Lancom 1723 VOIP, 1724 VOIP, 1722 VOIP, 1823 VOIP User Manual

Download

Page 1

...connecting your business

LANCOM 1722 VoIP LANCOM 1723 VoIP LANCOM 1724 VoIP LANCOM 1823 VoIP

쮿

Handbuch

쮿

Manual

Page 2

LANCOM 1722 VoIP LANCOM 1723 VoIP LANCOM 1724 VoIP LANCOM 1823 VoIP

Page 3

0827/0810

While the information in this manual has been compiled with great care, it may not be deemed an assurance of product characteristics. LANCOM Systems shall be liable only to the degree specified in the terms of sale and delivery.

The reproduction and distribution of the documentation and software supplied with this product and the use of its contents is subject to written authorization from LANCOM Systems. We reserve the right to make any alterations that arise as the result of technical development.

Windows®, Windows 7, Windows Vista™, Windows NT® and Microsoft® are registered trademarks of Microsoft, Corp

Apple, Apple logo, Macintosh, PowerMac, iMac, MacBook, iPhone, Mac OS, Leopard, Snow Leopard, Mac and the Mac logo are trademarks of Apple Computer, Inc., registered in the U.S. and other countries.

The LANCOM Systems logo, LCOS and the name LANCOM are registered trademarks of LANCOM Systems GmbH. All other names or descriptions used may be trademarks or registered trademarks of their owners.

Subject to change without notice. No liability for technical errors or omissions.

Products from LANCOM Systems include software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http:/

/www.openssl.org/).

Products from LANCOM Systems include cryptographic software written by Eric Young (eay@cryptsoft.com

Products from LANCOM Systems include software developed by the NetBSD Foundation, Inc. and its contributors.

Products from LANCOM Systems contain the LZMA SDK developed by Igor Pavlov.

LANCOM Systems GmbH

Adenauerstr. 20/B2

52146 Wuerselen

Germany

www.lancom.eu

Wuerselen, August 2010

Page 4

LANCOM 1823 VoIP only

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Preface

Preface

Thank you for your confidence in us!

LANCOM VoIP Routers provide the comprehensive functions of an access router, professional firewall and high-quality VPN gateway and WLAN access point in a single, compact device. They thus combine investment protection and cost savings as a reliable voice over IP solution for small and mid- sized enterprises, home and branch offices.

LANCOM Wireless Routers and LANCOM Access Points can be oper-



ated either as self-sufficient Access Points with their own configuration (WLAN modules in "Access Point mode“) or as components in a WLAN infrastructure, which is controlled from a central WLAN-Controller ("managed mode"). Please observe the corresponding notices to this in this documentation.

Standard features of the different models are integrated interfaces for ADSL and ISDN, and a LAN switch. LANCOM 1723 VoIP additionally provides interfaces for analog telephone systems. Along with the analog interfaces, LANCOM 1823 VoIP also provides professional WLAN technology.

In addition to data communications functions, VoIP support transforms LANCOM Routers into fully fledged, integrated VoIP communications solutions. Along with Quality of Service functions which are optimized for VoIP, the LANCOM VoIP Routers offer the full range of options required for voice communications over data networks and the step-by-step, cost-effective and simple migration from existing telecommunications systems to corporate Voice over IP. The particular characteristics of LANCOM VoIP Routers include, among others:

 PBX functions for analog, ISDN and SIP subscribers  Site connectivity of data and voice via VPN  SIP proxy and registrar for registration with providers and upstream VoIP

PBXs

 SIP trunking for multiple parallel lines with extension numbers over a sin-

gle account with a switchboard number.

 SIP gateway with transparent transition between SIP and ISDN/analog

telephony

 SIP remote gateway provides local SIP, ISDN or analog lines to remote

IP-PBXs.

Page 5

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Preface

 Intelligent call routing and number translation  Support of point-to-point and point- to- multipoint connections to the

ISDN network

 Multiple configurable ISDN interfaces (NT/TE), some with life-line support

and power relay to the internal ISDN bus

 WLAN compliant to the standards IEEE 802.11a/h or IEEE 802.11b/g

Information about your model's functionality in detail is available from the

Model restriction

table 'Just what can your LANCOM VoIP Router do?'.

LANCOM products undergo continuous development. For precise



information about their features and for the latest version of the LCOS operating system, please visit the LANCOM website.

Model variants

This documentation is to be used for different models:

 LANCOM 1722 VoIP  LANCOM 1723 VoIP  LANCOM 1724 VoIP  LANCOM 1823 VoIP

The sections of the documentation that refer only to a range of models are marked either in the corresponding text itself or with appropriate comments placed beside the text.

In the other parts of the documentation, all described models have been classified under the general term LANCOM VoIP Router.

Security settings

To maximize the security available from your product, we recommend that you undertake all of the security settings (e.g. firewall, encryption, access protection) that were not already activated when you purchased the product. The LANconfig Wizard 'Security Settings' will help you with this task. Further information is also available in the chapter 'Security settings'.

We would additionally like to ask you to refer to our Internet site

www.lancom.eu

developments, and also to download our latest software versions.

Components of the documentation

The documentation of your device consists of the following parts:

for the latest information about your product and technical

Page 6

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Preface

 Installation Guide  User manual  PBX Functions manual  Menu Reference Guide

You are now reading the user manual. It contains all information you need to put your device into operation. It also contains all of the important technical specifications.

The PBX Functions manual gives you detailed step-by- step instructions on commissioning a LANCOM VoIP Router as a PBX (private branch exchange) for a single location. Also described are the main operating instructions for users, and how to connect terminal equipment.

The Reference Manual is to be found as an Acrobat document (PDF file) at

www.lancom.eu/download

or on the data medium (CD/DVD) supplied. It is designed as a supplement to the user manual and goes into detail on topics that apply to a variety of models. These include, for example:

 The system design of the operating system LCOS  Configuration  Management  Diagnosis  Security  Routing and WAN functions  Firewall  Quality of Service (QoS)  Virtual Private Networks (VPN)  Virtual Local Networks (VLAN)  Wireless networks (WLAN)  Voice communication in computer networks with Voice over IP (VoIP)  Backup solutions  LANCAPI  Further server services (DHCP, DNS, charge management)

The Menu Reference Guide (also available at www.lancom.eu/download

or on the data medium (CD/DVD) supplied) describes all of the parameters in LCOS, the operating system used by LANCOM products. This guide is an aid to users during the configuration of devices by means of WEBconfig or the telnet console.

Page 7

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter :

This documentation was created by …

... several members of our staff from a variety of departments in order to ensure you the best possible support when using your

Should you find any errors, or if you would like to suggest improvements, please do not hesitate to send an e-mail directly to:

info@lancom.eu

LANCOM

product.

Our online services www.lancom.eu are available to you around the



clock if you have any questions on the content in this manual, or if you require any further support. The area 'Support' will help you with many answers to frequently asked questions (FAQs). Furthermore, the knowledgebase offers you a large reserve of information. The latest drivers, firmware, utilities and documentation are constantly available for download. In addition, LANCOM Support is available. For telephone numbers and contact addresses for LANCOM Support, please refer to the enclosed leaflet or the LANCOM Systems Web site.

Information symbols

Very important instructions. Failure to observe these may result in damage.



Important instruction that should be observed.



Additional information that may be helpful but is not essential.



Page 8

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Contents

Contents

1 Introduction 11

1.1 How do ADSL and ADSL 2+ work? 11

1.2 What does VPN offer? 13

1.3 Firewall 14

1.4 Voice over IP 15

1.4.1 Example Applications 15

1.4.2 The central position of the LANCOM VoIP Router 21

1.4.3 VoIP characteristics of the LANCOM VoIP Routers 24

1.5 Just what can your LANCOM do? 25

2 Installation 33

2.1 Package content 33

2.2 System requirements 34

2.2.1 Configuring the LANCOM devices 34

2.2.2 Operating access points in managed mode 34

2.3 Introducing the LANCOM Router 34

2.3.1 Status displays 34

2.3.2 Device connectors 41

2.4 Hardware installation 44

2.5 Configuring the ISDN and analog interfaces 47

2.6 Software installation 47

2.6.1 Starting Software Setup 47

2.6.2 Which software should I install? 49

3 Basic configuration 50

3.1 Details you will need 50

3.1.1 TCP/IP settings 50

3.1.2 Configuration protection 52

3.1.3 Settings for the wireless LAN 52

3.1.4 Charge protection 53

3.2 Instructions for LANconfig 54

3.3 Instructions for WEBconfig 55

3.4 TCP/IP settings for PC workstations 59

Page 9

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Contents

4 Setting up Internet access 61

4.1 The Internet Connection Wizard 63

4.1.1 Instructions for LANconfig 63

4.1.2 Instructions for WEBconfig 64

5 Configuring the VoIP functions 65

6 Connecting two networks 66

6.1 Which details are necessary? 67

6.1.1 General information 67

6.1.2 Settings for the TCP/IP router 69

6.1.3 Settings for NetBIOS routing 70

6.2 Instructions for LANconfig 71

6.3 1-Click-VPN for networks (site-to-site) 72

6.4 Instructions for WEBconfig 73

7 Providing dial-in access 74

7.1 Which details are necessary? 74

7.1.1 General information 75

7.1.2 Settings for TCP/IP 76

7.1.3 Settings for NetBIOS routing 77

7.2 Settings on the dial-in computer 77

7.2.1 Dialing-in via VPN 77

7.2.2 Dialing-in via ISDN 77

7.3 Instructions for LANconfig 78

7.4 1-Click-VPN for LANCOM Advanced VPN Client 78

7.5 Instructions for WEBconfig 80

Page 10

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Contents

8 Advanced wireless LAN configuration 81

8.1 WLAN configuration with the wizards in LANconfig 81

8.2 Point-to-point connections 83

8.2.1 Geometric dimensioning of outdoor wireless network links 83

8.2.2 Antenna alignment for P2P operations 88

8.2.3 Measuring wireless bridges 90

8.2.4 Activating the point-to- point operation mode 90

8.2.5 Configuration of P2P connections 91

8.2.6 Security for point-to- point connections 94

8.3 Client mode 96

8.3.1 Client settings 96

8.3.2 Set the SSID of the available networks 97

8.3.3 Encryption settings 97

8.3.4 Roaming 98

9 Sending faxes with LANCAPI 101

9.1 Installation of the LANCOM CAPI Faxmodem 102

9.2 Installation of the MS Windows fax service 103

9.3 Sending a fax 104

9.3.1 Send a fax with any given office application 104

9.3.2 Send a fax with the MS Windows fax service 105

10 Options and accessories 106

10.1 Optional AirLancer Extender antennas 106

10.1.1 Antenna diversity 107

10.1.2 Polarization diversity 107

10.1.3 Installing the AirLancer Extender antennas 107

10.2 LANCOM Public Spot Option 108

Page 11

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Contents

11 Security settings 110

11.1 Security in the wireless LAN 110

11.1.1 Encrypted data transfer 110

11.1.2 802.1x / EAP 113

11.1.3 LANCOM Enhanced Passphrase Security 113

11.1.4 Access control by MAC address 114

11.1.5 IPSec over WLAN 114

11.2 Security settings Wizard 114

11.2.1 LANconfig Wizard 115

11.2.2 WEBconfig Wizard 116

11.3 The security checklist 116

12 Configuring the ISDN and analog interfaces in detail 121

12.1 ISDN interface in NT or TE mode 121

12.2 Bus termination, life-line support and power supply 122

12.3 Protocol setting 124

12.4 ISDN connection timing 125

13 Troubleshooting 127

13.1 No DSL connection is established 127

13.2 DSL data transfer is slow 127

13.3 Unwanted connections under Windows XP 128

14 Appendix 129

14.1 Performance data and specifications 129

14.2 Contact assignment 133

14.2.1 ADSL interface 133

14.2.2 ISDN interface

14.2.3 ISDN interface

14.2.4 ISDN/Analog interface

14.2.5 Analog interface

14.2.6 Ethernet interface 10/100Base-TX 135

14.2.7 Configuration interface (Outband) 136

14.3 Declaration of conformity 136

⌧ 133  134

⌧ 134

 135

Page 12

LANCOM 1823 VoIP only

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

1Introduction

LANCOM VoIP Routers are fully functional routers with an integrated firewall to provide local networks with secure access to the Internet.

With the VPN option included, these devices work as powerful Dynamic VPN gateways for external locations or mobile users.

Along with the ADSL connection, these devices also feature ISDN connections, and some feature analog telephone connections. An ISDN line can be used to backup the WAN connection, for remote management of the router, as a basis for office communications via LANCAPI, and for establishing Dynamic VPN connections to external locations that use dynamic IP addresses.

By using the Voice over IP function, these devices can transfer voice data over broadband Internet as well as over ISDN and analog telephone connections.

LANCOM Wireless Routers and LANCOM Access Points can be oper-



ated either as self-sufficient access points with their own configuration (WLAN modules in "Access Point mode") or as components in a WLAN infrastructure, which is controlled from a central WLAN Controller ("managed mode"). Please observe the corresponding notices in this documentation.

LANCOM VoIP routers can be upgraded with powerful controls over Internet access with the LANCOM Content Filter Option. This intelligent high-end solution uses a database-supported web filtering technology that works with profiles to control access rights and that also offers practical functions such as overrides. A system requirement for operating the content filter is LCOS 8.0, the operating system available for free download from LANCOM.

1.1 How do ADSL and ADSL 2+ work?

ADSL (Asymmetric Digital Subscriber Line) is currently the most common technology for broadband Internet connections. Standard and almost ubiquitous telephone lines (analog or DSL) are the basis for DSL data transfer to the nearest telephone exchange. From here, the data is passed directly on to the Internet over high-speed connections.

The asymmetric DSL variant ADSL was developed for applications where users receive large amounts of data but transmit only small amounts, such as when surfing in the WWW. ADSL subscribers can receive data at up to 8 Mbps ("downstream") and transmit at up to 800 kbps ("upstream"). ADSL providers are able to reduce these maximum rates as they please.

Page 13

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

To satisfy the strongly increasing demand for higher bandwidths, the standards ADSL 2 and ADSL 2+ provider higher data rates as a basis for applications such as video streaming or high-definition TV (HDTV) over the Internet. Depending on the Internet provider, ADSL 2 devices support downstream data rates of up to 12 Mbps, and ADSL 2+ devices support up to 24 Mbps. Handshake routines during connection establishment ensure that the standards ADSL, ADSL 2 and ADSL 2+ are intercompatible.

Parallel to data transfer, ADSL also provides full and unlimited support for the classic applications in telephony (telephone, fax, answering machine, PBX). This is facilitated by splitters which separate the voice frequencies from the data frequencies.

The LANCOM VoIP Router features an integrated modem for ADSL/ADSL 2+. It can be directly connected to the splitter with the supplied cable.

INTERNET

PSTN

Splitter

NTBA

Splitter

ADSL Router

ISDN

ISDN Phone

LAN

ADSL can operate over both ISDN- and analog telephone lines (POTS – Plain Old Telephone Service). Devices with an integrated modem are supplied in

two versions. Information about the supported telephone system is to be found on the type designation on the underside of the device. The device name is marked on the label along with a suffix which indicates the supported telephone system:

Suffix Supported telephone system

'Annex A' ADSL-over-POTS

'Annex A' ADSL-over-ISDN

Annex A-type devices are exclusively to be operated at ADSL-over-POTS connections. Annex B-type devices are exclusively to be operated at ADSL-over- ISDN connections. Your network operator will be able to inform

Page 14

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

you of the version you need. These devices cannot be altered or upgraded to a system other than that for which it is equipped.

There are even ADSL-over-ISDN connections which are not combined with an ISDN connection, but with a standard analog telephone connection instead. In Germany, for instance, all T-DSL connections from Deutsche Telekom AG are implemented as ADSL-over-ISDN connections.

1.2 What does VPN offer?

A VPN (Virtual Private Network) can be used to set up secure data communi- cations over the Internet.

The following structure results when using the Internet instead of direct connections:

HEADQUARTER

LAN

SERVER

VPN GATEWAY



INTERNET

BRANCH

VPN GATEWAY

LAN

All participants have fixed or dial-up connections to the Internet. Expensive dedicated lines are no longer needed.

 All that is required is the Internet connection of the LAN in the headquar-

ters. Special switching devices or routers for dedicated lines to individual participants are superfluous.

쐋

Computers using remote access,

e.g. home working

LAPTOP

 The subsidiary also has its own connection to the Internet.

 The RAS PCs connect to the headquarters LAN via the Internet.

Page 15

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

The Internet is available virtually everywhere and typically has low access costs. Significant savings can thus be achieved in relation to switched or dedicated connections, especially over long distances.

The physical connection no longer exists directly between two participants; instead, the participants rely on their connection to the Internet. The access technology used is not relevant in this case: Broadband technology such as DSL (Digital Subscriber Line) is ideal. A conventional ISDN line can be used,

too.

The technologies of the individual participants do not have to be compatible to one another, as would be the case for conventional direct connections. A single Internet access can be used to establish multiple simultaneous logical connections to a variety of remote sites.

The resulting savings and high flexibility makes the Internet (or any other IP network) an outstanding backbone for a corporate network.

1.3 Firewall

The integrated stateful-inspection firewall is an effective barrier to unwanted data traffic as it only permits the entry of data as a response to outgoing data traffic. The IP masquerading function in the router conceals LAN workstations accessing the Internet behind a single public IP address. The true identities (IP addresses) of the individual workstations remain masked. Router firewall filters allow the blocking of individual IP addresses, protocols and ports. MAC address filters also offer effective control over the access of LAN workstations to the IP routing functions in the device.

INTERNET

FIREWALL

Router

Further important features in the firewall are:

 Intrusion detection

Server

Page 16

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

Attempts to break in to the local network or central firewall are recognized, repelled and recorded by the Intrusion Detection System (IDS) in the LANCOM. There is a choice of alarms including in-device logging, e- mail messaging, SNMP traps or SYSLOG alarms.

 Denial-of-Service protection

In addition to conventional break- ins, attacks from the Internet may aim to block the availability of individual services. For this reason, the LANCOM router is equipped with appropriate security mechanisms to recognize popular hacker attacks and guarantee router functionality.

 Quality of Service/traffic management

The term Quality of Service (QoS) embraces a range of functions in your LANCOM. QoS functions consider the powerful classification methods used by firewalls (e.g. restriction to subnets, individual workstations or certain services). These enable Quality of Service to be very precisely controlled. By guaranteeing a minimum bandwidth, precedence can be assigned to enterprise-critical applications, VoIP telephony or certain user groups.

Details about the functions of the LANCOM Router stateful-inspection



firewall are available in the reference manual.

1.4 Voice over IP

The term Voice over IP (VoIP) refers to voice communications over computer networks based on the Internet protocol (IP). The core idea is to provide the functions of traditional telephony via cost-effective and wide- spread networking structures such as the LAN or Internet. VoIP itself is not a standard, rather it is a collective term for the various technologies (equipment, protocols, voice encoding, etc.) which make voice communications in IP networks possible.

1.4.1 Example Applications

Voice over IP solutions offers advantages across a broad spectrum of applications, starting with small companies and extending to large corporations with extensive networks of subsidiaries. In the following section, we will demonstrate a number of examples.

Detailed instructions on configuration are available in the PBX Func-



tions manual or in the LCOS reference manual.

Page 17

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

Operation as a PBX

In many cases, LANCOM VoIP Routers can completely replace a local PBX. With up to eight voice channels (e.g. LANCOM 1724 VoIP) to landlines, the possibility to use SIP accounts and SIP trunking, and the data- and voice networking of various sites, these are powerful and future-ready alternatives to conventional PBX systems.

A systematic set of instructions for setting up the LANCOM VoIP Router for this

purpose can be found in the PBX Funtions manual. Beforehand, we recommend that you read the following chapters on the basic setup of devices and software, and then carry out a basic configuration. You should also have set up the Internet access before you continue with setting up the PBX functions.

Example: LANCOM VoIP Router As PBX

PC / Softphone

Analog FAX

ISDN

ISDN Phone

PC / Softphone

SIP Phone

INTERNET

SIP SERVER

SIP Phone

POTS

Analog Phone

ISDN

ISDN Phone

VOIP ROUTER

NTBA

ISDN

ISDN Phone

Supplementing existing PBXs

VoIP functions can be conveniently added in to existing telephone structures by using a LANCOM VoIP Router. The LANCOM VoIP Router is simply connected between the public exchange line (e.g. ISDN NTBA or analog telephone line) and the PBX.

Page 18

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

Example: ISDN PBX

PC / Softphone

Analog FAX

ISDN

ISDN Phone

PC / Softphone

PBX

SIP Phone

VOIP Router

INTERNET

NTBA

SIP Server

ISDN

SIP Phone

ISDN

ISDN Phone

Telephone calls over the PBX and the telephones connected to it remain possible just as before; the telephones remain available under the familiar telephone numbers. This application additionally offers the following options:

 In addition to the ISDN and analog telephones, SIP telephones or SIP soft-

phones can be included in the telephone infrastructure.

 SIP subscribers in the internal LAN are also able to call external PSTN

subscribers.

 The ISDN and analog telephones continue to function, and addition-

ally they can call all of the internal SIP telephones and softphones in the LAN.

 Calls to external SIP subscribers who use the same Internet provider are

often available at no cost.

 With the appropriate connection to a public SIP provider, other SIP sub-

scribers worldwide can be called. As an alternative to a direct telephone connection, public telephone network subscribers can also be reached over a diversion via the SIP provider. The costs depend on the provider's particular tariff models. Frequently, long-distance and overseas calls via an SIP provider are significantly cheaper than the traditional telephone connection.

In this constellation, the LANCOM VoIP Router takes over the switching of the calls. The device can be individually configured, for example, to use the access

Page 19

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

codes to decide upon the switching of a call either via the ISDN interface, or via the Internet as a VoIP call.

Connecting subsidiaries or home offices to the headquarters

Many subsidiaries or home offices already have a connection to the network at headquarters over VPN. These connections are normally limited to conventional data transmission. By using VoIP, internal company calls can be made

for free over the existing VPN connection and— thanks to the VPN encryption —these calls are secured against eavesdropping.

With a LANCOM VoIP Router located in the branch or home office, the two worlds of traditional (ISDN and analog) and VoIP telephony can be united in a single telephone: A SIP telephone or an existing analog or ISDN telephone can be used for free telephone calls via VPN to the headquarters, or to make standard calls via the conventional telephone network.

Example: Branch office with analog telephone connection, headquarters with SIP-capable PBX

PC / Softphone

POTS

Analog Phone

Branch office Headquarters

SIP Phone

VoIP Router

INTERNET

VoIP Router

PSTN

The advantages of a telephone connection to headquarters:

 The configuration of telephone functions can be carried out centrally in

the VoIP PBX at headquarters.

 Subscribers at their branch or home offices connect with the central PBX.  Calls within the company network are free.  Outgoing calls are automatically directed to the optimal line for cost opti-

mization.

SIP Phone

PC PC

SIP PhoneSIP Phone

PBX

Page 20

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

VoIP for companies through SIP trunking

One of the biggest hurdles for companies that fully migrate to VoIP is to maintain the existing telephone numbers. Normal provider SIP accounts come with a telephone number for the transition to the landline telephone network, but generally these numbers are selected from a pool of numbers available to the provider. However, for companies with a large number of telephone subscribers and numbers, it is of decisive importance that existing telephone and extension numbers are maintained after migrating to VoIP.

With the SIP trunking function, entire ranges of telephone numbers made up of external numbers and their associated extensions can be mapped by LANCOM VoIP Routers over a single connection to a SIP provider, assuming that the provider also supports Direct Dialing In (DDI) and can provide multiple connections simultaneously. Generally speaking, SIP providers that offer SIP trunking can acquire the existing telephone numbers from the former telecomms provider.

Connecting local exchange lines with a remote SIP gateway

Companies with nation-wide and internationally distributed sites are often interconnected with VPN already. A LANCOM VoIP Router can be used not only to connect the SIP, ISDN or analog telephones at a branch office to the SIP-PBX at headquarters; it can also integrate the branch office's local telephone lines into corporate communications with help of the "SIP Remote Gateway" function.

The SIP remote gateway is active for outgoing and incoming calls.

 A company headquarters in New York can, for example, use a LANCOM

VoIP Router with SIP gateway located at the Los Angeles branch office to telephone with customers and suppliers located in Los Angeles at local rates ("local break-out").

 For improved availability to customers located abroad, the New York

headquarters can, for example, use a LANCOM VoIP Router with SIP remote gateway located at their sales office in Italy. Customers can then reach support or service numbers via a standard national telephone number. Calls over the local exchange line are received and directed within the company network to the responsible employee. Call routing can be used which identifies the customer's calling number and automatically selects the appropriate connection to be used for forwarding the call.

Page 21

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

SIP Phone SIP Phone

L ocal PSTN

VoIP Router

SIP Phone

Branch office Headquarters

INTERNET

VoIP Router

Advantages of the SIP remote gateway:

 The local telephone connection at any site is available for use by any of

the offices throughout the entire company.

 National and international long-distance calls can be mapped to local or

regional calls, so saving costs.

 Automatic routing of incoming calls to the responsible employee.

Connecting sites without a SIP PBX

Companies with widely disperse offices and without their own SIP PBX can also take advantage of VoIP site coupling. In this "Peer-to-Peer" scenario, a LANCOM VoIP Router has been implemented at both locations.

Along with data transfer via VPN, it is also possible to use VoIP functions between the two locations.

The advantages of peer-to-peer site coupling

 ISDN and analog PBXs at different locations can form a common internal

telephone network.

 An SIP PBX is not necessary.  Calls within the company network are at no charge.  Outgoing calls are directed to the optimal line for cost optimization.  Incoming calls can be switched directly to the appropriate employee at a

different location.

PBX

Page 22

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

Example: Sites with ISDN or analog lines

PC / Softphone

ISDN

ISDN Phone

PC / Softphone

Analog FAX

SIP Phone

VoIP Router

SIP Phone

INTERNET

VoIP Router

PSTN

1.4.2 The central position of the LANCOM VoIP Router

LANCOM VoIP Router take up a central position in the switching of telephone calls between internal and external subscribers over the different channels of communication. Depending on the model and equipment, the devices interconnect the following communication participants and channels into a common telephone infrastructure.

 Internal VoIP terminal devices connected to LAN, WLAN and DMZ, such

as SIP telephones and SIP softphones

 The internal telephone infrastructure with ISDN or analog PBX and ISDN

and analog telephones

 Analog terminal devices, internally connected either into the ISDN net-

work via a PBX with a/b ports, or alternatively into the VoIP network over an ATA (Analog Telephone Adapter)

PC / Softphone

Analog PBXISDN PBX

POTS

Analog Phone

 External SIP providers and all of the external subscribers attainable via

them

 Upstream SIP PBXs with all of the internal and external subscribers attain-

able through it

 The external telephone world via an exchange line or upstream PBX, and

all of the external subscribers available via the land-line network

Page 23

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction





SIP PBX

ISDN

ISDN Phone





ISDN PBX

ISDN

ISDN Phone



PC / Softphone

POTS

Analog Phone



SIP Phone

Analog FAX

SIP Server

VoIP Router

POTS

Analog Phone

Users and lines

Telephony subscribers in internal areas can take part in voice communications and, in the LANCOM VoIP environment, are referred to as "users". The LANCOM differentiates between:

 ISDN users

A maximum of 40 terminal devices connected over the ISDN network, including ISDN and analog devices connected to an upstream ISDN PBX.

When connecting downstream PBXs to point-to-point lines, the number of possible ISDN subscribers is determined by the length of the extension number (DDI). In this case, all of the telephones and terminal equipment connected to the PBX can be mapped with a single ISDN user entry.

 Analog users

Two devices connected to the analog interfaces

 SIP users

A maximum of 32 SIP terminal devices connected over LAN, WLAN and DMZ and analog devices connected with an ATA.

The external paths of communication available to the users are known as "lines". The LANCOM differentiates between the following lines:

Page 24

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

 ISDN

A connection to an ISDN NTBA over the TE interface. The NT interface can additionally be used to connect ISDN terminal devices directly or via a downstream ISDN PBX.

 Analog

A connection to an analog exchange line or to an extension line of an upstream analog PBX.

 SIP lines

Maximum 16 SIP lines There are three different types of SIP line:

 A "Single account" line acts like a normal SIP account with a single

telephone number. The internal users can all make use this account for making SIP calls, although only one call can be conducted at a time.

Depending on the provider services, these lines can be used to reach subscribers in the provider networks, subscribers in other SIP networks (partner networks), or even land-line subscribers. Your own availability at your own telephone number or even solely with an SIP name over the Internet also differs from provider to provider.

 A "trunk" line acts like an extended SIP account with a main external

telephone number and multiple extension numbers. Internal users use this account in parallel and several calls can be made simultaneously (until the maximum available bandwidth is exhausted).

 As a "SIP gateway" line, the LANCOM VoIP Router provides a remote

SIP PBX with a transition to the local ISDN network. The SIP gateway is registered at the SIP PBX with a single number, although several calls can be conducted at once (until the maximum available bandwidth is exhausted). The connection between the SIP PBX and the LANCOM VoIP Router is normally established over a VPN connection.

 A "link" line acts like a trunk line without limitation to one main exter-

nal telephone number and multiple extension numbers. Internal users use this account in parallel and several calls can be made simultaneously (until the maximum available bandwidth is exhausted).

 SIP PBXs

Maximum 4 connections to upstream SIP PBXs. These lines are generally connections to large PBXs in the network at headquarters which can be reached via a VPN connection.

Page 25

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

The precise number of users and lines available varies between mod-



els and software options.

1.4.3 VoIP characteristics of the LANCOM VoIP Routers

Multiple ISDN/analog interfaces

The ISDN/analog interfaces of the LANCOM VoIP Router can be switched as

internal or external connections and, depending on the model, offer up to eight parallel voice channels. This allows, for example, an existing PBX to be additionally equipped with SIP and connected to an upstream VoIP PBX. Subscribers can simultaneously make calls via ISDN and analog telephones, SIP equipment, or softphones to other telephone subscribers, both internally and externally. The transition between SIP and ISDN/analog is automatic and invisible to the user.

Telephone even during a power cut

With life-line support and power relay to the internal ISDN port, it remains possible to telephone over the conventional telephone network even in case of a power outage. ISDN backup, load balancing and VRRP in combination with Ethernet ports as WAN interfaces provide SIP connections with redundancy and high reliability. If a SIP remote station should fail, switching automatically reverts to the conventional telephone network. This ensures that telephony is just as reliable as ever, even with VoIP.

Point-to- multipoint and point-to- point connections with ISDN

For ISDN, LANCOM VoIP Routers support point-to-multipoint and point-to-point connections:

 Point-to- multipoint connection (point-to-multipoint): Up to 8 ISDN termi-

nal devices can be connected to this type of connection. Terminal equipment can include ISDN telephones and ISDN PBXs, which can be used for connecting yet more equipment. As an alternative, a LANCOM VoIP Router can be connected to a point-to-multipoint connection.

 Point-to- point connection (point- to- point): This type of device is suitable

for the connection of one ISDN device only, generally an ISDN PBX. As an alternative, a LANCOM VoIP Router can be connected to a point-to-point connection.

To connect a LANCOM VoIP Router, the interface that is used is set up for the type of line in use.

Page 26

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

Equipment connected to an ISDN connection can be addressed in two ways:

 The devices are addressed with a multiple subscriber number (MSN) that

is linked to the ISDN connection and cannot be influenced.

 Terminal devices are addressed via a Direct Dialing In-Number (DDI).

However, only the main external number is associated with the telephone line; the extension numbers that address the individual terminal devices can be chosen at will and are merely suffixes to the main number. The main number, extension and area selection code (not including the leading zero) can be at the most 11 characters long.

The terms "point-to-multipoint connection" and "point-to-point con-



nection" are used in many countries to describe the technical implementation of point-to- multipoint with MSN and point-to-point with DDI. Other countries may use different types of connection and other combinations of protocol and call-number type, or even different names. Please refer to your telephone network operator for the technical specifications of your ISDN connection.

Bandwidth reservation with failover

High-performance VPN functions allow the reliable transmission of voice and data between company sites. This spares the telephone bill from internal communications. A professional firewall, versatile routing functions and excellent Quality of Service mechanisms make the LANCOM VoIP Router a comprehensive solution for secure voice and data communication in a single compact device. All functions are integrated into the central management functions.

1.5 Just what can your LANCOM do?

The following table provides a comparison of the properties and functions of your device.

Applications

Internet access

LAN-LAN coupling over VPN

LANCOM

✔✔✔✔

LANCOM

1722 VoIP

LANCOM

1723 VoIP

LANCOM

1724 VoIP

1823 VoIP

Page 27

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

LANCOM

LAN-LAN coupling over ISDN

RAS server (over VPN)

RAS server (over ISDN)

IP router

NetBIOS proxy for coupling Microsoft peer-to- peer networks over ISDN

DHCP- and DNS server (for LAN and DMZ)

Advanced Routing and Forwarding (ARF networks) 16 16 16 16

N:N mapping for routing networks with the same IP-address ranges over VPN

Configuring LAN ports as additional WAN ports

Policy-based routing

Load balancing for bundling multiple DSL channels 4

Backup solutions and load balancing with VRRP

PPPoE server

WAN RIP

Rapid Spanning Tree Protocol

Layer-2 QoS Tagging

802.1p

NAT Traversal (NAT-T)

DMZ with configurable IDS checks

ISDN leased lines

LANCAPI server to provide office applications such as fax or answering machine via the ISDN interface.

✔✔✔✔

channels2channels2channels2channels

✔✔✔✔

LANCOM

1722 VoIP

LANCOM

1723 VoIP

LANCOM

1724 VoIP

1823 VoIP

✔

VoIP functions

Page 28

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

SIP proxy and registrar

SIP gateway Free choice from available ISDN S

Management of local SIP users (registration/authentication)

Mapping of public SIP-provider accounts as telephone lines

SIP trunking for mapping SIP accounts with external root numbers and extensions.

Registration at and switching to upstream SIP PBXs

Individual/shared password for authentication

Automatic registration and forwarding of SIP users

Automatic bandwidth management and prioritization of SIP connections

Number of local SIP subscribers (on delivery, upgrade for 32 SIP subscribers with LANCOM VoIP-32 Option)

Operation at exchange lines or extension lines

Operation at ISDN point-to-multipoint lines or ISDN point-to-point lines

Automatic registration and authentication of local ISDN subscribers as SIP users, max. number of mapping entries

Automatic registration and authentication of analog users as SIP users at upstream SIP PBXs, max. number of mapping entries

Switching between local and remote ISDN, analog and SIP users

Remote gateway function for mapping local exchange lines to a remote SIP PBX

ISDN supplementary services CLIP, CLIR

En-block and individual dialing with adjustable wait time until completion

buses

LANCOM

1722 VoIP

LANCOM

1723 VoIP

LANCOM

1724 VoIP

1823 VoIP

✔✔✔✔

8888

✔✔✔✔

40 40 40 40

–2–2

✔✔✔✔

Page 29

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

Inband tone signaling according to European and German standards with country profiles

Call router Central switching of all connections (SIP

Voice processing

and ISDN/analog)

Number translation by mapping, numeral replacement and number supplementation

Rules for routing according to dialed, outgoing call number, line and domain

Multiple cycles, also forced after number replacement

Up to three destinations per routing rule (double backup)

Rule-based rejection of calls

Supplementation of call-number prefixes per line

Supplement/remove root numbers per line

Echo canceling and de-jitter buffer for SIP connections

Transparent pass-through for negotiated codecs

Interaction on codec negotiation (filter, quality, bandwidth)

WAN connections

Connector for DSL or cable modem

Integrated ADSL modem (with ADSL2+)

ISDN S0 connection in NT mode for connecting downstream ISDN devices (ISDN telephones, ISDN PBXs) to the LANCOM

VoIP Router. Switchable to TE mode. * Not suitable for connection to external exchanges (e.g. telephone network).

LANCOM

1722 VoIP

LANCOM

1723 VoIP

LANCOM

1724 VoIP

1823 VoIP

✔✔✔✔

✔

✔*

✔

✔*

Page 30

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

ISDN S0 connection in TE mode for connecting the LANCOM VoIP Router to an external ISDN connection, e.g. to an NTBA or

to an upstream ISDN PBX. Switchable to NT mode.

Power relay; ISDN voltage available at the external connector is passed through to the internal ISDN port, providing power to any connected equipment.

Internal power supply for the ISDN NT connector, providing power to a maximum of two connected telephones.

Analog FXS connectors to connect an analog terminal device or an analog PBX (tone dialing).

Analog FXS connector for connecting the LANCOM VoIP Router to an analog exchange line or to an upstream analog PBX (tone dialing), combined with ISDN1.

Relay of signals and power from the analog exchange line to Analog1 when router switched off (life- line)

Internal power supply for the analog connections, providing power to one connected device each.

Life-line support to ensure functional telephony when device is switched off or with a non-configured VoIP Call Manager

Connection of external analog or GPRS modem to the COM port (requires the LANCOM Modem Adapter Kit)

WLAN

Wireless transmission compliant with IEEE 802.11g and IEEE

802.11b

Wireless transmission compliant with IEEE 802.11a and IEEE

802.11b

Point-to-point mode (six P2P paths can be defined per WLAN interface)

Relay function to link two P2P connections

Access Point mode

Client mode

Managed mode for central configuration of WLAN modules by a WLAN Controller

Turbo mode: Double the bandwidth at 2.4 GHz and 5 GHz.

LANCOM

✔

ISDN1 to

ISDN2

LANCOM

1722 VoIP

✔

LANCOM

1723 VoIP

✔

ISDN1 to

ISDN3

LANCOM

1724 VoIP

1823 VoIP

✔

✔✔

✔✔ ✔

✔✔✔✔

✔

Page 31

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

Super AG incl. hardware compression and bursting

Multi SSID

Roaming function

802.11i / WPA with hardware AES encryption

WEP encryption (up to 128-bit key lengths, WEP152)

IEEE 802.1x/EAP

MAC address filter (ACL)

Individual passphrases per MAC address (LEPS)

Closed-network function

Integrated RADIUS server

VLAN

Intra-Cell-Blocking

QoS for WLAN (IEEE 802.11e, WMM/WME)

LAN connection

Separate FastEthernet LAN ports, individually switchable, e.g. as LAN switch or separate DMZ ports; auto crossover. Alternatively switchable as a WAN interface for connecting SDSL modems.

USB connector

USB 2.0 host port (full speed: 12 Mbps) for connecting a USB printer and for future extensions

Security functions

IPSec encryption via external software (VPN client)

5 integrated VPN tunnels for secure network connections

IPSec encryption in hardware (optional; activated with the VPN-25 option)

LANCOM

1722 VoIP

LANCOM

1723 VoIP

LANCOM

1724 VoIP

1823 VoIP

✔

4222

✔✔✔✔

Page 32

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

IP masquerading (NAT, PAT) to conceal individual LAN workstations behind a single public IP address.

Stateful-inspection firewall

Firewall filter for blocking individual IP addresses, protocols and ports

MAC address filter regulates, for example, LAN-workstation access to the IP routing function

Protection of the configuration from brute-force attacks.

Configuration

Configuration with LANconfig or via web browser; additional terminal mode for Telnet or equivalent terminal programs; SNMP interface and TFTP server function.

1-Click-VPN wizard for easiest setup of RAS access and site-to- site LAN coupling via VPN

Remote configuration via ISDN (with ISDN PPP connections, e.g. via Windows Dial-Up Networking).

Serial configuration interface

Call-back function with PPP authentication mechanisms allowing only predefined ISDN call numbers

FirmSafe for no-risk firmware updates

Optional software extensions

LANCOM VoIP-32 Option for upgrading to 32 local SIP users

LANCOM VPN Option with 25 active tunnels for secure network coupling; includes activation of the hardware accelerator

LANCOM Next Buiness Day Service Extension CPE, item no. 61411

LANCOM 2-Year Warranty Extension CPE, item no. 61414

LANCOM Content Filter for 10 or 25 users, 1 or 3 year subscription

LANCOM Fax Gateway Option activates 'hardfax' within the router, item no. 61425

Optional hardware extensions

LANCOM

1722 VoIP

LANCOM

1723 VoIP

LANCOM

1724 VoIP

1823 VoIP

✔✔✔✔

✔✔✔

Page 33

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 1: Introduction

LANCOM Modem Adapter Kit for connecting analog or GSM modems to the serial interface

19" rackmount adapter

LANCOM ES-1108P PoE switch for Ethernet cabling; simultaneously supplies power over Ethernet, e.g. for the SIP telephone LANCOM VP-100

Lightning-protection adapters SA-5 and SA- LAN

LANCOM

1722 VoIP

LANCOM

1723 VoIP

LANCOM

1724 VoIP

1823 VoIP

✔✔✔✔

✔

Page 34

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

2 Installation

This chapter will assist you to quickly install hardware and software. First, check the package contents and system requirements. The device can be installed and configured quickly and easily if all prerequisites are fulfilled.

2.1 Package content

Before beginning with the installation, please check that nothing is missing from your package. Along with the device itself, the box should contain the following accessories:

LANCOM

1722 VoIP

1723 VoIP

Power adapter

LAN connector cable (green connectors) 1 1 1 1

ADSL connector cable (transparent connectors) 1 1 1 1

ISDN connector cable (light-blue connectors) 1 1 2 1

Adapter to cross-over the contacts for reconfigured ISDN interfaces

Analog cable, RJ11 connector to TAE-NF socket (German standard) or UK socket adapter for No. 431A plugs for connecting analog terminal devices or PBXs

Analog cable, RJ45 connector (yellow marking) to RJ11 connector for connecting to an analog exchange line.

Adapter, RJ11 socket to TAE-F plug (for Germany) or UK RJ11 socket to UK plug No. 431A

Connector cable for the configuration interface

Printed documentation

✔✔✔✔

1121

✔✔✔✔

LANCOM

1724 VoIP

1823 VoIP

Should anything be missing, please take up immediate contact to your dealer or to the address on the delivery note supplied with your device.

Page 35

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

2.2 System requirements

2.2.1 Configuring the LANCOM devices

Computers that connect to a LANCOM must meet the following minimum requirements:

 Operating system with TCP/IP support, such as Windows, Linux, BSD Unix,

2.2.2 Operating access points in managed mode

Apple Mac OS, OS/2.

 Access to the LAN via the TCP/IP protocol.

LANconfig and LANmonitor also require a Windows operating system.



A web browser under any operating system provides access to WEBconfig.

LANCOM Wireless Routers and LANCOM Access Points can be operated either as self-sufficient Access Points with their own configuration ("Access Point mode“) or as components in a WLAN infrastructure, which is controlled from a central WLAN-Controller ("managed mode").

For operation in managed mode the Access Points require firmware of



version 7.22 or higher and a current loader (version 1.86 or higher).

Split management can be used to separate the WLAN configuration from the rest of the router configuration. This allows router settings and VPN settings to be adjusted locally, for example in a branch office or home office installation, and the WLAN configuration is regulated by a LANCOM WLAN Controller at the main office.

2.3 Introducing the LANCOM Router

This section introduces your device. You will find an overview of all status displays, connectors and switches here.

2.3.1 Status displays

Depending on the range of functions of the model, LANCOM Routers have different numbers of front-mounted status displays.

Page 36

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

LANCOM

1722

VoIP

Power

Online

ADSL

ETH 3

ETH 4

ISDN 1

ISDN 2

ETH 1

ETH 2

VPN

LANCOM

1723

VoIP

Power

Online

ADSL

ETH 1

ETH 2

ISDN 1

ISDN 2

Analog (⌧)

Analog 1

VPN

Analog 2

LANCOM

1724

VoIP

Power

Online

ADSL

ETH 1

ETH 2

ISDN 1

ISDN 2

ISDN 3

ISDN 4

VPN

LANCOM

1823

VoIP

Power

Online

ADSL

ETH 1

ETH 2

ISDN 1

ISDN 2

Analog (⌧)

Analog 1

VPN

WLAN Link

WLAN Data

Analog 2

LANCOM 1722 VoIP

 Chapter 2: Installation

Front

Status displays on the front of the device provide information about operational and connection status:

 

Power

Online





ADSL

ISDN 1

ISDN 2

ETH 1

ETH 2

ETH 3

ETH 4



LANCOM

1722

VoIP

VPN

LANCOM 1723 VoIP

LANCOM 1724 VoIP

LANCOM 1823 VoIP



Online

Power



Online

Power



Online

Power



ETH 2

WLAN Link



WLAN Data

LANCOM

1723

VoIP

VPN

LANCOM

1724

VoIP

VPN

LANCOM

1823

VoIP

VPN





ADSL

ISDN 1

ISDN 2

Analog (

Analog 1



ADSL

ISDN 1

ISDN 2

ISDN 3

ISDN 4





ADSL

ISDN 1

ISDN 2

Analog (

Analog 1

Analog 2

 

ETH 1



ETH 1

ETH 2

  

ETH 1

Page 37

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

Top

The two top-mounted LEDs enable the main function status to be assessed even if the device is positioned vertically.

Power

Online

Meanings of the LEDs

In the following sections we will use different terms to describe the behaviour of the LEDs:

 Blinking means, that the LED is switched on or off at regular intervals in

the respective indicated colour.

 Flashing means, that the LED lights up very briefly in the respective col-

our and stay then clearly longer (approximately 10x longer) switched off.

 Inverse flashing means the opposite. The LED lights permanently in the

respective colour and is only briefly interrupted.

 Flickering means, that the LED is switched on and off in irregular inter-

vals.

Power



This LED provides information on the device's operating state.

Off Device switched off

Green blinking Self-test after power-up

Green On (perma-

Red/green Blinking alter-

nently)

nately

Device operational

Device insecure: Configuration password not set

Page 38

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

Orange/green In the housing

Orange /red In the housing

Red blinking Time or charge limit on online connections has been

cover; blinking alternately with the online LED

At least one WLAN module is in managed mode and has not found a WLAN Controller yet. The corresponding WLAN module(s) is/are switched off until a WLAN Controller is found to supply a configuration, or until being switched manually into another operating mode.

At least one WLAN module is in managed mode and has found a WLAN Controller. However, the WLAN Controller cannot assign a configuration because the firmware and/or the device's loader version is not compatible with the WLAN Controller.

reached

The power LED blinks alternately in red/green until a configuration



password has been set. Without a configuration password, the configuration data in the LANCOM is unprotected. Normally you would set a configuration password during the basic configuration (instructions in the following chapter). Information about setting a configuration password at a later time is available in the section 'The Security Wizard'.

The power LED is blinking and no connection can be made?

If the power LED blinks red and no WAN connections can be established, there is no cause for concern. This merely means that a pre-set charge or time limit has been reached.

Signal that a

ower

charge or time

limit has been reached

There are three ways to remove the lock:

 Reset the toll protection.  Increase the limit.  Deactivate the lock completely (set limit to '0').

LANmonitor shows you when a charge or time limit has been reached. To reset the toll protection, activate the context menu (right-mouse click) Reset charge and time limits. The charge settings are defined in LANconfig under Management Costs (these settings are only available if the 'Complete configuration display' is activated under Tools  Options).

With WEBconfig, charge protection and all parameters are to be found under LCOS menu tree

 Setup  Charges  Reset budgets.

Page 39

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

 Online



ADSL

The online LED displays the general status of all WAN interfaces:

Off No active connection

Green Flashing Opening the first connection

Green Inverse flashing Opening an additional connection

Green On (perma-

Red On (perma-

Orange/ green

Orange / red

nently)

In the housing cover; blinking alternately with the power LED

At least one connection is established

Error establishing the last connection

Connection status at the ADSL connector:

Off Interface deactivated

Orange Blinking Initialization (establishing contact to provider)

Orange Flashing Opening the first connection

Orange Inverse flashing Opening an additional connection

Orange On (permanently) At least one logical connection is established

Orange Flickering Data traffic (send or receive)

Orange Flashing Error (CRC error, framing error, etc.)

Red On (permanently) No synchronization, searching for remote station

Green Permanently Synchronization successful

Green Blinking/flashing Handshake/training

Red/ orange

Blinking Hardware error

Page 40

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

 ISDN

Status display for the ISDN interfaces:

TE mode (external ISDN connection)

Off Interface off or Layer 1 deac-

Green Blinking Establishing D- channel Layer 1/establishing Layer 2 TEI

Green On (perma-

Orange Blinking Establishing the first ISDN connection

Orange Flashing Establishing an additional ISDN connection

Orange Inverse flicker-

Red Blinking B- channel error

Red On (perma-

Red/ orange

nently)

ing

nently)

Blinking ISDN hardware error

tivated or no Layer 2 TEI

D-channel activated (Layer 1 active and Layer 2 TEI available)

Data traffic being sent

Abort due to error in establishing D-channel Layer 1 or Layer 2

NT mode (internal ISDN connection)

Interface switched off. When switched off, the line may, under certain circumstances, still be connected to another ISDN interface via a life-line relay.

D channel activated

Abort due to error in establishing D-channel Layer 1.



Analog (1 and 2)

If the LED of an ISDN interface automatically goes off in TE mode, this



does not indicate an error at the S ISDN connections and PBXs switch the S mode after a certain period of inactivity. When needed, the S

bus. It is in fact because several

bus into power-saving

automatically reactivates and the ISDN status LED illuminates in green.

Connection status at the analog terminal equipment connector:

Off Interface switched off.

Green On (permanently) Analog connection is switched on. Handset on-hook or

Orange Blinking Call being established from LANCOM towards the terminal

the device is not connected.

equipment (ringing)

bus

Page 41

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

Orange On (permanently) Handset off-hook.

Orange / red

Red On (permanently) Calibration interrupted or temporary error (e.g. in case of

Blinking Hardware error

shutdown due to temperature)

 Analog (⌧)





ETH

WLAN link

Connection status at the analog exchange line:

Off Interface switched off.

Green On (permanently) Analog exchange line is switched on.

Orange Blinking Call being established from exchange towards LANCOM.

Orange On (permanently) The LANCOM has an analog connection—the handset of

Orange / red

Red On (permanently) No line voltage available (cable may be interrupted)

Blinking Hardware error

The line is "ringing" at the LANCOM.

an analog device is off-hook.

LAN connector status in the integrated switch:

Off No networking device attached

Green On (perma-

nently)

Green Flickering Data traffic

Red Flickering Data packet collision

Connection to network device operational, not data traffic

Provides information about the WLAN connections via the internal WLAN modules. The following can be displayed for WLAN link:

Off No WLAN network defined or WLAN module deacti-

Green At least one WLAN network is defined and WLAN mod-

Green Inverse flashing Number of flashes = number of connected WLAN sta-

vated. The WLAN module is not transmitting beacons.

ule activated. The WLAN module is transmitting beacons.

tions and P2P wireless connections, followed by a pause (default). Alternatively, the frequency of the flashed can indicate the input sensitivity.

Page 42

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

Green Blinking DFS scanning or other scan procedure.

Red Flickering Error in wireless LAN (TX error, e.g. transmission error

due to a poor connection)

Red Blinking Hardware error in the WLAN module

 WLAN data

VPN



2.3.2 Device connectors

LANCOM 1722 VoIP

Provides information about the data traffic at the internal WLAN modules. The following can be displayed for WLAN data:

Green Flickering TX data traffic.

Red Flickering Error in wireless LAN (TX error, e.g. transmission error

due to a poor connection)

Red Blinking Hardware error in the WLAN module

Status of a VPN connection.

Off No VPN tunnel established

Green blinking connection establishment

Green Flashing First connection

Green Inverse flashing Other connections

Green On (perma-

VPN tunnels are established

nently)

The connectors and switches of the device are located on the back panel:

DC12V

ETH3ETH4 ETH2 ETH 1

ConfigUSB (COM)

ISDN 1 (⌧)ISDN 2 ()

ADSL(2+)

Reset

LANCOM 1723 VoIP

   

DC12V



ETH1ETH2

ConfigUSB (COM)



 



ISDN1/Analog(⌧)ISDN2Analog1 ()Analog2 ()

ADSL(2+)

 

Reset

Page 43

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

LANCOM 1724 VoIP

LANCOM 1823 VoIP

Only LANCOM 1823 VoIP

Not including LANCOM 1823 VoIP

LANCOM 1723 VoIP and LANCOM 1823 VoIP only

Reset

ADSL(2+)



Main

Reset

ADSL(2+)

  



Aux

DC12V



DC12V

ETH1ETH2

ConfigUSB (COM)

ISDN 1 (⌧)ISDN 2 (⌧)ISDN 3 ()ISDN 4 ()



ETH1ETH2

ConfigUSB (COM)

ISDN1/Analog(⌧)ISDN2Analog1 ()Analog2 ()



 Aux connector for the WLAN module. The Aux connectors are used for

connecting the diversity antennas.

 Power switch

 Connection for the supplied power adapter

 Switch with 10/100Base-Tx connectors

 USB connector (USB host)

 Serial configuration port (RS 232/V.24)

 Connectors for analog terminal equipment (FXS)

 ISDN connections

 Default LANCOM 1722 VoIP

ISDN 1: TE mode, corresponds to the external ISDN line, alternatively switchable to NT mode

ISDN 2: NT mode, corresponds to the internal ISDN S

, alternatively

switchable to TE mode

 Default LANCOM 1724 VoIP

ISDN 1 and ISDN 2: TE mode, alternatively switchable to NT mode

ISDN 3 and ISDN 4: NT mode, alternatively switchable to TE mode

 Default LANCOM 1723 VoIP and LANCOM 1823 VoIP

ISDN 2: NT mode, alternatively switchable to TE mode

Page 44

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

For safety reasons, interface ISDN 2 on the models LANCOM 1723



VoIP and LANCOM 1823 VoIP must not be directly or indirectly connected to an external exchange (e.g. the telephone network)!

 Combined ISDN-analog interface (FXO)

 Default LANCOM 1723 VoIP and LANCOM 1823 VoIP

ISDN 1: TE mode, alternatively switchable to NT mode or as an interface to the analog exchange line

 ADSL connector (ADSL, ADSL 2, ADSL 2+)

 Reset switch

Reset button functions

The reset button offers two basic functions—boot (restart) and reset (to the factory settings)—which are called by pressing the button for different lengths of time.

It is not always possible to install a device under lock and key. There is consequently a risk that the configuration will be deleted by mistake if a co-worker presses the reset button too long. You can define the behavior of the reset button with a setting in WEBconfig (LCOS menu tree  Setup  Config):

 Reset button

This option controls the behavior of the reset button when it is pressed:

 Ignore: The button is ignored.  Boot only: With a suitable setting, the behavior of the reset button can

be controlled; the button is then ignored or a press of the button prompts a re-start only, however long it is held down.

Please observe the following notice: The settings 'Ignore' or 'Boot only' makes it



impossible to reset the configuration to the factory settings. If the password is lost for a device with this setting, there is no way to access the configuration! In this case the serial communications interface can be used to upload a new firmware version to the device—this resets the device to its factory settings, which results in the deletion of the former configuration. Instructions on firmware uploads via the serial configuration interface are available in the LCOS reference manual.

Page 45

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

 Reset-or-boot (standard setting): Press the button briefly to re-start

the device. Pressing the button for 5 seconds or longer restarts the device and resets the configuration to its factory settings.

All LEDs on the device light up continuously.

Once the switch is released the device will restart with the restored factory settings.

Only LANCOM 1823 VoIP

After resetting, the device starts completely unconfigured and all set-



tings are lost. If possible be sure to backup the current device configuration before resetting.

After resetting, the LANCOM Access Point returns to managed mode,



in which case the configuration cannot be directly accessed via the WLAN interface!

 Main connector for the WLAN module.

2.4 Hardware installation

Installation of the LANCOM Router involves the following steps:

 Antennas – screw the antennas supplied to the back of the LANCOM

VoIP Router.

Antennas are only to be attached or changed when the device is



switched off. Mounting or demounting antennas while the device switched on may cause the destruction of the WLAN module!

When assembling separately purchased antennas please note that the



maximum allowed transmission power of the wireless LAN according to EIRP in the country in question may not be exceeded. The system operator is responsible for adhering to the threshold values.

 LAN – connect your LANCOM Router to the LAN or to an individual PC.

Plug in one end of the supplied network cable (green connectors) to a LAN connector on the device , and the other end into an available network connector socket in your local network, a free socket on a switch or hub, or the networking connector of an individual PC.

The LAN connectors use autosensing to recognize the data rate (10/100 Mbit) and the type (node/hub) of attached network devices. It is possible to connect devices of different speeds and types in parallel.

Page 46

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

Avoid having multiple unconfigured LANCOMs at once within a single



network segment. Any unconfigured LANCOM takes on the same IP address (ending in '254'), and so address conflicts could arise. To avoid problems, multiple LANCOMs should be configured one after the other with the respective device being assigned with a new and unique IP address (not ending in '254') each time.

 ADSL – connect the ADSL interface  with the splitter by using the sup-

plied ADSL connector cable (transparent connectors).

 Connection to the ISDN – to connect the LANCOM VoIP Router to the

ISDN, plug in one end of a supplied ISDN cable (light-blue connectors) to an ISDN interface in TE mode. When shipped, the ISDN interfaces marked

⌧ are set up in TE (external) mode. Plug in the other end of the

with ISDN cable into an ISDN/S multipoint line connector.

For the models LANCOM 1723 VoIP and LANCOM 1823 VoIP, the



interface ISDN2 is not to be connected to the ISDN network, even after being reset to TE mode!

Please also observe the notices about configuring the ISDN interfaces



(→page 121).

 Connecting ISDN terminal devices—to connect ISDN terminal devices

(ISDN telephones or ISDN PBXs) to the LANCOM VoIP Router, connect these to an ISDN int erface in NT mode. When shipped, the ISDN interfaces marked with

For the models LANCOM 1723 VoIP and LANCOM 1823 VoIP, the



ISDN2 interface  can supply a maximum of two telephones with power from the ISDN feed. Please also observe the notices about configuring the ISDN interfaces (→page 121).

 are set to NT (internal ISDN connection) mode.

point-to-point line connector or point-to-

 Connecting to the analog telephone network—to connect the

LANCOM VoIP Router to the analog telephone network, plug the end of the supplied analog connector cable marked in yellow (RJ45) into the combined ISDN/analog interface . The other end of the analog connector ca ble (RJ11) is to be plugged in to an analo g exchange line (e.g . a splitter). If the exchange line has a TAE-N/F socket, you can use the supplied

Page 47

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

adapter (RJ11 socket to TAE plug) or in case of UK No. 431A socket type the UK FXS adapter (RJ11 socket to BAT plug) if supplied.

 Connecting analog terminal equipment—use an analog interface

(FXS) on the LANCOM VoIP Router (RJ11 socket marked with necting analog terminal equipment (telephones or PBXs). If your terminal equipment features a TAE-F or TAE-N connector, please use the supplied adapter cable (RJ11 plug to TAE-N/F socket) or in case your terminal

equipment features BT No. 431A type plugs you may use the analog adapter cables (RJ11 plug to BAT socket) if supplied..

The LANCOM VoIP Router supplies power to the analog terminal



equipment connected to it. With life-line support, the voltage supplied from the analog exchange line is relayed to the terminal equipment via the Analog1 interface ( about life-line support (→page 122).

 Configuration interface – optionally, the router can be connected

directly to the serial interface (RS-232, V.24) of a PC. Use the connection cable supplied for this. Connect the LANCOM configuration interface  to an available serial interface on the PC.

). Please also observe the notices

) for con-

 Connecting an external modem—optionally, an external analog or

GPRS modem can be connected to the device's serial interface with the LANCOM Modem Adapter Kit, so enabling tasks such as remote maintenance, backup connections or Dynamic VPN to be implemented over an additional WAN connection via an analog line.

! Power supply – the socket  is for connecting the supplied power sup-

ply unit.

Use only the supplied power supply unit! The use of the wrong power



supply unit can be of danger to the device or persons.

" Ready for operation? – After a brief self-test, the power LED lights up

continuously. Green LAN LEDs show which LAN connectors are being used for a connection.

Devices with integrated ADSL modems can become very warm during



operation. For these models, environmental temperatures are not to exceed 35°C. Sufficient ventilation is of vital importance. Do not stack the devices and do not expose them to direct sunlight.

Page 48

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

2.5 Configuring the ISDN and analog interfaces

LANCOM VoIP Router routers feature several interfaces for connection to ISDN or analog exchange lines, or for connecting ISDN or analog terminal equipment.

A fundamental decision is whether an internal PBX is to be connected and made VoIP-capable by the LANCOM VoIP Router (e.g. for a single site or for the networking of branches) or whether the LANCOM VoIP Router is to replace a local PBX.

 If a PBX is to be made VoIP-capable, simply leave the ISDN interfaces with

their standard factory settings. On the underside of the device, check that all of the DIP switches are in the standard position as shown on the sticker. Connections of this type do not require an ISDN cross-over adapter.

 If the LANCOM VoIP Router is to replace a PBX, you can use all of the suit-

able ISDN interfaces to connect to the PSTN (public services telephone network). Set the DIP switches on the underside of the device accordingly and use one or two ISDN cross-over adapters (LANCOM 1724 VoIP only). Details of this configuration are available in the PBX Funtions manual.

Detailed information on the significance of DIP swtich settings and



the setup of individual ISDN and analog interfaces are available in the chapter ’Configuring the ISDN and analog interfaces in detail’

→page 121. For other deployment scenarios from those described

above, or for other interface configurations, we stronly recommend that you refer to the corresponding chapter with sample configurations in the reference manual (on the supplied data medium or in the Internet).

2.6 Software installation

The following section describes the installation of the Windows-compatible system software LANconfig and LANmonitor, as supplied.

You may skip this section if you use your LANCOM Router exclusively



with computers running operating systems other than Windows.

2.6.1 Starting Software Setup

Place the data medium (CD/DVD) supplied with your product into your drive. The setup program will start automatically.

Page 49

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

If the setup does not start automatically, run AUTORUN.EXE in the



root directory of the data medium.

In Setup, select Install Software. The following selection menus will appear on screen:

Page 50

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 2: Installation

2.6.2 Which software should I install?

 LANconfig is the Windows configuration program for all LANCOM

routers and LANCOM access points. WEBconfig can be used alternatively or in addition via a web browser.

 With LANmonitor you can use a Windows computer to monitor all of

your LANCOM routers and LANCOM access points.

 WLANmonitor enables the observation and surveillance of wireless

LAN networks. Clients connected to the access points are shown, and even non-authenticated access points and clients can be displayed as well (rogue AP detection and rogue client detection).

 LANCAPI is a special form of the CAPI-2.0 interface which provides

LAN workstations with access to office communications functions such as fax and EuroFile transfer. With the LANCAPI Dial- up Networking support, individual computers can use LANCAPI dial-up connections to access an Internet provider. The CAPI Fax Modem provides you with a driver for Class 1 fax.

 The LANCOM Advanced VPN Client enables VPN connections to be

established over the Internet from a remote computer to a VPN router.

 With Documentation you copy the documentation files onto your PC.

Select the appropriate software options and confirm your choice with Next. The software is installed automatically.

Page 51

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 3: Basic configuration

3 Basic configuration

The basic configuration is conducted with a convenient Setup Wizard that provides step-by-step guidance through the configuration and that requests any necessary information.

First of all this chapter presents the information that has to be entered for the basic configuration. This first section will help you to gather up all of the nec-

essary data before you start the Wizard.

You subsequently enter this information into the Setup Wizard. Starting the program and the following procedure are described step by step. LANconfig and WEBconfig each have their own description. With all of the necessary information collected in advance, this basic configuration can now take place quickly and in ease.

At the end of this chapter we show you the necessary settings for the workplace computers in the LAN so that they can access the device without problem.

3.1 Details you will need

The Basic Settings Wizard is used to set the LANCOM VoIP Routers basic TCP/ IP parameters and to protect the device with a configuration password. The following description of the information required by the wizard is divided into the following configuration sections:

 TCP/IP settings  Protecting the configuration  Wireless LAN details  Configuring toll protection  Security settings

3.1.1 TCP/IP settings

TCP/IP configuration can be performed in two different ways: Either fully automatically or manually. No user input is required if TCP/IP configuration is performed automatically. All parameters are set by the Setup Wizard on its own. When manual TCP/IP configuration is performed the wizard prompts for the usual TCP/IP parameters: IP address, network mask etc. (more on this later)

The fully automatic TCP/IP configuration is only possible in certain network environments. For this reason the Setup Wwizard analyses the connected LAN to see whether fully automatic configuration is possible or not.

Page 52

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 3: Basic configuration

New LAN – fully automatic configuration possible

The setup wizard offers to configure TCP/IP fully automatically if no network devices connected have yet been configured. This usually happens in the following situations:

 Only a single PC is going to be attached to the LANCOM VoIP Router  Setting up a new network

Fully automatic TCP/IP configuration will not be offered if you are integrating the LANCOM VoIP Router into an existing TCP/IP LAN. In this case please continue with the section 'Required information for manual TCP/IP configuration'.

The result of fully automatic TCP/IP configuration is as follows: The LANCOM VoIP Router is assigned the IP address '172.23.56.254' (network mask '255.255.255.0'). The integrated DHCP server is also activated so that the LANCOM VoIP Router can assign the devices in the LAN IP addresses automatically.

Should you still configure manually?

Fully automatic TCP/IP configuration is optional. Instead of this you can select manual configuration. Make this selection after considering the following:

 Select automatic configuration if you are not familiar with networks and

IP addresses.

 Select the manual TCP/IP configuration if you are familiar with networking

and IP addresses, and you would like to specify the IP address for the router yourself (from one of the address ranges reserved for private use, for example '10.0.0.1' with a network mask of '255.255.255.0'). If you do this you simultaneously specify the address range that the DHCP server will subsequently use for the other devices in the network (provided the DHCP server is activated).

Required information for manual TCP/IP configuration

When performing manual TCP/IP configuration the Setup Wwizard prompts you for the following information:

 DHCP mode of operation

 Off: The IP addresses required must be entered manually.  Server: The LANCOM VoIP Router operates as DHCP server in the net-

work; as a minimum its own IP address and the network mask must be assigned.

Page 53

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 3: Basic configuration

 Client: The LANCOM VoIP Router obtains its address information from

another DHCP server; no address information is required.

 IP address and network mask for the LANCOM VoIP Router

Assign the LANCOM VoIP Router a free IP address from your LAN's address range and enter the network mask.

 Gateway address

Enter the gateway's IP address if you have selected 'Off' as the DHCP

3.1.2 Configuration protection

mode of operation or if another network device is assuming the role of gateway in the 'Server' mode of operation.

 DNS server

Enter the IP address of a DNS server to resolve domain names if you have selected 'Off' as the DHCP mode of operation or if another network device is assuming the role of DNS server in the 'Server' mode of operation.

Using a password secures access to the LANCOM VoIP Router's configuration and thus prevents unauthorized modification. The device's configuration contains a great deal of sensitive data such as data for Internet access and should be protected by a password in all cases.

Multiple administrators can be set up in the configuration of the



LANCOM, each with different access rights. Up to 16 different administrators can be set up for a LANCOM VoIP Router. Further information can be found in the LCOS reference manual under “Managing rights for different administrators”.

In the managed mode the LANCOM Wireless Routers and LANCOM



Access Points automatically receive the same root password as the WLAN-Controller, assuming that no root password has been set in the device itself.

3.1.3 Settings for the wireless LAN

Network name (SSID)

The Basic Settings Wizard prompts for the access point's network name (frequently referred to as SSID – Service Set Identifier). The name is of your own choice. Several access points with the same name form a common wireless LAN.

Page 54

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 3: Basic configuration

Open or closed wireless LAN?

Mobile wireless devices select the desired wireless LAN by specifying the network name. Two methods serve to facilitate the specification of network name:

 Mobile wireless devices can search ("scan") the vicinity for wireless LANs

and offer the wireless LANs they find in a list for selection.

 By using the network name 'ANY' the mobile wireless device registers with

the nearest available wireless LAN.

The wireless LAN can be "closed" in order to prevent this procedure. In this case it will not accept any devices attempting to register with the network name 'ANY'.

Selecting a radio channel

The access point operates in a specific radio channel. The radio channel is selected from a list of up to 13 channels in the 2.4 frequency band or up to 19 channels in the 5 GHz frequency band (individual radio channels are blocked in some countries. Please refer to the appendix for more details).

The channel and frequency range used determine the operation if the common wireless standard, with the 5 GHz frequency range corresponding to the IEEE 802.11a/h standard and the 2.4 GHz frequency range determining operation in the IEEE 802.11g and IEEE 802.11b standards.

If no other access points are operating within the access point's range, any radio channel can be set. Otherwise the channels in the 2.4 GHz band must be selected in such a way that they do not overlap and are as far apart as possible. In the 5 GHz band the automatic setting, where the LANCOM Access Point uses TPC and DFS to select the best channel is normally sufficient.

Please refer to the LCOS reference manual for more information on



TPC and DFS.

3.1.4 Charge protection

Charge protection prevents DSL connections being established above and beyond a predefined amount and therefore protects you from unexpectedly high connection charges.

If you operate the LANCOM Router on a DSL link that is charged on a time basis you can set the maximum connection time in minutes.

The budget can be completely deactivated by entering a value of '0'.

Page 55

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 3: Basic configuration

In the basic settings, charge protection is set to a maximum value of



600 minutes in any seven day period. Please adjust this parameter to match your own requirements, or deactivate charge protection if you have agreed a tariff for unlimited traffic with your provider.

3.2 Instructions for LANconfig

 Start LANconfig with Start  Programs  LANCOM  LANconfig.

LANconfig automatically detects new LANCOM devices in the TCP/IP network.

 If the search detects an unconfigured device, the Setup Wizard launches

to help you with its basic settings, or indeed to handle the entire process on your behalf (assuming that the appropriate networking environment exists).

If you cannot access an unconfigured LANCOM VoIP Router, the prob-



lem may be the LAN netmask: In case there are less than 254 potential hosts available (netmask >'255.255.255.0'), you must ensure that the IP address 'x.x.x.254' is available in your subnet.

If you choose automatic TCP/IP configuration, you can continue with step

.

 Give the LANCOM an address from the applicable IP address range. Con-

firm with Next.

 In the window that follows, you first set the password to the configura-

tion. Entries are case sensitive and should be at least 6 characters long.

You also define whether the device can be configured from the local network only, or if remote configuration via WAN (i.e.. from a remote network) is to be permitted.

Page 56

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 3: Basic configuration

Be aware that releasing this option also allows remote configuration



over the Internet. Whichever option you select, make sure that configuration access is password protected.

 Charge protection is a function which can place a limit on the costs from

WAN connections. Accept your entries with Next.

 Close the configuration with Finish.

See the section 'TCP/IP settings for PC workstations' for information



on the settings that are required for computers in the LAN.

3.3 Instructions for WEBconfig

Device settings can be configured from any Web browser. WEBconfig configuration software is an integral component of the LANCOM. A Web browser is all that is required to access WEBconfig. WEBconfig offers similar Setup Wizards to LANconfig and hence provides the perfect conditions for easy configuration of the LANCOM – although, unlike LANconfig, it runs under any operating system with a Web browser.

Secure with HTTPS

WEBconfig offers secure (remote) configuration by encrypting the configuration data with HTTPS.

https://<IP address or device name>

Always use the latest version of your browser to ensure maximum



security.

Accessing the device with WEBconfig

To carry out a configuration with WEBconfig, you need to know how to contact the device. Device behavior and accessibility for configuration via a Web browser depend on whether the DHCP server and DNS server are active in the LAN already, and whether these two server processes share the assignment in the LAN of IP addresses to symbolic names. WEBconfig accesses the LANCOM either via its IP address, the device name (if configured), or by means of any name if the device has not yet been configured.

Following power-on, unconfigured LANCOM devices first check whether a DHCP server is already active in the LAN. Depending on the situation, the device can either enable its own DHCP server or enable DHCP client mode. In

Page 57

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 3: Basic configuration

the second operating mode, the device can retrieve an IP address for itself from a DHCP server in the LAN.

If a LANCOM Wireless Router or LANCOM Access Point is centrally



managed from a LANCOM WLAN Controller, the DHCP mode is switched from auto-mode to client mode upon provision of the WLAN configuration.

Not for centrally managed LANCOM Wireless Routers or LANCOM Access Points

Network without a DHCP server

In a network without a DHCP server, unconfigured LANCOM devices enable their own DHCP server service when switched on and assign IP addresses, information on gateways, etc. to other computers in the LAN (provided they are set to automatic retrieval of IP addresses – auto DHCP). In this constellation, the device can be accessed by every computer with the auto DHCP function enabled with a Web browser under IP address 172.23.56.254.

With the factory settings and an activated DHCP server, the device for-



wards all incoming DNS requests to the internal Web server. This means that a connection can easily be made to set set up an unconfigured LANCOM by entering any name into a Web browser.

If the configuration computer does not retrieve its IP address from the LANCOM DHCP server, it determines the current IP address of the computer (with Start  Run  cmd and command ipconfig at the prompt under Win-

Page 58

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 3: Basic configuration

dows or with command ifconfig in the console under Linux). In this case, the LANCOM can be accessed with address x.x.x.254 (the “x”s stand for the first three blocks in the IP address of the configuration computer).

Network with DHCP server

If a DHCP server for the assignment of IP addresses is active in the LAN, an unconfigured LANCOM device disables its own DHCP server, switches to DHCP client mode and retrieves an IP address from the DHCP server in the LAN. However, this IP address is initially unknown and accessing the device depends on the name resolution:

 If the LAN also has a DNS server for name resolution and this communi-

cates the IP address/name assignment to the DHCP server, the device can be reached under name "LANCOM-<MAC address>", e.g. “LANCOM00a057xxxxxx”.

http://LANCOM-00a05700094A

The MAC address on a sticker on the base of the device.



 If there is no DNS server in the LAN, or if it is not coupled to the DHCP

server, the device cannot be reached via the name. In this case the following options remain:

 Under LANconfig use the function "Find devices", or under WEBconfig

use the "search for other devices" option from any other networked LANCOM.

 Use suitable tools to find out the IP address assigned to the LANCOM

by DHCP and access the device directly using this IP address.

When prompted for user name and password when accessing the device, enter your personal data in the appropriate fields. Observe the use of upper and lower case.

If you used the general configuration access, only enter the corresponding password. The user name field remains blank in this case.

Page 59

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 3: Basic configuration

As an alternative, the login dialog provides a link for an encrypted



connection over HTTPS. Always use the HTTPS connection for increased security whenever possible.

Setup Wizards

The setup Wizards allow quick and easy configuration of the most common device settings. Select the Wizard and enter the appropriate data on the following screens.

The settings are not stored in the device until inputs are confirmed on



the last screen of the Wizard.

Page 60

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 3: Basic configuration

3.4 TCP/IP settings for PC workstations

It is extremely important to assign the correct addresses to all of the devices in the LAN. Also, all of these computers must know the IP addresses of two central stations in the LAN:

 Standard gateway – receives all packets which are not addressed to com-

puters in the local network

 DNS server – translates network and computer names into their actual IP

addresses.

The LANCOM VoIP Router can fulfill the functions of a standard gateway and also of a DNS server. It can also operate as a DHCP server, which automatically assigns IP addresses to all of the computers in the LAN.

The correct TCP/IP configuration of a PC in the LAN depends essentially on the method used for assigning IP addresses in the LAN:

 IP address allocation by a LANCOM

In this operating mode, a LANCOM uses DHCP to allocate not only an IP address to each PC in the LAN and WLAN (for devices with a radio module), but it also communicates its own IP address as the standard gateway and DNS server. For this reason, the PCs have to be set up to automatically retrieve their own IP address and those of the standard gateway and DNS server via DHCP.

 IP address allocation by a separate DHCP server

For this reason, the workstation PCs have to be set up to automatically retrieve their own IP address and those of the standard gateway and DNS server via DHCP. The DHCP server is to be programmed such that the IP address of the LANCOM is communicated to the PCs in the LAN as the standard gateway. The DHCP server should also communicate that the LANCOM is the DNS server.

 Manual IP address assignment

If IP addresses in a network are statically assigned, then the IP address of the LANCOM is to be set as the standard gateway and DNS server in the TCP/IP configuration of each PC in the LAN.

Further information and help on the TCP/IP settings for your LANCOM



VoIP Router is available in the Reference Manual. For information on the network configuration of workstation PCs, refer to the documentation for the installed operating system.

Page 61

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 3: Basic configuration

Page 62

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 4: Setting up Internet access

4 Setting up Internet access

The LANCOM provides a central point of Internet access for all of the computers in the LAN.

INTERNET

HEADQUARTER

SERVER

LAN

GATEWAYROUTER

Which WAN interface?

Setting up the Internet access is carried out with the help of a convenient Wizard. In the first step you select the WAN interface that is to be used for establishing the Internet connection.

To establish an Internet connection via the DSL interface, an external ADSL modem first has to be connected to one of the device's ETH ports. When setting up the Internet access, you define which ETH port the ADLS modem has been connected to.

Does the Setup Wizard know your Internet provider?

The Wizard is preset with access data for the principal Internet providers in your country and offers you a selection list. If you find your Internet provider in this list, then you generally do not have to enter any additional parameters to set up your Internet access. All that is required is the authentication data as supplied to you by your Internet provider.

Internet provider unknown

If the list in the Setup Wizard does not contain your provider, you will be asked st ep- by- step for all of t he ne ces sar y da ta. Thi s ac ces s dat a wi ll h ave bee n su pplied to you by your Internet provider.

Other connection options

In addition you can use the Wizard to activate or deactivate additional options (if supported by your Internet provider):

Page 63

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 4: Setting up Internet access

 Billing by time or flatrate – select the method by which you are billed by

your Internet provider.

 In case of billing by time, you can set the LANCOM to cut connections

automatically if no data flows for a certain time (the hold time). You can also set up line polling that detects inactive remote sites very

quickly and, in such cases, can close the connection before the hold time expires.

 In case of flatrate billing you can also set up line polling to monitor

the function of the remote site. Apart from that you can opt to keep flatrate connections permanently

active ("keep-alive"). In case a connection should fail, it is re-established automatically.

Creating a backup connection to the Internet

The most common utilization of the backup solution is to provide an auxiliary Internet connection. When setting up an Internet connection, an the additional option is to create a second connection to the Internet via an alternative WAN interface. If the primary Internet access is set up to operate via the ADSL interface, you can set up your backup connection to operate via UMTS or ISDN.

When configuring the backup connection you can set up an alterna-



tive provider, if available. This allows you not only to overcome problems with the physical line, but also problems in your provider's own network as well.

Page 64

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 4: Setting up Internet access

4.1 The Internet Connection Wizard

4.1.1 Instructions for LANconfig

 Mark your device in the selection window. From the command line, select

Extras  Setup Wizard.

 In the selection menu, select the Setup Wizard, Set up Internet connec-

tion and confirm the selection with Next.

 In the following windows you select your country, your Internet provider

if possible, and you enter your access data.

 Depending on availability the Wizard provides further options for your

Internet connection.

 After entering all of the necessary data the Wizard then offers you the

option of setting up a backup connection. Select the corresponding WAN interface to be used for the backup connection and enter the relevant access data for the Internet connection.

The Wizard then sets up the alternative Internet access and at the same time creates the necessary entries into the backup table and also in the PPP table for checking the Internet connection.

Please be aware that in the case of backup via UMTS, some of the



services provided over the main Internet connection may not be available. Some UMTS service providers either prevent the use of VPN tunnels or VoIP applications or only allow them after payment of additional fees. Other providers assign IP addresses from an internal address range, so preventing applications that rely on public IP addresses from working. Please ask your UMTS provider for information on limitations that may apply.

Page 65

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 4: Setting up Internet access

 The Wizard will inform you as soon as the entries are complete. Close the

configuration with Finish.

LANconfig: Fast starting of the Setup Wizards

The fastest way of starting the Setup Wizards under LANconfig is to use the command button in the button bar.

4.1.2 Instructions for WEBconfig

 Select the entry Set up Internet connection from the main menu.

 In the following windows you select your country, your Internet provider

if possible, and you enter your access data.

 Depending on availability the Wizard provides further options for your

Internet connection.

 The wizard will inform you as soon as the entries are complete. Close the

configuration with Finish.

Page 66

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 5: Configuring the VoIP functions

5 Configuring the VoIP functions

If you wish to employ the LANCOM VoIP Router as a PBX, you should initially carry out the basic settings and then read the manual on the VoIP PBX functions. This describes the quickest way to to set up the PBX with connections to landlines (ISDN or analog).

If you wis h to ope rat e an ISD N PB X be hin d th e LA NCOM VoIP Ro ute r, a nd t hus you would like to leave the telephony interfaces in the default configuration, then please continue with the configuration described here, which uses the VoIP Call Manager wizard.

For more specialized applications, please refer to the corresponding



chapters in the LCOS reference manual.

 Mark your LANCOM Router in the selection window. From the command

line, select Extras  Setup Wizard.

 In the selection menu, select the Setup Wizard, Configure Voice over IP

Call Manager and confirm the selection with Continue.

 In the following windows, you will choose the lines and subscribers that

you want to create. Enter the required information for this.

 The wizard will inform you as soon as the entries are complete. Close the

configuration with Finish.

Page 67

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 6: Connecting two networks

6 Connecting two networks

Network connectivity, also known as LAN-LAN connectivity, with the LANCOM Router is used for interconnecting two local area networks. LANLAN connectivity can be implemented in two basic ways:

 VPN: Connecting LANs over VPN ensures that the Internet-based connec-

tion between the two LANs has high-security protection. Each LAN must

be equipped with a VPN-capable router.

 ISDN: Connectivity based on ISDN uses a direct connection between the

two LANs via an ISDN connection. Each LAN must be equipped with a router with an ISDN interface.

Setting up LAN-LAN connectivity is carried out with the familiar convenience of a Setup Wizard.

Always configure both ends

Both of the routers for LAN-LAN connectivity must be configured. Note that the configuration information at both ends must match.

The following instructions assume that LANCOM Routers are being



operated at both ends. It is possible to set up network connectivity between routers from other manufacturers. However, this mixed configuration frequently requires far-reaching modifications to both devices. In cases like this refer to the Reference Manual.

Security aspects

Of course your LAN has to be protected from unauthorized access. For this reason, a LANCOM provides a range of security mechanisms that offer an outstanding level of protection.

 VPN: VPN-based connectivity relies on IPsec for transferring data. The

encryption methods employed are 3-DES, AES or Blowfish

 ISDN: Security for ISDN-based connectivity relies on password protection,

a check of the ISDN number, and the call-back function.

The ISDN call-back function cannot be set up by Wizard, but in the



manual configuration only. Refer to the reference manual for information on this.

Page 68

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 6: Connecting two networks

6.1 Which details are necessary?

The Wizard requests you for all of the necessary details step by step. If possible, you should have all of this information to hand before you start the Wizard.

The significance of the information required by the Wizard can be explained by an example: Connectivity between a branch office and your main office. The two routers are named 'MAIN OFFICE' and 'BRANCH OFFICE'.

The following tables indicate which entries are to be made for each of the two routers. Paths show how the entries relate to one another.

6.1.1 General information

The following information is required for setting up LAN-LAN connectivity. The first column shows whether the information for network connectivity is required via VPN (simple method with pre-shared keys) and/or via ISDN.

For further information on VPN-based network connectivity by other



methods, refer to the LANCOM Reference Manual.

Connectivity

VPN Does the remote site have an ISDN connec-

VPN Type of local IP address Static/dynamic Static/dynamic

VPN Type of remote IP address Static/dynamic Static/dynamic

VPN + ISDN Name of the local device 'MAIN OFFICE' 'BRANCH OFFICE'

VPN + ISDN Name of the remote device 'BRANCH OFFICE' 'MAIN OFFICE'

VPN + ISDN ISDN-calling number of the remote device (0123) 123456 (0789) 654321

VPN + ISDN ISDN calling line ID of the remote device (0789) 654321 (0123) 123456

VPN Password for the secure transmission of the

VPN Shared Secret for encryption 'Secret' 'Secret'

VPN IP address of remote device '10.0.2.100' '10.0.1.100'

VPN + ISDN IP-network address of the remote network '10.0.2.0' '10.0.1.0'

VPN + ISDN Netmask of the remote network '255.255.255.0' '255.255.255.0'

Entry Gateway 1 Gateway 2

tion?

IP address

Yes/No Yes/No

'Secret' 'Secret'

Page 69

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 6: Connecting two networks

Connectivity

VPN + ISDN Domain descriptor in the remote network 'branch_office.com-

VPN Hide own stations when accessing remote

ISDN TCP/IP routing for accessing the remote net-

VPN + ISDN NetBIOS routing for accessing the remote

VPN + ISDN Name of a local workgroup (for NetBIOS

ISDN Data compression On/off On/off

ISDN Channel bundling On/off On/off

Entry Gateway 1 Gateway 2

pany'

network (extranet VPN)?

work?

network?

only)

Yes/No Yes/No

'workgroup1' 'workgroup2'

Notes on the different settings:

 If you own device features an ISDN connection, the Wizard will ask you

whether the remote site also has one.

 For VPN connections over the Internet, the type of IP address at each end

must be specified. There are two types of IP address. Static and dynamic. The differences between these two IP address types are explained in the Reference Manual.

The Dynamic VPN function makes it possible to establish VPN connections between gateways with dynamic IP addresses, and not only between gateways with static (fixed) IP addresses. An ISDN connection is required to actively establish VPN connections to remote sites that use dynamic IP addresses.

 If you have not yet given a name to your LANCOM, the Wizard will ask you

to enter a new name for your device. Entering a name will cause your LANCOM to be renamed. Ensure that you give different names to the two remote devices.

 The name of the remote site is required for identifying the devices.  In the field ISDN number the telephone number of the remote ISDN site

is specified. Enter the full telephone number for the remote site, including all necessary prefixes (e.g. area codes).

 The ISDN calling line ID specified is used to identify and authenticate the

caller. If a LANCOM Router is called, it compares the ISDN calling line ID entered for the remote site to the ID that is actually received over the D

'main_office.company'

Page 70

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 6: Connecting two networks

channel from the caller. An ISDN ID generally consists of the country code and an MSN.

 The password for the ISDN connection is an alternative to the ISDN

calling line ID. This is used to authenticate the caller if no ISDN calling line ID is received. The password must be entered identically at both ends. It is used for calls in both directions.

 The shared secret is the central password for the VPN connection's secu-

rity. It must be entered identically at both ends.

 Data compression improves transmission speeds without incurring extra

costs. This is the completely different to the bundling of two ISDN channels by MLPPP (MultiLink-PPP): This doubles the bandwidth, although this generally doubles the connection costs as well.

6.1.2 Settings for the TCP/IP router

In the TCP/IP network, correct addressing is of extreme importance. For network connectivity, it should be observed that both networks are logically separated. For this reason they require their own network number (e.g. '10.0.1.x' and '10.0.2.x'). The two network numbers must be different.

HEADQUARTER

'server.headquarter.company'

Headquarter LAN. IP: 10.0.1.0,

Netmask: 255.255.255.0

Domain: 'headquarter.company'

10.0.1.2

SERVER

VPN ROUTER

10.0.1.100

 (0123) 123456

VPN or ISDN connection

'pc1.branch.company'

10.0.2.10

VPN ROUTER

10.0.2.100  (0789) 654321

Branch LAN. IP: 10.0.2.0, Netmask: 255.255.255.0 Domain: 'branch.company'

BRANCH

Unlike with Internet access, network connectivity makes all of IP addresses visible in all participating networks, including those in the remote LAN, and not just that of the router. The computer with the IP address 10.0.2.10 in the branch-office LAN sees the server 10.0.1.2 at the main office and, with the appropriate rights, has access to it. The same applies in the other direction.

Page 71

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 6: Connecting two networks

DNS access to the remote LAN

Remote computers in a TCP/IP network can be accessed not only with their IP addresses, but also by freely definable names with the aid of DNS.

For example, the computer named 'pc1.branch_office.company (IP 10.0.2.10) can access the server at the main office by using its IP address or the name 'server.main_office.company'. There is just one requirement: The domain of the remote network must be entered into the Wizard.

The domain can only be specified in the LANconfig Wizard. With



WEBconfig, the necessary changes are made later in the manual configuration. Refer to the LANCOM Router reference manual for more detailed information.

VPN extranet

In the case of LAN-LAN connectivity via VPN, you can mask the individual computers behind another IP address. The operating mode referred to as 'extranet VPN' enables computers to be made visible from the remote LAN not with their own IP address, but with a freely definable address such as that of the VPN gateway.

This avoids giving stations in a remote LAN direct access to the computers in your own LAN. For example, if extranet VPN mode is set up to provide access from the branch-office LAN to the main office from the IP address '10.10.2.100', and computer '10.10.2.10' then accesses the server '10.10.1.2', the server receives a request from the IP '10.10.2.100'. The actual address of the computer is masked.

If LAN connectivity uses the extranet mode, the remote site does not receive the actual (masked) LAN addresses, but the IP address published by the LAN ('10.10.2.100' in the above example). The netmask in this case is '255.255.255.255'.

6.1.3 Settings for NetBIOS routing

NetBIOS routing is quick to set up: In addition to the specifying the TCP/IP protocol being used, the only other information required is the name of a Windows workgroup in the LAN used by the router.

Remote Windows workgroups do not appear in the Windows network



environment, but they can be contacted directly (e.g.by searching for a computer of known name).

Page 72

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 6: Connecting two networks

6.2 Instructions for LANconfig

Carry out the configuration on both routers, one after the other.

 Launch the Wizard 'Connect two local area networks'. Follow the Wizard’s

instructions and enter the necessary data.

 The Wizard will inform you when the required information is complete.

You can then close the Wizard with Finish.

 Once you have completed the set-up of both routers, you can start testing

the network connection. Try to communicate with a computer in the remote LAN (e.g. with connect to the remote site and make contact to the requested computer.

Ping – the quick test of a TCP/IP connection

To test a TCP/IP connection, simply send a

ping

from your computer to a computer in the remote network. Details on the ping command are available from the documentation for your operating system.

IPX connections can be tested by searching for a remote Novell server. NetBIOS connections can be tested by searching a computer in the remote Windows workgroup.

ping

). The LANCOM Router should automatically

Page 73

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 6: Connecting two networks

6.3 1-Click-VPN for networks (site- to- site)

The site-to-site-to-site connectivity of networks is now very simple with the help of the 1-Click-VPN wizard. It is even possible to simultaneously couple multiple routers to a central network.

 In LANconfig, mark the routers at branch offices which are to be coupled

to a central router via VPN.

 Use drag&drop by mouse to place the devices onto the entry for the cen-

tral router.

 The 1-Click-VPN Site-to-Site Wizard will be started. Enter a name for this

access and select the address under which the router is accessible from the Internet.

Page 74

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 6: Connecting two networks

 Select whether connection establishment is to take place via the name or

IP address of the central router, or via an ISDN connection. Enter the address or name of the central router, or its ISDN number.

 The final step is to define how the networks are to intercommunicate:

 The INTRANET at headquarters only is to be provided to the branch

offices.

 All private networks at the branch offices can also be connected to

one another via headquarters.

All entries for the central device are made just once and are then



stored to the device properties.

6.4 Instructions for WEBconfig

In WEBconfig, VPN-based network connectivity cannot be set up in



the Wizard. The manual configuration has to be used instead. Refer to the reference manual for information on this.

Carry out the configuration on both routers, one after the other.

 In the main menu, launch the Wizard 'Connect two local area networks'.

Follow the Wizard’s instructions and enter the necessary data.

 The Wizard will inform you when the required information is complete.

You can then close the Wizard with Next.

 Once you have completed the set-up of both routers, you can start testing

the network connection. Try to communicate with a computer in the remote LAN (e.g. with connect to the remote site and make contact to the requested computer.

ping

). The LANCOM Router should automatically

Page 75

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 7: Providing dial- in access

7 Providing dial-in access

Your LANCOM can be set up with dial-in access accounts enabling individual computers to dial-in to your LAN and fully participate in the network for the duration of the connection. This service is called RAS (Remote Access Service). RAS access can be implemented in two basic ways:

 VPN: RAS access via VPN provides a highly secure Internet-based connec-

tion between the LAN and the dial-in computer. The router in the LAN must support VPN; the dial-in computer needs any form of Internet access and a VPN client.

 ISDN: RAS access via ISDN provides a direct connection between the LAN

and the dial-in computer over an ISDN phone line. The router in the LAN needs an ISDN interface. The dial-in computer needs an ISDN adapter or an ISDN modem. The protocol of data transfer is PPP. This ensures that all normal devices and operating systems are supported.

Setting up dial-in access is carried out with the familiar convenience of a Setup Wizard.

Security aspects

Of course your LAN has to be protected from unauthorized access.

For this reason, a LANCOM provides a range of security mechanisms that offer an outstanding level of protection.

 VPN: VPN-based connectivity relies on IPsec for transferring data. The

encryption methods employed are 3-DES, AES or Blowfish

 ISDN: Security for ISDN-based connectivity relies on password protection,

a check of the ISDN number, and the call-back function.

The ISDN call-back function cannot be set up by Wizard, but in the



manual configuration only. Refer to the reference manual for information on this.

7.1 Which details are necessary?

The Wizard sets up an access account for just one user. For additional users, launch the Wizard again.

Page 76

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 7: Providing dial- in access

7.1.1 General information

The following information is required for setting up RAS access. The first column shows whether the information for RAS access is required via VPN (simple method with pre-shared keys) and/or via ISDN.

For further information on RAS access by other methods, refer to the



LANCOM Reference Manual.

Connectivity

VPN + ISDN User name

VPN + ISDN Password

VPN Shared Secret for encryption

VPN Hide own stations when accessing remote network (extranet VPN)?

ISDN Incoming caller ID number of the dial-in computer

ISDN TCP/IP routing for accessing the remote network?

VPN + ISDN IP address(es) for one or more dial-in computer(s): Fixed or dynamic from the

VPN + ISDN NetBIOS routing for accessing the remote network?

VPN + ISDN Name of a local workgroup (for NetBIOS only)

Entry

IP address pool

Notes on the different settings:

 User name and password: This access data serves to identify the user

when dialing in.

 Incoming number: The optional ISDN calling line ID is used by the

LANCOM Router for additional user authentication. This security function should not be employed if the user will be dialing-in from various ISDN connections.

Page 77

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 7: Providing dial- in access

You will find information on the other parameters required for RAS



access in the chapter 'Connecting two networks'.

The ISDN calling line ID (CLI)

The ISDN Calling Line Identity (CLI)is the phone number of the calling party as transmitted to the called party. This is a number generally made up of the national dial code and an MSN.

The CLI is ideal for authentication for two reasons: It is difficult to manipulate. It is transmitted

free of charge via the ISDN D-channel.

7.1.2 Settings for TCP/IP

TCP/IP requires that every active RAS is assigned an IP address.

HEADQUARTER

SERVER

VPN ROUTER

ROUTER

This IP address can be manually set to a fixed value when the user is created. A simpler option is to allow the LANCOM Router to assign the user with a free IP address when dialing in. In this case, all you have to do is to set the range of IP addresses which are to be available for assignment to the RAS users by the LANCOM Router.

For both manual and automatic IP address assignment, ensure that the addresses are freely available in your local network. In our example, the PC is assigned with the IP address '10.0.1.101' when it dials in.

This IP address allows the PC to fully participate in the LAN: With the appropriate rights, it can access any other device in the LAN. This relationship also applies in the other direction: The remote PC can be access from the LAN.

Page 78

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 7: Providing dial- in access

7.1.3 Settings for NetBIOS routing

When working with NetBIOS, the only information required is the name of a Windows workgroup in the LAN used by the router.

The connection is not established automatically. The RAS user first has



to manually establish a connection to the LANCOM Router with the help of Dial-Up Networking. Once the connection has been established, the computer can access and search the other network (click on Search  Computer, do not use the Network Neighborhood).

7.2 Settings on the dial-in computer

7.2.1 Dialing-in via VPN

For dialing-in to a network via VPN, a computer needs:

 Internet access  A VPN client

LANCOM Systems offers you a 30-day test version of the LANCOM Advanced VPN Client on the data medium (CD/DVD) supplied. A precise description of the VPN client and notes on its setup are also to be found on the data medium.

The Wizard then requests the parameters that were specified when setting up the RAS access in the LANCOM Router.

7.2.2 Dialing-in via ISDN

A number of settings are required by the dial-in computer. This example is based on a Windows computer.

 Dial-Up Networking (or any other PPP client) installed correctly.  Network protocol (TCP/IP, IPX) installed and associated with the dial-up

adapter

 New connection in Dial-Up Networking with the phone number of the

router

 Terminal adapter or ISDN card set up for PPPHDLC  PPP selected and the dial-up server type, 'Activate compression in soft-

ware' and 'Request encrypted password' switched off.

 Select the required network protocols (TCP/IP)  Additional TCP/IP settings

Page 79

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 7: Providing dial- in access

 Assignment of IP address and name server address activated  'IP header compression' deactivated

With these settings, a PC can dial-in to the remote LAN and access the network resource in the usual manner.

7.3 Instructions for LANconfig

 Launch the 'Provide Remote Access (RAS, VPN, IPsec over WLAN)' Wizard.

Follow the Wizard’s instructions and enter the necessary data.

 The Wizard will inform you when the required information is complete.

You can then close the Wizard with Finish.

 Configure the access account on the dial-in PC as described. Subsequently

test the connection (see box 'Ping – the quick test of a TCP/IP connection').

7.4 1-Click-VPN for LANCOM Advanced VPN Client

VPN accesses for employees who dial into the network with the LANCOM Advanced VPN Client are very easy to set up with the Setup Wizard and exported to a file. This file can then be imported as a profile by the LANCOM Advanced VPN Client. All of the information about the LANCOM VPN Router's configuration is also included, and then supplemented with randomly generated values (e.g. for the preshared key).

 Use LANconfig to start the 'Set up a RAS Account' wizard and select the

'VPN connection'.

Page 80

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 7: Providing dial- in access

 Activate the options 'LANCOM Advanced VPN Client' and 'Speed up con-

figuration with 1-Click-VPN'.

 Enter a name for this access and select the address under which the router

is accessible from the Internet.

 In the final step you can select how the access data is to be entered:

 Save profile as an import file for the LANCOM Advanced VPN Client  Send profile via e-mail  Print out profile

Sending a profile via e-mail could be a security risk should the e- mail



be intercepted en route!

To send the profile via e-mail, the device configuration must be set up with an SMTP account with the necessary access data. Further, the configuration computer requires an e-mail program that is set up as the standard e-mail application and that can be used by other applications to send e-mails.

When setting up the VPN access, certain settings are made to optimize operations with the LANCOM Advanced VPN Client, including:

 Gateway: If defined in the LANCOM VPN Router, a DynDNS name is used

here, or alternatively the IP address

 FQDN: Combination of the name of the connection, a sequential number

and the internal domain in the LANCOM VPN Router.

 Domain: If defined in the LANCOM VPN Router, the internal domain is

used here, or alternatively a a DynDNS name or IP address

 VPN IP networks: All IP networks defined in the device as type 'Intranet'.  Preshared key: Randomly generated key 16 ASCII characters long.  Connection medium: The LAN is used to establish connections.  VoIP prioritization: VoIP prioritization is activated as standard.  Exchange mode: The exchange mode to be used is 'Aggressive Mode'.  IKE config mode: The IKE config mode is activated, the IP address infor-

mation for the LANCOM Advanced VPN Client is automatically assigned by the LANCOM VPN Router.

Page 81

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 7: Providing dial- in access

7.5 Instructions for WEBconfig

 In the main menu, launch the Wizard 'Provide remote access (RAS)'. Fol-

low the Wizard’s instructions and enter the necessary data.

 Configure the access account on the dial-in PC as described. Subsequently

test the connection (see box 'Ping – the quick test of a TCP/IP connection').

Page 82

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

8 Advanced wireless LAN configuration

The configuration of the LANCOM Access Points for your wireless LAN is conducted with the aid of highly convenient installation wizards.

The settings include the general, far-reaching parameters and also the individual settings for one or more logical wireless LAN networks (WLAN radio cells or SSIDs).

8.1 WLAN configuration with the wizards in LANconfig

Highly convenient installation wizards are available to help you with the configuration of LANCOM Access Points for your wireless LAN.

The settings include the general shared parameters and also the individual settings for one or more logical wireless LAN networks (WLAN radio cells or SSIDs).

 Mark your LANCOM Access Point in the selection window in LANconfig.

From the command line, select Extras  Setup Wizard.

 In the selection menu, select the Setup Wizard, Configure WLAN inter-

face and confirm the selection with Continue.

 Make the settings as requested by the wizard and as described as follows.

Country settings

Regulations for the operation of WLAN cards differ from country to country. The use of some radio channels is prohibited in certain countries. To operate the LANCOM Access Points while observing the regulations in various countries, all physical WLAN interfaces can be set up for the country where they are operated.

Page 83

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

WLAN module operation

The WLAN modules can be operated in various operating modes:

 As a base station (Access Point mode), the device makes the link between

WLAN clients and the cabled LAN. Parallel to this, point-to-point connections are possible as well.

 In Managed Mode the Access Points also accept WLAN clients into the

network, although the clients then join a WLAN infrastructure that is con-

figured by a central WLAN-Controller. In this operating mode, no further WLAN configuration is necessary as all WLAN parameters are provided by the WLAN-Controller.

 In client mode, the device itself locates the connection to another Access

Point and attempts to register with a wireless network. In this case the device serves, for example, to link a cabled network device to an Access Point over a wireless connection. In this operating mode, parallel point-to-point connections are not possible.

For further information please refer to section → Client Mode.

Physical WLAN settings

Along with the radio channels, the physical WLAN settings can also be used to activate options such as the bundeling of WLAN packets (TX Burst), hardware compression, or the use of QoS compliant with 802.11e. You also control the settings for the diversity behavior here.

Logical WLAN networks

Each WLAN module can support up to eight logical WLAN networks for mobile WLAN clients to register with. The following parameters have to be set when configuring a logical WLAN network:

 The network name (SSID)  Open or closed radio LAN  Encryption settings  MAC filter  Client-bridge operation  Filter settings

Page 84

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

Point-to- point settings

The configuration of P2P connections involves setting not only the operating mode but also the station name that the Access Point can connect to. Also, the role as "Master" or "Slave" is set here.

Along with the settings for the Access Point itself, also to be defined is the remote site that the Access Point can contact via the P2P connection.

For further information please refer to section → Point-to- point connections.

8.2 Point-to- point connections

LANCOM Access Points can serve not only as central stations in a wireless network, they can also operate in point-to-point mode to bridge longer distances. For example, they can provide a secure connection between two networks that are several kilometers apart — without direct cabling or expensive leased lines.

BUILDING

WLAN Router ANTENNA

ANTENNA

ACCESS POINT

BUILDING

ACCESS POINTANTENNA

This chapter introduces the basic principles involved in designing point-to-point links and provides tips on aligning the antennas.

8.2.1 Geometric dimensioning of outdoor wireless network links

The following basic questions must be answered when designing wireless links:

 Which antennas are necessary for the desired application?

Page 85

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

 How do the antennas have to be positioned to ensure problem-free con-

nections?

 What performance characteristics do the antennas need to ensure suffi-

cient data throughput within the legal limits?

Selection of antennas using the LANCOM Antenna Calculator

You can use the LANCOM Antenna Calculator to calculate the output power

of the access points as well as for a first estimation of the achievable distances and data rates. The program can be downloaded from our Web site at

www.lancom.eu

After selecting your components (access points, antennas, lightning protection and cable) the calculator works out the data rates, ranges, and the antenna gain settings that have to be entered into the access point.



Please note that when using 5 GHz antennas additional technologies such as dynamic frequency selection (DFS) may be stipulated depending on the country of use. The operator of the wireless LAN system is responsible for ensuring that local regulations are met.

Page 86

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

Positioning the antennas

Antennas do not broadcast their signals linearly, but within an angle that depends on the model in question. The spherical expansion of the signal waves produces amplification or interference of the effective power output at certain distances along the connection between the transmitter and receiver.

Page 87

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

The areas where the waves amplify or cancel themselves out are known as Fresnel zones.

Protecting the components employed from the consequences of



lightning strikes and other electrostatic influences is one of the most important aspects to be considered when designing and installing wireless LAN systems for outdoor use. Please refer to the

appropriate notes on →'Lightning and surge protection' as other- wise LANCOM Systems cannot provide any guarantee for damage to LANCOM and AirLancer components.

Information on the installation of WLAN systems for outdoor deployment is available in the 'LANCOM Outdoor Wireless Guide'.

Fresnel zone 3

Fresnel zone 2

Fresnel zone 1

ADMINISTRATION

Distance d

ANTENNA

WLAN Router

Radius R

ACCESS POINT

ANTENNA

PRODUCTIONOBSTRUCTION

The Fresnel zone 1 must remain free from obstruction in order to ensure that the maximum level of output from the transmitting antenna reaches the receiving antenna. Any obstructing element protruding into this zone will significantly impair the effective signal power. The object not only screens off a portion of the Fresnel zone, but the resulting reflections also lead to a significant reduction in signal reception.

The radius (R) of Fresnel zone 1 is calculated with the following formula assuming that the signal wavelength (

λ) and the distance between transmit-

ter and receiver (d) are known.

R = 0.5 *

√ (λ * d)

The wavelength in the 2.4 GHz band is approx. 0.125 m, in the 5 GHz band approx. 0.05 m.

Example: With a separating distance of 4 km between the two antennae, the radius of Fresnel zone 1 in the 2.4-GHz band is 11 m, in the 5-GHz band 7 m.

Page 88

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

To ensure that the Fresnel zone 1 remains unobstructed, the height of the antennas must exceed that of the highest obstruction by this radius. The full height of the antenna mast (M) should be as depicted:

Fresnel zone 1

Radius R

Security: 1m

Earth's curvature E

OBSTRUCTION

ANTENNA

WLAN Router

PRODUCTION

ADMINISTRATION

ANTENNA

Obstruction height H

WLAN Router

M = R + 1m + H + E (earth's curvature)

The allowance for the curvature of the earth (E) can be calculated at a distance (d) as E = d² * 0.0147 – i.e. at a distance of 8 km this is almost 1m

Example: With a distance of 8 km between the antennae, the result in the

2.4-GHz band is a mast height above the level of the highest obstruction of approx. 13 m, in the 5-GHz band 9 m.

Antenna power

The power of the antennas must be high enough to ensure acceptable data transfer rates. On the other hand, the country-specific legal regulations regarding maximum transmission power should not be exceeded.

The calculation of effective power considers everything from the radio module in the transmitting access point to the radio module in the receiving access point. In between there are attenuating elements such as the cable, plug connections or simply the air transmitting the signals and amplifying elements such as the external antennas.

Page 89

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

Amplification with

Free-space loss

antenna gain

ANTENNA

Loss through cable, plugs and lightning

Input signal at the

ADMINISTRATION

Loss through cable, plugs and lightning protection

SA-5L SA-5L

Output power of the radio module

WLAN Router

8.2.2 Antenna alignment for P2P operations

The precise alignment of the antennas is of considerable importance in establishing P2P connections. The more central the receiving antenna is located in the "ideal line" of the transmitting antenna, the better are the actual performance and the effective bandwidth . If the receiving antenna is outside of this ideal area, however, significant losses in performance will be the result

.

protection

radio module

Amplification with

antenna gain

ANTENNA

ACCESS POINT

PRODUCTION



MANAGEMENT

ANTENNA

WLAN Router

ANTENNA



ANTENNA

ACCESS POINT

PRODUCTION

You can find further information on the geometrical design of wireless



paths and the alignment of antennas with the help of LANCOM software in the LCOSreference manual.

The current signal quality over a P2P connection can be displayed on the device's LEDs or in the LANmonitor in order to help find the best possible alignment for the antennas.

Page 90

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

The display of signal quality on the LEDs must be activated for the wireless LAN interface (LANconfig: Wireless LAN  General  Physical WLAN settings  Operation). The faster the LED blinks the better the connection (a blinking frequency of 1 Hz represents a signal quality of 10 dB, double the frequency indicates that the signal strength is twice as high).

In LANmonitor the connection quality display is opened with the context menu. Right-clicking with the mouse on 'Point-to-point' activates the option 'Adjusting Point-to-Point WLAN Antennas...'

The 'Point-to- point' entry is only visible in the LANmonitor if the mon-



itored device has at least one base station defined as a remote site for a P2P connection (LANconfig: Wireless LAN  General  Physical WLAN settings  Point-to- Point).

In the dialog for setting up point-to-point connections, LANmonitor prompts for the information required to establish the P2P connection:

 Is the P2P connection configured at both ends (remote base station

defined with MAC address or station name)?

 Is the point-to-point mode of operation activated?  Which access point is to be monitored? All of the base stations defined as

P2P remote sites in the device concerned can be selected here.

Page 91

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

 Are both antennas approximately aligned? The basic P2P connection has

to be working before fine-tuning can be performed with the aid of LANmonitor.

Once signal monitoring has commenced, the P2P dialog displays the absolute values for the current signal strength and the maximum value since starting the measurement. The development of the signal strength over time and the maximum value are displayed in a diagram, too.

Initially only one of the two antennas should be adjusted until a maximum value is achieved. This first antenna is then fixed and the second antenna is then adjusted to attain the best signal quality.

8.2.3 Measuring wireless bridges

After planning and installation, the wireless bridge can be analyzed to determine the actual data throughput. Further information about the available tools and taking measurements can be found in the LANCOM Techpaper "The performance of outdoor P2P connections", available as a download from

www.lancom.eu

8.2.4 Activating the point-to- point operation mode

The behavior of an access point when exchanging data with other access points is defined in the "Point-to-point operation mode".

 Off: The access point only communicates with mobile clients  To: The access point can communicate with other access points and with

mobile clients

 Exclusive: The access point only communicates with other base stations

Page 92

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

In the 5 -GHz band, the automatic search for vacant WLAN channels can lead to several simultaneous test transmissions from multiple access points, with the result that they do not find each other. This stalemate situation can be avoided with the appropriate "Channel selection scheme":

 Master: This access point takes over the leadership when selecting a free

WLAN channel.

 Slave: All other access points will search for a channel until they have

found a transmitting Master.

8.2.5 Configuration of P2P connections

Configuration with LANconfig

ANTENNA

MASTER ANTENNA

ANTENNA

Thus it is recommended for the 5 GHz band that one central access point should be configured as 'Master' and all other point-to-point partners should be configured as 'Slave'. In the 2.4 GHz band, too, this setting simplifies the establishment of point-to-point connections if the automatic channel search is activated.

It is imperative that the channel selection scheme is configured cor-



rectly if the point-to- point connections are to be encrypted with

802.11i/WPA (a master as authentication server and a slave as client).

In the configuration of point-to- point connections, entries have to be made for the point-to-point operation mode and the channel selection scheme, along with the MAC addresses or station names of the remote sites.

For configuration with LANconfig you will find the settings for P2P connections under the configuration area 'Interfaces' on the 'Wireless LAN' tab.

SLAVE

The configuration of the P2P connections can also be carried out with



the WLAN Wizards in LANconfig.

Page 93

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

 Click on the button Physical WLAN settings to open the corresponding

WLAN interface and select the tab for 'Point-to- Point'.

 Activate the suitable point-to-point operation mode here and set the

channel selection scheme to either 'Master' or 'Slave'. If the peers of the P2P connections are to be identified via their station names, then enter a unique name for this WLAN station.

For models with multiple WLAN modules, the station name can be



entered separately for each physical WLAN interface.

 Close the physical WLAN settings and open the list of Point- to- point

partners. For each of the maximum of six P2P connections, enter either

the MAC address of the WLAN card at the remote station or enter the WLAN station's name (depending on the chosen method of identification).

Page 94

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

Please observe that only the MAC addresses of the WLAN cards at the



other end of the connections are to be entered here! Not the access point's own MAC address, and not the MAC addresses from any other interfaces that may be present in the access points.

You will find the WLAN MAC address on a sticker located under each of the antenna connectors. Only use the string that is marked as the "WLAN MAC" or "MAC-ID". The other addresses that may be found are not the WLAN MAC address but the LAN MAC address.

Connecting point-to- point remote stations by station name

When configuring point-to- point connections, an alternative to the MAC addresses is to use the station names of the remote stations.

First of all the station name is entered into the point-to-point settings in the Wireless Routers or Access Points.

 LANconfig: Wireless LAN  General  Physical WLAN settings 

Point to point

 WEBconfig: Setup  Interfaces  WLAN interpoint settings

For models with multiple WLAN modules, the station name can be



entered separately for each physical WLAN interface.

In the point-to-point configuration, select the identification by station name and enter the name of the corresponding station.

Page 95

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

 LANconfig: Wireless LAN  General  Point to point partners  WEBconfig: Setup  Interfaces  WLAN interpoint peers

8.2.6 Security for point-to- point connections

IEEE 802.11i can be used to attain a significant increase in the security of WLAN point-to-point connections. All of the advantages of 802.11i such as the simple configuration and the powerful encryption with AES are thus available for P2P mode, as are the improved security of the passphrase from the LANCOM Enhance Passphrase Security (LEPS).

Encryption with 802.11i/WPA

To activate the 802.11i encryption for a correctly configured P2P connection, adjust the settings for the first logical WLAN network in the appropriate WLAN interface (i.e. WLAN-1 if you are using the first WLAN module for the P2P connection, WLAN-2 if you are using the second module, e.g. as with an access point with two WLAN modules).

 Activate the 802.11i encryption.  Select the method '802.11i (WPA)-PSK'.  Enter the passphrase to be used.

The passphrases should consist of a random string at least 22 charac-



ters long, corresponding to a cryptographic strength of 128 bits.

When set as P2P Master, the passphrase entered here will be used to check the Slave's authorization to access. When set as P2P Slave, the access point transfers this information to register with the remote site.

Page 96

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

For configuration with LANconfig you will find the encryption settings under the configuration area 'Wireless LAN' on the '802.11i/WEP' tab.

LEPS for P2P connections

A further gain in security can be attained by additionally using LANCOM Enhanced Passphrase Security (LEPS) which involves the matching of MAC address and passphrase.

LEPS can be used to secure single point-to- point (P2P) connections with an individual passphrase. Even if an access point in a P2P installation is stolen and the passphrase and MAC address become known, all other WLAN connections secured by LEPS remain secure.

When using LANconfig for the configuration, you enter the passphrases of the stations approved for the WLAN in the configuration area 'Wireless LAN' on the 'Stations' tab under the button Stations.

Page 97

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

8.3 Client mode

To connect individual devices with an Ethernet interface into a wireless LAN, LANCOM devices with a WLAN module can be switched to "client mode", whereupon they act as conventional wireless LAN adapters and not as access points (AP). The use of client mode therefore allows devices fitted with only an Ethernet interface, such as PCs and printers, to be integrated into a wire-

less LAN.

SERVER

LAN

ACCESS POINT

WLAN device in AP mode

WLAN device in client mode

PRINTER

ACCESS POINT

WLAN device in client mode

Multiple WLAN clients can register with a WLAN device in AP mode,



which is not the case for a WLAN device in client mode.

8.3.1 Client settings

For LANCOM Access Points and LANCOM Wireless Routers in client mode, further settings/client behavior can be configured from the 'Client mode' tab under the settings for the physical interfaces.

The configuration of the client settings can also be carried out with



the WLAN Wizards in LANconfig.

LAPTOP/W-LAN

Page 98

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

 To edit the settings for client mode in LANconfig, go to the 'Client mode'

tab under the physical WLAN settings for the desired WLAN interface.

 In 'Scan bands', define whether the client station scans just the 2.4 GHz,

just the 5 GHz, or all of the available bands to locate an access point.

8.3.2 Set the SSID of the available networks

In the WLAN clients, the SSIDs of the networks to which the client stations are to connect must be entered.

 To enter the SSIDs, change to the 'General' tab under LANconfig in the

'Wireless LAN' configuration area. In the 'Interfaces' section, select the

first WLAN interface from the list of logical WLAN settings.

 Enable the WLAN network and enter the SSID of the network the client

station should log onto.

8.3.3 Encryption settings

For access to a WLAN, the appropriate encryption methods and key must be set in the client station.

Page 99

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

 To enter the key, change to the '802.11i/WEP' tab under LANconfig in the

'Wireless LAN' configuration area. From 'WPA / private WEP settings', select the first WLAN interface from the list of logical WLAN settings.

 Enable encryption and match the encryption method to the settings for

the access point.

 In WLAN client operating mode, the LANCOM Access Points and LANCOM

Wireless Routers can authenticate themselves to another access point using EAP/802.1X. For this, select the desired client EAP method here. Note that the selected client EAP method must match the settings of the access point that the device is attempting to log onto.

Depending on the EAP method, the appropriate certificates must be



stored in the device.

 For TTLS and PEAP - the EAP/TLS root certificate only; the key is

entered as a combination username:password.

 For TLS in addition; the EAP/TLS device certificate including the private

key.

8.3.4 Roaming

Roaming is defined as the transfer of a WLAN client to another access point once the connection to the access point used so far can no longer be kept alive. To allow roaming, at least one additional access point must be within range of the client, it must provide a network with an identical SSID and matching radio and encryption settings.

Page 100

LANCOM 1722 VoIP – LANCOM 1723 VoIP – LANCOM 1724 VoIP – LANCOM 1823 VoIP

 Chapter 8: Advanced wireless LAN configuration

Under normal circumstances the WLAN client would only log onto another access point if the connection to the access point used up to that point was lost completely (hard roaming). Soft roaming on the other hand enables the client to use scan information to roam to the strongest access point. With the background scanning function, the LANCOM Wireless Router in client mode can gather information on other available access points prior to the connection being lost. In this case the client is not switched to another access point once the existing connection has been lost completely, but rather when another access point within its range has a stronger signal.

 To enable soft roaming in WEBconfig or telnet, change to Setup > Inter-

faces > WLAN > Roaming and select the physical WLAN interface.

 Enable soft roaming and, if required, set the other parameters (such as

threshold levels and signal level).

 To configure background scanning in LANconfig, go to the 'Radio' tab

under the physical WLAN settings for the desired WLAN interface.

 Enter the background scan interval as the time in which the LANCOM

Wireless Router cyclically searches the currently unused frequencies of the