Proscend 6200 SERIES User Manual

Download

PROSCEND 6200 SERIES

G.SHDSL.

BIS

VPN

ROUTER

USER MANUAL

ERSION 1.00

INTRODUCTION ................................................................................................................................................. 1

1.1

DESCRIPTIONS ...................................................................................................................................................... 1

1.2

FEATURES ............................................................................................................................................................ 2

1.3

SPECIFICATIONS .................................................................................................................................................... 2

1.4

APPLICATIONS ...................................................................................................................................................... 6

1.4.1

VPN Access .................................................................................................................................................. 6

1.4.2

PPTP/ L2TP Access ....................................................................................................................................... 6

GETTING TO KNOW ABOUT THE VPN ROUTER ................................................................................................... 7

2.1

FRONT PANEL ....................................................................................................................................................... 7

2.2

REAR PANEL ......................................................................................................................................................... 8

2.3

WAN PORT ......................................................................................................................................................... 9

2.4

LAN PORTS ....................................................................................................................................................... 11

2.5

CONSOLE PORT .................................................................................................................................................. 11

2.6

USB PORT ........................................................................................................................................................ 12

2.7

POWER CONNECTION .......................................................................................................................................... 12

2.8

RESET BUTTON ................................................................................................................................................... 12

2.9

PROTECTIVE EARTH (FRAME GROUND) TERMINAL ..................................................................................................... 13

CONFIGURATION ..............................................................................................................................................14

3.1

CONFIGURATION METHODS .................................................................................................................................. 14

3.1.1

Installation ................................................................................................................................................ 14

3.1.2

Web Configuration .................................................................................................................................... 15

3.1.3

Serial Console Configuration ..................................................................................................................... 16

3.1.4

Telnet Configuration .................................................................................................................................. 17

3.2

LOGIN VIA WEB BROWSER .................................................................................................................................... 18

3.3

MENU TREE ...................................................................................................................................................... 19

3.4

QUICK SETUP ..................................................................................................................................................... 26

3.4.1

System Mode ............................................................................................................................................. 26

3.4.2

SHDSL.bis mode ......................................................................................................................................... 29

3.4.3

LAN IP and Subnet Mask ........................................................................................................................... 30

3.4.4

WAN ENCAP .............................................................................................................................................. 30

3.4.5

WAN VPI/VIC ............................................................................................................................................. 30

3.4.6

Default Gateway ....................................................................................................................................... 31

3.4.7

DNS ........................................................................................................................................................... 31

3.4.8

Submit ....................................................................................................................................................... 32

3.5

NETWORK ......................................................................................................................................................... 34

3.5.1

SHDSL ........................................................................................................................................................ 34

3.5.2

Interfaces .................................................................................................................................................. 36

3.5.3

3.5G Backup .............................................................................................................................................. 39

3.5.4

DNS ........................................................................................................................................................... 40

3.5.5

DHCP ......................................................................................................................................................... 41

3.5.6

NAT ............................................................................................................................................................ 44

3.6

ADVANCE .......................................................................................................................................................... 45

3.6.1

STP ............................................................................................................................................................ 45

3.6.2

VLAN ......................................................................................................................................................... 46

3.6.3

Static Route ............................................................................................................................................... 48

3.6.4

QoS ............................................................................................................................................................ 49

3.6.5

RIP ............................................................................................................................................................. 54

3.6.6

Virtual Server ............................................................................................................................................ 55

3.6.7

DMZ ........................................................................................................................................................... 56

3.6.8

DDNS ......................................................................................................................................................... 57

3.6.9

IGMP ......................................................................................................................................................... 58

3.7

SECURITY .......................................................................................................................................................... 59

3.7.1

Firewall ..................................................................................................................................................... 59

3.7.2

VPN ........................................................................................................................................................... 60

3.7.3 Filter .......................................................................................................................................................... 67

3.8

MANAGEMENT .................................................................................................................................................. 71

3.8.1

SNTP .......................................................................................................................................................... 71

3.8.2

SNMP ........................................................................................................................................................ 73

3.8.3

TR-069 ....................................................................................................................................................... 76

3.8.4

UPnP .......................................................................................................................................................... 77

3.8.5

Sys Log ....................................................................................................................................................... 78

3.8.6

Telnet ......................................................................................................................................................... 78

3.8.7

SSH ............................................................................................................................................................ 79

3.8.8

Web ........................................................................................................................................................... 79

3.9

SHOW .............................................................................................................................................................. 81

3.9.1

Information ............................................................................................................................................... 81

3.9.2

Sys Log ....................................................................................................................................................... 82

3.9.3

Script ......................................................................................................................................................... 82

3.10

STATU S ............................................................................................................................................................. 83

3.10.1

SHDSL ................................................................................................................................................... 83

3.10.2

WAN ..................................................................................................................................................... 84

3.10.3

Route Table ........................................................................................................................................... 85

3.10.4

Interfaces .............................................................................................................................................. 85

3.11

UTILITIES ........................................................................................................................................................... 87

3.11.1

Upgrade ................................................................................................................................................ 87

3.11.2

Config Tool ............................................................................................................................................ 88

3.11.3

Users ..................................................................................................................................................... 88

3.11.4

Ping ...................................................................................................................................................... 89

3.11.5

Trace Route ........................................................................................................................................... 90

APPENDIX A.

TERMINOLOGY ...............................................................................................................................92

APPENDIX B.

FAQ .............................................................................................................................................. 100

B-1.

802.1Q TAG-BASED VLAN TEST CASES ............................................................................................................... 100

B-2.

PORT-BASED VLAN .......................................................................................................................................... 106

IInnttrroodduuccttiioonn

11..1

DDeessccrriippttiioonnss

PROSCEND 6200 series G.SHDSL.bis VPN Router is a high performance 4-port Security Gateway providing Internet access and LAN-to-LAN application over existing copper line for small/medium off ice. Complying with the latest G .SHD SL.bi s tec hnolog y, ITU-T G.991.2 (2004) sta ndard , PRO SC END 6 200 series off er data transmission rates of up to 5.696Mbps in 2-wire mode, 11.392Mbps in 4-wire mode and 22.784Mbps in 8-wire mode.

PROSCEND 6200 series VPN Router is integrated high-end Bridging/Routing capabilities with advanced functions of Multi-DMZ, Virtual Server mapping, and VPN pass-through. Because of rapid growth of network, virtual LAN has bec ome one of the maj or ne w ar eas in int er net wor k ing ind us try. PROSCEND 6200 supp or t port-based VLAN and IEEE 802.1q VLAN over ATM network.

With always on connection that DSL features, PROSCEND 6200 series VPN routers provide advanced firewall with Stateful Packet Inspection (SPI) and D enial of Service (DoS) protection, serving as a powerful firewall to protect from outside intruders of secure connection. It also supports IP precedence to classify and prioritize types of IP traf f ic. In additi ona l, i ts VPN f eatur e s uppor ts dat a trans mission over the Internet b y data encryption/decryption between two sites. VPNs feature allows replacing a private leased line to minimize the expense among global inter-connection.

Not only the much higher bandwidth than convention s ymmetric digital subscriber loop, PROSCEND 6200 series also provide the network administrator s tool of Q uality of Ser vice (QoS) to allocate n etwork resourc es effectively. By class ify the pr iority of services, the fun ctions of ba ndwidth m anagem ent increas es eff iciency and productivity on specific demands suc h as VoI P, vi deo s tr eaming, video-confer encing or interactive game applications to guarantee all the application get the deserved service quality.

11..2

FFeeaattuurreess

 Easy configuration and management with password control for various application environments  Efficient IP routing and transparent learning bridge to support Internet broadband services  Virtual LANs (VLANs) offer significant benefit in terms of efficient use of bandwidth, flexibility,

performance and security

 VPN for safeguarded connections  Built-in advanced SPI firewall  IP precedence to partition the traffic into multiple classes of service  Four 10/100M Base-T Auto-sensing, Auto-negotiation and Auto-MDI/MDIX switching port for flexible

local area network connectivity

 USB ports for 3.5G USB dangle modem for Internet access backup(For USB models only)  Fully ATM protocol stack implementation over SHDSL.bis  PPPoA and PPPoE support user authentication with PAP/CHAP/MS-CHAP/MS-CHAPv2  SNMP management with SNMPv1/v2c/v3 agent and MIB II  Getting enhancements and new features via Internet software upgrade

11..3

SSppeecciiffiiccaattiioonnss

 Hardware Interface

 WAN Port:

 SHDSL.bis: ITU-T G.991.2 (2004) Annex A/B/F/G supported  Encoding scheme: TC-PAM 16/ TC-PAM 32  Data Rate: N x 64kbps (N= 3 ~ 89, 89 as default) (For 6200-2W and 6200-2W/U)  Data Rate: N x 128kbps (N= 3 ~ 89, 89 as default) (For 6200-4W and 6200-4W/U)  Data Rate: N x 256kbps (N= 3 ~ 89, 89 as default) (For 6200-8W and 6200-8W/U)  Impedance: 135 ohms

 LAN Port: 4-Ports 10/100M Switch supports

 Auto-negotiation for 10/100Base-TX and Half/Full Duplex  Auto-MDIX

 USB Port: 2-ports USB (For 6200-2W/U, 6200-4W/U and 6200-8W/U)

 USB 2.0  Serial Console Port: RJ45 connector  Factory Default Reset: Push Button  LED:

 Power (Green)

 WAN LINK/ACT(Green), one LED per pair

 LAN (Port 1~port 4) LINK/ACT (Green)

 ALARM (Red)

 Bridging and VLAN

 IEEE 802.1D Transparent Learning Bridge  IEEE 802.1Q and Port Based VLAN  Spanning Tree Protocol (STP)  Up to 2K Mac Address

 Routing

 Static routing and RIP v1/v2(RFC 1058/2453)  NAT/PAT (RFC1631)  NAT Application Level Gateways  Skype/MSN/Yahoo Messenger (RFC2933)  VoIP(SIP) pass through  VPN PPTP/L2TP pass through  Virtual Server

 Network Protocol

 IPv4 (ARP/RARP, TCP/UDP,ICMP)  DHCP Client/Server, Relay  DNS Relay/Proxy, Dynamic DNS(DDNS)  IGMP v1/v2/v3, IGMP Proxy, IGMP Snoop ing  SNTP and UPnP

 ATM

 8 PVC  OAM F4/F5 Loopback  AAL5  VC Multiplexing and SNAP/LLC  Ethernet over ATM (RFC 2684/RFC1483)  Multiple protocol over ATM AAL5(MPOA, REF1483 /26 84)  PPP over ATM (RFC 2364)  Classic IP over ATM (RFC 1577)  QoS(UBR/CBR/VBR/VBR-RT)

 PPP

 PPPoE  PAP/CHAP/MS-CHAP/MS-CHAPv2  Configurable timer to auto-reconnect,

 Configurable Idle times for timeout

 QoS

 802.1P Tag  IPv4 TOS/DiffServ  Class-based Priorit izati on  Class-based Traffic Shaping  Class-based DSCP Mark  Up to 8 priority queues  IP Precedence Alternation

 VPN

 IPSec (RFC2411) up to 4 Tunnels  DES/3DES/AES  MD5/SHA-1  IKE/Manual Ke y  ISAKMP (RFC 2407/2408/4306)  IKE v1 (RFC 2409/4109)  PSK  L2TP/PPTP

 Firewall

 SPI (Stateful Packet Inspection)  Intrusion Detection/DoS (Denial of Service)  DMZ  Content Filtering  URL Blocking  Packet Filtering/Access Control List (ACL)

 Management

 Web and Telnet management via LAN ports  CLI via serial console port  Support SSH (RFC4250/4251/4252/4253/4254/4255/4256)  SNMP v1/v2c/v3 (RFC 1157/1901// 190 5)  MIB II (RFC 1213/1493)  Syslog with Remote Logging support  Firmware Upgrade via TFTP  Configuration Data Import/Export  Multiple Levels of Administration Privilege  Support TR-069 WAN management protocol

 Physical / Electrical

 Dimensions: 18.7 x 3.3 x 14.5cm (WxHxD)  Power: 100~240VAC (via power adapter)  Power Consumption: 9 watts Max  Temperature: 0~45ºC  Humidity: 0%~95%RH (non-condensing)

Model Number list:

Model Number

Specification

6200-2W 6200-4W 6200-8W 6200-2W/U 6200-4W/U 6200-8W/U

Maximum DSL wires 2-wires 4 -wires 8-wires 2-wires 4 -wires 8-wires

Maximum data rate 5.696 Mbps

11.392 Mbps

22.784 Mbps 5.696 Mbps 1 1.392 Mbps

22.784 Mbps

USB port

USB port for 3.5G Don gle Modem with Internet access backup

11..4

AApppplliiccaattiioonnss

11..44..1

VVPPNN AAcccceessss

11..44..2

PPPPTTPP// LL22TTPP AAcccceessss

GGeettttiinngg ttoo kknnooww aabboouutt tthhee VVPPNN RRoouutteerr

22..1

FFrroonntt PPaanneell

LED status of VPN Router:

LEDs Active Description PWR On The power adaptor is connected to this device

DSL

LINK 1

On SHDSL.bis line 1 connection is established

Blink

SHDSL.bis line 1 handshake Transmit or received data over SHDSL.bis link 1

LINK 2

On SHDSL.bis line 2 connection is established

Blink

SHDSL.bis line 2 handshake Transmit or received data over SHDSL.bis link 2

LINK 3

On SHDSL.bis line 3 connection is established

Blink

SHDSL.bis line 3 handshake Transmit or received data over SHDSL.bis link 3

LINK 4

On SHDSL.bis line 4 connection is established

Blink

SHDSL.bis line 4 handshake Transmit or received data over SHDSL.bis link 4

LAN

LINK/ACT1

On Ethernet cable is connected to LAN 1 Blink Transmit or received data over LAN 1

LINK/ACT2

On Ethernet cable is connected to LAN 2 Blink Transmit or received data over LAN 2

LINK/ACT3

On Ethernet cable is connected to LAN 3 Blink Transmit or received data over LAN 3

LINK/ACT4

On Ethernet cable is connected to LAN 4 Blink Transmit or received data over LAN 4

ALM

On SHDSL.bis line connection is dropped Blink SHDSL.bis self test Off No Alarm

22..2

RReeaarr PPaanneell

Connector Description DC-IN Power adaptor inlet: Input voltage from 9V to 12VDC

CONSOLE RJ-45 for system configuration and maintenance RST Reset button for reboot or load factory default LAN (1,2,3,4) 10/100BaseT auto-sensing and auto-MDIX for LAN port (RJ-45) USB USB ports ( for 6200-2W/U, 6200-4W/U and 6200-2W/U only) DSL G.SHDSL .Bis interface for WAN port (RJ-45)

Frame Ground / Protective earth

22..3

WWAANN PPoorrtt

The VPN Router have one port for WAN port connection, this is a G.SHDSL .Bis interface. The pin assignments for SHDSL line cable are:

For 2-wire (one pair) model , Loop1 has been used. For 4-wire (two pair) model, Loop1 and 2 have been used. For 8-wire (four pair)model, Loop1, 2, 3 and 4 have been used.

Channel A Channel B Channel C Channel D

2-wire model (6200-2W , 6200-2W/U) 2-wire mode Loop1 (4,5) 4-wire model (6200-4W , 6200-4W/U)

2-wire mode 4-wire mode

Loop1 (4,5)

Loop1 (4,5) Loop2 (3,6) 8-wire model (6200-8W , 6200-8W/U) 2-wire mode

4-wire mode 8-wire mode

Loop1 (4,5)

Loop1 (4,5) Loop2 (3,6)

Loop1 (4,5) Loop3 (1,2) Loop4 (7,8) Loop2 (3,6)

For test on point to point connection purpose, you can use the Straight-Through Ethernet Cable for SHDSL.bis link as the following.

T-568A Straight-Through Ethernet Cable

T-568B Straight-Through Ethernet Cable

Both the T-568A and the T-568B standard Straight-Through cables are been used.

22..4

LLAANN ppoorrttss

The VPN Router have four LAN ports. Those ports are aut o-negotiating, auto-crossover. In 10/100Mbps Fast Ethernet, the speed can be 10Mbps or 100Mbps and the duplex mode can be half duplex or duplex.

The auto-negotiating ports can detect a nd adjust to th e optimum Ethernet speed (10/100 Mbps) and duplex mode (full duplex or half duplex) of the connected device. The auto-crossover (auto-MDI/MDI-X) ports automatically works with a straight-through or crossover Ethernet cable.

22..5

CCoonnssoollee PPoorrtt

Connect the RJ-45 jack of the console cable to the console port of the VPN Router. Connect the DB-9 female end to a serial port( COM1 , COM2 or other COM port) of your computer.

The wiring diagram of console cable is as following:

The pin assignment of RJ-45 modular jack on the Console cable:

Pin Number Abbrev. Description Figure 1 DSR DCE ready

1 8

Top View

Front View

2 DCD Received Line Signal Detector 3 DTR DTE ready 4 GND Signal Ground 5 RXD Received Data 6 TXD Transmitted Data 7 CTS Clear to Send 8 RTS Request to Send

22..6

UUSSBB PPoorrtt

Only for with USB ports models. This is using for connection of 3G/3.5G USB modem.

22..7

PPoowweerr ccoonnnneeccttiioonn

Make sure you are us ing the correct po wer source as the AC/ DC adaptor. Inset the female e nd of power adaptor’s cord into the power receptacle on the rear panel. Connect the power adaptor to an appropriate power source.

22..8

RReesseett BBuuttttoonn

The reset button can be used only in one of two ways. (1) Press the Reset Button for two second will cause system reboot. (2) Pressing the Res et Button for eight seconds will cause the product load ing the factory default setti ng and losing all of yours configuration. When you want to change its configuration but forget the user name or password, or if the product is hav ing problems connecting to the Internet and you want to configure it again clearing all configurations, press the Reset Button for eight seconds with a paper clip or sharp pencil.

22..9

PPrrootteeccttiivvee EEaarrtthh ((FFrraammee GGrroouunndd)) tteerrmmiinnaall

The marked lug or terminal should be connected to the building protective earth bus. The function of protective earth does not serve the purpose of providing protection against electrical shock, but instead enhances surge suppressi on on the DSL lines for installations where suitable bonding f acilities exist. The connector type is M3 machine screw.

CCoonnffiigguurraattiioonn

33..1

CCoonnffiigguurraattiioonn MMeetthhooddss

There are three methods to c onfigure the VPN Router: serial console, Teln et and Web Browser. Users have to choose one method to configure the VPN Router.

33..11..1

IInnssttaallllaattiioonn

This following guide is desi gned to lead users through Web Conf iguration of G.shdsl.bis VPN Router in the easiest and quickest way possible. Please follow the instructions carefully. Step 1. Connect the power adapter to the port labeled “DC-IN” on the rear panel of the VPN Router. Step 2. Connect the Ethernet cable to LAN ports. (Note: The VPN R outer supports auto-MDIX switchin g

hub so both straight through and cross-over Ethernet cables can be used.) Step 3. Connect the phone cable to the VPN Router and the other side of phone cable to wall jack. Step 4. Connect the power adapter to power source. Step 5. Turn on the PC or NB, which is used for configuration the VPN Router.

To avoid possible damage to this VPN Router, DO NOT turn on this device before Hardware

Installation.

Connection with VPN Router

33..11..2

WWeebb CCoonnffiigguurraattiioonn

Make sure that Ethernet Adapter had been installed in PC or NB used for configuration of the modem. TCP/IP protocol is necessary for web configuration, so please check the TCP/IP protocol whether it has been installed.

The VPN Router pr ovides a browser interfac e that allows you to configure and manage this device. After you set up your IP address f or the VPN R ou ter , you can access the VPN Rou ter ’s Web interface applications directly in your browser b y enteri ng th e IP ad dr ess of the VPN R out er . You can then use your Web browser to list and manage configuration parameters from PC.

Web Configuration req uires Internet Explorer 5.0 or l ater or Netscap e Navigator 6.0 and later vers ions. The recommended screen resolution is 1024 by 768 pixels.

33..11..3

SSeerriiaall CCoonnssoollee CCoonnffiigguurraattiioonn

The console port is a RJ-45 connect or that enables a connection to a PC for monitor ing and configur ing the VPN Router. Use the supplied serial cable w ith a female DB-9 connector to serial por t of PC and RJ-45 module jack connector to VPN Router’s console port. Start your terminal access program by terminal emulation program or Hyper Terminal and configure its communication parameters to matc h the following default characteristics of the console port:

Parameter Value Baud Rate 115200

Data Bits 8

Parity Check None

Stop Bits 1

Flow Control None

It will ask for user name and password in order to remote login when using telnet, please use “root” for username and “root” f or password. Please check the following screen shot f or what you will see in your terminal window.

33..11..4

TTeellnneett CCoonnffiigguurraattiioonn

The VPN Router also supports telnet for remote management. Please make sure the correct Ethernet cable connected the LAN ports of device to your computer. The LAN i ndica tor on the f ront pane l shall l ight on if a correct cable is used. Start your telnet client with a command window or VT100 terminal emulation by key in “192.168.0.1”, which is th e management IP address of Proscend 620 0 series VPN router, and wait for the login page prompts up. Then, k ey in the user name and the password once the login page shows. The login page is shown as the following screen shot. (T he default user name and password are “root” and “root”.)

All display screens are as same as serial console configuration. The default IP address is “192.168.0.1” and you can customer ize the IP address f or you application. In addition, the def ault Telnet function is disable. Therefore, before using this Telnet function, please enable Telnet with using Web management .

33..2

LLooggiinn vviiaa WWeebb BBrroowwsseerr

This section introduces the configuration and functions of the web-based management. It is an HTML-based management interface that allows users to setup and manage Proscend 6200 VPN routers. This configuration system offers all monitoring and management features which allow users to access VPN routers from anywhere on the network with a standard browser, such as, Internet Explorer or Firefox.

Step 1. User can use any common browsers , such as, Internet Explorer, on your computer to connect the

VPN Router. Then, please type “

http://192.168.0.1” in the address bar of the browser you just

open. Step 2. The default IP address and sub net-mask of the management port of VPN Router are “192.168.0.1”

and “255.255.255.0”. Step 3. If DHCP function is Disable, your computer can set the sam e net-m ask such as 192.1 68.0.X which

X is from 2 to 254, so you are able to connect to the VPN router. Step 4. Key in user name, “root”, and password, “root”; then, click on “Login” button to login the web

configuration.

Note: Both the default user name and password are “root”. It is suggested to change the user name and the password for security reason. Note: For safety purpose, the password will be prompt as star symbol. Note: Once you c han ge t he us er name and password, pleas e l og in with th e n e w u ser name and password in the next login process.

33..3

MMeennuu TTrreeee

Quick Setup System Mode Bridge

Router WAN IP

WAN Netmask Protocol Disable

EoA EoA + NAT IPoA IPoA + NAT PPPoA PPP User

PPP Password Confirm Password PPP Connection Type

PPPoA +

NAT PPPoE

PPPoE +

NAT Primary DNS Secondary DNS DHCP mode Disable

Server

Relay SHDSL.bis Mode

STU-R

STU-C WAN ENCAP WAN VPI/VCI Default Gateway

Network SHDSL Mode

Pair Mode

Annex

TCPAM

Line Probe

Max Base Rate Interfaces LAN IP

Netmask

WAN Protocol Bridge Mode Disable

Ethernet over ATM

Router Mode Disable

IPoA PPPoA PPP User, PPP

Password, PPP Connection type

PPPoE

ENCAP VPI-VCI QoS Class QoS PCR QoS SCR

Gateway

3.5G Backup Mode

Location

ISP

Manufacture

Dial Number

APN

Keep-alive Interval

Keep-alive Server DNS Primary

Secondary DHCP Mode Disable

Server Relay

DHCP Server Mode

Subnet Netmask IP Range Gateway DNS Lease Time

DHCP Relay IP

Interface

NAT Mode

Entry (1~16) Enable

Source IP Source Netmask Output Interface

Advance STP Router Mode Not available

Bridge Mode Mode

Aging Time

VLAN Router Mode Not available

Bridge Mode Mode Disable

802.1Q Tag-Based VLAN Port-Based VLAN

Static Route Destination

Netmask

Gateway

Interface QoS Mode

Traffic Classify Mode

Class ID Protocol Src IP Src Netmask Src Port Dst IP Dst Netmask Dst Port

802.1P Class ID

IP DS CP DSCP

Class ID

Class Shaping Mark Mode

DSCP TOS Min Rate Max Rate

RIP Mode

RIP Ve rsion

LAN Mode

Passive

WAN1~WAN8 Mode

Passive

Virtual Server Router Mode Mode

Entry (1~16) Enable

Description Interface

Protocol Public Port Private IP/Port

Bridge Mode Not available DMZ Router Mode Mode

WAN I/F Host IP

Bridge Mode Not available DDNS Mode

Provider

Host Name

User Name

Password IGMP IGMP Proxy / Snooping

Security Firewall Router Mode Mode

Bridge Mode Not available VPN R outer Mod e IPSEC Mode

Name WAN Perfect Forward Secrecy Local Subnet Local Netmask Remote Public IP Remote Local LAN Subnet Remote Local LAN Netmask Pre-shared Key

L2TP Mode

Authentication Virtual IP L2TP/IPSec Mode IPSec Interface IPSec PSK User

PPTP Mode

Authentication Virtual IP User

Bridge Mode Not available

Filter IP Filter Mode

Default Policy Entry(1~16) Mode

Action Protocol Source IP/ Mask Source Start/ End Port Destination IP/ Mask Destination Start/ End Port

MAC Filter Mode

Default Policy Entry(1~16) Mode

MAC Action

Management SNTP Sync With PC

SNTP Mode

Time Server Time Zone

SNMP SNMPv3 Mode

V3 User Name V3 Auth. Password V3 Priv. Password V3 Auth. Mode V3 Auth. Type V3 Priv. Type V3 Access

Trap Mode

Community Trap Host IP

TR069 Mode

ACS URL

ACS Username

ACS Password

Periodic Inform Enable

Periodic Inform Interval

Periodic Inform Time

Connection Request IP

Connection Request Port

Connection Request Username

Connection Request Password

Retry Times UPnP Mode Sys Log Remote Server Mode

Remote Server Address

Remote Server Port Telnet Mode

Port SSH Mode

Port Web Refresh Time

Service Port

Show Information Hardware MCSV

Software MCSV

Software Version

DSL Chip Name

DSL Phy Firmware Version

DSL IDC Firmware Version

MAC

Serial No

Present Time

System Uptime Sys Log Script

Status SHDSL

WAN Route T able Interfaces STP (not available in router mode)

Utilities Upgrade

Config Tool Default

Backup Restore

Users User 1~4 Name

Level Password Confirm

Ping IP Address

Size Count Update

Trace Route Host name or IP

Packet Datagram Update Interval

33..4

QQuuiicckk SSeettuupp

“Quick Setup” function guides users to setup their VPN routers step by step. This VPN Router can be set as a bridge or a router. The following sections show how to setup a bridge mode or a router mode.

33..44..1

SSyysstteemm MMooddee

“System Mode” allows users to decide this VPN router should be a bridge device or a router device.

“Router mode” is when the DSL modem perf orms all the functions that allow you to connect to the Internet which include: all the technical settings (VCI, encapsulation, etc.) and the VPN router also connects to the ISP with your username and password. You can basically just connect to your computer.

“Bridge mode”, on th e other hand, allows som e external device, for example, your computer or a separate router, to do the ISP connection, etc. In bridge mode, all the VPN router does is remembering your VCI, VPI and encapsulation settings. The ISP information and IP address assigned is controlled b your separate router or computer in PPP mode.

33..44..11..11

BBrriiddggee MMooddee

Click on “Bridge” to set this VPN router as a bridge device.

33..44..11..22

RRoouutteerr MMooddee

Click on “Router” to assign this VPN router to be a router device.

Once “System Mode” is set to “Router”, more setups will be shown as the screen shot above.

Fill up WAN port information for the VPN router as the router mode.

WAN Section

1. WAN IP and WAN Netmask Fill up the IP address and the netmask of WAN.

2. Protocol Nine options are available for this setup:  Disable: if protocol is “Disable”, WAN will be closed; henc e, the information of WAN IP and WAN

Netmask will not be effective.

 EoA  EoA + NAT  IPoA  IPoA + NAT  PPPoA  PPPoA + NAT  PPPoE  PPPoE + NAT

DHCP Mode

Choose whether DHCP mode should be “Disable”, “Server” or “Relay”.

This section is only available when the protocol is “PPPoA”, “PPPoA + NAT”, “PPPoE”, or “PPPoE + NAT”.

PPP Protocol

In the circled area, you are abl e to set PP P user, PPP password, and PPP connection type. In addition, the connection type can be set as either “Always on” or “On demand”.

33..44..2

SSHHDDSSLL..bbiiss mmooddee

There are two SHDS L.bis modes: STU-C and STU-R. “STU-C” m eans the terminal of centra l office (CO) and “STU-R” means custom er premise equipment (CPE). Click STU-R side or STU-C side to setup the operation mode.

In both “Bridge” mode and “Router” m ode, ther e are f our parts of inform ation should be pr ovide d, SHD SL.b is mode, LAN IP and subnet mask , default gateway IP address, and WAN encapsulation type and VPI/VCI values.

33..44..3

LLAANN IIPP aanndd SSuubbnneett MMaasskk

Please provide the information of LAN IP and subnet mask in the circled area.

33..44..4

WWAANN EENNCCAAPP

For encapsulation type, VC-Mux (Virtual Circuit Multiplexing) and LLC (Logical Link Control) are available. VC-MUX and LLC ar e t w o mechanisms for identif ying the prot oco l c arr i ed in ATM Adaptation Layer 5 (AAL5) frames. Please choose the encapsulation type from the pull down menu.

33..44..5

WWAANN VVPPII//VVIICC

There is an unique VPI and VC I valu e for Inter net con nectio n sup ported b y IS P. The range of VIP is from 0 to 255, and VCI is from 0 to 65535.

33..44..6

DDeeffaauulltt GGaatteewwaayy

In quick setup process, fill up the default gateway IP address.

33..44..7

DDNNSS

Two sets of DNS addresses can be stored in DNS section, primary DNS and secondary DNS.

33..44..8

SSuubbmmiitt

Click on “Submit” but ton to save all settings. After s aving all settin gs, the following screen shots will be shown to confirm the configurations.

For bridge mode

For router mode

Click on “Apply” to activate these c onfigurations. T he VPN router will be rebooted as the following screen shot.

33..5

NNeettwwoorrkk

Network section allows users to setup the following functions.

1. SHDSL

2. Interfaces

3. 3.5G Backup

4. DNS

5. DHCP

6. NAT

Please check the sections for detail information on how to use these functions.

33..55..1

SSHHDDSSLL

“SHDSL” function allows you to change SHDSL parameters.

1. Mode: You are able to change your VPN router’s mode to STU-R or STU-C in here.

2. Pair Mode For “Pair Mode” parameter, you are able to cho ose how m any wire you w ould like to us e on SHDSL.b is connection.

Line Type Mode

VPN Router

2-wire

(1 pair)

4-wire

(2 pair)

8-wire

(4 pair)

6200-2W 6200-2W/U

●

6200-4W 6200-4W/U

● ●

6200-8W 6200-8W/U

● ● ●

The table above indicates the model number and its corresponding available wire numbers. For

example: 6200-2W and 6200-2W/U (2-wire model) can select 2-wire line type only. 6200-4W and 6200-4W/U (4-wire model) can select 2-wire and 4-wire line types. 6200-8W and 6200-8W/U (8-wire model) can select 2-wire, 4-wire or 8-wire line types.

3. Annex There are four Annex types, Annex A, Annex B, Annex A/F and Annex B/ G. Please confirm with your ISP.

4. TCPAM Three possibilities are available for TCPAM feature, “Auto”, “TCPAM-16” and “TCPAM-32”. “Auto” means the system will choose TCPAM automatically and this option is only available when the Annex type is “Annex A/F” or “An ne x B/ G ”.

SHDSL.bis VPN

Router

Annex A Annex B Annex A/F Annex B/G

Auto

● ●

TCPAM-16

● ● ● ●

TCPAM-32

● ●

5. Line Probe Yo u are able to choose to disab le or enable “Line Probe” function for data rate adpative mode. When “Line Probe” function is enabled, the system will search on the b est connection based on the value of “Max Base Rate” automatically.

6. Max Base Rate

This value will be used for “Line Probe” in order to f ind the best connecti on when line probe function is enabled. In addition, the value range is differed according to Annex type.

SHDSL.bis

VPN Router

Annex A Annex B Annex A/F Annex B/G

Range 3 ~ 36 3 ~ 36 3 ~ 89 3 ~ 89

33..55..2

IInntteerrffaacceess

“Interfaces” func tion pr o vides a too l to change LAN settin gs , WAN settings , an d t he default gateway after t he initial setups were completed. Please remember to reboot your VPN router after any changes are made.

33..55..22..11

LLAANN

Yo u are able to chang e LAN configuratio ns in “Interfaces” function. Once you c hange the settings, p lease click on “Submit” to save the modification.

33..55..22..22

WWAANN

The VPN Router supports 8 VCs (virtual circuit) for WAN. Click on the number to configure each VC.

The screen shot above will be shown onc e you select a VC to c onfigure. Fill up IP address, subnet mask, gateway, encapsulation type, and VPI/VCI inform ation. T hen, setup QoS class (UBR, C BR, VBR-RT and VBR-NRT), QoS PCR (Peak Cell Rate), and QoS SCR (Substained Cell Rate) information.

For Bridge mode, “Protocol” provides two options, “Disable” or “Ethernet over ATM”.

However, for Router mode, there are four options in “Protocol” menu, “Disable”, “IPoA”, “PPPoA” or “PPPoE”.

If you choose “PPPoA” or “PPPoE” type for protocol parameter, four more information fields will be needed.

33..55..22..33

DDeeffaauulltt GGaatteewwaayy

Default gateway information can be changed in “Interfaces” section.

33..55..3

33..55GG BBaacckkuupp

“3.5G Backup” function is for 6200-2W/U, 6200-4W/U and 6200-8W/U. VPN Router with USB models support automatic backup function. When connecting with SHDSL.bis, it will enable the 3G/3.5G broadband connection automaticall y when SHDSL.bis Interne t connection is not available. You can surf the Internet anywhere and anytime via this device.

33..55..33..11

33GG//33..55GG MMooddeemm ccaarrdd iinnssttaallllaattiioonn

If you would love to connect with a 3G/3.5G modem card or a SIM card, please follow the following instructions. Step 1. Connect power adapter to VPN router. Step 2. Connect another Ethernet cable from the any LAN ports (1~4) on VPN router to the Ethernet

socket on the PC.

Step 3. Insert SIM card into 3G /3 .5 G modem card, and conne c t the modem card with one of USB ports of

VPN router.

33..55..33..22

33GG//33..55GG IInntteerrnneett CCoonnffiigguurraattiioonn

Proscend 6200 VPN Router will recognize a 3G/3.5G modem card or SIM card automatically when a 3G/3.5G device is connected to on e of VPN Router’s USB ports. No additional setup pr ocedure is required. Only one Internet connec ti on ( either 3G/3.5G wireless or DSL wired) can b e us ed at th e s ame time. The primary connection method is DSL wired Internet; in the other hand , 3G/3.5G wireless connection is the backup way.

PIN code or user name / password required Please check the authentic ation m ethod you want to use. Most of telecomm service providers require you to

input Dial Number and APN (Access Point Name), please those items provided by telecomm service provider. After finish type those items, then click ‘APPLY’ button.

Note: Different ISP’s require Dial Number and APN for connecting to the Internet, please check with your ISP as to the type of connection it requires.

33..55..4

DDNNSS

“DNS” functi on maintains t wo sets of external DNS addresses. One is for the primary usage and the other one is the secondary DNS. Since the Internet communication is based IP addresses , all names should b e translated into IP addresses. DNS (Domain Name Service) allows ISPs’ identifications to be based on names rather than IP addresses.

33..55..5

DDHHCCPP

DHCP (Dynamic Host Configuration Protocol) is a communication protocol that allows network administrators to manage centrally and assigns IP addresses in an organization's network automatically.

33..55..55..11

MMooddee

“DHCP” feature provides three DHCP modes: “Disable”, “Server” and “Relay”.

1. Disable: Disable DHCP Server.

2. Server: Enable DHCP Server and assign IP addresses.

3. Relay: Enable DHCP Server and pass through original IP addresses.

33..55..55..22

DDHHCCPP SSeerrvveerr

First, please mak e sure you set “Mode” to “Server”. Then, choose a DHC P server (there are five DHCP servers available in this configuration system.) and configure its details by click on the number. The following screen shot is the detail setups of a DHCP server.

33..55..55..33

DDHHCCPP RReellaayy

Please make sure choose “Relay” mode first. Then, please provide the information of DHCP server IP address and assign a WAN port.

33..55..6

NNAATT

NA T (Network Address Translation) is a set of rules for translating an intranet IP address, such as, a company network, to a public IP address. Note: NAT is only available in “Router” mode.

First, you need to choose whether you want to enable or disable NAT.

Then, if you want to enable NAT and click on “Enable” button of “Mode” section. Please configure the circled section in the following screen shot.

There are sixteen NAT rules can be stored in 6 200 VPN router configuration s ystem at the sam e time. By providing the information of IP and netmask, you are able to setup an IP group, and then, assign this group to an output WAN port. If you would love to activate one NA T rule, please check on the particular checkbox and click on “Apply” to issue the modification.

33..6

AAddvvaannccee

“Advance” menu provides nine functions:

1. STP

2. VLAN

3. Static Route

4. QoS

5. RIP

6. Virtual Server

7. DMZ

8. DDNS

9. IGMP

Note: The advanced functions are only for advanced users to setup advanced functions. The incorrect setting of advanced function will affect the performance or system error, even disconnection.

33..66..1

SSTTPP

STP ( Spanning-Tree Protocol) defined in the IEEE 802.1D, is a l ink m anagement protoc ol that pro vides path redundancy while pr eventin g undes irable lo ops in the network . For an Etherne t net work to func tion pr operl y, only one active path can exist between two stations.

Click on “Disable” or “Enable” to setup STP mode. “Aging Time” is for how long you would like to refresh the mapping of IP address and MAC address. The default aging time is 300 seconds. Note: STP is only available in “Bridge” mode.

33..66..2

VVLLAANN

VLAN (Virtual Local Area N etwork) allows a ph ysical net work to be partit ioned int o mul tiple logical network s. Devices on a logica l network belong to one group. A device can belong to m ore than one group. With VLAN, a device cannot dire ctly talk to or hear f rom devices that are n ot in the sam e group. W hen proper l y configured, VLAN pre vents one subscriber from acc essing the network resources of another on the same LAN. In addition, VLAN also increases net work performance b y limiting broadcasts to a sm aller and more manageable logical broadcast domain. Note: VLAN function is only available in “Bridge” mode.

Users can choose three VLAN modes: “Disable”, “802.1Q Tag-Based VLAN” and “Port-Based VL AN”.

Click on “Disable” setup the mode and click on “Apply” to change the VPN router’s VLAN mode.

33..66..22..11

880022..11QQ TTaagg--BBaasseedd VVLLAANN

Click on “802.1Q Tag-Based VLAN” to show more configuration as the following screen shot.

Assign each group’s VID and which port shoul d be in a group. Then, assign PVID to t he port you nee d and its link type, un-tag or tag. T hen, click on “Apply” to set your VPN router with 802.1Q Tag-Based VLAN policy.

33..66..22..22

PPoorrtt--BBaasseedd VVLLAANN

Click on “Port-Based VLAN” in the mode section and you will see the follo wing configuration sec tion as the screen shot below.

Assign which port shou ld b e in on e gr oup tog ether by click on the corresp ondin g radio buttons in eac h entry. Click on “Apply” to save this changes.

33..66..3

SSttaattiicc RRoouuttee

“Static route” is a path in th e router that in dicates ho w it will reach a certain s ubnet by taking a s pecific path. A static route is one that is manually installed by your network administrator.

Static routes have advantages and disadvantages as compares to dynamic routes. Advantages of Static Routes

 Static routes are easier to configure  No need for overhead on the routing protocol  As long as you have a tight IP mask, this offers you reliable security  Disadvantages of Static Routes  In order to make changes in the network, you have to manually configure the route  When network outage is experienced, it does not automatically route around  Although this is quite easy to configure, it might not work for large and complicated networks

It is important that any ne twork administrator have substantial knowledge about static routes. Althoug h this type of route may not be as effective with large networks, they are quite useful in an y size of networks. Meanwhile, even if you have setup a dynamic route, there are cases that still require a static route.

33..66..4

QQooSS

QoS(Quality of Service) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic date is equally likely to be dropped when the ne t work is c onges ted. T his can c aus e a red uctio n in net work per form ance an d m ark the network inadequate for time-critical application such as video-on-demand. QoS is to decid e the pri orities t o pass though VPN Router according to your settings once if the bandwidth is exhausted or fully saturated.

33..66..44..11

MMooddee

First of all, you need to decide whether you want t o enabl e QoS pol icy or disa ble i t. Onl y when the m ode is set to “Enable”, the following policies will work.

33..66..44..22

TTrraaffffiicc CCllaassssiiffyy

Click on the number to configure each entry’s details.

33..66..44..33

880022..11PP

Click on “802.1P” tag and show the screen shot a bove. Click on the number of an entry to configure a queue’s class ID.

User priority is giving eight ( 2

= 8 ) priority levels (class IDs).

Priority Level Traffic Type 0 (default) Best Eff or t 1 Background 2 Spare 3 Exc ellent Ef f or t 4 Controlled Load

5 Video, less than 100 milliseconds latency and jitter 6 Voice, less than 10 milliseconds latency and jitter 7 Network Control

33..66..44..44

IIPP DDSSCCPP

The DSCP value used to identif y 64 levels (2

=64) of service determines the forwarding behavior that each packet gets across the D iffServ n etwork. Based on the m ark ing rule different k inds of traffic can b e m ark ed for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies.

Click on “IP DSCP” tag and the follow ing screen s hot will be shown. Click on the num ber of eac h DSCP to configure its level.

Each DSCP value (from 0 to 63) is mapped to a Queue value (from 1 to 8) from the drop-down list box. The number 1 r epresents the highes t priority and number 8 represe nts the lowest pr iority and acc ording various queuing strategies t o tailor per formanc e to requ irements. You are easy to change the table s etting. If you want to save the changes, click “Apply”.

33..66..44..55

CCllaassss SShhaappiinngg

Click on the number of each entry to configure details.

Fill up the information of mark mode, DSCP type, ToS value, the minimum rate and the maximum rate for the selected entry. Then, click on “Save” to change the configurations.

Traffic policing can pro pagates bursts. When the traff ic rate reaches the conf igured max imum rate, exces s traffic is dropped (or remark ed). The result is an output rate that appe ars as a saw-tooth with crests and troughs. In contrast to policing, traffic shaping retains ex cess packets in a queue and then sc hedules the excess for later transm ission over increments of time. The res ult of traffic shaping is a smoothed pack et output rate.

33..66..5

RRIIPP

The RIP (Rout ing Information Pro tocol) is a dynam ic routing protocol us ed in local and w ide area network s. It’s a very simple protocol, based o n distance-vector routing algor ithms. As such it is classified as an IGP (interior gateway protocol).

RIP function can be defined by the following parts.

1. Mode

To set disable RIP mode or enable it.

2. RI P Vers ion

To support V1 (RFC 1058) and V2 (RFC 2453).

3. Port Mode and Passive Mode

It allow users to setup interfaces with their own modes and passive modes. On passive mode interfaces, all receiving packets are processed as normal and rip does not send either multicast or uni-cast RIP packets.

33..66..6

VViirrttuuaall SSeerrvveerr

This feature allows you to m ake servers on your LAN ac cessible to I nternet user s. Normally, Internet users would not be able to access a server on your LAN because:

(1) Your server does not have a valid external IP address. (2) Attempts to connect to devices on your LAN are blocked by the firewall in this device IP address seen by

Internet users To Internet users , all vir tual servers on your LAN ha ve the sam e IP address. The IP address is allocated by y o u r I S P. This address should be static to make it easier for Internet users to connect to your Servers. Once configured, anyone on the Internet can connect your virtual servers.

First, choose “Disable” or “Enable” virtual server function. Then, if you choose enable this function, check on how many servers you would love to ha ve (maximum: 16 servers). You need to provide t he information of this server information, suc h as, interface (which WAN port), protoco l (TCP or UDP), public port range, and private IP and its port number. Please make sure you check on the server’s check box to enable the selected virtual server. Finally, click on “Apply” to activate these virtual servers. Note: This function is only available in “Router” mode.

33..66..7

DDMMZZ

DMZ (dem ilitarized zone) is a physical or logical sub-network that contains and expos es an organization's external services to a larg er distrusted network, usuall y the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's LAN (Local Area Network).

In DMZ feature, three parameters needed to build up a DMZ function for a WAN port.

1. Mode:

Choose “Disable” to disable DMZ feature and “Enable” to start this function.

2. WAN I/F

Choose which WAN port should be applied.

3. Host IP

Assign a host IP for the WAN port.

Note: DMZ function is only available in “Router” mode.

33..66..8

DDDDNNSS

DDNS (Dynamic DNS Free) is a method, protocol or network service that provides the capability for a networked device, suc h as, a router, to notify a DNS nam e server to chang e the active DN S configur ation of its configured hostnames, addresses or other information.

1. Mode: to disable or enable DDNS function.

2. Provider:

6200 VPN Router provides three DNS name service providers. Please choose a provider from the following list. 

www.dyndns.com



www.no-ip.com



www.tzo.com

3. Host Name: the host name you registered in the selected provider.

4. User Name: the account name you have for the selected provider.

5. Password: the password for the selected provider.

33..66..9

IIGGMMPP

IGMP (Internet Gr oup Man agement Protocol) prox y can be us e d to implement multicast routin g. It works by IGMP frame forwarding. VPN Router’s IGMP proxy supports IGMP version 2 (RFC2236). IGMP proxy works in router mode (Layer 3); in the other hand, IGMP snooping works in bridge mode (Layer 2).

When IGMP function is “Enable”, the received IGMP packets will be forwar ded to the intran et devices which need to receive IGMP packets.

33..7

SSeeccuurriittyy

“Security” section includes three features:

1. Firewall

2. VPN

3. Filter

The following sections will guide you some details of these features.

33..77..1

FFiirreewwaallll

A firewall is a set of related programs that protects the resources of a private network from other networks. It prevents hackers to access its own private data resource accidentally.

There are four fir ewall modes : “Disable”, “Low”, “Medium” and “High”. The table below shows what kind of packets will be blocked in different modes.

Note: “Firewall” function is only available in “Router” mode.

33..77..2

VVPPNN

A VPN (Virtual Private Network) provides a secured connection between 2 poi nts in an insecure network . The secured connection is called a VPN Tunnel. 6200 VPN Router supports three main types of VPN: IPSEC, L2TP and PPTP. Note: “VPN” function is only available in “Router” mode.

33..77..22..11

IIPPSSEECC

IPSEC is a near-ubiquitous VPN sec urity standard, d esigned for use with TCP/I P networks. It works at the packet level, and authenticates and encrypts all packets traveling over the VPN Tunnel.

IPSEC VPNs exchange information through logical connections called SAs(Security Associations). An SA is simply a definition of the protocols, algorithms and keys used between the two VPN devices (endpoints).

Click on the number of each entry and the configuration page will be shown as below.

IPSec configuration parameters:

1. Mode: to disable or enable the selected IPSEC policy.

2. Name: IPSEC policy name.

3. WAN: to select a WAN port to apply this policy.

4. Perfect Forward Secrecy:

Perfect forward secrec y is the prop ert y that ens ures a sess ion ke y derived f rom a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future. Choose either “Disable” or “Enable” this property.

5. Local Subnet

6. Local Netmask

7. Remote Public IP

8. Remote Local LAN Subnet

9. Remote Local LAN Netmask

10. Pre-shared Key

Example: Configuring a IPSec LAN-to-LAN VPN Connection

Network Configuration and Security Plan

Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24 Local Router IP 69.1.121.30 69.1.121.3 Remote Network ID 192.168.1.0/24 192.168.0.0/24 Remote Router IP 69.1.121.3 69.1.121.30 IKE Pre-shared Key 12345678 12345678 VPN Connection Type Tunnel mode Tunnel mode Security Algorithm ESP:MD5 with AES ESP: M D5 w ith A ES

Both office LAN networks must in different subnet with LAN to LAN application. Functions of Pre-shared Key, VPN Connection, type and Security Algorithm must be identically set up on both sides.

Example: Configuring a IPSec Host-to-LAN VPN Connection

33..77..22..22

LL22TTPP

L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol used to support VPN s. It doesn’t provide any encryption or confidenti ality by itself; it relies on an encryption protoco l that it passes with in the tunnel to provide privacy.

L2TP configuration parameters:

1. Mode: to disable or enable L2TP policy.

2. Authentication: choose authentication type, PAP, CHAP, MS-CHAP, and MS-CHAPv2.

3. Virtual IP

4. L2TP/IPSec Mode: check this checkbox if devices requires for L2TP/IPSec connection.

5. IPSec Interface

6. IPSec PSK: IPSec Pre-Shared Key.

7. User and Password sets

The branch office establishes a L2T P VPN tunnel with hea d office to connect two private network s over the Internet. The routers are installed in the head office and branch office accordingly.

Example: Configuring L2TP LAN-to-LAN VPN Connection

Both office LAN networks must in different subnet with LAN to LAN application. Functions of Pre-shared Key, VPN Connection Type and Security Algorithm must be identically set up on both sides.

33..77..22..33

PPPPTTPP

PPTP (Point-to-Point Tunneling Protoco l) is a private network of computers that uses the public Internet to connect some nodes. Bec aus e th e Int er net is ess ent i ally an open network, the P PTP is used to ensure that messages transmitted f rom one VPN node to another are secured. W ith PPTP, users can dial in to th eir corporate network via the Internet. In “PPTP” function, there are three basic parameters to setup.

1. Mode: to enable or disable PPTP feature.

2. Authentication: four authentication modes can be chosen, PAP, CHAP, MS-CHAP, and MS-PAP.

3. Virtual IP In addition, you are able to store four sets of user names and passwords in “PPTP” function.

There are two types of PPTP VPN supported; Remote Access and LAN-to-LAN.

A company’s office establishes a PPTP VPN connection with a fil e serv er locat ed at a s eparate loc ation. T he router is installed in the office, connected to a couple of PCs and Servers.

Example: Configuring a Remote Access PPTP VPN Dial-out Connection

The branch office establishes a P PTP VPN tunnel with hea d office to connect t wo private networ ks over the Internet. The routers are installed in the head office and branch office accordingly.

Example: Configuring a PPTP LAN-to-LAN VPN Connection

Both office LAN networks MUST in different subnet with LAN to LAN applicati on.

Configuring PPTP VPN in the Head Office The IP address 192.168.1. 254 will be assigned to the router located in the branch of fice. Please make s ure this IP is not used in the head office LAN.

Configuring PPTP VPN in the Branch Office The IP address 69. 1.1 21. 33 is the Pub lic IP address o f the r o uter loc a ted i n hea d of fice. If you registered th e DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.

33..77..3

FFiilltteerr

There are two features in “Filter” function: “IP Filter” and “MAC Filter”.

33..77..33..11

IIPP ffiilltteerr

“IP Fi lter” allows users to filter packets by IP address. Two sections are in “IP Filter” feature. The first section includes “Mode”, which allows user t o ena ble or d isable I P filter f eatur e, and “D efault Polic y”, inclu de “Deny”, “Permit” and “Reject”.

In the second section, you ar e able to c onfig ure e ach entr y b y click ing on th e nu m ber on the table . Then, a configuration page as the following screen shot will be shown.

Six elements are included in this configuration page:

1. Mode: to enable or disable this policy entry.

2. Action: “Deny”, “Permit” or “Reject” the packets.

3. Protocol: It is th e packet protocol type used b y the app licat ion , s elect among from TCP or UDP or both of TCP/UDP.

4. Source IP Address / Destination IP Address: This is the Address-Filter used to allow or block traffic to/from particular IP address. Selecting the Subnet Mask of the IP address range you wish to allow/block the traffic to or form; set IP address and Subnet Mask to 0.0.0.0 to inactive the Address-Filter rule.

5. Source Port: This Port or Port Ranges defines the port allowed to be used by the Remote/WAN to connect to the application . Default is set from range 0 ~ 65535. It is recommended that this option be configured by an advanced user.

6. Destination Port: This is the Port or Port Ranges that defines the application.

Application Protocol

Port Number

Start End HTTP TCP 80 80 DNS UDP 53 53 DNS TCP 53 53 FTP TCP 21 21 Telnet TCP 23 23 SMTP TCP 25 25 POP3 TCP 110 110

NEWS(NNTP) TCP 119 119 Real Audio/ Real Video UDP 7070 7070

PING ICMP N/A N/A H.323 TCP 1720 1720 T.120 TCP 1503 1503 SSH TCP 22 22 NTP /SNTP UDP 123 123

HTTP/HTTP Proxy TCP 8080 8080 HTTPS TCP 443 443

ICQ TCP 5190 5190 MSN(1863) TCP 1863 1863

MSN(7001) UDP 7001 7001 MSB video TCP 9000 9000

33..77..33..22

MMAACC ffiilltteerr

“MAC Filter” function refers to a security access control methodology whereby the 48-bit address (XX:XX:XX:XX:XX:XX) assigned to e ach network device is used to determ ine access to the net work. MAC addresses are uniquel y assigned to each network device, so using MAC filterin g on a network permits and denies network access to specific devices through the use of black lists and white lists.

In “MAC Filter” page, you need to provide the following information in order to allow the VPN router to activate MAC filtering function.

1. Mode: to enable or disable “MAC Filter” feature.

2. Default Po licy: “Deny”, “Permit”, or “Reject” packets from selected MAC addresses.

3. Policy Entry: there are 16 entries available in this feature. Check the check box of “Mode” to enable this policy, fill up MAC address in the text box of “MAC” and choose policy action from the drop-down menu of “Action.

33..8

MMaannaaggeemmeenntt

“Management” section provides eight features:

1. SNTP

2. SNMP

3. TR069

4. UPnP

5. Sys Log

6. Telnet

7. SSH

8. Web

33..88..1

SSNNTTPP

Time synchronization is an essential element for any business, which relies on the IT system. The reason for this is that these systems all have cloc k that is the sou r ce of t im er for their filing or operations. Without time synchronization, these system’s clocks vary and cause the failure of firewall packet filtering schedule processes, compromised security, or virtual server working in wrong schedule.

SNTP is the acronym for Simple Network Time Protocol, which is an adaptation of the Network Time Protocol (NTP) used to synchronize computer clocks in the Internet. SNTP can be used when the ultimate performance of the full NTP implementation. “SNTP” function is only available in “Router” mode.

33..88..11..11

SSyynncc wwiitthh PPCC

“Sync with PC” al lows the VPN rout er to s ynchron ize with c omputer’s internal tim er. C lick on “Sync” button in order to start synchronization.

33..88..11..22

SSNNTTPP

“SNTP” f eatures allo w you to s ynchronize the tim e with the tim e server you pro vided. In order to make this feature works, you need to provide the following parameters.

1. Mode: to enable or disable this feature.

2. Time Server: the address of a time server you wish to follow the time with.

3. Time Zone: choose the time zone of this VPN router with the drop-down menu.

33..88..2

SSNNMMPP

Simple Network Managem ent Protocol (SNMP) pr ovides for the exchange of messages between a netw ork management client and a network management agent for remot e management of network nodes. These messages contain requests to get and set variables that exist in network nodes in order to obtain statistics, set configuration parameters , and monitor n etwork events. SNMP communications can occur o ver the LAN or WAN connection.

Three SNMP methods are available in “SNMP” function: 1. General, 2. SNMPv3 and 3. Trap.

33..88..22..11

GGeenneerraall

Yo u are able to enable SNMPv1 and SNMPv 2 from “General” section. First, you need to click on “Enable” radio button to enable this SNMP feature. Then, click on the number of the policy entry you want in the table. A policy configuration page will be shown as the screen shot below.

In this configuration page, you need to enable or disable this policy entry, provide a name in “Community” text box, and assign access mode from the drop-down menu of “Access”. Click “Save” button to finish this configuration section.

33..88..22..22

SSNNMMPPvv33

“SNMPv3” feature lets you to fill up the detail information, such as, password, for SNMPv3 function by click on the number of each policy entry. Then, you will see the following screen shot. (Note: Please make sure you choose “Enable” to allow the VPN router supports SNMPv3.)

Once you fill up all the information needed, click on “Save” to finish this configuration.

33..88..22..33

TTrraapp

With “Trap” feature, the VPN router is able to support SNMP Trap function. You are able to disable or enable this feature by click on the radio buttons of “Mode”. Then, if you would like to modify each policy in the table, please click on the number. Then, you are able to see the screen shot below.

33..88..3

TTRR--006699

TR-069 (Technical Report 069) is a DSL Forum technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices. As a bidirectional HTTP based protoc ol, it provides the c ommunication between CPE (customer premises equipment) and AC S (Auto Conf iguration Ser vers). Using T R-069 the term inals can get in contact with th e ACS (Auto Configuration Servers) and establish the configuration automatically.

1. Mode: to turn on or turn off TR069 feature.

2. ACS URL: to f ill up URL for connecting to the ACS us ing the CPE WAN Managem ent Protocol. This parameter MUST be in the form of a valid HTTP or HTTPs URL.

3. ACS User Name: this username is used only for HTTP-based authentication of the CPE.

4. ACS Password

5. Periodic Inform Enable

6. Periodic Inf orm Interval: the durati on in seconds of th e interval, for which th e CPE attempts to c onnect with the ACS and call the Inform method.

7. Periodic Inform Time

8. Connection Re quest IP: two optio ns: automatic or m anual (if you choose “Manual”, please fill up the I P address.)

9. Connection Request Port

10. Connection Request Username: the username used to authenticate an ACS making a Connection Request to the CPE.

11. Connection Request Password: the password used to authenticate an ACS making a Connection Request to the CPE.

33..88..4

UUPPnnPP

To “enable” UPnP (Universal Plug and Play) allows automatic discovery and configuration of equipment attached to your LAN. UPnP is supported by Windows ME, XP or later. “Enable”: this VPN Router will be visible via UPnP “Disable”: this VPN Router will not be visible via UPnP

33..88..5

SSyyss LLoogg

Syslog is a standard metho d of centrali zing various lo gs. You can use a syslog server to store your server’s logs in a remote location for later perusal or long-term storage.

To send logs to the LOG server, please provide the following information.

1. Remote Server Mode: click on “Enable” button to send logs to a remote server.

2. Remote Server Address: this allows you to send logs to different files in the syslog server.

3. Remote Server Por t: to specif y a UDP port number to which the syslo g server is listening. The def ault value is 514. Also, please make sure this port is not blocked from your firewall.

33..88..6

TTeellnneett

You are able to change the default port of the VPN router’s Telnet function in this feature.

1. Mode: to enable or disable Telnet function of this VPN router.

2. Port: the default port number is 23. Please fill in a number from 1 to 65535 if you want to change another port number.

33..88..7

SSSSHH

SSH (or Secure Shell) is a protocol th at can be used t o log into a rem ote mac hine (your Virtual Server) and provide secure encrypted communications between your VPN Router and your local computer. All of the commands you would use in a Telnet c lient, you can use in an S SH client. The only difference is that the communication is made via encrypted channels to and from your VPN Router.

In “SSH” function, you are able to change the default port number.

1. Mode: to enable or disable SSH function.

2. Port: the default port number is 22. You are able to change the port number by providing a number from 1 to 65535.

33..88..8

WWeebb

In “Web” function, you are able to change some setups as the following list.

1. Refresh Time: you are able to refresh your web page in a particular time intervals. The default interval is

2 seconds.

2. Service Port: t he default port num ber is 80. You are able to chang e this port num ber to a new one and please make sure you login with this new port number next time.

33..9

SShhooww

Three functions are available in “Show” section.

1. Information

2. Sys Log

3. Script

33..99..1

IInnffoorrmmaattiioonn

“Information” feature shows the general system information, such as, hardware and software MCSV (the Manufacture's Concurrent Sof tware Version), software version, etc. (Note: please include a scr een shot of this page when you request any technical support!)

1. Hardware MCSV

2. Software MCSV

3. Software Version

4. DSL Chip Name

5. DSL Phy Firmware Version

6. DSL IDC Firmware Version

7. MAC

8. Serial No.

9. Present Time

10. System Uptime: the total time the VPN router is on.

33..99..2

SSyyss LLoogg

“Sys Log” feature shows all of system logs.

33..99..3

SSccrriipptt

“Script” pres ents the VPN r outer’s system setups in sc ript m anner. Clicking on “Export” button will generate a file, includes all configurations of the VPN router.

33..110

SSttaattuuss

“Status” section provides five features:

1. SHDSL

2. WAN

3. Route Table

4. Interfaces

5. STP

33..1100..1

SSHHDDSSLL

For 2-wire models:

For 4-wire models:

For 8-wire models:

If the VPN router have c onnected to remote side, it can also show the performance inf ormation of remote side.

Click “Clear CRC” button will clear the CRC error count.

33..1100..2

WWAANN

“WAN” feature presents all information of eight WAN interfaces.

33..1100..3

RRoouuttee TTaabbllee

Routing table contains a list of IP address. Each IP address identifies a remote router (or other network gateway) that the loca l rout er is c onfigure d to r ecogn ize. F or each I P address, t he routin g table ad dition all y stores a network mask and other data that specifies the destination IP address ranges that remote device will accept.

33..1100..4

IInntteerrffaacceess

“Interface” table shows the interface statistics. “Octet” is a group of 8 bits, often referred to as a

byte. “Packet” is a formatted bl ock of data carried by a packet m ode computer networks, often r eferred to the IP packet.

InOctets The field shows the number of received bytes on this port InPactets The field shows the number of received packets on this port OutOctets The field shows the number of transmitted bytes on this port OutPactets The field shows the number of transmitted packets on this port InDrops The field shows the discarded number of received packets on this port OutDrops The field shows the discarded number of transmitted packets on this port

33..111

UUttiilliittiieess

There are five features in “Utilities” function:

1. Upgrade

2. Config Tool

3. Users

4. Ping

5. Trace Route

33..1111..1

UUppggrraaddee

“Upgrade” features allo ws user to upgr ade firmware. Click on “Browser” button and browse to the file you wish to upgrade in your computer. Then, click on “Upgrade” button to commence the firmware upgrade.

33..1111..2

CCoonnffiigg TTooooll

This configuration tool has three functions:

1. Default: to load the factory default settings to the VPN router.

2. Backup: to backup the current setups of the VPN router. The default file name is “config1.log”

3. Restore: to restore the VPN router’s configuration from a selected file.

Yo u are able to cho ose which func tion you will do fr om the drop-do wn menu of “Mode” and c lick on “Apply” button to start the process.

33..1111..3

UUsseerrss

For a better security, change the Administrator name and password for the VPN router. The default administrator name and pass word are “root”. Five sets of users and passwords c an be stored in the VPN router. Click on the number of each entry to start the configuration.

1. Name: the user name

2. Level: three levels are ava ilable, adm inistrato r, normal and guest. Functions will be sho wn acc ording to

users’ authorization level.

3. Password

4. Password Confirm

33..1111..4

PPiinngg

Ping test determines whet her your VPN router can c ommunicate with anot her computer or ot her web sites over the network. Then, if network comm unication is established , ping tests als o determine t he connection latency (technical term for delay) between the two device. You can use a ping test to troubleshoot connectivity problems with your home network. Ping tests are a lso commonly used to m easure the delay ("lag") with some Internet servers.

1. IP Address : Which IP address you want to ping

2. Size : Size of byte packets to the destination, default is 56

3. Count : Ping count number, default is 3

4. Update : Updated time, default is 2

Once you click on “Ping”, you will see the following screen shot.

33..1111..5

TTrraaccee RRoouuttee

The trace route command traces the networ k path of Internet routers that packets take as they are forwarded from your VPN router to a destination address.

1. Host name or IP

2. Packet Datagram: the packet type, UDP or IGMP.

3. Update Interval: for the refresh interval.

Once you click on “Trace Route” button, you will see the following screen shot.

AAppppeennddiixx AA.

TTeerrmmiinnoollooggyy

Abbreviation Full Name Meaning

ACS Auto Configuration Server The management server for TR-

069 compliant

Customer Premises Equipment.

APN Access Point Name APN identifies an IP packet data network ( PDN), th at a

mobile data user wants to communicate with. In addition to identifying a PDN, an APN may also be used to define the type of s ervice, (eg. connection to wireless application prot ocol (WAP) server, multimedia messaging service (MMS)), that is provided by the PDN.

CBR Constant Bit Rate

CBR is used by connections that require a static

amount of ban

dwidth that is available during the

connection life time. This bandwidth is characteri zed by Peak Cell Rat e (PCR). Based on the PCR of the CBR traffic, specific cell slots are assigned for the VC in the schedule table. The ATM always sends a single cell during the CBR connection’s assigned cell slot.

CFI Canonical Format

Indicator

CFI is always set to zero for Ethernet switches. CFI is used for compatibility reason between Ethernet type network and Token Ring type network.

DDNS Dynamic DNS Dynamic DNS is a method, protocol, or network service

that provides the capability for a networked device, such as, a router or computer system using the Internet Protocol Suite, to notify a Domain Name System (DNS) name server to change, in real time, the active DNS configuration of its configured hostnames, addresses or other information.

DHCP Dynamic Host

Configuration Protocol

DHCP is an auto-configuration protocol used on IP networks. DHCP allows a computer to be configured automatically, eliminating the need for intervention by a

network administrator. It also provides a central

database for keeping track of computers that have been connected to the network. This prevents two computers from ac cidentally being configured with the

same IP address.

DMZ Demilitarized Zone

In computer security, DMZ is a physical or logical

sub-

network that contains and exposes an

organization's external services to a larger distrusted network, usually the Internet. The term is normally referred to as a DMZ by IT professionals. I

t is

sometimes referred to as a Perimeter Network. The purpose of a DMZ is to add an additional layer of security to an organization's LAN (Local Area Network); an external attacker onl y has access to eq uipment in the DMZ, rather than any other part of the network.

DNS Domain Name System DNS is a distributed hierarchical naming system for

computers, services, or any reso urce connected to the

Internet or a private network. Most importantly, it

translates domain names meaningful to humans into the numerica

l (binary) identifiers associated with

networking equipm ent for the purpose of locating a nd addressing these devices worldwide.

DSCP Differentiated Service or

DiffServ

DSCP

is a computer networking architecture that

specifies a simple, scalable and coarse-grained mechanism for classifying, managing network traffic and providing Qualit y of Service (QoS) guarante es on modern IP networks. DiffServ can, for example, be used to provide low-latency , guaranteed service (GS) to critical network traffic such as voice or video while providing simple best-

effort traffic guarantees to

non-critical services such as web traffic or file transfers.

DiffServ uses the 6-bit Differentiated Services Code Point (DSCP) field in the header of IP packets for packet classificatio

n purposes. DSCP replaces the

outdated IP precedence, a 3-bit field in the Type of Service byte of the IP head er orig inall y used to c lassif y and prioritize types of traffic.

DSL Digital Subscriber Line DSL is a family of technologies that provides digital

data transmission over the wires of a local telephone network. In telecommunications marketing, the term Digital Subscriber Line is widely understood to mean Asymmetric Digital Subscriber Line (ADSL), the most

commonly installed technical variety of DSL. DSL

service is delivered simultaneously with regular

telephone on the same telephone line.

This is

possible because DSL uses a higher frequency.

EoA Ethernet-over-ATM EoA protocol is comm only used to carr y data betwee n

local area network s that use the Ethernet protocol and wide-area network s that use th e ATM protoco l. Many telecommunications industry networks use the ATM protocol. ISPs that provide DSL services often use the EoA protocol f or data transfer with their custom ers' DSL modems.

IGMP Internet Group

Management Protocol

IGMP is a communications protocol used to manage the membership of Interne t Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships.

IPoA Dynamic IP over ATM IPo A interfac es carries IP packets over AAL5. AAL5

provides the IP hosts on the same network with the data link layer for communications.

In addition, to

allow these hosts to communicate on the same ATM networks, IP packets must be tuned somewhat. AS the bearer network of IP services, ATM provides high speed point-to-point connections which considerably improve the bandwidth performance of IP network. On the other hand, ATM provides excellent network performance and perfect QoS.

MSCV Manufacture's Concurrent

Software Version

MCSV is the original factor y version and rem ains even after upgrading the router in the field. This is for internal identification purposes.

NAT Network Address

Translation

NAT is the process of modifying network address

information in datagram (IP) packet headers while in transit across a traffic rout ing devic e for the purpose of remapping one IP address space into another.

PCR Peak Cell Rate PCR in kbps: The maximum rate at which you expect to

transmit data, voice and video. Consider PCR and MBS as a means of reducing latency, not increasing bandwidth.

Port-Based VLAN Known as Static VLAN Static VLAN assignments are created by assigning

ports to a VLAN. As a device enters the network, the device automatically assumes the VLAN of the port. If

the user changes ports and nee ds access to the same VLAN, the network administrator must manuall y make a port-to-VLAN assignment for the new connection.

PPPoA Point-to-Point Protocol

over ATM

PPPoA an d PPPoE are authenticat ion and connection

protocols used by many service providers for

broadband Internet acc ess. These are specifications for connecting multiple c omputer user s on an Ethernet local area network to a remote site through common customer premises equipment, which is the tele phone company's term for a modem and similar devices. PPPoE and PPPoA can be used to office or building. Users share a common Digital Subs criber Line (DSL), cable modem, or wireless connection to the Internet. PPPoE and PPPoA combine the Point-to-Point Protocol (PPP), comm only used in dialup c onnections,

with the Ethernet protocol or ATM protocol, which

supports multiple users in a local area network . The PPP protocol information is encapsulated within an Ethernet frame or ATM frame.

PPPoE Point-to-Point Protocol

over Ethernet

PVID Port VID PVID is an untagged member f rom 1 to 4094 of def ault

VLAN.

QoS Quality of Service

In the field of computer networking and other

packet-

switched telecommunication networks, the

traffic engineering term quality of service ( QoS) refers to resource reservation control mechanisms rather than the achieved service quality. QoS is the ability to provide different priorit y to different applicat ions , users ,

or data flows, or to guarantee a certain level of

performance to a data flow.

RIP Routing Inf or mation

Protocol

The Routing Information Protocol (RIP) is a dynamic routing protocol used in local and wide area n etworks. As such it is class ified as an interior gateway protocol (IGP). It uses the distance-vector routing algorithm. It was first defined in RF C 1058 (1988). The protocol has since been extended several times, resulting in RIP Version 2 (RFC 2453). Both versions are still in use

today, however, they are considered to have been

made technically obsolete by more advanced techniques such as Open Shortest Path First (OSPF)

and the OSI protoco l I S-IS. RIP has also been adapted for use in IPv6 network s, a standard known as RIPng (RIP next generation), published in RFC 2080 (1997).

SCR Sustained Cell Rate The sustained rate at which you expect to transmit

data, voice and video. Consider SCR to be the true bandwidth of a VC and not the lone-term average traffic rate.

SHDSL Single-Pair High-speed

Digital Subscriber Line

Single-Pair High-

speed Digital Subscriber Line

(SHDSL) is a form of DSL, a data communications technology that enables f aster data transmission over copper telephone lines tha n a conventional voice b and modem can provide.

SNMP Simple Network

Management Protocol

SNMP is a UDP-based network protocol. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attent ion. SNMP is a component of th e Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of

standards for network management, including an

application layer pr otocol, a database schema, and a set of data objects.[1]

SNTP Simple Network Time

Protocol

A less complex implementation of NT P, using the same protocol but without requiri ng the storage of state over extended periods of time is known as the Simple Network Time Protocol (SNTP). It is used in some embedded devices and in applications where high accuracy timing is not required.

SSH Secure Shell SSH is a network protocol that allows

data to be

exchanged using a secure channel between two

networked devices. The two major versions of the protocol are referred to as SSH1 or SSH -1 and SSH2 or SSH-2. Used primarily on Linux and Unix based systems to access shell ac counts, SSH was designed as a replacement f or Telnet and other insecure remote shells, which send information, notably passwords, in

plaintext, rendering them susceptible to packet

analysis.[2] The encr yption us ed b y SSH is i ntende d to provide confidentiality and integrity of dat

a over an

unsecured network, such as the Internet.

Proscend 6200 SERIES User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual