Green Packet Berhad OX350I-GP WiMAX Outdoor CPE User Manual rev1
Green Packet Berhad, Taiwan WiMAX Outdoor CPE rev1
Contents
- 1. User manual rev1
- 2. UM
User manual rev1
User Manual OX-350I WiMAX Outdoor CPE Version: 1.2 Date: Oct. 04, 2011 Page 1 of 91 OX-350I User Manual Rev1.2 Previous History Revision 1.0 1.1 1.2 Date of Issue 2011/08/31 2011/09/21 2011/10/04 Scope Initial document Add FCC Warning Wording Modify Important Notice content in page 4 Author Alpha C. Tony Kao Tony Kao Page 2 of 91 OX-350I User Manual Rev1.2 Federal Communication Commission Interference Statement : This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for help. FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Page 3 of 91 OX-350I User Manual Rev1.2 FCC Radiation Exposure Statement: This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 60cm between the radiator & your body. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. Due to the essential high output power natural of WiMAX device, use of this device with other transmitter at the same time may exceed the FCC RF exposure limit and such usage must be prohibited (unless such co-transmission has been approved by FCC in the future). IMPORTANT NOTE: According to FCC regulation (FCC 05-56), in order for the device to safely operate in the 3.675~3.700 GHz range, the device shall be connected to a Base station which supports "listen mode" and can instruct this device accordingly. Page 4 of 91 OX-350I User Manual Rev1.2 Table of Contents Previous History ............................................................................................... 2 1. 2. 3. 4. 5. Introduction ............................................................................................. 16 1.1. Connect........................................................................................ 16 1.2. Logout .......................................................................................... 17 Status ...................................................................................................... 18 2.1. WiMAX Status .............................................................................. 18 2.2. Network Status ............................................................................. 18 2.3. Device Status ............................................................................... 19 Personalization ....................................................................................... 20 3.1. Account ........................................................................................ 20 3.2. Date ............................................................................................. 21 3.2.1. Date................................................................................... 22 3.2.2. Time Zone ......................................................................... 23 WiMAX .................................................................................................... 24 4.1. Scanner........................................................................................ 24 4.2. Authentication .............................................................................. 26 4.3. Wide Scan.................................................................................... 29 Networking .............................................................................................. 31 5.1. Bridge/NAT mode ......................................................................... 31 Page 5 of 91 OX-350I User Manual Rev1.2 5.2. 5.1.1. LAN ................................................................................... 31 5.1.2. WAN .................................................................................. 32 5.1.3. PPPoE ............................................................................... 34 5.1.4. GRE .................................................................................. 36 5.1.5. EtherIP .............................................................................. 37 5.1.6. VLAN ................................................................................. 37 5.1.7. QoS ................................................................................... 39 Firewall......................................................................................... 40 5.2.1. HTTP ................................................................................. 40 5.2.2. TELNET ............................................................................ 41 5.2.3. SSH ................................................................................... 42 5.2.4. DMZ .................................................................................. 42 5.2.5. IP Filiter ............................................................................. 43 5.2.6. MAC Filiter......................................................................... 44 5.2.7. URL Filiter ......................................................................... 46 5.3. DHCP Server ............................................................................... 47 5.4. NAT ALG ...................................................................................... 50 5.5. Forwarding ................................................................................... 51 5.6. Trigger .......................................................................................... 52 5.7. DDNS ........................................................................................... 54 Page 6 of 91 OX-350I User Manual Rev1.2 6. 5.8. UPnP............................................................................................ 56 5.9. Ping .............................................................................................. 57 Management ........................................................................................... 58 6.1. TR-069 ......................................................................................... 58 6.2. OMA-DM ...................................................................................... 59 6.3. SNMP........................................................................................... 61 6.4. Log ............................................................................................... 62 6.5. 6.6. 7. 6.4.1. Log Setting ........................................................................ 62 6.4.2. Log Display ....................................................................... 63 Upgrade ....................................................................................... 64 6.5.1. Upgrade File ...................................................................... 64 6.5.2. Upgrade Link ..................................................................... 65 6.5.3. CWMP Upgrade ................................................................ 66 Recovery ...................................................................................... 66 6.6.1. Backup .............................................................................. 67 6.6.2. Restore .............................................................................. 69 6.6.3. Factory Defaults ................................................................ 70 VPN ........................................................................................................ 71 7.1. PPTP............................................................................................ 71 7.1.1. PPTP Server ..................................................................... 71 Page 7 of 91 OX-350I User Manual Rev1.2 7.1.2. 7.2. 7.3. 8. PPTP Client ....................................................................... 74 L2TP ............................................................................................ 75 7.2.1. L2TP Server ...................................................................... 76 7.2.2. L2TP Client........................................................................ 79 IPsec ............................................................................................ 81 Quick Installation Guide ........................................... 錯誤! 錯誤 尚未定義書籤。 尚未定義書籤。 Page 8 of 91 OX-350I User Manual Rev1.2 List of Figures Figure 1 Login............................................................................................ 17 Figure 2 Logout ......................................................................................... 17 Figure 3 Status>WiMAX Status.................................................................. 18 Figure 4 Status>Network Status ................................................................ 19 Figure 5 Status>Device Status................................................................... 19 Figure 6 Personalization>Account ............................................................. 20 Figure 7 Personalization>Date>Date ......................................................... 22 Figure 8 Personalization>Date>Time Zone ............................................... 23 Figure 9 Wireless Broadband Access ........................................................ 24 Figure 10 WiMAX>Scanner ..................................................................... 25 Figure 11 WiMAX>Authentication(No authentication) .............................. 26 Figure 12 WiMAX>Authentication(User authentication) ........................... 28 Figure 13 WiMAX>Wide Scan.................................................................. 30 Figure 14 Network Topology .................................................................... 31 Figure 15 Networking>Bridge/NAT mode>LAN ........................................ 31 Figure 16 Networking>Bridge/NAT mode>WAN ...................................... 32 Figure 17 Networking>Bridge/NAT mode>PPPoE ................................... 35 Figure 18 Networking>Bridge/NAT mode>GRE ....................................... 36 Figure 19 Networking>Bridge/NAT mode>EtherIP ................................... 37 Page 9 of 91 OX-350I User Manual Rev1.2 Figure 20 Networking>Bridge/NAT mode>VLAN ..................................... 38 Figure 21 Networking>Bridge/NAT mode>QoS........................................ 39 Figure 22 Networking>Firewall>HTTP ..................................................... 40 Figure 23 Networking>Firewall>TELNET ................................................. 41 Figure 24 Networking>Firewall>SSH ....................................................... 42 Figure 25 Networking>Firewall>DMZ ....................................................... 43 Figure 26 Networking>Firewall>IP Filter .................................................. 43 Figure 27 Networking>Firewall>MAC Filter.............................................. 45 Figure 28 Networking>Firewall>URL Filter .............................................. 46 Figure 29 Networking>DHCP Server ....................................................... 48 Figure 30 Networking>NAT ALG .............................................................. 50 Figure 31 Networking>Forwarding ........................................................... 51 Figure 32 Networking>Forwarding>Wizard .............................................. 51 Figure 33 Networking>Trigger .................................................................. 53 Figure 34 Networking>Trigger>Wizard .................................................... 53 Figure 35 Networking>DDNS ................................................................... 55 Figure 36 Networking>UPnP ................................................................... 56 Figure 37 Networking>Ping ...................................................................... 57 Figure 38 Management>TR-069 .............................................................. 58 Figure 39 Management>OMA-DM ........................................................... 60 Page 10 of 91 OX-350I User Manual Rev1.2 Figure 40 Management>SNMP................................................................ 61 Figure 41 Management>Log>Log Setting ................................................ 62 Figure 42 Management>Log>Log Display ............................................... 63 Figure 43 Management>Upgrade>Upgrade File...................................... 64 Figure 44 Management>Upgrade>Upgrade Link ..................................... 65 Figure 45 Management>Upgrade>CWMP Upgrade ................................ 66 Figure 46 Management>Recovery>Backup ............................................. 67 Figure 47 File Download .......................................................................... 67 Figure 48 Save File As ............................................................................. 68 Figure 49 Management>Recovery>Restore ............................................ 69 Figure 50 Management>Recovery>Factory Defaults ............................... 70 Figure 51 Restore to factory reset warning .............................................. 70 Figure 52 VPN>PPTP>PPTP Server ....................................................... 72 Figure 53 VPN>PPTP>PPTP Client......................................................... 74 Figure 54 VPN>PPTP>PPTP Client>Add ................................................ 74 Figure 55 VPN>L2TP>L2TP Server ......................................................... 77 Figure 56 VPN>L2TP>L2TP Client .......................................................... 79 Figure 57 VPN>L2TP>L2TP Client>Add .................................................. 80 Figure 58 VPN>IPsec Overview............................................................... 81 Figure 59 VPN>IPsec>Add ...................................................................... 83 Page 11 of 91 OX-350I User Manual Rev1.2 Figure 60 Mounting accessory list ................................................................. 87 Figure 61 Pole-Mount the Outdoor CPE Device ............................................ 89 Figure 62 Wall-Mount the Outdoor CPE Device ............................................ 90 Figure 63 Connect the ground wire ............................................................... 91 Page 12 of 91 OX-350I User Manual Rev1.2 List of Tables Table 1 Field definition for Personalization>Account ................................ 21 Table 2 Field definition for Personalization>Date>Date ........................... 23 Table 3 Field definition for Personalization>Date>Time Zone .................. 23 Table 4 Field definition for WiMAX>Scanner ............................................ 26 Table 5 Field definition for WiMAX>Authentication................................... 29 Table 6 Field definition for WiMAX>Wide Scan ........................................ 30 Table 7 Field definition for Networking>Bridge/NAT mode>LAN .............. 32 Table 8 Field definition for Networking>Bridge/NAT mode>WAN ............. 34 Table 9 Field definition for Networking>Bridge/NAT mode>PPPoE.......... 36 Table 10 Field definition for Networking>Bridge/NAT mode>GRE ............. 37 Table 11 Field definition for Networking>Bridge/NAT mode>EtherIP ......... 37 Table 12 Field definition for Networking>Bridge/NAT mode>VLAN ............ 39 Table 13 Field definition for Networking>Bridge/NAT mode>QoS .............. 40 Table 14 Field definition for Networking>Firewall>HTTP ........................... 41 Table 15 Field definition for Networking>Firewall>TELNET ....................... 42 Table 16 Field definition for Networking>Firewall>SSH ............................. 42 Table 17 Field definition for Networking>Firewall>IP Filter......................... 44 Table 18 Field definition for Networking>Firewall>MAC Filter .................... 45 Table 19 Field definition for Networking>Firewall>URL Filter ..................... 46 Page 13 of 91 OX-350I User Manual Rev1.2 Table 20 Field definition for Networking>DHCP Server .............................. 50 Table 21 Field definition for Networking>Forwarding ................................. 52 Table 22 Field definition for Networking>Trigger ........................................ 54 Table 23 Field definition for Networking>DDNS ......................................... 56 Table 24 Field definition for Networking>UPnP .......................................... 57 Table 25 Field definition for Networking>Ping ............................................ 57 Table 26 Field definition for Management>TR-069 .................................... 59 Table 27 Field definition for Management>OMA-DM ................................. 61 Table 28 Field definition for Management>SNMP ...................................... 62 Table 29 Field definition for Management>Log>Log Setting ...................... 63 Table 30 Field definition for Management>Upgrade>Upgrade File ............ 65 Table 31 Field definition for Management>Upgrade>Upgrade Link ........... 66 Table 32 Field definition for Management>Upgrade>CWMP Upgrade ...... 66 Table 33 Field definition for Management>Recovery>Backup ................... 68 Table 34 Field definition for Management>Recovery>Restore................... 69 Table 35 Field definition for VPN>PPTP>PPTP Server.............................. 74 Table 36 Field definition for VPN>PPTP>PPTP Client ............................... 75 Table 37 Field definition for VPN>L2TP>L2TP Server ............................... 79 Table 38 Field definition for VPN>L2TP>L2TP Client ................................ 81 Table 39 Field definition for VPN>IPsec>Add ............................................ 86 Page 14 of 91 OX-350I User Manual Rev1.2 Page 15 of 91 OX-350I User Manual Rev1.2 1. Introduction The CPE Software platform comes with a Web-based Configuration Manager, which gives users the ability to manage, configure and analyze the platforms environment. The Connection Manager works with all versions of Windows after Windows 95. The supported browser version: Internet Explorer Ver 8.06001 or later (Recommended) FireFox Ver.3.6.3 and higher Google Chrome Ver.5.0.375.125 and higher Opera Ver.9.64 and higher Safari Ver.4.05 and higher 1.1. Connect Users need to connect to the CPE platform. It’s assumed that the user has a fully working CPE platform and properly connected. From the web browser connect to the device, entering the IP address of the device; it will prompt user to enter the username and password. The default IP address, usernames and passwords are as follows. Default IP Address 192.168.0.254 Username/Password admin/admin guest/guest Page 16 of 91 OX-350I User Manual Rev1.2 Figure 1 Login 1.2. Logout The “Logout” window allows users to disconnect from the device and exit the Web-based Configuration Manager. Figure 2 Logout Page 17 of 91 OX-350I User Manual Rev1.2 2. Status After user has established a connection, user will see the “Status” window. It gives user an initial overview of the current status of the device. 2.1. WiMAX Status This window shows the information of system status, WiMAX link status and service flow status. Figure 3 Status>WiMAX Status 2.2. Network Status This window shows the information of WAN status and LAN status. Page 18 of 91 OX-350I User Manual Rev1.2 Figure 4 Status>Network Status 2.3. Device Status This window shows the information of device status. Figure 5 Status>Device Status Page 19 of 91 OX-350I User Manual Rev1.2 3. Personalization 3.1. Account Note: The default usernames and passwords are admin/admin and guest/guest. The user with administrative privileges (belonging to the “admin” group) has access to all the features in the software. A user with “guest” privileges (belonging to the “guest” group) only has a subset of the features available to them. Note: There can only be one username in each of the groups (one to one relationship). Figure 6 Personalization>Account Name Description Change Password Page 20 of 91 OX-350I User Manual Rev1.2 Select which group the user belongs to that user would like to change the password for. Group admin, if the user is part of the admin group, they have full access to all the features. guest, if the user is part of the guest group, they have limited access to the features. Old Password Enter the old password. New Password Enter the new password. Retype Retype the new password. Save Commit the changes made and save to CPE, it will only commit the change made to the password. Cancel Reset fields to the last saved values. Change Username Select which group the user belongs to that user would like to change the username for. admin, if the user is part of the admin group, they have full access to the features. guest, if the user is part of the guest group, they Group have limited access to the features. Old Username Enter the username user wants to change. New Username Enter the new username. Enter the original password, the password will not Password change. If user enter an incorrect or different password the change will not be committed Save Commit the changes made and save to CPE, it will only commit the change made to the username. Cancel Reset fields to the last saved values. Table 1 Field definition for Personalization>Account 3.2. Date User can configure the date and time on the device. The user can manually configure the system time, or choose to get the date and time from a time server. The “Save” button will commit the configuration, and the “Cancel” button will clear Page 21 of 91 OX-350I User Manual Rev1.2 the fields. The “Time Zone” tab will allow user to set the time zone and set the starting and finish time for daylight saving period. User can also enable or disable “Daylight Savings Time”. Note: If user doesn’t configure the time on the CPE it will use the default system starting time which is set to 1970/1/1 00:00:00 Figure 7 Personalization>Date>Date 3.2.1. Date Name Description Time and Date Setup Manual If user selects the Manual option, then user needs to enter the time and date manually. New Time New time manually entered New Date New date manually entered Get From Time Server If user selects this option it will get the local time from a time server automatically. Time Protocol Select the Time protocol Page 22 of 91 OX-350I User Manual Rev1.2 Name Description Time Server Address Enter the address of the time server. Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 2 Field definition for Personalization>Date>Date 3.2.2. Time Zone Figure 8 Personalization>Date>Time Zone Name Description Time Zone Setup Time Zone Enable Enter the time zone of for the location Daylight If user wants to enable Daylight Savings Time, user Savings needs to check the box. Start Date Enter the beginning date for Daylight Savings time End Date Enter the end date for Daylight Savings time. Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 3 Field definition for Personalization>Date>Time Zone Page 23 of 91 OX-350I User Manual Rev1.2 4. WiMAX This technology is based on the IEEE 802.16 standard, enabling the delivery of last mile wireless broadband access. Figure 9 Wireless Broadband Access 4.1. Scanner The user can set WiMAX standard settings, which include how to establish a connection and get frequency information. The frequency list window will display all the configured frequencies and their bandwidth. To set additional frequencies, click on the “Add” button. Page 24 of 91 OX-350I User Manual Rev1.2 Figure 10 Name WiMAX>Scanner Description Start/Stop Wimax Start Click the “Start” button to connect to a BSID Stop Click the “Stop” button to terminate the connection Connect Type Settings Search Joint Wide Result Click the “Search” button to scan the frequency Scan Yes means to append wide scan result to the frequency setting. Default Bandwidth Select the default bandwidth to be used in Frequency List 5 MHz Page 25 of 91 OX-350I User Manual Rev1.2 Name Description 7 MHz 10 MHz Valid band information. If the frequencies aren’t located Valid Band Info using the valid band range, the frequency setting will be rejected. The "Add" button will allow user to enter more frequency Add lists OK Click the "OK" button to exit table edit mode Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 4 Field definition for WiMAX>Scanner 4.2. Authentication Figure 11 WiMAX>Authentication(No authentication) Page 26 of 91 OX-350I User Manual Rev1.2 Page 27 of 91 OX-350I User Manual Rev1.2 Figure 12 WiMAX>Authentication(User authentication) Name Description Authentication The method used in authentication. No Authentication User Authentication Device Authentication Authentication Mode Data Encryption AES-CCM Data Encryption AES-CBC User and Device Authentication Enable MS’s capability of encrypting/decrypting traffic by AES-CCM. Enable MS's capability of encrypting/decrypting traffic by AES-CBC. Key Encryption AES-key Enable MS's capability of decrypting TEK by wrap AES-Key wrap. Key Encryption AES-ECB Enable MS's capability of decrypting TEK by AES-ECB. EAP Supplicant EAP Mode The EAP method used in authentication Anonymous ID The identity encoded in EAP Identity Response message. User needs to fill the Outer ID at this field. Server Root CA Cert. File The root CA's X.509 certificate. Server Root CA Cert. Info The root CA's certificate information. MTK-Authorized Cert. File Device The MS's X.509 certificate. MTK-Authorized Device Cert. Info The root MS's certificate information. The MS's private key file corresponding to the public Device Private Key key enhanced in x.509 certificate Device Private Key Info The MS's private key information. Device Private Password The key used to decrypt the MS’s private key file Inner Mode Key The EAP-TTLS inner method Page 28 of 91 OX-350I User Manual Rev1.2 Name Description User name The user name used in EAP-TTLS inner method Password The password used in EAP-TTLS inner method. Options puts {am=i} in EAP outer ID Enable Auth Mode i = 1: user authentication Decoration in EAP Outer i = 2: device authentication ID i = 3: user & device authentication Enable Service Mode Decoration in EAP Outer puts {sm=1} in EAP outer ID ID Enable MS to generate 16-bytes random number as Random Outer ID the user name in the EAP Identity Response message. Ignore Cert Verification Same EAP Outer ID in ReAuth MS skips to verify the BS's certificate received in the EAP-TLS or EAP-TTLS procedure. Use the same EAP outer ID when doing re-auth MAC address in EAP-TLS Add MAC address in outer ID when EAP mode is outer ID EAP-TLS Delete existed Certificate file Delete existed Root Remove the files loaded from UI Device Delete device certificate file which was uploaded in Certificate file the field “MTK-authorized Device Certificate” Delete existed Private Key Delete device private key which was uploaded in the field “Device Private Key” Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 5 Field definition for WiMAX>Authentication 4.3. Wide Scan The “Wide Scan” function is used for scanning BS based on scanning rule. User Page 29 of 91 OX-350I User Manual Rev1.2 can set the scan rule with defining start, stop frequency, step, and channel bandwidth, and CPE will base on this rule to scan the BS as shown in Figure 13. The definition for each field is shown on Table 6. Figure 13 Name WiMAX>Wide Scan Description Wide Scan Settings Auto Wide Scan Select “Yes” to do “wide scan” automatically when there are no available BS Wide Range User can specify the wide scan range to reduce search time Scan Add Click the "Add" button to create a new wide scan range OK Click the "OK" button will exit the table edit mode Wide Scan Result Search Show the result of wide scan. Search button can trigger wide scan Clear Clear button clear current search result Save/Cancel Save/Cancel current setting Table 6 Field definition for WiMAX>Wide Scan Page 30 of 91 OX-350I User Manual Rev1.2 5. Networking Refer to Figure 14 for proper network connection. Figure 14 Network Topology 5.1. Bridge/NAT mode 5.1.1. LAN From the “Networking>Bridge/NAT mode>LAN” window, user can update the LAN information as shown in Figure 15. The definition for each field is shown on Table 7. Figure 15 Name Networking>Bridge/NAT mode>LAN Description LAN TCP/IP Page 31 of 91 OX-350I User Manual Rev1.2 Name Description IP Address IP address of CPE IP Subnet Mask Subnet Mask of CPE Save Commits the changes made, and set the LAN IP information, some services will be reloaded. Cancel Reset the fields to the last saved values Table 7 Field definition for Networking>Bridge/NAT mode>LAN 5.1.2. WAN In Figure 16, it demonstrates how to configure WAN settings on CPE web page. The definition for each field is shown on Table 8. Figure 16 Networking>Bridge/NAT mode>WAN Page 32 of 91 OX-350I User Manual Rev1.2 Name Description WAN IP Operation Mode Select the WAN operation mode Bridge Routing NAT Select the NAT Type Symmetric, NAT Type Full cone, Restricted cone, Port-Restricted cone, Select the WAN encapsulation protocol WAN Protocol Ethernet PPPoE GRE Tunnel EtherIP Tunnel Bridging LAN ARP Allow Bridging LAN ARP Yes No Get IP Method Select the IP method From ISP User The time the DHCP client waits to receive the IP address from the BS. If it doesn’t get the IP, it will WAN IP Timeout Request timeout and the CPE will disconnect the WiMAX connection. The default value is 120 seconds. If user enters 0, it will wait to receive the IP address infinitely until it’s stopped by the user. WAN IP Address If user chooses “Static” for IP Method, user should enter the WAN IP address WIN IP Subnet Mask If user chooses “Static” for IP Method, user should enter the WAN IP subnet mask. Gateway IP Address If user chooses “Static” for IP Method, user should enter IP gateway address MTU Enter the MTU Page 33 of 91 OX-350I User Manual Rev1.2 Name Description WAN DNS First DNS Server Second DNS Server Third DNS Server User can specify three DNS servers and select how the DNS Server is assigned. There are three options for assigning the DNS server. From ISP User Defined If user selects “User Define”, user needs to enter a valid IP address for the DNS server. Commit the changes made and save to CPE, after clicking the Save button user will get a message asking Save if user wants to reboot the CPE. Reboot is necessary for the device to switch to a different profile. Cancel Reset field to the last saved values Table 8 Field definition for Networking>Bridge/NAT mode>WAN 5.1.3. PPPoE In Figure 17, it demonstrates how to configure PPPoE on CPE web page. The definition for each field is shown on Table 9. Page 34 of 91 OX-350I User Manual Rev1.2 Figure 17 Name Networking>Bridge/NAT mode>PPPoE Description PPPoE User Name The user name to connect PPPoE server via the selected Auth Protocol Password The password of the corresponding username Retype Password Type the “Password” again Auth Protocol The authentication protocol of the peer required. Select which Authentication protocol to use. PAP CHAP MSCHAPv1 Encryption MSCHAPv2 Encryption Scheme No MPPE 40 bits: 40-bit encryption with MPPE MPPE 128 bits: 128-bit encryption with MPPE Auto: automatically selected Page 35 of 91 OX-350I User Manual Rev1.2 Name Description Idle Timeout Disconnect if the link is idle for the assigned seconds AC Name The name of the access concentrator to connection to DNS Overwrite Yes No MPPE_Stateful Yes No Always On Manual Connection Trigger Connection Timeout Time to attempt to connect, if connection attempt fails after that time it will halt attempting to connect Commit the changes made and save to CPE, after clicking the Save button user will get a message asking if user wants to reboot the CPE. Reboot is necessary for the device to switch to a different profile. Save Cancel Reset field to the last saved values Table 9 Field definition for Networking>Bridge/NAT mode>PPPoE 5.1.4. GRE In Figure 18, it demonstrates how to configure GRE on CPE web page. The definition for each field is shown on Table 9. Figure 18 Name Networking>Bridge/NAT mode>GRE Description GRE Peer Peer IP Address Enter the IP address of its GRE Peer Page 36 of 91 OX-350I User Manual Rev1.2 Name Description Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 10 Field definition for Networking>Bridge/NAT mode>GRE 5.1.5. EtherIP In Figure 19, it demonstrates how to configure EtherIP on CPE web page. The definition for each field is shown on Table 9. Figure 19 Name Networking>Bridge/NAT mode>EtherIP Description EtherIP Tunnel Bridge Peer IP Address Enter the IP address of its EtherIP Peer Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 11 Field definition for Networking>Bridge/NAT mode>EtherIP 5.1.6. VLAN In Figure 20Figure 17, it demonstrates how to configure VLAN on CPE web page. The definition for each field is shown on Table 12. Page 37 of 91 OX-350I User Manual Rev1.2 Figure 20 Name Networking>Bridge/NAT mode>VLAN Description VLAN Utility Enable VLAN Set the WAN mode to Bridge to allow VLAN to be enabled, otherwise it will be disabled. Port Settings Display per page Enter the number of interfaces displayed per page, if there are more than can be the number given, then you can use the navigation buttons to go to the next page. Number of allowed display per page are as follows: 10, 20, 30, 50, 80, 100. Edit Mode To edit any of the editable fields you need to click on the field you want to edit, all the available editable field for Page 38 of 91 OX-350I User Manual Rev1.2 Name Description that entry will be available for editing. OK Click the OK button to exit edit mode. Filter Setting Display per page Same as Port Settings Display per page. To edit any of the editable fields you need to click on the Edit Mode field you want to edit, all the available editable fields for that entry will be available for editing. Add Click the Add button to add a new entry. OK Click the OK button to exit edit mode. Save Commit the changes made and save to CPE. Cancel Reset field to the last saved values Table 12 Field definition for Networking>Bridge/NAT mode>VLAN 5.1.7. QoS In Figure 21, it demonstrates how to configure QoS on CPE web page. The definition for each field is shown on Table 13. Figure 21 Name Networking>Bridge/NAT mode>QoS Description Port Settings Click on any of the fields to enable edit mode. User can exit edit mode by clicking the OK button. Priority levels allowed are from 1-6. Page 39 of 91 OX-350I User Manual Rev1.2 Name Description OK Exit the edit mode. Save Commit the changes made and save to CPE, Cancel Reset field to the last saved values Table 13 Field definition for Networking>Bridge/NAT mode>QoS 5.2. Firewall In networking, firewalls are used to block un-wanted traffic. It will prevent unauthorized devices to enter a trusted network. 5.2.1. HTTP Figure 22 Name Networking>Firewall>HTTP Description HTTP Server Enable Check the box to allow http connections. Port Number Enter the http port number (default is port 80) Page 40 of 91 OX-350I User Manual Rev1.2 Name Description HTTPS Server Enable Check the box to allow https connections. Port Number Enter the https port number (default is port 443) HTTP and HTTPS Allow Connection from Check the check-box to allow connections from WAN. WAN Save Commit the changes made and save to CPE. Cancel Reset fields to the last saved values. Table 14 Field definition for Networking>Firewall>HTTP 5.2.2. TELNET Figure 23 Name Networking>Firewall>TELNET Description TELNET Server Enable Check the box to allow Telnet connections. Port Number Enter the Telnet port number (default is port 23) Allow WAN Connection from Check the check-box to allow connections from WAN. Allow LAN Connection from Check the check-box to allow connections from LAN. Save Commit the changes made and save to CPE. Cancel Reset fields to the last saved values. Page 41 of 91 OX-350I User Manual Rev1.2 Table 15 Field definition for Networking>Firewall>TELNET 5.2.3. SSH Figure 24 Name Networking>Firewall>SSH Description SSH Server Enable Check the box to allow SSH connections. Port Number Enter the SSH port (default is port 22) Allow WAN Connection from Check the check-box to allow connections from WAN. Allow Connection from Check the check-box to allow connections from LAN LAN. Save Commit the changes made and save to CPE. Cancel Reset fields to the last saved values. Table 16 Field definition for Networking>Firewall>SSH 5.2.4. DMZ DMZ stands for Demilitarized Zone. It is a physical or logical sub-network that contains and exposes an organization's external services to a larger un-trusted network, usually the Internet. The term is normally referred to as a DMZ by IT professionals. It is sometimes referred to as a Perimeter Network. The purpose of a DMZ is to add an additional layer of security to an organization's LAN; an Page 42 of 91 OX-350I User Manual Rev1.2 external attacker only has access to equipment in the DMZ, rather than any other part of the network. The “Networking>Firewall>DMZ” tab allows user to configure a DMZ host IP address as shown in Figure 25. In DMZ Settings, user needs to enter the IP address of the DMZ host. The “Save” button will save the changes to CPE and the “Cancel” button will reset the field to last saved value. It will disable DMZ host when entering “0.0.0.0”. Figure 25 Networking>Firewall>DMZ 5.2.5. IP Filiter The IP filter rules will drop or discard traffic that fits the filter criteria. User can define IP filter rules as shown in Figure 26. The definition for each field is shown on Table 17. Figure 26 Name Networking>Firewall>IP Filter Description IP Filter Rules Page 43 of 91 OX-350I User Manual Rev1.2 Name Description Add Click the "Add" button to create a new IP Filter rule OK Click the "OK" button will exit the table edit mode Active Check the box to activate the IP Filter rule Source IP Source IP to filter on. It can be in one of the following formats: IP address (ex. 192.168.0.222) Subnet (ex. 192.168.1.0/24) IP range (ex. 192.168.0.150~192.168.0.160) 0.0.0.0/0 means any Source Port Source Port to filter on. It can be one of the following formats: Port number (ex. 8080) Port Range (ex. 1024~2048) Destination IP Destination IP to filter on. It can be in one of the following formats: IP address (ex. 192.168.0.222) Subnet (ex. 192.168.1.0/24) IP range (ex. 192.168.0.150~192.168.0.160) 0.0.0.0/0 means any Destination Port Destination port to filter on. It can be one of the following formats: Port number (ex. 8080) Port Range (ex. 1024~2048) Protocol Protocol to filter on Trash Delete the IP Filter rule Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 17 Field definition for Networking>Firewall>IP Filter 5.2.6. MAC Filiter The MAC filter rules will drop or discard traffic that the filter criteria. User can define MAC filter rules as shown in Figure 27. The definition for each field is Page 44 of 91 OX-350I User Manual Rev1.2 shown on Table 18. Figure 27 Name Networking>Firewall>MAC Filter Description MAC List Blacklist/Whitelist Blacklist or Whitelist MAC Filter Rules Active Enable/Disable this rule Source MAC Source MAC address of filter rule Destination MAC Destination MAC address of filter rule Day of the Week What day to activate the rule Start Time What time to start End Time Rule Activated period Trash Delete the MAC Filter rule Add Click the "Add" button to create a new MAC Filter rule OK Click the "OK" button will exit the table edit mode Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 18 Field definition for Networking>Firewall>MAC Filter Page 45 of 91 OX-350I User Manual Rev1.2 5.2.7. URL Filiter Content Filter is used to filter WWW traffic by URL. Currently, the white/black list is maintained by OpenDNS (http://www.opendns.com). If user wants to use this function, an OpenDNS account should be applied first. Figure 28 Name Networking>Firewall>URL Filter Description URL List Enable Content Filter Check the check box to enable Content Filter Blacklist/Whitelist Select Blacklist or Whitelist URL Filter Rules Add Add a new URL filter rule Trash Delete a URL filter rule Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 19 Field definition for Networking>Firewall>URL Filter Page 46 of 91 OX-350I User Manual Rev1.2 5.3. DHCP Server Use the “Networking> DHCP Server” tab to configure the DHCP server information. The default DHCP Server setup is enabled, and user could disable this function from setup as shown in Figure 29. When user disables the DHCP server, it requires setting a static IP address on host PC for CPE to configure. Please be noted that without the static IP address set properly on the host PC, user can not open the CPE web page for configuration. When DHCP server is enabled, user needs to define the IP pool range for dynamically assigning the IP address. The advantage of using DHCP server is that the addresses which are no longer in use will be returned to the IP address pool so that the server can reallocate them to other machines in the network. There are three DNS servers the user can configure to assign an IP address. Static DHCP will assign an IP address on the LAN to a specific device based on its MAC address. The definition for each field is shown on Table 20. Page 47 of 91 OX-350I User Manual Rev1.2 Figure 29 Name Networking>DHCP Server Description DHCP Server DHCP Mode DHCP address start Select DHCP mode: None: disable DHCP mode. Server: enable DHCP server mode Relay: enable DHCP relay mode IP Starting IP address range Page 48 of 91 OX-350I User Manual Rev1.2 Name Description DHCP end IP address Ending IP address range The lease time is a controlled time period, allowing the DHCP server to reclaim (and then reallocate) IP Lease Time addresses that are not renewed (dynamic re-use of IP addresses). Lease time is measured in minutes in the Configuration Manager. Relay IP Enter the IP address of DHCP relay. DNS Server assigned by DHCP Server User can specify three DNS servers and select how the DNS Server is assigned. There are three options for assigning the DNS server. First DNS Server Second DNS Server Third DNS Server From ISP User Defined None If user selects “None”, then the DHCP server will not give clients the DNS server information. If all the three DNS servers setting are set to “None”, then the DHCP server will use the LAN IP address as the DNS server information for the clients. If the user chooses “User Defined” and leaves the IP address as “0.0.0.0” it will change the field to “None”. Static DHCP Static DHCP Enter MAC address and IP address for static DHCP addresses. Add Click on the “Add” button to enter a static leased IP address. Enter the MAC address of the Ethernet device and enter the IP address. OK Click the “OK” button to exit out of edit mode. DHCP Leased Hosts DHCP Leased Hosts List of Leased IP addresses. The “Refresh” button will display an updated list of leased addresses. Save Commit the changes made and save to CPE, some services will be reloaded. Cancel Reset fields to the last saved values. Page 49 of 91 OX-350I User Manual Rev1.2 Table 20 Field definition for Networking>DHCP Server 5.4. NAT ALG There are some ALG settings that user can enable from “Networking>NAT ALG”. ALG allows legitimate application traffic to pass through the CPE that would have otherwise restricted. Without ALGs, some application may not work well because of NAT/firewall settings. User could click on the check box to enable ALGs. Note: If user is using any of these types of application protocols user needs to enable them in the ALG settings. FTP ALG H.323 ALG IPsec ALG L2TP ALG PPTP ALG RTSP ALG SIP ALG SIP Port SIP ALG Set BSID Figure 30 Networking>NAT ALG Page 50 of 91 OX-350I User Manual Rev1.2 5.5. Forwarding Forwarding is the act of forwarding the data from WAN side to the particular port of the private IP. This function can allow remote computers to reach a port on a private IP address within a private LAN. In the following, it will introduce how to setup for Port Forward. First, user needs to click the “Add” button and then select which forward type, TCP or UDP or TCP/UDP, is preferred to trigger the special application as shown in Figure 31 and Figure 32. User needs to assign some specific port for the WAN IP to be forwarded to the defined LAN IP and port, and then click the “Save” button to add a Port Forward rule. The definition for each field is shown on Table 21. Figure 31 Figure 32 Networking>Forwarding Networking>Forwarding>Wizard Page 51 of 91 OX-350I User Manual Rev1.2 Name Description Port Forwarding Rules Active Check the box to active the port forward rule Name Name of the port forward rule Protocol User needs to define the desired protocol for rule. Available options are: TCP, UDP, or TCP/UDP Incoming Port(s) Forward Port(s) User needs to define incoming port range for port forwarding rule. User needs to define to which port range will be translated for port forwarding rule. The packet will be forwarded to one of these ports if it matches the rule. Server IP User needs to define which IP address will be translated to if it matches the Port Forwarding rule. The packet will be forwarded to this IP address if it matches the rule. Trash Delete the Port Forward rule Wizard Click the ”Wizard” button to go to the Port Forward Rule Wizard Add Click the “Add” button to create a new Port Forward rule OK Click the “OK” button to exit table edit mode Save Commit the changes made and save to the CPE Cancel Reset field to the last saved values. Table 21 Field definition for Networking>Forwarding 5.6. Trigger The “Networking>Trigger” allows user to configure Port Trigger rules. Port Trigger is a way to automate port forwarding in which outbound traffic on predetermined ports (‘trigger port’) causes inbound traffic to specific incoming ports to be dynamically forwarded to the initiating host, while the outbound ports are in use. This allows users behind CPE on the LAN to provide services that would normally require the computer to have IP address on the LAN. Port triggering triggers an open incoming port (‘open port’) when a client on the local network makes an outgoing connection on a predetermined port or range of ports. The definition for each field is shown on Table 22. Page 52 of 91 OX-350I User Manual Rev1.2 Figure 33 Figure 34 Name Networking>Trigger Networking>Trigger>Wizard Description Port Triggering Rules Active Check the box to active the Port Trigger rule Name Name of the Port Trigger rule Trigger Protocol It defines which protocol the outgoing packet used will trigger the rule. Available options are TCP, UDP or TCP/UDP Trigger Port(s) It defines which port range the outgoing packet will trigger the rule. User needs to enter the starting and ending port range Open Protocol It defines which protocol will be opened if the rule had Page 53 of 91 OX-350I User Manual Rev1.2 Name Description been triggered. Available options are TCP, UDP or TCP/UDP It defines which protocol port will be opened if the rule Open Port(s) had been triggered. User needs to enter the starting and ending port range Trash Delete the Port Trigger rule Click the ”Wizard” button to go to the Port Trigger Rule Wizard Wizard Add Click the “Add” button to enter a Port Trigger rule OK Click the “OK” button to exit, table edit mode. Save Commit the changes made and save to the CPE Cancel Reset fields to the last saved values Table 22 Field definition for Networking>Trigger 5.7. DDNS DDNS stands for Dynamic Domain Name Services. It provides a function to convert the domain name to the unique IP address. With DDNS, users is able to find and connect to CPE no matter what IP address CPE is currently using, that is, DDNS can map CPE's dynamic IP address to a static hostname. The best profit of this function allows user to access CPE from everywhere. In Figure 35, it demonstrates how to configure DDNS on CPE web page. The definition for each field is shown on Table 23. Page 54 of 91 OX-350I User Manual Rev1.2 Figure 35 Name Networking>DDNS Description DDNS Profile Enable Dynamic DNS Click the check box to enable dynamic DNS Service Provider Enter the URL of the Service Provider Service Type* Enter the service type (DYNDNS only) Dynamic Static Custom Domain Name Enter the domain name Login Name Enter the username Password Enter the password Select the Policy to be used IP Update Policy User Defined IP Wildcards* Auto Detect WAN IP User Defined If user selects “User Defined” as the IP policy, user has to enter the IP address. Allow hostname to use wildcards such as “*”. It will allow Page 55 of 91 OX-350I User Manual Rev1.2 Name Description “*host.dyndns.org” to be aliased to the same IP address as “host.hyndns.org” MX* Enable mail routing Backup MX* Enable Second mail routing MX Host* Host that mail will be routed to Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Note: * Supported by DYNDNS service provider. Table 23 Field definition for Networking>DDNS 5.8. UPnP Two methods of simplifying the process of connecting a device to the network are available as shown in Figure 36. UPnP allows devices to connect seamlessly to networks in the home (data sharing, communications, and entertainment) and in corporate environments for simplified installation of computer components. NAT Port Mapping Protocol (NAP-PMP) allows a computer in a private network (behind a NAT router) to automatically configure the router to allow parties outside the private network to contact itself. The definition for each field of UPnP Setting is shown on Table 24. Figure 36 Name Networking>UPnP Description UPnP Service Enable UPnP Check the check box to enable UPnP Page 56 of 91 OX-350I User Manual Rev1.2 Name Description Enable NAT-PMP Check the check box to enable NAT-PMP Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 24 Field definition for Networking>UPnP 5.9. Ping Figure 37 Name Networking>Ping Description Ping IP Address The destination IP address for ping test. It can be in one of the following formats: IP address (ex. 165.21.83.88) Ping Domain name (ex. www.google.com) Commit the ping test request Table 25 Field definition for Networking>Ping Page 57 of 91 OX-350I User Manual Rev1.2 6. Management 6.1. TR-069 Using TR-069 the terminals can communicate with the Auto Configuration Servers (ACS) and establish the configuration automatically. It’s the current standard for activation of terminals in the DSL broadband market. Figure 38 Name Management>TR-069 Description Page 58 of 91 OX-350I User Manual Rev1.2 Name Description TR-069 Configuration Enable To enable or disable the TR-069 activity on the CPE. Fixed Client Port To specify fixed client port ACS Server URL The ACS URL for CPE to connect to. Bootstrap Enable Check the box to enable bootstrap. ACS Username The username for the CPE when connected to ACS. ACS Password The password for the CPE when connected to ACS. Periodical Inform Enable To enable or disable the periodical inform to ACS for CPE. Periodical Inform Interval The interval between two periodical inform. Connection Request Username Enter the username for the ACS to perform connection request to CPE. Connection Request Enter the password for the ACS to perform Password connection request to CPE. CA Certificate File The CA certificate file is used to identify the certificate of ACS when D-230 communicated ACS with HTTPS URL. CA Certificate Info Displays the subject field of the CA Certificate. Client Certificate File The CLIENT certificate file is used when CPE communicates with HTTPS URL. Client Certificate Info Displays the subject field of the CLIENT Certificate. Save Commit the changes made and save to CPE. Cancel Reset fields to the last saved values. Table 26 Field definition for Management>TR-069 6.2. OMA-DM Using OMA DM the terminals can communicate with the OMA DM Server and establish the configuration automatically. It’s the current standard for activation of terminals in OMA (Open Mobile Alliance). Page 59 of 91 OX-350I User Manual Rev1.2 Figure 39 Name Management>OMA-DM Description OMA DM Configuration Enable To enable or disable the OMA-DM activity of CPE. Server URL The DM Server URL for CPE to connect to. Server Port The DM Server Port for CPE to connect to. Server Auth Type The DM Server authentication type. Server ID The Server ID for CPE when connected to DM Server. Server Password The Server password for CPE when connected to DM Server. Server Nonce Server nonce used in authentication credential calculation. Client Auth Type The DM Client authentication type. Client ID The Client ID for CPE when connected to DM Server. Client Password The Client password for CPE when connected to DM Server. Page 60 of 91 OX-350I User Manual Rev1.2 Name Description Client Nonce Client nonce used in authentication credential calculation. Periodical Client- To enable or disable the periodical client-initiated session to initiated Enable DM server for CPE. Periodical Clientinitiated Interval The interval between two periodical client-initiated sessions. Save Commit the changes made and save to CPE. Cancel Reset fields to the last saved values. Table 27 Field definition for Management>OMA-DM 6.3. SNMP Figure 40 Name Management>SNMP Description SNMP Daemon Checking the enable button will allow SNMP Enable applications to query and set some of the SNMP variables. Location Enter the Location SNMP string variable. Contact Enter the Contact SNMP string variable. Read Community Enter Read community string to query SNMP data. Page 61 of 91 OX-350I User Manual Rev1.2 Name Description Write Community Enter Write community string to query SNMP variables. Enter the IP Address of trap server where user wants Trap Server trap notifications to be sent to. Enter the Trap community to act as a password for sending trap notifications to the target SNMP Trap community manager. Save Commit the changes made and save to CPE. Cancel Reset fields to the last saved values. Table 28 Field definition for Management>SNMP 6.4. Log 6.4.1. Log Setting The “Management>Log>Log Setting” allows user to set the remote log configure. The “Refresh” button will clear the log window and display the most current system log information. Figure 41 Management>Log>Log Setting Name Description Enable Log Check the box to enable the log feature. Log Level Select the log level. Page 62 of 91 OX-350I User Manual Rev1.2 Name Description Enable Remote Log Enable / Disable transfer log to remote syslog server. Remote Log Host Location of the remote syslog server. Remote Log Port What port to use for remote logging. Save Commit the changes made and save to CPE. Cancel Reset fields to the last saved values. Table 29 Field definition for Management>Log>Log Setting 6.4.2. Log Display The “Management>Log>Log Display” will display system log output. The “Refresh” button will clear the log window and display the most current system log information. Figure 42 Management>Log>Log Display Page 63 of 91 OX-350I User Manual Rev1.2 6.5. Upgrade The “Upgrade” window allows user to upgrade the firmware on the device. Users can choose to upgrade the firmware by entering the file path. Note: After pressing the “Upgrade” button. It will automatically reboot the CPE and upgrade the firmware with the specified file. User will be prompted to login to CPE after the upgrade is complete. 6.5.1. Upgrade File Figure 43 Name Management>Upgrade>Upgrade File Description Auto Upgrade Firmware Enable Auto FW Upgrade Upgrade Server To enable or disable the Auto Upgrade Firmware of CPE. Auto Firmware Update checking URL. Page 64 of 91 OX-350I User Manual Rev1.2 Name Description Upgrade Hour The service stating time. Upgrade The random period of sleep time before actually connection Random Time to server for checking and updating. Upgrade File The "Version File" in the URL. "Version File" format : 1st line : "firmware package version" 2nd line : "firmware package tar-ball" (in the same URL path) Save Commit the changes made and save to CPE. Cancel Reset fields to the last saved values. Upgrade Firmware Browse Enter the full path of the file user wants to upgrade. The “browse” button will help user to find the file on the server. Upgrade It will start upgrading the file Status The status bar will display which segment it's processing and what percentage of the upgrade has been completed. Table 30 Field definition for Management>Upgrade>Upgrade File 6.5.2. Upgrade Link Figure 44 Name Management>Upgrade>Upgrade Link Description Upgrade Firmware Upgrade Link Upgrade Enter the complete URL path of the file that user wants to upgrade It will start upgrading the file Page 65 of 91 OX-350I User Manual Rev1.2 Name Description Status The status bar will display which segment it's processing and what percentage of the upgrade has been completed. Table 31 Field definition for Management>Upgrade>Upgrade Link 6.5.3. CWMP Upgrade TR-069 technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices. Figure 45 Name Management>Upgrade>CWMP Upgrade Description Upgrade Firmware via CWMP Request Download Upgrade It will start upgrading Table 32 Field definition for Management>Upgrade>CWMP Upgrade 6.6. Recovery Recovery will set all the configurations back to factory defaults. Any configurations that user has made will be changed back to the factory default settings. After selecting “Factory Default” button, user will be prompted with a window to confirm or cancel the action. Warning: Restore factory defaults will clear any IP addresses and setting that may have been configured on the CPE. Page 66 of 91 OX-350I User Manual Rev1.2 6.6.1. Backup Figure 46 Management>Recovery>Backup Figure 47 File Download Page 67 of 91 OX-350I User Manual Rev1.2 Figure 48 Name Save File As Description Backup Configuration Click the "Backup" button o save the current Backup configuration on the CPE. After user clicks the "Backup" button "File Download" window will pop-up and prompt user to save the file. In the "Save As" window, enter the name and location, where user wishes to download the file to. Table 33 Field definition for Management>Recovery>Backup Page 68 of 91 OX-350I User Manual Rev1.2 6.6.2. Restore Figure 49 Name Management>Recovery>Restore Description Restore From File Enter the path of the configuration file user wants to restore. Click on the "Browse" button to help user to File Restore navigate through directories and search for the file. After user enters the complete file path, click the "File Restore" button. It will begin restoring the configuration from the file specified. Restore From URL Link Enter the configuration URL path user wants to restore URL Restore from. After entering the complete URL path, click the "URL Restore" button. It will begin restoring the configuration from the URL location user specified. Table 34 Field definition for Management>Recovery>Restore Page 69 of 91 OX-350I User Manual Rev1.2 6.6.3. Factory Defaults Figure 50 Management>Recovery>Factory Defaults Figure 51 Restore to factory reset warning Page 70 of 91 OX-350I User Manual Rev1.2 7. VPN VPN (Virtual Private Network) is a network that is implemented in an additional software layer on top of an existing larger network for the purpose of providing a secure extension of a private network into an insecure network such as the Internet. The links between nodes of a VPN are formed over logical connections or virtual circuits between hosts of the larger network. VPNs are often installed by organizations to provide remote access to a secure organizational network. Generally, a VPN has a network topology more complex than a point-to-point connection. VPNs are also used to mask the IP address of individual computers within the Internet in order, for instance, to surf the World Wide Web anonymously or to access location restricted services, such as Internet television. Here, VPN Settings allow user to set rules for VPN, and it supports PPTP, L2TP, and IPsec. 7.1. PPTP The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP does not provide confidentiality or encryption; it relies on the protocol being tunneled to provide privacy. 7.1.1. PPTP Server A PPTP Server (Point-To-Point Tunneling Protocol) allows user to connect securely from a place (such as the house) to a LAN located in another location, such as the office. This way user can use the services provided in the office at the comfort of the house. The definition for each field of PPTP Server is shown on Table 35. Page 71 of 91 OX-350I User Manual Rev1.2 Figure 52 Name VPN>PPTP>PPTP Server Description PPTP Server Enable Activate PPTP server. Server Name Offer a service name Auth Protocol Require the peer to authenticate itself before allowing network packets to be sent or received. We support the following protocol: PAP: Password Authentication Protocol Page 72 of 91 OX-350I User Manual Rev1.2 Name Description CHAP: Challenge Handshake Authentication Protocol MSCHAP: Microsoft Challenge Handshake Authentication Protocol MSCHAPv2: Microsoft Challenge Authentication Protocol, Version 2 Handshake Encryption Scheme: Encryption No MPPE 40 bits: 40-bit encryption with MPPE MPPE 128 bits: 128-bit encryption with MPPE Auto: automatically select Local IP Address The IP of router Remote Start IP As sessions are established, IP addresses are assigned starting from “Remote Start IP” Idle Timeout Disconnect if the link is idle for the assigned seconds DNS Server 1 The primary DNS (Domain Name Server) addresses to clients DNS Server 2 The secondary DNS (Domain Name Server) addresses to clients User Access List User name User ID to connect PPTP server via the selected Auth Protocol Server Server protocol type Password Password to connect PPTP server via the selected Auth Protocol IP address IP address of the connected client Connection List User name The user name of the connection Remote IP address The peer address of the connection PPTP IP address The assigned IP address of PPTP Login Time The time of the connection created Link Time(s) Timer from the connected time Save Commit the changes made and save to the CPE Cancel Reset fields to the last saved values Page 73 of 91 OX-350I User Manual Rev1.2 Table 35 Field definition for VPN>PPTP>PPTP Server 7.1.2. PPTP Client User could setup PPTP Client as shown in Figure 53 and Figure 54. The definition for each field of PPTP Client is shown on Table 36. Figure 53 Figure 54 Name VPN>PPTP>PPTP Client VPN>PPTP>PPTP Client>Add Description Page 74 of 91 OX-350I User Manual Rev1.2 Name Description PPTP Client Add Add a new connection setting Edit Edit the existed connection setting Edit PPTP Client Profile Name The name for this connection setting NAT Mode? Enable or disable NAT when connected to PPTP server. Yes: enable No: disable The Authentication protocol of the peer required. Select which Authentication protocol to use. Auth Protocol PAP CHAP MSCHAPv1 MSCHAPv2 Encryption Encryption scheme Server IP Address The IP address of PPTP server Username The user ID to connect PPTP server via the selected Auth Protocol Password The password of the corresponding user ID Retype Type the “Password” again Get IP automatically? Obtain the dynamic IP address, assigned by the PPTP server Assign IP Address Assign the static IP address for this connection setting Idle Timeout Disconnect if the link is idle for the assigned seconds MPPE_Stateful Allow MPPE to use stateful mode. Stateless mode is still attempted first. The default is to disallow stateful mode. Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 36 Field definition for VPN>PPTP>PPTP Client 7.2. L2TP In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol Page 75 of 91 OX-350I User Manual Rev1.2 used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself. It relies on an encryption protocol that it passes within the tunnel to provide privacy. The entire L2TP packet, including payload and L2TP header, is sent within a UDP datagram. It is common to carry Point-to-Point Protocol (PPP) session within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. 7.2.1. L2TP Server User can setup CPE from web page as shown in Figure 55. The definition for each field of PPTP Server is shown on Table 37. Page 76 of 91 OX-350I User Manual Rev1.2 Figure 55 Name VPN>L2TP>L2TP Server Description L2TP Server Enable Check the check box to activate L2TP server. Server Name Enter a service name Support Version Protocol The supported protocol of L2TP messages ALL: L2TPv2 and L2TPv3 Page 77 of 91 OX-350I User Manual Rev1.2 Name Description 2: L2TPv2 only 3: L2TPv3 only Require the peer to authenticate itself before allowing Auth Protocol network packets to be sent or received. The following protocols are supported: PAP: Password Authentication Protocol CHAP: Challenge Handshake Authentication Encryption protocol MSCHAPv1: Microsoft Authentication Protocol Challenge Handshake MSCHAPv2: Microsoft Challenge Authentication Protocol, Version 2 Handshake Encryption Scheme No MPPE 40 bits: 40-bit encryption with MPPE MPPE 128 bits: 128-bit encryption with MPPE Auto: automatically select Local IP Address The IP of router Remote Start IP As sessions are established, IP addresses are assigned starting from “Remote Start IP” Restrict Client IP? To restrict client IP address range for the client Allow Client IP The IP address range for the client Idle Timeout Disconnect if the link is idle for the given number of seconds DNS Server 1 The primary DNS (Domain Name Server) addresses to the clients DNS Server 2 The secondary DNS (Domain Name Server) addresses to the clients User Access List User Name User ID to connect L2TP server via the selected Auth Protocol Server Server Protocol type Password Password to connect L2TP server via the selected Auth Protocol Page 78 of 91 OX-350I User Manual Rev1.2 Name Description IP Address IP address of the connected client Connection List User Name The user name of the connection Remote IP Address The peer address of the connection L2TP IP Address The assigned IP address of L2TP Login Time The time of the connection created Link Time(s) Elapsed time connected Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 37 Field definition for VPN>L2TP>L2TP Server 7.2.2. L2TP Client User could setup PPTP Client as shown in Figure 56 and Figure 57. The definition for each field of PPTP Client is shown on Table 38. Figure 56 VPN>L2TP>L2TP Client Page 79 of 91 OX-350I User Manual Rev1.2 Figure 57 Name VPN>L2TP>L2TP Client>Add Description L2TP Client Add Add a new connection setting Edit Edit the existed connection setting Edit L2TP Client Profile Name L2TP Protocol Version The name of this connection setting The message of L2TP protocol version for this connection setting 2: L2TPv2 only NAT Mode? Enable or disable NAT when connected to PPTP server Yes: enable Auth Protocol 3: L2TPv3 only No: disable The Authentication Protocol of the peer required. Select which Authentication protocol to use. PAP CHAP Page 80 of 91 OX-350I User Manual Rev1.2 Name Description MSCHAPv1 MSCHAPv2 Encryption Encryption Scheme Server IP Address The IP address of L2TP server Username The username to connect L2TP server via the selected Auth Protocol Password The password of the corresponding username Retype Type the “Password” again Get IP Automatically? Obtain the dynamic IP address, assigned by the L2TP server Assign IP Address Assign the static IP address for this connection setting Idle Timeout Disconnect if the link is idle for the assigned seconds MPPE_Stateful Allow MPPE to use stateful mode. Stateless mode is still attempted first. The default is to disallow stateful mode. Save Commit the changes made and save to CPE Cancel Reset fields to the last saved values Table 38 Field definition for VPN>L2TP>L2TP Client 7.3. IPsec Internet Protocol Security (IPsec) is an end-to-end security solution and operated at the IP Layer. It provides secure communication between pairs of hosts, pairs of security gateways or between security gateways and a host. It’s based on a suite of protocols for securing IP traffic by authenticating and encrypting each IP packet of the data stream. Figure 58 VPN>IPsec Overview Page 81 of 91 OX-350I User Manual Rev1.2 Page 82 of 91 OX-350I User Manual Rev1.2 Figure 59 VPN>IPsec>Add Name Description Add Click the "Add" button to add an IPsec connection rule Property Enable Enable IPsec connection. Connection Name The name of the connection Select the connection type Initiator On Demand Connection Type Responder Gateway Information Local Endpoint Interface The interface of the CPE public-network interface Local Endpoint Address IP The IP address or Domain Name of the CPE public-network interface Remote Endpoint Address IP The IP address or Domain Name of the remote peer. Authentication Method Pre-Shared Key The pre-share key that two security gateways use to authenticate States how the authentication CPE should be identified for Local ID Type IP: The CPE is identified by the assigned IP for authentication. The default value is 0.0.0.0. Content The IP address States how the remote peer should be identified for authentication Remote ID Type IP: The remote peer is identified by the assigned IP for authentication. The default value is 0.0.0.0, and this means CPE will accept any IP. Content The IP address IKE Phase 1 Page 83 of 91 OX-350I User Manual Rev1.2 Name Description Press the Add button to enter an Encryption and Authentication algorithm. Click the trash to remove the selected algorithm. Encryption Algorithm: Proposal Add DES 3DES AES128 AES192 AES256 Authentication Algorithm: MD5 SHA-1 Proposal OK Click the OK button to exit the table edit mode Key Group The DH group used to negotiate the IKE/ISAKMP SA. The period that the keying channel of a connection SA Life Time (IKE/ISAKMP renegotiated. SA) should last before being Dead Peer Detection Enable or disable the Dead Peer Detection protocol (DPD) (RFC 3706) DPD Interval DPD Idle Try Local Network The time interval when R_U_THERE messages are sent to the peer. The retry counter for DPD. The timeout interval is "DPD interval" multiplied by "DPD Idle Try". After the timeout interval all connections to the peer are deleted if they are inactive. The private subnet behind the CPE. Single Address: The private subnet consisting of one IP address. Address Type Subnet address: The private subnet consisting within the subnet IP addresses. Start IP Address The only IP address allowed in the subnet Subnet Mask The netmask of the subnet (Subnet address) Local Port Restrict the traffic selector to a single protocol and/or port. Page 84 of 91 OX-350I User Manual Rev1.2 Name Description Any: No restriction ICMP: Restrict the traffic selector to ICMP protocol. TCP: Restrict the traffic selector to TCP protocol. If the port number is 0, all TCP port numbers are accepted. UDP: Restrict the traffic selector to UDP protocol. If the port number is 0, all UDP port numbers are accepted. Remote Network The private subnet behind the remote peer. Single Address: The private subnet consisting of one IP Address Type address. Subnet address: The private subnet consisting of subnet IP addresses. Start IP Address The only IP address allowed in the subnet Subnet Mask The netmask of the subnet (Subnet address) Restrict the traffic selector to a single protocol and/or port. Remote Port Any: No restriction ICMP: Restrict the traffic selector to ICMP protocol. TCP: Restrict the traffic selector to TCP protocol. If the port number is 0, all TCP port numbers are accepted. UDP: Restrict the traffic selector to UDP protocol. If the port number is 0, all UDP port numbers are accepted. IPSec Proposal The type of the connection: Encapsulation Mode Active Protocol Encryption Algorithm Tunnel: signifying a host-to-host, host-to-subnet, or subnet-to subnet tunnel. Transport: signifying host-to-host transport made. Whether authentication should be done as part of ESP encryption and/or separately using the AH protocol. NULL AES128 Page 85 of 91 OX-350I User Manual Rev1.2 Name Description AES192 AES256 DES 3DES Authentication Algorithm MD5 SHA-1 SA Life Time The time interval a particular instance of a connection (a set of encryption/authentication key for user packets) should last, from successful negotiation to expiry. Perfect Forward Whether Perfect Forward Secrecy of keys is desired on Secrecy (PFS) the connection's keying channel. Save Commit the changes made and save to the CPE device Cancel Reset fields to the last saved values. Table 39 Field definition for VPN>IPsec>Add Page 86 of 91 OX-350I User Manual Rev1.2 8. Installation and Grounding Device Before installing the Outdoor CPE Device Before installing, it is important to comply with the precautions listed below. It must be installed by qualified service personnel who are well-trained in the correct procedures for handling and installing the equipment. Avoid installing or working on equipment in adverse weather conditions. Once it must be installed in adverse weather conditions, it’s necessary to well protect the equipment. Do not install the device near overhead power lines or power circuits, or where the device can fall onto such power lines or circuits. Do not disassemble the product. Opening or removing covers may expose you to electric shock. Warranty void if seal is broken. Do not place or construct objects in close proximity to the device. Be sure to check the supplied mounting accessory is correct as listed in Figure 60. Please be noted that the mounting kits should be used for the pole with diameter between 34 ~ 49 mm. Under normal operating condition, it should be at least 60 cm away from the body of the user. Mounting Accessories: Bracket with Tab: 1 pc Screws with length 35mm: 2 pcs Bracket W/L Tab: 1 pc Nuts: 3 pcs Arm Bracket: 1 pc Split Washers: 3 pcs Screws with length 60mm: 2 pcs Flat Washers: 3 pcs Lockwasher: 2 pcs Figure 60 Mounting accessory list Page 87 of 91 OX-350I User Manual Rev1.2 An Overview of the Outdoor CPE Device Installation Service personnel needs to follow the steps for installing Outdoor CPE Device 1. Pole-mounting or Wall-mounting the Outdoor CPE Device. 2. Grounding the Outdoor CPE Device 3. Connect the Outdoor CPE Device to PoE unit 4. Connect PC to PoE unit for configuring the Outdoor CPE Device 5. Connect the PoE unit to the power source to power up the Outdoor CPE Device 6. Use PC to configure the Outdoor CPE Device Pole-Mounting the Outdoor CPE Device In the following steps, it introduces how to pole-mounting the Outdoor CPE Device. 1. Assemble the mounting hardware brackets onto pole first: Take the Screws with 60mm length to pass through the Split washer and Flat washer in order, and then screw the Brackets together with nuts. 2. Use the Screw with 35mm length to attach the Outdoor CPE Device to the tab of the Bracket. Ensure the Lockwasher is located between the Bracket’s tab and the Outdoor CPE Device’s tab. Be sure to orient the Outdoor CPE Device with the connector towards the bottom. Remember to orderly add the Split washer, Flat washer and Nuts as shown in Figure 61. Do not over-tighten before finishing the Outdoor CPE Device alignment. 3. Adjust the azimuth and elevation of the Outdoor CPE Device toward the direction of WiMAX Base Station location. 4. Tighten the screws to secure the Outdoor CPE Device tightly. It is not necessary to use Arm Bracket for pole-mounting. Arm Bracket is only used for wall-mounting. Page 88 of 91 OX-350I User Manual Rev1.2 Screw (35mm) Screw (60mm) Split washer Flat washer Bracket with Tab Bracket W/L Tab Lockwasher Split washer Flat washer Nut Nut Figure 61 Pole-Mount the Outdoor CPE Device Wall-Mounting the Outdoor CPE Device In the following steps, it introduces how to wall-mounting the Outdoor CPE Device. 1. Install the Bracket with tab on a wall by using two mounting screws appropriate for the wall’s construction material. The appropriate mounting hardware should be purchased directly from a local supplier. 2. Connect the Arm Bracket to Outdoor CPE Device with the 35mm length Screw, Lockwasher, Split washer, Flat washer, and Nut orderly as shown in Figure 62. Ensure the Lockwasher is located between the Bracket’s tab and the Outdoor CPE Device’s tab. Do not over-tighten before finishing the Outdoor CPE Device alignment. 3. Secure the other side of Arm Bracket along with Lockwasher to the Bracket’s tab mounted on wall. Ensure that the bolt head is positioned in the socket of the Bracket. Do not over-tighten before finishing the Outdoor CPE Device alignment. 4. Adjust the azimuth and elevation of the Outdoor CPE Device toward the direction of WiMAX Base Station location. 5. Tighten the screws to secure the Outdoor CPE Device tightly. Page 89 of 91 OX-350I User Manual Rev1.2 Screw (35mm) Arm Bracket Screw (35mm) Customer supplied screw Lockwasher Split washer Bracket with Tab Flat washer Nut Customer supplied screw Split washer Lockwasher Flat washer Nut Figure 62 Wall-Mount the Outdoor CPE Device Grounding the Outdoor CPE Device Grounding the Outdoor CPE Device is essential to avoid serious injury to service personnel and damage to the Outdoor CPE Device. Please be noted that minimum #16 AWG wire with the color combination green-and-yellow should be used for the grounding. The following steps introduce how to ground the Outdoor CPE Device. 1. Remove the ground screw installed on the side of the Outdoor CPE Device, as shown in 2. Cut the required length of the grounFigure 63.d wire, and then strip the insulation from the ground wire by using either a wire cutter/stripper or utility knife. 3. Crimp the ground wire to the copper cable lug, and then connect the cable lug to the grounding connection on the side of the Outdoor CPE Device. Please be noted that the thickness of the cable lug should be less than 0.85mm. 4. Tighten the screw by using the appropriate size and type of screw driver to secure the copper cable lug to the Outdoor CPE Device. 5. Strip the other end of the ground wire and connect to the main ground Page 90 of 91 OX-350I User Manual Rev1.2 Copper Cable Lug Grounding Screw Ground Wire to Earth Figure 63 Connect the ground wire Page 91 of 91
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.3 Linearized : No Page Count : 91 Producer : GPL Ghostscript 8.64 Create Date : 2011:10:04 15:55:24+08:00 Modify Date : 2011:10:04 15:55:24+08:00 Title : Microsoft Word - User Manual of WiMAX 3.5G Outdoor CPE for greenpacket_Rev1.2_FCC Certification Creator : PScript5.dll Version 5.2 Author : 4199EXIF Metadata provided by EXIF.tools