MitraStar Technology HES209M2W WiMAX Indoor VoIP Wi-Fi IAD User Manual User s guide Update

MitraStar Technology Corporation WiMAX Indoor VoIP Wi-Fi IAD User s guide Update

Contents

User Manual Part 2

BM2022w User’s Guide 157CHAPTER 9The VoIP General Screens9.1 VoIP OverviewThe VOICE > General screens allow you to set up global SIP and Quality of Service (QoS) settings.VoIP (Voice over IP) is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit-switched telephone network. You can also use servers to run telephone service applications like PBX services and voice mail. Internet Telephony Service Provider (ITSP) companies provide VoIP service. A company could alternatively set up an IP-PBX and provide it’s own VoIP service.Circuit-switched telephone networks require 64 kilobits per second (kbps) in each direction to handle a telephone call. VoIP can use advanced voice coding techniques with compression to reduce the required bandwidth.9.1.1 What You Can Do in This Chapter•The Media screen (Section 9.2 on page 159) lets you set up and maintain global VoIP settings on the BM2022w.•The QoS screen (Section 9.3 on page 160) lets you set up and maintain QoS settings for voice traffic flowing through the BM2022w.•The SIP screen (Section 9.4 on page 161) lets you enable session timer and select the SIP session refresh method.•The Speed Dial screen (Section 9.5 on page 161) lets you add, edit, or remove speed-dial entries for the phone line.9.1.2 What You Need to KnowThe following terms and concepts may help as you read through this chapter.Voice CodingA codec (coder/decoder) codes analog voice signals into digital signals and decodes the digital signals back into voice signals. The BM2022w supports the following codecs.•G.711 is a Pulse Code Modulation (PCM) waveform codec. PCM measures analog signal amplitudes at regular time intervals (sampling) and converts them into digital bits (quantization). Quantization “reads” the analog signal and then “writes” it to the nearest digital value. For this reason, a digital sample is usually slightly different from its analog original (this difference is known as “quantization noise”). G.711 provides excellent sound quality but requires 64kbps of bandwidth.
Chapter 9 The VoIP General ScreensBM2022w User’s Guide158•G.729 is an Analysis-by-Synthesis (AbS) hybrid waveform codec. It uses a filter based on information about how the human vocal tract produces sounds. The codec analyzes the incoming voice signal and attempts to synthesize it using its list of voice elements. It tests the synthesized signal against the original and, if it is acceptable, transmits details of the voice elements it used to make the synthesis. Because the codec at the receiving end has the same list, it can exactly recreate the synthesized audio signal.G.729 provides good sound quality and reduces the required bandwidth to 8kbps.Quality of Service (QoS)Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay and the networking methods used to provide bandwidth for real-time multimedia applications. Type Of Service (ToS)Network traffic can be classified by setting the ToS (Type Of Service) values at the data source (for example, at the BM2022w) so a server can decide the best method of delivery, that is the least cost, fastest route and so on. The ToS field is consist of 8 bits. The first 3 bits indicate the priority of the packet.DiffServDiffServ is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired. This allows the intermediary DiffServ-compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow. In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going.DiffServ uses the first 6 bits of the 8-bit ToS value so that it can be backward compatible with non-DiffServ compliant but ToS-enabled network device. See Section 9.6.1 on page 162 for more information.SIPThe Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet. SIP signaling is separate from the media for which it handles sessions. The media that is exchanged during the session can use a different path from that of the signaling. SIP handles telephone calls and can interface with traditional circuit-switched telephone networks.RTPWhen you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is used to handle voice data transfer. See RFC 1889 for details on RTP.Speed DialSpeed dial provides shortcuts for dialing frequently used phone numbers. You can map a phone number to a self-defined key(s) and then use that key(s) to call the phone number. For example, you can map 123456 to #01. When you press #01 it means that you press 123456.
Chapter 9 The VoIP General ScreensBM2022w User’s Guide 1599.1.3 Before you Begin• Ensure that you have all of your voice account information on hand. If not, contact your voice account service provider to find out which settings in this chapter you should configure in order to use your telephone with the BM2022w.• Connect your BM2022w to the Internet, as described in the Quick Start Guide. If you have not already done so, then you will not be able to test your VoIP settings.9.2 MediaClick VoIP > General > Media to set up and maintain global VoIP settings.Figure 86 VoIP > General > MediaThe following table describes the labels in this screen.Table 68 VoIP > General > MediaLABEL DESCRIPTIONPort RangeMedia Port StartMedia Port EndEnter the listening port number(s) for RTP traffic on the BM2022w, if your VoIP service provider gave you this information. Otherwise, keep the default values.To enter one port number, enter the port number in the both Media Port Start and Media Port End fields.To enter a range of ports, enter the beginning port number of the range in the Media Port Start field and the ending port number in the Media Port End field.Codec Packetization Time SettingsG.711, G.729 Select how often (10 to 60 msecs) the BM2022w sends an RTP packet for each type of voice coder/decoder (codec) G.711 and G.729.Advanced
Chapter 9 The VoIP General ScreensBM2022w User’s Guide1609.3 QoSThis section describes the features of the Quality of Service (QoS) screen.Click VoIP > General > QoS to set up Type of Service (ToS) and Differentiated Services (Diffserv) settings for voice traffic transmission through the BM2022w.Figure 87 VoIP > General > QoSThe following table describes the labels in this screen.Voice Jitter Buffer TypeVoice jitter is a variation in delay of RTP packets delivery. This could cause strange sound effects. The BM2022w can utilize the following types of jitter buffer to minimize the effects of jitter.Dynamic - Jitter buffer size is dynamically changed by RTP packets delivery status.Static - Jitter buffer size is fixed.Voice Jitter Buffer LengthSelect the maximum number of milliseconds of voice traffic the BM2022w can help to smooth out the jitter in order to ensure good voice quality for your conversations.Packet Loss ConcealmentPackets may be dropped due to an overwhelming amount of traffic on the network. Some degree of packet loss will not be noticeable to the end user, but as packet loss increases the quality of sound degrades. Select this to have the BM2022w to improve the voice quality when packet loss occurs.T.38 Static Jitter LengthT.38 is an ITU-T standard that VoIP devices use to send fax messages over the Internet.Select the number of milliseconds for the jitter buffer size used for transmitting T.38 fax messages.Table 68 VoIP > General > Media (continued)LABEL DESCRIPTIONTable 69 VoIP > General > QoSLABEL DESCRIPTIONSIP ToS/DiffServ Enter the DSCP value you want to mark on all outgoing SIP packets generated by the BM2022w for DiffServ-enabled networks. Since DiffServ uses the first 6 bits of the 8-bit IP ToS field to represent the DSCP value, enter here the 6-bit DSCP value you want to mark in hexadecimal (in a format of 0x00), and the BM2022w will then automatically append 2 bits '0' to make a whole 8-bit ToS field value for all outgoing SIP packets. For example, if you enter 0x2E, it is 101110 in binary for DSCP. The BM2022w converts it to 10111000 in binary and marks on the IP ToS field of all the outgoing SIP packets.RTP ToS/DiffServ Enter the DSCP value you want to mark on all outgoing VoIP data packets (including both RTP and T.38 UDPTL packets) generated by the BM2022 for DiffServ-enabled networks.
Chapter 9 The VoIP General ScreensBM2022w User’s Guide 1619.4 SIP SettingsClick VoIP > General > SIP to set up session timer on the BM2022w. See Section 10.8 on page 173 for more information on SIP.Figure 88 VoIP > General > SIPThe following table describes the labels in this screen.9.5 Speed DialSpeed dial allows you to use a shorter number for dialing frequently used phone numbers.Click VoIP > General > Speed Dial to add, edit, or remove speed-dial rules.Figure 89 VoIP > General > Speed DialTable 70 VoIP > General > SIPLABEL DESCRIPTIONSession Timer EnableSelect this to activate the BM2022w’s SIP Session Timer. SIP Session Timer is a function used by both of the communication peers to determine if the call session is still active (alive) or not. It uses the method specified in the following Refresh Method field to periodically refresh the SIP sessions.Refresh Method Select the method to be used for periodically refreshing SIP sessions, to determine if the session is still active. Select UPDATE to use Update requests to refresh the session and select INVITE to use Re-Invite requests. You should use the same method as the peer device.The Update method uses less overhead than Re-Invite, but is not as widely supported as Re-Invite. By default the BM2022w is set to use the UPDATEmethod. When set to UPDATE, the BM2022w can also revert to using the INVITE method for SIP session refresh, depending on the method supported and allowed by the peer device.
Chapter 9 The VoIP General ScreensBM2022w User’s Guide162The following table describes the labels in this screen. 9.6 Technical ReferenceThe following section contains additional technical information about the BM2022w features described in this chapter.9.6.1 DSCP and Per-Hop Behavior DiffServ defines a new DS (Differentiated Services) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels. The following figure illustrates the DS field. Figure 90 DiffServ: Differentiated Service FieldDSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies.Table 71 VoIP > General > Speed DialLABEL DESCRIPTIONSpeed Dial Rules - This is a list of speed dial numbers. To edit an existing speed dial rule, you can click the row for the rule and editable fields will appear.Active This field displays whether the rule is activated or not.Short Number This field displays the abbreviated number you want to use to substitute for the real (actual) phone number in the following Real Number field. When the rule is activated, you can press the assigned Short Number to dial the Real Number.Real Number This field displays the actual phone number you want the BM2022w to call when you use the specified Short Number.Enter the actual phone number you want the BM2022w to call when you use the specified Short Number if you are editing the entry.Notes This field displays additional information for this speed-dial rule.Enter additional information or any remark for this speed-dial rule if your are editing the entry.Remove Click this to remove the rule.Add Click this to add a new speed-dial rule.OK Click this to save the changes you made in this table.DSCP(6-bit)Unused(2-bit)
BM2022w User’s Guide 163CHAPTER 10The VoIP Account Screens10.1 OverviewUse the VoIP > Account 1 and VoIP > Account 2 screens to configure SIP servers, authentication, additional VoIP features, dialing timeout values and how to handle fax messages for two accounts on the BM2022w. Account 1 maps to phone port 1 and account 2 maps to phone port 2. Since both the Account 1 and Account 2 screens are quite similar, this section uses the VoIP > Account 1 screens to describe the fields.10.1.1 What You Can Do in This Chapter•The Status screen (Section 10.2 on page 166) lets you view the current status of the SIP server, and selected phone line and call history. You can also manually disconnect the VoIP connection or request the SIP server for a new connection.•The Server screen (Section 10.3 on page 168) lets you configure the SIP server, proxy server and outbound server settings for the phone line.•The SIP screen (Section 10.4 on page 169) lets you configure the SIP account, codec and SIP settings for the phone line.•The Feature screen (Section 10.5 on page 171) lets you configure the SIP additional functions such as DTMF, call forward and call waiting for the phone line.•The Dialing screen (Section 10.6 on page 172) lets you configure some timeout setting for the phone line.•The FAX screen (Section 10.7 on page 173) lets you configure which standard the phone line uses for sending faxes.10.1.2 What You Need to KnowThe following terms and concepts may help as you read through this chapter.SIP IdentitiesA SIP account uses an identity (sometimes referred to as a SIP address). A complete SIP identity is called a SIP URI (Uniform Resource Identifier). A SIP account's URI identifies the SIP account in a way similar to the way an e-mail address identifies an e-mail account. The format of a SIP identity is SIP-Number@SIP-Service-Domain.SIP NumberThe SIP number is the part of the SIP URI that comes before the “@” symbol. A SIP number can use letters like in an e-mail address (johndoe@your-ITSP.com for example) or numbers like a telephone number (1122334455@VoIP-provider.com for example).
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide164SIP Service DomainThe SIP service domain of the VoIP service provider (the company that lets you make phone calls over the Internet) is the domain name in a SIP URI. For example, if the SIP address is 1122334455@VoIP-provider.com, then “VoIP-provider.com” is the SIP service domain.SIP Register ServerA SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register. SIP User AgentA SIP user agent can make and receive VoIP telephone calls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol. In the following figure, either A or B can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent to receive the call.Figure 91 SIP User AgentSIP Proxy ServerA SIP proxy server receives requests from clients and forwards them to another server.In the following example, you want to use client device A to call someone who is using client device C.1The client device (A in the figure) sends a call invitation to the SIP proxy server (B).2The SIP proxy server forwards the call invitation to C.Figure 92 SIP Proxy ServerABACB12
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide 165STUNSTUN (Simple Traversal of User Datagram Protocol (UDP) through Network Address Translators) allows the BM2022w to find the presence and types of NAT routers and/or firewalls between it and the public Internet. STUN also allows the BM2022w to find the public IP address that NAT assigned, so the BM2022w can embed it in the SIP data stream. STUN does not work with symmetric NAT routers or firewalls. See RFC 3489 for details on STUN.The following figure shows how STUN works. 1The BM2022w (A) sends SIP packets to the STUN server (B).2The STUN server (B) finds the public IP address and port number that the NAT router used on the BM2022w’s SIP packets and sends them to the BM2022w.3The BM2022w uses the public IP address and port number in the SIP packets that it sends to the SIP server (C).Figure 93 STUNOutbound ProxyYour VoIP service provider may host a SIP outbound proxy server to handle all of the BM2022w’s VoIP traffic. This allows the BM2022w to work with any type of NAT router and eliminates the need for STUN or a SIP ALG. Turn off a SIP ALG on a NAT router in front of the BM2022w to keep it from retranslating the IP address (since this is already handled by the outbound proxy server).NAT and SIPThe BM2022w must register its public IP address with a SIP register server. If there is a NAT router between the BM2022w and the SIP register server, the BM2022w probably has a private IP address. The BM2022w lists its IP address in the SIP message that it sends to the SIP register server. NAT does not translate this IP address in the SIP message. The SIP register server gets the BM2022w’s IP address from inside the SIP message and maps it to your SIP identity. If the BM2022w has a private IP address listed in the SIP message, the SIP server cannot map it to your SIP identity.Use a SIP ALG (Application Layer Gateway), STUN, or outbound proxy to allow the BM2022w to list its public IP address in the SIP messages.DTMFDual-Tone Multi-Frequency (DTMF) telephone call signaling uses pairs of frequencies (one lower frequency and one higher frequency) to set up calls. It is also known as Touch Tone. Each of the keys on a DTMF telephone corresponds to a different pair of frequencies. A123NAT
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide166Supplementary Phone Services OverviewSupplementary services such as call hold, call waiting, call transfer, etc. are generally available from your VoIP service provider. The BM2022w supports the following services:• Call Waiting• Call Forwarding•Caller IDNote: To take full advantage of the supplementary phone services available though the BM2022w's phone port, you may need to subscribe to the services from your VoIP service provider.10.2 StatusClick VoIP > Account 1 (or Account 2) > Status to view VoIP settings and current status.Figure 94 VoIP > Account 1 (or Account 2) > StatusThe following table describes the labels in this screen.Table 72 VoIP > Account 1 (or Account 2) > StatusLABEL DESCRIPTIONServer StatusSIP Register This field displays the IP address (or domain name) and service port number of the register server, if you have configured one.SIP Service Domain This field displays the SIP service domain and port number of the SIP server, if you have configured one.Proxy Server This field displays the IP address (or domain name) and service port number of the SIP proxy server, if you have configured one.
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide 167Outbound Server This field displays the IP address (or domain name) and service port number of the outbound proxy server, if you have configured one.Register Status This field displays Disabled if the SIP account (set up in Section 10.4 on page 169) is disabled or de-registered from the registrar server. It displays Registering (or Unregistering) after sending out the SIP register (or unregister) message to make registration (or de-registration) at (or from) the SIP registrar server. If the registration fails, for example, rejected by SIP registrar server (due to wrong authentication data) or timeout to get response from the server, Errorwould be displayed. It displays Up if the SIP account is registered at the registrar server successfully.Line StatusSubscriber Number This field displays the SIP phone number for the phone line.Account Status This indicates whether the SIP account is activated or not. Enable means activated and Disable means deactivated.Phone Status This field displays the phone status, such as Idle,Calling,Ringing,Connecting,InCall,Hold, and Disconnecting.Call HistoryReceived call This field displays the number of calls you have received through the connected phone since the BM2022w last restarted or was turned on.Missing call This field displays the number of calls you have missed since the BM2022w last restarted or was turned on.Outgoing call This field displays the number of calls you have made through the connected phone since the BM2022w last restarted or was turned on.Connect Click this to register the BM2022w to the specified register server.Disconnect Click this to de-register the BM2022w with the register server.Table 72 VoIP > Account 1 (or Account 2) > StatusLABEL DESCRIPTION
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide16810.3 ServerClick VoIP > Account 1 (or Account 2) > Server to configure the registrar server, proxy server and outbound proxy server for this SIP account.Figure 95 VoIP > Account 1 (or Account 2) > ServerThe following table describes the labels in this screen.Table 73 VoIP > Account 1 (or Account 2) > ServerLABEL DESCRIPTIONRegistrar ServerRegistrar Server Enter the IP address or domain name of a register server. You can use up to 63 printable ASCII characters.Port Number Enter the SIP server’s listening port number. Keep the default value, if you are not sure of this value.SIP Service Domain Enter the IP address or domain name of a SIP server, if your VoIP service provider gave you one.Otherwise, enter the same address that you have entered in the RegistrarServer field. You can use up to 63 printable ASCII characters.Register Period Time Enter the registration expiry time in seconds for the SIP account specified in Section 10.4 on page 169. The allowable range is 60~65535 seconds. However, this value is just a default preference value by user, the actual registration expiry time used by the SIP account is determined by the registrar server after the registration process.Once the SIP account has registered at the registrar server successfully, the BM2022w will send a re-register message to keep alive the successfully registered status at every half of the registration expiry time determined by the registrar server.If the keep-alive action failed, the register status described in Section 10.2 on page 166 will become Error state and you can not make any call in this status. However, after 512 seconds (fixed value), the BM2022w will send a register message again to try to recover a successfully registered status.Proxy ServerProxy Server Enter the IP address or domain name of the SIP proxy server provided by your VoIP service provider. You can use up to 63 printable ASCII characters.
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide 16910.4 SIPClick VoIP > Account 1 (or Account 2) > SIP to configure SIP settings.Figure 96 VoIP > Account 1 (or Account 2) > SIPThe following table describes the labels in this screen.Port Number Enter the SIP proxy server’s listening port number, if your VoIP service provider gave you one. Otherwise, keep the default value.Outbound ServerOutbound Server Enter the IP address or domain name of the outbound proxy server provided by your VoIP service provider. You can use up to 63 printable ASCII characters. If you choose not to use an outbound proxy server, set this to 0.0.0.0.Port Number Enter the outbound proxy’s listening port number, if your VoIP service provider gave you one. Otherwise, leave it as the default ‘5060’.If the outbound proxy is disabled (set to 0.0.0.0), then this port will be ignored.Table 73 VoIP > Account 1 (or Account 2) > ServerLABEL DESCRIPTIONTable 74 VoIP > Account 1 (or Account 2) > SIPLABEL DESCRIPTIONSIP AccountEnable Select this if you want the BM2022w to use this account. Clear it if you do not want the BM2022w to use this account.SIP Local Port Enter the BM2022w’s listening port number, if your VoIP service provider gave you one. Otherwise, keep the default value.Subscriber Number Enter your SIP number. In the full SIP URI, this is the part before the @ symbol. You can use up to 1-31 printable ASCII characters.Authentication Name Type the SIP user name associated with this account for authentication to the SIP register server.This field can be 1-31 printable characters (A-Z, a-z, 0-9).
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide170Password Type the SIP password associated with this account. This field can be 0-31 printable characters (A-Z, a-z, 0-9), underscores (_), pluses (+), periods (.), and “at” symbols (@).Codec Settings1st Codec, 2nd Codec, 3rd CodecSelect the BM2022w’s first, second, and third choices of the type of voice coder/decoder (codec) that you want the phone line to use when communicating with the SIP server. The following codecs (shown in highest quality to lowest quality order) are supported by the BM2022w:• G.711 aLaw (typically used in Europe)• G.711 muLaw (typically used in North America and Japan)• G.729You can also select NONE for the 2nd and 3rd codecs if your VoIP service provider only gave you one or two codec settings.When two SIP devices start a SIP session, they must agree on a codec.Session TimerMin Session Timer Enter the minimum session expiry time in seconds. The allowable range is 90~65535 seconds.When an incoming call requests a session expiry time that is lower than this value, the BM2022w will respond with a "423 session timer too small" message and tell the peer to use this value as the minimum bound.Session Timer Enter the session expiry time in seconds for all phone connections on this trunk. The allowable range is 120~65535 seconds. This value cannot be lower than the Min Session Timer.The BM2022w will use INVITE or UPDATE method to keep alive a session every half of the session expiry time during a call.If the keep-alive action is successful, the BM2022w will re-start the timer and do another keep-alive action after it reaches half of the session expiry time.If the keep-alive action failed, the call will terminate automatically.See Section 9.4 on page 161 to configure the Refresh Method with the INVITE or UPDATE method.Table 74 VoIP > Account 1 (or Account 2) > SIPLABEL DESCRIPTION
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide 17110.5 FeatureClick VoIP > Account 1 (or Account 2) > Feature to configure advanced VoIP features such as DTMF, Call Forwarding and Call Waiting.Figure 97 VoIP > Account 1 (or Account 2) > FeatureThe following table describes the labels in this screen.Table 75 VoIP > Account 1 (or Account 2) > FeatureLABEL DESCRIPTIONFeature SettingsBlock Anonymous Call Select this to have the BM2022w block all incoming calls from phone that do not send caller ID.Do Not Disturb(DND) Select this to have the BM2022w not forward calls to the phone line while processing incoming calls. Thus, for any incoming call, the remote peer can hear ringback tone, but the phone connected on the BM2022w would not ring. Meanwhile, the BM2022w can still make outgoing calls as usual.Note: The DND function should be used very carefully, since enabling DND makes the BM2022w not forward any incoming call to the phone line so the user would never know whether there are any incoming calls.Hide User ID (MakeAnonymous Call)Select this to not have your Caller ID(number) displayed on the callee's screen.
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide17210.6 DialingClick VoIP > Account 1 (or Account 2) > Dialing to configure dialing timeout values.Figure 98 VoIP > Account 1 (or Account 2) > DialingMWI (Message Waiting Indication)Select this to enable Message Waiting Indicator (MWI) function for this SIP account specified in Section 10.4 on page 169. When there is at least one new voicemail for the SIP account, the voice LED (described in Section 1.2.1 on page 19) turns yellow and the BM2022w sends a beeping tone to the phone while user picks-up the phone to make calls.DTMFDTMF Control how the BM2022 handles the DTMF tone relay to the communication peer. The DTMF tone is generated by the phone when you push its digit buttons during a call. One application is to send numbers when trying to do IVR (Interactive Voice Response) service with server.You should use the same mode as your VoIP service provider. The choices are:•Out-of-band(RFC 2833) - Follow the RFC 2833 standard and send the DTMF tones in RTP packets.•In Band - Send the DTMF tones in the voice data stream. This works best when you are using a codec that does not use compression (like G.711). Codecs that use compression (like G.729) can distort the tones.SIP INFO Select this to have the BM2022w send the DTMF tones in SIP messages.Call Forward SettingUnconditional CF,Unconditional CF TargetSelect this if you want the BM2022w to forward all incoming calls to the specified phone number, regardless of other rules in this Call Forward Setting section. Specify the phone number in the Unconditional CF Target field.Note: The Unconditional CF function should be used very carefully, since enabling this function makes the BM2022w forward all incoming calls to another phone number, so the user would never know if there are any incoming calls.Busy CF,Busy CF Target Select this if you want the BM2022w to forward incoming calls to the specified phone number if the phone port is busy. Specify the phone number in the Busy CF Target field. If you have call waiting, the incoming call is forwarded to the specified phone number if you reject or ignore the second incoming call.No Answer CF,No Answer CF Target, No Answer CF Waiting TimeSelect this if you want the BM2022w to forward incoming calls to the specified phone number if the call is unanswered. Specify the phone number in the No Answer CF Target field on the right. Specify the time to wait before forwarding incoming calls in the No Answer CF Waiting Time field.Call Waiting SettingCall Waiting Select this to enable call waiting for this SIP account on the BM2022w.Call Waiting Reject Time Enter time to wait before rejecting a call when call waiting is enabled.Table 75 VoIP > Account 1 (or Account 2) > FeatureLABEL DESCRIPTION
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide 173The following table describes the labels in this screen.10.7 FAXClick VoIP > Account 1 (or Account 2) > FAX to configure which standard the account uses for fax services.Figure 99 VoIP > Account 1 (or Account 2) > FAXThe following table describes the labels in this screen.10.8 Technical ReferenceThe following section contains additional technical information about the BM2022w features described in this chapter.10.8.1 SIP Call Progression with Session TimerThe following figure displays the basic steps in the setup and tear down of a SIP call with session timer supported by both peers. The UPDATE method is used to refresh the session. A calls B and uses proxy server P. Messages include Session Expiry (SE) and Minimum Session Expiry (MSE) Table 76 VoIP > Account 1 (or Account 2) > DialingLABEL DESCRIPTIONInter-digit Timeout Set the time in seconds (1~5) the BM2022w waits for each digit input of a complete callee number after you press the first key on the phone.If the BM2022w cannot receive the next digit entered within this time period, the BM2022w processes digits you have dialed.First-digit Timeout Set the number of seconds (5~30) for the BM2022w to wait for you to start dialing a number after you pick up the telephone receiver. If you do not dial any number within that time period, the dial tone becomes a busy signal. Put back the receiver and pick it up again if you want to make a new call.Table 77 VoIP > Account 1 (or Account 2) > FAXLABEL DESCRIPTIONOptions Select which standard the BM2022w uses to handle faxes. The peer devices must also use standard.G.711A Pass Through - Select this option to send and receive fax messages over the network or Internet using VoIP (G.711a). By encoding fax data as audio data, faxes may be susceptible to packet loss and other errors. However, as this standard is considerably older than T.38, it is more compatible with older obsolete systems.T.38 FAX Relay - BM2022w encodes fax messages to T.38 packets and sends as UDP packets through IP networks. This provides better quality, but it may have interoperability problems.
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide174time values. When the duration of the call reaches half of the SE time period, the session is refreshed. Table 78 SIP Call ProgressionA P B1. INVITESE: 60------------------>2. 422MSE: 3600<-----------------------3. ACK------------------>4. INVITESE: 3600MSE: 3600------------------>5. INVITESE: 3600MSE: 3600------------------------>6. INVITESE: 3600MSE: 3600-------------------->7. OKSE: 3600<-------------------8. OKSE: 3600<------------------------9. OKSE: 3600<------------------10. ACK ------------------>11. ACK ------------------------> -------------------->12. Dialogue (voice traffic)
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide 1751A sends a SIP INVITE request. This message is an invitation for B to participate in a SIP telephone call. A’s INVITE specifies a SE of 60 seconds.2A’s request arrives at P but is below the minimum allowed value of 3600, so it is rejected with a 422 message, which contains the MSE of 3600.3A sends an ACK to acknowledge the message was received.4A retries the INVITE request with SE of 3600 and MSE of 3600.5The SE in the new INVITE is acceptable so P forwards it to B.6B receives the INVITE.7B responds with an OK message which includes the SE of 3600.8P forwards the OK message to A.9A receives the OK.10 A then sends an ACK message to acknowledge that the call is established completely. 11 The proxy server forwards the ACK message to B.12 Now A and B exchange voice media (talk). 13 After around half of the SE time period is reached, or 1800 seconds in this case, A sends an UPDATE request to refresh the session.13. UPDATESE: 3600------------------>14. UPDATESE:3600-----------------------> --------------------><----------------------15. OKSE: 3600<-------------------16. OKSE: 3600<------------------17. BYE------------------>18. OK<-------------------Table 78 SIP Call Progression (continued)A P B
Chapter 10 The VoIP Account ScreensBM2022w User’s Guide17614 The UPDATE request is forwarded by P to B.15 B receives the UPDATE request and responds with an OK message.16 The OK message is received by A.17 After talking, A hangs up and sends a BYE request. 18 B replies with an OK response confirming receipt of the BYE request and the call is terminated.10.8.2 SIP Client ServerSIP is a client-server protocol. A SIP client is an application program or device that sends SIP requests. A SIP server responds to the SIP requests. When you use SIP to make a VoIP call, it originates at a client and terminates at a server. A SIP client could be a computer or a SIP phone. One device can act as both a SIP client and a SIP server. For more information on the SIP protocol, please refer to RFC 3261.
BM2022w User’s Guide 177CHAPTER 11The VoIP Line Screens11.1 OverviewThe VoIP > Line screens allow you to configure the volume, echo cancellation, VAD settings and custom tones for phone ports 1 and 2 which map to SIP accounts 1 and 2 (see Chapter 10 on page 163). Since both the Line 1 and Line 2 screens are quite similar, this section uses the VoIP > Line 1 screens to describe the fields.11.1.1 What You Can Do in This Chapter•The Phone screen (Section 11.2 on page 178) lets you configure phone settings.•The Voice screen (Section 11.3 on page 178) lets you configure voice settings.•The Region screen (Section 11.4 on page 179) lets you configure which country of the world the BM2022w is in.11.1.2 What You Need to KnowThe following terms and concepts may help as you read through this chapter.Voice Activity Detection/Silence Suppression/Comfort NoiseVoice Activity Detection (VAD) detects whether or not speech is present. This lets the BM2022w reduce the bandwidth that a call uses by not transmitting “silent packets” when you are not speaking.When using VAD, the BM2022w generates comfort noise when the other party is not speaking. The comfort noise lets you know that the line is still connected as total silence could easily be mistaken for a lost connection.Echo Cancellation G.168 is an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk.
Chapter 11 The VoIP Line ScreensBM2022w User’s Guide17811.2 PhoneClick VoIP > Line 1 (or Line 2) > Phone to configure phone related settings.Figure 100 VoIP > Line 1 (or Line 2) > PhoneThe following table describes the labels in this screen. 11.3 VoiceClick VoIP > Line 1 (or Line 2) > Voice to configure voice settings.Figure 101 VoIP > Line 1 (or Line 2) > VoiceThe following table describes the labels in this screen. Table 79 VoIP > Line 1 (or Line 2) > PhoneLABEL DESCRIPTIONPhoneHook Flash Detect Upper BoundEnter the number of milliseconds for the upper bound of a quick on-hook and off-hook cycle in order to recognize a hook flash event.Hook Flash Detect Lower BoundEnter the number of milliseconds for the lower bound of a quick on-hook and off-hook cycle in order to recognize a hook flash event.Voice Tx Level Select the volume level transmitted by the BM2022w. -9 is the quietest, and 9 is the loudest.Voice Rx Level Select the volume level transmitted to the BM2022w. -9 is the quietest, and 9 is the loudest.Table 80 VoIP > Line 1 (or Line 2) > VoiceLABEL DESCRIPTIONVAD - Voice Activity DetectionEnable VAD Enable Voice Active Detector (VAD) to have the BM2022w stop transmitting voice traffic when you are not speaking using the detection method. This reduces the bandwidth the BM2022w uses.
Chapter 11 The VoIP Line ScreensBM2022w User’s Guide 17911.4 RegionClick VoIP > Line 1 (or Line 2) > Region to maintain settings that depend on which region of the world the BM2022w is in.Figure 102 VoIP > Line 1 (or Line 2) > RegionThe following table describes the labels in this screen. LEC - Line Echo CancellationLine Echo Canceller Tail LengthSelect the maximum number of milliseconds of an echo length (16 ms, 32 ms or 48 ms) the BM2022w can handle and eliminate the effect. An echo is normally caused by the sound of your voice reverberating in the telephone receiver while you talk. Select Disable to turn this feature off.Table 80 VoIP > Line 1 (or Line 2) > VoiceLABEL DESCRIPTIONTable 81 VoIP > Line 1 (or Line 2) > RegionLABEL DESCRIPTIONCountry Profile Select the place in which the BM2022w is located, USA (Default) or any other country.
Chapter 11 The VoIP Line ScreensBM2022w User’s Guide180
BM2022w User’s Guide 181CHAPTER 12Maintenance12.1 OverviewUse these screens to manage and maintain your BM2022w.12.1.1 What You Need to KnowThe following terms and concepts may help as you read through this chapter.Remote Management LimitationsRemote management over LAN or WAN will not work when:1You have disabled that service in one of the remote management screens.2The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the BM2022w will disconnect the session immediately.3There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time.Remote Management and NATWhen NAT is enabled:• Use the BM2022w’s WAN IP address when configuring from the WAN. • Use the BM2022w’s LAN IP address when configuring from the LAN.System TimeoutThere is a default system management idle timeout of five minutes. The BM2022w automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling.SNMPSimple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your BM2022w supports SNMP agent functionality, which allows a manager station to manage and monitor the BM2022w through the network. The BM2022w supports SNMP version one (SNMPv1) and version two (SNMPv2). The next figure illustrates an SNMP management operation.
Chapter 12 MaintenanceBM2022w User’s Guide182Note: SNMP is only available if TCP/IP is configured.TR-069TR-069 is an abbreviation of “Technical Reference 069”, a protocol designed to facilitate the remote management of Customer Premise Equipment (CPE), such as the BM2022w. It can be managed over a WAN by means of an Auto Configuration Server (ACS). TR-069 is based on sending Remote Procedure Calls (RPCs) between the ACS and the client device. RPCs are sent in Extensible Markup Language (XML) format over HTTP or HTTPS. An administrator can use an ACS to remotely set up the BM2022w, modify its settings, perform firmware upgrades, and monitor and diagnose it. In order to do so, you must enable the TR-069 feature on your BM2022w and then configure it appropriately. (The ACS server which it will use must also be configured by its administrator.)Figure 103 TR-069 ExampleIn this example, the BM2022w receives data from at least 3 sources: A SIP server for handling voice calls, an HTTP server for handling web services, and an ACS, for configuring the BM2022w remotely. All three servers are owned and operated by the client’s Internet Service Provider. However, without the configuration settings from the ACS, the BM2022w cannot access the other two servers. Once the BM2022w receives its configuration settings and implements them, it can connect to the other servers. If the settings change, it will once again be unable to connect until it receives its updates from the ACS.The BM2022w can be configured to periodically check for updates from the auto-configuration server so that the end user need not be worried about it.SIPACSHTTP
Chapter 12 MaintenanceBM2022w User’s Guide 183SNMPAn SNMP managed network consists of two main types of component: agents and a manager.Figure 104 SNMP Management ModelAn agent is a management software module that resides in a managed device (the BM2022w). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices. The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. The BM2022w supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance.SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: • Get - Allows the manager to retrieve an object variable from the agent. • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. • Set - Allows the manager to set values for object variables within an agent. • Trap - Used by the agent to inform the manager of some events.
Chapter 12 MaintenanceBM2022w User’s Guide184The BM2022w sends traps to the SNMP manager when any of the following events occurs: OMA-DMWhen the BM2022w initiates communication with the server (often times at start up or after the first time you turn it on), the server uploads commands, new files (if any), and other information used by a service provider to customize the BM2022w’s features.Device management works as follows: 1The server (A) sends out the query (1) to the BM2022w (B).2The BM2022w responds by sending back its credentials (2), to which the server responds with its credentials along with a string of management operations (3).3The client responds to the management operations (4), perhaps confirming file alterations or confirming receipt of file uploads and so on. 4The server disconnects from the BM2022w once all of its management operations have been carried out.Figure 105 OMA-DM Data ManagementOMA-DM AuthenticationIn order to ensure the integrity of the connection between an OMA-DM server and the BM2022w, communication between the two is encoded using one of three common algorithms. They are not intended to be used in lieu of proper digital security, but instead as a means of transmitting multiple Table 82 SNMP TrapsTRAP # TRAP NAME DESCRIPTION0coldStart (defined in RFC-1215)A trap is sent after booting (power on).1warmStart (defined in RFC-1215)A trap is sent after booting (software reboot).4authenticationFailure (defined in RFC-1215)A trap is sent to the manager when receiving any SNMP get or set requirements with the wrong community (password).6whyReboot A trap is sent with the reason of restart before rebooting when the system is going to restart (warm start).6a For intentional reboot: A trap is sent with the message "System reboot by user!" if reboot is done intentionally, (for example, download new files, CI command "sys reboot", etc.).6b For fatal error: A trap is sent with the message of the fatal code if the system reboots because of fatal errors.AB1234
Chapter 12 MaintenanceBM2022w User’s Guide 185disparate types of data over HTTP. Security encryption for communication is handled by different processes configured elsewhere in the BM2022w’s web configuratorBasic Access Authentication –Sends a person’s user name and password in Base64. This authentication protocol is supported by all browsers that are HTTP 1.0/1.1 compliant. Although converted to Base64 for the sake of cross-compatibility, credentials are nonetheless passed between the web browser and the server in plaintext, making it extremely easy to intercept and read. As such, it is rarely used anymore.Digest Access Authentication –This protocol was designed to replace basic access authentication. Instead of encoding a user name and password in plaintext, this protocol uses what is known as an MD5 message authentication code. It allows the server to issue a single-use, randomly generated number (known as a ‘nonce’) to the client (in this case, the web browser), which then uses the number as the ‘public key’ for encrypting its data. When the server receives the encrypted data, it unlocks it using the ‘key’ that was just provided. While stronger than basic access authentication, this protocol is not as strong as, say, HMAC, or as secure as the client using a client-side private key encryption scheme. Hash Message Authentication Code –Also known as HMAC, this code relies on cryptographic hash functions to bolster an existing protocol, such as MD5. It is a method for generating a stronger, significantly higher encryption key.OMA-DM Data ModelEach device that conforms to the current OMA-DM standard has an identical data structure embedded in its controlling firmware. This allows a similarly conforming OMA-DM server to navigate the folder structure and to make file alterations where appropriate or required.Figure 106 OMA-DM Data ModelIn the example data model shown here, the parent folders must conform to the OMA-DM standard. The child folders, on the other hand, can be customized on an individual basis. This allows the parent folders to all maintain a consistent URI (Uniform Resource Identifier) across all devices that meet the OMA-DM standard’s requirements. For example, in the preceding figure the URI for the “Games” folder is “./Vendor/Games/”. The “./Vendor/” portion of the URI exists on all devices that conform to the OMA-DM standard. The “Games” folder, however, may or may not exist depending on the services provided by the company managing the device.Root Folder./DMAccVendorOperatorMP3sGames
Chapter 12 MaintenanceBM2022w User’s Guide186DaytimeA network protocol used by devices for debugging and time measurement. A computer can use this protocol to set its internal clock but only if it knows in which order the year, month, and day are returned by the server. Not all servers use the same format.TimeA network protocol for retrieving the current time from a server. The computer issuing the command compares the time on its clock to the information returned by the server, adjusts itself automatically for time zone differences, then calculates the difference and corrects itself if there has been any temporal drift.NTPNTP stands for Network Time Protocol. It is employed by devices connected to the Internet in order to obtain a precise time setting from an official time server. These time servers are accurate to within 200 microseconds.12.2 PasswordUse this screen to set up admin and guest accounts for logging into and managing the WiMAX Device. The “admin” user can access and configure all screens. The “guest” user can only perform some basic settings such as viewing the system status information, configuring LAN, NAT, DDNS, and Firewall settings and reset the BM2022w to factory defaults and restart the BM2022w.Click Maintenance > Password to open this screen as shown next.Figure 107 Password ScreenThis screen contains the following fields:Table 83 PasswordLABEL DESCRIPTIONGroup Select the group for which you want to change the login password.Old Password Enter the old password for the login group.New Password Enter the new password for the login group.Retype Retype the new password for the login group.
Chapter 12 MaintenanceBM2022w User’s Guide 18712.3 HTTPUse this screen to allow remote access to the WiMAX Device from a network connection over HTTP.Click Maintenance > Remote MGMT > HTTP to open this screen as shown next.Figure 108 HTTP ScreenThis screen contains the following fields:12.4 TelnetUse this screen to allow remote access to the WiMAX Device from a network connection over Telnet.Table 84 HTTPLABEL DESCRIPTIONHTTP ServerEnable Select this to enable remote management using this service.Port Number Enter the port number this service can use to access the BM2022w. The computer must use the same port number.HTTPS ServerEnable Select this to enable remote management using this service.Port Number Enter the port number this service can use to access the BM2022w. The computer must use the same port number.HTTP and HTTPSAllowConnection from WANSelect this to allow incoming connections from the WAN over either HTTP or HTTPS.HTTP Session TimeoutSession Timeout Enter the number of minutes (0-99) the BM2022w waits to delete an inactive web connection (HTTP or HTTPS).
Chapter 12 MaintenanceBM2022w User’s Guide188Click Maintenance > Remote MGMT > Telnet to open this screen as shown next.Figure 109 Telnet ScreenThis screen contains the following fields:12.5 SSHUse this screen to allow remote access to the WiMAX Device from a network connection over SSH.Click Maintenance > Remote MGMT > SSH to open this screen as shown next.Figure 110 SSH ScreenThis screen contains the following fields:Table 85 TelnetLABEL DESCRIPTIONEnable Select this to enable remote management using this service.Port Number Enter the port number this service can use to access the BM2022w. The computer must use the same port number.Allow Connection from WANSelect this to allow connections using this service that originate on the WAN.Allow Connection from LANSelect this to allow connection using this service that originate on the LAN.Table 86 SSHLABEL DESCRIPTIONEnable Select this to enable remote management using this service.Port Number Enter the port number this service can use to access the BM2022w. The computer must use the same port number.Allow Connection from WANSelect this to allow connections using this service that originate on the WAN.Allow Connection from LANSelect this to allow connection using this service that originate on the LAN.
Chapter 12 MaintenanceBM2022w User’s Guide 18912.6 SNMPUse this screen to allow remote access to the WiMAX Device from a network connection over SNMP.Click Maintenance > Remote MGMT > SNMP to open this screen as shown next.Figure 111 SNMP ScreenThis screen contains the following fields:12.7 CWMPUse this screen to allow CWMP connections for remote management, firmware upgrades and troubleshooting.Table 87 SNMPLABEL DESCRIPTIONEnable Select this to enable remote management using this service.Location Enter the location of the SNMP server (for example, “Engineering Dept., Floor 6, Building A, New York City”).Contact Enter contact information for the administrator managing the SNMP server (for example, “Bill Smith, IT Dept., (555) 555-5454”).Read Community Enter the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests.Write Community Enter the password for incoming Set requests from the management station. The default is public and allows all requests.Trap Server Enter the IP address of the station to send your SNMP traps to.Trap Community Enter the trap community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests.
Chapter 12 MaintenanceBM2022w User’s Guide190Click Maintenance > Remote MGMT > CWMP to open this screen as shown next.Figure 112 CWMP ScreenThis screen contains the following fields:Table 88 CWMPLABEL DESCRIPTIONEnable Select this to enable remote management using this service.ACS Server URL Enter the URL or IP address of the auto-configuration server.Bootstrap Enable Select this to enable bootstrap events.ACS Username Enter the user name sent when the BM2022w connects to the ACS and which is used for authentication.You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed.ACS Password Enter the password sent when the BM2022w connects to an ACS and which is used for authentication.You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed.Periodical Inform EnableSelect this to allow the BM2022w to periodically connect to the ACS and check for configuration updates. If you do not enable this feature then the BM2022w can only be updated automatically when the ACS initiates contact with it and if you selected the checkbox on this screen.Periodical Inform IntervalEnter the time interval (in seconds) at which the BM2022w connects to the auto-configuration server.Connection Request UsernameEnter the connection request user name that the ACS must send to the BM2022w when it requests a connection.You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed.Note: This must be provided by the ACS administrator.
Chapter 12 MaintenanceBM2022w User’s Guide 19112.8 OMA-DMUse this screen to allow remote access to the WiMAX Device from a network connection over OMA-DM.Click Maintenance > Remote MGMT > OMA-DM to open this screen as shown next.Figure 113 OMA-DM ScreenThis screen contains the following fields:Connection Request PasswordEnter the connection request password that the ACS must send to the BM2022w when it requests a connection.You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed.Note: This must be provided by the ACS administrator.CA Certificate File Click Browse to upload a Certificate Authority (CA) certificate to the BM2022w.CA Certificate InfoThis displays information about the currently active CA certificate.Client Certificate FileClick Browse to upload a client certificate to the BM2022w.Client Certificate InfoThis displays information about the currently active client certificate.Table 88 CWMP (continued)LABEL DESCRIPTIONTable 89 OMA-DMLABEL DESCRIPTIONEnable Select this to enable remote management using this service.Server URL Enter the IP address or URL of the OMA-DM server that you intend to use to manage this device. Server Port Enter the port number for the IP address of the OMA-DM server set up in the preceding field.
Chapter 12 MaintenanceBM2022w User’s Guide192Server Auth Type Select the encryption algorithm scheme used by the OMA-DM server to communicate with client devices. If the scheme selected here does not match the actual scheme used by the server, then server will challenge the BM2022w to automatically update its settings.•None - No authentication.•Basic - Server ID and Password are encoded using a Basic Access Authentication Code.•Digest (MD5) - Server ID and Password are encoded using a Digest Access Authentication Code.•HMAC - Server ID and Password are encoded using a keyed Hash Message Authentication Code.Server ID Enter the identification code for the server. This is used by the BM2022w during the communication handshake process to identify the server.Server Password Enter the password for the server’s identification code. This shared public key is used by the BM2022w during the communication handshake process to identify the server.Server Nonce The BM2022w and the OMA-DM server use nonces to authenticate each other if you select MD5 as the authentication algorithm in the Server Auth Type field. Nonce is an abbreviation of 'number used once'. It is normally a random or pseudo-random number applied in an authentication protocol to protect existing communications from being reused in ‘replay attacks’.Type up to 20 digits for the OMA-DM server nonce.Client Auth Type Select the encryption algorithm scheme used by the OMA-DM server to communicate with client devices. If the scheme selected here does not match the actual scheme used by the server, then server will challenge the BM2022w to automatically update its settings.•None - No authentication.•Basic - Server ID and Password are encoded using a Basic Access Authentication Code.•Digest (MD5) - Server ID and Password are encoded using a Digest Access Authentication Code.•HMAC - Server ID and Password are encoded using a keyed Hash Message Authentication Code.Note: Make sure that the scheme selected here matches the Server Auth Type.Client ID Enter the client name for the BM2022w.Client Password Enter the password for the BM2022w’s client name.Client Nonce The BM2022w and the OMA-DM server use nonces to authenticate each other if you select MD5 as the authentication algorithm in the Client Auth Type field.Type up to 20 digits for the OMA-DM client nonce. Periodical Client- Initiated EnableSelect this to allow the BM2022w to periodically connect to the OMA-DM server and check for configuration updates. If you do not enable this feature then the BM2022w can only be updated automatically when the OM-DM server initiates contact with it and if you selected the checkbox on this screen.Periodical Client-Initiated IntervalEnter the time interval (in seconds) at which the BM2022w connects to the OMA-DM server.Table 89 OMA-DM (continued)LABEL DESCRIPTION
Chapter 12 MaintenanceBM2022w User’s Guide 19312.9 DateUse these settings to set the system time or configure an NTP server for automatic time synchronization.Click Maintenance > Date/Time > Date to open this screen as shown next.Figure 114 Date ScreenThis screen contains the following fields:12.10 Time ZoneUse this screen to set the time zone in which the WiMAX device is physically located.Click Maintenance > Date/Time > Time Zone to open this screen as shown next.Figure 115 Time Zone ScreenTable 90 DateLABEL DESCRIPTIONManualNew Time Enter the new time in this field.New Date Enter the new date in this field.Get from Time ServerTime Protocol Select the time service protocol that your time server uses.Check with your ISP or network administrator, or use trial-and-error to find a protocol that works.•NTP (RFC 1305) - This format is similar to Time (RFC 868).Time Server Address 1~4 Enter the IP address or URL of your time server. Check with your ISP or network administrator if you are unsure of this information.
Chapter 12 MaintenanceBM2022w User’s Guide194This screen contains the following fields:12.11 Upgrade FileUse this screen to browse to a firmware file on a local computer and upload it to the WiMAX Device. Firmware files usually use the system model name with a "*.bin" extension, such as "BM2022w.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system restarts. Contact your service provider for information on available firmware upgrades.Note: Only use firmware for your BM2022w’s specific model.Click Maintenance > Firmware Upgrade > Upgrade File to open this screen as shown next.Figure 116 Upgrade File ScreenThis screen contains the following fields:12.11.1 The Firmware Upload ProcessWhen the BM2022w uploads new firmware, the process usually takes about two minutes. The device also automatically restarts in this time. This causes a temporary network disconnect.Note: Do not turn off the device while firmware upload is in progress!Table 91 Time ZoneLABEL DESCRIPTIONTime Zone Select the time zone at your location.Enable Daylight Savings TimeSelect this if your location uses daylight savings time. Daylight savings is a period from late spring to early fall when many places set their clocks ahead of normal local time by one hour to give more daytime light in the evening.Start Date Enter which hour on which day of which week of which month daylight-savings time starts.End Date Enter which hour on the which day of which week of which month daylight-savings time ends.Table 92 Upgrade FileLABEL DESCRIPTIONUpgrade File Click Browse then browse to the location of a firmware upgrade file and select it.Upgrade Click this to begin uploading the selected file. This may take up to two minutes.Note: Do not turn off the device while firmware upload is in progress!
Chapter 12 MaintenanceBM2022w User’s Guide 195After two minutes, log in again, and check your new firmware version in the Status screen. You might have to open a new browser window to log in.If the upload is not successful, you will be notified by error message.12.12 Upgrade LinkUse this screen to set the URL of a firmware file on a remote computer and upload it to the WiMAX Device.Click Maintenance > Firmware Upgrade > Upgrade Link to open this screen as shown next.Figure 117 Upgrade Link ScreenThis screen contains the following fields:12.13 CWMP UpgradeUse this screen to upgrade the firmware on the WiMAX Device using CWMP Request Download.Click Maintenance > Firmware Upgrade > CWMP Upgrade to open this screen as shown next.Figure 118 CWMP Upgrade ScreenThis screen contains the following fields:Table 93 Upgrade LinkLABEL DESCRIPTIONUpgrade Link Enter the URL or IP address of the firmware’s upgrade location on the network.Upgrade Click this to begin uploading the selected file. This may take up to two minutes.Note: Do not turn off the device while firmware upload is in progress!Table 94 CWMP UpgradeLABEL DESCRIPTIONUpgrade Click this to begin upgrading firmware using CWMP Request. This may take up to two minutes.Note: Do not turn off the device while firmware upload is in progress!
Chapter 12 MaintenanceBM2022w User’s Guide19612.14 BackupUse this screen to backup your current WiMAX Device settings to a local computer.Click Maintenance > Backup/Restore > Backup to open this screen as shown next.Figure 119 Backup/Restore ScreenThis screen contains the following fields:12.15 RestoreUse this screen to restore your WiMAX Device settings from a backup file on a local computer.Click Maintenance > Backup/Restore > Restore to open this screen as shown next.Figure 120 Restore ScreenTable 95 Backup/RestoreLABEL DESCRIPTIONBackup Click this to save the BM2022w’s current configuration to a file on your computer. Once your device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file is useful if you need to return to your previous settings.
Chapter 12 MaintenanceBM2022w User’s Guide 197This screen contains the following fields:12.15.1 The Restore Configuration ProcessWhen the BM2022w restores a configuration file, the device automatically restarts. This causes a temporary network disconnect. Note: Do not turn off the device while configuration file upload is in progress.If the BM2022w’s IP address is different in the configuration file you selected, you may need to change the IP address of your computer to be in the same subnet as that of the default management IP address (192.168.5.1). See the Quick Start Guide or the appendices for details on how to set up your computer’s IP address.You might have to open a new browser to log in again.If the upload was not successful, you are notified with an error message.12.16 Factory DefaultsUse this screen to restore the WiMAX Device to its factory default settings.Click Maintenance > Backup/Restore > Factory Defaults to open this screen as shown next.Figure 121 Factory Defaults ScreenThis screen contains the following fields:Table 96 RestoreLABEL DESCRIPTIONConfiguration File Click Choose File then browse to the location of a firmware upgrade file and select it. Click File Restore to upload the specified configuration to the BM2022w and replace the current settings.Backup Configuration File URLEnter the URL or IP address of the backup configuration file’s location on the network.Click URL Restore to upload the specified configuration to the BM2022w and replace the current settings.Table 97 Factory DefaultsLABEL DESCRIPTIONReset Click this to clear all user-entered configuration information and return the BM2022w to its factory defaults. There is no warning screen.
Chapter 12 MaintenanceBM2022w User’s Guide19812.17 Log SettingUse this screen to configure which type of events on the WiMAX Device are logged.Click Maintenance > LOG > Log Setting to open this screen as shown next.Figure 122 Log Setting ScreenThis screen contains the following fields:12.18 Log DisplayUse this screen to view the log messages of the WiMAX Device.Table 98 Log SettingLABEL DESCRIPTIONEnable Log Select this to have the BM2022w log network activity according to the selectedLog Level.Log Level Select the type of logs to record.Enable Remote LogSelect this to allow logs to be recorded and stored on a remote logs server.Remote Log Host Enter the remote log host IP address if Enable Remote Log is selected.Remote Log Port Enter the remote log host port if Enable Remote Log is selected.
Chapter 12 MaintenanceBM2022w User’s Guide 199Click Maintenance > LOG > Log Display to open this screen as shown next.Figure 123 Log Display ScreenThis screen contains the following fields:12.19 Ping TestUse this screen to test network connectivity using ping.Click Maintenance > Network Test > Ping to open this screen as shown next.Figure 124 Ping ScreenThis screen contains the following fields:Table 99 Log DisplayLABEL DESCRIPTIONDisplay Level Select the type of logs to display from this menu.Refresh Click this to refresh the logs in the display window.Table 100 PingLABEL DESCRIPTIONIP Address Enter the IP address or domain name of a target device to which this test will send.Ping Click this to start the test. The result will show at the bottom of the screen.
Chapter 12 MaintenanceBM2022w User’s Guide20012.20 Traceroute TestUse this screen to test network connectivity using traceroute.Click Maintenance > Network Test > Traceroute to open this screen as shown next.Figure 125 Traceroute ScreenThis screen contains the following fields:12.21 AboutThis screen displays information about the BM2022w that can be useful when upgrading firmware, considering deployment options, and working with technical support if the device encounters difficulties.Click Maintenance > About to open this screen as shown next.Figure 126 About ScreenThis screen contains the following fields:Table 101 TracerouteLABEL DESCRIPTIONIP Address Enter the IP address or domain name of a target device to which this test will send.Traceroute Click this to start the test. The result will show at the bottom of the screen.Table 102 AboutLABEL DESCRIPTIONSystem Model NameThis field displays the BM2022w system name. It is used for identification. Software Version This field displays the Web Configurator software version that the BM2022w is currently running.
Chapter 12 MaintenanceBM2022w User’s Guide 20112.22 RebootUse this screen to perform a software restart of the WiMAX Device. You may log in again within a few minutes of using the reboot button.Click Maintenance > Reboot to open this screen as shown next.Figure 127 Reboot ScreenThis screen contains the following fields:CROM Version This field displays the CROM version number.Firmware Version This field displays the current version of the firmware inside the device.Firmware Date This field displays the date the firmware version was created. Bootloader VersionThis field displays the bootloader version.Table 102 About (continued)LABEL DESCRIPTIONTable 103 RebootLABEL DESCRIPTIONReboot Click this button to have the device perform a software restart. The Power LED blinks as it restarts and the shines steadily if the restart is successful.Note: Wait one minute before logging back into the BM2022w after a restart.
Chapter 12 MaintenanceBM2022w User’s Guide202
BM2022w User’s Guide 203CHAPTER 13TroubleshootingThis chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories:•Power, Hardware Connections, and LEDs•BM2022w Access and Login•Internet Access•Reset the BM2022w to Its Factory Defaults13.1 Power, Hardware Connections, and LEDsThe BM2022w does not turn on. None of the LEDs turn on.1Make sure you are using the power adapter or cord included with the BM2022w.2Make sure the power adapter or cord is connected to the BM2022w and plugged in to an appropriate power source. Make sure the power source is turned on.3Disconnect and re-connect the power adapter or cord to the BM2022w.4If the problem continues, contact the vendor.One of the LEDs does not behave as expected.1Make sure you understand the normal behavior of the LED. See Section 1.2.1 on page 19 for more information.2Check the hardware connections. See the Quick Start Guide.3Inspect your cables for damage. Contact the vendor to replace any damaged cables.4Disconnect and re-connect the power adapter to the BM2022w.5If the problem continues, contact the vendor.
Chapter 13 TroubleshootingBM2022w User’s Guide20413.2 BM2022w Access and LoginI forgot the IP address for the BM2022w.1The default IP address is http://192.168.1.1192.168.1.1.2If you changed the IP address and have forgotten it, you might get the IP address of the BM2022w by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig. The IP address of the Default Gateway might be the IP address of the BM2022w (it depends on the network), so enter this IP address in your Internet browser.3If this does not work, you have to reset the BM2022w to its factory defaults. See Section 12.16 on page 197.I forgot the password.1The default password is 1234.2If this does not work, you have to reset the BM2022w to its factory defaults. See Section 12.16 on page 197.I cannot see or access the Login screen in the web configurator.1Make sure you are using the correct IP address.• The default IP address is 192.168.1.1http://192.168.1.1.• If you changed the IP address (Section 7.6 on page 102), use the new IP address.• If you changed the IP address and have forgotten it, see the troubleshooting suggestions for Iforgot the IP address for the BM2022w.2Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 19.3Make sure your Internet browser does not block pop-up windows and has JavaScript and Java enabled. See Appendix C on page 243.4If there is a DHCP server on your network, make sure your computer is using a dynamic IP address. Your BM2022w is a DHCP server by default.If there is no DHCP server on your network, make sure your computer’s IP address is in the same subnet as the BM2022w. See Appendix D on page 253.5Reset the BM2022w to its factory defaults, and try to access the BM2022w with the default IP address. See Chapter 2 on page 21.
Chapter 13 TroubleshootingBM2022w User’s Guide 2056If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.Advanced Suggestions• Try to access the BM2022w using another service, such as Telnet. If you can access the BM2022w, check the remote management settings and firewall rules to find out why the BM2022w does not respond to HTTP.• If your computer is connected wirelessly, use a computer that is connected to a LAN/ETHERNETport.I can see the Login screen, but I cannot log in to the BM2022w.1Make sure you have entered the user name and password correctly. The default user name is admin, and the default password is 1234. These fields are case-sensitive, so make sure [Caps Lock] is not on.2You cannot log in to the web configurator while someone is using Telnet to access the BM2022w. Log out of the BM2022w in the other session, or ask the person who is logged in to log out.3Disconnect and re-connect the power adapter or cord to the BM2022w.4If this does not work, you have to reset the BM2022w to its factory defaults. See Section 12.16 on page 197.I cannot Telnet to the BM2022w.See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser.13.3 Internet AccessI cannot access the Internet.1Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 19.2Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on.3Check your security settings. See Chapter 8 on page 129.
Chapter 13 TroubleshootingBM2022w User’s Guide2064Check your WiMAX settings. The BM2022w may have been set to search the wrong frequencies for a wireless connection. See Chapter 6 on page 69. If you are unsure of the correct values, contact your service provider.5If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP.6Disconnect all the cables from your BM2022w, and follow the directions in the Quick Start Guide again.7If the problem continues, contact your ISP.I cannot access the Internet any more. I had access to the Internet (with the BM2022w), but my Internet connection is not available any more.1Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 19.2Disconnect and re-connect the power adapter to the BM2022w. 3If the problem continues, contact your ISP.The Internet connection is slow or intermittent.1The quality of the BM2022w’s wireless connection to the base station may be poor. Poor signal reception may be improved by moving the BM2022w away from thick walls and other obstructions, or to a higher floor in your building. 2There may be radio interference caused by nearby electrical devices such as microwave ovens and radio transmitters. Move the BM2022w away or switch the other devices off. Weather conditions may also affect signal quality.3There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.2.1 on page 19. If the BM2022w is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications.4Disconnect and re-connect the power adapter to the BM2022w.5If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.The Internet connection disconnects.1Check your WiMAX link and signal strength using the Strength Indicator LEDs on the device.
Chapter 13 TroubleshootingBM2022w User’s Guide 2072Contact your ISP if the problem persists. 13.4 Reset the BM2022w to Its Factory DefaultsIf you reset the BM2022w, you lose all of the changes you have made. The BM2022w re-loads its default settings, and the password resets to 1234. You have to make all of your changes again.You will lose all of your changes when you push the Reset button.To reset the BM2022w,1Make sure the Power LED is on and not blinking.2Press and hold the Reset button for five to ten seconds. Release the Reset button when the Power LED begins to blink. The default settings have been restored.If the BM2022w restarts automatically, wait for the BM2022w to finish restarting, and log in to the web configurator. The password is “1234”.If the BM2022w does not restart automatically, disconnect and reconnect the BM2022w’s power. Then, follow the directions above again.13.4.1 Pop-up Windows, JavaScript and Java PermissionsPlease see Appendix C on page 243.
Chapter 13 TroubleshootingBM2022w User’s Guide208
BM2022w User’s Guide 209CHAPTER 14Product SpecificationsThis chapter gives details about your BM2022w’s hardware and firmware features. Table 104 Environmental and Hardware SpecificationsFEATURE DESCRIPTIONOperating Temperature 0°C to 45°CStorage Temperature -25°C to 55°COperating Humidity 10% ~ 95% (non-condensing)Storage Humidity 10% to 95% (non-condensing)Power Supply 12V DC, 2APower consumption Less than 20WEthernet Interface Two auto-negotiating, auto-MDI/MDI-X NWay 10/100 Mbps RJ-45 Ethernet portsTelephony Interface Two analog ATA interfaces for standard telephones through RJ-11 FXS (Foreign Exchange Subscriber) analog connectorAntennas Two 7 +/- 0.5dBi Omni directional antennasg 006thgieWDimensions 165 mm (W) x 25 mm (D) x 260 mm (H)Certification • FCC• Comply with WiMAX Forum Wave II standard.• WEEE Eco directive 2002/95/EC. Full RoHS (6/6)• 2002/96/EC (WEEE) (WEEE) Waste Electrical and Electronic Equipment Directive• EEE (Proposal for Directive on Environmental Impacts of Electrical and Electronic Equipment).• Reach Compliance•EMCoEN 301 489-1 and EN 301 489-17. Emission class B.•RF ETSIoEN 302 326•Safetyo IEC 60950-1 and EN 60950-1.Table 105 Radio SpecificationsFEATURE DESCRIPTIONMedia Access Protocol IEEE 802.16eWiMAX Bandwidth 2.5 GHzData Rate Aggregate throughput: up to 20 mbpsUpload: 7 mbpsModulation QPSK (uplink and downlink)16-QAM (uplink and downlink)64-QAM (downlink only)
Chapter 14 Product SpecificationsBM2022w User’s Guide210Output Power Typically 26.5 dBm with internal antennasDuplex mode Time Division Duplex (TDD)Security PKMv2EAP-TTLS/CHAP/PAP/MSCHAP/MSCHAPv2CMAC message authenticationCCM mode 128-bit AES data cipheringDevice authenticationWiMAX Forum X.509 certificatesTable 106 Firmware SpecificationsFEATURE DESCRIPTIONWeb-based Configuration and Management ToolAlso known as “the web configurator”, this is a firmware-based management solution for the BM2022w. You must connect using a compatible web browser in order to use it.High Speed Wireless Internet AccessThe BM2022w is ideal for high-speed wireless Internet browsing. WiMAX (Worldwide Interoperability for Microwave Access) is a wireless networking standard providing high-bandwidth, wide-range secured wireless service. The BM2022w is a WiMAX mobile station (MS) compatible with the IEEE 802.16e standard. Firewall The BM2022w is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The BM2022w’s firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.Content Filtering The BM2022w can block access to web sites containing specified keywords. You can define time periods and days during which content filtering is enabled and include or exclude a range of users on the LAN from content filtering.Network Address Translation (NAT)Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).Universal Plug and Play (UPnP)Your device and other UPnP enabled devices can use the standard TCP/IP protocol to dynamically join a network, obtain an IP address and convey their capabilities to each other.Dynamic DNS Support With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.DHCP DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. Your device has built-in DHCP server capability enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients. Your device can also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real DHCP server to the clients.IP Alias IP alias allows you to partition a physical network into logical networks over the same Ethernet interface. Your device supports three logical LAN interfaces via its single physical Ethernet interface with the your device itself as the gateway for each LAN network.Multiple SIP Accounts You can configure multiple voice (SIP) accounts.Table 105 Radio Specifications (continued)
Chapter 14 Product SpecificationsBM2022w User’s Guide 211SIP ALG Your device is a SIP Application Layer Gateway (ALG). It allows VoIP calls to pass through NAT for devices behind it (such as a SIP-based VoIP software application on a computer). Dynamic Jitter Buffer The built-in adaptive buffer helps to smooth out the variations in delay (jitter) for voice traffic (up to 60 ms). This helps ensure good voice quality for your conversations.Voice Activity Detection/Silence SuppressionVoice Activity Detection (VAD) reduces the bandwidth that a call uses by not transmitting when you are not speaking. Comfort Noise Generation Your device generates background noise to fill moments of silence when the other device in a call stops transmitting because the other party is not speaking (as total silence could easily be mistaken for a lost connection). Echo Cancellation You device supports G.168 of at least 24 ms.This an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk.Time and Date Get the current time and date from an external server when you turn on your BM2022w. You can also set the time manually.Logging Use the BM2022w’s logging feature to view connection history, surveillance logs, and error messages.Codecs G.711 (PCM ì-law and a-law), G729, G.729aFax Support T.38 FAX relay (FAX over UDP). G.711 fax relay for fax calls and be able to renegotiate codec to G.711 if a fax call is detected.Ring Tones Supports different distinctive ring tones on each line. Call Prioritization Prioritize VoIP traffic originating from the RJ-11 ports over any other traffic.Table 107 Standards Supported STANDARD DESCRIPTIONRFC 768 User Datagram ProtocolRFC 791 Internet Protocol v4RFC 792 Internet Control Message ProtocolRFC 792 Transmission Control ProtocolRFC 826 Address Resolution ProtocolRFC 854 Telnet ProtocolRFC 1112 IGMPv2RFC 1349 Type of Service ProtocolRFC 1706 DNS NSAP Resource RecordsRFC 1889 Real-time Transport Protocol (RTP)RFC 1890 Real-time Transport Control Protocol (RTCP)RFC 2030 Simple Network Time ProtocolRFC 2104 HMAC: Keyed-Hashing for Message AuthenticationRFC 2236 IGMPv2RFC 2131 Dynamic Host Configuration ProtocolRFC 2401 Security Architecture for the Internet ProtocolRFC 2409 Internet Key ExchangeRFC 2475 Architecture for Differentiated Services (Diffserv)Table 106 Firmware Specifications (continued)FEATURE DESCRIPTION
Chapter 14 Product SpecificationsBM2022w User’s Guide212RFC 2543 SIP ProtocolRFC 2617 Hypertext Transfer Protocol (HTTP) Authentication: Basic and Digest Access Authentication RFC 2782 A DNS RR for specifying the location of services (DNS SRV)RFC 2833 Real-time Transport Protocol Payload for DTMF Digits, Telephony Tones and Telephony SignalsRFC 2976 The SIP INFO MethodRFC 3261 Session Initiation Protocol (SIP version 2)RFC 3262 Reliability of Provisional Responses in the Session Initiation Protocol (SIP).RFC 3263 Session Initiation Protocol (SIP): Locating SIP ServersRFC 3264 An Offer/Answer Model with the Session Description Protocol (SDP)RFC 3265 Session Initiation Protocol (SIP)-Specific Event NotificationRFC 3323 A Privacy Mechanism for SIPRFC 3325 Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted NetworksRFC 3489 NAT Traversal - STUNRFC 3550 RTP - A Real Time Protocol for Real-Time Applications RFC 3581 An Extension to the Session Initiation Protocol (SIP) for Symmetric Response RoutingRFC 3611 RTP Control Protocol Extended Reports (RTCP XR)-XRRFC 3715 IP Sec/NAT CompatibilityRFC 3842 A Message Summary and Message Waiting Indication Event Package for the Session Initiation Protocol (SIP)IEEE 802.3 10BASE5 10 Mbit/s (1.25 MB/s)IEEE 802.3u 100BASE-TX, 100BASE-T4, 100BASE-FX Fast Ethernet at 100 Mbit/s (12.5 MB/s) with auto-negotiationTable 108 Voice FeaturesCall Park and Pickup Call park and pickup lets you put a call on hold (park) and then continue the call (pickup). The caller must still pay while the call is parked.When you park the call, you enter a number of your choice (up to eight digits), which you must enter again when you pick up the call. If you do not enter the correct number, you cannot pickup the call. This means that only someone who knows the number you have chosen can pick up the call. You can have more than one call on hold at the same time, but you must give each call a different number.Call Return With call return, you can place a call to the last number that called you (either answered or missed). The last incoming call can be through either SIP or PSTN.Country Code Phone standards and settings differ from one country to another, so the settings on your BM2022w must be configured to match those of the country you are in. The country code feature allows you to do this by selecting the country from a list rather than changing each setting manually. Configure the country code feature when you move the BM2022w from one country to another.Do not Disturb (DnD)This feature allows you to set your phone not to ring when someone calls you. You can set each phone independently using its keypad, or configure global settings for all phones using the command line interpreter.Auto Dial You can set the BM2022w to automatically dial a specified number immediately whenever you lift a phone off the hook. Use the Web Configurator to set the specified number. Use the command line interpreter to have the BM2022w wait a specified length of time before dialing the number. Table 107 Standards Supported (continued)STANDARD DESCRIPTION
Chapter 14 Product SpecificationsBM2022w User’s Guide 213Phone config The phone configuration table allows you to customize the phone keypad combinations you use to access certain features on the BM2022w, such as call waiting, call return, call forward, etc. The phone configuration table is configurable in command interpreter mode.Firmware update enable / disableIf your service provider uses this feature, you hear a recorded message when you pick up the phone when new firmware is available for your BM2022w. Enter *99# in your phone’s keypad to have the BM2022w upgrade the firmware, or enter #99# to not upgrade. If your service provider gave you different numbers to use, enter them instead. If you enter the code to not upgrade, you can make a call as normal. You will hear the recording again each time you pick up the phone, until you upgrade. Call waiting This feature allows you to hear an alert when you are already using the phone and another person calls you. You can then either reject the new incoming call, put your current call on hold and receive the new incoming call, or end the current call and receive the new incoming call.Call forwarding With this feature, you can set the BM2022w to forward calls to a specified number, either unconditionally (always), when your number is busy, or when you do not answer. You can also forward incoming calls from one specified number to another.Caller ID The BM2022w supports caller ID, which allows you to see the originating number of an incoming call (on a phone with a suitable display).REN A Ringer Equivalence Number (REN) is used to determine the number of devices (like telephones or fax machines) that may be connected to the telephone line. Your device has a REN of three, so it can support three devices per telephone port.QoS (Quality of Service) Quality of Service (QoS) mechanisms help to provide better service on a per-flow basis. Your device supports Type of Service (ToS) tagging and Differentiated Services (DiffServ) tagging. This allows the device to tag voice frames so they can be prioritized over the network.SIP ALG Your device is a SIP Application Layer Gateway (ALG). It allows VoIP calls to pass through NAT for devices behind it (such as a SIP-based VoIP software application on a computer). Other Voice FeaturesSIP version 2 (Session Initiating Protocol RFC 3261)SDP (Session Description Protocol RFC 2327)RTP (RFC 1889)RTCP (RFC 1890)Voice codecs (coder/decoders) G.711, G.726, G.729Fax and data modem discriminationDTMF Detection and GenerationDTMF: In-band and Out-band traffic (RFC 2833),(PCM), (SIP INFO) Point-to-point call establishment between two IADs Quick dialing through predefined phone book, which maps the phone dialing number and destination URL.Flexible Dial Plan (RFC3525 section 7.1.14)Table 109 Star (*) and Pound (#) Code Support*0 Wireless Operator Services*2 Customer Care Access*66 Repeat Dialing*67 Plus the 10 digit phone number to block Caller ID on a single call basis*69 Return last call received*70 Followed by the 10 digit phone number to cancel Call Waiting on a single call basis Table 108 Voice Features
Chapter 14 Product SpecificationsBM2022w User’s Guide214Note: To take full advantage of the supplementary phone services available through the BM2022w's phone port, you may need to subscribe to the services from your voice account service provider. Not all features are supported by all service providers. Consult your service provider for more information.*72 Activate Call Forwarding (*72 followed by the 10 digit phone number that is requesting call forwarding service)*720 Activate Call Forwarding (*720 followed by the 10 digit phone number that is requesting deactivation of call forwarding service)*73 Plus the forward to phone number to activate Call Forwarding No Answer (no VM service plan)*730 Deactivate Call Forwarding No Answer *740 Plus the forward to phone number to activate Call Forwarding Busy (no VM service plan)*911/911 Emergency phone number (same as dialing 911)*411/411 Wireless Information ServicesTable 109 Star (*) and Pound (#) Code Support
BM2022w User’s Guide 215APPENDIX AWiMAX SecurityWireless security is vital to protect your wireless communications. Without it, information transmitted over the wireless network would be accessible to any networking device within range.User Authentication and Data EncryptionThe WiMAX (IEEE 802.16) standard employs user authentication and encryption to ensure secured communication at all times.User authentication is the process of confirming a user’s identity and level of authorization. Data encryption is the process of encoding information so that it cannot be read by anyone who does not know the code. WiMAX uses PKMv2 (Privacy Key Management version 2) for authentication, and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol) for data encryption. WiMAX supports EAP (Extensible Authentication Protocol, RFC 2486) which allows additional authentication methods to be deployed with no changes to the base station or the mobile or subscriber stations.PKMv2PKMv2 is a procedure that allows authentication of a mobile or subscriber station and negotiation of a public key to encrypt traffic between the MS/SS and the base station. PKMv2 uses standard EAP methods such as Transport Layer Security (EAP-TLS) or Tunneled TLS (EAP-TTLS) for secure communication.In cryptography, a ‘key’ is a piece of information, typically a string of random numbers and letters, that can be used to ‘lock’ (encrypt) or ‘unlock’ (decrypt) a message. Public key encryption uses key pairs, which consist of a public (freely available) key and a private (secret) key. The public key is used for encryption and the private key is used for decryption. You can decrypt a message only if you have the private key. Public key certificates (or ‘digital IDs’) allow users to verify each other’s identity. RADIUSRADIUS is based on a client-server model that supports authentication, authorization and accounting. The base station is the client and the server is the RADIUS server. The RADIUS server handles the following tasks:• Authentication Determines the identity of the users.
Appendix A WiMAX SecurityBM2022w User’s Guide216•AuthorizationDetermines the network services available to authenticated users once they are connected to the network.• AccountingKeeps track of the client’s network activity. RADIUS is a simple package exchange in which your base station acts as a message relay between the MS/SS and the network RADIUS server. Types of RADIUS MessagesThe following types of RADIUS messages are exchanged between the base station and the RADIUS server for user authentication:• Access-RequestSent by an base station requesting authentication.• Access-RejectSent by a RADIUS server rejecting access.• Access-AcceptSent by a RADIUS server allowing access. • Access-ChallengeSent by a RADIUS server requesting more information in order to allow access. The base station sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the base station and the RADIUS server for user accounting:• Accounting-RequestSent by the base station requesting accounting.• Accounting-ResponseSent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. DiameterDiameter (RFC 3588) is a type of AAA server that provides several improvements over RADIUS in efficiency, security, and support for roaming. Security AssociationThe set of information about user authentication and data encryption between two computers is known as a security association (SA). In a WiMAX network, the process of security association has three stages.
Appendix A WiMAX SecurityBM2022w User’s Guide 217• Authorization request and replyThe MS/SS presents its public certificate to the base station. The base station verifies the certificate and sends an authentication key (AK) to the MS/SS.• Key request and replyThe MS/SS requests a transport encryption key (TEK) which the base station generates and encrypts using the authentication key. •Encrypted trafficThe MS/SS decrypts the TEK (using the authentication key). Both stations can now securely encrypt and decrypt the data flow.CCMPAll traffic in a WiMAX network is encrypted using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol). CCMP is based on the 128-bit Advanced Encryption Standard (AES) algorithm. ‘Counter mode’ refers to the encryption of each block of plain text with an arbitrary number, known as the counter. This number changes each time a block of plain text is encrypted. Counter mode avoids the security weakness of repeated identical blocks of encrypted text that makes encrypted data vulnerable to pattern-spotting.‘Cipher Block Chaining Message Authentication’ (also known as CBC-MAC) ensures message integrity by encrypting each block of plain text in such a way that its encryption is dependent on the block before it. This series of ‘chained’ blocks creates a message authentication code (MAC or CMAC) that ensures the encrypted data has not been tampered with.AuthenticationThe BM2022w supports EAP-TTLS authentication.EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection (with EAP-TLS digital certifications are needed by both the server and the wireless clients for mutual authentication). Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
Appendix A WiMAX SecurityBM2022w User’s Guide218
BM2022w User’s Guide 219APPENDIX BSetting Up Your Computer’s IP AddressNote: Your specific Huawei device may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported.This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network. Windows Vista/XP/2000, Mac OS 9/OS X, and all versions of UNIX/LINUX include the software components you need to use TCP/IP on your computer. If you manually assign IP information instead of using a dynamic IP, make sure that your network’s computers have IP addresses that place them in the same subnet.In this appendix, you can set up an IP address for:•Windows XP/NT/2000 on page 220•Windows Vista on page 223•Mac OS X: 10.3 and 10.4 on page 227•Mac OS X: 10.5 on page 230•Linux: Ubuntu 8 (GNOME) on page 233•Linux: openSUSE 10.3 (KDE) on page 238
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide220Windows XP/NT/2000The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT.1Click Start >Control Panel.Figure 128 Windows XP: Start Menu2In the Control Panel, click the Network Connections icon.Figure 129 Windows XP: Control Panel
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide 2213Right-click Local Area Connection and then select Properties.Figure 130 Windows XP: Control Panel > Network Connections > Properties4On the General tab, select Internet Protocol (TCP/IP) and then click Properties.Figure 131 Windows XP: Local Area Connection Properties
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide2225The Internet Protocol TCP/IP Properties window opens.Figure 132 Windows XP: Internet Protocol (TCP/IP) Properties6Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically.Select Use the following IP Address and fill in the IP address,Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNSserver, if that information was provided.7Click OK to close the Internet Protocol (TCP/IP) Properties window.Click OK to close the Local Area Connection Properties window.Verifying Settings1Click Start > All Programs > Accessories > Command Prompt.2In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information.
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide 223Windows VistaThis section shows screens from Windows Vista Professional.1Click Start > Control Panel.Figure 133 Windows Vista: Start Menu2In the Control Panel, click the Network and Internet icon.Figure 134 Windows Vista: Control Panel3Click the Network and Sharing Center icon.Figure 135 Windows Vista: Network And Internet
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide2244Click Manage network connections.Figure 136 Windows Vista: Network and Sharing Center5Right-click Local Area Connection and then select Properties.Figure 137 Windows Vista: Network and Sharing CenterNote: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide 2256Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.Figure 138 Windows Vista: Local Area Connection Properties
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide2267The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.Figure 139 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties8Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically.Select Use the following IP Address and fill in the IP address,Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNSserver, if that information was provided.Click Advanced.9Click OK to close the Internet Protocol (TCP/IP) Properties window.Click OK to close the Local Area Connection Properties window.Verifying Settings1Click Start > All Programs > Accessories > Command Prompt.2In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information.
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide 227Mac OS X: 10.3 and 10.4The screens in this section are from Mac OS X 10.4 but can also apply to 10.3.1Click Apple > System Preferences.Figure 140 Mac OS X 10.4: Apple Menu2In the System Preferences window, click the Network icon.Figure 141 Mac OS X 10.4: System Preferences
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide2283When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure.Figure 142 Mac OS X 10.4: Network Preferences4For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IPtab.Figure 143 Mac OS X 10.4: Network Preferences > TCP/IP Tab.5For statically assigned settings, do the following:
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide 229•From the Configure IPv4 list, select Manually.•In the IP Address field, type your IP address.•In the Subnet Mask field, type your subnet mask.•In the Router field, type the IP address of your device.Figure 144 Mac OS X 10.4: Network Preferences > EthernetClick Apply Now and close the window.Verifying SettingsCheck your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab.Figure 145 Mac OS X 10.4: Network Utility
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide230Mac OS X: 10.5The screens in this section are from Mac OS X 10.5.1Click Apple > System Preferences.Figure 146 Mac OS X 10.5: Apple Menu2In System Preferences, click the Network icon.Figure 147 Mac OS X 10.5: Systems Preferences
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide 2313When the Network preferences pane opens, select Ethernet from the list of available connection types.Figure 148 Mac OS X 10.5: Network Preferences > Ethernet4From the Configure list, select Using DHCP for dynamically assigned settings.5For statically assigned settings, do the following:•From the Configure list, select Manually.•In the IP Address field, enter your IP address.•In the Subnet Mask field, enter your subnet mask.
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide232•In the Router field, enter the IP address of your BM2022w.Figure 149 Mac OS X 10.5: Network Preferences > Ethernet6Click Apply and close the window.
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide 233Verifying SettingsCheck your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab.Figure 150 Mac OS X 10.5: Network UtilityLinux: Ubuntu 8 (GNOME)This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default Ubuntu 8 installation.Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in GNOME: 1Click System > Administration > Network.Figure 151 Ubuntu 8: System > Administration Menu
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide2342When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password.Figure 152 Ubuntu 8: Network Settings > Connections3In the Authenticate window, enter your admin account name and password then click the Authenticate button.Figure 153 Ubuntu 8: Administrator Account Authentication
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide 2354In the Network Settings window, select the connection that you want to configure, then click Properties.Figure 154 Ubuntu 8: Network Settings > Connections5The Properties dialog box opens.Figure 155 Ubuntu 8: Network Settings > Properties•In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address.•In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address,Subnet mask, and Gateway address fields. 6Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen.
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide2367If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided. Figure 156 Ubuntu 8: Network Settings > DNS 8Click the Close button to apply the changes.
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide 237Verifying SettingsCheck your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices tab. The Interface Statistics column shows data if your connection is working properly.Figure 157 Ubuntu 8: Network Tools
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide238Linux: openSUSE 10.3 (KDE)This section shows you how to configure your computer’s TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default openSUSE 10.3 installation.Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in the KDE:1Click K Menu > Computer > Administrator Settings (YaST).Figure 158 openSUSE 10.3: K Menu > Computer Menu2When the Run as Root - KDE su dialog opens, enter the admin password and click OK.Figure 159 openSUSE 10.3: K Menu > Computer Menu
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide 2393When the YaST Control Center window opens, select Network Devices and then click the Network Card icon.Figure 160 openSUSE 10.3: YaST Control Center4When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 161 openSUSE 10.3: Network Settings
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide2405When the Network Card Setup window opens, click the Address tabFigure 162 openSUSE 10.3: Network Card Setup6Select Dynamic Address (DHCP) if you have a dynamic IP address.Select Statically assigned IP Address if you have a static IP address. Fill in the IP address,Subnet mask, and Hostname fields.7Click Next to save the changes and close the Network Card Setup window.
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide 2418If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settingsand then enter the DNS server information in the fields provided.Figure 163 openSUSE 10.3: Network Settings9Click Finish to save your settings and close the window.
Appendix B Setting Up Your Computer’s IP AddressBM2022w User’s Guide242Verifying SettingsClick the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information.Figure 164 openSUSE 10.3: KNetwork ManagerWhen the Connection Status - KNetwork Manager window opens, click the Statistics tab tosee if your connection is working properly.Figure 165 openSUSE: Connection Status - KNetwork Manager
BM2022w User’s Guide 243APPENDIX CPop-up Windows, JavaScript and JavaPermissionsIn order to use the web configurator you need to allow:• Web browser pop-up windows from your device.• JavaScript (enabled by default).• Java permissions (enabled by default).Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary.Internet Explorer Pop-up BlockersYou may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address.Disable Pop-up Blockers1In Internet Explorer, select Tools,Pop-up Blocker and then select Turn Off Pop-up Blocker.Figure 166 Pop-up BlockerYou can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1In Internet Explorer, select Tools,Internet Options,Privacy.
Appendix C Pop-up Windows, JavaScript and Java PermissionsBM2022w User’s Guide2442Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 167 Internet Options: Privacy3Click Apply to save this setting.Enable Pop-up Blockers with ExceptionsAlternatively, if you only want to allow pop-up windows from your device, see the following steps.1In Internet Explorer, select Tools,Internet Options and then the Privacy tab.
Appendix C Pop-up Windows, JavaScript and Java PermissionsBM2022w User’s Guide 2452Select Settings…to open the Pop-up Blocker Settings screen.Figure 168 Internet Options: Privacy3Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix C Pop-up Windows, JavaScript and Java PermissionsBM2022w User’s Guide2464Click Add to move the IP address to the list of Allowed sites.Figure 169 Pop-up Blocker Settings5Click Close to return to the Privacy screen. 6Click Apply to save this setting. JavaScriptIf pages of the web configurator do not display properly in Internet Explorer, check that JavaScript is allowed.
Appendix C Pop-up Windows, JavaScript and Java PermissionsBM2022w User’s Guide 2471In Internet Explorer, click Tools,Internet Options and then the Security tab. Figure 170 Internet Options: Security 2Click the Custom Level... button. 3Scroll down to Scripting.4Under Active scripting make sure that Enable is selected (the default).5Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix C Pop-up Windows, JavaScript and Java PermissionsBM2022w User’s Guide2486Click OK to close the window.Figure 171 Security Settings - Java ScriptingJava Permissions1From Internet Explorer, click Tools,Internet Options and then the Security tab. 2Click the Custom Level... button. 3Scroll down to Microsoft VM.4Under Java permissions make sure that a safety level is selected.
Appendix C Pop-up Windows, JavaScript and Java PermissionsBM2022w User’s Guide 2495Click OK to close the window.Figure 172 Security Settings - Java JAVA (Sun)1From Internet Explorer, click Tools,Internet Options and then the Advanced tab. 2Make sure that Use Java 2 for <applet> under Java (Sun) is selected.
Appendix C Pop-up Windows, JavaScript and Java PermissionsBM2022w User’s Guide2503Click OK to close the window.Figure 173 Java (Sun)Mozilla FirefoxMozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears.Figure 174 Mozilla Firefox: TOOLS > Options
Appendix C Pop-up Windows, JavaScript and Java PermissionsBM2022w User’s Guide 251Click Content.to show the screen below. Select the check boxes as shown in the following screen.Figure 175 Mozilla Firefox Content Security
Appendix C Pop-up Windows, JavaScript and Java PermissionsBM2022w User’s Guide252
BM2022w User’s Guide 253APPENDIX DIP Addresses and SubnettingThis appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.Introduction to IP AddressesOne part of the IP address is the network number, and the other part is the host ID. In the same way that houses on a street share a common street name, the hosts on a network share a common network number. Similarly, as each house has its own house number, each host on the network has its own unique identifying number - the host ID. Routers use the network number to send packets to the correct network, while the host ID determines to which host on the network the packets are delivered.StructureAn IP address is made up of four parts, written in dotted decimal notation. Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal.
Appendix D IP Addresses and SubnettingBM2022w User’s Guide254The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID.Figure 176 Network Number and Host IDHow much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet MasksA subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “sub-network”.A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID. The following example shows a subnet mask identifying the network number (in bold text) and host ID of an IP address (192.168.1.2 in decimal).By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.Table 110 IP Address Network Number and Host ID Example1ST OCTET:(192)2ND OCTET:(168)3RD OCTET:(1)4TH OCTET(2)IP Address (Binary) 11000000 10101000 00000001 00000010Subnet Mask (Binary) 11111111 11111111 11111111 00000000Network Number 11000000 10101000 00000001Host ID 00000010
Appendix D IP Addresses and SubnettingBM2022w User’s Guide 255Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes.Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Network SizeThe size of the network number determines the maximum number of possible hosts you can have on your network. The larger the number of network number bits, the smaller the number of remaining host ID bits. An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network (192.168.1.255 with a 24-bit subnet mask, for example).As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows:NotationSince the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. Table 111 Subnet MasksBINARYDECIMAL1ST OCTET2ND OCTET3RD OCTET 4TH OCTET8-bit mask 11111111 00000000 00000000 00000000 255.0.0.016-bit mask 11111111 11111111 00000000 00000000 255.255.0.024-bit mask 11111111 11111111 11111111 00000000 255.255.255.029-bit mask 11111111 11111111 11111111 11111000 255.255.255.248Table 112 Maximum Host NumbersSUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS8 bits 255.0.0.0 24 bits 224 – 2 1677721416 bits 255.255.0.0 16 bits 216 – 2 6553424 bits 255.255.255.0 8 bits 28 – 2 25429 bits 255.255.255.2483 bits 23 – 2 6
Appendix D IP Addresses and SubnettingBM2022w User’s Guide256The following table shows some possible subnet masks using both notations. SubnettingYou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 – 2 or 254 possible hosts.The following figure shows the company network before subnetting. Figure 177 Subnetting Example: Before SubnettingYou can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. Table 113 Alternative Subnet Mask NotationSUBNET MASK ALTERNATIVE NOTATIONLAST OCTET (BINARY)LAST OCTET (DECIMAL)255.255.255.0 /24 0000 0000 0255.255.255.128 /25 1000 0000 128255.255.255.192 /26 1100 0000 192255.255.255.224 /27 1110 0000 224255.255.255.240 /28 1111 0000 240255.255.255.248 /29 1111 1000 248255.255.255.252 /30 1111 1100 252
Appendix D IP Addresses and SubnettingBM2022w User’s Guide 257The following figure shows the company network after subnetting. There are now two sub-networks, A and B.Figure 178 Subnetting Example: After SubnettingIn a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126. Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.Example: Four Subnets The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 114 Subnet 1IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address (Decimal) 192.168.1. 0IP Address (Binary) 11000000.10101000.00000001. 00000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Appendix D IP Addresses and SubnettingBM2022w User’s Guide258Example: Eight SubnetsSimilarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). Subnet Address: 192.168.1.0Lowest Host ID: 192.168.1.1Broadcast Address: 192.168.1.63Highest Host ID: 192.168.1.62Table 115 Subnet 2IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 64IP Address (Binary) 11000000.10101000.00000001. 01000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.64Lowest Host ID: 192.168.1.65Broadcast Address: 192.168.1.127Highest Host ID: 192.168.1.126Table 116 Subnet 3IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 128IP Address (Binary) 11000000.10101000.00000001. 10000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.128Lowest Host ID: 192.168.1.129Broadcast Address: 192.168.1.191Highest Host ID: 192.168.1.190Table 117 Subnet 4IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 192IP Address (Binary) 11000000.10101000.00000001. 11000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.192Lowest Host ID: 192.168.1.193Broadcast Address: 192.168.1.255Highest Host ID: 192.168.1.254Table 114 Subnet 1 (continued)IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE
Appendix D IP Addresses and SubnettingBM2022w User’s Guide 259The following table shows IP address last octet values for each subnet.Subnet PlanningThe following table is a summary for subnet planning on a network with a 24-bit network number.The following table is a summary for subnet planning on a network with a 16-bit network number. Table 118 Eight SubnetsSUBNET SUBNETADDRESS FIRST ADDRESS LAST ADDRESSBROADCAST ADDRESS1 0 1 30 31232 33 62 63364 65 94 95496 97 126 1275128 129 158 1596160 161 190 1917192 193 222 2238224 225 254 255Table 119 24-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.255.128 (/25) 21262255.255.255.192 (/26) 4623255.255.255.224 (/27) 8304255.255.255.240 (/28) 16 145255.255.255.248 (/29) 32 66255.255.255.252 (/30) 64 27255.255.255.254 (/31) 128 1Table 120 16-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.128.0 (/17) 2327662255.255.192.0 (/18) 4163823255.255.224.0 (/19) 881904255.255.240.0 (/20) 16 40945255.255.248.0 (/21) 32 20466255.255.252.0 (/22) 64 10227255.255.254.0 (/23) 128 5108255.255.255.0 (/24) 256 2549255.255.255.128 (/25) 512 12610 255.255.255.192 (/26) 1024 6211 255.255.255.224 (/27) 2048 3012 255.255.255.240 (/28) 4096 14
Appendix D IP Addresses and SubnettingBM2022w User’s Guide260Configuring IP AddressesWhere you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the BM2022w. Once you have decided on the network number, pick an IP address for your BM2022w that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.The subnet mask specifies the network number portion of an IP address. Your BM2022w will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the BM2022w unless you are instructed to do otherwise.Private IP AddressesEvery machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:• 10.0.0.0 — 10.255.255.255• 172.16.0.0 — 172.31.255.255• 192.168.0.0 — 192.168.255.255You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.13 255.255.255.248 (/29) 8192 614 255.255.255.252 (/30) 16384 215 255.255.255.254 (/31) 32768 1Table 120 16-bit Network Number Subnet Planning (continued)NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET
Appendix D IP Addresses and SubnettingBM2022w User’s Guide 261IP Address ConflictsEach device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources. The devices may also be unreachable through the network. Conflicting Computer IP Addresses ExampleMore than one device can not use the same IP address. In the following example computer Ahas a static (or fixed) IP address that is the same as the IP address that a DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address automatically. Figure 179 Conflicting Computer IP Addresses ExampleConflicting Router IP Addresses ExampleSince a router connects different networks, it must have interfaces using different network numbers. For example, if a router is set between a LAN and the Internet (WAN), the router’s LAN and WAN addresses must be on different subnets. In the following example, the LAN and WAN are on the same subnet. The LAN computers cannot access the Internet because the router cannot route between networks.Figure 180 Conflicting Computer IP Addresses Example
Appendix D IP Addresses and SubnettingBM2022w User’s Guide262Conflicting Computer and Router IP Addresses ExampleMore than one device can not use the same IP address. In the following example, the computer and the router’s LAN port both use 192.168.1.1 as the IP address. The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router’s LAN port. Figure 181 Conflicting Computer and Router IP Addresses Example
BM2022w User’s Guide 263APPENDIX EImporting CertificatesThis appendix shows you how to import public key certificates into your web browser. Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as VeriSign, Comodo, or Network Solutions, to name a few, receives a certificate request from a website operator, they confirm that the web domain and contact information in the request match those on public record with a domain name registrar. If they match, then the certificate is issued to the website operator, who then places it on the site to be issued to all visiting web browsers to let them know that the site is legitimate.Many Huawei products issue their own public key certificates. These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it. However, because the certificates were not issued by one of the several organizations officially recognized by the most common web browsers, you will need to import the Huawei-created certificate into your web browser and flag that certificate as a trusted authority.Note: You can see if you are browsing on a secure website if the URL in your web browser’s address bar begins with https:// or there is a sealed padlock icon ( ) somewhere in the main browser window (not all browsers show the padlock in the same location.)In this appendix, you can import a public key certificate for:• Internet Explorer on page 264•Firefox on page 272•Opera on page 277• Konqueror on page 284
Appendix E Importing CertificatesBM2022w User’s Guide264Internet ExplorerThe following example uses Microsoft Internet Explorer 7 on Windows XP Professional; however, they can also apply to Internet Explorer on Windows Vista.1If your device’s web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error.Figure 182 Internet Explorer 7: Certification Error2Click Continue to this website (not recommended).Figure 183 Internet Explorer 7: Certification Error3In the Address Bar, click Certificate Error > View certificates.Figure 184 Internet Explorer 7: Certificate Error
Appendix E Importing CertificatesBM2022w User’s Guide 2654In the Certificate dialog box, click Install Certificate.Figure 185 Internet Explorer 7: Certificate5In the Certificate Import Wizard, click Next.Figure 186 Internet Explorer 7: Certificate Import Wizard
Appendix E Importing CertificatesBM2022w User’s Guide2666If you want Internet Explorer to Automatically select certificate store based on the type of certificate, click Next again and then go to step 9.Figure 187 Internet Explorer 7: Certificate Import Wizard7Otherwise, select Place all certificates in the following store and then click Browse.Figure 188 Internet Explorer 7: Certificate Import Wizard8In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK.Figure 189 Internet Explorer 7: Select Certificate Store
Appendix E Importing CertificatesBM2022w User’s Guide 2679In the Completing the Certificate Import Wizard screen, click Finish.Figure 190 Internet Explorer 7: Certificate Import Wizard10 If you are presented with another Security Warning, click Yes.Figure 191 Internet Explorer 7: Security Warning11 Finally, click OK when presented with the successful certificate installation message.Figure 192 Internet Explorer 7: Certificate Import Wizard
Appendix E Importing CertificatesBM2022w User’s Guide26812 The next time you start Internet Explorer and go to a Huawei web configurator page, a sealed padlock icon appears in the address bar. Click it to view the page’s Website Identificationinformation.Figure 193 Internet Explorer 7: Website Identification
Appendix E Importing CertificatesBM2022w User’s Guide 269Installing a Stand-Alone Certificate File in Internet ExplorerRather than browsing to a Huawei web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.1Double-click the public key certificate file.Figure 194 Internet Explorer 7: Public Key Certificate File2In the security warning dialog box, click Open.Figure 195 Internet Explorer 7: Open File - Security Warning3Refer to steps 4-12 in the Internet Explorer procedure beginning on page 264 to complete the installation process.
Appendix E Importing CertificatesBM2022w User’s Guide270Removing a Certificate in Internet ExplorerThis section shows you how to remove a public key certificate in Internet Explorer 7.1Open Internet Explorer and click TOOLS > Internet Options.Figure 196 Internet Explorer 7: Tools Menu2In the Internet Options dialog box, click Content >Certificates.Figure 197 Internet Explorer 7: Internet Options
Appendix E Importing CertificatesBM2022w User’s Guide 2713In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, select the certificate that you want to delete, and then click Remove.Figure 198 Internet Explorer 7: Certificates4In the Certificates confirmation, click Yes.Figure 199 Internet Explorer 7: Certificates5In the Root Certificate Store dialog box, click Yes.Figure 200 Internet Explorer 7: Root Certificate Store6The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
Appendix E Importing CertificatesBM2022w User’s Guide272FirefoxThe following example uses Mozilla Firefox 2 on Windows XP Professional; however, the screens can also apply to Firefox 2 on all platforms.1If your device’s web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error.2Select Accept this certificate permanently and click OK.Figure 201 Firefox 2: Website Certified by an Unknown Authority3The certificate is stored and you can now connect securely to the web configurator. A sealed padlock appears in the address bar, which you can click to open the Page Info > Security window to view the web page’s security information.Figure 202 Firefox 2: Page Info
Appendix E Importing CertificatesBM2022w User’s Guide 273Installing a Stand-Alone Certificate File in FirefoxRather than browsing to a Huawei web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.1Open Firefox and click TOOLS > Options.Figure 203 Firefox 2: Tools Menu2In the Options dialog box, click ADVANCED > Encryption > View Certificates.Figure 204 Firefox 2: Options
Appendix E Importing CertificatesBM2022w User’s Guide2743In the Certificate Manager dialog box, click Web Sites > Import.Figure 205 Firefox 2: Certificate Manager4Use the Select File dialog box to locate the certificate and then click Open.Figure 206 Firefox 2: Select File5The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web page’s security information.
Appendix E Importing CertificatesBM2022w User’s Guide 275Removing a Certificate in FirefoxThis section shows you how to remove a public key certificate in Firefox 2.1Open Firefox and click TOOLS > Options.Figure 207 Firefox 2: Tools Menu2In the Options dialog box, click ADVANCED > Encryption > View Certificates.Figure 208 Firefox 2: Options
Appendix E Importing CertificatesBM2022w User’s Guide2763In the Certificate Manager dialog box, select the Web Sites tab, select the certificate that you want to remove, and then click Delete.Figure 209 Firefox 2: Certificate Manager4In the Delete Web Site Certificates dialog box, click OK.Figure 210 Firefox 2: Delete Web Site Certificates5The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.
Appendix E Importing CertificatesBM2022w User’s Guide 277OperaThe following example uses Opera 9 on Windows XP Professional; however, the screens can apply to Opera 9 on all platforms.1If your device’s web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error.2Click Install to accept the certificate.Figure 211 Opera 9: Certificate signer not found
Appendix E Importing CertificatesBM2022w User’s Guide2783The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web page’s security details.Figure 212 Opera 9: Security information
Appendix E Importing CertificatesBM2022w User’s Guide 279Installing a Stand-Alone Certificate File in OperaRather than browsing to a Huawei web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.1Open Opera and click TOOLS > Preferences.Figure 213 Opera 9: Tools Menu2In Preferences, click ADVANCED > Security > Manage certificates.Figure 214 Opera 9: Preferences
Appendix E Importing CertificatesBM2022w User’s Guide2803In the Certificates Manager, click Authorities > Import.Figure 215 Opera 9: Certificate manager4Use the Import certificate dialog box to locate the certificate and then click Open.Figure 216 Opera 9: Import certificate
Appendix E Importing CertificatesBM2022w User’s Guide 2815In the Install authority certificate dialog box, click Install.Figure 217 Opera 9: Install authority certificate6Next, click OK.Figure 218 Opera 9: Install authority certificate7The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web page’s security details.
Appendix E Importing CertificatesBM2022w User’s Guide282Removing a Certificate in OperaThis section shows you how to remove a public key certificate in Opera 9.1Open Opera and click TOOLS > Preferences.Figure 219 Opera 9: Tools Menu2In Preferences,ADVANCED > Security > Manage certificates.Figure 220 Opera 9: Preferences
Appendix E Importing CertificatesBM2022w User’s Guide 2833In the Certificates manager, select the Authorities tab, select the certificate that you want to remove, and then click Delete.Figure 221 Opera 9: Certificate manager4The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.Note: There is no confirmation when you delete a certificate authority, so be absolutely certain that you want to go through with it before clicking the button.
Appendix E Importing CertificatesBM2022w User’s Guide284KonquerorThe following example uses Konqueror 3.5 on openSUSE 10.3, however the screens apply to Konqueror 3.5 on all Linux KDE distributions.1If your device’s web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error.2Click Continue.Figure 222 Konqueror 3.5: Server Authentication3Click Forever when prompted to accept the certificate.Figure 223 Konqueror 3.5: Server Authentication
Appendix E Importing CertificatesBM2022w User’s Guide 2854Click the padlock in the address bar to open the KDE SSL Information window and view the web page’s security details.Figure 224 Konqueror 3.5: KDE SSL Information
Appendix E Importing CertificatesBM2022w User’s Guide286Installing a Stand-Alone Certificate File in KonquerorRather than browsing to a Huawei web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.1Double-click the public key certificate file.Figure 225 Konqueror 3.5: Public Key Certificate File2In the Certificate Import Result - Kleopatra dialog box, click OK.Figure 226 Konqueror 3.5: Certificate Import ResultThe public key certificate appears in the KDE certificate manager, Kleopatra.Figure 227 Konqueror 3.5: Kleopatra3The next time you visit the web site, click the padlock in the address bar to open the KDE SSL Information window to view the web page’s security details.
Appendix E Importing CertificatesBM2022w User’s Guide 287Removing a Certificate in KonquerorThis section shows you how to remove a public key certificate in Konqueror 3.5.1Open Konqueror and click Settings > Configure Konqueror.Figure 228 Konqueror 3.5: Settings Menu2In the Configure dialog box, select Crypto.3On the Peer SSL Certificates tab, select the certificate you want to delete and then click Remove.Figure 229 Konqueror 3.5: Configure4The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.Note: There is no confirmation when you remove a certificate authority, so be absolutely certain you want to go through with it before clicking the button.
Appendix E Importing CertificatesBM2022w User’s Guide288
BM2022w User’s Guide 289APPENDIX FCommon ServicesThe following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.•Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.•Port(s): This value depends on the Protocol. Please refer to RFC 1700 for further information about port numbers.•If the Protocol is TCP,UDP, or TCP/UDP, this is the IP port number.•If the Protocol is USER, this is the IP protocol number.•Description: This is a brief explanation of the applications that use this service or the situations in which this service is used.Table 121 Commonly Used ServicesNAME PROTOCOL PORT(S) DESCRIPTIONAH (IPSEC_TUNNEL)User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service.AIM/New-ICQ TCP 5190 AOL’s Internet Messenger service. It is also used as a listening port by ICQ.AUTH TCP 113 Authentication protocol used by some servers.BGP TCP 179 Border Gateway Protocol.BOOTP_CLIENT UDP 68 DHCP Client.BOOTP_SERVER UDP 67 DHCP Server.CU-SEEME TCPUDP764824032A popular videoconferencing solution from White Pines Software.DNS TCP/UDP 53 Domain Name Server, a service that matches web names (for example www.Huawei.com) to IP numbers.ESP (IPSEC_TUNNEL)User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service.FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.FTP TCPTCP2021File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail.H.323 TCP 1720 NetMeeting uses this protocol.
Appendix F Common ServicesBM2022w User’s Guide290HTTP TCP 80 Hyper Text Transfer Protocol - a client/server protocol for the world wide web.HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce.ICMP User-Defined 1Internet Control Message Protocol is often used for diagnostic or routing purposes.ICQ UDP 4000 This is a popular Internet chat program.IGMP (MULTICAST) User-Defined 2Internet Group Management Protocol is used when sending packets to a specific group of hosts.IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management.IRC TCP/UDP 6667 This is another popular Internet chat program.MSN Messenger TCP 1863 Microsoft Networks’ messenger service uses this protocol. NEW-ICQ TCP 5190 An Internet chat program.NEWS TCP 144 A protocol for news groups.NFS UDP 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments.NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.PING User-Defined 1Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other).PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel.PPTP_TUNNEL (GRE)User-Defined 47 PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel.RCMD TCP 512 Remote Command Service.REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web.REXEC TCP 514 Remote Execution Daemon.RLOGIN TCP 513 Remote Login.RTELNET TCP 107 Remote Telnet.RTSP TCP/UDP 554 The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP TCP 115 Simple File Transfer Protocol.Table 121 Commonly Used Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
Appendix F Common ServicesBM2022w User’s Guide 291SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.SNMP TCP/UDP 161 Simple Network Management Program.SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).SQL-NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers.SSH TCP/UDP 22 Secure Shell Remote Login Program.STRM WORKS UDP 1558 Stream Works Protocol.SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server.TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System).TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).VDOLIVE TCP 7000 Another videoconferencing solution.Table 121 Commonly Used Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
Appendix F Common ServicesBM2022w User’s Guide292
BM2022w User’s Guide 293APPENDIX GLegal InformationCertificationsFederal Communications Commission (FCC) Interference StatementThe device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:• This device complies with part 15 of the FCC Rules.• Operation is subject to the condition that this device does not cause harmful interference.This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:1Reorient or relocate the receiving antenna.2Increase the separation between the equipment and the receiver.3Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.4Consult the dealer or an experienced radio/TV technician for help.FCC Radiation Exposure Statement• This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. (for all wireless devices)• To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons. (for all wireless devices without SAR test, such as an AP or wireless router. the SAR test will be done for wireless USB adapters and CardBus cards)This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
Appendix G Legal InformationBM2022w User’s Guide294ࣹრ!"ࠉᖕ!!܅פ෷ሽंᘿ୴ࢤሽᖲጥ෻ᙄऄรԼԲය!!ᆖীڤᎁᢞٽ௑հ܅פ෷୴᙮ሽᖲΔॺᆖ๺ױΔֆ׹Ε೸ᇆࢨࠌشृ݁լ൓ᖐ۞᧢ޓ᙮෷ΕףՕפ෷ࢨ᧢ޓ଺๻ૠհ௽ࢤ֗פ౨ΖรԼ؄ය!!܅פ෷୴᙮ሽᖲհࠌشլ൓ᐙ᥼ଆ౰ڜ٤֗եឫٽऄຏॾΙᆖ࿇෼ڶեឫ෼ွழΔᚨمܛೖشΔࠀޏ࿳۟ྤեឫழֱ൓ᤉᥛࠌشΖছႈٽऄຏॾΔਐࠉሽॾ๵ࡳ܂ᄐհྤᒵሽॾΖ܅פ෷୴᙮ሽᖲႊݴ࠹ٽऄຏॾࢨՠᄐΕઝᖂ֗᠔᛭شሽंᘿ୴ࢤሽᖲ๻ໂհեឫΖءᖲૻڇլեឫٽऄሽፕፖլ࠹๯եឫঅᎽයٙՀ࣍৛փࠌشΖ!྇֟ሽ጖ंᐙ᥼ΔᓮݔᔞࠌشΖNoticesChanges or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.This device is designed for the WLAN 2.4 GHz and/or 5 GHz networks throughout the EC region and Switzerland, with restrictions in France.Ce produit est conçu pour les bandes de fréquences 2,4 GHz et/ou 5 GHz conformément à la législation Européenne. En France métropolitaine, suivant les décisions n°03-908 et 03-909 de l’ARCEP, la puissance d’émission ne devra pas dépasser 10 mW (10 dB) dans le cadre d’une installation WiFi en extérieur pour les fréquences comprises entre 2454 MHz et 2483,5 MHz. This Class B digital apparatus complies with Canadian ICES-003.Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
IndexBM2022w User’s Guide 295IndexAAAA 70AbS 158accounting serversee AAAACK message 175activity 70Advanced Encryption Standardsee AESAES 217AH 149ALG 97algorithms 149alternative subnet mask notation 256analysis-by-synthesis 158Application Layer Gatewaysee ALGauthentication 70,215inner 217keyserver 70types 217authorization 215request and reply 217server 70auto-discoveryUPnP 119Bbase stationsee BSBS 69–70links 70BYE request 176CCA 71,72CBC-MAC 217CCMP 215,217cell 69certificates 215CA 71formats 71verification 217Certification Authority, see CAcertifications 293notices 294chaining 217chaining message authenticationsee CCMPcircuit-switched telephone networks 157Class of Service (CoS) 158client-serverprotocol 176SIP 176CMACsee MACcodec 157comfort noise 177copyright 293CoS 158counter modesee CCMPcoverage area 69cryptography 215Ddata 215–216decryption 215encryption 215flow 217DH 155
IndexBM2022w User’s Guide296DHCP 95server 95diameter 70Differentiated Servicessee DiffServDiffie-Hellman key groups 155DiffServ 158DiffServ Code Point (DSCP) 158marking rule 162digital ID 72,215DS field 162DSCPsee DiffServDTMF 165dual-tone multi-frequencysee DTMFDynamic Host Configuration Protocolsee DHCPEEAP 70EAP (Extensible Authentication Protocol) 72EAP-TLS 72EAP-TTLS 72echo cancellation 177encapsulation 150encryption 215–216,217traffic 217ESP 149Ethernetencapsulation 96Extensible Authorization Protocolsee EAPFFCC interference statement 293firewall 129FTP 181restrictions 181GG.168 177G.711 157G.729 158Hhybrid waveform codec 158IIANA 260ID type and content 153identity 70,215idle timeout 181IEEE 802.16 69,215IEEE 802.16e 69IGD 1.0 98IKE phases 151inner authentication 217inside header 150Internetaccess 70gateway device 98Internet Assigned Numbers Authoritysee IANA 260Internet Key Exchange 151Internet Telephony Service Providersee ITSPinteroperability 69IP-PBX 157IPSecalgorithms 149architecture 149NAT 152IPSec VPN 141ITSP 157ITU-T 177
IndexBM2022w User’s Guide 297Kkey 215request and reply 217LL2TP VPN 137Layer 2 Tunneling Protocol VPNsee L2TP VPNMMAC 217MAN 69Management Information Base (MIB) 183Message Authentication Codesee MACmessage integrity 217Metropolitan Area Networksee MANmicrowave 69,70mobile stationsee MSMS 70multimedia 158NNAT 260and remote management 181IPSec 152server sets 96traversal 98,153NAT routers 165ND&S 79negotiation mode 151networkactivity 70services 70network address translators 165Network Discovery and Selectionsee ND&SOoutbound proxy 165SIP 165outbound proxy server 165outside header 150Ppattern-spotting 217PBX services 157PCM 157per-hop behavior 162PHB (per-hop behavior) 162phoneservices 166PKMv2 70,215,217plain text encryption 217Point to Point Tunneling Protocol VPNsee PPTP VPNPPTP VPN 133pre-shared key 154Privacy Key Managementsee PKMprivate key 215proxy serverSIP 164public certificate 217public key 215pulse code modulation 157push button 107QQoS 158quality of service
IndexBM2022w User’s Guide298RRADIUS 70,72,215Message Types 216Messages 216Shared Secret Key 216Real-time Transport Protocolsee RTPregister serverSIP 164related documentation 3remote management and NAT 181remote management limitations 181required bandwidth 158RFC 1889 158RFC 3489 165RTP 158Ssafety warnings 6secure communication 215secure connection 70security 215security association 216see SAsee QoSserver, outbound proxy 165services 70Session Initiation Protocolsee SIPsilence suppression 177silent packets 177SIP 158account 163ACK message 175ALG 97,165Application Layer Gateway, see ALGBYE request 176call progression 173client 176client server 176identities 163INVITE request 175number 163proxy server 164register server 164servers 176service domain 164URI 163user agent 164SIP outbound proxy 165SNMP 181manager 183sound quality 157SS 69,70STUN 165subnet 253mask 254subnetting 256subscriber stationsee SSsupplementary phone services 166syntax conventions 4system timeout 181TtamperingTCP/IP configuration 95TEK 217TFTP restrictions 181TLS 215ToS 158Touch Tone® 165transport encryption keysee TEKtransport layer securitysee TLStransport mode 150trigger port forwardingprocess 115TTLS 215,217tunnel mode 150tunneled TLSsee TTLSType of Service 158
IndexBM2022w User’s Guide 299Uunauthorized device 215uniform resource identifier 163Universal Plug and Playsee UPnPUPnP 97application 98auto-discovery 119security issues 98Windows XP 118use NAT 165user authentication 215VVAD 177verification 217virtual LANsee VLANVLAN 122examples 52voiceactivity detection 177coding 157mail 157Voice over IPsee VoIPVoIP 157Wwaveform codec 157WiFi Protected Setup, see WPSWiMAX 69–70security 216WiMAX Forum 69Wireless Interoperability for Microwave Accesssee WiMAXwireless LANWPS 106adding stations 107push button 107Wireless Metropolitan Area Networksee MANwireless networkaccess 69standard 69wireless security 215wizard setup 27WPS 106adding stations 107push button 107
IndexBM2022w User’s Guide300

Navigation menu