Huawei B222s User Manual

Download

Page 1

B222s

LTE Outdoor CPE

Default Login Details

Web Address

User Name admin Password 1234

Edition 1, 6/2012

www.zyxel.com

http://192.168.1.1

www.huawei.com

IMPORTANT!

Page 2

Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate.

Related Documentation

•Quick Start Guide The Quick Start Guid shows how to connect the LTE Device and access the Web Configurator

wizards. (See the wizard real time help for i nformation on configuring each screen.) It also contains a connection diagram and package contents list.

Note: It is recommended you use the Web Configurator to configure the LTE Device.

B222s User’s Guide2

Page 3

Contents Overview

User’s Guide .......................................................................................................................................13

Introduction .............................................................................................................................................15

Introducing the Web Configurator ...........................................................................................................21

Technical Reference ..........................................................................................................................27

Connection Status and System Info ........................................................................................................29

Broadband ....................................... ... .... ... ... ... .......................................... ... .... ... ... ... ..............................35

Wireless ..................................................................................................................................................43

Home Networking ....................................................................................................................................69

Routing .................................. ................................. ................................ .................................................75

DNS Route ............ ... .......................................... .... ... .......................................... ... ... ..............................79

Quality of Service (QoS) .................................... .... ... ... ... .... ... ... ... .... .......................................................83

Network Address Translation (NAT) .......................................... .................................... ..........................95

Dynamic DNS ........................................................................................................................................103

Firewall ...................................... ................................ ................................... .........................................105

MAC Filter .............................................................................................................................................115

Parental Control ....................................................................................................................................117

VoIP .......................................................................................................................................................121

Logs .....................................................................................................................................................145

Traffic Status ............................................. ... ... ... .... .......................................... ... ... ...............................149

User Account ................................... ... .... .......................................... ... ... ... ............................................155

Remote MGMT ......................................................................................................................................157

System ..................................................................................................................................................159

Time Setting ..........................................................................................................................................161

Log Setting ...........................................................................................................................................163

Firmware Upgrade ................................................................................................................................165

Backup/Restore .................................. .... ... ... ... ... .......................................... .... ... ... ... .... ........................167

Diagnostic .............................................................................................................................................171

Troubleshooting ....................................................................................................................................173

B222s User’s Guide

Page 4

Contents Overview

B222s User’s Guide

Page 5

Table of Contents

Contents Overview ..............................................................................................................................3

Table of Contents .................................................................................................................................5

Part I: User’s Guide .........................................................................................13

Chapter 1

Introduction.........................................................................................................................................15

1.1 Overview ................ ... ... ... .... ... ... .......................................... ... .... .......................................................15

1.2 Applications for the LTE Device ........................................................................................................15

1.2.1 Internet Access ................... .... .......................................... ... ... .................................................15

1.2.2 VoIP Features ........ .... ... ... ... .......................................... .... ... ....................................................16

1.2.3 Wireless Connection ........ ... .... ... .......................................... ... ... ... .... ... ....................................16

1.3 The WLAN Button ............................................................ ... ... .... ... ... ... ..............................................16

1.4 Ways to Manage the LTE Device ............................................................... ... ... ... .... ... ... ....................18

1.5 Good Habits for Managing the LTE Device .......................................................................................18

1.6 LEDs (Lights) ......................................................................... .... ... ....................................................18

1.7 The RESET Button ........................... ... ... ... ... .... ... ... .......................................... ... .... ..........................20

Chapter 2

Introducing the Web Configurator ....................................................................................................21

2.1 Overview ................ ... ... ... .... ... ... .......................................... ... .... .......................................................21

2.1.1 Accessing the Web Configurator .............................................................................................21

2.2 The Web Configurator Layout ...... .... .......................................... ... ... ... ... .... ... ....................................23

2.2.1 Title Bar ........................................ ... ... .... ... ... .......................................... ... ..............................23

2.2.2 Main Window ............................. ... ... ... .... ... ... .......................................... ... .... ... .......................24

2.2.3 Traffic Status ....................... ....................................... ... .... ... ... ... ... ...........................................24

2.2.4 User Account .......................... ... ... ... ... .... ... .......................................... ... ... ..............................24

2.2.5 Navigation Panel .................... ... ... ... ... .... .................................................................................24

Part II: Technical Reference............................................................................27

Chapter 3

Connection Status and System Info .................................................................................................29

3.1 Overview ................ ... ... ... .... ... ... .......................................... ... .... .......................................................29

3.2 The Connection Status Screen .........................................................................................................29

B222s User’s Guide

Page 6

Table of Contents

3.3 The System Info Screen ................................................................................... .................................31

Chapter 4

Broadband...........................................................................................................................................35

4.1 Overview ................ ... ... ... .... ... ... .......................................... ... .... .......................................................35

4.1.1 What Yo u Can Do in this Chapter ............................................................................................35

4.1.2 What You Need to Know ............................ ... ... .... ... ... ... .... ......................................... .... ..........35

4.1.3 Before You Begin .......................................... ... .... ... ... ... .... ......................................... ..............38

4.2 The Broadband Screen .....................................................................................................................38

4.2.1 Add/Edit Internet Connection ........... ... .... ... ... .......................................... ... .... ... ... ... ... .... ... .......39

4.3 Technical Reference ............................................... ... .... ... ... ... .... ... ... .................................................41

Chapter 5

Wireless...............................................................................................................................................43

5.1 Overview ................ ... ... ... .... ... ... .......................................... ... .... .......................................................43

5.1.1 What Yo u Can Do in this Chapter ............................................................................................43

5.1.2 Wireless Network Overview .... ... ... ... ... .... ... ... .......................................... ... .... ... ... ... ... ..............43

5.1.3 Before You Begin .......................................... ... .... ... ... ... .... ......................................... ..............45

5.2 The Wireless General Screen ............... ... ... .... ... ... ... .... ... ... ............................................. .................45

5.2.1 No Security ............................. ... ... ... ... .... ... .......................................... ... ... ..............................47

5.2.2 Basic (Static WEP/Shared WEP Encryption) ...........................................................................47

5.2.3 More Secure (WPA(2)-PSK) ....................................................................................................49

5.2.4 WPA(2) Authentication .................................................................. .... ... ... ... .... ... ... ... ... ..............50

5.3 The More AP Screen .................................... .... ... ... ... .... ... ... ... .... .......................................................51

5.3.1 Edit More AP ................ ... .......................................... ... .... .......................................................52

5.4 The WPS Screen ......................................... .... ... ... ... .... ... ... ... .... ... ... .................................................53

5.5 The WMM Screen .............................................................................................................................55

5.6 Scheduling Screen ...........................................................................................................................57

5.7 Technical Reference ............................................... ... .... ... ... ... .... ... ... .................................................57

5.7.1 Additional Wireless Terms .......................................................................................................58

5.7.2 Wireless Security Overview .....................................................................................................58

5.7.3 Signal Problems ................. .... ... ... .......................................... ... ... .... ... ... ... ..............................60

5.7.4 BSS .........................................................................................................................................61

5.7.5 MBSSID .............. ... .... .......................................... ... .......................................... .......................61

5.7.6 WiFi Protected Setup (WPS) ...................................................................................................62

Chapter 6

Home Networking............................................................................................................................... 69

6.1 Overview ................ ... ... ... .... ... ... .......................................... ... .... .......................................................69

6.1.1 What Yo u Can Do in this Chapter ............................................................................................69

6.1.2 What You Need To Know ........... ... ... ... .... ... ... ... .... .......................................... ... ... ... ... .... ... .......69

6.2 The LAN Setup Screen .....................................................................................................................71

6.3 The Static DHCP Screen .................................................................. ... ... .... ... ... ... .... ... .......................72

B222s User’s Guide

Page 7

Table of Contents

6.3.1 Before You Begin .......................................... ... .... ... ... ... .... ......................................... ..............72

6.4 The UPnP Screen .............................................................................................................................73

Chapter 7

Routing ................................................................................................................................................75

7.1 Overview ................ ... ... ... .... ... ... .......................................... ... .... .......................................................75

7.2 Configuring Static Route .............. .... ... ... ... ... .... .......................................... ... ... ... .... ... ... ....................76

7.2.1 Add/Edit Static Route .............................................................................................................77

Chapter 8

DNS Route...........................................................................................................................................79

8.1 Overview ................ ... ... ... .... ... ... .......................................... ... .... .......................................................79

8.1.1 What Yo u Can Do in this Chapter ............................................................................................79

8.2 The DNS Route Screen ....................................................................................................................80

8.2.1 Add/Edit DNS Route Edit ................ ... .... ... ... ... .......................................... .... ... ... ... ... .... ..........80

Chapter 9

Quality of Service (QoS).....................................................................................................................83

9.1 Overview ................ ... ... ... .... ... ... .......................................... ... .... .......................................................83

9.1.1 What Yo u Can Do in this Chapter ............................................................................................83

9.1.2 What You Need to Know ............................ ... ... .... ... ... ... .... ......................................... .... ..........83

9.2 The QoS General Screen ................................... ... ... .... ... ... ... .... .......................................................84

9.3 The Queue Setup Screen .................................................................................................................86

9.3.1 Add/Edit a QoS Queue ................................ ... .... ... .......................................... ... ... ... .... ..........87

9.4 The Class Setup Screen .................................................................................................................87

9.4.1 Add/Edit QoS Class ............................................................... ... ... .... ... ... ... ..............................89

9.5 The QoS Monitor Screen .................................................................................................................92

9.6 QoS Technical Reference .................................................................................................................92

9.6.1 IEEE 802.1p ............................................................................................................................93

9.6.2 IP Precedence ..................................................................... ... ... ..............................................93

9.6.3 DiffServ ............... ... .... ... ... ... .... .......................................... .......................................................93

Chapter 10

Network Address Translation (NAT)..................................................................................................95

10.1 Overview ........................................................................................................................................95

10.1.1 What You Can Do in this Chapter ..........................................................................................95

10.1.2 What You Need To Know ............................................ .......................................... .................95

10.2 The Port Forwarding Screen ..........................................................................................................96

10.2.1 The Port Forwarding Screen .................................................................................................97

10.2.2 The Port Forwarding Edit Screen .......................................................................................... 98

10.3 The DMZ Screen ........ ... .......................................... .... ... ... ... .... ... ....................................................99

10.4 The Sessions Screen .............. ... .... ... .......................................... ... ... ... .... ... ... ... .... ... ... ... .................99

10.5 Technical Reference ............................................. ....... ...... ... ....... ...... ....... ...... ....... ...... ..................100

B222s User’s Guide

Page 8

Table of Contents

10.5.1 NAT Definitions ....................................................................................................................100

10.5.2 What NAT Does ...................................................................................................................101

10.5.3 How NAT Works ..................................................................................................................101

Chapter 11

Dynamic DNS ....................................................................................................................................103

11.1 Overview ......................................................................................................................................103

11.1.1 What You Need To Know .....................................................................................................103

11.2 The Dynamic DNS Screen ............................................................................................................104

Chapter 12

Firewall ..............................................................................................................................................105

12.1 Overview .......................................................................................................................................105

12.1.1 What You Can Do in this Chapter ........................................................................................105

12.1.2 What You Need to Know ................................ ............. ............. .......... ............. ............. ........106

12.2 The General Screen ............ ... ... .... ...............................................................................................107

12.3 The Services Screen ......... ... ... .......................................... ... .... ... ... ... ... .... ... ... ... ............................108

12.3.1 The Add New Services Entry Screen ......... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ..108

12.4 The Access Control Screen ..........................................................................................................109

12.4.1 The Add New ACL Rule/Edit Screen ....................... .......................................................... .. 110

12.5 The DoS Screen ............................................................................................................................ 111

12.6 Firewall Technical Reference ........................................................................................................112

12.6.1 Guidelines For Enhancing Security With Your Firewall .......................................................112

12.6.2 Security Considerations ........................... ....................... ...................... ....................... ........112

Chapter 13

MAC Filter..........................................................................................................................................115

13.1 Overview .......................................................................................................................................115

13.1.1 What You Need to Know ................................ ............. ............. .......... ............. ............. ........115

13.2 The MAC Filter Screen ..................................................................................................................115

Chapter 14

Parental Control................................................................................................................................117

14.1 Overview .......................................................................................................................................117

14.2 The Parental Control Screen ............................. ............. ............. ............. ............. ............ ............117

14.2.1 Add/Edit a Parental Control Rule .........................................................................................118

Chapter 15

VoIP....................................................................................................................................................121

15.1 Overview .......................................................................................................................................121

15.1.1 What You Can Do in this Chapter ........................................................................................121

15.1.2 What You Need to Know ................................ ............. ............. .......... ............. ............. ........121

15.1.3 Before You Begin .................................................................................................................123

B222s User’s Guide

Page 9

Table of Contents

15.2 The SIP Service Provider Screen ................................................................................................123

15.3 The SIP Account Screen ...............................................................................................................129

15.3.1 Add/Edit SIP Account ..........................................................................................................130

15.4 Multiple SIP Accounts ...................................................................................................................132

15.5 Phone Screen ..............................................................................................................................133

15.5.1 Edit Phone Device ...............................................................................................................133

15.6 The Phone Region Screen ......... .... ... ... ... ......................................................................................134

15.7 The Call Rule Screen ....................................................................................................................134

15.8 Technical Reference ............................................. ....... ...... ... ....... ...... ....... ...... ....... ...... ..................136

15.8.1 VoIP .....................................................................................................................................136

15.8.2 SIP ......................................................................................................................................136

15.8.3 Quality of Service (QoS) .......................... ....................................................... .....................140

15.8.4 Phone Services Overview ...................................................................................................141

Chapter 16

Logs ..................................................................................................................................................145

16.1 Overview ......................................................................................................................................145

16.1.1 What You Can Do in this Chapter ........................................................................................145

16.1.2 What You Need To Know ............................................ .......................................... ...............145

16.2 The System Log Screen ................................................................................................................146

16.3 The Phone Log Screen ........................... ... .......................................... .... ... ... ... .... ... ... ... ...............147

16.4 The VoIP Call History Screen ........................................................................................................147

Chapter 17

Traffic Status.....................................................................................................................................149

17.1 Overview .......................................................................................................................................149

17.1.1 What You Can Do in this Chapter ........................................................................................149

17.2 The WAN Status Screen ...............................................................................................................149

17.3 The LAN Status Screen .................................................................................................................150

17.4 The NAT Status Screen ............................................... ... ... ... .... ... ... ... ... .... ... ..................................151

17.5 The VoIP Status Screen ................................................................................................................152

Chapter 18

User Account ....................................................................................................................................155

18.1 Overview .......................................................................................................................................155

18.2 The User Account Screen .............. ... ... ... ... .... ... ... ... .... ..................................................................155

Chapter 19

Remote MGMT...................................................................................................................................157

19.1 Overview .......................................................................................................................................157

19.1.1 What You Need to Know ................................ ............. ............. .......... ............. ............. ........157

19.2 The Remote MGMT Screen ....................... ................................................................. ..................157

B222s User’s Guide

Page 10

Table of Contents

Chapter 20

System...............................................................................................................................................159

20.1 Overview .......................................................................................................................................159

20.1.1 What You Need to Know ................................ ............. ............. .......... ............. ............. ........159

20.2 The System Screen .................... .... ... ... .......................................... ...............................................159

Chapter 21

Time Setting......................................................................................................................................161

21.1 Overview .......................................................................................................................................161

21.2 The Time Setting Screen .............................................................................................................161

Chapter 22

Log Setting .......................................................................................................................................163

22.1 Overview ......................................................................................................................................163

22.2 The Log Setting Screen ................................................................................................................163

Chapter 23

Firmware Upgrade ............................................................................................................................165

23.1 Overview .......................................................................................................................................165

23.2 The Firmware Upgrade Screen ............................ .................................... .....................................165

Chapter 24

Backup/Restore ................................................................................................................................167

24.1 Overview .......................................................................................................................................167

24.2 The Backup/Restore Screen .........................................................................................................167

24.3 The Reboot Screen .......................................................................................................................169

Chapter 25

Diagnostic .........................................................................................................................................171

25.1 Overview .......................................................................................................................................171

25.2 The Ping/TraceRoute Screen ..................... .... .......................................... ... ... ... ............................171

Chapter 26

Troubleshooting................................................................................................................................173

26.1 Overview .......................................................................................................................................173

26.2 Power, Hardware Connections, and LEDs ........................ ... .... ... ... ... .......................................... ..173

26.3 LTE Device Access and Login ......................................................................................................174

26.4 Internet Access .............................................................................................................................175

26.5 Wireless Internet Access ...............................................................................................................176

26.6 Phone Calls and VoIP ...................................................................................................................177

26.7 UPnP .............................................................................................................................................178

Appendix A IP Addresses and Subnetting.......................................................................................179

B222s User’s Guide

Page 11

Table of Contents

Appendix B Setting Up Your Computer’s IP Address ......................................................................189

Appendix C Pop-up Windows, JavaScript and Java Permissions...................................................219

Appendix D Wireless LANs..............................................................................................................229

Appendix E Common Services........................................................................................................249

Appendix F Legal Information..........................................................................................................253

Index ..................................................................................................................................................255

B222s User’s Guide

Page 12

Table of Contents

B222s User’s Guide

Page 13

PART I

User’s Guide

Page 14

Page 15

CHAPTER 1

LAN

WAN

LTE

1.1 Overview

The Device is an LTE (Long Term Evolution) device including an outdoor unit (ODU) and an indoor unit (IDU). The LTE Device supports Voice over IP (VoIP) communication capabilities to allow you to use a traditional analog telephone to make Internet calls. The LTE Device also provides a complete security solution with a robust firewall based on Stateful Packet Inspection (SPI) technology and Denial of Service (DoS).

See the chapter on product specifications for a full list of features.

1.2 Applications for the LTE Device

Introduction

Here are some example uses for which the LTE Device is well suited.

1.2.1 Internet Access

Your LTE Device provides Internet access by connecting to an LTE network wirelessly.

Computers can connect to the LTE Device’s ETHERNET ports (or wirelessly).

Figure 1 LTE Device’s Internet Access Application

B222s User’s Guide 15

Page 16

Chapter 1 Introduction

PSTN

LAN

WLAN

WAN

1.2.2 VoIP Features

You can register 1 SIP (Session Initiation Protocol) profile (2 accounts for that profile) and use the LTE Device to make and receive VoIP telephone calls:

Figure 2 LTE Device’s VoIP Application

The LTE Device sends your call to a VoIP service provider’s SIP server which forwards your calls to either VoIP or PSTN phones.

1.2.3 Wireless Connection

By default, the wireless LAN (WLAN) is enabled on the LTE Device. Once Wireless is enabled, IEEE

802.11b/g/n compliant clients can wirelessly connect to the LTE Device to access network

resources. You can set up a wireless network with WPS (WiFi Protected Setup) or manually add a client to your wireless network.

Figure 3 Wireless Connection Application

1.3 The WLAN Button

You can use the WIRELESS On /Off button on top of the device to turn the wireless LAN on or off. You can also use it to activate WPS in order to quickly set up a wireless network with strong security.

B222s User’s Guide

Page 17

Chapter 1 Introduction

Turn the Wireless LAN On or Off

1 Make sure the PWR/SYS LED is on (not blinking).

2 Press the WIRELESS On/Off button for one second and release it. The WLAN/WPS LED should

change from on to off or vice versa.

Activate WPS

1 Make sure the PWR/SYS LED is on (not blinking).

2 Press the WIRELESS On/Off button for more than five seconds and release it. Press the WPS button

on another WPS -enabled device within range of the L TE Device. The WLAN/WPS LED should flash while the LTE Device sets up a WPS connection with the wireless device.

Note: You must activate WPS in the LTE Device and in another wireless device within two

minutes of each other. See Chapter 5 on page 62 for more information.

B222s User’s Guide

Page 18

Chapter 1 Introduction

1.4 Ways to Manage the LTE Device

• Web Configurator. This is for management of the LTE Device using a (supported) web browser.

1.5 Good Habits for Managing the LTE Device

Do the following things regularly to make the LTE Device more secure and to manage the LTE Device more effectively.

• Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.

• Write down the password and put it in a safe place.

• Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password to access the Web Configurator, you will have to reset the LTE Device to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the LTE Device. You could simply restore your last configuration. Keep in mind that backing up a configuration file will not back up passwords used to set up PPPoE and VoIP. Write down any information your ISP provides you.

1.6 LEDs (Lights)

The following graphic displays the labels of the LEDs.

Figure 4 LEDs on the Top of the Device

Figure 5 LEDs on the Ethernet Ports

None of the LEDs are on if the LTE Device is not receiving power.

Table 1 LED Descriptions (From Left To Right)

LED COLOR STATUS DESCRIPTION

PWR/SYS Green On The LTE Device is receiving power and ready for use.

Red On The LTE Device detected an error while self-testing, or there

Off The LTE Device is not receiving power.

Blinking The LTE Device is booting up.

is a device malfunction.

Blinking The LTE Device is upgrading the firmware.

B222s User’s Guide

Page 19

Chapter 1 Introduction

Table 1 LED Descriptions (From Left To Right) (continued)

LED COLOR STATUS DESCRIPTION

LINK Green On The LTE Device has an LTE connection on the WAN.

Blinking The LTE Device is searching for a frequency channel or is

performing network entry.

Off The LTE Device does not have an LTE connection on the

WAN.

LTE The LTE LEDs display the Received Signal Strength

No Signal LEDS

Green Signal 1 OnThe signal strength is less than -90 dBm if signal 1 is on

Signal 2 OnThe signal strength is between -90 dBm and -70 dBm if both

Signal 3 OnThe signal strength is -70 dBm or greater if three signals are

WLAN/WPS Green On The wireless network is activated and is operating in IEEE

Blinking The LTE Device is communicating with other wireless clients. Orange Blinking The LTE Device is setting up a WPS connection. Off The wireless network is not activated.

PHONE Green On A SIP account is registered for the phone port.

Blinking A telephone connected to the phone port has it s re ce iver off

Orange On A SIP account is registered for the phone port and there is a

Blinking A telephone connected to the phone port has it s re ce iver off

Off The phone port does not have a SIP account registered.

ETHERNET1-2Yellow

(Giga Ethernet)

Green (Fast Ethernet)

Off The LTE Device does not have an Ethernet connection with

On The LTE Device has a successful 1000 Mbps Ethernet

Blinking The LTE Device is sending or receiving data to/from the LAN

On The LTE Device has a successful 10/100 Mbps Ethernet

Blinking The LTE Device is sending or receiving data to/from the LAN

Indication (RSSI) of the LTE connection. Three signals on at the same time means best signal quality, two means medium signal quality, and one means low signal quality.

There is no L T E conn e ct ion .

only.

signals 1 and 2 are on.

all on.

802.11 “b”, “g” or “n” mode.

of the hook or there is an incoming call.

voice message in the corresponding SIP account.

of the hook and there is a voice message in the corresponding SIP account.

connection with a device on the Local Area Network (LAN).

at 1000 Mbps.

connection with a device on the Local Area Network (LAN).

at 10/100 Mbps.

the LAN.

Refer to the Quick Start Guide for information on hardware connections.

B222s User’s Guide

Page 20

Chapter 1 Introduction

1.7 The RESET Button

If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the device to reload the factory-default configuration file. This means that y ou will lose all configurations that you had previously and the passwords will be reset to the defaults.

1 Make sure the POWER LED is on (not blinking).

2 T o set the device back to the factory default settings, press the RESET button for 5 seconds or until

the POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have been restored and the device restarts.

B222s User’s Guide

Page 21

2.1 Overview

The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later versions, Mozilla Firefox 3 and later versions, or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.

In order to use the web configurator you need to allow:

• Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.

• JavaScript (enabled by default).

• Java permissions (enabled by default).

CHAPTER 2

Introducing the Web Configurator

See Appendix C on page 219 if you need to make sure these functions are allowed in Internet Explorer.

2.1.1 Accessing the Web Configurator

1 Make sure your LTE Device hardware is properly connected (refer to the Quick Start Guide).

2 Launch your web browser.

3 Type "192.168.1.1" as the URL.

4 A password screen displays. Type “admin” as the default Username and “1234” as the default

password to access the device’s W eb Configur ator. Click Login. If you have changed the password, enter your password and click Login.

Figure 6 Password Screen

Note: For security reasons, the LTE Device automatically logs you out if you do not use

the web configurator for five minutes (default). If this happens, log in again.

B222s User’s Guide 21

Page 22

Chapter 2 Introducing the Web Configurator

5 The following screen displays if you have not yet changed your password. It is strongly

recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Skip to proceed to the main menu if you do not want to change the password now.

Figure 7 Change Password Screen

6 The Connection Status screen appears.

Figure 8 Connection Status

7 Click System Info to display the System Info screen, where you can view the LTE Device’s

interface and system information.

B222s User’s Guide

Page 23

2.2 The Web Configurator Layout

a b

Click Connection Status > System Info to show the following screen. (See Section 3.3 on page

31 for more information.)

Figure 9 Web Configurator Layout

Chapter 2 Introducing the Web Configurator

As illustrated above, the main screen is divided into these parts:

• A - title bar

• B - main window

• C - navigation panel

2.2.1 Title Bar

The title bar shows the following icon in the upper right corner.

Click this icon to log out of the web configurator.

B222s User’s Guide

Page 24

Chapter 2 Introducing the Web Configurator

2.2.2 Main Window

The main window displays information and configuration fields. It is discussed in the rest of this document.

After you click System Info on the Connection Status screen, the System Info screen is displayed. See Chapter 3 on page 31 for more information about the System Info screen.

If you click LAN Device on the System Info screen (a in Figure 9 on page 23), the Connection

Status screen appears. See Chapter 3 on page 29 for more information about the Connection Status screen.

If you click Virtual Device on the System Info screen (b in Figure 9 on page 23), a visual graphic appears, showing the connection status of the LTE Device’s ports. The connected ports are in color and disconnected ports are gray.

Figure 10 Virtual Device

2.2.3 Traffic Status

Use the Maintenance > Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. See Chapter 20 on page 159 for more information.

2.2.4 User Account

Use the Maintenance > User Accounts screen to configure system password for different user accounts. See Chapter 18 on page 155 for more information.

2.2.5 Navigation Panel

Use the menu items on the navigation panel to open screens to configure LTE Device features. The following table describes each menu ite m.

Table 2 Navigation Panel Summary

LINK TAB FUNCTION

Connection Status This screen shows the network status of the LTE Device and

Network Setting

computers/devices connected to it.

B222s User’s Guide

Page 25

Chapter 2 Introducing the Web Configurator

Table 2 Navigation Panel Summary (continued)

LINK TAB FUNCTION

Broadband Broadband Use this screen to view and modify your WAN interface. You can also

configure ISP parameters, WAN IP address assignment, DNS servers and other advanced properties.

Wireless General Use this screen to turn the wireless connection on or off, specify the

More AP Use this screen to configure multiple BSSs on the LTE Device. WPS Use this screen to use WPS (Wi-Fi Protected Setup) to establish a

WMM Use this screen to enable or disable Wi-Fi MultiMedia (WMM). Scheduling Use this screen to configure when the LTE Device enables or disables

Home Networking

Static Route Static Route Use this screen to view and set up static routes on the LTE Device. DNS Route DNS Route Use this screen to view and configure DNS routes. QoS General Use this screen to enable QoS and decide allowable bandwidth using

NAT Port Forwarding Use this screen to make your local servers visible to the outside

Dynamic DNS Dynamic DNS Use this screen to allow a static hostname alias for a dynamic IP

Security

Firewall General Use this screen to activate/deactivate the firewall.

MAC Filter MAC Filter Use this screen to allow specific devices t o access the LTE Device. Parental

Control

VoIP

LAN Setup Use this screen to configure LAN TCP/IP settings, and other advanced

Static DHCP Use this screen to assign specific IP addresses to individual MAC

UPnP Use this screen to enable the UPnP function.

Queue Setup Class Setup Use this screen to set up classifiers to sort traffic into different flows

Monitor

DMZ Use this screen to configure the IP address of the LTE Device’s DMZ

Sessions Use this screen to limit the number of NAT sessions a single client can

Services Use this screen to view and configure services. Access Control Use this screen to view and configure filter rules for incoming and

DoS Use this screen to activate/deactivate Denial of Service (DoS)

Parental Control Use this screen to define time periods and days during which the LTE

SSID(s) and configure the wireless LAN settings and WLAN authentication/security settings.

wireless connection.

the wireless LAN.

properties.

addresses.

QoS. Use this screen to configure QoS queue assignment.

and assign priority and define actions to be performed for a classified traffic flow.

Use this screen to view each queue’s statistics.

world.

interface.

establish.

address.

outgoing traffic.

protection.

Device performs parental control and/or block web sites with the specific URL.

B222s User’s Guide

Page 26

Chapter 2 Introducing the Web Configurator

Table 2 Navigation Panel Summary (continued)

LINK TAB FUNCTION

SIP SIP Service

Provider SIP Account Use this screen to set up information about your SIP account and

Phone Phone Device Use this screen to set which phone ports use which SIP accounts.

Region Use this screen to select your location.

Call Rule Speed Dial Use this screen to configure speed dial for SIP phone numbers that

System Monitor

Log System Log Use this screen to view the system logs for the categories that you

Phone Log Use this screen to view the LTE Device’s phone logs. VoIP Call His tory Use this screen to view the LTE Device’s VoIP call history.

Traffic Status WAN Use this screen to view the status of all network traffic going through

LAN Use this screen to view the status of all network traffic going through

NAT Use this screen to view the status of NAT sessions on the LTE Device.

VoIP St atus VoIP Status Use this screen to view the SIP, phone, and call status of the LTE

Maintenance

Users Account Users Account Use this screen to configure the passwords your user accounts. Remote MGMT Remote MGMT Use this screen to enable specific traffic directions for network

System System Use this screen to configure the LTE Device’s name, domain name,

Time Setting Time Setting Use this screen to change your LTE Device’s time and date. Log Setting Log Setting Use this screen to select which logs and/or immediate alerts your

Firmware Upgrade

Backup/ Restore

Reboot Reboot Use this screen to reboot the LTE Device without turning the power

Diagnostic Ping/TraceRoute Use this screen to test the connections to other devices. Auto Provision Auto Provision Use this screen to conf igure auto provision which automatically

Firmware Upgrade

Backup/Restore Use this screen to backup and restore your device’s configuration

Use this screen to configure your LTE Device’s Voice over IP settings.

configure audio settings such as volume levels for the phones connected to the LTE Device.

you call often.

select.

the WAN port of the LTE Device.

the LAN ports of the LTE Device.

Device.

services.

management inactivity time-out.

device is to record. You can also set it to e-mail the logs to you. Use this screen to upload firmware to your device.

(settings) or reset the factory default settings.

off.

updates the latest firmware and configuration to the LTE Device.

B222s User’s Guide

Page 27

PART II

Technical Reference

The appendices provide general information. Some details may not apply to your LTE Device.

Page 28

Page 29

Connection Status and System Info

3.1 Overview

After you log into the web configurator, the Connection Status screen appears. This shows the network connection status of the LTE Device and clients connected to it.

Use the System Info screen to look at the current status of the device, system resources, interfaces (LAN, WAN and WLAN), and SIP accounts. You can also register and unregister SIP accounts.

If you click Virtual Device on the System Info screen, a visual graphic appears, showing the connection status of the LTE Device’s ports. See Section 2.2.2 on page 24 for more information.

CHAPTER 3

3.2 The Connection Status Screen

Use this screen to view the network connection status of the device and its clients. A warning message appears if there is a connection problem.

B222s User’s Guide 29

Page 30

Chapter 3 Connection Status and System Info

If you prefer to view the status in a list, click List View in the Viewing mode selection box. You can configure how often you want the LTE Device to update this screen in Refresh Interval.

Figure 11 Connection Status: Icon View

Figure 12 Connection Status: List View

In Icon View, if you want to view information about a client, click the client’ s name and Info . Click the IP address if you want to change it. If you want to change the name or icon of the client, click Change name/icon.

In List View, you can also view the client’s information.

B222s User’s Guide

Page 31

3.3 The System Info Screen

Click Connection Status > System Info to open this screen.

Figure 13 System Info Screen

Chapter 3 Connection Status and System Info

Each field is described in the following table.

Table 3 System Info Screen

LABEL DESCRIPTION

Language Select the web configurator language from the drop-down list box. Refresh Interval Select how often you want the LTE Device to update this screen from the drop-

Device Information

B222s User’s Guide

down list box.

Host Name This field displays the LTE Device system name. It is used for identification. You

can change this in the Maintenance > System screen’s Host Name field. Model Name This is the model name of your device. MAC Address This is the MAC (Media Access Control) or Ethernet address unique to your LTE

Device.

Page 32

Chapter 3 Connection Status and System Info

Table 3 System Info Screen (continued)

LABEL DESCRIPTION

Firmware Version This field displays the current version of the firmware inside the device. It also

shows the date the firmware version was created. Go to the Maintenance >

Firmware Upgrade screen to change it.

WAN Information

Mode This is the method of encapsulation used by your ISP. IP Address This field displays the current IP address of the LTE Device in the WAN.

LAN Information

IP Address This field displays the current IP address of the LTE Device in the LAN. IP Subnet Mask This field displays the current subnet mask in the LAN. DHCP Server This field displays what DHCP services the LTE Device is providing to the LAN.

WLAN Information

Channel This is the channel number used by the LTE Device now. WPS Status Configured displays when a wireless client has connected to the LTE Device or

SSID (1~4) Information

SSID This is the descriptive name used to identify the LTE Device in the wireless LAN. Status This shows whether or not the SSID is enabled (on). Security Mode This displays the type of security the LTE Device is using in the wireless LAN.

LTE Status

Status This displays 4G LTE if there is an LTE connection, otherwise, it displays N/A. Signal Strength This displays the strength of the LTE connection that the LTE Device has with the

Service Provider This displays the service provider’s name of the connected LTE network. Frequency Band This displays LTE if there is an LTE connection. Connection Uptime This displays how long the LTE connection has been available since it was last

ODU F/W Version This displays the firmware version of the outdoor unit. Module F/W Version This displays the firmware version of LTE module. IMEI This displays the LTE Device’s International Mobile Equipment Identity number

IMSI This displays the International Mobile Subscriber Identity (IMSI) of the SIM card

Interface Status

Interface This column displays each interface the LTE Device has.

Choices are:

Server - The LTE Device is a DHCP server in the LAN. It assigns IP addresses to

other computers in the LAN.

None - The LTE Device is not providing any DHCP services to the LAN.

WPS is enabled and wireless or wireless security settings have been configured.

Unconfigured displays if WPS is disabled or wireless security settings have not

been configured.

base station which is also known as eNodeB or eNB.

established successfully.

(IMEI). An IMEI is a unique ID used to identify a mobile device.

inserted in the outdoor unit. An IMSI is a unique ID used to identify a mobile

subscriber in a mobile network.

B222s User’s Guide

Page 33

Chapter 3 Connection Status and System Info

Table 3 System Info Screen (continued)

LABEL DESCRIPTION

Status This field indicates whether or not the LTE Device is using the interface.

For the LTE WAN interface, this field displays Up when the LTE Device is connected

to an LTE network and Down when the LTE Device does not have an LTE

connection.

For the LAN interface, this field displays Up when the LTE Device is using the

interface and Down when the LTE Device is not using the interface.

For the WLAN interface, it displays Up when WLAN is enabled or Down when

WLAN is disabled. Rate For the LTE WAN interface, this displays 4G LTE if there is an LTE connection.

For the LAN interface, this displays the port speed and duplex setting.

For the WLAN interface, it displays the maximum transmission rate when WLAN is

enabled or N/A when WLAN is disabled.

System Status

System Up Time This field displays how long the LTE Device has been running since it last started

up. The LTE Device starts up when you plug it in, when you restart it

(Maintenance > Reboot), or when you reset it (see Section 1.7 on page 20). Current Date/Time This field displays the current date and time in the LTE Device. You can change this

in Maintenance > Time Setting. System Resource CPU Usage This field displays what percentage of the LTE Device’s processing ability is

Memory Usage This field displays what percentage of the LTE Device’s memory is currently used.

Registration Status

Account Thi s column displays each SIP account in the LTE Device. Action This field displays the current registration status of the SIP account. You have to

currently used. When this percentage is close to 100%, the LTE Device is running

at full load, and the throughput is not going to improve anymore. If you want some

applications to have more throughput, you should turn off other applications.

Usually , this percentage should not increase much. If memory usage does get close

to 100%, the LTE Device is probably becoming unstable, and you should restart

the device. See Chapter 24 on page 169, or turn off the device (unplug the power)

for a few seconds.

If the SIP account is already registered with the SIP server,

B222s User’s Guide

•Click Unregister to delete the SIP account’s registration in the SIP server . This does not cancel yo ur SIP ac count, b ut it deletes the mapping between yo ur SIP identity and your IP address or domain name.

• The second field displays Registered.

If the SIP account is not registered with the SIP server,

•Click Register to have the LTE Device attempt to register the SIP account with the SIP server.

• The second field displays the reason the account is not registered.

Inactive - The SIP account is not active. You can activate it in VoIP > SIP > SIP Settings.

the SIP server, the attempt failed. The LTE Device automatically tries to register the SIP account when you turn on the LTE Device or when you activate it.

Page 34

Chapter 3 Connection Status and System Info

Table 3 System Info Screen (continued)

LABEL DESCRIPTION

Account Status This shows Active when the SIP account has been registered and ready for use or

In-Active when the SIP account is not yet registered.

URI This field displays the account number and service domain of the SIP account. You

can change these in VoIP > SIP > SIP Settings.

B222s User’s Guide

Page 35

4.1 Overview

WAN

LAN

This chapter discusses the LTE Device’s Broadband screens. Use these screens to configure your LTE Device for Internet access.

A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.

This LTE Device supports LTE connection for the WAN only.

Figure 14 LAN and WAN

CHAPTER 4

Broadband

4.1.1 What You Can Do in this Chapter

•Use the Broadband screen to view, remo ve or add an LTE WAN interface. You can also configure the WAN settings on the LTE Device for Internet access (Section 4.2 on page 38).

4.1.2 What You Need to Know

The following terms and concepts may help as you read this chapter.

Encapsulation Method

Encapsulation is used to include data from an upper layer protocol into a lower layer protocol. To set up a WAN connection to the Internet, you need to use the same encapsulation method used by your ISP (Internet Service Provider).

B222s User’s Guide 35

Page 36

Chapter 4 Broadband

M1 M2 M3 M4

DHCP SERVER

WAN IP Address

The WAN IP address is an IP address for the L TE Device, which makes it accessible from an outside network. It is used by the LTE Device to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the LTE Device tries to access the Internet.

If your ISP assigns you a static WAN IP address, they should also assign you the subnet mask and DNS server IP address(es).

APN

Access Point Name (APN) is a unique string which indicates an LTE network. An APN is required for LTE stations to enter the LTE network and then the Internet.

CAPWAP

The LTE Device supports CAPWAP. This is ZyXEL’s implementation of the CAPWAP protocol (RFC

5415).

The CAPWAP dataflow is protected by Datagram Transport Layer Security (DTLS).

The following figure illustrates a CAPWAP wireless network. Y o u (U) configure the AP controller (C), which then automatically updates the configurations of the managed APs (M1 ~ M4).

Figure 15 CAPWAP Network Example

Note: The LTE Device can be a standalone AP (default), a CAPWAP managed AP, or a

CAPWAP AP controller.

CAPWAP Discovery and Management

The link between CAPWAP-enabled access points proceeds as follows:

1 An AP in managed AP mode joins a wired network (receives a dynamic IP address).

B222s User’s Guide

Page 37

Chapter 4 Broadband

2 The AP sends out a discovery request, looking for an AP in CAPWAP AP controller mode.

3 If there is an AP controller on the network, it receives the discovery request. If the AP controller is

in Manual mode it adds the details of the AP to its Unmanaged Access Points list, and you decide which available APs to manage. If the AP is in Always Accept mode, it automatically adds the AP to its Managed Access Points list and provides the managed AP with default configuration information, as well as securely transmitting the DTLS pre-shared key. The managed AP is ready for association with wireless clients.

Managed AP Finds the Controller

A managed LTE Device can find the controller in one of the following ways:

• Manually specify the controller’s IP address using the commands. See the LTE Device CLI Reference Guide for details.

• Get the controller’s IP address from a DHCP server with the controller’s IP address configured as option 138.

• Broadcasting to discover the controller within the broadcast domain.

The AP controller must have a static IP address; it cannot be a DHCP client.

CAPWAP and IP Subnets

By default, CAPWAP works only between devices with IP addresses in the same subnet (see the appendices for information on IP addresses and subnetting).

However, you can configure CAPWAP to operate between devices with IP addresses in different subnets by doing the following.

• Activate DHCP. Your network’s DHCP server must support option 138 defined in RFC 5415.

• Configure DHCP option 138 with the IP address of the CAPWAP AP controller on your network.

B222s User’s Guide

Page 38

Chapter 4 Broadband

SUBNET 1 SUBNET 2

CONTROLLER

MANAGED

DHCP SERVER + OPTION 138

CAPWAP

TRAFFIC

(STATIC IP)

DHCP Option 138 allows the CAPWAP management request (from the AP in managed AP mode) to reach the AP controller in a different subnet, as shown in the following figure.

Figure 16 CAPWAP and DHCP Option 138

Notes on CAPWAP

This section lists some additional features of ZyXEL’s implementation of the CAPWAP protocol.

• When the AP controller uses its internal Remote Authentication Dial In User Service (RADIUS) server, managed APs also use the AP controller’s authentication server to authenticate wireless clients.

• If a managed AP’s link to the AP controller is broken, the managed AP continues to use the wireless settings with which it was last provided.

4.1.3 Before You Begin

You may need to know your Internet access settings such as LTE APN, WAN IP address and SIM card’s PIN code if the INTERNET light on your LTE Device is off. Get this information from your service provider.

4.2 The Broadband Screen

The LTE Device must have a WAN interface to allow users to use the LTE connection to access the Internet. Use the Broadband screen to view or modify a WAN interface. You can also configure the L TE Device as part of a Control And Provisioning of Wireless Access Points (CAPW AP) network in this screen.

B222s User’s Guide

Page 39

Chapter 4 Broadband

Click Network Setting > Broadband. The following screen opens.

Figure 17 Network Setting > Broadband

The following table describes the fields in this screen.

Table 4 Network Setting > Broadband

LABEL DESCRIPTION

CAPWAP Setting CAPWAP Enable Select this to activate ?? CAPWAP AC Server Enter the IP address of the AC server.?? Apply Click this to save the change in this section. Cancel Click this to restore your previously saved settings in this section. Internet Setup Name This is the service name of the connection. APN This is the name of the LTE network to which the LTE Device will connect. Encapsulation This shows the method of encapsulation used by this connection. NAT This shows whether NAT is activated or not for this connection. NAT is not

available when the connection uses the bridging service.

Default Gateway This shows whether the LTE Device uses the interface of this connection as the

system default gateway.

Modify Click the Edit icon to configure the connection.

Click the Delete icon to delete this connection from the Device. A window displays asking you to confirm that you want to delete the connection.

4.2.1 Add/Edit Internet Connection

Use this screen to configure a WAN connection. The screen varies depending on the interface type, encapsulation, and WAN service type you select.

B222s User’s Guide

Page 40

Chapter 4 Broadband

Click the Add new WAN Interface in the Network Setting > Broadband screen or the Edit icon next to the connection you want to configure, the screen displays as shown next.

Figure 18 Broadband Add/Edit

The following table describes the fields in this screen.

Table 5 Broadband Add/Edit

LABEL DESCRIPTION

Name Specify the name for this WAN interface.?? APN Enter the Access Point Name (APN) of an LTE network, which your service provider gave

you.?? Dial String Enter the dial string of your 3G net card.?? IPv6/IPv4

Mode

MTU

NAT Enable Select this to activate NAT on the WAN. Apply as

Default Gateway

6to4 Tunneling

Apply Click Apply to save your changes. Back Click Back to return to the previous screen.

Select IPv4 Only if you just connect this WAN interface to an IPv4 network.

Select IPv6/IPv4 Dual Stack if you connect this WAN interface to both an IPv6 and an IPv4

networks.

Select IPv6 Only if you just connect this WAN interface to an IPv6 network.??

The Maximum Transmission Unit (MTU) defines the size of the largest packet allowed on an

interface or connection. Enter the MTU for this WAN interface in this field.

Select this if you need to transmit IPv6 packets over the IPv4 network through this WAN

interface, the IPv6 packets are encapsulated inside IPv4 packets.??

B222s User’s Guide

Page 41

4.3 Technical Reference

The following section contains additional technical information about the LTE Device features described in this chapter.

Encapsulation

Be sure to use the encapsulation method required by your ISP. The LTE Device supports the following methods:

IP Address Assignment

A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP. However the encapsulation method assigned influences your choices for IP address and default gateway.

DNS Server Address Assignment

Use Domain Name System (DNS) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it.

Chapter 4 Broadband

The LTE Device can get the DNS server addresses in the following ways.

1 The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you

2 If your ISP dynamically assigns the DNS server IP addresses (along with the LTE Device’s WAN IP

address), set the DNS server fields to get the DNS server address from the ISP.

LTE Frequency Band Table

See the following table for the frequency bands used in LTE wireless technologies.

Table 6 LTE Wireless Technologies

UPLINK (UL) OPERATING BAND BASE STATION RECEIVE

BAND

CPE TRANSMIT UL (LOW - HIGH) DL (LOW - HIGH)

1 1920 MHz – 1980 MHz 2110 MHz – 2170 MHz FDD 2 1850 MHz – 1910 MHz 1930 MHz – 1990 MHz FDD 3 1710 MHz – 1785 MHz 1805 MHz – 1880 MHz FDD 4 1710 MHz – 1755 MHz 2110 MHz – 2155 MHz FDD 5 824 MHz – 849 MHz 869 MHz – 894MHz FDD 6 830 MHz – 840 MHz 875 MHz – 885 MHz FDD 7 2500 MHz – 2570 MHz 2620 MHz – 2690 MHz FDD

DOWNLINK (DL) OPERATING BAND BASE STATION TRANSMIT CPE RECEIVE

DUPLEX MODE

B222s User’s Guide

Page 42

Chapter 4 Broadband

Table 6 LTE Wireless Technologies

UPLINK (UL) OPERATING BAND

DOWNLINK (DL) OPERATING BAND

BAND

BASE STATION RECEIVE CPE TRANSMIT

BASE STATION TRANSMIT CPE RECEIVE

DUPLEX MODE

UL (LOW - HIGH) DL (LOW - HIGH)

8 880 MHz – 915 MHz 925 MHz – 960 MHz FDD

9 1749.9 MHz – 1784.9 MHz 1844.9 MHz – 1879.9 MHz FDD 10 1710 MHz – 1770 MHz 2110 MHz – 2170 MHz FDD 11 1427.9 MHz – 1447.9 MHz 1475.9 MHz – 1495.9 MHz FDD 12 699 MHz – 716 MHz 729 MHz – 746 MHz FDD 13 777 MHz – 787 MHz 746 MHz – 756 MHz FDD 14 788 MHz – 798 MHz 758 MHz – 768 MHz FDD 15 Reserved Reserved FDD 16 Reserved Reserved FDD 17 704 MHz – 716 MHz 734 MHz – 746 MHz FDD 18 815 MHz – 830 MHz 860 MHz – 875 MHz FDD 19 830 MHz – 845 MHz 875 MHz – 890 MHz FDD 20 832 MHz – 862 MHz 791 MHz – 821 MHz FDD 21 1447.9 MHz – 1462.9 MHz 1495.9 MHz – 1510.9 MHz FDD

...

24 1626.5 MHz – 1660.5 MHz 1525 MHz – 1559 MHz FDD

... 33 1900 MHz – 1920 MHz 1900 MHz – 1920 MHz TDD 34 2010 MHz – 2025 MHz 2010 MHz – 2025 MHz TDD 35 1850 MHz – 1910 MHz 1850 MHz – 1910 MHz TDD 36 1930 MHz – 1990 MHz 1930 MHz – 1990 MHz TDD 37 1910 MHz – 1930 MHz 1910 MHz – 1930 MHz TDD 38 2570 MHz – 2620 MHz 2570 MHz – 2620 MHz TDD 39 1880 MHz – 1920 MHz 1880 MHz – 1920 MHz TDD 40 2300 MHz – 2400 MHz 2300 MHz – 2400 MHz TDD 41 2496 MHz 2690 MHz 2496 MHz 2690 MHz TDD 42 3400 MHz – 3600 MHz 3400 MHz – 3600 MHz TDD 43 3600 MHz – 3800 MHz 3600 MHz – 3800 MHz TDD

Note 1: Band 6 is not applicable

B222s User’s Guide

Page 43

5.1 Overview

This chapter describes the LTE Device’s Network Setting > Wireless screens. Use these screens to set up your LTE Device’s wireless connection.

5.1.1 What You Can Do in this Chapter

•Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 5.2 on page 45).

•Use the More AP screen to set up multiple wireless networks on your LTE Device (Section 5.3 on

page 51).

•Use the WPS screen to enable or disable WPS, view or generate a security PIN (Personal Identification Number) (Section 5.4 on page 53).

•Use the WMM screen to enable Wi-Fi MultiMedia (WMM) to ensure quality of service in wireless networks for multimedia applications (Section 5.5 on page 55).

•Use the Scheduling screen to schedule a time period for the wireless LAN to operate each day (Section 5.6 on page 57).

CHAPTER 5

Wireless

You don’t necessarily need to use all these screens to set up your wireless connection. For example, you may just want to set up a network name, a wireless radio channel and some security in the General screen.

5.1.2 Wireless Network Overview

Wireless networks consist of wireless clients, access points and bridges.

• A wireless client is a radio connected to a user’s computer.

• An access point is a radio with a wired connection to a network, which can connect with numerous wireless clients and let them access the network.

• A bridge is a radio that relays communications between access points and wireless clients, extending a network’s range.

Traditionally, a wireless network operates in one of two ways.

• An “infrastructure” type of network has one or more access points and one or more wireless clients. The wireless clients connect to the access points.

• An “ad-hoc” type of network is one in which there is no access point. Wireless clients connect to one another in order to exchange information.

B222s User’s Guide 43

Page 44

Chapter 5 Wireless

The following figure provides an example of a wireless network.

Figure 19 Example of a Wireless Network

The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your LTE Device is the AP.

Every wireless network must follow these basic guidelines.

• Every device in the same wireless network must use the same SSID. The SSID is the name of the wireless network. It stands for Service Set IDentifier.

• If two wireless networks overlap, they should use a different channel. Like radio stations or television channels, each wireless network uses a specific channel, or

frequency, to send and receive information.

• Every device in the same wireless network must use security compatible with the AP.

• Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network.

Radio Channels

In the radio spectrum, there are certain frequency bands allocated for unlicensed, civilian use. For the purposes of wireless networking, these bands are divided into numerous channels. This allows a variety of networks to exist in the same place without interfering with one another. When you create a network, you must select a channel to use.

Since the available unlicensed spectrum varies from one country to another, the number of available channels also varies.

A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce

B222s User’s Guide

Page 45

interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance. Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should be on a channel at least five channels away from a channel that an adjacent AP is using. For example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to

select a channel between 6 or 11.

5.1.3 Before You Begin

Before you start using these screens, ask yourself the following questions. See Section 5.7 on page

57 if some of the terms used here do not make sense to you.

• What wireless standards do the other wireless devices support (IEEE 802.11g, for example)? What is the most appropriate standard to use?

• What security options do the other wireless devices support (WPA-PSK, for example)? What is the best one to use?

• Do the other wireless devices support WPS (Wi-Fi Protected Setup)? If so, you can set up a wellsecured network very easily.

Even if some of your devices support WPS and some do not, you can use WPS to set up your network and then add the non-WPS devices manually, although this is somewhat more complicated to do.

• What advanced options do you want to configure, if any? If you want to configure advanced options, ensure that you know precisely what you want to do. If you do not want to configure advanced options, leave them alone.

Chapter 5 Wireless

5.2 The Wireless General Screen

Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode.

Note: If you are configuring the LTE Device from a computer connected to the wireles s

LAN and you change the LTE Device’s SSID or security settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the LTE Device’s new settings.

B222s User’s Guide

Page 46

Chapter 5 Wireless

Click Network Setting > Wireless to open the General screen. Select the Enable Wireless LAN checkbox to show the Wireless configurations.

Figure 20 Network Setting > Wireless > General

The following table describes the labels in this screen.

Table 7 Network > Wireless LAN > General

LABEL DESCRIPTION

Wireless Network Setup Wireless Select the Enable Wireless LAN check box to acti vate the wireless LAN. Wireless Network Settings Wireless

Network Name (SSID)

Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station

BSSID This shows the MAC address of the wireless interface on the LTE Device when

Mode Select This makes sure that only compliant WLAN devices can a ssociate with the LTE

The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Wireless devices associating to the access point (AP) must have the same SSID.

Enter a descriptive name (up to 32 English keyboard characters) for the wireless LAN.

cannot obtain the SSID through scanning using a site survey tool.

wireless LAN is enabled.

Device. Select 802.11b/g/n to allow IEEE802.11b, IEEE802.11g and IEEE802.11n

compliant WLAN devices to associate with the LTE Device. The transmission rate of your LTE Device might be reduced.

Select 802.11b/g to allow both IEEE802.11b and IEEE802.11g compliant WLAN devices to associate with the LTE Device. The transmission rate of your LTE Device might be reduced.

Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the LTE Device. Select 802.11n only in 2.4G band to allow only IEEE 802.11n compliant WLAN devices with the same frequency range (2.4 GHz) to associate with the LTE Device.

B222s User’s Guide

Page 47

Chapter 5 Wireless

Table 7 Network > Wireless LAN > General (continued)

LABEL DESCRIPTION

Channel Selection

Operating Channel

Security Level Security Mode Select Basic or More Secure to add security on this wireless network. The wi reless

Apply Click Apply to save your changes back to the LTE Device. Cancel Click Cancel to restore your previously saved settings.

Set the channel depending on your particular region. Select a channel or use Auto to have the LTE Device automatically determine a

channel to use. If you are having problems with wireless interference, changing the channel may help. Try to use a channel that is as many channels away from any channels used by neighboring APs as possible. The channel number which the LTE Device is currently using then displays in the Operating Channel field.

This is the channel currently being used by your AP.

clients which want to associate to this network must have same wireless security settings as the LTE Device. When you select to use a security, additional options appears in this screen.

Or you can select No Security to allow any client to associate this network without any data encryption or authentication.

See the following sections for more details about wireless security modes.

5.2.1 No Security

Select No Security to allow wireless stations to communicate with the access points without any data encryption or authentication.

Note: If you do n ot enable any wi r eless security on your LTE Device, your netwo rk is

accessible to any wireless networking device that is within range.

Figure 21 Wireless > General: No Security

The following table describes the labels in this screen.

Table 8 Wireless > General: No Security

LABEL DESCRIPTION

Security Level Choose No Security from the sliding bar.

5.2.2 Basic (Static WEP/Shared WEP Encryption)

WEP encryption scrambles the data transmitted between the wireless stations and the access points (AP) to keep network communications private. Both the wireless stations and the access points must use the same WEP key.

B222s User’s Guide

Page 48

Chapter 5 Wireless

There are two types of WEP authentication namely, Open System (Static WEP) and Shared Key (Shared WEP).

Open system is implemented for ease-of-use and when security is not an issue. The wireless station and the AP or peer computer do not share a secret key. Thus the wireless stations can associate with any AP or peer computer and listen to any transmitted data that is not encrypted.

Shared key mode involves a shared secret key to authenticate the wireless station to the AP or peer computer. This requires you to enable the wireless LAN security and use same settings on both the wireless station and the AP or peer computer.

In order to configure and enable WEP encryption, click Network Settings > Wireless to display the General screen. Select Basic as the security level. Then select Static WEP or Shared WEP from the Security Mode list.

Figure 22 Wireless > General: Basic (Static WEP/Shared WEP)

The following table describes the labels in this screen.

Table 9 Wireless > General: Basic (Static WEP/Shared WEP)

LABEL DESCRIPTION

Security Mode Choose Static WEP or Shared WEP from the drop-down list box.

• Select Static WEP to have the L TE Device allow association with wireless clients that use Open System mode. Data transfer is encrypted as long as the wireless client has the correct WEP key for encryption. The LTE Device authenticates wireless clients using Shared Key mode that have the correct WEP key.

• Select Shared WEP to have the LTE Device authenticate only those wireless clients that use Shared Key mode and have the correct WEP key.

WEP Key Enter a WEP key that will be used to encrypt data. Both the LTE Device and the

wireless stations must use the same WEP key for data transmission. If you want to manually set the WEP key, enter any 5 or 13 characters (ASCII

string) or 10 or 26 hexadecimal characters ("0-9", "A-F") for a 64-bit or 128-bit WEP key respectively.

B222s User’s Guide

Page 49

5.2.3 More Secure (WPA(2)-PSK)

The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the LTE Device and the connecting client share a common password in order to validate the connection. This type of encryption, while robust, is not as strong as WPA, WPA2 or even WPA2-PSK. The WPA2-PSK security mode is a newer, more robust version of the WPA encryption standard. It offers slightly better security, although the use of PSK makes it less robust than it could be.

Click Network Settings > Wireless to display the General screen. Select More Secure as the security level. Then select WPA-PSK or WPA2-PSK from the Security Mode list.

Figure 23 Wireless > General: More Secure: WPA(2)-PSK

Chapter 5 Wireless

The following table describes the labels in this screen.

Table 10 Wireless > General: WPA(2)-PSK

LABEL DESCRIPTION

Security Level Select More Secure to enable WPA(2)-PSK data encryption. Security Mode Select WPA-PSK or WPA2-PSK from the drop-down list box. Pre-Shared Key The encryption mechanisms used for WPA/WPA2 and WPA-PSK/WPA2-PSK

are the same. The only difference between the two is that WPA-PSK/WPA2- PSK uses a simple common password, instead of user-specific credentials.

Type a pre-shared key from 8 to 63 case-sensitive ASCII characters or 64 hexidecimal digits.

more.../hide more

Click more... to show more fields in this section. Click hide more to hide them.

B222s User’s Guide

Page 50

Chapter 5 Wireless

Table 10 Wireless > General: WPA(2)-PSK (continued)

LABEL DESCRIPTION

WPA-PSK Compatible

Encryption If the security mode is WPA-PSK, the encryption mode is set to TKIP to enable

This field appears when you choose WPA-PSK2 as the Security Mode. Check this field to allow wireless devices using WPA-PSK security mode to

connect to your LTE Device. The LTE D evice supports WPA-PSK and WPA2-PSK simultaneously.

Temporal Key Integrity Protocol (TKIP) security on your wireless network. If the security mode is WPA-PSK2 and WPA-PSK Compatible is disabled, the

encryption mode is set to AES to enable Advanced Encryption System (AES) security on your wireless network. AES provides superior security to TKIP.

If the security mode is WPA-PSK2 and WPA-PSK Compatible is enabled, the encryption mode is set to TKIPAES MIX to allow both TKIP and AES types of security in your wireless network.

5.2.4 WPA(2) Authentication

The WPA2 security mode is currently the most robust form of encryption for wireless networks. It requires a RADIUS server to authenticate user credentials and is a full implementation the security protocol. Use this security option for maximum protection of your network. However, it is the least backwards compatible with older devices.

The WPA security mode is a security subset of WPA2. It requires the presence of a RADIUS server on your network in order to validate user credentials. This encryption standard is slightly older than WPA2 and therefore is more compatible with older devices.

Click Network Settings > Wireless to display the General screen. Select More Secure as the security level. Then select WPA or WPA2 from the Security Mode list.

Figure 24 Wireless > General: More Secure: WPA(2)

B222s User’s Guide

Page 51

Chapter 5 Wireless

The following table describes the labels in this screen.

Table 11 Wireless > General: More Secure: WPA(2)

LABEL DESCRIPTION

Security Level Select More Secure to enable WPA(2)-PSK data encryption. Security Mode Choose WPA or WPA2 from the drop-down list box. Authentication Server

IP Address Enter the IP address of the external authentication server in dotted decimal

Port Number Enter the port number of the external authentication server. The default port

Shared Secret Enter a password (up to 128 alphanumeric characters) as the key to be shared

more.../hide more Click more... to show more fields in this section. Click hide more to hide

WPA Compatible This field is only available for WPA2. Select this if you want the LTE Device to

Group Key Update Timer

Encryption If the security mode is WPA, the encryption mode is set to TKIP to enable

notation.

number is 1812. You need not change this value unless your network administrator instructs you

to do so with additional information.

between the external authentication se rver and the LTE Device. The key must be the same on the external authentication server and your LTE

Device. The key is not sent over the network.

them.

support WPA and WPA2 simultaneously. The Group Key Update Timer is the rate at which the RADIUS server sends a

new group key out to all clients. If the value is set to “0”, the update timer function is disabled.

Temporal Key Integrity Protocol (TKIP) security on your wireless network. If the security mode is WPA2, the encryption mode is set to AES to enable

Advanced Encryption System (AES) security on your wireless network. AES provides superior security to TKIP.

5.3 The More AP Screen

The L TE Device can broadcast up to four wireless network names at the same time. This means that users can connect to the LTE Device using different SSIDs. You can secure the connection on each SSID profile so that wireless clients connecting to the LTE Device using different SSIDs cannot communicate with each other.

This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the LTE Device.

Click Network Settings > Wireless > More AP. The following screen displays.

Figure 25 Network Settings > Wireless > More AP

B222s User’s Guide

Page 52

Chapter 5 Wireless

The following table describes the labels in this screen.

Table 12 Network Settings > Wireless > More AP

LABEL DESCRIPTION

# This is the index number of the entry. Active This field indicates whether this SSID is active. A yellow bulb si gnifies that this

SSID An SSID profile is the set of parameters relating to one of the LTE Device’s BSSs.

Security This field indica tes the security mode of the SSID profile. Modify Click the Edit icon to configure the SSID profile.

5.3.1 Edit More AP

Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the More AP screen. The following screen displays.

SSID is active. A gray bulb signifies that this SSID is not active.

The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated.

This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.

Figure 26 Wireless > More AP: Edit

The following table describes the fields in this screen.

Table 13 Wireless > More AP: Edit

LABEL DESCRIPTION

Wireless Network Setup Wireless Select the Enable Wireless LAN check box to activate the wireless LAN. Wireless Network Settings

B222s User’s Guide

Page 53

Chapter 5 Wireless

Table 13 Wireless > More AP: Edit (continued)

LABEL DESCRIPTION

Wireless Network Name (SSID)

Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a

BSSID This shows the MAC address of the wireless interface on the LTE Device

Security Level Security Mode Select Basic (WEP) or More Secure (W PA(2)-PSK, WPA(2)) to add

Apply Click Apply to save your changes. Back Click Back to exit this screen without saving.

The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Wireless devices associating to the access point (AP) must have the same SSID.

Enter a descriptive name (up to 32 English keyboard characters) for the wireless LAN.

station cannot obtain the SSID through scanning using a site survey tool.

when wireless LAN is enabled.

security on this wireless network. The wireless clients which want to associate to this network must have same wireless security settings as the LTE Device. After you select to use a security, additional options appears in this screen.

Or you can select No Security to allow any client to associate this network without any data encryption or authentication.

See Section 5.2.1 on page 47 for more details about this field.

5.4 The WPS Screen

Use this screen to configure WiFi Protected Setup (WPS) on your LTE Device.

WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices. Both devices must support WPS. See Section 5.7.6.3 on page 64 for more information about WPS.

Note: The LTE Device applies the security settings of the SSID1 profile (see Section 5.2

on page 45). If you want to use the WPS feature, make sure you have set the

security mode of SSID1 to WPA-PSK, WPA2-PSK or No Security.

B222s User’s Guide

Page 54

Chapter 5 Wireless

Click Network Setting > Wireless > WPS. The following screen displays. Select Enable and click Apply to activate the WPS function. Then you can configure the WPS settings in this screen.

Figure 27 Network Setting > Wireless > WPS

The following table describes the labels in this screen.

Table 14 Network Setting > Wireless > WPS

LABEL DESCRIPTION

Enable WPS Select Enable to activate WPS on the LTE Device. Add a new device with WPS Method Method 1 PBC Use this section to set up a WPS wireless network using Push Button

Configuration (PBC).

WPS Click this button to add another WPS-enabled wireless device (within wireless

range of the LTE Device) to your wireless network. This button may either be a physical button on the outside of device, or a menu button similar to the WPS button on this screen.

Note: You must press the other wireless device’s WPS button within two minutes

of pressing this button.

Method 2 PIN Use this section to set up a WPS wirele ss network by entering the P IN (P ersonal

Identification Number) of the client into the LTE Device.

B222s User’s Guide

Page 55

Table 14 Network Setting > Wireless > WPS (continued)

LABEL DESCRIPTION

click Register to authenticate and add the wireless device to your wireless network.

You can find the PIN either on the outside of the device, or by checking the device’s settings.

Note: You must also activate WPS on that device within two minutes to have it

present its PIN to the LTE Device.

WPS Configuration Summary

AP PIN The PIN of the LTE Device is shown here. Enter this PIN in the configuration

Status This displays Configured when the LTE Device has connected to a wireless

Release Configuration

802.11 Mode This is the 802.11 mode used. Only compliant WLAN devices can associate with

SSID This is the name of the wireless network. Security This is the type of wireless security employed by the network.

Apply Click Apply to save your changes.

utility of the device you want to connect to using WPS. The PIN is not necessary when you use WPS push-button method. Click the Generate New PIN button to have the LTE Device create a new PIN.

network using WPS or Enable WPS is selected and wireless or wireless security settings have been changed. The current wireless and wireless security settings also appear in the screen.

This displays Not Configured when there is no wireless or wireless security changes on the LTE Device or you click Release Configuration to remove the configured wireless and wireless security settings.

This button is available when the WPS status is Configured. Click this button to remove all configured wireless and wireless security se ttings

for WPS connections on the LTE Device.

the LTE Device.

Chapter 5 Wireless

5.5 The WMM Screen

Use this screen to enable or disable Wi-Fi MultiMedia (WMM) wireless networks for multimedia applications.

B222s User’s Guide

Page 56

Chapter 5 Wireless

Click Network Setting > Wireless > WMM. The following screen displays.

Figure 28 Network Setting > Wireless > WMM

The following table describes the labels in this screen.

Table 15 Network Setting > Wireless > WMM

LABEL DESCRIPTION

Enable WMM of SSID1~4

Enable WMM Automatic Power Save Deliver (APSD)

Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings.

This enables the LTE Device to automatically give a service a priority level according to the ToS value in the IP header of packets it sends. WMM QoS (Wifi MultiMedia Quality of Service) gives high priority to voice and video , which makes them run more smoothly.

Click this to increase battery life for battery-powered wireless clients. APSD uses a longer beacon interval when transmitting traffic that does not require a short packet exchange interval.

B222s User’s Guide

Page 57

5.6 Scheduling Screen

Click Network Setting > Wireless > Scheduling to open the Wireless LAN Scheduling screen. Use this screen to configure when the LTE Device enables or disables the wireless LAN.

Figure 29 Network Setting > Wireless > Scheduling

Chapter 5 Wireless

The following table describes the labels in this screen.

Table 16 Network Setting > Wireless > Scheduling

LABEL DESCRIPTION

Wireless LAN Scheduling

WLAN status Select On or Off to enable or disable the wireless LAN. Day Select the day(s) you want to turn the wireless LAN on or off. Between the

following times

Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings.

Select Enable to activate wireless LAN scheduling on your LTE Device.

Specify the time period during which to apply the schedule. For example, you want the wireless network to be only available during work

hours. Check Mon ~ Fri in the day column, and specify 8:00 ~ 18:00 in the time table.

5.7 Technical Reference

This section discusses wireless LANs in depth. For more information, see the appendix.

B222s User’s Guide

Page 58

Chapter 5 Wireless

5.7.1 Additional Wireless Terms

The following table describes some wireless network terms and acronyms used in the LTE Device’s web configurator.

Table 17 Additional Wireless Terms

TERM DESCRIPTION

RTS/CTS Threshold In a wireless network which covers a large area, wireless devices are

sometimes not aware of each other’s presence. This may cause th em to send information to the AP at the same time and result in information colliding and not getting through.

By setting this value lower th an th e defaul t v a lue, t he wirel ess devic es mu st sometimes get permission to send information to the LTE Device. The lower the value, the more often the devices must get permission.

If this value is greater than the fragmentation threshold value (see below), then wireless devices never have to get permission to send information to the LTE Device.

Preamble A preamble affects the timing in your wireless network. There are two

Authentication The process of verifying whether a wireless device is allowed to use the

Fragmentation Threshold

preamble modes: long and short. If a device uses a different preamble mode than the LTE Device does, it cannot communicate with the LTE Device.

wireless network. A small fragmentation threshold is recommended for busy networks, while a

larger threshold provides faster performance if the network is not very busy.

5.7.2 Wireless Security Overview

By their nature, radio communications are simple to intercept. For wireless data networks, this means that anyone within range of a wireless network without security can not only read the data passing over the airwaves, but also join the network. Once an unauthorized person has access to the network, he or she can steal information or introduce malware (malicious software) intended to compromise the network. For these reasons, a variety of security systems have been developed to ensure that only authorized people can use a wireless data network, or understand the data carried on it.

These security standards do two things. First, they authenticate. This means that only people presenting the right credentials (often a username and password, or a “key” phrase) can access the network. Second, they encrypt. This means that the information sent over the air is encoded. Only people with the code key can understand the information, and only people who have been authenticated are given the code key.

These security standards vary in effectiveness. Some can be broken, such as the old Wired Equivalent Protocol (WEP). Using WEP is better than using no security at all, but it will not keep a determined attacker out. Other security standards are secure in themselves but can be broken if a user does not use them properly . For example, the WP A -PSK securit y standard is very secure if you use a long key which is difficult for an attacker’s software to guess - for example, a twenty-letter long string of apparently random numbers and letters - but it is not very secure if you use a short key which is very easy to guess - for example, a three-letter word from the dictionary.

Because of the damage that can be done by a malicious attacker, it’s not just people who have sensitive information on their network who should use security. Everybody who uses any wireless network should ensure that effective security is in place.

B222s User’s Guide

Page 59

A good way to come up with effective security keys, passwords and so on is to use obscure information that you personally will easily remember, and to enter it in a way that appears random and does not include real words. For example, if your mother owns a 1970 Dodge Challenger and her favorite movie is Vanishing Point (which you know was made in 1971) you could use “70dodchal71vanpoi” as your security key.

The following sections introduce different types of wireless security you can set up in the wireless network.

5.7.2.1 SSID

Normally, the LTE Device acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the LTE Device does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess.

This type of security is fairly weak, however, because there are ways for unauthorized wireless devices to get the SSID. In addition, unauthorized wireless devices can still see the information that is sent in the wireless network.

5.7.2.2 MAC Address Filter

Chapter 5 Wireless

Every device that can use a wireless network has a unique identification number, called a MAC address. 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each device in the wireless network, see the device’s User’s Guide or other documentation.

You can use the MAC address filter to tell the LTE Device which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security). If a device is not allowed to use the wireless network, it does not matter if it has the correct information.

This type of security does not protect the information that is sent in the wireless network. Furthermore, there are ways for unauthorized wireless devices to get the MAC address of an authorized device. Then, they can use that MAC address to use the wireless network.

A MAC address is usually written using twelve hexadecimal characters2; for example,

5.7.2.3 User Authentication

Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before using it. However, every device in the wireless network has to support IEEE 802.1x to do this.

For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is a server used in businesses more than in homes. If you do not have a RADIUS server, you cannot set up user names and passwords for your users.

Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network.

1. Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds

2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.

B222s User’s Guide

of wireless devices might not have MAC addresses.

Page 60

Chapter 5 Wireless

5.7.2.4 Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message.

The types of encryption you can choose depend on the type of authentication. (See Section 5.7.2.3

on page 59 for information about this.)

Table 18 Types of Encryption for Each Type of Authentication

Weakest No Security WPA

Strongest WPA2-PSK WPA2

For example, if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users do not log in to the wireless network, you can choose no encryption, Static WEP, WPA-PSK, or WPA2-PSK.

NO AUTHENTICATION RADIUS SERVER

Static WEP WPA-PSK

Usually, you should set up the strongest encryption that every device in the wireless network supports. For example, suppose you have a wireless network with the LTE Device and you do not have a RADIUS server. Therefore, there is no authentication. Suppose the wireless network has two devices. Device A only supports WEP, and device B supports WEP and WPA. Therefore, you should set up Static WEP in the wireless network.

Note: It is recommended that wireless networks use WPA-PSK, WPA, or stronger

encryption. The other types of encryption are better than none at all, but it is still possible for unauthorized wireless devices to figure out the original information pretty quickly.

When you select WPA2 or WPA2-PSK in your LTE Device, you can also select an option (WPA compatible) to support WPA as well. In this case, if some of the devices support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the LTE Device.

Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key.

5.7.3 Signal Problems

Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption.

Problems with distance occur when the two radios are too far apart. Problems with interference occur when other radio waves interrupt the data signal. Interference may come from other radio transmissions, such as military or air traffic control communications, or from machines that are coincidental emitters such as electric motors or microwaves. Problems with absorption occur when physical objects (such as thick walls) are between the two radios, muffling the signal.

B222s User’s Guide

Page 61

5.7.4 BSS

A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).

Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is disabled, wireless station A and B can access the wired network and communicate with each other . When Intra-BSS traffic blocking is enabled, wireless station A and B can still access the wired network but cannot communicate with each other.

Figure 30 Basic Service set

Chapter 5 Wireless

5.7.5 MBSSID

Traditionally, you need to use different APs to configure different Basic Service Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The LTE Device’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously. You can then assign varying QoS priorities and/or security modes to different SSIDs.

Wireless devices can use different BSSIDs to associate with the same AP.

5.7.5.1 Notes on Multiple BSSs

• A maximum of eight BSSs are allowed on one AP simultaneously.

• You must use di f fe rent keys for different BSSs. If two wireless devices have different BSSIDs (they are in different BSSs), but have the same keys, they may hear each other’s communications (but not communicate with each other).

• MBSSID should not replace but rather be used in conjunction with 802.1x security.

B222s User’s Guide

Page 62

Chapter 5 Wireless

5.7.6 WiFi Protected Setup (WPS)

Your LTE Device supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance.

WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Each WPS connection works between two devices. Both devices must support WPS (check each device’s documentation to make sure).

Depending on the devices you have, you can either press a button (on the device itself, or in its configuration utility) or enter a PIN (a unique Personal Identification Number that allows one device to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two minutes to find another device that also has WPS activated. Then, the two devices connect and set up a secure network by themselves.

5.7.6.1 Push Button Configuration

WPS Push Button Configuration (PBC) is initiated by pressing a button on each WPS-enabled device, and allowing them to connect automatically. You do not need to enter any information.

Not every WPS-enabled device has a physical WPS button. Some may have a WPS PBC button in their configuration utilities instead of or in addition to the physical button.

Take the following steps to set up WPS using the button.

1 Ensure that the two devices you want to set up are within wireless range of one another.

2 Look for a WPS button on each device. If the device does not have one, log into its configuration

utility and locate the button (see the device’s User’s Guide for how to do this - for the LTE Device, see Section 5.4 on page 53).

3 Press the button on one of the devices (it doesn’t matter which). For the L TE Device you must press

the WPS button for more than three seconds.

4 Within two minutes, press the button on the other device. The registrar sends the network name

(SSID) and security key through an secure connection to the enrollee.

If you need to make sure that WPS worked, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful.

5.7.6.2 PIN Configuration

Each WPS-enabled device has its own PIN (Personal Identification Number). This may either be static (it cannot be changed) or dynamic (in some devices you can generate a new PIN by clicking on a button in the configuration interface).

Use the PIN method instead of the push-button configuration (PBC) method if you want to ensure that the connection is established between the devices you specify, not just the first two devices to activate WPS in range of each other. However, you need to log into the configuration interfaces of both devices to use the PIN method.

When you use the PIN method, y ou must enter the PIN from one device ( usually the wireless cl ient) into the second device (usually the Access Point or wireless router). Then, when WPS is activated

B222s User’s Guide

Page 63

Chapter 5 Wireless

on the first device, it presents its PIN to the second device. If the PIN matches, one device sends the network and security information to the other, allowing it to join the network.

Take the following steps to set up a WPS connection between an access point or wireless router (referred to here as the AP) and a client device using the PIN method.

1 Ensure WPS is enabled on both devices.

2 Access the WPS section of the AP’s configuration interface. See the device’s User’ s Guide for how to

do this.

3 Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the

client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the LTE Device, see Section 5.4 on page 53).

4 Enter the client’s PIN in the AP’s configuration interface.

5 If the client device’s configuration interface has an area for entering another device’s PIN, you can

either enter the client’s PIN in the AP, or enter the AP’s PIN in the client - it does not matter which.

6 Start WPS on both devices within two minutes.

7 Use the configuration utility to activate WPS, not the push-button on the device itself.

8 On a computer connected to the wireless client, try to connect to the Internet. If you can connect,

WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility . If

you see the wireless client in the list, WPS was successful.

B222s User’s Guide

Page 64

Chapter 5 Wireless

ENROLLEE

SECURE EAP TUNNEL

SSID

WPA(2)-PSK

WITHIN 2 MINUTES

COMMUNICATION

This device’s

WPS

Enter WPS PIN

WPS

from other device:

WPS PIN: 123456

WPS

START

WPS

START

REGISTRAR

The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method.

Figure 31 Example WPS Process: PIN Method

5.7.6.3 How WPS Works

When two WPS-enabled devices connect, each device must assume a specific role. One device acts as the registrar (the device that supplies network and security settings) and the other device acts as the enrollee (the device that receives network and security settings. The registrar creates a secure EAP (Extensible Authentication Protocol) tunnel and sends the network name (SSID) and the WPA-PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly.

B222s User’s Guide

Page 65

Chapter 5 Wireless

SECURE TUNNEL

SECURITY INFO

WITHIN 2 MINUTES

COMMUNICATION

ACTIVATE

WPS

ACTIVATE

WPS

WPS HANDSHAKE

REGISTRARENROLLEE

The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point.

Figure 32 How WPS works

5.7.6.4 Example WPS Network Setup

The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary.

The WPS connection process is like a handshake; only two devices participate in each WPS transaction. If you want to add more devices you should repeat the process with one of the existing networked devices and the new device.

Note that the access point (AP) is not always the registrar, and the wireless client is not always the enrollee. All WPS-certified APs can be a registrar, and so can some WPS-enabled wireless clients.

By default, a WPS devices is “unconfigured”. This means that it is not part of an existing network and can act as either enrollee or registrar (if it supports both functions). If the registrar is unconfigured, the security settings it transmits to the enrollee are randomly-generated. Once a WPS-enabled device has connected to another device using WPS, it becomes “configured”. A configured wireless client can still act as enrollee or registrar in subsequent WPS connections, but a configured access point can no longer act as enrollee. It will be the registrar in all subsequent WPS connections in which it is involved. If you want a configured AP to act as an enrollee, you must reset it to its factory defaults.

This section shows how security settings are distributed in an example WPS setup.

The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1

B222s User’s Guide

Page 66

Chapter 5 Wireless

REGISTRARENROLLEE

SECURITY INFO

CLIENT 1

AP1

REGISTRAR

CLIENT 1

AP1

ENROLLEE

CLIENT 2

EXISTING CONNECTION

is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information.

Figure 33 WPS: Example Network Step 1

In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network. In this case, AP1 must be the registrar, since it is configured (it already has security information for the network). AP1 supplies the existing security information to Client 2.

Figure 34 WPS: Example Network Step 2

B222s User’s Guide

Page 67

Chapter 5 Wireless

CLIENT 1

AP1

REGISTRAR

CLIENT 2

EXISTING CONNECTION

ENROLLEE

AP2

In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead.

Figure 35 WPS: Example Network Step 3

5.7.6.5 Limitations of WPS

WPS has some limitations of which you should be aware.

• WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It does not work in Ad-Hoc networks (where there is no AP).

• When you use WPS, it works between two devices only. You cannot enroll multiple devices simultaneously, you must enroll one after the other.

For instance, if you have two enrollees and one registrar you must set up the first enrollee (by pressing the WPS button on the registrar and the first enrollee, for example), then check that it successfully enrolled, then set up the second device in the same way.

• WPS works only with other WPS-enabled devices. However, you can still add non-WPS devices to a network you already set up using WPS.

B222s User’s Guide

WPS works by automatically issuing a randomly-generated WPA-PSK or WPA2-PSK pre-shared key from the registrar device to the enrollee devices. Whether the network uses WPA-PSK or WPA2-PSK depends on the device. You can check the configuration interface of the registrar device to discover the key the network is using (if the device supports this feature). Then, you can enter the key into the non-WPS device and join the network as normal (the non-WPS device must also support WPA-PSK or WPA2-PSK).

Page 68

Chapter 5 Wireless

• When you use the PBC method, there is a short period (from the moment you press the button on one device to the moment you press the button on the other device) when any WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a possible way for a hacker to gain access to a network.

You can easily check to see if this has happened. WPS works between only two devices simultaneously , so if another device has enrolled your device will be unable to enroll, and will not have access to the network. If this happens, open the access point’s configuration interface and look at the list of associated clients (usually displayed by MAC address). It does not matter if the access point is the WPS registrar, the enrollee, or was not involved in the WPS handshake; a rogue device must still associate with the access point to gain access to the network. Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP.

B222s User’s Guide

Page 69

6.1 Overview

WAN

LAN

A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is usually located in one immediate area such as a building or floor of a building.

The LAN screens can help you configure a LAN DHCP server and manage IP addresses.

CHAPTER 6

Home Networking

6.1.1 What You Can Do in this Chapter

•Use the LAN Setup screen to set the LAN IP address, subnet mask, and DHCP settings (Section

6.2 on page 71).

•Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses (Section 6.3 on page 72).

•Use the UPnP screen to enable UPnP (Section 6.4 on page 73).

6.1.2 What You Need To Kn ow

The following terms and concepts may help as you read this chapter.

6.1.2.1 About LAN IP Address

Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. This is known as an Internet Protocol address.

B222s User’s Guide 69

Page 70

Chapter 6 Home Networking

Subnet Mask

The subnet mask specifies the network number portion of an IP address. Your LTE Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the LTE Device unless you are instructed to do otherwise.

DHCP

DHCP (Dynamic Host Configuration Protocol) allows clients to obtain TCP/IP configuration at startup from a server. This LTE Device has a built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.

DNS

DNS (Domain Name System) maps a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The DNS server addresses you enter when you set up DHCP are passed to the client machines along with the assigned IP address and subnet mask.

6.1.2.2 About UPnP How do I know if I'm using UPnP?

UPnP hardware is identified as an icon in the Network Connections folder (Windows XP). Each UPnP compatible device installed on your network will appear as a separate icon. Selecting the icon of a UPnP device will allow you to access the information and properties of that device.

Cautions with UPnP

The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configur ation may also be obtained and modified by users in some network environments.

When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the LTE Device allows multicast messages on the LAN only.

All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention.

B222s User’s Guide

Page 71

6.2 The LAN Setup Screen

Click Network Setting > Home Networking to open the LAN Setup screen. Use this screen to set the Local Area Network IP address and subnet mask of your LTE Device and configure the DNS server information that the LTE Device sends to the DHCP client devices on the LAN.

Figure 36 Network Setting > Home Networking > LAN Setup

Chapter 6 Home Networking

The following table describes the fields in this screen.

Table 19 Network Setting > Home Networking > LAN Setup

LABEL DESCRIPTION

LAN IP Setup IP Address Enter the LAN IP address you want to assign to your LTE Device in dotted decimal

IP Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example

DHCP Server State DHCP Select Enable to have your LTE Device assign IP addresses, an IP default gateway and

IP Addressing Values IP Pool Starting

Address Pool Size This field specifies the size, or count of the IP address pool. DNS Values

notation, for example, 192.168.1.1 (factory default).

255.255.255.0 (factory default). Your LTE Device automatically computes the subnet mask based on the IP address you enter, so do not change this field unless you are instructed to do so.

DNS servers to LAN computers and other devices that are DHCP clients. If you select Disable, you need to manually configure the IP addresses of the

computers and other devices on your LAN. When DHCP is used, the following fields need to be set.

This field specifies the first of the contiguous addresses in the IP address pool.

B222s User’s Guide

Page 72

Chapter 6 Home Networking

Table 19 Network Setting > Home Networking > LAN Setup (continued)

LABEL DESCRIPTION

DNS Server 1-3 Select From ISP if your ISP dynamically assigns DNS server information (and the LTE

Device's WAN IP address). Select DNS-Proxy if Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's

IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User- Defined changes to None after you click Apply.

Select None if you do not want to configure DNS servers. You must have another DHCP sever on your LAN, or else the computers must have their DNS server addresses manually configured. If you do not configure a DNS server, you must know the IP

address of a computer in order to access it. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings.

6.3 The Static DHCP Screen

This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses.

Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

6.3.1 Before You Begin

Find out the MAC addresses of your network devices if you intend to add them to the Static DHCP screen.

Use this screen to change your LTE Device’ s static DHCP settings. Click Network Setting > Home Networking > Static DHCP to open the following screen.

Figure 37 Network Setting > Home Networking > Static DHCP

The following table describes the labels in this screen.

Table 20 Network Setting > Home Networking > Static DHCP

LABEL DESCRIPTION

Add new static lease

# This is the index number of the entry. Status This field displays whether the client is connected to the LTE Device.

Click this to add a new static DHCP entry.

B222s User’s Guide

Page 73

Chapter 6 Home Networking

Table 20 Network Setting > Home Networking > Static DHCP (continued)

LABEL DESCRIPTION

Host Name This field displays the client host name. MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area Network) is

unique to your computer (six pairs of hexadecimal notation). A network interface card such as an Ethernet adapter has a hardwired address that is

assigned at the factory. This address follows an industry standard that ensures no other

adapter has a similar address. IP Address This field displays the IP address relative to the # field listed above. Reserve Select the check box in the heading row to automatically select all check boxes or select

Apply Click Apply to save your c hanges. Cancel Click Cancel to restore your previously saved settings. Refresh Click Refresh to reload the DHCP table.

the check box(es) in each entry to have the LTE Device always assign the selected

entry(ies)’s IP address(es) to the corresponding MAC address(es) (and host name(s)). You

can select up to 128 entries in this table.

If you click Add new static lease in the Static DHCP screen, the following screen displays.

Figure 38 Static DHCP: Add

The following table describes the labels in this screen.

Table 21 Static DHCP: Add

LABEL DESCRIPTION

MAC Address Enter the MAC address of a computer on your LAN. IP Address Enter the IP address that you want to assign to the computer on your LAN with

Apply Click Apply to save your changes. Back Click Back to exit this screen without saving.

the MAC address that you will also specify.

6.4 The UPnP Screen

Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.

See page 74 for more information on UPnP.

B222s User’s Guide

Page 74

Chapter 6 Home Networking

Use the following screen to configure the UPnP settings on your LTE Device. Click Network Setting > Home Networking > Static DHCP > UPnP to display the screen shown next.

Figure 39 Network Setting > Home Networking > UPnP

The following table describes the labels in this screen.

Table 22 Network Settings > Home Networking > UPnP

LABEL DESCRIPTION

UPnP Select Enable to activate UPnP. Be aware that anyone could use a UPnP application to open the

web configurator's login screen without entering the LTE Device's IP address (although you must still enter the password to access the web configurator).

Apply Click Apply to save your changes.

B222s User’s Guide

Page 75

7.1 Overview

WAN

LAN

The LTE Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the LTE Device send data to devices not reachable through the default gateway, use static routes.

For example, the next figure shows a computer (A) connected to the LTE Device’s LAN interface. The L TE Device routes most tr affic from A to the Internet through the LTE Device’s default gateway (R1). You create one static route to connect to services offered by your ISP behind router R2. You create another static route to communicate with a separate network behind a router R3 connected to the LAN.

Figure 40 Example of Static Routing Topology

CHAPTER 7

Routing

B222s User’s Guide 75

Page 76

Chapter 7 Routing

7.2 Configuring Static Route

Use this screen to view and configure IP static routes on the LTE Device. Click Network Setting > Static Route to open the following screen.

Figure 41 Network Setting > Static Route

The following table describes the labels in this screen.

Table 23 Network Setting > Static Route

LABEL DESCRIPTION

Add New Static Route

# This is the number of an individual static route. Active This indicates whether the rule is active or not.

Status This shows whether the static route is currently in use or not. A yellow bulb sign ifies that

Name This is the name that describes or identifies this route. Destination IP This parameter specifies the IP network address of the final destination. Routing is always

Gateway This is the IP address of the gateway. The gateway is a router or switch on the same

Subnet Mask This parameter specifies the IP network subnet mask of the final destination. Interface This indicates which interface handles the traffic forwarded by this route. Modify Click the Edit icon to go to the screen where you can set up a static route on the LTE

Click this to set up a new static route on the LTE Device.

A yellow bulb signifies that this static route is active. A gray bulb signifies that this static route is not active.

this static route is in use. A gray bulb signifies that this static route is not in use.

based on network number.

network segment as the device's LAN or WAN port. The gateway helps forward packets to their destinations.

Device. Click the Delete icon to remove a static route from the LTE Device.

B222s User’s Guide

Page 77

7.2.1 Add/Edit Static Route

Click add new Static Route in the Routing screen or click the Edit icon next to a rule. The following screen appears. Use this screen to configure the required information for a static route.

Figure 42 Routing: Add/Edit

Chapter 7 Routing

The following table describes the labels in this screen.

Table 24 Routing: Add/Edit

LABEL DESCRIPTION

Active Click this to activate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Destination IP

Address

IP Subnet Mask Enter the IP subnet mask here. Gateway IP

Address

Bound Interface You can decide if you want to forward packets to a gateway IP address or a bound

Apply Click Apply to save your cha n ges. Back Click Back to exit this screen without saving.

This parameter specifies the IP network addres s of the final des tination. Routing is always

based on network number. If you need to specify a route to a single host, use a subnet

mask of 255.255.255.255 in the subnet mask field to force the network number to be

identical to the host ID.

You can decide if you want to forward packets to a gateway IP address or a bound

interface.

If you want to configure Gateway IP Address, enter the IP address of the next-hop

gateway. The gateway is a router or switch on the same network segment as the device's

LAN or WAN port. The gateway helps forward packets to their destinations.

interface.

If you want to configure Bound Interface, select the check box and choose an interface

through which the traffic is sent.

B222s User’s Guide

Page 78

Chapter 7 Routing

B222s User’s Guide

Page 79

8.1 Overview

WAN

LAN

atm0.100

ppp1.123

DNS:10.10.23.7

DNS:168.92.5.1

sip.service.com

mail.example.com

(Default)

DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it.

In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list. You can configure a DNS static route to forward DNS queries for certain domain names through a specific WAN interface to its DNS server(s). The LTE Device uses a system DNS server (in the order you specify in the Broadband screen) to resolve domain names that do not match any DNS routing entry. After the LTE Device receives a DNS reply from a DNS server, it creates a new entry for the resolved IP address in the routing table.

In the following example, the DNS server 168.92.5.1 obtained from the WAN interface atm0.100 is set to be the system DNS server. The DNS server 10.10.23.7 is obtained from the WAN interface ppp1.123. You configure a DNS route for *example.com to have the LTE Device forward DNS requests for the domain name mail.example.com through the WAN interface ppp1.123 to the DNS server 10.10.23.7.

CHAPTER 8

DNS Route

Figure 43 Example of DNS Routing Topology

8.1.1 What You Can Do in this Chapter

The DNS Route screens let you view and configure DNS routes on the LTE Device (Section 8.2 on

page 80).

B222s User’s Guide 79

Page 80

Chapter 8 DNS Route

8.2 The DNS Route Screen

The DNS Route screens let you view and configure DNS routes on the LTE Device. Click Network Setting > DNS Route to open the DNS Route screen.

Figure 44 Network Setting > DNS Route

The following table describes the labels in this screen.

Table 25 Network Setting > DNS Route

LABEL DESCRIPTION

Add new DNS route

# This is the number of an individual DNS route. Status This shows whether the DNS route is currently in use or not.

Domain Name This is the domain name to which the DNS route applies. WAN Interface This is the WAN interface through which the matched DNS request is routed. Modify Click the Edit icon to configure a DNS route on the LTE Device.

Click this to create a new entry.

A yellow bulb signifies that this DNS route is in use. A gray bulb signifies that this DNS route is not in use.

Click the Delete icon to remove a DNS route from the LTE Device.

8.2.1 Add/Edit DNS Route Edit

Click Add new DNS route in the DNS Route screen or the Edit icon next to an existing DNS route. Use this screen to configure the required information for a DNS route.

Figure 45 DNS Route: Add/Edit

B222s User’s Guide

Page 81

Chapter 8 DNS Route

The following table describes the labels in this screen.

Table 26 DNS Route: Add/Edit

LABEL DESCRIPTION

Active Select this to activate this DNS route. Domain Name Enter the domain name you want to resolve.

You can use the wildcard character, an “*” (asterisk) as the left most part of a domain name, such as *.example.com. The LTE Device forwards DNS queries for any domain name ending in example.com to the WAN interface specified in this route.

WAN Interface Select a WAN interface through which the matched DNS query is sent. You must have the

WAN interface(s) already configured in the Broadband screen. Apply Click Apply to save your changes. Back Click Back to exit this screen without saving.

B222s User’s Guide

Page 82

Chapter 8 DNS Route

B222s User’s Guide

Page 83

9.1 Overview

This chapter discusses the LTE Device’s QoS screens. Use these screens to set up your LTE Device to use QoS for traffic management.

Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. QoS allows the LTE Device to group and prioritize application traffic and fine-tune network performance.

Without QoS, all traffic data is equally likely to be dropped when the network is congested. This can cause a reduction in network performance and make the network inadequate for time-critical application such as video-on-demand.

The LTE Device assigns each packet a priority and then queues the packet accordingly. Packets assigned a high priority are processed more quickly than those with low priority if there is congestion, allowing time-sensitive applications to flow more smoothly. Time-sensitive applications include both those that require a low level of latency (delay) and a low level of jitter (variations in delay) such as Internet gaming, and those for which jitter alone is a problem such as Internet radio or streaming video.

CHAPTER 9

Quality of Service (QoS)

Note: The LTE Device has built-in configurations for Voice over IP (IP). The Quality of

Service (QoS) feature does not affect VoIP traffic.

•See Section 9.6 on page 92 for advanced technical information on SIP.

9.1.1 What You Can Do in this Chapter

•Use the General screen to enable QoS, set the bandwidth, and allow the LTE Device to automatically assign priority to upstream traffic according to the IEEE 802.1p priority level, IP precedence or packet length (Section 9.2 on page 84).

•Use the Queue Setup screen to configure QoS queue assignment (Section 9.3 on page 86).

•Use the Class Setup screen to set up classifiers to sort traffic into different flows and assign priority and define actions to be performed for a classified traffic flow (Section 9.4 on page 87).

•Use the Monitor screen to view the LTE Device’s QoS-related packet statistics (Section 9.5 on

page 92).

9.1.2 What You Need to Know

The following terms and concepts may help as you read this chapter.

B222s User’s Guide 83

Page 84

Chapter 9 Quality of Service (QoS)

QoS versus Cos

QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given the same priority. CoS (class of service) is a way of managing traffic in a network by grouping similar types of traffic together and treating each type as a class. You can use CoS to give different priorities to different packet types.

CoS technologies include IEEE 802.1p layer 2 tagging and DiffServ (Differentiated Services or DS). IEEE 802.1p tagging makes use of three bits in the packet header, while DiffServ is a new protocol and defines a new DS field, which replaces the eight-bit ToS (Type of Service) field in the IP header.

Tagging and Marking

In a QoS class, you can configure whether to add or change the DSCP (DiffServ Code Point) value and IEEE 802.1p priority level in a matched packet. When the packet passes through a compatible network, the networking device, such as a backbone switch, can provide specific treatment or service based on the tag or marker.

9.2 The QoS General Screen

Use this screen to enable or disable QoS, set the bandwidth, and select to have the LTE Device automatically assign priority to upstream traffic according to the IEEE 802.1p priority level, IP precedence or packet length.

Click Network Setting > QoS to open the General screen.

Figure 46 Network Setting > QoS > General

B222s User’s Guide

Page 85

Chapter 9 Quality of Service (QoS)

The following table describes the labels in this screen.

Table 27 Network Setting > QoS > General

LABEL DESCRIPTION

Active QoS Select the ch eck box to turn on QoS to improve your network performance.

You can give priority to traffic that the LTE Device forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly. Similarly, give low priority to many large file downloads so that they do not reduce the quality of other applications.

WAN Managed Upstream Bandwidth

Traffic priority will be automatically assigned by

Active upstream hardware Queue if available

Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings.

Enter the amount of bandwidth for the WAN interface that you want to allocate using QoS.

The recommendation is to set this speed to match the interface’s actual transmission speed. For example, set the WAN interface speed to 1000 kbps if your Internet connection has an upstream transmission speed of 1 Mbps.

Setting this number higher than the interface’s actual transmission speed will stop lower priority traffic from being sent if higher priority traffic uses all of the actual bandwidth.

If you set this number lower than the interface’s actual transmissi on spe ed, the LTE Device will not use some of the interface’s available bandwidth.

Leave this field blank to have the LTE Device set this value automatically. These fields are ignored if upstream traffic matches a class you configured in the

Class Setup screen. If you select Ethernet Priority, IP Precedence or Packet Length and traffic

does not match a class configured in the Class Setup screen, the LTE Device assigns priority to unmatched traffic based on the IEEE 802.1p priority level, IP precedence or packet length.

See Section 9.6.1 on page 93 for more information. ??

B222s User’s Guide

Page 86

Chapter 9 Quality of Service (QoS)

9.3 The Queue Setup Screen

Use this screen to configure QoS queue assignment. Click Network Setting > QoS > Queue Setup to open the screen as shown next.

Figure 47 Network Setting > QoS > Queue Setup

The following table describes the labels in this screen.

Table 28 Network Setting > QoS > Queue Setup

LABEL DESCRIPTION

Add new Queue

# This is the index number of this entry. Status This indicates whether the queue is active or not.

Name This shows the descriptive name of this queue. Interface This shows the name of the LTE Device’s interface through which traffic in this

Priority This shows the priority of this queue. Weight This shows the weight of this queue. Buffer

Management Rate L imit

(kbps) Modify Click the Edit icon to edit the queue.

Click this to create a new entry.

A yellow bulb signifies that this queue is active. A gr ay bulb signifies that this queue is not active.

queue passes.

This shows the queue management algorithm used by the LTE Device.

This shows the maximum transmission rate allowed for traffic on this queue.

Click the Delete icon to delete an existing queue. Note that subsequent rules move up by one when you take this action.

B222s User’s Guide

Page 87

9.3.1 Add/Edit a QoS Queue

Use this screen to configure a queue. Click Add new queue in the Queue Setup screen or the Edit icon next to an existing queue.

Figure 48 Queue Setup: Add/Edit

The following table describes the labels in this screen.

Table 29 Queue Setup: Add/Edit

LABEL DESCRIPTION

Active Select to enable or disable this queue. Name Enter the descriptive name of this queue. Interface This shows the interface of this queue. Priority Select the priority level (from 1 to 7) of this queue.

The larger the number, the higher the priority level. Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network is congested.

Weight Select the weight (from 1 to 15) of this queue.

If two queues have the same priority level, the LTE Device divides the bandwidth across the queues according to their weights. Queues with larger weights get more

bandwidth than queues with smaller weights. Rate L imit Specify the maximum transmission rate (in Kbps) allowed for traffic on this queue. Apply Click Apply to save your changes. Back Click Back to return to the previous screen without saving.

Chapter 9 Quality of Service (QoS)

9.4 The Class Setup Screen

Use this screen to add, edit or delete QoS classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming interface. For example, you can configure a classifier to select traffic from the same protocol port (such as Telnet) to form a flow.

You can give different priorities to traffic that the LTE Device forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly . Similarly, give low priority to many large file downloads so that they do not reduce the quality of other applications.

B222s User’s Guide

Page 88

Chapter 9 Quality of Service (QoS)

Click Network Setting > QoS > Class Setup to open the following screen.

Figure 49 Network Setting > QoS > Class Setup

The following table describes the labels in this screen.

Table 30 Network Setting > QoS > Class Setup

LABEL DESCRIPTION

Add new Classifier Click this to create a new classifier. Order This field displays the order number of the classifier. Status This indicates whether the classifier is active or not.

Class Name This is the name of the classifier. Classification

Criteria

Forwar d to This is the interface through which traffic that matches this classifier is

DSCP Mark This is the DSCP number added to traffic of this classifier.

802.1p Mark This is the IEEE 802.1p priority level assigned to traffic of this classifier. To Queue This is the name of the queue in which traffic of this classifier is put. Modify Click the Edit icon to edit the classifier.

A yellow bulb signifies that this classifier is active. A gr ay bulb signifies that this classifier is not active.

This shows criteria specified in this classifier, for example the interface from which traffic of this class should come and the source MAC address of traffic that matches this classifier.

forwarded out.

Click the Delete icon to delete an existing classifier. Note that subsequent rules move up by one when you take this action.

B222s User’s Guide

Page 89

9.4.1 Add/Edit QoS Class

Click Add new Classifier in the Class Setup screen or the Edit icon next to an existing classifier to configure it.

Figure 50 Class Setup: Add/Edit

Chapter 9 Quality of Service (QoS)

The following table describes the labels in this screen.

Table 31 Class Setup: Add/Edit

LABEL DESCRIPTION

Class Configuration Active Select to enable this classifier. Class Name Enter a descriptive name of up to 32 printable English keyboard characters, including

Classification Order Select an existing number for where you want to put this classifier to move the classifier

B222s User’s Guide

spaces.

to the number you selected after clicking Apply. Select Last to put this rule in the back of the classifier list.

Page 90

Chapter 9 Quality of Service (QoS)

Table 31 Class Setup: Add/Edit (continued)

LABEL DESCRIPTION

Forwar d to Interface

DSCP Mark This field is available only when you select the Ether Type check box in Criteria

802.1p Mark Select a priority level with which the LTE Device replaces the IEEE 802.1p priority field in

To Queue Select a queue that applies to this class.

Criteria Configuration Use the following fields to configure the criteria for traffic classification.

Basic From Interface Select whether the traffic class comes from the LAN or a wireless interface. Ether Type Select a predefined application to configure a class for the matched traffic.

Source

MAC Address Select the check box and enter the source MAC address of the packet. MAC Mask Type the mask for the specified MAC address to determine which bits a packet’s MAC

IP Address Select the check box and enter the source IP address in dotted decimal notation. A

IP Subnet Mask Enter the source subnet mask. Port Range If you select TCP or UDP in the IP Protocol field, select the check box and enter the

Exclude Select this option to exclude the packets that match the specified criteria from this

Destination

MAC Address Select the check box and enter the destination MAC address of the packet. MAC Mask Type the mask for the specified MAC address to determine which bits a packet’s MAC

Select a WAN interface through which traffic of this class will be forwarded out. If you select Unchange, the LTE Device forward traffic of this class according to the default routing table.

Configuration-Basic section. If you select Mark, enter a DSCP value with which the LTE Device replaces the DSCP

field in the packets. If you select Unchange, the LTE Device keep the DSCP field in the packets.

the packets. If you select Unchange, the LTE Device keep the 802.1p priority field in the packets.

You should have configured a queue in the Queue Setup screen already.

If you select IP, you also need to configure source or destination MAC address, IP address, DHCP options, DSCP value or the protocol type.

If you select 8021Q, you can configure an 802.1p priority level in the Others section.

address should match. Enter “f” for each bit of the specified source MAC address that the traffic’s MAC address

should match. Enter “0“ for the bit(s) of the matched traffic’s MAC address, which can be of any hexadecimal character(s). For example, if you set the MAC address to 00:13:49:00:00:00 and the mask to ff:ff:ff:00:00:00, a packet with a MAC address of 00:13:49:12:34:56 ma tches this criteria.

blank source IP address means any source IP address.

port number(s) of the source.

classifier.

address should match.

Enter “f” for each bit of the specified source MAC address that the traffic’s MAC address should match. Enter “0“ for the bit(s) of the matched traffic’s MAC address, which can be of any hexadecimal character(s). For example, if you set the MAC address to 00:13:49:00:00:00 and the mask to ff:ff:ff:00:00:00, a packet with a MAC address of 00:13:49:12:34:56 ma tches this criteria.

B222s User’s Guide

Page 91

Chapter 9 Quality of Service (QoS)

Table 31 Class Setup: Add/Edit (continued)

LABEL DESCRIPTION

IP Address Select the check box and enter the destination IP address in dotted decimal notation. A

blank source IP address means any source IP address. IP Subnet Mask Enter the destination subnet mask. Port Range If you select TCP or UDP in the IP Protocol field, select the check box and enter the

port number(s) of the source. Exclude Select this option to exclude the packets that match the specified criteria from this

Others

802.1p This field is available only when you select 802.1Q in the Ether Type field.

IP Protocol This field is available only when you select IP in the Ether Type field.

IP Packet Length

DSCP This field is available only when you select IP in the Ether Type field.

TCP ACK This field is available only when you select IP in the Ether Type field.

DHCP This field is available only when you select IP in the Ether Type field, and UDP in the

classifier.

Select this option and select a priority level (between 0 and 7) from the drop down list

box."0" is the lowest priority level and "7" is the highest.

Select this option and select the protocol (service type) from TCP or UDP. If you select

User defined, enter the protocol (service type) number.

This field is available only when you select IP in the Ether Type field.

Select this option and enter the minimum and maximum packet length (from 46 to

1504) in the fields provided.

Select this option and specify a DSCP (DiffServ Code Point) number between 0 and 63 in

the field provided.

If you select this option, the matche d T CP pack ets must c ontain th e ACK (Acknowle dge)

flag.

IP Protocol field.

Select this option and select a DHCP option.

If you select Vendor Class ID (DHCP Option 60), enter the Class ID of the matched

traffic, such as the type of the hardware or firmware.

If you select ClientID (DHCP Option 61), enter the Type of the matched traffic and

Client ID of the DHCP client.

If you select User Class ID (DHCP Option 77), enter the User Class Data, which is a

string that identifies the user’s category or application type in the matched DHCP

packets.

If you select VendorSpecificIntro (DHCP Option 125), enter the Enterprise

Number of the software of the matched traffic and Vendor Class Data used by all the

DHCP clients. Service Select the service classification of the traffic. Exclude Select this option to exclude the packets that match the specified criteria from this

classifier.

Apply Click Apply to save your changes. Back Click Back to return to the previous screen without saving.

B222s User’s Guide

Page 92

Chapter 9 Quality of Service (QoS)

9.5 The QoS Monitor Screen

To view the LTE Device’s QoS packet statistics, click Network Setting > QoS > Monitor. The screen appears as shown.

Figure 51 Network Setting > QoS > Monitor

The following table describes the labels in this screen.

Table 32 Network Setting > QoS > Monitor

LABEL DESCRIPTION

Monitor Refresh Interval Select how often you want the LTE Device to update this screen. Select No

Refresh to stop refreshing statistics.

Status # This is the index number of the entry. Name This shows the name of the WAN interface on the LTE Device. Pass Rate (bps) This shows how much traffic (bps) forwarded to this interface are transmitted

successfully.

Queue Monitor # This is the index number of the entry. Name This shows the name of the queue. Pass Rate (bps) This shows how much traffic (bps) assigned to this queue are transmitted

successfully.

Drop Rate (bps) This shows how much traffic (bps) assigned to this queue are dropped.

9.6 QoS Technical Reference

This section provides some technical background information about the topics covered in this chapter.

B222s User’s Guide

Page 93

9.6.1 IEEE 802.1p

IEEE 802.1p specifies the user priority field and defines up to eight separate traffic types. The following table describes the traffic types defined in the IEEE 802.1d standard (which incorporates the 802.1p).

Table 33 IEEE 802.1p Priority Level and Traffic Type

PRIORITY LEVEL

Level 7 Typically used for network control traffic such as router configuration messages. Level 6 Typically used for voice traffic that is especially sensitive to jit ter (jitter is the

Level 5 Typically used for video that consumes high bandwidth and is sensitive to jitter. Level 4 Typically used for controlled load, latency-sensitive traffic such as SNA (Systems

Level 3 Typically used for “excellent effort” or better than best effort and would include

Level 2 This is for “spare bandwidth”. Level 1 This is typically used for non-critical “background” traffic such as bulk transfers that

Level 0 Typically used for best-effort traffic.

Chapter 9 Quality of Service (QoS)

TRAFFIC TYPE

variations in delay).

Network Architecture) transactions.

important business traffic that can tolerate some delay.

are allowed but that should not affect other applications and users.

9.6.2 IP Precedence

Similar to IEEE 802.1p prioritization at layer-2, you can use IP precedence to prioritize packets in a layer-3 network. IP precedence uses three bits of the eight-bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest.

9.6.3 DiffServ

QoS is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.

DiffServ (Differentiated Services) is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired. This allows the intermediary DiffServ-compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow. In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going.

DSCP and Per-Hop Behavior

DiffServ defines a new DS (Differentiated Services) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels. The following figure illustrates the DS field.

B222s User’s Guide

Page 94

Chapter 9 Quality of Service (QoS)

DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping.

DSCP (6 bits) Unused (2 bits)

The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies.

B222s User’s Guide

Page 95

CHAPTER 10

Network Address Translation (NAT)

10.1 Overview

NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.

10.1.1 What You Can Do in this Chapter

•Use the Port Forwarding screen to configure forward incoming service requests to the server(s) on your local network (Section 10.2 on page 96).

•Use the DMZ screen to vieiw and configure the IP address of your network DMZ. (Section 10.3

on page 99).

•Use the Sessions screen to limit the number of concurrent NAT sessions each client can use (Section 10.4 on page 99).

10.1.2 What You Need To Know

The following terms and concepts may help as you read this chapter.

Inside/Outside and Global/Local

Inside/outside denotes where a host is located relative to the LTE Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.

Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.

NAT

In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.

B222s User’s Guide 95

Page 96

Chapter 10 Network Address Translation (NAT)

A=10.0.0.33

D=10.0.0.36

C=10.0.0.35

B=10.0.0.34

WAN

LAN

10.0.0.1 IP Address assigned by ISP

Port Forwarding

A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.

Finding Out More

See Section 10.5 on page 100 for advanced technical information on NAT.

10.2 The Port Forwarding Screen

Use the Port Forwarding screen to forward incoming service requests to the server(s) on your local network.

You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. You can allocate a serv er IP address that corresponds to a port or a range of ports.

The most often used port numbers and services are shown in Appendix E on page 249. Pl ease refer to RFC 1700 for further information about port numbers.

Note: Many residential broadband ISP accounts do not allow you to run any server

processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to your IS P.

Configuring Servers Behind Port Forwarding (Example)

Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 10.0.0.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet.

Figure 52 Multiple Servers Behind NAT Example

B222s User’s Guide

Page 97

10.2.1 The Port Forwarding Screen

Click Network Setting > NAT to open the Port Forwarding screen.

See Appendix E on page 249 for port numbers commonly used for particular services.

Figure 53 Network Setting > NAT > Port Forwarding

The following table describes the fields in this screen.

Table 34 Network Setting > NAT > Port Forwarding

LABEL DESCRIPTION

Add new rule Click this to add a new port forwarding rule. # This is the index number of the entry. Status This field indicates whether the rule is active or not.

A yellow bulb signifies that this rule is active. A gray bulb signifies that this rule is not active.

Service Name This is the service’s name. This shows User Defined if you manually added a service. Y ou

can change this by clicking the edit icon. WAN Interface This shows the WAN interface through which the servic e is forwarded. Start Port This is the first external port number that identifies a service. End Port This is the last external port number that identifies a service. Translation Start

Port Translation End

Port Server IP Address This is the server’s IP address. Protocol This shows the IP protocol supported by this virtual server, whether it is TCP, UDP, or

Modify Click the Edit icon to edit the port forwarding rule.

Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings.

This is the first internal port number that identifies a service.

This is the last internal port number that identifies a service.

TCP/UDP.

Click the Delete icon to delete an existing port forwarding rule. Note that subsequent

address mapping rules move up by one when you take this action.

Chapter 10 Network Address Translation (NAT)

B222s User’s Guide

Page 98

Chapter 10 Network Address Translation (NAT)

10.2.2 The Port Forwarding Edit Screen

This screen lets you create or edit a port forwarding rule. Click Add new rule in the Port Forwarding screen or the Edit icon next to an existing rule to open the following screen.

Figure 54 Port Forwarding: Add/Edit

The following table describes the labels in this screen.

Table 35 Port Forwarding: Add/Edit

LABEL DESCRIPTION

Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on). WAN Interface Select the WAN interface through which the service is forwarded. Start Port Enter the original destination port for the packets.

To forward only one port, enter the port number again in the External End Port field. To forward a series of ports, enter the start port number here and the end port number in

the External End Port field.

End Port Enter the last port of the original destination port range.

To forward only one port, enter the port number in the External Start Port field above and then enter it again in this field.

To forward a series of ports, enter the last port number in a series that begins with the port number in the External Start Port field above.

T r anslation Start Port

Translation End Port

Server IP Address

Protocol Type Apply Click Apply to save your chang es. Back Click Back to return to the previous screen without saving.

This shows the port number to which you want the LTE Device to translate the incoming port. For a range of ports, enter the first number of the range to which you want the incoming ports translated.

This shows the last port of the translated port range.

Enter the inside IP address of the virtual server here.

Select the protocol supported by this virtual server. Choices are TCP, UDP, or TCP/UDP.

B222s User’s Guide

Page 99

10.3 The DMZ Screen

Use this page to set the IP address of your network DMZ (if you have one) for the LTE Device. All incoming packets received by this LTE Device’s WAN interface will be forwarded to the default server you set.

Click Network Setting > NAT > DMZ to display the following screen.

Note: The configuration you set in this screen takes priority t han the Network Setting >

NAT > Port Forwarding screen.

Figure 55 Network Setting > NAT > DMZ

The following table describes the fields in this screen.

Chapter 10 Network Address Translation (NAT)

Table 36 Network Setting > NAT > DMZ

LABEL DESCRIPTION

Default Server Address

Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings.

Enter the IP address of y our net work DMZ hos t, i f y o u ha v e one. 0.0.0.0 means this feature is disabled.

10.4 The Sessions Screen

Use the Sessions screen to limit the number of concurrent NAT sessions each client can use.

Click Network Setting > NAT > Sessions to display the following screen.

Figure 56 Network Setting > NAT > Sessions

B222s User’s Guide

Page 100

Chapter 10 Network Address Translation (NAT)

The following table describes the fields in this screen.

Table 37 Network Setting > NAT > Sessions

LABEL DESCRIPTION

MAX NAT Session Use this field to set a common limit to the number of concurrent NAT sessions

Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings.

each client computer can have. If only a few clients use peer to peer applications, you can raise this number to

improve their performance. With heavy peer to peer application use, lower this number to ensure no single client uses too many of the available NAT sessions.

10.5 Technical Reference

This section provides some technical background information about the topics covered in this chapter.

10.5.1 NAT Definitions

Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside host when the packet is on the WAN side. The following table summarizes this information.

Table 38 NAT Definitions

ITEM DESCRIPTION

Inside This refers to the host on the LAN. Outside This refers to the host on the WAN. Local This refers to the packet address (source or destination) as the packet travels on the

LAN.

Global This refers to the packet address (source or destination) as the packet travels on the

WAN.

100

NAT never changes the IP address (either local or global) of an outside host.

B222s User’s Guide