Cisco Small Business Pro series, Small Business Pro SRP521 Administration Manual

Page 1
REVIEW DRAFT — CISCO CONFIDENTIAL
ADMINISTRATION
GUIDE
Cisco Small Business Pro
SRP521 Services Ready Platform VoIP Gateway
Page 2
REVIEW DRAFT — CISCO CONFIDENTIAL
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco Ironport, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare (Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0907R)
© 2009 Cisco Systems, Inc. All rights reserved. OL-20474-01
Page 3
REVIEW DRAFT — CISCO CONFIDENTIAL
Contents
Chapter 1: Introduction to the Gateway 7
Feature Overview 7
Product Overview 7
SRP521 Front Panel 8
SRP521 Back Panel 9
Side Panels 10
Top View 11
Chapter 2: The Home Menu 12
Quick Setup Instructions 12
Starting the Setup Wizard 12
Chapter 3: Setting up the Interfaces of the Gateway 14
Setting up the WAN Interface 14
Internet Setup 14
Mobile Network 16
Connection Recovery 19
Setting up the LAN Interface 22
DHCP Server Pool Setting 22
Bridge/VLAN Setting 26
Port Setting 28
Setting up the Wireless LAN 29
Basic Wireless Settings 29
Wireless Protected Setup 32
WPS Method 1 32 WPS Method 2 32 WPS Method 3 33
Wireless Security 35
Wireless MAC Filter 38
Advanced Wireless Settings 40
WMM Setting 44
Using the Loopback Interface 45
SRP 521 VoIP Gateway Administration Guide 3
Page 4
REVIEW DRAFT — CISCO CONFIDENTIAL
Contents
Chapter 4: Configuring the Network 47
Static Routing 47
RIP 49
Intervlan Routing 50
NAT 50
Setting 50
Single Port Forwarding 51
Port Range Forwarding 53
Port Range Triggering 54
ALG Control 56
QoS 56
Bandwidth Control 56
QoS Policy 57
QoS Settings 57
Firewall 59
Firewall Filter 59
Internet Access Control 61
PPPoE Relay 64
DDNS 65
IGMP 69
UPnP 70
CDP Setting 71
Chapter 5: Voice Settings 73
Info 73
System 74
Chapter 6: Configuring VPN 75
IKE Policy 75
IPSec Policy 77
GRE Tunnel 80
SRP 521 VoIP Gateway Administration Guide 4
Page 5
REVIEW DRAFT — CISCO CONFIDENTIAL
Contents
VPN Passthrough 83
Chapter 7: Administration Settings 85
Web Access Management 85
Settings 85
Remote Access Rule 87
Remote Management 89
TR069 89
SNMP 91
Local TFTP 92
Time Setup 93
User List 95
Log 96
Factory Defaults 97
Firmware Upgrade 98
Backup & Restore 99
Backup Configuration 99
Restore Configuration 100
Reboot 101
Chapter 8: Using Gateway Diagnostics 103
Ping Test 103
Traceroute Test 104
Chapter 9: Viewing the Gateway Status 106
Router Settings 106
Firewall Status 108
Interface Information 110
Wireless Client Information 111
Mobile Network 112
DHCP Server Information 115
SRP 521 VoIP Gateway Administration Guide 5
Page 6
REVIEW DRAFT — CISCO CONFIDENTIAL
QoS status 116
Routing table 117
ARP Table 119
CDP Neighbor Information 120
Contents
Appendix A: Where to Go From Here 121
Appendix B: Specifications 123
SRP 521 VoIP Gateway Administration Guide 6
Page 7
REVIEW DRAFT — CISCO CONFIDENTIAL

Introduction to the Gateway

This chapter provides information to familiarize you with the product features and get started using the web-based Configuration Utility.
Feature Overview, page 7
Product Overview, page 7
1

Feature Overview

Thank you for choosing the Cisco Small Business Pro SRP521Services Ready Platform VoIP Gateway. The gateway has the features needed for small business. Its WAN port and four LAN ports support 10/100 Mbps speeds, it has two ports to connect to analog telephone Service (PSTN), and supports 802.11b/g/n wireless networking.

Product Overview

The SRP521, a member of the Cisco Small Business Pro family, is a unified communications solution for small businesses that provides voice, data, video, security, and wireless capabilities.
With its web-based interface, the SRP521 is easy to setup and configure.
SRP 521 VoIP Gateway Administration Guide 7
Page 8
Introduction to the Gateway
Product Overview

SRP521 Front Panel

1
REVIEW DRAFT — CISCO CONFIDENTIAL
Cisco Small Business Pro
12 2143
LANPOWER/SYS WAN PHONE USB WPSWIRELESS
LED Description
POWER/SYS Solid green indicates that the SRP521 is powered on.
Slow green flash indicates that the SRP521 is booting.
LAN Ports 1 to 4 Solid green indicates link. Green flash indicates link
traffic.
WAN Solid green indicates link. Green flash indicates link
traffic.
WIRELESS Solid green indicates the radio is operational. Green flash
indicates wireless traffic.
SRP521
276377
USB Solid green indicates USB device is operational. Green
flash indicates device failure or unsupported device.
WPS Solid green indicates WiFi Protected Setup success.
Slow green flash indicates setup in progress. Fast green flash indicates a setup error.
SRP 521 VoIP Gateway Administration Guide 8
Page 9
Introduction to the Gateway
Product Overview

SRP521 Back Panel

1
REVIEW DRAFT — CISCO CONFIDENTIAL
FXO
Line Port
21 1234
LINE (FXO)PHONE (FXS)
WAN
Port
LAN (10/100)WAN (10/100)
On/Off Switch
12VDC
12V DC
Phone
Ports
Feature Description
PHONE Ports Use these ports to connect analog phones. FXO LINE Port Use this port to connect to the Public Switched Telephone
Network (PSTN) which is the analog telephone service network that traditional phone service uses.
LAN
Ports
Power
276375
WAN Port Use this port to connect the SRP521 to your WAN or DSL
Internet connection. LAN Ports 1 to 4 Use these ports to connect to a network device. On/Off Switch Use this switch to power the SRP521 on or off. 12 V DC Power Use this port to connect the power adapter.
SRP 521 VoIP Gateway Administration Guide 9
Page 10
Introduction to the Gateway
Product Overview

Side Panels

1
REVIEW DRAFT — CISCO CONFIDENTIAL
Reset
button
RESET
USB
connector
USB
276380
276381
Feature Description
RESET Button Press this button for 10 seconds to reset the SRP521. USB Port Use this port to connect a compatible 3G USB device. For
a list of compatible 3G USB modems please check the
support community at cisco.com/go/smallbizsupport. Antenna SRP521 Wi-Fi antenna.
SRP 521 VoIP Gateway Administration Guide 10
Page 11
Introduction to the Gateway
Product Overview

Top Vie w

1
REVIEW DRAFT — CISCO CONFIDENTIAL
276378
WPS Button
Feature Description
WPS Button To automatically configure wireless security for devices
that support Wi-Fi Protected Setup (WPS), press and hold
this button until the WPS LED blinks.
NOTE The device being configured by WPS should be
physically close to the SRP521 because Wi-Fi power is reduced during the setup.
SRP 521 VoIP Gateway Administration Guide 11
Page 12
REVIEW DRAFT — CISCO CONFIDENTIAL

The Home Menu

This chapter describes how to view Quick Setup instructions and how to start the Setup Wizard.
Quick Setup Instructions, page 12
Starting the Setup Wizard, page 12
2

Quick Setup Instructions

The Quick Setup page presents a summary of the steps required to setup the gateway, secure your network, and provide personal network settings. Many of the steps contains hyperlinks that quickly take you to that highlighted item.
STEP 1 Click Home on the tab and then click Quick Setup in the navigation pane. The
Quick Steup page appears.
STEP 2 Optionally, you can click a hyperlink to jump to that page.

Starting the Setup Wizard

The Setup Wizard guides you through the basic steps required to configure your Services Ready Platform for a Cisco Smart Business Communications System (SBCS).
NOTE The Setup Wizard is helpful to configure your gateway the first time you install it.
SRP 521 VoIP Gateway Administration Guide 12
Page 13
The Home Menu
Starting the Setup Wizard
STEP 1 Click Home on the tab and then click SetupWizard in the navigation pane. The
STEP 2 Follow the instructions in the Setup Wizard to configure your gateway.
2
REVIEW DRAFT — CISCO CONFIDENTIAL
Setup Wizard page appears.
SRP 521 VoIP Gateway Administration Guide 13
Page 14
REVIEW DRAFT — CISCO CONFIDENTIAL

Setting up the Interfaces of the Gateway

You can use the Inteface Setup pages to setup the WAN, LAN, and Wireless LAN interfaces.
Setting up the WAN Interface, page 14
Setting up the LAN Interface, page 22
Setting up the Wireless LAN, page 29
3
Using the Loopback Interface, page 45

Setting up the WAN Interface

Internet Setup

The settings for WAN networking are set on these pages. In most cases, you can configure the gateway and get it working properly by using only the settings on these pages.
NOTE After you configure interfaces settings, you should set a new password for the
gateway using the Adminstration > Access Setting page. This precaution increases security, protecting the gateway from unauthorized changes. All users who try to access the web-based Configuration Utility will be prompted for the password of the gateway.
STEP 1 Click Interface Setup on the tab and then click WAN in the navigation pane. The
Internet Setup page appears.
STEP 2 To add or edit interfaces in the WAN Interface List, click the add or edit icons.
STEP 3 Adjust WAN Phy Set tin gs as necessary.
SRP 521 VoIP Gateway Administration Guide 14
Page 15
Setting up the Interfaces of the Gateway
Setting up the WAN Interface
REVIEW DRAFT — CISCO CONFIDENTIAL
STEP 4 To clone a MAC address to the gateway, click Enabled and then enter a MAC
address. To clone the MAC address of your computer, click the Clone Your PC’s MAC button.
STEP 5 Click Submit to save your settings.
3
Field Description
WAN Interface List The WAN Interface list which shows the physical link, its
protocol, and itsIP address if one exists. In each entry, you can create new sub-interface by clicking the Add Subinterface button or the Edit button.
If you have more than one sub-interface, you can choose ether one as the default routing interface by selecting the Default Route radio button.
SRP 521 VoIP Gateway Administration Guide 15
Page 16
3
Setting up the Interfaces of the Gateway
Setting up the WAN Interface
Field Description
WAN Flow Control WAN flow control. To set flow control for the WAN, select
Enabled and click Submit. The default setting is Disabled.
WAN Speed Duplex WAN Speed Duplex mode. Selections are Auto-
negotiate, 10 Half, 10 Full, 100 Half and 100 Full. To set WAN speed duplex mode, choose the mode and click Submit.The default setting is Auto-negotiate.
MAC Address Clone
Details of WAN The Details of WAN area shows information about your
A MAC address is a 12-digit code assigned to a unique piece of hardware for identification purposes. Some ISPs require that you to register a MAC address in order to access the Internet. If you do not wish to re-register the MAC address with your ISP, you may assign the MAC address that you have currently registered with your ISP to the gateway with the MAC Address Clone feature. To clone your MAC address, select Enabled, click Clone Your PC’s MAC, and click Submit. The default value is Disabled.
WAN.

Mobile Network

You can configure your gateway to connect to a mobile network through the USB interface. The gateway allows you to set the connect mode. You can configure an automatic or manual connection. You also can use this page to view the current connection status.
STEP 1 Click Interface Setup on the tab and then click Mobile Network in the navigation
pane. The Mobile Network page appears.
STEP 2 If necessary, change any global settings in the Global Settings area. The Card
Status field shows the status of your mobile card.
STEP 3 If necessary, change any mobile network settings in the Mobile Network Setup
area.
16 SRP 521 VoIP Gateway Administration Guide
Page 17
Setting up the Interfaces of the Gateway
Setting up the WAN Interface
REVIEW DRAFT — CISCO CONFIDENTIAL
NOTE You must click the Manual option in the Configure Mode field to manually setup your
mobile network card.
STEP 4 Click Submit to save your settings.
3
SRP 521 VoIP Gateway Administration Guide 17
Page 18
3
Setting up the Interfaces of the Gateway
Setting up the WAN Interface
Field Description
Connect Mode Auto or manual connect mode. Select Auto to enable
your modem to establish a connection automatically or select Manual to connect or disconnect your modem connection manually.
NOTE The Ethernet Connection Recovery and Interface
Connection Failover works only if the Connection Mode is set to Auto. If you select Auto, you must select Connect on Demand and Keep Alive. If you select Connect on Demand option, you can configure the gateway to terminate the Internet connection after it has been inactive for a specified period of time (Max Idle Time).
Connect on Demand enables the modem to automatically re-establish a terminated connection when a user attempts to access the Internet again. In the Max Idle Time field, enter the number of minutes of inactivity that can elapse before your Internet connection terminates. The default is 5 minutes. The gateway periodically checks your Internet connection. If you are disconnected, then it will automatically re­establish your connection. To use this option, select Keep Alive. In the Redial Period field, specify how often you want the gateway to check the Internet connection. The default is 30 seconds.
Card Status The status of the card. If your Connect Mode is Manual,
there will be a button that you can click to connect or disconnect your Modem.
Configure Mode Select Auto to allow the gateway to automatically detect
which card model was inserted and which carrier is available. Select Manual to set up the connection manually. The default setting is Auto.
Card Model This field displays the data card model that is inserted in
the USB drive.
18 SRP 521 VoIP Gateway Administration Guide
Page 19
Setting up the Interfaces of the Gateway
Setting up the WAN Interface
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Carrier The mobile network service provider for the Internet
3
connection. This setting is required when you are using HSDPA/UMTS/GPRS Internet service. Select the card issue country from the first drop-down menu list, then select the card issue provider from the second drop­down list.
Access Point Name (APN)
Dial Number The dial number for the Internet connection. Enter the
User Name/ Password
SIM PIN The PIN code associated with your SIM card. Enter your
Server Name The name of the server for the Internet connection.
Authentication The type of authentication used by your service
Service Type Select the most commonly available type of mobile data
The Internet network to which the mobile device is connecting to. Enter the access point name provided by your mobile network service provider.
Dial Number provided by your mobile network service provider.
Enter the user name and password provided by your mobile network service provider.
SIM PIN number here.
provider. Select your authentication type, if you do not know which type to use, use the default setting, Auto.
service connection based on your area service signal. If your location supports only one mobile data service, you may set up for enhance build up connection. The first selection will always search for HSPDA/3G/UMTS service or switch to GPRS automatically only when it is available.

Connection Recovery

An Internet connection can be established via the WAN port or a wireless modem plugged into the USB port. While both Ethernet and USB interfaces may be connected, only one of them can be used to establish a link at a time. Whenever the Internet connection fails, the gateway automatically attempts to bring up
SRP 521 VoIP Gateway Administration Guide 19
Page 20
3
Setting up the Interfaces of the Gateway
Setting up the WAN Interface
another connection on another interface. This feature is called the Ethernet Internet connection recovers, the gateway automatically attempts to bring back and recover the Ethernet Internet connection. This feature is called
Recovery
STEP 1 Click Interface Setup on the tab and then click Connection Recovery in the
navigation pane. The Connection Recovery page appears.
STEP 2 If necessary, enable the Ethernet Connection Recovery feature by clicking
Enabled. When this option is enabled, the gateway sets the ethernet interface to the highest priority. Enabling this feature also enables the Interface Connection Failover feature. Whenever the Internet connection fails, the gateway automatically attempts to bring up the mobile network connection on the USB interface (if available). Whenever the Ethernet Internet connection recovers, the gateway automatically attempts to bring back and recover the Ethernet Internet connection.
NOTE Your Mobile Connection Mode must be set to Auto to use the Ethernet Connection
Recovery feature.
.
Failover
. Whenever
STEP 3 If necessary, enter an ethernet timeout value.
STEP 4 Choose a site on which to perform failover validation in the Failover Validation Site
area, either use the gateway or enter the IP address for a custom site.
STEP 5 If necessary, change the priority of the WAN interfaces by clicking the Up or Down
buttons.
STEP 6 Click Submit to save your settings.
20 SRP 521 VoIP Gateway Administration Guide
Page 21
Setting up the Interfaces of the Gateway
Setting up the WAN Interface
REVIEW DRAFT — CISCO CONFIDENTIAL
3
Field Description
Ethernet Connection Recovery
Interface Connection Failover
Timeout The time interval at which the gateway detects the
This feature ensures that your Ethernet Internet connection is always connected when available.
Failover detection works by detecting the physical connection and/or presence of traffic on the Internet link. If the link is idle, the gateway attempts to ping a destination. If the ping does not reply, the gateway assumes the link is down and attempts to fail over to another interface.
status of the Internet connection. The default timeout interval is 60 seconds.
SRP 521 VoIP Gateway Administration Guide 21
Page 22
3
Setting up the Interfaces of the Gateway

Setting up the LAN Interface

Field Description
Failover Validation Site
WAN Interfaces This area provides information on current status of the
Setting up the LAN Interface

DHCP Server Pool Setting

DHCP Server Pool settings are configured on this page. After clicking Add Rule button, you can create another DHCP Server Pool.
A ping target for the gateway to use to detect the status of the Internet connection. By default the gateway pings the Network Time Protocol (NTP) servers. You may specify a different IP address as a target here.
Ethernet Internet connection and Mobile Network connection. You can click the Status hyperlink to view the details. You may also configure the interface priority by clicking Up or Down. Note that the interface priority setting is configurable only when Ethernet Connection Recovery is disabled.
STEP 1 Click Interface Setup on the tab and then click LAN in the navigation pane. The
DHCP Server Pool Setting page appears.
STEP 2 You can edit or delete a DHCP entry by clicking the edit or delete icon.
STEP 3 Click Add Rule to open the DHCP Add page. From this page you can add a DHCP
entry.
STEP 4 Click Submit to save your settings.
22 SRP 521 VoIP Gateway Administration Guide
Page 23
Setting up the Interfaces of the Gateway
Setting up the LAN Interface
REVIEW DRAFT — CISCO CONFIDENTIAL
3
Click one of the items in the DHCP List. DHCP information displays in the Details of DHCP table.
When you click Add Rule, the DHCP - Add page opens.
SRP 521 VoIP Gateway Administration Guide 23
Page 24
3
Setting up the Interfaces of the Gateway
Setting up the LAN Interface
Field Description
DHCP Name The DHCP Name.
Local IP Address/ Subnet Mask
DHCP Server The DHCP server status. DHCP is enabled by factory
WAN Interface The WAN Interface.
24 SRP 521 VoIP Gateway Administration Guide
The DHCP IP address and subnet mask as seen by external users on the Internet (including your ISP).
default. If you already have a DHCP server, then select Disable (no other DHCP features will be available).
Page 25
Setting up the Interfaces of the Gateway
Setting up the LAN Interface
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Option 66 None, Local TFTP Server, or Remote TFTP Server. The
DNS Proxy The DNS proxy relays DNS requests to the current
Starting IP Address Enter a value for the DHCP server to start with when
3
default value is None.
public network DNS server for the proxy, and replies as a DNS resolver to the client device on the network. To enable the DNS Proxy feature, select Enabled. The default setting is Disabled.
issuing IP addresses. Because the default IP address is
192.168.15.1, the starting IP address must be
192.168.15.2 or greater, but smaller than 192.168.15.149. The default starting IP address is 192.168.15.100.
Maximum DHCP Users
IP Address Range The range of DHCP addresses is displayed here.
Client Lease Time Amount of time a network user will be allowed
Static DNS The Domain Name System (DNS) is how the Internet
WINS The Windows Internet Naming Service (WINS) manages
Enter the maximum number of PCs that you want the DHCP server to assign IP addresses. This number cannot be greater than 253. The default is 50.
connection to the gateway with their current dynamic IP address. Enter the amount of time, in minutes, that the user will be “leased” this dynamic IP address. After the time is up, the user will be automatically assigned a new dynamic IP address. The default is 0 minutes, which means one day.
translates domain or website names into Internet addresses or URLs. Your ISP will provide you with at least one DNS server IP address. If you wish to use another, type that IP address.
PCs interaction with the Internet. If you use a WINS server, enter the IP address of the server here. Otherwise, leave this field blank.
SRP 521 VoIP Gateway Administration Guide 25
Page 26
3
Setting up the Interfaces of the Gateway
Setting up the LAN Interface

Bridge/VLAN Setting

Bridge / VLAN settings are configured on this page. After clicking Add Rule, you can create another VLAN.
STEP 1 Click Interface Setup on the tab and then click LAN in the navigation pane. Click
Bridge / VLAN Setting. The Bridge / VLAN Setting page appears.
STEP 2 You can edit or delete a VLAN entry by clicking the edit or delete icon.
STEP 3 Click Add Rule to open the VLAN Add page. From this page you can add a VLAN
entry.
STEP 4 Click Submit to save your settings.
26 SRP 521 VoIP Gateway Administration Guide
Page 27
Setting up the Interfaces of the Gateway
Setting up the LAN Interface
REVIEW DRAFT — CISCO CONFIDENTIAL
3
Field Description
VLAN Name Bridge or VLAN name.
VLAN ID Bridge or VLAN ID.
Enable STP If you want to use Spanning Tree Protocol (STP), click
this box.
Enable Voice Click this box if you want to use voice. Only use this
option in VLAN mode.
Address Type Address type. Choices are None, Static IP Address,
Dynamic IP Address, and DHCP Server Pool. The default value is None.
Available Interface The interfaces that are available to you.
Added Interface The interfaces that are selected.
SRP 521 VoIP Gateway Administration Guide 27
Page 28
3
Setting up the Interfaces of the Gateway
Setting up the LAN Interface

Port Setting

Port settings are configured on this page. You can also see details about the ports.
STEP 1 Click Interface Setup on the tab and then click LAN in the navigation pane. Click
Port Setting. The Port Setting page appears.
STEP 2 You can edit a port entry by clicking the edit icon. After you click the edit icon, the
Port Edit page opens. Make any necessary changes and click Submit to save your settings.
STEP 3 If necessary, change the flow control or duplex speed settings for each interface.
STEP 4 Click Submit to save your settings.
28 SRP 521 VoIP Gateway Administration Guide
Page 29
Setting up the Interfaces of the Gateway

Setting up the Wireless LAN

REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
3
Enabled Flow Control
Speed Duplex Network speed settings. The default setting is Auto-
Details of Port The Details of Port area shows information about your
Setting up the Wireless LAN

Basic Wireless Settings

The basic settings for wireless networking are set on this page.
There are two ways to configure the wireless network(s) of the gateway, manual and Wi-Fi Protected Setup. To manually configure the wireless settings, use the Basic Wireless Settings page.
LAN Flow control. To enable flow control, click the Enable Flow Control box for the LAN interface and click Submit. Flow control is enabled by default.
negotiate.
ports.
If you have client devices, such as wireless adapters, that support Wi-Fi Protected Setup, then you can use Wi-Fi Protected Setup to automatically configure wireless security for your wireless network(s). To use Wi-Fi Protected Setup, refer to your wireless adapter's documentation.
STEP 1 Click Interface Setup on the tab and then click WiFi Setting in the navigation pane.
The Basic Wireless Settings page appears.
STEP 2 From the Network Mode menu, you can select the wireless standards running on
your network.
If you have Wireless-N, Wireless-G, and Wireless-B devices in your network,
use the default setting, Mixed.
If you have only Wireless-G and Wireless-B devices in your network, select
BG-Mixed. If you have only Wireless-N devices, select Wireless-N Only.
If you have only Wireless-G devices, select Wireless-G Only.
SRP 521 VoIP Gateway Administration Guide 29
Page 30
3
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
If you have only Wireless-B devices, select Wireless-B Only.
If you do not have any wireless devices in your network, select Disabled.
STEP 3 From the Radio Band menu, you can select the wireless bandwidth on your
network. There are three options you can select: Auto, Standard - 20MHz Channel, and Wide - 40MHz Channel.
STEP 4 Click Submit to save your settings.
Field Description
Network Mode The network mode. the default mode is Mixed.
Radio Band The bandwidth of the radio channel. The default is
Standard - 20MHz Channel.
30 SRP 521 VoIP Gateway Administration Guide
Page 31
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Wide Channel If you selected Wide - 40MHz Channel for the Radio
Standard Channel If you selected Wide - 40MHz Channel or Standard -
SSID1-4 The SSID is the network name shared among all
3
Band setting, this setting will be available for your primary Wireless-N channel. Select any channel from the drop-down menu.
20MHz Channel for the Radio Band setting, then this setting will be available. Select the channel for Wireless­N, Wireless-G, and Wireless-B networking. If you selected Wide - 40MHz Channel for the Radio Band setting, then the Standard Channel will be a secondary channel for Wireless-N. The default value is channel 11.
devices in a wireless network. The gateway can support up to four wireless networks. By default, first and second wireless network is enabled, and you can create the other wireless network names.
Wireless Network Name (SSID)
SSID Broadcast Enabled
Enabled To enable the wireless network, select the check box. To
The first default wireless network uses the name “cisco_data” which is connected to the default VLAN. The second default wireless network uses the name “cisco_voice” which is connected to the voip VLAN. To rename the default wireless network, enter a unique Wireless Network Name, which is case-sensitive and must not exceed 32 characters (use any of the characters on the keyboard).
When wireless clients survey the local area for wireless networks to associate, they detect the SSID broadcast by the gateway. If you want to broadcast the SSID, keep the check box selected. If you do not want to broadcast the SSID, deselect the check box.
disable the wireless network, deselect the check box.
SRP 521 VoIP Gateway Administration Guide 31
Page 32
3
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN

Wireless Protected Setup

Wi-Fi Protected Setup is a feature that makes it easy to set up your wireless network. If you have client devices, such as wireless adapters, that support Wi-Fi Protected Setup, then you can use Wi-Fi Protected Setup.
STEP 1 Click Interface Setup on the tab and then click WiFi Setting in the navigation pane.
Click Wireless Protected Setup. The Wireless Protected Setup page appears.
STEP 2 From Select a SSID menu, choose the SSID beacon interval and RTS threshold
settings you want to configure.
STEP 3 In the WPS field, select Disabled if you do not want to use the WiFi Protected
Setup.
NOTE There are three methods available to configure your WiFi settings using WPS. Use
the method below that applies to the client device you are configuring.
WPS Method 1
Use this method if your client device has a Wi-Fi Protected Setup button.
STEP 1 Click or press the Wi-Fi Protected Setup button on the client device.
STEP 2 Click the Wi-Fi Protected Setup button on this page.
STEP 3 After the client device has been configured, click OK. Then refer back to your
client device or its documentation for further instructions.
WPS Method 2
Use this method if your client device has a Wi-Fi Protected Setup PIN number.
STEP 1 Enter the PIN number in the field on this page.
STEP 2 Click Register.
32 SRP 521 VoIP Gateway Administration Guide
Page 33
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
REVIEW DRAFT — CISCO CONFIDENTIAL
STEP 3 After the client device has been configured, click OK. Then refer back to your
client device or its documentation for further instructions.
WPS Method 3
Use this method if your client device asks for the PIN number of the gateway.
STEP 1 Enter the PIN number listed on this page. (It is also listed on the label on the bottom
of the gateway.)
STEP 2 After the client device has been configured, click OK. Then refer to your client
device or its documentation for further instructions.
3
The Wi-Fi Protected Setup Status, Network Name (SSID), Security, Encryption, and Passphrase are displayed at the bottom of the page.
SRP 521 VoIP Gateway Administration Guide 33
Page 34
3
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
Field Description
Select a SSID Choose the SSID for the wireless network that you want
to configure. The default is SSID1.
WPS WiFi Protected Setup (WPS) option. The default is
Enabled.
34 SRP 521 VoIP Gateway Administration Guide
Page 35
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
REVIEW DRAFT — CISCO CONFIDENTIAL

Wireless Security

The Wireless Security page configures the security of your wireless network(s). The gateway supports the following wireless security mode options: WPA Personal, WPA Enterprise, WPA2 Personal, WPA2 Enterprise, RADIUS and WEP. (WPA stands for Wi-Fi Protected Access, which is a security standard stronger than WEP encryption. WEP stands for Wired Equivalent Privacy.)
STEP 1 Click Interface Setup on the tab and then click WiFi Setting in the navigation pane.
Click Wireless Security. The Wireless Security page appears.
STEP 2 From the Select a SSID menu, choose the SSID for the wireless network that you
want to configure.
STEP 3 Select the security method for your wireless network. If you do not want to use
wireless security, use the default setting, Disabled (not recommended).
3
STEP 4 If you selected a security mode, fill in the fields for the security mode that you
chose.
STEP 5 Click Submit to save your settings.
Field Description
Select a SSID The SSID to which the securithy setting is applied. The
default is SSID1.
SRP 521 VoIP Gateway Administration Guide 35
Page 36
3
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
Field Description
Security Mode The security mode for the selected SSID.
WEP WEP is a basic encryption method, which is not as
secure as WPA.
Encryption The level of WEP encryption, 64 bits 10 hex digits or
128 bits 26 hex digits. The default is 64 bits 10 hex digits.
Passphrase To automatically generate WEP keys, type a
passphrase, then click Generate.
Key 1-4 If you did not enter a Passphrase, you can enter the WEP
key(s) manually.
TX Key The TX (Transmit) Key to use. The default value is 1.
WPA Personal
WPA Algorithms WPA supports two encryption methods, TKIP and AES,
with dynamic encryption keys. Select the type of algorithm, AES or TKIP. The default is TKIP.
WPA Shared Key The Passphrase of 8-63 characters.
Group Key Renewal The Key Renewal period, which instructs the gateway
how often it should change the encryption keys. The default Group Key Renewal period is 3600 seconds.
WPA2 Personal
WPA Algorithms WPA2 supports two encryption methods, AES and
TKIP+AES, with dynamic encryption keys. Select the type of algorithm, AES, or TKIP+AES. The default is TKIP+AES.
WPA Shared Key The Passphrase of 8-63 characters.
Group Key Renewal The Key Renewal period, which instructs the gateway
how often it should change the encryption keys. The default Group Key Renewal period is 3600 seconds.
36 SRP 521 VoIP Gateway Administration Guide
Page 37
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
WPA Enterprise This option features WPA used in coordination with a
WPA Algorithms WPA supports two encryption methods, TKIP and AES,
3
RADIUS server. If you have two RADIUS servers, you can select one to be the primary server, and the secondary server can be a backup server. (This option should only be used when a RADIUS server is connected to the gateway.)
with dynamic encryption keys. Select the type of algorithm, AES or TKIP. The default is TKIP.
RADIUS Server Address
RADIUS Port The port number of the RADIUS server. The default
Shared Secret The key shared between the gateway and the server.
RADIUS Server Address
RADIUS Port The port number of the RADIUS server.
Shared Secret The key shared between the gateway and the server.
Key Renewal Timeo ut
WPA2 Enterprise This option features WPA2 used in coordination with a
The IP Address of the RADIUS server.
value is 1812.
The IP address of the RADIUS server.
The Key Renewal period, which instructs the gateway how often it should change the encryption keys. The default Key Renewal period is 3600 seconds.
RADIUS server. If you have two RADIUS servers, you can select one to be the primary server, and the secondary server can be a backup server. (This option should only be used when a RADIUS server is connected to the gateway.)
WPA Algorithms WPA2 supports two encryption methods, TKIP and AES,
with dynamic encryption keys. Select the type of algorithm, AES or TKIP or AES. The default is TKIP or AES.
Primary RADIUS Server
RADIUS Server The IP address of the RADIUS server.
SRP 521 VoIP Gateway Administration Guide 37
Page 38
3
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
Field Description
RADIUS Port The port number of the RADIUS server. The default
value is 1812.
Shared Secret The key shared between the gateway and the server.
Secondary RADIUS Server
RADIUS Server Address
RADIUS Port The port number of the RADIUS server.
Shared Secret The key shared between the gateway and the server.
Key Renewal Time out
RADIUS This option features WEP used in coordination with a
TX Key Select which TX (Transmit) Key to use. The default is 1.
The IP Address of the RADIUS server.
Enter a Key Renewal period, which instructs the gateway how often it should change the encryption keys. The default Key Renewal period is 3600 seconds.
RADIUS server. If you have two RADIUS servers, you can select one to be the primary server, and the secondary server can be a backup server. (This option should only be used when a RADIUS server is connected to the gateway.)

Wireless MAC Filter

You can control access to your wireless network by specifying the MAC addresses of the wireless devices that are permitted access or are blocked.
STEP 1 Click Interface Setup on the tab and then click WiFi Setting in the navigation pane.
Click Wireless MAC Filter. The Wireless MAC Filter page appears.
STEP 2 From the Select a SSID menu, choose the MAC filter settings to apply to the SSID.
STEP 3 To filter wireless users by MAC Address, either permitting or blocking access,
select Enabled. If you do not wish to filter users by MAC Address, use the default setting, Disabled.
STEP 4 In the Access Restriction area, select either Prevent or Permit.
38 SRP 521 VoIP Gateway Administration Guide
Page 39
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
REVIEW DRAFT — CISCO CONFIDENTIAL
STEP 5 If the Wireless MAC Filter option is enabled, you can click the Show Client List
button to open the Wireless Client List page. This page shows computers and other devices on the wireless network. The list can be sorted by Client Name, Interface, IP Address, MAC Address, and Status.
STEP 6 Select Save to MAC Address Filter List for any device you want to add to the list.
Then click Add. To retrieve the most up-to-date information, click Refresh. To exit this page and return to the Wireless MAC Filter page, click Close.
STEP 7 Click Submit to save your settings.
3
SRP 521 VoIP Gateway Administration Guide 39
Page 40
3
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
Field Description
Select a SSID The MAC filter settings to apply to the SSID. The default
is SSID1.
Enabled/Disabled The option to filter wireless users by MAC Address.
Access Restriction
Prevent Select this option to prevent devices with the MAC
address in the table from accessing the wireless network. This button is selected by default.
Permit Select this option to allow devices with the MAC
address in the table to access the wireless network. This button is not selected by default.
Show Client List This button give you access to the Wireless Client List
page. This page shows computers and other devices on the wireless network. The list can be sorted by Client Name, Interface, IP Address, MAC Address, and Status.
MAC Address Table
01-32 The MAC addresses of the devices whose wireless
access you want to block or allow.

Advanced Wireless Settings

This feature is used to set up the advanced wireless functions of the gateway. These settings should be adjusted only by an expert administrator; incorrect settings can reduce wireless performance.
STEP 1 Click Interface Setup on the tab and then click WiFi Setting in the navigation pane.
Click Advanced Wireless Settings. The Advanced Wireless page appears.
STEP 2 From the Select a SSID menu, choose the beacon interval and RTS threshold
settings to apply to the SSID.
STEP 3 Enter a value in the RTS Threshold field. If you encounter inconsistent data flow,
enter only minor reductions. The default value of 2346 is recommended.
40 SRP 521 VoIP Gateway Administration Guide
Page 41
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
REVIEW DRAFT — CISCO CONFIDENTIAL
If a network packet is smaller than the preset RTS threshold size, the RTS/CTS mechanism will not be enabled. The gateway sends Request to Send (RTS) frames to a particular receiving station and negotiates the sending of a data frame. After receiving an RTS, the wireless station responds with a Clear to Send (CTS) frame to acknowledge the right to begin transmission.
STEP 4 Change any settings in the Advanced Wireless for group SSID area.
STEP 5 Click Submit to save your settings.
3
Field Description
Advanced Wireless for separate SSID
Select a SSID The beacon interval and RTS threshold settings to apply
to the SSID. The default is SSID1.
SRP 521 VoIP Gateway Administration Guide 41
Page 42
3
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
Field Description
RTS Threshold The RTS threshold value. The default value is 2346.
Advanced Wireless for group SSID
AP Isolation This option isolates all wireless clients and wireless
devices on your network from each other. Wireless devices can communicate with the gateway but not with each other. To use this function, select Enabled. AP Isolation is disabled by default.
Authentication Type The default is set to Auto, which allows either Open
System or Shared Key authentication to be used. With Open System authentication, the sender and the recipient do NOT use a WEP key for authentication. With Shared Key authentication, the sender and recipient use a WEP key for authentication. Select Shared Key to only use Shared Key authentication.
Basic Rate The Basic Rate setting is not actually one rate of
transmission but a series of rates at which the gateway can transmit. The gateway advertises its Basic Rate to the other wireless devices in your network, so they know which rates will be used. The gateway will also advertise that it will automatically select the best rate for transmission. The default setting is Default, when the gateway can transmit at all standard wireless rates (1-2 Mbps, 5.5 Mbps, 11 Mbps, 18 Mbps, and 24 Mbps). Other options are 1-2 Mbps, for use with older wireless technology, and All, when the gateway can transmit at all wireless rates. The Basic Rate is not the actual rate of data transmission. If you want to specify the gateway's rate of data transmission, configure the Transmission Rate setting.
Transmission Rate The rate of data transmission should be set depending
on the speed of your wireless network. You can select from a range of transmission speeds, or you can select Auto to have the gateway automatically use the fastest possible data rate and enable the Auto-Fallback feature. Auto-Fallback will negotiate the best possible connection speed between the gateway and a wireless client. The default is Auto.
42 SRP 521 VoIP Gateway Administration Guide
Page 43
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
N Transmission Rate The rate of data transmission should be set depending
3
on the speed of your Wireless-N networking. You can select from a range of transmission speeds, or you can select Auto to have the gateway automatically use the fastest possible data rate and enable the Auto-Fallback feature. Auto-Fallback will negotiate the best possible connection speed between the gateway and a wireless client. The default is Auto.
CTS Protection Mode
DTIM Interval This value, between 1 and 255, indicates the interval of
Fragmentation Threshold
The gateway will automatically use CTS (Clear-To-Send) Protection Mode when your Wireless-N and Wireless-G products are experiencing severe problems and are not able to transmit to the gateway in an environment with heavy 802.11b traffic. This function boosts the gateway's ability to catch all Wireless-N and Wireless-G transmissions but will severely decrease performance. The default is Auto.
the Delivery Traffic Indication Message (DTIM). A DTIM field is a countdown field informing clients of the next window for listening to broadcast and multicast messages. When the gateway has buffered broadcast or multicast messages for associated clients, it sends the next DTIM with a DTIM Interval value. Its clients hear the beacons and awaken to receive the broadcast and multicast messages. The default value is 1.
This value specifies the maximum size for a packet before data is fragmented into multiple packets. If you experience a high packet error rate, you may slightly increase the Fragmentation Threshold. Setting the Fragmentation Threshold too low may result in poor network performance. Only minor reduction of the default value is recommended. In most cases, it should remain at its default value of 2344.
Beacon Interval The Beacon Interval value indicates the frequency
interval of the beacon. A beacon is a packet broadcast by the gateway to synchronize the wireless network. Enter a value between 20 and 65,535 milliseconds. The default value is 100.
SRP 521 VoIP Gateway Administration Guide 43
Page 44
3
Setting up the Interfaces of the Gateway
Setting up the Wireless LAN
Field Description
Power Control The WiFi output power from the gateway. From this
drop-down menu, choose High, Middle, or Low value to cover a range of the wireless network. The default is High.

WMM Setting

The gateway features WMM Support. The No Acknowledgement feature is available only when the WMM Support feature is enabled.
STEP 1 Click Interface Setup on the tab and then click WiFi Setting in the navigation pane.
Click WMM Setting. The WMM Setting page appears.
STEP 2 If you have other devices on your network that support WMM Support, you can
select Enabled for the WMM Support option.
STEP 3 In the No Ackowledgement option, select Enabled to disable the
acknowledgement feature, so the gateway will not resend data if an error occurs.
STEP 4 Click Submit to save your settings.
44 SRP 521 VoIP Gateway Administration Guide
Page 45
Setting up the Interfaces of the Gateway

Using the Loopback Interface

REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
WMM Support If you have other devices on your network that support
3
WMM Support, select Enabled. Otherwise, use the default setting, Disabled.
No Acknowledgement
Select Enabled to disable the acknowledgement feature, so the gateway will not resend data if an error occurs. Otherwise, use the default setting, Disabled.
Using the Loopback Interface
The Loopback Interface is set on this page. It only allows two loopback interfaces.
STEP 1 Click Interface Setup on the tab and then click Loopback in the navigation pane.
The Loopback page appears.
STEP 2 Click on the loopback icon to change the IP address and subnet mask for each
loopback interface. The Loopback Interface page opens.
STEP 3 Enter the IP Address and Subnet Mask for each interface.
STEP 4 Click Submit to save your settings.
SRP 521 VoIP Gateway Administration Guide 45
Page 46
3
Setting up the Interfaces of the Gateway
Using the Loopback Interface
Field Description
IP Address/Subnet Mask
The IP address and subnets for the loopback interfaces.
46 SRP 521 VoIP Gateway Administration Guide
Page 47
REVIEW DRAFT — CISCO CONFIDENTIAL

Configuring the Network

This chapter describes how to configure the network including static routing, NAT, QoS, the firewall, PPPoE, DDNS, IGMP, UPnP, and CDP.
Static Routing, page 47
NAT, page 50
QoS, page 56
4

Static Routing

Firewall, page 59
PPPoE Relay, page 64
DDNS, page 65
IGMP, page 69
UPnP, page 70
CDP Setting, page 71
These features are used to set up advanced functions of the gateway. Dynamic Routing automatically adjusts how packets travel on your network. Static Routing sets up a fixed route to another network destination.
Static Route Rule
The settings for Static Route Rule are set on this page. It shows the current static routing list and details of the selected route.
STEP 1 Click Network Setup on the tab and then click Routing in the navigation pane. The
Static Route Rule page appears.
STEP 2 Click Add Rule. The Static Routing Add page opens.
SRP 521 VoIP Gateway Administration Guide 47
Page 48
4
Configuring the Network
Static Routing
STEP 3 Enter a static route name, destination IP address/subnet mask, and gateway IP
address.
STEP 4 Click Submit to save your settings.
After clicking the Add Rule button, the Static Routing Add page opens.
48 SRP 521 VoIP Gateway Administration Guide
Page 49
Configuring the Network
Static Routing
4
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Enter Route Name The Static Routing Name
Destination LAN IP The address of the network or host to which you want to
assign a static route.
Subnet Mask The Subnet Mask. The Subnet Mask determines which
portion of an IP address is the network portion, and which portion is the host portion.
Gateway The IP address of the gateway device that allows for
contact between the gateway and the network or host.
Interface Interface to use for static routing.
Show Routing Table Clicking this button shows the current routing table.
Click Hide Routing Table to hide the routing table.
RIP
Dynamic Routing (RIP) enables the gateway to automatically adjust to physical changes in the network layout and exchange routing tables with other gateways. The gateway determines the route of network packets based on the fewest number of hops between the source and destination.
STEP 1 Click Network Setup on the tab and then click RIP in the navigation pane. The RIP
page appears.
STEP 2 To enable the Dynamic Routing feature for the Internet side, select Enabled. To
disable the Dynamic Routing feature for all data transmissions, use the default setting, Disabled.
STEP 3 Select the RIP version.
STEP 4 Set RIP timer values.
STEP 5 In the RIP List, select the Interface that you want to enable the RIP function. Or you
can add the network address to join the RIP.
STEP 6 Click Submit to save your settings.
SRP 521 VoIP Gateway Administration Guide 49
Page 50
4
Configuring the Network
NAT
NAT

Intervlan Routing

This page allows you to enable or disable intervlan routing. When enabled, this feature enables hosts that belong to different VLANs to route to each other. If disabled, communications between hosts that belong to different VLAN are blocked. Select either Enabled or Disabled and then Submit to enable or disable Intervlan routing.

Setting

The Routing page allows you to enable or disable NAT routing, which allows the gateway to host your network connection to the Internet (Enabled mode is recommended for most users).
50 SRP 521 VoIP Gateway Administration Guide
Page 51
Configuring the Network
NAT
STEP 1 Click Network Setup on the tab and then click NAT in the navigation pane. Click
STEP 2 To enable NAT, select Enabled.
STEP 3 Click Submit to save your settings.
STEP 1 Click Network Setup on the menu bar and then click NAT. Click Single Port
4
REVIEW DRAFT — CISCO CONFIDENTIAL
Setting. The Routing page appears.

Single Port Forwarding

The settings for Single Port Forwarding are set on this page. It shows the current port forwarding list and details of the selected route.
Forwarding. The Single Port Forwarding page appears.
STEP 2 Click Add Rule. The Single Port Forwarding page opens.
STEP 3 Select an application from the list.
STEP 4 Enter a name of the application.
STEP 5 Select a WAN interface.
STEP 6 Choose an external and internal port.
STEP 7 Select a protocol.
STEP 8 Enter the IP address of the server that should receive the requests.
STEP 9 Click Enabled to enable the applications you have defined.
STEP 10 Click Submit to save your settings.
SRP 521 VoIP Gateway Administration Guide 51
Page 52
4
Configuring the Network
NAT
Field Description
Application Name A list of applications. Select an application from the list.
Enter a Name The name of the application.
Wan Interface Name The WAN Interface.
External Port The external port number used by the server or Internet
application. Check with the Internet application documentation for more information.
Internal Port The internal port number used by the server or Internet
application. Check with the Internet application documentation for more information.
Protocol Select the protocol TCP or UDP, or select Both.
IP Address The IP address of the server that should receive the
requests.
Enable Click Enable to enable the applications you have
defined. This is disabled (unchecked) by default.
52 SRP 521 VoIP Gateway Administration Guide
Page 53
Configuring the Network
NAT
STEP 1 Click Network Setup on the tab and then click NAT in the navigation pane. Click
STEP 2 Click Add Rule. The Port Range Forwarding page opens.
STEP 3 Enter a name of the application.
STEP 4 Select a WAN interface.
STEP 5 Enter a starting and ending range.
STEP 6 Select a protocol.
4
REVIEW DRAFT — CISCO CONFIDENTIAL

Port Range Forwarding

The settings for Port Range Forwarding are set on this page. It shows the current port range forwarding list and details of the selected route.
Port Range Forwarding. The Port Range Forwarding page appears.
STEP 7 Enter the IP address of the server that you want the Internet users to be able to
access.
STEP 8 Click Enabled to enable the applications you have defined.
STEP 9 Click Submit to save your settings.
SRP 521 VoIP Gateway Administration Guide 53
Page 54
4
Configuring the Network
NAT
Field Description
Application Name The name of the application.
WAN Interfac e Name
Start-End Port The number or range of port(s) used by the server or
Protocol Select the protocol TCP or UDP, or Both.
IP Address The IP address of the server that you want the Internet
Enable Click Enabled to enable the applications you have
List of WAN interface.
Internet application. Check with the Internet application documentation for more information.
users to be able to access.
defined. This feature is disabled (unchecked) by default.

Port Range Triggering

The settings for Port Range Triggering are set on this page. It shows the current port range triggering list and details of the selected port range.
STEP 1 Click Network Setup on the tab and then click NAT in the navigation pane. Click
Port Range Triggering. The Port Range Triggering page appears.
STEP 2 Click Add Rule. The Port Range Triggering page opens.
STEP 3 Enter a name of the application.
STEP 4 Select a WAN interface.
STEP 5 Select a LAN interface
STEP 6 Enter a triggered port range.
STEP 7 Enter a forwarded port range.
STEP 8 Click Enabled to enable the applications you have defined.
STEP 9 Click Submit to save your settings.
54 SRP 521 VoIP Gateway Administration Guide
Page 55
Configuring the Network
NAT
4
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Application Name The name of the application.
WAN The WAN i n ter fa ce .
LAN The LAN interface.
Triggered Range The starting and ending port numbers of the triggered
port range. Check with the Internet application documentation for the port number(s) needed.
Forwarded Range Enter the starting and ending port numbers of the
forwarded port range. Check with the Internet application documentation for the port number(s) needed.
Enable Click Enabled to enable the applications you have
defined. This is disabled (unchecked) by default.
SRP 521 VoIP Gateway Administration Guide 55
Page 56
4
QoS
Configuring the Network
QoS

ALG Control

The ALG Control page lets you enable or disable SIP ALG (Application Layer Gateway). By default SIP ALG is disabled.
STEP 1 To enable SIP ALG, select Enabled and click Submit.

Bandwidth Control

Bandwidth control allows the gateway to control the maximum bandwidth for upstream data transmissions.
STEP 1 Click Network Setup on the tab and then click QoS in the navigation pane. Click
Bandwidth Control. The Bandwidth Control page appears.
STEP 2 Click Enabled to enable bandwidth control. Click Disabled to disable bandwidth
control. Bandwidth control is enabled by default at 50,000 Kbps.
STEP 3 If you enabled bandwidth control, enter the upstream bandwidth value in Kbps.
STEP 4 Click Submit to save your settings.
56 SRP 521 VoIP Gateway Administration Guide
Page 57
Configuring the Network
QoS
4
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Status The status for this feature: Enabled or Disabled. By
default, it is enabled..
Upstream Bandwidth
To allow the gateway to control the maximum bandwidth for upstream data transmissions, use the default setting, Auto. To manually set the maximum, select Manual, and enter the appropriate number in the field provided.

QoS Policy

The settings for QoS Rule are set on this page. After clicking Add Rule button, it can create another QoS Rule. The QoS Policy shows the current QoS list and details of the selected QoS rule.
STEP 1 Click Network Setup on the tab and then click QOS in the navigation pane. Click
QoS Policy. The QoS Policy page appears.
STEP 2 Click Add Rule. The QoS Setting page opens.
STEP 3 Enter a name of the application, device, or port name.
STEP 4 Choose a category type.
STEP 5 Select a LAN interface.
STEP 6 Enter a port range.
STEP 7 In the Priority menu, choose the QoS priority.
STEP 8 Click Submit to save your settings.

QoS Settings

Quality of Service (QoS) ensures better service to high-priority types of network traffic.
SRP 521 VoIP Gateway Administration Guide 57
Page 58
4
Configuring the Network
QoS
Field Description
Enter a Name The name of the application, device, or port name.
Category There are four categories available. Select one of the
following: Applications, MAC Address, Ethernet Port, or VLAN.
LAN The LAN interface for this setting.
Port Range The number or range of port(s) used by the server or
Internet application. Check with the Internet application documentation for more information. Select the protocol TCP or UDP, or Both.
Priority The priority of this QoS setting. Choices of bandwidth
priority are High, Medium, Normal, or Low.
58 SRP 521 VoIP Gateway Administration Guide
Page 59
Configuring the Network

Firewall

Firewall
STEP 1 Click Network Setup on the tab and then click Firewall in the navigation pane. Click
STEP 2 Select Enabled to enable firewall protection.
STEP 3 Click the Filter Anonymous Internet Requests option to keep your network from
4
REVIEW DRAFT — CISCO CONFIDENTIAL

Firewall Filter

A firewall enhances network security and uses Stateful Packet Inspection (SPI) for more detailed review of data packets entering your network.
Firewall Filter. The Firewall page appears.
being “pinged,” or detected, by other Internet users.
STEP 4 Click Filter Internet NAT Redirection to block access to local servers from local
networked computers.
STEP 5 Click Filter IDENT (Port 113) to keep port 113 from being scanned by devices
outside of your local network.
STEP 6 Click any Web Filter options.
STEP 7 Click Submit to save your settings.
SRP 521 VoIP Gateway Administration Guide 59
Page 60
4
Configuring the Network
Firewall
Field Description
SPI Firewall Protection
Filter Anonymous Internet Requests
Filter Internet NAT Redirection
Filter IDENT(Port
113)
Select Enabled to use a firewall, or Disabled to disable it.
When enabled, this feature keeps your network from being “pinged,” or detected, by other Internet users. It also hides your network ports. Both make it more difficult for outside users to enter your network. This filter is enabled by default. Select Disabled to allow anonymous Internet requests.
This feature uses port forwarding to block access to local servers from local networked computers. Select Enabled to filter Internet NAT redirection, or Disabled to disable this feature.
This feature keeps port 113 from being scanned by devices outside of your local network. Select Enabled to filter port 113, or Disabled to disable this feature.
60 SRP 521 VoIP Gateway Administration Guide
Page 61
Configuring the Network
Firewall
4
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Proxy Use of WAN proxy servers may compromise the
security of the gateway. Denying Filter Proxy will disable access to any WAN proxy servers. To enable proxy filtering, click the box.
Java Java is a programming language for websites. If you
deny Java, you run the risk of not having access to Internet sites created using this programming language. To enable Java filtering, click the box.
ActiveX ActiveX is a programming language for websites. If you
deny ActiveX, you run the risk of not having access to Internet sites created using this programming language. To enable ActiveX filtering, click the box.
Cookies A cookie is data stored on your computer and used by
Internet sites when you interact with them. To enable cookie filtering, click the box.

Internet Access Control

The settings for Internet Access Control are set on this page.
STEP 1 Click Network Setup on the tab and then click Firewall in the navigation pane. Click
Internet Access Control. The Internet Access Control page appears.
STEP 2 Click Add Rule. The Internet Access Policy page opens.
STEP 3 Enter an Internet access policy name.
STEP 4 Click Enabled to activate Internet access control.
STEP 5 Choose a WAN interface.
STEP 6 Choose a LAN interface.
STEP 7 Optionally, click the Show Edit List button to specify MAC address, IP address, and
IP address policies.
STEP 8 Select other blocking options as necessary.
STEP 9 Click Submit to save your settings.
SRP 521 VoIP Gateway Administration Guide 61
Page 62
4
Configuring the Network
Firewall
Field Description
Enter Policy Name The Internet policy name.
62 SRP 521 VoIP Gateway Administration Guide
Page 63
Configuring the Network
Firewall
4
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Status Enable or disable this feature. The default is Disabled.
WAN The WAN i n ter fa ce .
LAN The LAN interface.
Access Restriction The Access Restriction page allows you to block or
allow specific kinds of Internet usage and traffic, such as Internet access, designated applications, websites and inbound traffic during specific days and times.
Days/Times You can specify the days and times when you want this
policy to be enforced. Select the individual days when the policy will be in effect, or select Everyday. Then enter a range of hours and minutes when the policy will be in effect, or select 24 Hours.
Website Blocking by URL Address
Website Blocking Keyword
Blocked Application You can filter access to various Internet services, such
Modify Application If the application you want to block is not listed or you
You can block websites with specific keywords. Enter each Blocking by URL.
You can also block websites by specifying keywords in the URLs. Enter each keyword in a separate field next to Website Blocking by Key word.
as FTP or telnet. You can block up to three applications per policy. From the Applications list, select the application you want to block.
want to edit a service's settings, enter the application's name in the Application Name field. Enter its range in the Port Range fields. Select its protocol from the Protocol drop-down menu. Then click the Add button. To modify a service, select it from the Application list. Change its name, port range, and/or protocol setting. Then click the Modify button. To delete a service, select it from the Application list. Then click the Delete button.
SRP 521 VoIP Gateway Administration Guide 63
Page 64
4

PPPoE Relay

STEP 1 Click Network Setup on the tab and then click PPPoE Relay in the navigation pane.
Configuring the Network
PPPoE Relay
The PPPoE Relay feature enables an L2TP Access Concentrator (LAC) to relay active discovery and service selection functionality for PPP over Ethernet (PPPoE), over a Layer 2 Tunneling Protocol (L2TP) control channel, to an L2TP network server (LNS) or tunnel switch (multihop node). The relay functionality of this feature allows the LNS or tunnel switch to advertise the services it offers to the client, thereby providing end-to-end control of services between the LNS and a PPPoE client.
The settings for PPPoE relay are set on this page. After clicking Add Rule button, the PPPoE Relay page opens.
The PPPoE Relay page appears.
STEP 2 Click Add Rule. The PPPoE Relay page opens.
STEP 3 Choose a WAN option.
STEP 4 Choose a LAN option.
STEP 5 To enable the PPPoE Relay feature for the Internet side, click Enabled.
STEP 6 Click Submit to save your settings.
64 SRP 521 VoIP Gateway Administration Guide
Page 65
Configuring the Network

DDNS

DDNS
4
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
WAN option The WAN interface option.
Lan option The LAN interface option.
PPPoE Relay Status To enable the PPPoE Relay feature for the Internet side,
select Enabled. The default setting is Disabled.
The gateway offers a Dynamic Domain Name System (DDNS) feature. DDNS lets you assign a fixed host and domain name to a dynamic Internet IP address. It is useful when you are hosting your own website, FTP server, or other server behind the gateway. Before you can use this feature, you need to sign up for DDNS service at www.dyndns.org or www.tzo.com, DDNS service providers.
STEP 1 Click Network Setup on the tab and then click DDNS in the navigation pane. The
DDNS page appears.
STEP 2 Choose a DDNS service.
STEP 3 Enter the data for the service that you chose.
STEP 4 Click Submit to save your settings.
SRP 521 VoIP Gateway Administration Guide 65
Page 66
4
Configuring the Network
DDNS
Field Description
DDNS Service The DDNS service that you want to use; you must sign
up for an account with DynDNS and TZO.org before you can use this service. Click Submit to save your choice; the DynDNS or TZO pages open. This feature is disabled by default.
Field Description
User Name The user name from DynDNS.org.
Password The password from DynDNS.org.
Host Name Your host name. This should be in the format of
name.dyndns.org.
66 SRP 521 VoIP Gateway Administration Guide
Page 67
Configuring the Network
DDNS
4
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
SYSTEM The DynDNS service you use: Dynamic, Static, or
Custom
Mail Exchange (Optional)
Mail Exchange (Backup MX)
Wildcard This setting enables or disables wildcard for your host.
Internet IP Address Your current IP address.
Status Your DDNS status.
Update To manually trigger an update, click this button.
The address of your mail exchange server, so the e-mail to your DynDNS address go to your mail server.
This feature allows the mail exchange server to be a backup. To enable this feature, use the default setting, Enabled. To disable this feature, select Disable. if you are not sure, which seting to select, use the default setting, Enabled.
For example, if your DDNS address is myplace.dyndns.org and you enable wildcard, then the x.myplace.dyndns.org will work as well (x is the wildcard). To enable wildcards, use the default setting, Enabled. To disable wildcard, select Disabled. If you are not sure which to select, use the default setting, Enabled.
SRP 521 VoIP Gateway Administration Guide 67
Page 68
4
Configuring the Network
DDNS
Field Description
E-mail Address The E-mail Addres from TZO account.
TZO Key The key from TZO account.
Domain Name Your host name. This should be in the format of
name.tzo.org.
Internet IP Address Your current IP address.
Status Your DDNS status.
Update To manually trigger an update, click this button.
68 SRP 521 VoIP Gateway Administration Guide
Page 69
Configuring the Network

IGMP

IGMP
STEP 1 Click Network Setup on the tab and then click IGMP in the navigation pane. The
STEP 2 Select the version you want to support, IGMP v1, IGMP v2, or IGMP v3. If you are
STEP 3 If you want to allow multicast traffic through the gateway for your multimedia
4
REVIEW DRAFT — CISCO CONFIDENTIAL
Internet Group Multicast Protocol (IGMP) is used to establish membership in a multicast group and is commonly used for multicast streaming applications. For example, you may have Internet Protocol Television (IPTV) with multiple setup boxes on the same local network. These setup boxes have different video streams running simultaneously, so you should use the IGMP feature of the gateway.
IGMP page appears.
not sure which version to select, use the default setting, IGMP v2.
application devices, use the default setting, Enabled. Otherwise, select Disabled.
STEP 4 If you use IPTV applications and want to allow immediate channel swapping or
flipping without lag or delays, select Enabled . Otherwise, use the default setting, Disabled.
STEP 5 Click Submit to save your settings.
SRP 521 VoIP Gateway Administration Guide 69
Page 70
4
Configuring the Network

UPnP

Field Description
UPnP
Support IGMP Version
IGMP Proxy If you want to allow multicast traffic through the gateway
Immediate Leave If you use IPTV applications and want to allow
Universal Plug and Play (UPnP) allows computers to automatically configure the gateway for various Internet applications, such as gaming and videoconferencing.
STEP 1 Click Network Setup on the tab and then click UPnP in the navigation pane. The
UPnP page appears.
Select the version you want to support, IGMP v1, IGMP v2, or IGMP v3. If you are not sure which version to select, use the default setting, IGMP v2.
for your multimedia application devices, use the default setting, Enabled. Otherwise, select Disabled.
immediate channel swapping or flipping without lag or delays, select Enabled . Otherwise, use the default setting, Disabled.
STEP 2 If you want to use UPnP, use the default setting, Enabled. Otherwise, select
Disabled.
STEP 3 If you do not want to be able to make manual changes to the gateway while using
the UPnP feature, select Disabled. Otherwise, use the default setting, Enabled.
STEP 4 To keep UPnP configuration settings after system reboot, click Enabled.
STEP 5 To prohibit any and all Internet connections, click Enabled.
STEP 6 Click Submit to save your settings.
70 SRP 521 VoIP Gateway Administration Guide
Page 71
Configuring the Network

CDP Setting

4
REVIEW DRAFT — CISCO CONFIDENTIAL
CDP Setting
Field Description
UPnP If you want to use UPnP, use the default setting, Enabled.
Otherwise, select Disabled.
Allow Users to Configure
Keep UPnP Configurations After System Reboot
Allow Users to Disable Internet Access
Cisco Discovery Protocol (CDP) is a feature that enables network administrators to access a summary of protocol and address information about other devices that are directly connected to the device initiating the command.
If you do not want to be able to make manual changes to the gateway while using the UPnP feature, select Disabled. Otherwise, use the default setting, Enabled.
This choice will decide to save UPnP configuration after system reboot. The default is disabled.
If you want to be able to prohibit any and all Internet connections, select Enabled. Otherwise, use the default setting, Disabled.
SRP 521 VoIP Gateway Administration Guide 71
Page 72
4
Configuring the Network
CDP Setting
STEP 1 Click Network Setup on the tab and then click CDP Setting in the navigation pane.
The CDP Setting page appears.
STEP 2 Select CDP options.
STEP 3 Select CDP Setting per Ethernet port.
STEP 4 Click Submit to save your settings.
Field Description
CDP CDP options. Enable All, Disabled All and Per Port. The
default is Per Port
CDP Timer The CDP timer. The CDP timer range is 5-900.
CDP Hold Timer The CDP Hold timer. The CDP timer range is 10-255.
72 SRP 521 VoIP Gateway Administration Guide
Page 73
REVIEW DRAFT — CISCO CONFIDENTIAL

Voice Settings

This chapter describes how to administer and view voice settings.
Info, page 73
System, page 74
5

Info

The Info page provides information about the product, system, and line status.
SRP 521 VoIP Gateway Administration Guide 73
Page 74
5

System

Voice Settings
System
The System page lets you set a password for system configuration for voice.
74 SRP 521 VoIP Gateway Administration Guide
Page 75
REVIEW DRAFT — CISCO CONFIDENTIAL

Configuring VPN

This chapter describes how to configure VPN policies and settings.
IKE Policy, page 75
IPSec Policy, page 77
GRE Tunnel, page 80
VPN Passthrough, page 83
6

IKE Policy

STEP 1 Click VPN on the tab and then click Site to Site IPSec VPN in the navigation pane.
STEP 2 Click Add Rule. The IKE Policy Configuration page opens.
STEP 3 In the Policy Name field, enter a unique name used for the VPN policy.
STEP 4 Select an Exchange mode.
STEP 5 Set IKE SA parameter as needed.
STEP 6 If connected to a XAUTH server, enter a username and password.
STEP 7 Click Submit to save your settings.
IKE policy contains the parameters for setting IKE rules. These IKE policies are used in different VPN policies.
Clicking the Add Rule button opens the IKE Policy Configuration page.
Click IKE Policy. The IKE Policies page appears.
SRP 521 VoIP Gateway Administration Guide 75
Page 76
6
Configuring VPN
IKE Policy
Field Description
General
Policy Name Unique name used for the VPN policy.
Exchange Mode Main or Aggressive mode selection.
IKE SA Parameters
Encryption Algorithm
Authentication Algorithm
76 SRP 521 VoIP Gateway Administration Guide
Encryption algorithms in IKE SA. Choices are DES, 3DES, AES128, AES192, or AES256.
Authentication algorithm in IKA SA. Choices are MD5 and SHA1.
Page 77
Configuring VPN

IPSec Policy

6
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Diffie-Hellman (DH) Group
Enable Dead Peer (DPD) Detection
DPD Interval DPD packet is send periodically in interval seconds
DPD Timeout The connection timeout, in seconds, if there is no DPD
Extended Authentication
XAUTH Client Enable
Username/ Password
DH Group option. Choices are Group 1 (768 bits) or Group 2 (1024bits).
This function is not necessary for an IKE rule, but it will help to keep connection alive during no traffic if it is enabled.
during no data traffic.
response after DPD timeout.
This function can only work if it is connected to a XAUTH server.
Used to authenticate user by XAUTH server.
IPSec Policy
STEP 1 Click VPN on the tab and then click Site to Site IPSec VPN in the navigation pane.
STEP 2 Click Add Rule. The VPN Policy Configuration page opens.
STEP 3 Select the policy index that you are going to configure.
STEP 4 in the Policy Name field, enter a unique name used for the VPN policy.
STEP 5 Select a policy type.
STEP 6 Enter the remote gateway information with which you are going to connect to
STEP 7 Choose an encryption algorithm.
VPN policy contains IPSec SA parameters which let you set connection type and KEY type.
Clicking the Add Rule button opens the VPN Policy Configuration page.
Click IPSec Policy. The VPN Policies page appears.
establish a IPSec VPN tunnel.
SRP 521 VoIP Gateway Administration Guide 77
Page 78
6
Configuring VPN
IPSec Policy
STEP 8 Choose an integrity algorithm.
STEP 9 Enter auto policy parameters
STEP 10 Enter local and remote traffic selection settings.
STEP 11 Click Submit to save your settings.
78 SRP 521 VoIP Gateway Administration Guide
Page 79
Configuring VPN
IPSec Policy
6
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
General
Policy Number The policy index that you are going to configure.
Enable If this check-box is enabled, this tunnel will be activated
after the Submit button is pressed.
Policy Name A unique name for bringing up a tunnel.
Policy Type There are two types, Auto Policy and Manual Policy. The
Auto Policy type will use IKE protocol to negotiate random keys, therefore it first requires an IKE policy as well. The Manual Policy type will NOT use IKE, which is more simple, but less secure.
Remote Endpoint The remote gateway that you are going to connect to
establish a IPSec VPN tunnel. Your choices are IP Address, Any, or FQDN. The Any option will only appear in Auto Policy and is available to increase security level for roaming users. The FQDN option requires a Full Qualified Domain Name. Ensure that the domain name can be resolved into IP address by a correct DNS server if the VPN tunnel can not be established.
Encryption Algorithm
Integrity Algorithm Authentication algorithm for IPSec SA. Choices are MD5
Auto Policy Parameters
PFS Perfect Forward Secrecy, if enabled, it can prevent a
Pre Shared Key Used by IKE.
SA Lifetime IPSec SA life time in seconds.
Encryption algorithm of IPSec SA. Choices are DES, 3DES, AES128, AES192, and AES256.
and SHA1.
new key from being predictable by previous one.
Manual Policy Parameters
SPI Incoming A HEX value, range from 0x100 to 0xffffffff.
SPI Outgoing A HEX value, range from 0x100 to 0xffffffff.
SRP 521 VoIP Gateway Administration Guide 79
Page 80
6
Configuring VPN

GRE Tunnel

Field Description
GRE Tunnel
Encryption Algorithm Key
Integrity Algorithm Key
Local Traffic Selection
Local IP/IP Address/ Subnet Mask
Remote Traffic Selection
Remote IP/IP Address/Subnet Mask
A HEX value, the length depends on the key type of Encryption Algorithm above. For example, 3DES length is 32.
A HEX value, the length depends on the key type of Integrity Algorithm above. For example, MD5 is 32, and SHA1 is 40.
Selecting a local group which is allowed to pass through this tunnel.
Selecting a remote group which is allowed to pass through this tunnel. If the remote end point option is selected with Any, these inputs will be grayed and ignored.
Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco that can encapsulate a wide variety of network layer protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork.
Clicking the Add Rule button opens the GRE Configuration page.
STEP 1 Click VPN on the tab and then click GRE Tunnel in the navigation pane. The GRE
page appears.
STEP 2 Click Add Rule. The GRE page opens.
STEP 3 Select the tunnel number that you are going to configure.
STEP 4 Enter a name for the tunnel.
STEP 5 Set the Checksum, Sequence, and Key parameters.
STEP 6 Enter destination IP address of the remote network or host to which you want to
build a tunnel.
80 SRP 521 VoIP Gateway Administration Guide
Page 81
Configuring VPN
GRE Tunnel
STEP 7 Enter the IP address and subnet mask of the remote host. You can use the Add
STEP 8 Click Submit to save your settings.
6
REVIEW DRAFT — CISCO CONFIDENTIAL
button to add additional addresses.
Field Description
Number The tunnel number that you are going to configure.
Status The status of the tunnel.
Tunnel Name The name of the tunnel.
SRP 521 VoIP Gateway Administration Guide 81
Page 82
6
Configuring VPN
GRE Tunnel
Field Description
Enable This field indicates whether you want to enable or
disable the tunnel.
Details of GRE The Status, Checksum, Sequence, Key, Key Value,
Tunnel Name, Destination IP or HostName, and Remote IP Address/Subnet Mask of the session are displayed.
Checksum From this drop-down menu, you can select None, Both,
Input or Output checksum values. Input requires that all input packets have the correct checksum. Output calculates checksums for outgoing packets. Both will do both Input and Output checksums. The default is None.
Sequence From this drop-down menu, choose None, Both, Input
and Output sequence values. Output enables sequencing of outgoing packets. Input requires that all input packets are serialized. Both will do both Input and Output sequencing. The default is None.
Key From this drop-down menu, choose None, Both, Input
and Output value. The Input parameter sets the key for input. The Output parameter sets the key for output. The Both parameter sets the key to use in both directions. The default is None.
Key value The key value. The Key Value must be number is
between 0 and 4294967295.
WAN Interface The WAN subinterface on which you want to create a
tunnel with the remote site through this interface.
Destination IP or HostName
Remote IP Address/ Subnet Mask
Modify Remote IP Address/Subnet Mask
The destination IP address of the remote network or host to which you want to build a tunnel.
The IP address and subnet mask of the remote host. You can use the Add button to add additional addresses.
You can modify the Remote IP Address and Subnet Mask in this field. Use the Add button to add it into the list of Remote IP Address/Subnet Mask. For example:
192.168.2.0/24 or 192.168.3.0/32.
82 SRP 521 VoIP Gateway Administration Guide
Page 83
Configuring VPN

VPN Passthrough

VPN Passthrough
The VPN Passthrough page lets you enable or disable IPSec, PPTP, and L2TP passthrough.
STEP 1 Click VPN on the tab and then click Site to Site IPSec VPN in the navigation pane.
Click VPN Passthrough. The VPN Passthrough page appears.
STEP 2 To enable IPSec passthrough, click Enabled.
STEP 3 To enable PPTP passthrough, click Enabled.
STEP 4 To enable L2TP passthrough, click Enabled.
STEP 5 Click Submit to save your settings.
6
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
IPSec Passthrough Internet Protocol Security (IPSec) is a suite of protocols
used to implement secure exchange of packets at the IP layer. IPSec Pass-Through is enabled by default. To disable IPSec Passthrough, select Disabled.
SRP 521 VoIP Gateway Administration Guide 83
Page 84
6
Configuring VPN
VPN Passthrough
Field Description
PPTP Passthrough Point-to-Point Tunneling Protocol (PPTP) allows the
Point-to-Point Protocol (PPP) to be tunneled through an IP network. PPTP Pass-Through is enabled by default. To disable PPTP Passthrough, select Disabled.
L2TP Passthrough Layer 2 Tunneling Protocol is the method used to enable
Point-to-Point sessions via the Internet on the Layer 2 level. L2TP Pass-Through is enabled by default. To disable L2TP Passthrough, select Disabled.
84 SRP 521 VoIP Gateway Administration Guide
Page 85
REVIEW DRAFT — CISCO CONFIDENTIAL

Administration Settings

This chapter describes the administration settings of the gateway.
Web Access Management, page 85
Remote Management, page 89
Time Setup, page 93
User List, page 95
7
Log, page 96
Factory Defaults, page 97
Firmware Upgrade, page 98
Backup & Restore, page 99
Reboot, page 101

Web Access Management

You can configure access settings and remote acess rules from the Web access management features.

Settings

This page allows you to change the access settings of the gateway.
STEP 1 Click Administration on the tab and then click Web Access Management in the
navigation pane. Click Setting. The Access Setting page appears.
STEP 2 Enter a new password for the gateway.
STEP 3 Enter the new Password a second time to confirm it.
SRP 521 VoIP Gateway Administration Guide 85
Page 86
7
Administration Settings
Web Access Management
STEP 4 Select Web Access options.
STEP 5 Select Remote Access options.
STEP 6 Click Submit to save your settings.
Field Description
Router Access
Router Password The new password for the gateway.
Re-enter to confirm The new Password entered a second time to confirm it.
86 SRP 521 VoIP Gateway Administration Guide
Page 87
Administration Settings
Web Access Management
7
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Web Access
Web Utility Access To access this web utility, you can have no security
HTTP or security HTTPS. For HTTPS, enter https:// xxx.xxx.xxx.xxx (the x’s represent the gateway’s Internet IP address) in your web browser's Address field.
Web Utility Access via Wireless
Remote Access
Remote Management
Web Utility Access To access this web utility, you can have no security
Remote Upgrade If enabled, the gateway firmware can be upgraded from
This option specifies whether an administrator can access the web utility from a wireless station.
This feature allows you to manage your gateway from a remote location, via the Internet.
(HTTP) or security (HTTPS). For HTTPS, enter https:// xxx.xxx.xxx.xxx (the x’s represent the gateway’s Internet IP address) in your web browser's Address field.
Internet.

Remote Access Rule

The settings for Remote Access Rule are set on this page. Clicking Add Rule button opens the Remote Access Rule page.
STEP 1 Click Administration on the tab and then click Web Access Management in the
navigation pane. Click Remote Access Rule. The Remote Access Rule page appears.
STEP 2 Click Add Rule.
STEP 3 Choose a WAN interface.
STEP 4 Choose a port number that will open the WAN access.
STEP 5 Choose a LAN interface.
STEP 6 Choose a port number that will open the LAN access.
STEP 7 If you want to be able to access the gateway from any external IP address, select
Any IP Address. If you want to specify an external IP address or range of IP
SRP 521 VoIP Gateway Administration Guide 87
Page 88
7
Administration Settings
Web Access Management
addresses, then select the second option and complete the fields provided.
STEP 8 Click Submit to save your settings.
Field Description
WAN The WA N in ter fa c e.
WAN Remote Management Port
LAN The LAN interface.
LAN Remote Management Port
Allowed Remote IP Address
88 SRP 521 VoIP Gateway Administration Guide
The port number that will open the WAN access.
The port number that will open the LAN access.
The allowed remote IP address or range of addresses.
Page 89
Administration Settings

Remote Management

REVIEW DRAFT — CISCO CONFIDENTIAL
Remote Management

TR069

This feature lets you configure communication with an ACS server via TR-069 (CWMP).
STEP 1 Click Administration on the tab and then click Remote Management in the
navigation pane. Click TR-069. The TR-069 page appears.
STEP 2 Click Enabled to enable TR-069.
STEP 3 Enter the URL for ACS. The format should be http(s)://xxx.xxx.xxx.xxx:port or
xxx.xxx.xxx.xxx:port. The xxx.xxx.xxx.xxx is domain name or IP of ACS server; and after “:” is port. Both IP and port must be filled.
7
STEP 4 Enter the ACS username and password.
STEP 5 Enter the Connection request username and password.
STEP 6 Enter the periodic inform interval.
STEP 7 Click Submit to save your settings.
SRP 521 VoIP Gateway Administration Guide 89
Page 90
7
Administration Settings
Remote Management
Field Description
Status Select an option to enable or disable TR-069.
ACS URL The URL for ACS. The format should be http(s)://
xxx.xxx.xxx.xxx:port or xxx.xxx.xxx.xxx:port. The xxx.xxx.xxx.xxx is domain name or IP of ACS server; and after “:” is port. Both IP and port must be filled.
ACS Username The username for ACS. The default username is OUI-
Serial Number; this should be the same as configured at ACS side and must be filled.
ACS Password The password for ACS. This should be the same as
configured at ACS side and must be filled.
Connection Request URL
90 SRP 521 VoIP Gateway Administration Guide
This field will be auto-filled and does not need to be filled manually. The format is http://xxx.xxx.xxx.xxx:port. The xxx.xxx.xxx.xxx is WAN IP of CPE.
Page 91
Administration Settings
Remote Management
7
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Connection Request Username
Connection Request Password
Periodic Inform Interval
Periodic Inform Enable
Request Download If applied, ACS may call the Download RPC after it
Connection request username. This should be the same as configured at ACS side.
Connection request password.This should be the same as configured at ACS side.
The periodic inform interval. The default value is 86400 seconds.
To enable or disable periodic inform.
receives the request from CPE.

SNMP

SNMP is a popular network monitoring and management protocol.
STEP 1 Click Administration on the tab and then click Remote Management in the
navigation pane. Click SNMP. The SNMP page appears.
STEP 2 Click Enabled to enable SNMP.
STEP 3 Choose a trusted IP setting.
STEP 4 Click Submit to save your settings.
SRP 521 VoIP Gateway Administration Guide 91
Page 92
7
Administration Settings
Remote Management
Field Description
Enable/Disable To enable SNMP identification, click Enabled. To disable
SNMP, click Disabled.
Trusted IP Only trusted IP or IP range can access this gateway via
SNMP.
Get Community Enter the password that allows read-only access to the
SNMP information of the gateway.
Set Community Enter the password that allows read/write access to the
SNMP information of the gateway.

Local TFTP

STEP 1 Click Administration on the tab and then click Remote Management in the
navigation pane. Click Local TFTP. The Local TFTP Control page appears.
STEP 2 Click Enabled to enable TFTP.
STEP 3 Click Submit to save your settings.
92 SRP 521 VoIP Gateway Administration Guide
Page 93
Administration Settings

Time Setup

7
REVIEW DRAFT — CISCO CONFIDENTIAL
Time Setup
STEP 1 Click Administration on the tab and then click Time S e tu p in the navigation pane.
STEP 2 Choose your timezone.
STEP 3 Select Automatically adjust clock for daylight saving changes option if you want
STEP 4 If you want to use the default Network Time Protocol (NTP) server, use the default
Field Description
TFTP Specify whether TFTP is enabled or disabled. The
default is Disabled.
This feature allows you set parameters related to time for the gateway.
The Time Setup page appears.
the gateway to automatically adjust for daylight saving time.
setting, Auto. If you want to specify the NTP server, select Manual, and enter the URL or IP address of the NTP server you want to use.
STEP 5 The Resync timer controls how often the gateway resyncs with the NTP server.
Enter the number of seconds you want the interval to be.
SRP 521 VoIP Gateway Administration Guide 93
Page 94
7
Administration Settings
Time Setup
STEP 6 Click Submit to save your settings.
Field Description
Time Zone The timezone that the gateway is set to.
Automatically adjust clock for daylight saving changes
Time Se r ver Address
Resync Timer The timer controls how often the gateway resyncs with
Select this option if you want the gateway to automatically adjust for daylight saving time. This option is enabled by default.
If you want to use the default Network Time Protocol (NTP) server, use the default setting, Auto. If you want to specify the NTP server, select Manual, and enter the URL or IP address of the NTP server you want to use.
the NTP server. Enter the number of seconds you want the interval to be. The default is 3600 seconds.
94 SRP 521 VoIP Gateway Administration Guide
Page 95
Administration Settings

User List

User List
STEP 1 Click Administration on the tab and then click User List in the navigation pane. The
STEP 2 Click Add User.
STEP 3 Enter a new Username.
STEP 4 Enter a password.
STEP 5 Re-enter the password to confirm it.
STEP 6 Select administrative power of the new user.
7
REVIEW DRAFT — CISCO CONFIDENTIAL
The settings for User List are set on this page. Clicking the Add Rule button, opens the User Add page.
User List page appears.
STEP 7 Click Submit to save your settings.
SRP 521 VoIP Gateway Administration Guide 95
Page 96
7
Administration Settings
Log
Field Description
Username The new Username.
Password To ensure the security of the gateway, you will be asked
for your password when you access the Web-based Utility. The default password is admin.
Confirm password It is recommended that you change the default
password to another one. Enter a new gateway password and then enter it again in the Re-enter to Confirm field.
Power Select power of new User. The choices are Admin and
Guest.
Log
The gateway has the ability to record incoming, outgoing, and DHCP logs. The Incoming Log will display a temporary log of the source IP addresses and destination port numbers for the incoming Internet traffic. The Outgoing Log will display a temporary log of the local IP addresses, destination URLs/IP addresses, and service/port numbers for the outgoing Internet traffic.
STEP 1 Click Administration on the tab and then click Log in the navigation pane. The Log
page appears.
STEP 2 Click Enabled to enable logging.
STEP 3 Choose the log type from the Log List area.
STEP 4 Click Apply to save your settings.
96 SRP 521 VoIP Gateway Administration Guide
Page 97
Administration Settings

Factor y Defaults

7
REVIEW DRAFT — CISCO CONFIDENTIAL
Field Description
Status To access activity logs, select Enabled. With logging
Log List The log type. To specify the log type, select Incoming
Factory Defaults
You can set the gateway to its settings as it was when it was shipped from the factory.
STEP 1 Click Administration on the tab and then click Factory Defaults in the navigation
pane. The Factory Defaults page appears.
STEP 2 Click Ye s in the Restore Router Factory Defaults to restore the gateway to its
factory defaults.
enabled, you can view temporary logs. Click Disabled to disable this function.
Log, Outgoing Log, or DHCP Client Log.
STEP 3 Click Ye s in the Restore Voice Factory Defaults to restore the voice settings to
factory defaults.
SRP 521 VoIP Gateway Administration Guide 97
Page 98
7
Administration Settings

Firmware Upgrade

STEP 4 Click Submit to save your settings.
Field Description
Restore Router Factory Defaults
Restore Voice Factory Defaults
Firmware Upgrade
You can upgrade the firmware on the gateway.
To reset the gateway settings to the default values, select Yes. Then click Submit. Any custom gateway settings you have saved will be lost when the default settings are restored.
To reset the voice settings to the default values, select Yes. Then click Submit. Any custom Voice settings you have saved will be lost when the default settings are restored.
98 SRP 521 VoIP Gateway Administration Guide
Page 99
Administration Settings

Backup & Restore

STEP 1 Click Administration on the tab and then click Firmware Upgrade in the navigation
STEP 2 Enter the username and password provided by your service provider.
STEP 3 Click OK to upgrade the gateway.
7
REVIEW DRAFT — CISCO CONFIDENTIAL
pane. The Username & Password page appears.
Field Description
Username Username provided by the service provider.
User Password Password provided by the service provider.
Backup & Restore

Backup Configuration

The Backup Configuration feature lets you to backup the configuration settings of the gateway to a file which you can use later to restore the gateway to the same settings.
SRP 521 VoIP Gateway Administration Guide 99
Page 100
7
Administration Settings
Backup & Restore
STEP 1 Click Administration on the tab and then click Backup & Restore in the navigation
pane. Click Backup Configuration. The Backup Configuration page appears.
STEP 2 Click Backup to save the configuration of the gateway.
Field Description
Backup To back up configuration settings of the gateway, click
Backup and follow the on screen instructions.

Restore Configuration

The Restore Configuration feature lets you restore the gateway to configuration settings from a previous backup session.
STEP 1 Click Administration on the tab and then click Backup & Restore in the navigation
pane. Click Restore Configuration. The Restore Configuration page appears.
STEP 2 Click Browse and select previously backed up configuration file.
STEP 3 Click Restore to restore the configuration of the gateway.
100 SRP 521 VoIP Gateway Administration Guide
Loading...