. (For a brief description
of Bridge Mode and Router Mode, see “Route Determination” on page 29.)
Figure 5-2 Initial Page for Advanced Settings (Router Mode)
Advanced Settings Menu
The Advanced Settings pages display the main menu on the left side of the screen
and sub-menu tabs at the top of screen. The main menu links are used to navigate
between key functional categories, while the sub-menus list related topics within
each of these categories. The sub-menus display configuration parameters, fixed
system information, or network statistics.
The information in this chapter is organized to reflect the structure of the web
management screens for easy reference.
The configuration pages include the options listed in the table below. For details on
configuring each feature, refer to the corresponding page number.
Note: The displayed pages and settings may differ depending on whether the unit is in
Bridge Mode or Router Mode.
Table 5-1 Advanced Settings Menu
Menu
Description
STATUS
System information, access logs, and DHCP client list Both
50
Shows firmware/hardware and VDSL code versions, as Both
well as the unit’s serial number
50
Information
Mode
Page
47
5
System Configuration
Table 5-1 Advanced Settings Menu (Continued)
Menu
Mode
Page
WAN
Shows configuration status (DHCP or static), IP
Router 51
address, subnet mask, DNS servers, gateway address,
and WAN link status
LAN
Shows IP address, subnet mask, and local DHCP
server status
Log
Displays a log of all network access and service activity Both
DHCP
Displays addresses currently bound to DHCP clients
SYSTEM
Router 52
53
Router 54
Basic administrative settings
Both
54
Mode
Sets the device to operate as s bridge or router
Both
54
Time
Configures NTP settings, including time zone, server,
and refresh time
Router 57
Admin
Configures access password, and IP address(es)
authorized for remote access over the WAN link
Both
57
Tools
Includes management tools for pinging another device, Both
updating firmware, restoring factory defaults, and
rebooting the unit
58
UPnP
Enables UPnP auto-discovery mechanism
Router 59
Services
Enables TFTP, Telnet, and Secure Shell access
Router 60
SNMP
Configures SNMP settings.
Both
61
DNS
Dynamic Name Server
Both
69
WAN
Wide Area Network
Router 69
WAN Type
Configures virtual WAN ports
Both
WAN Settings
Configures address configuration options for DHCP,
static assignment or PPPoE
Router 64
DDNS
Configures dynamic DNS services for DynDNS and
TZO servers
Router 69
LAN
64
Local Area Network
Both
69
LAN Type
Configures VLANs
Both
69
LAN Settings
Configures IP settings for the LAN, including IP
address, DHCP server, and DNS assignment
Both
69
Switch Ports
Configures port connection parameters, including
speed and duplex mode
Both
72
Route Configuration
Router 69
Static Routing
Configures and displays static routing entries
Router 73
Dynamic Routing
Configures dynamic route learning from LAN and WAN Router 74
interfaces
Policy Routing
Configures IP policy routing
Router 76
Wireless Configuration
Both
ROUTE
Wireless
48
Description
77
Using the Web Interface
Table 5-1 Advanced Settings Menu (Continued)
Menu
Description
Mode
Wireless
Configures wireless AP settings
Both
79
Client List
List of all wireless clients currently associated with the Both
AP
85
NAT
Page
Network Address Translation
Router 86
Maps public to private service addresses
Router 86
Port Mapping
Maps one or more service ports to a local server
Router 87
DMZ
Allows a specified host on the local network to access Router 89
the Internet without any firewall protection
Virtual Server
FIREWALL
Both
90
Firewall Settings
Enables or disables the firewall, and sets default policy Both
for addresses not found in the MAC or IP filtering list
90
IP Filtering
Filters IP addresses of clients accessing the Internet
91
ALG
Enables or disables customized NAT traversal filters for Router 92
SIP, H323, IRC, PPTP, SNMP, TFTP, and IPSEC.
Remote Control
Configures remote management access of the WAN
port.
Both
VDSL Configuration
VDSL
Firewall Configuration
Both
93
Both
95
Rate Information
Displays general VDSL status information for the VDSL Both
line, BME and specific ports; also displays current rate
for various stream types
95
Performance Counters
Displays performance information including common
error conditions for the VDSL line
Both
98
SNR
Displays counters for sound-to-noise ratio
measurements
Both
99
Internet Group Management Protocol
Both
101
Configures IGMP Proxy, IGMP Snooping, Fast Leave
Both
102
Quality of Service
IGMP
IGMP
QoS
Both
104
QoS Settings
Enables or disables QoS, sets the upstream rate limit, Both
and the queuing mode
104
Traffic Classification
Configures diffServ priorities based on protocol type, Router 105
source and destination addresses, and TCP/UDP port
ACS
TR Settings
Auto-configuration server (TR-069 and TR-098)
Router 108
Configures parameters for establishing connection
between Gateway and auto-configuration server
Router 108
49
5
System Configuration
Status Information
The Status pages display details on the current configuration and status of the
Gateway, network access logs, and DHCP client lists.
Note: The Status Information pages display different statistics depending on the mode
selected – Bridge or Router. Refer to “Networking Concepts” on page 3-29 for a
general description about these operating modes. Refer to “System Mode” on
page 5-54 for information on setting the operation mode.
System Information
The System Information page displays firmware/hardware and VDSL code versions,
the physical address of the LAN and WAN interfaces, and the unit’s serial number.
Click Status, System Info.
Figure 5-3 System Information
Field Attributes
•
•
•
•
•
•
•
•
50
Connected Clients – The number of DHCP clients serviced by the Gateway.
Runtime Code Version – Version number of operation code.
LAN MAC Address – The physical layer address for the LAN interface.
WAN MAC Address – The physical layer address for the WAN interface.
Hardware Version – Hardware version of the main board.
VDSL Version – VDSL firmware version.
Serial Number – Serial number of the main board.
Product ID – The product identification number.
Status Information
•
•
•
•
•
Company Name – The name of the manufacturer.
Postal Address – The postal address of the manufacturer.
Phone Number – The phone number of the manufacturer.
Fax Number(option) – The facsimile number of the manufacturer.
Support E-mail Address – The support email address.
WAN Status
This page shows the administrative status, the IP address configuration mode
(DHCP, static assignment, or PPPoE), the IP address, subnet mask, DNS servers,
gateway address, and WAN link status.
Click Status, WAN Status.
Figure 5-4 WAN Status
Field Attributes
• Mode – The administrative status of the WAN interface (on or off), the IP address
configuration mode (DHCP, Static IP, or Pope).
• TX packets – The total number of transmitted packets sent by the unit since boot
up.
• TX bytes – The total number of transmitted bytes sent by the unit since boot up.
• RX packets – The total number of packets received by the unit since connection
to a network.
• RX bytes – The total number of bytes received by the unit since connection to a
network.
51
5
System Configuration
Bridge WAN Status
This page shows the administrative status of the bridge WAN port.
Click Status, Bridge WAN Status.
Figure 5-5 Bridge WAN Status
Field Attributes
• Mode – The administrative status of the bridge WAN port.
• TX packets – The total number of transmitted packets sent by the unit since boot
up.
• TX bytes – The total number of transmitted bytes sent by the unit since boot up.
• RX packets – The total number of packets received by the unit since connection
to a network.
• RX bytes – The total number of bytes received by the unit since connection to a
network.
LAN Status
This page shows the IP address, subnet mask, and local DHCP server status.
Click Status, LAN Status.
Figure 5-6 LAN Status
Field Attributes
• IP Address – IP address of the LAN interface.
52
Status Information
• Subnet Mask – This mask identifies the subnet and host portion of the IP address.
• DHCP Server – Shows if the Gateway’s DHCP server is enabled or disabled.
System Log
This page displays a log of all network access requests by client devices and service
responses sent from the Gateway.
Click Status, System Log.
Figure 5-7 System Log
Field Attributes
• Log Entry – Shows the date, time, process, and description.
• Download – Downloads the log table as an raw text file. In Windows, this is
downloaded to Notepad.
• Clear – Flushes the log table.
• Auto Refresh – Automatically updates the log table every 5 seconds.
DHCP Client List
This page displays the addresses currently bound to DHCP clients.
Click Status, DHCP Client List.
Figure 5-8 DHCP Client List
Field Attributes
• LAN Client List – The list of assigned addresses for the listed LAN.
53
5
System Configuration
• Count Down – The time after which the connection will expire and the DHCP client
must request a new IP address.
• MAC Address – The MAC address of the DHCP client.
• IP Address – The IP address assigned to the DHCP client.
• Host – The host name of the DHCP client.
System Configuration
The System pages are used to configure basic administrative settings, including the
operating mode (bridge or router), NTP server selection, management access
control through a password or specified host address, firmware upgrade, UPnP
auto-discovery, and management through TFTP, Telnet or Secure Shell.
System Mode
This page sets the Gateway to operate as s bridge or router. Refer to “Networking
Concepts” on page 3-29 for a general description about these operating modes.
Click System, System Mode. Select the required operating mode, and click Apply.
Figure 5-9 System Mode - Bridge
Figure 5-10 System Mode - Router
54
System Configuration
Figure 5-11 System Mode - Router - DHCP Enabled
Field Attributes
• Bridge – Sets the Gateway to function as a Layer-2 bridge, using only the physical
address stored in the packet’s source and destination address fields to pass traffic.
• Router – Sets the Gateway to function as a Layer-3 router, using a specific route
(that is, next hop) for each IP host or subnet that is statically configured or learned
through dynamic routing protocols.
The Gateway must reboot after each mode change. It takes about 60 seconds for
the router to reboot and start forwarding traffic on the LAN and WAN interfaces.
Also note that the menus provided by the Gateway differ for the bridge and router
operating modes as noted in Table 5-1, “Advanced Settings Menu,” on page 47.
• VLAN Enable – Enables VLANs. (Router mode only)
• Enable PPPOE Pass Through – Enables PPPoE Pass Through
55
5
System Configuration
•
•
•
•
•
Enable Broadcast Pass Through – Enables Broadcast Pass Through.
VID – Specifies the VLAN ID.
802.1p – Specifies quality of service level.
Enable DHCP Option –
Option 60 – Option 60 allows a DHCP server to differentiate between the two kinds
of client machines and process the requests from the two types of modems
appropriately. The DHCP server and client send a vendor class option that
contains an ASCII-encoded string with three parts delimited by a / character. The
first part is AAPLBSDPC, which advertises BSDP capability. The second part is the
client's architecture ("ppc" or "i386"). The third part is a system identifier.
• Option 61 – Specifies the client MAC address.
System Time
This page configures the local time zone, and Network Time Protocol (NTP) settings,
including the NTP server to use and the refresh time.
Click System, System Time. Set the time zone, enable NTP service, specify an NTP
server, set the time at which to refresh date and time information, and click Apply.
Figure 5-12 System Time
Field Attributes
• Time – The current date and time configured on the Gateway.
• Set Time Zone – Sets the time zone as an offset from Greenwich Mean Time
(GMT).
• NTP – Enables or disables client requests for NTP service.
• NTP Server 1/2 – The URL or IP address of the NTP server to use.
• Refresh Interval – Specifies the interval at which the Gateway will request a time
update from the NTP server.
56
System Configuration
Admin Settings
The Administrative Settings page allows you to configure the management access
password, and IP address(es) authorized for remote management access over the WAN
link.
To protect access to the management interface, you need to configure a new
password as soon as possible. If a new password is not configured, then anyone
having access to the Gateway may be able to compromise the unit's security by
entering the default password.
Management access to the Gateway through the WAN port is enabled by default. To
prevent access by unauthorized hosts, enter the IP address for one or more known
hosts. Once any entry is added to the Remote Management Client List, access
attempts from any other host will be blocked.
Click System, Admin Settings. Set a new password, specify host stations authorized
for remote management access, and click Apply.
Figure 5-13 Admin Settings
Field Attributes
• Current Password – The password for management access. (Default: admin;
Length: 3-16 characters, case sensitive)
• New Password – Prompts you to enter a new password for access.
• Confirm Password – Re-enter the new password.
57
5
System Configuration
System Tools
This page provides facilities for pinging another device, updating firmware, restoring
factory defaults, and rebooting the unit.
Click System, System Tools. Follow the instructions shown on the web page to
perform any of the listed tasks.
Figure 5-14 System Tools
Field Attributes
• Firmware Update – Allows you to download new firmware by selecting a file stored
on your management station.
• Restore Factory Default – Restores the factory defaults.
• Reboot Gateway – Click the Reboot button to restart the Gateway. When
prompted, confirm that you want reset the Gateway. A timer will display the amount
time remaining in the boot up process.
• Ping – Performs a loopback test on a specified IP address.
58
System Configuration
UPnP
This page is used to enable or disable the UPnP auto-discovery mechanism.
Universal Plug and Play (UPnP) is a set of protocols that allows devices to connect
seamlessly and simplifies the deployment of home and office networks. UPnP
achieves this by using UPnP device control protocols designed upon open,
Internet-based communication standards.
Note that only devices within the same broadcast domain can be discovered through
UPnP. When the Gateway is discovered by another device, a brief description of the
Gateway can be viewed, and the management interface can be accessed by
clicking on the Gateway icon.
For example, to access or manage the Gateway with the aid of UPnP under
Windows Vista, open the Network and Sharing Center, and enable Network
Discovery. Then click on the node representing your local network under the
Network Sharing Center. An entry for the Gateway will appear in the list of
discovered devices. Right click on the entry for the Gateway, and select “View
Device webpage” to access the Gateway’s web management interface, or select
“Properties” to display a list of device attributes advertised by the Gateway through
UPnP.
Figure 5-15 UPnP
•
•
•
•
EnablePing – Enables UPnP on the unit.
Port Number – Specifies a port number for SOAP traffic.
NAT-PMP – Enables/disables NAT Port Mapping Protocol.
BitRate-UpStream – Specifies the upload speed of your connection. (Default: 1
Mbps; Options: 1 Mbps, 10 Mbps, 100 Mbps)
• BitRate-DownStream – Specifies the download speed of your connection.
(Default: 10 Mbps; Options: 1 Mbps, 10 Mbps, 100 Mbps)
• Secure Mode – Enables/disables secure mode.
59
5
System Configuration
Service Settings
This page allows you to enable or disable TFTP, Telnet, and Secure Shell access. Note
that these functions are only used for the command line interface, not the web interface.
Click System, Service Settings. Enable or disable the required service, and click
Apply.
Figure 5-16 Service Settings
Field Attributes
• tftpd – Trivial File Transfer Protocol used to download firmware to the Gateway.
• telnetd – Replicates the serial port’s command line interface via Telnet.
• sshd – Replicates the serial port’s command line interface over a secure interface.
When the client contacts the Gateway via the SSH protocol, the Gateway
generates a public-key that the client uses along with a local user name and
password for access authentication. SSH also encrypts all data transfers passing
between the Gateway and SSH-enabled management stations, and ensures that
data traveling over the network arrives unaltered.
• Port – The UDP port number to use for these services. (Range: 0-65535)
60
System Configuration
SNMP
Simple Network Management Protocol (SNMP) is a communication protocol
designed specifically for managing devices on a network. Equipment commonly
managed with SNMP includes switches, routers and host computers. SNMP is
typically used to configure these devices for proper operation in a network
environment, as well as to monitor them to evaluate performance or detect potential
problems.
Managed devices supporting SNMP contain software, which runs locally on the
device and is referred to as an agent. A defined set of variables, known as managed
objects, is maintained by the SNMP agent and used to manage the device. These
objects are defined in a Management Information Base (MIB) that provides a
standard presentation of the information controlled by the agent. SNMP defines both
the format of the MIB specifications and the protocol used to access this information
over the network.
The access point includes an onboard agent that supports SNMP versions 1, 2c,
and 3 clients. This agent continuously monitors the status of the access point, as
well as the traffic passing to and from wireless clients. A network management
station can access this information using SNMP management software that is
compliant with MIB II. To implement SNMP management, the access point must first
have an IP address and subnet mask, configured either manually or dynamically.
Access to the onboard agent using SNMP v1 and v2c is controlled by community
strings. To communicate with the access point, the management station must first
submit a valid community string for authentication.
Access to the access point using SNMP v3 provides additional security features that
cover message integrity, authentication, and encryption; as well as controlling
notifications that are sent to specified user targets.
61
5
System Configuration
Figure 5-17 SNMP
• SNMP – Enables or disables SNMP management access and also enables the
access point to send SNMP traps (notifications). (Default: Disable)
• Contact – A text string that describes the system contact. (Maximum length: 255
characters)
• Location – A text string that describes the system location. (Maximum length: 255
characters)
• Trap IP – The IP address of the SNMP server.
• ROCommunity – Defines the SNMP community access string that has read-only
access. Authorized management stations are only able to retrieve MIB objects.
(Maximum length: 23 characters, case sensitive; Default: public)
• WOCommunity1/2 – Defines the SNMP community access string that has write
only access. (Maximum length: 23 characters, case sensitive)
62
System Configuration
DNS
The Domain Name System (DNS) distributes the responsibility of assigning domain
names and mapping those names to IP addresses by designating authoritative
name servers for each domain. Authoritative name servers are assigned to be
responsible for their particular domains, and in turn can assign other authoritative
name servers for their sub-domains.
Figure 5-18 DNS
• Primary and Secondary DNS Address – The IP address of Domain Name
Servers on the network. A DNS maps numerical IP addresses to domain names
and can be used to identify network hosts by familiar names instead of the IP
addresses.
If you have one or more DNS servers located on the local network, type the IP
addresses in the text fields provided. Otherwise, leave the addresses as all zeros
(0.0.0.0).
Management IP
The Management IP page configures the IP address through which the unit can be
managed using a web-browser.
Figure 5-19 Management IP
• Management IP Address – The IP address through which the unit can be
managed.
• Management Netmask – Specifies the subnet mask for network traffic.
• Management Gateway – Specifies the gateway address for routing to the unit.
63
5
System Configuration
WAN Configuration
The WAN pages are used to configure the address assignment method for the WAN
interface, and to configure dynamic DNS service.
WAN Type
The WAN Type page allows the user to create multiple WANs by VLAN.
Figure 5-20 WAN Type
•
•
•
•
64
No Tag – Specifies no VLAN tag.
VID – The VLAN ID.
NAT – Enables/disables NAT on the specified VLAN.
Add – Applies the settings and creates the WAN.
WAN Configuration
WAN Settings
This page configures address assignment options for the WAN interface, using DHCP, a
static address, or PPPoE. The WAN interface should connect directly to a Layer 3 device
at your service provider’s central office or to another gateway device at your office. You
therefore need to use the method and parameter settings given to you by your service
provider or network administrator.
Dynamic IP Address
Click WAN, WAN Settings. Be sure the WAN interface is enabled. Then select
Dynamic IP Address mode, fill in the appropriate string for the DHCP options as
required, and click Apply.
Figure 5-21 WAN Settings (DHCP)
Field Attributes
• Mode – Select Dynamic IP Address to obtain a address from an upstream DHCP
server.
• Class Identifier (Option 60) – Vendor Class Identifier is used identify the vendor
class and configuration of the Gateway to the DHCP server, which then uses this
information to decide on how to service the client or the type of information to
return.
• Client Identifier (Option 61) – Client Identifier is a unique identifier for the Gateway
which is sent to the DHCP server. DHCP servers use this value to index their
database of address bindings. This value must therefore be unique for all clients in
an administrative domain.
• ENumber (Option 125) – Vendor Idenifying Vendor-Specific Information tag
specified in the form of of a string of numerals xx xx xx xx.
65
5
System Configuration
The general framework for these DHCP options are set out in RFC 2132, but the
specific string to use should be supplied by your service provider or network
administrator.
Static IP Address
Click WAN, WAN Settings. Be sure the WAN interface is enabled. Then select Static
IP Address mode, fill in the appropriate settings as required, and click Apply.
Figure 5-22 WAN Settings (Static)
Field Attributes
•
•
•
•
66
Mode – Select Static IP Address to manually set an address for the Gateway.
IP – IP address of the WAN interface.
Netmask – This mask identifies the subnet and host portion of the IP address.
Default Gateway – The IP address of the gateway router which is used if the
requested destination address is not on the local subnet, nor in any of the routing
tables.
WAN Configuration
PPPoE
Point-to-Point Protocol over Ethernet (PPPoE) emulates a dial-up connection. It
allows an ISP to use existing network configuration settings to implement VDSL
service without significant changes.
Click WAN, WAN Settings. Be sure the WAN interface is enabled. Then select
PPPoE mode, fill in the appropriate settings as required, and click Apply.
Figure 5-23 WAN Settings (PPPoE)
Field Attributes
•
•
•
•
•
•
•
•
Mode – Select PPPoE to obtain a address using this protocol.
User Name – Sets the PPPoE user name. (Range: 1-32 characters)
Password – Sets a PPPoE password. (Range: 1-32 characters)
Service Name – The service name assigned for the PPPoE connection. The
service name is normally optional, but may be required by some service providers.
(Range: 1-32 alphanumeric characters)
Confirm Password – Re-enter your new password.
AC Name – The name of the access concentrator to use in PPPoE Active
Discovery Offers (PADO).
MTU (1400-1492) – Sets the maximum packet size that the WAN port may
transmit. The Maximum Transmission Unit is expressed in bytes. By default, the
Gateway will send several test messages to determine the MTU for the upstream
connection. (Range: 1400-1492 bytes)
Idle Time (0-99) – The maximum length of inactive time the unit will stay connected
to the service provider before disconnecting. Select “Auto-reconnect” to reconnect
67
5
System Configuration
to the upstream gateway whenever an Internet access request is made.
(Range: 1-99 minutes; Default: 2 minutes)
DDNS
The DDNS Settings page is used to configure dynamic DNS services for DynDNS and
TZO servers. DDNS provides clients accessing the Internet with a method to tie a
specific host name to their computer’s dynamically assigned IP address. DDNS
allows your host name to follow your IP address automatically by changing your
DNS records when your IP address changes. To set up an DDNS account, visit the
web sites of these service providers at www.dyndns.org or www.tzo.com.
Click WAN, DDNS. Enable DDNS, set the timeout, enter the client information
provided by your DDNS service provider, and click Apply.
Figure 5-24 DDNS Settings
Field Attributes
•
•
•
•
•
•
•
Status – Enables DDNS. (Default: Disabled)
Interface – Selects the WAN interface.
Timeout – The maximum time between updates.
Connection – Shows if a connection has been established with the DDNS server.
DDNS Server – The DDNS service provider, DynDNS or TZO.
Host Name – The prefix to identify your presence on the DDNS server.
User Name/Account – Your user name for DDNS service.
Password/Key – Your password for DDNS service.
68
LAN Configuration
LAN Configuration
The LAN pages are used to configure an IP address for management access
through the LAN interface, configure the local DHCP server, and DNS service.
These pages are also used to configure port connection parameters, including
speed and duplex mode.
LAN Type
LAN Type settings enable VLANs on the units four LAN ports. You may configure up
to four VLANs in total.
Figure 5-25 LAN Type
Field Attributes
•
•
•
•
•
•
VLAN – Enables or disables VLANs. (Default: Disabled)
VLAN Type – Selects port-based VLANs by default.
Port 1~4 – Selects a physical port to apply a VLAN tag to.
VID – Specifies a VLAN ID. (Range: 0-4095)
802.1p – Specifies quality of service level.
Add – Adds the VLAN to the physical port.
69
5
System Configuration
LAN Settings
This page is used to configure IP settings for the LAN, including an IP address for
management access, a local DHCP server, and DNS service.
Click LAN, LAN Settings. Enable the LAN interface, set an IP address for
management access from the LAN side, configure the DHCP server and DNS
service, then click Apply.
Figure 5-26 LAN Settings
Figure 5-27 LAN Settings (DHCP Enabled)
70
LAN Configuration
Figure 5-28 LAN Settings (DHCP Relay)
Field Attributes
• IP Address – IP address used for management access from the LAN side.
• Netmask – This mask identifies the subnet and host portion of the IP address.
The following attributes only apply to Router mode:
• DHCP Server – Enables or disables the local DHCP server.
• Domain – DNS suffix appended to unqualified names that are used by this client.
• Class ID – Vendor Class Identifier (Option 60) is used identify the vendor class and
configuration of the client to the DHCP server, which then uses this information to
decide on how to service the client or the type of information to return.
• Client ID – Client Identifier (Option 61) is a unique identifier for the client which is
sent to the DHCP server. DHCP servers use this value to index their database of
address bindings. This value must therefore be unique for all clients in an
administrative domain.
• Option 125 – Vendor Idenifying Vendor-Specific Information tag specified in the
form of of a string of numerals xx xx xx xx.
• IP Pool Starting Address – The initial IP address in a range that the DHCP server
allocates to DHCP clients. Note that the address pool range is always in the same
subnet as the Gateway’s IP address. The maximum clients that the unit can
support is 253.
• IP Pool Ending Address – The ending IP address in a range that the DHCP server
allocates to DHCP clients.
• Lease Time – The amount of time an IP address is leased to the requesting client.
When the time limit expires, the client has to request a new IP address.
• Assign DNS – Specifies whether to use the DNS servers assigned by the DHCP
server, or to manually specify the DNS servers.
• Primary DNS Address – The first server to query for domain name resolution.
71
5
System Configuration
• Secondary DNS Address – The backup DNS server.
Switch Ports
This page is used to configure port connection parameters, including speed and
duplex mode.
Click LAN, Switch Ports. Set the required connection parameters for any port, and
click Apply.
Figure 5-29 Switch Ports
Field Attributes
• Port – The four ports on the LAN interface.
• Mode – The connection mode for a port.
- auto – Uses auto-negotiation to obtain the optimal settings.
- 100full - Forces 100 Mbps full-duplex operation
- 100half - Forces 100 Mbps half-duplex operation
- 10full - Forces 10 Mbps full-duplex operation
- 10half - Forces 10 Mbps half-duplex operation
- off – Disables this port.
72
Route Configuration
Route Configuration
The ROUTE pages are used to configure either static routing entries, or to enable or
disable dynamic routing, or to enable policy routing on the LAN and WAN interfaces.
Static Routing
The Gateway can dynamically configure routes to other network segments using
RIP. However, static routes can also be manually entered in the routing table. Static
routes may be required to access network segments where dynamic routing is not
supported, or can be set to force the use of a specific route to a subnet, rather than
using dynamic routing. Static routes do not automatically change in response to
changes in network topology, so only configure a small number of stable routes to
ensure network accessibility.
Click ROUTE, Static Routing. Enable the static route table, enter the destination
network, the network mask, the gateway device, and click Apply.
Figure 5-30 Static Routing
Field Attributes
• Route – Enables the static routing table.
• Destination Net – IP address of the destination network, subnetwork, or host.
• Netmask – Network mask for the associated IP subnet. This mask identifies the
host address bits used for routing to specific subnets.
• Gateway – IP address of the next router hop used for this route.
73
5
System Configuration
Dynamic Routing
The Gateway supports RIP (also referred to as RIP-1) and RIP-2 dynamic routing
protocols. Routing Information Protocol (RIP) is the most widely used method for
dynamically maintaining routing tables. RIP uses a distance vector-based approach
to routing. Routes are chosen to minimize the distance vector, or hop count, which
serves as a rough estimate of transmission cost. Each router broadcasts its
advertisement every 30 seconds, together with any updates to its routing table. This
allows all routers on the network to build consistent tables of next hop links which
lead to relevant subnets.
RIP can utilize any of the following methods to prevent loops from occurring:
• Split horizon – Never propagate routes back to an interface port from which they
have been acquired.
• Poison reverse – Propagate routes back to an interface port from which they have
been acquired, but set the distance-vector metrics to infinity. (This provides faster
convergence.)
• Triggered updates – Whenever a route gets changed, broadcast an update message
after waiting for a short random delay, but without waiting for the periodic cycle.
RIP-2 is a compatible upgrade to RIP-1. RIP-2 adds useful capabilities for plain text
authentication, multiple independent RIP domains, variable length subnet masks,
and multicast transmissions for route advertising (RFC 1723).
There are several serious problems with RIP that should be considered. First of all,
RIP-1 has no knowledge of subnets, both RIP versions can take a long time to
converge on a new route after the failure of a link or router during which time routing
loops may occur, and its small hop count limitation of 15 restricts its use to smaller
networks. Moreover, RIP-1 wastes valuable network bandwidth by propagating
routing information through broadcasts; it also considers too few network variables
to make the best routing decision.
If the local network connected to the LAN interface does not include any routers,
then it is not necessary to configure either static or dynamic routing for this interface.
Also, if the path from the Gateway back to the router (that is, the remote gateway) at
the ISP’s central office does not pass through any other routers, then this gateway
will always be the first hop, and again it will not be necessary to configure either
static or dynamic routing.
74
Route Configuration
Figure 5-31 Dynamic Routing
Field Attributes
• Enable – Enables dynamic routing for both the LAN and WAN interface.
• LAN Version – Specifies RIP-1 or RIP-2 on the LAN interface.
• WAN Version – Specifies RIP-1 or RIP-2 on the WAN interface.
75
5
System Configuration
Policy Routing
Policy routing enables the user to route LAN trafiic to the WAN port according to
source IP, source port, and Protocol.
Figure 5-32 Policy Routing
Field Attributes
•
•
•
•
•
•
•
•
•
76
Enable Policy Routing – Enables policy routing to the WAN interface.
Source IP – Specifies the source IP address.
Mask – Specifies an IP mask.
Protocol – Specifies the port type, TCP, UDP or both.
Src. Port – Specifies the soruce port.
Des. Port – Specifies the destination port.
Interface – Specifes the virtual WAN interface.
Add – Adds the entry to the Policy Routing Rule List.
Del – Deletes an entry from the Policy Routing List.
Wireless Configuration
Wireless Configuration
The IEEE 802.11b/g interfaces include configuration options for radio signal
characteristics and wireless security features.
The unit’s access point function can operate in three modes, mixed 802.11b/g,
802.11b only, or 802.11g. Also note that 802.11g is backward compatible with
802.11b, at slower data transmit rates.
Figure 5-33 Wireless Setup
Field Attributes
• WLAN – Specifies a wireless LAN (WLAN) interface.
• ESSID – The name of the wireless network service provided by the VAP. Clients
that want to connect to the network must set their SSID to the same as that of the
VAP interface. (Default: “ECG9210”; Range: 1-32 characters)
77
5
System Configuration
• Status – Displays whether the wireless interface is enabled or not.
• Mode – Specifies the security mode.
• Access Control – Configures the access control method.
WLAN Settings
• WLAN Enable – Enables the communication for the VAP wireless interface.
• (Default: Enabled)
• SSID – The name of the wireless network service provided by the VAP.
• SSID Broadcast – Enables broadcasting of the SSID to the local wireless network.
(Default: Enabled)
• WDS Status – Enables the WDS status.
WLAN General Settings
• Operation Mode – Defines the radio mode for the VAP interface. (Default:
802.11b/g Mixed)
• Channel ID – The radio channel that the access point uses to communicate with
wireless clients. When multiple access points are deployed in the same area, set
the channel on neighboring access points at least five channels apart to avoid
interference with each other. For example, you can deploy up to three access
points in the same area using channels 1, 6, 11. Note that wireless clients
automatically set the channel to the same as that used by the access point to which
it is linked. Selecting Auto Select enables the access point to automatically select
an unoccupied radio channel.
• Tx Preamble Type – The radio preamble (sometimes called a header) is a section
of data at the head of a packet that contains information that the wireless device
and client devices need when sending and receiving packets. You can set the radio
preamble to long or short. A short preamble improves throughput performance,
whereas a long preamble is required when legacy wireless devices are part of your
network.
• Beacon Interval – The rate at which beacon signals are transmitted from the
access point. The beacon signals allow wireless clients to maintain contact with the
access point. They may also carry power-management information.
(Range: 40-500 TUs; Default: 100 TUs)
• Transmit Power – Adjusts the power of the radio signals transmitted from the
access point. The higher the transmission power, the farther the transmission
range. Power selection is not just a trade off between coverage area and maximum
supported clients. You also have to ensure that high-power signals do not interfere
with the operation of other radio devices in the service area. (Default: Full; Range:
Half, Quarter, One Eigth, Min.)
• RTS Threshold – Sets the packet size threshold at which a Request to Send
(RTS) signal must be sent to a receiving station prior to the sending station starting
communications. The access point sends RTS frames to a receiving station to
negotiate the sending of a data frame. After receiving an RTS frame, the station
sends a CTS (clear to send) frame to notify the sending station that it can start
sending data.
78
Wireless Configuration
If the RTS threshold is set to 0, the access point always sends RTS signals. If set
to 2347, the access point never sends RTS signals. If set to any other value, and
the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to
Send / Clear to Send) mechanism will be enabled.
The access points contending for the medium may not be aware of each other. The
RTS/CTS mechanism can solve this “Hidden Node Problem.” (Range: 0-2346
bytes: Default: none)
• Fragmentation Threshold – Packet Fragmentation can also be used to improve
throughput in noisy/congested situations. Although packet fragmentation is often
thought of as something bad, and does add a large overhead, reducing throughput,
sometimes it is necessary. (Range: 256-2346)
WLAN Security
The unit’s wireless interface is configured by default as an “open system,” which
broadcasts a beacon signal including the configured SSID. Wireless clients with a
configured SSID of “ANY” can read the SSID from the beacon, and automatically set
their SSID to allow immediate connection to the wireless network.
To improve wireless network security, you have to implement two main functions:
• Authentication – It must be verified that clients attempting to connect to the network
are authorized users.
• Traffic Encryption – Data passing between the unit and clients must be protected
from interception and eavesdropping.
For a more secure network, the access point can implement one or a combination of
the following security mechanisms:
• Wired Equivalent Privacy (WEP)
• IEEE 802.1X
• Wi-Fi Protected Access (WPA) or WPA2
The security mechanisms that may be employed depend on the level of security
required, the network and management resources available, and the software
support provided on wireless clients.
WEP Security
WEP provides a basic level of security, preventing unauthorized access to the
network, and encrypting data transmitted between wireless clients and the access
point. WEP uses static shared keys (fixed-length hexadecimal or alphanumeric
strings) that are manually distributed to all clients that want to use the network.
WEP is the security protocol initially specified in the IEEE 802.11 standard for
wireless communications. Unfortunately, WEP has been found to be seriously
flawed and cannot be recommended for a high level of network security. For more
robust wireless security, the access point provides Wi-Fi Protected Access (WPA)
for improved data encryption and user authentication.
79
5
System Configuration
Setting up shared keys enables the basic IEEE 802.11 Wired Equivalent Privacy
(WEP) on the access point to prevent unauthorized access to the network.
If you choose to use WEP shared keys instead of an open system, be sure to define
at least one static WEP key for user authentication and data encryption. Also, be
sure that the WEP shared keys are the same for each client in the wireless network.
Note that all clients share the same keys, which are used for user authentication and
data encryption. Up to four keys can be specified. These four keys are used for all
VAP interfaces on the same radio.
Figure 5-34 WEP Security
Field Attributes
•
•
•
•
Security Mode – Specifies the security mode to be used for authentication.
Authentication Mode – Specifies open or shared authentication.
Key Mode – Specifies 64 Bit or 128 Bit security. (Default: 64 bit)
Passphrase – Specifes a passphrase used for authentication. (Default: none;
Range 1-32 characters)
• Active Key – Specifies a WEP key for authentication.
WPA2 Security
WPA was introduced as an interim solution for the vulnerability of WEP pending the
ratification of the IEEE 802.11i wireless security standard. In effect, the WPA security
features are a subset of the 802.11i standard. WPA2 includes the now ratified
802.11i standard, but also offers backward compatibility with WPA. Therefore, WPA2
includes the same 802.1X and PSK modes of operation and support for TKIP
encryption.
80
Wireless Configuration
Figure 5-35 WPA2 PSK Security
Field Attributes
• TKIP/AES – Uses Temporal Key Integrity Protocol (TKIP) or AES keys for
encryption. WPA specifies TKIP as the data encryption method to replace WEP.
TKIP avoids the problems of WEP static keys by dynamically changing data
encryption keys. WPA/WPA2 mixed modes allow both WPA and WPA2 clients to
associate to a common SSID interface. In mixed mode, the unicast encryption
cipher (TKIP or AES-CCMP) is negotiated for each client.
• AES – Uses Advanced Encryption Standard (AES) keys for encryption. WPA2
uses AES Counter-Mode encryption with Cipher Block Chaining Message
Authentication Code (CBC-MAC) for message integrity. The AES Counter-Mode/
CBCMAC Protocol (AES-CCMP) provides extremely robust data confidentiality
using a 128-bit key. Use of AES-CCMP encryption is specified as a standard
requirement for WPA2. Before implementing WPA2 in the network, be sure client
devices are upgraded to WPA2-compliant hardware.
• PSK – Displays the pre-shared key if WPA/WPA2 has been enabled.
• EAP – IEEE 802.1X access security uses Extensible Authentication Protocol
(EAP) and requires a configured RADIUS authentication server to be accessible in
the enterprise network. If you select WPA or WPA2 Enterprise mode, be sure to
configure the RADIUS settings.
• PSK Key – Specifies a pre-shared key. (Default: none; Range: 8-63 characters)
81
5
System Configuration
Figure 5-36 WPA2 EAP Security
Field Attributes
• RADIUS Server IP – Specifies a RADIUS server IP address.
• RADIUS Server Port – Specifies a RADIUS server port number. (Default: 1812)
• Secret – Specifies a secret text string.
WPS Security
The WPS protocol itself consists as a series of EAP message exchanges that is
triggered by a user action and relies on an exchange of descriptive information that
should precede that user's action.
The descriptive information is transferred through a new IE that's added to the
Beacon, Probe Response and optionally to the Probe Request and Association
Request/Response messages. Other than purely informative TLVs, those IEs will
also hold the possible, and the currently deployed, configuration methods of the
device. The WPS IE, has a type field with a value of '221', and OUI of 00-50-F2-04.
The Data part of the IE is constructed out of TLVs that describe the device and its
capabilities.
After the identification of the device's capabilities on both ends, a human trigger is to
initiate the actual session of the protocol. The session consists of 8 messages, that
are followed in the case of a successful session by a message to indicate the
protocol is done. The exact stream of messages may change when configuring
different kinds of devices (AP or STA) or using different physical media (wired or
wireless).
82
Wireless Configuration
Figure 5-37 WPS Security
Field Attributes
•
•
•
•
Self PinCode – Displays a PIN code for authentication.
SSID – Displays the SSID.
Configure via Push Button – Starts a scan for neighboring access points.
Configure via Client PinCode – Allows the user to enter a PIN code for
authentication.
• UPnP Configured for vista – Enables support for Windows Vista.
83
5
System Configuration
Access Control
Wireless clients can be authenticated for network access by checking their MAC
address against a local database configured on the access point. You can configure
a list of up to 32 wireless client MAC addresses in the filter list to either allow or deny
network access.
Figure 5-38 Access Control
Field Attributes
• Wireless Access Control – Enables access control.
• List Mode – Specifies whether the MAC address is to be allowed (Whitelist) or
denied (Blacklist).
• MAC Address – Specifies a MAC address to add to the access control list.
• MAC Address Control List – Displays the MAC address entries to be allowed or
denied access to the access point.
84
Wireless Configuration
Client List
The Client List displays all current clients associated with the access point.
Figure 5-39 Client List
Field Attributes
• MAC Address – Displays the MAC address of the currently associated client.
• Client Type – Displays the type of client associated with the access point.
85
5
System Configuration
NAT Configuration
Network Address Translation (NAT) is a method of mapping between a single global
address on the WAN interface to multiple local addresses on the LAN interface. For
the Gateway, the internal (local) IP addresses are those assigned to PCs or other
network devices by the DHCP server, and the external IP address is the single
address assigned to the WAN port.
Virtual Server
If you configure the Gateway as a virtual server, remote users accessing services
such as web sites or FTP servers on your local network through public IP addresses
can be automatically redirected to local servers configured with private IP
addresses. In other words, depending on the requested service (designated by the
TCP/UDP port number), the Gateway redirects the external service request to the
appropriate server (located at an internal IP address). This secures your network
from direct attack by hackers, and provides more flexible management by allowing
you to change internal IP addresses without affecting outside access to local
network services.
For example, if you set Type/Public Port to TCP/80 (HTTP or web) and the Private
IP/Port to 192.168.2.2/80, then all HTTP requests from outside users will be
transferred to 192.168.2.2 on port 80. Therefore, by just entering the IP address
provided by the ISP, Internet users can access the service they need at the local
address to which you redirect them.
The more common TCP service port numbers include: HTTP: 80, FTP: 21,
Telnet: 23, and POP3: 110.
86
NAT Configuration
Click NAT, Virtual Server. Specify the IP address of the local server, the private port
number, TCP or UDP type, the public port number, and click Apply.
Figure 5-40 Virtual Server
Field Attributes
• Public Port – Specifies the WAN port number.
• Private IP – The IP address of a server on the local network. The specified address
must be in the same subnet as the Gateway and its DHCP server address pool.
• Private Port – Specifies the local LAN TCP/UDP port number. (Range: 1-65535)
• Type – Specifies the port type, TCP or UDP. (Default: TCP)
• Description – A helpful character string to identify the virtual server.
Port Mapping
Some applications, such as Internet gaming, videoconferencing, Internet telephony
and others, require multiple connections. These applications cannot work with
one-to-one address/port translation. If you need to run applications that require
multiple connections, use port mapping to specify the additional public ports to be
opened for each application.
87
5
System Configuration
Click NAT, Port Mapping. Specify the TCP/UDP port range, the IP address of a local
server, and click Apply.
Figure 5-41 Port Mapping
Field Attributes
•
•
•
•
•
•
•
•
•
•
88
Enable – Enables port mapping.
Port Mapping – Specifies one of two port mapping lists.
Source IP – Species a source IP address to route from.
External Port – Specifies an external port, or port range.
Internal IP – Specifies an internal port to route through.
Internal Port – Specifies an internal port, or port range.
Protocol – Specifies the use of a single TCP/UDP port or range of ports.
Port – A TCP/UDP port or range of ports to assign to a specific application.
Description – A useful text string that describes the port mapping.
List Enable – Enables all specified port maps.
NAT Configuration
DMZ
This page is used to allow a specified host on the local network to access the
Internet without any firewall protection. Some Internet applications, such as
interactive games or videoconferencing, may not function properly behind the
Gateway’s firewall. By specifying a Demilitarized Zone (DMZ) host, the PC's TCP
ports are completely exposed to the Internet, allowing unrestricted two-way
communications. The host PC should be assigned a static IP address and this
address configured as the DMZ host IP.
Figure 5-42 DMZ
Field Attributes
• DMZ IP Address – Selects one of two IP addresses to enable for DMZ service.
• on/off – Enables/disables the DMZ IP address.
89
5
System Configuration
Firewall Configuration
The Gateway provides extensive firewall protection by restricting connection
parameters to limit the risk of intrusion and defending against a wide array of
common hacker attacks.
Firewall Settings
This page is used to enable or disable the firewall, and set the default forwarding
policy for addresses not found in the MAC or IP filtering list.
Click FIREWALL, Firewall Settings. Enable the firewall, set the default forwarding
policy, and click Apply.
Figure 5-43 Firewall Settings
Field Attributes
• Enable – Enables or disables the firewall. (Default: Disabled)
• Default Policy – Accepts or drops packets not found in the MAC or IP address
filtering tables. (Default: Accept)
90
Firewall Configuration
IP Filtering
This page is used to filter the IP addresses of clients attempting to access the
Internet based on the source or destination IP address and TCP/UDP port of each
packet. Address filtering allows the Gateway to permit or deny specified packets
passing through to the Internet.
Click FIREWALL, IP Filtering. Mark the check box to enable IP address filtering. Set
the addresses to be filtered, the TCP/UDP port, specify whether the matching
packets are to be passed on or dropped, and then click ADD to enter each address
in the table. Once all of the address entries have been specified, click Apply.
Figure 5-44 IP Filtering
Field Attributes
•
•
•
•
Policy – Specifies to deny packets matching an entry.
Enable IP Filter – Enables filtering of all packets in the IP Filtering List.
Protocol – Specifies a port typem TCP, UDP, ICMP or all.
Source/Destination – Specifies whether the address is contained in the packet’s
source or destination field.
• Mask – The network prefix which indicates the number of significant bits used to
identify the network portion of the address.
• Port – Specifies the TCP/UDP port number. (Range: 0-65535)
91
5
System Configuration
ALG Configuration
This page is used to enable or disable customized Application Layer Gateway (ALG)
traversal filters for SIP, H323, IRC, PPTP, SNMP, and TFTP applications.
Click FIREWALL, ALG Configuration. Enable ALG traversal filters for the required
applications, and click Apply.
Figure 5-45 ALG Configuration
Field Attributes
• ALG Configuration – Allows Application Layer Gateway (ALG) traversal filters to
be used to support address and port translation for specified application layer
control/data protocols.
• Services – Services for which customized NAT traversal filters are supported.
- SIP – Session Initiation Protocol is used for Internet conferencing, telephony,
events notification and instant messaging.
- H.323 – ITU-T standard that defines protocols used to provide audio-visual
communication sessions on any packet-based network. It is widely deployed by
service providers to support both voice and video services over IP networks.
- IRC – Internet Relay Chat
- PPTP – Point-to-Point Tunneling Protocol is a method for implementing virtual
private networks.
- SNMP – Simple Network Management Protocol.
- TFTP – Trivial File Transfer Protocol.
92
Firewall Configuration
- IPSEC – Internet Protocol Security is a protocol suite for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet
of a data stream.
• Status – Enables or disables filter for specified protocol.
Remote Control
The Remote Control function configures the IP addresses of users who may have
exclusive control of the VDSL/Router from the WAN port.
Figure 5-46 Remote Control
Field Attributes
• Only following IP can access web setup – Enables only specified IP addresses
to have management access of the device.
• IP Address – Specifies an IP address for management access.
93
5
System Configuration
Denial of Service
A denial-of-service attack (DoS attack) is an attempt to make computer resources
unavailable to its intended users. This device provides following options to protect
this device from those attacks. You can optionlly enable those protections for your
needs.
Figure 5-47 DoS
Field Attributes
• DoS Protection Enable – Enables DoS protection.
• Attacks – Lists the type of DoS attack the unit provides protection from.
• Protection – Enables/disables the DoS for the specified attack.
94
VDSL Configuration
VDSL Configuration
VDSL connection parameters can be applied globally to all VDSL ports on the
Gateway.
VDSL Status and Rate Information
This page is used to display the status of the VDSL line, provision the BME and
VDSL ports, run loop-back tests for diagnostic purposes; and also to display the
current rate for various stream types and other VDSL line information.
Use any of the functions listed in the VDSL Status table for the System Provision,
Port Provision, or to stop ports. Or display the basic or detailed list of rate
information.
Figure 5-48 VDSL Status and Rate Information
Field Attributes
VDSL Status, Provisioning, Diagnostics
• Line Status – Displays the line status of the VDSL link, including administrative
status, and port state (Activating, Provisioned or Showtime).
• BME – Includes the following OAM functions for the Gateway’s Burst Mode Engine
(that is, VDSL port controller).
- Reset – Resets power to the BME.
- System Provision – Assigns default values to BME system parameters,
including vendor ID for T1/E1 and ITU, revision number, option mask to enable
PM mode, PM alert and diagnostic modes.
- Port Provision – Loads the parameters stored in FLASH to the VDSL port.
95
5
System Configuration
• Port – Starts or stops the VDSL port.
Rate and Line Information
• BME – The number of VDSL ports supported by the BME.
• Downstream/Upstream Line Rate – This rate includes payload (user data) and
any applicable framing overhead.
• Fast Downstream/Upstream Payload Rate – The actual payload carried on the
fast channels.
• Slow Downstream/Upstream Payload Rate – The actual payload carried on the
interleaved channels.
• Downstream Attainable Payload Rate – The maximum rate that can be achieved
in the download direction. This is based on measurements made during line
probing. This rate includes payload (user data) and any applicable framing
overhead.
• Downstream Attainable Line Rate – The maximum attainable line rate on the
downstream channel.
• Downstream/Upstream Line Protection (Slow Path) – The number of additional
DMT symbols added to each packet to increase the noise margin.
• Downstream/Upstream Delay – The maximum interleave delay. Interleaving
causes a delay in the transmission of data. Interleave delay applies only to the
interleave (slow) channel and defines the mapping (relative spacing) between
subsequent input bytes at the interleaver input and their placement in the bit
stream at the interleaver output. Larger numbers provide greater separation
between consecutive input bytes in the output bit stream allowing for improved
impulse noise immunity at the expense of payload latency.
• VDSL Estimated Loop Length – Estimated length of the VDSL connection; used
to calculate power backoff.
• Ghs Estimated Near End Loop Length – Estimated length of the VDSL
connection as viewed from the input receiver on the Gateway; used for
handshaking.
• Ghs Estimated Far End Loop Length – Estimated length of the VDSL connection
as viewed from the central office; used for handshaking.
• Current Framing Mode – Indicates one of the packet framing modes (0: HDLC,
1: EFM, 2: By Pass).
• Band Plan Type –
Table 5-49 VDSL2 Band Plans
96
Code
Band Plan
0x00
BP1_998_3
0x01
BP2_998_3
BP998_3B_8_5M
VDSL Configuration
Table 5-49 VDSL2 Band Plans (Continued)
Code
Band Plan
0x02
BP3_998_4
BP998_4B_12M
0x03
BP4_997_3
BP997_3B_7_1M
0x04
BP5_997_3
0x05
BP6_997_4
BP997_4B_7_1M
0x06
BP7_MXU_3
FLEX_3B_8_5M
0x07
BP8_MXU_2
0x08
BP9_998_2
0x09
BP10_998_2
BP998_2B_3_8M
0x0A
BP11_998_2
0x0B
BP12_998_2
0x0C
BP13_MXU_3
0x0D
BP14_MXU_3
0x0E
BP15_MXU_3
0x0F
BP16_997_4B_4P
0x10
BP17_998_138_4400
0x11
BP18_997_138_4400
0x12
BP19_997_32_4400
0x15
BP20_998_138_4400_opBand
0x16
BP21_997_138_4400_opBand
BP22_998_138_4400_opBand
0x17
BP23_998_138_16000
0x18
BP24_998_3B_8KHZ
0x19
BP25_998_138_17600
0x1A
BP26_CH1_3
0x1B
BP27_CH1_4
• No. of Upstream Bands – This attribute can include both the bands defined by the
Band Plan Configuration setting (see “VDSL Configuration” on page 5-95) and the
optional Upstream Band (US0).
• No. of Downstream Bands – The number of bands defined by the Band Plan
Configuration setting (see “VDSL Status and Rate Information” on page 5-95).
97
5
System Configuration
Performance Counters
This page is used to display performance information including common error
conditions for the VDSL line.
Figure 5-50 Performance Counters (Basic)
Field Attributes
Basic Performance Counters
• LOF – Loss of Frame. The number of times there was loss of framing error.
• SES – Severely Errored Seconds. The number of second intervals containing 18
or more CRC-8 anomalies, one or more Loss of Signal (LOS) defects, one or more
Severely Errored Frame (SEF) defects, or one or more Loss of Power (LPR)
defects.
• ESE – Excessive Severe Errors. The number of times there were excessive severe
errors.
• LOS – Loss of Signal. The number of times there was a loss of signal error.
• RDI – Remote Defect Indication. The number of times a severely errored frame has
been detected at the far end.
• LOM – Loss of Margin. The number of times there was a loss of noise margin error.
• PO – Power Off failure count. (This parameter only applies to the far end.)
• ES – Errored Seconds. The number of second intervals during which there was
one or more CRC anomalies, or one or more Loss of Signal (LOS) or Loss of
Framing (LOF) defects
• UNAVL_ES – Unavailable Errored Seconds. The number of seconds during which
the VDSL transceiver is powered up but not available.
Field Attributes
Detailed Performance Counters
• TxBlkCnt_S – Count of superframes transmitted on the slow path.
• RxBlkCnt_S – Count of superframes received on the slow path.
• SES – Severely Errored Seconds. The number of second intervals containing 18
or more CRC-8 anomalies, one or more Loss of Signal (LOS) defects, one or more
Severely Errored Frame (SEF) defects, or one or more Loss of Power (LPR)
defects.
• FEC_F – Far end Forward Error Correction on the fast path.
98
VDSL Configuration
• CRC_F – Far end CRC errors on the fast path.
• FEC_S – Far end Forward Error Correction on the slow path.
• CRC_S – Far end CRC errors on the slow path.
• LOS – Loss of Signal. The number of times there was a loss of signal error.
• HEC_F – Header Error Control (HEC)/EFM framing errors on the fast path.
• HEC_S – Header Error Control (HEC)/EFM framing errors on the slow path.
• ES – Errored Seconds. The number of second intervals during which there was
one or more CRC anomalies, or one or more Loss of Signal (LOS) or Loss of
Framing (LOF) defects
• UNAVL_ES – Unavailable Errored Seconds. The number of seconds during which
the VDSL transceiver is powered up but not available.
SNR Information
This page is used to display counters for sound-to-noise ratio measurements.
Click VDSL, SNR Information.
Figure 5-51 SNR Information
Field Attributes
• Far End SNR – Sound-to-noise ratio at the far end.
• Avg SNR Margin – Average signal-to-noise margin above the SNR.
• Avg SNR – Average signal-to-noise ratio.
• SNR Margin (SNRMpb0-4) – SNR Margin of band 0-4 in 0.1 dBs.
• Line Attenuation (LATNpb0-4) – Line Attenuation of band 0-4 in 0.1 dBs.
• Signal Attenuation (SATNpb0-4) – Signal Attenuation of band 0-4 in 0.1 dBs.
99
5
System Configuration
DELT
Dual-ended loop testing (DELT) is an ITU-standard loop diagnostic tool that enables
the measurement of conditions at both ends of a DSL line. DELT can be used after
deployment to allow service providers to monitor stability and connection rates for
existing customer lines.
Click VDSL, DELT.
Figure 5-52 DELT Loopback Test Information
• Run DELT Test – Performs the selected DELT test.
• DELT Option – The type of signal transmitted from the specified port.
• 1 – H-log per subcarrier group
• 2 – H-lin per subcarrier group
• 3 – Quiet line noise per subcarrier group
• 4 – Signal-to-noise ratio per subcarrier group
• 5 – Signal-to-noise ratio margin per band
• 6 – Line attenuation per band
• 7 – Signal attenuation per band
• 8 – Attainable net data rate
• 9 – Actual aggregate transmit power
• 10 – H-lin scale
• 11 – Near-end parameters
• 12 – Far-end parameters
• 13 – Downstream TSSI breakpoints
100
IGMP Configuration
• 14 – Upstream TSSI breakpoints
• 15 – Average line attenuation
• 16 – Average signal attenuation
• 17 – Downstream DELT band information
• 18 – Upstream DELT band information
• 19 – Near end UPBO electrical loop length
• 20 – Far end UPBO electrical loop length
• 21 – Near end TX last tone index
• 22 – Far end TX last tone index
• 23 – Actual maximum DS PSD
• 24 – Actual maximum US PSD
• 25 – Per tone DS Tx PSK
• 26 – Per tone US Tx PSK
• Show Test Result – Displays the DELT test results.
• Download – Downloads the DELT test results to a local folder.
IGMP Configuration
This Gateway can use Internet Group Management Protocol (IGMP) to filter
multicast traffic.
IGMP Snooping can be used to passively monitor or “snoop” on exchanges between
attached hosts and an IGMP-enabled device, most commonly a multicast router. In
this way, the Gateway can discover the ports that want to join a multicast group, and
set its filters accordingly.
Using IGMP Proxy, the Gateway learns multicast requirements from its downstream
interfaces, proxies this group membership information to the upstream router, and
then forwards multicast packets based upon that information to downstream hosts.
101
5
System Configuration
IGMP Settings
This page is used to configure IGMP Proxy, IGMP Snooping, Fast Leave, and
several other IGMP timeout attributes.
Click IGMP. Enable the required IGMP function, modify any of the timeout attributes
as required, and then click Apply.
Figure 5-53 IGMP Settings
Field Attributes
• Enable IGMP Proxy (Router Mode) – Collects and sends multicast group
membership information onto the upstream interface based on IGMP messages
monitored on downstream interfaces, and forwards multicast traffic based on that
information. (Default: Disabled)
• Enable IGMP Snooping – Passively monitors exchanges between attached hosts
and an IGMP-enabled device (most commonly a multicast router) to discover the
ports that want to join a multicast group, and sets its filters accordingly. (Default:
Enabled)
• Enable Fast Leave – Immediately deletes a member port of a multicast service if
a leave packet is received at that port. (Default: Enabled)
If immediate leave is not used, a multicast router (or querier) will send a
group-specific query message when an IGMPv2 group leave message is received.
The router/querier stops forwarding traffic for that group only if no host replies to
the query.
If immediate leave is enabled, the Gateway assumes that only one host is
connected to the interface. Therefore, immediate leave should only be enabled on
102
IGMP Configuration
an interface if it is connected to only one IGMP-enabled device, either a service
host or a neighbor running IGMP snooping.
This attribute is only effective if IGMP snooping is enabled, and IGMPv2 snooping
is used.
• Router Timeout – This function is used to see if IGMP query packets are arriving
from the WAN side at regular intervals, and indicates the time the Gateway waits
after the querier stops before it considers it to have expired. (Option: 0, 1, 5, 10,
20, 30 minutes; Default: 0 minutes, which means that detection is disabled)
If no queries have been detected for the specified time, the Gateway stops
forwarding multicast traffic to downstream clients.
• IGMP Timeout – The function is used to see the IGMP report (join) packets are
arriving from the LAN side at regular intervals, and indicates the time the Gateway
waits after these messages have stopped before it considers there to be no more
downstream clients. (Options: 0, 1, 5, 10, 20, 30 minutes; Default: 0 minutes, which
means that detection is disabled)
If no report message have been detected for the specified time, the Gateway stops
forwarding multicast traffic to downstream clients.
When an IGMPv2 or v3 multicast host leaves a group, it sends an IGMP leave
message. When the leave message is received by the Gateway, it checks to see
if this host is the last to leave the group by sending out an IGMP group-specific or
group-and-source-specific query message, and starts a timer. If no reports are
received before the timer expires, the group record is deleted, and a report is sent
to the upstream multicast router.
Since IGMPv1 clients do not send leave packets, both Router Timeout and IGMP
Timeout are required to maintain multicast flows to IGMPv1 clients.
This attribute will take effect only if Fast Leave is enabled.
103
5
System Configuration
QoS Configuration
Quality of Service (QoS) specifies which data packets have greater precedence
when traffic is buffered in the Gateway due to congestion. The Gateway supports
QoS with eight priority queues for each port. Data packets in a port’s high-priority
queue will be transmitted before those in the lower-priority queues.
QoS Settings
This page is used to enable or disable QoS, sets the upstream rate limit, and the
queuing mode.
Click QoS, QoS Settings. Enable QoS, specify the maximum upstream data rate,
select the queueing method, and then click Apply.
Figure 5-54 QoS Settings
Field Attributes
• QoS Enable – Enables or disables QoS settings.
• Upstream Rate Limit – Sets the maximum rate for traffic transmitted onto the
upstream interface. Traffic that falls within the rate limit is transmitted, while
packets that exceed the acceptable amount of traffic are dropped.
104
5
QoS Configuration
Traffic Classification
This page is used to configure diffServ priorities based on protocol type, source and
destination addresses, and TCP/UDP port.
Click QoS, Traffic Classification. Select the classification method from the
drop-down list and fill in the required parameters, set the priority, click ADD to insert
the rule in the table, and then click Apply.
Figure 5-55 Traffic Classification
Field Attributes
• Method
- Protocol – Specifies the protocol type to match as TCP or UDP.
- Source Port – Source port number1 (that is, protocol socket number) for the
specified protocol type.
- Source IP/Port – Source IP address, and port number1 for the specified protocol
type.
- Destination Port – Destination port number1 for the specified protocol type.
- Source IP/Port – Destination IP address, and port number1 for the specified
protocol type.
- Protocol + Source IP/Port + Destination IP/Port – Source/destination IP
address, and port number1 for the specified protocol type.
1. The TCP/UDP port range is 0-65535.
105
5
System Configuration
• Priority
- CS Class – Class of Service (CoS) priority.
(Range: 0 - 7, where 7 is the highest priority: Default: 0)
This Gateway processes Class of Service (CoS) priority tagged traffic by using
eight priority queues for each port. Up to eight separate traffic priorities are
defined in IEEE 802.1p. The default priority levels are assigned according to
recommendations in the IEEE 802.1p standard as shown in the following table.
Table 5-56 Mapping CoS Values to Egress Queues
Priority
Queue
The priority levels recommended in the IEEE 802.1p standard for various
network applications are shown in the following table. However, you can map the
priority levels to the Gateway’s output queues in any way that benefits
application traffic for your own network.
Table 5-57 CoS Priority Levels
Priority Level
Traffic Type
Background
(Spare)
0 (default)
Best Effort
Excellent Effort
Controlled Load
Video, less than 100 milliseconds latency and jitter
Voice, less than 10 milliseconds latency and jitter
Network Control
- PHB – Per-Hop Behavior includes the following DiffServ queueing options:
- Best-Effort uses the lowest priority. BE (DSCP, Q=0)
- Assured Forwarding provides four priority classes. AF1X(DSCP,Q=1),
AF2X (DSCP, Q=2), AF3X (DSCP, Q=3), AF4X (DSCP, Q=4)
- Expedited Forwarding provides highest priority. EF (DSCP, Q=5)
- PHB Priority – Per-hop behavior, or the priority used for this router hop.
(Range: 0-7, where 7 is the highest priority)
106
QoS Configuration
DSCP to 802.1p Mapping
Use the DSCP to 802.1p page to assign Class of Service (CoS) values to the priority
queues (i.e., hardware output queues 0 - 3) on the CPE.
Most CPEs currently support Class of Service by using four priority queues, with
Weighted Round Robin queuing for each port. Eight separate traffic classes are
defined in IEEE 802.1p. The default priority levels are assigned as shown below.
Table 5-1 Default CoS Priority Levels
Priority
Queue
Figure 5-58 DSCP to 802.1p Mapping
Figure 5-59 DSCP to 802.1p Default Mapping
Field Attributes
•
•
•
•
Enable – Enables DSCP to 802.1p mapping.
DSCP start – Specifies the DSCP start priority.
DSCP end – Specifies the DSCP end priority.
802.1p – Specifies the 802.1p CoS priority.
107
5
System Configuration
ACS Configuration
Configures parameters for auto-configuration servers (ACS) based on TR-069 (CPE
WAN Management Protocol) and TR-098 (Internet Gateway Device Data Model for
TR-069 Configuration).
TR Settings
This page is used to configure parameters for establishing a connection between the
Gateway and an auto-configuration server.
Click TR. Configure the required parameters, and click Apply.
Figure 5-60 TR Settings
Field Attributes
• TR – Enables or disables connection with an auto-configuration server upon initial
bootup and at the specified periodic report interval or when events occur that must
be reported to the ACS (such as when the broadband IP address of the Gateway
changes). When this parameter is enabled, the ACS can also issue a Connection
Request to the Gateway at any time, instructing it to establish a communication
session with the ACS.
• Enable Periodic Report – Enables periodic reporting of status and performance
information, as well as information used to diagnose connectivity and service
issues.
• Periodic Report Interval – The interval at which the Gateway must initiate a
connection session with the ACS.
108
ACS Configuration
• User Name – A string used to identify the Gateway during authentication with the
ACS. This string should be globally unique among all CPE manufacturers.
Specifically it should be a multi-part string comprising a manufacturer identifier and
a serial number unique within that manufacturer. The recommended format for this
string is OUI-SERIAL, where OUI is a six-digit hexadecimal value using all
upper-case letters and including any leading zeros. (Range: 1-6 characters)
• Password – A user name used to authenticate the Gateway when it attempts to
make a connection with the ACS as defined in the CPE WAN Management
Protocol. (Range: 1-256 characters)
This user name is used only for HTTP-based authentication of the Gateway.
Note that on a factory reset of the Gateway, this parameter is reset to its factory
value. If an ACS modifies the value of this parameter, it should take into account
the fact that the original value will be restored as the result of a factory reset.
• Serial Number (Temporary) – A temporary serial number to uniquely identify the
unit’s TR connection.
• Connection Request User Name – A user name used to authenticate an ACS
when requesting the Gateway to establish a connection with it. (Range: 1-256
characters)
• Connection Request Password – A password used to authenticate an ACS when
requesting the Gateway to establish a connection with it. (Range: 1-256
characters)
• ACS URL – HTTP or HTTPS URL that uniquely identifies the ACS.
• Enable STUN – Simple Traversal of UDP through NATs.
Enables the use of STUN by the Gateway. This applies only to the use of STUN in
association with the ACS to allow UDP Connection Requests. Some applications
have difficulty connecting through a firewall to remote servers. If you experience
this kind of problem connecting to the ACS, the use of a STUN server may be
required to determine the IP address allocated to this application by the NAT.
• STUN Server Address – Host name or IP address of the STUN server to which
the Gateway sends binding requests when STUN is enabled. If this field is empty
and STUN is enabled, the Gateway must use the address of the ACS extracted
from the host portion of the ACS URL.
• STUN Server Port – Port number of the STUN server to which the Gateway sends
binding requests if STUN is enabled.
• Root CA File – The root file used in certificate-based authentication. This file is
used by the Gateway to identify the ACS. Note that because this authentication
process uses SSL/TLS, the ACS URL attribute on this page must be specified as
an HTTPS URL.
• Client Certificate File – Filename of the client’s digital certificate. This file is used
by the ACS to identify the Gateway.
• Client Private Key File – A digital file used for message decryption, and to form
digital signatures.
109
5
110
System Configuration
Appendix A: Troubleshooting
Diagnosing Gateway Indicators
Gateway operation is easily monitored via the LED indicators to identify problems. The
table below describes common problems you may encounter and possible solutions. If
the solutions in the table fail to resolve the problem, contact technical support for
advice.
Table A-1 Troubleshooting Chart
Symptom
PWR
indicator does not
light up after power
on.
LAN
link indicator does
not light up after
making a connection.
Cause
Power outlet, power
cord, or external
power adapter may be
defective.
Network interface
(e.g., a network
adapter card in the
attached computer),
network cable, or
Gateway LAN port
may be defective.
VDSL LINK
indicator is off or
does not stop
flashing (i.e.,
synchronizing) after
making a connection.
VDSL switch, cabling,
or Gateway VDSL
port may be defective.
ALARM
indicator is on.
VDSL link failure
Solution
• Check the power outlet by plugging in another
device that is functioning properly.
• Check the power adapter with another Gateway.
• Verify that the Gateway and computer are
powered on.
• Be sure the cable is plugged into both the
Gateway and the computer.
• Verify that the proper cable type is used and its
length does not exceed specified limits.
• Check the network adapter in the computer and
cable connections for possible defects. Replace
the defective adapter or cable if necessary.
• Verify that the Gateway and attached VDSL
switch are powered on.
• Be sure the cable is plugged into both the
Gateway and an RJ-11 telephone jack.
• Verify that the cable length does not exceed
specified limits. (Check with your service
provider for this information.)
• Check the cable connections on the Gateway,
wall jack, punch-down block/patch panel, and
the VDSL switch for possible defects. Replace
the defective cable if necessary.
Restart the Gateway. If condition is not resolved,
contact your service provider.
111
A
Troubleshooting
If You Cannot Connect to the Internet
• Check that your computer is properly configured for TCP/IP. See “Configuring the
TCP/IP Protocols” on page 27.
• Make sure the correct network adapter driver is installed for your PC operating
system. If necessary, try reinstalling the driver.
• Check that the network adapter’s speed or duplex mode has not been configured
manually. We recommend setting the adapter to auto-negotiation when installing the
network driver.
Problems Accessing the Management Interface
Table A-1 Troubleshooting Chart
Symptom
Action
Cannot connect using Telnet, • Be sure the Gateway is powered up.
web browser, or SNMP
• Check the network cabling between the management station and the
software
Gateway.
• Check that you have a valid network connection to the Gateway and that
the port you are using has not been disabled.
• Be sure you have configured the VLAN interface through which the
management station is connected with a valid IP address, subnet mask
and default gateway.
• Be sure the management station has an IP address in the same subnet as
the Gateway’s IP interface to which it is connected.
• If you cannot connect using Telnet*, you may have exceeded the
maximum number of concurrent Telnet/SSH sessions permitted. Try
connecting again at a later time.
Cannot connect using
Secure Shell
• If you cannot connect using SSH*, you may have exceeded the maximum
number of concurrent Telnet/SSH sessions permitted. Try connecting
again at a later time.
• Be sure the control parameters for the SSH server are properly configured
on the Gateway, and that the SSH client software is properly configured
on the management station.
Forgot or lost the password
• Contact your local distributor.
* Telnet and SSH are not implemented for the current firmware, but will be made available for future releases.
112
Appendix B: Cables
Twisted-Pair Cable and Pin Assignments
For 10BASE-T and 100BASE-TX connections, the twisted-pair cable must have two
pairs of wires. Each wire pair is identified by two different colors. For example, one
wire might be green and the other, green with white stripes. Also, an RJ-45
connector must be attached to both ends of the cable.
Caution: DO NOT plug a phone jack connector into any RJ-45 port. Use only
twisted-pair cables with RJ-45 connectors that conform with FCC standards.
Caution: Each wire pair must be attached to the RJ-45 connectors in a specific
orientation. (See “10BASE-T/100BASE-TX Pin Assignments” on page 113 for
an explanation.)
The figure below illustrates how the pins on the RJ-45 connector are numbered. Be
sure to hold the connectors in the same orientation when attaching the wires to the
pins.
Figure B-1 RJ-45 Connector Pin Numbers
10BASE-T/100BASE-TX Pin Assignments
Use unshielded twisted-pair (UTP) or shielded twisted-pair (STP) cable for RJ-45
connections: 100-ohm Category 3, 4 or 5 cable for 10 Mbps connections, or
100-ohm Category 5 cable for 100 Mbps connections. Also be sure that the length of
any twisted-pair connection does not exceed 100 meters (328 feet).
The RJ-45 ports on the Gateway support automatic MDI/MDI-X operation, so you
can use straight-through cables for all network connections to PCs or gateways. In
straight-through cable, pins 1, 2, 3, and 6, at one end of the cable, are connected
straight through to pins 1, 2, 3, and 6 at the other end of the cable. When using the
RJ-45 port on this Gateway, you can use either straight-through or crossover cable.
113
B
Cables
Table B-1 10BASE-T/100BASE-TX MDI and MDI-X Port Pinouts
Pin
MDI Signal Name
Transmit Data plus (TD+)
MDI-X Signal Name
Receive Data plus (RD+)
Transmit Data minus (TD-)
Receive Data minus (RD-)
Receive Data plus (RD+)
Transmit Data plus (TD+)
Receive Data minus (RD-)
Transmit Data minus (TD-)
4,5,7,8
Not used
Not used
Note: The “+” and “-” signs represent the polarity of the wires that make
up each wire pair.
Straight-Through Wiring
If twisted-pair cable is to join two ports and only one of the ports has an internal
crossover (MDI-X), the two pairs of wires must be straight-through. (When
auto-negotiation is enabled for the RJ-45 port on the Gateway, you can use either
straight-through or crossover cable to connect to any device type.)
EIA/TIA 568B RJ-45 Wiring Standard
10/100BASE-TX Straight-through Cable
White/Orange Stripe
Orange
End A
White/Green Stripe
Blue
White/Blue Stripe
Green
White/Brown Stripe
Brown
Figure B-2 Straight-through Wiring
114
End B
Twisted-Pair Cable and Pin Assignments
Crossover Wiring
If the twisted-pair cable is to join two ports and either both ports are labeled with an
“X” (MDI-X) or neither port is labeled with an “X” (MDI), a crossover must be
implemented in the wiring. (When auto-negotiation is enabled for the RJ-45 port on
the Gateway, you can use either straight-through or crossover cable to connect to
any device type.)
EIA/TIA 568B RJ-45 Wiring Standard
10/100BASE-TX Crossover Cable
White/Orange Stripe
Orange
End A
White/Green Stripe
Blue
White/Blue Stripe
Green
White/Brown Stripe
End B
Brown
Figure B-3 Crossover Wiring
Cable Testing for Existing Category 5 Cable
Installed Category 5 cabling must pass tests for Attenuation, Near-End Crosstalk
(NEXT), and Far-End Crosstalk (FEXT). This cable testing information is specified in
the ANSI/TIA/EIA-TSB-67 standard. Additionally, cables must also pass test
parameters for Return Loss and Equal-Level Far-End Crosstalk (ELFEXT). These
tests are specified in the ANSI/TIA/EIA-TSB-95 Bulletin, “The Additional
Transmission Performance Guidelines for 100 Ohm 4-Pair Category 5 Cabling.”
Note that when testing your cable installation, be sure to include all patch cables
between switches and end devices.
115
B
Cables
RJ-11 Ports
Standard telephone RJ-11 connectors and cabling can be found in several common
wiring patterns. These six-pin connectors can accommodate up to three wire-pairs
(three telephone lines), but usually only one or two pairs of conductor pins and wires
are implemented.
The RJ-11 ports on the side of the Gateway contain two wire-pairs, an inner pair
(pins 3 and 4) and outer pair (pins 2 and 5). On the LINE port, the inner wire-pair
carries both voice and digital data. On the PHONE port, the inner wire-pair carries
voice only.
Blue/White
White/Blue
White/Orange
Blue/White
White/Blue
Orange/White
Black
Red
Green
Yellow
The outer wire-pair is only connected if there is a second telephone line, and carries
voice only.
R1 T1
T2 R1 T1 R2
T2 R1 T1 R2
123456
123456
123456
6x2 Jack
6x4 Jack
6x4 Jack
T = Tip
R = Ring
Figure B-4 RJ-11 Wiring
Table B-2 RJ-11 Port Pinouts
116
Pin
Signal Name
Wire Color
Not used
Line 2 Tip
Line 1 Ring
Red or Blue/White
Line 1 Tip
Green or White/Blue
Line 2 Ring
Yellow or Orange/White
Not used
Black or White/Orange
Appendix C: Specifications
VDSL Functional Criteria
VDSL2 profile 30A (100 Mbps upstream / 100 Mbps downstream)
Band Plan: 8D, 12A, 12B and 17A
Signal Bandwidth: 25 kHz to 17.664 MHz
Multi-Carrier-Modulation (MCM) - DMT modulation
Interleaving: general convolution
Upstream Power Back-off (UPBO)
Remote firmware upgrade
Physical Characteristics
Ports
1 RJ-11 VDSL line (to phone jack in the wall)
1 RJ-11 phone line (POTS connection to telephone, with built-in splitter)
1 RJ-45 10/100BASE-TX (Ethernet connection to PC)
Ethernet Interface
4 RJ-45 connectors, auto MDI/X pinout detection
10BASE-T: 100-ohm, UTP cable; Category 3 or better
100BASE-TX: 100-ohm, UTP cable; Category 5 or better
*Maximum Cable Length - 100 m (328 ft)
VDSL2 Interface
RJ-11 connector, using standard phone cable (26 AWG)
Power Consumption
15 Watts maximum
Input Power
12 VDC (via AC power adapter), 1.25 A maximum
Size
20.95 x 16.05 x 3.62 cm (8.25 x 6.32 x 1.43 in.)
Weight
385 g (13.5 oz)
117
C
Specifications
Temperature
Operating: 0 °C to 40 °C (32 °F to 104 °F)
Storage: -25 °C to 70 °C (-13 °F to 158 °F)
Humidity
Operating: 20% to 90% (non-condensing)
LED Indicators
PWR, ALARM, VDSL LINK, VDSL TX/RX, LAN 1-4
Standards
Ethernet Standards
IEEE 802.3-2005 Ethernet Access
Ethernet, Fast Ethernet
Full-duplex flow control (ISO/IEC 8802-3)
IEEE 802.1D Spanning Tree Protocol
IEEE 802.1p priority tags
IEEE 802.3ac VLAN tagging
VDSL Standards
ANSI T1.424-2004 (T1E1 T1.424 - 2004)
ETSI TS 101 270-1 and TS 101 270-2
ITU-T G.992.2 (ADSL2+, ADSL2, ADSL)
ITU-T G.993.1-2004 - VDSL (including Annex F)
ITU-T G.993.2 - VDSL2
ITU-T G.993.2 Annex A - Band Plan for North America
ITU-T G.993.2 Annex K - Packet Transfer Mode-Transmission Convergence
ITU-T G.993.2 - Recommendation for Trellis Coding,
Impulse Noise Protection (INP), Upstream Power Backoff (UPBO),
Recommendation for latency path correction including scrambling,
Reed-Solomon forward error correction, and interleaving,
On-line Reconfiguration (OLR) Bit Swapping and Seamless Rate Adaptation
ITU-T G.993.2 Annex A - Power Spectral Density (PSD) Mask
ITU-T G.994.1 Handshake procedures for DSL transceivers
ITU-T 997 and 998 Band Plans
VDSL2 Profiles - Up to 17A
Rate Adaptation Mode - ITU G.993.2/G997.1 (Manual, Rate Adaptive AT INIT)
Other evolving ETSI, ANSI, ITU standards
118
Compliances
Compliances
Emissions
FCC Class B
FCC Part 68
IEC 61000-4-2 ESD (level 2)
CE
Environmental
RoHS compliant
Wireless Characteristics
Wireless Transmit Power (Maximum)
802.11b : 20.36 dBm
802.11g : 22.84 dBm
Wireless Receive Sensitivity (Maximum)
802.11b/g:
802.11b: -85 dBm @ 1 Mbps; -80 dBm @ 11 Mbps
802.11g: -83 dBm @ 6 Mbps; -66 dBm @ 54 Mbps
Operating Frequency
802.11g:
2.4 ~ 2.4835 GHz (US, Canada)
2.4 ~ 2.4835 GHz (ETSI, Japan)
802.11b:
2.4 ~ 2.4835 GHz (US, Canada)
2.4 ~ 2.4835 GHz (ETSI)
2.4 ~ 2.497 GHz (Japan)
Data Rate
802.11b: 1, 2, 5.5, 11 Mbps per channel
802.11g: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel
Operating Channels
802.11g:
11 channels in base mode (US, Canada)
13 channels (ETSI, Japan)
802.11b:
11 channels in base mode (US, Canada)
119
C
Specifications
13 channels (ETSI)
14 channels (Japan)
Modulation Type
802.11g: CCK, BPSK, QPSK, OFDM
802.11b: CCK, BPSK, QPSK
120
Glossary
10BASE-T
IEEE 802.3 specification for 10 Mbps Ethernet over two pairs of Category 3, 4, or 5
UTP cable.
100BASE-TX
IEEE 802.3u specification for 100 Mbps Fast Ethernet over two pairs of Category 5
or better UTP cable.
Auto-Negotiation
Signalling method allowing each node to select its optimum operational mode (e.g.,
speed and duplex mode) based on the capabilities of the node to which it is
connected.
Bandwidth
The difference between the highest and lowest frequencies available for network
signals. Also synonymous with wire speed, the actual speed of the data
transmission along the cable.
Bridging
A device that connects two LANs, or two segments of the same LAN. Unlike routers,
bridges are protocol-independent. They simply forward packets without analyzing
and re-routing messages. Consequently, they’re faster than routers, but less
versatile.
Challenge-Handshake Authentication Protocol (CHAP)
A type of authentication in which the authentication agent (that is, the router) sends
the client a key to use to encrypt the user name and password. This enables the
user name and password to be transmitted in an encrypted form to protect them
against eavesdroppers.
Domain Name Service (DNS)
A system used for translating host names for network nodes into IP addresses.
Dynamic Host Control Protocol (DHCP)
Provides a framework for passing configuration information to hosts on a TCP/IP
network. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability
of automatic allocation of reusable network addresses and additional configuration
options.
121
Glossary
Dynamic Routing
Dynamic routing uses a routing protocol to exchange routing information with
neighboring routers on the network. It calculates routing tables based on a given
metric, such as lest number of hops or shortest path. It can respond to changes in
the status or traffic on the network, re-routing traffic as required.
End Station
A workstation, server, or other device that does not forward traffic.
Ethernet
A network communication system developed and standardized by DEC, Intel, and
Xerox, using baseband transmission, CSMA/CD access, logical bus topology, and
coaxial cable. The successor IEEE 802.3 standard provides for integration into the
OSI model and extends the physical layer and media with repeaters and
implementations that operate on fiber, thin coax and twisted-pair cable.
Fast Ethernet
A 100 Mbps network communication system based on Ethernet and the CSMA/CD
access method.
Firewall
A firewall is designed to prevent unauthorized access to or from a private network
Full Duplex
Transmission method that allows two network devices to transmit and receive
concurrently, effectively doubling the bandwidth of that link.
Hosting Server
A network device that may provide a limited number of services for external IP
clients, but is also used to transparently redirect specific service requests (such as
web or FTP) to other dedicated local servers.
Internet Group Management Protocol (IGMP)
A protocol through which hosts can register with their local router for multicast
services. If there is more than one multicast switch/router on a given subnetwork,
one of the devices is made the “querier” and assumes responsibility for keeping
track of group membership.
Internet Service Provider (ISP)
A company that provides access to the Internet. This may be your local telephone
company, or a dedicated Internet service company.
122
Glossary
ITU
International Telecommunication Union
ITU-T
Telecommunication Standardization Section of ITU
LAN Segment
Separate LAN or collision domain.
Layer 2
Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related
directly to the hardware interface for network devices and passes on traffic based on
MAC addresses.
LED
Light emitting diode used for monitoring a device or network condition.
Local Area Network (LAN)
A group of interconnected computer and support devices.
Media Access Control (MAC)
A portion of the networking protocol that governs access to the transmission
medium, facilitating the exchange of data between network nodes.
Management Information Base (MIB)
An acronym for Management Information Base. It is a set of database objects that
contains information about a specific device.
Maximum Transfer Unit (MTU)
The maximum transfer unit for traffic crossing this device. MTU should be set to a
value that minimizes unnecessary fragmentation and maximizes the transfer of large
sequential data streams.
Media Dependent Interface (MDI)
The IEEE standard for the UTP interface to twisted-pair Ethernet. MDI defines a
straight-through pin assignment that allows you to connect the router to any
workstation or server that has a properly installed network adapter card using the
supplied crossover cable. Pin-out assignments are shown in Appendix B.
Media Dependent Interface - Crossed (MDI-X)
MDI-X port types cross the receive and transmit signals internally, and can be used
with straight-through cable to connect the router to a similar networking device (such
as a hub or switch). Note that if you use the supplied crossover cable to connect to a
123
Glossary
similar networking device, then you must connect to an MDI port on the other
device. Pin-out assignments are shown in Appendix B.
Network Address Translation (NAT)
A standard that enables a local-area network (LAN) to use one set of IP addresses
for external traffic and a second set of addresses for internal traffic.
Network Time Protocol (NTP)
NTP provides the mechanisms to synchronize time across the network. The time
servers operate in a hierarchical-master-slave configuration in order to synchronize
local clocks within the subnet and to national time standards via wire or radio.
Password Authentication Protocol (PAP)
A basic form of authentication, in which a user’s name and password are transmitted
over a network and compared to a table of name-password pairs.
Ping
A utility used to determine whether a specific IP address is accessible. It works by
sending a packet to the specified address and waiting for a reply.
Plain Old Telephone Service (POTS)
One of the services using voice band. Sometimes used as a descriptor for all voice
band services.
Point-to-Point Protocol (PPP)
A protocol for connecting remote hosts to the Internet using TCP/IP.
PPP over Ethernet (PPPoE)
A protocol for connecting remote hosts to the Internet over an always-on connection
by simulating a dial-up connection.
PSTN
Public Switched Telephone Network.
Private Branch Exchange (PBX)
A telephone exchange local to a particular organization who use, rather than
provide, telephone services.
Quality of Service (QoS)
A network protocol used to specify a guaranteed throughput level. This protocol is
often used by Internet service providers to guarantee their customers a minimum
end-to-end latency.
124
Glossary
Rate Adaptive
A VDSL service that automatically adjusts the transmission rate depending on line
quality and loading to ensure data quality (such as, keeping within a maximum error
rate).
Router
A device used to interconnect networks over local or wide areas and provide traffic
control and filtering functions.
Routing
Routing forwards incoming IP packets using statically defined routes or a dynamic
routing protocol such as RIP (or RIP 2).
Routing Information Protocol (RIP)
A protocol that specifies how routers exchange routing table information.
RJ-45 Connector
A connector for twisted-pair wiring.
Secure Shell (SSH)
A secure replacement for remote access functions, including Telnet. SSH can
authenticate users with a cryptographic key, and encrypt data connections between
management clients and the switch.
Session Initiation Protocol (SIP)
A control protocol used to create sessions with one or more participants for
applications including Internet telephony and multimedia conferences.
Splitter
A filter to separate VDSL signals from POTS signals to prevent mutual interference.
(Note that an external splitter is not required for this Gateway.)
Static Route
Static routes are manually configured entries in the routing table that indicate the
next hop (router) that must be used when sending data to a specific subnet or host.
Telnet
Defines a remote communication facility for interfacing to a terminal device over
TCP/IP.
Trivial File Transfer Protocol
A simple file transfer method that uses the User Datagram Protocol (UDP), and
therefore provides no error recovery.
125
Glossary
TIA
Telecommunications Industry Association
Transmission Control Protocol/Internet Protocol (TCP/IP)
Protocol suite that includes TCP as the primary transport protocol, and IP as the
network layer protocol.
Universal Plug-and-Play (UPnP)
A set of protocols that allows devices to connect seamlessly and simplifies the
deployment of home and office networks, using auto-discovery of other network
devices, acquiring information about device capabilities, and requests for services.
UTP
Unshielded twisted-pair cable.
User Datagram Protocol (UDP)
UDP provides a datagram mode for packet-switched communications. It uses IP as
the underlying transport mechanism to provide access to IP-like services. UDP
packets are delivered just like IP packets – connection-less datagrams that may be
discarded before reaching their targets. UDP is useful when TCP would be too
complex, too slow, or just unnecessary.
Very high data rate Digital Subscriber Line (VDSL)
A family of digital telecommunications protocols designed to allow high speed data
communication at data rates from below 1 Mbps to 52.8 Mbps with corresponding
maximum reach ranging from 4500 feet to 1000 feet using 24 gauge twisted pair
cable over the existing copper telephone lines between end-users and service
providers.
Very high data rate Digital Subscriber Line 2 (VDSL2)
VDSL2 as defined in ITU-T Recommendation G.993.2 is an enhancement to the first
VDSL standard (G.993.1). It supports transmission at a bi-directional net data rate
(the sum of upstream and downstream rates) of up to 200 Mbps on twisted pair
cables using a bandwidth of up to 30 MHz.
Virtual Private Network (VPN)
A secure tunnel used to protect data passing from one network to another over the
Internet.
Wide Area Network (WAN)
A computer network that spans a relatively large geographical area. Typically, a
WAN consists of two or more local-area networks (LANs).
126
Index
Numerics
100BASE-TX 16
10BASE-T 16
10BASE-T/100BASE-TX pin
assignments 113
auto-configuration server 108
DiffServ 105
DNS
general configuration 71
downloading software 58
dynamic DNS services 68
dynamic IP 37
setting WAN type 37
dynamic IP address assignment
WAN interface 65
dynamic routing 30, 74
bridge mode, setting 36, 54
bridging 29
Ethernet 16
event logging 53
cable
crossover 115
straight-through 114
testing category 5 cable 115
cable connections 26
Class of Service, See CoS
compliances
emissions 119
environmental 119
configuration files, restoring
defaults 58
CoS
configuring traffic classification 106
queue mapping 106
crossover Ethernet cable 115
default IP address 35
default IP gateway, configuration 66
default priority, ingress port 106
default router 30
DHCP 65
client 32, 71
client configuration 71
displaying clients 53
dynamic configuration 65
Gateway as client 65
Differentiated Services, See DiffServ
factory default settings, restoring 58
filtering
IP addresses 91
firewall 33
firewall, configuration 90
firmware
displaying version 50
upgrading 58
front panel 17, 18, 19, 20, 21, 22, 23,
24
FTP server, See also local server
Gateway
description 13
features 15
hardware version, displaying 50
hardware, description 16
HTTPS 109
secure-site certificate 109
IGMP 102
proxy 102
snooping 102
127
Index
snooping, setting fast leave 102
installation
connecting cables 26
powering on 27
IP address
default setting 35
DHCP 65
IP filter, for management access 57
ISP, single-user account 32
LED indicators 17
problems 111
local server
FTP 33
Web 33
log-in, Web interface 45
logon authentication 57
logs, displaying messages 53
main menu 47
management access, IP filter 57
management IP address, LAN 71
MINI-DIN port 16
MTU, configuring 39
multicast filtering 101
NAT 32
configuration 86
Network Address Translation, See NAT
network applications
accessing a remote site 30
accessing the Internet 31
network, examples 29
NTP
refresh time 56
server 56
operating mode, setting 36
package contents 25
128
packet filtering 91
password 57
administrator setting 57
pin assignments 113
10BASE-T/100BASE-TX 113
RJ-11 116
pinging network devices 58, 59
port
MINI-DIN 16
RJ-11 16
RJ-45 16
port indicators 17
port priority 106
default ingress 106
ports
autonegotiation 72
configuring 72
duplex mode 72
speed 72
powering on 27
PPPoE 37
service name 39
setting WAN type 39
WAN interface 67
priority, default port ingress 106
problems, troubleshooting 111
QoS 104
Quality of Service, See QoS
rate limit, setting 104
rear panel 17, 18, 19, 20, 21, 22, 23, 24
restarting the system 58
RFC 1388 30
RIP 30, 31
selecting version 74
RIP 1 31
RIP 1, See also RIP
RIP 2 30, 31
RJ-11
pin assignments 116
port 16
RJ-45 port 16
router 31
Index
router mode, setting 36, 54
routing 30, 31
dynamic 30
static 30
table 31
Routing Information Protocol, See RIP
time, setting 56
troubleshooting 111
Internet connection 112
management access 112
troubleshooting, Gateway
indicators 111
Secure Shell, See SSH
setup wizard 35
single-user account 32
software
displaying version 50
downloading 58
specifications
component 117
environmental 118
power 117
VDSL 117
SSH 60
standards
IEEE 118
ITU-T 118
static addresses, setting 91
static IP 37
setting WAN type 38
static IP address, WAN interface 66
static routing 30, 73
straight-through Ethernet cable 114
STUN server 109
system
indicators 17
requirements 25
system clock, setting 56
system information 50
system software, downloading from
host 58
upgrading software 58
VDSL 95
configuring 95
data rate, maximum 96
description 14
displaying communication
statistics 95
displaying performance statistics 98
displaying signal status 95
fast and interleaved channels 96
functional specifications 117
interleave delay, maximum 96
resetting a port 96
signal-to-noise margin 99
WAN connection, setting type 37
WAN interface
PPPoE 67
static IP address 66
WAN interface, dynamic IP address
assignment 65
Web interface
access requirements 45
home page 46
menu list 47
Web server, See also local server
TCP/IP, PC configuration 27
129
Index
130
ECG9210-04
E022010-DT-R01
150200000095A
20 Mason • Irvine, CA 92618 • Phn: 949-679-8000 • www.smc.com
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.4 Linearized : Yes Encryption : Standard V2.3 (128-bit) User Access : Print, Copy, Extract, Print high-res Page Mode : UseOutlines XMP Toolkit : 3.1-702 Producer : Acrobat Distiller 9.3.0 (Windows) Creator Tool : FrameMaker 9.0 Modify Date : 2010:02:23 17:43:52+08:00 Create Date : 2010:02:22 09:57:14Z Metadata Date : 2010:02:23 17:43:52+08:00 Format : application/pdf Title : install.book Creator : david Document ID : uuid:6d883607-61c1-47c7-87e5-d5d5467bb70d Instance ID : uuid:a64d1ad7-8fdd-42bd-b63b-498c83f9edb5 Page Count : 136 Author : davidEXIF Metadata provided by EXIF.tools