IPv4: Internet Protocol version 4, which is the first widely
used protocol version and is at the core of standards-based
Internet technology.
AppleTalk: A proprietary suite of protocols developed by
Apple Inc. to provide communication services for Apple
computers, such as file transfer, printing, email, and other
network services.
IPX: Internet Packet Exchange (IPX) protocol stack, which is
supported by Novell's NetWare operating system.
NetBEUI: Network Basic Input/Output System (NetBIOS)
Extended User Interface, which is a non-routable protocol
developed for the IBM to transfer NetBIOS messages.
IGMP: Internet Group Management Protocol, which is used by
hosts and neighboring routers on IP networks to establish
multicast group memberships.
Destination MAC
Address
Indicates the destination MAC address. For example, value
00:01:6C:4C:58:FE indicates that the ADSL port filters data
frames whose destination MAC addresses are
00:01:6C:4C:58:FE. If this parameter is left blank, the ADSL port
filters the destination MAC addresses for all data frames.
Source MAC Address
Indicates the source MAC address. For example, value
90:FB:A6:14:9E:5A indicates that the ADSL port filters data
frames whose source MAC addresses are 90:FB:A6:14:9E:5A. If
this parameter is left blank, the ADSL port filters the source MAC
addresses for all data frames.
Frame Direction
Indicates the direction in which a data frame is transmitted. The
options are as follows:
LAN<=>WAN: The ADSL port filters the MAC addresses for
data frames that are transmitted mutually between the LAN
and WAN ports.
WAN=>LAN: The ADSL port filters the MAC addresses for
data frames that are transmitted from the WAN ports to the
LAN ports.
LAN=>WAN: The ADSL port filters the MAC addresses for
data frames that are transmitted from the LAN ports to the
WAN ports.
Value BOTH indicates that the ADSL port filters the MAC addresses for data frames
that are transmitted from the LAN port to the WAN port and from the WAN port to the
LAN port.
7.6.5 URL Filter
Description
----End
Using the URL filtering feature, an enterprise or a family can prevent its members from
visiting certain websites.
Principle
At present, contents at many websites are illegal or improper because they are not effectively
supervised or restricted. Therefore, more and more enterprises use the URL access control
function to ensure information security and restrict URL access.
As shown in Figure 7-261, URL filtering is used to:
Control access to websites containing content including pornography, terrorism, violence,
gambling, or illegal information.
Shield phishing websites to protect employees' privacy.
Shield malicious websites to protect the enterprise's private network from attack.
Provide customized services for enterprises, for example, allow employees to access
specified websites.
Step 6 Enter the URL to be filtered (a compete URL or keywords) and the port number. The default
port number is 80.
Step 7 Click to save the settings.
Figure 7-265 shows the configuration result.
Figure 7-265 Configuring the URL filter (4)
----End
7.6.6 Virtual Server
After configuring the virtual server, users can access to servers in the private network, and
enable services, such as web browsing and FTP download.
Description
A virtual server functions as a public server in the private network. Users in the external
network can use services that the virtual server provides (such as web and FTP download
services) after accessing the external address obtained from the EGW1520. Figure 7-266
shows the typical network.
Indicates the service that is provided by the virtual server, such as
the web, mail, and FTP services. The service must be enabled on
the internal server(Multiple services can be enabled on a server in
the internal network).
Custom Service
Allows you to define a service different from options in the Select a Service drop-down list box. The service that you define must be
enabled on the internal server.
Virtual Server IP
Address
Indicates the IP address of the internal server, for example,
192.168.1.5.
External Port Start
Indicates the start and end port numbers that the virtual server
provides for external users. External users can use the port
numbers between the start and end port numbers to access the
virtual server. You are advised to use the default value.
External Port End
Protocol
Indicates the transfer protocol used by the virtual server, for
example, TCP for the web server.
Type
Indicates the port count used by the internal server.
Range: The internal server uses multiple ports. Port numbers
on the internal server must be the same as those provided by
the virtual server for external access, and you cannot change
them.
Internal Port Start
Indicates the start and end port numbers that the internal server
provides for external users, which must be the same as the start
and end port numbers that the virtual server provides for external
users.
Internal Port End
Step 5 Click to save the settings.
Figure 7-269 shows the configuration result.
Figure 7-269 Configuring a virtual server (3)
After the configuration is successful, external users can access the internal server through the
EGW1520 WAN port or the ADSL IP address and port number.
----End
Typical Configuration Example
Network Requirements
Users access the Internet through EGW1520 and want to configure a web server and an FTP
server on the private network to provide web and FTP download services for external users.
The network requirements are as follows:
Connect EGW1520 to the Internet through the WAN port whose IP address is 11.11.11.1.
Configure a web server and an FTP server on the private network, whose IP addresses
are 192.168.1.8 and 192.168.1.5 respectively.
After the configuration is complete, external systems can access the internal web server
and FTP server.
Figure 7-270 shows the typical network diagram of the virtual server.
Figure 7-270 Typical network
Procedure
For details on how to configure the web and FTP servers, see the relevant documents.
For details on how to add a virtual server, see Adding a virtual server.
1. Configure the web server software on the server whose IP address is 192.168.1.8 and
enable the port number 80. Configure the FTP server software on the server whose IP
address is 192.168.1.5 and enable the port number 21.
For details, see the related user guide.
2. On the web management system, add a virtual server.
Figure 7-271 shows the configuration result.
Figure 7-271 Configuration result
Verification
If an external user enters http://11.11.11.1 in the address box of the Internet Explorer and
accesses the web server successfully, the web server is configured successfully.
Otherwise, verify the configurations of the web server software and the EGW1520
virtual server.
If an external user enters ftp://11.11.11.1 in the address box of the Internet Explorer and
accesses the FTP server successfully, the FTP server is configured successfully.
Otherwise, verify the configurations of the FTP server software and the EGW1520
virtual server.
An external user must use the IP address that EGW1520 provides for external users (WAN
port IP address 11.11.11.1 in this example) to access the internal server.
A virtual server enables external users to access internal servers on the private network. When
multiple services are running on internal servers, several virtual servers must be configured.
This makes the configuration complicated. To simplify the configuration, configure only the
IP addresses for internal servers in the Demilitarized Zone (DMZ). External users can access
only the internal servers (such as the WWW and FTP servers) in the DMZ but cannot use the
other internal resources. This protects the internal network against illegal access.
The DMZ is deployed between a public network and an enterprise's private network. Some
public servers (such as the web server and FTP server) are deployed in the DMZ, as shown in
Figure 7-272. The EGW1520 forwards all access requests from the public network (excluding
those meeting NAT requirements) to the DMZ. This protects the internal network.
Figure 7-272 DMZ implementation
The following uses a web server in the DMZ as an example to describe the DMZ
implementation.
1. After receiving external HTTP packets, the EGW1520 checks the packets. If the packets
do not meet NAT requirement, EGW1520 forwards the packets to the DMZ.
2. EGW1520 converts the destination address of request packets to the DMZ web server's
preset IP address, and sends the packets to the DMZ web server.
3. After receiving the request packets, the web server sends response packets to the
computer on the public network. Then NAT is performed.
You have logged in to the web management system. For details, see 7.7.1 Web
Management.
You have connected to the upstream network and the NAT function has been enabled.
For details on how to connect to the upstream network, see 7.2 Connection Modes.
Procedure
Step 1 On the web management system, choose Network > Security from the navigation tree.
Step 2 Click the DMZ Host tab.
The page shown in Figure 7-273 is displayed.
Figure 7-273 Configuring the DMZ (1)
Step 3 Enter the DMZ host IP address, for example, 192.168.1.5.
Networking Requirements
Assume that a user who uses the EGW1520 to connect to the Internet wants to deploy a web
server and an FTP server on the intranet to provide website services and FTP resource
download services for users on the external network. The network requirements are as
follows:
Typical Network
Figure 7-275 shows the typical network.
Figure 7-275 DMZ typical network
The EGW1520 uses a WAN port to connect to the Internet. The IP address of the WAN
port is 11.11.11.1.
Deploy a web server and an FTP server on the same computer on the EGW1520's
intranet. The IP address is 192.168.1.5.
Configure the DMZ to enable users on the external network to access the web server and
FTP server.
Configuration Procedure
For details on how to configure the web and FTP servers, see the relevant documents.
For details on how to configure the DMZ, see Configuration.
1. On the computer whose IP address is 192.168.1.5, configure the web server and the FTP
server.
For details, see the related user guide.
2. Configure the DMZ on the web management system.
Start the Internet Explorer and enter http://11.11.11.1 in the address box as a user on the
external network. If the web server is connected, the configuration is successful. If the
web server is not connected, check the IP address setting of the DMZ host on the web
server and EGW1520.
Start the Internet Explorer and enter ftp://11.11.11.1 in the address box as a user on the
external network. If the FTP server is connected, the configuration is successful. If the
FTP server is not connected, check the IP address setting of the DMZ host on the FTP
server and EGW1520.
An external user must use EGW1520 external IP address (in this topic, it is the IP address of
the WAN port 11.11.11.1) to access internal servers.
7.6.8 Remote Login
This topic describes how to remotely configure and maintain the EGW1520 by connecting to
uplink ports (WAN, ADSL, or 3G port).
The EGW1520 provides a public IP address for remote maintenance.
Enabling Remote Login
Step 1 On the web management system, choose Network > Security from the navigation tree.
Step 2 Click the Remote login tab.
Step 2Enter the user name (initial user name is admin) and password (initial password is
Admin@123) and click .
----End
7.7 Operations and Maintenance
The EGW1520 can be managed on web pages or in TR-069 mode.
7.7.1 Web Management
The web management system allows users to set parameters, detect faults, and upgrade
devices.
The EGW1520 also supports remote login, from which you can remotely configure and maintain the
EGW1520. For details about how to remotely log in to the EGW1520, see 7.6.8 Remote Login.
Prerequisite
Before logging in to the web management system, ensure that the configuration environment
is ready.
1. Prepare a PC (maintenance terminal).
The PC must meet the following requirements:
− Has the Ethernet adapter installed, supporting TCP/IP.
− Has Windows XP or later operating system installed.
− Has Microsoft Internet Explorer 6.0 or later version without configuring the proxy
server.
− Supports the resolution 1024 x 768 or above.
2. The console cables have been connected.
You can connect cables by using either of the following methods according to the
network:
− Use the straight-through cable to connect the EGW1520 LAN port to the PC network
port.
− Use the straight-through cable to connect the EGW1520 LAN port to the PC network
port through the switch or hub.
3. The PC IP address has been set.
The IP addresses of the PC and EGW1520 must be on the same network segment. For
example, if IP address of the EGW1520 is 192.168.1.1 (default value), the PC IP address
can be set to 192.168.1.x, where x ranges from 2 to 254.
By default, DHCP is enabled on an EGW1520. The PC can use the automatic mode to obtain
the IP address.
Background
Procedure
Step 1 Log in to the EGW1520 using Internet Explorer 6.0 or later. The default URL is
Users can access the web management system in the following two modes:
HTTPS
The web browser interacts with the EGW1520 using HTTPS, which ensures user
information security.
HTTP
The web browser interacts with the EGW1520 using HTTP.
Only HTTPS access mode is enabled on EGW1520 by default. The HTTP access mode can be
enabled on the page for configuring the LAN. For details, see Configuring the LAN.
HTTP transmits plain text. Use HTTP to perform web management only in trusted networks.
If only the HTTPS mode is enabled, the system switches to the HTTPS mode automatically when
you access the EGW1520 in HTTP mode.
https://192.168.1.1.
The page shown in Figure 7-281 is displayed.
Figure 7-281 Logging in to the web management system (1)
The default IP address of the EGW1520, login user name, and password can be obtained from the
label at the bottom of the EGW1520.
After logging in to the web management system, you can change IP address of the EGW1520. For
details, see Configuring the LAN.
Step 2 Enter the user name and password, and click Log In.
Administrator: The user name is admin and the password is Admin@123.
Common user: Both the initial user name and password are the internal number of a
common user.
Choose Management > Password to change the password after the initial login.
Make a note of your password and keep it in a safe place. Do not share your password
with anyone. If you forget your password, press and hold the RESET button on EGW1520
for more than six seconds, and log in to the web management system using the default
password Admin@123. The configuration is restored to factory settings.
If you fail to log in to the web management system for 5 consecutive times in 10 minutes,
the system locks your PC IP address for 30 minutes.
If you do not perform any operation in 10 minutes after logging in to the web management
system, the login times out and the system requires re-login to ensure security.
The Technical Report 069 (TR-069) is a DSL forum (which was later renamed as broadband
forum) technical specification entitled CPE WAN Management Protocol (CWMP). It defines
an application layer protocol for remote management of end-user devices.
This topic describes the principle, implementation, specification, and limitation of the
TR-069.
The Technical Report 069 (TR-069) is a DSL forum (which was later renamed as broadband
forum) technical specification entitled CPE WAN Management Protocol (CWMP). It defines
an application layer protocol for remote management of end-user devices. As a bidirectional
SOAP/HTTP-based protocol, it provides the communication between customer premises
equipment (CPE) and Auto Configuration Servers (ACS). It includes both a safe auto
configuration and the control of other CPE management functions within an integrated
framework.
Customer premises equipment, such as gateways and set top boxes (STBs) are scattered on
the user side. Maintenance personnel need to provide on-site services when configuration
modification or troubleshooting is required, which increases management difficulty. TR-069
enables you to manage and maintain user's devices remotely on the network side. Details
about the functions that TR-069 provides are as follows:
Implementation
As a CPE, EGW1520 supports TR-069, Figure 7-282 shows TR-069 network.
Configuration management
Installs CPE without configurations and modifies parameter settings remotely.
Version management
Manages CPE software and firmware, for example, download the software version, and
back up and restore the configuration file.
Remote monitoring
Monitors the CPE status and performance, and queries the CPE status.
GUI-based management
Manages NEs on the EMS in GUI mode.
Alarm management
Reports alarms to the EMS and instructs the EMS to delete an alarm in time once the
EGW1520 uses the ADSL port or WAN port to connect to ACS. The preceding figure uses the
ADSL port as an example.
Specification
TR-069
TR-098
TR-104
Limitation
N/A
Setting TR-069 Parameters on the ACS
This topic describes how to set TR-069 parameters on the ACS.
TR-069 Connection Parameters
For details about configurations on the ACS, see the related ACS configuration guide. This
topic only lists TR-069 parameters for the ACS to connect to EGW1520, as shown in Table
Indicates the ACS URL. For example, http://www.acs.com.
ACS User Name
Indicates the user name for the ACS to authenticate the
TR-069 client, which must be the same as the user name on
the ACS.
ACS Password
Indicates the password for the ACS to authenticate the
TR-069 client, which must be the same as the user name on
the ACS.
Connection Request User
Name
Indicates the user name for the TR-069 client to authenticate
the ACS, which must be the same as the user name on the
TR-069 client.
Connection Request
Password
Indicates the password for the TR-069 client to authenticate
the ACS, which must be the same as the user name on the
TR-069 client.
Connection Request URL
Indicates the URL of the TR-069 client. For example,
http://192.168.1.1:8081/CPE. 192.168.1.1 is the IP address of
the EGW1520 local area network (LAN) gateway.
Setting TR-069 Parameters on the CPE
This topic describes how to set TR-069 parameters on the EGW1520.
Prerequisites
You have logged in to the web management system. For details, see 7.7.1 Web Management.
Procedure
Step 1 On the web management system, choose Management > TR-069 Client from the navigation
tree.
The page shown in Figure 7-283 is displayed.
Initiates the session to the ACS manually by clicking
Trigger.
Inform
Indicates whether to initiate a session to the ACS
periodically.
Inform Interval(Sec)
Indicates the interval to initiate a session to the ACS, in
seconds. The default value is 1800.
Result
Step 3 Click to save the settings.
----End
After the EGW1520 is connected to the ACS by using TR-069, use ACS to configure and
manage the EGW1520. TR-069 parameters reference lists parameters in the TR-069 data
model.
This topic describes diagnosis modes for the EGW1520.
8.1 Enabling the Debug Log
This topic describes how to enable the debug log for each process. The system can generate
the debug logs for different processes.
8 Diagnosis Mode
8.2 Configuring Traffic Mirroring
This section describes how to configure traffic mirroring to capture packets. Traffic mirroring
allows you to use a packet capture tool on the mirroring port to obtain information about
packets entering or leaving the monitored port.
8.3 Downloading Black Box Files
This topic describes how to download black box files.
8.4 Pinging IP Addresses
This topic describes how to ping an IP address. Using the ping function, you can ping the peer
device of the EGW1520 to check the connection between them.
8.1 Enabling the Debug Log
This topic describes how to enable the debug log for each process. The system can generate
the debug logs for different processes.
Large amounts of logs are generated during the EGW1520 running process.
By default, the system does not generate the debug logs. To generate the debug logs, enable
the debug log and log generation function, set the log level to debug, and configure the log
saving mode. For details, see 9.4 Managing System Logs.
Procedure
Step 1 On the web management system, choose Diagnose > Debug Logs from the navigation tree.
Figure 8-1 Enabling the debug logs for each module
Parameter
Description
Output
debug-level
log in start-up
process
Debug logs are generated when the system starts. For example, when you
want to debug the system during system startup, enable this function.
Voice services
Debug logs for voice services are generated. For example, when the
synchronization server cannot synchronize service data, enable this
function.
Network
services
Debug logs for network services are generated. For example, when you
want to view the IP address obtained by EGW1520 that functions as a
client, enable this function.
System
management
Debug logs for system management are generated. For example, when
you want to view message sending and receiving information in the
system, enable this function.
Configuration
management
Debug logs for configuration management are generated. For example,
when you want to monitor network time synchronization, enable this
function.
Step 2 Enable the debug logs for modules according to Table 8-1.
IN: Only the packets that the EGW1520 receives on the monitored
port are monitored.
OUT: Only the packets that the EGW1520 sends from the monitored
port are monitored.
BOTH: The packets that the monitored port receives and sends out are
monitored.
Mirroring port
Port that captures packets from the monitored port. As shown in Figure
This section describes how to configure traffic mirroring to capture packets. Traffic mirroring
allows you to use a packet capture tool on the mirroring port to obtain information about
packets entering or leaving the monitored port.
Procedure
Step 1 On the web management system, choose Diagnose > Packet Mirroring from the navigation
To delete a black box file, select the file and click .
----End
8.4 Pinging IP Addresses
This topic describes how to ping an IP address. Using the ping function, you can ping the peer
device of the EGW1520 to check the connection between them.
Procedure
Step 1 On the web management system, choose Diagnose > Ping Diagnose from the navigation tree.
The page shown in Figure 8-4 is displayed.
Figure 8-4 IPPing Diagnose page
Step 2 Select Bind Interface.
Step 3 Set parameters according to Table 8-3.
This topic describes how to manage and maintain the EGW1520 in different modes.
9.1 Configuring the System Time
This topic describes how to configure the system time manually and how to synchronize the
NTP server time.
9 System Management
9.2 Managing the Configuration File
This topic describes how to back up and load the configuration file.
9.3 Restoring Factory Settings
This topic describes how to restore factory settings.
9.4 Managing System Logs
This topic describes how to manage system logs.
9.5 Viewing Alarms
This topic describes how to view alarms. You can analyze the exceptions occur during system
running according to the alarms.
9.6 Viewing Security Logs
This topic describes how to view security logs to query the recent operations.
9.7 Viewing Electronic Labels
You can learn about the device information based on its electronic label.
9.8 Downloading Call Records
This topic describes how to back up call records on the local computer.
9.9 One-Click Download
This topic describes how to use the one-click download function to collect system information.
If the system is faulty, you can download system information and send it to the maintenance
personnel for fault location.
This topic describes how to change the password for logging in to the EGW1520.
9.11 Upgrading Host Software
This topic describes how to upgrade host software.
9.12 Uploading Voice Files
This topic describes how to upload voice files.
9.13 Restarting the EGW1520
This topic describes how to restart the EGW1520.
9.1 Configuring the System Time
This topic describes how to configure the system time manually and how to synchronize the
NTP server time.
The EGW1520 requires correct time to report alarms, trace malicious calls, and generate logs.
The EGW1520 allows you to configure the system time in either of the following modes:
Configure time manually on the local computer. For details, see Configuring Local Time.
− Sets system time on the web management system.
− Supports setting time zones and daylight saving time (DST).
Synchronize time automatically by using the NTP server. For details, see Configuring
NTP Time.
NTP functions at the application layer. Based on the IP and the User Datagram Format
(UDP), the NTP is used to synchronize the time between distributed time servers and
clients. As the EGW1520 supports the NTP protocol, it can function as an NTP client to
synchronize time with the NTP server.
Configuring Local Time
Step 1 On the web management system, choose Management > Date & Time from the navigation
Check whether the NTP server time is the same as the EGW1520 time on the Date & Time
tab page. If yes, the NTP server time synchronization is successful.
----End
9.2 Managing the Configuration File
This topic describes how to back up and load the configuration file.
During routine maintenance, configuration data may be missing due to abnormal device
restart or upgrade failure. Therefore, you are advised to back up the configuration file
periodically.
After backup is complete, you can load the configuration file as required to recover data.
The EGW1520 allows you to back up and load the configuration file in web mode. You can:
Back up the configuration file, which contains all the configurable data and can be
encrypted. For details, see Backing Up the Configuration File.
Load the configuration file in HTTP mode. For details, see Loading the Configuration
File (HTTP).
Load the configuration file in FTP mode. For details, see Loading the Configuration File
(FTP).
Load the configuration file in TFTP mode. For details, see Loading the Configuration
File (TFTP).
Load the configuration file in FTPS mode. For details, see Loading the Configuration
File (FTPS).
In FTP mode, data is transmitted in plain text. Load configuration files in FTP mode on
trusted networks.
Step 3 Click Browse and select a configuration file.
Set the file path, which can be a local path, for example, D:\CFG001882ab2415.xml, or a
network path, for example, \\10.168.10.111\CFG001882ab2415.xml.
Step 4 Click and proceed as prompted.
After loading is successful, the EGW1520 automatically restarts. After the restart is complete,
you can log in to the EGW1520 web management system.
The restart takes 2 to 3 minutes depending on the device configuration. If the
configuration data is more, the startup time is longer.
If the uploading fails, the configuration data on the EGW1520 remains. You can reload the
configuration file.
After the LAN port restarts, the management IP address changes to the imported IP
address.
----End
Loading the Configuration File (FTP)
Step 1 On the web management system, choose Management > Configuration from the navigation
Ensure that the FTP service is enabled when configuration files are loaded and that
the FTP server connects to the EGW1520 properly.
File Name
Relative path of the file to be uploaded. If the configuration file is stored
in C:/ftp/egw/CFG001882ab2415.xml and the access path that is set on
the FTP server is C:/ftp, set the relative path to
egw/CFG001882ab2415.xml.
Port Number
Port number of the FTP server, which is 21 by default.
Anonymous
If you select Anonymous, the EGW1520 connects to the FTP server as
an anonymous user that is the default user on the FTP server.
User Name
User name for logging in to the FTP server. This parameter is configured
on the FTP server.
Password
Password for logging in to the FTP server. This parameter is configured
on the FTP server.
Ensure that the TFTP service is enabled when configuration files are loaded
and that the TFTP server connects to the EGW1520 properly.
File Name
Relative path of the file to be uploaded. If the configuration file is
stored in C:/tftp/egw/CFG001882ab2415.xml and the access path
that is set on the TFTP server is C:/tftp, set the relative path to
egw/CFG001882ab2415.xml.
Port Number
Port number of the TFTP server, which is 69 by default.
Step 5 Click and proceed as prompted.
After loading is successful, the EGW1520 automatically restarts. After the restart is complete,
you can log in to the EGW1520 web management system.
The restart takes 2 to 3 minutes depending on the device configuration. If the
configuration data is more, the startup time is longer.
If the uploading fails, the configuration data on the EGW1520 remains. You can reload the
configuration file.
After the LAN port restarts, the management IP address changes to the imported IP
address.
----End
Loading the Configuration File (FTPS)
Step 1 On the web management system, choose Management > Configuration from the navigation
Ensure that the FTPS service is enabled when configuration files are loaded and that
the TFTP server connects to the EGW1520 properly.
File Name
Relative path of the file to be uploaded. If the configuration file is stored in
C:/ftps/egw/CFG001882ab2415.xml and the access path that is set on the
FTP server is C:/ftps, set the relative path to
egw/CFG001882ab2415.xml.
Port Number
Port number of the FTPS server. The default port number is 990.
Anonymous
If Anonymous is selected, the EGW1520 connects to the FTPS server as
an anonymous user.
User Name
User name for logging in to the FTPS server. This parameter is configured
on the FTPS server.
Password
Password for logging in to the FTPS server. This parameter is configured
on the FTPS server.
Certificates
Certificate for authenticate logins.
NOTE
Before using the certificate to authenticate logins, configure the certificate by
After loading is successful, the EGW1520 automatically restarts. After the restart is complete,
you can log in to the EGW1520 web management system.
The restart takes 2 to 3 minutes depending on the device configuration. If the
configuration data is more, the startup time is longer.
If the uploading fails, the configuration data on the EGW1520 remains. You can reload the
configuration file.
After the LAN port restarts, the management IP address changes to the imported IP
address.
----End
9.3 Restoring Factory Settings
This topic describes how to restore factory settings.
Before restoring factory settings, refer 9.2 Managing the Configuration File to back up the
configuration information of the current version.
After restoration, the EGW1520 restarts automatically to make the factory settings take effect.
To view factory settings, log in to the web management system again.
To restore factory settings, press the RESET button on the device or perform operations on
the web page.
RESET Button
Press RESET on the EGW1520 for longer than six seconds.
Web Mode
Step 1 On the web, choose Management > Restore Default from the navigation tree.
After the EGW1520 restarts, the configuration data changes to factory settings. Use the IP
address 192.168.1.1, the user name admin and the password Admin@123 to log in to the
web management system again, see 7.7.1 Web Management.
----End
9.4 Managing System Logs
This topic describes how to manage system logs.
During the EGW1520 running, a large number of logs are generated and sent to the syslog
management module. You can send the log file to the Huawei technical support for faults
analysis. The EGW1520 provides the following log functions:
Backs up the log file remotely.
If the remote backup function is configured, the syslog management module sends the
log file to the log server for your remote maintenance. For details, see Backing Up Log
Files Remotely.
Backs up the log file locally.
If the local backup function is configured, the log file is saved in the local flash memory.
The EGW1520 allows you to download the latest log files from the flash memory on a
web page. For details, see Backing Up the Log File Locally.
The EGW1520 writes the flash memory when a 512 KB log is generated. When the size of
generated logs reaches 2 MB, the earliest logs are overwritten by the latest ones.
Notice: Notification log, which indicates that a major event
occurs.
Informational: Informational log, which indicates common events
and status information
Debugging: Debug log, which records information about system
internal debugging.
NOTE
To generate debug logs, set the log level to Debugging and enable the debug
log for each module. For details, see 8.1 Enabling the Debug Log.
The EGW1520 only sends log information whose level is equal to or higher than that you set
to the log server. The highest level is Emergency and the lowest level is Debugging.
Step 3 Click to save the settings.
----End
Backing Up Log Files Remotely
Step 1 Enable the function of generating logs. For details, see Configuring Logs.
Step 2 Set Mode to Remote.
Step 1 Enable the function of generating logs. For details, see Configuring Logs.
The log file is in .log format. The default file name is in Log+Current EGW1520 system date.log
format, for example, Log20100101.log. You can also change the file name.
After downloading the log file, you can delete the log file from the flash memory according to
Deleting Logs.
----End
You can delete old logs from the flash memory.
Log information that is sent to the log server is not affected.
The page shown in Figure 9-14 is displayed.
Figure 9-14 Deleting logs
Step 2 Click and proceed as prompted.
----End
9.5 Viewing Alarms
This topic describes how to view alarms. You can analyze the exceptions occur during system
running according to the alarms.
Procedure
Step 1 On the web management system, choose Diagnose > Warning Info from the navigation tree.
The following is a detailed description of the preceding log sample:
admin/192.168.1.8: The user name is admin and the user ID is 192.168.1.8.
alarmlog: This log is an alarm log.
1970–01–01 01:28:30: Time when this operation is performed.
Downloaded alarm logs succeed: This alarm log is downloaded successfully.
For details about the security log information, see 12.2 Security Log Information.
----End
9.7 Viewing Electronic Labels
You can learn about the device information based on its electronic label.
To view the electronic label of a device, perform the following operations:
Step 1 You have logged in to the web management system. For details, see 7.7.1 Web Management
Step 2 Choose Management > Status > from the navigation tree.
The system displays a page, as shown in Figure 9-17.
Figure 9-17 Electronic label (1)
Step 3 Click Electronic Label .
The system displays a page, as shown in Figure 9-18.
This topic describes how to back up call records on the local computer.
The call record backup function has the following features:
Saves the latest 5000 records. When the number of saved call records reaches 5,000, the
system overwrites the earliest call records to save the latest ones.
Saves 40 call records each time. If the number of latest call records is smaller than 40,
the system saves call records at an interval of four hours.
Saves the call start and end time, and the calling and called numbers.
Configuration procedure
Step 1 On the web management system, choose Diagnose > Call Recording from the navigation
tree.
Step 2 Set Call Recording to Enable.
The page shown in Figure 9-19 is displayed.
Figure 9-19 Downloading call records
By default, the system disables the call record backup function.
Step 3 Click to save the settings.
Step 4 Click to download call records that are saved. Download call records to a
The call record file must be in the .txt format. The default file name is in CDR+Current
EGW1520 system date.txt format, for example, CDR20110101.txt. You can also change
the file name.
Click the Delete All Records After Download option button. Then the web management
system will delete call records after the downloading is complete.
----End
9.9 One-Click Download
This topic describes how to use the one-click download function to collect system information.
If the system is faulty, you can download system information and send it to the maintenance
personnel for fault location.
The EGW1520 provides the one-click download function for you to collect the following
information:
System configurations (device model, hardware version, software version, MAC address
on WAN port, IP address on WAN port, and IP address on LAN port)
System logs
Alarm information
Procedure
Step 1 On the web management system, choose Diagnose > One-Click Download from the
navigation tree.
The page shown in Figure 9-20 is displayed.
Indicates whether to set a complicated password. If this parameter is
enabled, the password must contain special characters, such as @, #
and %.
----End
9.10 Changing the Password
This topic describes how to change the password for logging in to the EGW1520.
The EGW1520 allows a maximum of 10 users to log in at the same time.
The new password takes effect upon the next login. When a user changes the password, other
users who have logged in are not affected.
If you forget the password, you can only restore the password to the default factory setting. As
a result, the configuration data is lost.
Procedure
Step 1 On the web management system, choose Management > Change Password from the
navigation tree.
The page shown in Figure 9-21 is displayed.
Indicates the user name. The user name is admin and cannot be changed.
Old Password
Indicates the current password.
New Password
Indicates the new password to be set. The password consists of 6 to 16
characters.
Confirm
Password
Indicates that the user enters the new password again.
Step 3 Click to save the settings.
----End
9.11 Upgrading Host Software
This topic describes how to upgrade host software.
The EGW1520 allows you to upgrade the host software on a web page. The following modes
are provided:
HTTP mode
FTP mode
TFTP mode
FTPS mode
Upgrade procedures vary according to version. For details on the host software storage path
and upgrade methods, see the eSpace EGW1520 Upgrade Guide.
If the device is powered off or network communication is interrupted during software upgrade,
the device may crash or the configuration file may be lost.
9.12 Uploading Voice Files
This topic describes how to upload voice files.
Voice files can be uploaded to the EGW1520 to play announcements for users.
The EGW1520E allows you to upload voice files in .pcm format or compressed voice file
packages in .zip format on a web page. The following modes are provided:
Step 1 On the web management system, choose Voice > Upload Voice File from the navigation tree.
TFTP Mode
FTPS Mode
By default, Chinese voice files are loaded on the EGW1520. You can choose Voice >
Upload Voice File to change the language.
When uploading a voice file in .pcm format, ensure that the file size is not greater than 1
MB. When uploading a voice file in .zip format, ensure that the file size is not greater than
30 MB.
In FTP mode, data is transmitted in plain text. Load configuration files in FTP mode on
trusted networks.
The page shown in Figure 9-22 is displayed.
Figure 9-22 Upload Voice File page (HTTP)
Step 2 Click Browse and select the voice file to be uploaded.
The voice file path can be a local path, for example, D:\english.zip, or a network path, for
example, \\10.168.10.111\english.zip.
Step 3 Click and proceed as prompted.
After the loading is successful, the Message page is displayed, as shown in Figure 9-23.
Ensure that the FTP service is enabled when configuration files are loaded and that
the FTP server connects to the EGW1520 properly.
File Name
Indicates the relative path of the file to be uploaded. If the file to be
uploaded is stored in C:/ftp/egw/voice.zip and the access path that is set on
the FTP server is C:/ftp, set the relative path to egw/voice.zip.
Port Number
Indicates the port number of the FTP server. The default value is 21.
Anonymous
If you select Anonymous, the EGW1520 connects to the FTP server as an
anonymous user that is the default user on the FTP server.
User Name
Indicates the user name for logging in to the FTP server. This parameter is
configured on the FTP server.
Password
Indicates the password for logging in to the FTP server. This parameter is
configured on the FTP server.
Step 4 Click and proceed as prompted.
After the loading is successful, the Message page is displayed, as shown in Figure 9-25.
Figure 9-25 Success message
If the loading fails, the voice file on the EGW1520 remains. You can reload the voice file.
----End
TFTP Mode
Step 1 On the web page's navigation bar, choose Voice > Upload Voice File.
Step 2 Click TFTP.
Ensure that the TFTP service is enabled when configuration files are loaded and
that the TFTP server connects to the EGW1520 properly.
File Name
Indicates the relative path of the file to be uploaded. If the file to be
uploaded is stored in C:/tftp/egw/voice.zip and the access path that is
set on the FTP server is C:/tftp, set the relative path to egw/voice.zip.
Port Number
Indicates the port number of the TFTP server, which is 69 by default.
Step 3 Set parameters according to Table 9-12.
Table 9-12 TFTP parameters
Step 4 Click and proceed as prompted.
After the loading is successful, the Message page is displayed, as shown in Figure 9-27.
Step 1 On the web management system, choose Management > Restart from the navigation tree.
The page shown in Figure 9-30 is displayed.
Figure 9-30 Restart page
Step 2 Click and proceed as prompted.
The restart takes 2 to 3 minutes depending on the device configuration. More configurations
indicate a longer restart duration. Access the web management system to check whether the
restart is complete. The restart is complete if you can access the page.
This topic describes the concept and methods for maintaining the EGW1520.
10.1 Overview
10.2 Application Layer Security
10 Security Maintenance
10.3 System Layer Security
10.4 Network Layer Security
10.5 Management Layer Security
10.6 Appendix
10.1 Overview
10.1.1 Objectives
Application systems are facing growing security threats. If a security problem occurs, services
will be interrupted, profits will decrease, and the system may break down. To detect potential
security problems and resolve them in time, users need to establish an all-round protection
system and execute maintenance tasks with a hierarchical approach.
As new security threats emerge continuously, technical methods are insufficient to ensure the
security of application systems. Therefore, users also need to develop a security management
system based on the suggestions given on problems found in routine security maintenance,
which ensures proper running of the applications.
10.1.2 Layered Security Maintenance
Based on the security maintenance objects and objectives, security maintenance on service
systems must be conducted at different layers.
Application Layer
The security maintenance at this layer is conducted to ensure that the EGW1520 and related
web management system run properly and provide services correctly.
Security maintenance at this layer is conducted to ensure that the operating system runs
properly, ensuring the proper running of applications at the application layer.
At the system layer, security maintenance is conducted using the maintenance terminals or
tools corresponding to the maintenance objects.
Network Layer
Security maintenance at this layer is conducted to ensure the proper running of switches,
routers, and firewalls and to ensure the application of security policies at this layer.
At the network layer, security maintenance is conducted using the maintenance terminals or
tools of the maintenance objects.
Management layer
Security maintenance at this layer is conducted to enhance manual management and
maintenance to prevent potential risks. The preceding layers are involved in
management-layer security maintenance.
10.1.3 EGW1520 Security Overview
This topic describes the EGW1520 security solution.
Security is essential to communications products and systems. The EGW1520 security
solution contains the following layers:
The security at the management layer ensures the system maintenance, running, security,
and continuity.
The security at the application layer protects all Huawei applications, including access,
data, communication, and coding.
Security at the system layer protects the operating systems, databases, and middleware
used by applications.
The security of the network layer protects the network devices and communication.
With the cooperation of the four layers, the EGW1520 security solution provides security
protection for small-sized enterprises.
Figure 10-1 shows the layered architecture of the EGW1520 security solution.
The login password and service (for example, voice mailbox) password cannot be
displayed on GUIs in clear text, and must be encrypted before they are stored.
Before changing a password, you must enter the original password.
Changing a Password
Step 1 On the web management system, choose Management > Change Password from the
navigation tree.
The page shown in Figure 10-2 is displayed.
Figure 10-2 Change Password page
Step 2 (Optional) Enable the strong password. If this parameter is enabled, the password must
contain special characters, such as @,#,%.
Step 3 Enter the original password, new password, and confirm password as prompted.
Step 4 Click to save the settings.
----End
10.2.2 Web Access Control
Web access control methods of the EGW1520 are as follows:
Combination of Session and Cookie
If you do not perform any operation in 10 minutes after logging in to the web
management system, the login times out and the system requires re-login to ensure
security.
Logout request initiated by a client
After logging in to the web management system, click Log Out at the upper-right corner.
The confirm dialog box is displayed. Click OK. The login dialog box is displayed.
Step 1 On the web management system, choose Management > Configuration from the navigation
tree.
The page shown in Figure 10-3 is displayed.
Figure 10-3 Backing up the configuration file
Step 2 Select Encrypt Configuration File to encrypt the whole configuration file.
Step 3 Click to save the configuration file to the local host or other hosts on the
network as prompted.
----End
10.2.4 Application Layer Log Check
This topic describes how to check application layer logs. To ensure the application layer
security, you must check the application layer logs periodically.
Checking the log function
Step 1 On the web management system, choose Diagnose > System Logs from the navigation tree.
Step 2 Click to save the logs to the local host.
Step 3 Verify that log files are displayed on the local desktop.
The log file is in .log format. The default file name is in admin_Log+Current EGW1520
system date.log format, for example, Log20100101.log.
Step 4 Open the local log files to view logs.
----End
Releasing the Log Storage Space
The EGW1520 writes the flash memory when a 512 KB log is generated. When the size of
generated logs reaches 2 MB, the earliest logs are overwritten by the latest ones.
The administrator must download and delete logs in the log management module to release
the log storage space periodically.
Security maintenance at this layer is conducted to ensure that the operating system runs
properly, ensuring the proper running of applications at the application layer.
The system layer security maintenance contains:
System log function that can help checking system security. For details, see 10.2.4
Application Layer Log Check.
Web management system function that supports the EGW1520 connecting to the client
through HTTPS.
Logging In to the Web Management System
Step 1 On the maintenance terminal, open Internet Explorer, and enter https://192.168.1.1 in the
address box.
If errors about the security certificate occur during the login process, click Yes to go on.
After logging in to the web management system, you can change IP address of the EGW1520. For
details, see Configuring the LAN.
Step 2Press Enter, and the page shown in Figure 10-5 is displayed.
Figure 10-5 Logging in to the web management system (1)
Step 3 Enter the user name admin and default password Admin@123, and click Log in. The page
Figure 10-6 Logging in to the web management system (2)
Choose Management > Change Password to change the password after the initial login.
Make a note of your password and keep it in a safe place. Do not share your password
with anyone. If you forget your password, press and hold the RESET button on EGW1520
for more than six seconds, and log in to the web management system using the default
password Admin@123. The configuration is restored to factory settings.
If you fail to log in to the web management system for 5 consecutive times within 10
minutes, the system locks your PC IP address for 30 minutes.
If you do not perform any operation in 10 minutes after logging in to the web management
system, the login times out and the system requires re-login to ensure security.
----End
10.4 Network Layer Security
The network layer provides firewall, Demilitarized Zone (DMZ), and VLAN division
functions.
10.4.1 Security Network
Figure 10-7 shows the security network of the EGW1520 solution.
Is deployed at the entrance and exit of the enterprise network, which provides the
firewall function to filter information and prevent unauthorized access.
Provides the filtering function, which can configure Internet access policy and protect
the network security.
Provides the NAT ALG function based on the SIP protocol to ensure the voice
communication security.
Provides the DMZ function to protect the internal network. External users can access
only internal servers in the DMZ.
Provides the VLAN division function to separate different zones in the network.
10.4.2 Network Security Maintenance
Firewall Security Check on the WAN Side
The EGW1520 provides the firewall function to filter information and prevent unauthorized
access.
Enabling the firewall
Step 1 On the web management system, choose Network > WAN from the navigation tree.
If you enable the firewall on the WAN side, packets that are being sent to an EGW1520 or a
downstream device will be blocked by the firewall on the WAN side.
By configuring the incoming packet filter function, you can specify packets that can be sent
through the firewall on the WAN side.
DMZ Security Check
External systems can use virtual servers to access the intranet server. When large amounts of
services are running on the intranet server, multiple virtual servers must be configured. You
can configure the DMZ to simplify the virtual server configuration process.
Enabling the DMZ Function
Step 1 On the web management system, choose Network > Security from the navigation tree.
Step 1 Connect the EGW1520 to the Internet through the WAN port as an internal user, and set the
IP address to 11.11.11.1 for the WAN port.
Step 2 Set the DMZ Host IP address to 192.168.1.5 on the EGW1520.
Step 3 Configure the web and FTP servers on the server whose IP address is 192.168.1.5 as the
internal user.
Step 4 Open Internet Explorer and enters https://11.11.11.1 or ftp://11.11.11.1 in the address box as
an external user.
----End
If the external user can access the web or FTP server, the DMZ is configured successfully.
VLAN Security Check
VLANs are created on a physical LAN to separate the LAN into multiple broadcast domains.
Hosts on a VLAN can communicate with each other, and hosts between VLANs cannot
communicate with each other. That is, broadcast packets can be sent between hosts on the
same VLAN, which improves network security.
Indicates the LAN port on the EGW1520. The EGW1520 provides four
LAN ports (LAN1 to LAN4).
VLAN ID
Indicates the VLAN that port belongs to. The default value is 1.
Priority
Indicates the 802.1p priority based on which devices that connect to the
port (such as a switch) process packets. The value ranges from 0 to 3. A
larger value indicates a higher priority.
Link type
The options are as follows:
Access: Ports of this type can be added to only one VLAN, and are
always connected to PCs and switches.
Trunk: Ports of this type can be added to multiple VLAN, and can
identify and transmit packets that belong to multiple VLANs based on
the VLAN tag.
Permit
VLAN ID
Indicates the VLAN ID that is allowed to pass through the port. This
parameter is configurable only when Link type is set to Trunk.
Step 1 Change the VLAN IDs to VLAN 2 for LAN1 and LAN2, and to VLAN 3 for LAN3 on
EGW1520 A. Set the connection type to Access
Step 2 Change the connection type to Trunk for LAN4 on EGW1520 A, and set the VLAN
changing range to 3.
Step 3Change the VLAN IDs to VLAN 3 for LAN1 on EGW1520 B. Set the connection type to
Access
Step 4 Change the connection type to Trunk for LAN4 on EGW1520 B, and set the VLAN
changing range to 3.
----End
After the configuration, hosts on the same VLAN can communicate with each other. Hosts on
different VLANs cannot communicate with each other.
10.5 Management Layer Security
This topic describes general maintenance suggestions for routine security maintenance.
Carriers can formulate security management regulations by referring to these suggestions and
abide by these regulations to ensure system security.
10.5.1 Security Principles for System Maintenance
Minimum Principle
Install only required services and components.
The functions and roles of servers must be distinguished. Do not install unnecessary
services and components.
A service's internal components must be downsized according to the preceding
principles.
Minimum Accounts
Accounts must be managed strictly according to account policies.
The addition, modification, and deletion of accounts in the system must be strictly
controlled.
Minimum Rights
Assign minimum rights to system services and accounts.
Control right assignment strictly in the operating system.
Dedication
A host must run only one type of service.
Partitions where the operating system, applications, and data are located must be
separated.
Operations on the host must be logged and monitored in other feasible methods.
Failures to access the system's important resources must be audited.
Successes in accessing the system's key resources must be audited.
Successes and failures to modify the access control policies must be audited.
10.5.2 Password Maintenance
Users need to be authenticated when they attempt to log in to the application system portal.
The carrier can configure the account and password complexity, and password validity period
based on security requirements.
During password maintenance, ensure that:
The admin user's password is kept by a designate person.
Passwords must be encrypted before transfer. Do not transfer passwords using emails.
Huawei engineers need to request the customer to change passwords before system
delivery.
10.5.3 Log Maintenance
The system administrator can detect potential risks according to logs.
Checking Logs Periodically
The maintenance personnel need to periodically check system logs. If any faults are detected,
they must report them to the upper-level departments. If the causes cannot be located or the
faults cannot be rectified, contact the local representative office or Huawei technical support
center.
Backing Up Logs Periodically
The maintenance personnel need to periodically save log files to external storage media such
as disks, tapes, and CD-ROMs for backup. After successful backup, the original log files need
to be deleted to free up the space.
10.5.4 Security Evaluation
You are advised to find a qualified evaluation organization to evaluate the system security.
When implementing security evaluation, contact Huawei technical support engineers.
10.5.5 Vulnerability Scanning
You are advised to use tools to scan vulnerabilities. To use Huawei vulnerability scanning tool,
contact Huawei technical support engineers.
10.5.6 Data Backup
Based on security maintenance requirements, back up data in the following scenarios:
Before and after security configuration, maintenance, and troubleshooting
When the network connection changes, you are advised to:
Ensure that the new security policy cannot affect the original security policy.
Analyze the network topology.
10.5.8 Defect Reporting
If the customer system is attacked, Huawei technical support engineers will solve this
problem depending on whether any security accidents occur.
If a security accident occurs, Huawei technical support engineers will provide remote or
on-site support to mitigate the attack impact with the assistance of customer maintenance
personnel and generate an accident handling report.
If no security accident occurs, Huawei technical support engineers will record the
problem information and forward it to the research and development (R&D) team to
process. After the R&D team works out a solution, Huawei technical support engineers
will analyze the solution impact on services and develop a feasible solution.
10.5.9 Emergency Response Mechanism
The customer must formulate the emergency response mechanism to deal with emergencies,
recover the system, and minimize losses.
10.6 Appendix
The communication matrix must be customized based on the actual network. For details, see
Record all the important operations, for example, restarting a process and restoring
factory settings. An important operation must be performed by qualified operators after
the related data is backed up and proper measures are provided against security and
emergency events.
11.2 Troubleshooting Process
This topic describes the EGW1520 troubleshooting process.
The EGW1520 troubleshooting process involves collecting fault information, rectifying faults,
Detailed fault description helps to quickly locate faults. The scenario information, networking
information, and system information must be collected when a fault occurs.
This topic describes the fault scenario information that must be collected immediately after a
fault occurs.
Collect the following scenario information after a fault occurs:
Fault occurrence time and place
Fault symptom
Operations that were performed before the fault occurred
Measures that have been taken after the fault occurred and the results
Services that were affected by the fault and the scope of the fault
Collecting Networking Information
Networking information helps maintenance personnel to simulate the fault scenario and locate
the fault.
The maintenance personnel must document and save the following onsite information:
Physical network, including physical connections and connection media.
Device names and versions.
Logical connections between devices.
Device interconnection information, such as the VLAN, IP address, subnet, gateway or
port of a device.
Collecting System Information
System information includes information about the device, network, route, Address
Resolution Protocol (ARP), and Dynamic Host Configuration Protocol (DHCP). By collecting
system information, you can learn about the software and hardware versions and detailed
network information.
To collect the EGW1520 system information, perform the following operations:
1. Log in to the web management system. For details, see 7.7.1 Web Management.
2. Choose Management > Status from the navigation tree on the left.
3. Select Device, Network, Route, ARP, and DHCP Client in turn to view and manually
record system information.
For the description of the parameters that are displayed when you select Device, Network, Route, ARP,
or DHCP Client, see Web Parameters Reference.
11.2.2 Rectifying Faults
After locating a fault, take proper measures to rectify the fault.
Take measures based on the fault symptom. For the troubleshooting cases, see 11.3
Voice-Specific Faults, 11.4 Network Faults, and 11.5 System Faults.
11.2.3 Verifying Fault Rectification
After taking measures to rectify a fault, verify that the fault is rectified.
If the fault is rectified, compile a troubleshooting report. If the fault is not rectified, contact
Huawei technical support engineers.
11.2.4 Compiling a Troubleshooting Report
After verifying that a fault is rectified, record the fault rectification process and compile a
troubleshooting report for future reference.
The troubleshooting report should include: fault symptom, fault location, fault rectification,
and preventive suggestions.
11.2.5 Obtaining Technical Support
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and
service. Please feel free to contact our local office or company headquarters.
Address: Administration Building, Huawei Technologies Co., Ltd., Bantian, Longgang
District, Shenzhen, P. R. China
Postal Code: 518129
Website: http://support.huawei.com
Customer service telephone: 4008302118
Email: support@huawei.com
11.3 Voice-Specific Faults
Voice-specific faults mainly refer to the faults that occur during user registration, call setup,
and service invocation.
11.3.1 Voice Service Users Cannot Register with the
IMS/NGN Network
This topic provides the method to use for troubleshooting when voice service users cannot
register with the IMS/NGN network.
Symptom
After network and voice data are configured on the EGW1520, EGW1520 voice service users
cannot register with the IP Multimedia Subsystem (IMS) network or Next Generation
Network (NGN), and the value of User Status is Fault.
The page shown in Figure 11-3 is displayed.
Figure 11-3 Voice Service Users Cannot Register with the IMS/NGN Network
Possible Causes
A network exception has occurred.
The SIP server configuration is incorrect.
The number configuration is incorrect.
The Network Address Translation (NAT) function is disabled.
Indicates whether to enable the failback function. When the active
server fails, resources and services will be automatically switched to
the standby server. If this function is enabled, resources and services
will be automatically switched back to the original active server
after the original active server has been recovered.
Option Interval
Interval for sending option messages to the active server. Option
messages are used to check whether the active server can be used.
NOTE
This parameter is valid only for the master server.
Address Type
The address can be an IP address or a domain name. The network
carrier provides this value.
Step 1 Check the network connection.
Check the network connection in either of the following ways:
Check whether the Internet indicator is on. If the indicator is on or blinks, the EGW1520
has been registered with the network service provider and the network connection is
normal.
Choose Management > Status from the navigation tree on the web management
system,click the Network tab. If the value of Status is Connected on the Network page,
the network connection is normal.
If the network connection is abnormal, see Installation to verify the cable connections and 7.2
Connection Modes to verify the network configuration.
Step 2 Verify the SIP Server parameter settings.
1. Choose Voice > SIP Server from the navigation tree on the web management system.
The page shown in Figure 11-4 is displayed.
Figure 11-4 SIP Server page
2. Ensure that the parameters listed in Table 11-1 are set correctly.
IP address or domain name of the SIP server. The network carrier
provides this value.
DNS Type
Mode for the DNS server to parse the IP address. This parameter is
valid when Address Type is set to Domain.
SRV: A domain name is configured to parse multiple IP address.
The two IP addresses with the highest priorities are the IP
addresses of the active SIP server and standby SIP server.
NOTE
If you set DNS Type to SRV, you do not need to configure the standby SIP
server.
HOST: One domain name corresponds to one IP address. To
perform switchover between the active and standby servers, two
SIP servers need to be configured.
Server Type
Select a server type according to the actual SIP network connected
to the EGW1520.
Port
Port number of the SIP server. The network carrier provides this
value. The default value 5060 is recommended.
Expiration Time
Timeout interval for the registration group to register with the SIP
server, in seconds. The value ranges from 0 to 14400. The default
value 360 is recommended.
Step 3 Choose Voice > Phone Allocation from the navigation tree on the web management system,
and check the registration group and external number configuration for Analog Phone users
and IP Phone users. The registration group and external number configuration must be
consistent with the settings on the IMS/NGN side. If an external number is prefixed with a
plus sign (+), change the plus sign to 00.
Step 4 Check whether the NAT function is enabled.
Choose Management > Status from the navigation tree on the web management system,click
the Network tab. If the value of NAT is not Enabled on the Network tab page, see
Configuring ADSL or Configuring WAN to delete the Asymmetric Digital Subscriber Line
(ADSL) or Wide Area Network (WAN) connection and add another ADSL or WAN
connection to enable the NAT function.
Step 5 If the fault persists, see Obtaining Huawei Technical Support.
----End
11.3.2 Failure to Make Outer-Office Calls
This topic provides the method to use for troubleshooting when outer-office calls cannot be
made.
Symptom
Intra-office users cannot make calls to outer-office users.
Step 1 Check cable connections between the IP phone and an analog phone. If the cable is
disconnected from either phone, reconnect it. Use a new cable if the original one is damaged.
Step 2 Check the phones. If they are faulty, replace them.
Step 3 Check the voice codecs configured on IP phones and EGW1520. Ensure that they share at
least one voice codec.
To change the voice codec of the IP phone, see the IP phone user manual. The voice codec of
the analog phone is determined by the voice codec of EGW1520. To change the voice codec
of the analog phone, proceed as follows:
1. Choose Voice > Voice Parameters from the navigation tree on the web management
3. Select available codec types and add them to the Selected box.
Step 4 Check the IP Phone gateway configuration. For details about how to configure the IP Phone
gateway, see the IP Phone user manual.
Step 5 If the fault persists, see 11.2.5 Obtaining Technical Support.
----End
11.3.4 CCBS Service Is Unavailable
This topic provides the method to use for troubleshooting when the Call Completion on Busy
Subscriber (CCBS) service is unavailable.
Symptom
The CCBS service is unavailable.
Possible Causes
The CCBS service is disabled.
The CCBS service is enabled for certain prefixes only.
The CCBS service is enabled, but the calling party has enabled the calling line
identification restriction (CLIR) function.
The services that allow users to answer multiple calls simultaneously are disabled on the
IMS or NGN server. These services include multiple call service and call waiting service.
Troubleshooting Procedure
Step 1 Check whether the CCBS service is enabled.
1. Choose Voice > Service Manager from the navigation tree on the web management
system.
The page shown in Figure 11-10 is displayed.
If you do not specify the value of Number, all users can trigger the CCBS service when
making calls. If you specify the value of Number, only users who have the preset user
number or user number prefix can trigger the CCBS service.
Step 3 Check whether the calling party has enabled the CLIR service. If the calling party has enabled
the CLIR service, the called party cannot call back because the calling number cannot be
obtained. If the calling party is an EGW1520 user, see Calling Line Identity Restriction to
disable the CLIR service.
Step 4 Enable the services that allow users to answer multiple calls simultaneously on the IMS or
NGN server. If the calling party is a user on the IMS or NGN side and the call waiting service
is disabled, the CCBS service is unavailable.
Step 5 If the fault persists after you perform the preceding operations, see Obtaining Huawei
Technical Support.
----End
11.3.5 Failure to Synchronize Data in the UC Mode
This topic provides the method to use for troubleshooting when the EGW1520 cannot
synchronize data in the UC mode.
Symptom
The EGW1520 failed to synchronize data when the UC mode is enabled.
Possible Causes
Network faults occur.
The data synchronization server is configured incorrectly.
EGW1520 synchronization is not configured on the data synchronization server.
Choose Management > Status from the navigation tree on the web management page.
Click the Network tab. If Status is set to Connected on the Network tab page, the
network connection is normal.
You can also check the Internet indicator. If the indicator is steady on or blinks, the network connection
is normal.
If Status is set to other values, the network connection is abnormal. See Installation to
verify cable connection and 7.2 Connection Modes to verify network connection
configurations.
2. Check the ADSL or WAN port configuration.
If the EGW1520 uplink mode is ADSL, choose Network > ADSL from the navigation
tree on the web management page, and check the ADSL configuration.
If the EGW1520 uplink mode is WAN, choose Network > WAN from the navigation
tree on the web management page, and check the WAN port configuration.
3. Ping the data synchronization server from the EGW1520. For details, see 8.4 Pinging IP
Addresses.
If the data synchronization server fails to be pinged, contact the enterprise IT
administrator to check whether the data synchronization server is faulty.
Step 2 Verify that the IP address, port, and synchronization key are correctly configured on the data
synchronization server.
Choose Voice > SIP Server from the navigation tree on the web management page, and check
the port and synchronization key configuration on the data synchronization server.
The synchronization key of the data synchronization server on the EGW1520 side must be the same as
that of the data synchronization server on the enterprise headquarters side.
Step 3 Contact the enterprise IT administrator to check whether EGW1520 synchronization is
configured on the data synchronization server.
If yes, ask the enterprise IT administrator to check whether the EGW1520
synchronization is correctly configured.
If no, ask the enterprise IT administrator to add the EGW1520 synchronization to the
data synchronization server.
Step 4 If the fault persists, see 11.2.5 Obtaining Technical Support.
----End
11.4 Network Faults
Network faults primarily include network port indicator fault and uplink network
disconnection.
This topic provides the method to use for troubleshooting when the network port indicator is
off while network cables are connected to the port.
Symptom
The LAN or WAN port indicator is off when network cables are connected to the port.
Possible Causes
The device is powered off.
The network cable is improperly connected to the port.
The network cable is faulty.
The network negotiation fails.
Troubleshooting Procedure
Step 1 Ensure that the EGW1520 is powered on.
Step 2 Ensure that the network cable is properly connected to the port.
Step 3 Check the network cable. Insert the cable into another port. If the indicator is on, the cable is
intact. If the indicator is off, the cable is damaged. In this case, replace the cable.
Step 4 Ensure that the port connected to the EGW1520 is set to auto-negotiation mode. For details
Step 5 If the fault persists, see Obtaining Huawei Technical Support.
11.4.2 Failure to Access the IP Network Through ADSL
Symptom
about how to set auto-negotiation mode, see the user manual for the peer device.
----End
This topic provides the method to use for troubleshooting when the EGW1520 fails to access
the IP network through the asymmetric digital subscriber line (ADSL).
The ADSL is configured, but the EGW1520 fails to access the IP network through the ADSL.
Figure 11-17 and Figure 11-18 show the Network pages where the IP address is null and the
Step 3 Ensure that the following configuration on the ADSL ATM interface is consistent with that on
the DSLAM side:
VPI and VCI
DSL latency
Encapsulation mode and service category
DSL Link Type
For the PPPoE service, the value must be set to EoA on the ADSL ATM interface. For
the PPPoA service, the value must be set to PPPoA on the DSL ATM interface.
Step 4 Ensure that the following configuration is consistent between the ADSL service side and the
BRAS side:
Static IP address: If a static IP address is configured on the ADSL service side, check
whether the BRAS supports static IP addresses. If the BRAS does not support static IP
addresses, do not use a static IP address. If the BRAS supports static IP addresses, check
whether the static IP address is within the supported static IP address range.
PPP authentication information, including the PPP user name, password, and
authentication mode (the authentication mode can be set to Auto).
Encapsulation mode and service category.
Step 5 If the dial on demand function is enabled, use a computer that is connected to the EGW1520
to access the Internet so that the traffic flows through uplink ADSL to trigger a network
connection.
Step 6 If the fault persists, see Obtaining Huawei Technical Support.
----End
11.4.3 Failure to Use 3G Data Card to Access a 3G Network
This topic provides the method to use for troubleshooting when the EGW1520 cannot access
a 3G network with a 3G data card.
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.