Comtrend VR3063U Home Gateway User Manual CT 5374
Comtrend Corporation Home Gateway CT 5374
Comtrend >
Contents
- 1. User Manual I
- 2. User Manual II
- 3. User Manual III
User Manual II
| Download: |  |
| Mirror Download [FCC.gov] | |
| Document ID | 4096695 |
| Application ID | KQh2HrL1MXBQSo4/YkDygQ== |
| Document Description | User Manual II |
| Short Term Confidential | No |
| Permanent Confidential | No |
| Supercede | No |
| Document Type | User Manual |
| Display Format | Adobe Acrobat PDF - pdf |
| Filesize | 418.72kB (5233983 bits) |
| Date Submitted | 2018-12-05 00:00:00 |
| Date Available | 2018-12-06 00:00:00 |
| Creation Date | 2018-11-29 16:57:26 |
| Producing Software | Microsoft® Word 2016 |
| Document Lastmod | 2018-11-29 16:57:37 |
| Document Title | CT-5374 |
| Document Creator | Microsoft® Word 2016 |
| Document Author: | Technical Writer |
5.6.3.2 User Accounts Click the Add button to display the following. After filling in the respective fields, click the Save/Apply button. To remove an account, tick the box and Click the Remove button. 70 Chapter 6 Advanced Setup You can reach this page by clicking on the following icon located at the top of the screen. 6.1 Security For detailed descriptions, with examples, please consult Appendix A - Firewall. 6.1.1 IP Filtering This screen sets filter rules that limit IP traffic (Outgoing/Incoming). Multiple filter rules can be set and each applies at least one limiting condition. For individual IP packets to pass the filter all conditions must be fulfilled. NOTE: This function is not available when in bridge mode. Instead, MAC Filtering performs a similar function. OUTGOING IP FILTER By default, all outgoing IP traffic is allowed, but IP traffic can be blocked with filters. To add a filter (to block some outgoing IP traffic), click the Add button. On the following screen, enter your filter criteria and then click Save/Apply. 71 Consult the table below for field descriptions. Field Description Filter Name The filter rule label. IP Version Select from the drop down menu. Protocol TCP, TCP/UDP, UDP, or ICMP. Source IP address Enter source IP address. Source Port (port or port:port) Enter source port number or range. Destination IP address Enter destination IP address. Destination Port (port or port:port) Enter destination port number or range. INCOMING IP FILTER By default, all incoming IP traffic is blocked, but IP traffic can be allowed with filters. To add a filter (to allow incoming IP traffic), click the Add button. On the following screen, enter your filter criteria and then click Save/Apply. 72 Consult the table below for field descriptions. Field Description Filter Name The filter rule label. IP Version Select from the drop down menu. Protocol TCP, TCP/UDP, UDP, or ICMP. Source IP address Enter source IP address. Source Port (port or port:port) Enter source port number or range. Destination IP address Enter destination IP address. Destination Port (port or port:port) Enter destination port number or range. At the bottom of this screen, select the WAN and LAN Interfaces to which the filter rule will apply. You may select all or just a subset. WAN interfaces in bridge mode or without firewall enabled are not available. 73 6.1.2 MAC Filtering NOTE: This option is only available in bridge mode. Other modes use IP Filtering to perform a similar function. Each network device has a unique 48-bit MAC address. This can be used to filter (block or forward) packets based on the originating device. MAC filtering policy and rules for the VR-3063 can be set according to the following procedure. MAC Filtering is only effective on WAN services configured in Bridge mode. FORWARDED means that all MAC layer frames will be FORWARDED except those matching with any of the specified rules in the following table. BLOCKED means that all MAC layer frames will be BLOCKED except those matching with any of the specified rules in the following table. MAC Filtering Policy For Each Interface: WARNING: Changing from one policy to another of an interface will cause all defined rules for that interface to be REMOVED AUTOMATICALLY! You will need to create new rules for the new policy. Choose Add or Remove to configure MAC filtering rules. The following screen will appear when you click Add. Create a filter to identify the MAC layer frames by specifying at least one condition below. If multiple conditions are specified, all of them must be met. Click Save/Apply to save and activate the filter rule. 74 Consult the table below for detailed field descriptions. Field Description Protocol Type PPPoE, IPv4, IPv6, AppleTalk, IPX, NetBEUI, IGMP Destination MAC Address Defines the destination MAC address Source MAC Address Defines the source MAC address Frame Direction Select the incoming/outgoing packet interface WAN Interfaces Applies the filter to the selected bridge interface 75 6.2 Quality of Service (QoS) NOTE: QoS must be enabled in at least one PVC to display this option. (See Appendix F - Connection Setup for detailed PVC setup instructions). To Enable QoS tick the checkbox and select a Default DSCP Mark. Click Save/Apply to activate QoS. QoS and DSCP Mark are defined as follows: Quality of Service (QoS): This provides different priority to different users or data flows, or guarantees a certain level of performance to a data flow in accordance with requests from Queue Prioritization. Default Differentiated Services Code Point (DSCP) Mark: This specifies the per hop behavior for a given flow of packets in the Internet Protocol (IP) header that do not match any other QoS rule. 76 6.2.1 QoS Queue 6.2.1.1 QoS Queue Configuration Configure queues with different priorities to be used for QoS setup. In ATM mode, a maximum of 16 queues can be configured. In PTM mode, a maximum of 8 queues can be configured. For each Ethernet interface, a maximum of 8 queues can be configured. For each Ethernet WAN interface, a maximum of 8 queues can be configured. 77 To remove queues, check their remove-checkboxes (for user created queues), then click the Remove button. The Enable button will scan through every queue in the table. Queues with the enable-checkbox checked will be enabled. Queues with the enable-checkbox un-checked will be disabled. 78 The enable-checkbox also shows status of the queue after page reload. Note that if WMM function is disabled in the Wireless Page, queues related to wireless will not take effect. This function follows the Differentiated Services rule of IP QoS. Enable and assign an interface and precedence on the next screen. Click Save/Apply on this screen to activate it. To add a queue, click the Add button to display the following screen. Name: Identifier for this Queue entry. Enable: Enable/Disable the Queue entry. Interface: Assign the entry to a specific network interface (QoS enabled). After selecting an Interface the following will be displayed. The precedence list shows the scheduler algorithm for each precedence level. Queues of equal precedence will be scheduled based on the algorithm. Queues of unequal precedence will be scheduled based on SP. Click Save/Apply to apply and save the settings. Scheduler Algorithm: Choose a method for QoS Queue Scheduling. Queue Weight: Represents the priority quantity allocated to this Queue. DSL Latency: The DSL latency set for this queue. 79 6.2.1.2 Wlan Queue Displays the list of available wireless queues for WMM and wireless data transmit priority. 80 6.2.2 QoS Classification The network traffic classes are listed in the following table. Click Add to configure a network traffic class rule and Enable to activate it. To delete an entry from the list, click Remove. This screen creates a traffic class rule to classify the upstream traffic, assign queuing priority and optionally overwrite the IP header DSCP byte. A rule consists of a class name and at least one logical condition. All the conditions specified in the rule must be satisfied for it to take effect. Click Apply/Save to save and activate the rule. 81 Field Description Traffic Class Name Enter a name for the traffic class. Rule Order Last is the only option. Rule Status Disable or enable the rule. Classification Criteria Ingress Interface Select an interface: (i.e. LAN, WAN, local, ETH1, ETH2, ETH3, wl0) Ether Type Set the Ethernet type (e.g. IP, ARP, IPv6). Source MAC Address A packet belongs to SET-1, if a binary-AND of its source MAC address with the Source MAC Mask is equal to the binary-AND of the Source MAC Mask and this field. Source MAC Mask This is the mask used to decide how many bits are checked in Source MAC Address. Destination MAC Address A packet belongs to SET-1 then the result that the Destination MAC Address of its header binary-AND to the Destination MAC Mask must equal to the result that this field binary-AND to the Destination MAC Mask. Destination MAC Mask This is the mask used to decide how many bits are checked in the Destination MAC Address. Classification Results Specify Egress Interface Choose the egress interface from the available list. Specify Egress Queue Choose the egress queue from the list of available for the specified egress interface. Mark Differentiated Service Code Point The selected Code Point gives the corresponding priority to packets that satisfy the rule. Mark 802.1p Priority Select between 0-7. - Class non-vlan packets egress to a non-vlan interface will be tagged with VID 0 and the class rule p-bits. - Class vlan packets egress to a non-vlan interface will have the packet p-bits re-marked by the class rule p-bits. No additional vlan tag is added. - Class non-vlan packets egress to a vlan interface will be tagged with the interface VID and the class rule p-bits. - Class vlan packets egress to a vlan interface will be additionally tagged with the packet VID, and the class rule p-bits. Set Rate Limit The data transmission rate limit in kbps. 82 6.2.3 QoS Port Shaping QoS port shaping supports traffic shaping of the Ethernet interface. Input the shaping rate and burst size to enforce QoS rule on each interface. If "Shaping Rate" is set to "-1", it means no shaping and "Burst Size" will be ignored. Click Save/Apply to apply and save the settings. 83 6.3 Routing The following routing functions are accessed from this menu: Default Gateway, Static Route, Policy Routing and RIP. NOTE: 6.3.1 In bridge mode, the RIP menu option is hidden while the other menu options are shown but ineffective. Default Gateway The default gateway interface list can have multiple WAN interfaces served as system default gateways but only one will be used according to the priority with the first being the highest and the last one the lowest priority if the WAN interface is connected. Priority order can be changed by removing all and adding them back in again. Click Save/Apply to apply and save the settings. 84 6.3.2 Static Route This option allows for the configuration of static routes by destination IP. Click Add to create a static route or click Remove to delete a static route. After clicking Add the following will display. IP Version: Select the IP version to be IPv4 or IPv6. Destination IP address/prefix length: Enter the destination IP address. Interface: Select the proper interface for the rule. Gateway IP Address: The next-hop IP address. Metric: The metric value of routing. After completing the settings, click Save/Apply to add the entry to the routing table. 85 6.3.3 Policy Routing This option allows for the configuration of static routes by policy. Click Add to create a routing policy or Remove to delete one. On the following screen, complete the form and click Save/Apply to create a policy. Field Description Policy Name Name of the route policy Physical LAN Port Specify the port to use this route policy Source IP IP Address to be routed Use Interface Interface that traffic will be directed to Default Gateway IP IP Address of the default gateway 86 6.3.4 RIP To activate RIP, configure the RIP version/operation mode and select the Enabled checkbox for at least one WAN interface before clicking Save/Apply. 87 6.4 DNS 6.4.1 DNS Server Select DNS Server Interface from available WAN interfaces OR enter static DNS server IP addresses for the system. In ATM mode, if only a single PVC with IPoA or static IPoE protocol is configured, Static DNS server IP addresses must be entered. DNS Server Interfaces can have multiple WAN interfaces served as system DNS servers but only one will be used according to the priority with the first being the highest and the last one the lowest priority if the WAN interface is connected. Priority order can be changed by removing all and adding them back in again. Click Save/Apply to save the new configuration. 88 6.4.2 Dynamic DNS The Dynamic DNS service allows you to map a dynamic IP address to a static hostname in any of many domains, allowing the VR-3063 to be more easily accessed from various locations on the Internet. To add a dynamic DNS service, click Add. The following screen will display. Click Save/Apply to save your settings. Consult the table below for field descriptions. Field Description D-DNS provider Select a dynamic DNS provider from the list Hostname Enter the name of the dynamic DNS server Interface Select the interface from the list Username Enter the username of the dynamic DNS server Password Enter the password of the dynamic DNS server 89 6.5 DSL The DSL Settings screen allows for the selection of DSL modulation modes. For optimum performance, the modes selected should match those of your ISP. DSL Mode Data Transmission Rate - Mbps (Megabits per second) G.Dmt Downstream: 12 Mbps Upstream: 1.3 Mbps G.lite Downstream: 4 Mbps Upstream: 0.5 Mbps T1.413 Downstream: 8 Mbps Upstream: 1.0 Mbps ADSL2 Downstream: 12 Mbps Upstream: 1.0 Mbps AnnexL Supports longer loops but with reduced transmission rates ADSL2+ Downstream: 24 Mbps Upstream: 1.0 Mbps AnnexM Downstream: 24 Mbps Upstream: 3.5 Mbps VDSL2 Downstream: 100 Mbps Upstream: 60 Mbps VDSL Profile Maximum Downstream Throughput- Mbps (Megabits per second) 8a Downstream 50 8b Downstream 50 8c Downstream: 50 8d Downstream: 50 12a Downstream: 68 90 12b Downstream: 68 17a Downstream: 100 35b Downstream: 300 Options Description US0 Band between 20 and 138 kHz for long loops to upstream Phoneline pair Select inner pair/outer pair if the DSL line uses alternated pair for data connection Bitswap Enable Enables adaptive handshaking functionality SRA Enable Enables Seamless Rate Adaptation (SRA) 6.6 DNS Proxy DNS proxy receives DNS queries and forwards DNS queries to the Internet. After the CPE gets answers from the DNS server, it replies to the LAN clients. Configure DNS proxy with the default setting, when the PC gets an IP via DHCP, the domain name, Home, will be added to PC’s DNS Suffix Search List, and the PC can access route with “Comtrend.Setup.Home”. See below for further details. The Host Name and Domain Name are combined to form a unique label that is mapped to the router IP address. This can be used to access the WUI with a local name rather than by using the router IP address. The figure below shows an example of this. In the browser address bar (circled in red) the prefix “http://" is added to the local name “Comtrend.Setup.Home” [Host.Domain] for WUI access. 91 6.7 Interface Grouping Interface Grouping supports multiple ports to PVC and bridging groups. Each group performs as an independent network. To use this feature, you must create mapping groups with appropriate LAN and WAN interfaces using the Add button. The Remove button removes mapping groups, returning the ungrouped interfaces to the Default group. Only the default group has an IP interface. To add an Interface Group, click the Add button. The following screen will appear. It lists the available and grouped interfaces. Follow the instructions shown onscreen. 92 Automatically Add Clients With Following DHCP Vendor IDs: Add support to automatically map LAN interfaces to PVC's using DHCP vendor ID (option 60). The local DHCP server will decline and send the requests to a remote DHCP server by mapping the appropriate LAN interface. This will be turned on when Interface Grouping is enabled. For example, imagine there are 4 PVCs (0/33, 0/36, 0/37, 0/38). VPI/VCI=0/33 is for PPPoE while the other PVCs are for IP set-top box (video). The LAN interfaces are ETH1(eth1.0), ETH2(eth2.0), ETH3(eth3.0), and ETH4(eth4.0). The Interface Grouping configuration will be: 1. Default: ETH1, ETH2, ETH3, and ETH4. 2. Video: nas_0_36, nas_0_37, and nas_0_38. The DHCP vendor ID is "Video". If the onboard DHCP server is running on "Default" and the remote DHCP server is running on PVC 0/36 (i.e. for set-top box use only). LAN side clients can get IP addresses from the CPE's DHCP server and access the Internet via PPPoE (0/33). If a set-top box is connected to ETH1 and sends a DHCP request with vendor ID "Video", the local DHCP server will forward this request to the remote DHCP server. The Interface Grouping configuration will automatically change to the following: 1. Default: ETH2, ETH3, and ETH4 2. Video: nas_0_36, nas_0_37, nas_0_38, and ETH1. 93 6.8 IP Tunnel 6.8.1 IPv6inIPv4 Configure 6in4 tunneling to encapsulate IPv6 traffic over explicitly-configured IPv4 links. Click the Add button to display the following. Click Save/Apply to apply and save the settings. Options Description Tunnel Name Input a name for the tunnel Mechanism Mechanism used by the tunnel deployment Associated WAN Interface Select the WAN interface to be used by the tunnel Associated LAN Interface Select the LAN interface to be included in the tunnel Manual/Automatic Select automatic for point-to-multipoint tunneling / manual for point-to-point tunneling IPv4 Mask Length The subnet mask length used for the IPv4 interface 6rd Prefix with Prefix Length Prefix and prefix length used for the IPv6 interface Border Relay IPv4 Address Input the IPv4 address of the other device 94 6.8.2 IPv4inIPv6 Configure 4in6 tunneling to encapsulate IPv4 traffic over an IPv6-only environment. Click the Add button to display the following. Click Save/Apply to apply and save the settings. Options Description Tunnel Name Input a name for the tunnel Mechanism Mechanism used by the tunnel deployment Associated WAN Interface Select the WAN interface to be used by the tunnel Associated LAN Interface Select the LAN interface to be included in the tunnel Manual/Automatic Select automatic for point-to-multipoint tunneling / manual for point-to-point tunneling AFTR Address of Address Family Translation Router 95 6.9 IP Sec You can add, edit or remove IPSec tunnel mode connections from this page. Click Add New Connection to add a new IPSec termination rule. The following screen will display. 96 IPSec Connection Name User-defined label IP Version Select the corresponding IPv4 / IPv6 version for the IPSEC connection Select tunnel protocol, AH (Authentication Header) or ESP (Encapsulating Security Payload) for this tunnel. Select from the list of wan interface to be used as gateway for the IPSEC connection The location of the Remote IPSec Gateway. IP address or domain name can be used. Specify the acceptable host IP on the local side. Choose Single or Subnet. If you chose Single, please enter the host IP address for VPN. If you chose Subnet, please enter the subnet information for VPN. Specify the acceptable host IP on the remote side. Choose Single or Subnet. If you chose Single, please enter the host IP address for VPN. If you chose Subnet, please enter the subnet information for VPN. Select from Auto(IKE) or Manual Tunnel Mode Local Gateway Interface Remote IPSec Gateway Address Tunnel access from local IP addresses IP Address/Subnet Mask for VPN Tunnel access from remote IP addresses IP Address/Subnet Mask for VPN Key Exchange Method For the Auto(IKE) key exchange method, select Pre-shared key or Certificate (X.509) authentication. For Pre-shared key authentication you must enter a key, while for Certificate (X.509) authentication you must select a certificate from the list. See the tables below for a summary of all available options. Auto(IKE) Key Exchange Method Pre-Shared Key / Certificate (X.509) Input Pre-shared key / Choose Certificate Perfect Forward Secrecy Enable or Disable Advanced IKE Settings Select Show Advanced Settings to reveal the advanced settings options shown below. 97 Advanced IKE Settings Mode Select Hide Advanced Settings to hide the advanced settings options shown above. Choose settings for each phase, the available options are separated with a “/” character. Main / Aggressive Encryption Algorithm DES / 3DES / AES 128,192,256 Integrity Algorithm MD5 / SHA1 Select Diffie-Hellman Group 768 – 8192 bit Key Life Time Enter your own or use the default (1 hour) Phase 1 / Phase 2 The Manual key exchange method options are summarized in the table below. Manual Key Exchange Method 98 Encryption Algorithm DES / 3DES / AES (aes-cbc) Encryption Key DES: 16 digit Hex, 3DES: 48 digit Hex Authentication Algorithm MD5 / SHA1 Authentication Key MD5: 32 digit Hex, SHA1: 40 digit Hex SPI (default is 101) Enter a Hex value from 100-FFFFFFFF 99 6.10 Certificate A certificate is a public key, attached with its owner’s information (company name, server name, personal real name, contact e-mail, postal address, etc) and digital signatures. There will be one or more digital signatures attached to the certificate, indicating that these entities have verified that this certificate is valid. 6.10.1 Local CREATE CERTIFICATE REQUEST Click Create Certificate Request to generate a certificate-signing request. The certificate-signing request can be submitted to the vendor/ISP/ITSP to apply for a certificate. Some information must be included in the certificate-signing request. Your vendor/ISP/ITSP will ask you to provide the information they require and to provide the information in the format they regulate. Enter the required information and click Apply to generate a private key and a certificate-signing request. 100 The following table is provided for your reference. Field Description Certificate Name A user-defined name for the certificate. Common Name Usually, the fully qualified domain name for the machine. Organization Name The exact legal name of your organization. Do not abbreviate. State/Province Name The state or province where your organization is located. It cannot be abbreviated. Country/Region Name The two-letter ISO abbreviation for your country. IMPORT CERTIFICATE Click Import Certificate to paste the certificate content and the private key provided by your vendor/ISP/ITSP into the corresponding boxes shown below. Enter a certificate name and click the Apply button to import the certificate and its private key. 101 6.10.2 Trusted CA CA is an abbreviation for Certificate Authority, which is a part of the X.509 system. It is itself a certificate, attached with the owner information of this certificate authority; but its purpose is not encryption/decryption. Its purpose is to sign and issue certificates, in order to prove that these certificates are valid. Click Import Certificate to paste the certificate content of your trusted CA. The CA certificate content will be provided by your vendor/ISP/ITSP and is used to authenticate the Auto-Configuration Server (ACS) that the CPE will connect to. Enter a certificate name and click Apply to import the CA certificate. 102 6.11 Power Management This screen allows for control of hardware modules to evaluate power consumption. Use the buttons to select the desired option, click Apply and check the response. 103 6.12 Multicast Input new IGMP or MLD protocol configuration fields if you want modify default values shown. Then click Save/Apply. Multicast Precedence: Select precedence of multicast packets. Multicast Strict Grouping Enforcement: Enable/Disable multicast strict grouping. The following table is provided for your reference. 104 Field Description Default Version Define IGMP using version with video server. Query Interval The query interval is the amount of time in seconds between IGMP General Query messages sent by the router (if the router is the querier on this subnet). The default query interval is 125 seconds. Query Response Interval The query response interval is the maximum amount of time in seconds that the IGMP router waits to receive a response to a General Query message. The query response interval is the Maximum Response Time field in the IGMP v2 Host Membership Query message header. The default query response interval is 10 seconds and must be less than the query interval. Last Member Query Interval The last member query interval is the amount of time in seconds that the IGMP router waits to receive a response to a Group-Specific Query message. The last member query interval is also the amount of time in seconds between successive Group-Specific Query messages. The default last member query interval is 10 seconds. Robustness Value The robustness variable is a way of indicating how susceptible the subnet is to lost packets. IGMP can recover from robustness variable minus 1 lost IGMP packets. The robustness variable should be set to a value of 2 or greater. The default robustness variable value is 2. Maximum Multicast Groups Setting the maximum number of Multicast groups. Maximum Multicast Data Sources (for IGMPv3) Define the maximum multicast video stream number. Maximum Multicast Data Sources (for mldv2) Define the maximum multicast video stream number from IPv6 source. Maximum Multicast Group Members Setting the maximum number of groups that ports can accept. Fast Leave Enable When you enable IGMP fast-leave processing, the switch immediately removes a port when it detects an IGMP version 2 leave message on that port. IGMP Group Exception List / MLD Group Exception List Field Description Group Address This is the delimited list of ignored multicast addresses being queried when sending a Group-Specific or Group-and-Source-Specific Query. Mask/Mask Bits This is the delimited list of ignored multicast mask being queried when sending a Group-Specific or Group-and-Source-Specific Query. 105 Field Description Remove Allows a user to remove a specific item in the exception list. 106 6.13 Wireless 6.13.1 Basic 2.4GHz The Basic option allows you to configure basic features of the wireless LAN interface. Among other things, you can enable or disable the wireless LAN interface, hide the network from active scans, set the wireless network name (also known as SSID) and restrict the channel set based on country requirements. Click Save/Apply to configure the basic wireless options. Consult the table below for descriptions of these options. Option Description Enable Wireless A checkbox that enables or disables the wireless LAN interface. When selected, a set of basic wireless options will appear. Hide Access Point Select Hide Access Point to protect the access point from detection by wireless active scans. To view and connect to available wireless networks in Windows, open Connect to a Network by clicking the network icon ( or ) in the notification area. If the access point is hidden, it will not be listed there. To connect a client to a hidden access point, the station must add the access point manually to its wireless configuration. 107 Option Description SSID Sets the wireless network name. SSID stands for Service Set Identifier. All stations must be configured with the correct SSID to access the WLAN. If the SSID does not match, that user will not be granted access. [1-32 characters] Channel Drop-down menu that allows selection of a specific channel. Country Local regulations limit channel range: 11 Channels (US, Canada) Bandwidth To utilize maximum data throughput, select 40MHz in 2.4G band. Max Clients The maximum number of clients that can access the router. Wireless - Guest / Virtual Access Points This router supports multiple SSIDs called Guest SSIDs or Virtual Access Points. To enable one or more Guest SSIDs select the checkboxes in the Enabled column. To hide a Guest SSID select its checkbox in the Hidden column. Do the same for Isolate Clients and Disable WMM Advertise. For a description of these two functions, see the previous entries for “Clients Isolation” and “Disable WMM Advertise”. Similarly, for Enable WMF, Max Clients and BSSID, consult the matching entries in this table. NOTE: Remote wireless hosts cannot scan Guest SSIDs. 108 6.13.2 Security 2.4GHz The following screen appears when Wireless Security is selected. The options shown here allow you to configure security features of the wireless LAN interface. Please see 6.13.3 for WPS setup instructions. Click Save/Apply to implement new configuration settings. WIRELESS SECURITY Setup requires that the user configure these settings using the Web User Interface (see the table below). Select SSID Select the wireless network name from the drop-down menu. SSID stands for Service Set Identifier. All stations must be configured with the correct SSID to access the WLAN. If the SSID does not match, that client will not be granted access. Network Authentication This option specifies whether a network key is used for authentication to the wireless network. If network authentication is set to Open, then no authentication is provided. Despite this, the identity of the client is still verified. Each authentication type has its own settings. For example, selecting 802.1X authentication will reveal the RADIUS Server IP address, Port and Key fields. WEP Encryption will also be enabled as shown below. Different authentication type pops up different settings requests. Choosing WPA2-PSK, you must enter WPA/WAPI passphrase and Group Rekey Interval. 109 WEP Encryption This option specifies whether data sent over the network is encrypted. The same network key is used for data encryption and network authentication. Four network keys can be defined although only one can be used at any one time. Use the Current Network Key list box to select the appropriate network key. Security options include authentication and encryption services based on the wired equivalent privacy (WEP) algorithm. WEP is a set of security services used to protect 802.11 networks from unauthorized access, such as eavesdropping; in this case, the capture of wireless network traffic. When data encryption is enabled, secret shared encryption keys are generated and used by the source station and the destination station to alter frame bits, thus avoiding disclosure to eavesdroppers. Under shared key authentication, each wireless station is assumed to have received a secret shared key over a secure channel that is independent from the 802.11 wireless network communications channel. Encryption Strength This drop-down list box will display when WEP Encryption is enabled. The key strength is proportional to the number of binary bits comprising the key. This means that keys with a greater number of bits have a greater degree of security and are considerably more difficult to crack. Encryption strength can be set to either 64-bit or 128-bit. A 64-bit key is equivalent to 5 ASCII characters or 10 hexadecimal numbers. A 128-bit key contains 13 ASCII characters or 26 hexadecimal numbers. Each key contains a 24-bit header (an initiation vector) which enables parallel decoding of multiple streams of encrypted data. 110 6.13.3 WPS 2.4GHz Wi-Fi Protected Setup (WPS) is an industry standard that simplifies wireless security setup for certified network devices. Every WPS certified device has both a PIN number and a push button, located on the device or accessed through device software. The VR-3063 has a 2.4G WiFi On/Off & WPS button on the device. Devices with the WPS logo (shown here) support WPS. If the WPS logo is not present on your device it still may support WPS, in this case, check the device documentation for the phrase “Wi-Fi Protected Setup”. NOTE: WPS is available in Open, WPA2-PSK and Mixed WPA2/WPA-PSK network authentication modes. Other authentication modes do not use WPS so they must be configured manually. To configure security settings with WPS, follow the procedures below. I. Setup Step 1: Enable WPS by selecting Enabled from the drop down list box shown. IIa. PUSH-BUTTON CONFIGURATION The WPS push-button configuration provides a semi-automated configuration method. The 2.4G WiFi On/Off & WPS button on the front panel of the router can be used for this purpose. The WPS push-button configuration is described in the procedure below. It is assumed that the Wireless function is Enabled and that the router is configured as the Wireless Access Point (AP) of your WLAN. In addition, the wireless client must also be configured correctly and turned on, with WPS function enabled. NOTE: The wireless AP on the router searches for 2 minutes. If the router stops searching before you complete Step 4, return to Step 3. Step 2: Press WPS button Press and release the 2.4G WiFi On/Off & WPS button on the front panel of the router. The WPS LED will blink to show that the router has begun searching for the client. Step 3: Go to your WPS wireless client and activate the push-button function. A typical WPS client screenshot is shown below as an example. Now go to Step 4 (part III. Check Connection) to check the WPS connection. 111 IIb. WPS – PIN CONFIGURATION Using this method, security settings are configured with a personal identification number (PIN). The PIN can be found on the device itself or within the software. The PIN may be generated randomly in the latter case. To obtain a PIN number for your client, check the device documentation for specific instructions. The WPS PIN configuration is described in the procedure below. It is assumed that the Wireless function is Enabled and that the router is configured as the Wireless Access Point (AP) of your wireless LAN. In addition, the wireless client must also be configured correctly and turned on, with WPS function enabled. Step 2: Select the Use STA PIN radio button in the WPS Setup section of the Wireless Security screen, as shown in A below. A - Input the STA PIN* and click the Add Enrollee button. * Personal Identification Number (PIN) has to be read from either a sticker or the display on the new wireless device. Step 3: Activate the PIN function on the wireless client. configured as an Enrollee. The client must be The figure below provides an example of a WPS client PIN function in-progress. III. CHECK CONNECTION Step 4: If the WPS setup method was successful, you will be able access the wireless AP from the client. The client software should show the status. The example below shows that the connection established successfully. You can also double-click the Wireless Network Connection icon from the Network Connections window (or the system tray) to confirm the status of the new connection. 112 6.13.4 Advanced 2.4GHz The Advanced screen allows you to configure advanced features of the wireless LAN interface. You can select a particular channel on which to operate, force the transmission rate to a particular speed, set the fragmentation threshold, set the RTS threshold, set the wakeup interval for clients in power-save mode, set the beacon interval for the access point, set XPress mode and set whether short or long preambles are used. Click Save/Apply to set new advanced wireless options. Field Description Band Set to 2.4 GHz for compatibility with IEEE 802.11x standards. The new amendment allows IEEE 802.11n units to fall back to slower speeds so that legacy IEEE 802.11x devices can coexist in the same network. IEEE 802.11g creates data-rate parity at 2.4 GHz with the IEEE 802.11a standard, which has a 54 Mbps rate at 5 GHz. (IEEE 802.11a has other differences compared to IEEE 802.11b or g, such as offering more channels.) Fragmentation Threshold A threshold, specified in bytes, that determines whether packets will be fragmented and at what size. On an 802.11 WLAN, packets that exceed the fragmentation threshold are fragmented, i.e., split into, smaller units suitable for the circuit size. Packets smaller than the specified fragmentation threshold value are not fragmented. Enter a value between 256 and 2346. If you experience a high packet error rate, try to slightly increase your Fragmentation Threshold. The value should remain at its default setting of 2346. Setting the Fragmentation Threshold too low may result in poor performance. 113 Field Description RTS Threshold Request to Send, when set in bytes, specifies the packet size beyond which the WLAN Card invokes its RTS/CTS mechanism. Packets that exceed the specified RTS threshold trigger the RTS/CTS mechanism. The NIC transmits smaller packet without using RTS/CTS. The default setting of 2347 (maximum length) disables RTS Threshold. DTIM Interval Delivery Traffic Indication Message (DTIM) is also known as Beacon Rate. The entry range is a value between 1 and 65535. A DTIM is a countdown variable that informs clients of the next window for listening to broadcast and multicast messages. When the AP has buffered broadcast or multicast messages for associated clients, it sends the next DTIM with a DTIM Interval value. AP Clients hear the beacons and awaken to receive the broadcast and multicast messages. The default is 1. Beacon Interval The amount of time between beacon transmissions in milliseconds. The default is 100 ms and the acceptable range is 1 – 65535. The beacon transmissions identify the presence of an access point. By default, network devices passively scan all RF channels listening for beacons coming from access points. Before a station enters power save mode, the station needs the beacon interval to know when to wake up to receive the beacon (and learn whether there are buffered frames at the access point). Enable Smart Antenna Selection The smart antenna feature can be enabled to allow the wireless chip to detect client position and automatically select wireless antenna to provide maximum performance at a different angle. Transmit Power Set the power output (by percentage) as desired. 114 6.13.5 Basic 5GHz The Basic option allows you to configure basic features of the wireless LAN interface. Among other things, you can enable or disable the wireless LAN interface, hide the network from active scans, set the wireless network name (also known as SSID) and restrict the channel set based on country requirements. Click Save/Apply to configure the basic wireless options. Consult the table below for descriptions of these options. Option Description Enable Wireless A checkbox that enables or disables the wireless LAN interface. When selected, a set of basic wireless options will appear. Hide Access Point Select Hide Access Point to protect the access point from detection by wireless active scans. To view and connect to available wireless networks in Windows, open Connect to a Network by clicking the network icon ( or ) in the notification area. If the access point is hidden, it will not be listed there. To connect a client to a hidden access point, the station must add the access point manually to its wireless configuration. 115 Option Description SSID Sets the wireless network name. SSID stands for Service Set Identifier. All stations must be configured with the correct SSID to access the WLAN. If the SSID does not match, that user will not be granted access. [1-32 characters] Channel Drop-down menu that allows selection of a specific channel. Country Local regulations limit channel range: US/Canada = 1-11. Bandwidth To utilize maximum data throughput, select 80MHz in 5G band. Max Clients The maximum number of clients that can access the router. Wireless - Guest / Virtual Access Points This router supports multiple SSIDs called Guest SSIDs or Virtual Access Points. To enable one or more Guest SSIDs select the checkboxes in the Enabled column. To hide a Guest SSID select its checkbox in the Hidden column. Do the same for Isolate Clients and Disable WMM Advertise. For a description of these two functions, see the previous entries for “Clients Isolation” and “Disable WMM Advertise”. Similarly, for Enable WMF, Max Clients and BSSID, consult the matching entries in this table. NOTE: Remote wireless hosts cannot scan Guest SSIDs. 116 6.13.6 Security 5GHz The following screen appears when Wireless Security is selected. The options shown here allow you to configure security features of the wireless LAN interface. Please see 6.13.7 for WPS setup instructions. Click Save/Apply to implement new configuration settings. WIRELESS SECURITY Setup requires that the user configure these settings using the Web User Interface (see the table below). Select SSID Select the wireless network name from the drop-down menu. SSID stands for Service Set Identifier. All stations must be configured with the correct SSID to access the WLAN. If the SSID does not match, that client will not be granted access. Network Authentication This option specifies whether a network key is used for authentication to the wireless network. If network authentication is set to Open, then no authentication is provided. Despite this, the identity of the client is still verified. Each authentication type has its own settings. For example, selecting 802.1X authentication will reveal the RADIUS Server IP address, Port and Key fields. WEP Encryption will also be enabled as shown below. Different authentication type pops up different settings requests. Choosing 802.1X, enter RADIUS Server IP address, RADIUS Port, RADIUS key and Current Network Key. Also, enable WEP Encryption and select Encryption Strength. 117 Choosing WPA2-PSK, you must enter WPA/WAPI passphrase and Group Rekey Interval. WEP Encryption This option specifies whether data sent over the network is encrypted. The same network key is used for data encryption and network authentication. Four network keys can be defined although only one can be used at any one time. Use the Current Network Key list box to select the appropriate network key. Security options include authentication and encryption services based on the wired equivalent privacy (WEP) algorithm. WEP is a set of security services used to protect 802.11 networks from unauthorized access, such as eavesdropping; in this case, the capture of wireless network traffic. When data encryption is enabled, secret shared encryption keys are generated and used by the source station and the destination station to alter frame bits, thus avoiding disclosure to eavesdroppers. Under shared key authentication, each wireless station is assumed to have received a secret shared key over a secure channel that is independent from the 802.11 wireless network communications channel. Encryption Strength This drop-down list box will display when WEP Encryption is enabled. The key strength is proportional to the number of binary bits comprising the key. This means that keys with a greater number of bits have a greater degree of security and are considerably more difficult to crack. Encryption strength can be set to either 64-bit or 128-bit. A 64-bit key is equivalent to 5 ASCII characters or 10 hexadecimal numbers. A 128-bit key contains 13 ASCII characters or 26 hexadecimal numbers. Each key contains a 24-bit header (an initiation vector) which enables parallel decoding of multiple streams of encrypted data. 118 6.13.7 WPS 5GHz Wi-Fi Protected Setup (WPS) is an industry standard that simplifies wireless security setup for certified network devices. Every WPS certified device has both a PIN number and a push button, located on the device or accessed through device software. The VR-3063 has a WiFi On/Off & WPS button on the device. Devices with the WPS logo (shown here) support WPS. If the WPS logo is not present on your device it still may support WPS, in this case, check the device documentation for the phrase “Wi-Fi Protected Setup”. NOTE: WPS is available in Open, WPA2-PSK and Mixed WPA2/WPA-PSK network authentication modes. Other authentication modes do not use WPS so they must be configured manually. To configure security settings with WPS, follow the procedures below. I. Setup Step 1: Ia. Enable WPS by selecting Enabled from the drop down list box shown. PUSH-BUTTON CONFIGURATION The WPS push-button configuration provides a semi-automated configuration method. The WiFi On/Off & WPS button on the front panel of the router can be used for this purpose. The WPS push-button configuration is described in the procedure below. It is assumed that the Wireless function is Enabled and that the router is configured as the Wireless Access Point (AP) of your WLAN. In addition, the wireless client must also be configured correctly and turned on, with WPS function enabled. NOTE: The wireless AP on the router searches for 2 minutes. If the router stops searching before you complete Step 4, return to Step 3. Step 2: Press WPS button Press and release the 2.4G WiFi On/Off & WPS button on the front panel of the router. The WPS LED will blink to show that the router has begun searching for the client. Step 3: Go to your WPS wireless client and activate the push-button function. A typical WPS client screenshot is shown below as an example. Now go to Step 4 (part III. Check Connection) to check the WPS connection. 119 IIb. WPS – PIN CONFIGURATION Using this method, security settings are configured with a personal identification number (PIN). The PIN can be found on the device itself or within the software. The PIN may be generated randomly in the latter case. To obtain a PIN number for your client, check the device documentation for specific instructions. The WPS PIN configuration is described in the procedure below. It is assumed that the Wireless function is Enabled and that the router is configured as the Wireless Access Point (AP) of your wireless LAN. In addition, the wireless client must also be configured correctly and turned on, with WPS function enabled. Step 2: Select the Use STA PIN radio button in the WPS Setup section of the Wireless Security screen, as shown in A below. A - Input the STA PIN* and click the Add Enrollee button. * Personal Identification Number (PIN) has to be read from either a sticker or the display on the new wireless device. Step 3: Activate the PIN function on the wireless client. configured as an Enrollee. The client must be The figure below provides an example of a WPS client PIN function in-progress. III. CHECK CONNECTION Step 4: If the WPS setup method was successful, you will be able access the wireless AP from the client. The client software should show the status. The example below shows that the connection established successfully. You can also double-click the Wireless Network Connection icon from the Network Connections window (or the system tray) to confirm the status of the new connection. 120 6.13.8 Advanced 5GHz The Advanced screen allows you to configure advanced features of the wireless LAN interface. You can select a particular channel on which to operate, force the transmission rate to a particular speed, set the fragmentation threshold, set the RTS threshold, set the wakeup interval for clients in power-save mode, set the beacon interval for the access point, set XPress mode and set whether short or long preambles are used. Click Save/Apply to set new advanced wireless options. Field Description Band 5GHz band is used for high speed wireless network as defined in IEEE 802.11ac Fragmentation Threshold A threshold, specified in bytes, that determines whether packets will be fragmented and at what size. On an 802.11 WLAN, packets that exceed the fragmentation threshold are fragmented, i.e., split into, smaller units suitable for the circuit size. Packets smaller than the specified fragmentation threshold value are not fragmented. Enter a value between 256 and 2346. If you experience a high packet error rate, try to slightly increase your Fragmentation Threshold. The value should remain at its default setting of 2346. Setting the Fragmentation Threshold too low may result in poor performance. RTS Threshold Request to Send, when set in bytes, specifies the packet size beyond which the WLAN Card invokes its RTS/CTS mechanism. Packets that exceed the specified RTS threshold trigger the RTS/CTS mechanism. The NIC transmits smaller packet without using RTS/CTS. The default setting of 2347 (maximum length) disables RTS Threshold. 121 Field Description DTIM Interval Delivery Traffic Indication Message (DTIM) is also known as Beacon Rate. The entry range is a value between 1 and 65535. A DTIM is a countdown variable that informs clients of the next window for listening to broadcast and multicast messages. When the AP has buffered broadcast or multicast messages for associated clients, it sends the next DTIM with a DTIM Interval value. AP Clients hear the beacons and awaken to receive the broadcast and multicast messages. The default is 1. Beacon Interval The amount of time between beacon transmissions in milliseconds. The default is 100 ms and the acceptable range is 1 – 65535. The beacon transmissions identify the presence of an access point. By default, network devices passively scan all RF channels listening for beacons coming from access points. Before a station enters power save mode, the station needs the beacon interval to know when to wake up to receive the beacon (and learn whether there are buffered frames at the access point). Enable Smart Antenna Selection The smart antenna feature can be enabled to allow wireless chip to detect client position and automatically select wireless antenna to provide maximum performance at different angle. Transmit Power Set the power output (by percentage) as desired. 122 Chapter 7 Diagnostics You can reach this page by clicking on the following icon located at the top of the screen. 7.1 Diagnostics – Individual Tests The first Diagnostics screen is a dashboard that shows overall connection status. Click the Diagnostics Menu item on the left side of the screen to display the individual connections. 123 7.2 Ethernet OAM The Ethernet OAM (Operations, Administration, Management) page provides settings to enable/disable 802.3ah, 802.1ag/Y1.731 OAM protocols. To enable Ethernet Link OAM (802.3 ah), click Enabled to display the full configuration list. At least one option must be enabled for 802.1ah. 124 WAN Interface OAM ID Auto Event Variable Retrieval Link Events Remote Loopback Active mode Select layer 2 WAN interface for outgoing OAM packets OAM Identification number Supports OAM auto event Supports OAM variable retrieval Supports OAM link events Supports OAM remove loopback Supports OAM active mode 125 To enable Ethernet Service OAM (802.1ag/Y1731), click Enabled to display the full configuration list. Click Apply/Save to implement new configuration settings. WAN Interface MD Level MD Name MA ID Local MEP ID Local MEP VLAN ID Select from the list of WAN Interfaces to send OAM packets Maintenance Domain Level Maintenance Domain name Maintenance Association Identifier Local Maintenance association End Point Identifier VLAN IP used for Local Maintenance End point Click CCM Transmission to enable CPE sending Continuity Check Message (CCM) continuously. Remote MEP ID Maintenance association End Point Identifier for the remote receiver To perform Loopback/Linktrace OAM test, enter the Target MAC of the destination and click “Send Loopback” or “Send Linktrace” button. Target MAC Linktrace TTL MAC Address of the destination to send OAM loopback/linktrace packet Time to Live value for the loopback/linktrace packet 126 7.3 Ping Input the IP address/hostname and click the Ping button to execute ping diagnostic test to send the ICMP request to the specified host. 127 7.4 Trace Route Input the IP address/hostname and click the TraceRoute button to execute the trace route diagnostic test to send the ICMP packets to the specified host. 128 Chapter 8 Management You can reach this page by clicking on the following icon located at the top of the screen. The Management menu has the following maintenance functions and processes: 8.1 Settings This includes Backup Settings, Update Settings, and Restore Default screens. 8.1.1 Backup Settings To save the current configuration to a file on your PC, click Backup Settings. You will be prompted for backup file location. This file can later be used to recover settings on the Update Settings screen, as described below. 129 8.1.2 Update Settings This option recovers configuration files previously saved using Backup Settings. Press Browse… to search for the file, or enter the file name (including folder path) in the File Name box, and then click Update Settings to recover settings. 8.1.3 Restore Default Click Restore Default Settings to restore factory default settings. After Restore Default Settings is clicked, the following screen appears. Close the browser and wait for 2 minutes before reopening it. It may also be necessary, to reconfigure your PC IP configuration to match any new settings. NOTE: This entry has the same effect as the Reset button. The VR-3063 board hardware and the boot loader support the reset to default. If the Reset button is continuously pressed for more than 10 seconds, the current configuration data will be erased. If the Reset button is continuously pressed for more than 60 seconds, the boot loader will erase all configuration data saved in flash memory and enter bootloader mode. 130 8.2 System Log This function allows a system log to be kept and viewed upon request. Follow the steps below to configure, enable, and view the system log. STEP 1: Click Configure System Log, as shown below (circled in Red). STEP 2: Select desired options and click Save/Apply. Consult the table below for detailed descriptions of each system log option. Option Description Log Indicates whether the system is currently recording events. The user can enable or disable event logging. By default, it is disabled. To enable it, select the Enable radio button and then click Save/Apply. 131 Option Description Log Level Allows you to configure the event level and filter out unwanted events below this level. The events ranging from the highest critical level “Emergency” down to this configured level will be recorded to the log buffer on the VR-3063 SDRAM. When the log buffer is full, the newer event will wrap up to the top of the log buffer and overwrite the old event. By default, the log level is “Debugging”, which is the lowest critical level. The log levels are defined as follows: Emergency = system is unusable Alert = action must be taken immediately Critical = critical conditions Error = Error conditions Warning = normal but significant condition Notice= normal but insignificant condition Informational= provides information for reference Debugging = debug-level messages Emergency is the most serious event level, whereas Debugging is the least important. For instance, if the log level is set to Debugging, all the events from the lowest Debugging level to the most critical level Emergency level will be recorded. If the log level is set to Error, only Error and the level above will be logged. Display Level Allows the user to select the logged events and displays on the View System Log window for events of this level and above to the highest Emergency level. Mode Allows you to specify whether events should be stored in the local memory, or be sent to a remote system log server, or both simultaneously. If remote mode is selected, view system log will not be able to display events saved in the remote system log server. When either Remote mode or Both mode is configured, the WEB UI will prompt the user to enter the Server IP address and Server UDP port. STEP 3: Click View System Log. The results are displayed as follows. 132 8.3 SNMP Agent Simple Network Management Protocol (SNMP) allows a management application to retrieve statistics and status from the SNMP agent in this device. Select the Enable radio button, configure options, and click Save/Apply to activate SNMP. 133 8.4 TR-069 Client WAN Management Protocol (TR-069) allows an Auto-Configuration Server (ACS) to perform auto-configuration, provision, collection, and diagnostics to this device. Select desired values and click Save/Apply to configure TR-069 client options. The table below is provided for ease of reference. Option Description OUI-serial The serial number used to identify the CPE when making a connection to the ACS using the CPE WAN Management Protocol. Select MAC to use the router’s MAC address as serial number to authenticate with the ACS or select serial number to use the router’s serial number. Inform Disable/Enable TR-069 client on the CPE. Inform Interval The duration in seconds of the interval for which the CPE MUST attempt to connect with the ACS and call the Inform method. ACS URL URL for the CPE to connect to the ACS using the CPE WAN Management Protocol. This parameter MUST be in the form of a valid HTTP or HTTPS URL. An HTTPS URL indicates that the ACS supports SSL. The “host” portion of this URL is used by the CPE for validating the certificate from the ACS when using certificate-based authentication. ACS User Name Username used to authenticate the CPE when making a connection to the ACS using the CPE WAN Management Protocol. This username is used only for HTTP-based authentication of the CPE. 134 Option Description ACS Password Password used to authenticate the CPE when making a connection to the ACS using the CPE WAN Management Protocol. This password is used only for HTTP-based authentication of the CPE. WAN Interface used by TR-069 client Choose Any_WAN, LAN, Loopback or a configured connection. Connection Request Authentication Tick the checkbox to enable. User Name Username used to authenticate an ACS making a Connection Request to the CPE. Password Password used to authenticate an ACS making a Connection Request to the CPE. URL IP address and port the ACS uses to connect to the router. The Send Inform button forces the CPE to establish an immediate connection to the ACS. 135 8.5 Internet Time This option automatically synchronizes the router time with Internet timeservers. To enable time synchronization, tick the corresponding checkbox , choose your preferred time server(s), select the correct time zone offset, and click Save/Apply. NOTE: Internet Time must be activated to use. See 5.5 Parental Control. The internet time feature will not operate when the router is in bridged mode, since the router would not be able to connect to the NTP timeserver. 136
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : No Tagged PDF : Yes XMP Toolkit : Adobe XMP Core 5.6-c015 84.159810, 2016/09/10-02:41:30 Modify Date : 2018:11:29 16:57:37+08:00 Create Date : 2018:11:29 16:57:26+08:00 Metadata Date : 2018:11:29 16:57:37+08:00 Creator Tool : Microsoft® Word 2016 Format : application/pdf Title : CT-5374 Description : Multi-DSL WLAN Router Creator : Technical Writer Document ID : uuid:85915ef2-ede6-4f13-9cd9-cffdaa49767e Instance ID : uuid:24a06729-868a-454f-98ea-a8dbdbd7e9ef Producer : Microsoft® Word 2016 Page Count : 67 Author : Technical Writer Keywords : Multi-DSL, WLAN, Router, CT-5374 Subject : Multi-DSL WLAN RouterEXIF Metadata provided by EXIF.tools