MitraStar Technology M4G-301 TD-LTE OUTDOOR CPE User Manual

MitraStar Technology Corporation TD-LTE OUTDOOR CPE

UserManual.wiki >

MitraStar Technology >

M4G 301 User Manual

User Manual

www.zyxel.comwww.huawei.comB222sLTE Outdoor CPEIMPORTANT!Copyright © 2012 Huawei Technologies Co., LTD.Edition 1, 6/ 2012Default Login DetailsWeb Addressht tp: / / 192.168.1.1User Nam e adm inPassw or d 1234

B222s User’s Guide2Graphics in this book m ay differ slightly from the product due t o differences in operat ing system s, operating system versions, or if you installed updated firm ware/ software for your device. Every effor t has been m ade t o ensure t hat t he inform ation in t his m anual is accurat e.Related Documentation• Quick Start Guide The Quick St art Guid show s how t o connect t he LTE Device and access the Web Configurat or wizards. ( See t he w izard real t im e help for inform ation on configuring each screen.) I t also contains a connect ion diagram and package content s list.Note: I t is recom m ended you use t he Web Configurator to configure t he LTE Device.

Contents OverviewB222s User’s Guide 3Contents OverviewUser’s Guide .......................................................................................................................................13Introduction .............................................................................................................................................15Introducing the Web Configurator ...........................................................................................................21Technical Reference ..........................................................................................................................27Connection Status and System Info ........................................................................................................29Broadband ...............................................................................................................................................35Wireless ..................................................................................................................................................43Home Networking ....................................................................................................................................69Routing ....................................................................................................................................................75DNS Route ..............................................................................................................................................79Quality of Service (QoS) .........................................................................................................................83Network Address Translation (NAT) ........................................................................................................95Dynamic DNS ........................................................................................................................................103Firewall ..................................................................................................................................................105MAC Filter ............................................................................................................................................. 115Parental Control .................................................................................................................................... 117VoIP .......................................................................................................................................................121Logs .....................................................................................................................................................145Traffic Status .........................................................................................................................................149User Account .........................................................................................................................................155Remote MGMT ......................................................................................................................................157System ..................................................................................................................................................159Time Setting ..........................................................................................................................................161Log Setting ...........................................................................................................................................163Firmware Upgrade ................................................................................................................................165Backup/Restore .....................................................................................................................................167Diagnostic .............................................................................................................................................171Troubleshooting ....................................................................................................................................173

Table of ContentsB222s User’s Guide 5Table of ContentsContents Overview ..............................................................................................................................3Table of Contents .................................................................................................................................5Part I: User’s Guide ......................................................................................... 13Chapter 1Introduction.........................................................................................................................................151.1 Overview ...........................................................................................................................................151.2 Applications for the LTE Device ........................................................................................................151.2.1 Internet Access ........................................................................................................................151.2.2 VoIP Features ..........................................................................................................................161.2.3 Wireless Connection ................................................................................................................161.3 The WLAN Button .............................................................................................................................161.4 Ways to Manage the LTE Device ......................................................................................................181.5 Good Habits for Managing the LTE Device .......................................................................................181.6 LEDs (Lights) ....................................................................................................................................181.7 The RESET Button ............................................................................................................................20Chapter 2Introducing the Web Configurator ....................................................................................................212.1 Overview ...........................................................................................................................................212.1.1 Accessing the Web Configurator .............................................................................................212.2 The Web Configurator Layout ...........................................................................................................232.2.1 Title Bar ...................................................................................................................................232.2.2 Main Window ...........................................................................................................................242.2.3 Traffic Status ............................................................................................................................242.2.4 User Account ...........................................................................................................................242.2.5 Navigation Panel .....................................................................................................................24Part II: Technical Reference............................................................................ 27Chapter 3Connection Status and System Info .................................................................................................293.1 Overview ...........................................................................................................................................293.2 The Connection Status Screen .........................................................................................................29

Table of ContentsB222s User’s Guide63.3 The System Info Screen ....................................................................................................................31Chapter 4Broadband...........................................................................................................................................354.1 Overview ...........................................................................................................................................354.1.1 What You Can Do in this Chapter ............................................................................................354.1.2 What You Need to Know ..........................................................................................................354.1.3 Before You Begin .....................................................................................................................384.2 The Broadband Screen .....................................................................................................................384.2.1 Add/Edit Internet Connection ...................................................................................................394.3 Technical Reference ..........................................................................................................................41Chapter 5Wireless ...............................................................................................................................................435.1 Overview ...........................................................................................................................................435.1.1 What You Can Do in this Chapter ............................................................................................435.1.2 Wireless Network Overview .....................................................................................................435.1.3 Before You Begin .....................................................................................................................455.2 The Wireless General Screen ..........................................................................................................455.2.1 No Security ..............................................................................................................................475.2.2 Basic (Static WEP/Shared WEP Encryption) ...........................................................................475.2.3 More Secure (WPA(2)-PSK) ....................................................................................................495.2.4 WPA(2) Authentication .............................................................................................................505.3 The More AP Screen .........................................................................................................................515.3.1 Edit More AP ...........................................................................................................................525.4 The WPS Screen ..............................................................................................................................535.5 The WMM Screen .............................................................................................................................555.6 Scheduling Screen ...........................................................................................................................575.7 Technical Reference ..........................................................................................................................575.7.1 Additional Wireless Terms .......................................................................................................585.7.2 Wireless Security Overview .....................................................................................................585.7.3 Signal Problems ......................................................................................................................605.7.4 BSS .........................................................................................................................................615.7.5 MBSSID ...................................................................................................................................615.7.6 WiFi Protected Setup (WPS) ...................................................................................................62Chapter 6Home Networking ...............................................................................................................................696.1 Overview ...........................................................................................................................................696.1.1 What You Can Do in this Chapter ............................................................................................696.1.2 What You Need To Know .........................................................................................................696.2 The LAN Setup Screen .....................................................................................................................716.3 The Static DHCP Screen ...................................................................................................................72

Table of ContentsB222s User’s Guide 76.3.1 Before You Begin .....................................................................................................................726.4 The UPnP Screen .............................................................................................................................73Chapter 7Routing ................................................................................................................................................757.1 Overview ...........................................................................................................................................757.2 Configuring Static Route ...................................................................................................................767.2.1 Add/Edit Static Route .............................................................................................................77Chapter 8DNS Route ...........................................................................................................................................798.1 Overview ...........................................................................................................................................798.1.1 What You Can Do in this Chapter ............................................................................................798.2 The DNS Route Screen ....................................................................................................................808.2.1 Add/Edit DNS Route Edit ........................................................................................................80Chapter 9Quality of Service (QoS).....................................................................................................................839.1 Overview ...........................................................................................................................................839.1.1 What You Can Do in this Chapter ............................................................................................839.1.2 What You Need to Know ..........................................................................................................839.2 The QoS General Screen .................................................................................................................849.3 The Queue Setup Screen .................................................................................................................869.3.1 Add/Edit a QoS Queue ...........................................................................................................879.4 The Class Setup Screen .................................................................................................................879.4.1 Add/Edit QoS Class ................................................................................................................899.5 The QoS Monitor Screen .................................................................................................................929.6 QoS Technical Reference .................................................................................................................929.6.1 IEEE 802.1p ............................................................................................................................939.6.2 IP Precedence .........................................................................................................................939.6.3 DiffServ ....................................................................................................................................93Chapter 10Network Address Translation (NAT)..................................................................................................9510.1 Overview ........................................................................................................................................9510.1.1 What You Can Do in this Chapter ..........................................................................................9510.1.2 What You Need To Know .......................................................................................................9510.2 The Port Forwarding Screen ..........................................................................................................9610.2.1 The Port Forwarding Screen .................................................................................................9710.2.2 The Port Forwarding Edit Screen ..........................................................................................9810.3 The DMZ Screen .............................................................................................................................9910.4 The Sessions Screen ......................................................................................................................9910.5 Technical Reference ......................................................................................................................100

Table of ContentsB222s User’s Guide810.5.1 NAT Definitions ....................................................................................................................10010.5.2 What NAT Does ...................................................................................................................10110.5.3 How NAT Works ..................................................................................................................101Chapter 11Dynamic DNS ....................................................................................................................................10311.1 Overview ......................................................................................................................................10311.1.1 What You Need To Know .....................................................................................................10311.2 The Dynamic DNS Screen ............................................................................................................104Chapter 12Firewall ..............................................................................................................................................10512.1 Overview .......................................................................................................................................10512.1.1 What You Can Do in this Chapter ........................................................................................10512.1.2 What You Need to Know ......................................................................................................10612.2 The General Screen .....................................................................................................................10712.3 The Services Screen .....................................................................................................................10812.3.1 The Add New Services Entry Screen ..................................................................................10812.4 The Access Control Screen ..........................................................................................................10912.4.1 The Add New ACL Rule/Edit Screen ................................................................................... 11012.5 The DoS Screen ............................................................................................................................ 11112.6 Firewall Technical Reference ........................................................................................................ 11212.6.1 Guidelines For Enhancing Security With Your Firewall ....................................................... 11212.6.2 Security Considerations ....................................................................................................... 112Chapter 13MAC Filter.......................................................................................................................................... 11513.1 Overview ....................................................................................................................................... 11513.1.1 What You Need to Know ...................................................................................................... 11513.2 The MAC Filter Screen .................................................................................................................. 115Chapter 14Parental Control................................................................................................................................ 11714.1 Overview ....................................................................................................................................... 11714.2 The Parental Control Screen ......................................................................................................... 11714.2.1 Add/Edit a Parental Control Rule ......................................................................................... 118Chapter 15VoIP ....................................................................................................................................................12115.1 Overview .......................................................................................................................................12115.1.1 What You Can Do in this Chapter ........................................................................................12115.1.2 What You Need to Know ......................................................................................................12115.1.3 Before You Begin .................................................................................................................123

Table of ContentsB222s User’s Guide 915.2 The SIP Service Provider Screen ................................................................................................12315.3 The SIP Account Screen ...............................................................................................................12915.3.1 Add/Edit SIP Account ..........................................................................................................13015.4 Multiple SIP Accounts ...................................................................................................................13215.5 Phone Screen ..............................................................................................................................13315.5.1 Edit Phone Device ...............................................................................................................13315.6 The Phone Region Screen ............................................................................................................13415.7 The Call Rule Screen ....................................................................................................................13415.8 Technical Reference ......................................................................................................................13615.8.1 VoIP .....................................................................................................................................13615.8.2 SIP ......................................................................................................................................13615.8.3 Quality of Service (QoS) ......................................................................................................14015.8.4 Phone Services Overview ...................................................................................................141Chapter 16Logs ..................................................................................................................................................14516.1 Overview ......................................................................................................................................14516.1.1 What You Can Do in this Chapter ........................................................................................14516.1.2 What You Need To Know .....................................................................................................14516.2 The System Log Screen ................................................................................................................14616.3 The Phone Log Screen .................................................................................................................14716.4 The VoIP Call History Screen ........................................................................................................147Chapter 17Traffic Status .....................................................................................................................................14917.1 Overview .......................................................................................................................................14917.1.1 What You Can Do in this Chapter ........................................................................................14917.2 The WAN Status Screen ...............................................................................................................14917.3 The LAN Status Screen .................................................................................................................15017.4 The NAT Status Screen .................................................................................................................15117.5 The VoIP Status Screen ................................................................................................................152Chapter 18User Account ....................................................................................................................................15518.1 Overview .......................................................................................................................................15518.2 The User Account Screen .............................................................................................................155Chapter 19Remote MGMT...................................................................................................................................15719.1 Overview .......................................................................................................................................15719.1.1 What You Need to Know ......................................................................................................15719.2 The Remote MGMT Screen ..........................................................................................................157

Table of ContentsB222s User’s Guide10Chapter 20System ...............................................................................................................................................15920.1 Overview .......................................................................................................................................15920.1.1 What You Need to Know ......................................................................................................15920.2 The System Screen .......................................................................................................................159Chapter 21Time Setting ......................................................................................................................................16121.1 Overview .......................................................................................................................................16121.2 The Time Setting Screen .............................................................................................................161Chapter 22Log Setting .......................................................................................................................................16322.1 Overview ......................................................................................................................................16322.2 The Log Setting Screen ................................................................................................................163Chapter 23Firmware Upgrade ............................................................................................................................16523.1 Overview .......................................................................................................................................16523.2 The Firmware Upgrade Screen .....................................................................................................165Chapter 24Backup/Restore ................................................................................................................................16724.1 Overview .......................................................................................................................................16724.2 The Backup/Restore Screen .........................................................................................................16724.3 The Reboot Screen .......................................................................................................................169Chapter 25Diagnostic .........................................................................................................................................17125.1 Overview .......................................................................................................................................17125.2 The Ping/TraceRoute Screen ........................................................................................................171Chapter 26Troubleshooting................................................................................................................................17326.1 Overview .......................................................................................................................................17326.2 Power, Hardware Connections, and LEDs ....................................................................................17326.3 LTE Device Access and Login ......................................................................................................17426.4 Internet Access .............................................................................................................................17526.5 Wireless Internet Access ...............................................................................................................17626.6 Phone Calls and VoIP ...................................................................................................................17726.7 UPnP .............................................................................................................................................178Appendix A IP Addresses and Subnetting.......................................................................................179

Table of ContentsB222s User’s Guide 11Appendix B Setting Up Your Computer’s IP Address ......................................................................189Appendix C Pop-up Windows, JavaScript and Java Permissions ...................................................219Appendix D Wireless LANs..............................................................................................................229Appendix E Common Services ........................................................................................................249Appendix F Legal Information..........................................................................................................253Index ..................................................................................................................................................255

B222s User’s Guide 15CHAPTER 1Introduction1.1 OverviewThe Device is an LTE ( Long Term Evolut ion) device including an out door unit ( ODU) and an indoor unit ( I DU). The LTE Device supports Voice over I P ( VoI P) com m unicat ion capabilit ies t o allow you t o use a t radit ional analog t elephone t o m ake I nternet calls. The LTE Device also provides a com plet e securit y solution wit h a robust firewall based on St ateful Packet I nspection ( SPI ) t echnology and Denial of Service ( DoS) .See t he chapt er on product specificat ions for a full list of features.1.2 Applications for the LTE DeviceHere are som e exam ple uses for which t he LTE Device is well suit ed.1.2.1 Internet AccessYour LTE Device provides I nternet access by connect ing t o an LTE net w ork wirelessly.Com put ers can connect to the LTE Device’s ETH ERN ET port s (or wirelessly) .Figure 1 LTE Device’s I nternet Access Applicat ionLAN WANLTE

Chapter 1 IntroductionB222s User’s Guide 17Turn the Wireless LAN On or Off1Make sure t he PW R/ SYS LED is on ( not blinking) .2Press t he WIRELESS On/Off but t on for one second and release it . The W LAN / W PS LED should change from on to off or vice versa. Activate WPS1Make sure t he PW R/ SYS LED is on ( not blinking) .2Press t he WIRELESS On/Off butt on for m ore than five seconds and release it . Press t he WPS but ton on anot her WPS - enabled device wit hin range of the LTE Device. The W LAN / W PS LED should flash while the LTE Device sets up a WPS connect ion w it h t he wireless device. Not e: You m ust act ivat e WPS in t he LTE Device and in another wireless device within t wo m inut es of each other. See Chapter 5 on page 62 for m ore inform at ion.

Chapter 1 IntroductionB222s User’s Guide181.4 Ways to Manage the LTE Device• Web Configurat or. This is for m anagem ent of the LTE Device using a ( support ed) web browser.1.5 Good Habits for Managing the LTE DeviceDo t he following t hings regularly t o m ake the LTE Device m ore secur e and to m anage t he LTE Device m ore effect ively.• Change t he password. Use a password that ’s not easy t o guess and that consist s of different types of charact ers, such as num bers and let t ers.• Writ e down the password and put it in a safe place.• Back up t he configurat ion ( and m ake sur e you know how t o restore it ) . Restoring an earlier working configurat ion m ay be useful if the device becom es unst able or even crashes. I f you forget your password to access t he Web Configurat or, you will have t o r eset the LTE Device t o its fact ory default set tings. I f you backed up an earlier configurat ion file, you would not have t o tot ally re- configure t he LTE Device. You could sim ply restore your last configurat ion. Keep in m ind t hat backing up a configurat ion file will not back up passwords used t o set up PPPoE and VoI P. Writ e down any inform ation your I SP provides you.1.6 LEDs (Lights)The following graphic displays t he labels of t he LEDs.Figure 4 LEDs on t he Top of t he DeviceFigure 5 LEDs on t he Et hernet PortsNone of the LEDs are on if the LTE Device is not receiving power.Table 1 LED Descript ions ( From Left To Right )LED COLOR STATUS DESCRIPTIONPWR/ SYS Green On The LTE Device is receiv ing power and ready for use.Blinking The LTE Device is booting up.Red On The LTE Device detected an error while self- test ing, or t here is a device m alfunct ion.Blinking The LTE Device is upgrading t he firm ware.Off The LTE Device is not receiv ing power.

Chapter 1 IntroductionB222s User’s Guide 19Refer t o t he Quick St ar t Guide for infor m ation on hardware connect ions. LI NK Green On The LTE Dev ice has an LTE connection on the WAN.Blinking The LTE Device is sear ching for a frequency channel or is perform ing net work ent r y.Off The LTE Device does not have an LTE connection on the WAN.LTE Th e LTE LED s d i sp la y t h e Received Signal Strengt h I ndicat ion ( RSSI ) of t he LTE connection. Three signals on at the sam e t im e m eans best signal quality, tw o m eans m edium signal quality, and one m eans low signal quality.No Signal LEDSThere is no LTE connection.Green Signal 1 OnThe signal strengt h is less t han - 90 dBm if signal 1 is on only.Signal 2 OnThe signal st rength is bet ween -90 dBm and -70 dBm if both signals 1 and 2 are on.Signal 3 OnThe signal st rengt h is - 70 dBm or great er if t hree signals are all on.WLAN/ WPS Green On The wir eless net work is activat ed and is operat ing in I EEE 802.11 “ b”, “ g” or “ n” m ode.Blinking The LTE Device is com m unicat ing wit h ot her w ireless client s.Orange Blinking The LTE Device is sett ing up a WPS connect ion.Off The wireless net wor k is not act ivat ed.PHONE Green On A SI P account is regist ered for t he phone port .Blinking A telephone connected t o the phone port has its receiver off of t he hook or there is an incom ing call.Orange On A SI P account is regist ered for t he phone port and there is a voice m essage in t he corresponding SI P account .Blinking A telephone connected t o the phone port has its receiver off of t he hook and t here is a voice m essage in t he corresponding SI P account.Off The phone port does not have a SI P account registered.ETHERNET1- 2Ye l l o w ( Giga Et hernet )On The LTE Device has a successful 1000 Mbps Ethernet connect ion wit h a device on the Local Area Net work ( LAN) . Blinking The LTE Device is sending or receiving data to/ from the LAN at 1000 Mbps.Green ( Fast Et hernet )On The LTE Device has a successful 10/ 100 Mbps Ethernet connect ion wit h a device on the Local Area Net work ( LAN) .Blinking The LTE Device is sending or receiving data to/ from the LAN at 10/ 100 Mbps.Off The LTE Device does not have an Ethernet connect ion with the LAN.Table 1 LED Descript ions ( From Left To Right ) ( cont inued)LED COLOR STATUS DESCRIPTION

Chapter 1 IntroductionB222s User’s Guide201.7 The RESET ButtonI f you forget your passw ord or cannot access t he web configurator, you will need t o use t he RESET but ton at t he back of the device t o reload t he factory- default configuration file. This m eans t hat you will lose all configurations that you had previously and the passwords will be reset to t he default s. 1Make sure t he POW ER LED is on ( not blinking) .2To set t he device back t o t he factory default sett ings, pr ess t he RESET but ton for 5 seconds or until the POW ER LED begins t o blink and t hen release it . When t he POW ER LED begins t o blink, the defaults have been restored and t he device restar t s.

B222s User’s Guide 21CHAPTER 2Introducing the Web Configurator2.1 OverviewThe web configurator is an HTML- based m anagem ent int erface t hat allows easy device set up and m anagem ent via I nt ernet browser. Use I nt ernet Explorer 6.0 and later versions, Mozilla Firefox 3 and lat er versions, or Safari 2.0 and lat er versions. The recom m ended screen resolut ion is 1024 by 768 pixels.I n order t o use t he web configurat or you need t o allow:• Web browser pop- up windows from your device. Web pop- up blocking is enabled by default in Windows XP SP (Service Pack) 2.• JavaScript ( enabled by default ).• Java perm issions ( enabled by default) .See Appendix C on page 219 if you need t o m ake sure these functions are allowed in I nt ernet Explorer.2.1.1 Accessing the Web Configurator1Make sure your LTE Device hardware is properly connect ed ( refer t o t he Quick St art Guide) .2Launch your web br owser.3Type "192.168.1.1" as t he URL.4A password screen displays. Ty pe “ adm in” as t he default Usernam e and “1234” as t he default passw ord to access the device’s Web Configurat or. Click Login. I f you have changed t he passwor d, enter your password and click Login.Figure 6 Password ScreenNote: For security reasons, t he LTE Device aut om at ically logs you out if you do not use the web configurator for five m inutes ( default) . I f t his happens, log in again.

Chapter 2 Introducing the Web ConfiguratorB222s User’s Guide225The following screen displays if you have not yet changed your password. I t is st rongly recom m ended you change t he default password. Ent er a new password, ret ype it t o confirm and click Apply; alternat ively click Skip t o proceed t o t he m ain m enu if you do not want t o change the passw ord now.Figure 7 Change Passwor d Screen6The Connection Sta t us screen appears. Figure 8 Connection Stat us 7Click Syst e m I nfo to display the Syst em I nfo screen, where you can view t he LTE Device’s int erface and system inform at ion.

Chapter 2 Introducing the Web ConfiguratorB222s User’s Guide 232.2 The Web Configurator LayoutClick Con n e ct ion St a tus > Syst e m I nfo t o show the following screen. (See Sect ion 3.3 on page 31 for m ore inform ation.)Figure 9 Web Configurat or LayoutAs illustrat ed above, t he m ain screen is divided int o t hese parts:•A - t it le bar•B - m ain w indow •C - navigat ion panel2.2.1 Title BarThe tit le bar shows t he following icon in t he upper right corner.Click t his icon to log out of t he web configurat or.BCAab

Chapter 2 Introducing the Web ConfiguratorB222s User’s Guide242.2.2 Main WindowThe m ain window displays inform ation and configurat ion fields. I t is discussed in t he rest of this docum ent .Aft er you click System I nfo on the Connect ion St at us screen, t he Syst e m I nfo screen is displayed. See Chapt er 3 on page 31 for m ore inform at ion about t he Syst em I nfo screen.I f you click LAN Device on t he Syst em I nfo screen ( a in Figure 9 on page 23) , the Conn ect ion St a tu s screen appears. See Chapt er 3 on page 29 for m ore inform ation about t he Connection St a t u s screen.I f you click Virt ua l D e vice on t he Syst e m I n fo screen ( b in Figure 9 on page 23), a visual graphic appears, showing t he connect ion st at us of t he LTE Device’s ports. The connected port s are in color and disconnect ed port s are gray.Figure 10 Virt ual Device2.2.3 Traffic StatusUse t he M a int e n a nce > Tr a ffic St at us screens t o look at net w ork t raffic st atus and stat ist ics of the WAN, LAN int erfaces and NAT. See Chapter 20 on page 159 for m ore infor m ation.2.2.4 User AccountUse t he M a int e n a nce > User Accou nt s screen t o configure system passw ord for different user account s. See Chapt er 18 on page 155 for m ore inform ation.2.2.5 Navigation PanelUse t he m enu item s on the navigat ion panel to open screens t o configure LTE Device feat ures. The following t able describes each m enu item .Table 2 Navigat ion Panel Sum m aryLINK TAB FUNCTIONConnection St at us This screen shows t he net work stat us of the LTE Device and com put ers/ dev ices connected t o it.Net work Set t ing

Chapter 2 Introducing the Web ConfiguratorB222s User’s Guide 25Broadband Broadband Use t his screen t o view and m odify your WAN interface. You can also configur e I SP param et ers, WAN I P address assignm ent , DNS servers and other advanced properties.Wireless General Use t his screen to t urn t he wir eless connect ion on or off, specify the SSI D(s) and configure t he wireless LAN sett ings and WLAN aut hent icat ion/ securit y set tings.More AP Use t his screen t o configure m ult iple BSSs on t he LTE Device.WPS Use t his screen to use WPS ( Wi- Fi Prot ect ed Setup) to establish a wireless connection.WMM Use t his screen to enable or disable Wi- Fi Mult iMedia ( WMM) .Scheduling Use t his screen t o configure when t he LTE Device enables or disables the wireless LAN.Hom e Net workingLAN Setup Use t his screen t o configure LAN TCP/ I P sett ings, and ot her advanced propert ies.St at ic DHCP Use t his screen t o assign specific I P addresses t o individual MAC addresses.UPnP Use t his screen t o enable the UPnP function.St at ic Route St at ic Rout e Use t his screen t o view and set up st at ic rout es on t he LTE Device.DNS Rou t e DNS Rout e Use this screen t o view and configure DNS r outes.QoS General Use t his screen t o enable QoS and decide allowable bandwidt h using QoS.Queue Set up Use t his screen t o configure QoS queue assignm ent .Class Set up Use t his screen to set up classifiers t o sort t raffic int o different flows and assign priorit y and define act ions t o be perform ed for a classified traffic flow.Monitor Use this screen to view each queue’s stat ist ics.NAT Port Forwarding Use t his screen t o m ake your local servers visible to t he out side world.DMZ Use t his screen to configure t he I P address of t he LTE Device’s DMZ interface.Sessions Use t his screen to lim it t he num ber of NAT sessions a single client can est ablish.Dynam ic DNS Dynam ic DNS Use t his screen t o allow a stat ic host nam e alias for a dy nam ic I P address.SecurityFirewall General Use t his screen to act ivate/ deact ivate the firewall. Services Use t his screen to view and configure services. Access Cont rol Use t his screen to view and configure filt er rules for incom ing and outgoing traffic. DoS Use this screen to act ivate/ deactivat e Denial of Service ( DoS) prot ection. MAC Filt er MAC Filt er Use t his screen t o allow specific dev ices t o access the LTE Device. Par ent al Cont rolParental Cont rol Use t his screen t o define t im e periods and days during which t he LTE Device perform s parent al cont rol and/ or block web sites with the specific URL.VoI PTable 2 Navigat ion Panel Sum m ary ( cont inued)LINK TAB FUNCTION

Chapter 2 Introducing the Web ConfiguratorB222s User’s Guide26SI P SI P Ser vice Provider Use t his screen t o configure your LTE Device’s Voice over I P set t ings.SI P Account Use t his screen t o set up inform at ion about your SI P account and configur e audio sett ings such as volum e levels for t he phones connected t o the LTE Device.Phone Phone Dev ice Use t his screen t o set which phone port s use which SI P account s.Region Use t his screen to select your location.Call Rule Speed Dial Use t his screen t o configur e speed dial for SI P phone num bers t hat you call oft en.System Monit orLog Sy st em Log Use t his screen t o view t he syst em logs for t he cat egories that you select .Phone Log Use t his screen to view t he LTE Device’s phone logs.VoI P Call Hi st or y Use t his screen to view t he LTE Device’s VoI P call hist ory.Traffic St at us WAN Use t his scr een t o v iew t he st at us of all net w or k t raffic going t hr ough the WAN port of t he LTE Device.LAN Use t h is scr een t o v iew t he st at us of all net w or k t raffic going t hr ough t he LAN port s of t he LTE Device.NAT Use this screen t o view t he st at us of NAT sessions on t he LTE Device. Vo I P St at u s VoI P St at u s Use t his screen t o view t he SI P, phone, and call stat us of t he LTE Device.Maint enanceUser s Account Users Account Use t his screen t o configure t he passwords your user account s.Rem ot e MGMT Rem ot e MGMT Use t his screen t o enable specific t raffic dir ect ions for net work services.Sy st em Sy st em Use t his screen t o configure t he LTE Device’s nam e, dom ain nam e, m anagem ent inact ivit y tim e- out .Tim e Set t ing Tim e Sett ing Use this screen t o change your LTE Device’s t im e and dat e.Log Set t ing Log Set t ing Use t his screen to select which logs and/ or im m ediate alert s your device is t o record. You can also set it t o e-m ail t he logs t o you.Firm ware UpgradeFirm ware UpgradeUse t his screen to upload firm ware t o your device.Backup/Rest or eBackup/ Restore Use t his screen t o backup and r est ore your device’s configurat ion ( sett ings) or reset the fact ory default set tings.Reboot Reboot Use t his screen to reboot the LTE Device without turning t he power off.Diagnostic Ping/ TraceRoute Use t his screen t o t est t he connections t o ot her devices. Aut o Prov ision Aut o Prov ision Use t his screen to configure aut o provision w hich aut om atically updat es t he lat est firm ware and configurat ion t o t he LTE Device.Table 2 Navigat ion Panel Sum m ary ( cont inued)LINK TAB FUNCTION

27PART IITechnical ReferenceThe appendices pr ovide general inform ation. Som e det ails m ay not apply t o your LTE Device.

B222s User’s Guide 29CHAPTER 3Connection Status and System Info3.1 OverviewAft er you log int o t he web configurat or, t he Con nect ion St a tu s screen appear s. This shows the network connect ion st at us of the LTE Device and client s connected t o it.Use t he Syst em I nfo screen to look at t he current status of t he device, system resour ces, int erfaces (LAN, WAN and WLAN) , and SI P account s. You can also regist er and unregist er SI P account s. I f you click Vir t ual D e v ice on t he Syst e m I nfo screen, a visual graphic appears, showing the connect ion st at us of t he LTE Device’s por t s. See Sect ion 2.2.2 on page 24 for m ore inform ation.3.2 The Connection Status ScreenUse t his screen to view t he net work connect ion st at us of t he device and it s clients. A warning m essage appears if t here is a connect ion pr oblem .

Chapter 3 Connection Status and System InfoB222s User’s Guide30I f you prefer t o view t he status in a list , click List View in the View in g m ode select ion box. You can configur e how often you want t he LTE Device t o update this screen in Ref re sh I nt erval.Figure 11 Connect ion St at us: I con View Figure 12 Connection Status: List ViewI n I con Vie w , if you want t o view inform at ion about a client, click the client ’s nam e and I nfo. Click the I P address if you want t o change it . I f you want t o change t he nam e or icon of t he client, click Cha nge nam e / icon . I n List Vie w , you can also view t he client ’s inform ation.

Chapter 3 Connection Status and System InfoB222s User’s Guide 313.3 The System Info ScreenClick Con ne ct ion St a t us > Syst e m I nf o t o open t his screen. Figure 13 System I nfo Scr een Each field is described in t he following t able.Table 3 System I nfo ScreenLABEL DESCRIPTIONLanguage Select t he web configurat or language from the drop-down list box.Refresh I nt erval Select how oft en y ou want the LTE Device t o update this screen from t he dr op-down list box.Device I nform at ionHost Nam e This field displays t he LTE Device system nam e. I t is used for ident ificat ion. You can change this in the M aint e na nce > Syst em screen’s Host N a m e field.Model Nam e This is t he m odel nam e of your device.MAC Address This is t he MAC ( Media Access Contr ol) or Ethernet address unique t o your LTE Device.

Chapter 3 Connection Status and System InfoB222s User’s Guide32Firm ware Version This field displays the current version of the firm ware inside t he device. I t also shows t he date t he firm ware version was created. Go to t he Maint e na nce > Firm w ar e Upgra de screen t o change it.WAN I nform at ionMode This is t he m et hod of encapsulat ion used by your I SP.I P Address This field displays t he current I P address of t he LTE Dev ice in the WAN. LAN I nform at ionI P Address This field displays t he current I P address of t he LTE Dev ice in the LAN. I P Subnet Mask This field displays t he current subnet m ask in t he LAN.DHCP Server This field displays what DHCP services t he LTE Device is pr oviding t o the LAN. Choices are:Ser ve r - The LTE Device is a DHCP server in t he LAN. I t assigns I P addresses t o ot her com puters in t he LAN.N on e - The LTE Device is not providing any DHCP services t o the LAN.WLAN I nform at ionChannel This is t he channel num ber used by t he LTE Device now.WPS Stat us Configur ed displays when a wireless client has connect ed to t he LTE Dev ice or WPS is enabled and wireless or wireless secur ity set t ings have been configured. Unconfigu r ed displays if WPS is disabled or wireless securit y sett ings have not been configur ed. SSI D ( 1~ 4) I nform at ionSSI D This is t he descript ive nam e used t o identify t he LTE Device in the w ireless LAN. St at us This shows w hether or not t he SSI D is enabled ( on) .Securit y Mode This displays t he type of securit y the LTE Device is using in t he w ireless LAN.LTE St at u sSt at us This displays 4 G LTE if t here is an LTE connection, ot herwise, it displays N / A.Signal Strengt h This displays t he strengt h of t he LTE connect ion t hat the LTE Device has wit h t he base st at ion w hich is also known as eNodeB or eNB.Service Provider This displays t he ser vice provider’s nam e of t he connect ed LTE net work.Frequency Band This displays LTE if there is an LTE connection.Connection Upt im e This display s how long t he LTE connection has been available since it was last est ablished successfully.ODU F/ W Ver sion This displays t he firm ware version of t he out door unit .Module F/ W Ver sion This displays t he firm ware version of LTE m odule.I MEI This displays t he LTE Device’s I nt er nat ional Mobile Equipm ent I dent it y num ber ( I MEI ). An I MEI is a unique I D used to ident ify a m obile device.I MSI This displays the I nt ernat ional Mobile Subscriber I dent it y ( I MSI ) of t he SI M card inserted in the out door unit . An I MSI is a unique I D used t o ident ify a m obile subscr iber in a m obile networ k.I nt erface St atusI nt erface This colum n displays each interface t he LTE Device has.Table 3 System I nfo Screen ( continued)LABEL DESCRIPTION

Chapter 3 Connection Status and System InfoB222s User’s Guide 33St at us This field indicat es whet her or not t he LTE Dev ice is using t he int erface.For t he LTE WAN interface, t his field displays Up w hen t he LTE Device is con nect ed to an LTE netw ork and Dow n when t he LTE Device does not have an LTE con nect ion.For t he LAN int erface, t his field displays Up w hen t he LTE Device is using t he int erface and D ow n when t he LTE Device is not using t he int erface.For t he WLAN int erface, it displays Up w hen WLAN is enabled or Dow n when WLAN is disabled.Rat e For t he LTE WAN int erface, this displays 4 G LTE if t here is an LTE connect ion.For t he LAN int erface, t his displays t he port speed and duplex set t ing.For t he WLAN int erface, it displays t he m axim um t ransm ission rat e when WLAN is enabled or N / A when WLAN is disabled.System Stat usSyst em Up Tim e This field displays how long the LTE Device has been running since it last st art ed up. The LTE Device start s up w hen you plug it in, when you restart it (Ma int ena nce > Reboot) , or when you reset it (see Section 1.7 on page 20) .Current Dat e/ Tim e This field display s t he current dat e and t im e in t he LTE Device. You can change t his in M a int en a nce > Tim e Set t ing.System ResourceCPU Usage This field displays what percent age of t he LTE Device’s processing abilit y is currently used. When t his per centage is close t o 100% , the LTE Device is running at full load, and t he t hroughput is not going to im prove any m ore. I f you want som e applicat ions t o have m ore t hroughput , you should t urn off other applicat ions.Mem ory Usage This field displays what percent age of t he LTE Device’s m em ory is current ly used. Usually, this percent age should not increase m uch. I f m em or y usage does get close to 100% , the LTE Device is pr obably becom ing unstable, and you should rest art the device. See Chapter 24 on page 169, or t ur n off t he device (unplug t he power) for a few seconds.Regist r at ion Stat usAccount This colum n displays each SI P account in t he LTE Device.Action This field displays t he current registrat ion stat us of t he SI P account . You have t o register SI P account s wit h a SI P server t o use VoI P.I f t he SI P account is alr eady registered with t he SI P serv er,• Click U nr e gist e r to delet e the SI P account ’s registrat ion in t he SI P server. This does not cancel your SI P account , but it delet es t he m apping between your SI P ident it y and your I P addr ess or dom ain nam e.• The second field displays Re gist e r e d.I f t he SI P account is not registered with t he SI P serv er,• Click Re gist e r to have the LTE Device at t em pt to regist er t he SI P account w ith the SI P serv er.• The second field displays t he reason the account is not registered.I na ct iv e - The SI P account is not active. You can act ivat e it in VoI P > SI P > SI P Se t t in gs.Regist er Fail - The last t im e t he LTE Device tr ied t o regist er t he SI P account w it h the SI P server, the att em pt failed. The LTE Device aut om at ically t ries t o r egist er the SI P account when you t urn on t he LTE Device or when you act ivate it .Table 3 System I nfo Screen ( continued)LABEL DESCRIPTION

Chapter 3 Connection Status and System InfoB222s User’s Guide34Account St at us This shows Act iv e w hen t he SI P account has been registered and r eady for use or I n- Act iv e w hen the SI P account is not yet registered.URI This field displays t he account num ber and service dom ain of t he SI P account. You can change these in VoI P > SI P > SI P Se t t ings.Table 3 System I nfo Screen ( continued)LABEL DESCRIPTION

B222s User’s Guide 35CHAPTER 4Broadband4.1 OverviewThis chapt er discusses t he LTE Device’s Broa dband screens. Use t hese screens t o configure your LTE Device for I nt ernet access.A WAN ( Wide Ar ea Networ k) connect ion is an out side connection to anot her net work or t he I nt ernet. I t connect s your private networks, such as a LAN ( Local Area Network) and ot her networks, so t hat a com puter in one location can com m unicat e wit h com put ers in other locat ions.This LTE Device support s LTE connection for t he WAN only.Figure 14 LAN and WAN4.1.1 What You Can Do in this Chapter• Use the Broa dband screen t o view, rem ove or add an LTE WAN int erface. You can also configure the WAN sett ings on t he LTE Device for I nternet access ( Sect ion 4.2 on page 38) .4.1.2 What You Need to KnowThe following term s and concept s m ay help as you read this chapt er.Encapsulation MethodEncapsulation is used t o include dat a from an upper layer prot ocol into a lower layer prot ocol. To set up a WAN connection t o t he I nt ernet, you need to use t he sam e encapsulat ion m et hod used by your I SP ( I nternet Service Provider) .WANLAN

Chapter 4 BroadbandB222s User’s Guide36WAN IP AddressThe WAN I P address is an I P address for the LTE Device, which m akes it accessible from an outside network. I t is used by t he LTE Device t o com m unicat e with ot her devices in ot her networks. I t can be stat ic ( fixed) or dynam ically assigned by t he I SP each t im e the LTE Device t ries t o access t he I nt ernet.I f your I SP assigns you a stat ic WAN I P address, they should also assign you t he subnet m ask and DNS server I P address(es).APNAccess Point Nam e ( APN) is a unique st ring which indicates an LTE net work. An APN is required for LTE stations t o ent er t he LTE net work and t hen t he I nternet .CAPWAPThe LTE Device supports CAPWAP. This is ZyXEL’s im plem ent ation of the CAPWAP prot ocol (RFC 5415) . The CAPWAP dat aflow is protect ed by Dat agram Transport Layer Securit y (DTLS) .The following figure illust rat es a CAPWAP wireless network. You ( U) configure t he AP cont roller ( C), which then autom atically updat es the configurat ions of t he m anaged APs ( M1 ~ M 4 ) . Figure 15 CAPWAP Net work Exam pleNote: The LTE Device can be a st andalone AP ( default ), a CAPWAP m anaged AP, or a CAPWAP AP controller.CAPWAP Discovery and ManagementThe link between CAPWAP- enabled access points proceeds as follows:1An AP in m anaged AP m ode j oins a wired net w ork ( receives a dynam ic I P address) .UCM1 M2 M3 M4DHCP SERVER

Chapter 4 BroadbandB222s User’s Guide 372The AP sends out a discovery request , looking for an AP in CAPWAP AP cont roller m ode.3I f t here is an AP controller on t he net work, it receives t he discovery request. I f t he AP controller is in Ma nual m ode it adds t he details of t he AP to it s Un m a nage d Acce ss Point s list , and you decide which available APs t o m anage. I f t he AP is in Alw a ys Acce pt m ode, it aut om at ically adds the AP t o its M a nage d Acce ss Point s list and provides the m anaged AP wit h default configuration inform ation, as well as securely transm itt ing the DTLS pre- shared key. The m anaged AP is ready for association wit h wireless clients.Managed AP Finds the ControllerA m anaged LTE Device can find t he cont roller in one of the following ways:• Manually specify t he controller ’s I P address using t he com m ands. See t he LTE Device CLI Reference Guide for details.• Get the cont roller’s I P address from a DHCP server wit h t he controller ’s I P address configured as option 138.• Broadcast ing t o discover t he controller wit hin t he broadcast dom ain.The AP controller m ust have a st at ic I P address; it cannot be a DHCP client .CAPWAP and IP SubnetsBy default, CAPWAP works only bet ween devices wit h I P addresses in the sam e subnet ( see the appendices for inform at ion on I P addresses and subnet t ing) . However, you can configure CAPWAP t o operat e between devices wit h I P addresses in different subnet s by doing t he following.• Activat e DHCP. Your net work’s DHCP server m ust support opt ion 138 defined in RFC 5415.• Configure DHCP opt ion 138 wit h t he I P address of the CAPWAP AP cont roller on your network.

Chapter 4 BroadbandB222s User’s Guide38DHCP Opt ion 138 allows t he CAPWAP m anagem ent request ( from t he AP in m anaged AP m ode) to reach t he AP controller in a different subnet , as shown in t he following figure.Figure 16 CAPWAP and DHCP Option 138Notes on CAPWAPThis sect ion lists som e additional feat ures of ZyXEL’s im plem ent ation of the CAPWAP prot ocol.• When the AP cont roller uses it s int er nal Rem ote Authent icat ion Dial I n User Service ( RADI US) server, m anaged APs also use t he AP cont roller ’s aut hent icat ion server t o aut hent icat e wireless clients.• I f a m anaged AP’s link t o t he AP cont roller is broken, the m anaged AP continues t o use t he wir eless sett ings wit h which it was last provided.4.1.3 Before You BeginYou m ay need t o know your I nt ernet access set tings such as LTE APN, WAN I P address and SI M card’s PI N code if the I N TERN ET light on your LTE Device is off. Get this inform ation from your service provider.4.2 The Broadband ScreenThe LTE Device m ust have a WAN int erface t o allow users t o use t he LTE connect ion to access the I nt ernet. Use t he Br oa dba nd screen to view or m odify a WAN int erface. You can also configure t he LTE Device as par t of a Cont rol And Provisioning of Wireless Access Points ( CAPWAP) net w ork in t his screen.SUBNET 1 SUBNET 2APCONTROLLERMANAGEDAPDHCPSERVER+ OPTION 138CAPWAPTRAFFIC(STATIC IP)

Chapter 4 BroadbandB222s User’s Guide 39Click N et w ork Set t ing > Broadband. The following screen opens.Figure 17 Net work Set ting > BroadbandThe following t able describes t he fields in t his screen.4.2.1 Add/Edit Internet ConnectionUse t his screen to configure a WAN connect ion. The screen varies depending on the interface type, encapsulation, and WAN service ty pe you select . Table 4 Network Set t ing > BroadbandLABEL DESCRIPTIONCAPWAP Set t ingCAPWAP Enable Select t his t o activat e ??CAPWAP AC Server Enter t he I P address of t he AC server.??Apply Click t his to save t he change in this section.Cancel Click t his t o restore your previously saved set t ings in this sect ion.I nter net Set upNam e This is t he serv ice nam e of t he connect ion.APN This is t he nam e of t he LTE net work t o which t he LTE Device will connect.Encapsulat ion This show s t he m et hod of encapsulation used by t his connect ion. NAT This shows whet her NAT is act ivated or not for this connect ion. NAT is not available when t he connect ion uses t he bridging serv ice.Default Gat eway This show s whet her the LTE Device uses the int erface of t his connect ion as t he system default gat eway.Modify Click the Edit icon t o configure t he connection.Click the D e le t e icon to delet e this connect ion from t he Device. A window displays asking y ou t o confirm t hat you want to delete t he connection.

Chapter 4 BroadbandB222s User’s Guide40Click t he Add ne w W AN I n t erfa ce in the N et w ork Set t ing > Broadband screen or t he Edit icon next t o t he connection you want t o configure, t he screen displays as shown next .Figure 18 Broadband Add/ EditThe following t able describes t he fields in t his screen. Table 5 Broadband Add/ EditLABEL DESCRIPTIONNam e Specify t he nam e for t his WAN interface.??APN Ent er t he Access Point Nam e ( APN) of an LTE network, w hich your serv ice provider gave you.??Dial String Enter the dial st ring of your 3G net card.??I Pv6/ I Pv4 ModeSelect I Pv4 On ly if you j ust connect t his WAN interface t o an I Pv4 net work.Select I Pv6 / I Pv4 Dua l St a ck if y ou connect this WAN int erface t o bot h an I Pv 6 and an I Pv4 net works.Select I Pv6 On ly if you j ust connect t his WAN interface to an I Pv6 net work.??MTU The Maxim um Transm ission Unit ( MTU) defines t he size of t he largest packet allowed on an interface or connection. Ent er t he MTU for this WAN int erface in t his field.NAT Enable Select this t o act ivat e NAT on t he WAN.Apply as Default Gateway??6to4 TunnelingSelect this if you need to t ransm it I Pv6 packets over t he I Pv4 net work t hrough t his WAN interface, t he I Pv 6 packet s are encapsulat ed inside I Pv4 packet s. ??Apply Click Apply t o save your changes.Back Click Back t o return to t he previous screen.

Chapter 4 BroadbandB222s User’s Guide428 880 MHz – 915 MHz 925 MHz – 960 MHz FDD9 1749.9 MHz – 1784.9 MHz 1844.9 MHz – 1879.9 MHz FDD10 1710 MHz – 1770 MHz 2110 MHz – 2170 MHz FDD11 1427.9 MHz – 1447.9 MHz 1475.9 MHz – 1495.9 MHz FDD12 699 MHz – 716 MHz 729 MHz – 746 MHz FDD13 777 MHz – 787 MHz 746 MHz – 756 MHz FDD14 788 MHz – 798 MHz 758 MHz – 768 MHz FDD15 Reserved Reserved FDD16 Reserved Reserved FDD17 704 MHz – 716 MHz 734 MHz – 746 MHz FDD18 815 MHz – 830 MHz 860 MHz – 875 MHz FDD19 830 MHz – 845 MHz 875 MHz – 890 MHz FDD20 832 MHz – 862 MHz 791 MHz – 821 MHz FDD21 1447.9 MHz – 1462.9 MHz 1495.9 MHz – 1510.9 MHz FDD...24 1626.5 MHz – 1660.5 MHz 1525 MHz – 1559 MHz FDD...33 1900 MHz – 1920 MHz 1900 MHz – 1920 MHz TDD34 2010 MHz – 2025 MHz 2010 MHz – 2025 MHz TDD35 1850 MHz – 1910 MHz 1850 MHz – 1910 MHz TDD36 1930 MHz – 1990 MHz 1930 MHz – 1990 MHz TDD37 1910 MHz – 1930 MHz 1910 MHz – 1930 MHz TDD38 2570 MHz – 2620 MHz 2570 MHz – 2620 MHz TDD39 1880 MHz – 1920 MHz 1880 MHz – 1920 MHz TDD40 2300 MHz – 2400 MHz 2300 MHz – 2400 MHz TDD41 2496 MHz 2690 MHz 2496 MHz 2690 MHz TDD42 3400 MHz – 3600 MHz 3400 MHz – 3600 MHz TDD43 3600 MHz – 3800 MHz 3600 MHz – 3800 MHz TDDNote 1: Band 6 is not applicableTable 6 LTE Wireless TechnologiesBAND UPLINK (UL) OPERATING BAND BASE STATION RECEIVE CPE TRANSMITDOWNLINK (DL) OPERATING BAND BASE STATION TRANSMIT CPE RECEIVEDUPLEX MODE UL (LOW - HIGH) DL (LOW - HIGH)

B222s User’s Guide 43CHAPTER 5Wireless5.1 Overview This chapt er describes t he LTE Device’s N e t w or k Se t ting > W ir e less screens. Use these screens to set up your LTE Device’s wireless connect ion.5.1.1 What You Can Do in this Chapter• Use the Genera l screen to enable t he Wireless LAN, ent er t he SSI D and select t he wireless securit y m ode ( Sect ion 5.2 on page 45) .• Use the M or e AP scr een t o set u p m ult iple w ir eless net w or ks on your LTE Dev ice ( Sect ion 5.3 on page 51) .• Use the W PS screen to enable or disable WPS, view or generat e a security PI N ( Personal I dent ificat ion Num ber) ( Sect ion 5.4 on page 53) .• Use the W MM screen to enable Wi- Fi MultiMedia ( WMM) t o ensure quality of service in wireless networks for m ult im edia applications (Sect ion 5.5 on page 55) . • Use the Sche duling screen to schedule a tim e period for t he wireless LAN t o operate each day (Section 5.6 on page 57) .You don’t necessarily need t o use all t hese screens t o set up your wireless connect ion. For exam ple, you m ay just want t o set up a net w ork nam e, a wireless radio channel and som e securit y in the Gen e ra l screen.5.1.2 Wireless Network OverviewWireless networks consist of wireless client s, access point s and bridges. • A wireless client is a radio connected t o a user’s com put er. • An access point is a radio with a wir ed connection t o a net work, which can connect with num erous wireless clients and let t hem access t he network. • A bridge is a radio t hat relays com m unicat ions bet ween access point s and wireless clients, ext ending a networ k’s range. Traditionally, a wireless net work operat es in one of two ways.• An “ infrastructure” t ype of net work has one or m ore access point s and one or m ore wireless clients. The w ireless client s connect t o the access point s.• An “ ad- hoc” t ype of net work is one in which t here is no access point . Wireless client s connect t o one anot her in order to exchange inform ation.

Chapter 5 WirelessB222s User’s Guide44The following figure provides an exam ple of a wireless net work.Figure 19 Exam ple of a Wireless Networ kThe wireless net work is the part in the blue circle. I n this wir eless net w ork, devices A and B use t he access point ( AP) t o int eract wit h t he ot her devices ( such as t he printer) or with the I nt ernet . Your LTE D ev i c e i s t h e AP.Every wireless net work m ust follow these basic guidelines.• Every device in t he sam e wireless network m ust use t he sam e SSI D.The SSI D is t he nam e of t he wireless net work. I t st ands for Service Set I Dent ifier.• I f t wo wireless net works overlap, they should use a different channel.Like radio stat ions or television channels, each wireless net work uses a specific channel, or frequency, t o send and receive inform at ion.• Every device in t he sam e wireless network m ust use security com pat ible w it h t he AP.• Securit y st ops unaut horized devices from using t he wireless net work. I t can also prot ect the inform ation that is sent in t he wireless net work.Radio ChannelsI n t he radio spectrum , t here are cert ain frequency bands allocated for unlicensed, civilian use. For the pur poses of wireless networking, t hese bands ar e divided int o num erous channels. This allows a variet y of networ ks to exist in t he sam e place wit hout interfering wit h one anot her. When you creat e a net work, you m ust select a channel to use. Since the available unlicensed spectrum varies fr om one count ry t o anot her, the num ber of available channels also var ies. A channel is t he radio frequency( ies) used by wir eless devices t o t ransm it and receive data.Channels available depend on your geographical area. You m ay have a choice of channels ( for yourregion) so you should use a channel different from an adjacent AP ( access point ) t o reduce

Chapter 5 WirelessB222s User’s Guide 45int erference. I nt erference occurs when radio signals from different access point s overlap causingint erference and degrading perform ance.Adj acent channels part ially overlap however. To avoid interference due to overlap, your AP shouldbe on a channel at least five channels away from a channel t hat an adj acent AP is using. Forexam ple, if your region has 11 channels and an adj acent AP is using channel 1, t hen you need t oselect a channel bet ween 6 or 11.5.1.3 Before You BeginBefore you start using t hese screens, ask yourself t he following quest ions. See Section 5.7 on page 57 if som e of t he t erm s used here do not m ake sense to you.• What wireless st andards do the ot her wireless devices support ( I EEE 802.11g, for exam ple)? What is t he m ost appropriat e standard to use?• What security options do t he ot her wireless devices support ( WPA-PSK, for exam ple) ? What is the best one t o use?• Do t he ot her wireless devices support WPS ( Wi-Fi Prot ected Set up) ? I f so, you can set up a well-secured network very easily. Even if som e of your devices support WPS and som e do not , you can use WPS t o set up your network and t hen add t he non-WPS devices m anually, although this is som ewhat m ore com plicated to do.• What advanced opt ions do you want t o configure, if any? I f you want t o configure advanced options, ensure t hat you know precisely what you want t o do. I f you do not want t o configure advanced opt ions, leave them alone.5.2 The Wireless General Screen Use t his screen to enable t he Wireless LAN, ent er the SSI D and select the wireless securit y m ode.Not e: I f you are configur ing t he LTE Device from a com put er connect ed to t he wireless LAN and you change t he LTE Device’s SSI D or security sett ings, you will lose your wireless connection when you press Apply to confirm . You m ust then change t he wireless set tings of your com put er t o m at ch t he LTE Device’s new sett ings.

Chapter 5 WirelessB222s User’s Guide46Click N e t w or k Set ting > W ir e less t o open t he Gen e r a l screen. Select t he Enable W ir e less LAN checkbox t o show t he Wir eless configurations.Figure 20 Net work Set ting > Wireless > General The following t able describes t he labels in t his screen.Table 7 Network > Wireless LAN > GeneralLABEL DESCRIPTIONWireless Net work Set upWireless Select t he Enable W ir eless LAN check box to activat e the wireless LAN.Wireless Net work Sett ingsWireless Net work Nam e ( SSI D)The SSI D ( Service Set I Dentit y) ident ifies the ser vice set w ith which a wireless device is associated. Wireless devices associat ing t o t he access point ( AP) m ust have the sam e SSI D. Enter a descript ive nam e ( up to 32 English keyboard charact ers) for the wireless LAN. Hide SSI D Select this check box t o hide t he SSI D in t he out going beacon fram e so a st at ion cannot obt ain t he SSI D t hrough scanning using a site survey t ool.BSSI D This show s t he MAC address of t he w ireless int erface on t he LTE Device when wireless LAN is enabled.Mode Select This m akes sure t hat only com pliant WLAN devices can associat e wit h t he LTE Device.Select 8 0 2 .1 1 b/ g/ n to allow I EEE802.11b, I EEE802.11g and I EEE802.11n com pliant WLAN dev ices t o associat e wit h the LTE Device. The transm ission rat e of your LTE Device m ight be r educed.Select 8 0 2 .1 1 b/ g t o allow bot h I EEE802.11b and I EEE802.11g com pliant WLAN devices t o associate with the LTE Device. The t ransm ission rate of your LTE Device m ight be reduced.Select 8 0 2 .1 1 g On ly to allow only I EEE 802.11g com pliant WLAN devices t o associat e wit h the LTE Device. Select 8 0 2 .1 1 n only in 2 .4 G band to allow only I EEE 802.11n com pliant WLAN devices wit h the sam e frequency range ( 2.4 GHz) t o associat e wit h the LTE Device.

Chapter 5 WirelessB222s User’s Guide 475.2.1 No SecuritySelect N o Secur it y to allow wireless st ations to com municate with the access points wit hout any dat a encrypt ion or aut hent icat ion.Not e: I f you do not enable any wireless securit y on your LTE Device, your net wor k is accessible to any wireless net working device that is within range.Figure 21 Wireless > General: No Securit yThe following t able describes t he labels in t his screen.5.2.2 Basic (Static WEP/Shared WEP Encryption)WEP encrypt ion scram bles t he data t ransm itted bet ween the wireless stations and the access points ( AP) t o keep network com munications privat e. Bot h t he wireless stat ions and the access point s m ust use t he sam e WEP key.Channel SelectionSet t he channel depending on your part icular region.Select a channel or use Au t o to have t he LTE Device aut om atically det erm ine a channel t o use. I f you are having problem s wit h wireless int erference, changing t he channel m ay help. Try t o use a channel that is as m any channels away from any channels used by neighboring APs as possible. The channel num ber which t he LTE Device is currently using t hen displays in the Ope ra t ing Chan ne l field.Operating ChannelThis is t he channel current ly being used by your AP.Securit y LevelSecurit y Mode Select Ba sic or M or e Secure t o add securit y on this wireless networ k. The w ireless client s which want to associate t o t his net work m ust have sam e wireless security sett ings as t he LTE Device. When you select t o use a security, additional opt ions appear s in t his screen. Or you can select N o Secur it y to allow any client t o associate t his netw ork wit hout any dat a encrypt ion or aut hent ication.See t he following sections for m ore details about wireless securit y m odes.Apply Click Apply to save your changes back t o t he LTE Device.Cancel Click Can cel t o rest ore your previously saved set t ings.Table 7 Network > Wireless LAN > General ( cont inued)LABEL DESCRIPTIONTable 8 Wireless > General: No Securit yLABEL DESCRIPTIONSecurit y Level Choose N o Secur it y from t he sliding bar.

Chapter 5 WirelessB222s User’s Guide48There are two t ypes of WEP aut hent icat ion nam ely, Open System (St a tic W EP) and Shared Key (Sha red W EP) . Open system is im plem ent ed for ease- of- use and when securit y is not an issue. The wireless st ation and t he AP or peer com put er do not share a secret key. Thus the wireless stat ions can associate wit h any AP or peer com puter and listen t o any transm it t ed data t hat is not encrypt ed.Shared key m ode involves a shared secret key t o aut hent icat e t he wireless st ation t o t he AP or peer com puter. This r equires you t o enable t he wireless LAN securit y and use sam e sett ings on both the wir eless stat ion and t he AP or peer com put er. I n order t o configure and enable WEP encrypt ion, click N et w or k Set tings > W ire less t o display the Gene ra l screen. Select Basic as t he security level. Then select St a tic W EP or Shar e d W EP from the Se cu r it y Mode list .Figure 22 Wireless > General: Basic ( Static WEP/ Shared WEP) The following t able describes t he labels in t his screen.Table 9 Wireless > General: Basic (St at ic WEP/ Shared WEP)LABEL DESCRIPTIONSecurit y Mode Choose St a t ic W EP or Sha r ed W EP from the drop-down list box.• Select St at ic W EP t o have t he LTE Device allow association w it h w ireless client s that use Open System m ode. Data t ransfer is encrypt ed as long as t he wireless client has the correct WEP key for encrypt ion. The LTE Dev ice aut hent icat es wireless client s using Shared Key m ode t hat have t he correct WEP key.• Select Sha re d W EP to have t he LTE Device authent icat e only those w ireless client s t hat use Shared Key m ode and have the correct WEP key. WEP Key Enter a WEP key t hat will be used t o encrypt dat a. Both the LTE Device and t he wireless stat ions m ust use t he sam e WEP key for data t ransm ission.I f you want to m anually set t he WEP key, ent er any 5 or 13 charact ers ( ASCI I st ring) or 10 or 26 hexadecim al charact ers ( "0- 9", "A- F") for a 64- bit or 128- bit WEP key r espect ively.

Chapter 5 WirelessB222s User’s Guide 495.2.3 More Secure (WPA(2)-PSK)The WPA- PSK security m ode provides bot h im pr oved data encrypt ion and user aut hent icat ion over WEP. Using a Pre- Shared Key ( PSK) , both t he LTE Device and t he connect ing client share a com m on passw ord in order t o validate t he connect ion. This t ype of encrypt ion, while robust, is not as st r ong as WPA, WPA2 or ev en WPA2 - PSK. Th e WPA2 - PSK secu r it y m ode is a n ew er, m or e r obu st v er sion of the WPA encrypt ion st andard. I t offers slight ly bett er securit y, although t he use of PSK m akes it less robust than it could be. Click N et w ork Set t ings > W ir e less t o display t he General screen. Select M or e Secur e as the securit y level. Then select W PA- PSK or W PA2 - PSK from the Securit y Mode list .Figure 23 Wireless > General: More Secure: WPA(2) - PSKThe following t able describes t he labels in t his screen.Table 10 Wireless > General: WPA(2) - PSKLABEL DESCRIPTIONSecurit y Level Select M ore Se cur e t o enable WPA( 2) - PSK data encryption.Securit y Mode Select W PA- PSK or W PA2 - PSK from t he drop- down list box.Pre- Shared Key The encryption m echanism s used for W PA/ W PA2 and W PA- PSK/ W PA2 - PSK are t he sam e. The only difference between the tw o is t hat W PA- PSK/ W PA2 -PSK uses a sim ple com m on password, instead of user-specific cr edent ials.Type a pre- shared key from 8 t o 63 case-sensit ive ASCI I charact ers or 64 hexidecim al digit s.m ore.../ hide m oreClick m ore ... t o show m ore fields in t his sect ion. Click hide m or e t o hide t hem .

Chapter 5 WirelessB222s User’s Guide505.2.4 WPA(2) AuthenticationThe WPA2 securit y m ode is current ly t he m ost robust form of encrypt ion for wireless networks. I t requires a RADI US server t o authenticate user credent ials and is a full im plem ent at ion the securit y prot ocol. Use t his secur it y option for m axim um prot ection of your network. However, it is t he least backwards com pat ible wit h older devices.The WPA securit y m ode is a securit y subset of WPA2. I t requires the presence of a RADI US server on your network in order t o validate user credentials. This encrypt ion standar d is slight ly older t han WPA2 and t herefor e is m ore com pat ible wit h older devices.Click N et w ork Set t ings > W ir e less t o display t he General screen. Select M or e Secur e as the securit y level. Then select W PA or W PA2 from t he Se curit y Mode list.Figure 24 Wireless > General: More Secure: WPA(2)WPA-PSK Com pat ibleThis field appear s when you choose W PA- PSK2 as the Securit y M ode.Check t his field t o allow wireless devices using W PA- PSK secur ity m ode t o connect t o your LTE Device. The LTE Device support s WPA- PSK and WPA2- PSK sim ult aneou sly.Encrypt ion I f t he securit y m ode is W PA- PSK, t he encrypt ion m ode is set to TKI P t o enable Tem poral Key I nt egrity Pr ot ocol ( TKI P) secur ity on your w ireless netw ork. I f t he security m ode is W PA- PSK2 and W PA- PSK Com pa t ible is disabled, the encryption m ode is set to AES to enable Advanced Encrypt ion System ( AES) securit y on your wireless net work. AES provides superior securit y t o TKI P.I f t he security m ode is W PA- PSK2 and W PA- PSK Com pa t ible is enabled, the encryption m ode is set t o TKI PAES MI X t o allow bot h TKI P and AES types of securit y in your wireless net work.Table 10 Wireless > General: WPA(2) -PSK ( cont inued)LABEL DESCRIPTION

Chapter 5 WirelessB222s User’s Guide 51The following t able describes t he labels in t his screen.5.3 The More AP ScreenThe LTE Device can broadcast up to four wireless net w ork nam es at t he sam e t im e. This m eans t hat users can connect t o t he LTE Device using different SSI Ds. You can secure t he connection on each SSI D pr ofile so t hat wireless client s connecting t o t he LTE Device using different SSI Ds cannot com municate with each ot her.This screen allows you t o enable and configure m ult iple Basic Service Sets ( BSSs) on t he LTE Device.Click N et w or k Set t ings > W ireless > M or e AP. The following screen displays.Figure 25 Net work Set tings > Wireless > More APTable 11 Wireless > General: More Secure: WPA( 2)LABEL DESCRIPTIONSecurit y Level Select M ore Secur e t o enable WPA( 2) - PSK data encryption.Securit y Mode Choose W PA or W PA2 from t he drop- down list box .Aut hent icat ion Serv erI P Address Ent er the I P address of t he ext ernal aut hent icat ion server in dott ed decim al not at ion.Port Nu m ber Ent er t he port num ber of the ext ernal aut hent icat ion server. The default port num ber is 1 8 1 2 . You need not change t his value unless your network adm inist rat or inst ructs you to do so w ith addit ional inform at ion. Shared Secret Enter a password ( up t o 128 alphanum eric charact ers) as t he key t o be shared bet ween t he ext ernal aut hent icat ion serv er and t he LTE Device.The key m ust be t he sam e on t he ext ernal authentication server and your LTE Device. The key is not sent over t he net work. m ore.../ hide m ore Click m or e ... t o show m or e fields in t his section. Click hide m ore to hide t hem .WPA Com pat ible This field is only available for WPA2. Select this if you want t he LTE Device to support WPA and WPA2 sim ult aneously.Group Key Update Tim erThe Gr oup Key Upda t e Tim er is the rate at which the RADI US server sends a new group key out t o all client s. I f t he value is set t o “ 0”, the update t im er function is disabled.Encrypt ion I f t he security m ode is W PA, the encrypt ion m ode is set t o TKI P t o enable Tem poral Key I ntegrit y Prot ocol ( TKI P) securit y on your wireless netw ork. I f t he security m ode is W PA2 , t he encryption m ode is set t o AES to enable Advanced Encrypt ion System ( AES) securit y on your wireless net work . AES provides superior securit y to TKI P.

Chapter 5 WirelessB222s User’s Guide54Click N e t w ork Set ting > W irele ss > W PS. The following screen displays. Select Ena ble and click Apply t o act ivat e t he WPS funct ion. Then you can configure t he WPS sett ings in t his screen. Figure 27 Net work Set ting > Wireless > WPSThe following t able describes t he labels in t his screen.Table 14 Network Sett ing > Wireless > WPSLABEL DESCRIPTIONEnable WPS Select En able t o act ivat e WPS on t he LTE Device.Add a new device wit h WPS Met hodMethod 1 PBC Use this section t o set up a WPS wireless netw ork using Push But ton Configuration ( PBC).WPS Click this but t on t o add anot her WPS- enabled wir eless device (within wir eless range of t he LTE Device) to your wireless network . This but t on m ay either be a physical but t on on t he out side of device, or a m enu but t on sim ilar t o the W PS but t on on this screen.Note: You must press the other wireless device’s WPS button within two minutes of pressing this button.Method 2 PI N Use t his sect ion to set up a WPS wireless network by ent ering t he PI N (Personal I dent ificat ion Num ber) of t he client int o t he LTE Device.

Chapter 5 WirelessB222s User’s Guide 555.5 The WMM ScreenUse t his screen t o enable or disable Wi- Fi MultiMedia ( WMM) wireless networks for m ult im edia applications.Regist er Enter t he PI N of the device t hat you are set t ing up a WPS connect ion wit h and click Re g ist e r t o aut hent icat e and add t he wireless device t o your w ireless net work.You can find t he PI N either on t he out side of t he device, or by checking t he device’s set t ings.Note: You must also activate WPS on that device within two minutes to have it present its PIN to the LTE Device.WPS Configurat ion Sum maryAP PI N The PI N of the LTE Device is shown here. Enter this PI N in t he configuration ut ility of t he device you want t o connect t o using WPS.The PI N is not necessary when you use WPS push- but t on m et hod.Click t he Gene r at e N ew PI N but t on t o have the LTE Device create a new PI N.St at us This displays Configure d when the LTE Device has connect ed t o a wireless net work using WPS or Enable W PS is select ed and wireless or w ireless securit y set t ings have been changed. The current wireless and wireless securit y set t ings also appear in t he screen.This displays N ot Con figur e d w hen t here is no wireless or wireless secur ity changes on t he LTE Device or you click Re le a se Configur a t ion t o rem ove t he configured wireless and wir eless securit y sett ings.Release ConfigurationThis but ton is available when t he WPS stat us is Con figu re d.Click t his but t on t o rem ove all configured wireless and wir eless securit y set tings for WPS connect ions on the LTE Device.802.11 Mode This is t he 802.11 m ode used. Only com pliant WLAN devices can associate wit h the LTE Device.SSI D This is t he nam e of t he wireless netw ork.Securit y This is t he t ype of wireless securit y em ployed by t he net work.Apply Click Apply t o save your changes.Table 14 Network Sett ing > Wireless > WPS ( cont inued)LABEL DESCRIPTION

Chapter 5 WirelessB222s User’s Guide56Click N et w or k Set t ing > W irele ss > W MM . The following screen displays.Figure 28 Net work Set ting > Wireless > WMMThe following t able describes t he labels in t his screen.Table 15 Network Sett ing > Wireless > WMMLABEL DESCRIPTIONEnable WMM of SSI D1~ 4This enables t he LTE Device to autom at ically give a ser vice a priorit y level according t o the ToS value in t he I P header of pack ets it sends. WMM QoS ( Wifi MultiMedia Qualit y of Service) gives high priority t o voice and video, w hich m akes them run m ore sm oot hly.Enable WMM Autom atic Power Save Deliver ( APSD)Click t his t o increase bat t ery life for bat t ery-powered wireless clients. APSD uses a longer beacon int erval w hen t ransm itt ing t raffic t hat does not require a short packet exchange int erval.Apply Click Apply t o save your changes.Cancel Click Ca n ce l to restore your previously saved sett ings.

Chapter 5 WirelessB222s User’s Guide 575.6 Scheduling Screen Click Net w or k Set t ing > W irele ss > Sch e duling t o open t he W ir e less LAN Schedu lin g screen. Use t his screen t o configure when t he LTE Device enables or disables t he wireless LAN. Figure 29 Net work Set ting > Wireless > SchedulingThe following t able describes t he labels in t his screen.5.7 Technical ReferenceThis sect ion discusses wireless LANs in depth. For m ore inform at ion, see t he appendix.Table 16 Network Sett ing > Wir eless > SchedulingLABEL DESCRIPTIONWireless LAN SchedulingSelect Ena ble t o act ivate wireless LAN scheduling on your LTE Device.WLAN stat us Select On or Off t o enable or disable t he wireless LAN.Day Select the day(s) you want to t urn t he wir eless LAN on or off.Bet w een t he following tim esSpecify t he t im e period during which to apply t he schedule.For exam ple, you want t he wireless netw ork t o be only available during w ork hours. Check Mon ~ Fri in the day colum n, and specify 8: 00 ~ 18: 00 in the tim e table.Apply Click Apply t o save your changes.Cancel Click Can cel to restore your previously saved sett ings.

Chapter 5 WirelessB222s User’s Guide585.7.1 Additional Wireless TermsThe following t able describes som e wireless network t erm s and acronym s used in the LTE Device’s web configurat or.5.7.2 Wireless Security OverviewBy their nature, radio com m unicat ions are sim ple to int ercept . For w ireless data networks, this m eans t hat anyone wit hin range of a wireless net work without security can not only read the dat a passing over the airwaves, but also j oin the network. Once an unaut horized person has access t o the network, he or she can st eal inform at ion or int roduce m alwar e ( m alicious soft ware) intended t o com prom ise t he network. For t hese reasons, a variety of security system s have been developed t o ensure that only authorized people can use a wireless dat a net work, or understand t he data carried on it .These security standards do t wo t hings. First , t hey aut hent icat e. This m eans t hat only people present ing t he right credent ials ( oft en a usernam e and password, or a “ key” phrase) can access t he network. Second, they encr ypt . This m eans t hat the inform at ion sent over t he air is encoded. Only people wit h t he code key can understand t he inform at ion, and only people who have been authent icat ed are given t he code key.These security standards vary in effect iveness. Som e can be broken, such as t he old Wired Equivalent Protocol ( WEP) . Using WEP is bet t er t han using no securit y at all, but it will not keep a det erm ined at tacker out . Other security standards are secure in t hem selves but can be br oken if a user does not use t hem properly. For exam ple, the WPA-PSK securit y standard is very secure if you use a long key which is difficult for an at t acker ’s software to guess - for exam ple, a twenty- letter long st ring of apparent ly random num bers and let t ers - but it is not very secure if you use a short key which is very easy t o guess - for exam ple, a three- lett er w ord from t he dictionary.Because of t he dam age t hat can be done by a m alicious at tacker, it ’s not j ust people who have sensit ive inform ation on t heir network who should use securit y. Everybody who uses any wireless network should ensure t hat effect ive securit y is in place.Table 17 Addit ional Wireless Term sTERM DESCRIPTIONRTS/ CTS Threshold I n a wireless network w hich covers a large area, wir eless devices are som etim es not aware of each ot her’s presence. This m ay cause t hem t o send infor m at ion to t he AP at t he sam e t im e and result in inform ation colliding and not getting t hrough.By set ting t his value lower t han t he default value, t he wir eless devices m ust som et im es get perm ission t o send inform ation to t he LTE Device. The lower the value, t he m ore oft en t he devices m ust get perm ission.I f this value is greater t han the fragm entat ion t hreshold value ( see below), then w ireless devices never have t o get perm ission t o send inform at ion to the LTE Device.Pream ble A pream ble affects t he t im ing in your wireless netw ork. There are t wo pream ble m odes: long and short . I f a device uses a different pream ble m ode than t he LTE Device does, it cannot com m unicate w ith the LTE Device.Aut hent icat ion The process of verifying whet her a wireless device is allowed t o use t he wireless net work.Fragm ent ation ThresholdA sm all fragm ent ation t hreshold is recom m ended for busy network s, while a larger t hreshold pr ovides fast er perform ance if the net work is not very busy.

Chapter 5 WirelessB222s User’s Guide 59A good way t o com e up with effective securit y keys, passwords and so on is t o use obscur e inform ation that you personally will easily rem em ber, and t o ent er it in a way t hat appears random and does not include real words. For exam ple, if your m ot her owns a 1970 Dodge Challenger and her favorite m ovie is Vanishing Point ( which you know was m ade in 1971) you could use “ 70dodchal71vanpoi” as your security key.The following sections int roduce different types of w ireless securit y you can set up in t he wireless network.5.7.2.1 SSIDNorm ally, t he LTE Device acts like a beacon and regularly broadcast s the SSI D in the area. You can hide t he SSI D instead, in which case t he LTE Device does not broadcast t he SSI D. I n addit ion, you should change t he default SSI D t o som et hing that is difficult t o guess.This t ype of securit y is fairly weak, however, because there are ways for unauthorized wireless devices t o get the SSI D. I n addit ion, unauthorized w ireless devices can st ill see t he inform ation t hat is sent in t he wireless net work.5.7.2.2 MAC Address FilterEvery device t hat can use a wireless net w ork has a unique ident ificat ion num ber, called a MAC address.1 A MAC address is usually writ t en using t welve hexadecim al charact ers2; for exam ple, 00A0C5000002 or 00: A0: C5: 00: 00: 02. To get t he MAC addr ess for each device in t he wireless network, see the device’s User’s Guide or ot her docum ent at ion.You can use t he MAC address filt er to t ell the LTE Device which devices are allowed or not allowed to use t he wireless net work. I f a device is allowed t o use t he wireless net work, it still has t o have the correct inform ation ( SSI D, channel, and securit y) . I f a device is not allowed t o use t he wireless network, it does not m att er if it has t he correct inform ation.This t ype of securit y does not protect t he inform ation t hat is sent in t he wireless net work. Furt herm ore, t here are ways for unauthorized wireless devices t o get t he MAC address of an authorized device. Then, they can use t hat MAC address to use t he wireless net work.5.7.2.3 User AuthenticationAut hent icat ion is t he process of verifying whet her a wireless device is allowed to use t he wireless networ k. You can m ake every user log in t o t he wireless net work before using it . However, every device in the wireless net work has t o support I EEE 802.1x to do this.For wireless net works, you can store the user nam es and passwords for each user in a RADI US server. This is a server used in businesses m ore t han in hom es. I f you do not have a RADI US server, you cannot set up user nam es and passwords for your users.Unaut horized wireless devices can still see t he inform ation t hat is sent in t he wireless net w ork, even if they cannot use the wireless net work. Furt herm ore, t here are ways for unaut horized wireless user s t o get a valid user nam e and password. Then, t hey can use that user nam e and passw ord to use t he wireless network.1. Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses.2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.

Chapter 5 WirelessB222s User’s Guide605.7.2.4 EncryptionWireless net works can use encrypt ion to prot ect t he inform at ion that is sent in t he wireless network. Encryption is like a secret code. I f you do not know t he secret code, you cannot underst and t he m essage.The types of encrypt ion you can choose depend on t he t ype of aut hent icat ion. ( See Sect ion 5.7.2.3 on page 59 for inform ation about t his.)For exam ple, if the wireless net work has a RADI US server, you can choose W PA or W PA2 . I f users do not log in to t he wireless net work, you can choose no encrypt ion, St a tic W EP, W PA- PSK, or W PA2 - PSK.Usually, you should set up the st r ongest encrypt ion that every device in the wireless net work support s. For exam ple, suppose you have a wireless net work with the LTE Device and you do not have a RADI US server. Therefor e, t here is no aut hent icat ion. Suppose t he wireless net w ork has two devices. Device A only support s WEP, and device B support s WEP and WPA. Therefore, you should set up St at ic W EP in t he wireless net work.Not e: I t is recom m ended t hat wireless networks use W PA- PSK, W PA, or stronger encrypt ion. The ot her types of encryption are bet ter t han none at all, but it is still possible for unaut horized wireless devices to figure out t he original inform at ion pret ty quickly.When you select W PA2 or W PA2 - PSK in your LTE Device, you can also select an option ( W PA com pa t ible ) t o support WPA as well. I n t his case, if som e of t he devices support WPA and som e support WPA2, you should set up W PA2 - PSK or W PA2 ( depending on t he t ype of wireless net work login) and select t he W PA com pat ible option in t he LTE Device.Many t ypes of encrypt ion use a key to prot ect t he inform ation in t he wireless network. The longer the key, t he stronger the encrypt ion. Every device in t he wireless network m ust have the sam e key.5.7.3 Signal ProblemsBecause wireless networks are radio net works, their signals are subj ect to lim itat ions of distance, int erference and absorpt ion.Problem s w it h distance occur when t he t wo radios are t oo far apart . Problem s with int erference occur when other radio waves interrupt the data signal. I nt er ference m ay com e from ot her radio transm issions, such as m ilitary or air t raffic control com m unicat ions, or from m achines t hat are coincident al em itt ers such as elect ric m otors or m icrowaves. Problem s wit h absorpt ion occur when physical objects ( such as t hick walls) are bet w een t he t wo radios, m uffling t he signal.Table 18 Types of Encrypt ion for Each Type of Aut hent icat ionNO AUTHENTICATION RADIUS SERVERW eak e st No Security WPASt at ic WEPWPA- PSKSt r on ge st WPA2- PSK WPA2

Chapter 5 WirelessB222s User’s Guide 615.7.4 BSSA Basic Service Set ( BSS) exist s when all com m unicat ions bet ween wireless stations or between a wir eless stat ion and a wired network client go t hrough one access point ( AP) . I nt ra- BSS t raffic is t raffic bet w een wireless stations in t he BSS. When I nt ra- BSS t raffic blocking is disabled, wireless st at ion A and B can access the wired network and com municate wit h each other. When I nt ra- BSS t raffic blocking is enabled, wir eless stat ion A and B can st ill access the wired network but cannot com m unicate wit h each ot her.Figure 30 Basic Service set5.7.5 MBSSIDTraditionally, you need to use different APs to configure different Basic Service Sets ( BSSs) . As w ell as t he cost of buying ext ra APs, there is also t he possibility of channel int erference. The LTE Device’s MBSSI D ( Multiple Basic Service Set I Dent ifier) function allows you t o use one access point to provide several BSSs sim ultaneously. You can t hen assign varying QoS priorities and/ or security m odes t o different SSI Ds.Wireless devices can use different BSSI Ds t o associate with t he sam e AP.5.7.5.1 Notes on Multiple BSSs• A m axim um of eight BSSs are allowed on one AP sim ultaneously.• You m ust use different keys for different BSSs. I f t wo wireless devices have different BSSI Ds ( t hey are in different BSSs) , but have the sam e keys, they m ay hear each ot her ’s com munications ( but not com m unicate with each ot her) .• MBSSI D should not replace but rather be used in conj unct ion wit h 802.1x securit y.

Chapter 5 WirelessB222s User’s Guide625.7.6 WiFi Protected Setup (WPS)Your LTE Device supports WiFi Prot ected Setup ( WPS), which is an easy way t o set up a secure wir eless net w ork. WPS is an industry st andard specification, defined by t he WiFi Alliance.WPS allows you t o quickly set up a wireless network with st rong securit y, wit hout having to configure securit y settings m anually. Each WPS connect ion works bet ween t wo devices. Bot h devices m ust support WPS ( check each device’s docum ent at ion to m ake sure). Depending on t he devices you have, you can either press a butt on ( on t he device it self, or in it s configurat ion utility) or ent er a PI N (a unique Personal I dent ificat ion Num ber t hat allows one device to aut hent icat e t he ot her) in each of the two devices. When WPS is act ivated on a device, it has t wo m inut es to find anot her device t hat also has WPS activat ed. Then, t he t wo devices connect and set up a secure net work by t hem selves.5.7.6.1 Push Button ConfigurationWPS Push Butt on Configuration ( PBC) is init iated by pressing a butt on on each WPS- enabled device, and allowing them t o connect aut om at ically. You do not need to ent er any inform at ion. Not every WPS- enabled device has a physical WPS button. Som e m ay have a WPS PBC but ton in their configuration ut ilit ies instead of or in addition t o t he physical but ton.Take t he following st eps t o set up WPS using t he butt on.1Ensure that t he t wo devices you want t o set up are wit hin wireless range of one another. 2Look for a WPS butt on on each device. I f t he device does not have one, log int o its configurat ion utility and locate t he but ton ( see the device’s User’s Guide for how to do this - for t he LTE Device, see Section 5.4 on page 53) .3Press t he butt on on one of t he devices ( it doesn’t m atter w hich) . For t he LTE Device you m ust press the WPS butt on for m ore than three seconds.4Wit hin t wo m inut es, press t he butt on on t he other device. The registrar sends t he network nam e ( SSI D) and security key through an secure connect ion t o t he enrollee.I f you need to m ake sure t hat WPS worked, check t he list of associat ed wireless clients in t he AP’s configurat ion ut ilit y. I f you see t he wireless client in t he list , WPS was successful.5.7.6.2 PIN ConfigurationEach WPS-enabled device has its ow n PI N ( Personal I dent ificat ion Num ber) . This m ay eit her be st at ic ( it cannot be changed) or dynam ic ( in som e devices you can generat e a new PI N by clicking on a but ton in t he configurat ion int erface) . Use t he PI N m et hod inst ead of t he push- but t on configuration ( PBC) m ethod if you want to ensur e that t he connect ion is established between t he devices you specify, not j ust the first two devices t o act ivat e WPS in range of each ot her. However, you need t o log into t he configurat ion int erfaces of both devices t o use the PI N m ethod.When you use t he PI N m ethod, you m ust enter t he PI N from one device ( usually t he wireless client ) int o t he second device ( usually the Access Point or wireless router) . Then, when WPS is activat ed

Chapter 5 WirelessB222s User’s Guide 63on the first device, it present s it s PI N t o t he second device. I f the PI N m atches, one device sends the network and security inform ation t o t he ot her, allowing it t o j oin the network.Take t he following st eps t o set up a WPS connection bet ween an access point or wireless rout er ( referred t o here as t he AP) and a client device using the PI N m ethod.1Ensure WPS is enabled on bot h devices.2Access t he WPS section of t he AP’s configurat ion int erface. See t he device’s User’s Guide for how to do this. 3Look for t he client ’s WPS PI N; it will be displayed either on the device, or in t he WPS sect ion of the client ’s configuration interface ( see the device’s User’s Guide for how t o find t he WPS PI N - for the LTE Device, see Sect ion 5.4 on page 53) .4Enter t he client ’s PI N in the AP’s configurat ion interface.5I f t he client device’s configurat ion interface has an area for ent ering anot her device’s PI N, you can eit her enter t he client ’s PI N in t he AP, or enter t he AP’s PI N in the client - it does not m att er which. 6St art WPS on bot h devices wit hin t wo m inut es. 7Use t he configurat ion utility t o activat e WPS, not the push-butt on on t he device it self.8On a com puter connect ed t o t he wireless client , t ry t o connect t o t he I nt ernet . I f you can connect, WPS was successful.I f you cannot connect , check the list of associat ed wireless client s in the AP’s configuration utility. I f you see t he wireless client in t he list , WPS was successful.

Chapter 5 WirelessB222s User’s Guide64The following figure shows a WPS- enabled wireless client ( installed in a not ebook com puter) connecting to t he WPS-enabled AP via t he PI N m ethod.Figure 31 Exam ple WPS Pr ocess: PI N Method5.7.6.3 How WPS WorksWhen two WPS- enabled devices connect , each device m ust assum e a specific role. One device acts as t he registrar ( the device t hat supplies net w ork and securit y settings) and t he ot her device acts as t he enrollee ( the device t hat receives net w ork and securit y set tings. The registrar creat es a secure EAP ( Ext ensible Aut hent icat ion Prot ocol) t unnel and sends t he net work nam e ( SSI D) and t he WPA- PSK or WPA2- PSK pre- shared key to t he enrollee. Whet her WPA-PSK or WPA2- PSK is used depends on t he standards support ed by t he devices. I f the registrar is already part of a net w ork, it sends t he existing inform ation. I f not , it generat es the SSI D and WPA( 2) -PSK random ly.ENROLLEESECURE EAP TUNNELSSIDWPA(2)-PSKWITHIN 2 MINUTESCOMMUNICATIONThis device’s WPSEnter WPS PIN WPSfrom other device: WPS PIN: 123456WPSSTARTWPSSTARTREGISTRAR

Chapter 5 WirelessB222s User’s Guide 65The following figure shows a WPS- enabled client ( inst alled in a notebook com put er) connect ing t o a WPS- enabled access point .Figure 32 How WPS w orksThe roles of registrar and enrollee last only as long as the WPS set up process is active ( t wo m inut es) . The next t im e you use WPS, a differ ent device can be t he regist rar if necessary.The WPS connect ion process is like a handshake; only two devices part icipat e in each WPS transact ion. I f you want t o add m ore devices you should repeat t he process wit h one of t he exist ing networked devices and the new device.Note that t he access point ( AP) is not always t he registrar, and t he wireless client is not always the enrollee. All WPS- cert ified APs can be a registrar, and so can som e WPS- enabled wireless client s.By default , a WPS devices is “ unconfigured”. This m eans t hat it is not par t of an existing net w ork and can act as eit her enrollee or registrar ( if it support s bot h funct ions) . I f the registrar is unconfigured, the securit y sett ings it t ransm its t o the enrollee are random ly- generat ed. Once a WPS- enabled device has connect ed t o another device using WPS, it becom es “ configured”. A configured w ireless client can still act as enrollee or regist rar in subsequent WPS connections, but a configured access point can no longer act as enrollee. I t will be t he registrar in all subsequent WPS connect ions in which it is involved. I f you want a configured AP t o act as an enrollee, you m ust reset it t o its factory defaults.5.7.6.4 Example WPS Network SetupThis sect ion shows how securit y set t ings are dist ributed in an exam ple WPS setup.The following figure shows an exam ple net work. I n st ep 1, both AP1 and Client 1 are unconfigured. When WPS is activat ed on bot h, t hey perform t he handshake. I n t his exam ple, AP1 SECURE TUNNELSECURITY INFOWITHIN 2 MINUTESCOMMUNICATIONACTIVATEWPSACTIVATEWPSWPS HANDSHAKEREGISTRARENROLLEE

Chapter 5 WirelessB222s User’s Guide66is t he regist rar, and Client 1 is t he enrollee. The regist rar random ly generates t he security inform ation t o set up t he net wor k, since it is unconfigur ed and has no existing inform at ion.Figure 33 WPS: Exam ple Net work St ep 1I n step 2 , you add anot her wir eless client t o t he network. You know t hat Clien t 1 support s registrar m ode, but it is bett er to use AP1 for t he WPS handshake w it h t he new client since you m ust connect t o t he access point anyway in order t o use t he net work. I n this case, AP1 m ust be t he registrar, since it is configured ( it already has securit y inform ation for the network) . AP1 supplies the existing securit y inform at ion t o Clien t 2 .Figure 34 WPS: Exam ple Net work St ep 2REGISTRARENROLLEESECURITY INFOCLIENT 1 AP1REGISTRARCLIENT 1 AP1ENROLLEECLIENT 2EXISTING CONNECTIONSECURITY INFO

Chapter 5 WirelessB222s User’s Guide 67I n step 3, you add another access point (AP2 ) t o your net w ork. AP2 is out of range of AP1 , so you cannot use AP1 for the WPS handshake w it h t he new access point . However, you know t hat Clie n t 2 support s the registrar funct ion, so you use it t o perform t he WPS handshake inst ead.Figure 35 WPS: Exam ple Net work St ep 35.7.6.5 Limitations of WPSWPS has som e lim itat ions of which you should be aware. • WPS works in I nfrast ruct ure net works only ( where an AP and a wireless client com municate) . I t does not work in Ad- Hoc net w orks (where there is no AP) .• When you use WPS, it wor ks bet ween t wo devices only. You cannot enroll m ultiple devices sim ultaneously, you m ust enroll one after the other. For inst ance, if you have t w o enrollees and one registrar you m ust set up t he first enrollee ( by pressing the WPS but ton on t he registrar and the first enrollee, for exam ple) , t hen check t hat it successfully enrolled, t hen set up the second device in t he sam e way.• WPS works only wit h other WPS-enabled devices. However, you can st ill add non-WPS devices t o a network you already set up using WPS. WPS works by aut om atically issuing a random ly- generat ed WPA- PSK or WPA2- PSK pre- shared key from t he regist rar device to the enrollee devices. Whet her t he net work uses WPA-PSK or WPA2- PSK depends on t he device. You can check t he configurat ion int erface of t he regist rar device t o discover t he key the network is using ( if t he device support s this feat ure). Then, you can ent er the key into t he non-WPS device and j oin t he net work as norm al (t he non-WPS device m ust also support WPA- PSK or WPA2- PSK) .CLIENT 1 AP1REGISTRARCLIENT 2EXISTING CONNECTIONSECURITY INFOENROLLEEAP2EXISTING CONNECTION

Chapter 5 WirelessB222s User’s Guide68• When you use the PBC m et hod, t here is a short period (from t he m om ent you press t he but t on on one device to t he m om ent you press t he butt on on the ot her device) when any WPS-enabled device could j oin the network. This is because t he regist rar has no way of identifying the “ correct” enrollee, and cannot different iate bet ween your enrollee and a rogue device. This is a possible way for a hacker t o gain access t o a net w ork.You can easily check to see if t his has happened. WPS works bet w een only two devices sim ultaneously, so if anot her device has enrolled your device w ill be unable t o enroll, and will not have access t o t he net work. I f this happens, open t he access point ’s configurat ion interface and look at t he list of associat ed client s ( usually displayed by MAC address). I t does not m at t er if the access point is t he WPS regist rar, t he enrollee, or was not involved in the WPS handshake; a rogue device m ust still associate with the access point t o gain access t o t he net work. Check t he MAC addresses of your wireless clients ( usually print ed on a label on t he bot t om of t he device). I f there is an unknown MAC address you can rem ove it or reset t he AP.

B222s User’s Guide 69CHAPTER 6Home Networking6.1 Overview A Local Ar ea Network ( LAN) is a shar ed com m unication system t o which m any com puters are att ached. A LAN is usually located in one im m ediat e area such as a building or floor of a building.The LAN screens can help you configure a LAN DHCP server and m anage I P addresses.6.1.1 What You Can Do in this Chapter• Use the LAN Set up screen t o set t he LAN I P address, subnet m ask, and DHCP sett ings ( Sect ion 6.2 on page 71) . • Use the St a t ic DH CP screen to assign I P addresses on t he LAN to specific individual com put ers based on their MAC Addresses ( Sect ion 6.3 on page 72) .• Use the UPnP screen t o enable UPnP ( Sect ion 6.4 on page 73) .6.1.2 What You Need To KnowThe following term s and concept s m ay help as you read this chapt er.6.1.2.1 About LANIP AddressSim ilar t o t he way houses on a street shar e a com m on str eet nam e, so t oo do com put ers on a LAN share one com m on net work num ber. This is know n as an I nternet Prot ocol address.WANLAN

Chapter 6 Home NetworkingB222s User’s Guide70Subnet MaskThe subnet m ask specifies t he net work num ber port ion of an I P address. Your LTE Device will com pute the subnet m ask autom at ically based on t he I P address that you ent ered. You don't need to change t he subnet m ask com put ed by the LTE Device unless you are instruct ed t o do ot herw ise.DHCPDHCP ( Dynam ic Host Configurat ion Prot ocol) allows client s t o obt ain TCP/ I P configurat ion at st ar t-up from a server. This LTE Device has a built- in DHCP ser ver capability t hat assigns I P addresses and DNS servers t o system s that support DHCP client capability.DNSDNS ( Dom ain Nam e System ) m aps a dom ain nam e t o its corresponding I P address and vice versa. The DNS server is ext rem ely im port ant because w it hout it , you m ust know t he I P address of a com puter before you can access it. The DNS server addresses you ent er when you set up DHCP are passed t o t he client m achines along w it h t he assigned I P address and subnet m ask.6.1.2.2 About UPnPHow do I know if I'm using UPnP? UPnP hardware is ident ified as an icon in the Net work Connections folder ( Window s XP) . Each UPnP com patible device inst alled on your net work will appear as a separate icon. Selecting t he icon of a UPnP device w ill allow you t o access t he inform ation and propert ies of t hat device. Cautions with UPnPThe autom at ed nature of NAT t raversal applicat ions in establishing t heir own services and opening firewall port s m ay present net work security issues. Net work inform ation and configuration m ay also be obtained and m odified by users in som e net work environm ent s. When a UPnP device j oins a net work, it announces it s pr esence with a m ulticast m essage. For securit y reasons, the LTE Device allows m ulticast m essages on the LAN only.All UPnP- enabled devices m ay com m unicat e freely wit h each ot her wit hout additional configurat ion. Disable UPnP if t his is not your int ent ion.

Chapter 6 Home NetworkingB222s User’s Guide 716.2 The LAN Setup ScreenClick N et w ork Set t ing > Hom e N e tw or k ing t o open t he LAN Se t up screen. Use this screen to set t he Local Area Networ k I P address and subnet m ask of your LTE Device and configure t he DNS server inform ation t hat t he LTE Device sends t o t he DHCP client devices on t he LAN.Figure 36 Net work Set ting > Hom e Net w orking > LAN Setup The following t able describes t he fields in t his screen. Table 19 Network Sett ing > Hom e Networking > LAN Setup LABEL DESCRIPTIONLAN I P Set upI P Address Enter t he LAN I P address you want t o assign t o your LTE Device in dot t ed decim al notat ion, for exam ple, 192.168.1.1 (factor y default ) . I P Subnet Mask Type t he subnet m ask of your net work in dot ted decim al notat ion, for exam ple 255.255.255.0 (fact ory default ) . Your LTE Device autom at ically com put es t he subnet m ask based on t he I P address you ent er, so do not change this field unless you are instr ucted to do so.DHCP Server St at eDHCP Select Ena ble t o have your LTE Device assign I P addresses, an I P default gateway and DNS server s t o LAN com put ers and other devices t hat are DHCP clients.I f you select Disa ble, you need t o m anually configure t he I P addresses of t he com puter s and ot her devices on your LAN.When DHCP is used, the follow ing fields need to be set .I P Addressing ValuesI P Pool St art ing AddressThis field specifies the fir st of t he cont iguous addresses in t he I P address pool.Pool Size This field specifies t he size, or count of t he I P address pool.DNS Values

Chapter 6 Home NetworkingB222s User’s Guide726.3 The Static DHCP ScreenThis t able allows you t o assign I P addresses on the LAN to specific individual com put ers based on their MAC Addresses. Every Et hernet device has a unique MAC ( Media Access Cont rol) address. The MAC address is assigned at the fact ory and consist s of six pairs of hexadecim al charact ers, for exam ple, 00: A0: C5: 00: 00: 02.6.3.1 Before You BeginFind out t he MAC addresses of your network devices if you int end to add t hem t o t he St at ic D HCP screen.Use t his screen t o change your LTE Device’s stat ic DHCP sett ings. Click N et w ork Set ting > Hom e N e t w or k in g > St at ic DH CP t o open t he following screen.Figure 37 Net work Set ting > Hom e Net w orking > Stat ic DHCP The following t able describes t he labels in t his screen.DNS Server 1-3 Select From I SP if your I SP dynam ically assigns DNS server inform at ion ( and t he LTE Device's WAN I P address).Select D NS- Prox y if Select User- Defined if you have t he I P address of a DNS ser ver. Ent er t he DNS server's I P address in t he field to t he r ight . I f you chose User - Defin ed, but leave t he I P address set t o 0.0.0.0, User - Define d changes t o N on e aft er you click Apply. I f you set a second choice t o U se r- De fine d, and enter t he sam e I P address, t he second Use r-De fined changes t o N o ne aft er you click Apply. Select N o ne if you do not want t o configure DNS servers. You m ust have anot her DHCP sever on your LAN, or else t he com put ers m ust have t heir DNS server addresses m anually configured. I f you do not configure a DNS serv er, you m ust know the I P address of a com put er in order t o access it .Apply Click Apply to save your changes.Cancel Click Ca ncel to restore your previously saved set t ings.Table 19 Network Sett ing > Hom e Net working > LAN Setup (continued)LABEL DESCRIPTIONTable 20 Network Set t ing > Hom e Net working > Static DHCPLABEL DESCRIPTIONAdd new stat ic leaseClick t his to add a new st at ic DHCP ent ry. # This is t he index num ber of the entr y.St at us This field displays whet her t he client is connect ed t o t he LTE Device.

Chapter 6 Home NetworkingB222s User’s Guide 73I f you click Add ne w st a t ic lease in t he St at ic D HCP screen, t he following screen displays.Figure 38 St at ic DHCP: AddThe following t able describes t he labels in t his screen.6.4 The UPnP ScreenUniversal Plug and Play ( UPnP) is a dist r ibut ed, open net working st andard t hat uses TCP/ I P for sim ple peer- to- peer net w ork connect ivit y bet ween devices. A UPnP device can dynam ically j oin a network, obtain an I P address, convey it s capabilit ies and learn about ot her devices on t he net work. I n t urn, a device can leave a net w ork sm oothly and autom atically w hen it is no longer in use.See page 74 for m ore inform at ion on UPnP.Host Nam e This field displays the client host nam e.MAC Address The MAC (Media Access Cont rol) or Et hernet addr ess on a LAN ( Local Ar ea Networ k) is unique t o your com put er ( six pairs of hexadecim al not ation) .A network interface card such as an Ethernet adapter has a hardwired address t hat is assigned at the factory. This address follows an indust ry st andard t hat ensures no ot her adapter has a sim ilar address.I P Address This field displays t he I P address relative t o t he # field list ed above.Reserve Select the check box in t he heading row to aut om at ically select all check boxes or select the check box( es) in each ent ry t o have t he LTE Device always assign t he selected ent ry ( ies) ’s I P address(es) t o t he corresponding MAC address( es) ( and host nam e(s)) . You can select up to 128 ent ries in t his t able. Apply Click Apply t o save your changes.Cancel Click Ca ncel t o rest ore your previously saved sett ings.Refresh Click Re fresh t o reload t he DHCP t able.Table 21 Static DHCP: AddLABEL DESCRIPTIONMAC Address Ent er the MAC address of a com puter on your LAN.I P Address Enter t he I P address t hat you want to assign to t he com put er on your LAN w ith t he MAC addr ess t hat you will also specify.Apply Click Apply to save your changes.Back Click Back t o exit t his screen w it hout saving.Table 20 Network Sett ing > Hom e Net working > Stat ic DHCP ( cont inued)LABEL DESCRIPTION

Chapter 6 Home NetworkingB222s User’s Guide74Use t he following scr een t o configure t he UPnP sett ings on your LTE Device. Click N e t w or k Set t ing > Hom e N e t w ork ing > St a t ic D HCP > UPn P to display the screen shown next .Figure 39 Net work Set ting > Hom e Net w orking > UPnPThe following t able describes t he labels in t his screen.Table 22 Network Sett ings > Hom e Networking > UPnPLABEL DESCRIPTIONUPnP Select Enable t o act ivat e UPnP. Be aware that anyone could use a UPnP applicat ion t o open the web configurat or's login screen without ent ering the LTE Device's I P address ( alt hough you m ust st ill ent er the password t o access t he w eb configurat or) .Apply Click Ap ply t o save your changes.

B222s User’s Guide 75CHAPTER 7Routing7.1 OverviewThe LTE Device usually uses the default gat eway t o route out bound t raffic from com puters on t he LAN to t he I nternet . To have t he LTE Device send dat a t o devices not reachable t hrough t he default gat eway, use stat ic rout es.For exam ple, the next figure shows a com puter (A) connected t o t he LTE Device’s LAN int erface. The LTE Device rout es m ost t raffic from A t o t he I nternet t hrough t he LTE Device’s default gat eway (R1 ) . You creat e one st at ic rout e t o connect t o services offered by your I SP behind rout er R2 . You creat e another static rout e t o com m unicat e with a separat e net work behind a router R3 connect ed to t he LAN. Figure 40 Exam ple of Stat ic Routing TopologyWANR1R2AR3LAN

Chapter 7 RoutingB222s User’s Guide767.2 Configuring Static Route Use t his screen t o view and configure I P stat ic rout es on the LTE Device. Click N et w or k Set t ing > St a tic Rout e to open t he following screen. Figure 41 Net work Set ting > Stat ic Rout eThe following t able describes t he labels in t his screen. Table 23 Network Sett ing > St atic Rout eLABEL DESCRIPTIONAdd New Stat ic Rout eClick t his t o set up a new st atic rout e on the LTE Device.#This is t he num ber of an individual stat ic rout e.Act ive This indicat es whether t he rule is act ive or not .A yellow bulb signifies t hat this stat ic rout e is act ive. A gray bulb signifies that t his stat ic rout e is not act ive.St atus This shows whet her t he stat ic rout e is curr ent ly in use or not . A yellow bulb signifies t hat this stat ic rout e is in use. A gray bulb signifies t hat t his stat ic rout e is not in use. Nam e This is t he nam e that describes or identifies t his route. Dest inat ion I P This param et er specifies the I P netw ork address of t he final dest ination. Rout ing is always based on network num ber. Gateway This is t he I P address of t he gatew ay. The gateway is a r out er or swit ch on t he sam e net work segm ent as the device's LAN or WAN por t. The gateway helps forward packet s t o their dest inat ions.Subnet Mask This param et er specifies the I P network subnet m ask of the final dest ination.I nt erface This indicates which interface handles t he t raffic forwarded by this route.Modify Click the Ed it icon t o go t o t he screen where you can set up a stat ic rout e on t he LTE Device.Click t he De le t e icon t o r em ove a st at ic rout e from t he LTE Device.

Chapter 7 RoutingB222s User’s Guide 777.2.1 Add/Edit Static Route Click a dd ne w St a t ic Rout e in t he Rou t in g screen or click the Edit icon next t o a rule. The follow ing screen appears. Use t his screen t o configure the required inform at ion for a stat ic rout e.Figure 42 Rout ing: Add/ EditThe following t able describes t he labels in t his screen. Table 24 Rout ing: Add/ EditLABEL DESCRIPTIONAct ive Click this t o activate t his st at ic rout e.Rout e Nam e Enter the nam e of the I P static rout e. Leave t his field blank t o delete this stat ic rout e.Dest inat ion I P AddressThis param et er specifies the I P network address of t he final dest ination. Rout ing is always based on netw ork num ber. I f you need t o specify a r oute t o a single host , use a subnet m ask of 255.255.255.255 in t he subnet m ask field t o force the netw ork num ber t o be ident ical t o t he host I D.I P Subnet Mask Enter t he I P subnet m ask here.Gateway I P AddressYou can decide if you want t o for ward packets t o a gateway I P address or a bound interface.I f you want t o configure Gat e w a y I P Addre ss, ent er the I P address of t he next- hop gat eway. The gat eway is a rout er or switch on t he sam e netw ork segm ent as t he device's LAN or WAN port. The gateway helps forward packet s t o their destinat ions.Bound I nt erface You can decide if you want t o forwar d packets t o a gateway I P address or a bound interface.I f you want t o configure Bou nd I nt e r face, select the check box and choose an int erface through w hich t he t raffic is sent. Apply Click Apply t o save your changes.Back Click Ba ck to exit t his screen wit hout saving.

B222s User’s Guide 79CHAPTER 8DNS Route8.1 Overview DNS ( Dom ain Nam e System ) is for m apping a dom ain nam e t o its corresponding I P address and vice versa. The DNS server is ext rem ely im port ant because wit hout it , you m ust know the I P address of a m achine befor e you can access it. I n addition t o t he system DNS server( s) , each WAN interface ( service) is set to have it s own stat ic or dynam ic DNS server list. You can configure a DNS stat ic rout e t o forward DNS queries for cert ain dom ain nam es t hrough a specific WAN int erface t o its DNS server( s). The LTE Device uses a system DNS server (in t he order you specify in t he Broa dband screen) t o resolve dom ain nam es t hat do not m atch any DNS rout ing ent ry. Aft er t he LTE Device receives a DNS reply from a DNS ser ver, it creat es a new ent ry for t he resolved I P address in t he routing table.I n t he following exam ple, t he DNS server 168.92.5.1 obt ained from t he WAN interface atm 0.100 is set t o be t he system DNS server. The DNS server 10.10.23.7 is obt ained from t he WAN int erface ppp1.123. You configure a DNS rout e for * exam ple.com t o have t he LTE Device forward DNS request s for t he dom ain nam e m ail.exam ple.com t hrough the WAN int erface ppp1.123 t o t he DNS server 10.10.23.7.Figure 43 Exam ple of DNS Rout ing Topology8.1.1 What You Can Do in this ChapterThe DN S Rou t e screens let you view and configure DNS rout es on the LTE Device (Section 8.2 on page 80) .WANLANat m 0.100ppp1.123DNS: 10.10.23.7DNS: 168.92.5.1sip.service.comm ail.exam ple.com( Default )

Chapter 8 DNS RouteB222s User’s Guide808.2 The DNS Route ScreenThe DN S Rou t e screens let you view and configure DNS rout es on t he LTE Device. Click N et w or k Set t ing > D NS Rout e t o open t he D N S Rout e screen. Figure 44 Net work Set ting > DNS Rout eThe following t able describes t he labels in t his screen. 8.2.1 Add/Edit DNS Route Edit Click Add ne w DN S r out e in t he DN S Rou t e screen or t he Ed it icon next t o an exist ing DNS rout e. Use t his screen t o configure t he required inform at ion for a DNS route. Figure 45 DNS Route: Add/ Edit Table 25 Network Sett ing > DNS RouteLABEL DESCRIPTIONAdd new DNS routeClick t his t o creat e a new entr y.#This is t he num ber of an individual DNS route.St atus This shows whether t he DNS rout e is currently in use or not .A yellow bulb signifies t hat t his DNS route is in use. A gray bulb signifies t hat t his DNS route is not in use.Dom ain Nam e This is t he dom ain nam e t o which t he DNS rout e applies. WAN I nt erface This is t he WAN int erface t hrough which t he m atched DNS request is routed. Modify Click the Ed it icon to configure a DNS route on t he LTE Device.Click t he D e le t e icon t o rem ove a DNS rout e from t he LTE Device.

Chapter 8 DNS RouteB222s User’s Guide 81The following t able describes t he labels in t his screen. Table 26 DNS Rout e: Add/ EditLABEL DESCRIPTIONAct ive Select t his t o act ivate t his DNS r oute.Dom ain Nam e Ent er t he dom ain nam e you want to resolve.You can u se t he w i ld car d ch ar act er, an “ * ” ( ast er isk ) as t he lef t m o st p ar t of a d om ain n am e, such as * .exam ple.com . The LTE Device forwards DNS queries for any dom ain nam e ending in exam ple.com to t he WAN int erface specified in t his route.WAN I nt erface Select a WAN interface t hrough which t he m atched DNS query is sent . You m ust have t he WAN interface( s) already configured in t he Br oadb an d screen. Apply Click Apply t o save your changes.Back Click Back t o exit this screen wit hout saving.

B222s User’s Guide 83CHAPTER 9Quality of Service (QoS)9.1 OverviewThis chapt er discusses t he LTE Device’s QoS screens. Use t hese screens to set up your LTE Device to use QoS for traffic m anagem ent . Quality of Service ( QoS) refers to bot h a network’s ability t o deliver data with m inim um delay, and the net working m ethods used t o cont rol t he use of bandwidth. QoS allows the LTE Device t o group and prioritize applicat ion traffic and fine- t une network perform ance. Wit hout QoS, all t raffic dat a is equally likely t o be dropped when t he net work is congested. This can cause a reduct ion in network perform ance and m ake t he net work inadequate for t im e- critical application such as video-on- dem and.The LTE Device assigns each packet a pr iorit y and t hen queues t he packet accordingly. Packet s assigned a high priorit y are pr ocessed m ore quickly than t hose with low priorit y if t here is congestion, allowing tim e- sensit ive applications to flow m ore sm oothly. Tim e- sensitive applicat ions include bot h t hose t hat require a low level of lat ency (delay) and a low level of j itt er (variat ions in delay) such as I nternet gam ing, and t hose for which j itt er alone is a problem such as I nt ernet radio or st ream ing video.Note: The LTE Device has built -in configurations for Voice over I P ( I P) . The Quality of Service ( QoS) feature does not affect VoI P t raffic. • See Section 9.6 on page 92 for advanced t echnical inform ation on SI P.9.1.1 What You Can Do in this Chapter• Use the Genera l screen to enable QoS, set the bandwidt h, and allow t he LTE Device t o autom atically assign priorit y t o upstream traffic according to t he I EEE 802.1p pr iorit y level, I P precedence or packet length ( Section 9.2 on page 84) .• Use the Queue Se t up screen t o configure QoS queue assignm ent (Sect ion 9.3 on page 86) .• Use the Cla ss Set up screen t o set up classifiers t o sort t raffic into different flows and assign priorit y and define actions to be perform ed for a classified traffic flow (Sect ion 9.4 on page 87) .• Use the M on it o r screen t o view the LTE Device’s QoS- relat ed packet st atist ics ( Sect ion 9.5 on page 92) .9.1.2 What You Need to KnowThe following term s and concept s m ay help as you read this chapt er.

Chapter 9 Quality of Service (QoS)B222s User’s Guide84QoS versus CosQoS is used t o priorit ize source-t o-dest ination t raffic flows. All packet s in the sam e flow are given the sam e priorit y. CoS ( class of service) is a way of m anaging t raffic in a network by grouping sim ilar t ypes of t raffic together and t reat ing each ty pe as a class. You can use CoS t o give differ ent priorit ies to different packet t ypes. CoS technologies include I EEE 802.1p layer 2 t agging and DiffServ ( Different iated Services or DS) . I EEE 802.1p t agging m akes use of t hree bits in the packet header, while DiffServ is a new prot ocol and defines a new DS field, which r eplaces t he eight- bit ToS ( Type of Service) field in the I P header. Tagging and MarkingI n a QoS class, you can configure whet her to add or change t he DSCP ( DiffServ Code Point ) value and I EEE 802.1p priorit y level in a m atched packet . When the packet passes t hr ough a com patible network, the networking device, such as a backbone switch, can provide specific t reatm ent or service based on t he t ag or m arker.9.2 The QoS General Screen Use t his screen to enable or disable QoS, set t he bandwidt h, and select t o have the LTE Device autom atically assign priorit y t o upstream traffic according to t he I EEE 802.1p priorit y level, I P precedence or packet length.Click N et w ork Set t ing > QoS t o open t he Gen er a l screen. Figure 46 Net work Set ting > QoS > General

Chapter 9 Quality of Service (QoS)B222s User’s Guide 85The following t able describes t he labels in t his screen. Table 27 Network Sett ing > QoS > GeneralLABEL DESCRIPTIONAct ive QoS Select t he check box t o t urn on QoS t o im prove your net wor k perform ance. You can give prior ity t o t raffic t hat t he LTE Device for wards out through t he WAN interface. Give high priority t o voice and v ideo t o m ake them run m ore sm oot hly. Sim ilar ly, g iv e low pr ior i t y t o m an y lar ge file dow n load s so t h at t hey do n ot r edu ce the qualit y of ot her applications. WAN Managed Upstr eam BandwidthEnter t he am ount of bandwidt h for t he WAN int erface that you want t o allocat e using QoS. The recom m endation is t o set t his speed t o m at ch t he int erface’s act ual t ransm ission speed. For exam ple, set t he WAN inter face speed to 1000 kbps if your I nt ernet connect ion has an upstream t ransm ission speed of 1 Mbps. Set t ing t his num ber higher t han the interface’s act ual t ransm ission speed will stop lower prior ity t raffic from being sent if higher priority t raffic uses all of t he actual bandw idt h. I f you set t his num ber low er t han t he int erface’s actual transm ission speed, t he LTE Device will not use som e of t he int erface’s available bandwidt h.Leave t his field blank to have t he LTE Device set t his value aut om atically.Traffic priority will be aut om at ically assigned byThese fields are ignored if upst ream t raffic m at ches a class you configured in t he Cla ss Set u p scr een.I f you select Et her ne t Pr ior it y, I P Pre cede nce or Pack et Le ngt h and t raffic does not m at ch a class configured in t he Cla ss Set up screen, t he LTE Device assigns priorit y to unm at ched t raffic based on t he I EEE 802.1p priority level, I P precedence or packet lengt h.See Sect ion 9.6.1 on page 93 for m ore infor m at ion.Act ive upstream har dw ar e Queue if available??Apply Click Apply t o save your changes.Cancel Click Ca ncel t o rest or e your previously saved set t ings.

Chapter 9 Quality of Service (QoS)B222s User’s Guide869.3 The Queue Setup ScreenUse t his screen to configure QoS queue assignm ent . Click N e t w or k Set t ing > QoS > Que u e Set u p to open t he screen as shown next. Figure 47 Net work Set ting > QoS > Queue Setup The following t able describes t he labels in t his screen. Table 28 Network Set ting > QoS > Queue Set upLABEL DESCRIPTIONAdd new QueueClick t his t o creat e a new entr y.#This is t he index num ber of this ent ry.St atus This indicat es whet her t he queue is active or not.A yellow bulb signifies t hat this queue is act ive. A gray bulb signifies t hat t his queue is not act ive.Nam e This show s t he descriptive nam e of t his queue.I nt erface This show s t he nam e of t he LTE Device’s interface t hr ough which t raffic in this queue passes.Priorit y This shows t he priorit y of t his queue.Wei gh t This shows t he weight of this queue.Buffer Managem ent This show s t he queue m anagem ent algorithm used by t he LTE Dev ice.Rat e Lim it ( k bps)This shows t he m axim um transm ission rat e allow ed for t raffic on this queue.Modify Click the Ed it icon t o edit t he queue.Click t he D e le t e icon t o delet e an exist ing queue. Not e that subsequent r ules m ove up by one when you take this action.

Chapter 9 Quality of Service (QoS)B222s User’s Guide 879.3.1 Add/Edit a QoS Queue Use t his screen to configure a queue. Click Add ne w queue in the Qu e ue Se t up screen or t he Edit icon next t o an existing queue. Figure 48 Queue Set up: Add/ Edit The following t able describes t he labels in t his screen. 9.4 The Class Setup Screen Use t his screen to add, edit or delet e QoS classifiers. A classifier groups t raffic int o dat a flows according t o specific criteria such as t he source addr ess, dest inat ion address, sour ce port num ber, destinat ion por t num ber or incom ing int erface. For exam ple, you can configure a classifier to select traffic from t he sam e prot ocol port ( such as Telnet ) t o form a flow.You can give different pr ior it ies t o t raffic that t he LTE Device forwards out t hrough t he WAN int erface. Give high prior it y t o voice and video t o m ake t hem run m ore sm oot hly. Sim ilarly, give low priorit y t o m any large file downloads so t hat t hey do not reduce t he qualit y of ot her applicat ions. Table 29 Queue Setup: Add/ EditLABEL DESCRIPTIONAct ive Select t o enable or disable t his queue.Nam e Ent er t he descript ive nam e of this queue.I nt erface This show s t he int erface of this queue.Priorit y Select t he priority level ( from 1 t o 7) of this queue.The larger the num ber, the higher the priority level. Traffic assigned t o higher prior ity queues gets t hrough fast er while t raffic in lower priorit y queues is dr opped if t he net work is congested.Wei gh t Select t he weight ( from 1 t o 15) of t his queue. I f two queues have t he sam e pr iorit y lev el, t he LTE Device divides t he bandwidth across t he queues according t o their weight s. Queues wit h larger weight s get m ore bandw idt h than queues wit h sm aller weight s.Rat e Lim it Specify the m ax im um t ransm ission rate (in Kbps) allowed for t raffic on t his queue.Apply Click Apply to save your changes.Back Click Ba ck t o return t o the previous screen wit hout saving.

Chapter 9 Quality of Service (QoS)B222s User’s Guide88Click N et w ork Set t ing > QoS > Cla ss Set up t o open t he following screen.Figure 49 Net work Set ting > QoS > Class Set up The following t able describes t he labels in t his screen. Table 30 Network Sett ing > QoS > Class Set upLABEL DESCRIPTIONAdd new Classifier Click t his t o creat e a new classifier.Order This field displays t he or der num ber of the classifier.St atus This indicat es whet her t he classifier is active or not.A yellow bulb signifies t hat t his classifier is active. A gray bulb signifies t hat t his classifier is not active.Class Nam e This is t he nam e of t he classifier.Classification Crit eriaThis shows criteria specified in this classifier, for exam ple t he interface from which traffic of this class should com e and t he source MAC address of t raffic that m at ches t his classifier.For w ar d t o This is t he int erface t hrough which traffic t hat m at ches t his classifier is forwarded out .DSCP Mark This is t he DSCP num ber added t o t raffic of t his classifier.802.1p Mark This is t he I EEE 802.1p priorit y level assigned to t raffic of t his classifier.To Q u e u e This is t he nam e of t he queue in which traffic of this classifier is put .Modify Click the Ed it icon to edit t he classifier.Click t he D e le t e icon t o delete an existing classifier. Not e that subsequent rules m ove up by one when you t ake t his action.

Chapter 9 Quality of Service (QoS)B222s User’s Guide 899.4.1 Add/Edit QoS Class Click Add new Classifie r in the Cla ss Set up screen or t he Edit icon next t o an existing classifier to configure it .Figure 50 Class Setup: Add/ EditThe following t able describes t he labels in t his screen. Table 31 Class Set up: Add/ EditLABEL DESCRIPTIONClass Configurat ionAct ive Select t o enable t his classifier.Class Nam e Enter a descript ive nam e of up to 32 print able English keyboard charact ers, including spaces.Classification Order Select an exist ing num ber for where you want t o put this classifier t o m ove t he classifier to t he num ber you select ed aft er clicking Apply.Select La st to put t his rule in t he back of t he classifier list .

Chapter 9 Quality of Service (QoS)B222s User’s Guide90For w ar d t o I nt erfaceSelect a WAN int erface through w hich traffic of t his class will be forwarded out . I f you select Uncha ng e, t he LTE Device forward t raffic of t his class according t o t he default routing t able.DSCP Mark This field is available only when you select t he Et he r Type check box in Crit er ia Con fig ur at ion - Ba sic sect ion.I f you select Ma r k , enter a DSCP value wit h w hich t he LTE Device replaces t he DSCP field in t he packets.I f you select Unchange , t he LTE Device keep the DSCP field in t he packets.802.1p Mark Select a prior it y level wit h which the LTE Device replaces t he I EEE 802.1p priorit y field in the packets.I f you select Unchange , the LTE Device keep the 802.1p priorit y field in t he packet s.To Q u e u e Select a queue t hat applies t o this class.You should have configured a queue in t he Que ue Se t u p screen already.Crit eria ConfigurationUse t he follow ing fields t o configur e t he crit eria for t raffic classificat ion.BasicFrom I nterface Select whether t he traffic class com es from t he LAN or a wireless int erface.Ether Type Select a predefined applicat ion to configure a class for t he m at ched t raffic.I f you select I P, you also need t o configure source or destinat ion MAC address, I P address, DHCP opt ions, DSCP value or the prot ocol t ype.I f you select 8 0 2 1 Q, you can configure an 802.1p prior ity level in the Ot h e r s section.SourceMAC Address Select the check box and enter t he source MAC address of t he packet .MAC Mask Type t he m ask for t he specified MAC address to determ ine which bits a packet’s MAC address should m at ch. Enter “ f” for each bit of t he specified source MAC address t hat t he t raffic’s MAC address should m at ch. Enter “ 0“ for t he bit ( s) of t he m at ched t raffic’s MAC address, which can be of any hexadecim al charact er( s). For exam ple, if you set t he MAC address t o 00: 13: 49: 00: 00: 00 and t he m ask t o ff: ff: ff: 00: 00: 00, a packet with a MAC address of 00: 13: 49: 12: 34: 56 m atches t his crit eria.I P Address Select t he check box and ent er the source I P address in dot t ed decim al not at ion. A blank source I P address m eans any source I P address. I P Subnet Mask Enter the source subnet m ask.Port Rang e I f you select TCP or UDP in the I P Pr otocol field, select t he check box and ent er the port num ber( s) of t he source. Exclude Select t his option t o exclude the packet s t hat m at ch t he specified criteria from t his classifier.Dest inat ionMAC Address Select the check box and ent er t he destination MAC address of t he packet .MAC Mask Type t he m ask for t he specified MAC address to determ ine which bits a packet’s MAC address should m at ch. Enter “ f” for each bit of t he specified source MAC address t hat t he t raffic’s MAC address should m at ch. Enter “ 0“ for t he bit ( s) of t he m at ched t raffic’s MAC address, which can be of any hexadecim al charact er( s). For exam ple, if you set t he MAC address t o 00: 13: 49: 00: 00: 00 and t he m ask t o ff: ff: ff: 00: 00: 00, a packet with a MAC address of 00: 13: 49: 12: 34: 56 m atches t his crit eria.Table 31 Class Set up: Add/ Edit ( cont inued)LABEL DESCRIPTION

Chapter 9 Quality of Service (QoS)B222s User’s Guide 91I P Address Select the check box and enter t he dest inat ion I P address in dot t ed decim al not ation. A blank source I P address m eans any source I P address. I P Subnet Mask Ent er t he destinat ion subnet m ask.Port Rang e I f you select TCP or UDP in the I P Pr otocol field, select t he check box and ent er the port num ber( s) of t he source. Exclude Select t his option t o exclude the packet s t hat m at ch t he specified criteria from t his classifier.Ot hers802.1p This field is available only when you select 8 0 2 .1 Q in t he Ethe r Type field.Select t his opt ion and select a priorit y level ( between 0 and 7) from t he drop down list box." 0" is t he lowest priorit y level and "7" is t he highest .I P Prot ocol This field is available only when you select I P in t he Eth er Type field.Select this option and select t he prot ocol ( service type) from TCP or UD P. I f you select User de fined , enter the prot ocol ( service type) num ber. I P Packet Lengt hThis field is available only when you select I P in the Et he r Type field.Select this option and enter t he m inim um and m axim um packet length (from 46 to 1504) in the fields provided.DSCP This field is available only when you select I P in t he Et he r Type field.Select this option and specify a DSCP (DiffServ Code Point ) num ber between 0 and 63 in the field provided.TCP ACK This field is available only when you select I P in the Et he r Type field.I f you select this option, t he m at ched TCP packets m ust contain t he ACK ( Acknow ledge) flag.DHCP This field is available only when you select I P in the Et he r Type field, and UD P in the I P Prot ocol field.Select this opt ion and select a DHCP option. I f you select Ve nd or Cla ss I D ( DH CP Opt ion 6 0 ) , ent er t he Class I D of the m at ched traffic, such as t he t ype of t he hardware or firm ware.I f you select Clie nt I D ( D H CP Opt ion 6 1 ) , ent er the Type of the m atched t raffic and Clien t I D of t he DHCP client.I f you select User Class I D ( D H CP Opt ion 7 7 ) , enter t he Use r Class D at a , which is a st ring t hat ident ifies t he user’s category or applicat ion type in t he m atched DHCP packet s.I f you select Ven dor SpecificI nt ro ( DH CP Option 1 2 5 ) , ent er t he Ent er pr ise N u m be r of t he soft ware of the m atched t raffic and Ven dor Cla ss Da t a used by all t he DHCP clients.Service Select the service classification of t he t raffic.Exclude Select t his option t o exclude the packet s t hat m at ch t he specified criteria from t his classifier.Apply Click Apply t o save you r changes.Back Click Back to ret urn t o the previous screen wit hout saving.Table 31 Class Set up: Add/ Edit ( cont inued)LABEL DESCRIPTION

Chapter 9 Quality of Service (QoS)B222s User’s Guide929.5 The QoS Monitor Screen To view the LTE Device’s QoS packet statistics, click N et w or k Set t ing > QoS > M on it o r. The screen appears as shown. Figure 51 Net work Set ting > QoS > Monit or The following t able describes t he labels in t his screen. 9.6 QoS Technical ReferenceThis sect ion provides som e t echnical background inform ation about t he t opics covered in t his chapt er.Table 32 Network Sett ing > QoS > Monit orLABEL DESCRIPTIONMonitorRefresh I nt erval Select how oft en you want t he LTE Dev ice to update this screen. Select No Refre sh t o stop refreshing stat istics.St atus# This is t he index num ber of t he ent r y.Nam e This show s t he nam e of t he WAN int erface on t he LTE Device. Pass Rat e ( bps) This shows how m uch traffic ( bps) forwarded t o t his int erface are t ransm itt ed successfully.Queue Monit or# This is t he index num ber of t he ent r y.Nam e This show s t he nam e of t he queue. Pass Rat e ( bps) This shows how m uch traffic ( bps) assigned to t his queue ar e t ransm itt ed successfully.Drop Rat e ( bps) This shows how m uch traffic ( bps) assigned t o t his queue are dropped.

Chapter 9 Quality of Service (QoS)B222s User’s Guide 939.6.1 IEEE 802.1pI EEE 802.1p specifies t he user priorit y field and defines up to eight separat e t raffic t ypes. The following t able describes t he t raffic types defined in t he I EEE 802.1d st andard ( which incor porat es the 802.1p) . 9.6.2 IP PrecedenceSim ilar t o I EEE 802.1p prioritizat ion at layer- 2, you can use I P precedence t o priorit ize packet s in a layer- 3 net work. I P precedence uses t hree bits of t he eight- bit ToS ( Type of Service) field in t he I P header. There are eight classes of services ( ranging from zero t o seven) in I P precedence. Zero is the lowest priorit y level and seven is the highest . 9.6.3 DiffServ QoS is used t o priorit ize source-t o- destination t raffic flows. All packet s in the flow are given the sam e priorit y. You can use CoS ( class of service) t o give different priorit ies t o different packet types.DiffSer v ( Different iated Services) is a class of service (CoS) m odel t hat m arks packets so t hat they receive specific per- hop t reat m ent at DiffServ- com pliant net work devices along t he rout e based on the application t ypes and t raffic flow. Packets are m arked wit h DiffServ Code Points ( DSCPs) indicating t he level of service desired. This allows t he int erm ediar y DiffServ- com pliant network devices t o handle t he packets differently depending on t he code point s wit hout t he need to negotiat e pat hs or rem em ber st ate inform at ion for every flow. I n addit ion, applicat ions do not have to request a part icular ser vice or give advanced notice of where t he t raffic is going. DSCP and Per-Hop Behavior DiffServ defines a new DS ( Differentiat ed Services) field to replace the Type of Service (TOS) field in the I P header. The DS field cont ains a 2- bit unused field and a 6- bit DSCP field w hich can define up t o 64 service levels. The following figure illust rat es the DS field. Table 33 I EEE 802.1p Prior it y Level and Traffic TypePRIORITY LEVEL TRAFFIC TYPELevel 7 Typically used for net work cont rol traffic such as rout er configurat ion m essages.Level 6 Typically used for voice t raffic t hat is especially sensitiv e t o j it t er ( j it t er is t he var iat ions in delay) .Level 5 Typically used for video that consum es high bandwidt h and is sensitiv e t o j it ter.Level 4 Typically used for controlled load, lat ency- sensitive t raffic such as SNA ( System s Net work Archit ect ure) t ransact ions.Level 3 Typically used for “ excellent effort ” or bet t er t han best effort and w ould include im port ant business t raffic t hat can t olerat e som e delay.Level 2 This is for “ spare bandwidth”. Level 1 This is t ypically used for non- critical “ background” traffic such as bulk t ransfers t hat are allow ed but that should not affect other applicat ions and users. Level 0 Typically used for best- effort t raffic.

Chapter 9 Quality of Service (QoS)B222s User’s Guide94DSCP is backward com patible wit h t he t hree precedence bit s in t he ToS oct et so that non- DiffServ com pliant , ToS-enabled net work device will not conflict wit h t he DSCP m apping.The DSCP value determ ines t he forwarding behavior, t he PHB ( Per- Hop Behavior) , t hat each packet get s across t he DiffServ net work. Based on t he m arking rule, different kinds of traffic can be m ar ked for different kinds of forwarding. Resources can t hen be allocated according to t he DSCP values and t he configured policies.DSCP ( 6 bit s) Unused ( 2 bit s)

B222s User’s Guide 95CHAPTER 10Network Address Translation (NAT)10.1 Overview NAT ( Net work Address Translat ion - NAT, RFC 1631) is the t ranslation of t he I P address of a host in a packet , for exam ple, t he source address of an out going packet , used within one net work t o a different I P address known within anot her network.10.1.1 What You Can Do in this Chapter• Use the Port For w arding screen t o configure forward incom ing service request s to t he server( s) on your local network ( Sect ion 10.2 on page 96) .• Use the DMZ screen t o vieiw and configure t he I P address of your net work DMZ. ( Sect ion 10.3 on page 99) . • Use the Sessions screen to lim it the num ber of concurrent NAT sessions each client can use (Section 10.4 on page 99) . 10.1.2 What You Need To KnowThe following term s and concept s m ay help as you read this chapt er.Inside/Outside and Global/LocalI nside/ out side denot es where a host is located relat ive t o t he LTE Device, for exam ple, t he com puters of your subscribers are the inside hosts, while t he web servers on the I nt ernet are the out side host s. Global/ local denot es the I P address of a host in a packet as t he packet traverses a r out er, for exam ple, t he local address refers t o the I P address of a host when the packet is in t he local network, while t he global address refers t o t he I P address of t he host w hen t he sam e packet is traveling in t he WAN side. NATI n t he sim plest form , NAT changes the sour ce I P address in a packet received from a subscriber ( t he inside local address) t o anot her ( the inside global address) before forwarding t he packet t o t he WAN side. When t he response com es back, NAT t ranslat es the destinat ion address ( the inside global addr ess) back t o t he inside local address before forwarding it t o the original inside host.

Chapter 10 Network Address Translation (NAT)B222s User’s Guide96Port ForwardingA port forwarding set is a list of inside (behind NAT on t he LAN) servers, for exam ple, web or FTP, that you can m ake visible to t he out side w orld even though NAT m akes your whole inside network appear as a single com put er to t he out side wor ld.Finding Out MoreSee Sect ion 10.5 on page 100 for advanced technical inform at ion on NAT.10.2 The Port Forwarding Screen Use t he Port For w arding screen to forward incom ing service requests t o t he server( s) on your local net work.You m ay ent er a single port num ber or a range of port num bers t o be forwarded, and t he local I P address of the desired server. The port num ber identifies a service; for exam ple, web service is on port 80 and FTP on port 21. I n som e cases, such as for unknown ser vices or where one server can support m ore t han one service ( for exam ple bot h FTP and web service) , it m ight be bett er to specify a range of port num bers. You can allocate a server I P address t hat corresponds t o a port or a range of port s.The m ost oft en used port num bers and services are shown in Appendix E on page 249. Please refer to RFC 1700 for furt her inform ation about port num bers. Note: Many resident ial broadband I SP account s do not allow you t o run any server processes ( such as a Web or FTP server) from your locat ion. Your I SP m ay periodically check for servers and m ay suspend your account if it discovers any act ive services at your locat ion. I f you ar e unsure, r efer t o your I SP.Configuring Servers Behind Port Forwarding (Example)Let's say you want t o assign port s 21- 25 t o one FTP, Telnet and SMTP server (A in t he exam ple) , port 80 t o another ( B in t he exam ple) and assign a default server I P address of 10.0.0.35 to a t hird (C in the exam ple) . You assign t he LAN I P addr esses and t he I SP assigns t he WAN I P address. The NAT net work appears as a single host on t he I nt er net .Figure 52 Mult iple Servers Behind NAT Exam pleA=10.0.0.33D=10.0.0.36C=10.0.0.35B=10.0.0.34WANLAN10.0.0.1 IP Address assigned by ISP

Chapter 10 Network Address Translation (NAT)B222s User’s Guide 9710.2.1 The Port Forwarding ScreenClick N et w ork Set t ing > N AT t o open t he Port Forw ar ding screen.See Appendix E on page 249 for port num bers com m only used for part icular services. Figure 53 Net work Set ting > NAT > Por t ForwardingThe following t able describes t he fields in t his screen. Table 34 Network Sett ing > NAT > Por t ForwardingLABEL DESCRIPTIONAdd new rule Click t his t o add a new port forwarding rule.#This is t he index num ber of t he ent ry.St atus This field indicat es whether the rule is active or not .A yellow bulb signifies t hat t his rule is active. A gray bulb signifies t hat t his rule is not act ive.Service Nam e This is t he ser vice’s nam e. This show s User De fin ed if you m anually added a service. You can change t his by clicking the edit icon.WAN I nt erface This shows t he WAN int erface t hrough which the ser vice is forw arded.St art Port This is t he first ext ernal port num ber t hat identifies a service.End Port This is t he last ext ernal port num ber that ident ifies a service.Translat ion Start Por tThis is t he first internal port num ber t hat ident ifies a service.Tr a n sl a t io n En d Por tThis is t he last int ernal port num ber t hat ident ifies a service.Server I P Address This is t he server ’s I P address.Prot ocol This show s t he I P prot ocol support ed by t his virtual server, whet her it is TCP, UDP, or TCP/ UD P.Modify Click the Ed it icon to edit t he port forwarding rule.Click t he D e le t e icon to delet e an existing port forwarding rule. Note that subsequent address m apping rules m ove up by one when you t ake t his action.Apply Click Apply t o save your changes.Cancel Click Ca ncel to restore your previously saved set t ings.

Chapter 10 Network Address Translation (NAT)B222s User’s Guide9810.2.2 The Port Forwarding Edit ScreenThis screen let s you creat e or edit a port forwarding rule. Click Add n e w rule in the Por t Forw ar din g screen or t he Edit icon next t o an exist ing rule t o open t he following screen.Figure 54 Port Forwarding: Add/ Edit The following t able describes t he labels in t his screen. Table 35 Port For warding: Add/ EditLABEL DESCRIPTIONService Nam e Ent er a nam e t o ident ify this rule using keyboard charact ers ( A-Z, a-z, 1- 2 and so on) . WAN I nt erface Select t he WAN interface t hrough w hich the ser vice is forwarded.St art Port Enter t he original dest ination port for t he packet s.To forward only one port, enter the port num ber again in t he Ex t e r na l End Por t field. To forward a ser ies of port s, enter t he start port num ber her e and t he end port num ber in the Ex t e rn al End Por t field.End Port Ent er t he last port of the original destinat ion port range. To forward only one port, enter t he port num ber in the Ext e r na l St ar t Por t field above and t hen ent er it again in t his field. To forward a series of port s, ent er t he last port num ber in a series that begins with t he port num ber in the Ex t er nal St a rt Por t field above.Translation Start Por tThis shows t he port num ber t o which you want the LTE Device t o translat e t he incom ing port . For a range of ports, ent er t he first num ber of t he range t o which y ou want the incom ing por ts t ranslated.Tr a n sl a t io n En d Por t This show s t he last port of t he t ranslated port range.Server I P AddressEnter t he inside I P address of t he virt ual server here.Prot ocol Ty pe Select t he prot ocol support ed by t his virt ual server. Choices are TCP, UDP, or TCP/ UD P.Apply Click Apply t o save you r changes.Back Click Back t o return t o t he pr evious screen wit hout saving.

Chapter 10 Network Address Translation (NAT)B222s User’s Guide 9910.3 The DMZ ScreenUse t his page t o set the I P address of your net work DMZ ( if you have one) for t he LTE Device. All incom ing packet s received by t his LTE Device’s WAN int erface will be forwarded t o t he default server you set.Click N et w ork Set t ing > N AT > DMZ t o display the following screen. Note: The configurat ion you set in t his screen t akes priorit y t han t he N et w ork Se tt in g > N AT > Port Forw a rding screen.Figure 55 Net work Set ting > NAT > DMZThe following t able describes t he fields in t his screen.10.4 The Sessions ScreenUse t he Se ssion s screen t o lim it t he num ber of concurrent NAT sessions each client can use. Click N et w ork Set t ing > N AT > Sessions t o display the following screen. Figure 56 Net work Set ting > NAT > SessionsTable 36 Network Sett ing > NAT > DMZLABEL DESCRIPTIONDefault Server Address Ent er t he I P address of your network DMZ host , if you have one. 0 .0 .0 .0 m eans this feature is disabled.Apply Click Apply t o save your changes.Cancel Click Ca nce l t o rest ore your previously saved set t ings.

Chapter 10 Network Address Translation (NAT)B222s User’s Guide100The following t able describes t he fields in t his screen.10.5 Technical ReferenceThis sect ion provides som e t echnical background inform ation about t he t opics covered in t his chapt er.10.5.1 NAT DefinitionsI nside/ out side denot es where a host is located relat ive t o t he LTE Device, for exam ple, t he com puters of your subscribers are the inside hosts, while t he web servers on the I nt ernet are the out side host s. Global/ local denot es the I P address of a host in a packet as t he packet traverses a r out er, for exam ple, t he local address refers t o the I P address of a host when the packet is in t he local network, while t he global address refers t o t he I P address of t he host w hen t he sam e packet is traveling in t he WAN side. Note that inside/ out side refers t o t he locat ion of a host , while global/ local refers t o the I P address of a host used in a packet . Thus, an inside local addr ess ( I LA) is the I P addr ess of an inside host in a packet when t he packet is st ill in t he local network, while an inside global address ( I GA) is t he I P address of the sam e inside host when t he packet is on t he WAN side. The following t able sum m arizes t his inform ation.NAT never changes the I P addr ess ( either local or global) of an out side host.Table 37 Network Sett ing > NAT > SessionsLABEL DESCRIPTIONMAX NAT Session Use this field to set a com m on lim it t o t he num ber of concurrent NAT sessions each client com put er can have.I f only a few clients use peer t o peer applications, you can raise t his num ber t o im prove t heir perform ance. With heavy peer to peer applicat ion use, lower t his num ber t o ensure no single client uses t oo m any of t he available NAT sessions.Apply Click Apply t o save your changes.Cancel Click Ca nce l t o rest ore your previously saved set t ings.Table 38 NAT Definit ionsITEM DESCRIPTIONI nside This refers t o t he host on t he LAN.Outside This refers t o t he host on t he WAN.Local This refers t o t he packet addr ess ( sour ce or dest inat ion) as t he packet travels on t he LAN.Global This refers t o t he packet address ( sour ce or dest inat ion) as t he packet travels on t he WAN.

Chapter 10 Network Address Translation (NAT)B222s User’s Guide 10110.5.2 What NAT DoesI n t he sim plest form , NAT changes the sour ce I P address in a packet received from a subscriber ( t he inside local address) t o anot her ( the inside global address) before forwarding t he packet t o t he WAN side. When t he response com es back, NAT t ranslat es the destinat ion address ( the inside global addr ess) back t o t he inside local address before forwarding it t o t he original inside host . Not e that t he I P address ( eit her local or global) of an out side host is never changed.The global I P addresses for t he inside hosts can be eit her st atic or dynam ically assigned by t he I SP. I n addit ion, you can designat e servers, for exam ple, a web ser ver and a Telnet server, on your local network and m ake t hem accessible t o the outside world. I f you do not define any servers, NAT offers t he additional benefit of firewall prot ection. With no servers defined, your LTE Device filt ers out all incom ing inquiries, t hus prevent ing int ruders from probing your net work. For m ore inform ation on I P address t ranslat ion, refer to RFC 1631, The I P Network Address Translator ( NAT) .10.5.3 How NAT WorksEach packet has t wo addresses – a sour ce address and a destinat ion address. For outgoing packet s, the I LA ( I nside Local Address) is the source address on t he LAN, and t he I GA ( I nside Global Address) is t he source address on t he WAN. For incom ing packets, t he I LA is the dest inat ion address on t he LAN, and t he I GA is t he dest ination address on t he WAN. NAT m aps privat e ( local) I P addr esses t o globally unique ones r equired for com m unication wit h hosts on ot her networks. I t replaces t he original I P source address ( and TCP or UDP source port num bers for Many- to- One and Many-t o-Many Overload NAT m apping) in each packet and t hen forwards it to t he I nternet . The LTE Device keeps t rack of the original addresses and port num bers so incom ing reply packet s can have their original values restored. The following figure illust rat es this.Figure 57 How NAT Works192.168.1.13192.168.1.10192.168.1.11192.168.1.12 SA192.168.1.10SAIGA1Inside LocalIP Address192.168.1.10192.168.1.11192.168.1.12192.168.1.13Inside Global IP AddressIGA 1IGA 2IGA 3IGA 4NAT TableWANLANInside LocalAddress (ILA)Inside GlobalAddress (IGA)

Chapter 10 Network Address Translation (NAT)B222s User’s Guide102

B222s User’s Guide 103CHAPTER 11Dynamic DNS11.1 Overview This chapt er discusses how to configure your LTE Device t o use Dynam ic DNS.Dynam ic DNS allows you t o updat e your current dynam ic I P address wit h one or m any dynam ic DNS services so that anyone can cont act you ( in applications such as NetMeet ing and CU- SeeMe) . You can also access your FTP server or Web sit e on your own com puter using a dom ain nam e ( for instance m yhost .dhs.org, where m yhost is a nam e of your choice) t hat will never change instead of using an I P address t hat changes each t im e you reconnect . Your friends or relatives will always be able to call you even if t hey don't know your I P address.First of all, you need t o have regist ered a dynam ic DNS account wit h www.dyndns.org. This is for people wit h a dynam ic I P from their I SP or DHCP server that would still like to have a dom ain nam e. The Dynam ic DNS service provider will give you a password or key. 11.1.1 What You Need To KnowDYNDNS WildcardEnabling t he wildcard feat ure for your host causes * .yourhost .dyndns.org t o be aliased t o the sam e I P addr ess as yourhost.dyndns.org. This feat ure is useful if you want t o be able t o use, for exam ple, www.yourhost.dyndns.org and st ill reach your host nam e.I f you have a privat e WAN I P address, t hen you cannot use Dynam ic DNS.

Chapter 11 Dynamic DNSB222s User’s Guide10411.2 The Dynamic DNS ScreenUse t he D y na m ic DN S screen t o enable DDNS and configure t he DDNS settings on the LTE Device. To change your LTE Device’s DDNS, click Net w or k Set t ing > Dynam ic D N S. The screen appears as shown. Figure 58 Net work Set ting > Dynam ic DNSThe following t able describes t he fields in t his screen. Table 39 Network Sett ing > DNSLABEL DESCRIPTIONDynam ic DNS Configurat ionAct ive Dynam ic DNSSelect this check box t o use dy nam ic DNS.Service Provider Select the nam e of your Dynam ic DNS ser vice provider.Dynam ic DNS Ty p eSelect t he type of serv ice that you are regist ered for from your Dy nam ic DNS serv ice pr ovider.Host Nam e Type t he dom ain nam e assigned t o your LTE Device by your Dynam ic DNS provider.You can specify up to tw o host nam es in t he field separated by a com m a ( ",") .User Nam e Type your user nam e.Passwor d Type t he password assigned t o you.Apply Click Apply t o save your changes.Cancel Click Ca ncel t o rest ore your previously saved set t ings.

B222s User’s Guide 105CHAPTER 12Firewall12.1 OverviewUse t he LTE Device firewall screens to enable and configure the firewall that protect s your LTE Device and network fr om at t acks by hacker s on t he I nt ernet and cont rol access t o it. By default the firewall:• Allows traffic t hat originat es from your LAN and WLAN com put ers t o go t o all ot her networks. • Blocks t raffic t hat originat es on ot her networks from going t o the LAN and WLAN. The following figure illust rat es t he default fir ewall act ion. User A can initiat e an I M ( I nst ant Messaging) session from the LAN to t he WAN (1) . Ret urn traffic for t his session is also allowed ( 2) . However other t raffic init iated from t he WAN is blocked ( 3 and 4) .Figure 59 Default Firewall Act ion12.1.1 What You Can Do in this Chapter• Use the Genera l screen t o enable or disable t he LTE Device’s firewall (Sect ion 12.2 on page 107) .• Use the Ser vices screen to view t he configur ed firewall rules and add, edit or rem ove a firewall rule ( Sect ion 12.3 on page 108) .• Use the Access Cont rol screen t o view and configure incom ing/ out going filt ering rules ( Sect ion 12.4 on page 109) . • Use the DoS screen to enable or disable Denial of Service ( DoS) prot ection ( Sect ion 12.4 on page 109) . WANLAN3412A

Chapter 12 FirewallB222s User’s Guide10612.1.2 What You Need to Know DoSDenials of Service ( DoS) at tacks are aim ed at devices and networks wit h a connect ion t o t he I nt ernet. Their goal is not t o steal inform ation, but to disable a device or net work so users no longer have access to net work resour ces. The ZyXEL Device is pre- configured t o autom atically detect and thwart all known DoS at tacks.FirewallThe LTE Device’s firewall feat ure physically separat es the LAN/ WLAN and the WAN and act s as a secure gateway for all data passing bet w een t he net works.I t is designed to prot ect against Denial of Serv ice (DoS) at t acks when act ivat ed. The LTE Device's purpose is to allow a private Local Area Net work ( LAN) t o be securely connected to t he I nt ernet. The LTE Device can be used t o prevent t heft , dest ruct ion and m odificat ion of dat a, as well as log events, which m ay be im portant t o t he securit y of your network. The LTE Device is installed between t he LAN/ WLAN and a broadband m odem connect ing t o t he I nt ernet. This allows it to act as a secure gateway for all dat a passing bet ween t he I nt ernet and the LAN.The LTE Device has one Et hernet WAN port and four Ethernet LAN port s, which are used t o physically separate the network int o two areas.The WAN ( Wide Area Net work) port at t aches to t he broadband (cable or DSL) m odem to t he I nternet .The LAN (Local Ar ea Networ k) port at taches t o a net w ork of com put ers, which needs securit y from the out side world. These com put ers will have access t o I nt ernet services such as e- m ail, FTP and the World Wide Web. However, "inbound access" is not allowed ( by default ) unless t he rem ot e host is aut horized t o use a specific service.ICMPI nt ernet Cont rol Message Protocol ( I CMP) is a m essage control and error- report ing prot ocol bet ween a host ser ver and a gat eway to t he I nternet . I CMP uses I nternet Prot ocol (I P) dat agram s, but t he m essages are processed by the TCP/ I P soft ware and dir ectly apparent to t he applicat ion user. Finding Out MoreSee Sect ion 12.6 on page 112 for advanced technical inform at ion on firewall.

Chapter 12 FirewallB222s User’s Guide 10712.2 The General Screen Use t his screen t o enable or disable t he LTE Device’s firewall. Click Securit y > Fir e w a ll t o open t he Gen e ra l screen.Figure 60 Secur it y > Firewall > General The following t able describes t he labels in t his screen.Table 40 Security > Firewall > General LABEL DESCRIPTIONFir ewall Select En able to act ivat e the firewall. The LTE Device perform s access cont rol and prot ects against Denial of Service (DoS) at t acks w hen t he firewall is act ivated.Easy, Medium , HighSelect Ea sy to have the firewall allow bot h LAN- to-WAN and WAN- t o- LAN t raffic t o flow t hr ough t he LTE Device.Select Me dium t o have t he firewall only allow t raffic sent from t he LAN to t he WAN. All traffic sent or access from t he WAN will be blocked.Select High to have t he firewall only allow Telnet, FTP, HTTP, HTTPS, DNS, POP3, and SMTP t raffic sent from the LAN t o the WAN. Other t raffic will be blocked.Apply Click Apply t o save your changes.Cancel Click Ca n ce l t o r est ore your previously saved set t ings.

Chapter 12 FirewallB222s User’s Guide10812.3 The Services ScreenUse t his screen t o view the configured service list . To access t his screen, click Securit y > Fire w all > Ser vices. You have to configure at least one ser vice in this screen before configuring t he Security > Fir e w a ll > Access Con t rol > Add N ew ACL Rule/ Edit screen.Figure 61 Secur it y > Firewall > Ser vicesEach field is described in t he following t able.12.3.1 The Add New Services Entry ScreenUse t his screen t o configure a service t hat you want t o use in an ACL rule in t he Secur it y > Fir e w a ll > Access Con t rol > Add N e w ACL Rule/ Edit screen. To access t his screen, click Security > Fir e w a ll > Ser vices and t hen t he Add New Serviice Ent r y but t on.Figure 62 Secur it y > Firewall > Services > Add New Service EntryTable 41 Security > Firewall > ServicesLABEL DESCRIPTIONAdd New Service Ent ryClick t his t o define a new service.Nam e This is t he nam e of a configured service.Ty p e This is t he prot ocol t ype ( TCP, UD P, I CMP or Ot h e rs) of t he service.Por t Num ber This displays a range of port num bers t hat defines t he service.Modify Click the Ed it icon t o edit t he ser vice.Click t he D e le t e icon to delet e the ser vice. Not e t hat subsequent rules m ov e up by one when you take t his action. Delet ing a serv ice rule also deletes t he relat ed ACL rules which are configured in t he Secur it y > Fire w all > Acce ss Cont r ol screen.

Chapter 12 FirewallB222s User’s Guide 109Each field is described in t he following t able.12.4 The Access Control ScreenClick Securit y > Fir ew all > Access Con t rol t o display t he following screen. This screen displays a list of the configured incom ing or out going filt ering rules. Figure 63 Secur it y > Firewall > Access Cont rolEach field is described in t he following t able.Table 42 Security > Firewall > Services > Add New Service Ent ryLABEL DESCRIPTIONNam e Type a descriptive nam e for t he service.Ty p e Select the prot ocol t ype ( TCP, UDP or I CMP or Oth er s) of the service.Prot ocol Num ber Ent er the prot ocol num ber of t he service type.Source Port, Dest inat ion Por tThe source port defines from which port num ber( s) t he ser vice t raffic is sent . The destinat ion port defines t he port num ber(s) t he dest inat ion host s use t o receive t he service t raffic.Select Single if t he service uses one and only one sour ce or dest ination port , then ent er the port num ber.Select M ultiple if t he ser vice uses t wo or m ore source or dest inat ion por ts, t hen ent er a port range. For exam ple, suppose you want t o define t he Gnutella service. Select TCP t ype and ent er a port range of 6 3 4 5 -6 3 4 9 .Apply Click Apply t o save you r changes.Back Click Ba ck t o exit t his screen wit hout saving your changes.Table 43 Security > Firewall > Access ControlLABEL DESCRIPTIONRules Storage Space usage( % )This bar show s t he percent age of t he LTE Device’s space has been used. I f the usage is alm ost full, you m ay need to rem ove an existing filt er r ule before you creat e a new one.Add new ACL rule Click t his t o go t o add a filt er rule for incom ing or out going I P t raffic.Nam e This displays t he nam e of t he rule.Src I P This displays t he source I P addr esses t o w hich t his rule applies. Please note that a blank source address is equivalent t o Any.Dst I P This displays t he dest inat ion I P addr esses to which t his r ule applies. Please note t hat a blank destinat ion address is equivalent t o Any.Services This displays the prot ocol type and a port range t hat define t he ser vice t o which t his rule applies.

Chapter 12 FirewallB222s User’s Guide11012.4.1 The Add New ACL Rule/Edit ScreenClick Add N ew ACL Ru le or t he Edit icon next t o an existing ACL rule in t he Acce ss Cont rol screen. The following screen displays.Figure 64 Secur it y > Firewall > Access Cont rol > Add New ACL Rule/ EditEach field is described in t he following t able.Policy This field displays whether the rule silent ly discards packet s ( D ROP), discards packet s and sends a TCP reset packet or an I CMP dest inat ion- unreachable m essage t o t he sender (REJECT) or allows t he passage of packets ( PERM I T) .Modify Click the Ed it icon to edit t he rule.Click t he D e le t e icon to delet e an existing rule. Note that subsequent rules m ove up by one when y ou t ake this action.Table 43 Security > Firewall > Access Control (continued)LABEL DESCRIPTIONTable 44 Security > Firewall > Access Control > Add New ACL Rule/ EditLABEL DESCRIPTIONFilt er Nam e Ent er a descr ipt ive nam e of up t o 16 alphanum eric charact ers, not including spaces, underscores, and dashes. You m ust enter t he filt er nam e t o add an ACL r ule. This field is read- only if you are editing the ACL rule.Source Addr ess Ty p eSelect Single or Ra nge depending on w het her you want to ent er a single or a range of source I P address( es) t o which the ACL rule applies. Select Any t o indicate any source I P address.Sour ce I P Addr ess St artEnter an I P address or t he st art ing I P address of t he source I P range.Sour ce I P Addr ess EndEnter t he ending I P address of t he source I P range.Dest inat ion Address TypeSelect Single or Ra nge depending on w het her you want to ent er a single or a range of destinat ion I P address( es) t o which t he ACL rule applies. Select Any t o indicat e any destinat ion I P address.

Chapter 12 FirewallB222s User’s Guide 11112.5 The DoS ScreenClick Secur it y > Fire w all > DoS t o display the following screen. Use t his screen t o enable or disable Denial of Service ( DoS) protect ion. Figure 65 Secur it y > Firewall > DoSDest inat ion I P Address St artEnter an I P address or t he st art ing I P address of t he destination I P range.Dest inat ion I P Address EndEnter t he ending I P address of the destinat ion I P range.Select Prot ocol Select t he nam e of a configured service or select Se lect Ser vice to define a new service in t his screen.Prot ocol This field is available when you select Sele ct Se r vice in Se lect Pr ot ocol.Choose the prot ocol t ype (TCP, UDP, I CMP or O t he r s) of t he service.Prot ocol Num ber This field is available when you select Ot he r s in P ro t oco l.Enter t he pr otocol num ber of the service type to w hich t his ACL rule applies.Source Port This field is displayed only when you select Select Ser vice in Sele ct Pr otocol and TCP or UDP in P rot o col.Select Single or Ra nge and t hen ent er a single port num ber or the range of port num bers of the source. Select An y t o indicat e any source port.Dest inat ion Por t This field is displayed only when you select Select Ser vice in Select Pr otocol and TCP or UDP in P rot o col.Select Single or Ra nge and t hen ent er a single port num ber or the range of port num bers of t he dest inat ion. Select Any t o indicate any destinat ion port .Policy Use the drop- dow n list box t o select whether t o silent ly discard ( D ROP) , deny and send an I CMP dest inat ion- unreachable m essage t o the sender of (REJECT) or allow t he passage of ( PERM I T) packets that m atch this rule.Direct ion Use t he drop- down list box to select t he direction of traffic t o which t his rule applies. The possible options are LAN t o DEVI CE, LAN t o W AN , W AN t o LAN , and W AN t o DEVI CE.Apply Click Apply t o save you r changes.Back Click Ba ck t o exit t his screen wit hout saving your changes.Table 44 Security > Firewall > Access Control > Add New ACL Rule/ Edit ( cont inued)LABEL DESCRIPTION

Chapter 12 FirewallB222s User’s Guide112Each field is described in t he following t able.12.6 Firewall Technical ReferenceThis sect ion provides som e t echnical background inform ation about t he t opics covered in t his chapt er.12.6.1 Guidelines For Enhancing Security With Your Firewall1Change t he default password via web configurat or.2Think about access control befor e you connect t o t he net work in any way.3Lim it who can access your LTE Device.4Don't enable any local service ( such as Telnet or FTP) t hat you don't use. Any enabled service could present a pot ent ial security risk. A det erm ined hacker m ight be able to find creat ive ways to m isuse the enabled services to access t he firewall or t he net work.5For local services t hat are enabled, pr ot ect against m isuse. Prot ect by configuring t he ser vices to com municate only wit h specific peers, and protect by configuring rules t o block packets for t he services at specific int erfaces.6Keep t he firewall in a secured (locked) room .12.6.2 Security ConsiderationsNote: I ncorrectly configuring t he firewall m ay block valid access or introduce securit y risks to the LTE Device and your protected net work. Use caution when creat ing or delet ing firewall rules and t est your rules after you configure t hem .Consider t hese securit y ram ifications before creat ing a rule:1Does t his rule stop LAN users from accessing crit ical r esources on t he I nt ernet ? For exam ple, if I RC is blocked, are t here users t hat require t his service?2I s it possible t o m odify t he rule t o be m ore specific? For exam ple, if I RC is blocked for all users, will a rule t hat blocks j ust cert ain users be m ore effect ive?Table 45 Security > Firewall > DoSLABEL DESCRIPTIONDoS Prot ect ion BlockingDoS ( Denial of Service) att acks can flood your I nt ernet connect ion w it h invalid packets and connection request s, using so m uch bandwidt h and so m any resources t hat I nt ernet access becom es unavailable. Select En able to enable prot ect ion against DoS at t acks or D isa ble to disable it .Apply Click Apply to save t he DoS Prot ect ion set t ings.Cancel Click Ca nce l t o rest ore your previously saved set t ings.

Chapter 12 FirewallB222s User’s Guide 1133Does a rule t hat allows I nt ernet users access t o resources on the LAN creat e a security vulnerability? For exam ple, if FTP port s (TCP 20, 21) are allowed from the I nt ernet t o t he LAN, I nt ernet user s m ay be able t o connect t o com put ers wit h running FTP servers.4Does t his rule conflict with any existing rules?Once t hese questions have been answered, adding rules is sim ply a m atter of ent ering the inform ation int o t he correct fields in t he web configurator screens.

Chapter 12 FirewallB222s User’s Guide114

B222s User’s Guide 115CHAPTER 13MAC Filter13.1 OverviewThis chapt er discusses MAC address filt ering.You can configure t he LTE Device t o perm it access to client s based on t heir MAC addresses in t he MAC Filt er screen. This applies to wired and wireless connect ions.13.1.1 What You Need to KnowEvery Et hernet device has a unique MAC ( Media Access Cont rol) address. The MAC address is assigned at the fact ory and consist s of six pairs of hexadecim al charact ers, for exam ple, 00: A0: C5: 00: 00: 02. You need t o know the MAC address of t he devices t o configure t his screen.13.2 The MAC Filter ScreenUse t he M AC Filter screen t o allow wireless and LAN clients access t o t he LTE Device. To change your LTE Device’s MAC filter settings, click Secur it y > M AC Filte r. The screen appears as shown.Figure 66 Securit y > MAC Filt er

Chapter 13 MAC FilterB222s User’s Guide116The following t able describes t he labels in t his m enu.Table 46 Security > MAC Filt erLABEL DESCRIPTIONMAC Address Filt erSelect En able t o act ivat e MAC address filt ering.Set This is t he index num ber of the MAC address.Allow Select Allow to perm it access t o the LTE Device. MAC addresses not list ed will be denied access t o t he LTE Device. I f you clear this, t he MAC Addr e ss field for t his set clears.MAC Address Enter t he MAC addresses of t he wireless st at ion and LAN devices that are allowed access t o t he LTE Device in these address fields. Ent er t he MAC addresses in a valid MAC address form at , that is, six hexadecim al charact er pairs, for exam ple, 12: 34: 56: 78: 9a: bc.Apply Click Apply t o save you r changes.Cancel Click Can cel t o rest ore your previously saved set t ings.

B222s User’s Guide 117CHAPTER 14Parental Control14.1 OverviewParent al cont rol allows you to block web sites wit h t he specific URL. You can also define t im e periods and days during w hich t he LTE Device perform s parent al cont rol on a specific user. 14.2 The Parental Control ScreenUse t his screen to enable parent al cont rol, view t he parent al cont rol rules and schedules.Click Secur it y > Pa r e nt a l Con t rol t o open t he following screen. Figure 67 Securit y > Parental Control The following t able describes t he fields in t his screen. Table 47 Parent al Control > Parent al Cont rolLABEL DESCRIPTIONParent al Control Select En able t o activate parental cont rol.Add new PCP Click t his if you want to configure a new parent al cont r ol rule.#This shows t he index num ber of the r ule.St atus This indicat es whether t he rule is active or not .A yellow bulb signifies t hat t his rule is act ive. A gray bulb signifies t hat t his r ule is not act ive.PCP Nam e This show s t he nam e of t he rule.Hom e Net work User ( MAC)This shows t he MAC address of t he LAN user’s com put er t o which t his rule applies.I nt ernet Access ScheduleThis shows t he day( s) and t im e on which parent al control is enabled.Net work Service This shows whether t he networ k ser vice is configured. I f not , N o ne will be shown.Web sit e Block This shows whet her t he websit e block is configured. I f not , N on e w ill be shown.

Chapter 14 Parental ControlB222s User’s Guide 119Hom e Net work UserSelect t he LAN user that you want t o apply t his rule to from the drop-down list box. I f you select Cu st o m , ent er the LAN user’s MAC address. I f you select All, the r ule applies t o all LAN user s.I nt ernet Access ScheduleDay Select check boxes for t he days t hat you want the LTE Device to perform par ent al cont rol. St art Blocking Tim eEnd Block ing Tim eEnter the tim e period of each day, in 24- hour form at, during which parent al contr ol will be enforced. Tim e Drag t he t im e bar t o define t he t im e t hat the LAN user is allowed access. Net work ServiceNet work Service Sett ing I f you select Block, t he LTE Device prohibit s t he users from viewing t he Web sit es w it h t he URLs listed below.I f you select Access, t he LTE Device blocks access t o all URLs except ones list ed below.Add new service Click this t o show a screen in which y ou can add a new service r ule. You can configure the Ser vice N a m e, Pr ot ocol, and N a m e of t he new rule.#This show s t he index num ber of t he rule. Select t he checkbox next t o the rule t o activat e it.Service Nam e This show s t he nam e of t he rule.Prot ocol: Port This shows t he prot ocol and t he port of t he r ule.Modify Click the Edit icon to go t o the screen where you can edit the r ule.Click the D e le t e icon to delet e an existing rule.Blocked Site/ URL Ke y w or dClick Add t o show a screen t o ent er t he URL of w eb sit e or URL keyword to which the LTE Device blocks access. Click D e le t e t o rem ove it.Apply Click t his but ton to save your set t ings back to t he LTE Device.Back Click t his but t on t o ret urn t o the previous screen wit hout saving any changes.Table 48 Add/ Edit Parental Control Rule (continued)LABEL DESCRIPTION

Chapter 14 Parental ControlB222s User’s Guide120

B222s User’s Guide 121CHAPTER 15VoIP15.1 OverviewUse t his chapt er t o:• Connect an analog phone t o t he LTE Device.• Make phone calls over t he I nternet , as well as the regular phone net w ork.• Configure set t ings such as speed dial.• Configure network sett ings t o opt im ize the voice qualit y of your phone calls.15.1.1 What You Can Do in this ChapterThese screens allow you t o configure your LTE Device t o m ake phone calls over t he I nt ernet and your regular phone line, and t o set up t he phones you connect t o t he LTE Device.• Use the SI P Se r vice Provide r screen t o configure t he SI P server infor m ation, QoS for VoI P calls, t he num bers for cert ain phone funct ions ( Sect ion 15.2 on page 123) . • Use the SI P Accou nt screen t o set up inform ation about your SI P account, control which SI P account s t he phones connect ed to t he LTE Device use and configur e audio set tings such as volum e levels for t he phones connected t o t he LTE Device ( Sect ion 15.3 on page 129) .• Use the Ph one De vice screen t o cont rol which SI P account s t he phones connect ed t o t he LTE Device use ( Sect ion 15.5 on page 133) .• Use the Re gion screen t o change set t ings t hat depend on t he country you are in ( Sect ion 15.6 on page 134) .• Use the Call Ru le screen t o set up short cuts for dialing frequently- used ( VoI P) phone num bers (Section 15.7 on page 134) .You don’t necessarily need t o use all t hese scr eens t o set up your account . I n fact , if your service provider did not supply inform ation on a part icular field in a screen, it is usually best to leave it at it s default sett ing.15.1.2 What You Need to KnowThe following term s and concept s m ay help as you read this chapt er.VoIPVoI P stands for Voice over I P. I P is t he I nternet Prot ocol, which is t he m essage- carrying standard the I nt er net runs on. So, Voice over I P is t he sending of voice signals ( speech) over the I nt ernet ( or anot her net work that uses t he I nternet Prot ocol) .

Chapter 15 VoIPB222s User’s Guide122SIPSI P st ands for Session I nitiat ion Prot ocol. SI P is a signalling standard that let s one network device ( like a com puter or the LTE Device) send m essages to anot her. I n VoI P, t hese m essages are about phone calls over t he net work. For exam ple, when you dial a num ber on your LTE Device, it sends a SI P m essage over t he net work asking the ot her device ( the num ber you dialed) t o t ake part in t he call. SIP AccountsA SI P account is a type of VoI P account . I t is an arrangem ent wit h a service provider t hat let s you m ake phone calls over t he I nternet . When you set the LTE Device t o use your SI P account t o m ake calls, t he LTE Device is able t o send all the inform ation about t he phone call t o your service prov ider on t he I nternet .St r ictly speaking, you don’t need a SI P account . I t is possible for one SI P device ( like the LTE Device) t o call anot her without involving a SI P service provider. However, t he net w orking difficult ies involved in doing t his m ake it t rem endously im practical under norm al circum stances. Your SI P account provider rem oves these difficulties by taking care of t he call rout ing and set up - figuring out how to get your call t o the right place in a way that you and t he ot her person can t alk t o one anot her. Voice Activity Detection/Silence SuppressionVoice Activit y Det ection ( VAD) det ects whether or not speech is present . This let s the LTE Device reduce t he bandwidt h t hat a call uses by not t ransm itt ing “ silent packet s” when you are not speaking.Comfort Noise GenerationWhen using VAD, the LTE Device generat es com fort noise when t he ot her part y is not speaking. The com fort noise let s you know t hat t he line is still connected as t otal silence could easily be m ist aken for a lost connect ion.Echo Cancellation G.168 is an I TU-T st andard for elim inat ing t he echo caused by the sound of your voice reverberating in the telephone receiver while you t alk.Use t his screen to m aint ain basic infor m ation about each SI P account . You can also enable and disable each SI P account , configure t he volum e, echo cancellat ion and VAD ( Voice Act ivit y Det ection) settings for each individual phone port on t he LTE Device. How to Find Out MoreSee Chapt er 3 on page 33 for a t ut orial showing how t o set up these scr eens in an exam ple scenario.See Sect ion on page 135 for advanced technical inform ation on SI P.

Chapter 15 VoIPB222s User’s Guide124Not e: Click m or e ... to see all the fields in t he screen. You don’t necessarily need t o use all these fields t o set up your account . Click hide m ore to see and configure only the fields needed for t his feat ure. Figure 69 VoI P > SI P > SI P Service Provider

Chapter 15 VoIPB222s User’s Guide126The following t able describes t he labels in t his screen.Table 49 VoI P > SI P > SI P Service ProviderLABEL DESCRIPTIONSI P Service Provider SelectionService Provider SelectionSelect the SI P service provider pr ofile you want to use for the SI P account you configure in t his screen. I f you change this field, t he screen aut om at ically refreshes. GeneralSI P Service ProviderSelect t his if you want the LTE Device to use t his SI P provider. Clear it if you do not want the LTE Device t o use t his SI P provider.SI P Service Provider Nam eEnter t he nam e of your SI P service provider. SI P Local Port Ent er t he LTE Device’s list ening port num ber, if your VoI P service prov ider gave you one. Ot herwise, keep t he default value.Main SI P Server AddressEnter t he I P address or dom ain nam e of t he SI P server provided by your VoI P service provider. You can use up to 95 print able ASCII charact ers. I t does not m at t er whet her t he SI P server is a proxy, redirect or register server.SI P Server Port Ent er t he SI P server ’s listening port num ber, if your VoI P service provider gave you one. Ot herwise, keep t he default value.REGI STER Server AddressEnter t he I P address or dom ain nam e of t he SI P regist er server, if your VoI P service provider gave you one. Ot herw ise, ent er t he sam e address you ent ered in t he SI P Ser ver Addre ss field. You can use up to 95 print able ASCI I charact ers.REGI STER Server Por tEnter t he SI P r egister server’s listening port num ber, if your VoI P service provider gave you one. Otherwise, ent er the sam e port num ber you ent ered in t he SI P Se rve r Port field.SI P Service Dom ainEnter t he SI P service dom ain nam e. I n the full SI P URI , t his is t he part after t he @ sym bol. You can use up to 127 print able ASCII Extended set charact ers.RFC SupportPRACK ( RFC 3262)RFC 3262 defines a m echanism to provide r eliable t ransm ission of SI P pr ovisional response m essages, which convey inform ation on t he processing progress of t he request . This uses t he opt ion t ag 100r el and t he Provisional Response ACKnowledgem ent ( PRACK) m et hod.Select Suppor t e d or Requ ir ed t o have the LTE Device include a SI P Require/ Support ed header field wit h t he option t ag 100rel in all I NVI TE requests. When the LTE Device receiv es a SI P response m essage indicat ing t hat t he phone it called is ringing, the LTE Device sends a PRACK m essage t o have bot h sides confirm t he m essage is received. I f you select Suppor t ed, t he peer device support s t he opt ion t ag 100rel t o send provisional responses r eliably.I f you select Re quir e d, the peer device requires the opt ion t ag 100rel t o send provisional responses reliably.Select Disable d to t urn off t his funct ion. DNS SRV Enabled ( RFC 3263)Select t his option t o have t he LTE Device use DNS procedur es to resolve t he SI P dom ain and find t he SI P server ’s I P address, port num ber and suppor ted t ransport pr otocol( s).The LTE Device first uses DNS Nam e Aut hority Pointer ( NAPTR) records t o det erm ine the transport prot ocols support ed by t he SI P ser ver. I t then perform s DNS Ser vice ( SRV) query to det erm ine the port num ber for t he prot ocol. The LTE Device r esolves the SI P server’s I P address by a st andard DNS address record lookup.Session Tim er ( RFC 4028)Select this t o have t he LTE Device support RFC 4028.This m akes sure t hat SI P sessions do not hang and t he SI P line can alw ays be available for use.RTP Port Range

Chapter 15 VoIPB222s User’s Guide 127St art PortEnd PortEnter t he list ening port num ber( s) for RTP t raffic, if your VoI P service prov ider gave you this inform at ion. Otherwise, keep t he default values.To ent er one port num ber, enter t he por t num ber in t he St a r t Por t and End Por t fields.To ent er a range of port s,• ent er t he port num ber at t he beginning of t he range in the Sta r t Port field.• ent er the port num ber at t he end of the range in the End Por t field.DTMF Mode Cont rol how t he LTE Device handles the t ones t hat your t elephone m akes when you push it s but t ons. You should use the sam e m ode your VoI P serv ice pr ovider uses.RFC2 8 3 3 - send t he DTMF tones in RTP packets.PCM - send the DTMF t ones in the voice data stream . This m et hod works best when you are using a codec t hat does not use com pression ( like G.711) . Codecs that use com pression ( like G.729 and G.726) can distort t he t ones.SI P I N FO - send t he DTMF t ones in SI P m essages.Tr a n sp o r t Ty p eTr a n sp o r t Ty p e Select t he t ransport layer prot ocol UDP or TCP ( usually UDP) used for SI P.FAX Opt ion This field cont rols how t he LTE Device handles fax m essages.G711 Fax Passt h rou ghSelect this if t he LTE Device should use G.711 t o send fax m essages. The peer devices m ust also use G.711.T38 Fax Relay Select this if the LTE Device should send fax m essages as UDP or TCP/ I P packet s t hrough I P net works. This provides bet t er qualit y, but it m ay have int er- operability problem s. The peer devices m ust also use T.38.Outbound ProxyEnable Select t his if your VoI P service provider has a SI P out bound server t o handle voice calls. This allows t he LTE Device t o work wit h any type of NAT rout er and elim inat es t he need for STUN or a SI P ALG. Turn off any SI P ALG on a NAT r ou t er in front of t he LTE Dev ice t o keep it from re- t ranslating t he I P address ( since t his is already handled by the outbound proxy server) .Server Addr ess Ent er the I P addr ess or dom ain nam e of t he SI P outbound proxy server. Server Port Enter t he SI P out bound proxy server’s listening port , if your VoI P ser vice provider gave you one. Otherwise, keep t he default value.QoS TagSI P TOS Pr iority Sett ingEnter t he DSCP ( DiffServ Code Point ) num ber for SI P m essage t ransm issions. The LTE Device creat es Class of Service (CoS) priority t ags wit h t his num ber t o SI P t raffic t hat it t ransm it s.RTP TOS Priority Sett ingEnter t he DSCP ( DiffServ Code Point ) num ber for RTP voice t ransm issions. The LTE Device creat es Class of Service (CoS) priority t ags with t his num ber t o RTP t raffic t hat it t ransm it s.Tim er SettingExpiration Durat ionEnter t he num ber of seconds your SI P account is registered wit h t he SI P regist er server before it is delet ed. The LTE Device aut om at ically t ries t o re- regist er your SI P account when one- half of t his t im e has passed. ( The SI P register server m ight have a different expir at ion .)Regist er Re- send t im erEnt er the num ber of seconds t he LTE Device wait s before it tries again t o register t he SI P account, if t he first try failed or if t here is no response.Session Expires Enter t he num ber of seconds t he LTE Device lets a SI P session rem ain idle (w ithout traffic) before it autom atically disconnects the session.Table 49 VoI P > SI P > SI P Service Prov ider ( cont inued)LABEL DESCRIPTION

Chapter 15 VoIPB222s User’s Guide128Min-SE Enter the m inim um num ber of seconds t he LTE Dev ice lets a SI P session rem ain idle ( wit hout t raffic) before it aut om at ically disconnects t he session. When t wo SI P devices st art a SI P session, they m ust agree on an expiration tim e for idle sessions. This field is the short est expirat ion t im e t hat t he LTE Device accept s.Dialing I nterval SelectionDialing I nt erval SelectionEnt er the num ber of seconds t he LTE Device should wait aft er you stop dialing num bers before it m akes t he phone call. The value depends on how quickly you dial phone num bers.Phone Key ConfigUse this section t o cust om ize t he phone keypad com binations you use to access cert ain feat ures on the LTE Device.Call Return Thi s cod e is u sed t o t u r n t he call r et u r n f eat ure on. Wit h call ret urn, you can place a call t o the last num ber that called you ( eit her answered or m issed) .Caller Display Call This code is used t o display t he caller I D for outgoing calls.Caller Hidden Call This code is used to hide t he caller I D for out going calls.One Shot Caller Display CallThis code is used t o display t he caller I D only for t he phone call your are going to m ake.One Shot Caller Hidden CallThis code is used t o hide t he caller I D only for t he phone call your ar e going t o m ake.Call Wait ing EnableThis code is used t o turn the Call Wait ing feat ure on. With call wait ing, you hear a special beep notifying another incom ing call while you are answering a call. I t allows you to place the first incom ing call on hold and answer the second call so t hat you won’t m iss any im port ant calls.Call Wait ing DisableThis code is used t o t urn t he Call Wait ing feature off.One Shot Call Wait ing EnableThis code is used t o enable call wait ing only for the phone call your are going to m ake. See t he descript ion for t he Call Wait ing Enable field for m or e inform at ion.One Shot Call Wait ing DisableThis code is used t o disable one shot call waiting.I nt ernal Call Th i s cod e is u sed t o en ab le in t er n al call s t hat allow s y o u t o call fr om on e p h on e t o an ot h er phone connect ed t o t he LTE Device.Call Transfer This code is used t o enable call t ransfer that allows you t o t ransfer an incom ing call ( t hat you have answ ered) to anot her phone.Unconditional Call Forward EnableThis code is used t o enable unconditional call forwarding. I ncom ing calls are alway s forwarded t o a specified num ber w it hout any condit ion.Unconditional Call Forward DisableThis code is used t o disable uncondit ional call forwarding.No Answer Call Forward EnableThis code is used t o enable call for warding when t here is no answer at a SI P num ber.No Answer Call Forward DisableThis code is used t o disable call for warding when t here is no answer at a SI P num ber.Call Forward When Busy EnableThis code is used t o enable call forwarding w hen the phone is busy.Call Forward When Busy DisableThis code is used t o disable call forwarding w hen the phone is busy.Do Not Disturb EnableThis code is used t o t urn t he Do Not Dist urb feature on. This has t he LTE Device not forward calls to t he phone line.Table 49 VoI P > SI P > SI P Service Prov ider ( cont inued)LABEL DESCRIPTION

Chapter 15 VoIPB222s User’s Guide 12915.3 The SIP Account ScreenThe LTE Device uses a SI P account t o m ake out going VoI P calls and check if an incom ing call’s destinat ion num ber m atches your SI P account ’s SI P num ber. I n order t o m ake or receive a VoI P call, you need t o enable and configure a SI P account, and m ap it t o a phone port . The SI P account contains inform ation t hat allows your LTE Device t o connect t o your VoI P service provider. See Sect ion 15.3 on page 129 for how t o m ap a SI P account t o a phone port .To access t he following screen, click VoI P > SI P > SI P Account .Figure 70 VoI P > SI P > SI P AccountThe following t able describes t he labels in t his screen.Do Not Disturb DisableThis code is used t o t urn t he Do Not Dist urb feature off.Apply Click Apply t o save your changes.Cancel Click Can cel t o rest ore your previously saved set t ings.Table 49 VoI P > SI P > SI P Service Prov ider ( cont inued)LABEL DESCRIPTIONTable 50 VoI P > SI P > SI P AccountLABEL DESCRIPTION# This is t he index num ber of t he ent ry.Active This show s whether t he SI P account is act ivated or not.A yellow bulb signifies t hat t his SI P account is activat ed. A gray bulb signifies t hat t his SI P account is act ivated.SI P Account This shows t he nam e of the SI P account.SI P Service ProviderThis show s t he nam e of t he SI P service pr ovider.Account No. This shows t he SI P num ber.Modify Click t he Ed it icon t o configure t he SI P account.Click t he D e le t e icon to delet e t his SI P account from t he LTE Device.

Chapter 15 VoIPB222s User’s Guide13015.3.1 Add/Edit SIP AccountYou can configure a new SI P account or edit one. To access this scr een, click Add new SI P Accou nt in t he SI P Accou nt screen or Ed it icon next to an exist ing account . Figure 71 SI P Account : Add/ Edit

Chapter 15 VoIPB222s User’s Guide 131Each field is described in t he following t able.Table 51 SI P Account: EditLABEL DESCRIPTIONSI P Service Provider SelectionService Provider SelectionSelect the SI P service provider pr ofile you want to use for the SI P account you configure in t his screen.This field is view-only if you are edit ing the SI P account.SI P Account SelectionSI P Account SelectionThis show s t he SI P account you are configur ing.GeneralSI P Account Select the Active SI P Account check box if you want t o use t his account . Clear it if you do not want t o use t his account .SI P Account Nu m berEnt er your SI P num ber. I n t he full SI P URI , t his is t he part before t he @ sy m bol. You can use up to 127 printable ASCII charact ers.Au t hent icat ionUsernam e Enter t he user nam e for regist ering t his SI P account, exactly as it was given t o you. You can use up t o 95 printable ASCI I characters.Password Enter t he password for regist ering t his SI P account , exactly as it was given t o you. You can use up t o 95 printable ASCI I characters.URL TypeURL Ty pe Select whether or not t o include t he SI P service dom ain nam e when t he LTE Device sends the SI P num ber.SI P - include t he SI P service dom ain nam e.TEL - do not include the SI P service dom ain nam e.Voice Feat ur esPrim ary Com pression TypeSecondary Com pression TypeThird Com pression TypeSelect t he t ype of voice coder/ decoder ( codec) t hat you w ant t he LTE Device t o use. G.711 provides higher voice qualit y but requires m ore bandw idt h ( 64 kbps) .•G.7 1 1 M uLaw is typically used in Nor th Am erica and Japan.•G.7 1 1 ALaw is ty pically used in Europe.•G.7 2 9 only requir es 8 kbps.•G.7 2 6 - 3 2 operat es at 16, 24, 32 or 40 kbps.•G.7 2 2 operates at 48, 56 and 64 kbps.The LTE Device m ust use t he sam e codec as the peer. When two SI P devices start a SI P session, they m ust agr ee on a codec.Select t he LTE Device’s first choice for voice coder/ decoder.Select the LTE Device’s second choice for voice coder/ decoder. Select N on e if you only want t he LTE Device t o accept the fir st choice.Select t he LTE Device’s third choice for voice coder/ decoder. Select N o ne if you only want the LTE Device t o accept t he fir st or second choice.Speaking Vo lu m e Cont rol Ent er the loudness t hat t he LTE Device uses for speech t hat it sends t o the peer device. Minim um is t he quiet est , and Ma x im u m is t he loudest .Listening Vo lu m e Cont rol Enter t he loudness t hat the LTE Device uses for speech that it receives from t he peer device.Minim um is t he quiet est , and Ma x im u m is t he loudest .Active G.168 ( Echo Cancellation) Select t his if you want to elim inat e t he echo caused by the sound of your voice rever berating in the telephone receiver w hile you t alk.

Chapter 15 VoIPB222s User’s Guide13215.4 Multiple SIP Accounts You can set up t wo SI P account s on your LTE Device and your LTE Device is equipped w it h t wo phone port s. By default , SI P1 of t he LTE Device m aps to phone port 1 for incom ing and out going, and SI P2 m aps to phone port 2 for incom ing and out going.Act ive VAD ( Voice Active Detect or)Select t his if the LTE Dev ice should st op t ransm it ting when you are not speaking. This reduces t he bandwidth the LTE Device uses.Call Features Send Caller I D Select t his if you want t o send identificat ion w h en y ou m ak e VoI P ph on e calls. Cl ear t his if you do not want to send identificat ion.Act ive Call Tr a n s f e rSelect t his to enable call t ransfer on t he LTE Device. This allows you to t ransfer an incom ing call (t hat you have answ ered) t o anot her phone.Act ive Call Wait in gSelect t his t o enable call w ait ing on the LTE Device. This allows you t o place a call on hold while you answer anot her incom ing call on the sam e t elephone (directory) num ber.Act ive Call Wait ing Rej ect Tim eSpecify a t im e of seconds t hat the LTE Device wait s before rej ect ing t he second call if you do not answer it .Act ive Unconditional For w ar d Select this if you want the LTE Device to forward all incom ing calls to t he specified phone num ber. Specify the phone num ber in t he To N um ber field on t he r ight .Act ive Busy For w ar dSelect t his if you want the LTE Device t o forward incom ing calls t o the specified phone num ber if the phone port is busy. Specify the phone num ber in t he To N um ber field on t he right .I f you have call wait ing, t he incom ing call is forwarded t o t he specified phone num ber if you rej ect or ignore the second incom ing call.Act ive No Answer For w ar dSelect t his if you want the LTE Device t o forward incom ing calls t o the specified phone num ber if t he call is unanswered. ( See N o An sw e r Tim e.)Specify the phone num ber in t he To N um ber field on t he right .No Answer Ring Tim eThis field is used by t he Act ive N o An sw e r Forw ar d feat ure.Ent er the num ber of seconds t he LTE Device should wait for you t o answer an incom ing call before it considers t he call is unanswer ed.Hot Line/ Warm Line EnableEnable W ar m Line or Hot Line feat ure on the LTE Device. A hot line or warm line num ber is a phone num ber.Hot Line/Warm Line num berEnter t he num ber to be dialed once t he phone is off t he hook im m ediat ely ( Hot Line) or aft er t he t im e the phone rem ains off the hook has surpassed the delay period ( Warm Line) .Warm Line Tim er ( sec)Enter t he durat ion t he phone can r em ain off t he hook before aut om at ically dialing t he warm line num ber. You can set t he delay from 1 t o 15 seconds.Act ive Anonym ous Call BlockSelect this if you do not want t he phone t o ring when som eone t ries t o call you wit h caller I D deactivat ed.Apply Click Apply t o save your changes.Back Click Back t o return t o t he previous screen w it hout saving.Table 51 SI P Account: Edit ( cont inued)LABEL DESCRIPTION

Chapter 15 VoIPB222s User’s Guide 13315.5 Phone Screen Use t his screen t o cont rol which SI P accounts t he phone uses. Click VoI P > Ph on e t o access the Phone De vice screen.Figure 72 VoI P > Phone > Phone DeviceThe following t able describes t he labels in t his screen.15.5.1 Edit Phone DeviceYou can decide which SI P accounts t he phone connected to t he LTE Device use by clicking the Edit icon next t o a Phone I D. The following screen displays. You cannot edit the account if it is not act ivated. Go to VoI P > SI P > SI P Account > Edit t o act ivat e a SI P account (see Sect ion 15.3 on page 129 for m ore inform ation) . Figure 73 Phone Device: EditThe following t able describes t he labels in t his screen.Table 52 VoI P > Phone > Phone DeviceLABEL DESCRIPTION# This is t he index num ber of t he ent ry.Phone I D This is the phone device num ber.Outgoing SI P Nu m berThis is t he out going SI P num ber of t he phone device.Modify Click t he Ed it icon t o configure t he SI P account.Table 53 Phone Device: EditLABEL DESCRIPTIONSI P Account t o Make Out going CallSI P Account Select the SI P account you want to use when m aking outgoing calls with the analog phone connect ed t o t his phone port . SI P Num ber This shows t he SI P account num ber.SI P Account ( s) t o Receive I ncom ing Call

Chapter 15 VoIPB222s User’s Guide 135rule, you can use a short cut ( t he speed dial num ber, # 01 for exam ple) on your phone's keypad to call the phone num ber. To access t his screen, click VoI P > Call Ru le.Figure 75 VoI P > Call RuleEach field is described in t he following t able.Table 55 VoI P > Call RuleLABEL DESCRIPTIONSpeed Dial Use this section to creat e or edit speed- dial entr ies.#Select t he speed- dial num ber you want t o use for t his phone num ber.Num ber Enter the SI P num ber you want the LTE Device t o call when you dial the speed- dial num ber.Description Enter a short descript ion t o identify t he party you call when you dial the speed- dial num ber. You can use up t o 127 printable ASCII charact ers.Add Click t his to use the inform at ion in the Spe ed Dial sect ion to updat e the Spee d D ial Phone Book sect ion.Phone Book Use t his section t o look at all the speed- dial entries and t o erase them .# This field displays t he speed- dial num ber you should dial t o use t his entry.Num ber This field displays t he SI P num ber the LTE Device calls when you dial t he speed- dial num ber.Descript ion This field displays a short description of the part y you call w hen you dial t he speed- dial num ber.Modify Use t his field t o edit or erase t he speed- dial entry.Click t he Ed it icon t o copy t he inform at ion for t his speed- dial ent ry into t he Spee d Dia l section, where y ou can change it . Click Add when you finish edit ing t o change t he configurations.Click t he D e le t e icon t o erase t his speed- dial entry.Clear Click t his to erase all t he speed- dial ent ries.Cancel Click t his t o set every field in this screen to it s last - saved value.

$Chapter 15 VoIPB222s User’s Guide13615.8 Technical ReferenceThis sect ion cont ains background m aterial relevant t o the VoI P screens.15.8.1 VoIP VoI P is t he sending of voice signals over I nt ernet Protocol. This allows you t o m ake phone calls and send faxes over the I nt ernet at a fraction of the cost of using t he t radit ional circuit- switched telephone network. You can also use servers to run t elephone service applicat ions like PBX services and voice m ail. I nt ernet Telephony Service Provider ( I TSP) com panies provide VoI P service. Circuit- swit ched t elephone net works require 64 kilobit s per second (Kbps) in each direct ion to handle a t elephone call. VoI P can use advanced voice coding t echniques wit h com pression to reduce the required bandwidt h. 15.8.2 SIPThe Session I nit iation Prot ocol ( SI P) is an application- layer control ( signaling) prot ocol t hat handles the set ting up, altering and t ear ing down of voice and m ultim edia sessions over t he I nt ernet .SI P signaling is separat e from t he m edia for which it handles sessions. The m edia t hat is exchanged during t he session can use a different path from t hat of the signaling. SI P handles t elephone calls and can interface wit h t radit ional circuit- switched t elephone net works.SIP IdentitiesA SI P account uses an ident it y (som et im es referred to as a SI P address). A com plet e SI P ident it y is called a SI P URI ( Uniform Resour ce I dent ifier) . A SI P account 's URI ident ifies t he SI P account in a way sim ilar t o t he way an e-m ail addr ess identifies an e-m ail account . The form at of a SI P identit y is SI P- Num ber@SI P-Service-Dom ain.SIP NumberThe SI P num ber is t he part of t he SI P URI t hat com es before t he “ @” sym bol. A SI P num ber can use let ters like in an e-m ail address ( j ohndoe@your-I TSP.com for exam ple) or num bers like a telephone num ber (1122334455@VoI P- provider.com for exam ple) .SIP Service DomainThe SI P ser vice dom ain of t he VoI P service provider is t he dom ain nam e in a SI P URI . For exam ple, if the SI P address is 1 12 23 34 45 5@VoI P- pr ov ider.com , then “ VoI P- provider.com ” is t he SI P ser vice dom ain.SIP RegistrationEach LTE Device is an individual SI P User Agent ( UA). To provide voice ser vice, it has a public I P address for SI P and RTP prot ocols to com m unicat e wit h ot her ser vers. A SI P user agent has t o register wit h t he SI P registrar and m ust provide inform at ion about t he users it represent s, as well as it s current I P address (for the rout ing of incom ing SI P request s) .$

MitraStar Technology M4G-301 TD-LTE OUTDOOR CPE User Manual

MitraStar Technology Corporation TD-LTE OUTDOOR CPE

User Manual

Navigation menu

Namespaces

Views

Navigation