User Guide
Page 5
WiMAX Device Computer Notebook computer Server Base Station Firewall Router Internet Switch Wireless Signal Telephone WiMAX Device Configuration User's Guide 5 Every effort has been made to differences in this manual is accurate. Document Conventions Graphics in this book may differ slightly from the product due to ensure that the information in operating systems, operating system versions, or if you installed updated firmware/software for your device.
WiMAX Device Computer Notebook computer Server Base Station Firewall Router Internet Switch Wireless Signal Telephone WiMAX Device Configuration User's Guide 5 Every effort has been made to differences in this manual is accurate. Document Conventions Graphics in this book may differ slightly from the product due to ensure that the information in operating systems, operating system versions, or if you installed updated firmware/software for your device.
User Guide
Page 46
... WAN IP for the IP update policy. 7 Click Save. 4.8.3 Testing the DDNS Setting Now you may be able to the WiMAX Device's LAN. The router may connect a router to access the WiMAX Device from the Internet. Chapter 4 Tutorials 4.8.2 Configuring DDNS on the computer (using the IP address a.b.c.d) that is connected to separate...
... WAN IP for the IP update policy. 7 Click Save. 4.8.3 Testing the DDNS Setting Now you may be able to the WiMAX Device's LAN. The router may connect a router to access the WiMAX Device from the Internet. Chapter 4 Tutorials 4.8.2 Configuring DDNS on the computer (using the IP address a.b.c.d) that is connected to separate...
User Guide
Page 47
... Device Configuration User's Guide 47 In this case, computer B will never receive the traffic. N1 A R N2 B This tutorial uses the following figure, router R is sent to specify R as the router in this Tutorial DEVICE / COMPUTER IP ADDRESS The WiMAX Device's WAN 172.16.1.1 The WiMAX Device's LAN 192.168.1.1 A 192.168.1.34...
... Device Configuration User's Guide 47 In this case, computer B will never receive the traffic. N1 A R N2 B This tutorial uses the following figure, router R is sent to specify R as the router in this Tutorial DEVICE / COMPUTER IP ADDRESS The WiMAX Device's WAN 172.16.1.1 The WiMAX Device's LAN 192.168.1.1 A 192.168.1.34...
User Guide
Page 53
... Note: Manager IP VLAN ID is the same as one of the LAN transparent VLAN ID VLAN Tag ID=5 VLAN Tag ID=10 Network operators Router Manager IP VLAN Tag ID=5 1 Configure the Link Type, PVID and Tag/Untag settings for the interfaces as below by clicking each row. Chapter 4 Tutorials...
... Note: Manager IP VLAN ID is the same as one of the LAN transparent VLAN ID VLAN Tag ID=5 VLAN Tag ID=10 Network operators Router Manager IP VLAN Tag ID=5 1 Configure the Link Type, PVID and Tag/Untag settings for the interfaces as below by clicking each row. Chapter 4 Tutorials...
User Guide
Page 55
... LAN transparent VLAN ID User Network VLAN Tag ID=5 Transparent VLAN Tag ID=10 LAN CPE VLAN Tag ID=5 VLAN Tag ID=10 Network operators Router Manager IP VLAN Tag ID=3 VLAN Tag ID=3 1 Configure the Link Type, PVID and Tag/Untag settings for the interfaces as below by clicking each...
... LAN transparent VLAN ID User Network VLAN Tag ID=5 Transparent VLAN Tag ID=10 LAN CPE VLAN Tag ID=5 VLAN Tag ID=10 Network operators Router Manager IP VLAN Tag ID=3 VLAN Tag ID=3 1 Configure the Link Type, PVID and Tag/Untag settings for the interfaces as below by clicking each...
User Guide
Page 91
... are conveyed through the DNS proxy feature. The DNS server addresses that an ISP disseminates the DNS server addresses. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. If your ISP did not give you explicit DNS servers, chances are the DNS...
... are conveyed through the DNS proxy feature. The DNS server addresses that an ISP disseminates the DNS server addresses. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. If your ISP did not give you explicit DNS servers, chances are the DNS...
User Guide
Page 92
... NAT on port 21. If the default is not defined, the service request is universally supported; RIP Setup RIP (Routing Information Protocol) allows a router to the computer. RIP-1 is simply discarded. RIP-1 is on port 80 and FTP on the LAN) servers, for example, web or FTP,... WiMAX Device forwards the query to the real DNS server learned through IPCP and relays the response back to exchange routing information with other routers. the WiMAX Device will ignore any RIP packets and will broadcast its routing table periodically and incorporate the RIP information that it receives. ...
... NAT on port 21. If the default is not defined, the service request is universally supported; RIP Setup RIP (Routing Information Protocol) allows a router to the computer. RIP-1 is simply discarded. RIP-1 is on port 80 and FTP on the LAN) servers, for example, web or FTP,... WiMAX Device forwards the query to the real DNS server learned through IPCP and relays the response back to exchange routing information with other routers. the WiMAX Device will ignore any RIP packets and will broadcast its routing table periodically and incorporate the RIP information that it receives. ...
User Guide
Page 93
... number and protocol (a "trigger" port). After that computer's connection for that uses TCP/IP for simple peer-to-peer network connectivity between devices. Some NAT routers may include a SIP Application Layer Gateway (ALG). UPnP Universal Plug and Play (UPnP) is no longer in the example). Chapter 7 Network Setting 192.168.1.35...
... number and protocol (a "trigger" port). After that computer's connection for that uses TCP/IP for simple peer-to-peer network connectivity between devices. Some NAT routers may include a SIP Application Layer Gateway (ALG). UPnP Universal Plug and Play (UPnP) is no longer in the example). Chapter 7 Network Setting 192.168.1.35...
User Guide
Page 95
...tag frames for NAT, allowing devices on the LAN to use their own internal IP addresses while communicating with devices on the WAN. • Router - Select this to manually enter the IP address the WiMAX Device uses. • From ISP - Select this if you want multiple computers ...persistent connection to the network. • PPPoE - Select this if must log into the network before initiating a persistent connection. • GRE Tunnel - Select Router from the ISP. Select this if you connect to the network using Point-to-Point Protocol to the WAN. This puts the WiMAX Device in...
...tag frames for NAT, allowing devices on the LAN to use their own internal IP addresses while communicating with devices on the WAN. • Router - Select this to manually enter the IP address the WiMAX Device uses. • From ISP - Select this if you want multiple computers ...persistent connection to the network. • PPPoE - Select this if must log into the network before initiating a persistent connection. • GRE Tunnel - Select Router from the ISP. Select this if you connect to the network using Point-to-Point Protocol to the WAN. This puts the WiMAX Device in...
User Guide
Page 105
Chapter 7 Network Setting Click Add in the Network Setting > Route > Static Route screen to configure how the WiMAX Device exchanges information with other routers. Metric If the next hop is an IP address rather than an interface on the WiMAX Device, select IP Address and enter the IP address. ...
Chapter 7 Network Setting Click Add in the Network Setting > Route > Static Route screen to configure how the WiMAX Device exchanges information with other routers. Metric If the next hop is an IP address rather than an interface on the WiMAX Device, select IP Address and enter the IP address. ...
User Guide
Page 132
.... User Name Enter the user name for security. • CHAP - This can increase performance over stateless MPPE, but should not be located behind a NAT enabled router. MPPE Stateful? If MSCHAPv1 or MSCHAPv2 is selected as shown next. Password Enter the password for connecting to open this client connection. Microsoft CHAP v1...
.... User Name Enter the user name for security. • CHAP - This can increase performance over stateless MPPE, but should not be located behind a NAT enabled router. MPPE Stateful? If MSCHAPv1 or MSCHAPv2 is selected as shown next. Password Enter the password for connecting to open this client connection. Microsoft CHAP v1...
User Guide
Page 136
.... Select Yes to rely on this for security. • CHAP - This can increase performance over stateless MPPE, but should not be located behind a NAT enabled router. Auth Protocol DESCRIPTION Enter the name for other types of networks including frame relay and ATM. It's probably not a good idea to enable stateful MPPE...
.... Select Yes to rely on this for security. • CHAP - This can increase performance over stateless MPPE, but should not be located behind a NAT enabled router. Auth Protocol DESCRIPTION Enter the name for other types of networks including frame relay and ATM. It's probably not a good idea to enable stateful MPPE...
User Guide
Page 137
...L2TP server. Assign IP Address Enter the IP address for the client. Figure 77 IPSec Fields Summary Local Network Remote Network Remote IPSec Router Local IP Address VPN Tunnel Remote IP Address Click Security > IPSec VPN to the L2TP server. Figure 78 IPSec VPN This screen ...contains the following figure helps explain the main fields in the web configurator. Local Endpoint This displays the IP address of the remote IPSec router. Local Network This displays the single (static) IP address on the L2TP server. WiMAX Device Configuration User's Guide 137 Ensure that the...
...L2TP server. Assign IP Address Enter the IP address for the client. Figure 77 IPSec Fields Summary Local Network Remote Network Remote IPSec Router Local IP Address VPN Tunnel Remote IP Address Click Security > IPSec VPN to the L2TP server. Figure 78 IPSec VPN This screen ...contains the following figure helps explain the main fields in the web configurator. Local Endpoint This displays the IP address of the remote IPSec router. Local Network This displays the single (static) IP address on the L2TP server. WiMAX Device Configuration User's Guide 137 Ensure that the...
User Guide
Page 138
Chapter 8 Security Table 59 IPSec VPN (continued) LABEL DESCRIPTION Remote Network This displays the single (static) IP address on the LAN behind the remote IPSec router or the IP address and subnet mask of a network behind the remote IPSec router. Add Click this button to add an item to the list. 138 WiMAX Device Configuration User's Guide
Chapter 8 Security Table 59 IPSec VPN (continued) LABEL DESCRIPTION Remote Network This displays the single (static) IP address on the LAN behind the remote IPSec router or the IP address and subnet mask of a network behind the remote IPSec router. Add Click this button to add an item to the list. 138 WiMAX Device Configuration User's Guide
User Guide
Page 140
...user) and can be able to 31 ASCII characters including spaces, although trailing spaces are also known as part of the remote IPSec router in this to connect to the Pre-Shared Key field description). IP Address Enter the IP address of your pre-shared key in ... Property Enable Select Enable to 62 hexadecimal ("0-9", "A-F") characters. Chapter 8 Security This screen contains the following situations. • When there is a NAT router between VPN connection requests that you type an IP address other than 0.0.0.0 in the Content field or use the Domain Name or E-mail ID type...
...user) and can be able to 31 ASCII characters including spaces, although trailing spaces are also known as part of the remote IPSec router in this to connect to the Pre-Shared Key field description). IP Address Enter the IP address of your pre-shared key in ... Property Enable Select Enable to 62 hexadecimal ("0-9", "A-F") characters. Chapter 8 Security This screen contains the following situations. • When there is a NAT router between VPN connection requests that you type an IP address other than 0.0.0.0 in the Content field or use the Domain Name or E-mail ID type...
User Guide
Page 141
... significantly. a 168-bit key with a specific proposal. OK Click this to create a new entry. Select Domain Name to identify the remote IPSec router by an e-mail address. If you will use a 768-bit random number • DH2 - This field is a sequential value, and it ...8226; AES256 - use the same key size and encryption algorithm. a 192-bit key with the AES encryption algorithm The WiMAX Device and the remote IPSec router must use a 1024-bit random number • DH5 - Choices are : • DES - Chapter 8 Security Table 60 IPSec VPN: Add (continued...
... significantly. a 168-bit key with a specific proposal. OK Click this to create a new entry. Select Domain Name to identify the remote IPSec router by an e-mail address. If you will use a 768-bit random number • DH2 - This field is a sequential value, and it ...8226; AES256 - use the same key size and encryption algorithm. a 192-bit key with the AES encryption algorithm The WiMAX Device and the remote IPSec router must use a 1024-bit random number • DH5 - Choices are : • DES - Chapter 8 Security Table 60 IPSec VPN: Add (continued...
User Guide
Page 142
... behind your WiMAX Device. Select how the WiMAX Device checks the connection. Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Remote Endpoint field is selected, enter the subnet mask to identify the..., but not both have to update the encryption and authentication keys and re-negotiate the IKE SA. When this case only the remote IPSec router can have the same configured local or remote IP address, but not both. This does not affect any other active rules with 0.0.0.0 in ...
... behind your WiMAX Device. Select how the WiMAX Device checks the connection. Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Remote Endpoint field is selected, enter the subnet mask to identify the..., but not both have to update the encryption and authentication keys and re-negotiate the IKE SA. When this case only the remote IPSec router can have the same configured local or remote IP address, but not both. This does not affect any other active rules with 0.0.0.0 in ...
User Guide
Page 143
Subnet Mask Remote Port If Subnet address is selected, enter a (static) IP address on the LAN behind the remote IPSec's router. Then enter the subnet mask to pings. You may need to configure the peer to respond to identify the network address. a 168-bit key with ... Select icmp to have the WiMAX Device regularly perform a TCP or UDP handshake with the AES encryption algorithm The WiMAX Device and the remote IPSec router must select options from the drop-down list box. Encryption Algorithm If you select ESP here, you select tcp or udp, specify the port number...
Subnet Mask Remote Port If Subnet address is selected, enter a (static) IP address on the LAN behind the remote IPSec's router. Then enter the subnet mask to pings. You may need to configure the peer to respond to identify the network address. a 168-bit key with ... Select icmp to have the WiMAX Device regularly perform a TCP or UDP handshake with the AES encryption algorithm The WiMAX Device and the remote IPSec router must select options from the drop-down list box. Encryption Algorithm If you select ESP here, you select tcp or udp, specify the port number...
User Guide
Page 144
... Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for each IPSec SA. Both routers must use of encryption techniques such as follows.
... Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for each IPSec SA. Both routers must use of encryption techniques such as follows.
User Guide
Page 146
... a Diffie-Hellman public-key cryptography key group (DH1 or DH2). • Set the IKE SA lifetime. If an IPSec SA times out, then the IPSec router must : • Choose an encryption algorithm. • Choose an authentication algorithm • Choose a Diffie-Hellman public-key cryptography key group. • Set the IPSec SA...
... a Diffie-Hellman public-key cryptography key group (DH1 or DH2). • Set the IKE SA lifetime. If an IPSec SA times out, then the IPSec router must : • Choose an encryption algorithm. • Choose an authentication algorithm • Choose a Diffie-Hellman public-key cryptography key group. • Set the IPSec SA...