Unified Services Router User Manual - D-Link
advertisement
Building Networks for People
Unified Services Router
User Manual
DSR-150 / 150N / 250 / 250N / 500 / 500N /
1000 / 1000N
Ver. 1.05
Small Business Gateway Solution
User Manual
Unified Services Router
D-Link Corporation
Copyright © 2012.
http://www.dlink.com
Unified Services Router
User Manual
User Manual
DSR-150 / 150N /250 / 250N / DSR-500 / 500N / 1000 / 1000N
Unified Services Router
Version 1.05
Co p y rig h t © 2012
Copyright Notice
Th is p u b licat io n , in clu d in g all p h o t o g rap h s , illu s t rat io n s an d s o ft ware, is p ro t ect ed u n d er
in t ern at io n al co p y rig h t laws , wit h all rig h t s res erv ed . Neit h er t h is man u al, n o r an y o f t h e
mat erial co n t ain ed h erein , may b e rep ro d u ced wit h o u t writ t en co n s en t o f t h e au t h o r.
Disclaimer
Th e in fo rmat io n in t h is d o cumen t is s ubject t o ch ange wit h o ut n o tice. Th e man u fact u rer makes
n o rep res ent at ions o r warran t ies wit h res p ect t o t h e co n t en t s h ereo f an d s p ecifically d is claim
an y imp lied warran t ies o f merch an t ab ilit y o r fit n es s fo r an y p art icu lar p u rp o s e. Th e
man u fact u rer res erv es t h e rig h t t o rev is e t h is p u b licat io n an d t o make ch an g es fro m t ime t o
t ime in t h e co n t ent h ereof wit h o ut o b lig at ion o f t h e man u factu rer t o n o t ify an y p ers o n o f s u ch
rev is io n o r ch an g es .
Limitations of Liability
UNDER NO CIRCUM STA NCES SHA LL D -LINK OR ITS SUPPLIERS BE LIA BLE FOR
DA M A GES OF A NY CHA RA CTER (E.G. DA M A GES FOR LOSS OF PROFIT, SOFTW A RE
RESTORA TION, W ORK STOPPA GE, LOSS OF SA VED DA TA OR A NY OTHER
COM M ERCIA L DA M A GES OR LOSSES) RESULTING FROM THE A PPLICA TION OR
IM PROPER USE OF THE D-LINK PRODUCT OR FA ILURE OF THE PRODUCT, EVEN IF
D-LINK IS INFORM ED OF THE POSSIBILITY OF SUCH DA M A GES. FURTHERM ORE, DLINK W ILL NOT BE LIA BLE FOR THIRD -PA RTY CLA IM S A GA INST CUSTOM ER FOR
LOSSES OR DA M A GES. D-LINK W ILL IN NO EVENT BE LIA BLE FOR A NY DA M A GES
IN EXCESS OF THE A M OUNT D -LINK RECEIVED FROM THE END-USER FOR THE
PRODUCT.
1
Unified Services Router
User Manual
Table of Contents
Chapter 1. Introduction.......................................................................................................................................... 11
1.1
About this User Manual .................................................................................................... 12
1.2
Typographical Conventions ............................................................................................. 12
Chapter 2. Configuring Your Network: LAN Setup ...................................................................................... 13
2.1
LAN Configuration .............................................................................................................. 13
2.1.1 LAN DHCP Reserved IPs ................................................................................................ 16
2.1.2 LAN DHCP Leas ed Clients.............................................................................................. 17
2.1.3 LAN Configuration in an IP v6 Network ........................................................................ 18
2.1.4 Configuring IP v6 Router Advertisements ................................................................... 21
2.2
VLAN Configuration ........................................................................................................... 23
2.2.1 Associating VLANs to ports ............................................................................................. 24
2.2.2 Multiple VLA N Subnets ..................................................................................................... 26
2.2.3 VLAN configuration ............................................................................................................ 27
2.3
2.4
2.5
Configurable Port: DMZ Setup ....................................................................................... 28
Universal Plug and Play (UP nP).................................................................................... 29
Captive Portal ....................................................................................................................... 31
2.6
Captive portal setup ........................................................................................................... 32
Chapter 3. Connecting to the Int ernet: WAN Setup .................................................................................... 35
3.1
3.2
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.3
Internet Setup Wizard........................................................................................................ 35
WAN Configuration............................................................................................................. 36
WAN Port IP address ........................................................................................................ 37
WAN DNS Servers ............................................................................................................. 37
DHCP WAN .......................................................................................................................... 37
PPPoE .................................................................................................................................... 38
Russia L2TP and PP TP WAN ........................................................................................ 41
Russia Dual Access PPPoE............................................................................................ 42
WAN Configuration in an IP v6 Network ...................................................................... 43
Checking WAN Status....................................................................................................... 45
Bandwidth Cont rols ............................................................................................................ 47
3.4
3.4.1
3.4.2
3.4.3
3.5
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.5.6
3.5.7
Features with Multiple WAN Links ................................................................................ 49
Auto Failover ........................................................................................................................ 49
Load Balancing .................................................................................................................... 50
Protocol Bindings ................................................................................................................ 52
Routing Configuration........................................................................................................ 53
Routing Mode ....................................................................................................................... 53
Dynamic Routing (RIP) ..................................................................................................... 56
Static Routing ....................................................................................................................... 57
OSPFv2 .................................................................................................................................. 58
OSPFv3 .................................................................................................................................. 60
6to4 Tunneling ..................................................................................................................... 62
ISA TAP Tunnels .................................................................................................................. 63
3.6
3.7
3.8
Configurable Port - WAN Option ................................................................................... 64
WAN 3 (3G) Configuration............................................................................................... 64
WAN Port Settings.............................................................................................................. 66
2
Unified Services Router
User Manual
Chapter 4. Wireless Access Point Setup ........................................................................................................ 68
4.1
Wireless Settings Wizard ................................................................................................. 68
4.1.1 Wireless Network Setup Wizard .................................................................................... 69
4.1.2 Add Wireless Device with WPS ..................................................................................... 69
4.1.3 Manual Wireless Net work Setup ................................................................................... 70
4.2
Wireless Profiles.................................................................................................................. 70
4.2.1 WEP Security ....................................................................................................................... 71
4.2.2 WPA or WPA2 with PSK .................................................................................................. 73
4.2.3 RADIUS Authentication .................................................................................................... 73
4.3
4.3.1
4.4
Creating and Using Access Points ............................................................................... 75
Primary benefits of Virtual APs: ..................................................................................... 77
Tuning Radio Specific Settings ...................................................................................... 78
4.5
4.6
4.7
WMM ....................................................................................................................................... 79
Wireless distribution system (WDS) ............................................................................. 80
Advanced Wireless Settings ........................................................................................... 81
4.8
Wi-Fi Protected Setup (WPS) ......................................................................................... 82
Chapter 5. Securing the Private Network ....................................................................................................... 85
5.1
5.2
5.3
Firewall Rules ....................................................................................................................... 85
Defining Rule Schedules .................................................................................................. 86
Configuring Firewall Rules ............................................................................................... 87
5.4
5.4.1
Configuring IP v6 Firewall Rules ..................................................................................... 92
Firewall Rule Configuration Examples......................................................................... 93
5.5
5.6
5.7
Security on Custom Servic es.......................................................................................... 97
ALG support .......................................................................................................................... 99
VPN Passthrough for Firewall ...................................................................................... 100
5.8
5.9
5.9.1
5.9.2
5.9.3
5.9.4
5.10
Application Rules .............................................................................................................. 101
Web Content Filtering...................................................................................................... 102
Cont ent Filtering ................................................................................................................ 102
Approved URLs ................................................................................................................. 103
Blocked Keywords ............................................................................................................ 104
Export Web Filter .............................................................................................................. 105
IP/MAC Binding ................................................................................................................. 106
5.11
5.12
Intrusion Prevention (IPS ).............................................................................................. 107
Protecting from Internet Attacks .................................................................................. 108
Chapter 6. IPsec / PPTP / L2TP VPN ............................................................................................................ 111
6.1
6.2
6.2.1
6.2.2
6.3
VPN Wizard ........................................................................................................................ 113
Configuring IPsec Policies ............................................................................................. 115
Extended Aut hentication (XAUTH) ............................................................................. 119
Internet over IPS ec tunnel ............................................................................................. 120
Configuring VPN clients .................................................................................................. 120
6.4
6.4.1
6.4.2
6.4.3
6.4.4
6.4.5
PPTP / L2TP Tunnels ...................................................................................................... 120
PPTP Tunnel Support ..................................................................................................... 120
L2TP Tunnel Support ...................................................................................................... 122
OpenVPN Support ............................................................................................................ 123
OpenVPN Remote Net work .......................................................................................... 125
OpenVPN Authentication ............................................................................................... 126
3
Unified Services Router
User Manual
Chapter 7. SSL VPN ............................................................................................................................................ 129
7.1
Groups and Users............................................................................................................. 131
7.1.1 Users and Passwords ..................................................................................................... 137
7.2
Using SSL VPN Policies ................................................................................................. 138
7.2.1 Using Network Res ourc es ............................................................................................. 141
7.3
Application Port Forwarding .......................................................................................... 142
7.4
SSL VPN Client Configuration...................................................................................... 144
7.5
7.5.1
User Portal .......................................................................................................................... 147
Creating Portal Layouts .................................................................................................. 147
Chapter 8. Advanced Configuration Tools ................................................................................................... 150
8.1
USB Device Setup ............................................................................................................ 150
8.2
USB share port .................................................................................................................. 151
8.3
8.4
8.5
SMS service........................................................................................................................ 153
Authentication Certificates ............................................................................................. 154
Advanced S witch Configuration ................................................................................... 156
Chapter 9. Administration & Management ................................................................................................... 157
9.1
Configuration Access Control ....................................................................................... 157
9.1.1 Admin Settings ................................................................................................................... 157
9.1.2 Remote Management ...................................................................................................... 158
9.1.3 CLI Access .......................................................................................................................... 159
9.2
9.3
SNMP Configuration ........................................................................................................ 159
Configuring Time Zone and NTP ................................................................................. 161
9.4
9.4.1
9.4.2
9.4.3
9.5
Log Configuration.............................................................................................................. 162
Defining What to Log ....................................................................................................... 162
Sending Logs to E-mail or Syslog ............................................................................... 167
E vent Log Viewer in GUI ................................................................................................ 169
Backing up and Restoring Configuration Settings ................................................. 170
9.6
9.7
9.8
Upgrading Router Firmware.......................................................................................... 171
Upgrading Router Firmware via USB......................................................................... 172
Dynamic DNS Setup ........................................................................................................ 173
9.9
9.9.1
9.9.2
9.9.3
9.9.4
Using Diagnostic Tools ................................................................................................... 174
Ping........................................................................................................................................ 175
Trace Route ........................................................................................................................ 175
DNS Lookup ....................................................................................................................... 176
Rout er Options ................................................................................................................... 176
9.10
Localization ......................................................................................................................... 177
Chapter 10. Rout er Status and Statistics ........................................................................................................ 178
10.1 System Overview .............................................................................................................. 178
10.1.1 Device Status ..................................................................................................................... 178
10.1.2 Resource Utilization ......................................................................................................... 180
10.2 Traffic Statistics ................................................................................................................. 183
10.2.1 Wired Port Statistics......................................................................................................... 183
10.2.2 Wireless Statistics............................................................................................................. 184
10.3 Active Connections........................................................................................................... 185
10.3.1 Sessions through the Router ........................................................................................ 185
4
Unified Services Router
User Manual
10.3.2 Wireless Clients ................................................................................................................. 187
10.3.3 LAN Clients ......................................................................................................................... 187
10.3.4 Active VPN Tunnels ......................................................................................................... 188
Chapter 11. Trouble Shooting ............................................................................................................................. 190
11.1
11.2
11.3
11.3.1
11.3.2
Internet connection ........................................................................................................... 190
Date and time ..................................................................................................................... 192
Pinging to Test LAN Connectivity................................................................................ 192
Testing the LA N path from your P C to your router ................................................ 192
Testing the LA N path from your P C to a remote device ...................................... 193
11.4
Restoring factory-default configuration settings ..................................................... 194
Chapter 12. Credits ................................................................................................................................................. 195
Appendix A. Glossary ............................................................................................................................................. 196
Appendix B. Factory Default Settings................................................................................................................ 199
Appendix C. Standard Services A vailable for Port Forwarding & Firewall Configuration ................ 200
Appendix D. Log Output Reference ................................................................................................................... 201
Appendix E. RJ-45 Pin-outs.................................................................................................................................. 255
Appendix F. Product Statement .......................................................................................................................... 256
5
Unified Services Router
User Manual
List of Figures
Figure 1: Setup page for LA N TCP/IP settings ................................................................................................. 15
Figure 2: LAN DHCP Reserved IPs ..................................................................................................................... 17
Figure 3: LAN DHCP Leased Clients ................................................................................................................... 18
Figure 4: IP v6 LA N and DHCP v6 configuration ............................................................................................... 19
Figure 5: Configuring the Router Advertisement Daemon ........................................................................... 22
Figure 6: IP v6 Advertisement Prefix settings .................................................................................................... 23
Figure 7: Adding VLAN memberships to the LAN ........................................................................................... 24
Figure 8: Port VLAN list ............................................................................................................................................ 25
Figure 9: Configuring VLAN membership for a port........................................................................................ 26
Figure 10: Multiple VLAN Subnets........................................................................................................................ 27
Figure 11: VLA N Configuration .............................................................................................................................. 28
Figure 12: DMZ configuration ................................................................................................................................. 29
Figure 13: UP nP Configuration .............................................................................................................................. 30
Figure 14: Active Runtime sessions ..................................................................................................................... 32
Figure 15: Captive Port al Setup............................................................................................................................. 33
Figure 16: Customized Captive Portal Setup .................................................................................................... 34
Figure 17: Internet Connection Setup Wizard ................................................................................................... 35
Figure 18: Manual WAN configuration ................................................................................................................. 38
Figure 19: PPPoE configuration for standard ISPs ......................................................................................... 39
Figure 20: WAN configuration for Japanese Multiple PPPoE (part 1) ...................................................... 40
Figure 21: WAN configuration for Multiple PPPoE (part 2) .......................................................................... 41
Figure 22: Russia L2TP ISP configuration ......................................................................................................... 42
Figure 23: Russia Dual access PPPoE configuration .................................................................................... 43
Figure 24: IP v6 WAN Setup page ......................................................................................................................... 44
Figure 25: Connection Status information for both WAN ports ................................................................... 46
Figure 26: List of Configured Bandwidth Profiles ............................................................................................ 47
Figure 27: Bandwidth Profile Configuration page ............................................................................................ 48
Figure 28: Traffic Selector Configuration ............................................................................................................ 49
Figure 29: Load Balancing is available when multiple WAN ports are configured and Protocol
Bindings have been defined ............................................................................................................... 52
Figure 30: Protocol binding setup to associate a service and/or LAN source to a WAN and/or
destination network ................................................................................................................................ 53
Figure 31: Routing Mode is used to configure traffic routing between WAN and LAN, as well as
Dynamic routing (RIP) .......................................................................................................................... 55
Figure 32: Static route configuration fields......................................................................................................... 58
6
Unified Services Router
User Manual
Figure 33: OSPFv2 configured parameters ....................................................................................................... 59
Figure 34: OSPFv2 configuration .......................................................................................................................... 60
Figure 35: OSPFv3 configured parameters ....................................................................................................... 61
Figure 36: OSPFv3 configuration .......................................................................................................................... 62
Figure 37: 6 to 4 tunneling ....................................................................................................................................... 63
Figure 38: ISA TAP Tunnels Configuration ......................................................................................................... 64
Figure 39: WAN3 configuration for 3G internet ................................................................................................ 66
Figure 40: Physical WAN port settings ................................................................................................................ 67
Figure 41: Wireless Network Setup Wizards ..................................................................................................... 69
Figure 42: List of A vailable Profiles shows the options available to secure the wireless link .......... 71
Figure 43: Profile configuration to set network security ................................................................................. 73
Figure 44: RA DIUS server (External Authentication) configuration .......................................................... 75
Figure 45: Virtual AP configuration ....................................................................................................................... 76
Figure 46: List of configured access points (Virtual APs) shows one enabled access point on the
radio, broadcasting its SSID ............................................................................................................... 77
Figure 47: Radio card configuration options ...................................................................................................... 78
Figure 48: Wi-Fi Multimedia .................................................................................................................................... 79
Figure 49: Wireless Distribution System ............................................................................................................. 80
Figure 50: Advanced Wireless communication settings ................................................................................ 82
Figure 51: WPS configuration for an AP with WPA/WPA2 profile ............................................................. 83
Figure 52: List of A vailable Firewall Rules ......................................................................................................... 86
Figure 53: List of A vailable Schedules to bind to a firewall rule ................................................................. 87
Figure 54: Example where an outbound SNAT rule is used to map an external IP address
(209.156.200.225) to a private DMZ IP address (10.30.30.30) ............................................. 90
Figure 55: The firewall rule configuration page allows you to define the To/From zone, service,
action, schedules, and specify source/destination IP addresses as needed. ................... 91
Figure 56: The IPv6 firewall rule configuration page allows you to define the To/From zone,
service, action, schedules, and specify source/ destination IP addresses as needed. .. 92
Figure 57: List of A vailable IP v6 Firewall Rules ............................................................................................... 93
Figure 58: Schedule configuration for the above example. .......................................................................... 96
Figure 59: List of us er defined services. ............................................................................................................. 98
Figure 60: Custom Services configuration ......................................................................................................... 98
Figure 61: A vailable ALG support on the router. ........................................................................................... 100
Figure 62: Passthrough options for VPN tunnels .......................................................................................... 101
Figure 63: List of A vailable Application Rules showing 4 unique rules .................................................. 102
Figure 64: Content Filtering used to block access to proxy servers and prevent ActiveX controls
from being downloaded...................................................................................................................... 103
7
Unified Services Router
User Manual
Figure 65: Two trusted domains added to the Approved URLs List ....................................................... 104
Figure 66: One keyword added to the block list ............................................................................................. 105
Figure 67: Export Approved URL list ................................................................................................................. 106
Figure 68: The following example binds a LAN host’s MAC Address to an IP address served by
DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and
logs will be capt ured............................................................................................................................ 107
Figure 69: Intrusion Prevention features on the router ................................................................................ 108
Figure 70: Protecting the router and LAN from internet attacks ............................................................... 109
Figure 71: Example of Gateway-to-Gateway IPsec VPN tunnel using two DSR routers connected
to the Internet......................................................................................................................................... 111
Figure 72: Example of three IPsec client connections to the internal network through the DSR
IPsec gateway ....................................................................................................................................... 112
Figure 73: VPN Wizard launch screen .............................................................................................................. 113
Figure 74: IPsec policy configuration ................................................................................................................. 116
Figure 75: IPsec policy configuration continued (Auto policy via IKE) ................................................... 117
Figure 76: IPsec policy configuration continued (Auto / Manual Phas e 2) ........................................... 119
Figure 77: PP TP tunnel configuration – PP TP Client................................................................................... 121
Figure 78: PP TP VPN connection status.......................................................................................................... 121
Figure 79: PP TP tunnel configuration – PP TP Server ................................................................................. 122
Figure 80: L2TP tunnel configuration – L2TP Server................................................................................... 123
Figure 81: OpenVP N configuration ..................................................................................................................... 125
Figure 82: OpenVP N Remote Network ............................................................................................................. 126
Figure 83: OpenVP N Authentication .................................................................................................................. 127
Figure 84: Example of clientless SSL VPN connections to the DS R ...................................................... 130
Figure 85: List of groups ......................................................................................................................................... 131
Figure 86: User group configuration ................................................................................................................... 132
Figure 87: SSLVPN Settings................................................................................................................................. 133
Figure 88: Group login policies options ............................................................................................................. 134
Figure 89: Browser policies options ................................................................................................................... 135
Figure 90: IP policies options................................................................................................................................ 136
Figure 91: A vailable Users with login status and associated Group ....................................................... 137
Figure 92: User configuration options ................................................................................................................ 138
Figure 93: List of SSL VPN polices (Global filter) .......................................................................................... 139
Figure 94: SSL VPN policy configuration ......................................................................................................... 140
Figure 95: List of configured resources, which are available to assign to SSL VPN policies ........ 142
Figure 96: List of A vailable Applications for SSL Port Forwarding .......................................................... 144
Figure 97: SSL VPN client adapter and access configuration .................................................................. 145
8
Unified Services Router
User Manual
Figure 98: Configured client routes only apply in split tunnel mode........................................................ 146
Figure 99: List of configured SSL VPN portals. The configured portal can then be associated with
an aut hentication domain .................................................................................................................. 147
Figure 100: SSL VPN Portal configuration ....................................................................................................... 149
Figure 101: USB Device Detection ..................................................................................................................... 151
Figure 102: USB SharePort................................................................................................................................... 152
Figure 103: SMS Service – Send SMS ............................................................................................................. 153
Figure 104: SMS Service – Receive SMS ....................................................................................................... 154
Figure 105: Certificate summary for IPsec and HTTPS management ................................................... 155
Figure 106: Advanced Switch Settings.............................................................................................................. 156
Figure 107: User Login policy configuration .................................................................................................... 157
Figure 108: Admin Settings ................................................................................................................................... 158
Figure 109: Remote Management from the WAN ......................................................................................... 159
Figure 110: SNMP Users, Traps, and Access Control ................................................................................ 160
Figure 111: SNMP system information for this router .................................................................................. 161
Figure 112: Date, Time, and NTP server setup ............................................................................................. 162
Figure 113: Facility settings for Logging ........................................................................................................... 164
Figure 114: Log configuration options for traffic through router ................................................................ 166
Figure 115: IP v6 Log configuration options for traffic through router ..................................................... 167
Figure 116: E-mail configuration as a Remote Logging option ................................................................. 168
Figure 117: Syslog server configuration for Remote Logging (continued)............................................ 169
Figure 118: VPN logs displayed in GUI event viewer .................................................................................. 170
Figure 119: Restoring configuration from a saved file will result in the current configuration being
overwritten and a reboot .................................................................................................................... 171
Figure 120: Firmware version information and upgrade option ................................................................ 172
Figure 121: Firmware upgrade and configuration restore/backup via USB .......................................... 173
Figure 122: Dynamic DNS configuration .......................................................................................................... 174
Figure 123: Router diagnostics tools available in the GUI ......................................................................... 175
Figure 124: Sample trace route out put .............................................................................................................. 176
Figure 125: Localization ......................................................................................................................................... 177
Figure 126: Device Status display ...................................................................................................................... 179
Figure 127: Device Status display (continued) ............................................................................................... 180
Figure 128: Resource Utilization statistics ....................................................................................................... 181
Figure 129: Resource Utilization data (continued) ........................................................................................ 182
Figure 130: Resource Utilization data (continued) ........................................................................................ 183
Figure 131: Physical port statistics ..................................................................................................................... 184
9
Unified Services Router
User Manual
Figure 132: AP specific statistics......................................................................................................................... 185
Figure 133: List of current Active Firewall Sessions ..................................................................................... 186
Figure 134: List of connected 802.11 clients per AP .................................................................................... 187
Figure 135: List of LAN hosts ............................................................................................................................... 188
Figure 136: List of current Active VPN Sessions ........................................................................................... 189
10
Unified Services Router
User Manual
Chapter 1. Introduction
D-Lin k Un ified Serv ices Ro u t ers o ffer a s ecu re, h ig h p erforman ce n et wo rkin g s o lu t io n
t o ad d ress t h e g rowin g n eed s o f s mall an d med iu m b u s in es s es . In t eg rat ed h ig h -s p eed
IEEE 802.11n an d 3G wireles s t ech n o lo g ies o ffer co mp arab le p erfo rman ce t o
t rad it io n al wired n et wo rks , b u t wit h fewer limit at io n s . Op t imal n et wo rk s ecu rit y is
p ro v id ed v ia feat u res s u ch as v irt u al p riv at e n et wo rk (VPN) t u n n els , IP Secu rit y
(IPs ec ), Po in t -t o -Poin t Tu n nelin g Pro t ocol (PPTP), Lay er 2 Tu n n elin g Pro t ocol (L2TP),
an d Secu re So cket s Lay er (SSL). Emp o wer y o u r ro ad warrio rs wit h clien t les s remo t e
acces s an y wh ere an d an y t ime u s in g SSL VPN t u n n els .
W it h t h e D-Lin k Un ified Serv ices Ro u t er y o u are ab le t o exp erien ce a d iv ers e s et o f
b en efit s :
Co mp reh en s iv e M an ag emen t Cap ab ilit ies
Th e DSR-500, DSR-500N, DSR-1000 an d DSR-1000N in clu d e d u al-W A N
Gig ab it Et h ern et wh ich p ro v id es p o licy -b as ed s erv ice man ag emen t en s u rin g
maximu m p ro d u ct iv it y fo r y o u r b u s in es s o p erat io n s . Th e failo v er feat u re
main t ain s d at a t raffic wit h o ut d is conn ectin g wh en a lan d lin e co nnect io n is lo s t .
Th e Ou t b o u nd Lo ad Balan cin g featu re ad ju sts o u tgo ing t raffic acro ss t wo W AN
in t erfaces and o pt imizes t h e s ystem p erfo rman ce res u lt in g in h ig h av ailab ilit y .
Th e s eco nd W AN p o rt can b e co n figu red as a DM Z p o rt allo win g y o u t o is o late
s erv ers fro m y o u r LA N.
DSR-150/ 150N/ 250 / 250N h av e a s in g le W A N in t erface, an d t h u s it d o es n o t
s u p p o rt A u t o Failo v er an d Lo ad Balan cin g s cen ario s .
Su p erio r W ireles s Perfo rman ce
Des ig n ed t o d eliv er s u p erio r wireles s p erfo rman ce, t h e DSR -500N an d DSR1000N in clu d e 802.11 a/ b / g / n, allo win g fo r o p erat io n o n eit h er t h e 2.4 GHz o r
5 GHz rad io b an d s . M u lt ip le In M u lt ip le Ou t (M IM O) t ech n o lo g y allo ws t h e
DSR-500N an d DSR-1000N t o p ro v id e h ig h d at a rat es wit h min imal “d ead
s p o t s ” t h ro u g h o u t t h e wireles s co v erag e area.
DSR-150N, 250N an d DSR-500N s u p p o rt s t h e 2.4GHz rad io b an d o n ly .
Flexib le Dep lo y men t Op t io n s
Th e DSR-1000 / 1000N s u p p o rt s Th ird Gen erat io n (3G) Net wo rks v ia an
ext en d ab le USB 3G d o n g le. Th is 3G n et wo rk cap ab ilit y o ffers an ad d it io n al
s ecu re d at a co n n ect io n fo r n et wo rks t h at p ro v id e crit ical s erv ices . Th e DSR 1000N can b e co n fig u red t o au t o mat ically s wit ch t o a 3G n et wo rk wh en ev er a
p h y s ical lin k is lo s t .
Ro b u s t VPN feat u res
A fu lly feat u red v irt u al p riv at e n et wo rk (VPN) p ro v id es y o u r mo b ile wo rkers
an d b ran ch o ffices wit h a s ecu re lin k t o y o u r n et wo rk. Th e DSR150/ 150N/ 250/ 250N, DSR-500/ 500N an d DSR-1000 / 1000N are cap ab le o f
s imu lt an eo usly man ag in g 5, 5, 10, 20 Secu re So cket s Lay er (SSL) VPN t u n n els
res p ectiv ely , emp o werin g y o u r mo b ile u s ers b y p ro v id in g remo t e acces s t o a
11
Unified Services Router
User Manual
cen t ral co rp o rat e d at ab as e. Sit e -t o -s it e VPN t u n n els u s e IP Secu rit y ( IPs ec )
Pro t o co l, Po in t -t o -Po in t Tu n n elin g Pro t o co l (PPTP), o r Lay er 2 Tu n n elin g
Pro t o co l (L2TP) t o facilit at e b ran ch o ffice co n n ect iv it y t h ro u g h en cry p t ed
v irt u al lin ks . Th e DSR-150/ 150N, DSR-250/ 250N, DSR-500/ 500N an d DSR1000/ 1000N s u p p o rt 10, 25, 35 an d 75 s imu lt an eo u s IPSec VPN t u n n els
res p ect iv ely .
Efficien t D-Lin k Green Tech n o lo g y
A s a co n cern ed memb er o f t h e g lo b al co mmu n it y , D -Lin k is d ev o t ed t o
p ro v id in g eco -frien d ly p ro d u ct s . D-Lin k Green W iFi an d D-Lin k Green
Et h ern et s av e p o wer an d p rev en t was t e. Th e D -Lin k Green W LA N s ch ed u ler
red u ces wireles s p o wer au t o mat ically d u rin g o ff-p eak h o u rs . Likewis e t h e DLin k Green Et h ern et p ro gram ad ju s ts p o wer u s ag e b ased o n t h e d et ect ed cab le
len g t h an d lin k s t at u s . In ad d it io n , co mp lian ce wit h Ro HS (Res t rict io n o f
Hazard o u s Su b stances) an d W EEE (W as t e Elect rical an d Elect ro ni c Eq u ip ment)
d irect iv es make D-Lin k Green cert ified d ev ices t h e en viro nmen tally res ponsible
ch o ice.
Su p p o rt fo r t h e 3G wireles s W A N USB d o n g le is o n ly av ailab le fo r DSR-1000 an d
DSR-1000N.
1.1 About this User Manual
Th is d o cu men t is a h ig h lev el man u al t o allo w n ew D-Lin k Un ified Serv ices Ro u t er
u s ers t o co n fig u re co n n ect iv it y , s et u p VPN t u n n els , es t ab lis h firewall ru les an d
p erfo rm g en eral ad min is t rativ e t asks. Ty p ical d ep lo ymen t an d u se cas e s cen ario s are
d es crib ed in each s ect io n . Fo r mo re d et ailed s et u p in s t ru ct io n s an d exp lan at io n s o f
each co n fig u rat ion p aramet er, refer t o t h e o n lin e h elp t h at can b e acces s ed fro m each
p ag e in t h e ro u t er GUI.
1.2 Typographical Conventions
Th e fo llo win g is a lis t o f t h e v ario u s t erms , fo llo wed b y an examp le o f h o w t h at t erm
is rep res en t ed in t h is d o cu men t :
Pro d u ct Name – D-Lin k Un ified Serv ices Ro u t er.
o
M o d el n u mb ers DSR-500/ 500N/ 1000/ 1000N/ 250/ 250N/ 150/ 150N
GUI M en u Pat h / GUI Nav ig at io n – Monitoring > Router Status
Imp o rt an t n o t e –
12
Chapter 2. Configuring Your Network:
LAN Setup
It is as s umed t h at t h e u ser h as a mach in e fo r man ag emen t co nnected t o t h e LA N t o t h e
ro u t er. Th e LA N co n n ectio n may b e t h ro u gh t h e wired Et h ern et p o rt s av ailab le o n t h e
ro u t er, o r o n ce t h e in it ial s et up is co mp let e, t h e DSR may als o b e ma n ag ed t h ro u g h it s
wireles s in t erface as it is b rid g ed wit h t h e LA N. A cces s t h e ro u t er’s g rap h ical u s er
in t erface (GUI) fo r man ag emen t b y u s in g an y web b ro wser, s uch as M icro s o ft In t ern et
Exp lo rer o r M o zilla Firefo x:
Go t o http:/ / 1 9 2 .1 6 8 .1 0 .1 (d efau lt IP ad d res s ) t o d is p lay t h e ro u t er’s
man ag emen t lo g in s creen .
Defau lt lo g in cred en t ials fo r t h e man ag emen t GUI:
Us ern ame: admi n
Pas s wo rd : admi n
If t h e ro u t er’s LA N IP ad d res s was ch ang ed, u s e t h at IP ad d res s in t h e n av ig at io n
b ar o f t h e b ro ws er t o acces s t h e ro u t er’s man ag emen t UI.
2.1 LAN Configuration
Setup > Network Settings > LAN Configuration
By d efau lt , t h e ro u t er fu n ct io n s as a Dy n amic Ho s t Co n fig u rat io n Pro t o co l (DHCP)
s erv er t o t h e h ost s o n t h e W LA N o r LA N n et wo rk. W it h DHCP, PCs an d o t h er LA N
d ev ices can b e assig ned IP ad d resses as well as ad d resses fo r DNS s erv ers , W in d o ws
In t ern et Name Serv ice (W INS) s erv ers , an d t h e d efau lt g at eway . W it h t h e DHCP
s erv er en ab led t h e ro u t er’s IP ad d res s s erv es as t h e g at eway ad d res s fo r LA N an d
W LA N clien t s . Th e PCs in t h e LA N are as s ig n ed IP ad d res s es fro m a p o o l o f
ad d res ses s pecified in t h is p ro cedu re. Each p o o l ad dress is t ested b efore it is as sig ned
t o av o id d u p licat e ad d res s es o n t h e LA N.
Fo r mo s t ap p licat ion s t he d efault DHCP an d TCP/ IP s et t in g s are s at is fact o ry . If y o u
wan t an o t h er PC o n y o u r n et wo rk t o b e t h e DHCP s erv er o r if y o u are man u ally
co n fig u rin g t h e n et wo rk s et t in g s o f all o f y o u r PCs , s et t h e DHCP mo d e t o ‘n o n e’.
DHCP relay can b e u s ed t o fo rward DHCP leas e in fo rmat io n fro m an o t h er LA N
d ev ice t h at is t h e n et wo rk’s DHCP s erv er; t h is is p art icu larly u s efu l fo r wireles s
clien t s .
In s t ead o f u s in g a DNS s erv er, y o u can u s e a W in d o ws In t ern et Namin g Serv ice
(W INS) s erv er. A W INS s erv er is t h e eq u iv alen t o f a DNS s erv er b u t u s es t h e
Net BIOS p ro t o co l t o res o lv e h o s t n ames . Th e ro u t er in clu d es t h e W INS s erv er IP
ad d res s in t h e DHCP co n fig u rat io n wh en ackn o wled g in g a DHCP req u es t fro m a
DHCP clien t .
Yo u can als o en able DNS p ro xy fo r t h e LA N. W h en t h is is e n abled t he ro u t er t h en as
a p ro xy fo r all DNS req u es t s an d co mmu n icat es wit h t h e ISP’s DNS s erv ers . W h en
d is ab led all DHCP clien t s receiv e t h e DNS IP ad d res s es o f t h e ISP.
Unified Services Router
User Manual
To co n fig u re LA N Co n n ect iv it y , p leas e fo llo w t h e s t ep s b elo w:
1. In the LAN Setup page, enter the following information for your router:
IP ad d res s (fact o ry d efau lt : 192.168.10.1).
If y o u ch an g e t h e IP ad d res s an d click Sav e Set t in g s , t h e GUI will n o t res p o n d .
Op en a n ew co n n ect io n t o t h e n ew IP ad d res s an d lo g in ag ain . Be s u re t h e LA N
h o s t (t h e mach in e u sed t o man ag e t h e ro u t er) h as o b t ain ed IP ad d res s fro m n ewly
as s ig n ed p o o l (o r h as a s t at ic IP ad d res s in t h e ro u t er’s LA N s u b n et ) b efo re
acces s in g t h e ro u t er v ia ch an g ed IP ad d res s .
Su b n et mas k (fact o ry d e fau lt : 255.255.255.0).
2. In the DHCP section, select the DHCP mode:
No n e: t h e ro u t er’s DHCP s erv er is d is ab led fo r t h e LA N
DHCP Serv er. W it h t h is o p tio n t h e ro u ter assig ns an IP ad d res s wit h in t h e
s p ecified ran g e p lu s ad d it io n al s p ecified in fo rmat io n t o an y LA N d ev ice
t h at req u es t s DHCP s erv ed ad d res s es .
DHCP Relay : W it h t h is o p t io n en ab led , DHCP clien t s o n t h e LA N can
receiv e IP ad d res s leas es an d co rres p o n d in g in fo rmat io n fro m a DHCP
s erv er o n a d ifferen t s u b n et . Sp ecify t h e Relay Gat eway , an d wh en LA N
clien t s make a DHCP req u es t it will b e p as s ed alo n g t o t h e s erv er
acces s ib le v ia t h e Relay Gat eway IP ad d res s .
If DHCP is b ein g en ab led , en t er t h e fo llo win g DHCP s erv er p aramet ers :
St art in g an d En d in g IP A d d res s es : En t er t h e firs t an d las t co n t in u o u s
ad d res ses in t h e IP ad d ress p o ol. A n y n ew DHCP clien t jo in in g t h e LA N is
as s ig n ed an IP ad d res s in t h is ran g e. Th e d efau lt s t art in g ad d res s is
192.168.10.2. Th e d efau lt en d in g ad d res s is 192.168.1 0.100. Th es e
ad d res ses s ho uld b e in t h e s ame IP ad d res s s u b n et as t h e ro u t er’s LA N IP
ad d res s . Yo u may wis h t o s av e p art o f t h e s u b n et ran g e fo r d ev ices wit h
s t at ically as s ig n ed IP ad d res s es in t h e LA N .
Primary an d Seco n d ary DNS s erv ers : If co n fig u red d o main n ame s y s t em
(DNS) s erv ers are av ailab le o n t h e LA N en t er t h eir IP ad d res s es h ere.
W INS Serv er (o p t io n al): En t er t h e IP ad d res s fo r t h e W INS s erv er o r, if
p res en t in y o u r n et wo rk, t h e W in d o ws Net Bio s s erv er.
14
Unified Services Router
User Manual
Leas e Time: En t er t h e t ime, in h o u rs , fo r wh ich IP ad d res s es are leas ed t o
clien t s .
Relay Gat eway : En t er t h e g at eway add res s . Th is is t h e o n ly co n fig u rat io n
p aramet er req u ired in t h is s ect io n wh en DHCP Relay is s elect ed as it s
DHCP mo d e
3. In the DNS Host Name Mapping section:
Ho s t Name: Pro v id e a v alid h o s t n ame
IP ad d res s : Pro v id e t h e IP ad d res s o f t h e h o s t n ame,
4. In the LAN proxy section:
En ab le DNS Pro xy : To en ab le t h e ro u t er t o act as a p ro xy fo r all DNS
req u es ts an d co mmu n icat e wit h t h e ISP’s DNS s erv ers , click t h e ch eckb o x.
5. Click Save Settings to apply all changes .
Figure 1 : Se tup page for LAN TCP/IP s e ttings
15
Unified Services Router
User Manual
2.1.1 LAN DHCP Reserv ed IPs
Setup > Network Settings > LAN DHCP Reserved IPs
Th is ro u t er DHCP s erv er can as sig n TCP/ IP co n fig urat io n s t o co mp u t ers in t h e LA N
exp licit ly b y ad d in g clien t 's n etwo rk in t erface h ardware ad dress an d t he IP ad d ress t o
b e as s ig ned t o t h at clien t in DHCP s erv er's d atabase. W h enever DHCP s erv er receiv es
a req u est fro m c lien t , h ard ware ad dress o f t h at clien t is co mp ared wit h t h e h ard ware
ad d res s lis t p res en t in t h e d at ab as e, if an IP ad d res s is alread y as s ig n ed t o t h at
co mp u t er o r d ev ice in t h e d at ab as e , t h e cu s t o mized IP ad d res s is co n fig u red
o t h erwis e an IP ad d ress is ass ig n ed t o t h e clien t au t o mat ically fro m t h e DHCP p o o l.
Computer Name : Th e u s er d efin ed n ame fo r t h e LA N h o s t .
IP Addres s es : Th e LA N IP ad d res s o f a h o s t t h at is res erv ed b y t h e DHCP s erv er.
MAC Addres s es : Th e M A C ad d res s t h at will b e as s ig n ed t h e res e rv ed IP ad d res s
wh en it is o n t h e LA N.
As s oci ate wi th IP/ MAC B i ndi ng : W h en t h e u s er en ab les t h is o p t io n t h e Co mp u t er
Name, IP an d M A C ad d res s es are as s o ciat ed wit h t h e IP/ M A C b in d in g .
Th e act io n s t h at can b e t aken o n lis t o f res erv ed IP ad d res s es are:
S el ect: Select s all t h e res erv ed IP ad d res s es in t h e lis t .
Edi t: Op en s t h e LA N DHCP Res erv ed IP Co n fig u rat io n p ag e t o ed it t h e s elect ed
b in d in g ru le.
Del ete : Delet es t h e s elect ed IP ad d res s res erv at io n (s )
Add: Op en s t h e LA N DHCP Res erv ed IP Co n fig u rat io n p ag e t o ad d a n ew b in d in g
ru le.
16
Unified Services Router
User Manual
Figure 2 : LAN DHCP Re s e rve d IPs
2.1.2 LAN DHCP Leased Clients
Setup > Network Settings > LAN DHCP Leased Clients
Th is p ag e p ro v id es t h e lis t o f clien t s co n n ect t o LA N DHCP s erv er.
17
Unified Services Router
User Manual
Figure 3 : LAN DHCP Le as e d Clie nts
IP Addres s es : Th e LA N IP ad d res s o f a h o s t t h at mat ch es t h e res erv ed IP lis t .
MAC Addres s es : Th e M A C ad d ress o f a LA N h o s t t h at h as a co n figu red IP ad d res s
res erv at io n .
2.1.3 LAN Configuration in an IPv 6 Network
Advanced > IPv6 > IPv6 LAN > IPv6 LAN Config
(1) In IPv 6 mo d e, t h e LA N DHCP s erv er is en ab led b y d efau lt (s imilar t o IPv 4
mo d e). Th e DHCPv 6 s erv er will s erv e IPv 6 ad d resses fro m co n fig u red ad d res s
p o o ls wit h t h e IPv 6 Prefix Len g t h as s ig n ed t o t h e LA N.
IPv 4 / IPv 6 mo d e mu s t b e en ab led in t h e Advanced > IPv6 > IP mode t o en ab le
IPv 6 co n fig u rat io n o p t io n s .
LAN Settings
Th e d efau lt IPv 6 LA N ad d ress fo r t h e ro u ter is fec0 ::1 . Yo u can ch ang e t h is 128 b it
IPv 6 ad d res s b ased o n y o ur n et wo rk req u iremen t s . Th e o t h er field t h at d efin es t h e
LA N s et t in g s fo r t h e ro u t er is t h e p refix len g t h . Th e IPv 6 n et wo rk (s u b n et ) is
id en t ified b y t h e in it ial b it s o f t h e ad d res s called t h e p refix. By d efau lt t h is is 6 4
b it s lo n g . A ll h o s ts in t h e n etwo rk h av e co mmo n in it ial b it s fo r t h eir IPv 6 ad d res s ;
t h e n u mb er o f co mmo n in it ial b it s in t h e n et wo rk’s ad d res s es is s et b y t h e p refix
len g t h field .
18
Unified Services Router
User Manual
Figure 4 : IPv6 LAN and DHCPv6 configurat io n
If y o u ch an g e t h e IP ad d res s an d click Sav e Set t in g s , t h e GUI will n o t res p o n d .
Op en a n ew co n n ect io n t o t h e n ew IP ad d res s an d lo g in ag ain . Be s u re t h e LA N
h o s t (t h e mach in e u sed t o man ag e t h e ro u t er) h as o b t ain ed IP ad d res s fro m n ewly
as s ig n ed p o o l (o r h as a s t at ic IP ad d res s in t h e ro u t er’s LA N s u b n et ) b efo re
acces s in g t h e ro u t er v ia ch an g ed IP ad d res s .
19
Unified Services Router
User Manual
A s wit h an IPv 4 LA N n et wo rk, t h e ro u t er h as a DHCPv 6 s erv er. If en ab led , t h e
ro u t er as s ig n s an IP ad d res s wit h in t h e s p ecified ran g e p lu s ad d it io n al s p ecified
in fo rmat io n t o an y LA N PC t h at req u es t s DHCP s erv ed ad d res s es .
Th e fo llo win g s et t in g s are u s ed t o co n fig u re t h e DHCPv 6 s erv er:
DHCP M o d e: Th e IPv 6 DHCP s erv er is eit h er s t at eless o r s t at efu l. If s t ateless is
s elect ed an ext ern al IPv 6 DHCP s erv er is n o t req u ired as t h e IPv 6 LA N h o s t s
are au t o -co nfig ured b y t h is ro u ter. In t h is case t h e ro u ter ad vertis emen t d aemo n
(RA DVD) mu s t b e co n fig u red o n t h is d ev ice an d ICM Pv 6 ro u t er d is co v ery
mes s ag es are u s ed b y t h e h o s t fo r au t o -co n fig u rat io n . Th ere are n o man ag ed
ad d res ses t o s erv e t h e LA N n o d es. If s t at efu l is s elected t h e IPv 6 LA N h o s t will
rely o n an ext ern al DHCPv 6 s erv er t o p ro v id e req u ired co n fig u rat io n s et t in g s
Th e d o main n ame o f t h e DHCPv 6 s erv er is an o p t io n al s et t in g
Serv er Preferen ce is u s ed t o in d icat e t h e p re feren ce lev el o f t h is DHCP s erv er.
DHCP ad v ert is e mes s ag es wit h t h e h ig h es t s erv er p referen ce v alu e t o a LA N
h o s t are p referred o v er o t h er DHCP s erv er ad v ert is e mes s ag es . Th e d efau lt is
255.
Th e DNS s erv er d et ails can b e man u ally en t ered h ere (p rimary / s eco n d ary
o p t io n s . A n alt ern at iv e is t o allo w t h e LA N DHCP clien t t o receiv e t h e DNS
s erv er d et ails fro m t h e ISP d irect ly . By s elect in g Us e DNS p ro xy , t h is ro u t er
act s as a p ro xy fo r all DNS req u es t s an d co mmu n icat es wit h t h e ISP’s DNS
s erv ers (a W A N co n fig u ra t io n p aramet er).
Primary an d Seco n d ary DNS s erv ers : If t h ere is co n fig u red d o main n ame
s y s t em (DNS) s erv ers av ailab le o n t h e LA N en t er t h e IP ad d res s es h ere.
Leas e/ Reb in d t ime s et s t h e d uratio n o f t h e DHCPv 6 leas e fro m t h is ro u t er to the
LA N clien t .
IPv6 Address Pools
Th is feat u re allo ws y o u t o d efin e t h e IPv 6 d eleg at io n p refix fo r a ran g e o f IP
ad d res ses t o b e s erv ed b y t h e g at eway ’s DHCPv 6 s erv er . Us in g a d eleg at io n p refix
y o u can au t omat e t he p ro cess o f in fo rmin g o t h er n et workin g eq uip men t o n t h e LA N
o f DHCP in fo rmat io n s p ecific fo r t h e as s ig n ed p refix.
Prefix Delegation
Th e fo llo win g s et t in g s are u s ed t o co n fig u re t h e Prefix Deleg at io n :
Prefix Deleg at io n : Select t h is o p t io n t o en ab le p refix d eleg at io n in DHCPv 6
s erv er. Th is o p t io n can b e s elect ed o n ly in St at eles s A d d res s A u t o
Co n fig u rat io n mo d e o f DHCPv 6 s erv er.
20
Unified Services Router
User Manual
Prefix A d d res s : IPv 6 p refix ad d res s in t h e DHCPv 6 s erv er p refix p o o l
Prefix Len g t h : Len g t h p refix ad d res s
2.1.4 Configuring IPv 6 Router Adv ertisements
Ro u t er A d v ertis emen ts are an alo go us t o IPv 4 DHCP as s ig nmen ts fo r LA N clien t s , in
t h at t h e ro u t er will as s ig n an IP ad d res s an d s u p p o rt in g n et wo rk in fo rmat io n t o
d ev ices t hat are co n fig ured t o accept s uch d etails. Ro u t er A dv ert isemen t is req u ired
in an IPv 6 n et wo rk is req u ired fo r s t at eless au to con fig u rat io n o f t h e IPv 6 LA N. By
co n fig u rin g t he Ro u ter A d vertisemen t Daemo n o n t h is ro u ter, t h e DSR will lis t en o n
t h e LA N fo r ro u t er s o licit at io n s an d res p o n d t o t h es e LA N h o s t s wit h ro u t er
ad v is emen t s .
RADVD
Advanced > IPv6 > IPv6 LAN > Router Advertisement
To s u p p ort s tateless IPv 6 au t o co nfig uratio n o n t h e LA N, s et t h e RA DVD s t at u s t o
En ab le. Th e fo llo win g s et t in g s are u s ed t o co n fig u re RA DVD:
A d v ert ise M o de: Select Un solicit ed M u lt icast t o send ro ut er ad v ert is emen t s
(RA ’s ) t o all in t erfaces in t h e mu lt icas t g ro u p . To res t rict RA ’s t o wellkn o wn IPv 6 ad d res s es o n t h e LA N, an d t h ereb y red u ce o v erall n et wo rk
t raffic, s elect Un icas t o n ly .
A d v ert ise In t erv al: W h en ad vert isemen ts are u n s o licit ed mu lt icas t p acket s ,
t h is in t erv al s et s t h e maximu m t ime b et ween ad v ert is emen t s fro m t h e
in t erface. Th e act u al d u rat io n b et ween ad v ert is emen t s is a ran d o m v alu e
b et ween o n e t h ird o f t h is field an d t h is field . Th e d efau lt is 30 s eco n d s .
RA Flag s : Th e ro u t er ad vertis emen ts (RA ’s ) can b e s en t wit h o n e o r b o t h o f
t h es e flag s. Ch o se M an ag ed t o u s e t h e ad min is t ered / s t a t efu l p ro t o co l fo r
ad d res s au t o co n fig u rat io n . If t h e Ot h er flag is s elect ed t h e h o s t u s es
ad min is t ered / s t at efu l p ro t o co l fo r n o n -ad d res s au t o co n fig u rat io n .
Ro u t er Preferen ce : t h is
lo w/ med iu m/ h ig h p aramet er d et ermin es t h e
p referen ce asso ciat ed wit h t h e RA DVD p ro ces s o f t h e ro u t er. Th is is u s efu l
if t h ere are o t h er RA DVD en ab led d ev ices o n t h e LA N as it h elp s av o id
co n flict s fo r IPv 6 clien t s .
M TU: Th e ro u t er ad v ert is emen t will s et t h is maximu m t ran s mis s io n u n it
(M TU) v alu e fo r all n o d es in t h e LA N t h at are au t o co n fig ured b y t he ro uter.
Th e d efau lt is 1500.
Ro u t er Lifet ime : Th is v alu e is p res en t in RA ’s an d in d icat es t h e u s efu ln es s
o f t h is ro u t er as a d efau lt ro u t er fo r t h e in t erface. Th e d efau lt is 3600
21
Unified Services Router
User Manual
s eco n ds. Up o n exp irat io n o f t h is v alu e, a n ew RA DVD exch an g e mu s t t ake
p lace b et ween t h e h o s t an d t h is ro u t er.
Figure 5 : Configu ri ng the Route r Adve rtis e me nt Dae mon
Advertisement Prefixes
Advanced > IPv6 > IPv6 LAN > Advertisement Prefixes
Th e ro u t er ad v ert isemen ts co nfig ured wit h ad v ert is emen t p refixes allo w t h is ro u t er
t o in fo rm h o s t s h o w t o p erfo rm s t at eles s ad d res s au t o co n fig u rat io n . Ro u t er
ad v ert is emen ts co n t ain a lis t o f s u b n et p refixes t h at allo w t h e ro u t er t o d et ermin e
n eig h b o u rs an d wh et h er t h e h o s t is o n t h e s ame lin k as t h e ro u t er .
Th e fo llo win g p refix o p t io n s are av ailab le fo r t h e ro u t er ad v ert is emen t s :
IPv 6 Prefix Ty p e : To en s u re h o s t s s u p p o rt IPv 6 t o IPv 4 t u n n el s elect t h e
6t o 4 p refix t y p e. Select in g Glo b al/ Lo cal/ ISA TA P will allo w t h e n o d es t o
s u p p o rt all o t h er IPv 6 ro u t in g o p t io n s
SLA ID: Th e SLA ID (Sit e -Lev el A g g reg at io n Id en t ifier) is av ailab le wh en
6t o 4 Prefixes are s elect ed . Th is s h o u ld b e t h e in t erface ID o f t h e ro u t er’s
LA N in t erface u s ed fo r ro u t er ad v ert is emen t s .
22
Unified Services Router
User Manual
IPv 6 Prefix: W h en u s ing Glo b al/ Lo cal/ISA TAP p refixes , t h is field is u s ed to
d efin e t h e IPv 6 n et wo rk ad v ert is ed b y t h is ro u t er.
IPv 6 Prefix Len g t h : Th is v alu e in d icat e s t h e n u mb er co n t ig u o u s , h ig h er
o rd er b it s o f t h e IPv 6 ad d res s t h at d efin e u p t h e n et wo rk p o rt io n o f t h e
ad d res s . Ty p ically t h is is 64.
Prefix Lifet ime: Th is d efin es t h e d u rat io n (in s eco n d s ) t h at t h e req u es t in g
n o d e is allo wed t o u s e t h e adv ert is ed p refix. It is an alo g o u s t o DHCP leas e
t ime in an IPv 4 n et wo rk.
Figure 6 : IPv6 Adve rtis e me nt Pre fix s e ttings
2.2 VLAN Configuration
Th e ro u t er s u p p o rt s v irt u al n et wo rk is o lat io n o n t h e LA N wit h t h e u s e o f VLA Ns .
LA N d ev ices can b e co n fig u red t o co mmu n icat e in a s u b n et wo rk d efin ed b y VLA N
id en t ifiers . LA N p o rt s can b e as s ig n ed u n iq u e VLA N IDs s o t h at t raffic t o an d fro m
t h at p h y s ical p o rt can b e is o lat ed fro m t h e g en eral LA N. VLA N filt erin g is
p art icu larly u s efu l t o limit b ro ad cas t p acket s o f a d ev ice in a larg e n et wo rk
VLA N s u p p ort is d is abled b y d efault in t h e ro u ter. In t h e VLA N Co n fig u rat io n p ag e,
en ab le VLA N s u p po rt o n t h e ro u ter a n d t h en p ro ceed t o t he n ext s ectio n t o d efin e t h e
v irt u al n et wo rk.
Setup > VLAN Settings > Available VLAN
Th e A v ailab le VLA N p ag e s h o ws a lis t o f co n fig ured VLA Ns b y n ame an d VLA N ID.
A VLA N memb ers h ip can b e creat ed b y clickin g t h e A d d b u t t o n b elo w t h e Lis t o f
A v ailab le VLA Ns .
A VLA N memb ers h ip en t ry co n s is t s o f a VLA N id en t ifier an d t h e n u merical VLA N
ID wh ich is as s ig n ed t o t h e VLA N memb ers h ip . Th e VLA N ID v alu e can b e an y
23
Unified Services Router
User Manual
n u mb er fro m 2 t o 4091. VLA N ID 1 is res erv ed fo r t h e d efau lt VLA N, wh ich is u s e d
fo r u n t ag ged frames receiv ed o n t h e in t erface. By en ab lin g In t er VLA N Ro u t in g , y o u
will allo w t raffic fro m LA N h o s ts b elo ng ing t o t his VLA N ID t o p as s t h roug h t o o ther
co n fig u red VLA N IDs t h at h av e In t er VLA N Ro u t in g en ab led .
Figure 7 : Adding VLAN me mbe rs hips to the LAN
2.2.1 Associating VLANs to ports
In o rd er t o t ag all t raffic t h ro u g h a s p ecific LA N p o rt wit h a VLA N ID, y o u can
as s o ciat e a VLA N t o a p h y s ical p o rt .
Setup > VLAN Settings > Port VLAN
VLA N memb ers h ip p ro p ert ies fo r t h e LA N an d wireles s LA N are lis t ed o n t h is page.
Th e VLA N Po rt t ab le d is p lay s t he p o rt id en tifier, t h e mo d e s ett ing fo r t h at p o rt an d
VLA N memb ers h ip in fo rmat io n . Th e co n fig u rat io n p ag e is acces s ed b y s elect in g
o n e o f t h e fo u r p h y s ical p o rt s o r a co n fig u r ed acces s p o in t an d clickin g Ed it .
Th e ed it p ag e o ffers t h e fo llo win g co n fig u rat io n o p t io n s :
M o d e: Th e mo d e o f t h is VLA N can b e Gen eral, A cces s , o r T ru n k. Th e
d efau lt is acces s .
In Gen eral mo d e t h e p o rt is a memb er o f a u s er s elect ab le s et o f VLA Ns .
Th e p o rt s en ds an d receiv es d at a t h at is t ag g ed o r u n t ag g ed wit h a VLA N
ID. If t h e d at a in t o t h e p ort is u n tagged, it is as sig n ed t h e d efin ed PVID. In
t h e co n fig u rat io n fro m Fig u re 4, Po rt 3 is a Gen eral p o rt wit h PVID 3, s o
u n t ag ged d at a in t o Po rt 3 will b e as s ig ned PVID 3. A ll t ag g ed d ata s ent o u t
o f t h e p o rt wit h t h e s ame PVID will b e u n t ag ged. Th is is mo d e is t y p ically
u s ed wit h IP Ph o n es t h at h ave d ual Et h ern et p o rts. Dat a co min g fro m p h o ne
t o t h e s wit ch p o rt o n t h e ro u t er will b e t ag g ed . Dat a p as s in g t h ro u g h t h e
p h o n e fro m a co n n ect ed d ev ice will b e u n t ag g ed .
24
Unified Services Router
User Manual
Figure 8 : Port VLAN lis t
In A cces s mo d e t h e p o rt is a memb er o f a s in g le VLA N (an d o n ly o n e). A ll
d at a g o in g in t o an d o u t o f t h e p o rt is u n t ag g ed . Traffic t h ro u g h a p o rt in
acces s mo d e lo o ks like an y o t h er Et h ern et frame.
In Tru n k mo d e t h e p o rt is a memb er o f a u s er s elect ab le s et o f VLA Ns . A ll
d at a g o in g in t o an d o u t o f t h e p o rt is t ag ged. Un t agged co min g in t o t he p o rt
is n o t fo rward ed , excep t fo r t h e d efau lt VLA N wit h PVID=1, wh ich is
u n t ag ged. Tru n k p o rt s mu lt ip lex t raffic fo r mu lt ip le VLA Ns o v er t h e s ame
p h y s ical lin k.
Select PVID fo r t h e p o rt wh en t h e Gen eral mo d e is s elect ed .
Co n fig u red
VLA N memb ers h ip s
will b e
d is p lay ed
on
t h e VLA N
M emb ers h ip Co n fig u rat io n fo r t h e p o rt . By s elect in g o n e mo re VLA N
memb ers h ip o p t io n s fo r a Gen eral o r Tru n k p o rt , t raffic can b e ro u t ed
b et ween t h e s elect ed VLA N memb ers h ip IDs
25
Unified Services Router
User Manual
Figure 9 : Configu ri ng VLAN me mbe rs hip for a port
2.2.2 Multiple VLAN Subnets
Setup > VLAN Settings > Multi VLAN Settings
Th is p ag e s ho ws a lis t o f av ailab le mu lt i-VLA N s u b n ets. Each co n fig u red VLA N ID
can map d irect ly t o a s u b n et wit h in t h e LA N. Each LA N p o rt can b e as s ig n ed a
u n iq u e IP ad d ress an d a VLA N s p ecific DHCP s erv er can b e co nfig ured t o ass ig n IP
ad d res s leas es t o d ev ices o n t h is VLA N.
VLAN ID: Th e PVID o f t h e VLA N t h at will h av e all memb er d ev ices b e p art o f t h e
s ame s u b n et ran g e.
IP Addres s : Th e IP ad d res s as s o ciat ed wit h a p o rt as s ig n ed t h is VLA N ID.
S ubnet Mas k : Su b n et M as k fo r t h e ab o v e IP A d d res s
26
Unified Services Router
User Manual
Figure 10 : M ultiple VLAN Subne ts
2.2.3 VLAN configuration
Setup > VLAN Settings > VLANconfiguration
Th is p ag e allo ws en ab lin g o r d is ab lin g t h e VLA N fu n ct io n o n t h e ro u t er. Virt u al
LA Ns can b e creat ed in t h is ro ut er t o p ro vid e seg men t at io n cap ab ilit ies fo r firewall
ru les an d VPN p o licies . Th e LA N n et wo rk is co n s id ered t h e d efau lt VLA N. Ch eck
t h e En ab le VLA N b o x t o ad d VLA N fu n ct io n alit y t o t h e LA N.
27
Unified Services Router
User Manual
Figure 11 : VLAN Configu rat ion
2.3 Configurable Port: DMZ Setup
DSR-150/ 150N/ 250/ 250N d o es n o t h av e a co n fig u rab le p o rt – t h ere is n o DM Z
s u p p o rt .
Th is ro u t er s up port s o ne o f t h e p hy sical p o rt s t o b e co n fig u red as a s eco n d ary W A N
Et h ern et p o rt o r a d ed icated DM Z p o rt . A DM Z is a s u b n et wo rk t h at is o p en t o t h e
p u b lic b u t b eh ind t h e firewall. Th e DM Z ad d s an ad d it io n al lay er o f s ecu rit y t o t h e
LA N, as s p ecific s erv ices/p ort s t h at are exp o s ed t o t h e in t ern et o n t h e DM Z d o n o t
h av e t o b e exp o s ed o n t he LA N. It is reco mmen d ed t h at h osts t h at mu s t b e exp o sed t o
t h e in t ern et (s u ch as web o r email s erv ers ) b e p laced in t h e DM Z n et wo rk. Firewall
ru les can b e allo wed t o p ermit acces s s p ecific s erv ices / p o rt s t o t h e DM Z fro m b o t h
t h e LA N o r W A N. In t h e ev en t o f an at t ack t o an y o f t h e DM Z n o d es , t h e LA N is n o t
n eces s arily v u ln erab le as well.
Setup > DMZ Setup > DMZ Setup Configuration
DM Z co n fig u ratio n is id en tical t o t h e LA N co n fig u ratio n. Th ere are n o rest rictio ns on
t h e IP ad d res s o r s u bnet as sign ed t o t h e DM Z p o rt , o t h er t h an t h e fact t h at it can n o t
b e id en t ical t o t h e IP ad d res s g iv en t o t h e LA N in t erface o f t h is g at eway .
28
Unified Services Router
User Manual
Figure 12 : DM Z configuratio n
In o rd er t o co n fig u re a DM Z p o rt , t h e ro u t er’s co n fig u rab le p o rt mu s t b e s et t o
DM Z in t h e Setup > Internet Settings > Configurable Port p ag e.
2.4 Universal Plug and Play (UPnP)
Advanced > Advanced Network > UPnP
Un iv ers al Plu g an d Play (UPn P) is a feat u re t h at allo ws t h e ro u t er t o d is co v ery
d ev ices o n t h e n et wo rk t h at can co mmu n icat e wit h t h e ro u t er an d allo w fo r au t o
co n fig u ratio n . If a n et wo rk d ev ice is d etect ed b y UPn P, t h e ro u t er can o p en in t ern al
o r ext ern al p o rt s fo r t h e t raffic p ro t o co l req u ired b y t h at n et wo rk d ev ice.
On ce UPn P is en ab led , y o u can co n fig u re t h e ro u t er t o d et ect UPn P -s u p p o rt in g
d ev ices o n t h e LA N (o r a co n fig u red VLA N). If d is ab led , t he ro u ter will n o t allo w fo r
au t o mat ic d ev ice co n fig u rat io n .
Co n fig u re t h e fo llo win g s et t in g s t o u s e UPn P:
29
Unified Services Router
User Manual
A d v ert is emen t Perio d : Th is is t h e freq u en cy t h at t h e ro u t er b ro ad cas t s UPn P
in fo rmat io n o v er t h e n et wo rk. A larg e v alu e will min imize n et wo rk t raffic b u t
cau s e d elay s in id en t ify in g n ew UPn P d ev ices t o t h e n et wo rk.
A d v ert isemen t Time t o Liv e: Th is is exp res s ed in h o p s fo r each UPn P p acket . Th is
is t h e n u mb er o f s t ep s a p acket is allo wed t o p ro p ag at e b efo re b ein g d is card ed .
Small v alu es will limit t h e UPn P b ro ad cas t ran g e. A d efau lt o f 4 is t y p ical fo r
n et wo rks wit h few s wit ch es .
Figure 13 : UPnP Configuratio n
UPn P Po rt map Tab le
Th e UPn P Po rt map Tab le h as t h e d et ails o f UPn P d ev ices t hat res po nd t o t h e ro u ter’s
ad v ert is emen t s . Th e fo llo win g in fo rmat io n is d is p lay ed fo r each d et ect ed d ev ice:
A ct iv e: A y es /n o in d icatin g wh et her t he p o rt o f t h e UPn P d ev ice t hat es t ab lis h ed a
co n n ect io n is cu rren t ly act iv e
Pro t o co l: Th e n et wo rk p ro t o co l (i.e. HTTP, FTP, et c.) u s ed b y t h e DSR
In t . Po rt (In t ern al Po rt ): Th e in t ern al p o rt s o p en ed b y UPn P (if an y )
Ext . Po rt (Ext ern al Po rt ): Th e ext ern al p o rt s o p en ed b y UPn P (if an y )
IP A d d res s : Th e IP ad d res s o f t h e UPn P d ev ice d et ect ed b y t h is ro u t er
Click Refres h t o refres h t h e p o rt map t ab le an d s earch fo r an y n ew UPn P d ev ices .
30
Unified Services Router
User Manual
2.5 Captive Portal
DSR-150/ 150N/ 250/ 250N d o es n o t h av e s u p p o rt fo r t h e Cap t iv e Po rt al feat u re.
LA N u s ers can g ain in t ern et acces s v ia web p o rt al au t h en t icat io n wit h t h e DSR.
A ls o referred t o as Ru n -Time A u t h en t icat io n , a Cap t iv e Po rt al is id eal fo r a web
café s cen ario wh ere u sers in it iat e HTTP c o n nectio n req uests fo r web acces s b u t are
n o t in t eres t ed in acces s in g an y LA N s erv ices . Firewall p o licies u n d ern eat h will
d efin e wh ich u s ers req u ire au t h en t icat io n fo r HTTP acces s , an d wh en a mat ch in g
u s er req u est is mad e t h e DSR will in t ercep t t h e req ues t an d p ro mp t fo r a u s ern ame /
p as s word . Th e lo g in cred en t ials are co mp ared ag ain s t t h e Ru n TimeA u t h u s ers in
u s er d at ab as e p rio r t o g ran t in g HTTP acces s .
Cap t iv e Po rt al is av ailab le fo r LA N u s ers o n ly an d n o t fo r DM Z h o s t s .
Advanced > Captive Portal >Captive Portal Sessions
Th e A ct iv e Ru n t ime in t ern et s essio ns t h rou g h t h e ro u t er’s firewall are lis t ed in t h e
b elo w t ab le. Th es e u s ers are p resent in t h e lo cal o r ext ern al u s er d at ab ase an d h av e
h ad t h eir lo g in cred en t ials ap p ro v ed fo r in t ern et acces s . A ‘Dis co n n ect ’ b u t t o n
allo ws t h e DSR ad min t o s elect iv ely d ro p an au t h en t icat ed u s er.
31
Unified Services Router
User Manual
Figure 14 : Active Runtime s e s s ions
2.6 Captive portal setup
Advanced > Captive Portal >Captive Portal Setup
Cap t iv e Po rt al is a s ecu rit y mech an is m t o s elect iv ely p ro v id e au t h en t icat io n o n
cert ain in t erfaces . Th is p ag e allo ws t o man ag e t h e Po licie s an d Pro files o f
Cap t iv ePo rt al.
32
Unified Services Router
User Manual
Figure 15 : Captive Portal Se tup
Cap t iv e Po rt al Po licie s : Th e Lis t o f A v ailab le Cap t iv ePo rt al Po licies are s h o wn in
t h is t ab le.
A u t h en t icat io n Ty p e : Th is allo ws in ch o o s in g t h e au t h en t icat io n mo d e, t y p e an d
red irect io n t y p e .
Lis t o f A v ailab le Pro files : A n y o n e o f t h ese p ro files can b e u s ed fo r Cap t iv e Po rt al
Lo g in p ag e wh ile en ab lin g Cap t iv e Po rt al.
33
Unified Services Router
User Manual
Figure 16 : Cus tomize d Captive Portal Se tup
Click “A d d ” in t h e Cap t iv e Po rtal s etu p p ag e t o allo w d efin in g cu s t o mized cap t iv e
p o rt al lo g in p ag e in fo rmat io n ( Pag e Backg ro u n d Co lo r, Head er Det ails , Head er
Cap t io n , Lo g in Sect io n Det ails, A d vertis emen t Det ails , Fo o t er Det ails an d Cap t iv e
Po rt al Head er Imag e ).
34
Unified Services Router
User Manual
Chapter 3. Connecting to the Internet:
WAN Setup
Th is ro u t er h as t wo W A N p o rt s t h at can b e u s ed t o es t ab lis h a co n n ect io n t o t h e
in t ern et . Th e fo llo win g ISP co n n ect io n t y p es are s u p p o rt ed : DHCP, St at ic, PPPo E,
PPTP, L2TP, 3G In t ern et (v ia USB mo d em).
It is as s u med t h at y o u h av e arran g ed fo r in t ern et s erv ice wit h y o u r In t ern et Serv ice
Pro v id er (ISP). Pleas e co n tact y o ur ISP o r n et wo rk ad min is t rat o r fo r t h e co n fig u rat io n
in fo rmat io n t h at will b e req u ired t o s et u p t h e ro u t er.
3.1 Internet Setup Wizard
Setup > Wizard > Internet
Th e In t ern et Co n nect io n Set u p W izard is av ailab le fo r u s ers n ew t o n et wo rkin g . By
g o in g t h ro ug h a few s t raig ht forward co nfig uratio n p ag es y o u can t ake t h e in fo rmat io n
p ro v id ed b y y o ur ISP t o g et y o u r W A N co nnectio n u p an d en ab le in t ern et acces s fo r
y o u r n et wo rk.
Figure 17 : Inte rne t Conne ction Se tup Wizard
Yo u can s t art u sin g t h e W izard b y lo g g ing in wit h t h e ad min is trato r p as s wo rd fo r t h e
ro u t er. On ce au t hent icat ed s et t h e t ime zo n e t h at y o u are lo cat ed in , an d t h en ch o o s e
t h e t y p e o f ISP co n n ect io n t y p e: DHCP, St at ic, PPPo E, PPTP, L2TP. Dep en d in g o n
t h e co n n ectio n t y p e a u s ername/ passwo rd may b e req u ired t o reg ister t h is ro u t er wit h
t h e ISP. In mo s t cas es t h e d efault s ettin gs can b e u sed if t h e ISP d id n o t s p ecify t h at
p aramet er. Th e las t s tep in t h e W izard is t o click t h e Co n n ect b u t t o n , wh ich co n firms
t h e s et tin gs b y es tab lish ing a lin k wit h t h e ISP. On ce co n n ect ed , y ou can mo v e o n and
co n fig u re o t h er feat u res in t h is ro u t er.
35
Unified Services Router
User Manual
3G In t ern et acces s wit h a USB mo d em is s u p p o rt ed o n W A N 3. Th e In t ern et
Co n n ect io n Set u p W izard as s is t s wit h t h e p rimary W A N p o rt (W A N1)
co n fig u ratio n o n ly .
3.2 WAN Configuration
Setup > Internet Settings > WAN1 Setup
Yo u mu s t eit h er allo w t h e ro u t er t o d et ect W A N co n n ect io n t y p e au t o mat ically o r
co n fig u re man u ally t h e fo llo win g b as ic s et t in g s t o en ab le In t ern et co n n ect iv it y :
ISP Co n n ect io n t y p e: Bas ed o n t h e ISP y o u h av e s elect ed fo r t h e p rimary W A N
lin k fo r t h is ro u t er, ch o o s e St at ic IP ad d res s , DHCP clien t , Po in t -t o -Po in t
Tu n n elin g Pro t ocol (PPTP), Po in t -t o -Po int Pro t oco l o v er Et h ern et (PPPo E), Lay er
2 Tu n n elin g Pro t o co l (L2TP). Req u ired field s fo r t h e s elect ed ISP t y p e b eco me
h ig h lig h t ed. En t er t h e fo llo win g in fo rmat ion as n eed ed an d as p ro v id ed b y y o u r
ISP:
PPPo E Pro file Name. Th is men u lis t s co n fig u red PPPo E p ro files , p art icu larly
u s efu l wh en co n fig u rin g mu lt ip le PPPo E co n n ect i o n s (i.e. fo r Jap an ISPs t h at
h av e mu lt ip le PPPo E s u p p o rt ).
ISP lo g in in fo rmat io n . Th is is req u ired fo r PPTP an d L2TP ISPs .
Us er Name
Pas s wo rd
Secret (req u ired fo r L2TP o n ly )
M PPE En cry p t io n: Fo r PPTP lin ks , y o u r ISP may req u ire y o u t o en able M icro so ft
Po in t -t o -Po in t En cry p t io n (M PPE).
Sp lit Tu n n el (s u ppo rted fo r PPTP an d L2TP co n n ectio n). Th is s et tin g allo ws y o u r
LA N h o s t s t o access in t ernet s it es o v er t h is W A N lin k wh ile s t ill p ermit t in g VPN
t raffic t o b e d irect ed t o a VPN co n fig u red o n t h is W A N p o rt .
If s p lit t u n n el is en abled, DSR wo n ’t exp ect a d efau lt ro u t e fro m t h e ISP s erv er. In
s u ch case, u ser h as t o t ake care o f ro u t ing man u ally b y co nfig u ring t he ro u tin g from
St at ic Ro u t in g p ag e.
Co n n ect iv it y Ty pe : To keep t h e co n n ect io n alway s o n , click Keep Co n n ect ed . To
lo g o u t aft er t h e co nn ectio n is id le fo r a p erio d o f t ime (u s efu l if y o u r ISP co s t s are
b as ed o n lo g o n t imes ), click Id le Timeo u t an d en t er t h e t ime, in min u t es , t o wait
b efo re d is co n n ect in g in t h e Id le Time field .
36
Unified Services Router
User Manual
M y IP A d d res s : En t er t h e IP ad d res s as s ig n ed t o y o u b y t h e ISP.
Serv er IP A d d res s : En t er t h e IP ad d res s o f t h e PPTP o r L2TP s erv er.
DSR-150/ 150N/ 250/ 250N d o es n ’t h av e a d u al W A N s u p p o rt .
3.2.1 W AN Port IP address
Yo u r ISP as s ig n s y o u an IP ad d res s t h at is eit h er d y n amic (n ewly g en erat ed each
t ime y o u lo g in ) o r s t at ic (p erman ent). Th e IP A d d ress So u rce o p t io n allo ws y o u t o
d efin e wh et h er t h e ad d ress is s t at ically p ro v id ed b y t h e ISP o r s h o u ld b e receiv ed
d y n amically at each lo g in . If s t at ic, en t er y o ur IP ad d ress, IPv 4 s u b net mas k, and the
ISP g at eway ’s IP ad d ress. PPTP an d L2TP ISPs als o can p ro v ide a s t at ic IP ad d res s
an d s u b n et t o co n fig u re, h o wev er t h e d efau lt is t o receiv e t h at in fo rmat io n
d y n amically fro m t h e ISP.
3.2.2 W AN DNS Serv ers
Th e IP A d d res s es o f W A N Do main Name Serv ers (DNS) are t y p ically p ro v id ed
d y n amically fro m t h e ISP b u t in s o me cas es y ou can d efin e t h e s tatic IP ad d resses of
t h e DNS s erv ers . DNS s erv ers map In t ern et d o main n ames (examp le:
www.g o o g le.co m) t o IP ad d res s es . Click t o in d icat e wh et h er t o g et DNS s erv er
ad d res s es au t o mat ically fro m y o u r ISP o r t o u s e ISP -s p ecified ad d res s es . If it s
lat t er, en t er ad d res s es fo r t h e p rimary an d s eco n d ary DNS s erv ers . To av o id
co n n ect iv it y p ro b lems , en s u re t h at y o u en t er t h e ad d res s es co rrect ly .
3.2.3 DHCP W AN
Fo r DHCP clien t co n n ect io n s , y o u can ch o o s e t h e M A C ad d res s o f t h e ro u t er t o
reg is t er wit h t h e ISP. In s o me cas es y o u may n eed t o clo n e t h e LA N h o s t ’s M A C
ad d res s if t h e ISP is reg is t ered wit h t h at LA N h o s t .
37
Unified Services Router
User Manual
Figure 18 : M anual WAN configuratio n
3.2.4 PPPoE
Setup > Internet Settings
Th e PPPo E ISP s et t in g s are d efin ed o n t h e W A N Co n fig u rat io n p age. Th ere are t wo
t y p es o f PPPo E ISP’s s u p p o rt ed b y t h e DSR: t h e s t an d ard u s ern ame/ p as s wo rd
PPPo E an d Jap an M u lt ip le PPPo E.
38
Unified Services Router
User Manual
Figure 19 : PPPoE configuratio n for s tandard ISPs
M o s t PPPo E ISP’s u s e a s in g le co nt rol an d d ata co nnect ion , an d req u ire u s ern ame /
p as s wo rd cred en t ials t o lo g in an d au t h en t icat e t h e DSR wit h t h e ISP. Th e ISP
co n n ect io n t y p e fo r t h is cas e is “PPPo E (Us ern ame/ Pas s wo rd )”. Th e GUI will
p ro mp t y o u fo r au t h en ticatio n, s erv ice, an d co nnect io n s et tin gs in o rd er t o es t ab lis h
t h e PPPo E lin k.
Fo r s o me ISP’s , mo s t p o p u lar in Jap an , t h e u s e o f “ Jap an es e M u lt ip le PPPo E” is
req u ired in o rd er t o es t ablis h co n cu rren t p rimary an d s eco ndary PPPo E co n n ect io n s
b et ween t h e DSR an d t h e ISP. Th e Primary co n n ect ion is u s ed fo r t h e b u lk o f d at a
an d in t ern et t raffic an d t h e Seco n d ary PPPo E co n n ect io n carries ISP s p ecific (i.e.
co n t ro l) t raffic b et ween t h e DSR an d t h e ISP.
39
Unified Services Router
User Manual
Figure 20 : WAN configurat io n for Japane s e M ultiple PPPoE (part 1)
Th ere are a few key elemen t s o f a mu lt ip le PPPo E co n n ect io n :
Primary an d s eco n d ary co n n ect io n s are co n cu rren t
Each s es sio n h as a DNS s erv er s ou rce fo r d o main n ame lo o ku p , t h is can b e assig ned b y
t h e ISP o r co n fig u red t h ro u g h t h e GUI
Th e DSR act s as a DNS p ro xy fo r LA N u s ers
On ly HTTP req u es ts t h at s pecifically id en t ify t h e s econd ary co nnectio n’s d o main n ame
(fo r examp le * .flet s ) will u s e t h e s eco n d ary p ro file t o acces s t h e co n t en t av ailab le
t h ro u g h t h is s econ dary PPPo E t ermin al. A ll o t h er HTTP / HTTPS req u es ts g o t h ro u g h
t h e p rimary PPPo E co n n ect io n .
40
Unified Services Router
User Manual
W h en Jap anese mu lt ip le PPPo E is co n fig u red an d s eco ndary con nect ion is u p , so me p red efin ed
ro u t es are ad ded o n t hat in t erface. Th ese ro u tes are n eeded t o access t he in t ern al d o main o f t h e
ISP wh ere h e h o s t s v ario us s erv ices . Th es e ro u t es can ev en b e co n fig u red t h ro u g h t h e s t at ic
ro u t in g p ag e as well.
Figure 21 : WAN configurat io n for M ultiple PPPoE (part 2)
3.2.5 Russia L2TP and PPTP W AN
Fo r Ru s s ia L2TP W A N co n n ect io n s , y o u can ch o o s e t h e ad d res s mo d e o f t h e
co n n ect io n t o g et an IP ad d res s fro m t h e ISP o r co n fig u re a s t at ic IP ad d res s
p ro v id ed b y t h e ISP. Fo r DHCP clien t co n n ect io n s , y o u can ch o o s e t h e M A C
ad d res s o f t h e ro u t er t o reg ist er wit h t h e ISP. In s o me cas es y o u may n eed t o clo n e
t h e LA N h o s t ’s M A C ad d res s if t h e ISP is reg is t er ed wit h t h at LA N h o s t .
41
Unified Services Router
User Manual
Figure 22 : Rus s ia L2TP ISP configurat io n
3.2.6 Russia Dual Access PPPoE
Fo r Ru s s ia d u al access PPPo E co n n ectio ns, y o u can ch oose t h e ad dres s mo d e o f t h e
co n n ect io n t o g et an IP ad d res s fro m t h e ISP o r co n fig u re a s t at ic IP ad d res s
p ro v id ed b y t h e ISP.
42
Unified Services Router
User Manual
Figure 23 : Rus s ia Dual acce s s PPPoE configuratio n
3.2.7 W AN Configuration in an IPv 6 Network
Advanced > IPv6 > IPv6 WAN1 Config
Fo r IPv 6 W A N co n n ect io n s , t h is ro u t er can h av e a s t at ic IPv 6 ad d res s o r receiv e
co n n ectio n in fo rmat io n wh en co nfig ured as a DHCPv 6 clien t . In t h e cas e wh ere t h e
ISP as s ig n s y o u a fixed ad d res s t o acces s t h e in t ern et , t h e s t at ic co n fig u rat io n
s et t in gs mu s t b e co mp leted. In ad d it ion t o t h e IPv 6 ad d ress as sign ed t o y o u r ro u t er,
t h e IPv 6 p refix len g t h d efin ed b y t h e ISP is n eed ed . Th e d efau lt IPv 6 Gat eway
ad d res s is t h e s erv er at t h e ISP t h at t h is ro u t er will co n n ect t o fo r acces s in g t h e
in t ern et . Th e p rimary an d s eco n d ary DNS s erv ers o n t h e ISP’s IPv 6 n et wo rk are
u s ed fo r res o lvin g in t ernet ad d resses, and t h ese are p ro vid ed alo ng wit h t h e s tat ic IP
ad d res s an d p refix len g t h fro m t h e ISP.
W h en t h e ISP allo ws y o u t o o b t ain t h e W A N IP s et t in g s v ia DHCP, y o u n eed t o
p ro v id e d et ails fo r t h e DHCPv 6 clien t co n fig u rat io n . Th e DHCPv 6 clien t o n t h e
g at eway can b e eit her s tateless o r s t ateful. If a s t at eful clien t is s elected t h e g at eway
will co n n ect t o t h e ISP’s DHCPv 6 s erv er fo r a leas ed ad d res s . Fo r s t at eles s DHCP
43
Unified Services Router
User Manual
t h ere n eed n o t b e a DHCPv 6 s erv er av ailab le at t h e ISP, rat h er ICM Pv 6 d is co v er
mes s ag es will o rig in at e fro m t h is g at eway an d will b e u s ed fo r au t o co nfig u rat ion. A
t h ird o p t io n t o s p ecify t h e IP ad d res s an d p refix len g t h o f a p referred DHCPv 6
s erv er is av ailab le as well.
Figure 24 : IPv6 WAN Se tup page
Prefix Deleg at io n : Select t his o pt ion t o req uest ro ut er ad v ert isemen t p refix fro m an y
av ailab le DHCPv 6 s erv ers a vailab le o n t h e ISP, t h e o b tain ed p refix is u p d at ed t o t he
ad v ert is ed p refixes o n t h e LA N s id e. Th is o pt ion can b e s elect ed o n ly in St at es les s
A d d res s A u t o Co n fig u rat io n mo d e o f DHCPv 6 Clien t .
W h en IPv 6 is PPPo E t y p e, t h e fo llo win g PPPo E field s are en ab le d .
Us ern ame: En t er t h e u s ern ame req u ired t o lo g in t o t h e ISP.
44
Unified Services Router
User Manual
Pas s wo rd : En t er t h e p as s wo rd req u ired t o lo g in t o t h e ISP.
A u t h ent icat ion Ty pe: Th e t y pe o f A u t hent icatio n in u se b y t he p ro file: A u to Neg o t iat e/ PA P/ CHA P/ M S-CHA P/ M S-CHA Pv 2.
Dh cp v 6 Op t io n s : Th e mo d e o f Dh cp v 6 clien t t h at will s t art in t h is mo d e:
d is ab le d h cpv6/ stateless d hcpv6/ stateful d h cpv 6/st at eless d h cp v6 wit h p refix
d eleg at io n .
Primary DNS Serv er: En t er a v alid p rimary DNS Serv er IP A d d res s .
Seco n d ary DNS Serv er: En t er a v alid s eco n d ary DNS Serv er IP A d d res s .
Click Sav e Set t in g s t o s av e y o u r ch an g es .
3.2.8 Checking W AN Status
Setup > Internet Settings > WAN 1 Status
Th e s t at us an d s u mmary o f co n fig u red sett in g s fo r b o t h W A N1 , W A N2 an d W A N3
are av ailab le o n t h e W A N St at us p age. Yo u can v iew t h e fo llo win g key co n n ect io n
s t at u s in fo rmat io n fo r each W A N p o rt :
Co n n ect io n t ime : Th e co n n ect io n u p t ime
Co n n ect io n t y p e: Dy n amic IP o r St at ic IP
Co n n ect io n s tate: Th is is wh et her t h e W AN is co n n ected o r d is con n ect ed t o
an ISP. Th e Lin k St at e is wh et h er t h e p h y s ical W A N co n n ect io n in p lace;
t h e Lin k St at e can b e UP (i.e. cab le in s ert ed ) wh ile t h e W A N Co n n ect io n
St at e is d o wn .
IP ad d res s / s u b n et mas k: IP A d d res s as s ig n ed
Gat eway IP ad d res s : W A N Gat eway A d d res s
45
Unified Services Router
User Manual
Figure 25 : Conne ction Status inform at io n for both WAN ports
Th e W A N s t at us p age allo ws y ou t o En ab le o r Dis ab le s t at ic W A N lin ks . Fo r W A N
s et t in gs t h at are d y namically receiv ed fro m t h e ISP, y o u can Ren ew o r Releas e t h e
lin k p aramet ers if req u ired .
46
Unified Services Router
User Manual
3.3 Bandwidth Controls
Advanced > Advanced Network > Traffic Management > Bandwidth Profiles
Ban d wid t h p ro files allo w y o u t o reg u late t h e t raffic flo w fro m t h e LA N t o W A N 1 o r
W A N 2. Th is is u s efu l t o en s u re t h at lo w p rio rit y LA N u s ers (l ike g u es t s o r HTTP
s erv ice) d o n o t mo n o p o lize t h e av ailab le W A N’s b an d wid t h fo r co s t -s av in g s o r
b an d wid t h -p rio rit y -allo cat io n p u rp o s es .
Ban d wid t h p ro files co nfig uratio n co nsis ts o f en ab lin g t h e b an d wid t h co n t ro l feat u re
fro m t h e GUI an d ad d in g a p ro file wh ich d efin es t h e co n t ro l p aramet ers . Th e p ro file
can t h en b e asso ciat ed wit h a t raffic s electo r, so t h at b an dwid th p ro file can b e ap p lied
t o t h e t raffic mat ch in g t h e s elect o rs . Select o rs are elemen t s like IP ad d res s es o r
s erv ices t h at wo u ld t rig g er t h e co n fig u red b an d wid t h reg u lat io n .
Figure 26 : Lis t of Configure d B andwi dt h Profile s
To creat e a n ew b an d wid t h p ro file, click A d d in t h e Lis t o f Ban d wid t h Pro files . Th e
fo llo win g co n fig u rat io n p aramet ers are u s ed t o d efin e a b an d wid t h p ro file:
Pro file Name: Th is id en t ifier is u s ed t o as s o ciat e t h e co n fig u red p ro file t o t h e
t raffic s elect o r
Yo u can ch o o s e t o limit t h e b an d wid t h eit h er u s in g p rio rit y o r rat e.
If u s in g p rio rit y “Lo w” , “Hig h ”, an d “ M ed iu m” can b e s elect ed . If t h ere
is a lo w p rio rit y p ro file as s o ciat ed wit h t raffic s elect o r A an d a h ig h
p rio rit y p ro file as s o ciat ed wit h t raffic s elect o r B, t h en t h e W A N
b an d wid t h allo cat io n p referen ce will b e t o t raffic s elect o r B p acket s .
47
Unified Services Router
User Manual
Fo r fin er co n t ro l, t h e Rat e p ro file t y pe can b e u s ed . W it h t h is o p t io n t h e
min imu m an d maximu m b an d wid t h allo wed b y t h is p ro file can b e limit ed .
Ch o o s e t h e W A N in t erface t h at t h e p ro file s h o u ld b e as s o ciat ed wit h .
Figure 27 : B andwid t h Profile Configurat io n page
Advanced > Advanced Network > Traffic Management > Traffic Selectors
On ce a p ro file h as b een creat ed it can t h en b e as s o ciat ed wit h a t raffic flo w fro m t h e
LA N t o W A N. To creat e a t raffic s elect o r, click A d d o n t h e Traffic Select o rs p ag e.
Traffic s elect or co n fig uratio n b in d s a b an d wid t h p ro file t o a t y p e o r s o u rce o f LA N
t raffic wit h t h e fo llo win g s et t in g s :
A v ailab le p ro files : A s s ig n o n e o f t h e d efin ed b an d wid t h p ro file s
Serv ice: Yo u can h av e t h e s elect ed b an d wid t h reg u lat io n ap p ly t o a s p ecific
s erv ice (i.e. FTP) fro m t h e LA N. If y o u d o n o t s ee a s ervice t h at y ou wan t , y o u
can co n fig u re a cu sto m s erv ice t h rou gh t h e Advanced > Firewall Settings >
Custom Services p age. To h ave t h e p ro file ap p ly t o all s erv ices , s elec t A NY.
Traffic Select o r M at ch Ty p e: t h is d efin es t h e p aramet er t o filt er ag ain s t wh en
ap p ly in g t h e b an d wid t h p ro file. A s p ecific mach in e o n t h e LA N can b e
id en t ified v ia IP ad d res s o r M A C ad d res s , o r t h e p ro file can ap p ly t o a LA N
p o rt o r VLA N g ro u p . A s well a wireles s n et wo rk can b e s elect ed b y it s BSSID
fo r b an d wid t h s h ap in g .
48
Unified Services Router
User Manual
Figure 28 : Traffi c Se le ctor Configu rat io n
3.4 Features with Multiple WAN Links
Th is ro u t er s u p p o rt s mu lt ip le W A N lin ks . Th is allo ws y o u t o t ake ad v an t ag e o f
failo v er an d lo ad b alan cing featu res t o en sure certain in t ern et d epend en t s erv ices are
p rio rit ized in t h e ev en t o f u n s t ab le W A N co n n ect iv it y o n o n e o f t h e p o rt s .
Setup > Internet Settings > WAN Mode
To u s e A u t o Failo v er o r Lo ad Balan cin g , W A N lin k failu re d et ect io n mu s t b e
co n fig u red. Th is in v olv es accessin g DNS s erv ers o n t h e in t ern et o r p in g t o an in t ernet
ad d res s (u s er d efin ed ). If req u ired , y o u can co n fig u re t h e n u mb er o f ret ry at t emp t s
wh en t h e lin k s eems t o b e d is con nect ed o r t h e t h reshold o f failu res t h at d et ermin es if
a W A N p o rt is d o wn .
3.4.1 Auto Failov er
In t h is cas e o n e o f y o u r W A N p o rt s is as s ig n ed as t h e p rimary in t ern et lin k fo r all
in t ern et t raffic. Th e s econ dary W A N p o rt is u s ed fo r red un dancy in cas e t h e p rimary
lin k g o es d o wn fo r an y reaso n . Bo t h W A N p o rt s (p rimary an d s eco n d ary ) mu s t b e
co n fig u red t o co n n ect t o t h e res p ect iv e ISP’s b efo re en ab lin g t h is feat u re. Th e
s eco n d ary W A N p o rt will remain u n co n n ect ed u n t il a failu re is d et ect ed o n t h e
p rimary lin k (eit h er p o rt can b e as sign ed as t h e p rimary ). In t h e ev en t o f a failu re o n
t h e p rimary p o rt , all in t ern et t raffic will b e ro lled o v er t o t h e b acku p p o rt . W h en
co n fig u red in A u t o Failo v er mo d e, t h e lin k s t at u s o f t h e p rimary W A N p o rt is
ch ecked at reg u lar in t erv als as d efin ed b y t h e failu re d et ect io n s et t in g s .
49
Unified Services Router
User Manual
No t e t h at b o th W AN1, W A N2 an d W A N3 can b e co nfig ured as t h e p rimary in t ern et
lin k.
A u t o -Ro llo v er u s in g W A N p o rt
Primary W A N: Select ed W A N is t h e p rimary lin k ( W A N1/ W A N2/ W A N3)
Seco n d ary W A N: Select ed W A N is t h e s eco n d ary lin k.
Failo v er Det ect io n Set tin gs: To ch eck co nn ectiv it y o f t h e p rimary in t ern et lin k, o n e
o f t h e fo llo win g failu re d et ect io n met h o d s can b e s elect ed :
DNS lo o ku p u s in g W A N DNS Serv ers : DNS Lo o ku p o f t h e DNS Serv ers o f
t h e p rimary lin k are u s ed t o d et ect p rimary W A N co n n ect iv it y .
DNS lo o ku p u s in g DNS Serv ers : DNS Lo o ku p o f t h e cu s t o m DNS Serv ers
can b e s p ecified t o ch eck t h e co n n ect iv it y o f t h e p rimary lin k.
Pin g t h es e IP ad d res s es : Th es e IP's will b e p in g ed at reg u lar in t erv als t o
ch eck t h e co n n ect iv it y o f t h e p rimary lin k.
Ret ry In t erv al is : Th e n u mb er t ells t h e ro u t er h o w o ft en it s h o u ld ru n t h e
ab o v e co n fig u red failu re d et ect io n met h o d .
Failo v er aft er: Th is s et s t h e n u mb er o f ret ries aft er wh ich failo v er is
in it iat ed .
3.4.2 Load Balancing
Th is feat u re allo ws y o u t o u se mu lt ip le W A N lin ks (an d p res u mab ly mu lt ip le ISP’s )
s imu lt an eo u s ly . A ft er co n fig u rin g mo re t h an o n e W A N p o rt , t h e lo ad b alan cin g
o p t io n is av ailab le t o carry t raffic o v er mo re t h an o n e lin k. Pro t o co l b in d in g s are
u s ed t o s eg reg at e an d as s ig n s erv ices o v er o n e W A N p o rt in o rd er t o man ag e
in t ern et flo w. Th e co n fig ured failu re d et ect ion met h od is u sed at reg ular in t erv als on
all co n fig u red W A N p o rt s wh en in Lo ad Balan cin g mo d e.
DSR cu rren t ly s u p p o rt t h ree alg o rit h ms fo r Lo ad Bal an cin g :
Round Robi n: Th is alg o rit h m is p art icu larly u s efu l wh en t h e co n n ect io n s p eed o f
o n e W A N p o rt g reat ly d iffers fro m an o t h er. In t h is cas e y o u can d efin e p ro t o co l
b in d in g s t o ro u t e lo w-lat en cy s erv ices (s u ch as VOIP) o v er t h e h ig h er -s p eed lin k
an d let lo w-v o lu me b ackg ro u nd t raffic (s u ch as SM TP) g o o v er t h e lo wer s p eed lin k.
Pro t o co l b in d in g is exp lain ed in n ext s ect io n .
S pi l l Over : If Sp ill Ov er met h o d is s elect ed , W A N1 act s as a d ed icat ed lin k t ill a
t h res h old is reached. A ft er t h is , W A N2 will b e u s e d fo r n ew co n n ect io n s . Yo u can
co n fig u re s p ill-o v er mo d e b y u s in g fo llo win g o p t io n s :
Lo ad To leran ce: It is t h e p ercen t ag e o f b an d wid t h aft er wh ich t h e ro u t er
s wit ch es t o s eco n d ary W A N.
M ax Ban d wid t h : Th is s et s t h e maximu m b an d wid t h t o lerab le b y t h e p rimary
W A N.
If t h e lin k b an d wid t h g o es ab o v e t h e lo ad t o leran ce v alu e o f max b an d wid t h , t h e
ro u t er will s p ill-o v er t h e n ext co n n ect io n s t o s eco n d ary W A N.
Fo r examp le, if t h e maximu m b an d wid t h o f p rimary W A N is 1 Kb p s an d t h e lo ad
t o leran ce is s et t o 70. No w ev ery t ime a n ew co n n ect io n is es t ab lis h ed t h e
b an d wid t h in creases. A ft er a cert ain n u mb er o f co n nect ions s ay b an d wid t h reach ed
50
Unified Services Router
User Manual
70% o f 1Kb p s , t h e n ew co n n ect io n s will b e s p illed -o v er t o s eco n d ary W A N. Th e
maximu m v alu e o f lo ad t o leran ce is 80 an d t h e leas t is 20.
Protocol B i ndi ng s : Refer Sect io n 3.4.3 fo r d et ails
Lo ad b alan cin g is p art icularly u sefu l wh en t h e co n n ect io n s p eed o f o n e W A N p o rt
g reat ly d iffers fro m an o t h er. In t h is case y o u can d efin e p ro t o co l b in d in g s t o ro u t e
lo w-lat en cy s ervices (s uch as VOIP) o v er t h e h ig h er -s p eed lin k an d let lo w-v o lu me
b ackg ro u n d t raffic (s u ch as SM TP) g o o v er t h e lo wer s p eed lin k.
51
Unified Services Router
User Manual
Figure 29 : Load B alancing is available whe n multiple WAN ports are
configure d and Protocol B indings have be e n de fine d
3.4.3 Protocol Bindings
Advanced > Routing > Protocol Bindings
Pro t o co l b in d in gs are req uired wh en t h e Lo ad Balan cin g feat ure is in u s e. Ch o o s in g
fro m a lis t o f co n fig u red s erv ices o r an y o f t h e u s er-d efin ed s erv ices , t h e t y p e o f
t raffic can b e as s ig n ed t o g o o v er o n ly o n e o f t h e av ailab le W A N p o rt s . Fo r
in creas ed flexib ilit y t h e s o u rce n et work o r mach in es can b e s p ecified as well as t h e
d es t in at io n n et wo rk o r mach in es . Fo r examp le t h e VOIP t raffic fo r a s et o f LA N IP
ad d res ses can b e assig ned t o o n e W A N an d an y VOIP t raffic fro m t h e remain in g IP
52
Unified Services Router
User Manual
ad d res s es can b e as s ig n ed t o t h e o t h er W A N lin k. Pro t o co l b in d in g s are o n ly
ap p licab le wh en lo ad b alan cin g mo d e is en ab led an d mo r e t h an o n e W A N is
co n fig u red .
Figure 30 : Protocol binding s e tup to as s ociate a s e rvice and/or LAN
s ource to a WAN and/or de s tination ne twork
3.5 Routing Configuration
Ro u t in g b et ween t h e LA N an d W A N will imp act t h e way t h is ro u t er h an d les t raffic
t h at is receiv ed o n an y o f it s p h ysical in t erfaces. Th e ro u t in g mo d e o f t h e g at eway is
co re t o t h e b eh av io u r o f t h e t raffic flo w b et ween t h e s ecu re LA N an d t h e in t ern et .
3.5.1 Routing Mode
Setup > Internet Settings > Routing Mode
Th is d ev ice s u p p o rt s clas s ical ro u t in g , n et wo rk ad d res s t ran s lat io n (NA T), an d
t ran s p o rt mo d e ro u t in g .
W it h clas s ical ro u t ing , d evices o n t h e LA N can b e d irect ly acces s ed fro m t h e
in t ern et b y t heir p u b lic IP ad d resses (as sumin g ap pro priat e firewall s et t in gs). If
y o u r ISP h as as s ig n ed an IP ad d res s fo r each o f t h e co mp u t ers t h at y o u u s e,
s elect Clas s ic Ro u t in g .
53
Unified Services Router
User Manual
NA T is a t ech n iq u e wh ich allo ws s ev eral co mp u t ers o n a LA N t o s h are an
In t ern et co n n ect io n . Th e co mp u t ers o n t h e LA N u s e a " p riv at e" IP ad d res s
ran g e wh ile t h e W A N p o rt o n t h e ro u ter is co n figu red wit h a s in g le " p u b lic" IP
ad d res s. A lo ng wit h co n nectio n s harin g, NA T als o h id es in t ern al IP ad d res s es
fro m t h e co mp u t ers o n t h e In t ern et . NA T is req u ired if y o u r ISP h as as s ig n ed
o n ly o n e IP ad d res s t o y o u. Th e co mp u te rs t hat co n nect t h ro u g h t h e ro u t er will
n eed t o b e as s ig n ed IP ad d res s es fro m a p riv at e s u b n et .
Tran s p aren t ro u t in g b et ween t h e LA N an d W A N d o es n o t p erfo rm NA T.
Bro ad cas t an d mu lt icast p ackets t h at arriv e o n t h e LA N in t erface are s wit ch ed
t o t h e W A N an d v ice v ers a, if t h ey d o n o t g et filt ered b y firewall o r VPN
p o licies . To main t ain t h e LA N an d W A N in t h e s ame b ro ad cas t d o main s elect
Tran s p aren t mo d e , wh ich allo ws b rid g ing o f t raffic fro m LA N t o W A N an d v ice
v ers a, excep t fo r ro u t er-t ermin at ed t raffic an d o t h er man ag emen t t raffic . A ll
DSR feat u res (su ch as 3G mo d em s u p p o rt ) are s u p p o rt ed in t ran s p aren t mo d e
as s u min g t h e LA N an d W A N are co n fig u red t o b e in t h e s ame b ro ad cas t
d o main .
NA T ro u t in g h as a feat u re called “NA T Hair -p in nin g” t h at allo ws in t ern al n e t wo rk
u s ers o n t h e LA N an d DM Z t o access in t ern al s erv ers (eg . an in t ern al FTP s erv er)
u s in g t h eir ext ern ally -kn o wn d o main n ame. Th is is als o referred t o as “NA T
lo o p b ack” s ince LA N g en erat ed t raffic is red irect ed t h ro u g h t h e firewall t o reach
LA N s erv ers b y t h eir ext ern al n ame.
54
Unified Services Router
User Manual
Figure 31 : Routing M ode is us e d to configure traffic routing be twe e n
WAN and LAN, as we ll as Dynamic routing (RIP)
55
Unified Services Router
User Manual
3.5.2 Dynamic Routing (RIP)
DSR- 150/ 150N/ 250/ 250N d o es n o t s u p p o rt RIP.
Setup > Internet Settings > Routing Mode
Dy n amic ro u t in g u s in g t h e Ro u t in g In fo rmat io n Pro t o co l (RIP) is an In t erio r
Gat eway Pro t o co l (IGP) t h at is co mmo n in LA Ns . W it h RIP t h is ro u t er can exchange
ro u t in g in fo rmat io n wit h o t her s upp orted ro u ters in t h e LA N an d allo w fo r d y n amic
ad ju s t men t o f ro u t in g t ables in o rd er t o ad ap t t o mo d ificat io n s in t h e LA N wit h o u t
in t erru p t in g t raffic flo w.
Th e RIP d irect io n will d efin e h o w t h is ro u t er s en d s an d receiv es RIP p acket s .
Ch o o s e b et ween :
Bo t h : Th e ro u t er b o t h b ro ad cas t s it s ro u t in g t ab le an d als o p ro ces s es RIP
in fo rmat io n receiv ed fro m o t h er ro u ters. Th is is t h e recommen d ed s et t in g in
o rd er t o fu lly u t ilize RIP cap ab ilit ies .
Ou t On ly : Th e ro u t er b ro adcasts it s ro u t in g t ab le p erio d ically b u t d o es n o t
accep t RIP in fo rmat io n fro m o t h er ro u t ers .
In On ly : Th e ro u t er accept s RIP in fo rmat io n fro m o t h er ro u t ers, b u t d o es not
b ro ad cas t it s ro u t in g t ab le.
No n e: Th e ro u t er n eit h er b ro ad cas t s it s ro u t e t ab le n o r d o es it accep t an y
RIP p acket s fro m o t h er ro u t ers . Th is effect iv ely d is ab les RIP.
Th e RIP v ers io n is d ep en d en t o n t h e RIP s u p p o rt o f o t h er ro u t in g
d ev ices in t h e LA N.
Dis ab led : Th is is t h e s et t in g wh en RIP is d is ab led .
RIP-1 is a clas s -b as ed ro u t in g v ers io n t h at d o es n o t in clu d e s u b n et
in fo rmat io n . Th is is t h e mo s t co mmo n ly s u p p o rt ed v ers io n .
RIP-2 in clu d es all t h e fu n ct io n alit y o f RIPv 1 p lu s it s u p p o rt s s u b n et
in fo rmat io n . Th o u g h t h e d at a is s en t in RIP -2 fo rmat fo r b o t h RIP-2B an d
RIP-2M , t h e mo d e in wh ich p acket s are s en t is d ifferen t. RIP-2B b ro ad cas t s
d at a in t h e en t ire s u b n et wh ile RIP-2M s en d s d at a t o mu lt icas t ad d res s es .
If RIP-2B o r RIP-2M is t h e s elect ed v ersio n, au th en ticat io n b etween t h is ro u t er an d
o t h er ro u t ers (co n fig u red wit h t h e s ame RIP v ers io n ) is req u ired . M D5
au t h en ticat io n is u sed in a firs t / s eco n d key exch an g e p ro ces s . Th e au t h en t icat io n
key v alid it y lifet imes are co n fig u rab le t o en s u re t h at t h e ro u t in g in fo rmat io n
exch an g e is wit h cu rren t an d s u p p o rt ed ro u t ers d et ect ed o n t h e LA N.
56
Unified Services Router
User Manual
3.5.3 Static Routing
Advanced > Routing > Static Routing
Advanced > IPv6 > IPv6 Static Routing
M an u ally ad d ing s tatic ro u tes t o t h is d evice allo ws y o u t o d efin e t h e p at h s elect io n
o f t raffic fro m o n e in t erface t o an o t h er. Th ere is n o co mmu n icat io n b et ween t h is
ro u t er an d o t h er d ev ices t o acco u n t fo r ch an g es in t h e p at h ; o n ce co n fig u red t h e
s t at ic ro u t e will b e act iv e an d effect iv e u n t il t h e n et wo rk ch an g es .
Th e Lis t o f St at ic Ro u t es d is play s all ro u t es t h at h av e b een ad d ed man u ally b y an
ad min is t rat o r an d allo ws s ev eral o p erat io n s o n t h e s t at ic ro u t es . Th e Lis t o f IPv 4
St at ic Ro u t es an d Lis t o f IPv 6 St at ic Ro u t es s h are t h e s ame field s (wit h o n e
excep t io n ):
Name: Name o f t h e ro u t e, fo r id en t ificat io n an d man ag emen t .
A ct iv e: Det ermin es wh et her t h e ro u t e is act iv e o r in act iv e. A ro u t e can b e
ad d ed t o t h e t able an d mad e in act ive, if n o t n eeded. Th is allo ws ro u t es t o b e
u s ed as n eeded wit h o ut d eletin g an d re -ad din g t h e en try . A n in activ e ro ute is
n o t b ro ad cas t if RIP is en ab led .
Priv at e: Det ermin es wh et h er t he ro u te can b e s hared wit h o t her ro u ters wh en
RIP is en ab led . If t h e ro u t e is mad e p riv at e , t h en t he ro u te will n o t b e s h ared
in a RIP b ro ad cas t o r mu lt icas t . Th is is o n ly ap p licab le fo r IPv 4 s t at ic
ro u t es .
Des t in at io n : t h e ro u t e will lead t o t h is d es t in at io n h o s t o r IP ad d res s .
IP Su b n et M as k: Th is is v alid fo r IPv 4 n et wo rks o n ly , an d id en t ifies t h e
s u b n et t h at is affect ed b y t h is s t at ic ro u t e
In t erface: Th e p h ysical n et wo rk in t erface (W A N1, W A N2, W A N3, DM Z o r
LA N), t h ro u g h wh ich t h is ro u t e is acces s ib le.
Gat eway : IP a d d ress o f t h e g ateway t h ro u g h wh ich t h e d es t in at io n h o s t o r
n et wo rk can b e reach ed .
M et ric: Det ermin es t h e p rio rit y o f t h e ro u t e. If mu lt ip le ro u t es t o t h e s ame
d es t in at io n exis t , t h e ro u t e wit h t h e lo wes t met ric is ch o s en .
57
Unified Services Router
User Manual
Figure 32 : Static route configurat io n fie lds
3.5.4 OSPFv 2
Advanced > Routing > OSPF
OSPF is an in t erio r g at eway p ro t ocol t h at ro u tes In ternet Pro t o col (IP) p acket s s o lely
wit h in a s in g le ro u t ing d omain . It g at h ers lin k s t at e in fo rmat io n fro m av ailab le ro uters
an d co n s t ru ct s a t o p o lo g y map o f t h e n et wo rk.
OSPF v ers io n 2 is a ro u t in g p ro to co l wh ich d es crib ed in RFC2328 - OSPF Vers io n 2.
OSPF is IGP (In t erio r Gat eway Pro t o co ls ).OSPF is wid ely u s ed in larg e n et wo rks
s u ch as ISP b ackb o n e an d en t erp ris e n et wo rks .
58
Unified Services Router
User Manual
Figure 33 : OSPFv2 configure d parame te rs
In t erface : Th e p h y s ical n et wo rk in t erface o n wh ich OSPFv 2 is En ab led / Dis ab led .
St at u s : Th is co lu mn d is p lay s t h e En ab le/ Dis ab le s t at e o f OSPFv 2 fo r a p art icu lar
in t erface.
A rea: Th e area t o wh ich t h e in t erface b elo n g s . Two ro u t ers h av in g a co mmo n
s eg men t ; t h eir in t erfaces h av e t o b elo n g t o t h e s ame area o n t h at s eg men t . Th e
in t erfaces s h o u ld b elo n g t o t h e s ame s u b n et an d h av e s imilar mas k.
Prio rit y : Help s t o d et ermin e t h e OSPFv 2 d es ig nated ro u t er fo r a n et wo rk. Th e ro u t er
wit h t h e h ig h es t p rio rit y will b e mo re elig ib le t o b eco me Des ig n at ed Ro u t er. Set t in g
t h e v alu e t o 0, makes t h e ro u t er in elig ib le t o b eco me Des ig n at ed Ro u t er. Th e d efau lt
v alu e is 1.Lo wer v alu e mean s h ig h er p rio rit y .
Hello In t erv al: Th e n u mb er o f s eco n d s fo r Hello In t erv al t imer v alu e . Set t in g t h is
v alu e, Hello p acket will b e s en t ev ery t imer v alu e s eco nds o n t h e s p ecified in t erface.
Th is v alu e mu s t b e t h e s ame fo r all ro u t ers at t ach ed t o a co mmo n n et wo rk. Th e
d efau lt v alu e is 10 s eco n d s .
Dead In t erv al: Th e n u mb er o f s econ ds t h at a d evice’s h ello p acket s mu s t n o t h ave been
s een b efo re it s n eig h b o u rs d eclare t h e OSPF ro u t er d o wn . Th is v alu e mu s t b e t h e
s ame fo r all ro u t ers at tach ed t o a co mmo n n et wo rk. Th e d efau lt v alu e is 40 s eco n d s .
OSPF req u ires t h ese in t erv als t o b e exact ly t h e s ame b et ween t wo n eig h b o u rs . If an y
o f t h es e in t erv als are d ifferen t , t h es e ro u t ers will n o t b eco me n eig h b o u rs o n a
p art icu lar s eg men t
Co s t : Th e co s t o f s en d in g a p acket o n an OSPFv 2 in t erface.
A u t h ent icat ion Ty pe:. Th is co lu mn d is play s t he t y pe o f au t h en t icat io n t o b e u s ed fo r
OSPFv 2.If A u t h en t icat io n t y p e is n o n e t h e in t erface d o es n o t au t h en t icat e o s p f
p acket s . If A u t hent icatio n Ty pe is Simp le t h en o s p f p acket s are au t h en t icat ed u s in g
s imp le t ext key . If A u t h enticatio n Ty p e is M D5 t h en t h e in t erface au t h en t ica t es o s p f
p acket s wit h M D5 au t h en t icat io n .
59
Unified Services Router
User Manual
Figure 34 : OSPFv2 configurat io n
3.5.5 OSPFv 3
Advanced > IPv6 > OSPF
Op en Sh o rt es t Pat h Firs t v ers io n 3 (OSPFv 3) s u p p o rt s IPv 6 . To en ab le an OSPFv 3
p ro ces s o n a ro u t er, y o u n eed t o en ab le t h e OS PFv 3 p ro ces s g lo b ally , as s ig n t h e
OSPFv 3 p ro ces s a ro u t er ID, an d en ab le t h e OSPFv 3 p ro ces s o n relat ed in t erfaces
60
Unified Services Router
User Manual
Figure 35 : OSPFv3 configure d parame te rs
In t erface: Th e p h y s ical n et wo rk in t erface o n wh ich OSPFv 3 is En ab led / Dis ab led .
St at u s : Th is co lu mn d is p lay s t h e En ab le/ Dis ab le s t at e o f OSPFv 3 fo r a p art icu lar
in t erface.
Prio rit y : Help s t o d et ermin e t h e OSPFv 3 d es ig nated ro u t er fo r a n et wo rk. Th e ro u t er
wit h t h e h ig h es t p rio rit y will b e mo re elig ib le t o b eco me Des i g n at ed Ro u t er. Set t in g
t h e v alu e t o 0, makes t h e ro u t er in elig ib le t o b eco me Des ig n at ed Ro u t er. Th e d efau lt
v alu e is 1.Lo wer Valu e mean s h ig h er p rio rit y .
Hello In t erv al: Th e n u mb er o f s eco n d s fo r Hello In t erv al t imer v alu e. Set t in g t h is
v alu e, Hello p acket will b e s en t ev ery t imer v alu e s eco nds o n t h e s p ecified in t erface.
Th is v alu e mu s t b e t h e s ame fo r all ro u t ers at t ach ed t o a co mmo n n et wo rk. Th e
d efau lt v alu e is 10 s eco n d s .
Dead In t erv al: Th e n u mb er o f s econ ds t h at a d evice’s h ello p acket s mu s t n o t h ave bee n
s een b efo re it s n eig hbo urs d eclare t h e OSPF ro u t er d o wn .This v alue mu s t b e t h e s ame
fo r all ro u t ers at t ach ed t o a co mmo n n et wo rk. Th e d efau lt v alu e is 40 s eco n d s .
OSPF req u ires t h ese in t erv als t o b e exact ly t h e s ame b et ween t wo n eig h b o u rs . If an y
o f t h es e in t erv als are d ifferen t , t h es e ro u t ers will n o t b eco me n eig h b o u rs o n a
p art icu lar s eg men t
Co s t : Th e co s t o f s en d in g a p acket o n an OSPFv 3 in t erface.
61
Unified Services Router
User Manual
Figure 36 : OSPFv3 configurat io n
3.5.6 6to4 Tunneling
Advanced > IPv6 > 6to4 Tunneling
6t o 4 is an In t ern et t ran sitio n mech an ism fo r mig rat in g fro m IPv 4 t o IPv 6,
a s y s t em t h at allo ws IPv 6 p acket s t o b e t ran s mit t ed o v er an IPv 4
n et wo rk. Select t h e ch eck b o x t o Enabl e Automati c Tunnel i ng an d
allo w t raffic fro m an IPv 6 LA N t o b e s en t o v er a IP v 4 Op t io n t o reach a
remo t e IPv 6 n et wo rk.
62
Unified Services Router
User Manual
Figure 37 : 6 to 4 tunne ling
3.5.7 ISATAP Tunnels
Advanced > IPv6 > 6to4 Tunneling
ISA TA P (In t ra -Sit e A u t o mat ic Tu n n el A d d res s in g Pro t o co l) is an IPv 6
t ran s it io n mech an ism mean t t o t ran smit IPv 6 p acket s b etween d u al-s t ack
n o d es o n t o p o f an IPv 4 n et wo rk. ISA TA P s p ecifies an IPv 6-IPv 4
co mp at ib ilit y ad d res s fo rmat as well as a mean s fo r s it e b o rd er ro u t er
d is co v ery . ISA TAP als o s p ecifies t h e o p erat io n o f IPv 6 o v er a s p ecific
lin k lay er - t h at b ein g IPv 4 u s ed as a lin k lay er fo r IPv 6.
63
Unified Services Router
User Manual
Figure 38 : IS ATAP Tunnel s Confi g ura ti o n
ISA TA P Su b n et Prefix: Th is is t h e 64-b it s u b n et p refix t h at is as s ig n ed
t o t h e lo g ical ISA TA P s u bn et fo r t h is in t ranet. Th is can b e o b tained fro m
y o u r ISP o r in t ern et reg is t ry , o r d eriv ed fro m RFC 4193.
En d Po in t A d d ress: Th is is t h e en dpo int ad dress fo r t h e t u nn el t h at s t art s
wit h t h is ro u t er. Th e en d p o in t can b e t h e LA N in t erface (as s u min g t h e
LA N is an IPv 4 n et wo rk), o r a s p ecific LA N IPv 4 ad d res s .
IPv 4 A d d res s : Th e en d p o in t ad d res s if n o t t h e en t ire LA N.
3.6 Configurable Port - WAN Option
Th is ro u t er s up port s o ne o f t h e p hy sical p o rt s t o b e co n fig u red as a s eco n d ary W A N
Et h ern et p o rt o r a d ed icated DM Z p o rt . If t h e p o rt is s elected t o b e a s econ d ary W A N
in t erface, all co n fig u rat io n p ag es relat in g t o W A N2 are en ab led .
3.7 WAN 3 (3G) Configuration
Th is ro u t er s up port s o ne o f t h e p hy sic al p o rt s W AN3 t o b e co n fig ured fo r 3G in t ern et
acces s.
Setup > Internet Settings > WAN 3 Setup
W A N3 co n fig u rat io n fo r t h e 3G USB mo d em is av ailab le o n ly o n W A N 3 in t erface.
Th ere are a few key elemen t s o f W A N 3 co n fig u rat io n .
Reco n n ect M o d e: Sele ct o n e o f t h e fo llo win g o p t io n s
o
A lway s On : Th e co n n ect ion is alway s o n . Us ern ame: En t er t h e u s ern ame
req u ired t o lo g in t o t h e ISP.
64
Unified Services Router
o
User Manual
On Deman d : Th e co n n ect io n is au t o mat ically en d ed if it is id le fo r a
s p ecified n u mb er o f min u t es . En t er t h e n u mb er o f min u t es in t h e
M aximu m Id le Time field . Th is feat u re is u s efu l if y o u r ISP ch arg es y o u
b as ed o n t h e amo u n t o f t ime t h at y o u are co n n ect ed .
Pas s wo rd : En t er t h e p as s wo rd req u ired t o lo g in t o t h e ISP.
Dial Nu mb er: En t er t h e n u mb er t o d ial t o t h e ISP.
A u t h en t icat io n Pro t o co l: Select o n e o f No n e, PA P o r CHA P A u t h en t icat io n
Pro t o co ls t o co n n ect t o t h e ISP.
A PN: En t er t h e A PN (A cces s Po in t Name) p ro v id ed b y t h e ISP.
Domai n Name S ys tem (DNS ) S ervers
Do main n ame s erv ers (DNS) co n v ert In t ern et n ames s u ch as www.d lin k.co m, t o
IP ad d res s es t o ro u t e t raffic t o t h e co rrect res o u rces o n t h e In t ern et . If y o u
co n fig u re y o u r ro u t er t o g et an IP ad d res s d y n amically fro m t h e ISP, t h en y o u
n eed t o s p ecify t h e DNS s erv er s o u rce in t h is s ect io n .
DNS Serv er So u rce: Ch o o s e o n e o f t h e fo llo win g o p t io n s :
o
Get Dy n amically fro m ISP: Ch o o s e t his o pt ion if y o u r ISP d id n o t as s ig n
a s t at ic DNS IP ad d res s .
o
Us e Th es e DNS Serv ers : Ch o o se t his o pt ion if y o u r ISP as s ig n ed a s t at ic
DNS IP ad d res s fo r y o u t o u s e. A ls o co mp let e t h e field s t h at are
h ig h lig h t ed wh it e in t h is s ect io n .
o
Primary DNS Serv er: En t er a v alid p rimary DNS Serv er IP A d d res s .
o
Seco n d ary DNS Serv er: En t er a v alid s eco n d ary DNS Serv er IP A d d res s .
Co n fig u rab le Po rt : Th is p age allo ws y ou t o as sig n t h e fu n ct io n alit y in t en d ed fo r
t h e Co n fig u rab le Po rt . Ch o o s e fro m t h e fo llo win g o p t io n s :
o
W A N: If t h is o p t io n is s elect ed , co n fig u re t h e W A N 3. Th e W A N M o d e
o p t io n s are n o w av ailab le as t h ere are t wo W A N p o rt s fo r t h e g at eway .
o
DM Z: If t h is o p t io n is s elect ed , y o u are ab le t o co n fig u re t h e DM Z p o rt
o n t h e DM Z Co n fig u rat io n men u .
Click Sav e Set t in g s t o s av e y o u r ch an g es .
Click Do n 't Sav e Set t in g s t o rev ert t o t h e p rev io u s s et t in g s .
65
Unified Services Router
User Manual
Figure 39 : WAN3 configurat io n for 3G inte rne t
3G W A N s u p p o rt is av ailab le o n t h e s e d u al W A N p ro d u ct s : DSR-1000 an d DSR1000N.
Cellu lar 3G in t ern et acces s is av ailab le o n W A N 3 v ia a 3G USB mo d em fo r DSR1000 an d DSR-1000N. Th e cellu lar ISP t h at p ro v id es t h e 3G d at a p lan will p ro v id e
t h e au t h enticatio n req u iremen ts t o establis h a co n n ect io n . Th e d ial Nu mb er an d A PN
are s p ecific t o t h e cellu lar carriers . On ce t he co nnectio n t y pe s et t in g s are co n f ig u red
an d s av ed, n avig ate t o t h e W AN s t at us p age ( Setup > Internet Settings > WAN 3
Status ) an d En ab le t h e W A N3 lin k t o es t ab lis h t h e 3G co n n ect io n .
3.8 WAN Port Settings
Advanced > Advanced Network > WAN Port Setup
Th e p h y s ical p o rt s et tin gs fo r each W A N lin k can b e d efin ed h ere. If y o u r ISP account
d efin es t h e W A N p o rt sp eed o r is as so ciated wit h a M A C ad d ress, t h is in fo rmat io n is
req u ired b y t h e ro u t er t o en s u re a s mo o t h co n n ect io n wit h t h e n et wo rk.
66
Unified Services Router
User Manual
Th e d efau lt M TU s ize s u p p o rt ed b y all p o rt s is 1500. Th is is t h e larg es t p acket s ize
t h at can p ass t h roug h t h e in t erface wit h o ut frag men t at io n. Th is s ize can b e in creas ed ,
h o wev er larg e p ackets can in t rod uce n etwo rk lag an d b rin g d own t h e in t erface s p eed .
No t e t h at a 1500 b y t e s ize p acket is t h e larg est allo w ed b y t h e Et h ernet p ro to co l at the
n et wo rk lay er.
Th e p o rt s p eed can b e s en sed b y t h e ro ut er wh en A u to is s elected. W it h t h is o p tion the
o p t imal p o rt s et t ing s are d et ermin ed b y t h e ro u t er an d n et wo rk. Th e d u p lex (h alf o r
fu ll) can b e d efin ed b ased o n t h e p o rt s up port , as well as o n e o f t h ree p o rt s p eed s : 10
M b p s , 100 M b p s an d 1000 M b p s (i.e. 1 Gb p s ). Th e d efau lt s ett in g is 100 M b p s fo r all
p o rt s .
Th e d efau lt M A C ad d res s is d efin ed d u rin g t h e man u fact u rin g p ro ces s fo r t h e
in t erfaces , and can u n iq uely id en tify t h is ro u ter. Yo u can cu st omize each W A N p o rt ’s
M A C ad d res s as n eed ed , eit h er b y let t in g t h e W A N p o rt as s u me t h e cu rren t LA N
h o s t ’s M A C ad d res s o r b y en t erin g a M A C ad d res s man u ally .
Figure 40 : Phys ical WAN port s e ttings
67
Unified Services Router
User Manual
Chapter 4. Wireless Access Point
Setup
Th is ro u t er h as an in t egrated 802.11n rad io t h at allo ws y o u t o create an access p oin t for
wireles s LA N clien t s . Th e s ecurit y/ en cry ptio n/ au thent icat io n o p t io n s are g ro u p ed in a
wireles s Pro file, an d each co n fig u red p ro file will b e av ailab le fo r s elect io n in t h e A P
co n fig u ratio n men u . Th e p ro file d efin es v ario u s p aramet ers fo r t h e A P, in clu d in g t h e
s ecu rit y b et ween t h e wireles s clien t an d t h e A P, an d can b e s h ared b et ween mu lt ip le
A Ps in s t an ces o n t h e s ame d ev ice wh e n n eed ed .
Th e co n t en t in t h is s ect io n is ap p licab le t o t h e DSR -500N an d DSR-1000N
p ro d u ct s .
Up t o fo u r u n iq u e wireles s n et wo rks can b e creat ed b y co n fig u rin g mu lt ip le “v irt u al”
A Ps . Each s u ch v irt ual A P ap p ears as an in d ep en d en t A P (u n iq u e SSID) t o s u p p o rt ed
clien t s in t h e en v iro nmen t, b u t is act ually ru n nin g o n t h e s ame p h ysical rad io in t egrated
wit h t h is ro u t er.
Yo u will n eed t h e fo llo win g in fo rmat io n t o co n fig u re y o u r wireles s n et wo rk:
Ty p es o f d ev ices exp ect ed t o access t he wireles s n et wo rk an d t h eir s u p p o rt ed W iFi™ mo d es
Th e ro u t er’s g eo g rap h ical reg io n
Th e s ecu rit y s et t in g s t o u s e fo r s ecu rin g t h e wireles s n et wo rk.
Pro files may b e t h o u gh t o f as a g ro u pin g o f A P p aramet ers t h at can t h en b e ap p lied
t o n o t ju s t o ne b u t mu lt ip le A P in s t ances (SSIDs ) , t h u s av o id in g d u p licat io n if t h e
s ame p aramet ers are t o b e u s ed o n mu lt ip le A P in s t an ces o r SSIDs .
4.1 Wireless Settings Wizard
Setup > Wizard > Wireless Settings
Th e W ireles s Net wo rk Set u p W izard is av ailab le fo r u s ers n ew t o n et wo rkin g . By
g o in g t h ro ug h a few s t raig h t fo rward co n fig u rat io n p ag es y o u can en ab le a W i -Fi™
n et wo rk o n y o u r LA N an d allo w s u p p ort ed 802.11 clien t s t o co n nect t o t h e con fig ured
A cces s Po in t .
68
Unified Services Router
User Manual
Figure 41 : Wire le s s Ne twork Se tup Wizards
4.1.1 W ireless Network Setup W izard
Th is wizard p ro v id es a s t ep -by-st ep g uid e t o creat e an d secure a n ew access p oint on
t h e ro u t er. Th e n et wo rk n ame (SSID) is t h e A P id en t ifier t h at will b e d et ect ed b y
s u p p ort ed clien ts. Th e W izard u ses a TKIP+A ES cip h er fo r W PA / W PA 2 s ecu rit y ;
d ep e n d ing o n s up port o n t he clien t sid e, d evices as sociate wit h t h is A P u s in g eit h er
W PA o r W PA 2 s ecu rit y wit h t h e s ame p re -s h ared key .
Th e wizard h as t h e o p tio n t o au to mat ically g enerate a n et wo rk key fo r t h e A P. Th is
key is t h e p re -s h ared key fo r W PA o r W PA 2 t y p e s ecu rit y . Su p p o rt ed clien t s t h at
h av e b een g iv en t his PSK can as s o ciat e wit h t h is A P. Th e d efau lt (au t o -as s ig n ed )
PSK is “p as s p h ras e”.
Th e las t s t ep in t h e W izard is t o click t h e Co n n ect b u t t o n , wh ich co n firms t h e
s et t in g s an d en ab les t h is A P t o b ro ad cas t it s av ailab ilit y in t h e LA N.
4.1.2 Add W ireless Dev ice with W PS
W it h W PS en ab led o n y ou r ro u ter, t h e s elected access p o in t allo ws s u p p o rt ed W PS
clien t s t o jo in t h e n et wo rk v ery eas ily . W h en t h e A u t o o p t io n fo r co n n ect in g a
69
Unified Services Router
User Manual
wireles s d ev ice is ch o s e, y o u will b e p res en t ed wit h t wo co mmo n W PS s et u p
o p t io n s :
Pers onal Identi fi cati on Number (PIN): Th e wireles s d ev ice t h at s u p p o rt s
W PS may h av e an alp h an umeric PIN, an d if en t ered in t h is field t h e A P will
es t ab lish a lin k t o t h e clien t . Click Co n n ect t o co mp let e s etu p an d co n nect to
t h e clien t .
Pus h B utton Confi g urati on (PB C): fo r wireles s d ev ices t h at s u p p o rt PBC,
p res s an d h o ld d o wn o n t h is b u t t o n an d wit h in 2 min u t es , click t h e PBC
co n n ect b u tt on. Th e A P will d et ect t h e wireles s d ev ice an d es t ab lis h a lin k
t o t h e clien t .
Yo u n eed t o en able at leas t o n e A P wit h W PA / WPA 2 s ecu rity an d als o en able W PS
in t h e Advanced > Wireless Settings > WPS p ag e t o u s e t h e W PS wizard .
4.1.3 Manual W ireless Network Setup
Th is b u t t on o n t h e W izard p ag e will lin k t o t h e Setup> Wireless Settings> Access
Points p ag e. Th e man u al o p t io n s allo w y o u t o creat e n ew A Ps o r mo d ify t h e
p aramet ers o f A Ps creat ed b y t h e W izard .
4.2 Wireless Profiles
Setup > Wireless Settings > Profiles
Th e p ro file allo ws y o u t o as sig n t h e s ecu rit y t y p e, en cry p t io n an d au t h en t icat io n t o
u s e wh en co n nectin g t he A P t o a wireles s clien t . Th e d efau lt mo d e is “o p en ”, i.e. n o
s ecu rit y . Th is mo d e is in s ecu re as it allo ws an y comp at ib le wireles s clien ts t o co nnect
t o an A P co n fig u red wit h t h is s ecu rit y p ro file.
To creat e a n ew p ro file, u s e a u n iq u e p ro file n ame t o id en t ify t h e co mb in at io n o f
s et t in g s . Co n fig u re a u n iq u e SSID t h at will b e t h e id en t ifier u s ed b y t h e clien t s t o
co mmu n icat e t o t h e A P u s in g t h is p ro file. By ch o o s in g t o b ro ad cas t t h e SSID,
co mp at ib le wireles s clien t s wit h in ran g e o f t h e A P can d et ect t h is p ro file’s
av ailab ilit y .
Th e A P o ffers all ad v an ced 802.11 s ecu rit y mo d es, in clu din g W EP, W PA , W PA 2 an d
W PA +W PA 2 o p t io ns. Th e securit y o f t h e A ccess p oin t is co n fig ured b y t h e W ireles s
Secu rit y Ty p e s ect io n :
Op en : s elect t h is o p tio n t o create a p u blic “o p en” n etwo rk t o allo w u n aut henticat ed
d ev ices t o acces s t h is wireles s g at eway .
W EP (W ired Eq u iv alen t Priv acy ): t h is o p tio n req u ires a s t at ic (p re -s h ared ) key t o
b e s h ared b et ween t h e A P an d wireles s clien t . No t e t h at W EP d o es n o t s u p p o rt
802.11n d at a rat es ; is it ap p ro p riat e fo r leg acy 802.11 co n n ect io n s .
70
Unified Services Router
User Manual
W PA (W i-Fi Pro t ect ed A ccess): Fo r s t ro n g er wireles s s ecu rit y t h an W EP, ch o o s e
t h is o p t io n. Th e en cry ptio n fo r W PA will u s e TKIP an d als o CCM P if req u ired . The
au t h en t icat io n can b e a p re-s h ared key (PSK), En t erp ris e mo d e wit h RA DIUS
s erv er, o r b o t h . No t e t h at W PA d o es n o t s u p p o rt 802.11n d at a rat es ; is it
ap p ro p riat e fo r leg acy 802.11 co n n ect io n s .
W PA 2: t h is s ecu rit y t y p e u s es CCM P en cry p t io n (an d t h e o p t io n t o ad d TKIP
en cry p t io n ) o n eit h er PSK (p re -s h ared key ) o r En t erp ris e (RA DIUS Serv er)
au t h en t icat io n .
W PA + W PA 2: t h is u s es b o t h en cry p t io n alg o rit h ms , TKIP an d CCM P. W PA
clien t s will u s e TKIP an d W PA 2 clien t s will u s e CCM P en cry p t io n alg o rit h ms .
“W PA +W PA 2” is a s ecurit y o p tio n t h at allo ws d evices t o co n n ect t o an A P u s in g
t h e s t ro ng est s ecurit y t h at it s u p p o rt s . Th is mo d e allo ws leg acy d ev ices t h at o n ly
s u p p ort W PA2 key s (s uch as an o ld er wireles s p rin t er) t o co n n ect t o a s ecu re A P
wh ere all t h e o t h er wireles s clien t s are u s in g W PA 2.
Figure 42 : Lis t of Available Profile s s hows th e options availab le to
s e cure the wire le s s link
4.2.1 W EP Security
If W EP is t h e ch o sen s ecurit y o pt ion , y ou mu s t s et a u n iq u e s t at ic key t o b e s h ared
wit h clien t s t h at wis h t o access t h is s ecu red wireles s n etwo rk. Th is s t at ic key can b e
g en erat e d fro m an eas y -to -rememb er p as sphrase and t h e s elected en cryp t io n len g t h .
A u t h en t icat io n : s elect b et ween Op en Sy s t em, o r Sh ared Key s ch emes
71
Unified Services Router
User Manual
En cry p t io n : s ele ct t h e en cry p t io n key s ize -- 64 b it W EP o r 128 b it W EP.
Th e larg er s ize key s p ro v id e s tron ger en cry pt ion , t h u s makin g t h e key mo re
d ifficu lt t o crack
W EP Pas s p hras e: en t er an alp h an u meric p h ras e an d click Gen erat e Key t o
g en erat e 4 u n iq u e W EP ke y s wit h len g t h d et ermin ed b y t h e en cry p t io n key
s ize. Next c h o o se o n e o f t h e key s t o b e u sed fo r au t henticatio n. Th e s elect ed
key mu s t b e s h ared wit h wireles s clien t s t o co n n ect t o t h is d ev ice.
72
Unified Services Router
User Manual
Figure 43 : Profile configuratio n to s e t ne twork s e curity
4.2.2 W PA or W PA2 with PSK
A p re -s h ared key (PSK) is a kn o wn p as sp hrase co nfig u red o n t h e A P an d clien t b o th
an d is u s ed t o au t henticate t he wireles s clien t . A n acceptable p assph ras e is b et ween
8 t o 63 ch aract ers in len g t h .
4.2.3 RADIUS Authentication
Advanced > RADIUS Settings
En t erp ris e M o d e u s es a RA DIUS Serv er fo r W PA an d / o r W PA 2 s ecu rit y . A
RA DIUS s erv er mu s t b e co n fig u red an d acces s ib le b y t h e ro u t er t o au t h en t icat e
73
Unified Services Router
User Manual
wireles s clien t co n n ect io n s t o an A P en ab led wit h a p ro file t h at u s es RA DIUS
au t h en t icat io n .
Th e A u t h en t icat io n IP A d d res s is req u ired t o id en t ify t h e s erv er. A
s eco n dary RA DIUS s erv er p ro vid es red und an cy in t h e event t hat t h e p rimary
s erv er can n o t b e reach ed b y t h e ro u t er wh en n eed ed .
A u t h en t icat io n Po rt : t h e p o rt fo r t h e RA DIUS s erv er co n n ect io n
Secret : en t er t h e s h ared s ecret t h at allo ws t h is ro u t er t o lo g in t o t h e
s p ecified RA DIUS s erv er(s). Th is key mu s t mat ch t h e s h ared s ecret o n t h e
RA DIUS Se rv er.
Th e Timeo u t an d Ret ries field s are u sed t o eit h er mo v e t o a s econ dary s erver
if t h e p rimary can n o t b e reached, o r t o g iv e u p t h e RA DIUS au t h en t icat io n
at t emp t if co mmu n icat io n wit h t h e s erv er is n o t p o s s ib le.
74
Unified Services Router
User Manual
Figure 44 : RADIUS s e rve r (Exte rnal Authe nticatio n ) configurat io n
4.3 Creating and Using Access Points
Setup > Wireless Settings > Access Points
On ce a p ro file (a g ro u p o f s ecu rity s et tin gs) is created, it can b e as sig ned t o an A P o n
t h e ro u t er. Th e A P SSID can b e co n fig u red t o b ro adcas t it s av ailab ilit y t o t h e 802.11
en v iro n men t can b e u s ed t o es t ab lis h a W LA N n et wo rk.
Th e A P co n fig u rat io n p ag e allo ws y o u t o creat e a n ew A P an d lin k t o it o n e o f t h e
av ailab le p ro files . Th is ro u t er s u p p o rt s mu lt ip le A P’s referred t o as v irt u al acces s
p o in t s (VA Ps ). Each v irt u al A P t h at h as a u n iq u e SSIDs ap p ears as an in d ep en d en t
acces s p o in t t o clien t s . Th is v alu ab le feat u re allo ws t h e ro u t er’s rad io t o b e
co n fig u red in a way t o o p t imize s ecu rit y an d t h ro u g h p u t fo r a g ro u p o f clien t s as
req u ired b y t h e u s er. To creat e a VA P, click t h e “ad d ” b u t t o n o n t h e Setup >
Wireless Settings > Access Points p ag e. A ft er s et t in g t h e A P n ame, t h e p ro file
d ro p d o wn men u is u s ed t o s elect o n e o f t h e co n fig u red p ro files .
75
Unified Services Router
User Manual
Th e A P Name is a u n iq u e id en t ifier u s ed t o man ag e t h e A P fro m t h e GUI, an d is
n o t t h e SSID t h at is d et ect ed b y clien t s wh en t h e A P h as b ro ad cas t en ab led .
Figure 45 : Virtu al AP configurat io n
A v alu ab le p o wer s av in g feat u re is t h e s t art an d s t o p t ime co n t ro l fo r t h is A P. Yo u
can co n s erv e o n t h e rad io p o wer b y d is ab lin g t h e A P wh en it is n o t in u s e. Fo r
examp le o n ev en in gs an d weekends if y o u kn o w t h ere are n o wireles s clien t s, t h e s tart
an d s t o p t ime will en ab le/ d is ab le t h e acces s p o in t au t o mat ically .
On ce t h e A P s et t in g s are co n fig u red , y o u mu s t en ab le t h e A P o n t h e rad io o n t h e
Setup > Wireless Settings > Access Points p ag e. Th e s t at u s field ch an g es t o
“En ab led ” if t h e A P is av ailab le t o accep t wireles s clien ts. If t h e A P is co n fig u red t o
b ro ad cas t it s SSID (a p ro file p aramet er), a g reen ch eck mark in d icat in g it is
b ro ad cas t in g will b e s h o wn in t h e Lis t o f A v ailab le A cces s p o in t s .
76
Unified Services Router
User Manual
Figure 46 : Lis t of configure d acce s s points (Virtu al APs ) s hows one
e nable d acce s s point on the radio, broadcas t i ng its SSID
Th e clien t s co nn ected t o a p art icular A P can b e v iewed b y u s ing t he St atu s Bu t t o n o n
t h e Lis t o f A v ailab le A cces s Po in t s . Traffic s t at is t ics are s h o wn fo r t h at in d iv id u al
A P, as co mp ared t o t h e s ummary s t ats fo r each A P o n t h e St at ist ics t ab le. Co n n ect ed
clien t s are s o rted b y t h e M A C ad d ress an d in d icat e t h e s ecu rit y p aramet ers u s ed b y
t h e wireles s lin k, as well as t h e t ime co n n ect ed t o t h is p art icu lar A P. Clickin g t h e
Det ails b u t t o n n ext t o t h e co n n ect ed clien t will g iv e t h e d et ailed s en d an d receiv e
t raffic s t at is t ics fo r t h e wireles s lin k b et ween t h is A P an d t h e clien t .
4.3.1 Primary benefits of Virtual APs:
Op t imize t h ro u g hpu t: if 802.11b , 802.11 g , an d 802.11n clien t s are exp ect ed
t o acces s t he LA N v ia t h is ro u t er, creat in g 3 VA Ps will allo w y o u t o man age
o r s h ap e t raffic fo r each g ro up o f clien ts. A u n iq u e SSID can b e creat ed fo r
t h e n et wo rk o f 802.11b clien t s an d an o t h er SSID can b e as s ig n ed fo r t h e
802.11n clien t s . Each can h av e d ifferen t s ecu rit y p aramet ers – rememb er,
t h e SSID an d s ecu rit y o f t h e lin k is d et ermin ed b y t h e p ro file. In t h is way
leg acy clien t s can acces s t h e n et wo rk wit h o u t b rin g in g d o wn t h e o v erall
t h ro u g h p u t o f mo re cap ab le 802.11n clien t s .
Op t imize s ecu rit y : y o u may wis h t o s u p p o rt s elect leg a cy clien t s t h at o n ly
o ffer W EP s ecu rit y wh ile u s in g W PA 2 s ecu rit y fo r t h e majo rit y o f clien t s
fo r t h e rad io . By creat in g t wo VA Ps co n fig u red wit h d ifferen t SSIDs an d
d ifferen t s ecurit y p aramet ers, b ot h t y pes o f clien ts can co n n ect t o t h e LA N.
Sin ce W PA 2 is mo re s ecu re, y o u may wan t t o b ro ad cas t t h is SSID an d n o t
77
Unified Services Router
User Manual
b ro ad cast t h e SSID fo r t h e VA P wit h W EP s in ce it is mean t t o b e u s ed fo r a
few leg acy d ev ices in t h is s cen ario .
4.4 Tuning Radio Specific Settings
Setup > Wireless Settings > Radio Settings
Th e Rad io Set t in g s p ag e let s y o u co n fig u re t h e ch an n els an d p o wer lev els av ailab le
fo r t h e A P’s en abled o n t h e DSR. Th e ro u t er h as a d u al b an d 802.11n rad io , mean in g
eit h er 2.4 GHz o r 5 GHz freq u en cy o f o p erat io n can b e s elect ed (n o t co n cu rren t ly
t h o u g h). Bas ed o n t he s elected o p erat in g freq u en cy , t h e mo d e s elect io n will let y o u
d efin e wh et h er leg acy co nnectio ns o r o n ly 802.11n co n n ect io ns (o r b o th ) are accep ted
o n co n fig u red A Ps .
Figure 47 : Radio card configurat io n options
Th e rat ified 802.11n s u p po rt o n t h is rad io req uires s electin g t h e ap prop riate b ro adcast
(NA o r NG et c.) mo d e, an d t h en d efinin g t h e ch an n el s p acin g an d co n t ro l s id e b an d
fo r 802.11n t raffic. Th e d efau lt s et t in g s are ap p ro p riat e fo r mo s t n et wo rks . Fo r
examp le, ch an g in g t h e ch an n el s p acin g t o 40 M Hz can imp ro v e b an d wid t h at t h e
exp en s e o f s u p p o rt in g earlier 802.11n clien t s .
Th e av ailab le t ran smis sio n ch ann els are g o v ern ed b y reg u latory co nst rain t s b as ed o n
t h e reg io n s et t in g o f t h e ro u t er. Th e maximu m t ran s mis s io n p o wer is s imilarly
g o v ern ed b y reg u lat o ry limit s ; y o u h av e t h e o p t io n t o d ecreas e fro m t h e d efau lt
maximu m t o red u ce t h e s ig n al s t ren g t h o f t raffic o u t o f t h e rad io .
78
Unified Services Router
User Manual
4.5 WMM
Setup > Wireless Settings > WMM
W i-Fi M u lt imed ia (W M M ) p ro v id es b as ic Qu alit y o f s erv ice ( Qo S) feat u res t o IEEE
802.11 n et wo rks . W M M p rio rit izes t raffic accordin g t o fo u r A ccess Cat ego ries (A C) v o ice, v id eo , b es t effo rt , an d b ackg ro u n d .
Figure 48 : Wi-Fi M ultime dia
Profi l e Name :
Th is field allo ws y o u t o s elect t h e a v ailab le p ro files in wireles s s et t in g s .
Enabl e WMM:
Th is field allo ws y o u t o en ab le W M M t o imp ro v e mu lt imed ia t ran s mis s io n .
Defaul t Cl as s Of S ervi ce :
Th is field allo ws y o u t o s elect t h e av ailab le A cces s Cat eg o ries (v o ice, v id eo , b es t
effo rt , an d b ackg ro u n d ).
79
Unified Services Router
User Manual
4.6 Wireless distribution system (WDS)
Setup > Wireless Settings > WDS
W ireles s d is t rib u t io n s y s t em is a s y s t em en ab lin g t h e wireles s in t erco n n ect io n o f
acces s p o in t s in a n et wo rk. Th is feat u re is o n ly g u aran t eed t o wo rk o n ly b et ween
d ev ices o f t h e s ame t y p e .
Figure 49 : Wire le s s Dis tribut ion Sys te m
Th is feat u re is o n ly g uaranteed t o wo rk o n ly b etween d evices o f t h e s ame t y p e (i.e.
u s in g t h e s ame ch ip s et / d riv er). Fo r examp le b et ween t wo DSR250N b o xes , o r
b et wee n t wo DSR1000N. It s h o u ld als o in t ero p erat e b et ween a DSR 1000N an d
DSR 500 N b o xes s in ce t h ey are b as ed o n t h e s ame ch ip s et / d riv er.
W h en t h e u s er en ab les t h e W DS lin ks u s e t h e s ame s ecu rit y co n fig u rat io n as t h e
d efau lt access p oin t . Th e W DS lin ks d o n o t h ave t ru e W PA /WPA 2 s up port , as in t h ere
is n o W PA key h an d sh ake p erfo rmed . In stead t h e Ses sion Key t o b e u s ed wit h a W DS
Peer is co mp u t ed u sing a h as h in g fu n ct io n (s imilar t o t h e o n e u s ed fo r co mp u t in g a
W PA PM K). Th e in p u t s t o t his fu nctio n are a PSK (co n fig u rab le b y an ad mi n is t rat o r
fro m t h e W DS p ag e) an d an in t ern al " mag ic" s t rin g (n o n -co n fig u rab le).
In effect t h e W DS lin ks u s e TKIP/ A ES en cry p t io n , d ep en d in g o n t h e en cry p t io n
co n fig u red fo r t h e d efault A P. In cas e t h e d efau lt A P u s e s mixed en cry p t io n (TKIP +
A ES).Th e W DS lin k will u s e t h e A ES en cry p t io n s ch eme.
80
Unified Services Router
User Manual
Fo r a W DS lin k t o fu n ct io n p rop erly t h e Rad io s et tin g s o n t h e W DS p eers h av e t o
b e t h e s ame.
Th e W DS p ag e wo u ld co n sist o f t wo s ect ions. Th e firs t s ectio n p ro v ides g eneral W DS
s et t in g s s h ared b y all it s W DS p eers .
WDS Enabl e - Th is wo u ld b e a ch eck b o x
W DS En cry p t io n - Dis p lay s t he t y pe o f en crypt ion u s ed . It co u ld b e o n e o f OPEN/ 64
b it W EP/ 128 b it W EP/ TKIP/ A ES (Us e t h e t erm b ein g u s ed t h ro u g h o u t t h e b o x i.e.
eit h er CCM P o r A ES).
WDS Pas s phras e - Th is is req u ired if t h e en cry p t io n s elect ed is TKIP/ CCM P. W e
wo u ld exp ect it t o b e wit h in 8~63 A SCII ch aract ers . In t h e W DS co n fig u rat io n p ag e
t h is field is man d at o ry an d h as t o b e s ame o n t h e t wo W DS p eers, wh en t h e s ecurity is
co n fig u red in TKIP/ A ES mo d e. Th e W DS lin ks u s e t h is as t h e PSK fo r t h e
co n n ect io n .
DUT' s Mac Addres s - Th is wo u ld b e t h e mac ad d res s o f t h is b o x. Th is s h o u ld b e
co n fig u red in t h e p eer's W DS co n fig urat io n p ag e t o b e ab le t o es t ab lis h a W DS lin k
wit h t h is b o x. Th is field in t h e W DS Co n fig u rat io n s ectio n d is p lay s t h e d ev ice's mac
ad d res s, wh ich n eeds t o b e s pecified o n t h e W DS p eer fo r makin g a co n n ect ion t o t h is
d ev ice (Similarly t h e W DS p eers M A C ad d res s will h av e t o b e s p ecified o n t h is
d ev ice fo r t h e W DS lin k t o b e es t ab lis h ed b et ween t h e t wo d ev ices ).
Th e s eco n d s ect io n will h av e t h e lis t o f co n fig u red W DS p eers wit h b u t t o n s t o
A d d / Delet e Peer en t ries . W e s u p p o rt u p t o a maximu m o f 4 W DS lin ks p er b o x.
Th e b o t h d evices n eed t o h av e s ame wireles s s et t in g s (wireles s mo d e, en cry p t io n ,
au t h en ticat io n met h o d , W DS p as s p h ras e, W DS M A C ad d res s an d wireles s SSID)
wh en we co n fig u re W DS feat u res in DSR ro u t er .
Th e " A d d W DS Peer" s ect io n allo ws t h e u s er t o s p ecify a W DS p eer. Th e " W DS
Peers " t ab le d is p lay s t h e lis t o f W DS p eers cu rren t ly co n fig u red o n t h e d ev ice. A
maximu m o f 4 W DS p eers can b e s p ecified in an y g iv en mo d e.
4.7 Advanced Wireless Settings
Advanced > Wireless Settings > Advanced Wireless
So p h is t icat ed wireles s ad min is t rat o rs can mo d ify t h e 802.11 co mmu n icat io n
p aramet ers in t h is p ag e. Gen erally , t h e d efau lt s et t in g s are ap p ro p riat e fo r mo s t
n et wo rks . Pleas e refer t o t h e GUI in t eg rat ed h elp t ext fo r fu rt h er d et ails o n t he u s e o f
each co n fig u rat io n p aramet er.
81
Unified Services Router
User Manual
Figure 50 : Advance d Wire le s s communic at io n s e ttings
4.8 Wi-Fi Protected Setup (WPS)
Advanced > Wireless Settings > WPS
W PS is a s imp lified met h o d t o ad d s up port ing wireles s clien ts t o t h e n et work. W PS is
o n ly ap p licab le fo r A Ps t hat emp lo y W PA o r W PA 2 s ecu rit y. To u s e W PS, s elect t h e
elig ib le VA Ps fro m t h e d ro p d o wn lis t o f A Ps t h at h av e b een co n fig u red wit h t h is
s ecu rit y an d en ab le W PS s t at u s fo r t h is A P.
Th e W PS Cu rren t St at u s s ect ion o ut lin es t h e securit y, au th en ticatio n , an d en cry p t io n
s et t in gs o f t h e s elected A P. Th ese are co nsist en t wit h t h e A P’s p ro file. Th ere are t wo
s et u p o p t io n s av ailab le fo r :
Pers onal Identi fi cati on Number (PIN): Th e wireles s d ev ice t h at s u p p o rt s W PS
may h av e an alp h an u meric PIN, if s o ad d t h e PIN in t h is field . Th e ro u t er will
co n n ect wit h in 60 s eco n ds o f clickin g t h e “Co n fig ure v ia PIN” b u t t o n immed iat ely
b elo w t h e PIN field . Th ere is n o LED in d icat io n t h at a clien t h as co n n ect ed .
Pus h B utton Confi g urati on (PB C): fo r wireles s d ev ices t h at s u p p o rt PBC, p res s
an d h o ld d o wn o n t his b ut to n an d wit h in 2 min u t es click t h e PBC co n n ect b u t t o n .
Th e A P will d et ect t h e wireles s d ev ice an d es t ab lis h a lin k t o t h e clien t .
82
Unified Services Router
User Manual
M o re t h an o n e A P can u s e W PS, b u t o n ly o n e A P can b e u s ed t o es t ab lis h W PS
lin ks t o clien t at an y g iv en t ime.
Figure 51 : WPS configurat io n for an AP with WPA/WP A2 profile
83
Chapter 5. Securing the Private
Network
Yo u can s ecu re y ou r n etwo rk b y creat in g an d ap p ly in g ru les t h at y o u r ro u t er u s es t o
s elect iv ely b lo ck an d allo w in b o u n d an d o u t b o u n d In t ern et t raffic. Yo u t h en s p ecify
h o w an d t o wh o m t h e ru les ap p ly . To d o s o , y o u mu s t d efin e t h e fo llo win g :
Serv ices o r t raffic t y p es (examp le s : web b ro ws in g , Vo IP, o t h er s t an d ard s erv ices
an d als o cu s t o m s erv ices t h at y o u d efin e)
Direct io n fo r t h e t raffic b y s p ecifyin g t h e s ource an d d es t in at io n o f t raffic ; t h is is
d o n e b y s p ecify in g t h e “Fro m Zo n e” (LA N/ W A N/ DM Z) an d “To Zo n e”
(LA N/ W A N/ DM Z)
Sch ed u les as t o wh en t h e ro u t er s h o u ld ap p ly ru les
A n y Key wo rd s (in a d o main n ame o r o n a URL o f a web p ag e) t h at t h e ro u t er
s h o u ld allo w o r b lo ck
Ru les fo r allo win g o r b lo ckin g in b o un d an d o u tb oun d In t ern et t raffic fo r s p ecified
s erv ices o n s p ecified s ch ed u les
M A C ad d res s es o f d ev ices t h at s h o u ld n o t acces s t h e in t ern et
Po rt t rig g ers t h at s ign al t h e ro u ter t o allo w o r b lo ck acces s t o sp ecified s erv ices as
d efin ed b y p o rt n u mb er
Rep o rt s an d alert s t h at y o u wan t t h e ro u t er t o s en d t o y o u
Yo u can , fo r examp le, es t ab lis h res t rict ed -acces s p o licies b as ed o n t ime -o f-d ay , web
ad d res ses, an d web ad d ress key wo rd s . Yo u can b lo ck In t ern et acces s b y ap p licat io n s
an d s erv ices o n t h e LA N, s u ch as ch at ro o ms o r g ames . Yo u can b lo ck ju s t cert ain
g ro u p s o f PCs o n y o u r n et wo rk fro m b ein g acces s ed b y t h e W A N o r p u b lic DM Z
n et wo rk.
5.1 Firewall Rules
Advanced > Firewall Settings > Firewall Rules
In b o u n d (W A N t o LA N/ DM Z) ru les rest rict acces s t o t raffic en t erin g y o u r n et wo rk,
s elect iv ely allo win g o n ly s pecific o u t side u sers t o access s p ecific lo cal res o u rces . By
d efau lt all acces s fro m t h e in s ecure W AN s id e are b lo cked fro m acces sin g t h e s ecu re
LA N, excep t in res p o nse t o req uest s fro m t h e LA N o r DM Z. To allo w o u t s id e d ev ices
t o acces s s erv ices o n t h e s ecu re LA N, y o u mu s t creat e a n in b o u n d firewall ru le fo r
each s erv ice.
If y o u wan t t o allo w in co min g t raffic, y o u mu s t make t h e ro u t er’s W A N p o rt IP
ad d res s kn o wn t o t h e p u blic. Th is is called “exp o sin g y o ur h o st.” Ho w y o u make y o u r
ad d res s kn o wn d ep en d s o n h o w t h e W A N p o rt s are co n fig u red ; fo r t h is ro u t er y o u
Unified Services Router
User Manual
may u s e t h e IP ad d res s if a s t at ic ad d res s is as s ig n ed t o t h e W A N p o rt , o r if y o u r
W A N ad d res s is d y n amic a DDNS (Dy n a mic DNS) n ame can b e u s ed .
Ou t b o u nd (LA N/ DM Z t o W A N) ru les res trict access t o t raffic leav in g y o u r n et wo rk,
s elect iv ely allo win g o n ly s pecific lo cal u s ers t o access s p ecific o u tsid e res ou rces . The
d efau lt o u t b o u n d ru le is t o allo w acces s fro m t h e s ecu re zo n e (LA N) t o eit h er t h e
p u b lic DM Z o r in s ecu re W A N. On o t h er h an d t h e d efau lt o u t b o u n d ru le is t o d en y
acces s fro m DM Z t o in s ecu re W A N. Yo u can ch an g e t h is d efau lt b eh av io u r in t h e
Firewall Settings > Default Outbound Policy p ag e. W h en t h e d efau lt o u t b o u n d
p o licy is allo w alway s , y o u can t o b lo ck h o s t s o n t h e LA N fro m acces s in g in t ern et
s erv ices b y creat in g an o u t b o u n d firewall ru le fo r each s erv ice.
Figure 52 : Lis t of Available Fire wal l Rule s
5.2 Defining Rule Schedules
Tools > Sche dules
Firewall ru les can b e en abled o r d is ab led au t o mat ically if t h ey are as s o ciat ed wit h a
co n fig u red s chedule. Th e s ched u le co n fig u rat io n p ag e allo ws y o u t o d efin e d ay s o f
t h e week an d t h e t ime o f d ay fo r a n ew s ch ed u le, an d t h en t h is s ch ed u le can b e
s elect ed in t h e firewall ru le co n fig u rat io n p ag e.
A ll s ch ed ules will fo llo w t h e t ime in t h e ro u t ers con fig ured t ime zo n e. Refer t o t h e
s ect io n o n ch o o s in g y o u r Time Zo n e an d co n fig u rin g NTP s erv ers fo r mo re
in fo rmat io n .
86
Unified Services Router
User Manual
Figure 53 : Lis t of Available Sche dule s to bind to a fire wal l rule
5.3 Configuring Firewall Rules
Advanced > Firewall Settings > Firewall Rules
A ll co n fig u red firewall ru les o n t h e ro u t er are d is p lay ed in t h e Firewall Ru les lis t .
Th is lis t als o in d icat es wh et h er t h e ru le is en ab led (act iv e) o r n o t , an d g iv es a
s u mmary o f t h e Fro m/ To zo n e as well as t h e s erv ices o r u s ers t h at t h e ru le affect s .
To creat e a n ew firewall ru les , fo llo w t h e s t ep s b elo w:
1. View the existing rules in the List of Available Firewall Rules table.
2. To edit or add an outbound or inbound services rule, do the following:
To ed it a ru le, click t h e ch eckb o x n ext t o t h e ru le an d click Ed it t o reach t h at ru le’s
co n fig u rat io n p ag e.
To ad d a n ew ru le , click A d d t o b e t aken t o a n ew ru le’s co n fig u rat io n p ag e. On ce
creat ed , t h e n ew ru le is au t o mat ically ad d ed t o t h e o rig in al t ab le.
3. Chose the From Zone to be the source of originating traffic: either the secure LAN, public
DMZ, or insecure WAN. For an inbound rule WAN should be selected as the From Zone.
4. Choose the To Zone to be the destination of traffic covered by this rule. If the From Zone
is the WAN, the to Zone can be the public DMZ or secure LAN. Similarly if the From
Zone is the LAN, then the To Zone can be the public DMZ or insecure WAN.
5. Parameters that define the firewall rule include the following:
87
Unified Services Router
User Manual
Serv ice : A NY mean s all t raffic is affect ed b y t h is ru le. Fo r a s p ecific
s erv ice t h e d ro p d o wn lis t h as co mmo n s erv ices , o r y o u can s elect a
cu s t o m d efin ed s erv ice.
A ct io n & Sch ed u le: Select o n e o f t h e 4 act io n s t h at t h is ru le d efin es :
BLOCK alway s , A LLOW alway s , BLOCK b y s ch ed u le o t h erwis e
A LLOW , o r A LLOW b y s ch ed u le o t h erwis e BLOCK . A s ch ed u le mu s t
b e p re co n fig ured in o rd er fo r it t o b e av ailab le in t h e d ro p d o wn lis t t o
as s ig n t o t h is ru le .
So u rce & Des t in at io n u sers: Fo r each relev an t cat ego ry, s elect t he u sers
t o wh ich t h e ru le ap p lies :
A n y (all u s ers )
Sin g le A d d res s (en t er an IP ad d res s )
A d d res s Ran g e (en t er t h e ap p ro p riat e IP ad d res s ran g e)
Lo g : t raffic t h at is filt ered b y t h is ru le can b e lo g g ed ; t h is req u ires
co n fig u rin g t h e ro u t er’s lo g g in g feat u re s ep arat ely .
Qo S Prio rit y : Ou t b o u n d ru les (wh ere To Zo n e = in s ecu re W A N o n ly )
can h av e t h e t raffic marked wit h a Qo S p rio rit y t ag . Select a p rio rit y
lev el:
No rmal-Serv ice: To S=0 (lo wes t Qo S)
M in imize -Co s t : To S=1
M aximize -Reliab ilit y : To S=2
M aximize -Th ro u g h p u t : To S=4
M in imize -Delay : To S=8 (h ig h es t Qo S)
6. Inbound rules can use Destination NAT (DNAT) for managing traffic from the WAN.
Destination NAT is available when the To Zone = DMZ or secure LAN.
W it h an in b o u n d allo w ru le y o u can en t er t h e in t ern al s erv er ad d res s
t h at is h o s t in g t h e s elect ed s erv ice.
Yo u can en ab le p o rt fo rward in g fo r an in co min g s erv ice s p ecific ru le
(Fro m Zo n e = W A N) b y s elect in g t h e ap p ro p riat e ch eckb o x. Th is will
allo w t h e s elect ed s erv ice t raffic fro m t h e in t ern et t o reach t h e
ap p ro p riat e LA N p o rt v ia a p o rt fo rward in g ru le.
Tran s lat e Po rt Nu mb er: W it h p o rt fo rward in g , t h e in co min g t raffic t o
b e fo rward ed t o t h e p o rt n u mb er en t ered h ere.
88
Unified Services Router
User Manual
Ext ern a l IP ad d ress: Th e ru le can b e b o un d t o a s p ecific W A N in t erface
b y s elect in g eit h er t h e p rimary W A N o r co n fig urab le p o rt W A N as t h e
s o u rce IP ad d res s fo r in co min g t raffic.
Th is ro u t er s up port s mu lt i-NA T an d s o t h e Ext ern al IP ad d res s d o es n o t n ecessarily
h av e t o b e t h e W A N ad d res s . On a s in g le W A N in t erface, mu lt ip le p u b lic IP
ad d res ses are s u ppo rted. If y o u r ISP as s ig ns y o u mo re t h an o n e p u b lic IP ad d res s ,
o n e o f t h es e can b e u s ed as y o u r p rimary IP ad d res s o n t h e W A N p o rt , an d t h e
o t h ers can b e assig ned t o s erv ers o n t h e LA N o r DM Z. In t h is way t h e LA N/ DM Z
s erv er can b e acces s ed fro m t h e in t ern et b y it s alias ed p u b lic IP ad d res s .
7. Outbound rules can use Source NAT (SNAT) in order to map (bind) all LAN/DMZ traffic
matching the rule parameters to a specific WAN interface or external IP address (usually
provided by your ISP).
On ce t h e n ew o r mo d ified ru le p aramet ers are s av ed , it ap p ears in t h e mas t er lis t o f
firewall ru les . To en ab le o r d is ab le a ru le, click t h e ch eckb o x n ext t o t h e ru le in t h e
lis t o f firewall ru les an d ch o o s e En ab le o r Dis ab le.
Th e ro u t er ap p lies firewall ru les in t h e o rd er lis t ed . A s a g en eral ru le, y o u s h o u ld
mo v e t h e s t rict est ru les (t h ose wit h t h e mo s t s pecif ic s erv ices o r ad d res s es ) t o t h e
t o p o f t h e lis t . To reo rd er ru les , click t h e ch eckb o x n ext t o a ru le an d click u p o r
d o wn .
89
Unified Services Router
User Manual
Figure 54 : Example whe re an outbound SNAT rule is us e d to map an
e xte rnal IP addre s s (209.156.200.225) to a private DM Z IP
addre s s (10.30.30.30)
90
Unified Services Router
User Manual
Figure 55 : The fire wal l rule configuratio n page allows you to de fine the
To/From zone , s e rvice , action, s che dule s , and s pe cify
s ource /de s tination IP addre s s e s as ne e de d.
91
Unified Services Router
User Manual
5.4 Configuring IPv6 Firewall Rules
Advanced > Firewall Settings > IPv6 Firewall Rules
A ll co n fig u red IPv 6 firewall ru les o n t h e ro u t er are d is p lay ed in t h e Firewall Ru les
lis t . Th is lis t als o in d icat es wh et h er t h e ru le is en ab led (act iv e) o r n o t , an d g iv es a
s u mmary o f t h e Fro m/ To zo n e as well as t h e s erv ices o r u s ers t h at t h e ru le affect s .
Figure 56 : The IPv6 fire wall rule configuratio n page allows you to de fine
the To/From zone , s e rvice , action, s che dule s , and s pe cify
s ource /de s tination IP addre s s e s as ne e de d.
92
Unified Services Router
User Manual
Figure 57 : Lis t of Available IPv6 Fire wall Rule s
5.4.1 Firewall Rule Configuration Examples
Exampl e 1 : A llo w in b o u n d HTTP t raffic t o t h e DM Z
S i tuati on: Yo u h o s t a p u b lic web s erv er o n y o u r lo cal DM Z n et wo rk . Yo u wan t t o
allo w in b o u n d HTTP req u ests fro m an y o u t sid e IP ad d ress t o t h e IP ad d res s o f y o u r
web s erv er at an y t ime o f d ay .
S ol uti on: Creat e an in b o u n d ru le as fo llo ws .
Par am eter
V alu e
From Zone
Insecure (WAN1/WAN2/WAN3)
To Zone
Public (DMZ)
Service
HTTP
Action
ALLOW alw ays
Send to Local Server (DNAT IP)
192.168.5.2 (w eb server IP address)
Destination Users
Any
Log
Never
Exampl e 2 : A llo w v id eo co n feren cin g fro m ran g e o f o u t s id e IP ad d res s es
S i tuati on: Yo u wan t t o allo w in co min g v id eo co n feren cin g t o b e in it iat ed fro m a
res t rict ed ran g e o f o u t s id e IP ad d res s es (132.177.88.2 - 132.177.88.254), fro m a
b ran ch o ffice.
93
Unified Services Router
User Manual
S ol uti on: Creat e an in b o u n d ru le as fo llo ws . In t h e examp le, CUSeeM e (t h e v id eo
co n feren ce s erv ice u s ed ) co n n ect io n s are allo wed o n ly fro m a s p ecified ran g e o f
ext ern al IP ad d res s es .
Par am eter
V alu e
From Zone
Insecure (WAN1/WAN2/WAN3)
To Zone
Secure (LAN)
Service
CU-SEEME:UDP
Action
ALLOW alw ays
Send to Local Server (DNAT IP)
192.168.10.11
Destination Users
Address Range
From
132.177.88.2
To
134.177.88.254
Enable Port Forw arding
Yes (enabled)
Exampl e 3 : M u lt i-NA T co n fig u rat io n
S i tuati on: Yo u wan t t o co n fig u re mu lt i-NA T t o s u p p o rt mu lt ip le p u b lic IP
ad d res s es o n o n e W A N p o rt in t erface.
S ol uti on: Creat e an in b o u n d ru le t h at co n fig u res t h e firewall t o h o s t an ad d it io n al
p u b lic IP ad d res s . A s s o ciat e t h is ad d res s wit h a web s erv er o n t h e DM Z. If y o u
arran g e wit h y o u r ISP t o h av e mo re t h an o ne p u blic IP ad d ress fo r y o u r u se, y ou can
u s e t h e ad dit io nal p u blic IP ad d resses t o map t o s erv ers o n y o u r LA N. On e o f t h es e
p u b lic IP ad d resses is u sed as t h e p rimary IP ad d res s o f t h e ro u t er. Th is ad d res s is
u s ed t o p ro vid e In t ernet access t o y o ur LA N PCs t h ro u g h NA T. Th e o t her ad dress es
are av ailab le t o map t o y o u r DM Z s erv ers .
Th e fo llo win g ad d res s in g s ch eme is u s ed t o illu s t rat e t h is p ro ced u re:
W A N IP ad d res s : 10.1.0.118
LA N IP ad d res s : 192.168.10.1; s u b n et 255.255.255.0
W eb s erv er h o s t in t h e DM Z, IP ad d res s : 192.168.12.222
A cces s t o W eb s erv er: (s imu lat ed ) p u b lic IP ad d res s 10.1.0.52
Par am eter
V alu e
From Zone
Insecure (WAN1/WAN2/WAN3)
To Zone
Public (DMZ)
Service
HTTP
Action
ALLOW alw ays
Send to Local Server (DNAT IP)
192.168.12.222 ( w eb server local IP address)
Destination Users
Single Address
94
Unified Services Router
E
From
User Manual
10.1.0.52
x
WAN
a Users
m
Log
p
l e 4 : Blo c
Any
Never
Exampl e 4 : Blo ck t raffic b y s ch edu le if g en erated fro m s p ecific ran g e o f mach in es
Us e Cas e: Blo ck all HTTP t raffic o n t h e weeken d s if t h e req u es t o rig in at es fro m a
s p ecific g ro u p o f mach in es in t h e LA N h av in g a kn o wn ran g e o f IP ad d res s es , an d
an y o n e co min g in t h ro u g h t h e Net wo rk fro m t h e W A N (i.e. all remo t e u s ers ).
Confi g urati on:
1. Setup a schedule:
To s et u p a s chedule t h at affects t raffic o n weeken ds o n ly, n av igate t o Secu rit y :
Sch ed u le, an d n ame t h e s ch ed u le “W eeken d ”
Defin e “weeken d ” t o mean 12 am Sat u rd ay mo rn in g t o 12 am M o n d ay mo rn in g
– all d ay Sat u rd ay & Su n d ay
In t h e Sch ed u led d ays b o x, ch eck t h at y o u wan t t h e s ch ed u le t o b e act iv e fo r
“s p ecific d ay s ”. Select “Sat u rd ay ” an d “Su n d ay ”
In t h e s ch ed u led t ime o f d ay , s elect “all d ay ” – t h is will ap p ly t h e s ch ed u le
b et ween 12 am t o 11:59 p m o f t h e s elect ed d ay .
Click ap p ly – n o w s ch edu le “Weeken d ” is o lat es all d ay Sat u rd ay an d Su n d ay
fro m t h e res t o f t h e week.
95
Unified Services Router
User Manual
Figure 58 : Sche dule configurat io n for the above e xample .
2. Since we are trying to block HTTP requests, it is a service with To Zone: Insecure
(WAN1/WAN2/WAN3) that is to be blocked according to schedule “Weekend”.
96
Unified Services Router
User Manual
3. Select the Action to “Block by Schedule, otherwise allow”. This will take a predefined
schedule and make sure the rule is a blocking rule during the defined dates/times. All
other times outside the schedule will not be affected by this firewall blocking rule
4. As we defined our schedule in schedule “Weekend”, this is available in the dropdown
menu
5. We want to block the IP range assigned to the marketing group. Let’s say they have IP
192.168.10.20 to 192.168.10.30. On the Source Users dropdown, select Address Range
and add this IP range as the from and To IP addresses.
6. We want to block all HTTP traffic to any services going to the insecure zone. The
Destination Users dropdown should be “any”.
7. We don’t need to change default QoS priority or Logging (unless desired) – clicking apply
will add this firewall rule to the list of firewall rules .
8. The last step is to enable this firewall rule. Select the rule, and click “enable” below the
list to make sure the firewall rule is active
5.5 Security on Custom Services
Advanced > Firewall Settings > Custom Services
Cu s t o m s erv ices can b e d efin ed t o ad d t o t he lis t o f s ervices av ailab le d u rin g firewall
ru le co n fig u rat io n . W h ile co mmo n s erv ices h av e kn o wn TCP/ UDP/ ICM P p o rt s fo r
t raffic, man y cu s t o m o r u n co mmo n ap p licat io n s exis t in t h e LA N o r W A N. In t h e
cu s t om s erv ice co nfig uratio n men u y o u can d efin e a ran g e o f p o rt s an d id en t ify t h e
t raffic t y p e (TCP/ UDP/ ICM P) fo r t h is s erv ice. On ce d efin ed , t h e n ew s erv ice will
ap p ear in t h e s erv ices lis t o f t h e firewall ru les co n fig u rat io n men u .
97
Unified Services Router
User Manual
Figure 59 : Lis t of us e r de fine d s e rvice s .
Figure 60 : Cus tom Se rvice s configuratio n
Creat ed s erv ices are av ailab le as o p t io n s fo r firewall ru le co n fig u rat io n .
Name: Name o f t h e s erv ice fo r id en t ificat io n an d man ag emen t p u rp o s es .
Ty p e: Th e lay er 3 Pro t o co l t h at t h e s erv ice u s es . (TCP, UDP, BOTH, ICM P o r
ICM Pv 6)
Po rt Ty p e: Th is field s allo ws t o s elect Po rt Ran g e o r M u lt ip le Po rt s
ICM P Ty p e: Th is field is en ab led wh en t h e lay er 3 p ro t o co l (in t h e Ty p e field ) is
s elect ed as ICM P o r ICM Pv 6. Th e ICM P t y p e is a n u meric v alu e t h at can ran g e
b et ween 0 an d 40, wh ile fo r ICM Pv 6 t h e t y p e ran g es fro m 1 t o 255. Fo r a lis t o f
98
Unified Services Router
ICM P t y p es , v is it
p aramet ers .
User Manual
the
fo llo win g URL:h t t p :/ / www.ian a.o rg / as s ig n men t s / icmp -
St art Po rt : Th e firs t TCP, UDP o r BOTH p o rt o f a ran g e t h at t h e s erv ice u s es . If t h e
s erv ice u s es o n ly o n e p o rt , t h en t h e St art Po rt will b e t h e s ame as t h e Fin is h Po rt .
Fin is h Po rt : Th e las t p o rt in t h e ran ge t hat t h e s erv ice u s es . If t h e s erv ice u s es o n ly
o n e p o rt , t h en t h e Fin is h Po rt will b e t h e s ame as t h e St art Po rt .
Po rt : Th e p o rt t h at t h e s erv ice u s es .
5.6 ALG support
Advanced > Firewall Settings > ALGs
A p p licat io n Lev el Gat eway s (A LGs ) are s ecu rit y co mp o nent t hat en h ance t h e firewall
an d NA T s u p p ort o f t h is ro u ter t o s eamles sly s up p o rt ap p licat io n lay er p ro t o co ls . In
s o me cas es en ablin g t h e A LG will allo w t h e firewall t o u s e d y n amic ep h emeral TCP/
UDP p o rt s t o co mmu n icat e wit h t h e kn o wn p o rts a p art icular clien t ap p licat io n (s u ch
as H.323 o r RTSP) req u ires , wit h o u t wh ich t h e ad min wo u ld h av e t o o p en larg e
n u mb er o f p o rt s t o accomp lis h t h e s ame s u p p o rt . Becau s e t h e A LG u n d ers t an d s t h e
p ro t o co l u s ed b y t h e s p ecific ap p licat io n t h at it s u p p o rt s , it is a v ery s ecu re an d
efficien t way o f in t ro d u cin g s u p p o rt fo r clien t ap p licat io n s t h ro u g h t h e ro u t er’s
firewall.
99
Unified Services Router
User Manual
Figure 61 : Available ALG s upport on the route r.
5.7 VPN Passthrough for Firewall
Advanced > Firewall Settings > VPN Passthrough
Th is ro u t er’s firewall s et t in g s can b e co n fig u red t o allo w en cry p t ed VPN t raffic fo r
IPs ec , PPTP, an d L2TP VPN t u n n el co n n ect io n s b et ween t h e LA N an d in t ern et . A
s p ecific firewall ru le o r s erv ice is n o t ap p ro p riat e t o in t ro d u ce t h is p as s t h ro u g h
s u p p ort ; in s tead t he ap p ro p riat e ch eck b o xes in t h e VPN Pas s t h ro u g h p ag e mu s t b e
en ab led .
100
Unified Services Router
User Manual
Figure 62 : Pas s through options for VPN tunne ls
5.8 Application Rules
Advanced > Application Rules > Application Rules
A p p licat io n ru les are als o referred t o as p o rt t rig g erin g . Th is feat u re allo ws d ev ices
o n t h e LA N o r DM Z t o req u es t o n e o r mo re p o rt s t o b e fo rward ed t o t h em. Po rt
t rig g erin g wait s fo r an o u t b o u n d req u es t f ro m t h e LA N/ DM Z o n o n e o f t h e d efin ed
o u t g o ing p ort s, an d t h en o pens an in co min g p ort fo r t h at s pecified t y pe o f t raffic. This
can b e t h o u g h t o f as a fo rm o f d y n amic p o rt fo rward in g wh ile an ap p licat io n is
t ran s mit t in g d at a o v er t h e o p en ed o u t g o in g o r in co min g p o rt (s ).
Po rt t rig g erin g ap plicat ion ru les are mo re flexib le t h an s t at ic p o rt fo rward in g t h at is
an av ailab le o p t io n wh en co nfig urin g firewall ru les . Th is is b ecaus e a p o rt t rig g erin g
ru le d o es n o t h ave t o referen ce a s p ecific LA N IP o r IP ran g e. A s well p o rt s are n o t
left o p en wh en n o t in u s e, t h ereby p ro vid in g a lev el o f s ecu rit y t h at p o rt fo rward in g
d o es n o t o ffer.
Po rt t rig g erin g is n o t ap p ro p riat e fo r s erv ers o n t h e LA N, s in ce t h ere is a
d ep en d en cy o n t h e LA N d ev ice makin g an o u t g o in g co n n ect io n b ef o re in co min g
p o rt s are o p en ed .
So me ap p licat io n s req uire t h at wh en ext ern al d ev ices co n n ect t o t h em, t h ey receiv e
d at a o n a s p ecific p o rt o r ran g e o f p o rts in o rd er t o fu n ct ion p rop erly . Th e ro u ter mu s t
s en d all in co min g d at a fo r t h at ap p licat io n o n ly o n t h e req u ired p o rt o r ran g e o f p o rts.
Th e ro u t er h as a lis t o f co mmo n ap p licat io n s and g ames wit h co rresp ond ing o ut bou n d
an d in b o u nd p ort s t o o p en. Yo u can als o sp ecify a p o rt t rig gerin g ru le b y d efin ing t h e
t y p e o f t raffic (TCP o r UDP) an d t h e ran g e o f in co min g an d o u t g o in g p o rt s t o o p en
wh en en ab led .
101
Unified Services Router
User Manual
Figure 63 : Lis t of Available Applicat io n Rule s s howing 4 unique rule s
Th e ap p licat io n ru le s t atus p age will lis t an y act iv e ru les , i.e. in co min g p o rt s t h at are
b ein g t rig g ered b a s ed o n o u t b o u n d req u es t s fro m a d efin ed o u t g o in g p o rt .
5.9 Web Content Filtering
Th e g at eway o ffers s ome s t andard web filt erin g o p t io n s t o allo w t h e ad min t o eas ily
creat e in t ern et access p o licies b etween t h e s ecu re LA N an d in s ecure W AN. In s tead o f
creat in g p o licies b ased o n t he t y pe o f t raffic (as is t h e case wh en u s ing firewall ru les),
web b as ed co n t en t it s elf can b e u s ed t o d et ermin e if t raffic is allo wed o r d ro p p ed .
5.9.1 Content Filtering
Advanced > Website Filter > Content Filtering
Co n t en t filt erin g mu s t b e en abled t o co n figu re an d u se t h e s ubsequent featu res (lis t o f
Tru s t ed Do main s , filt erin g o n Blo cked Key wo rds , et c.). Pro xy s erv ers , wh ich can b e
u s ed t o circu mv en t cert ain firewall ru les an d t h u s a p o t en t ial s ecu rit y g ap , can b e
b lo cked fo r all LA N d ev ice s . Jav a ap p let s can b e p rev en t ed fro m b ein g d o wn lo ad ed
fro m in t ern et s it es , an d s imilarly t h e g at eway can p rev en t A ct iv eX co n t ro ls fro m
b ein g d o wn lo aded v ia In t ernet Exp lo rer. Fo r ad d ed s ecu rit y co o kies , wh ich t y p ically
co n t ain s es s io n in fo rmat io n , can b e b lo cked as well fo r all d ev ices o n t h e p riv at e
n et wo rk.
102
Unified Services Router
User Manual
Figure 64 : Conte nt Filte ring us e d to block acce s s to proxy s e rve rs and
pre ve nt Active X controls from be ing downloade d
5.9.2 Approv ed URLs
Advanced > Website Filter > Approved URLs
Th e A p p ro ved URLs is an accep t ance lis t fo r all URL d o main n ames . Do main s ad d ed
t o t h is lis t are allo wed in an y fo rm. Fo r examp le, if t h e d o main “y ah o o ” is ad d ed t o
t h is lis t t h en all o f t h e fo llo win g URL’s are p ermit t ed acces s fro m t h e LA N:
www.yahoo.com, yahoo.co.uk, et c. Imp o rt / exp o rt fro m a t ext o r CSV file fo r
A p p ro v ed URLs is als o s u p p o rt ed
103
Unified Services Router
User Manual
Figure 65 : Two trus te d domains adde d to the Approve d URLs Lis t
5.9.3 Blocked Keywords
Advanced > Website Filter > Blocked Keywords
Key wo rd b lo ckin g allo ws y o u t o b lo ck all web s it e URL’s o r s it e co n t ent t h at con tains
t h e key wo rd s in t h e co n fig u red lis t . Th is is lo wer p rio rit y t h an t h e A p p ro v ed URL
Lis t ; i.e. if t h e b lo cked key wo rd is p res en t in a s it e allo wed b y a Tru s t ed Do main in
t h e A p p ro ved URL Lis t , t h en access t o t hat s it e will b e allo wed . Imp o rt / exp o rt fro m a
t ext o r CSV file fo r key wo rd b lo ckin g is als o s u p p o rt ed .
104
Unified Services Router
User Manual
Figure 66 : One k e yword adde d to the block lis t
5.9.4 Export W eb Filter
Advanced > Website Filte r > Export
Exp o rt A p p ro v ed URLs : Feat u re en ables t h e u ser t o exp o rt t h e URLs t o b e allo wed t o
a cs v file wh ich can t h en b e d o wnlo ad ed t o t h e lo cal h o s t . Th e u s er h as t o click t h e
exp o rt b u t t o n t o g et t h e cs v file.
Exp o rt Blo cked Key wo rd s : Th is feat ure en ab les t he u ser t o exp o rt t he key wo rds t o b e
b lo cked t o a cs v file wh ich can t h en b e d o wn loaded t o t h e lo cal h o st. Th e u s er h as t o
click t h e exp o rt b u t t o n t o g et t h e cs v file .
105
Unified Services Router
User Manual
Figure 67 : Export Approve d URL lis t
5.10 IP/MAC Binding
Advanced > IP/MAC Binding
A n o t h er av ailab le securit y meas u re is t o o n ly allo w o u t bou nd t raffic (fro m t h e LA N to
W A N) wh en t h e LA N n o d e h as an IP ad d ress mat ch in g t h e M A C ad dress b o u n d t o it .
Th is is IP/ M A C Bin d in g , an d b y en fo rcin g t h e g ateway t o v alid ate t h e s ou rce t raffic’s
IP ad d res s wit h t h e u n iq u e M A C A d d res s o f t h e co n fig u red LA N n o d e , t h e
ad min is t rat o r can en sure t raffic fro m t h at IP ad d res s is n ot s poo fed . In t h e ev en t o f a
v io lat io n (i.e. t h e t raffic’s s ou rce IP ad d ress d oesn’t mat ch u p wit h t h e exp ect ed MAC
ad d res s h avin g t h e s ame IP ad d ress) t h e p ackets will b e d ro p p ed an d can b e lo g ged for
d iag n o s is .
106
Unified Services Router
User Manual
Figure 68 : The followi ng e xample binds a LAN hos t’s M AC Addre s s to an
IP addre s s s e rve d by DSR. If the re is an IP/M AC B inding
violation, the violating pack e t will be droppe d and logs will be
capture d
5.11 Intrusion Prevention (IPS)
Advanced > Advanced Network > IPS
Th e g at eway ’s In t rusio n Prev entio n Sy s tem (IPS) p rev en t s malicio u s at tacks fro m t h e
in t ern et fro m acces s in g t h e p riv at e n et wo rk. St at ic at t ack s ig n at u res lo ad ed t o t h e
DSR allo w co mmo n at t acks t o b e d etect ed an d p revent ed . Th e ch ecks can b e en ab led
b et ween t h e W A N an d DM Z o r LA N, an d a ru n n in g co u n t er w ill allo w t h e
ad min is t rat o r t o see h ow man y malicio u s in t ru sio n at temp t s fro m t h e W A N h av e b een
d et ect ed an d p rev en t ed .
DSR-150/ 150N d o es n o t s u p p o rt In t ru s io n Prev en t io n S y s t em.
107
Unified Services Router
User Manual
Figure 69 : Intrus ion Pre ve ntion fe ature s on the route r
5.12 Protecting from Internet Attacks
Advanced > Advanced Network > Attack Checks
A t t acks can b e malicio u s s ecu rit y b reach es o r u n in t en t io n al n et wo rk is s u es t h at
ren d er t h e ro u t er u n u s ab le. A t t ack ch ecks allo w y o u t o man ag e W A N s ecu rit y
t h reat s s uch a s co ntin ual p in g req uests an d d is co very v ia A RP s can s . TCP an d UDP
flo o d at t ack ch ecks can b e en ab led t o man ag e ext reme u s ag e o f W A N res o u rces .
A d d it io n ally cert ain Den ial-o f-Serv ice (Do S) at t acks can b e b lo cked. Th ese at t acks ,
if u n in h ib it ed , can u s e u p p ro ces s in g p o wer an d b an d wid t h an d p rev en t reg u lar
n et wo rk s erv ices fro m ru n n in g n o rmally . ICM P p acket flo o d in g , SYN t raffic
flo o d in g , an d Ech o s torm t h res ho lds can b e con fig ured t o t emp orarily s usp ect t raffic
fro m t h e o ffen d in g s o u rce.
108
Unified Services Router
User Manual
Figure 70 : Prote cting the route r and LAN from inte rne t attack s
WAN S ecuri ty Check s :
En ab le St ealt h M o d e: If St ealt h M o de is en ab led, t h e ro u ter will n o t res p ond t o p o rt
s can s fro m t h e W A N. Th is makes it les s s u s cep t ib le t o d is co v ery an d at t acks .
Blo ck TCP Flo o d : If t h is o p t io n is en ab led , t h e ro u t er will d ro p all in v alid TCP
p acket s an d b e p ro t ect ed fro m a SYN flo o d at t ack.
LAN S ecuri ty Check s :
Blo ck UDP Flo o d : If t h is o p t io n is en abled, t h e ro u t er will n o t accep t mo re t h an 20
s imu lt an eo u s , act iv e UDP co n n ect io n s fro m a s in g le co mp u t er o n t h e LA N.
UDP Co n n ect io n Limit : Yo u can s et t h e n u mb er o f s imu lt an eo u s act iv e UDP
co n n ect io n s t o b e accep t ed fro m a s in g le co mp u t er o n t h e LA N; t h e d efau lt is 25
ICS A S etti ng s :
Blo ck ICM P No t ificat io n : s elect in g t h is p rev en t s ICM P p acket s fro m b ein g
id en t ified as s uch. ICM P p acket s, if id en t ified , can b e cap t u red an d u s ed in a Pin g
(ICM P) flo o d Do S at t ack.
109
Unified Services Router
User Manual
Blo ck Frag men t ed Packet s : s elect in g t h is o p t io n d ro p s an y frag men t ed p acket s
t h ro u g h o r t o t h e g at eway
Blo ck M u lt icas t Packets: s elect ing t h is o pt io n d ro ps mu lt icast p acket s , wh ich co u ld
in d icat e a s p o o f at t ack, t h ro u g h o r t o t h e g at eway .
DoS Attack s :
SYN Flo o d Det ect Rat e (max/ s ec): Th e rat e at wh ich t h e SYN Flo o d can b e
d et ect ed .
Ech o St o rm (p in g p kt s / s ec): Th e n u mb er o f p in g p acket s p er s eco n d at wh ich t h e
ro u t er d et ect s an Ech o s t orm at t ack fro m t h e W A N an d p rev ent s fu rt h er p in g t raffic
fro m t h at ext ern al ad d res s .
ICM P Flo o d (ICM P p kt s / sec): Th e n u mb er o f ICM P p acket s p er s econ d at wh ich t h e
ro u t er d et ect s an ICM P flo o d at t ack fro m t h e W A N an d p rev en t s fu rt h er ICM P
t raffic fro m t h at ext ern al ad d res s .
Th e p in g o n LA N in t erfaces is en ab led in d efau lt . To d is ab le t h e p in g res p o n s e
fro m LA N h o s t s t o t h e LA N/ W AN p o rt o f t h e d ev ice u n ch eck t h e " Allo w Pin g fro m
LA N" o p t io n .
110
Unified Services Router
User Manual
Chapter 6. IPsec / PPTP / L2TP VPN
A VPN p ro v id es a s ecu re co mmu n icat io n ch an n el (“t u n n el”) b et ween t wo g at eway
ro u t ers o r a remo t e PC clien t . Th e fo llo win g t y p es o f t u n n els can b e creat ed :
Gat eway -t o -g ateway VPN: t o co n n ect t wo o r mo re ro u t ers t o s ecure t raffi c b et ween
remo t e s it es .
Remo t e Clien t (clien t -t o -g at eway VPN t u n n el): A remo t e clien t in it iat es a VPN
t u n n el as t h e IP ad d res s o f t h e remo t e PC clien t is n o t kn o wn in ad v an ce. Th e
g at eway in t h is cas e act s as a res p o n d er.
Remo t e clien t b eh in d a NA T ro u t er: Th e clien t h as a d y n amic IP ad d res s an d is
b eh in d a NA T Ro u t er. Th e remo t e PC clien t at t h e NA T ro u t er in it ia t es a VPN
t u n n el as t h e IP ad d res s o f t h e remo t e NA T ro u t er is n o t kn o wn in ad v an ce. T h e
g at eway W A N p o rt act s as res p o n d er.
PPTP s erv er fo r LA N / W A N PPTP clien t co n n ect io n s .
L2TP s erv er fo r LA N / W A N L2TP clien t co n n ect io n s .
Figure 71 : Example of Gate way-to - Gate way IPs e c VPN tunne l us ing two
DSR route rs conne cte d to the Inte rne t
111
Unified Services Router
User Manual
Figure 72 : Example of thre e IPs e c clie nt conne ctions to the inte rnal
ne twork through the DSR IPs e c gate way
112
Unified Services Router
User Manual
6.1 VPN Wizard
Setup > Wizard > VPN Wizard
Yo u can u s e t h e VPN wizard t o q u ickly creat e b o t h IKE an d VPN p o licies . On ce t h e
IKE o r VPN p o licy is creat ed , y o u can mo d ify it as req u ired .
Figure 73 : VPN Wizard launch s cre e n
To eas ily es t ab lis h a VPN t u n n el u s in g VPN W izard , fo llo w t h e s t ep s b elo w:
1. Select the VPN tunnel type to create
Th e t u n n el can eit her b e a g at eway t o g at eway co n nect ion (s it e -t o -s it e) o r a t u n n el
t o a h o s t o n t h e in t ern et (remo t e acces s ).
Set t h e Co n n ect io n Name an d p re -s h ared key : t h e co n n ect io n n ame is u s ed fo r
man ag emen t , an d t h e p re -sh ared key will b e req u ired o n t h e VPN clien t o r g at eway
t o es t ab lis h t h e t u n n el
Det ermin e t h e lo cal g at eway fo r t h is t u n n el; if t h ere is mo re t h an 1 W A N
co n fig u red t h e t u n n el can b e co n fig u red fo r eit h er o f t h e g at eway s .
113
Unified Services Router
User Manual
2. Configure Remote and Local WAN address for the tunnel endpoints
Remo t e Gat eway Ty p e: id en t ify t h e remo t e en d p o in t o f t h e t u n n el b y FQDN o r
s t at ic IP ad d res s
Remo t e W A N IP ad d res s / FQDN: Th is field is en ab led o n ly if t h e p eer y o u are
t ry in g t o co n n ect t o is a Gat eway . Fo r VPN Clien t s , t h is IP ad d res s o r In t ern et
Name is d et ermin ed wh en a co n n ect io n req u es t is re ceiv ed fro m a clien t .
Lo cal Gat eway Ty p e: id en t ify t h is ro u t er’s en d p o in t o f t h e t u n n el b y FQDN o r
s t at ic IP ad d res s
Lo cal W A N IP ad d ress / FQDN: Th is field can b e left b lan k if y o u are n o t u s in g a
d ifferen t FQDN o r IP ad d res s t h an t h e o n e s p ecified in t h e W A N p o rt ’s
co n fig u rat io n .
3. Configure the Secure Connection Remote Accessibility fields to identify the remote
network:
Remo t e LA N IP ad d res s : ad d res s o f t h e LA N b eh in d t h e p eer g at eway
Remo t e LA N Su b n et M as k: t h e s u b n et mas k o f t h e LA N b eh in d t h e p eer
Note: Th e IP ad d res s ran ge u sed o n t h e remo t e LA N mu s t b e d ifferen t fro m t h e IP
ad d res s ran g e u s ed o n t h e lo cal LA N.
4. Review the settings and click Connect to establish the tunnel.
Th e W izard will creat e an A u t o IPs ec p o licy wit h t h e fo llo win g d efau lt v alu es fo r a
VPN Clien t o r Gat eway p o licy (t h es e can b e acces s ed fro m a lin k o n t h e W izard
p ag e):
Par am eter
De f au lt value f rom Wizard
Exchange Mode
Aggressive (Client policy ) or Main (Gatew ay policy)
ID Type
FQDN
Local WAN ID
w an_local.com (only applies to Client policies)
Remote WAN ID
w an_remote.com (only applies to Client policies)
Encryption Algorithm
3DES
Authentication Algorithm
SHA-1
Authentication Method
Pre-shared Key
PFS Key-Group
DH-Group 2(1024 bit)
Life Time (Phase 1)
24 hours
Life Time (Phase 2)
8 hours
114
Unified Services Router
User Manual
Par am eter
De f au lt value f rom Wizard
Exchange Mode
Aggressive (Client policy ) or Main (Gatew ay policy)
ID Type
FQDN
Local WAN ID
w an_local.com (only applies to Client policies)
Remote WAN ID
w an_remote.com (only applies to Client policies)
Encryption Algorithm
3DES
Authentication Algorithm
SHA-1
Authentication Method
Pre-shared Key
PFS Key-Group
DH-Group 2(1024 bit)
Life Time (Phase 1)
24 hours
NETBIOS
Enabled (only applies to Gatew ay policies)
Th e VPN W izard is t h e reco mmen d ed met h o d t o s et u p an A u t o IPs ec p o licy .
On ce t h e W izard creat es t h e mat ch in g IKE an d VPN p o licies req u ired b y t h e A u t o
p o licy , o n e can mo d ify t h e req uired field s t h ro ugh t he ed it lin k. Refer t o t h e o n lin e
h elp fo r d et ails .
Eas y Set u p Sit e t o Sit e VPN Tu n n el:
If y o u fin d it d ifficu lt t o co n fig u re VPN p o licies t h ro ugh VPN wizard u s e easy s et up
s it e t o s it e VPN t u n n el. Th is will ad d VPN p o licies b y imp o rt in g a file co n t ain in g v pn
p o licies .
6.2 Configuring IPsec Policies
Setup > VPN Settings > IPsec > IPsec Policies
A n IPs ec p o licy is b et ween t his ro ut er an d an oth er g at eway o r t h is ro u t er an d a IPs ec
clien t o n a remo t e h o s t . Th e IPs ec mo d e can b e eit her t u nnel o r t ran s p o rt d ep en d in g
o n t h e n et wo rk b ein g t rav ers ed b et ween t h e t wo p o licy en d p o in t s .
Tran s p ort : Th is is u sed fo r en d -to -en d co mmu n icat ion b et ween t h is ro u t er an d t h e
t u n n el en d p o in t , eit h er an o t h er IPs ec g at eway o r an IPs ec VPN clien t o n a h o s t .
On ly t h e d at a p ay lo ad is en cry pted an d t he IP h ead er is n o t mo d ified o r en cry p t ed .
Tu n n el: Th is mo d e is u s ed fo r n et wo rk -t o -n et wo rk IPs ec t u n n els wh ere t h is
g at eway is o n e en dpo int o f t h e t u nn el. In t h is mo d e t h e en t ire IP p acket in clu d in g
t h e h ead er is en cry p t ed an d / o r au t h en t icat ed .
W h en t u n n el mo d e is s elect ed , y o u can en ab le Net BIOS an d DHCP o v er IPs ec .
DHCP o v er IPs ec allo ws t h is ro ut er t o s erve IP leas es t o h o sts o n t h e remo t e LA N. A s
well in t h is mo d e y o u can d efin e t h e s ing le IP ad d ress, ran ge o f IPs , o r s u b net o n b oth
t h e lo cal an d remo t e p riv at e n et wo rks t h at can co mmu n icat e o v er t h e t u n n el.
115
Unified Services Router
User Manual
Figure 74 : IPs e c policy configurat ion
On ce t h e t u n nel t y p e an d en d poin t s o f t h e t u n n el are d efin ed y o u can d et ermin e t h e
Ph as e 1 / Ph as e 2 n eg o t iatio n t o u se fo r t h e t un nel. Th is is co v ered in t h e IPs ec mode
s et t in g , as t h e p o licy can b e M an u al o r A u t o . Fo r A u t o p o licies , t h e In t ern et Key
Exch an g e (IKE) p ro t o co l d y namically exch an g es key s b et ween t wo IPs ec h o s t s . Th e
Ph as e 1 IKE p aramet ers are u s ed t o d efin e t h e t u n n el’s s ecu rit y as s o ciat io n d et ails .
Th e Ph as e 2 A u t o p o licy p aramet ers co v er t h e s ecu rit y as s o ciat io n lifet ime an d
en cry p t io n / a u t h en t icat io n d et ails o f t h e p h as e 2 key n eg o t iat io n .
116
Unified Services Router
User Manual
Th e VPN p o licy is o n e h alf o f t h e IKE/ VPN p o licy p air req u ired t o est ab lis h an A u t o
IPs ec VPN t u n n el. Th e IP ad d res s es o f t h e mach in e o r mach in es o n t h e t wo VPN
en d p o in ts are co nfig u red h ere, alo n g wit h t h e p o licy p aramet ers req u ired t o s ecure t he
t u n n el
Figure 75 : IPs e c policy configurat ion continue d (Auto policy via IKE)
A M an u al p o licy d o es n ot u s e IKE an d in s t ead relies o n man u al key in g t o exch an g e
au t h en ticat io n p aramet ers b etween t h e t wo IPs ec h o s t s . Th e in co min g an d o u t g o in g
s ecu rit y p aramet er in d ex (SPI) v alu es mu s t b e mirro red o n t h e remo t e t u n n el
117
Unified Services Router
User Manual
en d p o in t. A s well t h e en cry pt io n an d in t egrit y alg o rit hms an d key s mu s t mat ch on the
remo t e IPs ec h o s t exact ly in o rd er fo r t h e t u nn el t o es t ab lis h s u cces s fu lly . No t e t h at
u s in g A u to p olicies wit h IKE are p referred as in s o me IPs ec imp lemen t at io n s t h e SPI
(s ecu rit y p aramet er in d ex) v alu e s req u ire co n v ers io n at each en d p o in t .
DSR s u p p orts VPN ro ll-o v er feat u re. Th is mean s t h at p o licies co n fig u red o n p rimary
W A N will ro llo v er t o t h e s eco n d ary W A N in cas e o f a lin k failu re o n a p rimary
W A N. Th is feat u re can b e u s ed o n ly if y o u r W A N is co n f ig u red in A u t o -Ro llo v er
mo d e.
118
Unified Services Router
User Manual
Figure 76 : IPs e c policy configurat ion continue d (Auto / M anual Phas e 2)
6.2.1 Extended Authentication (XAUTH)
Yo u can als o co n fig ure ext en ded au t hen ticatio n (XA UTH). Rat h er t h an co n fig u re a
u n iq u e VPN p o licy fo r each u s er, y o u can co n fig u re t h e VPN g at eway ro u t er t o
au t h en t icat e u s ers fro m a s t o red lis t o f u s er acco u n t s o r wit h an ext ern al
au t h en ticat io n s erv er s u ch as a RA DIUS s erv er. W it h a u s er d atabase, u ser accou n t s
creat ed in t h e ro u t er are u s ed t o au t h en t icat e u s ers .
119
Unified Services Router
User Manual
W it h a co n fig u red RA DIUS s erv er, t h e ro u t er co n n ect s t o a RA DIUS s erv er an d
p as s es t o it t h e credent ials t h at it receiv es fro m t h e VPN clien t . Yo u can s ecu re t h e
co n n ect io n b et ween t h e ro u t er an d t h e RA DIUS s erv er wit h t h e au t h en t icat io n
p ro t o co l s u p p o rt ed b y t h e s erv er (PA P o r CHA P). Fo r RA DIUS – PA P, t h e ro u t er
firs t ch ecks in t h e u ser d atabase t o s ee if t h e u s er cred en t ials are av ailab le; if t h ey
are n o t , t h e ro u t er co n n ect s t o t h e RA DIUS s erv er.
6.2.2 Internet ov er IPSec tunnel
In t h is feat u re all t h e t raffic will p as s t h rou gh t h e VPN Tu n n el an d fro m t h e Remo t e
Gat eway t h e p acket will b e ro u t ed t o In t ern et . On t h e remo t e g at eway s id e, t h e
o u t g o in g p acket will b e SNA T'ed .
6.3 Configuring VPN clients
Remo t e VPN clien t s mu s t b e co nfig u red wit h t h e s ame VPN p o licy p aramet ers used in
t h e VPN t u n n el t h at t h e clien t wis h es t o u se: en crypt io n, au thent icat ion , life t ime, an d
PFS key -g ro u p . Up o n es t ab lis h in g t h es e au t h en t icat io n p aramet ers , t h e VPN Clien t
u s er d at ab a s e mu s t als o b e p o p u lat ed wit h an acco u n t t o g iv e a u s er acces s t o t h e
t u n n el.
VPN clien t s o ft ware is req uired t o es t ab lis h a VPN t u n n el b et ween t h e ro u t er an d
remo t e en d p o in t. Op en so urce s o ftware (s uch as Op en VPN o r Op en s wan ) as well as
M icro s o ft IPs ec VPN s o ft ware can b e co n fig u red wit h t h e req u ired IKE p o licy
p aramet ers t o est ab lish an IPs ec VPN t u n n el. Refer t o t h e clien t s o ft ware g u id e fo r
d et ailed in s t ru ct io n s o n s et u p as well as t h e ro u t er’s o n lin e h elp .
Th e u s er d at abase co nt ain s t he lis t o f VPN u s er acco un ts t h at are au t h o rized t o u s e a
g iv en VPN t u n n el. A lt ern at iv ely VPN t u n n el u s ers can b e au t h en t icat ed u s in g a
co n fig u red Rad iu s d at ab ase. Refer t o t h e o nlin e h elp t o d et ermin e h o w t o p o pu late the
u s er d at ab as e an d / o r co n fig u re RA DIUS au t h en t icat io n .
6.4 PPTP / L2TP Tunnels
Th is ro u t er s up port s VPN t u n n els fro m eit h er PPTP o r L2TP ISP s erv ers . Th e ro u t er
act s as a b ro ker d ev ice t o allo w t h e ISP's s erv er t o creat e a TCP co n t ro l co n n ect io n
b et ween t h e LA N VPN clien t an d t h e VPN s erv er.
6.4.1 PPTP Tunnel Support
Setup > VPN Settings > PPTP > PPTP Client
PPTP VPN Clien t can b e co n fig u red o n t h is ro u ter. Us in g t h is clien t we can acces s
remo t e n et wo rk wh ich is lo cal t o PPTP s erv er. On ce clien t is en ab led , t h e u s er can
acces s Status > Active VPNs p ag e an d es t ab lis h PPTP VPN t u n n el clickin g
Co n n ect . To d is co n n ect t h e t u n n el, click Dro p .
120
Unified Services Router
User Manual
Figure 77 : PPTP tunne l configuratio n – PPTP Clie nt
Figure 78 : PPTP VPN conne ction s tatus
Setup > VPN Settings > PPTP > PPTP Server
A PPTP VPN can b e es t ablis hed t h rou gh t h is ro u ter. On ce en ab led a PPTP s erv er is
av ailab le o n t h e ro u t er fo r LA N an d W A N PPTP clien t u s ers t o acces s . On ce t h e
PPTP s erv er is en ab led , PPTP clien t s t h at are wit h in t h e ran g e o f co n fig u red IP
ad d re s ses o f allo wed clien t s can reach t he ro u ter’s PPTP s erv er. On ce au t hen t icat ed
b y t h e PPTP s erv er (t h e t u nnel en d poin t), PPTP clien t s h av e acces s t o t h e n et wo rk
man ag ed b y t h e ro u t er.
121
Unified Services Router
User Manual
Figure 79 : PPTP tunne l configuratio n – PPTP Se rve r
6.4.2 L2TP Tunnel Support
Setup > VPN Settings > L2TP > L2TP Server
A L2TP VPN can b e es t ablis hed t h rou gh t h is ro u ter. On ce en ab led a L2TP s erv er is
av ailab le o n t h e ro u t er fo r LA N an d W A N L2TP clien t u s ers t o acces s . On ce t h e
L2TP s erv er is en ab led , L2TP clien t s t h at are wit h in t h e ran g e o f co n fig u red IP
ad d res ses o f allo wed clien t s can reach t he ro u ter’s L2TP s erv er. On ce au t hen t icat ed
b y t h e L2TP s erv er (t h e t u nnel en d poin t ), L2TP clien t s h av e acces s t o t h e n et wo rk
man ag ed b y t h e ro u t er.
122
Unified Services Router
User Manual
Figure 80 : L2TP tunne l configuratio n – L2TP Se rve r
6.4.3 OpenVPN Support
Setup > VPN Settings > OpenVPN > OpenVPN Configuration
Op en VPN allo ws p eers t o au t h en t icat e each o t h er u s in g a p re -s h ared s ecret key ,
cert ificat es , o r u sername/ passwo rd . W hen u sed in a mu lt iclien t -s erv er co n figu rat ion,
it allo ws t h e s erv er t o releas e an au t h en t icat io n cert ificat e fo r ev ery clien t , u s in g
123
Unified Services Router
User Manual
s ig n at ure an d Cert ificat e au th o rit y . A n Op en VPN can b e es t ab lis h ed t h ro u g h t h is
ro u t er. Ch eck/ Un ch eck t h is an d click s av e s et t in g s t o s t art / s t o p o p en v p n s erv er.
M o d e: Op en VPN d aemo n mo d e. It can ru n in s erv er mo d e, clien t mo d e o r
acces s s erv er clien t mo d e. In a cces s s erv er clien t mo d e, t h e u s er h as t o
d o wn lo ad t h e au t o lo g in p rofile fro m t h e Op en v p n A ccess Serv er an d u p load
t h e s ame t o co n n ect .
Serv er IP: Op en VPN s erv er IP
co n n ect s (A p p licab le in clien t mo d e).
Vp n Net wo rk: A d d res s o f t h e Virt u al Net wo rk.
Vp n Net mas k: Net mas k o f t h e Virt u al Net wo rk.
Po rt : Th e p o rt n u mb er o n wh ich o p en v p n s erv er(o r A cces s Serv er) ru n s .
Tu n n el Pro t o col: Th e p ro t o co l u s ed t o co mmu n icat e wit h t h e remo t e h o s t .
Ex: Tcp , Ud p . Ud p is t h e d efau lt .
En cry p t io n A lg orit hm: Th e cip h er wit h wh ich t h e p ackets are en cry pt ed . Ex:
BF-CBC, A ES-128,A ES-192 an d A ES-256. BF-CBC is t h e d efau lt
Has h alg o rit h m: M es sage d ig est alg orit hm u s ed t o au t hen t icat e p acket s . Ex:
SHA 1, SHA 256 an d SHA 512. SHA 1 is t h e d efau lt .
Tu n n el Ty p e: Select Fu ll Tu n n el t o red irect all t h e t raffic t h ro u g h t h e
t u n n el. Select Sp lit Tu n n el t o red irect t raffic t o o n ly s p ecified res o u rces
(ad d ed fro m o p en Vp n Clien t Ro u t es) t h ro u g h t h e t u n n el. Fu ll Tu n n el is t h e
d efau lt .
En ab le Clien t t o Clien t co mmu n icat io n : En a b le t h is t o allo w o p env pn clients
t o co mmu n icat e wit h each o t h er in s p lit t u n n el cas e. Dis ab led b y d efau lt .
Up lo ad A ccess Serv er Clien t Co n fig u rat io n : Th e u s er h as t o d o wn lo ad t h e
au t o lo g in p ro file an d u p lo ad h ere t o co n n ect t h is ro u t er t o t h e Op en VPN
A cces s Serv er.
Cert ificat es : Select t h e s et o f cert ificat es o p en v p n s erv er u s es . Firs t Ro w:
Set o f cert ificat es an d key s t h e s erv er u ses. Seco n d Ro w: Set o f cert ificat es
an d key s n ewly u p lo ad ed .
En ab le Tls A u t h ent icat ion Key : En ab lin g t h is ad ds Tls au th ent icat io n wh ich
ad d s an ad dit io nal lay er o f au t henticatio n. Can b e ch ecked o n ly wh en t h e t ls
key is u p lo ad ed . Dis ab led b y d efau lt .
Click Sav e Set t in g s t o s av e t h e s et t in g s .
124
ad d res s
to
wh ich
the
clien t
Unified Services Router
User Manual
Figure 81 : Ope nVPN configuratio n
6.4.4 OpenVPN Remote Network
Setup > VPN Settings > OpenVPN > OpenVPN Remote Network (Site-toSite)
Th is p ag e allo ws t h e u s er t o ad d / ed it a remo t e n et wo rk an d n et mas k wh ich allo ws t h e
o t h er Op en VPN clien t s t o reach t h is n et wo rk.
125
Unified Services Router
User Manual
Figure 82 : Ope nVPN Re mote Ne twork
Common Name : Co mmo n Name o f t h e Op en VPN clien t cert ificat e.
Remote Network : Net wo rk ad d res s o f t h e remo t e res o u rce.
S ubnet Mas k : Net mas k o f t h e remo t e res o u rce.
6.4.5 OpenVPN Authentication
Setup > VPN Settings > OpenVPN > OpenVPN Authentication
Th is p ag e allo ws t h e u s er t o u p lo ad req u ired cert ificat es an d key s .
126
Unified Services Router
User Manual
Figure 83 : Ope nVPN Authe nticat io n
Trus ted Certi fi cate (CA Certi fi cate) : Bro ws e an d u p lo ad t h e p em fo rmat t ed CA
Cert ificat e.
S erver/ Cl i ent Certi fi cate : Bro ws e an d u p lo ad t h e p em fo rmat t ed Serv er/ Clien t
Cert ificat e.
S erver/ Cl i ent Key: Bro ws e an d u p lo ad t h e p em fo rmat t ed Serv er/ Clien t Key .
DH Key: Bro ws e an d u p lo ad t h e p em fo rmat t ed Diffie Hellman Key .
Tl s Authenti cati on Key: Bro ws e an d u p lo ad t h e p em fo rmat t ed Tls A u t h en t icat io n
Key .
127
Chapter 7. SSL VPN
Th e ro u t er p ro v ides a n in t rin sic SSL VPN feat u re as an alt ern at e t o t h e s t an d ard IPs ec
VPN. SSL VPN d iffers fro m IPs ec VPN main ly b y remo v in g t h e req u iremen t o f a p re in s t alled VPN clien t o n t h e remo t e h o st. In s tead , u sers can s ecu rely lo g in t h ro u g h t h e
SSL Us er Po rt al u s in g a s t an d ard web b ro ws er an d receiv e acces s t o co n fig u red
n et wo rk res o u rces wit h in t h e co rp orate LA N. Th e ro u t er s u p p o rt s mu lt ip le co n cu rren t
s es s io n s t o allo w remo t e u s ers t o acces s t h e LA N o v er an en cry p t ed lin k t h ro u g h a
cu s t o mizab le u s er p o rt al in t erface, an d each SSL VPN u s er can b e as s ig n ed u n iq u e
p riv ileg es an d n et wo rk res o u rce acces s lev els .
Th e remo t e u s er can b e p ro vid ed d ifferent o pt io ns fo r SSL s erv ice t h ro u g h t h is ro u t er:
VPN Tunnel : Th e remo t e u s er’s SSL en ab led b ro ws er is u s ed in p lace o f a VPN
clien t o n t h e remo t e h o s t t o es t ab lis h a s ecu re VPN t u n n el. A SSL VPN clien t
(A ct iv e -X o r Jav a b as ed ) is in s t alled in t h e remo t e h o s t t o allo w t h e clien t t o jo in
t h e co rp o rat e LA N wit h p re-co n fig u red acces s / p o licy p riv ileg es . A t t h is p o in t a
v irt u al n et wo rk in t erface is created o n t he u ser’s h o s t an d t h is will b e as s ig n ed an
IP ad d res s an d DNS s erv er ad d res s fro m t h e ro u t er. On ce es t ab lis h ed , t h e h o s t
mach in e can acces s allo cat ed n et wo rk res o u rces .
Port Forwardi ng : A web -b as ed (A ct iv eX o r Jav a) clien t is in s t alled o n t h e clien t
mach in e ag ain . No t e t h at Po rt Fo rward in g s ervice o n ly s u p p o rt s TCP co n n ect io n s
b et ween t h e remo t e u s er an d t he ro u ter. Th e ro ut er ad min is t rat or can d efine s pecific
s erv ices o r ap p licatio ns t h at are av ailable t o remo t e p o rt fo rward in g u s ers in s t ead
o f acces s t o t h e fu ll LA N like t h e VPN t u n n el.
A ct iv eX clien t s are u s ed wh en t h e remo t e u ser accesses t h e p o rt al u s ing t he In ternet
Exp lo rer b ro ws er. Th e Jav a clien t is u s ed fo r o t h er b ro ws ers like M o zilla Firefo x,
Net s cap e Nav ig at o r, Go o g le Ch ro me, an d A p p le Safari.
Unified Services Router
User Manual
Figure 84 : Example of clie ntle s s SSL VPN conne ctions to the DSR
130
Unified Services Router
User Manual
7.1 Groups and Users
Advanced > Users > Groups
Th e g ro u p p ag e allo ws creat in g , ed it in g an d d elet in g g ro u p s . Th e g ro u p s are
as s o ciat ed t o s et o f u s er t y pes. Th e lis ts o f av ailab le g ro ups are d is p layed in t h e “Lis t
o f Gro u p ” p ag e wit h Gro u p n ame an d d es crip t io n o f g ro u p .
Click A d d t o creat e a g ro u p .
Click Ed it t o u p d at e an exis t in g g ro u p .
Click Delet e t o clear an exis t in g g ro u p .
Figure 85 : Lis t of groups
Gro u p co n fig u rat io n p age allo ws t o creat e a g ro u p wit h a d ifferen t t y pe o f u s ers . Th e
u s er t y p es are as fo llo ws :
PPTP Us er: Th es e are PPTP VPN t u n n el LA N u s ers t h at can es tablis h a t unnel
wit h t h e PPTP s erv er o n t h e W A N.
L2TP Us er: Th es e are L2TP VPN t u n n el LA N u s ers t h at can es tablis h a t unnel
wit h t h e L2TP s erv er o n t h e W A N.
Xau t h Us er: Th is u s er’s au t h en t icat io n is p erfo rmed b y an ext ern ally
co n fig u red RA DIUS o r o t h er En t erp rise s erv er. It is n o t p art o f t h e lo cal u s er
d at ab as e.
SSLVPN Us er: Th is u s er h as acces s t o t h e SSL VPN s erv ices as d et ermin ed
b y t h e g ro u p p o licies an d aut henticatio n d o main o f wh ich it is a memb er. Th e
d o main -d et ermin ed SSL VPN p o rt al will b e d is p lay ed wh en lo g g in g in wit h
t h is u s er t y p e.
131
Unified Services Router
User Manual
A d min : Th is is t h e ro u t er’s s u p er-u s er, an d can man ag e t h e ro u t er, u s e SSL
VPN t o acces s n et wo rk res o u rces , an d lo g in t o L2TP/ PPTP s erv ers o n t h e
W A N. Th ere will alway s b e o n e d efau lt ad min is t rat o r u s er fo r t h e GUI
Gu es t Us er (read -o n ly ): Th e g uest u s er g ain s read o n ly acces s t o t h e GUI t o
o b s erv e an d rev iew co n fig uratio n s ettin gs. Th e g u est d oes n o t h av e SSL VPN
acces s .
Cap t iv e Po rt al Us er: Th es e cap tiv e p ort al u s ers h as access t h ro ugh t h e ro u t er.
Th e acces s is d et ermin ed b as ed o n cap t iv e p o rt al p o licies .
Id le Timeo u t : Th is t h e lo g in t imeo u t p erio d fo r u s ers o f t h is g ro u p .
Figure 86 : Us e r group configu rat ion
W h en SSLVPN u s ers are s elect ed , t h e SSLVPN s et t in g s are d is p lay ed wit h t h e
fo llo win g p aramet ers as cap t u red in SSLVPN Set t in g s . A s p er t h e A u t h en t icat io n
Ty p e SSL VPN d et ails are co n fig u red .
A u t h ent icat ion Ty p e: Th e au t h en t icat io n Ty p e can b e o n e o f t h e fo llo w in g :
Lo cal Us er Dat ab ase (d efault ), Rad iu s -PAP, Rad iu s-CHA P, Rad iu s -MSCHAP,
Rad iu s -M SCHA Pv 2, NT Do main , A ct iv e Direct o ry an d LDA P.
A u t h en t icat io n Secret : If t h e d o main u s es RA DIUS au t h en t icat io n t h en t h e
au t h en ticat io n s ecret is req u ired (an d t h is h as t o mat ch t h e s ecret co n fig u red
o n t h e RA DIUS s erv er).
W o rkg ro u p : Th is is req u ired is fo r NT d o main au t h en t icat io n . If t h ere are
mu lt ip le wo rkg ro u p s , u s er can en t er t h e d et ails fo r u p t o t wo wo rkg ro u p s .
LDA P Bas e DN: Th is is t h e b as e d o main n ame fo r t h e LDA P au t h en t icat io n
s erv er. If t h ere are mu lt ip le LDA P au t h en ticatio n s erv ers , u s er can en t er t h e
d et ails fo r u p t o t wo LDA P Bas e DN.
132
Unified Services Router
User Manual
A ct iv e Direct o ry Do main : If t h e d o main u s es t h e A ct iv e Direct o ry
au t h en t icat io n , t h e A ct iv e Direct o ry d o main n ame is req u ired . Us ers
co n fig u red in t h e A ct ive Direct o ry d atabase are g iv en acces s t o t h e SSL VPN
p o rt al wit h t h eir A ct iv e Direct o ry u s ern ame an d p as s wo rd . If t h ere are
mu lt ip le A ct iv e Direct o ry d o main s , u s er can en t er t h e d et ails fo r u p t o t wo
au t h en t icat io n d o main s .
Timeo u t : Th e t imeo u t p erio d fo r reach in g t h e au t h en t icat io n s erv er.
Ret ries : Th e n u mb er o f ret ries t o au t henticat e wit h t h e au t h en t icat io n s erv er
aft er wh ich t h e DSR s t o p s t ry in g t o reach t h e s erv er.
Figure 87 : SSLVPN Se ttings
Log i n Pol i ci es
To s et lo g in p o licies fo r t h e g ro u p , s elect t h e co rres p o n d in g g ro u p click “Lo g in
p o licies ”. Th e fo llo win g p aramet ers are co n fig u red :
Gro u p Name: Th is is t h e n ame o f t h e g ro u p t h at can h av e it s lo g in p o licy
ed it ed
133
Unified Services Router
User Manual
Dis ab le Lo g in : En ab le t o p rev en t t h e u sers o f t h is g ro up fro m lo g g in g in t o the
d ev ices man ag emen t in t erface(s )
Den y Lo g in fro m W A N in t erface: En ab le t o p rev en t t h e u s ers o f t h is g ro u p
fro m lo g g in g in fro m a W A N (wid e area n et wo rk) in t erface. In t h is cas e o n ly
lo g in t h ro u g h LA N is allo wed .
Figure 88 : Group login policie s options
Pol i cy by B rows ers
To s et b ro ws er p olicies fo r t h e g ro up , s elect t h e co rrespo ndin g g ro u p click “ Po licy b y
Bro ws ers ”. Th e fo llo win g p aramet ers are co n fig u red :
Gro u p Name: Th is is t h e n ame o f t h e g ro u p t h at can h av e it s lo g in p o licy
ed it ed
Den y Lo g in fro m Defin ed Bro ws ers : Th e lis t o f d efin ed b ro ws ers b elo w will
b e u s ed t o p revent t h e u sers o f t h is g ro up fro m lo g g in g in t o t h e ro u t ers GUI.
A ll n o n -d efin ed b ro ws ers will b e allo wed fo r lo g in fo r t h is g ro u p .
A llo w Lo g in fro m Defin ed Bro ws ers : Th e lis t o f d efin ed b ro ws ers b elo w will
b e u s ed t o allo w t h e u s ers o f t h is g ro u p fro m lo g g in g in t o t h e ro u t ers GUI.
A ll n o n -d efin ed b ro ws ers will b e d en ied fo r lo g in fo r t h is g ro u p .
Defin ed Bro ws ers :Th is lis t d is plays t h e web b ro ws ers t h at h ave b een add ed t o
t h e Defin ed Bro ws ers lis t , u p o n wh ich g ro u p lo g in p o licies can b e d efin ed .
(Ch eck Bo x A t Firs t Co lu mn Head er): Select s all t h e d efin ed b ro ws ers in t h e
t ab le.
Delet e: Delet es t h e s elect ed b ro ws er(s ).
Yo u can ad d t o t h e lis t o f Defin ed Bro ws ers b y s elect ing a clien t b ro wser fro m the
d ro p d o wn men u an d clickin g A d d. Th is b rows er will t h en ap p ear in t h e ab ov e list
o f Defin ed Bro ws ers .
Click Sav e Set t in g s t o s av e y o u r ch an g es .
134
Unified Services Router
User Manual
Figure 89 : B rows e r policie s options
Pol i cy by IP
To s et p o licies b ye IP fo r t h e g ro u p , select t h e co rres p o n d in g g ro u p click “Po licy b y
IP”. Th e fo llo win g p aramet ers are co n fig u red :
Gro u p Name: Th is is t h e n ame o f t h e g ro u p t h at can h av e it s lo g in p o licy
ed it ed
Den y Lo g in fro m Defin ed Bro ws ers : Th e lis t o f d efin ed b ro ws ers b elo w will
b e u s ed t o p revent t h e u sers o f t h is g ro up fro m lo g g in g in t o t h e ro u t ers GUI.
A ll n o n -d efin ed b ro ws ers will b e allo wed fo r lo g in fo r t h is g ro u p .
A llo w Lo g in fro m Defin ed Bro ws ers : Th e lis t o f d efin ed b ro ws ers b elo w will
b e u s ed t o allo w t h e u s ers o f t h is g ro u p fro m lo g g in g in t o t h e ro u t ers GUI.
A ll n o n -d efin ed b ro ws ers will b e d en ied fo r lo g in fo r t h is g ro u p .
Defin ed Bro ws ers :Th is lis t d is plays t h e web b ro ws ers t h at h ave b een add ed t o
t h e Defin ed Bro ws ers lis t , u p o n wh ich g ro u p lo g in p o licies can b e d efin ed .
(Ch eck Bo x A t Firs t Co lu mn Head er): Select s all t h e d efin ed b ro ws ers in t h e
t ab le.
Delet e: Delet es t h e s elect ed b ro ws er(s ).
Yo u can ad d t o t h e lis t o f Defin ed Bro ws ers b y s elect ing a clien t b ro wser fro m the
d ro p d o wn men u an d clickin g A d d. Th is b rows er will t h en ap p ear in t h e ab ov e list
o f Defin ed Bro ws ers .
135
Unified Services Router
User Manual
Click Sav e Set t in g s t o s av e y o u r ch an g es .
Figure 90 : IP policie s options
.
Lo g in Po licies , Po licy b y Bro ws ers , Po licy b y IP are ap p licab le SSL VPN u s er
o n ly .
Advanced > Users > Users
Th e u s ers p ag e allo ws ad d in g , ed it in g an d d elet in g exis t in g g ro u p s . Th e u s er are
as s o ciat ed t o co nfig u red g rou ps. Th e lis t s o f av ailable u sers are d is played in t h e “Lis t
o f Us ers ” p ag e wit h Us er n ame, as s o ciat ed g ro u p an d Lo g in s t at u s .
Click A d d t o creat e a u s er.
Click Ed it t o u p d at e an exis t in g u s er.
Click Delet e t o clear an exis t in g u s er
136
Unified Services Router
User Manual
Figure 91 : Available Us e rs with login s tatus and as s ociate d Group
7.1.1 Users and Passwords
Advanced > Users > Users
Th e u s er co n fig uratio ns allo w creat in g u sers asso ciat ed t o g ro u p . Th e u s er s et t in g s
co n t ain t h e fo llo win g key co mp o n en t s :
Us er Name: Th is is u n iq u e id en t ifier o f t h e u s er.
Firs t Name: Th is is t h e u s er’s firs t n ame
Las t Name: Th is is t h e u s er’s las t n ame
Select Gro u p : A g ro u p is ch o s en fro m a lis t o f co n fig u red g ro u p s .
Pas s wo rd : Th e p as s wo rd as s o ciat ed wit h t h e u s er n ame.
Co n firm Pas s wo rd : Th e s ame p as s wo rd as ab o v e is req u ired t o mit ig at e
ag ain s t t y p in g erro rs .
Id le Timeo u t : Th e s es s io n t imeo u t fo r t h e u s er.
It is reco mmen d ed t h at p asswo rds co nt ain s n o d ict io nary wo rd s fro m an y lan g u ag e,
an d is a mixt u re o f let t ers (b o th u p p ercas e an d lo werca s e), n u mb ers , an d s y mb o ls .
Th e p as s wo rd can b e u p t o 30 ch aract ers .
137
Unified Services Router
User Manual
Figure 92 : Us e r configurat ion options
7.2 Using SSL VPN Policies
Setup > VPN Settings > SSL VPN Server > SSL VPN Policies
SSL VPN Po licies can b e creat ed o n a Glo b a l, Gro u p , o r Us er lev el. Us er lev el
p o licies t ake p reced en ce o v er Gro u p lev el p o licies an d Gro u p lev el p o licies t ake
p reced ence o ver Glo b al p o licies . Th ese p o licies can b e ap p lied t o a s p ecific n et wo rk
res o u rce, IP ad d res s o r ran g es o n t h e LA N, o r t o d iffe ren t SSL VPN s erv ices
s u p p o rt ed b y t h e ro u t er. Th e Lis t o f A v ailab le Po licies can b e filt ered b as ed o n
wh et h er it ap p lies t o a u s er, g ro u p , o r all u s ers (g lo b al).
A mo re s p ecific p o licy t akes p reced en ce o v er a g en eric p o licy wh en b o t h are
ap p lied t o t h e s ame u s er/g roup /glo b al d o main . I.e. a p o licy fo r a s p ecific IP ad d ress
t akes p recedence o v er a p o licy fo r a ran g e o f ad d res s es co n t ain in g t h e IP ad d res s
alread y referen ced .
138
Unified Services Router
User Manual
Figure 93 : Lis t of SSL VPN police s (Global filte r)
To ad d a SSL VPN p o licy , y o u mu s t firs t as sig n it t o a u s er, g ro u p , o r make it g lo b al
(i.e. ap p licab le t o all SSL VPN u s ers ). If t h e p o licy is fo r a g ro u p , t h e av ailab le
co n fig u red g ro u p s are s h o wn in a d ro p d o wn men u an d o n e mu s t b e s elect ed .
Similarly , fo r a u s er d efin ed p o licy a SSL VPN u s er mu s t b e ch o s en fro m t h e
av ailab le lis t o f co n fig u red u s ers .
Th e n ext s t ep is t o d efin e t h e p o licy d et ails . Th e p olicy n ame is a u n iq u e id ent ifier for
t h is ru le. Th e p o licy can b e assig ned t o a s p ecific Net wo rk Res o urce (d etails fo llo w in
t h e s u b s eq u en t s ect io n ), IP ad d res s , IP n et wo rk, o r all d ev ices o n t h e LA N o f t h e
ro u t er. Bas ed o n t h e s elect io n o f o n e o f t h es e fo u r o p t io n s , t h e ap p ro p riat e
co n fig u ratio n field s are req u ired (i.e. ch o o s in g t h e n et wo rk res o u rces fr o m a lis t o f
d efin ed res o urces, o r d efin in g t h e IP ad d resses). Fo r ap p ly ing t he p o licy t o ad d res s es
t h e p o rt ran g e/ p o rt n u mb er can b e d efin ed .
Th e fin al s t ep s req uire t h e p o licy p ermis sio n t o b e s et t o eit h er p ermit o r d en y acces s
t o t h e s elected ad d resses o r n et wo rk res ources. A s well t h e p o licy can b e sp ecified for
o n e o r all o f t h e s u p p o rt ed SSL VPN s erv ices (i.e. VPN t u n n el)
On ce d efin ed , t h e p olicy g o es in t o effect immed iat ely . Th e p o licy n ame, SSL s erv ice
it ap p lies t o , d es t in at io n (n et wo rk res o u rce o r IP ad d res s es ) an d p ermis s io n
(d en y / p ermit ) is o u t lin ed in a lis t o f co n fig u red p o licies fo r t h e ro u t er.
139
Unified Services Router
User Manual
Figure 94 : SSL VPN policy configurat io n
To co n fig u re a p o licy fo r a s in g le u s er o r g ro u p o f u s ers , en t er t h e fo llo win g
in fo rmat io n :
Po licy fo r: Th e p o licy can b e as sig ned t o a g ro up o f u sers, a s in gle u ser, o r all
u s ers (makin g it a g lo b al p o licy ). To cu s to mize t h e p o licy fo r s p ecific u sers or
g ro u p s , t h e u s er can s elect fro m t h e A v ailab le Gro u p s an d A v ailab le Us ers
d ro p d o wn .
A p p ly p o licy t o : Th is refers t o t he LA N res o u rces man ag ed b y t h e DSR, an d
t h e p o licy can p ro vid e (o r p rev ent ) access t o n etwo rk res ources, IP ad d ress, IP
n et wo rk, et c.
Po licy n ame: Th is field is a u n iq u e n ame fo r id en t ify in g t h e p o licy . IP
ad d res s: Re q u ired wh en t h e g o verned res ource is id en t ified b y it s IP ad d res s
o r ran g e o f ad d res s es .
M as k Len g t h : Req u ired wh en t h e g ov ern ed res o u rce is id en t ified b y a ran g e
o f ad d res s es wit h in a s u b n et .
140
Unified Services Router
User Manual
ICM P: Select t h is o p t io n t o in clu d e ICM P t raffic
Po rt ran g e: If t h e p o licy g o v ern s a t y p e o f t raffic, t h is field is u s ed fo r
d efin in g TCP o r UDP p o rt n u mb er(s ) co rres p o n d in g t o t h e g o v ern ed t raffic.
Leav in g t h e s t art in g an d en d ing p ort ran ge b lank co rres p o n d s t o all UDP an d
TCP t raffic.
Serv ice: Th is is t h e SSL VPN s erv ice mad e av ailab le b y t h is p o licy . Th e
s erv ices o ffered are VPN t u n n el, p o rt fo rward in g o r b o t h .
Defin ed res o u rces : Th is p o licy can p ro v id e acces s t o s p ecific n et wo rk
res o u rces. Net wo rk res o urces mu s t b e co nfig ured in ad v an ce o f creat in g t h e
p o licy t o make t h em av ailab le fo r s elect io n as a d efin ed res o u rce. Net wo rk
res o u rces are creat ed wit h t h e fo llo win g in fo rmat io n
Permis s io n : Th e as sig n ed res o u rces d efin ed b y t h is p o licy can b e exp licit ly
p ermit t ed o r d en ied .
7.2.1 Using Network Resources
Setup > VPN Settings > SSL VPN Server > Resources
Net wo rk res o u rces are s erv ices o r g ro u p s o f LA N IP ad d res s es t h at are u s ed t o
eas ily creat e an d co n fig u re SSL VPN p o licies . Th is s h o rt cu t s av es t ime wh en
creat in g s imilar p o licies fo r mu lt ip le remo t e SSL VPN u s ers .
A d d in g a Net wo rk Res o u rce in v o lv es creat in g a u n iq u e n ame t o id en t ify t h e
res o u rce and assig nin g it t o o n e o r all o f t h e s u p p o rt ed SSL s erv ices . On ce t h is is
d o n e, ed it in g o n e o f t h e creat ed n et wo rk res o u rces allo ws y o u t o co n fig u re t h e
o b ject t y p e (eit h er IP ad d ress o r IP ran g e) as sociat ed wit h t h e s erv ice. Th e Net wo rk
A d d res s , M as k Len g t h , an d Po rt Ran g e/ Po rt Nu mb er can all b e d efin ed fo r t h is
res o u rce as req u ired . A n et wo rk res o u rce can b e d efin ed b y co n fig u rin g t h e
fo llo win g in t h e GUI:
Res o u rce n ame: A u n iq u e id en t ifier n ame fo r t h e res o u rce.
Serv ice: Th e SSL VPN s erv ice co rres p o n d in g t o t h e res o u rce (VPN t u n n el,
Po rt Fo rward in g o r A ll).
141
Unified Services Router
User Manual
Figure 95 : Lis t of configure d re s ource s , which are availab le to as s ign to
SSL VPN policie s
7.3 Application Port Forwarding
Setup > VPN Settings > SSL VPN Server > Port Forwarding
Po rt fo rward in g allo ws remo t e SSL u s ers t o access s pecified n et wo rk ap p licat io n s o r
s erv ices aft er t h ey lo g in t o t h e Us er Po rt al an d lau n ch t h e Po rt Fo rward in g s erv ice.
Traffic fro m t h e remo t e u s er t o t h e ro u t er is d et ect ed an d re -ro u t ed b as ed o n
co n fig u red p o rt fo rward in g ru les .
In t ern al h o st s erv ers o r TCP ap p licat io n s mu s t b e s pecified as b ein g mad e acces s ib le
t o remo t e u s ers . A llo win g access t o a LA N s erv er req u ires en terin g t h e lo cal s erver IP
ad d res s an d TCP p o rt n u mb er o f t h e ap plicat ion t o b e t u nn elled . Th e t able b elo w lis t s
s o me co mmo n ap p licat io n s an d co rres p o n d in g TCP p o rt n u mb ers :
T CP Ap p lication
Po r t Num ber
FTP Data (usually not needed)
20
FTP Control Protocol
21
SSH
22
Telnet
23
SMTP (send mail)
25
HTTP (w eb)
80
POP3 (receive mail)
110
NTP (netw ork time protocol)
123
Citrix
1494
Terminal Services
3389
VNC (virtual netw ork computing)
5900 or 5800
142
Unified Services Router
User Manual
A s a co n v enien ce fo r remo t e u s ers , t h e h o s t n ame (FQDN) o f t h e n et wo rk s erv er can
b e co n fig u red t o allo w fo r IP ad d ress res olu tio n . Th is h o s t n ame res o lu t io n p ro v id es
u s ers wit h eas y -t o -rememb er FQDN’s t o acces s TCP ap p licat io n s in s t ead o f erro r p ro n e IP ad d res s es wh en u s in g t h e Po rt Fo rward in g s erv ice t h ro u g h t h e SSL Us er
Po rt al.
To co n fig u re p o rt fo rward in g , fo llo win g are req u ired :
Lo cal Serv er IP ad d ress: Th e IP ad d res s o f t h e lo cal s erv er wh ich is h o s t in g
t h e ap p licat io n .
TCP p o rt : Th e TCP p o rt o f t h e ap p licat io n
On ce t h e n ew ap p licat io n is d efin ed it is d is p layed in a lis t o f co n fig u red ap plicat ion s
fo r p o rt fo rward in g .
allo w u s ers t o access t he p riv ate n et work s erv ers b y u sin g a h o st name in s tead o f an IP
ad d res s, t he FQDN co rres p on din g t o t he IP ad d ress is d efin ed in t h e p o rt fo rward in g
h o s t co n fig u rat io n s ect io n .
Lo cal s erv er IP ad d res s : Th e IP ad d res s o f t h e lo cal s erv er h o s t in g t h e
ap p licat io n . Th e ap p licat io n s h o u ld b e co n fig u red in ad v an ce.
Fu lly q u alified d o main n ame: Th e d o main n a me o f t h e in t ern al s erv er is t o b e
s p ecified
On ce t h e n ew FQDN is co n fig u red, it is d is p layed in a lis t o f co n fig u red h o sts fo r port
fo rward in g .
Defin in g t h e h o s t n ame is o p t io n al as min imu m req u iremen t fo r p o rt fo rward in g is
id en t ify in g t h e TCP ap p licat io n an d lo cal s erv er IP ad d res s . Th e lo cal s erv er IP
ad d res s o f t h e co n fig u red h o s t n ame mu s t mat ch t h e IP ad d res s o f t h e co n fig u red
ap p licat io n fo r p o rt fo rward in g .
143
Unified Services Router
User Manual
Figure 96 : Lis t of Available Applicat io ns for SSL Port Forward i ng
7.4 SSL VPN Client Configuration
Setup > VPN Settings > SSL VPN Client > SSL VPN Client
A n SSL VPN t u n n el clien t p ro vid es a p o in t-to -po int co nnect ion b etween t h e b ro ws er s id e mach in e an d t h is ro u t er. W h en a SSL VPN clien t is lau n ch ed fro m t h e u s er
p o rt al, a " n et wo rk ad ap t er" wit h an IP a d d res s fro m t h e co rp o rat e s u b n et , DNS an d
W INS s et t in g s is au t o mat ically creat ed . Th is allo ws lo cal ap p licat io n s t o acces s
s erv ices o n t h e p riv at e n et wo rk wit h o u t an y s p ecial n et wo rk co n fig u rat io n o n t h e
remo t e SSL VPN clien t mach in e.
It is imp o rt an t t o en s u re t h at t h e v irt u al (PPP) in t erface ad d res s o f t h e VPN t u n n el
clien t d o es n ot co nflict wit h p h ys ical d ev ices o n t h e LA N. Th e IP ad d res s ran g e fo r
t h e SSL VPN v irt u al n et wo rk ad ap t er s h o u ld b e eit h er in a d ifferen t s u b n et o r n o n o v erlap p in g ran g e as t h e co rp o rat e LA N.
Th e IP ad d res ses o f t h e clien t’s n et work in t erfaces (Et h ern et, W ireless, et c.) canno t
b e id en t ical t o t h e ro u t er’s IP ad d res s o r a s erv er o n t h e co rp o rat e LA N t h at is
b ein g acces s ed t h ro u g h t h e SSL VPN t u n n el.
144
Unified Services Router
User Manual
Figure 97 : SSL VPN clie nt adapte r and acce s s configuratio n
Th e ro u t er allo ws fu ll t u n n el an d s plit t u n nel s upp ort . Fu ll t u n nel mo d e ju s t s en d s all
t raffic fro m t h e clien t acro s s t h e VPN t u n n el t o t h e ro u t er. Sp lit t u n n el mo d e o n ly
s en d s t raffic t o t h e p riv a t e LA N b as ed o n p re -s p ecified clien t ro u t es . Th es e clien t
ro u t es g iv e t h e SSL clien t access t o s pecific p riv at e n et works , t hereby allo win g access
co n t ro l o v er s p ecific LA N s erv ices .
Clien t lev el co n fig u rat io n s u p p o rt s t h e fo llo win g :
En ab le Sp lit Tu n n el Su p p o rt : W it h a s p lit t u n n el, o n ly res o u rces wh ich are
referen ced b y clien t ro u t es can b e acces s ed o v er t h e VPN t u n n el. W it h fu ll
t u n n el s u p p o rt (if t h e s p lit t u n n el o p t io n is d is ab led t h e DSR act s in fu ll
t u n n el mo d e) all ad d res s es o n t h e p riv at e n et wo rk are acces s ib le o v er t h e
VPN t u n n el. Clien t ro u t es are n o t req u ired .
DNS Su ffix: Th e DNS s u ffix n ame wh ich will b e g iv en t o t h e SSL VPN
clien t . Th is co n fig u rat io n is o p t io n al.
Primary DNS Serv er: DNS s erv er IP ad d res s t o s et o n t h e n et wo rk ad ap t o r
creat ed o n t h e clien t h o s t . Th is co n fig u rat io n is o p t io n al.
Seco n d ary DNS Serv er: Seco n d ary DNS s erv er IP ad d res s t o s et o n t h e
n et wo rk ad ap t o r creat ed o n t h e clien t h o s t . Th is co n fig u rat io n is o p t io n al.
Clien t A d d ress Ran g e Beg in : Clien t s wh o co n n ect t o t h e t u n n e l g et a DHCP
s erv ed IP ad d ress assig ned t o t he n etwo rk ad apt or fro m t h e ran g e o f ad d resses
b eg in n in g wit h t h is IP ad d res s
Clien t A d d res s Ran g e En d : Th e en d in g IP ad d res s o f t h e DHCP ran g e o f
ad d res s es s erv ed t o t h e clien t n et wo rk ad ap t o r.
145
Unified Services Router
User Manual
Setup > VPN Settings > SSL VPN Client > Configured Client Routes
If t h e SSL VPN clien t is as s ig n ed an IP ad d res s in a d ifferen t s u b n et t h an t h e
co rp o rat e n et work, a clien t ro u t e mu s t b e ad d ed t o allo w acces s t o t h e p riv at e LA N
t h ro u g h t h e VPN t u n n el. A s well a s t at ic ro u t e o n t h e p riv at e LA N’s firewall
(t y p ically t h is ro u ter) is n eed ed t o fo rward p riv ate t raffic t h rou gh t h e VPN Firewall t o
t h e remo t e SSL VPN clien t . W h en s plit t u n nel mo d e is en ab led , t he u ser is req uired to
co n fig u re ro u t es fo r VPN t u n n el clien t s :
Des t in at io n n et wo rk: Th e n et wo rk ad d res s o f t h e LA N o r t h e s u b n et
in fo rmat io n o f t h e d es t in at io n n et wo rk fro m t h e VPN t u n n el clien t s ’
p ers p ect iv e is s et h ere.
Su b n et mas k: Th e s u b net in fo rmat io n o f t h e d es t in at io n n et wo rk is s et h ere.
Figure 98 : Configu re d clie nt route s only apply in s plit tunne l mode
S teps to Ins tal l / Uni ns tal l S S LVPN tunnel i n MA C OS
1.Op en t ermin al an d ru n " v is u d o " as ro o t an d it will o p en s u d o ers file
2. A d d " u s ern ame A LL=NOPA SSW D: / u s r/ sbin /cho wn ,/ b in / ch mo d ,/ b in / rm" at t h e
b o t t o m o f t h e s u doers file, s av e an d clo s e t h e file. (Us ern ame is t h e u s er n ame o f
t h e M A C acco u n t b u t n o t SSLVPN u s er n ame).
W h ile u n in s t allin g SSLVPN t u n n el, wh en it as ks fo r p asswo rd, en ter t h e M A C u s er
acco u n t p as s wo rd b u t n o t ro o t p as s wo rd o r s s lv p n u s er p as s wo rd
146
Unified Services Router
User Manual
7.5 User Portal
Setup > VPN Settings > SSL VPN Client > SSL VPN Client Portal
W h en remo t e u s ers wan t t o access t he p riv ate n etwo rk t h ro u g h an SSL t u n n el (eit h er
u s in g t h e Po rt Fo rward in g o r VPN t u n n el s erv ice), t h ey lo g in t h ro u g h a u s er p o rt al.
Th is p o rt al p ro v ides t he au th en ticatio n field s t o p ro vid e t he ap pro priat e acces s lev els
an d p riv ileg es as d etermin ed b y t h e ro ut er ad min is t rat o r. Th e d o main wh ere t h e u s er
acco u n t is s t o red mu s t b e s p ecified , an d t h e d o main d et ermin es t h e au t h en t icat io n
met h o d an d p o rt al lay o u t s creen p res en t ed t o t h e remo t e u s er.
Figure 99 : Lis t of configure d SSL VPN portal s . The configure d portal
can the n be as s ociate d with an authe ntic at io n domain
7.5.1 Creating Portal Layouts
Setup > VPN Settings > SSL VPN Server > Portal Layouts
Th e ro u t er allo ws y o u t o creat e a cu s t o m p ag e fo r remo t e SSL VPN u s ers t h at is
p res en t ed u p o n au t h en t icat io n . Th ere are v ario u s field s in t h e p o rt al t h at are
cu s t o mizab le fo r t h e d o main , an d t h is a llo ws t h e ro u t er ad min is t rat o r t o
co mmu n icat e d et ails s uch as lo g in in s tructio ns, av ailable s erv ices , an d o t h er u s ag e
d et ails in t h e p o rt al v is ib le t o remo t e u sers. Du rin g d o main s etup , co n fig u red p o rt al
lay o u t s are av ailab le t o s elect fo r all u s ers au t h en t icat ed b y t h e d o main .
LA N IP ad d res s is https://192.168.10.1/scgibin/userPortal/portal. Th is is t h e s ame p ag e t h at o p ens wh en t h e “Us er Po rt al”
lin k is clicked o n t h e SSL VPN men u o f t h e ro u t er GUI.
Th e
d efau lt
p o rt al
Th e ro u t er ad min is t rator creat es an d ed it s p o rtal lay o uts fro m t h e co n fig u rat ion p ages
in t h e SSL VPN men u . Th e p o rt al n ame, t it le, b an n er n ame, an d b an n er co n t en t s are
all cu s t o mizab le t o t h e in t en ded u sers fo r t h is p o rtal. Th e p o rtal n ame is ap p en d ed t o
147
Unified Services Router
User Manual
t h e SSL VPN p o rt al URL. A s well, t h e u s ers as s ig n ed t o t h is p o rt al (t h ro u g h t h eir
au t h en ticat io n d o main ) can b e p resent ed wit h o n e o r mo re o f t h e ro u t er’s s u p p o rt ed
SSL s erv ices s u ch as t h e VPN Tu n n el p ag e o r Po rt Fo rwa rd in g p ag e.
To co n fig u re a p o rt al lay o u t an d t h eme, fo llo win g in fo rmat io n is n eed ed :
Po rt al lay o u t n ame: A d es crip t iv e n ame fo r t h e cu s t o m p o rt al t h at is b ein g
co n fig u red . It is u s ed as p art o f t h e SSL p o rt al URL.
Po rt al s it e t it le: Th e p o rt al web b ro ws er win d o w t it le t h at ap p ears wh en t h e
clien t acces s es t h is p o rt al. Th is field is o p t io n al.
Ban n er t it le: Th e b an n er t it le t h at is d is p lay ed t o SSL VPN clien t s p rio r t o
lo g in . Th is field is o p t io n al.
Ban n er mes s ag e: Th e b an n er mes s ag e t h at is d is p lay ed t o SSL VPN clien t s
p rio r t o lo g in . Th is field is o p t io n al.
Dis p lay b an n er mes s ag e o n t h e lo g in p age: Th e u s er h as t h e o p t io n t o eit h er
d is p lay o r h id e t h e b an n er mes s ag e in t h e lo g in p ag e.
HTTP met a t ag s fo r cache co nt rol: Th is s ecu rity featu re p rev en ts exp ired web
p ag es an d d at a fro m b ein g s t o red in t h e clien t ’s web b ro ws er cach e. It is
reco mmen d ed t h at t h e u s er s elect s t h is o p t io n .
A ct iv eX web cach e clean er: A n A ct iv eX cach e co n t ro l web clean er can b e
p u s h ed fro m t h e g at eway t o t h e clien t b ro ws er wh en ev er u s ers lo g in t o t h is
SSL VPN p o rt al.
SSL VPN p o rt al p ag e t o d is play : Th e Us er can eit h er en able VPN t u n n el p ag e
o r Po rt Fo rward in g , o r b o t h d epend ing o n t h e SSL s erv ices t o d is p lay o n t h is
p o rt al.
On ce t h e p o rt al s ettin gs are co n fig u red , t h e n ewly co n fig u red p o r t al is ad d ed t o t h e
lis t o f p o rt al lay o u t s .
148
Unified Services Router
User Manual
Figure 100 : SSL VPN Portal configu rat ion
149
Unified Services Router
User Manual
Chapter 8. Advanced Configuration
Tools
8.1 USB Device Setup
Setup > USB Settings > USB Status
Th e DSR Un ified Serv ices Ro u t er h as a USB in t erface fo r p rin t er acces s , file s h arin g
an d
on
the
DSR-1000
/
DSR-1000N
mo d els
3G mo d em s u p p o rt .
Th ere is n o co n fig u rat io n o n t he GUI t o en ab le USB d ev ice s u p p o rt . Up o n in s ert in g
y o u r USB s t o rag e d ev ice, p rin t er cab le o r 3G mo d em t h e DSR ro u t er will
au t o mat ically d et ect t h e t y p e o f co n n ect ed p erip h eral.
USB M as s St o rag e: als o referred t o as a “s h are p o rt ”, files o n a USB d is k
co n n ect ed t o t h e DSR can b e acces s ed b y LA N u s ers as a n et wo rk d riv e.
USB Prin t er: Th e DSR can p ro v id e t h e LA N wit h acces s t o p rin t ers co n n ect ed
t h ro u g h t h e USB. Th e p rin t er d riv er will h av e t o b e in s t alled o n t h e LA N h o s t
an d t raffic will b e ro u t ed t h ro u g h t h e DSR b et ween t h e LA N an d p rin t er.
USB 3G mo d em: A 3G mo d em d o n g le can b e p lu g ged in an d u sed as a s eco n d ar y
W A N. Lo ad b alan cin g , au to-failo v er, o r p rimary W A N acces s can b e co n fig u red
t h ro u g h t h e 3G in t erface.
To co n fig u re p rin t er o n a W in d o ws mach in e, fo llo w b elo w g iv en s t ep s :
Click 'St art ' o n t h e d es kt o p .
Select ‘Prin t ers an d faxes ’ o p t io n .
Rig h t click an d s elect 'ad d p rin t er' o r click o n 'A d d p rin t er' p res en t at t h e left
men u .
Select t h e 'Net wo rk Prin t er' rad io b u t t on an d click n ext (s elect " d evice is n't lis t ed
in cas e o f W in d o ws 7" ).
Select t h e 'Co n n ect t o p rin ter u sin g URL' rad io b u t t o n ('Select a s hared p rin t er b y
n ame ‘in cas e o f W in d o ws 7) an d g iv e t h e fo llo win g URL h t t p :/ / <Ro u t er's LA N
IP ad d res s>:631/ p rin ters / <M o d el Name> (M o d el Name can b e fo u n d in t h e USB
s t at u s p ag e o f ro u t er's GUI).
Click 'n ext ' an d s elect t h e ap p ro p riat e d riv er fro m t h e d is p lay e d lis t .
Click o n 'n ext ' an d 'fin is h ' t o co mp let e ad d in g t h e p rin t er.
150
Unified Services Router
User Manual
Figure 101 : USB De vice De te ction
8.2 USB share port
Setup > USB Settings > USB SharePort
Th is p ag e allo ws co n fig u re t h e Sh arePo rt feat u re av ailab le in t h is ro u t er.
151
Unified Services Router
User Manual
Figure 102 : USB Share Port
US B -1 :
En ab le USB Prin t er: Select t h is o p t io n t o allo w t h e USB p rin t er co n n ect ed t o t h e
ro u t er t o b e s h ared acro s s t h e n et wo rk.
Th e USB p rin t er can b e acces s ed o n an y LA N h o s t (wit h ap p ro p riat e p rin t er d riv er
in s t alled ) co n nected t o t h e ro u t er b y u s in g t h e fo llo win g co mman d in t h e h o s t 's ad d
p rin t ers win d o w
h t t p :/ / <Ro uter's IP:631>/ p rin t ers/ <Device M od el> (Dev ice M o d el can b e fo u n d in t h e
USB s et t in g s p ag e).
En ab le Sh arin g : Select t h is o p tio n t o allo w t h e USB s t o rag e d ev ice co n n ect ed t o t h e
ro u t er t o b e s h ared acro s s t h e n et wo rk.
US B -2 :
En ab le USB Prin t er: Select t h is o p t io n t o allo w t h e USB p rin t er co n n ect ed t o t h e
ro u t er t o b e s h ared acro s s t h e n et wo rk.
Th e USB p rin t er can b e acces s ed o n an y LA N h o s t ( wit h ap p ro p riat e p rin t er d riv er
in s t alled ) co n nected t o t h e ro u t er b y u s in g t h e fo llo win g co mman d in t h e h o s t 's ad d
p rin t ers win d o w
h t t p :/ / <Ro uter's IP:631>/ p rin t ers/ <Device M od el> (Dev ice M o d el can b e fo u n d in t h e
USB s et t in g s p ag e).
152
Unified Services Router
User Manual
En ab le Sh arin g : Selec t t h is o p tio n t o allo w t h e USB s t o rag e d ev ice co n n ect ed t o t h e
ro u t er t o b e s h ared acro s s t h e n et wo rk.
S hari ng Enabl ed i nterfaces :
Th e LA N in t erfaces o n wh ich USB s h arin g is en ab led , at leas t o n e in t erface mu s t b e
s elect ed t o b eg in s h arin g .
En ab le Prin t er: En ab les p rin t er s h arin g o n t h e s elect ed in t erface.
En ab le St o rag e : En ab les s t o rag e d ev ice s h arin g o n t h e s elect ed in t erface .
8.3 SMS service
Setup > USB Settings > SMS Service
Th e DSR Un ified Serv ic es Ro u t er h as a USB in t erface t o co n n ect 3G mo d em s u p p o rt
t o s en d an d receiv e Sh o rt M essagin g Serv ice. Th e receiv ed mes s ag es can b e s een in
t h e In b o x a n d allo ws t h e u ser t o create a n ew SM S. If W A N3 is u s ed in d ed icat ed wan
mo d e, lo ad b alan cin g mo d e o r if 3G USB Dev ice is n o t co n n ect ed t o ro u t er t h en t h e
co n t ro ls o n t h is p ag e will b e g rey ed o u t .
Figure 103 : SM S Se rvice – Se nd SM S
Th e fo llo win g d et ails are d is p lay ed in SM S INBOX p ag e:
Sn o : Dis p lay s t h e s erial n u mb er o f mes s ag e in t h e in b o x.
Sen d er: Dis p lay s t h e s en d er o f t h e p art icu lar mes s ag e.
TimeSt amp : Dis p lay s t h e t ime wh en t h e mes s ag e was s en t
Text : Dis p lay s t h e co n t en t o f t h e p art icu lar M es s ag e.
Th e fo llo win g act io n s are p erfo rmed :
Delet e : Delet es t h e SM S h av in g t h at p art icu lar Sn o . On ly o n e mes s ag e can b e
d elet ed at a t ime.
Refres h : Up d at es t h e in b o x wit h n ew SM S (if an y ).
Rep ly : Let s t h e u s er creat e a n ew SM S in rep ly t o a p art icu lar mes s ag e b y t h e
s elect ed s en d er. “Receiv er" field in t h e creat eSms .h t m p ag e is filled wit h t h e
s en d er's n u mb er.
Fo rward : Let s t h e u s er fo rward a s elect ed SM S. " Text M es s ag e" field in t h e
creat eSms .h t m p ag e is filled wit h t h e " Text " o f t h e s elect ed mes s ag e.
153
Unified Services Router
User Manual
Figure 104 : SM S Se rvice – Re ce ive SM S
Th e fo llo win g d et ails t o b e p ro v id ed in Creat e M es s ag e p ag e:
Receiv er: En t er t h e p h o n e n u mb er o f t h e in t en d ed receiv er o f t h e mes s ag e.
Text M es s ag e : En t er t h e b o d y o f t h e mes s ag e h ere
Click Sen d M es s ag e t o s en d t h e mes s ag e.
Click Do n 't Sav e Set t in g s t o res et Receiv er an d Text M es s ag e field s .
8.4 Authentication Certificates
Advanced > Certificates
Th is g at eway u s es d ig it al cert ificat es fo r IPs ec VPN au t h en t icat io n as well as SSL
v alid at io n (fo r HTTPS an d SSL VPN au t h en t icat io n ). Yo u can o b t ain a d ig it al
cert ificat e fro m a well-kn o wn Cert ificat e A u t h o rit y (CA ) s u ch as VeriSig n , o r
g en erat e and s ign y ou r o wn certificat e u s ing fu nctio nalit y av ailab le o n t h is g at eway .
Th e g at eway co mes wit h a s elf -s ig n ed cert ificat e, an d t h is can b e rep laced b y o n e
s ig n ed b y a CA as p er y o u r n et wo rkin g r eq u iremen t s . A CA cert ificat e p ro v id es
s t ro n g as s u ran ce o f t h e s erv er’s id en t it y an d is a req u iremen t fo r mo s t co rp o rat e
n et wo rk VPN s o lu t io n s .
Th e cert ificat es men u allo ws y o u t o v iew a lis t o f cert ificat es (b o t h fro m a CA an d
s elf-s ig n ed ) cu rren t ly lo ad ed o n t h e g at eway . Th e fo llo win g cert ificat e d at a is
d is p lay ed in t h e lis t o f Tru s t ed (CA ) cert ificat es :
CA Id en t it y (Su b ject Name): Th e cert ificat e is is s u ed t o t h is p ers o n o r o rg an izat io n
Is s u er Name: Th is is t h e CA n ame t h at is s u ed t h is cert ificat e
Exp iry Time: Th e d at e aft er wh ich t h is Tru s t ed cert ificat e b eco mes in v alid
A s elf cert ificat e is a cert ificat e is s u ed b y a CA id en t ify in g y o u r d ev ice (o r s elf s ig n ed if y o u d o n’t wan t t h e id ent ity p ro tect ion o f a CA ). Th e A ct iv e Self Cert ificat e
154
Unified Services Router
User Manual
t ab le lis t s t h e s elf cert ificat es cu rren t ly lo ad ed o n t h e g at eway . Th e fo llo win g
in fo rmat io n is d is p lay ed fo r each u p lo ad ed s elf cert ificat e:
Name: Th e n ame y o u u s e t o id en t ify t h is cert ificat e, it is n o t d is p lay ed t o IPs ec
VPN p eers o r SSL u s ers .
Su b ject Name: Th is is t h e n ame t h at will b e d is p lay ed as t h e o wn er o f t h is
cert ificat e. Th is s ho uld b e y ou r o fficial reg is t ered o r co mp an y n ame, as IPs ec o r
SSL VPN p eers are s h o wn t h is field .
Serial Nu mb er: Th e s erial n u mb er is main t ain ed b y t h e CA an d u s ed t o id en t ify
t h is s ig n ed cert ificat e.
Is s u er Name: Th is is t h e CA n ame t h at is s u ed (s ig n ed ) t h is cert ificat e
Exp iry Time: Th e d at e aft er wh ich t h is s ig n ed cert ificat e b eco mes in v alid – y o u
s h o u ld ren ew t h e cert ificat e b efo re it exp ires .
To req u es t a s elf cert ificat e t o b e s ig n ed b y a CA , y o u can g en erat e a Cert ificat e
Sig n in g Req u est fro m t h e g at eway b y ent erin g id ent ificatio n p aramet ers an d p ass ing it
alo n g t o t h e CA fo r s ig n in g . On ce s ig n ed , t h e CA ’s Tru s t ed Cert ificat e an d s ig n ed
cert ificat e fro m t h e CA are u p lo ad ed t o act iv at e t h e s elf-cert ificat e v alid at in g t h e
id en t it y o f t h is g at eway . Th e s elf cert ificat e is t h en u s ed in IPs ec an d SSL
co n n ect io n s wit h p eers t o v alid at e t h e g at eway ’s au t h en t icit y .
Figure 105 : Ce rtificate s ummary for IPs e c and HTTPS manage me nt
155
Unified Services Router
User Manual
8.5 Advanced Switch Configuration
Th e DSR allo ws y o u t o ad ju st t h e p o wer co nsu mp tio n o f t h e h ard ware b as ed o n y o u r
act u al u s ag e. Th e t wo “g reen ” o p t io n s av ailab le fo r y o u r LA N s wit ch are Po wer
Sav in g b y Lin k St at u s an d Len g t h Det ect io n St at e. W it h “Po wer Sav in g b y Lin k
St at u s ” o p tio n en abled, t h e t ot al p o wer co n sump t ion b y t h e LA N s wit ch is d ep en d en t
fu n ct io n o f o n t h e n u mb er o f co n nect ed p o rt s. Th e o v erall cu rren t d raw wh en a s in g le
p o rt is co n n ect ed is les s t h an wh en all t h e p o rt s are co n n ect ed . W it h “Len g t h
Det ect io n St ate” o p t ion enabled , t he o v erall cu rren t s up plied t o a LA N p o rt is red u ced
wh en a s maller cab le len g t h is co n n ect ed o n a LA N p o rt .
Ju mb o Frames s u p p ort can b e co n figu red as an ad vanced s wit ch co nfig uratio n. Ju mb o
frames are Et h ern et frames wit h mo re t h an 1500 b y t es o f p ay lo ad . W hen t h is o p tio n is
en ab led , t h e LA N d ev ices can exch an g e in fo rmat io n at Ju mb o frames rat e.
Figure 106 : Advance d Switch Se ttings
156
Unified Services Router
User Manual
Chapter 9. Administration &
Management
9.1 Configuration Access Control
Th e p rimary mean s t o co n fig ure t h is g ateway v ia t h e b ro ws er -in d ep en d en t GUI. Th e
GUI can b e acces s ed fro m LA N n o d e b y u s in g t h e g at eway ’s LA N IP ad d res s an d
HTTP, o r fro m t h e W A N b y u s in g t h e g at eway ’s W AN IP ad d ress an d HTTPS (HTTP
o v er SSL).
A d min is t rat o r an d Gu es t u s ers are p ermit t ed t o lo g in t o t h e ro u t er’s man ag emen t
in t erface. Th e u s er t y pe is s et in t h e Advanced > Users > Users p ag e. Th e A d min or
Gu es t u s er can b e co nfig ured t o acces s t h e ro u t er GUI fro m t h e LA N o r t h e In t ern et
(W A N) b y en ab lin g t h e co rres p o n d in g Lo g in Po licy .
Figure 107 : Us e r Login policy configuratio n
9.1.1 Admin Settings
Tools > Admin > Admin settings
Th is p ag e allo ws t o p ro v id e t h e n ame o f t h e ro u t er.
157
Unified Services Router
User Manual
Figure 108 : Admin Se ttings
9.1.2 Remote Management
Tools > Admin > Remote Management
Bo t h HTTPS an d t eln et acces s can b e res t rict ed t o a s u b s et o f IP ad d res s es . Th e
ro u t er ad min is t rat o r can d efin e a kn o wn PC, s in g le IP ad d res s o r ran g e o f IP
ad d res ses t h at are allo wed t o access t he GUI wit h HTTPS. Th e o p en ed p o rt fo r SSL
t raffic can b e ch an g ed fro m t h e d efau lt o f 443 at t h e s ame t ime as d efin in g t h e
allo wed remo t e man ag emen t IP ad d res s ran g e .
158
Unified Services Router
User Manual
Figure 109 : Re mote M anage me nt from the WAN
9.1.3 CLI Access
In ad d it io n t o t h e web -b as ed GUI, t h e g at eway s u p p o rt s SSH an d Teln et
man ag emen t fo r co mman d -lin e in t eract io n . Th e CLI lo g in cred en t ials are s h ared
wit h t h e GUI fo r ad min is t rat o r u s ers . To acces s t h e CLI, t y p e “cli” in t h e SSH o r
co n s o le p ro mp t an d lo g in wit h ad min is t rat o r u s er cred en t ials .
9.2 SNMP Configuration
Tools > Admin > SNMP
SNM P is an ad d it io n al man ag emen t t o o l t h at is u s efu l wh en mu lt ip le ro u t ers in a
n et wo rk are b ein g man ag ed b y a cen t ral M as t er s y s t em. W h en a n ext ern al SNM P
man ag er is p ro v id ed wit h t h is ro u ter’s M anag emen t In fo rmat io n Bas e (M IB) file, t h e
man ag er can u p d ate t he ro u ter’s h ierarch al v ariab les t o v iew o r u p d at e co n fig u rat io n
p aramet ers . Th e ro u ter as a man ag ed d evice h as an SNM P ag en t t h at allo ws t h e M IB
co n fig u rat io n v ariab les t o b e acces s ed b y t h e M as t er (t h e SNM P man ag er). Th e
A cces s Co n tro l Lis t o n t h e ro ut er id en tifies man ag ers in t h e n et wo rk t h at h av e read o n ly o r read -writ e SNM P cred en t ials . Th e Trap s Lis t o u t lin es t h e p o rt o v er wh ich
n o t ificat io ns fro m t h is ro u t er a re p ro v id ed t o t h e SNM P co mmu n it y (man ag ers ) an d
als o t h e SNM P v ers io n (v 1, v 2c, v 3) fo r t h e t rap .
159
Unified Services Router
User Manual
Figure 110 : SNM P Us e rs , Traps , and Acce s s Control
Tools > Admin > SNMP System Info
Th e ro u t er is id en t ified b y an SNM P man ag er v i a t h e Sy s t em In fo rmat io n . Th e
id en t ifier s et t ing s Th e Sy s Name s et h ere is als o u sed t o id en tify t he ro u ter fo r Sy s Lo g
lo g g in g .
160
Unified Services Router
User Manual
Figure 111 : SNM P s ys te m inform at io n for this route r
9.3 Configuring Time Zone and NTP
Tools > Date and Time
Yo u can co n fig u re y o u r t ime zo n e, wh et h er o r n o t t o ad ju s t fo r Day lig h t Sav in g s
Time, an d wit h wh ich Net wo rk Time Pro t o co l (NTP) s erv er t o s y n ch ro n ize t h e d at e
an d t ime. Yo u can ch o o s e t o s et Dat e an d Time man u ally , wh ich will s t o re t h e
in fo rmat io n o n t h e ro u t er’s real t ime clo ck (RTC). If t h e ro u t er h as acces s t o t h e
in t ern et , t h e mo s t accurate mech anism t o s et t h e ro u t er t ime is t o en ab le NTP s erv er
co mmu n icat io n .
A ccu rat e d at e an d t ime o n t h e ro u ter is crit ical fo r firewall s ch ed u les , W i -Fi p o wer
s av in g s u p p o rt t o d is ab le A Ps at cert ain t imes o f t h e d ay , an d accu rat e lo g g in g .
Pleas e fo llo w t h e s t ep s b elo w t o co n fig u re t h e NTP s erv er:
1. Select the router’s time zone, relative to Greenwich Mean Time (GMT).
2. If supported for your region, click to Enable Daylight Savings.
3. Determine whether to use default or custom Network Time Protocol (NTP) servers. If
custom, enter the server addresses or FQDN.
161
Unified Services Router
User Manual
Figure 112 : Date , Time , and NTP s e rve r s e tup
9.4 Log Configuration
Th is ro u t er allo ws y o u t o capt ure lo g mes sag es fo r t raffic t h ro u g h t h e firewall, VPN,
an d o v er t h e wireles s A P. A s an ad min is t rat or y o u can mo n it o r t he t y pe o f t raffic t h at
g o es t h rou gh t h e ro ut er an d als o b e n ot ified o f p o t en t ial at t acks o r erro rs wh en t h ey
are d et ect ed b y t h e ro u t er. Th e fo llo win g s ect io n s d es crib e t h e lo g co n fig u rat io n
s et t in g s an d t h e way s y o u can acces s t h es e lo g s .
9.4.1 Defining W hat to Log
Tools > Log Settings > Logs Facility
Th e Lo g s Facilit y p ag e allo ws y o u t o d et ermin e t h e g ran u larit y o f lo g s t o receiv e
fro m t h e ro u t er. Th ere are t h ree co re co mp o n en t s o f t h e ro u t er, referred t o as
Facilit ies :
162
Unified Services Router
User Manual
Kern el: Th is refers t o t h e Lin u x kern el. Lo g mes s ag es t h at co rres p o n d t o t h is
facilit y wo u ld co rres p o n d t o t raffic t h ro u g h t h e firewall o r n et wo rk s t ack.
Sy s t em: Th is refers t o ap plicat ion an d man ag emen t lev el feat ures av ailab le o n this
ro u t er, in clu d in g SSL VPN an d ad min is t rat o r ch an g es fo r man ag in g t h e u n it .
W ireles s : Th is facilit y co rres p o n d s t o t h e 802.11 d riv er u s ed fo r p ro v id in g A P
fu n ct io n alit y t o y o u r n et wo rk.
Lo cal1-UTM : Th is facilit y co rres p o n d s t o IPS (In t ru s io n Prev en t io n Sy s t em)
wh ich h elp s in d et ect in g malicio u s in t ru s io n at t emp t s fro m t h e W A N.
Fo r each facilit y , t h e fo llo win g ev en t s (in o rd er o f s ev erit y ) can b e lo g g ed :
Emerg en cy , A lert , Crit ical, Erro r , W arn in g , No t ificat io n , In fo rmat io n , Deb u g g in g .
W h en a p art icu lar s ev erit y lev el is s elect ed , all ev en t s wit h s ev erit y eq u al t o an d
g reat er t h an t h e ch osen s ev erit y are cap t u red . Fo r examp le if y o u h av e co n fig u red
CRITICA L lev el lo g g in g fo r t h e W ireles s facilit y , t h en 802.11 lo g s wit h s ev erit ies
CRITICA L, A LERT, an d EM ERGENCY are lo g g ed . Th e s ev erit y lev els av ailab le
fo r lo g g in g are:
EM ERGENC Y: s y s t em is u n u s ab le
A LERT: act io n mu s t b e t aken immed iat ely
CRITICA L: crit ical co n d it io n s
ERROR: erro r co n d it io n s
W A RNING: warn in g co n d it io n s
NOTIFICA TION: n o rmal b u t s ig n ifican t co n d it io n
INFORM A TION: in fo rmat io n al
DEBUGGIN G: d eb u g -lev el mes s ag es
163
Unified Services Router
User Manual
Figure 113 : Facility s e ttings for Logging
Th e d is p lay fo r lo g g in g can b e cu st omized b as ed o n wh ere t h e lo g s are s en t , eit h er
t h e Ev en t Lo g v iewer in t h e GUI (t h e Ev en t Lo g v iewer is in t h e Status > Logs
p ag e ) o r a remo t e Sy s lo g s erv er fo r lat er rev iew. E-mail lo g s , d is cu s s ed in a
s u b sequ en t s ectio n, fo llo w t h e s ame co n fig u rat io n as lo g s co n fig u red fo r a Sy s lo g
s erv er.
Tools > Log Settings > Logs Configuration
Th is p ag e allo ws y o u t o d et ermin e t h e t y p e o f t raffic t h ro u g h t h e ro u t er t h at is
lo g g ed fo r d is p lay in Sy s lo g, E-mailed lo g s , o r t h e Ev en t Viewer. Den ial o f s erv ice
at t acks , g en eral at t ack in fo rmat io n , lo g in at t emp t s , d ro p p ed p acket s , an d s imilar
ev en t s can b e cap t u red fo r rev iew b y t h e IT ad min is t rat o r.
Traffic t h ro u g h each n etwo rk s egmen t (LA N, W A N, DM Z) can b e t racked b as ed o n
wh et h er t h e p acket was accep t ed o r d ro p p ed b y t h e firewall.
A ccep t ed Packet s are t h o s e t h at were s u cces s fu lly t ran s ferred t h ro u g h t h e
co rres p o n d in g n et wo rk s eg men t (i.e. LA N t o W A N). Th is o p t io n is p art icu larly
u s efu l wh en t h e Defau lt Ou t b o u n d Po licy is “Blo ck A lway s ” s o t h e IT ad min can
mo n it o r t raffic t h at is p as s ed t h ro u g h t h e firewall.
Examp le: If A ccep t Packet s fro m LA N t o W A N is en ab led an d t h ere is a
firewall ru le t o allo w SSH t raffic fro m LA N, t h en wh en ev er a LA N mach in e
164
Unified Services Router
User Manual
t ries t o make an SSH co n n ect io n , t h o s e p acket s will b e accep t ed an d a
mes s ag e will b e lo g g ed . (A s s u min g t h e lo g o p t io n is s et t o A llo w fo r t h e
SSH firewall ru le.)
Dro p p ed Packet s are p acket s t hat were in t en tio nally b lo cked fro m b ein g t ran s ferred
t h ro u g h t h e co rrespo ndin g n et work s eg men t. Th is o p tio n is u s efu l wh en t h e Defau lt
Ou t b o u n d Po licy is “A llo w A lway s ”.
Examp le: If Dro p Packet s fro m LA N t o W A N is en ab led an d t h ere is a
firewall ru le t o b lo ck SSH t raffic fro m LA N, t h en wh en ev er a LA N mach in e
t ries t o make an SSH co n n ect io n , t h o s e p acket s will b e d ro p p ed an d a
mes s ag e will b e lo g g ed . (M ake s u re t h e lo g o p t io n is s et t o allo w fo r t h is
firewall ru le.)
En ab lin g accep t ed p acket lo g g in g t h ro u g h t h e firewall may g en erat e a s ig n ifican t
v o lu me o f lo g mes s ag es d ep en d in g o n t h e t y p ical n et wo rk t raffic. Th is is
reco mmen d ed fo r d eb u g g in g p u rp o s es o n ly .
In ad d it io n t o n et work s egmen t lo g gin g, u n icast an d mu lt icast t raffic can b e lo g g ed .
Un icas t p acket s h av e a s in g le d es t in at io n o n t h e n et wo rk, wh ereas b ro ad cas t (o r
mu lt icas t ) p acket s are s en t t o all p o s s ib le d es t in at io n s s imu lt an eo u s ly . On e o t h er
u s efu l lo g co n tro l is t o lo g p acket s t h at are d ro p p ed d u e t o co n fig u red b an d wid t h
p ro files o v er a p art icu lar in t erface. Th is d ata will in d icat e t o t h e ad min wh et h er t h e
b an d wid t h p ro file h as t o b e mo d ified t o acco u n t fo r t h e d es ired in t ern et t raffic o f
LA N u s ers .
165
Unified Services Router
User Manual
Figure 114 : Log configuratio n options for traffic through route r
Tools > Log Settings > IPv6 logging
Th is p ag e allo ws y o u t o co n fig u re t h e IPv 6 lo g g in g
166
Unified Services Router
User Manual
Figure 115 : IPv6 Log configuratio n options for traffi c through route r
9.4.2 Sending Logs to E-mail or Syslog
Tools > Log Settings > Remote Logging
On ce y o u h av e co nfig ured t h e t y pe o f lo g s t h at y o u wan t t h e ro u t er t o co llect , t h ey
can b e s en t t o eit h er a Sy s log server o r an E-M ail ad d res s. Fo r remo t e lo g g in g a key
co n fig u ratio n field is t h e Remo t e Lo g Id en t ifier. Ev ery lo g g ed mes sag e will co n t ain
t h e co n fig u red p refix o f t h e Remo t e Lo g Id en t ifier, s o t h at s y s lo g s erv ers o r email
ad d res s es t h at receiv e lo g s fro m mo re t h an o n e ro u t er can s o rt fo r t h e relev an t
d ev ice’s lo g s .
On ce y o u en ab le t h e o p t io n t o e -mail lo g s , en t er t h e e -mail s erv er’s ad d res s (IP
ad d res s o r FQDN) o f t h e SM TP s erv er. Th e ro u ter will co n n ect t o t h is s erv er wh en
s en d in g e -mails o u t t o t h e co nfig u red ad d res s es . Th e SM TP p o rt an d ret u rn e -mail
ad d res ses are req u ired field s t o allo w t h e ro u ter t o p ackage t he lo g s an d s end a v alid
e-mail t h at is accep ted b y o ne o f t h e co nfig ured “s end -to ” ad dress es . Up t o t h ree e mail ad d res s es can b e co n fig u red as lo g recip ien t s .
In o rd er t o es t ablis h a co n n ectio n wit h t h e co nfig ured SM TP p o rt an d s erv er, d efin e
t h e s erv er’s au t h en t icat io n req u iremen t s . Th e ro u t er s u p p o rt s Lo g in Plain (n o
en cry p t ion ) o r CRA M -M D5 (en cry p ted) fo r t h e u s ern ame an d p as s wo rd d at a t o b e
s en t t o t h e SM TP s erv er. A u th en ticat io n can b e d is ab led if t h e s erv er d o es n o t h av e
t h is req u iremen t . In s ome cas es t h e SM TP s erver may s en d o u t IDENT req u es ts, an d
t h is ro u t er can h av e t h is res p o n s e o p t io n en ab led as n eed e d .
On ce t h e e -mail s erv er an d recip ient d etails are d efin ed y o u can d etermin e wh en t h e
ro u t er s h ou ld s end o ut lo g s. E-mail lo g s can b e s ent o u t b ased o n a d efin ed s ch ed u le
b y firs t ch o o s in g t h e u n it (i.e. t h e freq u en cy ) o f s en d in g lo g s : Ho u rly , Daily , o r
W eekly . Select in g Nev er will d is ab le lo g e -mails b u t will p res erv e t h e e -mail s erv er
s et t in g s .
167
Unified Services Router
User Manual
Figure 116 : E-mail configurat io n as a Re mote Logging option
A n ext ern al Sy s lo g s erver is o ft en u sed b y n etwo rk ad min is trato r t o collect an d s tore
lo g s fro m t h e ro u t er. Th is remo t e d evice t y pically h as les s memo ry co n s t rain t s t h an
t h e lo cal Ev en t Viewer o n t h e ro u t er’s GUI, an d t h u s can co llect a co n s id erab le
n u mb er o f lo g s o v er a s u stain ed p eriod . Th is is t y pically v ery u s efu l fo r d eb u g g in g
n et wo rk is s u es o r t o mo n it o r ro u t er t raffic o v er a lo n g d u rat io n .
Th is ro u t er s up port s u p t o 8 co n cu rren t S y s lo g s erv ers . Each can b e co n fig u red t o
receiv e d ifferen t lo g facilit y mes s ag es o f v ary in g s ev er it y. To en able a Sy s lo g s erver
s elect t h e ch eckbo x n ext t o an emp t y Sy s lo g s erver field an d assig n t h e IP ad d ress or
FQDN t o t h e Name field . Th e s elect ed facilit y an d s ev erit y lev el mes s ag es will b e
168
Unified Services Router
User Manual
s en t t o t h e co nfig u red (an d en abled) S y s log server o n ce y o u s av e t h is co n fig u rat io n
p ag e’s s et t in g s .
Figure 117 : Sys log s e rve r configuratio n for Re mote Logging (continue d)
9.4.3 Ev ent Log Viewer in GUI
Status > Logs > View All Logs
Th e ro u t er GUI let s y o u o b s erv e co n fig u red lo g mes s ag es fro m t h e St at u s men u .
W h en ev er t raffic t h ro u g h o r t o t h e ro u t er mat ch es t h e s et t in g s d et ermin ed in t h e
Tools > Log Settings > Logs Facility o r Tools > Log Settings > Logs
Configuration p ag es , t h e co rres p o n d in g lo g mes s ag e will b e d is p lay ed in t h is
win d o w wit h a t imes t amp .
It is v ery imp o rt an t t o h av e accu rat e s y s t em t ime (man u ally s et o r fro m a NTP
s erv er) in o rd er t o u n d ers t an d lo g mes s ag es .
Status > Logs > VPN Logs
Th is p ag e d is p lay s IPs ec VPN lo g mes s ag es as d et ermin ed b y t h e co n fig u rat io n
s et t in g s fo r facilit y an d s ev erit y . Th is d at a is u s efu l wh en ev alu at in g IPs ec VPN
t raffic an d t u n n el h ealt h .
169
Unified Services Router
User Manual
Figure 118 : VPN logs dis playe d in GUI e ve nt vie we r
9.5 Backing up and Restoring Configuration
Settings
Tools > System
Yo u can b ack u p t h e ro u t er’s cu s t o m co n fig u rat io n s et t in g s t o res t o re t h em t o a
d ifferen t d ev ice o r t h e s ame ro u t er aft er s o me o t h er ch an g es . Du rin g b acku p , y o u r
s et t in gs are s aved as a file o n y o u r h o st. Yo u can res t o re t h e ro u t er's s av ed s et t in g s
fro m t h is file as well. Th is p ag e will als o allo w y o u rev ert t o facto ry d efau lt s et t in g s
o r execu t e a s o ft reb o o t o f t h e ro u t er.
IMPORTANT! Du rin g a res t o re o p erat io n , d o NOT t ry t o g o o n lin e, t u rn o ff t h e
ro u t er, s h ut d o wn t h e PC, o r d o an y t h in g els e t o t h e ro u t er u n t il t h e o p erat io n is
co mp let e. Th is will t ake ap p ro ximat ely 1 min u t e . On ce t h e LEDs are t u rn ed o ff,
wait a few mo re s eco n d s b efo re d o in g an y t h in g wit h t h e ro u t er.
Fo r b ackin g u p co nfig u rat io n o r res t o rin g a p rev io u s ly s av ed co n fig u rat io n , p leas e
fo llo w t h e s t ep s b elo w:
1. To save a copy of your current settings, click the Backup button in the Save Current
Settings option. The browser initiates an export of the configuration file and prompts to
save the file on your host.
170
Unified Services Router
User Manual
2. To restore your saved settings from a backup file, click Browse then locate the file on the
host. After clicking Restore, the router begins importing the file’s saved configuration
settings. After the restore, the router reboots automatically with the restored settings.
3. To erase your current settings and revert to factory default settings, click the Default
button. The router will then restore configuration settings to factory defaults and will
reboot automatically. (See Appendix B for the factory default parameters for the router).
Figure 119 : Re s toring configuratio n from a s ave d file will re s ult in the
curre nt configurat io n be ing ove rwritte n and a re boot
9.6 Upgrading Router Firmware
Tools > Firmware
Yo u can u p g rad e t o a n ewer s o ft ware v ers io n fro m t h e A d min is t rat io n web p ag e. In
t h e Firmware Up g rad e s ect io n , t o u p g rad e y o u r firmware, click Bro ws e , lo cat e an d
s elect t h e firmware imag e o n y o u r h o s t , an d click Up g rad e . A ft er t h e n ew firmware
imag e is v alid at ed , t h e n ew imag e is writ t en t o flas h , an d t h e ro u t er is au t o mat ically
reb o o t ed wit h t h e n ew firmware. Th e Firmware In fo rmat io n an d als o t h e Status >
Device Info > Device Status p ag e will reflect t h e n ew firmware v ers io n .
IMPORTANT! Du rin g firmware u p g rad e, d o NOT t ry t o g o o n lin e, t u rn o ff t h e
DSR, s h u t d o wn t h e PC, o r in t erru p t t h e p ro ce s s in an y way u n t il t h e o p erat io n is
co mp let e. Th is s h o u ld t ake o n ly a min u t e o r s o in clu d in g t h e reb o o t p ro ces s .
In t erru p t ing t he u p grade p rocess at s pecific p o in t s wh en t h e flas h is b ein g writ t en
t o may co rru p t t h e flas h memo ry an d ren d er t h e ro ut er u n usa ble wit h o ut a lo w-lev el
p ro ces s o f res t o rin g t h e flas h firmware (n o t t h ro u g h t h e web GUI).
171
Unified Services Router
User Manual
Figure 120 : Firmware ve rs ion inform atio n and upgrade option
Th is ro u t er als o s u ppo rts an au to mat ed n o t ificat io n t o d et ermin e if a n ewer f irmware
v ers io n is av ailab le fo r t h is ro u t er. By clickin g t h e Ch eck No w b u t t o n in t h e
n o t ificat io n sectio n, t h e ro u t er will ch eck a D -Lin k s erv er t o s ee if a n ewer firmware
v ers io n fo r t h is ro u t er is av ailab le fo r d o wn lo ad an d u p d at e t h e St at u s field b elo w .
IMPORTANT! A ft er firmware 1.04B13, n ew u s er d at ab as e arch it ect u re is
in t ro d u ced . Th e n ew u s er d at ab as e is eas ier t o s et u p an d mo re in t u it iv ely t o u s e.
W h en u s ers u p g rad e DSR’s firmware t o 1.04B13 o r lat t er, DSR will au t o mat ically
merg e u s ers in t h e o ld d at ab ase in t o t h e n ew o n e. Ho wev er, all u s er d at ab as es will
b e s wep t away wh en u sers d own grade firmware fro m 1.04B13 t o t h e o ld er o n e, e.g .
1.03B43. Pleas e keep in min d : b acku p y o u r u ser d atabase fo r fu rt h er rest orin g o n ce
y o u d ecid e t o d o wn g rad e firmware t o t h e o ld er o n e.
9.7 Upgrading Router Firmware via USB
Tools > Firmware via USB
Th is p ag e allo ws u ser t o u pg rad e t h e firmware, b acku p an d rest ore t he s et tin gs u sing a
USB s t o rag e key .
172
Unified Services Router
User Manual
Figure 121 : Firmware upgrade and configurat io n re s tore /back up via USB
9.8 Dynamic DNS Setup
Tools > Dynamic DNS
Dy n amic DNS (DDNS) is an In t ern et s ervice t h at allo ws ro u t ers wit h v ary in g p u b lic
IP ad d res s es t o b e lo cat ed u s in g In t ern et d o main n ames . To u s e DDNS, y o u mu s t
s et u p an acco u n t wit h a DDNS p ro v id er s u ch as Dy n DNS.o rg , D-Lin k DDNS, o r
Oray .n et .
Each co n fig u red W A N can h av e a d ifferen t DDNS s erv ice if req u ired . On ce
co n fig u red, t h e ro u ter will u p d at e DDNS s erv ices ch an ges in t h e W A N IP ad d res s s o
t h at feat u res t h at are d ep en d en t o n acces s in g t h e ro u t er’s W A N v ia FQDN will b e
d irect ed t o t h e co rrect IP ad d ress. W hen y o u s et u p an acco u n t wit h a DDNS s erv ice,
t h e h o s t an d d o main n ame, u s ername, p asswo rd an d wild card s u ppo rt will b e p ro v id ed
b y t h e acco u n t p ro v id er.
173
Unified Services Router
User Manual
Figure 122 : Dynamic DNS configurat ion
9.9 Using Diagnostic Tools
Tools > System Check
Th e ro u t er h as b u ilt in t o o ls t o allo w an ad min is t rator t o ev alu at e t h e co mmu n icat io n
s t at u s an d o v erall n et wo rk h ealt h .
174
Unified Services Router
User Manual
Figure 123 : Route r diagnos tics tools availab le in the GUI
9.9.1 Ping
Th is u t ilit y can b e u s ed t o t est co n nect ivit y b et ween t h is ro u t er an d an o t h er d ev ice
o n t h e n et wo rk co n n ect ed t o t h is ro u t er. En t er an IP ad d res s an d click PING. Th e
co mman d o u t p u t will a p p ear in d icat in g t h e ICM P ech o req u es t s t at u s .
9.9.2 Trace Route
Th is u t ilit y will d is p lay all t h e ro u t ers p res en t b et ween t h e d es t in at io n IP ad d res s
an d t h is ro u ter. Up t o 30 “h o p s ” (in t ermed iate ro u t ers ) b et ween t h is ro u t er an d t h e
d es t in at io n will b e d is p lay ed .
175
Unified Services Router
User Manual
Figure 124 : Sample trace route output
9.9.3 DNS Lookup
To ret riev e t h e IP ad d ress o f a W eb , FTP, M ail o r an y o t h er s erv er o n t h e In t ern et ,
t y p e t h e In t ern et Name in t h e t ext b o x an d click Lo o ku p . If t h e h o s t o r d o main en t ry
exis t s , y o u will s ee a res p o n s e wit h t h e IP ad d res s . A mes s ag e s t at in g “Un kn o wn
Ho s t ” in d icat es t h at t h e s p ecified In t ern et Name d o es n o t exis t .
Th is feat u re as s u mes t h ere is in t ern et acces s av ailab le o n t h e W A N lin k(s ) .
9.9.4 Router Options
Th e s t at ic an d d y namic ro u t es co n fig u red o n t h i s ro u t er can b e s h o wn b y clickin g
Dis p lay fo r t h e co rres po n d in g ro u t in g t ab le. Clickin g t h e Packet Trace b u t t o n will
allo w t h e ro u t er t o cap t u re an d d is p lay t raffic t h ro u g h t h e DSR b et ween t h e LA N
an d W A N in t erface as well. Th is in fo rmat io n is o ft en v ery u s efu l in d eb u g g in g
t raffic an d ro u t in g is s u es .
176
Unified Services Router
User Manual
9.10 Localization
Tools > Set Language
Th e ro u t er h as b u ilt in t o o ls t o allo w ch an g e t h e d efau lt lan g u ag e (En g lis h ) t o fo u r
d ifferen t lan g u ag es . (Fren ch , Deu t s ch e , Sp an is h an d It alian )
Figure 125 : Localizatio n
177
Unified Services Router
User Manual
Chapter 10. Router Status and
Statistics
10.1 System Overview
Th e St at u s p ag e allo ws y o u t o g et a d et ailed o v erv iew o f t h e s y s t em co n fig u rat io n .
Th e s et t in g s fo r t h e wired an d wireles s in t erfaces are d is p lay ed in t h e DSR St at u s
p ag e, an d t h en t h e res u lt in g h ard ware res o u rce an d ro u t er u s ag e d et ails are
s u mmarized o n t h e ro u t er’s Das h b o ard .
10.1.1 Dev ice Status
Status > Device Info > Device Status
Th e DSR St at u s p ag e g iv es a s u mmary o f t h e ro u t er co n fig u rat io n s et t in g s
co n fig u re d in t h e Set u p an d A d vanced men u s. Th e s tatic h ardware s erial n u mb er and
cu rren t firmware v ers io n are p resen t ed in t h e Gen eral s ect io n . Th e W A N an d LA N
in t erface in fo rmat io n s h o wn o n t h is p ag e are b as ed o n t h e ad min is t rat o r
co n fig u ratio n p aramet ers. Th e ra d io b and an d ch annel s ett in g s are p res en t ed b elo w
alo n g wit h all co n fig u red an d act iv e A Ps t h at are en ab led o n t h is ro u t er.
178
Unified Services Router
User Manual
Figure 126 : De vice Status dis play
179
Unified Services Router
User Manual
Figure 127 : De vice Status dis play (continue d)
10.1.2 Resource Utilization
Status > Device Info > Dashboard
Th e Das h b oard p ag e p resents h ard ware an d u sag e s t at is t ics . Th e CPU an d M emo ry
u t ilizat io n is a fu n ct io n o f t h e av ailab le h ard ware an d cu rren t co n fig u rat io n an d
t raffic t h ro u g h t h e ro u t er. In t erface s t at is t ics fo r t h e wired co n n ect io n s (LA N,
W A N1, W A N2/ DM Z, VLA Ns ) p ro v id e in d icat io n o f p acket s t h ro u g h an d p acket s
d ro p p ed b y t h e in t erface. Click refres h t o h av e t h is p ag e ret riev e t h e mo s t cu rren t
s t at is t ics .
180
Unified Services Router
User Manual
Figure 128 : Re s ource Utilizatio n s tatis tics
181
Unified Services Router
User Manual
Figure 129 : Re s ource Utilizatio n data (continue d)
182
Unified Services Router
User Manual
Figure 130 : Re s ource Utilizatio n data (continue d)
10.2 Traffic Statistics
10.2.1 W ired Port Statistics
Status > Traffic Monitor > Device Statistics
Det ailed t ran s mit an d receiv e s t at is t ics fo r each p h y s ical p o rt are p res en t ed h ere.
Each in t erface (W A N1, W A N2/ DM Z, LA N, an d VLA Ns ) h av e p o rt s p ecific p acket
lev el in fo rmat io n p ro v id ed fo r rev iew. Tran s mit t ed/receiv ed p acket s, p ort co llis ions,
an d t h e cu mu lat in g b y tes/sec fo r t ran s mit / receiv e d irect io n s are p ro v id ed fo r each
in t erface alo n g wit h t h e p o rt u p t ime. If y o u s u s p ect is s u es wit h an y o f t h e wired
p o rt s , t h is t ab le will h elp d iag n o s e u p t ime o r t ran s mit lev el is s u es wit h t h e p o rt .
Th e s t at ist ics t ab le h as au t o-refresh co ntro l wh ich allo ws d is play o f t h e mo s t cu rrent
p o rt lev el d at a at each p ag e refres h . Th e d efau lt au t o -refres h fo r t h is p ag e is 10
s eco n d s .
183
Unified Services Router
User Manual
Figure 131 : Phys ical port s tatis tics
10.2.2 W ireless Statistics
Status > Traffic Monitor > Wireless Statistics
Th e W ireles s St at is t ics t ab d is p lay s t h e in cremen t in g t raffic s t at is t ics fo r each
en ab led access p o in t . Th is p ag e will g iv e a s n ap s h o t o f h o w mu ch t raffic is b ein g
t ran s mit t ed o v er each wireles s lin k. If y o u s u s p ect t h at a rad io o r VA P may b e
d o wn , t h e d et ails o n t h is p ag e wo u ld co n firm if t raffic is b ein g s en t an d receiv ed
t h ro u g h t h e VA P.
Th e clien t s co nn ected t o a p art icular A P can b e v iewed b y u s in g t h e S t at u s Bu t t o n
o n t h e lis t o f A Ps in t h e Setup > Wireless > Access Points p age. Traffic s t atis tics
are s h o wn fo r t h at in d ivid ual A P, as co mp ared t o t h e s ummary s t at s fo r each A P o n
t h is St at is t ics p ag e . Th e p o ll in t erv al (t h e refres h rat e fo r t h e s t at is t ics ) can b e
mo d ified t o v iew mo re freq u en t t raffic an d co llis io n s t at is t ics .
184
Unified Services Router
User Manual
Figure 132 : AP s pe cific s tatis tics
10.3 Active Connections
10.3.1 Sessions through the Router
Status > Active Sessions
Th is t ab le lis t s t h e act iv e in t ern et s es s io n s t h ro u g h t h e ro u t er’s firewall. Th e
s es s io n ’s p ro t o co l, s t at e , lo cal an d remo t e IP ad d res s es are s h o wn .
185
Unified Services Router
User Manual
Figure 133 : Lis t of curre nt Active Fire wall Se s s ions
186
Unified Services Router
User Manual
10.3.2 W ireless Clients
Status > Wireless Clients
Th e clien t s co n n ect ed t o a p art icu lar A P can b e v iewed o n t h is p ag e. Co n n ect ed
clien t s are s o rted b y t h e M A C ad d ress an d in d icat e t h e securit y p aramet ers u s ed b y
t h e wireles s lin k, as well as t h e t ime co n n ect ed t o t h e co rres p o n d in g A P.
Th e s t at ist ics t ab le h as au t o-refresh co ntro l wh ich allo ws d is pla y o f t h e mo s t cu rrent
p o rt lev el d at a at each p ag e refres h . Th e d efau lt au t o -refres h fo r t h is p ag e is 10
s eco n d s .
Figure 134 : Lis t of conne cte d 802.11 clie nts pe r AP
10.3.3 LAN Clients
Status > LAN Clients
Th e LA N clien t s t o t h e ro u t er are id en t ified b y a n A RP s can t h ro u g h t h e LA N
s wit ch . Th e Net Bio s n ame (if av ailab le), IP ad d ress an d M AC ad d ress o f d is co vered
LA N h o s t s are d is p lay ed .
187
Unified Services Router
User Manual
Figure 135 : Lis t of LAN hos ts
10.3.4 Activ e VPN Tunnels
Status > Active VPNs
Yo u can v iew an d ch an g e t h e s t at us (co nn ect o r d ro p ) o f t h e ro ut er’s IPs ec s ecu rit y
as s o ciat ions. Here , t h e act iv e IPs ec SA s (s ecurit y as sociatio ns) are lis t ed alo n g wit h
t h e t raffic d et ails an d t u n n el s t at e. Th e t raffic is a cu mu lat iv e meas u re o f
t ran s mit t ed / receiv ed p acket s s in ce t h e t u n n el was es t ab lis h ed .
If a VPN p o licy s t at e is “ IPs ec SA No t Es t ab lis h ed ”, it can b e en ab led b y clickin g
t h e Co n n ect b u tt on o f t h e co rrespo ndin g p o licy . Th e A ct ive IPs ec SA s t ab le d isp lays
a lis t o f act iv e IPs ec SA s . Ta b le field s are as fo llo ws .
Fie ld
De s cription
Policy Name
IKE or VPN policy associated with this SA.
Endpoint
IP address of the remote VPN gatew ay or client.
Tx (KB)
Kilobytes of data transmitted over this SA.
Tx (Packets)
Number of IP packets transmitted over this SA.
State
Status of the SA for IKE policies: Not Connected or IPsec SA Established.
188
Unified Services Router
User Manual
Figure 136 : Lis t of curre nt Active VPN Se s s ions
A ll act iv e SSL VPN co n n ect ion s, b ot h fo r VPN t u n n el an d VPN Po rt fo rward in g , are
d is p lay ed o n t h is p ag e as well. Tab le field s are as fo llo ws .
Fie ld
De s cription
User Name
The SSL VPN user that has an active tunnel or port forwarding session to this
router.
IP Address
IP address of the remote VPN client.
Local PPP Interface
The interface (WAN1 or WAN2) through w hich the session is active.
Peer PPP Interface IP
The assigned IP address of the virtual netw ork adapter.
Connect Status
Status of the SSL connection betw een this router and the remote VPN client: Not
Connected or Connected.
189
Unified Services Router
User Manual
Chapter 11. Trouble Shooting
11.1 Internet connection
S ymptom: Yo u can n o t access t h e ro ut er’s web -co n fig u rat io n in t erface fro m a PC o n
y o u r LA N.
Recommended acti on:
1. Check the Ethernet connection between the PC and the router.
2. Ensure that your PC’s IP address is on the same subnet as the router. If you are using the
recommended addressing scheme, your PC’s address should be in the range 192.168.1 0.2
to 192.168.10.254.
3. Check your PC’s IP address. If the PC cannot reach a DHCP server, some versions of
Windows and Mac OS generate and assign an IP address. These auto-generated addresses
are in the range 169.254.x.x. If your IP address is in this range, check the connection from
the PC to the firewall and reboot your PC.
4. If your router’s IP address has changed and you don’t know what it is, reset the router
configuration to factory defaults (this sets the firewall’s IP address to 192.168.10.1).
5. If you do not want to reset to factory default settings and lose your configuration, reboot
the router and use a packet sniffer (such as Ethereal™) to capture packets sent during the
reboot. Look at the Address Resolution Protocol (ARP) packets to locate the router’s LAN
interface address.
6. Launch your browser and ensure that Java, JavaScript, or ActiveX is enabled. If you are
using Internet Explorer, click Refresh to ensure that the Java applet is loaded. Close the
browser and launch it again.
7. Ensure that you are using the correct login information. The factory default login name is
admin and the password is password. Ensure that CAPS LOCK is off when entering this
information.
S ymptom: Ro u t er d o es n o t s av e co n fig u rat io n ch an g es .
Recommended acti on:
1. When entering configuration settings, click Apply before moving to another menu or tab;
otherwise your changes are lost.
2. Click Refresh or Reload in the browser. Your changes may have been made, but the
browser may be caching the old configuration.
190
Unified Services Router
User Manual
S ymptom: Ro u t er can n o t acces s t h e In t ern et .
Pos s i bl e caus e: If y o u u se d y namic IP ad d resses, y ou r ro u ter may n o t h ave req ues t ed
an IP ad d res s fro m t h e ISP.
Recommended acti on:
1. Launch your browser and go to an external site such as www.google.com.
2. Access the firewall’s configuration main menu at http://192.168.10.1.
3. Select Monitoring > Router Status .
4. Ensure that an IP address is shown for the WAN port. If 0.0.0.0 is shown, your firewall
has not obtained an IP address from your ISP. See the next symptom.
S ymptom: Ro u t er can n o t o b t ain an IP ad d res s fro m t h e ISP.
Recommended acti on:
1. Turn off power to the cable or DSL modem.
2. Turn off the router.
3. Wait 5 minutes, and then reapply power to the cable or DSL modem.
4. When the modem LEDs indicate that it has resynchronized with the ISP, reapply power to
the router. If the router still cannot obtain an ISP address, see the next symptom.
S ymptom: Ro u t er s t ill can n o t o b t ain an IP ad d res s fro m t h e ISP.
Recommended acti on:
1. Ask your ISP if it requires a login program — PPP over Ethernet (PPPoE) or some other
type of login.
2. If yes, verify that your configured login name and password are correct.
3. Ask your ISP if it checks for your PC's hostname.
4. If yes, select Network Configuration > WAN Settings > Ethernet ISP
Settings and set the account name to the PC hostname of your ISP account.
5. Ask your ISP if it allows only one Ethernet MAC address to connect to the Internet, and
therefore checks for your PC’s MAC address.
6. If yes, inform your ISP that you have bought a new network device, and ask them to use
the firewall’s MAC address.
7. Alternatively, select Network Configuration > WAN Settings > Ethernet ISP
Settings and configure your router to spoof your PC’s MAC address.
191
Unified Services Router
User Manual
S ymptom: Ro u t er can o b tain an IP ad d ress, b ut PC is u n ab le t o lo ad In t ern et p ag es .
Recommended acti on:
1. Ask your ISP for the addresses of its designated Domain Name System (DNS) servers.
Configure your PC to recognize those addresses. For details, see your operating system
documentation.
2. On your PC, configure the router to be its TCP/IP gateway.
11.2 Date and time
S ymptom: Dat e s h o wn is Jan u ary 1, 1970.
Pos s i bl e caus e: Th e ro u t er h as n o t y et s u cces s fu lly reach ed a n et wo rk t ime s erv er
(NTS).
Recommended acti on:
1. If you have just configured the router, wait at least 5 minutes, select Administration >
Time Zone , and recheck the date and time.
2. Verify your Internet access settings.
S ymptom: Time is o ff b y o n e h o u r.
Pos s i bl e caus e : Th e ro ut er d o es n ot au tomat ically ad ju s t fo r Day lig h t Sav in g s Time.
Recommended acti on:
1. Select Administration > Time Zone and view the current date and time settings.
2. Click to check or uncheck “Automatically adjust for Daylight Savings Time”, then click
Apply.
11.3 Pinging to Test LAN Connectivity
M o s t TCP/ IP t ermin al d ev ices an d firewalls co n tain a p in g u t ilit y t h at s end s an ICM P
ech o -req uest p acket t o t he d esign at ed d evice. Th e DSR res p o n d s wit h an ech o rep ly .
Tro u b les hoo tin g a TCP/ IP n et wo rk is mad e v ery eas y b y u s ing t he p in g u t ilit y in y o u r
PC o r wo rks t at io n .
11.3.1 Testing the LAN path from your PC to your
router
1. From the PC’s Windows toolbar, select Start > Run.
2. Type ping <IP_address> where <IP_address> is the router’s IP address. Example: ping
192.168.10.1.
3. Click OK.
192
Unified Services Router
User Manual
4. Observe the display:
If t h e p at h is wo rkin g , y o u s ee t h is mes s ag e s eq u en ce:
Pin g in g <IP ad d res s > wit h 32 b y t es o f d at a
Rep ly fro m <IP ad d res s >: b y t es =32 t ime=NN ms TTL=xxx
If t h e p at h is n o t wo rkin g , y o u s ee t h is mes s ag e s eq u en ce:
Pin g in g <IP ad d res s > wit h 32 b y t es o f d at a
Req u es t t imed o u t
5. If the path is not working, Test the physical connections between PC and router
If t h e LA N p o rt LED is o ff, g o t o t h e “LED d is p lay s” s ectio n o n p age B 1 an d fo llo w in s t ru ct io n s fo r “LA N o r In t ern et p o rt LEDs are n o t lit .”
Verify t h at t h e co rres p o n d in g lin k LEDs are lit fo r y o u r n et wo rk
in t erface card an d fo r an y h u b p o r t s t h at are co n n ect ed t o y o u r
wo rks t at io n an d firewall.
6. If the path is still not up, test the network configuration:
Verify t h at t h e Et h ern et card d riv er s o ft ware an d TCP/ IP s o ft ware are
in s t alled an d co n fig u red o n t h e PC.
Verify t h at t h e IP ad d res s fo r t h e ro u t er an d PC are co rrect an d o n t h e
s ame s u b n et .
11.3.2 Testing the LAN path from your PC to a remote
dev ice
1. From the PC’s Windows toolbar, select Start > Run.
2. Type ping -n 10 <IP_address> where -n 10 specifies a maximu m of 10 tries and <IP
address> is the IP address of a remote device such as your ISP’s DNS server. Example:
ping -n 10 10.1.1.1.
3. Click OK and then observe the display (see the previous procedure).
4. If the path is not working, do the following:
Ch eck t h at t h e PC h as t h e IP ad d res s o f y o u r firewall lis t ed as t h e
d efau lt g at eway . (If t h e IP co n fig u rat io n o f y o u r PC is as s ig n ed b y
DHCP, t h is in fo rmat io n is n o t v is ib le in y o u r PC’s Net wo rk Co n t ro l
Pan el.)
193
Unified Services Router
User Manual
Verify t h at t h e n etwo rk (s ub net) ad dress o f y o ur PC is d ifferen t fro m t he
n et wo rk ad d res s o f t h e re mo t e d ev ice.
Verify t h at t h e cab le o r DSL mo d em is co n n ect ed an d fu n ct io n in g .
A s k y o u r ISP if it as s ig n ed a h o s t n ame t o y o u r PC.
If y es , s elect Network Configuration > WAN Settings > Ethernet ISP
Settings an d en t er t h at h o s t n ame as t h e ISP acco u n t n ame.
A s k y o u r ISP if it reject s t h e Et h ernet M A C ad d res s es o f all b u t o n e o f
y o u r PCs .
M an y b ro adb an d ISPs res trict acces s b y allo win g t raffic fro m t h e M A C ad d res s o f
o n ly y o u r b ro adb and mo d em; b u t so me ISPs ad d it ion ally res trict access t o t h e M A C
ad d res s o f ju s t a s in g le PC co n n ect ed t o t h at mo d em. If t h is is t h e cas e, co n fig u re
y o u r firewall t o clo n e o r s p o o f t h e M A C ad d res s fro m t h e au t h o rized PC.
11.4 Restoring factory-default configuration
settings
To res t o re fact o ry -d efau lt co n fig u rat io n s et t in g s , d o eit h er o f t h e fo llo win g :
1. Do you know the account password and IP address?
If y es , s elect Administration > Settings Backup & Upgrade an d
click d efau lt .
If n o , d o t h e fo llo win g :
On t h e rear p an el o f t h e ro u ter, p ress an d h o ld t h e Res et b u t t o n ab o u t 10 s eco n d s ,
u n t il t h e t es t LED lig h t s an d t h en b lin ks .
Releas e t h e b u t t o n an d wait fo r t h e ro u t er t o reb o o t .
2. If the router does not restart automatically; manually restart it to make the default settings
effective.
3. After a restore to factory defaults —whether initiated from the configuration interface or
the Reset button — the following settings apply:
LA N IP ad d res s : 192.168.10.1
Us ern ame: ad min
Pas s wo rd : ad min
DHCP s erv er o n LA N: en ab led
W A N p o rt co n fig u rat io n : Get co n fig u rat io n v ia DHCP
194
Chapter 12. Credits
M icro s o ft , W in d o ws are reg is t ered t rad emarks o f M icro s o ft Co rp .
Lin u x is a reg is t ered t rad emark o f Lin u s To rv ald s .
UNIX is a reg is t ered t rad emark o f Th e Op en Gro u p .
Unified Services Router
User Manual
Appendix A. Glossary
ARP
Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC address es.
CHAP
Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP.
DDNS
Dynamic DNS. System for updating domain names in real time. Allow s a domain name to be
assigned to a device w ith a dynamic IP address.
DHCP
Dynamic Host Configuration Protocol. Protocol for allocating IP addresses dynamically so that
addresses can be reused w hen hosts no longer need them.
DNS
Domain Name System. Mechanism for translating H.323 IDs, URLs, or e-mail IDs into IP
addresses. Also used to assist in locating remote gatekeepers and to map IP addresses to
hostnames of administrative domains.
FQDN
Fully qualified domain name. Complete domain name, including the host portion. Example:
serverA.companyA.com.
FTP
File Transfer Protocol. Protocol for transferring files between network nodes.
HTTP
Hypertext Transfer Protocol. Protocol used by w eb browsers and web servers to transfer files.
IKE
Internet Key Exchange. Mode for securely exchanging encryption keys in ISAKMP as part of
building a VPN tunnel.
IPsec
IP security. Suite of protocols for securing VPN tunnels by authenticating or encrypting IP
packets in a data stream. IPsec operates in either transport mode (encrypts payload but not
packet headers) or tunnel mode (encrypts both payload and packet headers).
ISAKMP
Internet Key Exchange Security Protocol. Protocol for establishing security associations and
cryptographic keys on the Internet.
ISP
Internet service provider.
MAC Address
Media-access-control address. Unique physical-address identifier attached to a netw ork
adapter.
MTU
Maximum transmission unit. Size, in bytes, of the largest packet that can be passed on. The
MTU for Ethernet is a 1500-byte packet.
NAT
Netw ork Address Translation. Process of rewriting IP addresses as a packet passes through a
router or firew all. NAT enables multiple hosts on a LAN to access the Internet using the single
public IP address of the LAN’s gatew ay router.
NetBIOS
Microsoft Window s protocol for file sharing, printer sharing, messaging, authentication, and
name resolution.
NTP
Netw ork Time Protocol. Protocol for synchronizing a router to a single clock on the netw ork,
know n as the clock master.
PAP
Passw ord Authentication Protocol. Protocol for authenticating users to a remote access server
or ISP.
196
Unified Services Router
User Manual
PPPoE
Point-to-Point Protocol over Ethernet. Protocol for connecting a netw ork of hosts to an ISP
w ithout the ISP having to manage the allocation of IP addresses.
PPTP
Point-to-Point Tunneling Protocol. Protocol for creation of VPNs for the secure transfer of data
from remote clients to private servers over the Internet.
RADIUS
Remote Authentication Dial-In User Service. Protocol for remote user authentication and
accounting. Provides centralized management of usernames and passw ords.
RSA
Rivest-Shamir-Adleman. Public key encryption algorithm.
TCP
Transmission Control Protocol. Protocol for transmitting data over the Internet w ith guaranteed
reliability and in-order delivery.
UDP
User Data Protocol. Protocol for transmitting data over the Internet quickly but w ith no
guarantee of reliability or in-order delivery.
VPN
Virtual private netw ork. Netw ork that enables IP traffic to travel securely over a public TCP/IP
netw ork by encrypting all traffic from one netw ork to another. Uses tunneling to encrypt all
information at the IP level.
WINS
Window s Internet Name Service. Service for name resolution. Allow s clients on different IP
subnets to dynamically resolve addresses, register themselves, and browse the network without
sending broadcasts.
XAUTH
IKE Extended Authentication. Method, based on the IKE protocol, for authenticating not just
devices (which IKE authenticates) but also users. User authentication is performed after device
authentication and before IPsec negotiation.
197
Appendix B. Factory Default Settings
Fe at u re
Device login
Internet
Connection
Local area network
(LAN)
Firew all
De s cription
De f au lt Setting
User login URL
http://192.168.10.1
User name (case sensitive)
admin
Login password (case sensitive)
admin
WAN MAC address
Use default address
WAN MTU size
1500
Port speed
Autosense
IP address
192.168.10.1
IPv4 subnet mask
255.255.255.0
RIP direction
None
RIP version
Disabled
RIP authentication
Disabled
DHCP server
Enabled
DHCP starting IP address
192.168.10.2
DHCP ending IP address
192.168.10.100
Time zone
GMT
Time zone adjusted for Daylight Saving Time
Disabled
SNMP
Disabled
Remote management
Disabled
Inbound communications from the Internet
Disabled (except traffic on port
80, the HTTP port)
Outbound communications to the Internet
Enabled (all)
Source MAC filtering
Disabled
Stealth mode
Enabled
Unified Services Router
User Manual
Appendix C. Standard Services
Available for Port Forwarding
& Firewall Configuration
A NY
ICM P-TYPE-8
RLOGIN
A IM
ICM P-TYPE-9
RTELNET
BGP
ICM P-TYPE-10
RTSP:TCP
BOOTP_ CLIENT
ICM P-TYPE-11
RTSP:UDP
BOOTP_ SERVER
ICM P-TYPE-13
SFTP
CU-SEEM E:UDP
ICQ
SM TP
CU-SEEM E:TCP
IM A P2
SNM P:TCP
DNS:UDP
IM A P3
SNM P:UDP
DNS:TCP
IRC
SNM P-TRA PS:TCP
FINGER
NEW S
SNM P-TRA PS:UDP
FTP
NFS
SQL-NET
HTTP
NNTP
SSH:TCP
HTTPS
PING
SSH:UDP
ICM P-TYPE-3
POP3
STRM W ORKS
ICM P-TYPE-4
PPTP
TA CA CS
ICM P-TYPE-5
RCM D
TELNET
ICM P-TYPE-6
REA L-A UDIO
TFTP
ICM P-TYPE-7
REXEC
VDOLIVE
200
Unified Services Router
User Manual
Appendix D. Log Output Reference
Facility: System (Networking)
Log Message
DBUpdate event: Table: %s opCode:%d
rowId:%d
Severity
Severity
DEBUG
DEBUG
DEBUG
Log Message
BridgeConfig: too few arguments to
command %s
BridgeConfig: too few arguments to
command %s
sqlite3QueryResGet failed.Query:%s
ddnsDisable failed
networkIntable.txt not found
sqlite3QueryResGet failed
Interface is already deleted in bridge
removing %s from bridge %s... %s
adding %s to bridge %s... %s
DEBUG
DEBUG
sqlite3QueryResGet failed.Query:%s
sqlite3QueryResGet failed.Query:%s
ERROR
ERROR
stopping bridge...
stopping bridge...
stopping bridge...
%s:DBUpdate event: Table: %s
opCode:%d rowId:%d
Wan is not up
%s:DBUpdate event: Table: %s
opCode:%d rowId:%d
doDNS:failed
DEBUG
DEBUG
DEBUG
ddnsDisable failed
failed to call ddns enable
ddnsDisable failed
ERROR
ERROR
ERROR
DEBUG
DEBUG
sqlite3QueryResGet failed.Query:%s
Error in executing DB update handler
ERROR
ERROR
DEBUG
DEBUG
sqlite3QueryResGet failed.Query:%s
Illegal invocation of ddnsView (%s)
ERROR
ERROR
doDNS:failed
doDNS:Result = FAILED
doDNS:Result SUCCESS
Write Old Entry: %s %s %s: to %s
DEBUG
DEBUG
DEBUG
DEBUG
sqlite3QueryResGet failed.Query:%s
sqlite3QueryResGet failed.Query:%s
ddns: SQL error: %s
Illegal operation interface got deleted
ERROR
ERROR
ERROR
ERROR
Write New Entry: %s %s #%s : to %s
Write Old Entry: %s %s %s: to %s
DEBUG
DEBUG
sqlite3QueryResGet failed.Query:%s
sqlite3QueryResGet failed.Query:%s
ERROR
ERROR
Write New Entry: %s %s #%s : to %s
ifStaticMgmtDBUpdateHandler: returning
with "
nimfLinkStatusGet: buffer: \
nimfLinkStatusGetErr: returning with
status: %d
nimfAdvOptSetWrap: current Mac
Option: %d
nimfAdvOptSetWrap: current Port Speed
Option: %d
nimfAdvOptSetWrap: current Mtu Option:
%d
nimfAdvOptSetWrap: looks like we are
reconnecting. "
DEBUG
sqlite3QueryResGet failed.Query:%s
ERROR
DEBUG
DEBUG
ddnsDisable failed
ddns: SQL error: %s
ERROR
ERROR
DEBUG
Failed to call ddns enable
ERROR
DEBUG
ddns: SQL error: %s
ERROR
DEBUG
sqlite3QueryResGet failed.Query:%s
ERROR
DEBUG
Failed to call ddns enable
ERROR
DEBUG
ddns: SQL error: %s
ERROR
nimfAdvOptSetWrap: Mtu Size: %d
nimfAdvOptSetWrap: NIMF table is %s
nimfAdvOptSetWrap:WAN_MODE
TRIGGER
nimfAdvOptSetWrap: MTU: %d
DEBUG
DEBUG
ddnsDisable failed
ddns: SQL error: %s
ERROR
ERROR
DEBUG
DEBUG
sqlite3QueryResGet failed.Query:%s
Failed to call ddns enable
ERROR
ERROR
nimfAdvOptSetWrap: MacAddress: %s
nimfAdvOptSetWrap: old Mtu Flag: %d
DEBUG
DEBUG
ddns: SQL error: %s
ddnsDisable failed
ERROR
ERROR
DEBUG
201
ERROR
ERROR
ERROR
ERROR
Unified Services Router
nimfAdvOptSetWrap: user has changed
MTU option
nimfAdvOptSetWrap: MTU: %d
nimfAdvOptSetWrap: old MTU size: %d
nimfAdvOptSetWrap: old Port Speed
Option: %d
nimfAdvOptSetWrap: old Mac Address
Option: %d
nimfAdvOptSetWrap: MacAddress: %s
Setting LED [%d]:[%d] For %s
User Manual
DEBUG
DEBUG
DEBUG
ddns: SQL error: %s
sqlite3QueryResGet failed.Query:%s
sqlite3QueryResGet failed.Query:%s
ERROR
ERROR
ERROR
DEBUG
ddnsDisable failed
ERROR
DEBUG
DEBUG
DEBUG
ddns: SQL error: %s
sqlite3QueryResGet failed.Query:%s
sqlite3QueryResGet failed.Query:%s
ERROR
ERROR
ERROR
l2tpEnable: command string: %s
nimfAdvOptSetWrap: handling reboot
scenario
DEBUG
ddnsDisable failed
ERROR
DEBUG
failed to call ddns enable
ERROR
nimfAdvOptSetWrap: INDICATOR = %d
nimfAdvOptSetWrap: UpdateFlag: %d
nimfAdvOptSetWrap: returning with
status: %s
nimfGetUpdateMacFlag: MacTable Flag
is: %d
DEBUG
DEBUG
ddns: SQL error: %s
ddnsDisable failed
ERROR
ERROR
DEBUG
sqlite3QueryResGet failed.Query:%s
ERROR
DEBUG
ERROR
nimfMacGet: Mac Option changed
DEBUG
nimfMacGet: Update Flag: %d
nimfMacGet: MacAddress: %s
DEBUG
DEBUG
Error in executing DB update handler
Failed to open the resolv.conf file.
Exiting./n
Could not write to the resolv.conf file.
Exiting.
Error opening the lanUptime File
nimfMacGet: MacAddress: %s
nimfMacGet: MacAddress: %s
DEBUG
DEBUG
Error Opening the lanUptime File.
failed to open %s
ERROR
ERROR
nimfMacGet: MacAddress: %s
nimfMacGet: MacAddress: %s
nimfMacGet:Mac option Not changed \
nimfMacGet: MacAddress: %s
DEBUG
DEBUG
DEBUG
DEBUG
failed to open %s
failed to query networkInterface table
failed to query networkInterface table
sqlite3QueryResGet failed.Query:%s
ERROR
ERROR
ERROR
ERROR
nimfMacGet: MacAddress: %s
nimfMacGet: MacAddress: %s
DEBUG
DEBUG
failed to enable IPv6 forwarding
failed to set capabilities on the "
ERROR
ERROR
nimfMacGet: returning with status: %s
Now in enableing LanBridge function
sucessfully executed the command %s
Now in disableing LanBridge function
DEBUG
DEBUG
DEBUG
DEBUG
failed to enable IPv6 forwarding
failed to set capabilities on the "
failed to disable IPv6 forwarding
failed to set capabilities on the "
ERROR
ERROR
ERROR
ERROR
sucessfully executed the command %s
configPortTblHandler:Now we are in
Sqlite Update "
The Old Configuration of ConfiPort
was:%s
The New Configuration of ConfiPort
was:%s
The user has deselected the
configurable port
DEBUG
failed to open %s
ERROR
DEBUG
Could not create ISATAP Tunnel
ERROR
DEBUG
Could not destroy ISATAP Tunnel
ERROR
DEBUG
ERROR
failed query %s
DEBUG
failed query %s
DEBUG
failed query %s
%s:DBUpdate event: Table: %s
opCode:%d rowId:%d
DEBUG
Could not configure ISATAP Tunnel
Could not de-configure ISATAP
Tunnel
nimfStatusUpdate: updating
NimfStatus failed
nimfStatusUpdate: updating
NimfStatus failed
nimfLinkStatusGet: determinig link's
status failed
nimfLinkStatusGet: opening status file
failed
DEBUG
DEBUG
202
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
%s:DBUpdate event: Table: %s
opCode:%d rowId:%d
%s:%d SIP ENABLE: %s
sipTblHandler:failed to update ifStatic
DEBUG
DEBUG
DEBUG
Failed to commit
ifStatusDBUpdate: Failed to begin "
%s: SQL error: %s
ERROR
ERROR
ERROR
sipTblHandler:failed to update Configport
DEBUG
ERROR
%s:%d SIP DISABLE: %s
DEBUG
%s:%d SIP SET CONF: %s
DEBUG
Failed to open %s: %s
Failed to start sipalg
DEBUG
DEBUG
Failed to stop sipalg
DEBUG
Failed to get config info
DEBUG
Network Mask: 0x%x
DEBUG
RTP DSCP Value: 0x%x
DEBUG
Need more arguments
DEBUG
Invalid lanaddr
DEBUG
Invalid lanmask
DEBUG
Invalid option
DEBUG
Failed to set config info
DEBUG
Unknown option
DEBUG
sshdTblHandler
DEBUG
pPort: %s
DEBUG
pProtocol: %s
DEBUG
pListerAddr: %s
DEBUG
pKeyBits: %s
DEBUG
pRootEnable: %s
DEBUG
pRsaEnable: %s
DEBUG
pDsaEnable: %s
DEBUG
pPassEnable: %s
DEBUG
pEmptyPassEnable: %s
DEBUG
pSftpEnable: %s
DEBUG
pScpEnable: %s
DEBUG
pSshdEnable: %s
DEBUG
%s: Failed to commit "
nimfNetIfaceTblHandler: unable to get
LedPinId
nimfNetIfaceTblHandler: unable to get
LedPinId
nimfNetIfaceTblHandler: unable to get
LedPinId
%s: unable to kill dhclient
nimfAdvOptSetWrap: unable to get
current Mac Option
nimfAdvOptSetWrap: unable to get
current Port "
nimfAdvOptSetWrap: unable to get
current MTU Option
nimfAdvOptSetWrap: error getting
Mac Address from "
nimfAdvOptSetWrap: unable to get
the MTU
nimfAdvOptSetWrap: error setting
interface advanced "
nimfAdvOptSetWrap: error getting
MTU size
nimfAdvOptSetWrap: unable to get
Mac Address
nimfAdvOptSetWrap: error setting
interface advanced "
nimfAdvOptSetWrap: failed to get old
connectiontype
nimfAdvOptSetWrap: old connection
type is: %s
nimfAdvOptSetWrap: failed to get old
MTU Option
nimfAdvOptSetWrap: error getting
MTU size
nimfOldFieldValueGet: failed to get
old "
nimfOldFieldValueGet: user has
changed MTU size
nimfAdvOptSetWrap: failed to get old
Port Speed "
nimfAdvOptSetWrap: user has
changed Port Speed
nimfAdvOptSetWrap: failed to get old
Mac Address "
nimfAdvOptSetWrap: user has
changed Mac Address "
nimfAdvOptSetWrap: unable to get
Mac Address
nimfAdvOptSetWrap:Failed to RESET
the flag
nimfAdvOptSetWrap: setting
advanced options failed
nimfAdvOptSetWrap: interface
advanced options applied
203
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
pPrivSep: %s
%s:DBUpdate event: Table: %s
opCode:%d rowId:%d
DEBUG
DEBUG
nimfGetUpdateMacFlag: unable to get
Flag from MacTable
nimfMacGet: Updating MAC address
failed
Re-Starting sshd daemon....
sshd re-started successfully.
DEBUG
DEBUG
sqlite3QueryResGet failed.Query:%s
error executing the command %s
ERROR
ERROR
sshd stopped .
failed query %s
vlan disabled, not applying vlan
configuration..
DEBUG
DEBUG
error executing the command %s
error executing the command %s
disableLan function is failed to disable
ConfigPort"
ERROR
ERROR
failed query %s
failed query %s
DEBUG
DEBUG
ERROR
ERROR
no ports present in this vlanId %d
failed query %s
vlan disabled, not applying vlan
configuration..
disabling vlan
enabling vlan
vlan disabled, not applying vlan
configuration..
DEBUG
DEBUG
sqlite3QueryResGet failed.Query:%s
sqlite3QueryResGet failed.Query:%s
Unable to Disable configurable port
from
configPortTblHandler has failed
ERROR
ERROR
ERROR
no ports present in this vlanId %d
DEBUG
failed query %s
vlan disabled, not applying vlan
configuration..
DEBUG
sqlite3QueryResGet failed.Query:%s
Error in executing DB update handler
sqlite3QueryResGet failed
Failed to execute switchConfig for
port\
Failed to execute switchConfig for
port enable
Failed to execute ifconfig for port
enable
ERROR
removing %s from bridge%s... %s
DEBUG
adding %s to bridge%d... %s
DEBUG
Failed to execute ethtool for\
Failed to execute switchConfig for
port disable
Failed to execute ifconfig for port
disable
restarting bridge...
[switchConfig] Ignoring event on port
number %d
DEBUG
sqlite3QueryResGet failed
ERROR
DEBUG
sqlite3_mprintf failed
ERROR
restarting bridge...
DEBUG
ERROR
executing %s ... %s
DEBUG
removing %s from bridge%s... %s
adding %s to bridge%d... %s
DEBUG
DEBUG
[switchConfig] Ignoring event on %s
restarting bridge...
[switchConfig] Ignoring event on port
number %d
DEBUG
DEBUG
sqlite3QueryResGet failed
Failed to execute switchConfig for
port mirroring
Usage:%s <DB Name> <Entry
Name> <logFile> <subject>
sqlite3QueryResGet failed
Could not get all the required
variables to email the Logs.
runSmtpClient failed
DEBUG
getaddrinfo returned %s
ERROR
[switchConfig] executing %s ... %s
restarting bridge...
UserName: %s
Password: %s
DEBUG
DEBUG
DEBUG
DEBUG
file not found
sqlite3QueryResGet failed.Query:%s
sqlite3QueryResGet failed.Query:%s
sqlite3QueryResGet failed.Query:%s
ERROR
ERROR
ERROR
ERROR
IspName: %s
DEBUG
ERROR
DialNumber: %s
DEBUG
Apn: %s
DEBUG
No memory to allocate
Failed to Open SSHD Configuration
File
Ipaddress should be provided with
accessoption 1
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
204
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
GetDnsFromIsp: %s
IdleTimeOutFlag: %s
IdleTimeOutValue: %d
DEBUG
DEBUG
DEBUG
Subnetaddress should be provided
with accessoption 2
Failed to restart sshd
unable to open the "
ERROR
ERROR
ERROR
AuthMetho: %d
executing %s ... %s
DEBUG
DEBUG
sqlite3QueryResGet failed.Query:%s
Error in executing DB update handler
ERROR
ERROR
removing %s from bridge%d... %s
adding %s to bridge%d... %s
DEBUG
DEBUG
ERROR
ERROR
stopping bridge...
DEBUG
Error in executing DB update handler
unknown vlan state
Failed to execute vlanConfig binary
for vlanId %d
restarting bridge...
Could not configure 6to4 Tunnel
Interface
Could not de-configure 6to4 Tunnel
Interface
DEBUG
sqlite3_mprintf failed
Access port can be present only in
single vlan
Failed to execute vlanConfig binary
for vlanId %d
ERROR
failed to restart 6to4 tunnel interfaces
BridgeConfig: too few arguments to
command %s
BridgeConfig: unsupported command %d
DEBUG
ERROR
BridgeConfig returned error=%d
DEBUG
unknown vlan state
Failed to execute vlanConfig binary
for port number %d
Failed to clear vlan for oldPVID %d
Failed to execute vlanConfig binary
for port number %d
sqlite3QueryResGet failed
Error in executing DB update handler
DEBUG
DEBUG
ERROR
ERROR
sqlite3QueryResGet failed
Failed to remove vlan Interface for vlanId
\
DEBUG
Failed to clear vlan for %d
Failed to set vlan entry for vlan %d
Failed to set vlan entries, while
enabling \
ERROR
sqlite3QueryResGet failed
DEBUG
Invalid oidp passed
Invalid oidp passed
Failed to get oid from the tree
DEBUG
DEBUG
DEBUG
threegEnable: Input to wrapper %s
DEBUG
sqlite3QueryResGet failed
Failed to execute vlanConfig binary
for port number %d
Failed to execute vlanConfig binary
for vlanId %d
Failed to enable vlan
Failed to disable vlan
Failed to set vlanPort table entries,
while \
threegEnable: spawning command %s
threegMgmtHandler: query string: %s
threegMgmtHandler: returning with
status: %s
adding to dhcprealy ifgroup failed
DEBUG
DEBUG
Failed to enable vlan
unknown vlan state
ERROR
ERROR
DEBUG
DEBUG
ERROR
ERROR
adding to ipset fwDhcpRelay failed
Disabling Firewall Rule for DHCP Relay
Protocol
Enabling Firewall Rule for DHCP Relay
Protocol
prerouting Firewall Rule add for Relay
failed
prerouting Firewall Rule add for Relay
failed
DEBUG
Error in executing DB update handler
unknown vlan state
Failed to execute vlanConfig binary
for vlanId %d
sqlite3_mprintf failed
Access port can be present only in
single vlan
Failed to execute vlanConfig binary
for vlanId %d
ERROR
ERROR
%s: SQL get query: %s
DEBUG
unknown vlan state
Failed to execute vlanConfig binary
for port number %d
%s: sqlite3QueryResGet failed
DEBUG
ERROR
%s: no result found
DEBUG
Failed to clear vlan for oldPVID %d
Failed to execute vlanConfig binary
for port number %d
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
205
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
%s: buffer overflow
DEBUG
Failed to clear vlan for %d
ERROR
%s: value of %s in %s table is: %s
DEBUG
ERROR
%s: returning with status: %s
dnsResolverConfigure: addressFamily:
%d
dnsResolverConfigure: LogicalIfName:
%s
chap-secrets File found
PID File for xl2tpd found
DEBUG
pid: %d
options.xl2tpd file found
DEBUG
DEBUG
Failed to set vlan entry for vlan %d
Failed to set vlan entries, while
enabling \
Failed to execute vlanConfig binary
for port number %d
Failed to execute vlanConfig binary
for vlanId %d
Failed to enable vlan
Failed to disable vlan
Failed to set vlanPort table entries,
while \
Failed to enable vlan
options.xl2tpd file not found
DEBUG
ERROR
Conf File for xl2tpd found
DEBUG
xl2tpd.conf not found
DEBUG
unknown vlan state
threegMgmtInit: unable to open the
database file %s
threegConnEnable: failed to get the
WanMode
Chap Secrets file found
DEBUG
ERROR
Chap Secrets file not found
%s:DBUpdate event: Table: %s
opCode:%d rowId:%d
DEBUG
threegEnable:spawning failed
threegDisable: unable to kill ppp
daemon
ERROR
chap-secrets File found
PID File for pptpd found
pid: %d
DEBUG
DEBUG
DEBUG
threegMgmtHandler: Query: %s
threegMgmtHandler: error in
executing database update
Error in executing DB update handler
are we getting invoked twice ??
PID File for pptpd interface found
pid: %d
DEBUG
DEBUG
could not open %s to append
could not write nameserver %s to %s
ERROR
ERROR
options.pptpd file found
options.pptpd file not found
DEBUG
DEBUG
ERROR
ERROR
Conf File for pptpd found
DEBUG
pptpd.conf not found
DEBUG
could not write nameserver %s to %s
could not open %s to truncate
dnsResolverConfigMgmtInit: unable
to open the "
resolverConfigDBUpateHandler:
sqlite3QueryResGet "
Chap Secrets file found
DEBUG
ERROR
Chap Secrets file not found
%s:DBUpdate event: Table: %s
opCode:%d rowId:%d
DEBUG
could not configure DNS resolver
dnsResolverConfigure: could not write
nameserver:%s,"
ERROR
chap-secrets File found
pppoeMgmtTblHandler: MtuFlag: %d
pppoeMgmtTblHandler: Mtu: %d
pppoeMgmtTblHandler:
IdleTimeOutFlag: %d
pppoeMgmtTblHandler:
IdleTimeOutValue: %d
pppoeMgmtTblHandler: UserName: %s
DEBUG
DEBUG
DEBUG
unboundMgmt: unable to open the "
ioctl call Failed-could not update
active user Details
sqlite3QueryResGet failed.Query:%s
Can't kill xl2tpd
DEBUG
xl2tpd restart failed
ERROR
DEBUG
DEBUG
failed to get field value
failed to get field value
ERROR
ERROR
pppoeMgmtTblHandler: Password: %s
pppoeMgmtTblHandler: DNS specified:
%s
DEBUG
sqlite3QueryResGet failed.Query:%s
ERROR
DEBUG
sqlite3QueryResGet failed.Query:%s
ERROR
pppoeMgmtTblHandler: Service: %s
pppoeMgmtTblHandler: StaticIp: %s
DEBUG
DEBUG
unboundMgmt: unable to open the "
writing options.xl2tpd failed
ERROR
ERROR
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
206
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
pppoeMgmtTblHandler: NetMask: %s
DEBUG
xl2tpdStop failed
ERROR
pppoeMgmtTblHandler: AuthOpt: %d
pppoeMgmtTblHandler: Satus: %d
pppoeEnable: ppp dial string: %s
pppoeMgmtDBUpdateHandler: returning
with status: %s
DEBUG
DEBUG
DEBUG
writing xl2tpd.conf failed
writing options.xl2tpd failed
xl2tpdStop failed
ERROR
ERROR
ERROR
DEBUG
xl2tpdStart failed
ERROR
pptpMgmtTblHandler: MtuFlag: %d
DEBUG
ERROR
pptpMgmtTblHandler: Mtu: %d
pptpMgmtTblHandler: IdleTimeOutFlag:
%d
pptpMgmtTblHandler: IdleTimeOutValue:
%d
pptpMgmtTblHandler: GetDnsFromIsp:
%d
DEBUG
sqlite3QueryResGet failed.Query:%s
writing Chap-secrets/Pap-Secrets
failed
DEBUG
xl2tpdStop failed
ERROR
DEBUG
xl2tpdStart failed
ERROR
DEBUG
ERROR
pptpMgmtTblHandler: UserName: %s
pptpMgmtTblHandler: Password: %s
pptpMgmtTblHandler: dynamic MyIp
configured
DEBUG
DEBUG
sqlite3QueryResGet failed.Query:%s
writing Chap-secrets/Pap-Secrets
failed
xl2tpdStop failed
DEBUG
xl2tpdStart failed
ERROR
pptpMgmtTblHandler: MyIp: %s
DEBUG
ERROR
pptpMgmtTblHandler: ServerIp: %s
pptpMgmtTblHandler: StaticIp: %s
DEBUG
DEBUG
sqlite3QueryResGet failed.Query:%s
writing Chap-secrets/Pap-Secrets
failed
Error in executing DB update handler
pptpMgmtTblHandler: NetMask: %s
pptpMgmtTblHandler:
MppeEncryptSupport: %s
DEBUG
unboundMgmt: unable to open the "
ERROR
DEBUG
Can't kill pptpd
ERROR
pptpMgmtTblHandler: SplitTunnel: %s
pptpEnable: ppp dial string: %s
DEBUG
DEBUG
pptpd restart failed
Can't kill pptpd
ERROR
ERROR
pptpEnable: spawning command %s
PID File for dhcpc found
pid: %d
pptpMgmtDBUpdateHandler: query
string: %s
pptpMgmtDBUpdateHandler: returning
with status: %s
dhcpcReleaseLease: dhcpc release
command: %s
DEBUG
DEBUG
DEBUG
failed to get field value
failed to get field value
unboundMgmt: unable to open the "
ERROR
ERROR
ERROR
DEBUG
writing options.pptpd failed
ERROR
DEBUG
pptpdStop failed
ERROR
DEBUG
writing pptpd.conf failed
ERROR
dhcpcMgmtTblHandler: MtuFlag: %d
dhcpcMgmtTblHandler: Mtu: %d
DEBUG
DEBUG
writing options.pptpd failed
pptpdStop failed
ERROR
ERROR
DHCPv6 Server started successfully.
DEBUG
ERROR
DHCPv6 Server stopped successfully
DHCPv6 Client started successfully.
DEBUG
DEBUG
DHCPv6 Client stopped successfully.
DEBUG
DHCPv6 Client Restart successful
DEBUG
l2tpMgmtTblHandler: MtuFlag: %d
DEBUG
l2tpMgmtTblHandler: Mtu: %d
DEBUG
l2tpMgmtTblHandler: IspName: %s
DEBUG
pptpdStart failed
writing Chap-secrets/Pap-Secrets
failed
Error in executing DB update handler
pppStatsUpdate: unable to get default
MTU
pppoeMgmtInit: unable to open the
database file %s
pppoeDisable: unable to kill ppp
daemon
pppoeMultipleEnableDisable: pppoe
enable failed
pppoeMultipleEnableDisable: pppoe
disable failed
207
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
l2tpMgmtTblHandler: UserName: %s
DEBUG
l2tpMgmtTblHandler: Password: %s
DEBUG
l2tpMgmtTblHandler: AccountName: %s
DEBUG
l2tpMgmtTblHandler: DomainName: %s
l2tpMgmtTblHandler: Secret: not
specified
DEBUG
l2tpMgmtTblHandler: Secret: %s
l2tpMgmtTblHandler: dynamic MyIp
configured
DEBUG
l2tpMgmtTblHandler: MyIp: %s
l2tpMgmtTblHandler: ServerIp: %s
l2tpMgmtTblHandler: StaticIp: %s
DEBUG
DEBUG
DEBUG
l2tpMgmtTblHandler: NetMask: %s
DEBUG
l2tpMgmtTblHandler: SplitTunnel: %s
needToStartHealthMonitor: returning with
status: %s
DEBUG
l2tpEnable: command string: %s
DEBUG
l2tpEnable: command: %s
DEBUG
l2tpEnable: command string: %s
DEBUG
PID File for dhcpc found
DEBUG
pid: %d
l2tpMgmtDBUpdateHandler: query string:
%s
l2tpMgmtDBUpdateHandler: returning
with status: %s
DEBUG
RADVD started successfully
RADVD stopped successfully
DEBUG
DEBUG
empty update. nRows=%d nCols=%d
WARN
Wan is not up or in load balencing mode
threegMgmtHandler: no row found.
nRows = %d nCols = %d
pppoeMgmtDBUpdateHandler: empty
update.
dhcpcEnable: dhclient already running
on: %s
WARN
dhcpcDisable: deleted dhclient.leases
l2tpMgmtInit: unable to open the
database file %s
l2tpEnable: unable to resolve address:
%s
WARN
l2tpEnable: inet_aton failed
ERROR
pppoeMgmtTblHandler: unable to get
current Mtu Option
pppoeMgmtTblHandler: unable to get
the Mtu
pppoeMgmtTblHandler: pppoe enable
failed
pppoeMgmtDBUpdateHandler: failed
query: %s
pppoeMgmtDBUpdateHandler: error
in executing "
pptpMgmtInit: unable to open the
database file %s
pptpEnable: error executing
command: %s
pptpEnable: unable to resolve
address: %s
pptpEnable: inet_aton failed
pptpEnable: inet_aton failed
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
WARN
WARN
WARN
ERROR
ERROR
208
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
pptpEnable:spawning failed
pptpDisable: unable to kill ppp
daemon
pptpMgmtTblHandler: unable to get
current MTU Option
pptpMgmtTblHandler: unable to get
the Mtu
pptpMgmtTblHandler:
dbRecordValueGet failed for %s "
pptpMgmtTblHandler: pptp enable
failed
pptpMgmtTblHandler: pptp disable
failed
pptpMgmtDBUpdateHandler:
sqlite3QueryResGet "
pptpMgmtDBUpdateHandler: error in
executing "
ERROR
Illegal invocation of dhcpConfig (%s)
dhcpLibInit: unable to open the
database file %s
sqlite3QueryResGet failed.Query:%s
dhcpcMgmtInit: unable to open the
database file %s
dhcpcReleaseLease: unable to
release lease
ERROR
dhcpcEnable: unable to kill dhclient
dhcpcEnable: enabling dhcpc failed
on: %s
ERROR
dhcpcDisable: unable to kill dhclient
dhcpcDisable: delete failed for
dhclient.leases
ERROR
dhcpcDisable: failed to reset the ip
dhcpcMgmtTblHandler: unable to get
current Mtu Option
dhcpcMgmtTblHandler: unable to get
the Mtu
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
ERROR
dhcpcMgmtTblHandler: dhclient
enable failed
dhcpcMgmtTblHandler: dhcpc release
failed
dhcpcMgmtTblHandler: dhcpc disable
failed
dhcpcMgmtDBUpdateHandler: failed
query: %s
dhcpcMgmtDBUpdateHandler: error
in executing "
ERROR
DHCPv6 Client start failed.
ERROR
ERROR
DHCPv6 Client stop failed.
ERROR
ERROR
failed to create/open DHCPv6 client "
failed to write DHCPv6 client
configuration file
ERROR
failed to restart DHCPv6 Client
failed to create/open DHCPv6 Server
"
ERROR
ERROR
ERROR
ERROR
Restoring old configuration..
DHCPv6 Server configuration update
failed
DHCPv6 Server Restart failed
ERROR
sqlite3QueryResGet failed.Query:%s
ERROR
Log Message
%d command not supported by eapAuth
pCtx NULL.
Current cert subject name= %s
X509_STORE_CTX_get_ex_data failed.
Severity
DEBUG
DEBUG
DEBUG
DEBUG
Log Message
PEAP key derive: ERROR
PEAP context is NULL: ERROR
Constructing P2 response: ERROR
innerEapRecv is NULL: ERROR
Severity
ERROR
ERROR
ERROR
ERROR
Cannot get cipher, no session est.
%s:
SSL_ERROR_WANT_X509_LOOKUP
DEBUG
Decrypting TLS data: ERROR
ERROR
DEBUG
ERROR
err code = (%d) in %s
DEBUG
Wrong identity size: ERROR
Wrong size for extensions packet:
ERROR
BIO_write: Error
Decrypting: BIO reset failed
Encrypting BIO reset: ERROR
BIO_read: Error
EAP state machine changed from %s to
%s.
EAP state machine changed from %s to
%s.
DEBUG
DEBUG
DEBUG
DEBUG
ERROR
ERROR
ERROR
ERROR
Received EAP Packet with code %d
DEBUG
Response ID %d
Response Method %d
DEBUG
DEBUG
innerEapRecv is NULL: ERROR.
Inner EAP processing: ERROR
TLS handshake: ERROR.
Sending P1 response: ERROR
Unexpected tlsGlueContinue return
value.
No more fragments in message.
ERROR
No phase 2 data or phase 2 data
buffer NULL: ERROR
Allocating memory for PEAP Phase 2
payload: ERROR
TLS encrypting response: ERROR
The Enable Command is %s
l2tpEnable:Executing the Command
failed
ERROR
l2tpDisable: command string: %s
ERROR
l2tpDisable: unable to stop l2tp session
l2tpMgmtTblHandler: unable to get
current MTU option
l2tpMgmtTblHandler: unable to get the
Mtu
l2tpMgmtTblHandler: dbRecordValueGet
failed for %s "
ERROR
l2tpMgmtTblHandler: l2tpEnable failed
l2tpMgmtTblHandler: disabling l2tp failed
l2tpMgmtDBUpdateHandler:
sqlite3QueryResGet "
l2tpMgmtDBUpdateHandler: error in
executing
ERROR
Illegal invocation of tcpdumpConfig (%s)
ERROR
Failed to start tcpdump
Failed to stop tcpdump
Invalid tcpdumpEnable value
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Facility: System (VPN)
DEBUG
DEBUG
209
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
Created EAP/PEAP context: OK
DEBUG
Deleted EAP/PEAP context: OK
Upper EAP sent us: decision = %d
method state = %d
DEBUG
Setting message in fragment buffer:
ERROR
Allocating TLS read buffer is NULL:
ERROR
DEBUG
Setting last fragment: ERROR
ERROR
P2 decision=(%d); methodState=(%d)
Writing message to BIO: ERROR.
Encrypted (%d) bytes for P2
P2: sending fragment.
DEBUG
DEBUG
DEBUG
DEBUG
Getting message: ERROR
Processing PEAP message: ERROR
Setting fragment: ERROR
Creating receive buffer: ERROR
ERROR
ERROR
ERROR
ERROR
P2: message size = %d
P2: sending unfragmented message.
DEBUG
DEBUG
ERROR
ERROR
P1: Sending fragment.
DEBUG
P1: Total TLS message size = (%d)
P1: sending unfragmented message.
peapFragFirstProcess: TLS record size
to receive = (%d)
Setting version %d
PEAP pkt rcvd: data len=(%d) flags=(%d)
version=(%d)
Got PEAP/Start packet.
DEBUG
DEBUG
Setting first fragment: ERROR
Sending P1 response: ERROR
NULL request (or response) PDU or
NULL context: ERROR
Expecting start packet, got something
else: ERROR
Protocol version mismatch: ERROR
Processing PEAP message (from
frag): ERROR
Processing PEAP message: ERROR
ERROR
ERROR
Got first fragment
DEBUG
Got fragment (n)
DEBUG
Processing PEAP message: ERROR
Indicated length not valid: ERROR
Did not get Acknowledged result:
ERROR
Cannot understand AVP value:
ERROR
Got last fragment
DEBUG
ERROR
Got unfragmented message
DEBUG
Got frag ack.
Ext AVP parsed: flags=(0x%x)
Mandatory bit not set: WARNING
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Got PEAPv0 success!
DEBUG
Got PEAPv0 failure!
DEBUG
pCtx NULL.
DEBUG
Authenticator response check: Error
DEBUG
eapExtResp is NULL: ERROR
eapWscCtxCreate:
EAPAUTH_MALLOC failed.
eapWscProcess: umiIoctl req to WSC
failed, status = %d
eapWscCheck: Invalid frame
eapWscBuildReq: Invalid state %d
eapWscProcessWscResp: Invalid data
recd pData = %p, dataLen"
Data received for invalid context,
dropping it
eapWscProcessWscResp: Build
Request failed
eapWscProcessWscResp: Invalid
state %d
eapWscProcessWscResp: Message
processing failed 0x%X
eapWscProcessWscData: Invalid
notification recd %d
Authenticator response check: Failed
MS-CHAP2 Response AVP size = %u
DEBUG
DEBUG
unable to initialize MD5
MDString: adpDigestInit for md5 failed
ERROR
ERROR
Created EAP/MS-CHAP2 context: OK.
pCtx NULL.
Deleted EAP/MS-CHAPv2 context: OK
DEBUG
DEBUG
DEBUG
EAPAUTH_MALLOC failed.
EAPAUTH_MALLOC failed.
NULL context created: Error
ERROR
ERROR
ERROR
Not authenticated yet.
DEBUG
NULL context received: Error
ERROR
Authenticator response invalid
EAP-MS-CHAPv2 password changed.
DEBUG
DEBUG
Authenticator ident invalid.
Success request message invalid:
ERROR
ERROR
Ext AVP parsed: type=(%d)
DEBUG
Ext AVP parsed: value=(%d)
DEBUG
210
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
Error
rcvd. opCode %d.
pCtx NULL.
TLS message len changed in the
fragment, ignoring.
no data to send while fragment ack
received.
TLS handshake successful.
Created EAP/TTLS context: OK
Deleted EAP/TTLS context: OK
DEBUG
DEBUG
Plugin context is NULL
Deriving implicit challenge: Error
ERROR
ERROR
DEBUG
Generating NT response: Error
ERROR
DEBUG
DEBUG
DEBUG
DEBUG
NULL in/out buffer: Error
Incorrect vendor id.
Allocating memory for outBuff: ERROR
AVP code not recognized
ERROR
ERROR
ERROR
ERROR
No more fragments in message. ERROR
Upper EAP sent us: method state = %d;
decision = %d
P2: sending fragment.
DEBUG
EAPAUTH_MALLOC failed.
ERROR
DEBUG
DEBUG
ERROR
ERROR
P2 send unfragmented message.
P1: sending fragment.
DEBUG
DEBUG
P1: sending unfragmented message.
DEBUG
\tTLSMsgLen = 0x%x
Send req ptr = 0x%x; Send resp ptr =
0x%x
P2 decision=(%d); methodState=(%d)
Default EAP: method state = %d;
decision = %d
DEBUG
Converting password to unicode: Error
Generating password hash: Error.
Generating password hash hash:
Error.
Generating master key: Error.
Generating first 16 bytes of session
key: Error.n
Generating second 16 bytes of session
key: Error.n
DEBUG
DEBUG
Converting password to unicode: Error
Constructing failure response: ERROR
ERROR
ERROR
DEBUG
Error checking authenticator response.
ERROR
TTLS pkt: data len=(%d) flags=(0x%x)
DEBUG
ERROR
Got start
DEBUG
Error generating NT response.
Username string more than 256 ASCII
characters: ERROR
Got first fragment (n).
DEBUG
ERROR
Got fragment (n).
Got last fragment
DEBUG
DEBUG
Invalid Value-Size.
Invalid MS-Length. Got (%d), expected
(%d)
Error constructing response.
Got unfragmented message.
DEBUG
ERROR
Got frag ack.
Rcvd. AVP Code-%u: flags-0x%x: len%u: vendorId-%u: "
MOD EAP: method state from upper =
%d; decision = %d
Got AVP len = %ul. Should be less than
16777215
AVP length extract: Error
pFB is NULL
Requesting message before assembly
complete
DEBUG
Got type (%d), expecting (%d)
Cannot handle message; opCode =
%d
DEBUG
EAPAUTH_MALLOC failed.
ERROR
DEBUG
tlsGlueCtxCreate failed.
client certificate must be set in the
profile.
received tls message length too big.
total frags len > initial total tls length.
ERROR
ERROR
pFB is NULL
pFB is NULL
DEBUG
DEBUG
Buffer cannot hold message: ERROR
DEBUG
total frags len > initial total tls length.
total data rcvd(%d) doesnt match the
initial "
couldnt write %d data to TLS buffer.
invalid flags %s passed to
eapTlsBuildResp.
pFB is NULL: Error
DEBUG
EAPAUTH_MALLOC failed.
ERROR
pFB is NULL
TLS_FB* is NULL.
DEBUG
DEBUG
tlsGlueCtxCreate failed.
Context NULL: ERROR
ERROR
ERROR
DEBUG
DEBUG
DEBUG
DEBUG
211
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
pFB->msgBuff is NULL.
DEBUG
Setting profile to glue layer: ERROR.
ERROR
Error calculating binary.
DEBUG
ERROR
Error calculating binary.
DEBUG
adpDigestInit for SHA1 failed.
DEBUG
_eapCtxCreate failed.
%d authentication not enabled in the
system.
Initializing inner non-EAP auth plugin:
ERROR
adpDigestInit for SHA1 failed.
DEBUG
ERROR
E = %d
DEBUG
R = %d
Could not initialize des -ecb
DEBUG
DEBUG
adpDigestInit for MD4 failed.
DEBUG
adpDigestInit for SHA1 failed.
adpDigestInit for SHA1 failed.
Error converting received auth reponse to
bin.
Gnerating challenge hash: Error
DEBUG
DEBUG
TTLS key derive: ERROR
TTLS context from EAP plugin is
NULL: ERROR
Allocating memory for TTLS Phase 2
payload: ERROR
TLS Encrypting response: ERROR
Allocating TLS read buffer is NULL:
ERROR
Inner authentication (id: %d)
unhandled
innerEapRecv is NULL: ERROR.
DEBUG
DEBUG
Decrypting TLS data: ERROR
Processing Phase 2 method: Error
ERROR
ERROR
Generating password hash: Error
Generating challenge response: Error
DEBUG
DEBUG
ERROR
ERROR
Conn cipher name=%s ver=%s: %s
Send req ptr = 0x%x; Send resp ptr =
0x%x
Request ptr = 0x%x;
DEBUG
DEBUG
DEBUG
Writing message to BIO: ERROR.
TLS handshake: ERROR.
Unexpected tlsGlueContinue return
value.
NULL request (or response) PDU or
NULL context
Protocol version mismatch: ERROR
Response ptr = 0x%x
Rcvd. AVP Code - %ul
DEBUG
DEBUG
Creating receive buffer: ERROR
Setting first fragment: ERROR
ERROR
ERROR
Rcvd. AVP flags - 0x%02x
Rcvd. AVP len - %ul
Rcvd. AVP vendor id - %ul
\tCode = %d
DEBUG
DEBUG
DEBUG
DEBUG
Setting fragment: ERROR
Setting last fragment: ERROR
Getting message: ERROR
Processing TTLS message: ERROR
ERROR
ERROR
ERROR
ERROR
\tIdent = %d
\tLen = %d
DEBUG
DEBUG
Processing TTLS message: ERROR
Processing TTLS message: ERROR
ERROR
ERROR
\tType = %d
DEBUG
Decapsulating AVP: ERROR
ERROR
\tOpCode = %d
\tMSID = %d
DEBUG
DEBUG
Processing EAP receive: Error
AVP code not EAP: Error
ERROR
ERROR
\tmsLen = %d
\tvalSize = %d
Frag Buffer bytes left = (%d)
Stripped username=(%s)
DEBUG
DEBUG
DEBUG
DEBUG
Encapsulating AVP: ERROR
profile %s doesnt exist.
profile %s is in use.
profile %s already exists.
ERROR
ERROR
ERROR
ERROR
digestLen = %d.
ClearText =
DEBUG
DEBUG
ERROR
ERROR
CipherText =
DEBUG
digestLen = %d.
DEBUG
digestLen1 = %d.
DEBUG
digestLen2 = %d.
DEBUG
EAPAUTH_MALLOC failed
User not found.
EAP-MD5 not enabled in system
configuration.
EAP-MSCHAPV2 not enabled in
system configuration.
EAP-TLS not enabled in system
configuration.
EAP-TTLS not enabled in system
configuration.
212
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
password change is not allowed for this
user
DEBUG
completed writing the policy
DEBUG
completed writing the SA
DEBUG
completed writing the proposal block
DEBUG
cmdBuf: %s
X509_DEBUG : Invalid Certificate for the
generated"
DEBUG
X590_ERROR : Failed to create File '%s'
DEBUG
x509TblHandler
DEBUG
pCertType: %s
DEBUG
pRowQueryStr: %s
DEBUG
x509SelfCertTblHandler
pRowQueryStr: %s
%s:DBUpdate event: Table: %s
opCode:%d rowId:%d
DEBUG
DEBUG
umiRegister failed
eapAuthHandler: Invalid data received
EAP-PEAP not enabled in system
configuration.
EAP-WSC not enabled in system
configuration.
PAP not enabled in system
configuration.
CHAP not enabled in system
configuration.
MSCHAP not enabled in system
configuration.
MSCHAPV2 not enabled in system
configuration.
PAP/Token not enabled in system
configuration.
EAP-MD5 not enabled in system
configuration.
EAP-MSCHAPV2 not enabled in
system config.
EAP-TLS not enabled in system
configuration.
EAP-TTLS and EAP-PEAP are not
valid as inner"
invalid innerAuth %d.
DEBUG
DEBUG
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
profile %s doesnt exist.
Re-assembling fragments incorrect
size
Error creating cipher context.
EAPAUTH_MALLOC failed.
malloc failed.
BIO_new_mem_buf failed.
malloc failed.
ERROR
ERROR
ERROR
ERROR
Error initializing cipher context.
Error creating digest context.
Error initializing digest context.
Error initializing DES in Klite
ERROR
ERROR
ERROR
ERROR
BIO_new_mem_buf failed.
SSL_CTX_new (TLSv1_client_method)
failed.
unable to set user configured CIPHER
list %s
ERROR
Error initializing MD4 in Klite
ERROR
ERROR
Error initializing RC4 in Klite
ERROR
ERROR
Error initializing SHA in Klite
ERROR
Certificate verification failed.
Server name match failed. Got (%s)
expected "
SSL_CTX_use_certificate_file (cert,
PEM) failed.
ERROR
Error cleaning cipher context.
ERROR
ERROR
Error destroying cipher context.
ERROR
ERROR
Error cleaning digest context.
ERROR
SSL_CTX_use_PrivateKey_file failed.
private key does not match public key
SSL_CTX_load_verify_locations failed
SSL_new failed.
Both SSL_VERIFY_PEER and
SSL_VERIFY_NONE set: Error
ERROR
ERROR
ERROR
ERROR
Error destroying digest context.
Error stripping domain name.
Error cleaning digest context.
Error cleaning digest context.
Challenge not present in failure
packet.
ERROR
ERROR
ERROR
ERROR
EAPAUTH_MALLOC failed.
ERROR
ERROR
EAPAUTH_MALLOC failed.
eapTimerCreate failed.
ERROR
ERROR
Wrong challenge length.
Incorrect password change version
value.
Error generating password hash.
eapCtxDelete:pCtx == NULL
eapRole != EAP_ROLE_PEER or
EAP_ROLE_AUTHENTICATOR
ERROR
Error generating password hash.
Error encrypting password hash with
block
ERROR
ERROR
ERROR
213
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
pEapCtx == NULL or pPDU == NULL.
received EAP pdu bigger than
EAP_MTU_SIZE.
received EAP pdu bigger than
EAP_MTU_SIZE.
state machine is in invalid state.
ERROR
Could not initialize des -ecb
ERROR
ERROR
Error cleaning cipher context.
ERROR
ERROR
ERROR
Error cleaning cipher context.
Error cleaning digest context.
ERROR
ERROR
unable to create method context.
method ctxCreate failed.
method profile set failed.
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
state machine is in invalid state.
Only StandAlone authenticator supported
currently.
ERROR
Error cleaning digest context.
adpDigestInit for SHA1 failed.
X509_ERROR : .Query:%s
X509_ERROR : Invalid Certificate for
the "
ERROR
invalid x509 certificate
ERROR
state machine is in invalid state.
BuildReq operation failed
No method ops defined for current
method
Process operation failed
state machine is in invalid state.
ERROR
ERROR
Couldn't get the x509 cert hash
Memory allocation failed
ERROR
ERROR
ERROR
ERROR
ERROR
FileName too lengthy
Couldn't execute command
Memory allocation failed
ERROR
ERROR
ERROR
Packet length mismatch %d, %d
eapAuthTypeToType: Invalid
eapAuthType %d
eapTypeToAuthType: Invalid eapType
%d
ERROR
Memory allocation failed
ERROR
ERROR
invalid certificate data
ERROR
ERROR
.Query:%s
ERROR
unable to create method context.
method ctxCreate failed.
Invalid condition, methodState = %d,
respMethod = %d
A EAP Ctx map already exists
eapTimerCreate: Currently unsupported
for Peer role
eapTimerStart: Currently unsupported for
Peer role
eapTimerDestroy: Currently unsupported
for Peer role
eapTimerCancel: Currently unsupported
for Peer role
eapTimerHandler: Currently unsupported
for Peer role
pCtx is NULL: ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
.Query:%s
Memory allocation failed
X509_ERROR : Failed to validate the
certficate "
Memory allocation failed
ERROR
.Query:%s
ERROR
ERROR
Invalid Sign Key Length : %d
ERROR
ERROR
Invalid Hash Alg : %d
ERROR
ERROR
Invalid Sign Alg : %d
ERROR
ERROR
ERROR
No Memory Available
Certificate Request Failed
ERROR
ERROR
tlsGlueCtxCreate failed
eapVars is NULL
Context NULL: ERROR
Initializing inner EAP auth: ERROR
ERROR
ERROR
ERROR
ERROR
File Open Failed
File is Empty
Memory Allocation Failed
File Open Failed
ERROR
ERROR
ERROR
ERROR
pCtx is NULL: ERROR
Memory Allocation Failed
ERROR
ERROR
File is Empty
Error in executing DB update handler
ERROR
ERROR
Severity
DEBUG
Log Message
unable to register to UMI
Severity
ERROR
ERROR
ERROR
ERROR
Facility: System (Admin)
Log Message
Usage:%s <DBFile>
214
Unified Services Router
User Manual
Could not open database: %s
DEBUG
sqlite3QueryResGet failed
ERROR
CPU LOG File not found
DEBUG
ERROR
MEM LOG File not found
cpuMemUsageDBUpdateHandler:
update query: %s
DEBUG
Printing the whole list after inserting
%s at %d(minute) %d(hour)
%d(dayOfMonth) %d(month)"
DEBUG
adpCmdExec exited with return code=%d
DEBUG
%s op=%d row=%d
DEBUG
sqlite3_mprintf failed
DEBUG
sqlite3QueryResGet failed: query=%s
DEBUG
radSendtoServer: socket: %s
radSendtoServer: bind() Failed: %s:
%s
radRecvfromServer: recvfrom() Failed:
%s
radRecvfromServer: Packet too small
from %s:%d: %s
radCheckMsgAuth: Invalid MessageAuthenticator length in"
radDictLoad: couldn't open dictionary
%s: %s
radBuildAndSendReq: Invalid Request
Code %d
radPairAssign: bad attribute value
length
radPairAssign: unknown attribute type
%d
Printing the whole list after delete
%s at %d(minute) %d(hour)
%d(dayOfMonth) %d(month)"
DEBUG
ERROR
Printing the whole list after inserting
%s at %d(minute) %d(hour)
%d(dayOfMonth) %d(month)"
DEBUG
email logs: No logging events enabled
DEBUG
%s
Mail sent and the Database is reset.
DEBUG
DEBUG
Disabled syslog server
DEBUG
Event logs are full, sending logs to email
DEBUG
Email logs sending failed
DEBUG
Packing attribute: %s
DEBUG
Server found: %s, secret: %s
Packed Auth. Reqest: code:%d, id:%d,
len:%d
DEBUG
Sending Packet to %x:%d ....
DEBUG
Receiving Reply Packet....
DEBUG
Verified Reply Packet Integrity
DEBUG
Generated Reply Attribute-Value pairs
DEBUG
Verified Message-Authenticator
Unloaded RADIUS Dictionary
DEBUG
DEBUG
Adding Dictionary Attribute %s
DEBUG
radPairNew: unknown attribute %d
radPairGen: Attribute(%d) has invalid
length
radPairValue: unknown attribute type
%d
radPairValueLen: unknown attribute
type %d
radPairLocate: Attribute(%d) has
invalid length
radPairUnpackDefault: UnknownAttribute[%d]:
radConfigure: can't open %s: %s
radConfigure: %s: line %d: bogus
format: %s
radConfAssert: No AuthServer
Specified
radConfAssert: No Default Timeout
Specified
radConfAssert: No Default Retry
Count Specified
radExtractMppeKey: Invalid MSMPPE-Key Length
radVendorMessage: Invalid Length in
Vendor Message
radVendorMessage: Unknown Vendor
ID received:%d
radVendorAttrGet: Invalid Length in
Vendor Message
radVendorAttrGet: Unknown Vendor
ID:%d
radVendorMessagePack: Unknown
Vendor ID:%d
radGetIPByName: couldn't resolve
hostname: %s
radGetHostIP: couldn't get hostname
radGetHostIP: couldn't get host IP
address
Adding Dictionary Value %s
Loaded Dictionary %s
DEBUG
DEBUG
radius dictionary loading failed
Failed to set default timeout value
ERROR
ERROR
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
215
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
Adding Dictionary Attribute '%s'
DEBUG
ERROR
DEBUG
DEBUG
Failed to set default retries value
ERROR: incomplete DB update
information.
old values result does not contain 2
rows
sqlite3QueryResGet failed
Adding Dictionary Value %s
DEBUG
Receiving attribute: %s
Processing attribute: %s
Processing attribute: %s
Processing attribute: %s
Processing attribute: %s
radConfGet: "
DEBUG
DEBUG
DEBUG
DEBUG
empty update. nRows=%d nCols=%d
Error in executing DB update handler
sqlite3QueryResGet failed
Invalid SQLITE operation code - %d
ERROR
ERROR
ERROR
ERROR
Added Server %s:%d with "
Added Server %s:%d with "
DEBUG
DEBUG
sqlite3QueryResGet failed
empty result. nRows=%d nCols=%d
ERROR
ERROR
Default Timeout Set to %d
Default Retry Count Set to %d
%s - %s : %d
Deleting Server %s:%d with "
DEBUG
DEBUG
DEBUG
DEBUG
sqlite3QueryResGet failed
empty result. nRows=%d nCols=%d
RADIUS Accounting Exchange Failed
Unable to set debug for radAcct.
ERROR
ERROR
ERROR
ERROR
Adding RowId:%d to Server %s:%d with "
rowIds: %d - %d
DEBUG
DEBUG
Unable to set debug level for radAcct.
ERROR: option value not specified
ERROR
ERROR
Deleting Server %s:%d with "
RADIUS Deconfigured
DEBUG
DEBUG
ERROR
ERROR
Found Option %s on line %d of file %s
DEBUG
Setting Option %s with value %s
DEBUG
RADIUS Configured
DEBUG
%d : Server %s:%d with "
DBUpdate event: Table: %s opCode:%d
rowId:%d
DEBUG
DEBUG
ERROR: option value not specified
Unable to initialize radius
radEapMsgQueueAdd: Invalid EAP
packet length(%d)
radEapRecvTask: invalid EAP
code:%d
radEapRecvTask: Packet length
mismatch %d, %d
No attributes received in AccessChallenge message
No State Attribute in Access Challenge message
Host IP address: %s
Adding Packet for existing cookie:%p
DEBUG
DEBUG
radEapRecvTask: "
failed to initialize UMI
ERROR
ERROR
Adding Packet and cookie:%p
Releasing Packet and cookie:%p
Releasing Packet with cookie:%p
DEBUG
DEBUG
DEBUG
ERROR
ERROR
ERROR
Received EAP-Identity from Pnac: %s
Filling User-Name: %s
DEBUG
DEBUG
umiRegister failed. errno=%d
Invalid arguments to ioctl handler
radEapSendRtn: Invalid Arguments
radEapSendRtn: failed to allocate
buffer
umiIoctl failed
Filling State:
Filling EAP-Message:
Filling Service-Type: %d
Filling Framed-MTU: %d
DEBUG
DEBUG
DEBUG
DEBUG
failed to initialize EAP message queue
Unable to set debug for radEap.
Unable to set debug level for radEap.
ERROR: option value not specified
ERROR
ERROR
ERROR
ERROR
Received Access -Challenge from Server
Sending Reply EAP Packet to Pnac
DEBUG
DEBUG
ERROR: option value not specified
could not initialize MGMT framework
ERROR
ERROR
Error sending packet to Pnac
RADIUS Authentication Failed; "
RADIUS Authentication Successful; "
Got Packet with cookie:%p
DEBUG
DEBUG
DEBUG
DEBUG
Unable to initialize radius
Unable to set debug for radEap.
Unable to set debug level for radEap.
ERROR: option value not specified
ERROR
ERROR
ERROR
ERROR
Next DNS Retry after 1 min
Next Synchronization after"
DEBUG
DEBUG
Unable to initialize radius
Invalid username or password
ERROR
ERROR
216
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
Next Synchronization after"
DEBUG
Unable to set debug for radAuth.
ERROR
Next Synchronization after %d \
Primary is not available, "
Secondary is not available, "
DEBUG
DEBUG
DEBUG
ERROR
ERROR
ERROR
Invalid value for use default servers, "
DEBUG
Unable to set debug level for radAuth.
ERROR: option value not specified
Unable to initialize radius
Invalid username, challenge or
response
No server is configured, "
Backing off for %d seconds
Requesting time from %s
Synchronized time with %s
DEBUG
DEBUG
DEBUG
DEBUG
Unable to set debug for radAuth.
Unable to set debug level for radAuth.
ERROR: option value not specified
Unable to initialize radius
ERROR
ERROR
ERROR
ERROR
Received KOD packet from %s
No suitable server found %s
DEBUG
DEBUG
Invalid username or password
usage : %s <DB fileName>
ERROR
ERROR
Received Invalid Length packet from %s
Received Invalid Version packet from %s
Received Invalid Mode packet from %s
DEBUG
DEBUG
DEBUG
ERROR
ERROR
ERROR
Request Timed out from %s
Looking Up %s
DEBUG
DEBUG
ntpd : umi initialization failed
ntpd : ntpInit failed
ntpd : ntpMgmtInit failed
There was an error while getting the
timeZoneChangeScript."
unexpected reply from %d cmd=%d !
Timezone difference :%d
Could not open file: %s
Could not read data from file
ntpTblHandler
DEBUG
DEBUG
DEBUG
DEBUG
ERROR
ERROR
ERROR
ERROR
status: %d
DEBUG
cmd %d not supported. caller %d
default reached
Unable to initialize ntpControl
ntpMgmt : Couldn't open database %s
ERROR : incomplete DB update
information
tz: %d
DayLightsaving: %d
pNtpControl>ServerNames[PRIMARY_SERVER]:
%s
pNtpControl>ServerNames[SECONDARY_SERVER]
: %s
DEBUG
DEBUG
empty update. nRows=%d nCols=%d
Error in executing DB update handler
ERROR
ERROR
DEBUG
requestNtpTime: Invalid addr
ERROR
DEBUG
ERROR
DS: %d
DEBUG
failed to take lock for compId: %d
failed to convert ioctl args to buffer
for"
pPriServ %s
pSecServ %s
DEBUG
DEBUG
ERROR
ERROR
Making request from %d --> %d
sent request dst(%d) <-- src(%d) using
option %d
DEBUG
request timeout dst(%d) <-- src(%d)
failed to take lock for compId: %d
umiIoctlArgsToBuf: failed to allocate
memory
umiRecvFrom: could not allocate
memory
received request too small!(%d bytes)
Received a UMI request from %d
DEBUG
DEBUG
ERROR
ERROR
sent a reply src(%d) ---> dst(%d)
DEBUG
umiRegister (%x,%x,%x,%x)
srcId=%d(%s) --> destId=%d(%s)
cmd=%d inLen=%d outLen=%d
DEBUG
waiting for reply...Giving Up
DEBUG
adpMalloc failed
context with ID: %d already registered
Failed to allocate memory for creating
UMI context
Failed to create recvSem for UMI
context
Failed to create mutex locks for UMI
context
Failed to create mutex recvQLock for
UMI context
No request in the list after semTake
reply timeout
DEBUG
DEBUG
Invalid arguments to umiIoctl
could not find the destination context
ERROR
ERROR
DEBUG
DEBUG
217
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
timeout after semTake
srcId=%d(%s) <-- destId=%d(%s)
cmd=%d
DEBUG
memPartAlloc for %d size failed
ERROR
DEBUG
ERROR
Un-registerting component with Id %d
failed to send ioctl request: dst(%d) <--src(%d)
processed a reply dst(%d) <-- src(%d)
request with no result option dst(%d) <-src(%d)
DEBUG
cmd = %s
cmdstring is %s %s:%d
DEBUG
DEBUG
memPartAlloc for %d size failed
No Handler registered for this UMI
context
Couldn't find component with ID
(%d),"
id=%d handler=%x
Received NULL buffer in
umiBufToIoctlArgs()
usbMgmtInit: unable to open the
database file %s
call to printConfig failed
Calling printerConfig binary ...
DEBUG
ERROR
Calling unmount for USB ...
DEBUG
Calling mount for USB ...
DEBUG
Failed to Disable Network Storage"
Some error occurred while removing
device
Some error occurred while removing
device
usbdevice is %d %s:%d
Query string: %s
DEBUG
DEBUG
Sqlite update failed
Failed to enable printer properly
ERROR
ERROR
sqlite3QueryResGet failed.Query:%s
%s: 1. usb is already disconnected for
old usb type. "
%s: 2.call disable for new usb type !
%s: 3. usb is already disconnected for
old usb type. "
%s: 4. Disabled old usb type . Now "
DEBUG
ERROR
DEBUG
DEBUG
Failed to mount device on system
Failed to enable network storage
device"
Failed to mount device on system
DEBUG
DEBUG
Sqlite update failed
USB1 Touch failed
ERROR
ERROR
usbdevice is %d %s:%d
USB: failed to begin transaction: %s
DEBUG
DEBUG
USB2 Touch failed
Sqlite update failed
ERROR
ERROR
USB: SQL error: %s pSetString = %s
DEBUG
ERROR
USB: failed to commit transaction: %s
DEBUG
USB: updated table: %s
USB: returning with status: %s
%s:DBUpdate event: Table: %s
opCode:%d rowId:%d
executing %s status =%d
DEBUG
DEBUG
Failed query: %s
Failed to execute usb database
update handler
Usage:%s <DBFile> <opType>
<tblName> <rowId>
Illegal invocation of snmpConfig (%s)
DEBUG
DEBUG
Invalid Community Access Type
Invalid User Access Type
ERROR
ERROR
executing %s
%s returned status=%d
DEBUG
DEBUG
Invalid Security Level
Invalid Authentication Algorithm
ERROR
ERROR
%s returned status=%d
snmpd.conf not found
DEBUG
DEBUG
ERROR
ERROR
[SNMP_DEBUG] : Fwrite Successful
DEBUG
[SNMP_DEBUG] : Fwrite failed
radPairGen: received unknown attribute
%d of length %d
radPairGen: %s has unknown type
radPairLocate: unknown attribute %ld of
length %d
DEBUG
Invalid Privacy Algorithm
Invalid Argument
Failed to allocate memory for
engineID
[SNMP_DEBUG]: Failed to get host
address
WARN
WARN
[SNMP_DEBUG] : FOPEN failed
sqlite3QueryResGet failed.Query:%s
ERROR
ERROR
WARN
sqlite3QueryResGet failed.Query:%s
ERROR
radPairLocate: %s has unknown type
Illegal invocation of cpuMemUsage (%s)
WARN
ERROR
Invalid Security Level
Invalid Authentication Algorithm
ERROR
ERROR
DEBUG
DEBUG
DEBUG
218
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
cpuMemUsageDBUpdateHandler: SQL
error: %s
unable to open the DB file %s
umiInit failed
ERROR
ERROR
ERROR
Invalid Privacy Algorithm
Failed to Get Host Address
Invalid version
ERROR
ERROR
ERROR
unable to register to UMI
Error Reading from the Database.
ERROR
ERROR
snmp v3 Trap Configuration Failed
sqlite3QueryResGet failed query:%s
ERROR
ERROR
short DB update event request!
ERROR
ERROR
Error in executing DB update handler
adpListNodeRemove : Returned with an
error
command too long. Try increasing "
failed to allocate memory for
CRON_NODE
sqlite3QueryResGet failed
There was an error while reading the
schedules.
unable to register to UMI
short DB update event request!
ERROR
sqlite3QueryResGet failed.Query:%s
Failed to Open Snmp Configuration
File
ERROR
ERROR
Failed to write access control entries
Failed to write snmpv3 users entries
ERROR
ERROR
ERROR
ERROR
Failed to write snmp trap entries
Failed to write system entries.
ERROR
ERROR
ERROR
ERROR
ERROR
Failed to restart snmp
%s failed with status
Error in executing DB update handler
ERROR
ERROR
ERROR
malloc(DB_UPDATE_NODE) failed
short ifDev event request!
ERROR
ERROR
%s: Unable to open file: %s
RADVD start failed
ERROR
ERROR
sqlite3_mprintf failed
ERROR
ERROR
no component id matching %s
umiIoctl (%s,
UMI_CMD_DB_UPDATE(%d)) failed.
ERROR
RADVD stop failed
failed to create/open RADVD
configuration file %s
ERROR
sqlite3_mprintf failed
sqlite3_mprintf failed
no component id matching %s
umiIoctl (%s,
UMI_CMD_IFDEV_EVENT(%d)) failed.
klogctl(9) failed
ERROR
ERROR
ERROR
Restoring old configuration..
failed to write/update RADVD
configuration file
upnpDisableFunc failed
upnpEnableFunc failed
ERROR
ERROR
sqlite3QueryResGet failed.Query:%s
Error in executing DB update handler
ERROR
ERROR
malloc failed for %d bytes
klogctl(4) failed
emailLogs: Invalid Number of
Arguments!! Exiting.
sqlite3QueryResGet failed
Could not execute the smtpClient.
Error while cleaning the
database.Exiting. %s
ERROR
ERROR
unable to open the DB file %s
umiInit failed
ERROR
ERROR
ERROR
ERROR
ERROR
unable to register to UMI
short DB update event request!
short ifDev event request!
ERROR
ERROR
ERROR
ERROR
sqlite3_mprintf failed
ERROR
%s failed. status=%d
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Facility: System (Firewall)
Log Message
Severity
Log Message
Severity
Enabling rule for protocol binding.
Disabling rule for protocol binding.
DEBUG
DEBUG
Disable all NAT rules.
Enable all NAT rules.
DEBUG
DEBUG
Enabling Remote SNMP on WAN.
Disabling Remote SNMP on WAN
DEBUG
DEBUG
Enabling NAT URL filter rules.
Restarting all NAT rules.
DEBUG
DEBUG
219
Unified Services Router
User Manual
wan traffic counters are restared
DEBUG
Deleting schedule based firewall rules.
Deleting schedule based firewall rules
from DB.
Update schedule based firewall rules in
DB.
Restart schedule based firewall rules.
DEBUG
Traffic limit has been reached
Traffic meter monthly limit has been
changed to %d.
Enabling traffic meter for only dowload.
DEBUG
Enabling traffic meter for both directions.
Enabling traffic meter with no limit.
Email alert in traffic meter disabled.
Email alert in traffic meter enabled.
Traffic Meter:Monthly limit %d MB has
been "
Traffic Metering: Adding rule to drop all
traffic
Traffic Metering: %sabling Email traffic
DEBUG
DEBUG
DEBUG
DEBUG
inter vlan routing enabled
inter vlan routing disabled
Disabling Content Filter for %d
Enabling Content Filter for %d
./src/firewall/linux/user/firewalld.c:59:#u
ndef ADP_DEBUG2
./src/firewall/linux/user/firewalld.c:61:#d
efine ADP_DEBUG2 printf
Enabling Source MAC Filtering
DEBUG
DEBUG
DEBUG
DEBUG
Disabling attack checks for IPv6 rules.
DEBUG
Disabling Source MAC Filtering
Adding MAC Filter Policy for Block &
Permit Rest
Adding MAC Filter Policy for Permit &
Block Rest
DEBUG
Enabling attack checks for IPv6 rules.
Configuring one to one NAT settings with
%s private start IP "
Deleting forward one to one NAT having
setting %s private start"
Disabling attack check for Block ping to
WAN interface.
Disabling attack check for Stealth mode
for tcp
Disabling attack check for Stealth mode
for udp
DEBUG
Restarting Source MAC Address Policy
Disabling Firewall Rule for DHCP Relay
Protocol
Enabling Firewall Rule for DHCP Relay
Protocol
prerouting Firewall Rule add for Relay
failed
prerouting Firewall Rule add for Relay
failed
Deleting MAC Filter Policy for Address
%s
Adding MAC Filter Policy for Address
%s
DEBUG
Disabling attack check for TCP Flood.
DEBUG
Disabling attack check for UDP Flood.
DEBUG
Disabling attack check for IPsec.
DEBUG
Disabling attack check for PPTP.
Disabling attack check for L2TP.
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Disabling Firewall Rules for DMZ host
Enabling Firewall Rules for DMZ host
Disabling Firewall Rules for Spill Over
Load Balancing
Disabling Firewall Rules for Load
Balancing
Enabling Firewall Rules for Load
Balancing
Enabling Firewall Rules for Spill Over
Load Balancing
Enabling Firewall Rules for Auto
Failover
Enabling Firewall Rules for Load
Balancing .
Enabling Firewall Rules for Spill Over
Load Balancing .
Enabling Firewall Rules for Auto
Failover
Deleting BlockSites Keyword \
Disabling attack check for UDP Flood.
DEBUG
Disabling attack check for IPsec.
DEBUG
Disabling attack check for PPTP.
DEBUG
Disabling attack check for L2TP.
Enabling attack check for Block ping to
WAN "
Enabling attack check for Stealth Mode
for tcp.
Enabling attack check for Stealth Mode
for udp.
DEBUG
Enabling attack check for TCP Flood.
Enabling attack check for UDP Flood.
Enabling attack check for IPsec.
Enabling attack check for PPTP.
DEBUG
DEBUG
Enabling BlockSites Keyword \
Disabling BlockSites Keyword \
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
220
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Unified Services Router
User Manual
Enabling attack check for L2TP.
DEBUG
Updating BlockSites Keyword from \
DEBUG
Enabling attack check for UDP Flood.
Enabling attack check for IPsec.
Enabling attack check for PPTP.
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Enabling attack check for L2TP.
Enabling DoS attack check with %d
SyncFlood detect rate, "
Disabling DoS attack check having %d
SyncFlood detect rate,"
Enabling ICSA Notification Item for ICMP
notification.
Enabling ICSA Notification Item for
Fragmented Packets.
Enabling ICSA Notification Item for Multi
cast Packets.
Disabling ICSA Notification Item for
ICMP notification.
Disabling ICSA Notification Item for
Fragmented Packets.
Disabling ICSA Notification Item for Multi
cast Packets.
Adding IP/MAC binding rule for %s MAC
address "
Deleting IP/MAC binding rule for %s
MAC "
./src/firewall/linux/user/firewalld.c:60:#un
def ADP_DEBUG
./src/firewall/linux/user/firewalld.c:62:#def
ine ADP_DEBUG printf
Restarting traffic meter with %d mins,
%d hours, "
Updating traffic meter with %d mins, %d
hours, "
DEBUG
Inserting BlockSites Keyword \
Deleting Trusted Domain \
Adding Trusted Domain \
Restarting Schedule Based Firewall
Rules
DEBUG
Enabling Remote SNMP
DEBUG
DEBUG
Disabling Remote SNMP
DEBUG
DEBUG
Enabling Remote SNMP
DEBUG
DEBUG
Disabling DOS Attacks
DEBUG
DEBUG
Enabling DOS Attacks
DEBUG
DEBUG
Enabling DOS Attacks
DEBUG
DEBUG
DEBUG
DEBUG
Restarting Firewall [%d]:[%d] For %s
restartStatus = %d for LogicalIfName =
%s
DEBUG
Deleting Lan Group %s
DEBUG
DEBUG
Adding Lan Group %s
DEBUG
DEBUG
Deleting lan host %s from group %s
DEBUG
DEBUG
DEBUG
Deleting traffic meter.
DEBUG
Disabling block traffic for traffic meter.
DEBUG
Enabling traffic meter.
DEBUG
Adding lan group %s.
DEBUG
Deleting lan group %s.
DEBUG
Renaming lan group from %s to %s.
Deleting host %s from %s group.
DEBUG
DEBUG
Adding lan host %s from group %s
Disabling Firewall Rule for IGMP
Protocol
Enabling Firewall Rule for IGMP
Protocol
Deleting IP/MAC Bind Rule for MAC
address %s and IP "
Adding IP/MAC Bind Rule for MAC
address %s and IP
Deleting Protocol Bind Rule for Service
%s
Deleting Protocol Bind Rule for Service
%s
Deleting Protocol Bind Rule for Service
%s
Adding Protocol Bind Rule for Service
%s
%s Session Settings
Adding host %s to %s group.
Enabling Keyword blocking for %s
keyword.
Disabling keyword Blocking for %s
keyword .
Deleting trusted domain with keyword
%s.
DEBUG
DEBUG
Adding %s keyword to trusted domain.
Enabling Management Access from
DEBUG
DEBUG
Restarting IPv6 Firewall Rules...
Deleting Port Trigger Rule for
%d:%d:%d:%d:%d
Deleting Port Trigger Rule for
%d:%d:%d:%d:%d
Enabling Port Trigger Rule for
%d:%d:%d:%d:%d
Disabling Port Trigger Rule for
%d:%d:%d:%d:%d
Enabling Port Trigger Rule for
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
221
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Unified Services Router
User Manual
Internet on port %d
Enabling remote access management
for IP address range"
Enabling remote access management to
only this PC.
Disabling Management Access from
Internet on port %d
Disabling remote access management
for IP address range"
Disabling remote access management
only to this PC.
MAC Filtering %sabled for BLOCK and
PERMIT REST.
MAC Filtering %sabled for PERMIT and
BLOCK REST.
Enabling Content Filtering.
Disabling Content Filtering.
Deleting rule, port triggering for protocol
TCP.
Deleting rule, port triggering for protocol
UDP.
Deleting rule, port triggering for protocol
TCP.
Deleting rule, port triggering for protocol
UDP.
Enabling rule, port triggering for protocol
TCP.
Enabling rule, port triggering for protocol
UDP.
Enabling rule, port triggering for protocol
TCP.
Enabling rule, port triggering for protocol
UDP.
%d:%d:%d:%d:%d
DEBUG
Disabling Port Trigger Rule for
%d:%d:%d:%d:%d
Adding Port Trigger Rule for
%d:%d:%d:%d:%d
DEBUG
Enabling Content Filter
DEBUG
DEBUG
Disabling Content Filter
DEBUG
DEBUG
Enabling Content Filter
Setting NAT mode for pLogicalIfName
= %s
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Enabling DROP for INPUT
Enabling DROP for FORWARD
Enabling NAT based Firewall Rules
Setting transparent mode for
pLogicalIfName \
DEBUG
Enabling Accept for INPUT
DEBUG
DEBUG
DEBUG
DEBUG
Enabling Accept for FORWARD
Setting Routing mode for
pLogicalIfName \
DEBUG
Enabling DROP for INPUT
DEBUG
DEBUG
Enabling DROP for FORWARD
DEBUG
DEBUG
Disabling NAT based Firewall Rules
Enabling Firewall Rules for URL
Filtering & "
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Enabling DNS proxy.
DEBUG
Restarting DNS proxy.
DEBUG
checking DNS proxy for Secure zone.
DEBUG
checking DNS proxy for Public zone.
DEBUG
Adding Firewall Rule for RIP Protocol
Restarting Schedule Based Firewall
Rules
enabling IPS checks between %s and
%s zones.
disabling IPS checks between %s and
%s zones.
Enabling Block traffic from %s zone.
Configuring firewall session settings for "
DEBUG
DEBUG
Stopping IPS...%s
IPS started.
DEBUG
DEBUG
Disabling DMZ
DEBUG
DEBUG
Disabling WAN-DMZ rules .
Enabling WAN DMZ rules .
Restarting DMZ rule having %s address
with %s address.
Enabling LAN DHCP relay.
OneToOneNat configured successfully
DEBUG
DEBUG
Route already exists
Route addition failed: Network
Unreachable
Route addition failed: Network is down
DEBUG
DEBUG
DEBUG
OneToOneNat configuration failed
DEBUG
Deleting scheduled IPv6 rules.
delete from FirewallRules6 where
ScheduleName = '%s'.
DEBUG
Route addition failed
Failed to add rule in iptables
Failed to delete rule from iptables
fwLBSpillOverConfigure: Something
going wrong here
fwLBSpillOverConfigure: unable to get
interfaceName
fwLBSpillOverConfigure: Could not set
PREROUTING rules
DEBUG
DEBUG
DEBUG
DEBUG
222
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
ERROR
ERROR
ERROR
Unified Services Router
User Manual
Update FirewallRules6 where
ScheduleName = '%s' to New "
DEBUG
Dns proxy Restart failed
DEBUG
deleting interface to ifgroup failed
DEBUG
adding interface to ifgroup failed
deleting interface pVirtIface %s from
ifgroup %d"
adding interface pVirtIface %s to ifgroup
%d failed
DEBUG
Deleting IP address %s.
DEBUG
Adding new IP address %s.
Updating old IP address %s to new IP
address %s.
Restarting Firewall For %s Address
Update from %s:%s
Disabling Firewall Rule for MSS packet
marking
Enabling Firewall Rule for MSS packet
marking
Enabling packet marking rule for %s
IDLE timer
Deleted firewall rule %s for service %s
with action %s
%s firewall rule %s for service %s with
action %s
Added firewall rule %s for service %s
with action %s
Deleting inbound(WAN-LAN) firewall
rule.
Deleting inbound(WAN-DMZ) firewall
rule.
RIPng disabled.
DEBUG
RIPng enabled.
Disable IPv6 firewall rule.
Enable IPv6 firewall rule.
fwLBSpillOverConfigure: Could not set
POSTROUTING rules
fwLBSpillOverConfigure: Something
going wrong Here
fwL2TPGenericRules.c: unable to open
the database file "
ERROR
ERROR
ERROR
ERROR
DEBUG
fwL2TPGenericRules.c: inet_aton failed
fwPPTPGenericRules.c: unable to
open the database file "
fwPPTPGenericRules.c: inet_aton
failed
DNS proxy firewall rule add failed for
%s
deleting interface %s from ifgroup %d
failed
adding interface %s to ifgroup %d
failed
nimfBridgeTblHandler: unable to get
interfaceName
DEBUG
nimfBridgeTblHandler: \
ERROR
DEBUG
nimfBridgeTblHandler: unable to get \
Failed to %s traffic from %s to %s to
IPS.
Failed to %s traffic from %s to %s to
IPS.
ERROR
failed to start IPS service.
Timeout in waiting for IPS service to
start.
Usage:%s <DBFile> <opType>
<tblName> <rowId> "
ERROR
ERROR
ERROR
DEBUG
DEBUG
DEBUG
xlr8NatConfig: illegal invocation of (%s)
Illegal invocation of [%s]
xlr8NatMgmtTblHandler: failed query:
%s
Could not open file: %s
Rip Error Command Too Long
Deleting IGMP proxy rule.
Enable IGMP proxy rule.
DEBUG
DEBUG
No authentication for Ripv1
Invalid Rip Direction
ERROR
ERROR
Restarting IGMP rule.
Traffic meter enabled with no limit type.
Traffic meter enabled for only download.
Traffic meter enabled for both directions.
Deleted firewall rule %s for service %s
with action %s
%s firewall rule %s for service %s with
action %s
Added firewall rule %s for service %s
with action %s
Enabling Inter VLAN routing.
DEBUG
DEBUG
DEBUG
DEBUG
Invalid Rip Version
Invalid Password for 1st Key
Invalid Time for 1st Key
Invalid Password for 2nd Key
ERROR
ERROR
ERROR
ERROR
DEBUG
Invalid Time for 2nd Key
ERROR
DEBUG
Invalid First KeyId
ERROR
DEBUG
DEBUG
Invalid Second KeyId
Invalid Authentication Type
ERROR
ERROR
Updating inter VLAN routing status.
Deleting inter VLAN routing.
DEBUG
DEBUG
ripDisable failed
ripEnable failed
ERROR
ERROR
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
223
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
Facility: Local0 (Wireless)
Log Message
(node=%s) setting %s to val = %d
Severity
DEBUG
Log Message
sqlite3QueryResGet failed
Severity
ERROR
Custom wireless event: '%s'
Wireless event: cmd=0x%x len=%d
New Rogue AP
(%02x:%02x:%02x:%02x:%02x:%02x)
detected
WPS session in progress, ignoring
enrolle assoc request
DEBUG
DEBUG
sqlite3QueryResGet failed
VAP(%s) set beacon interval failed
ERROR
ERROR
DEBUG
VAP(%s) set DTIM interval failed
ERROR
DEBUG
ERROR
ran query %s
DBUpdate event: Table: %s opCode:%d
rowId:%d
%sing VAPs using profile %s
DEBUG
VAP(%s) set RTS Threshold failed
VAP(%s) set Fragmentation Threshold
failed
DEBUG
DEBUG
VAP(%s) set Protection Mode failed
VAP(%s) set Tx Power failed
ERROR
ERROR
%sing VAP %s
ran query %s
DEBUG
DEBUG
WDS Profile %s not found
Failed to initalize WPS on %s
ERROR
ERROR
%sing VAP instance %s
DEBUG
failed to get profile %s
ERROR
VAP(%s) set Short Preamble failed
VAP(%s) set Short Retry failed
DEBUG
DEBUG
could not initialize MGMT framework
could not initialize MGMT framework
ERROR
ERROR
VAP(%s) set Long Retry failed
Decrypting context with key %s
DEBUG
DEBUG
ERROR
ERROR
Unknown IAPP command %d received.
unexpected reply from %d cmd=%d !
unexpected reply from %d cmd=%d !
Recvied DOT11_EAPOL_KEYMSG
DEBUG
DEBUG
DEBUG
DEBUG
dot11VapBssidUpdt SQL error: %s
sqlite3QueryResGet failed.Query:%s
KDOT11_GET_PARAM(IEEE80211_I
OC_CHANNEL) failed
Failed to get the channel setting for %s
sqlite3QueryResGet failed.Query:%s
sqlite3QueryResGet failed.Query:%s
shutting down AP:%s
APCtx Found
DEBUG
DEBUG
ERROR
ERROR
APCtx Not-Found
DEBUG
node not found *:*:*:%x:%x:%x
error installing unicast key for %s
DEBUG
DEBUG
profile %s not found
sqlite3QueryResGet failed.Query:%s
Interface name and policy must be
specified
Interface name and policy must be
specified
invalid ACL type %d
cmd =%d i_type =%d i_val=%d
join event for new node %s
wpa/rsn IE id %d/%d not supported
wpa IE id %d not supported
DEBUG
DEBUG
DEBUG
DEBUG
interface name not specified
interface name not specified
Invalid interface - %s specified
buffer length not specified
ERROR
ERROR
ERROR
ERROR
leave event for node %s
NodeFree request for node : %s
DEBUG
DEBUG
Invalid length(%d) specified
failed created iappdLock
ERROR
ERROR
installing key to index %d
DEBUG
failed to create cipher contexts.
ERROR
iReq.i_val : %d
pIfName : %s
DEBUG
DEBUG
ERROR
ERROR
iReq.i_val : %d
DEBUG
setting mode: %d
DEBUG
Global counter wrapped, re-generating...
DEBUG
unable to register to UMI
iappSockInit() failed
iappInit got error, unregistering it with
UMI
umiIoctl(UMI_COMP_UDOT11,%d,%d
) failed
umiIoctl(UMI_COMP_KDOT11,%d,%d
) failed
224
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
Got
PNAC_EVENT_PREAUTH_SUCCESS
event for : %s
event for non-existent node %s
PNAC_EVENT_EAPOL_START event
received
PNAC_EVENT_EAPOL_LOGOFF event
received
PNAC_EVENT_REAUTH event received
PNAC_EVENT_AUTH_SUCCESS event
received
PNAC_EVENT_PORT_STATUS_CHAN
GED event received
User Manual
DEBUG
DEBUG
unsupported event %d from PNAC
event for non-existent node %s. Create
new node.
Add new node to DOT11 Node list
DEBUG
UDP failed, received Length is %d
umiIoctl(UMI_COMP_KDOT11,
umiIoctl(UMI_COMP_UDOT11,%d,%d
)\
umiIoctl(UMI_COMP_KDOT11,%d,%d
)\
No IAPP Node found for req id %d
umiIoctl(UMI_COMP_UDOT11,%d,%d
)\
umiIoctl(UMI_COMP_KDOT11,%d,%d
)\
umiIoctl(UMI_COMP_UDOT11,%d,%d
) failed
DEBUG
DEBUG
UDP socket is not created
UDP send failed
ERROR
ERROR
Update dot11STA database
Add PMKSA to the list
eapolRecvAuthKeyMsg: received key
message
DEBUG
DEBUG
IAPP: socket (SOCK_STREAM) failed.
IAPP: TCP connect failed to %s.
ERROR
ERROR
DEBUG
ERROR
node not found
eapolRecvKeyMsg: replay counter not
incremented
eapolRecvKeyMsg: replay counter is not
same
processing pairwise key message 2
RSN IE matching: OK
DEBUG
DEBUG
DEBUG
DEBUG
cmd %d not supported.sender=%d
umiIoctl(UMI_COMP_KDOT11,%d,%d
) failed
IAPP-CACHE-NOTIFY-REQUEST
send to
./src/dot11/iapp/iappLib.c:1314:
ADP_ERROR (
BSSID value passed is NULL
reserved requestId is passed
processing pairwise key message 4
processing group key message 2
processing key request message from
client
DEBUG
DEBUG
interface name is NULL
IP address value passed is NULL
ERROR
ERROR
DEBUG
ERROR
WPA version %2x %2x not supported
DEBUG
(%s) group cipher %2x doesn't match
DEBUG
(%s)Pairwise cipher %s not supported
(%s) authentication method %d not
supported
%s:Auth method=%s pairwise cipher=%s
IE size=%d
WPA version %2x %2x not supported
Unable to obtain IE of type %d
DEBUG
DEBUG
DEBUG
DEBUG
opening receive UDP socket failed
enabling broadcast for UDP socket
failed
opening receive TCP socket for new
AP failed
./src/dot11/iapp/iappLib.c:1784:
ADP_ERROR(
./src/dot11/iapp/iappLib.c:1794:
ADP_ERROR(
./src/dot11/iapp/iappLib.c:1803:
ADP_ERROR(
failed created dot11dLock.
failed initialize profile library.
PTK state changed from %s to %s
using PMKSA from cache
DEBUG
DEBUG
failed to create cipher contexts.
unable to register to UMI
ERROR
ERROR
PTK GK state changed from %s to %s
GK state changed from %s to %s
DEBUG
DEBUG
ERROR
ERROR
Sending PTK Msg1
DEBUG
could not create MIB tree
unable to register to PNAC
Max registration attempts by DOT11 to
PNAC exceeded
Sending PTK Msg3
Sending GTK Msg1
DEBUG
DEBUG
Creation of EAP WPS Profile Failed
umiIoctl(UMI_COMP_IAPP,%d ) failed
ERROR
ERROR
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
225
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
sending EAPOL pdu to PNAC...
creating pnac authenticator with values
%d %d - %s
DEBUG
DOT11_RX_EAPOL_KEYMSG:
unknown ifname %s
ERROR
DEBUG
cmd %d not supported.sender=%d
ERROR
Profile %s does not exist
IAPP initialized.
DEBUG
DEBUG
inteface name passed is NULL
BSSID passed is NULL
ERROR
ERROR
Encrypting context key=%s for
could not find access point context for
%s
join event for existing node %s
failed to send
PNAC_FORCE_AUTHORIZED "
failed to send PNAC_AUTHORIZED "
failed to send
PNAC_VAR_KEY_AVAIL ABLE (TRUE) "
failed to send PNAC_VAR_KEY_TX_EN
(TRUE) "
failed to send PNAC_VAR_KEY_TX_EN
(FALSE) "
failed to send
PNAC_FORCE_AUTHORIZED "
DEBUG
ERROR
DEBUG
DEBUG
inteface name passed is NULL
unable to allocate memory for
DOT11_CTX
unable to install wme mapping on %s
DEBUG
DEBUG
unable to get %s mac address
Failed to set %s SSID
ERROR
ERROR
DEBUG
Failed to set SSID broadcast status
ERROR
DEBUG
Failed to set PreAuth mode
ERROR
DEBUG
ERROR
failed to send PNAC_AUTHORIZED "
DEBUG
unable to install key
KDOT11_SET_PARAM:IEEE80211_I
OC_AUTHMODE failed
KDOT11_SET_PARAM:IEEE80211_I
OC_PRIVACY failed
mic verification: OK
DEBUG
ERROR
pnacIfConfig: Invalid supplicant"
Failed to process user request
DEBUG
DEBUG
wpaInit failed
dot11InstallProfile: unable to get
interface index
adpHmacInit(%s) failed
Failed to process user request - %s(%d)
pnacIfConfigUmiIoctl: umiIoctl failed
pnacIfConfigUmiIoctl: usrPnac returned
%d
pnacIfConfigUmiIoctl: usrPnac returned
%d
pnacIfConfigUmiIoctl: usrPnac returned
%d
pnacKernNotifier: invalid PAE
configuration "
From pnacEapDemoAuthRecv:
unsupported response "
From pnacEapDemoAuthRecv: invalid
codes received
From pnacRadXlateDemoRecv: received
unknown "
From pnacRadXlateDemoRecv: invalid
codes received
Error from pnacRadXlateDemoRecv:
malloc failed
From pnacRadXlateRadPktHandle:
received a non-supported"
Only md5 authentication scheme
currently supported. "
DEBUG
DEBUG
interface %s not found
AP not found on %s
ERROR
ERROR
DEBUG
keyLen > PNAC_KEY_MAX_SIZE
ERROR
DEBUG
Invalid profile name passed
ERROR
DEBUG
Creation of WPS EAP Profile failed
ERROR
DEBUG
unsupported command %d
ERROR
DEBUG
device %s not found
ERROR
DEBUG
unsupported command %d
ERROR
DEBUG
dot11NodeAlloc failed
ERROR
DEBUG
Getting WPA IE failed for %s
ERROR
DEBUG
ERROR
DEBUG
Getting WPS IE failed for %s
Failed initialize authenticator for node
%s
Failed to get the system up time while
adding node %s
Message from authenticator:
from pnacPDUXmit: bufsize = %d,
pktType = %d,"
pnacPDUXmit: sending eap packet. code
= %d, "
DEBUG
error creating PNAC port for node %s
ERROR
DEBUG
dot11NodeAlloc failed
ERROR
DEBUG
Invalid arguments.
ERROR
DEBUG
DEBUG
226
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
pnacRecvRtn: no corresponding pnac
port pae found
sending unicast key
User Manual
DEBUG
DEBUG
umiIoctl(UMI_COMP_IAPP,%d) failed
Invalid IE.
umiIoctl(UMI_COMP_KDOT11_VAP,
%d ) failed
umiIoctl(UMI_COMP_KDOT11,%d
,%d) failed
KDOT11_SET_PARAM:IEEE80211_I
OC_WME_CWMIN failed
KDOT11_SET_PARAM:IEEE80211_I
OC_WME_CWMAX failed
KDOT11_SET_PARAM:IEEE80211_I
OC_WME_AIFS failed
KDOT11_SET_PARAM:80211_IOC_
WME_TXOPLIMIT failed
KDOT11_SET_PARAM:IEEE80211_I
OC_WME_ACM failed
KDOT11_SET_PARAM:IEEE80211_I
OC_WME failed
ERROR
ERROR
ERROR
sending broadcast key
from pnacAuthPAEDisconnected: calling
pnacTxCannedFail
from pnacAuthPAEForceUnauth: calling
pnacTxCannedFail
DEBUG
state changed from %s to %s
PNAC user comp id not set. dropping
event %d
DEBUG
sending event %d to %d
DEBUG
requesting keys informantion from %d
pnacUmiPortPaeParamSet: error in
getting port pae
pnacUmiPortPaeParamSet: invalid
param - %d
pnacRecvASInfoMessage: Skey of length
%d set
pnacRecvASInfoMessage: reAuthPeriod
set to: %d
pnacRecvASInfoMessage: suppTimeout
set to: %d
DEBUG
PORT SUCCESSFULLY DESTROYED
DEBUG
creating physical port for %s
pnacAuthInit: using defualt
pnacAuthParams
pnacSuppInit: using defualt
pnacSuppParams
Error from
pnacCombinedStMachTriggerFunc: "
Error from
pnacCombinedStMachTriggerFunc: "
Error from
pnacCombinedStMachTriggerFunc: "
Error from
pnacCombinedStMachTriggerFunc: "
Error from
pnacCombinedStMachTriggerFunc: "
Error from
pnacCombinedStMachTriggerFunc: "
Error from
pnacCombinedStMachTriggerFunc: "
Error from
pnacCombinedStMachTriggerFunc: "
Error from
pnacCombinedStMachTriggerFunc: "
DEBUG
invalid group cipher %d
KDOT11_SET_PARAM:IEEE80211_I
OC_MCASTCIPHER failed
KDOT11_SET_PARAM:IEEE80211_I
OC_MCASTKEYLEN failed
KDOT11_SET_PARAM:IEEE80211_I
OC_UCASTCIPHERS failed
KDOT11_SET_PARAM:IEEE80211_I
OC_KEYMGTALGS failed
KDOT11_SET_PARAM:IEEE80211_I
OC_WPA failed
DEBUG
unknow cipher type = %d
ERROR
DEBUG
umiIoctl(UMI_COMP_IAPP,%d) failed
ERROR
DEBUG
invalid media value=%d
ERROR
DEBUG
invalid mediaOpt value=%d
ERROR
DEBUG
invalid mode value=%d
ERROR
DEBUG
dot11PnacIfCreate failed
ERROR
DEBUG
wpaPRF failed
ERROR
DEBUG
ERROR
DEBUG
Error generating global key counter
wpaCalcMic: unsupported key
descriptor version
integrity failed. need to stop all stations
"
couldn't find AP context for %s
interface
received a pdu on %s
pnacRecvMapi: protoType: %04x
pPhyPort->authToASSendRtn:%p
DEBUG
dot11Malloc failed
ERROR
DEBUG
ERROR
port not found
DEBUG
dot11Malloc failed
eapolRecvKeyMsg: unknown
descType =%d
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
227
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
from pnacRecvMapi: pkt body len = %d,
pktType = %d
from pnacPDUProcess: received
PNAC_EAP_PACKET
User Manual
from pnacPDUProcess: currentId = %d
from pnacPDUProcess: code = %d,
identifier = %d, "
from pnacPDUProcess: setting rxResp
true
from pnacPDUProcess: code = %d,
identifier = %d, "
DEBUG
from pnacPDUProcess: received "
DEBUG
from pnacPDUProcess: received "
from pnacPDUProcess: received
PNAC_EAPOL_KEY_PACKET
DEBUG
doing pnacTxCannedFail
DEBUG
doing pnacTxCannedSuccess
doing pnacTxReqId
DEBUG
DEBUG
doing pnacTxReq
DEBUG
doing pnacTxStart
DEBUG
doing pnacTxLogoff
DEBUG
doing pnacTxRspId: 1st cond
DEBUG
doing pnacTxRspId: entering 2nd cond
from pnacTxRspId: code = %d, identifier
= %d, length = %d, "
doing pnacTxRspId: 2nd cond
DEBUG
eapolRecvKeyMsg: invalid descriptor
version
eapolRecvKeyMsg: incorrect
descriptor version
eapolRecvKeyMsg: Ack must not be
set
eapolRecvKeyMsg: MIC bit must be
set
wpaAuthRecvPTKMsg2: unexpected
packet received
wpaAuthRecvPTKMsg2: mic check
failed
wpaAuthRecvPTKMsg2: rsn ie
mismatch
wpaAuthRecvPTKMsg4: unexpected
packet received
wpaAuthRecvPTKMsg4:
keyDataLength not zero
wpaAuthRecvPTKMsg4: mic check
failed
wpaAuthRecvGTKMsg2: unexpected
packet received
secureBit not set in GTK Msg2
wpaAuthRecvGTKMsg2:
keyDataLength not zero
wpaAuthRecvGTKMsg2: mic check
failed
wpaAuthRecvKeyReq: unexpected
packet received
wpaAuthRecvKeyReq: keyDataLength
not zero
wpaAuthRecvKeyReq: mic check
failed
DEBUG
DEBUG
invalid OUI %x %x %x
(%s) invalid OUI %x %x %x
ERROR
ERROR
doing pnacTxRspAuth: 1st cond
doing pnacTxRspAuth: 2nd cond
message for unknown port PAE
from pnacACToSuppRecvRtn: calling
pnacEapPktRecord
from pnacEapPktRecord: code = %d,
identifier = %d, "
from pnacEapPktRecord: received
success pkt
from pnacEapPktRecord: received failure
pkt
from pnacEapPktRecord: received
request pkt
unknown EAP-code %d
DEBUG
DEBUG
DEBUG
[%s:%d] Cipher in WPA IE : %x
(%s) invalid OUI %x %x %x
short WPA IE (length = %d) received
ERROR
ERROR
ERROR
DEBUG
PTK state machine in unknown state.
ERROR
DEBUG
ERROR
DEBUG
dot11InstallKeys failed
group state machine entered into
WPA_AUTH_GTK_INIT
DEBUG
dot11Malloc failed
ERROR
DEBUG
DEBUG
dot11Malloc failed
dot11Malloc failed
ERROR
ERROR
Authenticator[%d]:
Auth PAE state = %s
Auth Reauth state = %s
DEBUG
DEBUG
DEBUG
aesWrap failed
unknown key descriptor version %d
dot11Malloc failed
ERROR
ERROR
ERROR
Back auth state = %s
DEBUG
could not initialize AES128ECB
ERROR
Supplicant[%d]:
Supp Pae state = %s
DEBUG
DEBUG
could not initialize AES-128-ECB
MD5 initialization failed
ERROR
ERROR
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
228
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
from pnacBackAuthFail: calling
pnacTxCannedFail
%s returned ERROR
pnacUmiIoctlHandler: cmd: %s(%d)
User Manual
DEBUG
DEBUG
DEBUG
RC4 framework initialization failed
PNAC framework initialization failed
ERROR: option value not specified
ERROR
ERROR
ERROR
%s not configured for 802.1x
could not process PDU received from the
wire
pnacPDUForward: failed to foward the
received PDU
Creating PHY port with AUTH backend :
%s SendRtn: %p RecvRtn:%p
pnacUmiAuthConfig: %s not configured
for 802.1x
pnacSuppRegisterUserInfo: not a valid
AC
DEBUG
ERROR: -u can be used only with -s
ERROR
DEBUG
ERROR: user-name not specified
ERROR
DEBUG
failed to enable debug
ERROR
DEBUG
[%s]: failed to convert string to MAC "
ERROR
DEBUG
ERROR
pnacIfConfig: autoAuth Enabled
pnacSendRtn: no pnac port pae found for
"
DEBUG
sending portStatus: %s[%d] to dot11
pnacRecvASInfoMessage: Rkey of
length %d set
DEBUG
ASSendRtn: %p ASToAuthRecv: %p
adpRand failed:unable to generate
random unicast key
using group key as unicast key
Integrity check failed more than once in
last 60 secs.
MIC failed twice in last 60 secs, taking
countermeasures
DEBUG
WARN
WARN
failed to initialize UMI
pnacPhyPortParamSet:invalid
arguments
pnacPhyPortParamSet:Failed to
create socket
Error from pnacPhyPortParamSet:%s device invalid
Error from pnacPhyPortParamSet:%s Getting MAC address "
pnacPhyPortParamSet:Failed to add
802.1X multicast "
pnacIsInterfaceUp: failed to create a
raw socket
pnacIsInterfaceUp: failed to get
interface flags
failed to allocate buffer
WARN
UMI initialization failed
ERROR
WARN
ERROR
Failed to set dot11 port status
WARN
PTK state machine in NO_STATE.
WARN
PTK state machine in NO_STATE!!
WARN
PMKSA refcount not 1
WARN
IV verification failednknown subtype>
pnacIfConfig: overwriting previous
interface "
WARN
UMI initialization failed
Error from pnacEapDemoAuthLibInit:
malloc failed
Error from pnacEapDemoAuthRecv:
received null EAP pkt
Error from pnacEapDemoAuthRecv:
send "
Error from pnacRadXlateASAdd:
cannot open socket
Error from pnacRadXlateDemoRecv:
received null EAP pkt
ERROR
pnacIfConfig: overwriting previous "
pnacIfConfig: overwriting previous
username"
WARN
ERROR
DEBUG
DEBUG
DEBUG
WARN
pnacIfConfig: overwriting previous
password"
WARN
%s: Failed to set port status
WARN
%s: Failed to notify event to dot11
WARN
From pnacRadXlateDemoRecv: send "
Error from pnacRadXlateDemoRecv:
radius "
Error from pnacRadXlateDemoRecv:
radius "
Error from
pnacRadXlateRadIdRespSend: send
to failed
Error from
pnacRadXlateRadNonIdRespSend:
send to failed
Error from
pnacRadXlateRadRecvProc: recvfrom
failed
pnacLibDeinit: Failed to destroy the
WARN
From
WARN
229
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
phyPort:%s
pnacBackAuthSuccess: failed to notify
the destination "
WARN
could not initialize MGMT framework
ERROR
umiInit failed
ERROR
iappInit failed
ERROR
could not initialize IAPP MGMT.
ERROR
dot11Malloc failed
ERROR
buffer length not specified
ERROR
pnacRadXlateRadPktIntegrityChk: no
corresponding "
Error from
pnacRadXlateRadPktIntegrityChk: no
message "
Error from
pnacRadXlateRadPktIntegrityChk: "
From
pnacRadXlateRadChalPktHandle: no
encapsulated eap "
Error from
pnacRadXlateRadChalPktHandle:
malloc for eap "
Error from
pnacEapDemoSuppUserInfoRegister:
invalid "
Error from pnacEapDemoSuppRecv:
received null EAP pkt
Error from pnacEapDemoSuppRecv:
send ptr to pnac supplicant"
From pnacEapDemoSuppRecv: user
info not entered yet
Error from pnacEapDemoSuppRecv:
couldn't "
Invalid length(%d) specified
Failed to get information about
authorized AP list.
Recd IE data for non-existent AP %s
ERROR
MDString: adpDigestInit for md5 failed
ERROR
ERROR
ERROR
pnacUmiInit: UMI initialization failed
could not start PNAC task
ERROR
ERROR
Recd IE data for wrong AP %s
Received Invalid IE data from WSC
ERROR
ERROR
ERROR
ERROR
Recd IE data for non-existent AP %s
Recd WSC Start command without
interface name
ERROR
Recd WSC start for non-existent AP %s
ERROR
Recd WSC start for wrong AP %s
Unable to send
WSC_WLAN_CMD_PORT to WSC
Failed to get the ap context for %s
WPS can only be applied to WPA/WPA2
security profiles
ERROR
invalid aruments
pnacIfNameToIndex failed
pnacPhyPortParamSet: device invalid
%s%d
pnacPhyPortParamSet: EIOCGADDR
ioctl failed
pnacPhyPortParamSet: multicast addr
add ioctl failed
pnacPhyPortParamUnset: multicast
addr del ioctl failed
ERROR
ERROR
wpsEnable: running wsccmd failed
Failed to get the ap context for %s
WPS conf. under non WPA/WPA2
security setting
Failed to reset the Beacon Frame IE in
the driver
Failed to reset the Beacon Frame IE in
the driver
ERROR
ERROR
WPS method cannot be NULL
PIN value length should be a multiple of
4 !!
Failed to initiate PIN based association,
PIN = %s
ERROR
ERROR
pnacPDUXmit: Invalid arguments
pnacPDUXmit: failed to get M_BLK_ID
from pnacIsInterfaceUp: device %s%d
invalid
pnacRecvRtn: dropping received
packet as port is"
pnacSendRtn: Invalid arguments
pnacSendRtn: no physical port
corresponding to"
pnacSendRtn: dropping packet as
port"
pnacAuthBuildRC4KeyDesc:
adpEncryptInit(RC4) failed
pnacAuthBuildRC4KeyDesc:
adpCipherContextCtrl"
pnacDot11UserSet: incorrect buffer
length
ERROR
PNAC user component id not set.
ERROR
pnacPortPaeDeconfig:kpnacPortPaeDec
onfig failed
pnacPortPaeDeconfig:kpnacPortPaeDec
onfig failed
WARN
WARN
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
230
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
Failed to initiate PBC based enrolle
association
Invalid association mode. (Allowed
modes : PIN/PBC)
User Manual
pnacKeyInfoGet:failed to allocate
buffer
PNAC user comp id not set. dropping
EAPOL key pkt
pnacUmiPortPaeParamSet: invalid
buffer received
ERROR
ERROR
wpsEnable: running wsccmd failed
Failed to send QUIT command to WSC
from DOT11
Failed to clear off the WPS process
ERROR
missing profile name
A profile exists with the same name
Error in allocating memory for profile
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Error from pnacRecvASInfoMessage: "
pnacRecvASInfoMessage: "
pnacRecvASInfoMessage: Bad info
length
Error from pnacLibInit: malloc failed
could not create phy ports lock
missing profile name
missing profile name
Profile name and interface name must be
specified
Profile %s does not exist
Could not set profile %s on the interface
%s
ERROR
ERROR
could not create nodes ports lock
port exists for iface - %s
ERROR
ERROR
ERROR
ERROR
pnacPhyPortCreate failed
kpnacPhyPortCreate failed
ERROR
ERROR
ERROR
ERROR
missing profile name
Profile %s does not exist
ERROR
ERROR
Profile %s does not exist
ERROR
SSID should not be longer than %d
ERROR
invalid argument
pnacAuthConfig: maxAuth limit
reached
pnacAuthConfig: malloc failed
Error from pnacAuthConfig: pAsArg
cannot be NULL
Error from pnacAuthConfig: receive
routine hook "
Profile %s does not exist
Profile %s does not exist
ERROR
ERROR
pnacAuthConfig: pnacAuthInit failed
kpnacPortPaeConfig failed
ERROR
ERROR
Profile %s does not exist
ERROR
ERROR
Profile %s does not exist
ERROR
Profile %s does not exist
ERROR
Profile %s does not exist
SSID not set. SSID is needed to
generate password hash
ERROR
Invalid arguments
Error from pnacSuppConfig: malloc
failed
Error from pnacSuppConfig: receive
routine hook "
Error from pnacSuppConfig:
pnacSuppInit failed
ERROR
Password string too big
ERROR
dot11Malloc failed
ERROR
Profile %s does not exist
Hex string should only have %d hex
chars
ERROR
kpnacPortPaeConfig failed
pnacAuthDeconfig failed: pPortPae
NULL
Error from pnacPhyPortDestroy: port
not configured
pnacPhyPortDestroy: Failed to
deconfigure port
ERROR
dot11Malloc failed
ERROR
Profile %s does not exist
invalid key index %d. key index should
be 0-3.
ERROR
wepKey length incorrect
ERROR
Profile %s does not exist
ERROR
pnacPhyPortParamUnset FAILED
Error from pnacPhyPortCreate: malloc
failed
Error from pnacPhyPortCreate:
pnacPhyPortParamSet"
error from pnacPhyPortCreate: malloc
failed
Error from pnacAuthInit:
pnacPortTimersInit failed
Error from pnacAuthInit:
pnacAuthPAEInit failed
ERROR
ERROR
ERROR
231
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
Invalid Cipher type %d
Profile supports WEP stas,Group cipher
must be WEP
ERROR
Profile %s does not exist
ERROR
Profile %s does not exist
ERROR
Profile %s does not exist
invalid pairwise cipher type %d
ERROR
ERROR
Cipher %s is already in the list.
ERROR
Profile %s does not exist
ERROR
Invalid Cipher type %d
ERROR
Cipher %s not found in the list.
ERROR
Profile %s does not exist
ERROR
Profile %s does not exist
ERROR
Auth method %s is already in the list
ERROR
Profile %s does not exist
ERROR
Auth method %s not found in the list.
ERROR
Profile %s does not exist
ERROR
Profile %s does not exist
ERROR
Profile %s does not exist
invalid type value %d. supported values
are 1,2,3,4
ERROR
Profile %s does not exist
invalid type value %d. supported values
are 1,2,3,4
ERROR
Profile %s does not exist
invalid type value %d. supported values
are 1,2,3,4
ERROR
Profile %s does not exist
invalid type value %d. supported values
are 1,2,3,4
ERROR
Profile %s does not exist
invalid type value %d. supported values
are 1,2,3,4
ERROR
Profile %s does not exist
ERROR: incomplete DB update
information.
ERROR
old values result does not contain 2 rows
sqlite3QueryResGet failed
Error from pnacAuthInit:
pnacAuthKeyTxInit failed
Error from pnacAuthInit:
pnacReauthTimerInit failed
Error from pnacAuthInit:
pnacBackAuthInit failed
Error from pnacAuthInit: pnacCtrlDirInit
failed
Error from pnacAuthInit:
pnacKeyRecvInit failed
Error from pnacSuppInit: malloc failed
Error from pnacSuppInit:
pnacPortTimersInit failed
Error from pnacSuppInit:
pnacKeyRecvInit failed
Error from pnacSuppInit:
pnacSuppKeyTxInit failed
Error from pnacSuppInit:
pnacSuppPAEInit failed
Error from pnacRecvRtn: invalid
arguments
Error from pnacRecvMapi:
unsupported PDU received
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
suppToACSendRtn returned not OK!
Error from pnacBasicPktCreate: malloc
failed
Error from pnacEAPPktCreate: basic
pkt create failed
Error from pnacTxCannedFail: eap pkt
create failed
Error from pnacTxCannedSuccess:
eap pkt create failed
Error from pnacTxReqId: eap pkt
create failed
Error from pnacTxReq: eap pkt create
failed
Error from pnacSendRespToServer:
malloc failed
Error from pnacSendRespToServer:
no AS configured
Error from pnacTxStart: basic pkt
create failed
Error from pnacTxStart: basic pkt
create failed
Error from pnacTxRspId: eap pkt
create failed
Error from pnacTxRspAuth: eap pkt
create failed
Error from pnacEapPktRecord: EAP
packet too"
ERROR
ERROR
ERROR
Error from pnacEapPktRecord: "
from pnacBackAuthTimeout: calling
pnacTxCannedFail
hmac_md5: adpHmacContextCreate
failed
ERROR
ERROR
hmac_md5:adpHmacInit failed
pnacUmiIoctlHandler: invalid cmd: %d
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
232
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
Error in executing DB update handler
ERROR
sqlite3QueryResGet failed
ERROR: incomplete DB update
information.
ERROR
pnacEapRadAuthSend: Invalid
arguments
pnacEapRadAuthSend: failed to
allocate inbuffer
ERROR
pnacXmit : umiIoctl failed[%d]
ERROR
old values result does not contain 2 rows
ERROR
ERROR
sqlite3QueryResGet failed
ERROR
Error in executing DB update handler
ERROR
sqlite3QueryResGet failed.Query:%s
ERROR
sqlite3QueryResGet failed.Query:%s
ERROR
sqlite3QueryResGet failed.Query:%s
ERROR
sqlite3QueryResGet failed.Query:%s
ERROR
startStopVap failed to stop %s
ERROR
Invalid SQLITE operation code - %d
./src/dot11/mgmt/dot11Mgmt.c:1177:
ADP_ERROR (
only delete event expected on
dot11RogueAP.
ERROR
pnacPDUForward: Invalid input
pnacPDUForward: error in getting port
pae information
pnacPDUForward: error allocating
memory
pnacUmiIfMacAddrChange: %s not
configured for 802.1x
pnacUmiIfMacAddrChange: could not
process PDU received"
pnacUmiPhyPortConfig: Invalid config
data
pnacUmiPhyPortConfig: Invalid
backend name specified
pnacUmiPhyPortConfig: could not
create PNAC physical"
pnacUmiAuthConfig: Invalid config
data
pnacUmiAuthConfig: Invalid backend
name specified
ERROR
sqlite3QueryResGet failed
ERROR
unhandled database operation %d
ERROR
sqlite3QueryResGet failed
ERROR
failed to configure WPS on %s
ERROR
sqlite3QueryResGet failed
ERROR
sqlite3QueryResGet failed
ERROR
sqlite3QueryResGet failed
ERROR
sqlite3QueryResGet failed
ERROR
sqlite3QueryResGet failed
no VAP rows returned. expected one
multiple VAP rows returned. expected
one
ERROR
ERROR
unable to create new EAP context.
unable to apply %s profile on the EAP
context.
pnacUmiAuthConfig: could not
configure PNAC PAE "
pnacUmiSuppConfig: Invalid config
data
pnacUmiSuppConfig: Invalid backend
name specified
pnacUmiSuppConfig: %s not
configured for 802.1x
pnacUmiSuppConfig: could not PNAC
port Access"
pnacUmiSuppConfig: Failed to register
user information
pnacPortByMacDeconfig: port not
found
pnacPortByMacDeconfig: port not
found
pnacUmiIfDown: Invalid config data
ERROR
sqlite3QueryResGet failed
ERROR
invalid query result. ncols=%d nrows=%d
ERROR
%s:VAP(%s) create failed
ERROR
sqlite3QueryResGet failed
ERROR
invalid query result. ncols=%d nrows=%d
ERROR
pnacUmiIfDown: Invalid config data
Error from pnacPortDeconfig: port not
configured
pnacUmiIfDown: could not deconfigure port
pnacUmiPhyPortDestroy: Invalid
config data
pnacUmiPhyPortDestroy: Invalid
config data
pnacUmiPhyPortDestroy: Failed to
destroy the port
ERROR
ERROR
ERROR
233
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
Invalid config data
ERROR
Facility: Kernel
Log Message
DNAT: multiple ranges no longer
supported
DNAT: Target size %u wrong for %u
ranges,
Severity
Log Message
Severity
DEBUG
%s: %s%s:%d -> %s:%d %s,
DEBUG
DEBUG
DEBUG
DNAT: wrong table %s, tablename
DNAT: hook mask 0x%x bad,
hook_mask
%s%d: resetting MPPC/MPPE
compressor,
DEBUG
%s%d: wrong offset value: %d,
%s%d: wrong length of match value:
%d,
%s%d: too big offset value: %d,
DEBUG
DEBUG
DEBUG
%s: %s%s:%d %s,
%s: Failed to add WDS MAC: %s, dev>name,
%s: Device already has WDS mac
address attached,
%s: Added WDS MAC: %s, dev>name,
%s: WDS MAC address %s is not
known by this interface,
[madwifi] %s() : Not enough space.,
__FUNCTION__
Returning to chan %d, ieeeChan
%s%d: cannot decode offset value,
%s%d: wrong length code: 0x%X,
%s%d: short packet (len=%d),
__FUNCTION__,
%s%d: bad sequence number: %d,
expected: %d,
%s%d: bad sequence number: %d,
expected: %d,
DEBUG
DEBUG
WEP
AES
DEBUG
DEBUG
DEBUG
AES_CCM
DEBUG
DEBUG
CKIP
DEBUG
DEBUG
TKIP
DEBUG
PPPIOCDETACH file->f_count=%d,
PPP: outbound frame not passed
PPP: VJ decompression error
DEBUG
DEBUG
DEBUG
%s: cannot map channel to mode; freq
%u flags 0x%x,
%s: %s, vap->iv_dev->name, buf
%s: [%s] %s, vap->iv_dev->name,
DEBUG
DEBUG
DEBUG
PPP: inbound frame not passed
DEBUG
PPP: reconstructed packet
DEBUG
PPP: no memory for
DEBUG
missed pkts %u..%u,
%s%d: resetting MPPC/MPPE
compressor,
DEBUG
%s%d: wrong offset value: %d,
%s%d: wrong length of match value:
%d,
DEBUG
DEBUG
%s: [%s] %s, vap->iv_dev->name,
ether_sprintf(mac), buf
[%s:%s] discard %s frame, %s, vap>iv_dev->name,
[%s:%s] discard frame, %s, vap>iv_dev->name,
[%s:%s] discard %s information
element, %s,
[%s:%s] discard information element,
%s,
[%s:%s] discard %s frame, %s, vap>iv_dev->name,
[%s:%s] discard frame, %s, vap>iv_dev->name,
%s%d: too big offset value: %d,
%s%d: cannot decode offset value,
%s%d: wrong length code: 0x%X,
%s%d: short packet (len=%d),
__FUNCTION__,
%s%d: bad sequence number: %d,
expected: %d,
DEBUG
DEBUG
DEBUG
ifmedia_add: null ifm
Adding entry for
ifmedia_set: no match for 0x%x/0x%x,
DEBUG
DEBUG
DEBUG
DEBUG
ifmedia_set: target
DEBUG
DEBUG
ifmedia_set: setting to
DEBUG
DEBUG
DEBUG
DEBUG
234
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Unified Services Router
User Manual
%s%d: bad sequence number: %d,
expected: %d,
DEBUG
PPPIOCDETACH file->f_count=%d,
DEBUG
DEBUG
ifmedia_ioctl: no media found for 0x%x,
ifmedia_ioctl: switching %s to , dev>name
PPP: outbound frame not passed
PPP: VJ decompression error
DEBUG
DEBUG
ifmedia_match: multiple match for
<unknown type>
DEBUG
DEBUG
PPP: inbound frame not passed
PPP: reconstructed packet
PPP: no memory for
missed pkts %u..%u,
DEBUG
DEBUG
DEBUG
DEBUG
desc->ifmt_string
mode %s, desc->ifmt_string
<unknown subtype>
%s, desc->ifmt_string
DEBUG
DEBUG
DEBUG
DEBUG
%s: INC_USE_COUNT, now %d,
__FUNCTION__, mod_use_count \
DEBUG
%s%s, seen_option++ ? , : ,
DEBUG
%s: DEC_USE_COUNT, now %d,
__FUNCTION__, mod_use_count \
DEBUG
%s%s, seen_option++ ? , : ,
DEBUG
PPPOL2TP %s: _fmt,
PPPOL2TP: --> %s, __FUNCTION__)
DEBUG
DEBUG
DEBUG
DEBUG
PPPOL2TP: <-- %s, __FUNCTION__)
DEBUG
%s: recv: , tunnel->name
DEBUG
%s: xmit:, session->name
DEBUG
%s: xmit:, session->name
DEBUG
%s, seen_option ? > :
%s: %s, dev->name, buf
%s: no memory for sysctl table!,
__func__
%s: no memory for VAP name!,
__func__
%s: failed to register sysctls!, vap>iv_dev->name
%s: no memory for new proc entry
(%s)!, __func__,
%s: module use_count is %d,
__FUNCTION__, mod_use_count
DEBUG
%s: 0x%p len %u, tag, p, len
DEBUG
PPPOL2TP %s: _fmt,
PPPOL2TP: --> %s, __FUNCTION__)
PPPOL2TP: <-- %s, __FUNCTION__)
%s: recv: , tunnel->name
DEBUG
DEBUG
DEBUG
DEBUG
%03d:, i
%02x, ((u_int8_t *)p)[i]
first difference at byte %u, i
%s: , t->name
DEBUG
DEBUG
DEBUG
DEBUG
%s: xmit:, session->name
%s: xmit:, session->name
DEBUG
DEBUG
FAIL: ieee80211_crypto_newkey failed
FAIL: ieee80211_crypto_setkey failed
DEBUG
DEBUG
PPPOL2TP %s: _fmt,
PPPOL2TP: --> %s, __FUNCTION__)
PPPOL2TP: <-- %s, __FUNCTION__)
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
%s: recv: , tunnel->name
%s: xmit:, session->name
DEBUG
DEBUG
FAIL: unable to allocate skbuff
FAIL: wep decap failed
FAIL: decap botch; length mismatch
FAIL: decap botch; data does not
compare
FAIL: wep encap failed
%s: xmit:, session->name
IRQ 31 is triggered
[%s:%d] , __func__, __LINE__\
\t[R%s %#0x %#0x 0x%08x%08x],
(status == ERROR ? # : ), page, addr,
(uint32_t)(*pValue >> 32),
(uint32_t)(*pValue & 0xffffffff)
\t[W%s %#0x %#0x 0x%08x%08x],
(status == ERROR ? # : ), page, addr,
(uint32_t)(value >> 32), (uint32_t)(value
& 0xffffffff)
%s: mac_add
%02X:%02X:%02X:%02X:%02X:%02X,
dev->name, addr[0], addr[1], addr[2],
addr[3], addr[4], addr[5]
DEBUG
DEBUG
DEBUG
FAIL: encap data length mismatch
FAIL: encrypt data does not compare
PASS
DEBUG
DEBUG
DEBUG
DEBUG
%u of %u 802.11i WEP test vectors
passed, pass, total
DEBUG
DEBUG
%s: 0x%p len %u, tag, p, len
DEBUG
DEBUG
%03d:, i
DEBUG
235
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Unified Services Router
%s: mac_del
%02X:%02X:%02X:%02X:%02X:%02X,
dev->name, addr[0], addr[1], addr[2],
addr[3], addr[4], addr[5]
%s: mac_kick
%02X:%02X:%02X:%02X:%02X:%02X,
dev->name, addr[0], addr[1], addr[2],
addr[3], addr[4], addr[5]
%s: mac_undefined
%02X:%02X:%02X:%02X:%02X:%02X,
dev->name, addr[0], addr[1], addr[2],
addr[3], addr[4], addr[5]
%s: addr_add
%02X:%02X:%02X:%02X:%02X:%02X,
dev->name, addr[0], addr[1], addr[2],
addr[3], addr[4], addr[5]
%s: addr_del
%02X:%02X:%02X:%02X:%02X:%02X,
dev->name, addr[0], addr[1], addr[2],
addr[3], addr[4], addr[5]
%s: mac_undefined
%02X:%02X:%02X:%02X:%02X:%02X,
dev->name, addr[0], addr[1], addr[2],
addr[3], addr[4], addr[5]
%s: set_float %d;%d,
IRQ 32 is triggered
ip_finish_output2: No header cache and
no neighbour!
User Manual
DEBUG
%02x, ((u_int8_t *)p)[i]
DEBUG
DEBUG
first difference at byte %u, i
DEBUG
DEBUG
%s: , t->name
DEBUG
DEBUG
FAIL: ieee80211_crypto_newkey failed
DEBUG
DEBUG
FAIL: ieee80211_crypto_setkey failed
DEBUG
DEBUG
DEBUG
DEBUG
FAIL: unable to allocate skbuff
FAIL: ccmp encap failed
FAIL: encap data length mismatch
DEBUG
DEBUG
DEBUG
DEBUG
FAIL: encrypt data does not compare
DEBUG
a guy asks for address mask. Who is it?
icmp v4 hw csum failure)
DEBUG
DEBUG
DEBUG
DEBUG
expire>> %u %d %d %d, expire,
expire++ %u %d %d %d, expire,
DEBUG
DEBUG
FAIL: ccmp decap failed
FAIL: decap botch; length mismatch
FAIL: decap botch; data does not
compare
PASS
rt_cache @%02x: %u.%u.%u.%u, hash,
rt_bind_peer(0) @%p,
NET_CALLER(iph)
DEBUG
%u of %u 802.11i AES-CCMP test
vectors passed, pass, total
DEBUG
DEBUG
%s: 0x%p len %u, tag, p, len
DEBUG
ip_rt_advice: redirect to
ip_rt_bug: %u.%u.%u.%u ->
%u.%u.%u.%u, %s,
DEBUG
%03d:, i
DEBUG
DEBUG
%02x, ((u_int8_t *)p)[i]
DEBUG
udp cork app bug 2)
udp cork app bug 3)
udp v4 hw csum failure.)
UDP: short packet: From
%u.%u.%u.%u:%u %d/%d to
%u.%u.%u.%u:%u,
UDP: bad checksum. From
%d.%d.%d.%d:%d to
%d.%d.%d.%d:%d ulen %d,
%s: lookup policy [list] found=%s,
%s: called: [output START],
__FUNCTION__
DEBUG
DEBUG
DEBUG
first difference at byte %u, i
ieee80211_crypto_newkey failed
ieee80211_crypto_setkey failed
DEBUG
DEBUG
DEBUG
DEBUG
unable to allocate skbuff
DEBUG
DEBUG
DEBUG
tkip enmic failed
enmic botch; length mismatch
DEBUG
DEBUG
DEBUG
enmic botch
DEBUG
%s: flow dst=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl4_dst, family)
DEBUG
tkip encap failed
DEBUG
%s: flow src=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl4_src, family)
DEBUG
encrypt phase1 botch
DEBUG
236
DEBUG
DEBUG
Unified Services Router
User Manual
%s: flow dst=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl6_dst, family)
DEBUG
encrypt data length mismatch
DEBUG
%s: flow src=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl6_src, family)
DEBUG
encrypt data does not compare
DEBUG
a guy asks for address mask. Who is it?
icmp v4 hw csum failure)
DEBUG
DEBUG
tkip decap failed
decrypt phase1 botch
DEBUG
DEBUG
expire>> %u %d %d %d, expire,
DEBUG
decrypt data does not compare
DEBUG
expire++ %u %d %d %d, expire,
rt_cache @%02x: %u.%u.%u.%u, hash,
rt_bind_peer(0) @%p,
NET_CALLER(iph)
ip_rt_advice: redirect to
ip_rt_bug: %u.%u.%u.%u ->
%u.%u.%u.%u, %s,
UDP: short packet: From
%u.%u.%u.%u:%u %d/%d to
%u.%u.%u.%u:%u,
UDP: bad checksum. From
%d.%d.%d.%d:%d to
%d.%d.%d.%d:%d ulen %d,
a guy asks for address mask. Who is it?
DEBUG
DEBUG
decap botch; length mismatch
decap botch; data does not compare
DEBUG
DEBUG
DEBUG
DEBUG
tkip demic failed
802.11i TKIP test vectors passed
DEBUG
DEBUG
DEBUG
%s, buf
DEBUG
DEBUG
Atheros HAL assertion failure: %s: line
%u: %s,
DEBUG
DEBUG
DEBUG
ath_hal: logging to %s %s,
ath_hal_logfile,
ath_hal: logging disabled
DEBUG
DEBUG
fib_add_ifaddr: bug: prim == NULL
DEBUG
fib_del_ifaddr: bug: prim == NULL
DEBUG
expire>> %u %d %d %d, expire,
DEBUG
expire++ %u %d %d %d, expire,
rt_cache @%02x: %u.%u.%u.%u, hash,
DEBUG
DEBUG
rt_bind_peer(0) @%p,
%s%s, sep, ath_hal_buildopts[i]
ath_pci: No devices found, driver not
installed.
DEBUG
DEBUG
DEBUG
_fmt, __VA_ARGS__
%s: Warning, using only %u entries in
%u key cache,
%s: TX99 support enabled, dev->name
%s:grppoll Buf allocation failed
,__func__
ip_rt_advice: redirect to
ip_rt_bug: %u.%u.%u.%u ->
%u.%u.%u.%u, %s,
DEBUG
%s: %s: unable to start recv logic,
DEBUG
DEBUG
%s: %s: unable to start recv logic,
DEBUG
%s: lookup policy [list] found=%s,
%s: called: [output START],
__FUNCTION__
DEBUG
%s: no skbuff, __func__
%s: hardware error; resetting, dev>name
DEBUG
%s: flow dst=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl4_dst, family)
%s: flow src=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl4_src, family)
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
%s: rx FIFO overrun; resetting, dev>name
%s: unable to reset hardware: '%s'
(HAL status %u)
%s: flow dst=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl6_dst, family)
DEBUG
%s: unable to start recv logic, dev>name
%s: flow src=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl6_src, family)
a guy asks for address mask. Who is it?
icmp v4 hw csum failure)
DEBUG
DEBUG
DEBUG
expire>> %u %d %d %d, expire,
DEBUG
%s: %s: unable to reset hardware: '%s'
(HAL status %u),
%s: %s: unable to start recv logic,
ath_mgtstart: discard, no xmit buf
%s: [%02u] %-7s , tag, ix, ciphers[hk>kv_type]
expire++ %u %d %d %d, expire,
rt_cache @%02x: %u.%u.%u.%u, hash,
rt_bind_peer(0) @%p,
NET_CALLER(iph)
ip_rt_advice: redirect to
DEBUG
DEBUG
%02x, hk->kv_val[i]
mac %s, ether_sprintf(mac)
DEBUG
DEBUG
DEBUG
DEBUG
%s , sc->sc_splitmic ? mic : rxmic
%02x, hk->kv_mic[i]
DEBUG
DEBUG
DEBUG
237
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Unified Services Router
ip_rt_bug: %u.%u.%u.%u ->
%u.%u.%u.%u, %s,
UDP: short packet: From
%u.%u.%u.%u:%u %d/%d to
%u.%u.%u.%u:%u,
UDP: bad checksum. From
%d.%d.%d.%d:%d to
%d.%d.%d.%d:%d ulen %d,
REJECT: ECHOREPLY no longer
supported.
ipt_rpc: only valid for PRE_ROUTING,
FORWARD, POST_ROUTING,
LOCAL_IN and/or LOCAL_OUT targets.
User Manual
DEBUG
txmic
DEBUG
DEBUG
%02x, hk->kv_txmic[i]
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
move data from NORMAL to XR
moved %d buffers from NORMAL to
XR, index
move buffers from XR to NORMAL
moved %d buffers from XR to
NORMAL, count
%s:%d %s, __FILE__, __LINE__,
__func__
%s:%d %s, __FILE__, __LINE__,
__func__
%s: no buffer (%s), dev->name,
__func__
%s: no skbuff (%s), dev->name,
__func__
%s: HAL qnum %u out of range, max
%u!,
grppoll_start: grppoll Buf allocation
failed
%s: HAL qnum %u out of range, max
%u!,
DEBUG
%s: AC %u out of range, max %u!,
DEBUG
DEBUG
%s: unable to update hardware queue
%s: bogus frame type 0x%x (%s), dev>name,
DEBUG
ath_stoprecv: rx queue 0x%x, link %p,
%s: %s: unable to reset channel %u
(%u MHz)
DEBUG
%s: %s: unable to restart recv logic,
%s: unable to allocate channel table,
dev->name
%s: unable to allocate channel table,
dev->name
%s: unable to collect channel list from
HAL;
R (%p %llx) %08x %08x %08x %08x
%08x %08x %c,
DEBUG
ip_nat_init: can't setup rules.
ip_nat_init: can't register in hook.
DEBUG
DEBUG
ip_nat_init: can't register out hook.
DEBUG
ip_nat_init: can't register adjust in hook.
ip_nat_init: can't register adjust out
hook.
DEBUG
ip_nat_init: can't register local out hook.
DEBUG
ip_nat_init: can't register local in hook.
DEBUG
ipt_hook: happy cracking.
ip_conntrack: can't register pre-routing
defrag hook.
ip_conntrack: can't register local_out
defrag hook.
ip_conntrack: can't register pre-routing
hook.
ip_conntrack: can't register local out
hook.
ip_conntrack: can't register local in
helper hook.
ip_conntrack: can't register postrouting
helper hook.
ip_conntrack: can't register post-routing
hook.
ip_conntrack: can't register local in
hook.
DEBUG
ip_conntrack: can't register to sysctl.
ip_conntrack_rtsp v
IP_NF_RTSP_VERSION loading
ip_conntrack_rtsp: max_outstanding
must be a positive integer
ip_conntrack_rtsp: setup_timeout must
be a positive integer
DEBUG
ip_conntrack_rtsp: ERROR registering
port %d, ports[i]
ip_nat_rtsp v IP_NF_RTSP_VERSION
loading
%s: Sorry! Cannot find this match
option., __FILE__
%s: unable to update h/w beacon
queue parameters,
%s: stuck beacon; resetting (bmiss
count %u),
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
T (%p %llx) %08x %08x %08x %08x
%08x %08x %08x %08x %c,
%s: no memory for sysctl table!,
__func__
%s: no memory for device name
storage!, __func__
238
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Unified Services Router
User Manual
%s: failed to register sysctls!, sc>sc_dev->name
%s: mac %d.%d phy %d.%d, dev>name,
5 GHz radio %d.%d 2 GHz radio
%d.%d,
radio %d.%d, ah->ah_analog5GhzRev
>> 4,
radio %d.%d, ah->ah_analog5GhzRev
>> 4,
ipt_time loading
DEBUG
ipt_time unloaded
ip_conntrack_irc: max_dcc_channels
must be a positive integer
ip_conntrack_irc: ERROR registering
port %d,
ip_nat_h323:
ip_nat_mangle_tcp_packet
ip_nat_h323:
ip_nat_mangle_udp_packet
DEBUG
ip_nat_h323: out of expectations
DEBUG
ip_nat_h323: out of RTP ports
DEBUG
ip_nat_h323: out of TCP ports
DEBUG
ip_nat_q931: out of TCP ports
DEBUG
ip_nat_ras: out of TCP ports
ip_nat_q931: out of TCP ports
DEBUG
DEBUG
ip_conntrack_core: Frag of proto %u.,
DEBUG
Broadcast packet!
DEBUG
Should bcast: %u.%u.%u.%u>%u.%u.%u.%u (sk=%p, ptype=%u),
DEBUG
ip_conntrack version %s (%u buckets,
%d max)
ERROR registering port %d,
netfilter PSD loaded - (c) astaro AG
DEBUG
DEBUG
DEBUG
xlr8NatSoftCtxEnqueue: Calling
xlr8NatIpFinishOutput () .., status
xlr8NatSoftCtxEnqueue:
xlr8NatIpFinishOutput () returned [%d],
status
icmpExceptionHandler: Exception!
fragExceptionHandler: Exception!
netfilter PSD unloaded - (c) astaro AG
%s , SELF
DEBUG
DEBUG
algExceptionHandler: Exception!
dnsExceptionHandler: Exception!
DEBUG
DEBUG
%s , LAN
DEBUG
IPsecExceptionHandler: Exception!
DEBUG
DEBUG
ESP Packet Src:%x Dest:%x Sport:%d
dport:%d secure:%d spi:%d isr:%p,
DEBUG
%s , WAN
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
%s: Use hw queue %u for %s traffic,
%s: Use hw queue %u for CAB traffic,
dev->name,
%s: Use hw queue %u for beacons,
dev->name,
Could not find Board Configuration
Data
Could not find Radio Configuration
data
ath_ahb: No devices found, driver not
installed.
_fmt, __VA_ARGS__
DEBUG
_fmt, __VA_ARGS__
xlr8NatIpFinishOutput: Err.. skb2 ==
NULL !
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
TRUNCATED
SRC=%u.%u.%u.%u
DST=%u.%u.%u.%u ,
LEN=%u TOS=0x%02X
PREC=0x%02X TTL=%u ID=%u ,
FRAG:%u , ntohs(ih->frag_off) &
IP_OFFSET
DEBUG
TRUNCATED
DEBUG
PROTO=TCP
DEBUG
xlr8NatConntrackPreHook: We found
the valid context,
xlr8NatConntrackPreHook: Not a
secured packet.
xlr8NatConntrackPreHook: isr=[%p],
pIsr
xlr8NatConntrackPreHook:
secure=[%d], secure
Context found for ESP %p,pFlowEntry>post.pIsr[0]
xlr8NatConntrackPreHook: New
connection.
INCOMPLETE [%u bytes] ,
DEBUG
xlr8NatConntrackPostHook:
postSecure=[%d] postIsr=[%p %p],
DEBUG
SPT=%u DPT=%u ,
SEQ=%u ACK=%u ,
DEBUG
DEBUG
proto %d spi %d <-------> proto %d spi
%d,pPktInfo->proto,pPktInfo->spi,
IPSEC_INF Clock skew detected
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
239
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Unified Services Router
User Manual
WINDOW=%u , ntohs(th->window)
RES=0x%02x ,
(u8)(ntohl(tcp_flag_word(th) &
TCP_RESERVED_BITS) >> 22)
URGP=%u , ntohs(th->urg_ptr)
DEBUG
TRUNCATED
DEBUG
%02X, op[i]
DEBUG
PROTO=UDP
DEBUG
INCOMPLETE [%u bytes] ,
DEBUG
SPT=%u DPT=%u LEN=%u ,
DEBUG
SPT=%u DPT=%u LEN=%u ,
PROTO=ICMP
DEBUG
DEBUG
INCOMPLETE [%u bytes] ,
TYPE=%u CODE=%u , ich->type, ich>code
DEBUG
INCOMPLETE [%u bytes] ,
ID=%u SEQ=%u ,
PARAMETER=%u ,
GATEWAY=%u.%u.%u.%u ,
MTU=%u , ntohs(ich->un.frag.mtu)
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
PROTO=AH
DEBUG
INCOMPLETE [%u bytes] ,
DEBUG
SPI=0x%x , ntohl(ah->spi)
DEBUG
PROTO=ESP
DEBUG
INCOMPLETE [%u bytes] ,
SPI=0x%x , ntohl(eh->spi)
DEBUG
DEBUG
PROTO=%u , ih->protocol
UID=%u , skb->sk->sk_socket->file>f_uid
<%d>%sIN=%s OUT=%s , loginfo>u.log.level,
level_string
DEBUG
%sIN=%s OUT=%s ,
%s , prefix == NULL ? loginfo->prefix :
prefix
DEBUG
IN=
OUT=
PHYSIN=%s , physindev->name
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
IPSEC_ERR [%s:%d]: Max (%d) No of
SA Limit reached,
IPSEC_ERR [%s:%d]: Max (%d) No of
SA Limit reached,
IPSEC_ERR [%s:%d]: time(secs): %u
ERROR: Failed to add entry to IPsec
sa table
ERROR: Failed to add entry to IPsec
sa table
ERROR: Failed to add entry to IPsec
sa table
ERROR: Failed to add entry to IPsec
sa table
ERROR: Failed to add entry to IPsec
sa table
ERROR: Failed to add entry to IPsec
sa table
unknown oid '%s', varName
could not find oid pointer for '%s',
varName
unRegistering IPsecMib .....
ERROR: Failed to add entry to
sa table
ERROR: Failed to add entry to
sa table
ERROR: Failed to add entry to
sa table
ERROR: Failed to add entry to
sa table
ERROR: Failed to add entry to
sa table
ERROR: Failed to add entry to
sa table
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
IPsec
DEBUG
IPsec
DEBUG
IPsec
DEBUG
IPsec
DEBUG
IPsec
DEBUG
IPsec
DEBUG
unknown oid '%s', varName
could not find oid pointer for '%s',
varName
DEBUG
unRegistering IPsecMib .....
. %u.%u.%u.%u, NIPQUAD(trt>rt_dst)
%02x, *p
. %u.%u.%u.%u, NIPQUAD(trt>rt_dst)
DEBUG
%02x, *p
. %u.%u.%u.%u, NIPQUAD(trt>rt_dst)
%02x, *p
. %u.%u.%u.%u, NIPQUAD(trt>rt_dst)
DEBUG
%02x, *p
unable to register vIPsec kernel comp
to UMI
unregistering VIPSECK from UMI ....
in vIPsecKIoctlHandler cmd - %d, cmd
DEBUG
240
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
Unified Services Router
User Manual
PHYSOUT=%s , physoutdev->name
DEBUG
MAC=
DEBUG
%02x%c, *p,
DEBUG
NAT: no longer support implicit source
local NAT
NAT: packet src %u.%u.%u.%u -> dst
%u.%u.%u.%u,
SNAT: multiple ranges no longer
supported
format,##args)
DEBUG
DEBUG
DEBUG
DEBUG
version
offset_before=%d, offset_after=%d,
correction_pos=%u, x->offset_before, x>offset_after, x->correction_pos
DEBUG
ip_ct_h323:
DEBUG
DEBUG
%s: Error. DST Refcount value less
than 1 (%d),
for %s DEVICE refcnt: %d ,pDst>dev->name,
%s: Got Null m:%p *m:%p sa:%p
*sa:%p,__func__,ppBufMgr,
%s Got Deleted SA:%p
state:%d,__func__,pIPsecInfo,pIPsecIn
fo->state
%s: %s: fmt, __FILE__,
__FUNCTION__ , ## args)
%s: %s: fmt, __FILE__,
__FUNCTION__ , ## args)
ipt_TIME: format, ## args)
IPT_ACCOUNT_NAME : checkentry()
wrong parameters (not equals existing
table parameters).
IPT_ACCOUNT_NAME : checkentry()
too big netmask.
IPT_ACCOUNT_NAME : checkentry()
failed to allocate %zu for new table
%s., sizeof(struct t_ipt_account_table),
info->name
DEBUG
DEBUG
DEBUG
DEBUG
INFO
INFO
INFO
INFO
INFO
INFO
ip_ct_h323: incomplete TPKT
(fragmented?)
DEBUG
ip_ct_h245: decoding error: %s,
DEBUG
IPT_ACCOUNT_NAME : checkentry()
wrong network/netmask.
account: Wrong netmask given by
netmask parameter (%i). Valid is 32 to
0., netmask
DEBUG
IPT_ACCOUNT_NAME : checkentry()
failed to create procfs entry.
INFO
ip_ct_q931: decoding error: %s,
ip_ct_q931: packet dropped
DEBUG
DEBUG
IPT_ACCOUNT_NAME : checkentry()
failed to register match.
failed to create procfs entry .
INFO
INFO
ip_ct_ras: decoding error: %s,
DEBUG
MPPE/MPPC encryption/compression
module registered
INFO
ip_ct_ras: packet dropped
DEBUG
ERROR registering port %d,
DEBUG
MPPE/MPPC encryption/compression
module unregistered
PPP generic driver version
PPP_VERSION
ERROR registering port %d,
ipt_connlimit [%d]:
src=%u.%u.%u.%u:%d
dst=%u.%u.%u.%u:%d %s,
ipt_connlimit [%d]:
src=%u.%u.%u.%u:%d
dst=%u.%u.%u.%u:%d new,
DEBUG
MPPE/MPPC encryption/compression
module registered
INFO
DEBUG
MPPE/MPPC encryption/compression
module unregistered
INFO
DEBUG
PPP generic driver version
PPP_VERSION
INFO
ipt_connlimit: Oops: invalid ct state ?
ipt_connlimit: Hmm, kmalloc failed :-(
ipt_connlimit: src=%u.%u.%u.%u
mask=%u.%u.%u.%u
_lvl PPPOL2TP: _fmt, ##args
DEBUG
DEBUG
PPPoL2TP kernel driver, %s,
PPPoL2TP kernel driver, %s,
INFO
INFO
DEBUG
DEBUG
PPPoL2TP kernel driver, %s,
failed to create procfs entry .
INFO
INFO
%02X, ptr[length]
%02X, ((unsigned char *) m -
DEBUG
DEBUG
proc dir not created ..
Initialzing Product Data modules
INFO
INFO
ip_ct_h245: packet dropped
241
INFO
INFO
INFO
INFO
Unified Services Router
User Manual
>msg_iov[i].iov_base)[j]
%02X, skb->data[i]
_lvl PPPOL2TP: _fmt, ##args
%02X, ptr[length]
%02X, ((unsigned char *) m >msg_iov[i].iov_base)[j]
DEBUG
DEBUG
DEBUG
De initializing by \
kernel UMI module loaded
kernel UMI module unloaded
INFO
INFO
INFO
DEBUG
Loading bridge module
INFO
%02X, skb->data[i]
_lvl PPPOL2TP: _fmt, ##args
%02X, ptr[length]
%02X, ((unsigned char *) m >msg_iov[i].iov_base)[j]
DEBUG
DEBUG
DEBUG
Unloading bridge module
unsupported command %d, cmd
Loading ifDev module
INFO
INFO
INFO
DEBUG
INFO
%02X, skb->data[i]
KERN_EMERG THE value read is
%d,value*/
KERN_EMERG Factory Reset button is
pressed
DEBUG
Unloading ifDev module
ERROR#%d in alloc_chrdev_region,
result
DEBUG
ERROR#%d in cdev_add, result
INFO
DEBUG
using bcm switch %s, bcmswitch
INFO
DEBUG
privlegedID %d wanporttNo: %d,
privlegedID,wanportNo
INFO
DEBUG
Loading mii
INFO
DEBUG
Unloading mii
INFO
DEBUG
DEBUG
INFO
INFO
KERN_EMERG Returing error in INTR
registration
KERN_EMERG Initialzing Factory
defaults modules
Failed to allocate memory for
pSipListNode
SIPALG: Memeory allocation failed for
pSipNodeEntryTbl
pkt-err %s, pktInfo.error
INFO
pkt-err %s, pktInfo.error
pkt-err %s, pktInfo.error
DEBUG
DEBUG
%s Len=%d, msg, len
DEBUG
%02x , ((uint8_t *) ptr)[i]
DEBUG
%s: Version 0.1
%s: driver unloaded, dev_info
wlan: %s backend registered, be>iab_name
wlan: %s backend unregistered,
wlan: %s acl policy registered, iac>iac_name
wlan: %s acl policy unregistered, iac>iac_name
End
CVM_MOD_EXP_BASE MISMATCH
cmd=%x base=%x, cmd,
DEBUG
%s, tmpbuf
INFO
DEBUG
VLAN2
INFO
op->sizeofptr = %ld, op->sizeofptr
opcode cmd = %x, cmd
DEBUG
DEBUG
VLAN3
VLAN4 <%d %d>,
INFO
INFO
modexp opcode received
Memory Allocation failed
modexpcrt opcode received
kmalloc failed
DEBUG
DEBUG
DEBUG
DEBUG
%s: %s, dev_info, version
%s: driver unloaded, dev_info
%s, buf
%s: %s (, dev_info, ath_hal_version
INFO
INFO
INFO
INFO
kmalloc failed
DEBUG
INFO
kmalloc failed
kmalloc failed
kmalloc Failed
kmalloc failed
unknown cyrpto ioctl cmd received %x,
cmd
DEBUG
DEBUG
DEBUG
DEBUG
%s: driver unloaded, dev_info
%s: %s: mem=0x%lx, irq=%d
hw_base=0x%p,
%s: %s, dev_info, version
%s: driver unloaded, dev_info
%s: %s: mem=0x%lx, irq=%d,
DEBUG
%s: %s: mem=0x%lx, irq=%d,
INFO
register_chrdev returned ZERO
DEBUG
%s: %s, dev_info, version
INFO
const char *descr, krb5_keyblock *k) {
F password, &pdata
DEBUG
DEBUG
%s: driver unloaded, dev_info
%s, buf
INFO
INFO
242
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
Unified Services Router
User Manual
test key, key
DEBUG
%s: %s (, dev_info, ath_hal_version
INFO
pre-hashed key, key
const char *descr, krb5_keyblock *k) {
AES 128-bit key, &key
const char *descr, krb5_keyblock *k) {
DEBUG
DEBUG
DEBUG
DEBUG
%s: driver unloaded, dev_info
%s: driver unloaded, dev_info
%s: Version 2.0.0
%s: driver unloaded, dev_info
INFO
INFO
INFO
INFO
test key, key
DEBUG
INFO
pre-hashed key, key
const char *descr, krb5_keyblock *k) {
DEBUG
DEBUG
128-bit AES key,&dk
DEBUG
256-bit AES key, &dk
WARNING:
bwMonMultipathNxtHopSelect::
checking rates
hop :%d dev:%s usableBwLimit = %d
currBwShare = %d lastHopSelected =
%d weightedHopPrefer = %d ,
DEBUG
DEBUG
%s: driver unloaded, dev_info
wlan: %s backend registered, be>iab_name
wlan: %s backend unregistered,
wlan: %s acl policy registered, iac>iac_name
wlan: %s acl policy unregistered, iac>iac_name
%s: %s, dev_info, version
DEBUG
%s: driver unloaded, dev_info
INFO
DEBUG
%s: %s (, dev_info, ath_hal_version
INFO
DEBUG
%s: driver unloaded, dev_info
INFO
DEBUG
%s: %s: mem=0x%lx, irq=%d,
INFO
2. selecting hop: %d lastHopSelected =
%d , selHop, lastHopSelected
DEBUG
%s: %s, dev_info, version
INFO
3. selecting hop: %d lastHopSelected =
%d , selHop, lastHopSelected
1. selecting hop: %d lastHopSelected =
%d , selHop, lastHopSelected
4. hop :%d dev:%s usableBwLimit = %d
currBwShare = %d lastHopSelected =
%d weightedHopPrefer = %d ,
INFO
INFO
INFO
INFO
INFO
DEBUG
%s: driver unloaded, dev_info
INFO
bwMonitor multipath selection enabled
bwMonitor multipath selection disabled
weightedHopPrefer set to %d
,weightedHopPrefer
bwMonitor sysctl registration failed
DEBUG
DEBUG
ath_pci: switching rfkill capability %s,
Unknown autocreate mode: %s,
INFO
INFO
DEBUG
DEBUG
%s: %s: mem=0x%lx, irq=%d,
%s: %s, dev_info, version
INFO
INFO
bwMonitor sysctl registered
bwMonitor sysctl not registered
Unregistered bwMonitor sysctl
CONFIG_SYSCTL enabled ...
DEBUG
DEBUG
DEBUG
DEBUG
%s: driver unloaded, dev_info
%s: %s, dev_info, version
%s: unloaded, dev_info
%s: %s, dev_info, version
INFO
INFO
INFO
INFO
Initialized bandwidth monitor ...
Removed bandwidth monitor ...
Oops.. AES_GCM_encrypt failed
(keylen:%u),key->cvm_keylen
Oops.. AES_GCM_decrypt failed
(keylen:%u),key->cvm_keylen
DEBUG
DEBUG
%s: unloaded, dev_info
%s: %s, dev_info, version
INFO
INFO
DEBUG
%s: unloaded, dev_info
INFO
DEBUG
failed to create procfs entry .
INFO
%s, msg
%02x%s, data[i],
DEBUG
DEBUG
INFO
INFO
Failed to set AES encrypt key
DEBUG
Failed to set AES encrypt key
DEBUG
ICMP: %u.%u.%u.%u:
ICMP: %u.%u.%u.%u: Source
Wrong address mask %u.%u.%u.%u
from
Redirect from %u.%u.%u.%u on %s
about
AES %s Encrypt Test Duration: %d:%d,
hard ? Hard : Soft,
DEBUG
Failed to set AES encrypt key
DEBUG
IP: routing cache hash table of %u
buckets, %ldKbytes,
source route option %u.%u.%u.%u ->
%u.%u.%u.%u,
243
INFO
INFO
INFO
INFO
Unified Services Router
User Manual
Failed to set AES encrypt key
AES %s Decrypt Test Duration: %d:%d,
hard ? Hard : Soft,
DEBUG
ICMP: %u.%u.%u.%u:
INFO
DEBUG
INFO
Failed to set AES encrypt key
DEBUG
Failed to set AES encrypt key
DEBUG
ICMP: %u.%u.%u.%u: Source
Wrong address mask %u.%u.%u.%u
from
Redirect from %u.%u.%u.%u on %s
about
Failed to set AES encrypt key
DEBUG
Failed to set AES encrypt key
DEBUG
Failed to set DES encrypt key[%d], i
DEBUG
Failed to set DES decrypt key[%d], i
Failed to set DES encrypt key[%d], i
DEBUG
DEBUG
Failed to set DES decrypt key[%d], i
Failed to set DES encrypt key
DEBUG
DEBUG
Failed to set DES decrypt key
DEBUG
Failed to set DES encrypt key
DEBUG
IP: routing cache hash table of %u
buckets, %ldKbytes,
source route option %u.%u.%u.%u ->
%u.%u.%u.%u,
Wrong address mask %u.%u.%u.%u
from
Redirect from %u.%u.%u.%u on %s
about
source route option
ICMP: %u.%u.%u.%u:
ICMP: %u.%u.%u.%u: Source
Wrong address mask %u.%u.%u.%u
from
Redirect from %u.%u.%u.%u on %s
about
DEBUG
DEBUG
IP: routing cache hash table of %u
buckets, %ldKbytes,
source route option %u.%u.%u.%u ->
%u.%u.%u.%u,
IPsec: device unregistering: %s, dev>name
IPsec: device down: %s, dev->name
DEBUG
mark: only supports 32bit mark
3DES Software Test:
3DES Software Test %s,
des3SoftTest(0) ? Failed : Passed
DEBUG
ipt_time: invalid argument
DEBUG
ipt_time: IPT_DAY didn't matched
3DES Hardware Test:
3DES Hardware Test %s,
des3HardTest(0) ? Failed : Passed
DEBUG
./Logs_kernel.txt:45:KERN_WARNING
DEBUG
DES Software Test:
DES Software Test %s, desSoftTest(0)
? Failed : Passed
DEBUG
DES Hardware Test:
DES Hardware Test %s,
desHardTest(0) ? Failed : Passed
DEBUG
./Logs_kernel.txt:59:KERN_WARNING
ipt_LOG: not logging via system
console
%s: wrong options length: %u, fname,
opt_len
%s: options rejected: o[0]=%02x,
o[1]=%02x,
SHA Software Test:
SHA Software Test %s, shaSoftTest(0)
? Failed : Passed
DEBUG
SHA Hardware Test:
SHA Hardware Test %s,
shaHardTest(0) ? Failed : Passed
DEBUG
DEBUG
%s: don't know what to do: o[5]=%02x,
%s: wrong options length: %u, fname,
opt_len
%s: options rejected: o[0]=%02x,
o[1]=%02x,
MD5 Software Test:
DEBUG
%s: wrong options length: %u,
Failed to set DES decrypt key
DEBUG
AES Software Test:
AES Software Test %s, aesSoftTest(0)
? Failed : Passed
AES Hardware Test:
AES Hardware Test %s,
aesHardTest(0) ? Failed : Passed
DEBUG
DEBUG
DEBUG
DEBUG
%s: wrong options length: %u,
%s: options rejected: o[0]=%02x,
o[1]=%02x,
244
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
Unified Services Router
MD5 Software Test %s, md5SoftTest(0)
? Failed : Passed
User Manual
DEBUG
%s: options rejected: o[0]=%02x,
o[1]=%02x,
MD5 Hardware Test:
MD5 Hardware Test %s,
md5HardTest(0) ? Failed : Passed
DEBUG
DEBUG
%s: don't know what to do: o[5]=%02x,
*** New port %d ***, ntohs(expinfo>natport)
AES Software Test: %d iterations, iter
DEBUG
** skb len %d, dlen %d,(*pskb)->len,
AES Software Test Duration: %d:%d,
DEBUG
********** Non linear skb
AES Hardware Test: %d iterations, iter
DEBUG
End of sdp %p, nexthdr
AES Hardware Test Duration: %d:%d,
DEBUG
%s: unknown pairwise cipher %d,
3DES Software Test: %d iterations, iter
DEBUG
%s: unknown group cipher %d,
3DES Software Test Duration: %d:%d,
DEBUG
%s: unknown SIOCSIWAUTH flag %d,
3DES Hardware Test: %d iterations, iter
DEBUG
%s: unknown SIOCGIWAUTH flag %d,
3DES Hardware Test Duration: %d:%d,
DEBUG
%s: unknown algorithm %d,
DES Software Test: %d iterations, iter
DEBUG
%s: key size %d is too large,
DES Software Test Duration: %d:%d,
DEBUG
try_module_get failed
DES Hardware Test: %d iterations, iter
DEBUG
%s: request_irq failed, dev->name
DES Hardware Test Duration: %d:%d,
DEBUG
try_module_get failed
SHA Software Test: %d iterations, iter
DEBUG
try_module_get failed
SHA Software Test Duration: %d:%d,
DEBUG
%s: unknown pairwise cipher %d,
SHA Hardware Test: %d iterations, iter
DEBUG
%s: unknown group cipher %d,
SHA Hardware Test Duration: %d:%d,
DEBUG
%s: unknown SIOCSIWAUTH flag %d,
MD5 Software Test: %d iterations, iter
DEBUG
%s: unknown SIOCGIWAUTH flag %d,
MD5 Software Test Duration: %d:%d,
DEBUG
%s: unknown algorithm %d,
MD5 Hardware Test: %d iterations, iter
DEBUG
MD5 Hardware Test Duration: %d:%d,
DEBUG
%s: key size %d is too large,
unable to load %s,
scan_modnames[mode]
./pnac/src/pnac/linux/kernel/xcalibur.c:2
09:#define DEBUG_PRINTK printk
DEBUG
Failed to mkdir /proc/net/madwifi
bcmDeviceInit: registration failed
DEBUG
try_module_get failed
bcmDeviceInit: pCdev Add failed
DEBUG
REG Size == 8 Bit
Value = %x ::: At Page = %x : Addr =
%x
DEBUG
%s: request_irq failed, dev->name
too many virtual ap's (already got %d),
sc->sc_nvaps
REG Size == 16 Bit
DEBUG
DEBUG
\
\
%s: request_irq failed, dev->name
rix %u (%u) bad ratekbps %u mode
%u,
245
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
Unified Services Router
Value = %x ::: At Page = %x : Addr =
%x
REG Size == 32 Bit
Value = %x ::: At Page = %x : Addr =
%x
User Manual
DEBUG
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
DEBUG
%s: no rates for %s?,
no rates yet! mode %u, sc>sc_curmode
DEBUG
%u.%u.%u.%u sent an invalid ICMP
REG Size is not in 8/16/32/64
Written Value = %x ::: At Page = %x :
Addr = %x
DEBUG
dst cache overflow
DEBUG
Neighbour table overflow.
bcm_ioctl :Unknown Ioctl Case :
DEBUG
host %u.%u.%u.%u/if%d ignores
DEBUG
martian destination %u.%u.%u.%u
from
DEBUG
martian source %u.%u.%u.%u from
DEBUG
ll header:
DEBUG
%u.%u.%u.%u sent an invalid ICMP
DEBUG
dst cache overflow
DEBUG
Neighbour table overflow.
DEBUG
host %u.%u.%u.%u/if%d ignores
DEBUG
martian destination %u.%u.%u.%u
from
DEBUG
martian source %u.%u.%u.%u from
Cannot Set Rate: %x, value
Getting Rate Series: %x,vap>iv_fixed_rate.series
Getting Retry Series: %x,vap>iv_fixed_rate.retries
DEBUG
ll header:
DEBUG
%u.%u.%u.%u sent an invalid ICMP
DEBUG
dst cache overflow
IC Name: %s,ic->ic_dev->name
DEBUG
Neighbour table overflow.
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
usage: rtparams rt_idx <0|1> per
<0..100> probe_intval <0..100>
DEBUG
host %u.%u.%u.%u/if%d ignores
WARNIN
G
DEBUG
martian source %u.%u.%u.%u from
DEBUG
REG Size == 64 Bit
=========Register Dump for Port
Number # %d=========,port
%s : Read Status=%s
data=%#x,regName[j],
%s : Read Status=%s
data=%#x,regName[j],
powerDeviceInit: device registration
failed
powerDeviceInit: adding device failed
%s: Error: Big jump in pn number.
TID=%d, from %x %x to %x %x.
%s: The MIC is corrupted. Drop this
frame., __func__
%s: The MIC is OK. Still use this frame
and update PN., __func__
ADDBA send failed: recipient is not a
11n node
usage: acparams ac <0|3> RTS <0|1>
aggr scaling <0..4> min mbps <0..250>
usage: hbrparams ac <2> enable <0|1>
per_low <0..50>
DEBUG
cix %u (%u) bad ratekbps %u mode
%u,
%s(): ADDBA mode is AUTO, __func__
DEBUG
ll header:
martian destination %u.%u.%u.%u
from
%s(): Invalid TID value, __func__
DEBUG
%u.%u.%u.%u sent an invalid ICMP
%s(): ADDBA mode is AUTO, __func__
DEBUG
dst cache overflow
%s(): Invalid TID value, __func__
DEBUG
Neighbour table overflow.
%s(): Invalid TID value, __func__
Addba status IDLE
DEBUG
DEBUG
host %u.%u.%u.%u/if%d ignores
martian destination %u.%u.%u.%u
246
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
G
WARNIN
Unified Services Router
User Manual
from
G
WARNIN
G
WARNIN
G
ERROR
%s(): ADDBA mode is AUTO, __func__
DEBUG
martian source %u.%u.%u.%u from
%s(): Invalid TID value, __func__
Error in ADD- no node available
%s(): Channel capabilities do not match,
chan flags 0x%x,
%s: cannot map channel to mode; freq
%u flags 0x%x,
DEBUG
DEBUG
ll header:
Unable to create ip_set_list
DEBUG
ERROR
ic_get_currentCountry not initialized yet
Country ie is %c%c%c,
%s: wrong state transition from %d to
%d,
%s: wrong state transition from %d to
%d,
%s: wrong state transition from %d to
%d,
%s: wrong state transition from %d to
%d,
DEBUG
DEBUG
Unable to create ip_set_hash
ip_conntrack_in: Frag of proto %u
(hook=%u),
Unable to register netfilter socket
option
Unable to create ip_conntrack_hash
Unable to create ip_conntrack slab
cache
Unable to create ip_expect slab cache
Unable to create ip_set_iptreeb slab
cache
Unable to create ip_set_iptreed slab
cache
ERROR
%s: wrong state transition from %d to
%d,
%s: wrong state transition from %d to
%d,
ieee80211_deliver_l2uf: no buf available
%s: %s, vap->iv_dev->name, buf /*
NB: no */
%s: [%s] %s, vap->iv_dev->name,
%s: [%s] %s, vap->iv_dev->name,
ether_sprintf(mac), buf
[%s:%s] discard %s frame, %s, vap>iv_dev->name,
[%s:%s] discard frame, %s, vap>iv_dev->name,
[%s:%s] discard %s information
element, %s,
[%s:%s] discard information element,
%s,
[%s:%s] discard %s frame, %s, vap>iv_dev->name,
[%s:%s] discard frame, %s, vap>iv_dev->name,
HBR list
dumpNode\tAddress\t\t\tState\tTrigger\t
Block
Nodes
informationAddress\t\t\tBlock\t\tDroped
VI frames
%d\t
%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2
x\t%s\t%s\t%s,
%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2
x\t%s\t\t%d,
[%d]\tFunction\t%s, j, ni>node_trace[i].funcp
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
%s: cannot allocate space for
%scompressor, fname,
%s: cannot allocate space for MPPC
history,
%s: cannot allocate space for MPPC
history,
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
DEBUG
%s: cannot load ARC4 module, fname
%s: cannot load SHA1 module, fname
%s: CryptoAPI SHA1 digest size too
small, fname
%s: cannot allocate space for SHA1
digest, fname
DEBUG
%s%d: trying to write outside history
ERROR
DEBUG
%s%d: trying to write outside history
ERROR
DEBUG
ERROR
DEBUG
%s%d: trying to write outside history
%s%d: too big uncompressed packet:
%d,
%s%d: encryption negotiated but not
an
DEBUG
%s%d: error - not an MPPC or MPPE
frame
ERROR
DEBUG
Kernel doesn't provide ARC4 and/or
SHA1 algorithms
ERROR
DEBUG
PPP: not interface or channel??
ERROR
DEBUG
PPP: no memory (VJ compressor)
ERROR
DEBUG
failed to register PPP device (%d), err
ERROR
DEBUG
DEBUG
247
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
[%d]\tMacAddr\t%s, j,
[%d]\tDescp\t\t%s, j, ni>node_trace[i].descp
[%d]\tValue\t\t%llu(0x%llx), j, ni>node_trace[i].value,
ifmedia_add: null ifm
DEBUG
PPP: no memory (VJ comp pkt)
ERROR
DEBUG
PPP: no memory (comp pkt)
ERROR
DEBUG
DEBUG
ppp: compressor dropped pkt
PPP: no memory (fragment)
ERROR
ERROR
Adding entry for
ifmedia_set: no match for 0x%x/0x%x,
DEBUG
DEBUG
ERROR
ERROR
ifmedia_set: target
DEBUG
PPP: VJ uncompressed error
ppp_decompress_frame: no memory
ppp_mp_reconstruct bad seq %u <
%u,
ifmedia_set: setting to
ifmedia_ioctl: switching %s to , dev>name
DEBUG
PPP: couldn't register device %s (%d),
ppp: destroying ppp struct %p but
dead=%d
ERROR
ifmedia_match: multiple match for
DEBUG
ERROR
<unknown type>
desc->ifmt_string
DEBUG
DEBUG
ppp: destroying undead channel %p !,
PPP: removing module but units
remain!
PPP: failed to unregister PPP device
mode %s, desc->ifmt_string
DEBUG
<unknown subtype>
DEBUG
%s, desc->ifmt_string
%s%s, seen_option++ ? , : ,
DEBUG
DEBUG
%s%s, seen_option++ ? , : ,
DEBUG
%s, seen_option ? > :
DEBUG
%s: %s, dev->name, buf
%s: no memory for sysctl table!,
__func__
%s: failed to register sysctls!, vap>iv_dev->name
Atheros HAL assertion failure: %s: line
%u: %s,
ath_hal: logging to %s %s,
ath_hal_logfile,
ath_hal: logging disabled
DEBUG
%s%s, sep, ath_hal_buildopts[i]
ath_pci: No devices found, driver not
installed.
DEBUG
DEBUG
%s: cannot allocate space for
%scompressor, fname,
%s: cannot allocate space for MPPC
history,
%s: cannot allocate space for MPPC
history,
%s: cannot load ARC4 module, fname
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
DEBUG
%s: cannot load SHA1 module, fname
%s: CryptoAPI SHA1 digest size too
small, fname
%s: cannot allocate space for SHA1
digest, fname
DEBUG
%s%d: trying to write outside history
ERROR
DEBUG
%s%d: trying to write outside history
ERROR
DEBUG
ERROR
DEBUG
%s%d: trying to write outside history
%s%d: too big uncompressed packet:
%d,
%s%d: encryption negotiated but not
an
%s%d: error - not an MPPC or MPPE
frame
Kernel doesn't provide ARC4 and/or
SHA1 algorithms
---:%d pri:%d qd:%u ad:%u sd:%u
tot:%u amp:%d %02x:%02x:%02x,
DEBUG
PPP: not interface or channel??
ERROR
SC Pushbutton Notify on %s::%s,dev>name,vap->iv_dev->name
Could not find Board Configuration Data
DEBUG
DEBUG
PPP: no memory (VJ compressor)
failed to register PPP device (%d), err
ERROR
ERROR
Could not find Radio Configuration data
%s: No device, __func__
ath_ahb: No devices found, driver not
installed.
PKTLOG_TAG %s:proc_dointvec failed,
__FUNCTION__
DEBUG
DEBUG
PPP: no memory (comp pkt)
ppp: compressor dropped pkt
ERROR
ERROR
DEBUG
PPP: no memory (VJ comp pkt)
ERROR
DEBUG
PPP: no memory (comp pkt)
ERROR
PKTLOG_TAG %s:proc_dointvec failed,
DEBUG
PPP: no memory (fragment)
ERROR
DEBUG
248
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
__FUNCTION__
%s: failed to register sysctls!,
proc_name
PKTLOG_TAG %s: proc_mkdir failed,
__FUNCTION__
PKTLOG_TAG %s: pktlog_attach failed
for %s,
PKTLOG_TAG %s:allocation failed for
pl_info, __FUNCTION__
PKTLOG_TAG %s:allocation failed for
pl_info, __FUNCTION__
PKTLOG_TAG %s: create_proc_entry
failed for %s,
PKTLOG_TAG %s: sysctl register failed
for %s,
PKTLOG_TAG %s: page fault out of
range, __FUNCTION__
PKTLOG_TAG %s: page fault out of
range, __FUNCTION__
PKTLOG_TAG %s: Log buffer
unavailable, __FUNCTION__
DEBUG
PPP: VJ uncompressed error
ERROR
DEBUG
ppp_decompress_frame: no memory
ppp_mp_reconstruct bad seq %u <
%u,
ERROR
PPP: couldn't register device %s (%d),
ppp: destroying ppp struct %p but
dead=%d
ERROR
ERROR
DEBUG
ppp: destroying undead channel %p !,
PPP: removing module but units
remain!
DEBUG
PPP: failed to unregister PPP device
ERROR
DEBUG
JBD: bad block at offset %u,
ERROR
DEBUG
DEBUG
DEBUG
DEBUG
ERROR
ERROR
ERROR
DEBUG
JBD: corrupted journal superblock
ERROR
PKTLOG_TAG
Logging should be disabled before
changing bufer size
%s:allocation failed for pl_info, __func__
DEBUG
JBD: bad block at offset %u,
ERROR
DEBUG
DEBUG
JBD: Failed to read block at offset %u,
JBD: error %d scanning journal, err
ERROR
ERROR
%s: Unable to allocate buffer, __func__
%s:allocation failed for pl_info, __func__
%s: Unable to allocate buffer, __func__
Atheros HAL assertion failure: %s: line
%u: %s,
ath_hal: logging to %s %s,
ath_hal_logfile,
DEBUG
DEBUG
DEBUG
JBD: IO error %d recovering block
./Logs_kernel.txt:303:KERN_ERR
./Logs_kernel.txt:304:KERN_ERR
ERROR
ERROR
ERROR
DEBUG
JBD: recovery pass %d ended at
ERROR
DEBUG
%s: %s:%d: BAD SESSION MAGIC \
ERROR
ath_hal: logging disabled
DEBUG
%s: %s:%d: BAD TUNNEL MAGIC \
ERROR
%s%s, sep, ath_hal_buildopts[i]
failed to allocate rx descriptors: %d,
error
DEBUG
DEBUG
msg->msg_namelen wrong, %d, msg>msg_namelen
addr family wrong: %d, usin>sin_family
ath_stoprecv: rx queue %p, link %p,
DEBUG
udp addr=%x/%hu, usin>sin_addr.s_addr, usin->sin_port
ERROR
no mpdu (%s), __func__
Reset rx chain mask. Do internal reset.
(%s), __func__
OS_CANCEL_TIMER failed!!
%s: unable to allocate channel table,
__func__
%s: unable to collect channel list from
hal;
%s: cannot map channel to mode; freq
%u flags 0x%x,
%s: unable to reset channel %u
(%uMhz)
DEBUG
%s: %s:%d: BAD TUNNEL MAGIC
ERROR
DEBUG
DEBUG
%s: %s:%d: BAD TUNNEL MAGIC
socki_lookup: socket file changed!
ERROR
ERROR
DEBUG
%s: %s:%d: BAD TUNNEL MAGIC
ERROR
DEBUG
%s: %s:%d: BAD SESSION MAGIC \
ERROR
DEBUG
ERROR
%s: unable to restart recv logic,
DEBUG
%s: %s:%d: BAD TUNNEL MAGIC \
msg->msg_namelen wrong, %d, msg>msg_namelen
addr family wrong: %d, usin>sin_family
DEBUG
udp addr=%x/%hu, usin>sin_addr.s_addr, usin->sin_port
%s: start DFS WAIT period on channel
%d, __func__,sc->sc_curchan.channel
DEBUG
249
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
%s: cancel DFS WAIT period on
channel %d, __func__, sc>sc_curchan.channel
Non-DFS channel, cancelling previous
DFS wait timer channel %d, sc>sc_curchan.channel
%s: unable to reset hardware; hal status
%u
%s: unable to start recv logic, __func__
%s: unable to start recv logic, __func__
%s: unable to reset hardware; hal status
%u,
User Manual
DEBUG
%s: %s:%d: BAD TUNNEL MAGIC
ERROR
DEBUG
%s: %s:%d: BAD TUNNEL MAGIC
ERROR
DEBUG
DEBUG
DEBUG
socki_lookup: socket file changed!
%s: %s:%d: BAD TUNNEL MAGIC
%s: %s:%d: BAD SESSION MAGIC \
ERROR
ERROR
ERROR
DEBUG
ERROR
hardware error; reseting
DEBUG
rx FIFO overrun; reseting
DEBUG
%s: %s:%d: BAD TUNNEL MAGIC \
msg->msg_namelen wrong, %d, msg>msg_namelen
addr family wrong: %d, usin>sin_family
DEBUG
udp addr=%x/%hu, usin>sin_addr.s_addr, usin->sin_port
ERROR
DEBUG
DEBUG
%s: %s:%d: BAD TUNNEL MAGIC
%s: %s:%d: BAD TUNNEL MAGIC
ERROR
ERROR
BK\t%s\t\t%d\t%6d\t\t%s\t%d,
VI\t%s\t\t%d\t%6d\t\t%s\t%d,
DEBUG
DEBUG
socki_lookup: socket file changed!
%s: %s:%d: BAD TUNNEL MAGIC
ERROR
ERROR
VO\t%s\t\t%d\t%6d\t\t%s\t%d,
--%d,%p,%lu:0x%x 0x%x 0x%p 0x%x
0x%x 0x%x 0x%x,
bb state: 0x%08x 0x%08x, bbstate(sc,
4ul), bbstate(sc, 5ul)
DEBUG
rebootHook: null function pointer
ERROR
DEBUG
Bad ioctl command
ERROR
DEBUG
fResetMod: Failed to configure gpio pin
ERROR
DEBUG
fResetMod: Failed to register interrupt
handler
ERROR
DEBUG
registering char device failed
ERROR
DEBUG
unregistering char device failed
ERROR
DEBUG
proc entry delete failed
ERROR
DEBUG
proc entry initialization failed
ERROR
DEBUG
testCompHandler: received %s from
%d, (char *)pInBuf,
ERROR
DEBUG
DEBUG
UMI proto registration failed %d,ret
AF_UMI registration failed %d,ret
ERROR
ERROR
DEBUG
DEBUG
DEBUG
ERROR
ERROR
ERROR
DEBUG
DEBUG
umi initialization failed %d,ret
kernel UMI registration failed!
./Logs_kernel.txt:447:KERN_ERR
ERROR msm not found properly %d,
len %d, msm,
ModExp returned Error
DEBUG
DEBUG
ModExp returned Error
%s: 0x%p len %u, tag, p, (unsigned
ERROR
ERROR
%s: During Wow Sleep and got BMISS,
__func__
AC\tRTS \tAggr Scaling\tMin
Rate(Kbps)\tHBR \tPER LOW
THRESHOLD
BE\t%s\t\t%d\t%6d\t\t%s\t%d,
%08x %08x %08x %08x %08x %08x
%08x %08x%08x %08x %08x %08x,
noise floor: (%d, %d) (%d, %d) (%d,
%d),
%p: %08x %08x %08x %08x %08x
%08x %08x %08x %08x %08x %08x
%08x,
--%d,%p,%lu:0x%x 0x%x 0x%p 0x%x
0x%x 0x%x 0x%x,
%08x %08x %08x %08x %08x %08x
%08x %08x%08x %08x %08x %08x,
%s: unable to allocate device object.,
__func__
%s: unable to attach hardware; HAL
status %u,
%s: HAL ABI msmatch;
%s: Warning, using only %u entries in
%u key cache,
unable to setup a beacon xmit queue!
unable to setup CAB xmit queue!
unable to setup xmit queue for BE
traffic!
%s DFS attach failed, __func__
%s: Invalid interface id = %u, __func__,
if_id
%s:grppoll Buf allocation failed
250
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
,__func__
int)len
%s: unable to start recv logic,
%s: Invalid interface id = %u, __func__,
if_id
%s: unable to allocate channel table,
__func__
%s: Tx Antenna Switch. Do internal
reset., __func__
Radar found on channel %d (%d MHz),
End of DFS wait period
DEBUG
%03d:, i
ERROR
DEBUG
%02x, ((unsigned char *)p)[i]
ERROR
DEBUG
ERROR
DEBUG
DEBUG
DEBUG
mic check failed
%s: 0x%p len %u, tag, p, (unsigned
int)len
%03d:, i
%02x, ((unsigned char *)p)[i]
%s error allocating beacon, __func__
failed to allocate UAPSD QoS NULL tx
descriptors: %d, error
failed to allocate UAPSD QoS NULL
wbuf
%s: unable to allocate channel table,
__func__
%s: unable to update h/w beacon queue
parameters,
ALREADY ACTIVATED
DEBUG
mic check failed
ERROR
DEBUG
[%s] Wrong parameters, __func__
ERROR
DEBUG
[%s] Wrong Key length, __func__
ERROR
DEBUG
[%s] Wrong parameters, __func__
ERROR
DEBUG
DEBUG
[%s] Wrong Key length, __func__
[%s] Wrong parameters, __func__
ERROR
ERROR
%s: missed %u consecutive beacons,
%s: busy times: rx_clear=%d,
rx_frame=%d, tx_frame=%d, __func__,
rx_clear, rx_frame, tx_frame
%s: unable to obtain busy times,
__func__
%s: beacon is officially stuck,
DEBUG
[%s] Wrong Key length, __func__
ERROR
DEBUG
[%s] Wrong parameters, __func__
ERROR
DEBUG
DEBUG
ERROR
ERROR
Busy environment detected
DEBUG
Inteference detected
rx_clear=%d, rx_frame=%d,
tx_frame=%d,
%s: resume beacon xmit after %u
misses,
%s: stuck beacon; resetting (bmiss
count %u),
DEBUG
DEBUG
[%s] Wrong Key length, __func__
[%s]: Wrong parameters, __func__
[%s] Wrong Key Length %d, __func__,
des_key_len
[%s] Wrong parameters %d, __func__,
des_key_len
[%s] Wrong Key Length %d, __func__,
des_key_len
DEBUG
[%s] Wrong parameters, __func__
ERROR
DEBUG
[%s] Wrong Key Length, __func__
ERROR
EMPTY QUEUE
SWRInfo: seqno %d isswRetry %d
retryCnt %d,wh ? (*(u_int16_t *)&wh>i_seq[0]) >> 4 : 0, bf->bf_isswretry,bf>bf_swretries
Buffer #%08X --> Next#%08X
Prev#%08X Last#%08X,bf,
TAILQ_NEXT(bf,bf_list),
Stas#%08X flag#%08X
Node#%08X, bf->bf_status, bf>bf_flags, bf->bf_node
Descr #%08X --> Next#%08X
Data#%08X Ctl0#%08X Ctl1#%08X, bf>bf_daddr, ds ->ds_link, ds->ds_data,
ds->ds_ctl0, ds->ds_ctl1
Ctl2#%08X Ctl3#%08X
Sta0#%08X Sta1#%08X,ds ->ds_hw[0],
ds->ds_hw[1], lastds ->ds_hw[2], lastds >ds_hw[3]
Error entering wow mode
DEBUG
[%s] Wrong parameters, __func__
ERROR
DEBUG
[%s] Wrong Key Length, __func__
ERROR
DEBUG
[%s] Wrong parameters, __func__
ERROR
DEBUG
[%s] Wrong parameters, __func__
ERROR
DEBUG
[%s] Wrong parameters, __func__
ERROR
DEBUG
DEBUG
[%s] Wrong parameters, __func__
device name=%s not found, pReq-
ERROR
ERROR
251
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
>ifName
Wakingup due to wow signal
%s, wowStatus = 0x%x, __func__,
wowStatus
DEBUG
Pattern added already
Error : All the %d pattern are in use.
Cannot add a new pattern ,
MAX_NUM_PATTERN
DEBUG
Pattern added to entry %d ,i
Remove wake up pattern
mask = %p pat = %p
,maskBytes,patternBytes
mask = %x pat = %x
,(u_int32_t)maskBytes,
(u_int32_t)patternBytes
Pattern Removed from entry %d ,i
DEBUG
DEBUG
Error : Pattern not found
DEBUG
PPM STATE ILLEGAL %x %x,
forcePpmStateCur, afp->forceState
FORCE_PPM %4d %6.6x %8.8x %8.8x
%8.8x %3.3x %4.4x,
failed to allocate tx descriptors: %d,
error
failed to allocate beacon descripotrs:
%d, error
failed to allocate UAPSD descripotrs:
%d, error
DEBUG
DEBUG
DEBUG
DEBUG
DEBUG
unable to register KIFDEV to UMI
ERROR: %s: Timeout at page %#0x
addr %#0x
ERROR: %s: Timeout at page %#0x
addr %#0x
ERROR
Invalid IOCTL %#08x, cmd
%s: unable to register device, dev>name
ath_pci: 32-bit DMA not available
ath_pci: cannot reserve PCI memory
region
ERROR
ath_pci: cannot remap PCI memory
region) ;
ath_pci: no memory for device state
%s: unable to register device, dev>name
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
DEBUG
ath_dev_probe: no memory for device
state
%s: no memory for device state,
__func__
DEBUG
kernel MIBCTL registration failed!
ERROR
DEBUG
Bad ioctl command
ERROR
DEBUG
ERROR
DEBUG
hal qnum %u out of range, max %u!,
HAL AC %u out of range, max %zu!,
HAL AC %u out of range, max %zu!,
DEBUG
DEBUG
DEBUG
WpsMod: Failed to configure gpio pin
WpsMod: Failed to register interrupt
handler
registering char device failed
unregistering char device failed
%s: unable to update hardware queue
%u!,
DEBUG
%s:%d - ERROR: non-NULL node
pointer in %p, %p<%s>!
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
Multicast Q:
%p , buf
buf flags - 0x%08x --------- , buf>bf_flags
DEBUG
DEBUG
buf status - 0x%08x, buf->bf_status
# frames in aggr - %d, length of
aggregate - %d, length of frame - %d,
sequence number - %d, tidno - %d,
isdata: %d isaggr: %d isampdu: %d ht:
%d isretried: %d isxretried: %d
shpreamble: %d isbar: %d ispspoll: %d
aggrburst: %d calcairtime: %d
qosnulleosp: %d,
%p: 0x%08x 0x%08x 0x%08x 0x%08x
0x%08x 0x%08x 0x%08x 0x%08x
0x%08x 0x%08x,
DEBUG
%s:%d - ERROR: non-NULL node
pointer in %p, %p<%s>!
can't alloc name %s, name
%s: unable to register device, dev>name
failed to automatically load module:
%s; \
DEBUG
Unable to load needed module: %s; no
support for \
ERROR
DEBUG
Module \%s\ is not known, buf
ERROR
DEBUG
Error loading module \%s\, buf
ERROR
DEBUG
Module \%s\ failed to initialize, buf
ERROR
0x%08x 0x%08x 0x%08x 0x%08x
0x%08x 0x%08x 0x%08x 0x%08x
DEBUG
252
ERROR
ERROR
ERROR
ERROR
Unified Services Router
User Manual
0x%08x 0x%08x,
0x%08x 0x%08x 0x%08x 0x%08x,
DEBUG
sc_txq[%d] : , i
DEBUG
tid %p pause %d : , tid, tid->paused
%d: %p , j, tid->tx_buf[j]
DEBUG
DEBUG
%p , buf
axq_q:
%s: unable to reset hardware; hal status
%u, __func__, status
DEBUG
DEBUG
****ASSERTION HIT****
MacAddr=%s,
DEBUG
DEBUG
TxBufIdx=%d, i
DEBUG
Tid=%d, tidno
AthBuf=%p, tid->tx_buf[i]
%s: unable to reset hardware; hal status
%u,
%s: unable to reset hardware; hal status
%u,
DEBUG
DEBUG
%s: unable to start recv logic,
DEBUG
_fmt, __VA_ARGS__ \
sample_pri=%d is a multiple of
refpri=%d, sample_pri, refpri
===========ft>ft_numfilters=%u===========, ft>ft_numfilters
filter[%d] filterID = %d
rf_numpulses=%u; rf->rf_minpri=%u; rf>rf_maxpri=%u; rf->rf_threshold=%u; rf>rf_filterlen=%u; rf->rf_mindur=%u; rf>rf_maxdur=%u,j, rf->rf_pulseid,
NOL
DEBUG
WARNING!!! 10 minute CAC period as
channel is a weather radar channel
%s disable detects, __func__
%s enable detects, __func__
%s disable FFT val=0x%x , __func__,
val
%s enable FFT val=0x%x , __func__,
val
%s debug level now = 0x%x , __func__,
dfs_debug_level
RateTable:%d, maxvalidrate:%d,
ratemax:%d, pRc->rateTableSize,k,pRc>rateMaxPhy
%s: txRate value of 0x%x is bad.,
__FUNCTION__, txRate
Valid Rate Table:-
ath_pci: 32-bit DMA not available
ath_pci: cannot reserve PCI memory
region
ath_pci: cannot remap PCI memory
region) ;
ath_pci: no memory for device state
%s: unable to attach hardware: '%s'
(HAL status %u),
%s: HAL ABI mismatch;
ERROR
ERROR
DEBUG
%s: failed to allocate descriptors: %d,
%s: unable to setup a beacon xmit
queue!,
%s: unable to setup CAB xmit queue!,
%s: unable to setup xmit queue for %s
traffic!,
%s: unable to register device, dev>name
%s: autocreation of VAP failed: %d,
ath_dev_probe: no memory for device
state
kdot11RogueAPEnable called with
NULL argument.
kdot11RogueAPEnable: can not add
more interfaces
kdot11RogueAPGetState called with
NULL argument.
kdot11RogueAPDisable called with
NULL argument.
DEBUG
%s: SKB does not exist.,
__FUNCTION__
ERROR
DEBUG
DEBUG
%s: recvd invalid skb
unable to register KIFDEV to UMI
ERROR
ERROR
DEBUG
DEBUG
DEBUG
The system is going to factory
defaults........!!!
%s, msg
%02x, *(data + i)
CRITICAL
CRITICAL
CRITICAL
DEBUG
Inside crypt_open in driver ######
CRITICAL
DEBUG
CRITICAL
DEBUG
Inside crypt_release in driver ######
Inside crypt_init module in driver
@@@@@@@@
DEBUG
Inside crypt_cleanup module in driver
@@@@@@@@
CRITICAL
DEBUG
DEBUG
SKB is null : %p ,skb
DST is null : %p ,dst
CRITICAL
CRITICAL
DEBUG
DEBUG
DEBUG
253
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
CRITICAL
Unified Services Router
Index:%d, value:%d, code:%x, rate:%d,
flag:%x, i, (int)validRateIndex[i],
RateTable:%d, maxvalidrate:%d,
ratemax:%d, pRc->rateTableSize,k,pRc>rateMaxPhy
User Manual
DEBUG
DEBUG
Can't allocate memory for ath_vap.
DEBUG
Unable to add an interface for ath_dev.
%s: [%02u] %-7s , tag, ix, ciphers[hk>kv_type]
%02x, hk->kv_val[i]
mac %02x-%02x-%02x-%02x-%02x%02x, mac[0], mac[1], mac[2], mac[3],
mac[4], mac[5]
DEBUG
mac 00-00-00-00-00-00
DEBUG
%02x, hk->kv_mic[i]
DEBUG
txmic
DEBUG
%02x, hk->kv_txmic[i]
DEBUG
Cannot support setting tx and rx keys
individually
DEBUG
bogus frame type 0x%x (%s),
DEBUG
ERROR: ieee80211_encap ret NULL
ERROR: ath_amsdu_attach not called
%s: no memory for cwm attach,
__func__
%s: error - acw NULL. Possible attach
failure, __func__
%s: unable to abort tx dma, __func__
%s: no memory for ff attach, __func__
Failed to initiate PBC based enrolle
association
KERN_EMERG Returing error in INTR
registration
KERN_EMERG Initialzing Wps module
DEBUG
%s:%d %s, __FILE__, __LINE__,
__func__
DEBUG
DEBUG
DEBUG
DEV is null %p %p ,dev,dst
Packet is Fragmented %d,pBufMgr>len
Marked the packet proto:%d sip:%x
dip:%x sport:%d dport:%d
spi:%d,isr:%p:%p %p
SAV CHECK FAILED IN
DECRYPTION
CRITICAL
CRITICAL
CRITICAL
CRITICAL
FAST PATH Breaks on BUF CHECK
FAST PATH Breaks on DST CHECK
FAST PATH Breaks on MTU %d %d
%d,bufMgrLen(pBufMgr),mtu,dst_mtu(
pDst->path)
FAST PATH Breaks on MAX PACKET
%d
%d,bufMgrLen(pBufMgr),IP_MAX_PA
CKET
SAV CHECK FAILED IN
ENCRYPTION
Match Found proto %d spi
%d,pPktInfo->proto,pFlowEntry>pre.spi
PRE: proto: %u srcip:%u.%u.%u.%u
sport :%u dstip: %u.%u.%u.%u dport:
%u,
POST: proto: %u srcip:%u.%u.%u.%u
sport :%u dstip: %u.%u.%u.%u dport:
%u,
CRITICAL
CRITICAL
CRITICAL
DEBUG
DEBUG
Clearing the ISR %p,p
PROTO:%d %u.%u.%u.%u-->%u.%u.%u.%u,
ESP-DONE: %p %p,sav,m
DEBUG
ESP-BAD: %p %p,sav,m
CRITICAL
DEBUG
DEBUG
DEBUG
Bug in ip_route_input_slow().
Bug in ip_route_input_slow().
Bug in ip_route_input \
CRITICAL
CRITICAL
CRITICAL
DEBUG
Bug in ip_route_input_slow().
AH: Assigning the secure flags for sav
:%p,sav
ESP: Assigning the secure flags for
sav :%p skb:%p src:%x
dst:%x,sav,skb,ip->ip_src.s_addr,ip>ip_dst.s_addr
%s Buffer %d mtu %d path mtu %d
header %d trailer
%d,__func__,bufMgrLen(pBufMgr),mtu
,dst_mtu(pDst->path),pDst>header_len,pDst->trailer_len
CRITICAL
DEBUG
DEBUG
254
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
CRITICAL
Unified Services Router
User Manual
Appendix E. RJ-45 Pin-outs
RJ-45
Cable
Adapter
RJ-45 PIN
DB-9 PIN
CTS
NC
NC
NC
DTR
NC
NC
NC
TxD
6
3
RxD
GND
5
5
GND
GND
4
5
GND
RxD
3
2
TxD
DSR
NC
NC
NC
RTS
NC
NC
NC
Signal
Signal
255
Unified Services Router
User Manual
Appendix F. Product Statement
1. DSR-1000N
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications. However, there is no guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the interference by
one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement
This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment.
This equipment should be installed and operated with a minimum distance of 20 centimeters between the
radiator and your body.
This device complies with Part 15 of the FCC Rules. Opera tion is subject to the following two conditions:
1)
2)
This device may not cause harmful interference, and
This device must accept any interference received, including
undesired operation.
interference that may cause
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm
from all persons and must not be co-located or operating in conjunction with any other antenna or
transmitter.
This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range.
Non-modification Statement
Use only the integral antenna supplied by the manufacturer when operating this device. Unauthorized
antennas, modifications, or attachments could damage the TI Navigator access point and violate FCC
regulations. Any changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate this equipment.
Canadian Department of Communications Industry Canada (IC) Notice
This Class B digital apparatus complies with Canadian ICES-003 and RSS-210. Cet appareil numérique de
la classe B est conforme à la norme NMB-003 et CNR-210 du Canada.
ndustry Canada Statement
This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two
conditions:
1) This device may not cause harmful interference, and
2) This device must accept any interference received, including interference that may cause
undesired operation.
256
Unified Services Router
User Manual
IMPORTANT NOTE: Radiation Exposure Statement
This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End
users must follow the specific operating instructions for satisfying RF exposure compliance. To maintain
compliance with IC RF exposure compliance requirements, please follow operation instruction as
documented in this manual.
This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range.
Europe – EU Declaration of Conformity
This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following
test methods have been applied in order to prove presumption of conformity with the essential requirements
of the R&TTE Directive 1999/5/EC:
- EN 60950-1: 2006+A11:2009
Safety of information technology equipment
- EN 300 328 V1.7.1 (2006-10)
Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband transmission systems; Data
transmission equipment operating in the 2,4 GHz ISM band and using wide band modulation techniques;
Harmonized EN covering essential requirements under article 3.2 of the R&TTE Directive
- EN 301 893-1 V1.5.1 (2008-12)
Broadband Radio Access Networks (BRAN); 5 GHz high performance RLAN; Harmonized EN covering
essential requirements of article 3.2 of the R&TTE Directive
- EN 301 489-17 V1.3.2 (2008-04) and EN 301 489-1 V1.8.1 (2008-04)
Electromagnetic compatibility and Radio spectrum Matters (ERM); Electro Magnetic Compatibility (EMC)
standard for radio equipment and services; Part 17: Specific conditions for 2,4 GHz wideband transmission
systems and 5 GHz high performance RLAN equipment
This device is a 2.4 GHz wideband transmission system (transceiver), intended for use in all EU member
states and EFTA countries under the following conditions and/or with the following restrictions:
- In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain
authorization to use the device for setting up outdoor radio links and/or for supplying public access to
telecommunications and/or network services.
- This device may not be used for setting up outdoor radio links in France and in some areas the RF output
power may be limited to 10 mW EIRP in the frequency range of 2454 – 2483.5 MHz. For detailed
information the enduser should contact the national spectrum authority in France.
This device is a 5 GHz wideband transmission system (transceiver), intended for use in all EU member
states and EFTA countries under the following conditions and/or with the following restrictions:
- This device may only be used indoors in the frequency bands 5150 – 5250 MHz.
- In France and Luxembourg a limited implementation of the frequency bands 5150 – 5250 MHz and 5250 –
5350 MHz. In Luxermbourg it is not allowed to make use of the frequency band 5470 – 5725 MHz. Endusers are encouraged to contact the national spectrum authorities in France and Luxembourg in order to
obtain the latest information about any restrictions in the 5 GHz frequency band(s).
257
Unified Services Router
User Manual
Česky
[Czech]
[D-Link Corporation] tímto prohlašuje, že tento [DSR-1000N] je ve shodě se základními
požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES.
Dansk
[Danish]
Undertegnede [D-Link Corporation] erklærer herved, at følgende udstyr [DSR -1000N]
overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
Deutsch
[German]
Hiermit erklärt [D-Link Corporation], dass sich das Gerät [DSR-1000N] in
Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen
Bestimmungen der Richtlinie 1999/5/EG befindet.
Eesti
[Estonian]
Käesolevaga kinnitab [D-Link Corporation] seadme [DSR-1000N] vastavust direktiivi
1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele
sätetele.
English
Hereby, [D-Link Corporation], declares that this [DSR-1000N] is in compliance with the
essential requirements and other relevant provisions of Directive 1999/5/EC.
Español
[Spanish]
Por medio de la presente [D-Link Corporation] declara que el [DSR-1000N] cumple con
los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la
Directiva 1999/5/CE.
Ελληνική
[Greek]
ΜΕ
ΤΗΝ
ΠΑΡΟΥΣΑ
[D-Link
Corporation] ΔΗΛΩΝΕΙ ΟΤΙ [DSR-1000N]
ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ
ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999/5/ΕΚ.
Français
[French]
Par la présente [D-Link Corporation] déclare que l'appareil [DSR-1000N] est conforme
aux exigences essentielles et aux autres dispositions pertinentes de la directive
1999/5/CE.
Italiano
[Italian]
Con la presente [D-Link Corporation] dichiara che questo [DSR-1000N] è conforme ai
requisiti essenziali ed alle altre disposizioni pertinenti stabilite dall a direttiva 1999/5/CE.
Latviski
[Latvian]
Ar šo [D-Link Corporation] deklarē, ka [DSR-1000N] atbilst Direktīvas 1999/5/EK
būtiskajām prasībām un citiem ar to saistītajiem noteikumiem.
Lietuvių
[Lithuanian]
Šiuo [D-Link Corporation] deklaruoja, kad šis [DSR-1000N] atitinka esminius reikalavimus
ir kitas 1999/5/EB Direktyvos nuostatas.
Nederlands
[Dutch]
Hierbij verklaart [D-Link Corporation] dat het toestel [DSR-1000N] in overeenstemming is
met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG.
Malti
[Maltese]
Hawnhekk, [D-Link Corporation], jiddikjara li dan [DSR-1000N] jikkonforma mal-ħtiġijiet
essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC.
Magyar
[Hungarian]
Alulírott, [D-Link Corporation] nyilatkozom, hogy a [DSR-1000N] megfelel a vonatkozó
alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
Polski
[Polish]
Niniejszym [D-Link Corporation] oświadcza, że [DSR-1000N] jest zgodny z zasadniczymi
wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC.
258
Unified Services Router
Português
[Portuguese]
Slovensko
[Slovenian]
Slovensky
[Slovak]
User Manual
[D-Link Corporation] declara que este [DSR-1000N]está conforme com os requisitos
essenciais e outras disposições da Directiva 1999/5/CE.
[D-Link Corporation] izjavlja, da je ta [DSR-1000N] v skladu z bistvenimi zahtevami in
ostalimi relevantnimi določili direktive 1999/5/ES.
[D-Link Corporation] týmto vyhlasuje, že [DSR-1000N] spĺňa základné požiadavky a
všetky príslušné ustanovenia Smernice 1999/5/ES.
Suomi
[Finnish]
[D-Link Corporation] vakuuttaa täten että [DSR-1000N] tyyppinen laite on direktiivin
1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.
Svenska
[Swedish]
Härmed intygar [D-Link Corporation] att denna [DSR-1000N] står I överensstämmelse
med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av
direktiv 1999/5/EG.
259
Unified Services Router
User Manual
2.DSR-500N
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications. However, there is no guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the interference by
one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement
This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment.
This equipment should be installed and operated with a minimum dista nce of 20 centimeters between the
radiator and your body.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
1)
2)
This device may not cause harmful interference, and
This device must accept any interference received, including interference that may cause
undesired operation.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm
from all persons and must not be co-located or operating in conjunction with any other antenna or
transmitter.
This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range.
Non-modification Statement
Use only the integral antenna supplied by the manufacturer when operating this device. Unauthorized
antennas, modifications, or attachments could damage the TI Navigator access point and violate FCC
regulations. Any changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate this equipment.
Canadian Department of Communications Industry Canada (IC) Notice
This Class B digital apparatus complies with Canadian ICES-003 and RSS-210. Cet appareil numérique de
la classe B est conforme à la norme NMB-003 et CNR-210 du Canada.
Industry Canada Statement
This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two
conditions:
1) This device may not cause harmful interference, and
2) This device must accept any interference received, including interference that may cause
undesired operation.
IMPORTANT NOTE: Radiation Exposure Statement
This equipment complies with IC radiation expos ure limits set forth for an uncontrolled environment.
End users must follow the specific operating instructions for satisfying RF exposure compliance.
To maintain compliance with IC RF exposure compliance requirements, please follow operation instruction
as documented in this manual.
260
Unified Services Router
User Manual
Europe – EU Declaration of Conformity
This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following
test methods have been applied in order to prove presumption of conformity with the essential requirements
of the R&TTE Directive 1999/5/EC:
- EN 60950-1: 2006+A11:2009
Safety of information technology equipment
- EN 300 328 V1.7.1 (2006-10)
Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband transmission systems; Data
transmission equipment operating in the 2,4 GHz ISM band and using wide band modulation techniques;
Harmonized EN covering essential requirements under article 3.2 of the R &TTE Directive
- EN 301 489-17 V1.3.2 (2008-04) and EN 301 489-1 V1.8.1 (2008-04)
Electromagnetic compatibility and Radio spectrum Matters (ERM); Electro Magnetic Compatibility (EMC)
standard for radio equipment and services; Part 17: Specific conditions for 2,4 GHz wideband transmission
systems and 5 GHz high performance RLAN equipment
This device is a 2.4 GHz wideband transmission system (transceiver), intended for use in all EU member
states and EFTA countries under the following conditions and/or with the following restrictions:
- In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain authorization
to use the device for setting up outdoor radio links and/or for supplying public access to telecommunications and/or
network services.
- This device may not be used for setting up outdoor radio links in France and in some areas the RF output
power may be limited to 10 mW EIRP in the frequency range of 2454 – 2483.5 MHz. For detailed information the
enduser should contact the national spectrum authority in France.
261
Unified Services Router
User Manual
Česky
[Czech]
[D-Link Corporation] tímto prohlašuje, že tento [DSR-500N] je ve shodě se základními
požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES.
Dansk
[Danish]
Undertegnede [D-Link Corporation] erklærer herved, at følgende udstyr [DSR-500N]
overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
Deutsch
[German]
Hiermit erklärt [D-Link Corporation], dass sich das Gerät [DSR-500N] in Übereinstimmung
mit den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen der
Richtlinie 1999/5/EG befindet.
Eesti
[Estonian]
Käesolevaga kinnitab [D-Link Corporation] seadme [DSR-500N] vastavust direktiivi
1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele
sätetele.
English
Español
[Spanish]
Ελληνική
[Greek]
Français
[French]
Hereby, [D-Link Corporation], declares that this [DSR-500N] is in compliance with the
essential requirements and other relevant provisions of Directive 1999/5/EC.
Por medio de la presente [D-Link Corporation] declara que el [DSR-500N] cumple con los
requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la
Directiva 1999/5/CE.
ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ [D-Link Corporation] ΔΗΛΩΝΕΙ ΟΤΙ [DSR-500N] ΣΥΜΜΟΡΦΩΝΕΤΑΙ
ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ
ΟΔΗΓΙΑΣ 1999/5/ΕΚ.
Par la présente [D-Link Corporation] déclare que l'appareil [DSR-500N] est conforme aux
exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.
Italiano
[Italian]
Con la presente [D-Link Corporation] dichiara che questo [DSR-500N] è conforme ai
requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.
Latviski
[Latvian]
Ar šo [D-Link Corporation] deklarē, ka [DSR-500N] atbilst Direktīvas 1999/5/EK
būtiskajām prasībām un citiem ar to saistītajiem noteikumiem.
Lietuvių
[Lithuanian]
Šiuo [D-Link Corporation] deklaruoja, kad šis [DSR-500N] atitinka esminius reikalavimus
ir kitas 1999/5/EB Direktyvos nuostatas.
Nederlands
[Dutch]
Hierbij verklaart [D-Link Corporation] dat het toestel [DSR-500N] in overeenstemming is
met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG.
Malti
[Maltese]
Hawnhekk, [D-Link Corporation], jiddikjara li dan [DSR-500N] jikkonforma mal-ħtiġijiet
essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC.
Magyar
[Hungarian]
Alulírott, [D-Link Corporation] nyilatkozom, hogy a [DSR-500N] megfelel a vonatkozó
alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
Polski
[Polish]
Niniejszym [D-Link Corporation] oświadcza, że [DSR-500N] jest zgodny z zasadniczymi
wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC.
262
Unified Services Router
Português
[Portuguese]
Slovensko
[Slovenian]
Slovensky
[Slovak]
User Manual
[D-Link Corporation] declara que este [DSR-500N]está conforme com os requisitos
essenciais e outras disposições da Directiva 1999/5/CE.
[D-Link Corporation] izjavlja, da je ta [DSR-500N] v skladu z bistvenimi zahtevami in
ostalimi relevantnimi določili direktive 1999/5/ES.
[D-Link Corporation] týmto vyhlasuje, že [DSR-500N] spĺňa základné požiadavky a
všetky príslušné ustanovenia Smernice 1999/5/ES.
Suomi
[Finnish]
[D-Link Corporation] vakuuttaa täten että [DSR-500N] tyyppinen laite on direktiivin
1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.
Svenska
[Swedish]
Härmed intygar [D-Link Corporation] att denna [DSR-500N] står I överensstämmelse
med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av
direktiv 1999/5/EG.
263
Unified Services Router
User Manual
3.DSR-250N
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses and can radiate radio frequency
energy and, if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications. However, there is no guarantee that interference will not occ ur in a particular
installation. If this equipment does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the interference by
one of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
Consult the dealer or an experienced radio/TV technician for help.
FCC Caution:
Any changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate this equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1)
This device may not cause harmful interference, and (2) this device must accept any interference received,
including interference that may cause undesired operation.
RSS-GEN 7.1.4:
User Manual for Transmitters with Detachable Antennas
The user manual of transmitter devices equipped with detachable antennas shall contain the following
information in a conspicuous location:
This device has been designed to operate with the antennas listed below, and having a maximum gain of
[1.8] dB. Antennas not included in this list or having a gain greater than [1.8] dB are strictly prohibited for use
with this device. The required antenna impedance is [50] ohms.
RSS-GEN 7.1.5
To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that
the equivalent isotropically radiated power (e.i.r.p.) is not more than that permitted for successful
communication.
Le présent appareil est conforme aux CNR d'Industrie Canada appli cables aux appareils radio exempts de
licence. L'exploitation est autorisée aux deux conditions suivantes : (1) l'appareil ne doit pas produire de
brouillage, et (2) l'utilisateur de l'appareil doit accepter tout brouillage radioélectrique subi, même si le
brouillage est susceptible d'en com Spromettre le fonctionnement.
Is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximation
of the Laws of the Member States relating to Electromagnetic Compatibility (2004/108/EC), Low-voltage
Directive (2006/95/EC), the procedures given in European Council Directive 99/5/EC and 2004/104/EC.
The equipment was passed. The test was performed according to the following European standards:
EN 300 328 V.1.7.1
EN 301 489-1 V.1. 8.1 / EN 301 489-17 V.2.1.1
EN 62311
EN 60950-1
264
Unified Services Router
User Manual
Regulatory statement (R&TTE)
European standards dictate maximum radiated transmit power of 100mW EIRP and frequency range 2.400 2.4835GHz; In France, the equipment must be restricted to the 2.4465 -2.4835GHz frequency range and
must be restricted to indoor use.
Operation of this device is subjected to the following National regulations and may be prohibited to use if
certain restriction should be applied.
D=0.020m is the minimum safety distance between the EUT and human body when the E-Field strength is
61V/m.
NCC Warning Statement
Article 12
Without permission, any company, firm or user shall not alter the frequency, increase the power, or change
the characteristics and functions of the original design of the certified lower power frequency electric
machinery.
Article 14
The application of low power frequency electric machineries shall not affect the navigation safety nor
interfere a legal communication, if an interference is found, the service will be suspended until improvement
is made and the interference no longer exists.
265
Unified Services Router
User Manual
4. DSR-150N
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
Part 15 of the FCC Rules. These limits are designed to provide reasonable protecti on against harmful
interference in a residential installation. This equipment generates, uses and can radiate radio frequency
energy and, if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications. However, there is no guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is en couraged to try to correct the interference by
one of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
Consult the dealer or an experienced radio/TV technician for help.
FCC Caution:
Any changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate this equipment. This device complies with Part 15 of the FCC Rules. Operation is
subject to the following two conditions:
(1) This device may not cause harmful interference, and
(2) this device must accept any interference received, including interference th at may cause undesired
operation.
IMPORTANT NOTE:
FCC Radiation Exposure Statement:
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This
equipment should be installed and operated with minimum distance 20cm between the radiator & your body.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
The availability of some specific channels and/or operational frequency bands are country dependent and
are firmware programmed at the factory to match the intended destination. The firmware setting is not
accessible by the end user.
Note: The country code selection is for non-US model only and is not available to all US model. Per FCC
regulation, all WiFi product marketed in US must fixed to US operation channels only..
Europe – EU Declaration of Conformity
This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following test
methods have been applied in order to prove presumption of conformity with the essential requirements of
the R&TTE Directive 1999/5/EC:
EN 60950-1:
Safety of Information Technology Equipment
EN50385 : (2002-08)
Product standard to demonstrate the compliance of radio base stations and fixed terminal stations for
wireless telecommunication systems with the basic restrictions or the reference levels related to human
exposure to radio frequency electromagnetic fields (110MHz - 40 GHz) - General public
EN 300 328 V1.7.1: (2006-10)
Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband Transmission systems; Data
transmission equipment operating in the 2,4 GHz ISM band and using spread spectrum modulation
techniques; Harmonized EN covering essential requirements under article 3.2 of the R& TTE Directive
EN 301 489-1 V1.8.1: (2008-04)
266
Unified Services Router
User Manual
Electromagnetic compatibility and Radio Spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC)
standard for radio equipment and services; Part 1: Common technical requirements
EN 301 489-17 V2.1.1 (2009-05)
Electromagnetic compatibility and Radio spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC)
standard for radio equipment; Part 17: Specific conditions for Broadband Data Transmission Systems
This device is a 2.4 GHz wideband transmission system (transceiver), intended for use in all EU member
states and EFTA countries, except in France and Italy where restrictive use applies.
In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain
authorization to use the device for setting up outdoor radio links and/or for supplying public access to
telecommunications and/or network services.
This device may not be used for setting up outdoor radio links in France and in some areas the RF output
power may be limited to 10 mW EIRP in the frequency range of 2454 – 2483.5 MHz. For detailed
information the end-user should contact the national spectrum authority in France.
Česky
[Czech]
[Jméno výrobce] tímto prohlašuje, že tento [typ zařízení] je ve shodě se základními
požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES.
Dansk
[Danish]
Undertegnede [fabrikantens navn] erklærer herved, at følgende udstyr [udstyrets
typebetegnelse] overholder de væsentlige krav og øvrige relevante krav i direktiv
1999/5/EF.
Deutsch
[German]
Hiermit erklärt [Name des Herstellers], dass sich das Gerät [Gerätetyp] in
Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen
Bestimmungen der Richtlinie 1999/5/EG befindet.
Eesti
[Estonian]
Käesolevaga kinnitab [tootja nimi = name of manufacturer] seadme [seadme tüüp = type of
equipment] vastavust direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist
tulenevatele teistele asjakohastele sätetele.
Hereby, [name of manufacturer], declares that this [type of equipment] is in compliance
with the essential requirements and other relevant provisions of Directive 1999/5/EC.
Por medio de la presente [nombre del fabricante] declara que el [clase de equipo] cumple
con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de
la Directiva 1999/5/CE.
ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ [name of manufacturer] ΔΗΛΩΝΕΙ ΟΤΙ [type of equipment]
ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ
ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999/5/ΕΚ.
Par la présente [nom du fabricant] déclare que l'appareil [type d'appareil] est conforme aux
exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.
English
Español
[Spanish]
Ελληνική
[Greek]
Français
[French]
Italiano
[Italian]
Con la presente [nome del costruttore] dichiara che questo [tipo di apparecchio] è
conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva
1999/5/CE.
Latviski
[Latvian]
Lietuvių
[Lithuanian]
Ar šo [name of manufacturer / izgatavotāja nosaukums] deklarē, ka [type of equipment /
iekārtas tips] atbilst Direktīvas 1999/5/EK būtiskajām prasībām un citiem ar to saistītajiem
noteikumiem.
Šiuo [manufacturer name] deklaruoja, kad šis [equipment type] atitinka esminius
reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas.
Nederlands
[Dutch]
Hierbij verklaart [naam van de fabrikant] dat het toestel [type van toestel] in
overeenstemming is met de essentiële eisen en de andere relevante bepalingen van
richtlijn 1999/5/EG.
Malti
[Maltese]
Hawnhekk, [isem tal-manifattur], jiddikjara li dan [il-mudel tal-prodott] jikkonforma malħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid -Dirrettiva 1999/5/EC.
Magyar
Alulírott, [gyártó neve] nyilatkozom, hogy a [... típus] megfelel a vonatkozó alapvetõ
267
Unified Services Router
User Manual
[Hungarian]
követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
Polski
[Polish]
Niniejszym [nazwa producenta] oświadcza, że [nazwa wyrobu] jest zgodny z zasadniczymi
wymogami oraz pozostałym i stosownymi postanowieniami Dyrektywy 1999/5/EC.
Português
[Portuguese]
[Nome do fabricante] declara que este [tipo de equipamento] está conforme com os
requisitos essenciais e outras disposições da Directiva 1999/5/CE.
Slovensko
[Slovenian]
[Ime proizvajalca] izjavlja, da je ta [tip opreme] v skladu z bistvenimi zahtevami in ostalimi
relevantnimi določili direktive 1999/5/ES.
Slovensky
[Slovak]
[Meno výrobcu] týmto vyhlasuje, že [typ zariadenia] spĺňa základné požiadavky a všetky
príslušné ustanovenia Smernice 1999/5/ES.
Suomi
[Finnish]
[Valmistaja = manufacturer] vakuuttaa täten että [type of equipment = laitteen
tyyppimerkintä] tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä
koskevien direktiivin muiden ehtojen mukainen.
Svenska
[Swedish]
Härmed intygar [företag] att denna [utrustningstyp] står I överensstämmelse med de
väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv
1999/5/EG.
Industry Canada statement:
This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two
conditions:
(1) This device may not cause harmful interference, and
(2) This device must accept any interference received, including interference that may cause undesired
operation.
Ce dispositif est conforme à la norme CNR-210 d'Industrie Canada applicable aux appareils radio exempts
de licence. Son fonctionnement est sujet aux deux conditions suivantes: (1) le dispositif ne doit pas produire
de brouillage préjudiciable, et (2) ce dispositif doit accepter tout brouillage reçu, y compris un brouillage
susceptible de provoquer un fonctionnement indésirable.
Radiation Exposure Statement:
This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. This
equipment should be installed and operated with minimum distance 20cm between the radiator & your body.
Déclaration d'exposition aux radiations:
Cet équipement est conforme aux limites d'exposition aux rayonnemen ts IC établies pour un environnement
non contrôlé. Cet équipement doit être installé et utilisé avec un minimum de 20 cm de distance entre la
source de rayonnement et votre corps.
Wall-Mount Option
The Router has four wall-mount slots on its bottom panel.
Before you begin, make sure you have two screws that are size #4 - this indicates a diameter measurement
of 0.112inches (2.845mm).
1. Determine where you want to mount the Router.
2. Drill two holes into the wall. Make sure adjacent holes are 2.36 inches (60mm) apart.
3. Insert a screw into each hole, and leave 0.2inches (5mm) of its head exposed.
4. Maneuver the Router so the wall-mount slots line up with the two screws.
5. Place the wall-mount slots over the screws and slide the Router down until the screws fit snugly into the
wall-mount slots.
268
