PLANET BM-2101 User Manual

Bandwidth Management Gateway
BM-2101
User’s Manual
Copyright (C) 2007 PLANET Technology Corp. All rights reserved. The products and programs described in this User’s Manual are licensed products of PLANET Technology, This User’s Manual contains proprietary information protected by copyright, and this User’s Manual and all accompanying hardware, software, and documentation are copyrighted. No part of this User’s Manual may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form by any means by electronic or mechanical. Including photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal use, and without the prior express written permission of PLANET Technology.
Disclaimer
PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose. PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred. Information in this User’s Manual is subject to change without notice and does not represent a commitment on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User’s Manual. PLANET makes no commitment to update or keep current the information in this User’s Manual, and reserves the right to make improvements to this User’s Manual and/or to the products described in this User’s Manual, at any time without notice. If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments and suggestions.
CE mark Warning
This is a class A device, in a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.
Trademarks
The PLANET logo is a trademark of PLANET Technology. This documentation may refer to numerous hardware and software products by their trade names. In most, if not all cases, these designations are claimed as trademarks or registered trademarks by their respective companies.
To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment, end users of electrical and electronic equipment should understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE
separately.
Customer Service
For information on customer service and support for the Internet Monitor, please refer to the following Website URL:
http://
www.planet.com.tw
Before contacting customer service, please take a moment to gather the following information:
Internet Monitor serial number and MAC address Any error messages that displayed when the problem occurred Any software running when the problem occurred Steps you took to resolve the problem on your own
Revision
User’s Manual for PLANET Bandwidth Management Gateway Model: BM-2101 Rev: 1.0 (March, 2007) PartNo.EM-BM2101v1
Table of Contents
Chapter 1 Introduction ....................................................................................... 6
1.1 Package Contents............................................................................... 6
1.2 Front View ........................................................................................ 6
1.3 Specification ..................................................................................... 7
System
Interface
Policy Object
Chapter 2 Administration…………………...................................................... 9
2.1
2.2
2.3
2.4
Chapter 3 Configure……………………………………................................... 16
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
Admin……………………………………………............................. 11
Permitted IPs……………………... …………………………........... 13
System Log Out………….................................................................. 14
Software Update…………………...................................................... 15
Setting …………………………………………………................... 21
Date/Time …………………………………………………............ 27
Multiple Subnet ………………………………...………….............. 28
Route Table ………………………………………………............. 32
DHCP ……………………………………………………………… 36 DDNS ……………………………………………...………………. 38
Host Table ………………………………………………............... 40
SNMP ……………………………………………..……….............. 41
Language ……………………………………………..……………. 43
Chapter 4 Interface …………………………………………………............... 44
4.1
4.2
4.3
Chapter 5 Address………………………………….…………………………. 60
5.1
LAN……………………………........................................................ 49
WAN…………………………........................................................... 50
DMZ………………………............................................................... 58
Example………………….….. …………………………………….. 63
Chapter 6 Service……………………………….……………………………... 70
6.1
6.2
Chapter 7 Schedule………………………………….………………………… 80
Chapter 8 QoS…………………………………………….…………………… 83
8.1
Chapter 9 Authentication………………….………………………………….. 88
9.1
9.2
9.3
9.4
Chapter 10 Content Blocking.............................................................................. 147
10.1
10.2
10.3
10.4
Chapter 11 IM / P2P Blocking…………………………………………………. 159
11.1
Chapter 12 Virtual Server………….................................................................... 167
12.2
Policy
Chapter 13 Policy……………………………………... ……………………….. 185
13.1
Anomaly Flow IP
Chapter 14 Anomaly Flow IP…………………………………………….......... 212
14.1
Monitor
Chapter 15 Monitor……………………………….............................................. 224
15.1
15.2
15.3
Custom……………………... ……………………………………… 73 Group………………………... …………………………………….. 77
Example………………….…………………………………………. 86
User / User Group…………………………………………………... 94 RADIUS …………………………………... ……………………... 98
POP3 …………………………………............................................. 119
LDAP …………………………………............................................ 122
URL …………………………........................................................... 150
Script ……………………………….………………………………. 153
Download……................................................................................... 155
Upload………………......................................................................... 157
Example…………………………………………………………….. 162
Example ……..................................................................................... 171
Example…………………….............................................................. 191
Example………………….................................................................. 217
Traffic……….……………………………………………………… 226 Event…………….………………………………………………….. 231 Connection.…………………………………………………………. 232
15.4
Chapter 16 Accounting Report…........................................................................ 237
16.1
16.2
Chapter 17 Statistics………………………......................................................... 253
17.1
17.2
Chapter 18 Diagnostic……………………………………………............. …… 259
18.1
18.2
Chapter 19 Wake On Lan………………………………………... …………… 265
19.1
Chapter 20 Status………………………………….............................................. 267
20.1
20.1
20.3
20.4
20.5
20.6
Backup………….………….. ……………………………………… 235
Outbound…….……………………………………………………... 241 Inbound………….…………………………………………………. 247
WAN……………….………………………………………………. 255 Policy……….………………………………………………………. 257
Ping ……………………….………………………………………. 260 Traceroute ……………………….…………………………. …….. 263
Example…………………….………………………………………. 266
Interface….…………………………………………………………. 270 System Info…………………………………………………………. 272 Authentication………………………………………………………. 274
ARP Table………….……………………………............................. 275
Sessions Info……………………………………………………....... 276
DHCP Client……….…………………….…………………………. 277
Chapter 1
Introduction
The BM-2101 is specifically designed for SMB networks. It has built-in four 10/100Mbps Ethernet ports include two WAN and one LAN and DMZ ports. No broadband router is required for users with only one public IP address. It also supports virtual server, Multi-DMZ, and dynamic DNS functions that are very useful for our customers to share local resources with Internet users.
For bandwidth management, packets can be classified based on IP address, IP subnet, and TCP/UDP port number. The device has more than 40 of the most common protocols such as H.323, Oracle, HTTP, FTP, and so on for easy definition. The administrator can then define policies to ensure committed and maximum bandwidth levels for inbound and outbound traffic in each class. The administrator can also define three priority levels for each policy to ensure high priority packets receive the maximum available bandwidth. In addition, each policy can have a schedule defined for when the policy is activated or inactivated in increments of 30 minutes.
Both the NAT and DMZ mode are supported, and therefore can maintain the existing network infrastructure without reconfiguring. The BM-2101 provides policy-based firewall protection and several hacker protections to prevent hackers’ attack. Besides, the comprehensive alarm and log function allow the network manager to easily enhance the security of local network.
1.1 Package Contents
BM-2101 x 1 Power Cord x 1 Quick Installation Guide x 1 User’s Manual CD x 1 Console cable x 1 Cat5 cross cable x 1 Cat5 cable x 1 Rack-mount ear x 2
Mat x 4
1.2 Front View
LED definition
LED Description PWR Power is supplied to this device. WAN1, WAN2, LAN, DMZ
Green Steady on indicates the port is
connected to other network device. Blink to indicates there is traffic on the port
Orange Steady on indicates the port is
connected at 100Mbps speed
1.3 SPECIFICATION
Product Bandwidth Management Gateway Model BM-2101 Hardware
WAN 2 x 10/100Base-TX Connections LAN
DMZ Console 1 x RS-232 (DB-9) H/W Watch-Dog Auto reboot when detecting system fail Software Maximum Controlled Bandwidth Maximum Controlled concurrent session Management Web (English, Traditional Chinese, Simplified
Operation Mode DMZ_NAT, DMZ_Transparent, NAT WAN connection type in NAT mode Traffic Classification IP, IP subnet, and TCP/UDP port Bandwidth Allocation Policy rules with Inbound/Outbound traffic
1 x 10/100Base-TX, Auto-MDI/MDI-X 1 x 10/100Base-TX, Auto-MDI/MDI-X
100Mbps 241,000
Chinese) PPPoE, DHCP, and Fixed IP
management Guaranteed and maximum bandwidth Scheduled in unit of 30 minutes
3 Priorities
Quota per Session and Quota per Day
Log Traffic Log, Event Log, Connection Log, Log backup
by mail or syslog server
Statistics WAN port statistics and policy statistics with graph
display
Firewall Security Policy-based access control
Stateful Packet Inspection (SPI)
Scheduled in unit of 30 minutes Hacker Alert and Anomaly Flow Detection
Detect SYN Attack, Detect ICMP Flood, Detect UDP
Flood, Detect Ping of Death Attack, Detect Tear Drop
Attack, Detect IP Spoofing Attack, Filter IP Route
Option, Detect Port Scan Attack, Detect Land Attack,
Virus-Infected Blocking, E-Mail Alert Notification,
NetBIOS Notification Alarm Event alarm for hacker attack
The alarm message can sent to administrator by e-mail
Other Functions Firmware Upgradeable through Web
NTP support
Configuration Backup and Restore through Web
Dynamic DNS support
Multiple NAT and multiple DMZ (mapped IP) support
Multiple server load balancing
Chapter 2
AAddmmiinniissttrraattiioon
Generally speaking, the system administration refers to the privileges of log in/out,
monitor and control the BM-2101 appliance with some relevant settings. In this Chapter, the system administration will be defined as the management of the MIS engineer , Permitted IPs , System Log-Out, and Software Update.
Chief administrator configures and manages the BM-2101 appliance. The administrator can add, delete or modify system settings and monitor system status while sub-administrator (title named by first MIS engineer) is read-only.
n
Administrator
Administrator
The title of chief administrator and sub administrator. Administrator is the default
name and cannot be removed. But other sub administrator can be modified or removed.
The default administrator Account: admin ; Password: admin
The default chief administrator can add or modify the other admin to be the sub admin or chief
admin , otherwise the other chief admin can modify its privilege to be the sub admin but can not be deleted . The BM-2101 appliance still force to reserve a chief admin .
Privilege
Chief administrator has the Write/Read privilege. Administrator is allowed to
modify the configurations, monitor the system status, and add or remove the other administrator .
Sub administrator only has Read privilege. He is allowed to view and monitor data,
but cannot modify the configurations.
Password/New Password/Confirm Password :
Can add or modify the password of chief / sub administrator .
10
2.1 Admin
Step1. Click Admin Æ New Sub-Admin . Step2. In Add New Sub Admin , add the settings :
Sub Admin name: sub_admin.
 
Password: 12345.
Confirm Password: 12345.
If select Write Access and View Log & Privilege, the new sub-admin becomes chief admin.
Step3. Click OK for the user to log in, or click Cancel to cancel adding new sub
admin.
Add new sub admin
11
Step1. In Admin, select the admin to change , correspond to the ConfigureÆ
Modify.
Step2. In Modify Admin Password , enter the following information:
Password: admin. New Password: 52364.
Confirm Password: 52364.
Step3. Click OK to change the password, or click Cancel to cancel the
modification
Modify admin password
12
2.2 Permitted IPs
Step1. In Administration Æ Permitted IPs ÆNew Entry , add the settings :
Name : Enter master IP Address : Enter 163.173.56.11 Netmask : Enter 255.255.255.255 Service : Check Ping, HTTP and HTTPS Click OK
Compelte adding Permitted IPs
Add new Permitted IPs
Complete add new Permitted IPs
To activate Permitted IPs, click Interface Æ LAN, WAN, and DMZ to uncheck Ping ,HTTP, and
HTTPS. However, Permitted IPs must be set before the cancellation of HTTP and HTTPS, or MIS
engineer can not enter BM-2101’s Web UI via the appointed interface.
13
2.3 System Log Out
. Step1 Click the Logged icon at the upper right of the WebUI. The MIS engineer
can log out the system anytime, to prevent the other person change the setting through other PC.
Confirm to log out
Step2. Click OK . It shows the logout message.
Log out message
14
2.4 Software Update
Step1. In SystemÆAdministrationÆSoftware Update
In Version Number, to know the version number, then connect to
network and download the latest version in the BM-2101 appliance.
Click Browse Æ Choose File , select the latest update file and open
it.
Click OK to run automatic software update.
Firmware update
It takes 3 minutes to run software update then the system will restart. Please do not turn off the
system or quit the web page during the update process, or it will cause an unpredictable error (It is recommended to update through LAN).
15
Chapter 3
CCoonnffiigguurre
The configuration here is about the basic operating settings of the BM-2101 appliance. In this Chaper, it will be defined as Setting, Date/Time, Multiple Subnet, Route Table,
DHCP, Dynamic DNS, Host Table, SNMP, and Language.
e
16
Setting
Bandwidth Management Gateway Configuration
The MIS engineer can export or import system setting files and reset factory
setting
System Name Setting
The administerator can set the device name.
E-mail Setting
Enabling this function and the BM-2101 appliance will automatically send instant
e-mail alert notification to the MIS engineer when the system be attacked or some urgent events occured .
Web Management
The MIS engineeristerator can remote the BM-2101 appliance anywhere via Web
UI. In addition, the MIS engineer can change the used port number in BM-2101’s remote management .
Set up the idle timeout as the MIS engineer log into the BM-2101 appliance. The
BM-2101 appliance will forced to logout the Web UI as the MIS engineer did not process any system monitoring or management.
After changing HTTP or HTTPS port number, if the MIS engineer want to log in to Web UI from
the WAN , he must change the web browser’s port when log in to Web UI For example ,
http://61.62.108.172:8080 and https://61.62.108.172:1025
MTU Setting
The MIS engineer can modify the length of the sent and received packets anytime.
The default value is 1500 Bytes.
17
Dynamic Routing (RIPv2)
By enable LAN, WAN or DMZ Port to send and receive RIPv2 packets, the BM-
2101 appliance can communicate with internal or external routers and dynamically update the route table. ( The MIS engineer can set up routing information update timer and routing information timeout when it stopp to receive the RIPv2 packets and the router will automatically cancel the dynamic routing table according to the setting.)
Administration Packet Logging
After enabled this function, the system will record the source or destination packet
information of BM-2101 in Monitor Æ Log Æ Traffic for the MIS engineer to query.
Date / Time
Synchronize System Clock
Synchronize the BM-2101 appliance time to the MIS engineer’s PC or the external
time server.
GMT
International Standard Time (Greenwich Mean Time)
Multiple Subnet
WAN Interface IP
The WAN interface IP which a multiple subnet corresponds to.
Forwarding Mode
To indicate the multiple subnet use NAT or Routing mode.
Interface
To indicate the multiple subnet interface is LAN or DMZ interface.
18
Alias IP of Interface/Netmask
The multiple subnet segment range.
NAT Mode
Allow the internal network to set up multiple subnet addresses and connect to
network via different WAN IP addresses. For example , the company applies several real IP addresses 168.85.88.0/24 for its lease line, and the company is divided into R&D, Customerr Service, Sales, Procurement, Accounting Department. For easy management, assignate different IP segment for each department. The settings are as the following
R&D Dep. 192.168.1.1/24(Internal) ÅÆ 168.85.88.253(External) Custermor Service Dep. 192.168.2.1/24(Internal) ÅÆ 168.85.88.252(External) Sales Dep. 192.168.3.1/24(Internal) ÅÆ 168.85.88.251(External) Procurement Dep. 192.168.4.1/24(Internal) ÅÆ 168.85.88.250(External) Accounting Dep. 192.168.5.1/24(Internal) ÅÆ 168.85.88.249(External)
R&D Dep. has already been set up in Interface configurations, so set up the reserveing four departments by adding 4 new Multiple Subnets . After completing the settings, every department can connect to network via its own WAN IP address. The settings of each department are as the following
Customer
Service
IP Address 192.168.2.2~254 192.168.3.2~254 192.168.4.2~254 192.168.5.2~254 Netmask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Default Gateway
Routing Mode
It is almost the same as NAT mode but does not have to correspond to the real
WAN IP address, which let internal PC to access the network by its own IP. (External user can use the IP to connect to the network)
192.168.2.1 192.168.3.1 192.168.4.1 192.168.5.1
Sales Procurement Accounting
19
DHCP
Subnet
The domain belongs to internet network.
Netmask
The domain name netmask belongs to the internet network.
Gateway
Internal network default gateway.
Broadcast
LAN broadcast address.
Dynamic DNS
Domain Name
The domain name that the MIS engineer applied from the DDNS provider.
WAN IP
The real IP which the domain name correspond to.
Host Table
Host Name
Customized by the MIS engineer. The internal user can access the resources
provided by a corresponded host.
Virtual IP Address
The mapped virtual IP Address correspond to the host name. It must be the LAN or
DMZ IP address.
20
3.1 Setting
Step1. In SystemÆConfigureÆSetting ÆBandwidth Management Gateway
Configuration , click
Step2 In File Download window , click Save . Then, choose the destination
.
near Export System Setting to Client.
location to save the exported file. Finally, click Save for BM-2101 to copy the configuration file to the oppointed storage location.
Choose the location to save files
21
Step1. In Setting window, click Browse near Import System Setting from
Client .
Step2. In Choose File window, select the previously saved settings and click
Open .
Step3. Click Open, and a confirmation dialogue box pop out. Step4. Click the OK to import the configuration file.
Import the file
To confirm to import the file
22
Step1. In Setting ÆBandwidth Management Gateway Configuration , select
Restore Factory Setting.
Step2. Click OK to restore the default settings
Restore to factory setting
23
Step1. Device NameEnter the BM-2101 name. Step2. In E-Mail SettingÆEnable Email Alert Notification . Step3. Sender Address : Enter the sender’s email address. (Required by some
ISP).
Step4. SMTP Server : Enter the IP address of the SMTP server. Step5. E-mail Address 1 : Enter the first e-mail address to receive the notification. Step6. E-mail Address 2 : Enter the second e-mail address to receive the
notification.
. Step7 Click OK to enable this f unction.
Enable e-mail alert notification
24
Click Mail Test to test if e-mail address 1 and e-mail address 2 can receive the notification
or not.
If the MIS engineer want to send the mails via the authentication, then he must Enable SMTP
Server Authentication.
25
Step1. To restart the BM-2101 appliance, Click Reboot near Reboot Bandwidth
Management Gateway Appliance.
Step2. It shows the confirm dialogue of Are you sure to reboot ? Step3. Click OK to restart, or click Cancel to terminate the action.
Start to reboot
26
3.2 Date / Time
Step1. Select Enable synchronize with an Internet time Server. Step2. Set offset hours from GMT , select the correct option. Step3. Enter the time server’s IP address in Server IP / Name. Step4. Enter the update time.
Set system clock
Click Sync near Synchronize system clock with this client, to synchronize the BM-2101 time to
the MIS engineer’s PC.
Click Assist near Set Offset From GMT or Server IP / Name to consult the setting
value.
27
3.3 Multiple Subnet
Internal user use the IP address to link the internet via the multiple subnet NAT or Routing mode.
Preparations
Connect the BM-2101 appliance WAN 1(10.10.10.1to the ISP’s Router (10.10.10.2). The segment is 162.172.50.0/24 (Distributed by the ISP).
Connect the BM-2101’s WAN 2(211.22.22.22)to ATUR to link to the network.
28
Step1. Click Configure Æ Multiple Subnet
Click New Entry . Interface : select LANAlias IP of Interface : enter 162.172.50.1 Netmask : enter 255.255.255.0 WAN 1: 10.10.10.1 , Forwarding Mode : select routing WAN 2: 211.22.22.22 , Forwarding Mode : select NAT Click OK . Complete to add new multiple subnet IP.
Add new multiple subnet IP
29
Loading...
+ 248 hidden pages