User Manual
Page 5
... 9.1.1 Remote Management 103 9.1.2 CLI Access...104 9.2 SNMP Configuration 104 9.3 Configuring Time Zone and NTP 106 9.4 Log Configuration 107 9.4.1 Defining What to Log 107 3 Advanced Configuration Tools 101 8.1 USB Device Setup 101 8.2 Authentication Certificates 101 Chapter 9. Securing the Private Network 59 5.1 Firewall Rules ...59 5.2 Defining Rule Schedules 60 5.3 Configuring Firewall Rules 61 5.3.1 Firewall Rule Configuration Examples 65 5.4 Security on Custom Services 68 5.5 ALG support...69 5.6 VPN Passthrough for Firewall 70 5.7 Application Rules ...71 5.8 Web Content...
... 9.1.1 Remote Management 103 9.1.2 CLI Access...104 9.2 SNMP Configuration 104 9.3 Configuring Time Zone and NTP 106 9.4 Log Configuration 107 9.4.1 Defining What to Log 107 3 Advanced Configuration Tools 101 8.1 USB Device Setup 101 8.2 Authentication Certificates 101 Chapter 9. Securing the Private Network 59 5.1 Firewall Rules ...59 5.2 Defining Rule Schedules 60 5.3 Configuring Firewall Rules 61 5.3.1 Firewall Rule Configuration Examples 65 5.4 Security on Custom Services 68 5.5 ALG support...69 5.6 VPN Passthrough for Firewall 70 5.7 Application Rules ...71 5.8 Web Content...
User Manual
Page 7
...: WAN2 configuration for 3G internet (part 2 44 Figure 25: Physical WAN port settings...45 Figure 26: Wireless Network Setup Wizards 47 Figure 27: List of Available Profiles shows the variety of options available to secure the wireless link ...49 Figure 28: Profile configuration to set network security 50 Figure 29: RADIUS server (External Authentication) configuration 52 Figure 30: Virtual AP configuration ...53 Figure 31: List of configured access points (Virtual APs) shows one enabled access point on the radio, broadcasting its SSID 54 5
...: WAN2 configuration for 3G internet (part 2 44 Figure 25: Physical WAN port settings...45 Figure 26: Wireless Network Setup Wizards 47 Figure 27: List of Available Profiles shows the variety of options available to secure the wireless link ...49 Figure 28: Profile configuration to set network security 50 Figure 29: RADIUS server (External Authentication) configuration 52 Figure 30: Virtual AP configuration ...53 Figure 31: List of configured access points (Virtual APs) shows one enabled access point on the radio, broadcasting its SSID 54 5
User Manual
Page 11
... to access the router's management UI. 2.1 LAN Configuration Setup > Network Settings > LAN Configuration By default, the router functions as a proxy for all DNS requests and communicates with the LAN. If you want another LAN device that is enabled the router then as a Dynamic Host Configuration Protocol (DHCP) server to display the router's management login screen. • Default login credentials for the LAN. DHCP relay can be managed through the wired Ethernet ports available on the WLAN or LAN network. The router includes the WINS server IP address...
... to access the router's management UI. 2.1 LAN Configuration Setup > Network Settings > LAN Configuration By default, the router functions as a proxy for all DNS requests and communicates with the LAN. If you want another LAN device that is enabled the router then as a Dynamic Host Configuration Protocol (DHCP) server to display the router's management login screen. • Default login credentials for the LAN. DHCP relay can be managed through the wired Ethernet ports available on the WLAN or LAN network. The router includes the WINS server IP address...
User Manual
Page 16
... managed addresses to serve the LAN nodes. IPv6 Address Pools This feature allows you can be served by the gateway's DHCPv6 server. Unified Services Router User Manual • DHCP Mode: The IPv6 DHCP server is to allow the LAN DHCP client to receive the DNS server details from this router to the LAN client. An alternative is either stateless or stateful. By configuring the Router Advertisement Daemon on this router, the device will assign an IP address and supporting network information to devices...
... managed addresses to serve the LAN nodes. IPv6 Address Pools This feature allows you can be served by the gateway's DHCPv6 server. Unified Services Router User Manual • DHCP Mode: The IPv6 DHCP server is to allow the LAN DHCP client to receive the DNS server details from this router to the LAN client. An alternative is either stateless or stateful. By configuring the Router Advertisement Daemon on this router, the device will assign an IP address and supporting network information to devices...
User Manual
Page 20
... port. Data coming from a connected device will be untagged. 18 Unified Services Router User Manual will allow traffic from Figure 4, Port 3 is a General port with PVID 3, so untagged data into the port is untagged, it is accessed by selecting one of VLANs. The default is access. • In General mode the port is tagged or untagged with the same PVID will be untagged. This is mode is typically used with IP Phones...
... port. Data coming from a connected device will be untagged. 18 Unified Services Router User Manual will allow traffic from Figure 4, Port 3 is a General port with PVID 3, so untagged data into the port is untagged, it is accessed by selecting one of VLANs. The default is access. • In General mode the port is tagged or untagged with the same PVID will be untagged. This is mode is typically used with IP Phones...
User Manual
Page 26
..., DHCP client, Point-to-Point Tunneling Protocol (PPTP), Point-to-Point Protocol over this WAN link while still permitting VPN traffic to be directed to a VPN configured on this WAN port. Unified Services Router User Manual 3G Internet access with the primary WAN port (WAN1) configuration only. 3.2 WAN Configuration Setup > Internet Settings > WAN1 Setup You must either allow the router to detect WAN connection type automatically or configure manually the following information as needed and as provided by the ISP. 24 The Internet Connection Setup Wizard assists with a USB modem is...
..., DHCP client, Point-to-Point Tunneling Protocol (PPTP), Point-to-Point Protocol over this WAN link while still permitting VPN traffic to be directed to a VPN configured on this WAN port. Unified Services Router User Manual 3G Internet access with the primary WAN port (WAN1) configuration only. 3.2 WAN Configuration Setup > Internet Settings > WAN1 Setup You must either allow the router to detect WAN connection type automatically or configure manually the following information as needed and as provided by the ISP. 24 The Internet Connection Setup Wizard assists with a USB modem is...
User Manual
Page 30
... the IPv6 address assigned to access the internet, the static configuration settings must be completed. The default IPv6 Gateway address is needed. The primary and secondary DNS servers on the ISP's IPv6 network are used for accessing the internet. Unified Services Router Figure 13: PPPoE profile configuration User Manual 3.2.5 WAN Configuration in an IPv6 Network Setup > IPv6 > IPv6 WAN1 Config For IPv6 WAN connections, this router will connect to for resolving internet addresses, and these are provided along with the static IP address and prefix...
... the IPv6 address assigned to access the internet, the static configuration settings must be completed. The default IPv6 Gateway address is needed. The primary and secondary DNS servers on the ISP's IPv6 network are used for accessing the internet. Unified Services Router Figure 13: PPPoE profile configuration User Manual 3.2.5 WAN Configuration in an IPv6 Network Setup > IPv6 > IPv6 WAN1 Config For IPv6 WAN connections, this router will connect to for resolving internet addresses, and these are provided along with the static IP address and prefix...
User Manual
Page 39
... routing mode of the gateway is a technique which allows several computers on the LAN can be directly accessed from the internet by their public IP addresses (assuming appropriate firewall settings). If your ISP has assigned an IP address for each of the computers that is configured with a single "public" 37 Unified Services Router User Manual Figure 20: Protocol binding setup to associate a service and/or LAN source to a WAN and/or destination network 3.5 Routing Configuration Routing...
... routing mode of the gateway is a technique which allows several computers on the LAN can be directly accessed from the internet by their public IP addresses (assuming appropriate firewall settings). If your ISP has assigned an IP address for each of the computers that is configured with a single "public" 37 Unified Services Router User Manual Figure 20: Protocol binding setup to associate a service and/or LAN source to a WAN and/or destination network 3.5 Routing Configuration Routing...
User Manual
Page 48
... a grouping of devices expected to not just one but is available for securing the wireless network. Up to four unique wireless networks can enable a Wi-Fi™ network on your wireless network: • Types of AP parameters that allows you can be used on multiple AP instances or SSIDs. 4.1 Wireless Settings Wizard Setup > Wizard > Wireless Settings The Wireless Network Setup Wizard is actually running on the same device when needed. The profile defines various parameters for wireless LAN clients. Unified Services Router User Manual Chapter 4.
... a grouping of devices expected to not just one but is available for securing the wireless network. Up to four unique wireless networks can enable a Wi-Fi™ network on your wireless network: • Types of AP parameters that allows you can be used on multiple AP instances or SSIDs. 4.1 Wireless Settings Wizard Setup > Wizard > Wireless Settings The Wireless Network Setup Wizard is actually running on the same device when needed. The profile defines various parameters for wireless LAN clients. Unified Services Router User Manual Chapter 4.
User Manual
Page 50
... WPS wizard. 4.1.3 Manual Wireless Network Setup This button on this option. Note that supports WPS may have an alphanumeric PIN, and if entered in the Advanced > Wireless Settings > WPS page to use TKIP and also CCMP if required. To create a new profile, use when connecting the AP to broadcast the SSID, compatible wireless clients within 2 minutes, click the PBC connect button. The security of settings. The authentication can detect this profile. The manual options allow unauthenticated devices to access...
... WPS wizard. 4.1.3 Manual Wireless Network Setup This button on this option. Note that supports WPS may have an alphanumeric PIN, and if entered in the Advanced > Wireless Settings > WPS page to use TKIP and also CCMP if required. To create a new profile, use when connecting the AP to broadcast the SSID, compatible wireless clients within 2 minutes, click the PBC connect button. The security of settings. The authentication can detect this profile. The manual options allow unauthenticated devices to access...
User Manual
Page 53
... Services Router User Manual 4.2.3 RADIUS Authentication Setup > Wireless Settings > RADIUS Settings Enterprise Mode uses a RADIUS Server for the RADIUS server connection • Secret: enter the shared secret that allows this router to identify the server. A RADIUS server must match the shared secret on the RADIUS Server. • The Timeout and Retries fields are used to either move to a secondary server if the primary cannot be reached by the router to authenticate wireless client connections to an AP enabled...
... Services Router User Manual 4.2.3 RADIUS Authentication Setup > Wireless Settings > RADIUS Settings Enterprise Mode uses a RADIUS Server for the RADIUS server connection • Secret: enter the shared secret that allows this router to identify the server. A RADIUS server must match the shared secret on the RADIUS Server. • The Timeout and Retries fields are used to either move to a secondary server if the primary cannot be reached by the router to authenticate wireless client connections to an AP enabled...
User Manual
Page 64
... requires configuring the router's logging feature separately. • QoS Priority: Outbound rules (where To Zone = insecure WAN only) can be logged; Unified Services Router User Manual • Service: ANY means all users) • Single Address (enter an IP address) • Address Range (enter the appropriate IP address range) • Log: traffic that this rule. A schedule must be preconfigured in order for managing traffic from the internet to reach the appropriate LAN port via a port forwarding rule. • Translate Port Number: With port forwarding...
... requires configuring the router's logging feature separately. • QoS Priority: Outbound rules (where To Zone = insecure WAN only) can be logged; Unified Services Router User Manual • Service: ANY means all users) • Single Address (enter an IP address) • Address Range (enter the appropriate IP address range) • Log: traffic that this rule. A schedule must be preconfigured in order for managing traffic from the internet to reach the appropriate LAN port via a port forwarding rule. • Translate Port Number: With port forwarding...
User Manual
Page 105
Figure 67: User Login policy configuration 9.1.1 Remote Management Both HTTPS and telnet access can be configured to a subset of IP addresses. The user type is set in the Advanced > Users > Users page. The Admin or Guest user can be accessed from LAN node by using the gateway's LAN IP address and HTTP, or from the default of IP addresses that are permitted to login to access the GUI with HTTPS. The opened port for SSL traffic can be restricted to access the router GUI...
Figure 67: User Login policy configuration 9.1.1 Remote Management Both HTTPS and telnet access can be configured to a subset of IP addresses. The user type is set in the Advanced > Users > Users page. The Admin or Guest user can be accessed from LAN node by using the gateway's LAN IP address and HTTP, or from the default of IP addresses that are permitted to login to access the GUI with HTTPS. The opened port for SSL traffic can be restricted to access the router GUI...
User Manual
Page 136
..., your configured login name and password are correct. 3. If yes, inform your ISP. If 0.0.0.0 is shown for the WAN port. See the next symptom. Possible cause: If you have requested an IP address from your ISP that it allows only one Ethernet MAC address to connect to the cable or DSL modem. 4. Select Monitoring > Router Status. 4. Turn off the router. 3. When the modem LEDs indicate that you use dynamic IP addresses, your PC's MAC address. 6. Ask...
..., your configured login name and password are correct. 3. If yes, inform your ISP. If 0.0.0.0 is shown for the WAN port. See the next symptom. Possible cause: If you have requested an IP address from your ISP that it allows only one Ethernet MAC address to connect to the cable or DSL modem. 4. Select Monitoring > Router Status. 4. Turn off the router. 3. When the modem LEDs indicate that you use dynamic IP addresses, your PC's MAC address. 6. Ask...
User Manual
Page 138
... a remote device 1. If the path is still not up, test the network configuration: • Verify that the Ethernet card driver software and TCP/IP software are installed and configured on the PC. • Verify that the IP address for the router and PC are correct and on page B-1 and follow instructions for "LAN or Internet port LEDs are not lit." • Verify that the corresponding link LEDs are lit for your network interface card and...
... a remote device 1. If the path is still not up, test the network configuration: • Verify that the Ethernet card driver software and TCP/IP software are installed and configured on the PC. • Verify that the IP address for the router and PC are correct and on page B-1 and follow instructions for "LAN or Internet port LEDs are not lit." • Verify that the corresponding link LEDs are lit for your network interface card and...
User Manual
Page 139
... the button and wait for the router to clone or spoof the MAC address from the authorized PC. 11.4 Restoring factory-default configuration settings To restore factory-default configuration settings, do the following settings apply: • LAN IP address: 192.168.10.1 • Username: admin • Password: password • DHCP server on LAN: enabled • WAN port configuration: Get configuration via DHCP 137 If the router does not restart automatically; Many broadband ISPs restrict access by allowing traffic from the MAC address of only your broadband modem; If...
... the button and wait for the router to clone or spoof the MAC address from the authorized PC. 11.4 Restoring factory-default configuration settings To restore factory-default configuration settings, do the following settings apply: • LAN IP address: 192.168.10.1 • Username: admin • Password: password • DHCP server on LAN: enabled • WAN port configuration: Get configuration via DHCP 137 If the router does not restart automatically; Many broadband ISPs restrict access by allowing traffic from the MAC address of only your broadband modem; If...
User Manual
Page 149
...connection type is: %s nimfAdvOptSetWrap: failed to get old MTU Option nimfAdvOptSetWrap: error getting MTU size nimfOldFieldValueGet: failed to get old " nimfOldFieldValueGet: user has changed MTU size nimfAdvOptSetWrap: failed to get old Port Speed " nimfAdvOptSetWrap: user has changed Port Speed nimfAdvOptSetWrap: failed to get old Mac Address " nimfAdvOptSetWrap: user has changed Mac Address " nimfAdvOptSetWrap: unable to get Mac Address nimfAdvOptSetWrap:Failed to RESET the flag nimfAdvOptSetWrap: setting advanced options failed nimfAdvOptSetWrap: interface advanced options applied ERROR...
...connection type is: %s nimfAdvOptSetWrap: failed to get old MTU Option nimfAdvOptSetWrap: error getting MTU size nimfOldFieldValueGet: failed to get old " nimfOldFieldValueGet: user has changed MTU size nimfAdvOptSetWrap: failed to get old Port Speed " nimfAdvOptSetWrap: user has changed Port Speed nimfAdvOptSetWrap: failed to get old Mac Address " nimfAdvOptSetWrap: user has changed Mac Address " nimfAdvOptSetWrap: unable to get Mac Address nimfAdvOptSetWrap:Failed to RESET the flag nimfAdvOptSetWrap: setting advanced options failed nimfAdvOptSetWrap: interface advanced options applied ERROR...
User Manual
Page 163
... suitable server found %s Received Invalid Length packet from %s Received Invalid Version packet from %s Received Invalid Mode packet from %s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Request Timed out from %s Looking Up %s Timezone difference :%d Could not open database %s ERROR : incomplete DB update information empty update. ERROR: option value not specified Unable to set debug for radAuth. Unified Services Router User Manual Next...
... suitable server found %s Received Invalid Length packet from %s Received Invalid Version packet from %s Received Invalid Mode packet from %s DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG Request Timed out from %s Looking Up %s Timezone difference :%d Could not open database %s ERROR : incomplete DB update information empty update. ERROR: option value not specified Unable to set debug for radAuth. Unified Services Router User Manual Next...
User Manual
Page 172
... mac address Failed to set %s SSID Failed to set SSID broadcast status Failed to set PreAuth mode unable to install key KDOT11_SET_PARAM:IEEE80211_I OC_AUTHMODE failed KDOT11_SET_PARAM:IEEE80211_I OC_PRIVACY failed wpaInit failed dot11InstallProfile: unable to get interface index adpHmacInit(%s) failed interface %s not found AP not found on %s keyLen > PNAC_KEY_MAX_SIZE Invalid profile name passed Creation of WPS EAP Profile failed unsupported command %d device %s not found unsupported command %d dot11NodeAlloc failed Getting WPA IE failed for %s Getting WPS IE failed for %s Failed initialize...
... mac address Failed to set %s SSID Failed to set SSID broadcast status Failed to set PreAuth mode unable to install key KDOT11_SET_PARAM:IEEE80211_I OC_AUTHMODE failed KDOT11_SET_PARAM:IEEE80211_I OC_PRIVACY failed wpaInit failed dot11InstallProfile: unable to get interface index adpHmacInit(%s) failed interface %s not found AP not found on %s keyLen > PNAC_KEY_MAX_SIZE Invalid profile name passed Creation of WPS EAP Profile failed unsupported command %d device %s not found unsupported command %d dot11NodeAlloc failed Getting WPA IE failed for %s Getting WPS IE failed for %s Failed initialize...
User Manual
Page 179
.... ERROR ERROR ERROR sqlite3QueryResGet failed ERROR unhandled database operation %d ERROR sqlite3QueryResGet failed ERROR failed to stop %s ERROR Invalid SQLITE operation code - %d ./src/dot11/mgmt/dot11Mgmt.c:1177: ADP_ERROR ( only delete event expected on the EAP context. Unified Services Router User Manual Error in executing DB update handler ERROR sqlite3QueryResGet failed.Query:%s ERROR sqlite3QueryResGet failed.Query:%s ERROR sqlite3QueryResGet failed.Query:%s ERROR sqlite3QueryResGet failed.Query:%s ERROR startStopVap failed to configure WPS on %s ERROR...
.... ERROR ERROR ERROR sqlite3QueryResGet failed ERROR unhandled database operation %d ERROR sqlite3QueryResGet failed ERROR failed to stop %s ERROR Invalid SQLITE operation code - %d ./src/dot11/mgmt/dot11Mgmt.c:1177: ADP_ERROR ( only delete event expected on the EAP context. Unified Services Router User Manual Error in executing DB update handler ERROR sqlite3QueryResGet failed.Query:%s ERROR sqlite3QueryResGet failed.Query:%s ERROR sqlite3QueryResGet failed.Query:%s ERROR sqlite3QueryResGet failed.Query:%s ERROR startStopVap failed to configure WPS on %s ERROR...